aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rust: bindgen SCDetectHelperKeywordRegister

Browse Source 
Ticket: 7667
pull/13230/head
Philippe Antoine 11 months ago committed by Victor Julien
parent f909bbba68
commit 13449344e8
15 changed files with 262 additions and 285 deletions
Show Stats Download Patch File Download Diff File

2
plugins/ndpi/ndpi.c
Unescape Escape View File

@ -467,7 +467,7 @@ static void EveCallback(ThreadVars *tv, const Packet *p, Flow *f, SCJsonBuilder
static void NdpInitRiskKeyword(void)
{
/* SCSigTableAppLiteElmt and DetectHelperKeywordRegister don't yet
/* SCSigTableAppLiteElmt and SCDetectHelperKeywordRegister don't yet
* support all the fields required to register the nDPI keywords,
* missing the (packet) Match callback,
* so we'll just register with an empty keyword specifier to get

42
rust/src/detect/mod.rs
Unescape Escape View File

@ -38,7 +38,7 @@ pub mod datasets;
use std::os::raw::{c_int, c_void};
use std::ffi::CString;
use suricata_sys::sys::{AppProto, DetectEngineCtx, Signature};
use suricata_sys::sys::{AppProto, DetectEngineCtx, Signature, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt};
/// EnumString trait that will be implemented on enums that
/// derive StringEnum.
@ -80,13 +80,13 @@ pub fn helper_keyword_register_sticky_buffer(kw: &SigTableElmtStickyBuffer) -> c
name,
desc,
url,
Setup: kw.setup,
Setup: Some(kw.setup),
flags: SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER,
AppLayerTxMatch: None,
Free: None,
};
unsafe {
let r = DetectHelperKeywordRegister(&st);
let r = SCDetectHelperKeywordRegister(&st);
DetectHelperKeywordSetCleanCString(r);
return r;
}
@ -111,40 +111,6 @@ pub unsafe extern "C" fn SCDetectSigMatchNamesFree(kw: &mut SCSigTableNamesElmt)
let _ = CString::from_raw(kw.url);
}
#[repr(C)]
#[allow(non_snake_case)]
/// App-layer light version of SigTableElmt
pub struct SCSigTableAppLiteElmt {
/// keyword name
pub name: *const libc::c_char,
/// keyword description
pub desc: *const libc::c_char,
/// keyword documentation url
pub url: *const libc::c_char,
/// flags SIGMATCH_*
pub flags: u16,
/// function callback to parse and setup keyword in rule
pub Setup: unsafe extern "C" fn(
de: *mut DetectEngineCtx,
s: *mut Signature,
raw: *const std::os::raw::c_char,
) -> c_int,
/// function callback to free structure allocated by setup if any
pub Free: Option<unsafe extern "C" fn(de: *mut c_void, ptr: *mut c_void)>,
/// function callback to match on an app-layer transaction
pub AppLayerTxMatch: Option<
unsafe extern "C" fn(
de: *mut c_void,
f: *mut c_void,
flags: u8,
state: *mut c_void,
tx: *mut c_void,
sig: *const c_void,
ctx: *const c_void,
) -> c_int,
>,
}
pub const SIGMATCH_NOOPT: u16 = 1; // BIT_U16(0) in detect.h
pub(crate) const SIGMATCH_QUOTES_MANDATORY: u16 = 0x40; // BIT_U16(6) in detect.h
pub const SIGMATCH_INFO_STICKY_BUFFER: u16 = 0x200; // BIT_U16(9)
@ -168,7 +134,7 @@ extern "C" {
i32,
) -> *mut c_void,
) -> c_int;
pub fn DetectHelperKeywordRegister(kw: *const SCSigTableAppLiteElmt) -> c_int;
// from detect-parse.h
pub fn DetectSignatureSetAppProto(s: *mut Signature, alproto: AppProto) -> c_int;
pub fn SigMatchAppendSMToList(
de: *mut DetectEngineCtx, s: *mut Signature, kwid: c_int, ctx: *const c_void, bufid: c_int,

36
rust/src/dhcp/detect.rs
Unescape Escape View File

@ -22,12 +22,12 @@ use super::dhcp::{
use super::parser::DHCPOptionWrapper;
use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::uint::{DetectUintData, SCDetectU64Free, SCDetectU64Match, SCDetectU64Parse};
use crate::detect::{
DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt,
SigMatchAppendSMToList,
};
use crate::detect::{DetectSignatureSetAppProto, SigMatchAppendSMToList};
use std::os::raw::{c_int, c_void};
use suricata_sys::sys::{DetectEngineCtx, SCDetectHelperBufferRegister, Signature};
use suricata_sys::sys::{
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectHelperBufferRegister,
SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt, SigMatchCtx, Signature,
};
fn dhcp_tx_get_time(tx: &DHCPTransaction, code: u8) -> Option<u64> {
for option in &tx.message.options {
@ -73,8 +73,8 @@ unsafe extern "C" fn dhcp_detect_leasetime_setup(
}
unsafe extern "C" fn dhcp_detect_leasetime_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, DHCPTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u64>);
@ -84,7 +84,7 @@ unsafe extern "C" fn dhcp_detect_leasetime_match(
return 0;
}
unsafe extern "C" fn dhcp_detect_time_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn dhcp_detect_time_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u64>);
SCDetectU64Free(ctx);
@ -116,8 +116,8 @@ unsafe extern "C" fn dhcp_detect_rebindingtime_setup(
}
unsafe extern "C" fn dhcp_detect_rebindingtime_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, DHCPTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u64>);
@ -153,8 +153,8 @@ unsafe extern "C" fn dhcp_detect_renewaltime_setup(
}
unsafe extern "C" fn dhcp_detect_renewaltime_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, DHCPTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u64>);
@ -171,11 +171,11 @@ pub unsafe extern "C" fn SCDetectDHCPRegister() {
desc: b"match DHCP leasetime\0".as_ptr() as *const libc::c_char,
url: b"/rules/dhcp-keywords.html#dhcp-leasetime\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(dhcp_detect_leasetime_match),
Setup: dhcp_detect_leasetime_setup,
Setup: Some(dhcp_detect_leasetime_setup),
Free: Some(dhcp_detect_time_free),
flags: 0,
};
G_DHCP_LEASE_TIME_KW_ID = DetectHelperKeywordRegister(&kw);
G_DHCP_LEASE_TIME_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_DHCP_LEASE_TIME_BUFFER_ID = SCDetectHelperBufferRegister(
b"dhcp.leasetime\0".as_ptr() as *const libc::c_char,
ALPROTO_DHCP,
@ -186,11 +186,11 @@ pub unsafe extern "C" fn SCDetectDHCPRegister() {
desc: b"match DHCP rebinding time\0".as_ptr() as *const libc::c_char,
url: b"/rules/dhcp-keywords.html#dhcp-rebinding-time\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(dhcp_detect_rebindingtime_match),
Setup: dhcp_detect_rebindingtime_setup,
Setup: Some(dhcp_detect_rebindingtime_setup),
Free: Some(dhcp_detect_time_free),
flags: 0,
};
G_DHCP_REBINDING_TIME_KW_ID = DetectHelperKeywordRegister(&kw);
G_DHCP_REBINDING_TIME_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_DHCP_REBINDING_TIME_BUFFER_ID = SCDetectHelperBufferRegister(
b"dhcp.rebinding-time\0".as_ptr() as *const libc::c_char,
ALPROTO_DHCP,
@ -201,11 +201,11 @@ pub unsafe extern "C" fn SCDetectDHCPRegister() {
desc: b"match DHCP renewal time\0".as_ptr() as *const libc::c_char,
url: b"/rules/dhcp-keywords.html#dhcp-renewal-time\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(dhcp_detect_renewaltime_match),
Setup: dhcp_detect_renewaltime_setup,
Setup: Some(dhcp_detect_renewaltime_setup),
Free: Some(dhcp_detect_time_free),
flags: 0,
};
G_DHCP_RENEWAL_TIME_KW_ID = DetectHelperKeywordRegister(&kw);
G_DHCP_RENEWAL_TIME_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_DHCP_RENEWAL_TIME_BUFFER_ID = SCDetectHelperBufferRegister(
b"dhcp.renewal-time\0".as_ptr() as *const libc::c_char,
ALPROTO_DHCP,

39
rust/src/dns/detect.rs
Unescape Escape View File

@ -22,24 +22,25 @@ use crate::detect::uint::{
SCDetectU8Parse,
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperKeywordRegister, DetectSignatureSetAppProto,
SCSigTableAppLiteElmt, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigMatchAppendSMToList,
SigTableElmtStickyBuffer,
};
use crate::direction::Direction;
use std::ffi::CStr;
use std::os::raw::{c_int, c_void};
use suricata_sys::sys::{
DetectEngineCtx, DetectEngineThreadCtx, SCDetectBufferSetActiveList,
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperKeywordAliasRegister,
SCDetectHelperMultiBufferProgressMpmRegister, Signature,
SCDetectHelperKeywordRegister, SCDetectHelperMultiBufferProgressMpmRegister,
SCSigTableAppLiteElmt, SigMatchCtx, Signature,
};
/// Perform the DNS opcode match.
///
/// 1 will be returned on match, otherwise 0 will be returned.
unsafe extern "C" fn dns_opcode_match(
_de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, DNSTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
@ -71,8 +72,8 @@ unsafe extern "C" fn dns_opcode_match(
///
/// 1 will be returned on match, otherwise 0 will be returned.
unsafe extern "C" fn dns_rcode_match(
_de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, DNSTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
@ -99,8 +100,8 @@ unsafe extern "C" fn dns_rcode_match(
/// Perform the DNS rrtype match.
/// 1 will be returned on match, otherwise 0 will be returned.
unsafe extern "C" fn dns_rrtype_match(
_de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, DNSTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
@ -152,7 +153,7 @@ unsafe extern "C" fn dns_opcode_setup(
return 0;
}
unsafe extern "C" fn dns_opcode_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn dns_opcode_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
@ -186,7 +187,7 @@ unsafe extern "C" fn dns_rcode_setup(
return 0;
}
unsafe extern "C" fn dns_rcode_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn dns_rcode_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
@ -222,7 +223,7 @@ unsafe extern "C" fn dns_rrtype_setup(
return 0;
}
unsafe extern "C" fn dns_rrtype_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn dns_rrtype_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
@ -347,11 +348,11 @@ pub unsafe extern "C" fn SCDetectDNSRegister() {
desc: b"Match the DNS header opcode flag.\0".as_ptr() as *const libc::c_char,
url: b"rules/dns-keywords.html#dns-opcode\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(dns_opcode_match),
Setup: dns_opcode_setup,
Setup: Some(dns_opcode_setup),
Free: Some(dns_opcode_free),
flags: 0,
};
G_DNS_OPCODE_KW_ID = DetectHelperKeywordRegister(&kw);
G_DNS_OPCODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_DNS_OPCODE_BUFFER_ID = SCDetectHelperBufferRegister(
b"dns.opcode\0".as_ptr() as *const libc::c_char,
ALPROTO_DNS,
@ -379,11 +380,11 @@ pub unsafe extern "C" fn SCDetectDNSRegister() {
desc: b"Match the DNS header rcode flag.\0".as_ptr() as *const libc::c_char,
url: b"rules/dns-keywords.html#dns-rcode\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(dns_rcode_match),
Setup: dns_rcode_setup,
Setup: Some(dns_rcode_setup),
Free: Some(dns_rcode_free),
flags: 0,
};
G_DNS_RCODE_KW_ID = DetectHelperKeywordRegister(&kw);
G_DNS_RCODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_DNS_RCODE_BUFFER_ID = SCDetectHelperBufferRegister(
b"dns.rcode\0".as_ptr() as *const libc::c_char,
ALPROTO_DNS,
@ -394,11 +395,11 @@ pub unsafe extern "C" fn SCDetectDNSRegister() {
desc: b"Match the DNS rrtype in message body.\0".as_ptr() as *const libc::c_char,
url: b"rules/dns-keywords.html#dns-rrtype\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(dns_rrtype_match),
Setup: dns_rrtype_setup,
Setup: Some(dns_rrtype_setup),
Free: Some(dns_rrtype_free),
flags: 0,
};
G_DNS_RRTYPE_KW_ID = DetectHelperKeywordRegister(&kw);
G_DNS_RRTYPE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_DNS_RRTYPE_BUFFER_ID = SCDetectHelperBufferRegister(
b"dns.rrtype\0".as_ptr() as *const libc::c_char,
ALPROTO_DNS,

177
rust/src/enip/detect.rs
Unescape Escape View File

@ -37,11 +37,12 @@ use crate::detect::uint::{
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt,
SigMatchAppendSMToList, SigTableElmtStickyBuffer,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use suricata_sys::sys::{
DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferRegister, Signature,
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt,
SigMatchCtx, Signature,
};
use crate::direction::Direction;
@ -475,13 +476,13 @@ unsafe extern "C" fn cipservice_setup(
return 0;
}
unsafe extern "C" fn cipservice_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn cipservice_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
std::mem::drop(Box::from_raw(ctx as *mut DetectCipServiceData));
}
unsafe extern "C" fn cipservice_match(
_de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectCipServiceData);
@ -527,8 +528,8 @@ fn tx_get_capabilities(tx: &EnipTransaction) -> Option<u16> {
}
unsafe extern "C" fn capabilities_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
@ -538,7 +539,7 @@ unsafe extern "C" fn capabilities_match(
return 0;
}
unsafe extern "C" fn capabilities_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn capabilities_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
@ -570,15 +571,15 @@ unsafe extern "C" fn cip_attribute_setup(
}
unsafe extern "C" fn cip_attribute_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
return enip_tx_has_cip_attribute(tx, ctx);
}
unsafe extern "C" fn cip_attribute_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn cip_attribute_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
@ -610,15 +611,15 @@ unsafe extern "C" fn cip_class_setup(
}
unsafe extern "C" fn cip_class_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
return enip_tx_has_cip_segment(tx, ctx, 8);
}
unsafe extern "C" fn cip_class_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn cip_class_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
@ -663,8 +664,8 @@ fn tx_get_vendor_id(tx: &EnipTransaction) -> Option<u16> {
}
unsafe extern "C" fn vendor_id_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
@ -674,7 +675,7 @@ unsafe extern "C" fn vendor_id_match(
return 0;
}
unsafe extern "C" fn vendor_id_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn vendor_id_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
@ -698,8 +699,8 @@ unsafe extern "C" fn status_setup(
}
unsafe extern "C" fn status_match(
_de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
@ -709,7 +710,7 @@ unsafe extern "C" fn status_match(
return 0;
}
unsafe extern "C" fn status_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn status_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
@ -746,8 +747,8 @@ fn tx_get_state(tx: &EnipTransaction) -> Option<u8> {
}
unsafe extern "C" fn state_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
@ -757,7 +758,7 @@ unsafe extern "C" fn state_match(
return 0;
}
unsafe extern "C" fn state_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn state_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
@ -794,8 +795,8 @@ fn tx_get_serial(tx: &EnipTransaction) -> Option<u32> {
}
unsafe extern "C" fn serial_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
@ -805,7 +806,7 @@ unsafe extern "C" fn serial_match(
return 0;
}
unsafe extern "C" fn serial_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn serial_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
@ -844,8 +845,8 @@ fn tx_get_revision(tx: &EnipTransaction) -> Option<u16> {
}
unsafe extern "C" fn revision_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
@ -855,7 +856,7 @@ unsafe extern "C" fn revision_match(
return 0;
}
unsafe extern "C" fn revision_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn revision_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
@ -887,8 +888,8 @@ unsafe extern "C" fn protocol_version_setup(
}
unsafe extern "C" fn protocol_version_match(
_de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
@ -898,7 +899,7 @@ unsafe extern "C" fn protocol_version_match(
return 0;
}
unsafe extern "C" fn protocol_version_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn protocol_version_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
@ -943,8 +944,8 @@ fn tx_get_product_code(tx: &EnipTransaction) -> Option<u16> {
}
unsafe extern "C" fn product_code_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
@ -954,7 +955,7 @@ unsafe extern "C" fn product_code_match(
return 0;
}
unsafe extern "C" fn product_code_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn product_code_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
@ -999,8 +1000,8 @@ fn tx_get_identity_status(tx: &EnipTransaction) -> Option<u16> {
}
unsafe extern "C" fn identity_status_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
@ -1010,7 +1011,7 @@ unsafe extern "C" fn identity_status_match(
return 0;
}
unsafe extern "C" fn identity_status_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn identity_status_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
@ -1055,8 +1056,8 @@ fn tx_get_device_type(tx: &EnipTransaction) -> Option<u16> {
}
unsafe extern "C" fn device_type_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
@ -1066,7 +1067,7 @@ unsafe extern "C" fn device_type_match(
return 0;
}
unsafe extern "C" fn device_type_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn device_type_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
@ -1103,8 +1104,8 @@ fn tx_get_command(tx: &EnipTransaction, direction: u8) -> Option<u16> {
}
unsafe extern "C" fn command_match(
_de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
@ -1114,7 +1115,7 @@ unsafe extern "C" fn command_match(
return 0;
}
unsafe extern "C" fn command_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn command_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
@ -1146,15 +1147,15 @@ unsafe extern "C" fn cip_status_setup(
}
unsafe extern "C" fn cip_status_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return enip_tx_has_cip_status(tx, ctx);
}
unsafe extern "C" fn cip_status_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn cip_status_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
@ -1186,15 +1187,15 @@ unsafe extern "C" fn cip_instance_setup(
}
unsafe extern "C" fn cip_instance_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
return enip_tx_has_cip_segment(tx, ctx, 9);
}
unsafe extern "C" fn cip_instance_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn cip_instance_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
@ -1226,15 +1227,15 @@ unsafe extern "C" fn cip_extendedstatus_setup(
}
unsafe extern "C" fn cip_extendedstatus_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
return enip_tx_has_cip_extendedstatus(tx, ctx);
}
unsafe extern "C" fn cip_extendedstatus_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn cip_extendedstatus_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
@ -1341,11 +1342,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
as *const libc::c_char,
url: b"/rules/enip-keyword.html#cip_service\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(cipservice_match),
Setup: cipservice_setup,
Setup: Some(cipservice_setup),
Free: Some(cipservice_free),
flags: 0,
};
G_ENIP_CIPSERVICE_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_CIPSERVICE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_CIPSERVICE_BUFFER_ID = SCDetectHelperBufferRegister(
b"cip\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1356,11 +1357,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
desc: b"rules for detecting EtherNet/IP capabilities\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-capabilities\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(capabilities_match),
Setup: capabilities_setup,
Setup: Some(capabilities_setup),
Free: Some(capabilities_free),
flags: 0,
};
G_ENIP_CAPABILITIES_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_CAPABILITIES_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_CAPABILITIES_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.capabilities\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1371,11 +1372,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
desc: b"rules for detecting EtherNet/IP cip_attribute\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-cip-attribute\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(cip_attribute_match),
Setup: cip_attribute_setup,
Setup: Some(cip_attribute_setup),
Free: Some(cip_attribute_free),
flags: 0,
};
G_ENIP_CIP_ATTRIBUTE_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_CIP_ATTRIBUTE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_CIP_ATTRIBUTE_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.cip_attribute\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1386,11 +1387,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
desc: b"rules for detecting EtherNet/IP cip_class\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-cip-class\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(cip_class_match),
Setup: cip_class_setup,
Setup: Some(cip_class_setup),
Free: Some(cip_class_free),
flags: 0,
};
G_ENIP_CIP_CLASS_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_CIP_CLASS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_CIP_CLASS_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.cip_class\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1401,11 +1402,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
desc: b"rules for detecting EtherNet/IP vendor_id\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-vendor-id\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(vendor_id_match),
Setup: vendor_id_setup,
Setup: Some(vendor_id_setup),
Free: Some(vendor_id_free),
flags: 0,
};
G_ENIP_VENDOR_ID_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_VENDOR_ID_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_VENDOR_ID_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.vendor_id\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1416,11 +1417,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
desc: b"rules for detecting EtherNet/IP status\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-status\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(status_match),
Setup: status_setup,
Setup: Some(status_setup),
Free: Some(status_free),
flags: 0,
};
G_ENIP_STATUS_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_STATUS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_STATUS_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.status\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1431,11 +1432,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
desc: b"rules for detecting EtherNet/IP state\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-state\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(state_match),
Setup: state_setup,
Setup: Some(state_setup),
Free: Some(state_free),
flags: 0,
};
G_ENIP_STATE_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_STATE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_STATE_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.state\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1446,11 +1447,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
desc: b"rules for detecting EtherNet/IP serial\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-serial\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(serial_match),
Setup: serial_setup,
Setup: Some(serial_setup),
Free: Some(serial_free),
flags: 0,
};
G_ENIP_SERIAL_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_SERIAL_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_SERIAL_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.serial\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1461,11 +1462,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
desc: b"rules for detecting EtherNet/IP revision\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-revision\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(revision_match),
Setup: revision_setup,
Setup: Some(revision_setup),
Free: Some(revision_free),
flags: 0,
};
G_ENIP_REVISION_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_REVISION_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_REVISION_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.revision\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1476,11 +1477,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
desc: b"rules for detecting EtherNet/IP protocol_version\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-protocol-version\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(protocol_version_match),
Setup: protocol_version_setup,
Setup: Some(protocol_version_setup),
Free: Some(protocol_version_free),
flags: 0,
};
G_ENIP_PROTOCOL_VERSION_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_PROTOCOL_VERSION_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_PROTOCOL_VERSION_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.protocol_version\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1491,11 +1492,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
desc: b"rules for detecting EtherNet/IP product_code\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-product-code\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(product_code_match),
Setup: product_code_setup,
Setup: Some(product_code_setup),
Free: Some(product_code_free),
flags: 0,
};
G_ENIP_PRODUCT_CODE_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_PRODUCT_CODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_PRODUCT_CODE_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.product_code\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1506,11 +1507,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
desc: b"rules for detecting EtherNet/IP command\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip_command\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(command_match),
Setup: command_setup,
Setup: Some(command_setup),
Free: Some(command_free),
flags: 0,
};
G_ENIP_COMMAND_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_COMMAND_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_COMMAND_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.command\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1521,11 +1522,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
desc: b"rules for detecting EtherNet/IP identity_status\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-identity-status\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(identity_status_match),
Setup: identity_status_setup,
Setup: Some(identity_status_setup),
Free: Some(identity_status_free),
flags: 0,
};
G_ENIP_IDENTITY_STATUS_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_IDENTITY_STATUS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_IDENTITY_STATUS_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.identity_status\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1536,11 +1537,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
desc: b"rules for detecting EtherNet/IP device_type\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-device-type\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(device_type_match),
Setup: device_type_setup,
Setup: Some(device_type_setup),
Free: Some(device_type_free),
flags: 0,
};
G_ENIP_DEVICE_TYPE_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_DEVICE_TYPE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_DEVICE_TYPE_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.device_type\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1551,11 +1552,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
desc: b"rules for detecting EtherNet/IP cip_status\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-cip-status\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(cip_status_match),
Setup: cip_status_setup,
Setup: Some(cip_status_setup),
Free: Some(cip_status_free),
flags: 0,
};
G_ENIP_CIP_STATUS_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_CIP_STATUS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_CIP_STATUS_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.cip_status\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1566,11 +1567,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
desc: b"rules for detecting EtherNet/IP cip_instance\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-cip-instance\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(cip_instance_match),
Setup: cip_instance_setup,
Setup: Some(cip_instance_setup),
Free: Some(cip_instance_free),
flags: 0,
};
G_ENIP_CIP_INSTANCE_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_CIP_INSTANCE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_CIP_INSTANCE_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.cip_instance\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
@ -1582,11 +1583,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() {
as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-cip-extendedstatus\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(cip_extendedstatus_match),
Setup: cip_extendedstatus_setup,
Setup: Some(cip_extendedstatus_setup),
Free: Some(cip_extendedstatus_free),
flags: 0,
};
G_ENIP_CIP_EXTENDEDSTATUS_KW_ID = DetectHelperKeywordRegister(&kw);
G_ENIP_CIP_EXTENDEDSTATUS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_CIP_EXTENDEDSTATUS_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.cip_extendedstatus\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,

50
rust/src/ldap/detect.rs
Unescape Escape View File

@ -23,13 +23,13 @@ use crate::detect::uint::{
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt,
SigMatchAppendSMToList, SigTableElmtStickyBuffer,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use crate::ldap::types::{LdapMessage, LdapResultCode, ProtocolOp, ProtocolOpCode};
use suricata_sys::sys::{
DetectEngineCtx, DetectEngineThreadCtx, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperMultiBufferMpmRegister, Signature,
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister,
SCDetectHelperMultiBufferMpmRegister, SCSigTableAppLiteElmt, SigMatchCtx, Signature,
};
use std::collections::VecDeque;
@ -116,8 +116,8 @@ unsafe extern "C" fn ldap_detect_request_operation_setup(
}
unsafe extern "C" fn ldap_detect_request_operation_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, LdapTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
@ -128,7 +128,7 @@ unsafe extern "C" fn ldap_detect_request_operation_match(
return 0;
}
unsafe extern "C" fn ldap_detect_request_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn ldap_detect_request_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
@ -244,8 +244,8 @@ fn match_at_index<T, U>(
}
unsafe extern "C" fn ldap_detect_responses_operation_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, LdapTransaction);
let ctx = cast_pointer!(ctx, DetectLdapRespOpData);
@ -259,7 +259,7 @@ unsafe extern "C" fn ldap_detect_responses_operation_match(
);
}
unsafe extern "C" fn ldap_detect_responses_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn ldap_detect_responses_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectLdapRespOpData);
std::mem::drop(Box::from_raw(ctx));
@ -291,8 +291,8 @@ unsafe extern "C" fn ldap_detect_responses_count_setup(
}
unsafe extern "C" fn ldap_detect_responses_count_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, LdapTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
@ -300,7 +300,7 @@ unsafe extern "C" fn ldap_detect_responses_count_match(
return detect_match_uint(ctx, len) as c_int;
}
unsafe extern "C" fn ldap_detect_responses_count_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn ldap_detect_responses_count_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
@ -470,8 +470,8 @@ fn get_ldap_result_code(response: &LdapMessage) -> Option<u32> {
}
unsafe extern "C" fn ldap_detect_responses_result_code_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, LdapTransaction);
let ctx = cast_pointer!(ctx, DetectLdapRespResultData);
@ -485,7 +485,9 @@ unsafe extern "C" fn ldap_detect_responses_result_code_match(
);
}
unsafe extern "C" fn ldap_detect_responses_result_code_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn ldap_detect_responses_result_code_free(
_de: *mut DetectEngineCtx, ctx: *mut c_void,
) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectLdapRespResultData);
std::mem::drop(Box::from_raw(ctx));
@ -640,11 +642,11 @@ pub unsafe extern "C" fn SCDetectLdapRegister() {
desc: b"match LDAP request operation\0".as_ptr() as *const libc::c_char,
url: b"/rules/ldap-keywords.html#ldap.request.operation\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(ldap_detect_request_operation_match),
Setup: ldap_detect_request_operation_setup,
Setup: Some(ldap_detect_request_operation_setup),
Free: Some(ldap_detect_request_free),
flags: 0,
};
G_LDAP_REQUEST_OPERATION_KW_ID = DetectHelperKeywordRegister(&kw);
G_LDAP_REQUEST_OPERATION_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_LDAP_REQUEST_OPERATION_BUFFER_ID = SCDetectHelperBufferRegister(
b"ldap.request.operation\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
@ -656,11 +658,11 @@ pub unsafe extern "C" fn SCDetectLdapRegister() {
url: b"/rules/ldap-keywords.html#ldap.responses.operation\0".as_ptr()
as *const libc::c_char,
AppLayerTxMatch: Some(ldap_detect_responses_operation_match),
Setup: ldap_detect_responses_operation_setup,
Setup: Some(ldap_detect_responses_operation_setup),
Free: Some(ldap_detect_responses_free),
flags: 0,
};
G_LDAP_RESPONSES_OPERATION_KW_ID = DetectHelperKeywordRegister(&kw);
G_LDAP_RESPONSES_OPERATION_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_LDAP_RESPONSES_OPERATION_BUFFER_ID = SCDetectHelperBufferRegister(
b"ldap.responses.operation\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
@ -671,11 +673,11 @@ pub unsafe extern "C" fn SCDetectLdapRegister() {
desc: b"match number of LDAP responses\0".as_ptr() as *const libc::c_char,
url: b"/rules/ldap-keywords.html#ldap.responses.count\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(ldap_detect_responses_count_match),
Setup: ldap_detect_responses_count_setup,
Setup: Some(ldap_detect_responses_count_setup),
Free: Some(ldap_detect_responses_count_free),
flags: 0,
};
G_LDAP_RESPONSES_COUNT_KW_ID = DetectHelperKeywordRegister(&kw);
G_LDAP_RESPONSES_COUNT_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_LDAP_RESPONSES_COUNT_BUFFER_ID = SCDetectHelperBufferRegister(
b"ldap.responses.count\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
@ -715,11 +717,11 @@ pub unsafe extern "C" fn SCDetectLdapRegister() {
url: b"/rules/ldap-keywords.html#ldap.responses.result_code\0".as_ptr()
as *const libc::c_char,
AppLayerTxMatch: Some(ldap_detect_responses_result_code_match),
Setup: ldap_detect_responses_result_code_setup,
Setup: Some(ldap_detect_responses_result_code_setup),
Free: Some(ldap_detect_responses_result_code_free),
flags: 0,
};
G_LDAP_RESPONSES_RESULT_CODE_KW_ID = DetectHelperKeywordRegister(&kw);
G_LDAP_RESPONSES_RESULT_CODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_LDAP_RESPONSES_RESULT_CODE_BUFFER_ID = SCDetectHelperBufferRegister(
b"ldap.responses.result_code\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,

78
rust/src/mqtt/detect.rs
Unescape Escape View File

@ -24,12 +24,12 @@ use crate::detect::uint::{
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt,
SigMatchAppendSMToList, SigTableElmtStickyBuffer,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use suricata_sys::sys::{
DetectEngineCtx, DetectEngineThreadCtx, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperMultiBufferMpmRegister, Signature,
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister,
SCDetectHelperMultiBufferMpmRegister, SCSigTableAppLiteElmt, SigMatchCtx, Signature,
};
use nom7::branch::alt;
@ -413,15 +413,15 @@ unsafe extern "C" fn mqtt_type_setup(
}
unsafe extern "C" fn mqtt_type_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, MQTTTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return mqtt_tx_has_type(tx, ctx);
}
unsafe extern "C" fn mqtt_type_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn mqtt_type_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
@ -453,8 +453,8 @@ unsafe extern "C" fn mqtt_reason_code_setup(
}
unsafe extern "C" fn mqtt_reason_code_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, MQTTTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
@ -466,7 +466,7 @@ unsafe extern "C" fn mqtt_reason_code_match(
return mqtt_tx_suback_unsuback_has_reason_code(tx, ctx);
}
unsafe extern "C" fn mqtt_reason_code_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn mqtt_reason_code_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
@ -512,15 +512,15 @@ fn mqtt_tx_has_qos(tx: &MQTTTransaction, qos: u8) -> c_int {
}
unsafe extern "C" fn mqtt_qos_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, MQTTTransaction);
let ctx = cast_pointer!(ctx, u8);
return mqtt_tx_has_qos(tx, *ctx);
}
unsafe extern "C" fn mqtt_qos_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn mqtt_qos_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
std::mem::drop(Box::from_raw(ctx as *mut u8));
}
@ -574,15 +574,15 @@ fn mqtt_tx_get_connack_sessionpresent(tx: &MQTTTransaction, session_present: boo
}
unsafe extern "C" fn mqtt_connack_sessionpresent_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, MQTTTransaction);
let ctx = cast_pointer!(ctx, bool);
return mqtt_tx_get_connack_sessionpresent(tx, *ctx);
}
unsafe extern "C" fn mqtt_connack_sessionpresent_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn mqtt_connack_sessionpresent_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
std::mem::drop(Box::from_raw(ctx as *mut bool));
}
@ -666,8 +666,8 @@ unsafe extern "C" fn mqtt_protocol_version_setup(
}
unsafe extern "C" fn mqtt_protocol_version_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, state: *mut c_void, _tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, state: *mut c_void,
_tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let state = cast_pointer!(state, MQTTState);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
@ -677,7 +677,7 @@ unsafe extern "C" fn mqtt_protocol_version_match(
return 0;
}
unsafe extern "C" fn mqtt_protocol_version_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn mqtt_protocol_version_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
}
@ -781,15 +781,15 @@ fn mqtt_tx_has_flags(tx: &MQTTTransaction, ctx: &DetectUintData<u8>) -> c_int {
}
unsafe extern "C" fn mqtt_flags_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, MQTTTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return mqtt_tx_has_flags(tx, ctx);
}
unsafe extern "C" fn mqtt_flags_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn mqtt_flags_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
}
@ -897,15 +897,15 @@ fn mqtt_tx_has_conn_flags(tx: &MQTTTransaction, ctx: &DetectUintData<u8>) -> c_i
}
unsafe extern "C" fn mqtt_conn_flags_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, MQTTTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return mqtt_tx_has_conn_flags(tx, ctx);
}
unsafe extern "C" fn mqtt_conn_flags_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn mqtt_conn_flags_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
}
@ -1102,11 +1102,11 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
desc: b"match MQTT control packet type\0".as_ptr() as *const libc::c_char,
url: b"/rules/mqtt-keywords.html#mqtt-type\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(mqtt_type_match),
Setup: mqtt_type_setup,
Setup: Some(mqtt_type_setup),
Free: Some(mqtt_type_free),
flags: 0,
};
G_MQTT_TYPE_KW_ID = DetectHelperKeywordRegister(&kw);
G_MQTT_TYPE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_MQTT_TYPE_BUFFER_ID = SCDetectHelperBufferRegister(
b"mqtt.type\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
@ -1142,11 +1142,11 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
//TODO alias "mqtt.connack.return_code"
url: b"/rules/mqtt-keywords.html#mqtt-reason-code\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(mqtt_reason_code_match),
Setup: mqtt_reason_code_setup,
Setup: Some(mqtt_reason_code_setup),
Free: Some(mqtt_reason_code_free),
flags: 0,
};
G_MQTT_REASON_CODE_KW_ID = DetectHelperKeywordRegister(&kw);
G_MQTT_REASON_CODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_MQTT_REASON_CODE_BUFFER_ID = SCDetectHelperBufferRegister(
b"mqtt.reason_code\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
@ -1158,11 +1158,11 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
url: b"/rules/mqtt-keywords.html#mqtt-connack-session-present\0".as_ptr()
as *const libc::c_char,
AppLayerTxMatch: Some(mqtt_connack_sessionpresent_match),
Setup: mqtt_connack_sessionpresent_setup,
Setup: Some(mqtt_connack_sessionpresent_setup),
Free: Some(mqtt_connack_sessionpresent_free),
flags: 0,
};
G_MQTT_CONNACK_SESSIONPRESENT_KW_ID = DetectHelperKeywordRegister(&kw);
G_MQTT_CONNACK_SESSIONPRESENT_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_MQTT_CONNACK_SESSIONPRESENT_BUFFER_ID = SCDetectHelperBufferRegister(
b"mqtt.connack.session_present\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
@ -1174,11 +1174,11 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
//TODO alias "mqtt.connack.return_code"
url: b"/rules/mqtt-keywords.html#mqtt-qos\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(mqtt_qos_match),
Setup: mqtt_qos_setup,
Setup: Some(mqtt_qos_setup),
Free: Some(mqtt_qos_free),
flags: 0,
};
G_MQTT_QOS_KW_ID = DetectHelperKeywordRegister(&kw);
G_MQTT_QOS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_MQTT_QOS_BUFFER_ID = SCDetectHelperBufferRegister(
b"mqtt.qos\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
@ -1217,11 +1217,11 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
desc: b"match MQTT protocol version\0".as_ptr() as *const libc::c_char,
url: b"/rules/mqtt-keywords.html#mqtt-protocol-version\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(mqtt_protocol_version_match),
Setup: mqtt_protocol_version_setup,
Setup: Some(mqtt_protocol_version_setup),
Free: Some(mqtt_protocol_version_free),
flags: 0,
};
G_MQTT_PROTOCOL_VERSION_KW_ID = DetectHelperKeywordRegister(&kw);
G_MQTT_PROTOCOL_VERSION_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_MQTT_PROTOCOL_VERSION_BUFFER_ID = SCDetectHelperBufferRegister(
b"mqtt.protocol_version\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
@ -1232,11 +1232,11 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
desc: b"match MQTT fixed header flags\0".as_ptr() as *const libc::c_char,
url: b"/rules/mqtt-keywords.html#mqtt-flags\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(mqtt_flags_match),
Setup: mqtt_flags_setup,
Setup: Some(mqtt_flags_setup),
Free: Some(mqtt_flags_free),
flags: 0,
};
G_MQTT_FLAGS_KW_ID = DetectHelperKeywordRegister(&kw);
G_MQTT_FLAGS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_MQTT_FLAGS_BUFFER_ID = SCDetectHelperBufferRegister(
b"mqtt.flags\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
@ -1247,11 +1247,11 @@ pub unsafe extern "C" fn SCDetectMqttRegister() {
desc: b"match MQTT CONNECT variable header flags\0".as_ptr() as *const libc::c_char,
url: b"/rules/mqtt-keywords.html#mqtt-connect-flags\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(mqtt_conn_flags_match),
Setup: mqtt_conn_flags_setup,
Setup: Some(mqtt_conn_flags_setup),
Free: Some(mqtt_conn_flags_free),
flags: 0,
};
G_MQTT_CONN_FLAGS_KW_ID = DetectHelperKeywordRegister(&kw);
G_MQTT_CONN_FLAGS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_MQTT_CONN_FLAGS_BUFFER_ID = SCDetectHelperBufferRegister(
b"mqtt.connect.flags\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,

27
rust/src/rfb/detect.rs
Unescape Escape View File

@ -25,14 +25,15 @@ use crate::detect::uint::{
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt,
SigMatchAppendSMToList, SigTableElmtStickyBuffer,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use std::ffi::CStr;
use std::os::raw::{c_int, c_void};
use std::ptr;
use suricata_sys::sys::{
DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferRegister, Signature,
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt,
SigMatchCtx, Signature,
};
unsafe extern "C" fn rfb_name_get_data(
@ -114,15 +115,15 @@ fn rfb_sec_type_match_aux(tx: &RFBTransaction, ctx: &DetectUintData<u32>) -> c_i
}
unsafe extern "C" fn rfb_sec_type_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
let tx = cast_pointer!(tx, RFBTransaction);
return rfb_sec_type_match_aux(tx, ctx);
}
unsafe extern "C" fn rfb_sec_type_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn rfb_sec_type_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
}
@ -175,15 +176,15 @@ fn rfb_sec_result_match_aux(tx: &RFBTransaction, ctx: &DetectUintData<u32>) -> c
}
unsafe extern "C" fn rfb_sec_result_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, RFBTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
return rfb_sec_result_match_aux(tx, ctx);
}
unsafe extern "C" fn rfb_sec_result_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn rfb_sec_result_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
@ -210,11 +211,11 @@ pub unsafe extern "C" fn SCDetectRfbRegister() {
desc: b"match RFB security type\0".as_ptr() as *const libc::c_char,
url: b"/rules/rfb-keywords.html#rfb-sectype\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(rfb_sec_type_match),
Setup: rfb_sec_type_setup,
Setup: Some(rfb_sec_type_setup),
Free: Some(rfb_sec_type_free),
flags: 0,
};
G_RFB_SEC_TYPE_KW_ID = DetectHelperKeywordRegister(&kw);
G_RFB_SEC_TYPE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_RFB_SEC_TYPE_BUFFER_ID = SCDetectHelperBufferRegister(
b"rfb.sectype\0".as_ptr() as *const libc::c_char,
ALPROTO_RFB,
@ -225,11 +226,11 @@ pub unsafe extern "C" fn SCDetectRfbRegister() {
desc: b"match RFB security result\0".as_ptr() as *const libc::c_char,
url: b"/rules/rfb-keywords.html#rfb-secresult\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(rfb_sec_result_match),
Setup: rfb_sec_result_setup,
Setup: Some(rfb_sec_result_setup),
Free: Some(rfb_sec_result_free),
flags: 0,
};
G_RFB_SEC_RESULT_KW_ID = DetectHelperKeywordRegister(&kw);
G_RFB_SEC_RESULT_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_RFB_SEC_RESULT_BUFFER_ID = SCDetectHelperBufferRegister(
b"rfb.secresult\0".as_ptr() as *const libc::c_char,
ALPROTO_RFB,

27
rust/src/snmp/detect.rs
Unescape Escape View File

@ -22,12 +22,13 @@ use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::uint::{DetectUintData, SCDetectU32Free, SCDetectU32Match, SCDetectU32Parse};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt,
SigMatchAppendSMToList, SigTableElmtStickyBuffer,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use std::os::raw::{c_int, c_void};
use suricata_sys::sys::{
DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferRegister, Signature,
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt,
SigMatchCtx, Signature,
};
static mut G_SNMP_VERSION_KW_ID: c_int = 0;
@ -56,15 +57,15 @@ unsafe extern "C" fn snmp_detect_version_setup(
}
unsafe extern "C" fn snmp_detect_version_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, SNMPTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
return SCDetectU32Match(tx.version, ctx);
}
unsafe extern "C" fn snmp_detect_version_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn snmp_detect_version_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
@ -89,8 +90,8 @@ unsafe extern "C" fn snmp_detect_pdutype_setup(
}
unsafe extern "C" fn snmp_detect_pdutype_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, SNMPTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
@ -101,7 +102,7 @@ unsafe extern "C" fn snmp_detect_pdutype_match(
return 0;
}
unsafe extern "C" fn snmp_detect_pdutype_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn snmp_detect_pdutype_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
@ -191,11 +192,11 @@ pub(super) unsafe extern "C" fn detect_snmp_register() {
desc: b"match SNMP version\0".as_ptr() as *const libc::c_char,
url: b"/rules/snmp-keywords.html#snmp-version\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(snmp_detect_version_match),
Setup: snmp_detect_version_setup,
Setup: Some(snmp_detect_version_setup),
Free: Some(snmp_detect_version_free),
flags: 0,
};
G_SNMP_VERSION_KW_ID = DetectHelperKeywordRegister(&kw);
G_SNMP_VERSION_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_SNMP_VERSION_BUFFER_ID = SCDetectHelperBufferRegister(
b"snmp.version\0".as_ptr() as *const libc::c_char,
ALPROTO_SNMP,
@ -207,11 +208,11 @@ pub(super) unsafe extern "C" fn detect_snmp_register() {
desc: b"match SNMP PDU type\0".as_ptr() as *const libc::c_char,
url: b"/rules/snmp-keywords.html#snmp-pdu-type\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(snmp_detect_pdutype_match),
Setup: snmp_detect_pdutype_setup,
Setup: Some(snmp_detect_pdutype_setup),
Free: Some(snmp_detect_pdutype_free),
flags: 0,
};
G_SNMP_PDUTYPE_KW_ID = DetectHelperKeywordRegister(&kw);
G_SNMP_PDUTYPE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_SNMP_PDUTYPE_BUFFER_ID = SCDetectHelperBufferRegister(
b"snmp.pdu_type\0".as_ptr() as *const libc::c_char,
ALPROTO_SNMP,

37
rust/src/websocket/detect.rs
Unescape Escape View File

@ -23,12 +23,13 @@ use crate::detect::uint::{
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt,
SigMatchAppendSMToList, SigTableElmtStickyBuffer,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use crate::websocket::parser::WebSocketOpcode;
use suricata_sys::sys::{
DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferRegister, Signature,
DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt,
SigMatchCtx, Signature,
};
use nom7::branch::alt;
@ -147,15 +148,15 @@ unsafe extern "C" fn websocket_detect_opcode_setup(
}
unsafe extern "C" fn websocket_detect_opcode_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, WebSocketTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return SCDetectU8Match(tx.pdu.opcode, ctx);
}
unsafe extern "C" fn websocket_detect_opcode_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn websocket_detect_opcode_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
@ -187,8 +188,8 @@ unsafe extern "C" fn websocket_detect_mask_setup(
}
unsafe extern "C" fn websocket_detect_mask_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, WebSocketTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
@ -198,7 +199,7 @@ unsafe extern "C" fn websocket_detect_mask_match(
return 0;
}
unsafe extern "C" fn websocket_detect_mask_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn websocket_detect_mask_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
@ -230,15 +231,15 @@ unsafe extern "C" fn websocket_detect_flags_setup(
}
unsafe extern "C" fn websocket_detect_flags_match(
_de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
_sig: *const c_void, ctx: *const c_void,
_de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, WebSocketTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return SCDetectU8Match(tx.pdu.flags, ctx);
}
unsafe extern "C" fn websocket_detect_flags_free(_de: *mut c_void, ctx: *mut c_void) {
unsafe extern "C" fn websocket_detect_flags_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
@ -287,11 +288,11 @@ pub unsafe extern "C" fn SCDetectWebsocketRegister() {
desc: b"match WebSocket opcode\0".as_ptr() as *const libc::c_char,
url: b"/rules/websocket-keywords.html#websocket-opcode\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(websocket_detect_opcode_match),
Setup: websocket_detect_opcode_setup,
Setup: Some(websocket_detect_opcode_setup),
Free: Some(websocket_detect_opcode_free),
flags: 0,
};
G_WEBSOCKET_OPCODE_KW_ID = DetectHelperKeywordRegister(&kw);
G_WEBSOCKET_OPCODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_WEBSOCKET_OPCODE_BUFFER_ID = SCDetectHelperBufferRegister(
b"websocket.opcode\0".as_ptr() as *const libc::c_char,
ALPROTO_WEBSOCKET,
@ -302,11 +303,11 @@ pub unsafe extern "C" fn SCDetectWebsocketRegister() {
desc: b"match WebSocket mask\0".as_ptr() as *const libc::c_char,
url: b"/rules/websocket-keywords.html#websocket-mask\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(websocket_detect_mask_match),
Setup: websocket_detect_mask_setup,
Setup: Some(websocket_detect_mask_setup),
Free: Some(websocket_detect_mask_free),
flags: 0,
};
G_WEBSOCKET_MASK_KW_ID = DetectHelperKeywordRegister(&kw);
G_WEBSOCKET_MASK_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_WEBSOCKET_MASK_BUFFER_ID = SCDetectHelperBufferRegister(
b"websocket.mask\0".as_ptr() as *const libc::c_char,
ALPROTO_WEBSOCKET,
@ -317,11 +318,11 @@ pub unsafe extern "C" fn SCDetectWebsocketRegister() {
desc: b"match WebSocket flags\0".as_ptr() as *const libc::c_char,
url: b"/rules/websocket-keywords.html#websocket-flags\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(websocket_detect_flags_match),
Setup: websocket_detect_flags_setup,
Setup: Some(websocket_detect_flags_setup),
Free: Some(websocket_detect_flags_free),
flags: 0,
};
G_WEBSOCKET_FLAGS_KW_ID = DetectHelperKeywordRegister(&kw);
G_WEBSOCKET_FLAGS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_WEBSOCKET_FLAGS_BUFFER_ID = SCDetectHelperBufferRegister(
b"websocket.flags\0".as_ptr() as *const libc::c_char,
ALPROTO_WEBSOCKET,

4
rust/sys/src/sys.rs
Unescape Escape View File

@ -326,6 +326,10 @@ pub struct SCTransformTableElmt {
extern "C" {
pub fn SCDetectHelperNewKeywordId() -> ::std::os::raw::c_int;
}
extern "C" {
pub fn SCDetectHelperKeywordRegister(kw: *const SCSigTableAppLiteElmt)
-> ::std::os::raw::c_int;
}
extern "C" {
pub fn SCDetectHelperKeywordAliasRegister(
kwid: ::std::os::raw::c_int, alias: *const ::std::os::raw::c_char,

18
src/detect-email.c
Unescape Escape View File

@ -337,7 +337,7 @@ void DetectEmailRegister(void)
kw.url = "/rules/email-keywords.html#email.from";
kw.Setup = DetectMimeEmailFromSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
SCDetectHelperKeywordRegister(&kw);
g_mime_email_from_buffer_id = DetectHelperBufferMpmRegister(
"email.from", "MIME EMAIL FROM", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailFromData);
@ -346,7 +346,7 @@ void DetectEmailRegister(void)
kw.url = "/rules/email-keywords.html#email.subject";
kw.Setup = DetectMimeEmailSubjectSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
SCDetectHelperKeywordRegister(&kw);
g_mime_email_subject_buffer_id = DetectHelperBufferMpmRegister("email.subject",
"MIME EMAIL SUBJECT", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailSubjectData);
@ -355,7 +355,7 @@ void DetectEmailRegister(void)
kw.url = "/rules/email-keywords.html#email.to";
kw.Setup = DetectMimeEmailToSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
SCDetectHelperKeywordRegister(&kw);
g_mime_email_to_buffer_id = DetectHelperBufferMpmRegister(
"email.to", "MIME EMAIL TO", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailToData);
@ -364,7 +364,7 @@ void DetectEmailRegister(void)
kw.url = "/rules/email-keywords.html#email.cc";
kw.Setup = DetectMimeEmailCcSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
SCDetectHelperKeywordRegister(&kw);
g_mime_email_cc_buffer_id = DetectHelperBufferMpmRegister(
"email.cc", "MIME EMAIL CC", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailCcData);
@ -373,7 +373,7 @@ void DetectEmailRegister(void)
kw.url = "/rules/email-keywords.html#email.date";
kw.Setup = DetectMimeEmailDateSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
SCDetectHelperKeywordRegister(&kw);
g_mime_email_date_buffer_id = DetectHelperBufferMpmRegister(
"email.date", "MIME EMAIL DATE", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailDateData);
@ -382,7 +382,7 @@ void DetectEmailRegister(void)
kw.url = "/rules/email-keywords.html#email.message_id";
kw.Setup = DetectMimeEmailMessageIdSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
SCDetectHelperKeywordRegister(&kw);
g_mime_email_message_id_buffer_id = DetectHelperBufferMpmRegister("email.message_id",
"MIME EMAIL Message-Id", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailMessageIdData);
@ -391,7 +391,7 @@ void DetectEmailRegister(void)
kw.url = "/rules/email-keywords.html#email.x_mailer";
kw.Setup = DetectMimeEmailXMailerSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
SCDetectHelperKeywordRegister(&kw);
g_mime_email_x_mailer_buffer_id = DetectHelperBufferMpmRegister("email.x_mailer",
"MIME EMAIL X-Mailer", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailXMailerData);
@ -400,7 +400,7 @@ void DetectEmailRegister(void)
kw.url = "/rules/email-keywords.html#email.url";
kw.Setup = DetectMimeEmailUrlSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
SCDetectHelperKeywordRegister(&kw);
g_mime_email_url_buffer_id = SCDetectHelperMultiBufferMpmRegister(
"email.url", "MIME EMAIL URL", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailUrlData);
@ -409,7 +409,7 @@ void DetectEmailRegister(void)
kw.url = "/rules/email-keywords.html#email.received";
kw.Setup = DetectMimeEmailReceivedSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
SCDetectHelperKeywordRegister(&kw);
g_mime_email_received_buffer_id = SCDetectHelperMultiBufferMpmRegister("email.received",
"MIME EMAIL RECEIVED", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailReceivedData);
}

2
src/detect-engine-helper.c
Unescape Escape View File

@ -118,7 +118,7 @@ int SCDetectHelperNewKeywordId(void)
return DETECT_TBLSIZE_IDX - 1;
}
int DetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw)
int SCDetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw)
{
int keyword_id = SCDetectHelperNewKeywordId();
if (keyword_id < 0) {

2
src/detect-engine-helper.h
Unescape Escape View File

@ -75,7 +75,7 @@ typedef struct SCTransformTableElmt {
int SCDetectHelperNewKeywordId(void);
int DetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw);
int SCDetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw);
void SCDetectHelperKeywordAliasRegister(int kwid, const char *alias);
int SCDetectHelperBufferRegister(const char *name, AppProto alproto, uint8_t direction);

6
src/detect-smtp.c
Unescape Escape View File

@ -136,7 +136,7 @@ void SCDetectSMTPRegister(void)
kw.url = "/rules/smtp-keywords.html#smtp-helo";
kw.Setup = DetectSmtpHeloSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
SCDetectHelperKeywordRegister(&kw);
g_smtp_helo_buffer_id = DetectHelperBufferMpmRegister(
"smtp.helo", "SMTP helo", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpHeloData);
@ -145,7 +145,7 @@ void SCDetectSMTPRegister(void)
kw.url = "/rules/smtp-keywords.html#smtp-mail-from";
kw.Setup = DetectSmtpMailFromSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
SCDetectHelperKeywordRegister(&kw);
g_smtp_mail_from_buffer_id = DetectHelperBufferMpmRegister(
"smtp.mail_from", "SMTP MAIL FROM", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpMailFromData);
@ -154,7 +154,7 @@ void SCDetectSMTPRegister(void)
kw.url = "/rules/smtp-keywords.html#smtp-rcpt-to";
kw.Setup = DetectSmtpRcptToSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
SCDetectHelperKeywordRegister(&kw);
g_smtp_rcpt_to_buffer_id = SCDetectHelperMultiBufferMpmRegister(
"smtp.rcpt_to", "SMTP RCPT TO", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpRcptToData);
}

Write Preview
Loading…
Cancel
Save