From 647e878f7cec255c4f634dd1d9e27cd26f6aa9fb Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Fri, 5 Apr 2024 13:37:46 +0200 Subject: [PATCH] detect: helper function for multibuffer --- rust/src/http2/detect.rs | 8 ++++---- src/detect-engine-helper.c | 25 +++++++++++++++++++++++++ src/detect-engine-helper.h | 6 ++++++ src/detect-http2.c | 27 +++------------------------ 4 files changed, 38 insertions(+), 28 deletions(-) diff --git a/rust/src/http2/detect.rs b/rust/src/http2/detect.rs index 0e7cee8757..1879ac69d5 100644 --- a/rust/src/http2/detect.rs +++ b/rust/src/http2/detect.rs @@ -359,7 +359,7 @@ pub unsafe extern "C" fn rs_http2_detect_sizeupdatectx_match( #[no_mangle] pub unsafe extern "C" fn rs_http2_tx_get_header_name( tx: &mut HTTP2Transaction, direction: u8, nb: u32, buffer: *mut *const u8, buffer_len: *mut u32, -) -> u8 { +) -> bool { let mut pos = 0_u32; match direction.into() { Direction::ToServer => { @@ -369,7 +369,7 @@ pub unsafe extern "C" fn rs_http2_tx_get_header_name( let value = &blocks[(nb - pos) as usize].name; *buffer = value.as_ptr(); //unsafe *buffer_len = value.len() as u32; - return 1; + return true; } else { pos += blocks.len() as u32; } @@ -383,7 +383,7 @@ pub unsafe extern "C" fn rs_http2_tx_get_header_name( let value = &blocks[(nb - pos) as usize].name; *buffer = value.as_ptr(); //unsafe *buffer_len = value.len() as u32; - return 1; + return true; } else { pos += blocks.len() as u32; } @@ -391,7 +391,7 @@ pub unsafe extern "C" fn rs_http2_tx_get_header_name( } } } - return 0; + return false; } fn http2_frames_get_header_firstvalue<'a>( diff --git a/src/detect-engine-helper.c b/src/detect-engine-helper.c index 0b7c9ccb20..9b58864881 100644 --- a/src/detect-engine-helper.c +++ b/src/detect-engine-helper.c @@ -28,6 +28,7 @@ #include "detect-engine-mpm.h" #include "detect-engine-prefilter.h" #include "detect-parse.h" +#include "detect-engine-content-inspection.h" int DetectHelperBufferRegister(const char *name, AppProto alproto, bool toclient, bool toserver) { @@ -105,3 +106,27 @@ int DetectHelperKeywordRegister(const SCSigTableElmt *kw) DETECT_TBLSIZE_IDX++; return DETECT_TBLSIZE_IDX - 1; } + +InspectionBuffer *DetectHelperGetMultiData(struct DetectEngineThreadCtx_ *det_ctx, + const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, + const int list_id, uint32_t index, MultiGetTxBuffer GetBuf) +{ + InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index); + if (buffer == NULL) { + return NULL; + } + if (buffer->initialized) { + return buffer; + } + + const uint8_t *data = NULL; + uint32_t data_len = 0; + + if (!GetBuf(txv, flow_flags, index, &data, &data_len)) { + InspectionBufferSetupMultiEmpty(buffer); + return NULL; + } + InspectionBufferSetupMulti(buffer, transforms, data, data_len); + buffer->flags = DETECT_CI_FLAGS_SINGLE; + return buffer; +} diff --git a/src/detect-engine-helper.h b/src/detect-engine-helper.h index bd8fe6cce5..5a2c49e1b0 100644 --- a/src/detect-engine-helper.h +++ b/src/detect-engine-helper.h @@ -32,10 +32,16 @@ int DetectHelperKeywordRegister(const SCSigTableElmt *kw); int DetectHelperBufferRegister(const char *name, AppProto alproto, bool toclient, bool toserver); typedef bool (*SimpleGetTxBuffer)(void *, uint8_t, const uint8_t **, uint32_t *); +typedef bool (*MultiGetTxBuffer)(void *, uint8_t, uint32_t, const uint8_t **, uint32_t *); + InspectionBuffer *DetectHelperGetData(struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, const int list_id, SimpleGetTxBuffer GetBuf); int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto, bool toclient, bool toserver, InspectionBufferGetDataPtr GetData); +InspectionBuffer *DetectHelperGetMultiData(struct DetectEngineThreadCtx_ *det_ctx, + const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, + const int list_id, uint32_t index, MultiGetTxBuffer GetBuf); + #endif /* SURICATA_DETECT_ENGINE_HELPER_H */ diff --git a/src/detect-http2.c b/src/detect-http2.c index 113fb1af3f..4d954a5ac9 100644 --- a/src/detect-http2.c +++ b/src/detect-http2.c @@ -33,6 +33,7 @@ #include "detect-engine-mpm.h" #include "detect-engine-prefilter.h" #include "detect-engine-content-inspection.h" +#include "detect-engine-helper.h" #include "detect-http2.h" #include "util-byte.h" @@ -102,30 +103,8 @@ static InspectionBuffer *GetHttp2HNameData(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *_f, const uint8_t flags, void *txv, int list_id, uint32_t local_id) { - SCEnter(); - - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id); - if (buffer == NULL) - return NULL; - if (buffer->initialized) - return buffer; - - uint32_t b_len = 0; - const uint8_t *b = NULL; - - if (rs_http2_tx_get_header_name(txv, flags, local_id, &b, &b_len) != 1) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; - } - if (b == NULL || b_len == 0) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; - } - - InspectionBufferSetupMulti(buffer, transforms, b, b_len); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - - SCReturnPtr(buffer, "InspectionBuffer"); + return DetectHelperGetMultiData(det_ctx, transforms, _f, flags, txv, list_id, local_id, + (MultiGetTxBuffer)rs_http2_tx_get_header_name); } void DetectHttp2Register(void)