aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rust: bindgen SCDetectHelperBufferMpmRegister

Browse Source 
Ticket: 7667
pull/13251/head
Philippe Antoine 4 months ago committed by Victor Julien
parent e2603fa820
commit dc20129195
19 changed files with 124 additions and 121 deletions
Show Stats Download Patch File Download Diff File

13
examples/plugins/altemplate/src/detect.rs
Unescape Escape View File

@ -23,13 +23,14 @@
use super::template::{TemplateTransaction, ALPROTO_TEMPLATE};
use std::os::raw::{c_int, c_void};
use suricata::cast_pointer;
use suricata::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use suricata::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
};
use suricata::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use suricata::direction::Direction;
use suricata_sys::sys::{DetectEngineCtx, SCDetectBufferSetActiveList, Signature};
use suricata_sys::sys::{
DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferMpmRegister, Signature,
};
static mut G_TEMPLATE_BUFFER_BUFFER_ID: c_int = 0;
@ -75,11 +76,11 @@ pub(super) unsafe extern "C" fn detect_template_register() {
setup: template_buffer_setup,
};
let _g_template_buffer_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_TEMPLATE_BUFFER_BUFFER_ID = DetectHelperBufferMpmRegister(
G_TEMPLATE_BUFFER_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"altemplate.buffer\0".as_ptr() as *const libc::c_char,
b"template.buffer intern description\0".as_ptr() as *const libc::c_char,
ALPROTO_TEMPLATE,
STREAM_TOSERVER | STREAM_TOCLIENT,
template_buffer_get,
Some(template_buffer_get),
);
}

4
examples/plugins/altemplate/src/template.rs
Unescape Escape View File

@ -282,9 +282,7 @@ unsafe extern "C" fn template_probing_parser(
return ALPROTO_UNKNOWN;
}
extern "C" fn template_state_new(
_orig_state: *mut c_void, _orig_proto: AppProto,
) -> *mut c_void {
extern "C" fn template_state_new(_orig_state: *mut c_void, _orig_proto: AppProto) -> *mut c_void {
let state = TemplateState::new();
let boxed = Box::new(state);
return Box::into_raw(boxed) as *mut c_void;

11
rust/src/applayertemplate/detect.rs
Unescape Escape View File

@ -21,12 +21,13 @@ use crate::conf::conf_get_node;
/* TEMPLATE_END_REMOVE */
use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
};
use crate::direction::Direction;
use std::os::raw::{c_int, c_void};
use suricata_sys::sys::{DetectEngineCtx, SCDetectBufferSetActiveList, Signature};
use suricata_sys::sys::{
DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferMpmRegister, Signature,
};
static mut G_TEMPLATE_BUFFER_BUFFER_ID: c_int = 0;
@ -78,11 +79,11 @@ pub unsafe extern "C" fn SCDetectTemplateRegister() {
setup: template_buffer_setup,
};
let _g_template_buffer_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_TEMPLATE_BUFFER_BUFFER_ID = DetectHelperBufferMpmRegister(
G_TEMPLATE_BUFFER_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"template.buffer\0".as_ptr() as *const libc::c_char,
b"template.buffer intern description\0".as_ptr() as *const libc::c_char,
ALPROTO_TEMPLATE,
STREAM_TOSERVER | STREAM_TOCLIENT,
template_buffer_get,
Some(template_buffer_get),
);
}

9
rust/src/detect/mod.rs
Unescape Escape View File

@ -120,15 +120,6 @@ pub const SIGMATCH_INFO_STICKY_BUFFER: u16 = 0x200; // BIT_U16(9)
/// cbindgen:ignore
extern "C" {
pub fn DetectHelperBufferMpmRegister(
name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, dir: u8,
get_data: unsafe extern "C" fn(
*const c_void,
u8,
*mut *const u8,
*mut u32,
) -> bool,
) -> c_int;
// from detect-parse.h
pub fn DetectSignatureSetAppProto(s: *mut Signature, alproto: AppProto) -> c_int;
pub fn SigMatchAppendSMToList(

16
rust/src/enip/detect.rs
Unescape Escape View File

@ -36,13 +36,13 @@ use crate::detect::uint::{
SCDetectU8Match, SCDetectU8Parse,
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigMatchAppendSMToList,
SigTableElmtStickyBuffer,
};
use suricata_sys::sys::{
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt,
SigMatchCtx, Signature,
SCDetectHelperBufferMpmRegister, SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister,
SCSigTableAppLiteElmt, SigMatchCtx, Signature,
};
use crate::direction::Direction;
@ -1571,12 +1571,12 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
setup: product_name_setup,
};
let _g_enip_product_name_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_ENIP_PRODUCT_NAME_BUFFER_ID = DetectHelperBufferMpmRegister(
G_ENIP_PRODUCT_NAME_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"enip.product_name\0".as_ptr() as *const libc::c_char,
b"ENIP product name\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
STREAM_TOSERVER | STREAM_TOCLIENT,
product_name_get_data,
Some(product_name_get_data),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("enip.service_name"),
@ -1585,12 +1585,12 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
setup: service_name_setup,
};
let _g_enip_service_name_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_ENIP_SERVICE_NAME_BUFFER_ID = DetectHelperBufferMpmRegister(
G_ENIP_SERVICE_NAME_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"enip.service_name\0".as_ptr() as *const libc::c_char,
b"ENIP service name\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
STREAM_TOSERVER | STREAM_TOCLIENT,
service_name_get_data,
Some(service_name_get_data),
);
}

10
rust/src/ldap/detect.rs
Unescape Escape View File

@ -22,13 +22,13 @@ use crate::detect::uint::{
SCDetectU8Free,
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigMatchAppendSMToList,
SigTableElmtStickyBuffer,
};
use crate::ldap::types::{LdapMessage, LdapResultCode, ProtocolOp, ProtocolOpCode};
use suricata_sys::sys::{
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister,
SCDetectHelperBufferMpmRegister, SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister,
SCDetectHelperMultiBufferMpmRegister, SCSigTableAppLiteElmt, SigMatchCtx, Signature,
};
@ -675,12 +675,12 @@ pub unsafe extern "C" fn SCDetectLdapRegister() {
setup: ldap_detect_request_dn_setup,
};
let _g_ldap_request_dn_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_LDAP_REQUEST_DN_BUFFER_ID = DetectHelperBufferMpmRegister(
G_LDAP_REQUEST_DN_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"ldap.request.dn\0".as_ptr() as *const libc::c_char,
b"LDAP REQUEST DISTINGUISHED_NAME\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
STREAM_TOSERVER,
ldap_detect_request_dn_get_data,
Some(ldap_detect_request_dn_get_data),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("ldap.responses.dn"),

38
rust/src/mqtt/detect.rs
Unescape Escape View File

@ -23,12 +23,12 @@ use crate::detect::uint::{
SCDetectU8Free, SCDetectU8Parse,
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigMatchAppendSMToList,
SigTableElmtStickyBuffer,
};
use suricata_sys::sys::{
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister,
SCDetectHelperBufferMpmRegister, SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister,
SCDetectHelperMultiBufferMpmRegister, SCSigTableAppLiteElmt, SigMatchCtx, Signature,
};
@ -1071,12 +1071,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
setup: mqtt_pub_topic_setup,
};
let _g_mqtt_pub_topic_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_MQTT_PUB_TOPIC_BUFFER_ID = DetectHelperBufferMpmRegister(
G_MQTT_PUB_TOPIC_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"mqtt.publish.topic\0".as_ptr() as *const libc::c_char,
b"MQTT PUBLISH topic\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
STREAM_TOSERVER | STREAM_TOCLIENT,
mqtt_pub_topic_get_data,
Some(mqtt_pub_topic_get_data),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("mqtt.publish.message"),
@ -1085,12 +1085,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
setup: mqtt_pub_msg_setup,
};
let _g_mqtt_pub_msg_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_MQTT_PUB_MSG_BUFFER_ID = DetectHelperBufferMpmRegister(
G_MQTT_PUB_MSG_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"mqtt.publish.message\0".as_ptr() as *const libc::c_char,
b"MQTT PUBLISH message\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
STREAM_TOSERVER | STREAM_TOCLIENT,
mqtt_pub_msg_get_data,
Some(mqtt_pub_msg_get_data),
);
let kw = SCSigTableAppLiteElmt {
name: b"mqtt.protocol_version\0".as_ptr() as *const libc::c_char,
@ -1144,12 +1144,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
setup: mqtt_conn_willtopic_setup,
};
let _g_mqtt_conn_willtopic_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_MQTT_CONN_WILLTOPIC_BUFFER_ID = DetectHelperBufferMpmRegister(
G_MQTT_CONN_WILLTOPIC_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"mqtt.connect.willtopic\0".as_ptr() as *const libc::c_char,
b"MQTT CONNECT will topic\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
STREAM_TOSERVER,
mqtt_conn_willtopic_get_data,
Some(mqtt_conn_willtopic_get_data),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("mqtt.connect.willmessage"),
@ -1158,12 +1158,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
setup: mqtt_conn_willmsg_setup,
};
let _g_mqtt_conn_willmsg_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_MQTT_CONN_WILLMSG_BUFFER_ID = DetectHelperBufferMpmRegister(
G_MQTT_CONN_WILLMSG_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"mqtt.connect.willmessage\0".as_ptr() as *const libc::c_char,
b"MQTT CONNECT will message\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
STREAM_TOSERVER,
mqtt_conn_willmsg_get_data,
Some(mqtt_conn_willmsg_get_data),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("mqtt.connect.username"),
@ -1172,12 +1172,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
setup: mqtt_conn_username_setup,
};
let _g_mqtt_conn_username_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_MQTT_CONN_USERNAME_BUFFER_ID = DetectHelperBufferMpmRegister(
G_MQTT_CONN_USERNAME_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"mqtt.connect.username\0".as_ptr() as *const libc::c_char,
b"MQTT CONNECT username\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
STREAM_TOSERVER,
mqtt_conn_username_get_data,
Some(mqtt_conn_username_get_data),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("mqtt.connect.protocol_string"),
@ -1186,12 +1186,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
setup: mqtt_conn_protocolstring_setup,
};
let _g_mqtt_conn_protostr_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_MQTT_CONN_PROTOCOLSTRING_BUFFER_ID = DetectHelperBufferMpmRegister(
G_MQTT_CONN_PROTOCOLSTRING_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"mqtt.connect.protocol_string\0".as_ptr() as *const libc::c_char,
b"MQTT CONNECT protocol string\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
STREAM_TOSERVER,
mqtt_conn_protocolstring_get_data,
Some(mqtt_conn_protocolstring_get_data),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("mqtt.connect.password"),
@ -1200,12 +1200,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
setup: mqtt_conn_password_setup,
};
let _g_mqtt_conn_password_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_MQTT_CONN_PASSWORD_BUFFER_ID = DetectHelperBufferMpmRegister(
G_MQTT_CONN_PASSWORD_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"mqtt.connect.password\0".as_ptr() as *const libc::c_char,
b"MQTT CONNECT password\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
STREAM_TOSERVER,
mqtt_conn_password_get_data,
Some(mqtt_conn_password_get_data),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("mqtt.connect.clientid"),
@ -1214,12 +1214,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
setup: mqtt_conn_clientid_setup,
};
let _g_mqtt_conn_password_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_MQTT_CONN_CLIENTID_BUFFER_ID = DetectHelperBufferMpmRegister(
G_MQTT_CONN_CLIENTID_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"mqtt.connect.clientid\0".as_ptr() as *const libc::c_char,
b"MQTT CONNECT clientid\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
STREAM_TOSERVER,
mqtt_conn_clientid_get_data,
Some(mqtt_conn_clientid_get_data),
);
}

12
rust/src/rfb/detect.rs
Unescape Escape View File

@ -24,16 +24,16 @@ use crate::detect::uint::{
detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU32Free, SCDetectU32Parse,
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigMatchAppendSMToList,
SigTableElmtStickyBuffer,
};
use std::ffi::CStr;
use std::os::raw::{c_int, c_void};
use std::ptr;
use suricata_sys::sys::{
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt,
SigMatchCtx, Signature,
SCDetectHelperBufferMpmRegister, SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister,
SCSigTableAppLiteElmt, SigMatchCtx, Signature,
};
unsafe extern "C" fn rfb_name_get(
@ -184,12 +184,12 @@ pub unsafe extern "C" fn SCDetectRfbRegister() {
setup: rfb_name_setup,
};
let _g_rfb_name_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_RFB_NAME_BUFFER_ID = DetectHelperBufferMpmRegister(
G_RFB_NAME_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"rfb.name\0".as_ptr() as *const libc::c_char,
b"rfb name\0".as_ptr() as *const libc::c_char,
ALPROTO_RFB,
STREAM_TOCLIENT,
rfb_name_get,
Some(rfb_name_get),
);
let kw = SCSigTableAppLiteElmt {
name: b"rfb.sectype\0".as_ptr() as *const libc::c_char,

41
rust/src/sdp/detect.rs
Unescape Escape View File

@ -19,8 +19,7 @@
use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
};
use crate::direction::Direction;
use crate::sip::sip::{SIPTransaction, ALPROTO_SIP};
@ -28,7 +27,7 @@ use std::os::raw::{c_int, c_void};
use std::ptr;
use suricata_sys::sys::{
DetectEngineCtx, DetectEngineThreadCtx, SCDetectBufferSetActiveList,
SCDetectHelperMultiBufferMpmRegister, Signature,
SCDetectHelperBufferMpmRegister, SCDetectHelperMultiBufferMpmRegister, Signature,
};
static mut G_SDP_ORIGIN_BUFFER_ID: c_int = 0;
@ -645,12 +644,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() {
setup: sdp_session_name_setup,
};
let _ = helper_keyword_register_sticky_buffer(&kw);
G_SDP_SESSION_NAME_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SDP_SESSION_NAME_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"sdp.session_name\0".as_ptr() as *const libc::c_char,
b"sdp.session_name\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_session_name_get,
Some(sdp_session_name_get),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.session_info"),
@ -659,12 +658,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() {
setup: sdp_session_info_setup,
};
let _ = helper_keyword_register_sticky_buffer(&kw);
G_SDP_SESSION_INFO_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SDP_SESSION_INFO_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"sdp.session_info\0".as_ptr() as *const libc::c_char,
b"sdp.session_info\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_session_info_get,
Some(sdp_session_info_get),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.origin"),
@ -673,12 +672,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() {
setup: sdp_origin_setup,
};
let _ = helper_keyword_register_sticky_buffer(&kw);
G_SDP_ORIGIN_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SDP_ORIGIN_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"sdp.origin\0".as_ptr() as *const libc::c_char,
b"sdp.origin\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_origin_get,
Some(sdp_origin_get),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.uri"),
@ -687,12 +686,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() {
setup: sdp_uri_setup,
};
let _ = helper_keyword_register_sticky_buffer(&kw);
G_SDP_URI_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SDP_URI_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"sdp.uri\0".as_ptr() as *const libc::c_char,
b"sdp.uri\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_uri_get,
Some(sdp_uri_get),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.email"),
@ -701,12 +700,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() {
setup: sdp_email_setup,
};
let _ = helper_keyword_register_sticky_buffer(&kw);
G_SDP_EMAIL_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SDP_EMAIL_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"sdp.email\0".as_ptr() as *const libc::c_char,
b"sdp.email\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_email_get,
Some(sdp_email_get),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.phone_number"),
@ -715,12 +714,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() {
setup: sdp_phone_number_setup,
};
let _ = helper_keyword_register_sticky_buffer(&kw);
G_SDP_PHONE_NUMBER_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SDP_PHONE_NUMBER_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"sdp.phone_number\0".as_ptr() as *const libc::c_char,
b"sdp.phone_number\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_phone_number_get,
Some(sdp_phone_number_get),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.connection_data"),
@ -729,12 +728,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() {
setup: sdp_conn_data_setup,
};
let _ = helper_keyword_register_sticky_buffer(&kw);
G_SDP_CONNECTION_DATA_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SDP_CONNECTION_DATA_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"sdp.connection_data\0".as_ptr() as *const libc::c_char,
b"sdp.connection_data\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_conn_data_get,
Some(sdp_conn_data_get),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.bandwidth"),
@ -785,12 +784,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() {
setup: sdp_timezone_setup,
};
let _ = helper_keyword_register_sticky_buffer(&kw);
G_SDP_TIMEZONE_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SDP_TIMEZONE_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"sdp.timezone\0".as_ptr() as *const libc::c_char,
b"sdp.timezone\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_timezone_get,
Some(sdp_timezone_get),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.encryption_key"),
@ -799,12 +798,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() {
setup: sdp_encryption_key_setup,
};
let _ = helper_keyword_register_sticky_buffer(&kw);
G_SDP_ENCRYPTION_KEY_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SDP_ENCRYPTION_KEY_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"sdp.encryption_key\0".as_ptr() as *const libc::c_char,
b"sdp.encription_key\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_encryption_key_get,
Some(sdp_encryption_key_get),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.attribute"),

25
rust/src/sip/detect.rs
Unescape Escape View File

@ -19,8 +19,7 @@
use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
};
use crate::direction::Direction;
use crate::sip::sip::{SIPTransaction, ALPROTO_SIP};
@ -28,7 +27,7 @@ use std::os::raw::{c_int, c_void};
use std::ptr;
use suricata_sys::sys::{
DetectEngineCtx, DetectEngineThreadCtx, SCDetectBufferSetActiveList,
SCDetectHelperMultiBufferMpmRegister, Signature,
SCDetectHelperBufferMpmRegister, SCDetectHelperMultiBufferMpmRegister, Signature,
};
static mut G_SIP_PROTOCOL_BUFFER_ID: c_int = 0;
@ -426,12 +425,12 @@ pub unsafe extern "C" fn SCDetectSipRegister() {
setup: sip_protocol_setup,
};
let _g_sip_protocol_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_SIP_PROTOCOL_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SIP_PROTOCOL_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"sip.protocol\0".as_ptr() as *const libc::c_char,
b"sip.protocol\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
STREAM_TOSERVER | STREAM_TOCLIENT,
sip_protocol_get,
Some(sip_protocol_get),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sip.stat_code"),
@ -440,12 +439,12 @@ pub unsafe extern "C" fn SCDetectSipRegister() {
setup: sip_stat_code_setup,
};
let _g_sip_stat_code_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_SIP_STAT_CODE_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SIP_STAT_CODE_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"sip.stat_code\0".as_ptr() as *const libc::c_char,
b"sip.stat_code\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
STREAM_TOCLIENT,
sip_stat_code_get,
Some(sip_stat_code_get),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sip.stat_msg"),
@ -454,12 +453,12 @@ pub unsafe extern "C" fn SCDetectSipRegister() {
setup: sip_stat_msg_setup,
};
let _g_sip_stat_msg_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_SIP_STAT_MSG_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SIP_STAT_MSG_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"sip.stat_msg\0".as_ptr() as *const libc::c_char,
b"sip.stat_msg\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
STREAM_TOCLIENT,
sip_stat_msg_get,
Some(sip_stat_msg_get),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sip.request_line"),
@ -468,12 +467,12 @@ pub unsafe extern "C" fn SCDetectSipRegister() {
setup: sip_request_line_setup,
};
let _g_sip_request_line_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_SIP_REQUEST_LINE_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SIP_REQUEST_LINE_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"sip.request_line\0".as_ptr() as *const libc::c_char,
b"sip.request_line\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
STREAM_TOSERVER,
sip_request_line_get,
Some(sip_request_line_get),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sip.response_line"),
@ -482,12 +481,12 @@ pub unsafe extern "C" fn SCDetectSipRegister() {
setup: sip_response_line_setup,
};
let _g_sip_response_line_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_SIP_RESPONSE_LINE_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SIP_RESPONSE_LINE_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"sip.response_line\0".as_ptr() as *const libc::c_char,
b"sip.response_line\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
STREAM_TOCLIENT,
sip_response_line_get,
Some(sip_response_line_get),
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sip.from"),

16
rust/src/snmp/detect.rs
Unescape Escape View File

@ -21,14 +21,14 @@ use super::snmp::{SNMPTransaction, ALPROTO_SNMP};
use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::uint::{DetectUintData, SCDetectU32Free, SCDetectU32Match, SCDetectU32Parse};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigMatchAppendSMToList,
SigTableElmtStickyBuffer,
};
use std::os::raw::{c_int, c_void};
use suricata_sys::sys::{
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt,
SigMatchCtx, Signature,
SCDetectHelperBufferMpmRegister, SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister,
SCSigTableAppLiteElmt, SigMatchCtx, Signature,
};
static mut G_SNMP_VERSION_KW_ID: c_int = 0;
@ -196,12 +196,12 @@ pub(super) unsafe extern "C" fn detect_snmp_register() {
setup: snmp_detect_usm_setup,
};
let _g_snmp_usm_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_SNMP_USM_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SNMP_USM_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"snmp.usm\0".as_ptr() as *const libc::c_char,
b"SNMP USM\0".as_ptr() as *const libc::c_char,
ALPROTO_SNMP,
STREAM_TOSERVER | STREAM_TOCLIENT,
snmp_detect_usm_get_data,
Some(snmp_detect_usm_get_data),
);
let kw = SigTableElmtStickyBuffer {
@ -211,11 +211,11 @@ pub(super) unsafe extern "C" fn detect_snmp_register() {
setup: snmp_detect_community_setup,
};
let _g_snmp_community_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_SNMP_COMMUNITY_BUFFER_ID = DetectHelperBufferMpmRegister(
G_SNMP_COMMUNITY_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"snmp.community\0".as_ptr() as *const libc::c_char,
b"SNMP Community identifier\0".as_ptr() as *const libc::c_char,
ALPROTO_SNMP,
STREAM_TOSERVER | STREAM_TOCLIENT,
snmp_detect_community_get_data,
Some(snmp_detect_community_get_data),
);
}

12
rust/src/websocket/detect.rs
Unescape Escape View File

@ -22,14 +22,14 @@ use crate::detect::uint::{
SCDetectU32Match, SCDetectU32Parse, SCDetectU8Free, SCDetectU8Match,
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigMatchAppendSMToList,
SigTableElmtStickyBuffer,
};
use crate::websocket::parser::WebSocketOpcode;
use suricata_sys::sys::{
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt,
SigMatchCtx, Signature,
SCDetectHelperBufferMpmRegister, SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister,
SCSigTableAppLiteElmt, SigMatchCtx, Signature,
};
use nom7::branch::alt;
@ -320,11 +320,11 @@ pub unsafe extern "C" fn SCDetectWebsocketRegister() {
setup: websocket_detect_payload_setup,
};
let _g_ws_payload_kw_id = helper_keyword_register_sticky_buffer(&kw);
G_WEBSOCKET_PAYLOAD_BUFFER_ID = DetectHelperBufferMpmRegister(
G_WEBSOCKET_PAYLOAD_BUFFER_ID = SCDetectHelperBufferMpmRegister(
b"websocket.payload\0".as_ptr() as *const libc::c_char,
b"WebSocket payload\0".as_ptr() as *const libc::c_char,
ALPROTO_WEBSOCKET,
STREAM_TOSERVER | STREAM_TOCLIENT,
websocket_detect_payload_get_data,
Some(websocket_detect_payload_get_data),
);
}

14
rust/sys/src/sys.rs
Unescape Escape View File

@ -257,6 +257,14 @@ pub type InspectionMultiBufferGetDataPtr = ::std::option::Option<
buf_len: *mut u32,
) -> bool,
>;
pub type InspectionSingleBufferGetDataPtr = ::std::option::Option<
unsafe extern "C" fn(
txv: *const ::std::os::raw::c_void,
flow_flags: u8,
buf: *mut *const u8,
buf_len: *mut u32,
) -> bool,
>;
#[doc = " App-layer light version of SigTableElmt"]
#[repr(C)]
#[derive(Debug, Copy, Clone)]
@ -350,6 +358,12 @@ extern "C" {
name: *const ::std::os::raw::c_char, alproto: AppProto, direction: u8,
) -> ::std::os::raw::c_int;
}
extern "C" {
pub fn SCDetectHelperBufferMpmRegister(
name: *const ::std::os::raw::c_char, desc: *const ::std::os::raw::c_char,
alproto: AppProto, direction: u8, GetData: InspectionSingleBufferGetDataPtr,
) -> ::std::os::raw::c_int;
}
extern "C" {
pub fn SCDetectHelperMultiBufferMpmRegister(
name: *const ::std::os::raw::c_char, desc: *const ::std::os::raw::c_char,

14
src/detect-email.c
Unescape Escape View File

@ -235,7 +235,7 @@ void DetectEmailRegister(void)
kw.Setup = DetectMimeEmailFromSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
SCDetectHelperKeywordRegister(&kw);
g_mime_email_from_buffer_id = DetectHelperBufferMpmRegister(
g_mime_email_from_buffer_id = SCDetectHelperBufferMpmRegister(
"email.from", "MIME EMAIL FROM", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailFromData);
kw.name = "email.subject";
@ -244,7 +244,7 @@ void DetectEmailRegister(void)
kw.Setup = DetectMimeEmailSubjectSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
SCDetectHelperKeywordRegister(&kw);
g_mime_email_subject_buffer_id = DetectHelperBufferMpmRegister("email.subject",
g_mime_email_subject_buffer_id = SCDetectHelperBufferMpmRegister("email.subject",
"MIME EMAIL SUBJECT", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailSubjectData);
kw.name = "email.to";
@ -253,7 +253,7 @@ void DetectEmailRegister(void)
kw.Setup = DetectMimeEmailToSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
SCDetectHelperKeywordRegister(&kw);
g_mime_email_to_buffer_id = DetectHelperBufferMpmRegister(
g_mime_email_to_buffer_id = SCDetectHelperBufferMpmRegister(
"email.to", "MIME EMAIL TO", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailToData);
kw.name = "email.cc";
@ -262,7 +262,7 @@ void DetectEmailRegister(void)
kw.Setup = DetectMimeEmailCcSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
SCDetectHelperKeywordRegister(&kw);
g_mime_email_cc_buffer_id = DetectHelperBufferMpmRegister(
g_mime_email_cc_buffer_id = SCDetectHelperBufferMpmRegister(
"email.cc", "MIME EMAIL CC", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailCcData);
kw.name = "email.date";
@ -271,7 +271,7 @@ void DetectEmailRegister(void)
kw.Setup = DetectMimeEmailDateSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
SCDetectHelperKeywordRegister(&kw);
g_mime_email_date_buffer_id = DetectHelperBufferMpmRegister(
g_mime_email_date_buffer_id = SCDetectHelperBufferMpmRegister(
"email.date", "MIME EMAIL DATE", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailDateData);
kw.name = "email.message_id";
@ -280,7 +280,7 @@ void DetectEmailRegister(void)
kw.Setup = DetectMimeEmailMessageIdSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
SCDetectHelperKeywordRegister(&kw);
g_mime_email_message_id_buffer_id = DetectHelperBufferMpmRegister("email.message_id",
g_mime_email_message_id_buffer_id = SCDetectHelperBufferMpmRegister("email.message_id",
"MIME EMAIL Message-Id", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailMessageIdData);
kw.name = "email.x_mailer";
@ -289,7 +289,7 @@ void DetectEmailRegister(void)
kw.Setup = DetectMimeEmailXMailerSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
SCDetectHelperKeywordRegister(&kw);
g_mime_email_x_mailer_buffer_id = DetectHelperBufferMpmRegister("email.x_mailer",
g_mime_email_x_mailer_buffer_id = SCDetectHelperBufferMpmRegister("email.x_mailer",
"MIME EMAIL X-Mailer", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailXMailerData);
kw.name = "email.url";

2
src/detect-engine-helper.c
Unescape Escape View File

@ -44,7 +44,7 @@ int SCDetectHelperBufferRegister(const char *name, AppProto alproto, uint8_t dir
return DetectBufferTypeRegister(name);
}
int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
int SCDetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
uint8_t direction, InspectionSingleBufferGetDataPtr GetData)
{
if (direction & STREAM_TOSERVER) {

2
src/detect-engine-helper.h
Unescape Escape View File

@ -82,7 +82,7 @@ int SCDetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw);
void SCDetectHelperKeywordAliasRegister(int kwid, const char *alias);
int SCDetectHelperBufferRegister(const char *name, AppProto alproto, uint8_t direction);
int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
int SCDetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
uint8_t direction, InspectionSingleBufferGetDataPtr GetData);
int SCDetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
uint8_t direction, InspectionMultiBufferGetDataPtr GetData);

2
src/detect-ftp-command-data.c
Unescape Escape View File

@ -96,7 +96,7 @@ void DetectFtpCommandDataRegister(void)
sigmatch_table[DETECT_FTP_COMMAND_DATA].Setup = DetectFtpCommandDataSetup;
sigmatch_table[DETECT_FTP_COMMAND_DATA].flags |= SIGMATCH_NOOPT;
DetectHelperBufferMpmRegister(
SCDetectHelperBufferMpmRegister(
BUFFER_NAME, BUFFER_DESC, ALPROTO_FTP, STREAM_TOSERVER, DetectFTPCommandDataGetData);
DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);

2
src/detect-ftp-command.c
Unescape Escape View File

@ -83,7 +83,7 @@ void DetectFtpCommandRegister(void)
sigmatch_table[DETECT_FTP_COMMAND].Setup = DetectFtpCommandSetup;
sigmatch_table[DETECT_FTP_COMMAND].flags |= SIGMATCH_NOOPT;
g_ftp_cmd_buffer_id = DetectHelperBufferMpmRegister(
g_ftp_cmd_buffer_id = SCDetectHelperBufferMpmRegister(
BUFFER_NAME, BUFFER_DESC, ALPROTO_FTP, STREAM_TOSERVER, DetectFTPCommandGetData);
SCLogDebug("registering " BUFFER_NAME " rule option");

2
src/detect-smtp.c
Unescape Escape View File

@ -147,7 +147,7 @@ void SCDetectSMTPRegister(void)
kw.Setup = DetectSmtpMailFromSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
SCDetectHelperKeywordRegister(&kw);
g_smtp_mail_from_buffer_id = DetectHelperBufferMpmRegister(
g_smtp_mail_from_buffer_id = SCDetectHelperBufferMpmRegister(
"smtp.mail_from", "SMTP MAIL FROM", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpMailFromData);
kw.name = "smtp.rcpt_to";

Write Preview
Loading…
Cancel
Save