From 018e46bfcf1e0c20b05a8e012026008ea7bd0376 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Tue, 1 Apr 2025 08:56:21 -0600 Subject: [PATCH] rust/smb: namespace and visibility cleanups Ticket: #7498 --- rust/src/smb/detect.rs | 22 ++++----- rust/src/smb/files.rs | 4 +- rust/src/smb/log.rs | 8 +-- rust/src/smb/smb.rs | 99 ++++++++++++++++---------------------- src/app-layer-smb.c | 4 +- src/detect-dce-iface.c | 6 +-- src/detect-dce-opnum.c | 2 +- src/detect-dce-stub-data.c | 2 +- src/detect-smb-ntlmssp.c | 4 +- src/detect-smb-share.c | 4 +- src/detect-smb-version.c | 12 ++--- src/output-json-smb.c | 4 +- 12 files changed, 75 insertions(+), 96 deletions(-) diff --git a/rust/src/smb/detect.rs b/rust/src/smb/detect.rs index cbe2454233..217411644d 100644 --- a/rust/src/smb/detect.rs +++ b/rust/src/smb/detect.rs @@ -25,7 +25,7 @@ use std::os::raw::{c_char, c_void}; use std::ptr; #[no_mangle] -pub unsafe extern "C" fn rs_smb_tx_get_share( +pub unsafe extern "C" fn SCSmbTxGetShare( tx: &SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32, ) -> u8 { if let Some(SMBTransactionTypeData::TREECONNECT(ref x)) = tx.type_data { @@ -43,7 +43,7 @@ pub unsafe extern "C" fn rs_smb_tx_get_share( } #[no_mangle] -pub unsafe extern "C" fn rs_smb_tx_get_named_pipe( +pub unsafe extern "C" fn SCSmbTxGetNamedPipe( tx: &SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32, ) -> u8 { if let Some(SMBTransactionTypeData::TREECONNECT(ref x)) = tx.type_data { @@ -61,7 +61,7 @@ pub unsafe extern "C" fn rs_smb_tx_get_named_pipe( } #[no_mangle] -pub unsafe extern "C" fn rs_smb_tx_get_stub_data( +pub unsafe extern "C" fn SCSmbTxGetStubData( tx: &SMBTransaction, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32, ) -> u8 { if let Some(SMBTransactionTypeData::DCERPC(ref x)) = tx.type_data { @@ -83,10 +83,10 @@ pub unsafe extern "C" fn rs_smb_tx_get_stub_data( } #[no_mangle] -pub extern "C" fn rs_smb_tx_match_dce_opnum( +pub extern "C" fn SCSmbTxMatchDceOpnum( tx: &SMBTransaction, dce_data: &mut DCEOpnumData, ) -> u8 { - SCLogDebug!("rs_smb_tx_get_dce_opnum: start"); + SCLogDebug!("SCSmbTxMatchDceOpnum: start"); if let Some(SMBTransactionTypeData::DCERPC(ref x)) = tx.type_data { if x.req_cmd == DCERPC_TYPE_REQUEST { for range in dce_data.data.iter() { @@ -109,7 +109,7 @@ pub extern "C" fn rs_smb_tx_match_dce_opnum( * dce_opnum and dce_stub_data) * - only match on approved ifaces (so ack_result == 0) */ #[no_mangle] -pub extern "C" fn rs_smb_tx_get_dce_iface( +pub extern "C" fn SCSmbTxGetDceIface( state: &mut SMBState, tx: &SMBTransaction, dce_data: &mut DCEIfaceData, ) -> u8 { let if_uuid = dce_data.if_uuid.as_slice(); @@ -151,7 +151,7 @@ pub extern "C" fn rs_smb_tx_get_dce_iface( } #[no_mangle] -pub unsafe extern "C" fn rs_smb_tx_get_ntlmssp_user( +pub unsafe extern "C" fn SCSmbTxGetNtlmsspUser( tx: &SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32, ) -> u8 { if let Some(SMBTransactionTypeData::SESSIONSETUP(ref x)) = tx.type_data { @@ -168,7 +168,7 @@ pub unsafe extern "C" fn rs_smb_tx_get_ntlmssp_user( } #[no_mangle] -pub unsafe extern "C" fn rs_smb_tx_get_ntlmssp_domain( +pub unsafe extern "C" fn SCSmbTxGetNtlmsspDomain( tx: &SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32, ) -> u8 { if let Some(SMBTransactionTypeData::SESSIONSETUP(ref x)) = tx.type_data { @@ -185,7 +185,7 @@ pub unsafe extern "C" fn rs_smb_tx_get_ntlmssp_domain( } #[no_mangle] -pub unsafe extern "C" fn rs_smb_version_match(tx: &SMBTransaction, version_data: &mut u8) -> u8 { +pub unsafe extern "C" fn SCSmbVersionMatch(tx: &SMBTransaction, version_data: &mut u8) -> u8 { let version = tx.vercmd.get_version(); SCLogDebug!("smb_version: version returned: {}", version); if version == *version_data { @@ -196,7 +196,7 @@ pub unsafe extern "C" fn rs_smb_version_match(tx: &SMBTransaction, version_data: } #[no_mangle] -pub unsafe extern "C" fn rs_smb_version_parse(carg: *const c_char) -> *mut c_void { +pub unsafe extern "C" fn SCSmbVersionParse(carg: *const c_char) -> *mut c_void { if carg.is_null() { return std::ptr::null_mut(); } @@ -224,7 +224,7 @@ fn parse_version_data(arg: &str) -> Result { } #[no_mangle] -pub unsafe extern "C" fn rs_smb_version_free(ptr: *mut c_void) { +pub unsafe extern "C" fn SCSmbVersionFree(ptr: *mut c_void) { std::mem::drop(Box::from_raw(ptr as *mut u8)); } diff --git a/rust/src/smb/files.rs b/rust/src/smb/files.rs index c68f3eb077..6f1ae23320 100644 --- a/rust/src/smb/files.rs +++ b/rust/src/smb/files.rs @@ -234,8 +234,8 @@ impl SMBState { } use crate::applayer::AppLayerGetFileState; -#[no_mangle] -pub unsafe extern "C" fn rs_smb_gettxfiles(tx: *mut std::ffi::c_void, direction: u8) -> AppLayerGetFileState { + +pub(super) unsafe extern "C" fn smb_gettxfiles(tx: *mut std::ffi::c_void, direction: u8) -> AppLayerGetFileState { let tx = cast_pointer!(tx, SMBTransaction); if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data { let tx_dir : u8 = tdf.direction.into(); diff --git a/rust/src/smb/log.rs b/rust/src/smb/log.rs index d6b68dd070..941e83466c 100644 --- a/rust/src/smb/log.rs +++ b/rust/src/smb/log.rs @@ -445,13 +445,7 @@ fn smb_common_header(jsb: &mut JsonBuilder, state: &SMBState, tx: &SMBTransactio } #[no_mangle] -pub extern "C" fn rs_smb_log_json_request(jsb: &mut JsonBuilder, state: &mut SMBState, tx: &SMBTransaction) -> bool -{ - smb_common_header(jsb, state, tx).is_ok() -} - -#[no_mangle] -pub extern "C" fn rs_smb_log_json_response(jsb: &mut JsonBuilder, state: &mut SMBState, tx: &SMBTransaction) -> bool +pub extern "C" fn SCSmbLogJsonResponse(jsb: &mut JsonBuilder, state: &mut SMBState, tx: &SMBTransaction) -> bool { smb_common_header(jsb, state, tx).is_ok() } diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index b60cf36420..6311fdea62 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -102,7 +102,7 @@ static mut SMB_MAX_TX: usize = 1024; pub static mut SURICATA_SMB_FILE_CONFIG: Option<&'static SuricataFileContext> = None; #[no_mangle] -pub extern "C" fn rs_smb_init(context: &'static mut SuricataFileContext) +pub extern "C" fn SCSmbInit(context: &'static mut SuricataFileContext) { unsafe { SURICATA_SMB_FILE_CONFIG = Some(context); @@ -1987,8 +1987,7 @@ impl SMBState { } /// Returns *mut SMBState -#[no_mangle] -pub extern "C" fn rs_smb_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void { +extern "C" fn smb_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void { let state = SMBState::new(); let boxed = Box::new(state); SCLogDebug!("allocating state"); @@ -1997,16 +1996,14 @@ pub extern "C" fn rs_smb_state_new(_orig_state: *mut std::os::raw::c_void, _orig /// Params: /// - state: *mut SMBState as void pointer -#[no_mangle] -pub extern "C" fn rs_smb_state_free(state: *mut std::os::raw::c_void) { +extern "C" fn smb_state_free(state: *mut std::os::raw::c_void) { SCLogDebug!("freeing state"); let mut smb_state = unsafe { Box::from_raw(state as *mut SMBState) }; smb_state.free(); } /// C binding parse a SMB request. Returns 1 on success, -1 on failure. -#[no_mangle] -pub unsafe extern "C" fn rs_smb_parse_request_tcp(flow: *const Flow, +unsafe extern "C" fn smb_parse_request_tcp(flow: *const Flow, state: *mut ffi::c_void, _pstate: *mut std::os::raw::c_void, stream_slice: StreamSlice, @@ -2018,7 +2015,7 @@ pub unsafe extern "C" fn rs_smb_parse_request_tcp(flow: *const Flow, let flow = cast_pointer!(flow, Flow); if stream_slice.is_gap() { - return rs_smb_parse_request_tcp_gap(state, stream_slice.gap_size()); + return smb_parse_request_tcp_gap(state, stream_slice.gap_size()); } SCLogDebug!("parsing {} bytes of request data", stream_slice.len()); @@ -2032,8 +2029,7 @@ pub unsafe extern "C" fn rs_smb_parse_request_tcp(flow: *const Flow, state.parse_tcp_data_ts(flow, &stream_slice) } -#[no_mangle] -pub extern "C" fn rs_smb_parse_request_tcp_gap( +extern "C" fn smb_parse_request_tcp_gap( state: &mut SMBState, input_len: u32) -> AppLayerResult @@ -2042,8 +2038,7 @@ pub extern "C" fn rs_smb_parse_request_tcp_gap( } -#[no_mangle] -pub unsafe extern "C" fn rs_smb_parse_response_tcp(flow: *const Flow, +unsafe extern "C" fn smb_parse_response_tcp(flow: *const Flow, state: *mut ffi::c_void, _pstate: *mut std::os::raw::c_void, stream_slice: StreamSlice, @@ -2055,7 +2050,7 @@ pub unsafe extern "C" fn rs_smb_parse_response_tcp(flow: *const Flow, let flow = cast_pointer!(flow, Flow); if stream_slice.is_gap() { - return rs_smb_parse_response_tcp_gap(state, stream_slice.gap_size()); + return smb_parse_response_tcp_gap(state, stream_slice.gap_size()); } /* START with MISTREAM set: record might be starting the middle. */ @@ -2067,8 +2062,7 @@ pub unsafe extern "C" fn rs_smb_parse_response_tcp(flow: *const Flow, state.parse_tcp_data_tc(flow, &stream_slice) } -#[no_mangle] -pub extern "C" fn rs_smb_parse_response_tcp_gap( +extern "C" fn smb_parse_response_tcp_gap( state: &mut SMBState, input_len: u32) -> AppLayerResult @@ -2173,8 +2167,7 @@ fn smb_probe_tcp(flags: u8, slice: &[u8], rdir: *mut u8, begins: bool) -> AppPro // probing confirmation parser // return 1 if found, 0 is not found -#[no_mangle] -pub unsafe extern "C" fn rs_smb_probe_begins_tcp(_f: *const Flow, +unsafe extern "C" fn smb_probe_begins_tcp(_f: *const Flow, flags: u8, input: *const u8, len: u32, rdir: *mut u8) -> AppProto { @@ -2187,8 +2180,7 @@ pub unsafe extern "C" fn rs_smb_probe_begins_tcp(_f: *const Flow, // probing parser // return 1 if found, 0 is not found -#[no_mangle] -pub unsafe extern "C" fn rs_smb_probe_tcp(_f: *const Flow, +unsafe extern "C" fn c_smb_probe_tcp(_f: *const Flow, flags: u8, input: *const u8, len: u32, rdir: *mut u8) -> AppProto { @@ -2199,17 +2191,15 @@ pub unsafe extern "C" fn rs_smb_probe_tcp(_f: *const Flow, return smb_probe_tcp(flags, slice, rdir, false); } -#[no_mangle] -pub unsafe extern "C" fn rs_smb_state_get_tx_count(state: *mut ffi::c_void) +unsafe extern "C" fn smb_state_get_tx_count(state: *mut ffi::c_void) -> u64 { let state = cast_pointer!(state, SMBState); - SCLogDebug!("rs_smb_state_get_tx_count: returning {}", state.tx_id); + SCLogDebug!("smb_state_get_tx_count: returning {}", state.tx_id); return state.tx_id; } -#[no_mangle] -pub unsafe extern "C" fn rs_smb_state_get_tx(state: *mut ffi::c_void, +unsafe extern "C" fn smb_state_get_tx(state: *mut ffi::c_void, tx_id: u64) -> *mut ffi::c_void { @@ -2224,8 +2214,7 @@ pub unsafe extern "C" fn rs_smb_state_get_tx(state: *mut ffi::c_void, } } -#[no_mangle] -pub unsafe extern "C" fn rs_smb_state_tx_free(state: *mut ffi::c_void, +unsafe extern "C" fn smb_state_tx_free(state: *mut ffi::c_void, tx_id: u64) { let state = cast_pointer!(state, SMBState); @@ -2233,8 +2222,7 @@ pub unsafe extern "C" fn rs_smb_state_tx_free(state: *mut ffi::c_void, state.free_tx(tx_id); } -#[no_mangle] -pub unsafe extern "C" fn rs_smb_tx_get_alstate_progress(tx: *mut ffi::c_void, +unsafe extern "C" fn smb_tx_get_alstate_progress(tx: *mut ffi::c_void, direction: u8) -> i32 { @@ -2253,10 +2241,9 @@ pub unsafe extern "C" fn rs_smb_tx_get_alstate_progress(tx: *mut ffi::c_void, } -export_state_data_get!(rs_smb_get_state_data, SMBState); +export_state_data_get!(smb_get_state_data, SMBState); -#[no_mangle] -pub unsafe extern "C" fn rs_smb_get_tx_data( +unsafe extern "C" fn smb_get_tx_data( tx: *mut std::os::raw::c_void) -> *mut AppLayerTxData { @@ -2264,8 +2251,7 @@ pub unsafe extern "C" fn rs_smb_get_tx_data( return &mut tx.tx_data; } -#[no_mangle] -pub unsafe extern "C" fn rs_smb_state_get_event_info_by_id( +unsafe extern "C" fn smb_state_get_event_info_by_id( event_id: u8, event_name: *mut *const std::os::raw::c_char, event_type: *mut AppLayerEventType, @@ -2273,8 +2259,7 @@ pub unsafe extern "C" fn rs_smb_state_get_event_info_by_id( SMBEvent::get_event_info_by_id(event_id, event_name, event_type) } -#[no_mangle] -pub unsafe extern "C" fn rs_smb_state_get_event_info( +unsafe extern "C" fn smb_state_get_event_info( event_name: *const std::os::raw::c_char, event_id: *mut u8, event_type: *mut AppLayerEventType, @@ -2282,8 +2267,8 @@ pub unsafe extern "C" fn rs_smb_state_get_event_info( SMBEvent::get_event_info(event_name, event_id, event_type) } -pub unsafe extern "C" fn smb3_probe_tcp(f: *const Flow, dir: u8, input: *const u8, len: u32, rdir: *mut u8) -> u16 { - let retval = rs_smb_probe_tcp(f, dir, input, len, rdir); +unsafe extern "C" fn smb3_probe_tcp(f: *const Flow, dir: u8, input: *const u8, len: u32, rdir: *mut u8) -> u16 { + let retval = c_smb_probe_tcp(f, dir, input, len, rdir); let f = cast_pointer!(f, Flow); if retval != ALPROTO_SMB { return retval; @@ -2311,17 +2296,17 @@ fn register_pattern_probe() -> i8 { // SMB1 r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB, b"|ff|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4, - Direction::ToServer as u8, rs_smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE); + Direction::ToServer as u8, smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE); r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB, b"|ff|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4, - Direction::ToClient as u8, rs_smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE); + Direction::ToClient as u8, smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE); // SMB2/3 r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB, b"|fe|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4, - Direction::ToServer as u8, rs_smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE); + Direction::ToServer as u8, smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE); r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB, b"|fe|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4, - Direction::ToClient as u8, rs_smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE); + Direction::ToClient as u8, smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE); // SMB3 encrypted records r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB, b"|fd|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4, @@ -2342,7 +2327,7 @@ fn register_pattern_probe() -> i8 { const PARSER_NAME: &[u8] = b"smb\0"; #[no_mangle] -pub unsafe extern "C" fn rs_smb_register_parser() { +pub unsafe extern "C" fn SCRegisterSmbParser() { let default_port = CString::new("445").unwrap(); let mut stream_depth = SMB_CONFIG_DEFAULT_STREAM_DEPTH; let parser = RustParser { @@ -2353,24 +2338,24 @@ pub unsafe extern "C" fn rs_smb_register_parser() { probe_tc: None, min_depth: 0, max_depth: 16, - state_new: rs_smb_state_new, - state_free: rs_smb_state_free, - tx_free: rs_smb_state_tx_free, - parse_ts: rs_smb_parse_request_tcp, - parse_tc: rs_smb_parse_response_tcp, - get_tx_count: rs_smb_state_get_tx_count, - get_tx: rs_smb_state_get_tx, + state_new: smb_state_new, + state_free: smb_state_free, + tx_free: smb_state_tx_free, + parse_ts: smb_parse_request_tcp, + parse_tc: smb_parse_response_tcp, + get_tx_count: smb_state_get_tx_count, + get_tx: smb_state_get_tx, tx_comp_st_ts: 1, tx_comp_st_tc: 1, - tx_get_progress: rs_smb_tx_get_alstate_progress, - get_eventinfo: Some(rs_smb_state_get_event_info), - get_eventinfo_byid : Some(rs_smb_state_get_event_info_by_id), + tx_get_progress: smb_tx_get_alstate_progress, + get_eventinfo: Some(smb_state_get_event_info), + get_eventinfo_byid : Some(smb_state_get_event_info_by_id), localstorage_new: None, localstorage_free: None, - get_tx_files: Some(rs_smb_gettxfiles), + get_tx_files: Some(smb_gettxfiles), get_tx_iterator: Some(applayer::state_get_tx_iterator::), - get_tx_data: rs_smb_get_tx_data, - get_state_data: rs_smb_get_state_data, + get_tx_data: smb_get_tx_data, + get_state_data: smb_get_state_data, apply_tx_config: None, flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS, get_frame_id_by_name: Some(SMBFrameType::ffi_id_from_name), @@ -2392,11 +2377,11 @@ pub unsafe extern "C" fn rs_smb_register_parser() { let have_cfg = AppLayerProtoDetectPPParseConfPorts(ip_proto_str.as_ptr(), IPPROTO_TCP, parser.name, ALPROTO_SMB, 0, - MIN_REC_SIZE, rs_smb_probe_tcp, rs_smb_probe_tcp); + MIN_REC_SIZE, c_smb_probe_tcp, c_smb_probe_tcp); if have_cfg == 0 { AppLayerProtoDetectPPRegister(IPPROTO_TCP, default_port.as_ptr(), ALPROTO_SMB, - 0, MIN_REC_SIZE, Direction::ToServer as u8, rs_smb_probe_tcp, rs_smb_probe_tcp); + 0, MIN_REC_SIZE, Direction::ToServer as u8, c_smb_probe_tcp, c_smb_probe_tcp); } if AppLayerParserConfParserEnabled( diff --git a/src/app-layer-smb.c b/src/app-layer-smb.c index 87ab1affb2..10bf690635 100644 --- a/src/app-layer-smb.c +++ b/src/app-layer-smb.c @@ -44,8 +44,8 @@ static void SMBParserRegisterTests(void); void RegisterSMBParsers(void) { - rs_smb_init(&sfc); - rs_smb_register_parser(); + SCSmbInit(&sfc); + SCRegisterSmbParser(); #ifdef UNITTESTS AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_SMB, SMBParserRegisterTests); diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c index 63c362d01e..d731aaebdf 100644 --- a/src/detect-dce-iface.c +++ b/src/detect-dce-iface.c @@ -112,10 +112,10 @@ static int DetectDceIfaceMatchRust(DetectEngineThreadCtx *det_ctx, int ret = 0; - if (rs_smb_tx_get_dce_iface(f->alstate, txv, (void *)m) != 1) { - SCLogDebug("rs_smb_tx_get_dce_iface: didn't match"); + if (SCSmbTxGetDceIface(f->alstate, txv, (void *)m) != 1) { + SCLogDebug("SCSmbTxGetDceIface: didn't match"); } else { - SCLogDebug("rs_smb_tx_get_dce_iface: matched!"); + SCLogDebug("SCSmbTxGetDceIface: matched!"); ret = 1; // TODO validate frag } diff --git a/src/detect-dce-opnum.c b/src/detect-dce-opnum.c index 6463bafeb6..3073672456 100644 --- a/src/detect-dce-opnum.c +++ b/src/detect-dce-opnum.c @@ -106,7 +106,7 @@ static int DetectDceOpnumMatchRust(DetectEngineThreadCtx *det_ctx, return SCDcerpcOpnumMatch(txv, (void *)m); } - if (rs_smb_tx_match_dce_opnum(txv, (void *)m) != 1) + if (SCSmbTxMatchDceOpnum(txv, (void *)m) != 1) SCReturnInt(0); SCReturnInt(1); diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c index 98e9bd4219..9005806e9d 100644 --- a/src/detect-dce-stub-data.c +++ b/src/detect-dce-stub-data.c @@ -75,7 +75,7 @@ static InspectionBuffer *GetSMBData(DetectEngineThreadCtx *det_ctx, uint32_t data_len = 0; const uint8_t *data = NULL; uint8_t dir = flow_flags & (STREAM_TOSERVER|STREAM_TOCLIENT); - if (rs_smb_tx_get_stub_data(txv, dir, &data, &data_len) != 1) + if (SCSmbTxGetStubData(txv, dir, &data, &data_len) != 1) return NULL; SCLogDebug("have data!"); diff --git a/src/detect-smb-ntlmssp.c b/src/detect-smb-ntlmssp.c index efcc6f111d..b6d07ded3e 100644 --- a/src/detect-smb-ntlmssp.c +++ b/src/detect-smb-ntlmssp.c @@ -63,7 +63,7 @@ static InspectionBuffer *GetNtlmsspUserData(DetectEngineThreadCtx *det_ctx, uint32_t b_len = 0; const uint8_t *b = NULL; - if (rs_smb_tx_get_ntlmssp_user(txv, &b, &b_len) != 1) + if (SCSmbTxGetNtlmsspUser(txv, &b, &b_len) != 1) return NULL; if (b == NULL || b_len == 0) return NULL; @@ -119,7 +119,7 @@ static InspectionBuffer *GetNtlmsspDomainData(DetectEngineThreadCtx *det_ctx, uint32_t b_len = 0; const uint8_t *b = NULL; - if (rs_smb_tx_get_ntlmssp_domain(txv, &b, &b_len) != 1) + if (SCSmbTxGetNtlmsspDomain(txv, &b, &b_len) != 1) return NULL; if (b == NULL || b_len == 0) return NULL; diff --git a/src/detect-smb-share.c b/src/detect-smb-share.c index 36bca26a16..22a3e72f99 100644 --- a/src/detect-smb-share.c +++ b/src/detect-smb-share.c @@ -64,7 +64,7 @@ static InspectionBuffer *GetNamedPipeData(DetectEngineThreadCtx *det_ctx, uint32_t b_len = 0; const uint8_t *b = NULL; - if (rs_smb_tx_get_named_pipe(txv, &b, &b_len) != 1) + if (SCSmbTxGetNamedPipe(txv, &b, &b_len) != 1) return NULL; if (b == NULL || b_len == 0) return NULL; @@ -124,7 +124,7 @@ static InspectionBuffer *GetShareData(DetectEngineThreadCtx *det_ctx, uint32_t b_len = 0; const uint8_t *b = NULL; - if (rs_smb_tx_get_share(txv, &b, &b_len) != 1) + if (SCSmbTxGetShare(txv, &b, &b_len) != 1) return NULL; if (b == NULL || b_len == 0) return NULL; diff --git a/src/detect-smb-version.c b/src/detect-smb-version.c index e33001d55b..5b9545e6e2 100644 --- a/src/detect-smb-version.c +++ b/src/detect-smb-version.c @@ -47,12 +47,12 @@ static void DetectSmbVersionFree(DetectEngineCtx *de_ctx, void *ptr) { SCLogDebug("smb_version: DetectSmbVersionFree"); - rs_smb_version_free(ptr); + SCSmbVersionFree(ptr); } /** * \brief Creates a SigMatch for the "smb.version" keyword being sent as argument, - * and appends it to the rs_smb_version_match Signature(s). + * and appends it to the SCSmbVersionMatch Signature(s). * * \param de_ctx Pointer to the detection engine context. * \param s Pointer to signature for the current Signature being parsed @@ -80,7 +80,7 @@ static int DetectSmbVersionSetup(DetectEngineCtx *de_ctx, Signature *s, const ch return -1; } - void *dod = rs_smb_version_parse(arg); + void *dod = SCSmbVersionParse(arg); if (dod == NULL) { SCLogError("Error parsing smb.version option in signature"); @@ -117,13 +117,13 @@ static int DetectSmbVersionMatchRust(DetectEngineThreadCtx *det_ctx, Flow *f, ui SCLogDebug("smb_version: DetectSmbVersionMatchRust"); - int matchvalue = rs_smb_version_match(txv, (void *)m); + int matchvalue = SCSmbVersionMatch(txv, (void *)m); if (matchvalue != 1) { - SCLogDebug("rs_smb_version_match: didn't match"); + SCLogDebug("SCSmbVersionMatch: didn't match"); SCReturnInt(0); } else { - SCLogDebug("rs_smb_version_match: matched!"); + SCLogDebug("SCSmbVersionMatch: matched!"); return matchvalue; } } diff --git a/src/output-json-smb.c b/src/output-json-smb.c index 4be1fce93e..2b74b051dd 100644 --- a/src/output-json-smb.c +++ b/src/output-json-smb.c @@ -37,7 +37,7 @@ bool EveSMBAddMetadata(const Flow *f, uint64_t tx_id, JsonBuilder *jb) if (state) { SMBTransaction *tx = AppLayerParserGetTx(f->proto, ALPROTO_SMB, state, tx_id); if (tx) { - return rs_smb_log_json_response(jb, state, tx); + return SCSmbLogJsonResponse(jb, state, tx); } } return false; @@ -54,7 +54,7 @@ static int JsonSMBLogger(ThreadVars *tv, void *thread_data, } jb_open_object(jb, "smb"); - if (!rs_smb_log_json_response(jb, state, tx)) { + if (!SCSmbLogJsonResponse(jb, state, tx)) { goto error; } jb_close(jb);