rust: bindgen SCDetectSignatureAddTransform

by moving it to detect-engine-buffer.h and prefixing it Ticket: 7667
4 months ago · df0dc2e8ea
parent 09664df8ef
commit df0dc2e8ea
17 changed files with 75 additions and 77 deletions
--- a/rust/src/detect/transforms/casechange.rs
+++ b/rust/src/detect/transforms/casechange.rs
@ -16,13 +16,13 @@
 */

 use super::{
-    DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
-    InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+    InspectionBufferCheckAndExpand, InspectionBufferLength, InspectionBufferPtr,
+    InspectionBufferTruncate,
 };
 use crate::detect::SIGMATCH_NOOPT;
 use suricata_sys::sys::{
    DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
-    Signature,
+    SCDetectSignatureAddTransform, SCTransformTableElmt, Signature,
 };

 use std::os::raw::{c_int, c_void};
@ -34,7 +34,7 @@ static mut G_TRANSFORM_TOUPPER_ID: c_int = 0;
 unsafe extern "C" fn tolower_setup(
    _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
 ) -> c_int {
-    return DetectSignatureAddTransform(s, G_TRANSFORM_TOLOWER_ID, ptr::null_mut());
+    return SCDetectSignatureAddTransform(s, G_TRANSFORM_TOLOWER_ID, ptr::null_mut());
 }

 fn tolower_transform_do(input: &[u8], output: &mut [u8]) {
@ -96,7 +96,7 @@ pub unsafe extern "C" fn DetectTransformToLowerRegister() {
 unsafe extern "C" fn toupper_setup(
    _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
 ) -> c_int {
-    return DetectSignatureAddTransform(s, G_TRANSFORM_TOUPPER_ID, ptr::null_mut());
+    return SCDetectSignatureAddTransform(s, G_TRANSFORM_TOUPPER_ID, ptr::null_mut());
 }

 fn toupper_transform_do(input: &[u8], output: &mut [u8]) {
--- a/rust/src/detect/transforms/compress_whitespace.rs
+++ b/rust/src/detect/transforms/compress_whitespace.rs
@ -16,13 +16,13 @@
 */

 use super::{
-    DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
-    InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+    InspectionBufferCheckAndExpand, InspectionBufferLength, InspectionBufferPtr,
+    InspectionBufferTruncate,
 };
 use crate::detect::SIGMATCH_NOOPT;
 use suricata_sys::sys::{
    DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
-    Signature,
+    SCDetectSignatureAddTransform, SCTransformTableElmt, Signature,
 };

 use std::os::raw::{c_int, c_void};
@ -33,7 +33,7 @@ static mut G_TRANSFORM_COMPRESS_WHITESPACE_ID: c_int = 0;
 unsafe extern "C" fn compress_whitespace_setup(
    _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
 ) -> c_int {
-    return DetectSignatureAddTransform(s, G_TRANSFORM_COMPRESS_WHITESPACE_ID, ptr::null_mut());
+    return SCDetectSignatureAddTransform(s, G_TRANSFORM_COMPRESS_WHITESPACE_ID, ptr::null_mut());
 }

 fn compress_whitespace_transform_do(input: &[u8], output: &mut [u8]) -> u32 {
--- a/rust/src/detect/transforms/domain.rs
+++ b/rust/src/detect/transforms/domain.rs
@ -16,13 +16,13 @@
 */

 use super::{
-    DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
-    InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+    InspectionBufferCheckAndExpand, InspectionBufferLength, InspectionBufferPtr,
+    InspectionBufferTruncate,
 };
 use crate::detect::SIGMATCH_NOOPT;
 use suricata_sys::sys::{
    DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
-    Signature,
+    SCDetectSignatureAddTransform, SCTransformTableElmt, Signature,
 };

 use std::os::raw::{c_int, c_void};
@ -34,7 +34,7 @@ static mut G_TRANSFORM_TLD_ID: c_int = 0;
 unsafe extern "C" fn domain_setup(
    _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
 ) -> c_int {
-    return DetectSignatureAddTransform(s, G_TRANSFORM_DOMAIN_ID, ptr::null_mut());
+    return SCDetectSignatureAddTransform(s, G_TRANSFORM_DOMAIN_ID, ptr::null_mut());
 }

 fn get_domain(input: &[u8], output: &mut [u8]) -> u32 {
@ -72,7 +72,7 @@ unsafe extern "C" fn domain_transform(
 unsafe extern "C" fn tld_setup(
    _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
 ) -> c_int {
-    return DetectSignatureAddTransform(s, G_TRANSFORM_TLD_ID, ptr::null_mut());
+    return SCDetectSignatureAddTransform(s, G_TRANSFORM_TLD_ID, ptr::null_mut());
 }

 fn get_tld(input: &[u8], output: &mut [u8]) -> u32 {
--- a/rust/src/detect/transforms/dotprefix.rs
+++ b/rust/src/detect/transforms/dotprefix.rs
@ -16,13 +16,13 @@
 */

 use super::{
-    DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
-    InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+    InspectionBufferCheckAndExpand, InspectionBufferLength, InspectionBufferPtr,
+    InspectionBufferTruncate,
 };
 use crate::detect::SIGMATCH_NOOPT;
 use suricata_sys::sys::{
    DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
-    Signature,
+    SCDetectSignatureAddTransform, SCTransformTableElmt, Signature,
 };

 use std::os::raw::{c_int, c_void};
@ -33,7 +33,7 @@ static mut G_TRANSFORM_DOT_PREFIX_ID: c_int = 0;
 unsafe extern "C" fn dot_prefix_setup(
    _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
 ) -> c_int {
-    return DetectSignatureAddTransform(s, G_TRANSFORM_DOT_PREFIX_ID, ptr::null_mut());
+    return SCDetectSignatureAddTransform(s, G_TRANSFORM_DOT_PREFIX_ID, ptr::null_mut());
 }

 fn dot_prefix_transform_do(input: &[u8], output: &mut [u8]) {
--- a/rust/src/detect/transforms/hash.rs
+++ b/rust/src/detect/transforms/hash.rs
@ -16,13 +16,13 @@
 */

 use super::{
-    DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
-    InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+    InspectionBufferCheckAndExpand, InspectionBufferLength, InspectionBufferPtr,
+    InspectionBufferTruncate,
 };
 use crate::detect::SIGMATCH_NOOPT;
 use suricata_sys::sys::{
    DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
-    Signature,
+    SCDetectSignatureAddTransform, SCTransformTableElmt, Signature,
 };

 use crate::ffi::hashing::{G_DISABLE_HASHING, SC_SHA1_LEN, SC_SHA256_LEN};
@ -47,7 +47,7 @@ unsafe extern "C" fn md5_setup(
        SCLogError!("MD5 hashing has been disabled, needed for to_md5 keyword");
        return -1;
    }
-    return DetectSignatureAddTransform(s, G_TRANSFORM_MD5_ID, ptr::null_mut());
+    return SCDetectSignatureAddTransform(s, G_TRANSFORM_MD5_ID, ptr::null_mut());
 }

 fn md5_transform_do(input: &[u8], output: &mut [u8]) {
@ -101,7 +101,7 @@ unsafe extern "C" fn sha1_setup(
        SCLogError!("SHA1 hashing has been disabled, needed for to_sha1 keyword");
        return -1;
    }
-    return DetectSignatureAddTransform(s, G_TRANSFORM_SHA1_ID, ptr::null_mut());
+    return SCDetectSignatureAddTransform(s, G_TRANSFORM_SHA1_ID, ptr::null_mut());
 }

 fn sha1_transform_do(input: &[u8], output: &mut [u8]) {
@ -155,7 +155,7 @@ unsafe extern "C" fn sha256_setup(
        SCLogError!("SHA256 hashing has been disabled, needed for to_sha256 keyword");
        return -1;
    }
-    return DetectSignatureAddTransform(s, G_TRANSFORM_SHA256_ID, ptr::null_mut());
+    return SCDetectSignatureAddTransform(s, G_TRANSFORM_SHA256_ID, ptr::null_mut());
 }

 fn sha256_transform_do(input: &[u8], output: &mut [u8]) {
--- a/rust/src/detect/transforms/http_headers.rs
+++ b/rust/src/detect/transforms/http_headers.rs
@ -16,13 +16,13 @@
 */

 use super::{
-    DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
-    InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+    InspectionBufferCheckAndExpand, InspectionBufferLength, InspectionBufferPtr,
+    InspectionBufferTruncate,
 };
 use crate::detect::SIGMATCH_NOOPT;
 use suricata_sys::sys::{
    DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
-    Signature,
+    SCDetectSignatureAddTransform, SCTransformTableElmt, Signature,
 };

 use std::os::raw::{c_int, c_void};
@ -34,7 +34,7 @@ static mut G_TRANSFORM_STRIP_PSEUDO_ID: c_int = 0;
 unsafe extern "C" fn header_lowersetup(
    _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
 ) -> c_int {
-    return DetectSignatureAddTransform(s, G_TRANSFORM_HEADER_LOWER_ID, ptr::null_mut());
+    return SCDetectSignatureAddTransform(s, G_TRANSFORM_HEADER_LOWER_ID, ptr::null_mut());
 }

 fn header_lowertransform_do(input: &[u8], output: &mut [u8]) {
@ -99,7 +99,7 @@ pub unsafe extern "C" fn DetectTransformHeaderLowercaseRegister() {
 unsafe extern "C" fn strip_pseudo_setup(
    _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
 ) -> c_int {
-    return DetectSignatureAddTransform(s, G_TRANSFORM_STRIP_PSEUDO_ID, ptr::null_mut());
+    return SCDetectSignatureAddTransform(s, G_TRANSFORM_STRIP_PSEUDO_ID, ptr::null_mut());
 }

 fn strip_pseudo_transform_do(input: &[u8], output: &mut [u8]) -> u32 {
--- a/rust/src/detect/transforms/mod.rs
+++ b/rust/src/detect/transforms/mod.rs
@ -17,9 +17,7 @@

 //! Module for transforms

-use std::os::raw::{c_int, c_void};
-
-use suricata_sys::sys::{InspectionBuffer, SCTransformTableElmt, Signature};
+use suricata_sys::sys::InspectionBuffer;

 pub mod casechange;
 pub mod compress_whitespace;
@ -33,9 +31,6 @@ pub mod xor;

 /// cbindgen:ignore
 extern "C" {
-    pub fn DetectSignatureAddTransform(
-        s: *mut Signature, transform_id: c_int, ctx: *mut c_void,
-    ) -> c_int;
    pub fn InspectionBufferPtr(buf: *const InspectionBuffer) -> *const u8;
    pub fn InspectionBufferLength(buf: *const InspectionBuffer) -> u32;
    pub fn InspectionBufferCopy(ibuf: *const InspectionBuffer, buf: *const u8, buf_len: u32);
--- a/rust/src/detect/transforms/strip_whitespace.rs
+++ b/rust/src/detect/transforms/strip_whitespace.rs
@ -16,13 +16,13 @@
 */

 use super::{
-    DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
-    InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+    InspectionBufferCheckAndExpand, InspectionBufferLength, InspectionBufferPtr,
+    InspectionBufferTruncate,
 };
 use crate::detect::SIGMATCH_NOOPT;
 use suricata_sys::sys::{
    DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
-    Signature,
+    SCDetectSignatureAddTransform, SCTransformTableElmt, Signature,
 };

 use std::os::raw::{c_int, c_void};
@ -33,7 +33,7 @@ static mut G_TRANSFORM_STRIP_WHITESPACE_ID: c_int = 0;
 unsafe extern "C" fn strip_whitespace_setup(
    _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
 ) -> c_int {
-    return DetectSignatureAddTransform(s, G_TRANSFORM_STRIP_WHITESPACE_ID, ptr::null_mut());
+    return SCDetectSignatureAddTransform(s, G_TRANSFORM_STRIP_WHITESPACE_ID, ptr::null_mut());
 }

 fn strip_whitespace_transform_do(input: &[u8], output: &mut [u8]) -> u32 {
--- a/rust/src/detect/transforms/urldecode.rs
+++ b/rust/src/detect/transforms/urldecode.rs
@ -16,13 +16,13 @@
 */

 use super::{
-    DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
-    InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+    InspectionBufferCheckAndExpand, InspectionBufferLength, InspectionBufferPtr,
+    InspectionBufferTruncate,
 };
 use crate::detect::SIGMATCH_NOOPT;
 use suricata_sys::sys::{
    DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
-    Signature,
+    SCDetectSignatureAddTransform, SCTransformTableElmt, Signature,
 };

 use std::os::raw::{c_int, c_void};
@ -33,7 +33,7 @@ static mut G_TRANSFORM_URL_DECODE_ID: c_int = 0;
 unsafe extern "C" fn url_decode_setup(
    _de: *mut DetectEngineCtx, s: *mut Signature, _opt: *const std::os::raw::c_char,
 ) -> c_int {
-    return DetectSignatureAddTransform(s, G_TRANSFORM_URL_DECODE_ID, ptr::null_mut());
+    return SCDetectSignatureAddTransform(s, G_TRANSFORM_URL_DECODE_ID, ptr::null_mut());
 }

 fn hex_value(i: u8) -> Option<u8> {
--- a/rust/src/detect/transforms/xor.rs
+++ b/rust/src/detect/transforms/xor.rs
@ -16,13 +16,13 @@
 */

 use super::{
-    DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
-    InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+    InspectionBufferCheckAndExpand, InspectionBufferLength, InspectionBufferPtr,
+    InspectionBufferTruncate,
 };
 use crate::detect::SIGMATCH_QUOTES_MANDATORY;
 use suricata_sys::sys::{
    DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
-    Signature,
+    SCDetectSignatureAddTransform, SCTransformTableElmt, Signature,
 };

 use std::ffi::CStr;
@ -69,7 +69,7 @@ unsafe extern "C" fn xor_setup(
    if ctx.is_null() {
        return -1;
    }
-    let r = DetectSignatureAddTransform(s, G_TRANSFORM_XOR_ID, ctx);
+    let r = SCDetectSignatureAddTransform(s, G_TRANSFORM_XOR_ID, ctx);
    if r != 0 {
        xor_free(de, ctx);
    }
--- a/rust/sys/src/sys.rs
+++ b/rust/sys/src/sys.rs
@ -193,6 +193,11 @@ extern "C" {
        de_ctx: *mut DetectEngineCtx, s: *mut Signature, list: ::std::os::raw::c_int,
    ) -> ::std::os::raw::c_int;
 }
+extern "C" {
+    pub fn SCDetectSignatureAddTransform(
+        s: *mut Signature, transform: ::std::os::raw::c_int, options: *mut ::std::os::raw::c_void,
+    ) -> ::std::os::raw::c_int;
+}
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
 pub struct Flow_ {
--- a/src/detect-engine-buffer.c
+++ b/src/detect-engine-buffer.c
@ -174,3 +174,26 @@ SigMatch *DetectBufferGetLastSigMatch(const Signature *s, const uint32_t buf_id)
    }
    return last;
 }
+
+int SCDetectSignatureAddTransform(Signature *s, int transform, void *options)
+{
+    /* we only support buffers */
+    if (s->init_data->list == 0) {
+        SCReturnInt(-1);
+    }
+    if (!s->init_data->list_set) {
+        SCLogError("transforms must directly follow stickybuffers");
+        SCReturnInt(-1);
+    }
+    if (s->init_data->transforms.cnt >= DETECT_TRANSFORMS_MAX) {
+        SCReturnInt(-1);
+    }
+
+    s->init_data->transforms.transforms[s->init_data->transforms.cnt].transform = transform;
+    s->init_data->transforms.transforms[s->init_data->transforms.cnt].options = options;
+
+    s->init_data->transforms.cnt++;
+    SCLogDebug("Added transform #%d [%s]", s->init_data->transforms.cnt, s->sig_str);
+
+    SCReturnInt(0);
+}
--- a/src/detect-engine-buffer.h
+++ b/src/detect-engine-buffer.h
@ -34,5 +34,6 @@ int WARN_UNUSED SCDetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *
 int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s);
 SigMatch *DetectBufferGetFirstSigMatch(const Signature *s, const uint32_t buf_id);
 SigMatch *DetectBufferGetLastSigMatch(const Signature *s, const uint32_t buf_id);
+int SCDetectSignatureAddTransform(Signature *s, int transform, void *options);

 #endif /* SURICATA_DETECT_ENGINE_BUFFER_H */
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@ -2197,31 +2197,6 @@ void SigFree(DetectEngineCtx *de_ctx, Signature *s)
    SCFree(s);
 }

-int DetectSignatureAddTransform(Signature *s, int transform, void *options)
-{
-    /* we only support buffers */
-    if (s->init_data->list == 0) {
-        SCReturnInt(-1);
-    }
-    if (!s->init_data->list_set) {
-        SCLogError("transforms must directly follow stickybuffers");
-        SCReturnInt(-1);
-    }
-    if (s->init_data->transforms.cnt >= DETECT_TRANSFORMS_MAX) {
-        SCReturnInt(-1);
-    }
-
-    s->init_data->transforms.transforms[s->init_data->transforms.cnt].transform = transform;
-    s->init_data->transforms.transforms[s->init_data->transforms.cnt].options = options;
-
-    s->init_data->transforms.cnt++;
-    SCLogDebug("Added transform #%d [%s]",
-            s->init_data->transforms.cnt,
-            s->sig_str);
-
-    SCReturnInt(0);
-}
-
 /**
 * \brief this function is used to set multiple possible app-layer protos
 * \brief into the current signature (for example ja4 for both tls and quic)
--- a/src/detect-parse.h
+++ b/src/detect-parse.h
@ -101,7 +101,6 @@ SigMatch *DetectGetLastSMFromLists(const Signature *s, ...);
 SigMatch *DetectGetLastSMByListPtr(const Signature *s, SigMatch *sm_list, ...);
 SigMatch *DetectGetLastSMByListId(const Signature *s, int list_id, ...);

-int DetectSignatureAddTransform(Signature *s, int transform, void *options);
 int WARN_UNUSED DetectSignatureSetAppProto(Signature *s, AppProto alproto);
 int WARN_UNUSED DetectSignatureSetMultiAppProto(Signature *s, const AppProto *alprotos);

--- a/src/detect-transform-base64.c
+++ b/src/detect-transform-base64.c
@ -26,8 +26,8 @@
 #include "suricata-common.h"

 #include "detect.h"
-#include "detect-parse.h"
 #include "detect-engine.h"
+#include "detect-engine-buffer.h"
 #include "detect-byte.h"

 #include "rust.h"
@ -105,7 +105,7 @@ static int DetectTransformFromBase64DecodeSetup(
        goto exit_path;
    }

-    r = DetectSignatureAddTransform(s, DETECT_TRANSFORM_FROM_BASE64, b64d);
+    r = SCDetectSignatureAddTransform(s, DETECT_TRANSFORM_FROM_BASE64, b64d);

 exit_path:
    if (r != 0)
--- a/src/detect-transform-pcrexform.c
+++ b/src/detect-transform-pcrexform.c
@ -27,7 +27,7 @@

 #include "detect.h"
 #include "detect-engine.h"
-#include "detect-parse.h"
+#include "detect-engine-buffer.h"
 #include "detect-transform-pcrexform.h"
 #include "detect-pcre.h"

@ -125,7 +125,7 @@ static int DetectTransformPcrexformSetup (DetectEngineCtx *de_ctx, Signature *s,
        SCReturnInt(-1);
    }

-    int r = DetectSignatureAddTransform(s, DETECT_TRANSFORM_PCREXFORM, pxd);
+    int r = SCDetectSignatureAddTransform(s, DETECT_TRANSFORM_PCREXFORM, pxd);
    if (r != 0) {
        DetectTransformPcrexformFree(de_ctx, pxd);
    }