aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rust/smb: namespace and visibility cleanups

Browse Source 
Ticket: #7498
pull/12907/head
Jason Ish 4 months ago committed by Victor Julien
parent ed2a81dc05
commit 018e46bfcf
12 changed files with 75 additions and 96 deletions
Show Stats Download Patch File Download Diff File

22
rust/src/smb/detect.rs
Unescape Escape View File

@ -25,7 +25,7 @@ use std::os::raw::{c_char, c_void};
use std::ptr;
#[no_mangle]
pub unsafe extern "C" fn rs_smb_tx_get_share(
pub unsafe extern "C" fn SCSmbTxGetShare(
tx: &SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
if let Some(SMBTransactionTypeData::TREECONNECT(ref x)) = tx.type_data {
@ -43,7 +43,7 @@ pub unsafe extern "C" fn rs_smb_tx_get_share(
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_tx_get_named_pipe(
pub unsafe extern "C" fn SCSmbTxGetNamedPipe(
tx: &SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
if let Some(SMBTransactionTypeData::TREECONNECT(ref x)) = tx.type_data {
@ -61,7 +61,7 @@ pub unsafe extern "C" fn rs_smb_tx_get_named_pipe(
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_tx_get_stub_data(
pub unsafe extern "C" fn SCSmbTxGetStubData(
tx: &SMBTransaction, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
if let Some(SMBTransactionTypeData::DCERPC(ref x)) = tx.type_data {
@ -83,10 +83,10 @@ pub unsafe extern "C" fn rs_smb_tx_get_stub_data(
}
#[no_mangle]
pub extern "C" fn rs_smb_tx_match_dce_opnum(
pub extern "C" fn SCSmbTxMatchDceOpnum(
tx: &SMBTransaction, dce_data: &mut DCEOpnumData,
) -> u8 {
SCLogDebug!("rs_smb_tx_get_dce_opnum: start");
SCLogDebug!("SCSmbTxMatchDceOpnum: start");
if let Some(SMBTransactionTypeData::DCERPC(ref x)) = tx.type_data {
if x.req_cmd == DCERPC_TYPE_REQUEST {
for range in dce_data.data.iter() {
@ -109,7 +109,7 @@ pub extern "C" fn rs_smb_tx_match_dce_opnum(
* dce_opnum and dce_stub_data)
* - only match on approved ifaces (so ack_result == 0) */
#[no_mangle]
pub extern "C" fn rs_smb_tx_get_dce_iface(
pub extern "C" fn SCSmbTxGetDceIface(
state: &mut SMBState, tx: &SMBTransaction, dce_data: &mut DCEIfaceData,
) -> u8 {
let if_uuid = dce_data.if_uuid.as_slice();
@ -151,7 +151,7 @@ pub extern "C" fn rs_smb_tx_get_dce_iface(
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_tx_get_ntlmssp_user(
pub unsafe extern "C" fn SCSmbTxGetNtlmsspUser(
tx: &SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
if let Some(SMBTransactionTypeData::SESSIONSETUP(ref x)) = tx.type_data {
@ -168,7 +168,7 @@ pub unsafe extern "C" fn rs_smb_tx_get_ntlmssp_user(
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_tx_get_ntlmssp_domain(
pub unsafe extern "C" fn SCSmbTxGetNtlmsspDomain(
tx: &SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
if let Some(SMBTransactionTypeData::SESSIONSETUP(ref x)) = tx.type_data {
@ -185,7 +185,7 @@ pub unsafe extern "C" fn rs_smb_tx_get_ntlmssp_domain(
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_version_match(tx: &SMBTransaction, version_data: &mut u8) -> u8 {
pub unsafe extern "C" fn SCSmbVersionMatch(tx: &SMBTransaction, version_data: &mut u8) -> u8 {
let version = tx.vercmd.get_version();
SCLogDebug!("smb_version: version returned: {}", version);
if version == *version_data {
@ -196,7 +196,7 @@ pub unsafe extern "C" fn rs_smb_version_match(tx: &SMBTransaction, version_data:
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_version_parse(carg: *const c_char) -> *mut c_void {
pub unsafe extern "C" fn SCSmbVersionParse(carg: *const c_char) -> *mut c_void {
if carg.is_null() {
return std::ptr::null_mut();
}
@ -224,7 +224,7 @@ fn parse_version_data(arg: &str) -> Result<u8, ()> {
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_version_free(ptr: *mut c_void) {
pub unsafe extern "C" fn SCSmbVersionFree(ptr: *mut c_void) {
std::mem::drop(Box::from_raw(ptr as *mut u8));
}

4
rust/src/smb/files.rs
Unescape Escape View File

@ -234,8 +234,8 @@ impl SMBState {
}
use crate::applayer::AppLayerGetFileState;
#[no_mangle]
pub unsafe extern "C" fn rs_smb_gettxfiles(tx: *mut std::ffi::c_void, direction: u8) -> AppLayerGetFileState {
pub(super) unsafe extern "C" fn smb_gettxfiles(tx: *mut std::ffi::c_void, direction: u8) -> AppLayerGetFileState {
let tx = cast_pointer!(tx, SMBTransaction);
if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
let tx_dir : u8 = tdf.direction.into();

8
rust/src/smb/log.rs
Unescape Escape View File

@ -445,13 +445,7 @@ fn smb_common_header(jsb: &mut JsonBuilder, state: &SMBState, tx: &SMBTransactio
}
#[no_mangle]
pub extern "C" fn rs_smb_log_json_request(jsb: &mut JsonBuilder, state: &mut SMBState, tx: &SMBTransaction) -> bool
{
smb_common_header(jsb, state, tx).is_ok()
}
#[no_mangle]
pub extern "C" fn rs_smb_log_json_response(jsb: &mut JsonBuilder, state: &mut SMBState, tx: &SMBTransaction) -> bool
pub extern "C" fn SCSmbLogJsonResponse(jsb: &mut JsonBuilder, state: &mut SMBState, tx: &SMBTransaction) -> bool
{
smb_common_header(jsb, state, tx).is_ok()
}

99
rust/src/smb/smb.rs
Unescape Escape View File

@ -102,7 +102,7 @@ static mut SMB_MAX_TX: usize = 1024;
pub static mut SURICATA_SMB_FILE_CONFIG: Option<&'static SuricataFileContext> = None;
#[no_mangle]
pub extern "C" fn rs_smb_init(context: &'static mut SuricataFileContext)
pub extern "C" fn SCSmbInit(context: &'static mut SuricataFileContext)
{
unsafe {
SURICATA_SMB_FILE_CONFIG = Some(context);
@ -1987,8 +1987,7 @@ impl SMBState {
}
/// Returns *mut SMBState
#[no_mangle]
pub extern "C" fn rs_smb_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
extern "C" fn smb_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
let state = SMBState::new();
let boxed = Box::new(state);
SCLogDebug!("allocating state");
@ -1997,16 +1996,14 @@ pub extern "C" fn rs_smb_state_new(_orig_state: *mut std::os::raw::c_void, _orig
/// Params:
/// - state: *mut SMBState as void pointer
#[no_mangle]
pub extern "C" fn rs_smb_state_free(state: *mut std::os::raw::c_void) {
extern "C" fn smb_state_free(state: *mut std::os::raw::c_void) {
SCLogDebug!("freeing state");
let mut smb_state = unsafe { Box::from_raw(state as *mut SMBState) };
smb_state.free();
}
/// C binding parse a SMB request. Returns 1 on success, -1 on failure.
#[no_mangle]
pub unsafe extern "C" fn rs_smb_parse_request_tcp(flow: *const Flow,
unsafe extern "C" fn smb_parse_request_tcp(flow: *const Flow,
state: *mut ffi::c_void,
_pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
@ -2018,7 +2015,7 @@ pub unsafe extern "C" fn rs_smb_parse_request_tcp(flow: *const Flow,
let flow = cast_pointer!(flow, Flow);
if stream_slice.is_gap() {
return rs_smb_parse_request_tcp_gap(state, stream_slice.gap_size());
return smb_parse_request_tcp_gap(state, stream_slice.gap_size());
}
SCLogDebug!("parsing {} bytes of request data", stream_slice.len());
@ -2032,8 +2029,7 @@ pub unsafe extern "C" fn rs_smb_parse_request_tcp(flow: *const Flow,
state.parse_tcp_data_ts(flow, &stream_slice)
}
#[no_mangle]
pub extern "C" fn rs_smb_parse_request_tcp_gap(
extern "C" fn smb_parse_request_tcp_gap(
state: &mut SMBState,
input_len: u32)
-> AppLayerResult
@ -2042,8 +2038,7 @@ pub extern "C" fn rs_smb_parse_request_tcp_gap(
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_parse_response_tcp(flow: *const Flow,
unsafe extern "C" fn smb_parse_response_tcp(flow: *const Flow,
state: *mut ffi::c_void,
_pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
@ -2055,7 +2050,7 @@ pub unsafe extern "C" fn rs_smb_parse_response_tcp(flow: *const Flow,
let flow = cast_pointer!(flow, Flow);
if stream_slice.is_gap() {
return rs_smb_parse_response_tcp_gap(state, stream_slice.gap_size());
return smb_parse_response_tcp_gap(state, stream_slice.gap_size());
}
/* START with MISTREAM set: record might be starting the middle. */
@ -2067,8 +2062,7 @@ pub unsafe extern "C" fn rs_smb_parse_response_tcp(flow: *const Flow,
state.parse_tcp_data_tc(flow, &stream_slice)
}
#[no_mangle]
pub extern "C" fn rs_smb_parse_response_tcp_gap(
extern "C" fn smb_parse_response_tcp_gap(
state: &mut SMBState,
input_len: u32)
-> AppLayerResult
@ -2173,8 +2167,7 @@ fn smb_probe_tcp(flags: u8, slice: &[u8], rdir: *mut u8, begins: bool) -> AppPro
// probing confirmation parser
// return 1 if found, 0 is not found
#[no_mangle]
pub unsafe extern "C" fn rs_smb_probe_begins_tcp(_f: *const Flow,
unsafe extern "C" fn smb_probe_begins_tcp(_f: *const Flow,
flags: u8, input: *const u8, len: u32, rdir: *mut u8)
-> AppProto
{
@ -2187,8 +2180,7 @@ pub unsafe extern "C" fn rs_smb_probe_begins_tcp(_f: *const Flow,
// probing parser
// return 1 if found, 0 is not found
#[no_mangle]
pub unsafe extern "C" fn rs_smb_probe_tcp(_f: *const Flow,
unsafe extern "C" fn c_smb_probe_tcp(_f: *const Flow,
flags: u8, input: *const u8, len: u32, rdir: *mut u8)
-> AppProto
{
@ -2199,17 +2191,15 @@ pub unsafe extern "C" fn rs_smb_probe_tcp(_f: *const Flow,
return smb_probe_tcp(flags, slice, rdir, false);
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_state_get_tx_count(state: *mut ffi::c_void)
unsafe extern "C" fn smb_state_get_tx_count(state: *mut ffi::c_void)
-> u64
{
let state = cast_pointer!(state, SMBState);
SCLogDebug!("rs_smb_state_get_tx_count: returning {}", state.tx_id);
SCLogDebug!("smb_state_get_tx_count: returning {}", state.tx_id);
return state.tx_id;
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_state_get_tx(state: *mut ffi::c_void,
unsafe extern "C" fn smb_state_get_tx(state: *mut ffi::c_void,
tx_id: u64)
-> *mut ffi::c_void
{
@ -2224,8 +2214,7 @@ pub unsafe extern "C" fn rs_smb_state_get_tx(state: *mut ffi::c_void,
}
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_state_tx_free(state: *mut ffi::c_void,
unsafe extern "C" fn smb_state_tx_free(state: *mut ffi::c_void,
tx_id: u64)
{
let state = cast_pointer!(state, SMBState);
@ -2233,8 +2222,7 @@ pub unsafe extern "C" fn rs_smb_state_tx_free(state: *mut ffi::c_void,
state.free_tx(tx_id);
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_tx_get_alstate_progress(tx: *mut ffi::c_void,
unsafe extern "C" fn smb_tx_get_alstate_progress(tx: *mut ffi::c_void,
direction: u8)
-> i32
{
@ -2253,10 +2241,9 @@ pub unsafe extern "C" fn rs_smb_tx_get_alstate_progress(tx: *mut ffi::c_void,
}
export_state_data_get!(rs_smb_get_state_data, SMBState);
export_state_data_get!(smb_get_state_data, SMBState);
#[no_mangle]
pub unsafe extern "C" fn rs_smb_get_tx_data(
unsafe extern "C" fn smb_get_tx_data(
tx: *mut std::os::raw::c_void)
-> *mut AppLayerTxData
{
@ -2264,8 +2251,7 @@ pub unsafe extern "C" fn rs_smb_get_tx_data(
return &mut tx.tx_data;
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_state_get_event_info_by_id(
unsafe extern "C" fn smb_state_get_event_info_by_id(
event_id: u8,
event_name: *mut *const std::os::raw::c_char,
event_type: *mut AppLayerEventType,
@ -2273,8 +2259,7 @@ pub unsafe extern "C" fn rs_smb_state_get_event_info_by_id(
SMBEvent::get_event_info_by_id(event_id, event_name, event_type)
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_state_get_event_info(
unsafe extern "C" fn smb_state_get_event_info(
event_name: *const std::os::raw::c_char,
event_id: *mut u8,
event_type: *mut AppLayerEventType,
@ -2282,8 +2267,8 @@ pub unsafe extern "C" fn rs_smb_state_get_event_info(
SMBEvent::get_event_info(event_name, event_id, event_type)
}
pub unsafe extern "C" fn smb3_probe_tcp(f: *const Flow, dir: u8, input: *const u8, len: u32, rdir: *mut u8) -> u16 {
let retval = rs_smb_probe_tcp(f, dir, input, len, rdir);
unsafe extern "C" fn smb3_probe_tcp(f: *const Flow, dir: u8, input: *const u8, len: u32, rdir: *mut u8) -> u16 {
let retval = c_smb_probe_tcp(f, dir, input, len, rdir);
let f = cast_pointer!(f, Flow);
if retval != ALPROTO_SMB {
return retval;
@ -2311,17 +2296,17 @@ fn register_pattern_probe() -> i8 {
// SMB1
r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
b"|ff|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
Direction::ToServer as u8, rs_smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
Direction::ToServer as u8, smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
b"|ff|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
Direction::ToClient as u8, rs_smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
Direction::ToClient as u8, smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
// SMB2/3
r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
b"|fe|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
Direction::ToServer as u8, rs_smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
Direction::ToServer as u8, smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
b"|fe|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
Direction::ToClient as u8, rs_smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
Direction::ToClient as u8, smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
// SMB3 encrypted records
r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
b"|fd|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
@ -2342,7 +2327,7 @@ fn register_pattern_probe() -> i8 {
const PARSER_NAME: &[u8] = b"smb\0";
#[no_mangle]
pub unsafe extern "C" fn rs_smb_register_parser() {
pub unsafe extern "C" fn SCRegisterSmbParser() {
let default_port = CString::new("445").unwrap();
let mut stream_depth = SMB_CONFIG_DEFAULT_STREAM_DEPTH;
let parser = RustParser {
@ -2353,24 +2338,24 @@ pub unsafe extern "C" fn rs_smb_register_parser() {
probe_tc: None,
min_depth: 0,
max_depth: 16,
state_new: rs_smb_state_new,
state_free: rs_smb_state_free,
tx_free: rs_smb_state_tx_free,
parse_ts: rs_smb_parse_request_tcp,
parse_tc: rs_smb_parse_response_tcp,
get_tx_count: rs_smb_state_get_tx_count,
get_tx: rs_smb_state_get_tx,
state_new: smb_state_new,
state_free: smb_state_free,
tx_free: smb_state_tx_free,
parse_ts: smb_parse_request_tcp,
parse_tc: smb_parse_response_tcp,
get_tx_count: smb_state_get_tx_count,
get_tx: smb_state_get_tx,
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_smb_tx_get_alstate_progress,
get_eventinfo: Some(rs_smb_state_get_event_info),
get_eventinfo_byid : Some(rs_smb_state_get_event_info_by_id),
tx_get_progress: smb_tx_get_alstate_progress,
get_eventinfo: Some(smb_state_get_event_info),
get_eventinfo_byid : Some(smb_state_get_event_info_by_id),
localstorage_new: None,
localstorage_free: None,
get_tx_files: Some(rs_smb_gettxfiles),
get_tx_files: Some(smb_gettxfiles),
get_tx_iterator: Some(applayer::state_get_tx_iterator::<SMBState, SMBTransaction>),
get_tx_data: rs_smb_get_tx_data,
get_state_data: rs_smb_get_state_data,
get_tx_data: smb_get_tx_data,
get_state_data: smb_get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
get_frame_id_by_name: Some(SMBFrameType::ffi_id_from_name),
@ -2392,11 +2377,11 @@ pub unsafe extern "C" fn rs_smb_register_parser() {
let have_cfg = AppLayerProtoDetectPPParseConfPorts(ip_proto_str.as_ptr(),
IPPROTO_TCP, parser.name, ALPROTO_SMB, 0,
MIN_REC_SIZE, rs_smb_probe_tcp, rs_smb_probe_tcp);
MIN_REC_SIZE, c_smb_probe_tcp, c_smb_probe_tcp);
if have_cfg == 0 {
AppLayerProtoDetectPPRegister(IPPROTO_TCP, default_port.as_ptr(), ALPROTO_SMB,
0, MIN_REC_SIZE, Direction::ToServer as u8, rs_smb_probe_tcp, rs_smb_probe_tcp);
0, MIN_REC_SIZE, Direction::ToServer as u8, c_smb_probe_tcp, c_smb_probe_tcp);
}
if AppLayerParserConfParserEnabled(

4
src/app-layer-smb.c
Unescape Escape View File

@ -44,8 +44,8 @@ static void SMBParserRegisterTests(void);
void RegisterSMBParsers(void)
{
rs_smb_init(&sfc);
rs_smb_register_parser();
SCSmbInit(&sfc);
SCRegisterSmbParser();
#ifdef UNITTESTS
AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_SMB, SMBParserRegisterTests);

6
src/detect-dce-iface.c
Unescape Escape View File

@ -112,10 +112,10 @@ static int DetectDceIfaceMatchRust(DetectEngineThreadCtx *det_ctx,
int ret = 0;
if (rs_smb_tx_get_dce_iface(f->alstate, txv, (void *)m) != 1) {
SCLogDebug("rs_smb_tx_get_dce_iface: didn't match");
if (SCSmbTxGetDceIface(f->alstate, txv, (void *)m) != 1) {
SCLogDebug("SCSmbTxGetDceIface: didn't match");
} else {
SCLogDebug("rs_smb_tx_get_dce_iface: matched!");
SCLogDebug("SCSmbTxGetDceIface: matched!");
ret = 1;
// TODO validate frag
}

2
src/detect-dce-opnum.c
Unescape Escape View File

@ -106,7 +106,7 @@ static int DetectDceOpnumMatchRust(DetectEngineThreadCtx *det_ctx,
return SCDcerpcOpnumMatch(txv, (void *)m);
}
if (rs_smb_tx_match_dce_opnum(txv, (void *)m) != 1)
if (SCSmbTxMatchDceOpnum(txv, (void *)m) != 1)
SCReturnInt(0);
SCReturnInt(1);

2
src/detect-dce-stub-data.c
Unescape Escape View File

@ -75,7 +75,7 @@ static InspectionBuffer *GetSMBData(DetectEngineThreadCtx *det_ctx,
uint32_t data_len = 0;
const uint8_t *data = NULL;
uint8_t dir = flow_flags & (STREAM_TOSERVER|STREAM_TOCLIENT);
if (rs_smb_tx_get_stub_data(txv, dir, &data, &data_len) != 1)
if (SCSmbTxGetStubData(txv, dir, &data, &data_len) != 1)
return NULL;
SCLogDebug("have data!");

4
src/detect-smb-ntlmssp.c
Unescape Escape View File

@ -63,7 +63,7 @@ static InspectionBuffer *GetNtlmsspUserData(DetectEngineThreadCtx *det_ctx,
uint32_t b_len = 0;
const uint8_t *b = NULL;
if (rs_smb_tx_get_ntlmssp_user(txv, &b, &b_len) != 1)
if (SCSmbTxGetNtlmsspUser(txv, &b, &b_len) != 1)
return NULL;
if (b == NULL || b_len == 0)
return NULL;
@ -119,7 +119,7 @@ static InspectionBuffer *GetNtlmsspDomainData(DetectEngineThreadCtx *det_ctx,
uint32_t b_len = 0;
const uint8_t *b = NULL;
if (rs_smb_tx_get_ntlmssp_domain(txv, &b, &b_len) != 1)
if (SCSmbTxGetNtlmsspDomain(txv, &b, &b_len) != 1)
return NULL;
if (b == NULL || b_len == 0)
return NULL;

4
src/detect-smb-share.c
Unescape Escape View File

@ -64,7 +64,7 @@ static InspectionBuffer *GetNamedPipeData(DetectEngineThreadCtx *det_ctx,
uint32_t b_len = 0;
const uint8_t *b = NULL;
if (rs_smb_tx_get_named_pipe(txv, &b, &b_len) != 1)
if (SCSmbTxGetNamedPipe(txv, &b, &b_len) != 1)
return NULL;
if (b == NULL || b_len == 0)
return NULL;
@ -124,7 +124,7 @@ static InspectionBuffer *GetShareData(DetectEngineThreadCtx *det_ctx,
uint32_t b_len = 0;
const uint8_t *b = NULL;
if (rs_smb_tx_get_share(txv, &b, &b_len) != 1)
if (SCSmbTxGetShare(txv, &b, &b_len) != 1)
return NULL;
if (b == NULL || b_len == 0)
return NULL;

12
src/detect-smb-version.c
Unescape Escape View File

@ -47,12 +47,12 @@ static void DetectSmbVersionFree(DetectEngineCtx *de_ctx, void *ptr)
{
SCLogDebug("smb_version: DetectSmbVersionFree");
rs_smb_version_free(ptr);
SCSmbVersionFree(ptr);
}
/**
* \brief Creates a SigMatch for the "smb.version" keyword being sent as argument,
* and appends it to the rs_smb_version_match Signature(s).
* and appends it to the SCSmbVersionMatch Signature(s).
*
* \param de_ctx Pointer to the detection engine context.
* \param s Pointer to signature for the current Signature being parsed
@ -80,7 +80,7 @@ static int DetectSmbVersionSetup(DetectEngineCtx *de_ctx, Signature *s, const ch
return -1;
}
void *dod = rs_smb_version_parse(arg);
void *dod = SCSmbVersionParse(arg);
if (dod == NULL) {
SCLogError("Error parsing smb.version option in signature");
@ -117,13 +117,13 @@ static int DetectSmbVersionMatchRust(DetectEngineThreadCtx *det_ctx, Flow *f, ui
SCLogDebug("smb_version: DetectSmbVersionMatchRust");
int matchvalue = rs_smb_version_match(txv, (void *)m);
int matchvalue = SCSmbVersionMatch(txv, (void *)m);
if (matchvalue != 1) {
SCLogDebug("rs_smb_version_match: didn't match");
SCLogDebug("SCSmbVersionMatch: didn't match");
SCReturnInt(0);
} else {
SCLogDebug("rs_smb_version_match: matched!");
SCLogDebug("SCSmbVersionMatch: matched!");
return matchvalue;
}
}

4
src/output-json-smb.c
Unescape Escape View File

@ -37,7 +37,7 @@ bool EveSMBAddMetadata(const Flow *f, uint64_t tx_id, JsonBuilder *jb)
if (state) {
SMBTransaction *tx = AppLayerParserGetTx(f->proto, ALPROTO_SMB, state, tx_id);
if (tx) {
return rs_smb_log_json_response(jb, state, tx);
return SCSmbLogJsonResponse(jb, state, tx);
}
}
return false;
@ -54,7 +54,7 @@ static int JsonSMBLogger(ThreadVars *tv, void *thread_data,
}
jb_open_object(jb, "smb");
if (!rs_smb_log_json_response(jb, state, tx)) {
if (!SCSmbLogJsonResponse(jb, state, tx)) {
goto error;
}
jb_close(jb);

Write Preview
Loading…
Cancel
Save