|
|
|
|
@ -30,6 +30,7 @@ static mut G_SDP_ORIGIN_BUFFER_ID: c_int = 0;
|
|
|
|
|
static mut G_SDP_SESSION_NAME_BUFFER_ID: c_int = 0;
|
|
|
|
|
static mut G_SDP_SESSION_INFO_BUFFER_ID: c_int = 0;
|
|
|
|
|
static mut G_SDP_URI_BUFFER_ID: c_int = 0;
|
|
|
|
|
static mut G_SDP_EMAIL_BUFFER_ID: c_int = 0;
|
|
|
|
|
|
|
|
|
|
unsafe extern "C" fn sdp_session_name_setup(
|
|
|
|
|
de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
|
|
|
|
|
@ -221,6 +222,53 @@ unsafe extern "C" fn sdp_uri_get_data(
|
|
|
|
|
false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
unsafe extern "C" fn sdp_email_setup(
|
|
|
|
|
de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
|
|
|
|
|
) -> c_int {
|
|
|
|
|
if DetectSignatureSetAppProto(s, ALPROTO_SIP) != 0 {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if DetectBufferSetActiveList(de, s, G_SDP_EMAIL_BUFFER_ID) < 0 {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
unsafe extern "C" fn sdp_email_get(
|
|
|
|
|
de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
|
|
|
|
|
tx: *const c_void, list_id: c_int,
|
|
|
|
|
) -> *mut c_void {
|
|
|
|
|
return DetectHelperGetData(
|
|
|
|
|
de,
|
|
|
|
|
transforms,
|
|
|
|
|
flow,
|
|
|
|
|
flow_flags,
|
|
|
|
|
tx,
|
|
|
|
|
list_id,
|
|
|
|
|
sdp_email_get_data,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
unsafe extern "C" fn sdp_email_get_data(
|
|
|
|
|
tx: *const c_void, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
|
|
|
|
|
) -> bool {
|
|
|
|
|
let tx = cast_pointer!(tx, SIPTransaction);
|
|
|
|
|
let sdp_option = match direction.into() {
|
|
|
|
|
Direction::ToServer => tx.request.as_ref().and_then(|req| req.body.as_ref()),
|
|
|
|
|
Direction::ToClient => tx.response.as_ref().and_then(|resp| resp.body.as_ref()),
|
|
|
|
|
};
|
|
|
|
|
if let Some(sdp) = sdp_option {
|
|
|
|
|
if let Some(ref e) = sdp.email {
|
|
|
|
|
*buffer = e.as_ptr();
|
|
|
|
|
*buffer_len = e.len() as u32;
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
*buffer = ptr::null();
|
|
|
|
|
*buffer_len = 0;
|
|
|
|
|
false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[no_mangle]
|
|
|
|
|
pub unsafe extern "C" fn ScDetectSdpRegister() {
|
|
|
|
|
let kw = SCSigTableElmt {
|
|
|
|
|
@ -297,4 +345,22 @@ pub unsafe extern "C" fn ScDetectSdpRegister() {
|
|
|
|
|
true,
|
|
|
|
|
sdp_uri_get,
|
|
|
|
|
);
|
|
|
|
|
let kw = SCSigTableElmt {
|
|
|
|
|
name: b"sdp.email\0".as_ptr() as *const libc::c_char,
|
|
|
|
|
desc: b"sticky buffer to match on the SDP email field\0".as_ptr() as *const libc::c_char,
|
|
|
|
|
url: b"/rules/sdp-keywords.html#sdp-email\0".as_ptr() as *const libc::c_char,
|
|
|
|
|
Setup: sdp_email_setup,
|
|
|
|
|
flags: SIGMATCH_NOOPT,
|
|
|
|
|
AppLayerTxMatch: None,
|
|
|
|
|
Free: None,
|
|
|
|
|
};
|
|
|
|
|
let _ = DetectHelperKeywordRegister(&kw);
|
|
|
|
|
G_SDP_EMAIL_BUFFER_ID = DetectHelperBufferMpmRegister(
|
|
|
|
|
b"sdp.email\0".as_ptr() as *const libc::c_char,
|
|
|
|
|
b"sdp.email\0".as_ptr() as *const libc::c_char,
|
|
|
|
|
ALPROTO_SIP,
|
|
|
|
|
true,
|
|
|
|
|
true,
|
|
|
|
|
sdp_email_get,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
Giuseppe Longo
10 months ago
committed by
Victor Julien