From 13449344e8f684a9209d790f8181a18814418861 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 12 May 2025 20:55:50 +0200 Subject: [PATCH] rust: bindgen SCDetectHelperKeywordRegister Ticket: 7667 --- plugins/ndpi/ndpi.c | 2 +- rust/src/detect/mod.rs | 42 +-------- rust/src/dhcp/detect.rs | 36 +++---- rust/src/dns/detect.rs | 39 ++++---- rust/src/enip/detect.rs | 177 ++++++++++++++++++----------------- rust/src/ldap/detect.rs | 50 +++++----- rust/src/mqtt/detect.rs | 78 +++++++-------- rust/src/rfb/detect.rs | 27 +++--- rust/src/snmp/detect.rs | 27 +++--- rust/src/websocket/detect.rs | 37 ++++---- rust/sys/src/sys.rs | 4 + src/detect-email.c | 18 ++-- src/detect-engine-helper.c | 2 +- src/detect-engine-helper.h | 2 +- src/detect-smtp.c | 6 +- 15 files changed, 262 insertions(+), 285 deletions(-) diff --git a/plugins/ndpi/ndpi.c b/plugins/ndpi/ndpi.c index 28fbffcec2..df558ab4ec 100644 --- a/plugins/ndpi/ndpi.c +++ b/plugins/ndpi/ndpi.c @@ -467,7 +467,7 @@ static void EveCallback(ThreadVars *tv, const Packet *p, Flow *f, SCJsonBuilder static void NdpInitRiskKeyword(void) { - /* SCSigTableAppLiteElmt and DetectHelperKeywordRegister don't yet + /* SCSigTableAppLiteElmt and SCDetectHelperKeywordRegister don't yet * support all the fields required to register the nDPI keywords, * missing the (packet) Match callback, * so we'll just register with an empty keyword specifier to get diff --git a/rust/src/detect/mod.rs b/rust/src/detect/mod.rs index a0df2995b0..74050e17a9 100644 --- a/rust/src/detect/mod.rs +++ b/rust/src/detect/mod.rs @@ -38,7 +38,7 @@ pub mod datasets; use std::os::raw::{c_int, c_void}; use std::ffi::CString; -use suricata_sys::sys::{AppProto, DetectEngineCtx, Signature}; +use suricata_sys::sys::{AppProto, DetectEngineCtx, Signature, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt}; /// EnumString trait that will be implemented on enums that /// derive StringEnum. @@ -80,13 +80,13 @@ pub fn helper_keyword_register_sticky_buffer(kw: &SigTableElmtStickyBuffer) -> c name, desc, url, - Setup: kw.setup, + Setup: Some(kw.setup), flags: SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER, AppLayerTxMatch: None, Free: None, }; unsafe { - let r = DetectHelperKeywordRegister(&st); + let r = SCDetectHelperKeywordRegister(&st); DetectHelperKeywordSetCleanCString(r); return r; } @@ -111,40 +111,6 @@ pub unsafe extern "C" fn SCDetectSigMatchNamesFree(kw: &mut SCSigTableNamesElmt) let _ = CString::from_raw(kw.url); } -#[repr(C)] -#[allow(non_snake_case)] -/// App-layer light version of SigTableElmt -pub struct SCSigTableAppLiteElmt { - /// keyword name - pub name: *const libc::c_char, - /// keyword description - pub desc: *const libc::c_char, - /// keyword documentation url - pub url: *const libc::c_char, - /// flags SIGMATCH_* - pub flags: u16, - /// function callback to parse and setup keyword in rule - pub Setup: unsafe extern "C" fn( - de: *mut DetectEngineCtx, - s: *mut Signature, - raw: *const std::os::raw::c_char, - ) -> c_int, - /// function callback to free structure allocated by setup if any - pub Free: Option, - /// function callback to match on an app-layer transaction - pub AppLayerTxMatch: Option< - unsafe extern "C" fn( - de: *mut c_void, - f: *mut c_void, - flags: u8, - state: *mut c_void, - tx: *mut c_void, - sig: *const c_void, - ctx: *const c_void, - ) -> c_int, - >, -} - pub const SIGMATCH_NOOPT: u16 = 1; // BIT_U16(0) in detect.h pub(crate) const SIGMATCH_QUOTES_MANDATORY: u16 = 0x40; // BIT_U16(6) in detect.h pub const SIGMATCH_INFO_STICKY_BUFFER: u16 = 0x200; // BIT_U16(9) @@ -168,7 +134,7 @@ extern "C" { i32, ) -> *mut c_void, ) -> c_int; - pub fn DetectHelperKeywordRegister(kw: *const SCSigTableAppLiteElmt) -> c_int; + // from detect-parse.h pub fn DetectSignatureSetAppProto(s: *mut Signature, alproto: AppProto) -> c_int; pub fn SigMatchAppendSMToList( de: *mut DetectEngineCtx, s: *mut Signature, kwid: c_int, ctx: *const c_void, bufid: c_int, diff --git a/rust/src/dhcp/detect.rs b/rust/src/dhcp/detect.rs index a936e92c45..27bfcda896 100644 --- a/rust/src/dhcp/detect.rs +++ b/rust/src/dhcp/detect.rs @@ -22,12 +22,12 @@ use super::dhcp::{ use super::parser::DHCPOptionWrapper; use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER}; use crate::detect::uint::{DetectUintData, SCDetectU64Free, SCDetectU64Match, SCDetectU64Parse}; -use crate::detect::{ - DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt, - SigMatchAppendSMToList, -}; +use crate::detect::{DetectSignatureSetAppProto, SigMatchAppendSMToList}; use std::os::raw::{c_int, c_void}; -use suricata_sys::sys::{DetectEngineCtx, SCDetectHelperBufferRegister, Signature}; +use suricata_sys::sys::{ + DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectHelperBufferRegister, + SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt, SigMatchCtx, Signature, +}; fn dhcp_tx_get_time(tx: &DHCPTransaction, code: u8) -> Option { for option in &tx.message.options { @@ -73,8 +73,8 @@ unsafe extern "C" fn dhcp_detect_leasetime_setup( } unsafe extern "C" fn dhcp_detect_leasetime_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, DHCPTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -84,7 +84,7 @@ unsafe extern "C" fn dhcp_detect_leasetime_match( return 0; } -unsafe extern "C" fn dhcp_detect_time_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn dhcp_detect_time_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU64Free(ctx); @@ -116,8 +116,8 @@ unsafe extern "C" fn dhcp_detect_rebindingtime_setup( } unsafe extern "C" fn dhcp_detect_rebindingtime_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, DHCPTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -153,8 +153,8 @@ unsafe extern "C" fn dhcp_detect_renewaltime_setup( } unsafe extern "C" fn dhcp_detect_renewaltime_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, DHCPTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -171,11 +171,11 @@ pub unsafe extern "C" fn SCDetectDHCPRegister() { desc: b"match DHCP leasetime\0".as_ptr() as *const libc::c_char, url: b"/rules/dhcp-keywords.html#dhcp-leasetime\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(dhcp_detect_leasetime_match), - Setup: dhcp_detect_leasetime_setup, + Setup: Some(dhcp_detect_leasetime_setup), Free: Some(dhcp_detect_time_free), flags: 0, }; - G_DHCP_LEASE_TIME_KW_ID = DetectHelperKeywordRegister(&kw); + G_DHCP_LEASE_TIME_KW_ID = SCDetectHelperKeywordRegister(&kw); G_DHCP_LEASE_TIME_BUFFER_ID = SCDetectHelperBufferRegister( b"dhcp.leasetime\0".as_ptr() as *const libc::c_char, ALPROTO_DHCP, @@ -186,11 +186,11 @@ pub unsafe extern "C" fn SCDetectDHCPRegister() { desc: b"match DHCP rebinding time\0".as_ptr() as *const libc::c_char, url: b"/rules/dhcp-keywords.html#dhcp-rebinding-time\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(dhcp_detect_rebindingtime_match), - Setup: dhcp_detect_rebindingtime_setup, + Setup: Some(dhcp_detect_rebindingtime_setup), Free: Some(dhcp_detect_time_free), flags: 0, }; - G_DHCP_REBINDING_TIME_KW_ID = DetectHelperKeywordRegister(&kw); + G_DHCP_REBINDING_TIME_KW_ID = SCDetectHelperKeywordRegister(&kw); G_DHCP_REBINDING_TIME_BUFFER_ID = SCDetectHelperBufferRegister( b"dhcp.rebinding-time\0".as_ptr() as *const libc::c_char, ALPROTO_DHCP, @@ -201,11 +201,11 @@ pub unsafe extern "C" fn SCDetectDHCPRegister() { desc: b"match DHCP renewal time\0".as_ptr() as *const libc::c_char, url: b"/rules/dhcp-keywords.html#dhcp-renewal-time\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(dhcp_detect_renewaltime_match), - Setup: dhcp_detect_renewaltime_setup, + Setup: Some(dhcp_detect_renewaltime_setup), Free: Some(dhcp_detect_time_free), flags: 0, }; - G_DHCP_RENEWAL_TIME_KW_ID = DetectHelperKeywordRegister(&kw); + G_DHCP_RENEWAL_TIME_KW_ID = SCDetectHelperKeywordRegister(&kw); G_DHCP_RENEWAL_TIME_BUFFER_ID = SCDetectHelperBufferRegister( b"dhcp.renewal-time\0".as_ptr() as *const libc::c_char, ALPROTO_DHCP, diff --git a/rust/src/dns/detect.rs b/rust/src/dns/detect.rs index c8d8664e68..f5c2d82866 100644 --- a/rust/src/dns/detect.rs +++ b/rust/src/dns/detect.rs @@ -22,24 +22,25 @@ use crate::detect::uint::{ SCDetectU8Parse, }; use crate::detect::{ - helper_keyword_register_sticky_buffer, DetectHelperKeywordRegister, DetectSignatureSetAppProto, - SCSigTableAppLiteElmt, SigMatchAppendSMToList, SigTableElmtStickyBuffer, + helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigMatchAppendSMToList, + SigTableElmtStickyBuffer, }; use crate::direction::Direction; use std::ffi::CStr; use std::os::raw::{c_int, c_void}; use suricata_sys::sys::{ - DetectEngineCtx, DetectEngineThreadCtx, SCDetectBufferSetActiveList, + DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, SCDetectHelperBufferRegister, SCDetectHelperKeywordAliasRegister, - SCDetectHelperMultiBufferProgressMpmRegister, Signature, + SCDetectHelperKeywordRegister, SCDetectHelperMultiBufferProgressMpmRegister, + SCSigTableAppLiteElmt, SigMatchCtx, Signature, }; /// Perform the DNS opcode match. /// /// 1 will be returned on match, otherwise 0 will be returned. unsafe extern "C" fn dns_opcode_match( - _de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, DNSTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -71,8 +72,8 @@ unsafe extern "C" fn dns_opcode_match( /// /// 1 will be returned on match, otherwise 0 will be returned. unsafe extern "C" fn dns_rcode_match( - _de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, DNSTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -99,8 +100,8 @@ unsafe extern "C" fn dns_rcode_match( /// Perform the DNS rrtype match. /// 1 will be returned on match, otherwise 0 will be returned. unsafe extern "C" fn dns_rrtype_match( - _de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, DNSTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -152,7 +153,7 @@ unsafe extern "C" fn dns_opcode_setup( return 0; } -unsafe extern "C" fn dns_opcode_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn dns_opcode_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU8Free(ctx); @@ -186,7 +187,7 @@ unsafe extern "C" fn dns_rcode_setup( return 0; } -unsafe extern "C" fn dns_rcode_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn dns_rcode_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU16Free(ctx); @@ -222,7 +223,7 @@ unsafe extern "C" fn dns_rrtype_setup( return 0; } -unsafe extern "C" fn dns_rrtype_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn dns_rrtype_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU16Free(ctx); @@ -347,11 +348,11 @@ pub unsafe extern "C" fn SCDetectDNSRegister() { desc: b"Match the DNS header opcode flag.\0".as_ptr() as *const libc::c_char, url: b"rules/dns-keywords.html#dns-opcode\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(dns_opcode_match), - Setup: dns_opcode_setup, + Setup: Some(dns_opcode_setup), Free: Some(dns_opcode_free), flags: 0, }; - G_DNS_OPCODE_KW_ID = DetectHelperKeywordRegister(&kw); + G_DNS_OPCODE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_DNS_OPCODE_BUFFER_ID = SCDetectHelperBufferRegister( b"dns.opcode\0".as_ptr() as *const libc::c_char, ALPROTO_DNS, @@ -379,11 +380,11 @@ pub unsafe extern "C" fn SCDetectDNSRegister() { desc: b"Match the DNS header rcode flag.\0".as_ptr() as *const libc::c_char, url: b"rules/dns-keywords.html#dns-rcode\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(dns_rcode_match), - Setup: dns_rcode_setup, + Setup: Some(dns_rcode_setup), Free: Some(dns_rcode_free), flags: 0, }; - G_DNS_RCODE_KW_ID = DetectHelperKeywordRegister(&kw); + G_DNS_RCODE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_DNS_RCODE_BUFFER_ID = SCDetectHelperBufferRegister( b"dns.rcode\0".as_ptr() as *const libc::c_char, ALPROTO_DNS, @@ -394,11 +395,11 @@ pub unsafe extern "C" fn SCDetectDNSRegister() { desc: b"Match the DNS rrtype in message body.\0".as_ptr() as *const libc::c_char, url: b"rules/dns-keywords.html#dns-rrtype\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(dns_rrtype_match), - Setup: dns_rrtype_setup, + Setup: Some(dns_rrtype_setup), Free: Some(dns_rrtype_free), flags: 0, }; - G_DNS_RRTYPE_KW_ID = DetectHelperKeywordRegister(&kw); + G_DNS_RRTYPE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_DNS_RRTYPE_BUFFER_ID = SCDetectHelperBufferRegister( b"dns.rrtype\0".as_ptr() as *const libc::c_char, ALPROTO_DNS, diff --git a/rust/src/enip/detect.rs b/rust/src/enip/detect.rs index 07786ef78b..6278668108 100644 --- a/rust/src/enip/detect.rs +++ b/rust/src/enip/detect.rs @@ -37,11 +37,12 @@ use crate::detect::uint::{ }; use crate::detect::{ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData, - DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt, - SigMatchAppendSMToList, SigTableElmtStickyBuffer, + DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer, }; use suricata_sys::sys::{ - DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferRegister, Signature, + DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, + SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt, + SigMatchCtx, Signature, }; use crate::direction::Direction; @@ -475,13 +476,13 @@ unsafe extern "C" fn cipservice_setup( return 0; } -unsafe extern "C" fn cipservice_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn cipservice_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { std::mem::drop(Box::from_raw(ctx as *mut DetectCipServiceData)); } unsafe extern "C" fn cipservice_match( - _de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectCipServiceData); @@ -527,8 +528,8 @@ fn tx_get_capabilities(tx: &EnipTransaction) -> Option { } unsafe extern "C" fn capabilities_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -538,7 +539,7 @@ unsafe extern "C" fn capabilities_match( return 0; } -unsafe extern "C" fn capabilities_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn capabilities_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU16Free(ctx); @@ -570,15 +571,15 @@ unsafe extern "C" fn cip_attribute_setup( } unsafe extern "C" fn cip_attribute_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); return enip_tx_has_cip_attribute(tx, ctx); } -unsafe extern "C" fn cip_attribute_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn cip_attribute_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU32Free(ctx); @@ -610,15 +611,15 @@ unsafe extern "C" fn cip_class_setup( } unsafe extern "C" fn cip_class_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); return enip_tx_has_cip_segment(tx, ctx, 8); } -unsafe extern "C" fn cip_class_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn cip_class_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU32Free(ctx); @@ -663,8 +664,8 @@ fn tx_get_vendor_id(tx: &EnipTransaction) -> Option { } unsafe extern "C" fn vendor_id_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -674,7 +675,7 @@ unsafe extern "C" fn vendor_id_match( return 0; } -unsafe extern "C" fn vendor_id_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn vendor_id_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU16Free(ctx); @@ -698,8 +699,8 @@ unsafe extern "C" fn status_setup( } unsafe extern "C" fn status_match( - _de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -709,7 +710,7 @@ unsafe extern "C" fn status_match( return 0; } -unsafe extern "C" fn status_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn status_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU32Free(ctx); @@ -746,8 +747,8 @@ fn tx_get_state(tx: &EnipTransaction) -> Option { } unsafe extern "C" fn state_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -757,7 +758,7 @@ unsafe extern "C" fn state_match( return 0; } -unsafe extern "C" fn state_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn state_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU8Free(ctx); @@ -794,8 +795,8 @@ fn tx_get_serial(tx: &EnipTransaction) -> Option { } unsafe extern "C" fn serial_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -805,7 +806,7 @@ unsafe extern "C" fn serial_match( return 0; } -unsafe extern "C" fn serial_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn serial_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU32Free(ctx); @@ -844,8 +845,8 @@ fn tx_get_revision(tx: &EnipTransaction) -> Option { } unsafe extern "C" fn revision_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -855,7 +856,7 @@ unsafe extern "C" fn revision_match( return 0; } -unsafe extern "C" fn revision_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn revision_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU16Free(ctx); @@ -887,8 +888,8 @@ unsafe extern "C" fn protocol_version_setup( } unsafe extern "C" fn protocol_version_match( - _de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -898,7 +899,7 @@ unsafe extern "C" fn protocol_version_match( return 0; } -unsafe extern "C" fn protocol_version_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn protocol_version_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU16Free(ctx); @@ -943,8 +944,8 @@ fn tx_get_product_code(tx: &EnipTransaction) -> Option { } unsafe extern "C" fn product_code_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -954,7 +955,7 @@ unsafe extern "C" fn product_code_match( return 0; } -unsafe extern "C" fn product_code_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn product_code_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU16Free(ctx); @@ -999,8 +1000,8 @@ fn tx_get_identity_status(tx: &EnipTransaction) -> Option { } unsafe extern "C" fn identity_status_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -1010,7 +1011,7 @@ unsafe extern "C" fn identity_status_match( return 0; } -unsafe extern "C" fn identity_status_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn identity_status_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU16Free(ctx); @@ -1055,8 +1056,8 @@ fn tx_get_device_type(tx: &EnipTransaction) -> Option { } unsafe extern "C" fn device_type_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -1066,7 +1067,7 @@ unsafe extern "C" fn device_type_match( return 0; } -unsafe extern "C" fn device_type_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn device_type_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU16Free(ctx); @@ -1103,8 +1104,8 @@ fn tx_get_command(tx: &EnipTransaction, direction: u8) -> Option { } unsafe extern "C" fn command_match( - _de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -1114,7 +1115,7 @@ unsafe extern "C" fn command_match( return 0; } -unsafe extern "C" fn command_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn command_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU16Free(ctx); @@ -1146,15 +1147,15 @@ unsafe extern "C" fn cip_status_setup( } unsafe extern "C" fn cip_status_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); return enip_tx_has_cip_status(tx, ctx); } -unsafe extern "C" fn cip_status_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn cip_status_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU8Free(ctx); @@ -1186,15 +1187,15 @@ unsafe extern "C" fn cip_instance_setup( } unsafe extern "C" fn cip_instance_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); return enip_tx_has_cip_segment(tx, ctx, 9); } -unsafe extern "C" fn cip_instance_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn cip_instance_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU32Free(ctx); @@ -1226,15 +1227,15 @@ unsafe extern "C" fn cip_extendedstatus_setup( } unsafe extern "C" fn cip_extendedstatus_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, EnipTransaction); let ctx = cast_pointer!(ctx, DetectUintData); return enip_tx_has_cip_extendedstatus(tx, ctx); } -unsafe extern "C" fn cip_extendedstatus_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn cip_extendedstatus_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU16Free(ctx); @@ -1341,11 +1342,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { as *const libc::c_char, url: b"/rules/enip-keyword.html#cip_service\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(cipservice_match), - Setup: cipservice_setup, + Setup: Some(cipservice_setup), Free: Some(cipservice_free), flags: 0, }; - G_ENIP_CIPSERVICE_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_CIPSERVICE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_CIPSERVICE_BUFFER_ID = SCDetectHelperBufferRegister( b"cip\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1356,11 +1357,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { desc: b"rules for detecting EtherNet/IP capabilities\0".as_ptr() as *const libc::c_char, url: b"/rules/enip-keyword.html#enip-capabilities\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(capabilities_match), - Setup: capabilities_setup, + Setup: Some(capabilities_setup), Free: Some(capabilities_free), flags: 0, }; - G_ENIP_CAPABILITIES_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_CAPABILITIES_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_CAPABILITIES_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.capabilities\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1371,11 +1372,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { desc: b"rules for detecting EtherNet/IP cip_attribute\0".as_ptr() as *const libc::c_char, url: b"/rules/enip-keyword.html#enip-cip-attribute\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(cip_attribute_match), - Setup: cip_attribute_setup, + Setup: Some(cip_attribute_setup), Free: Some(cip_attribute_free), flags: 0, }; - G_ENIP_CIP_ATTRIBUTE_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_CIP_ATTRIBUTE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_CIP_ATTRIBUTE_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.cip_attribute\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1386,11 +1387,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { desc: b"rules for detecting EtherNet/IP cip_class\0".as_ptr() as *const libc::c_char, url: b"/rules/enip-keyword.html#enip-cip-class\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(cip_class_match), - Setup: cip_class_setup, + Setup: Some(cip_class_setup), Free: Some(cip_class_free), flags: 0, }; - G_ENIP_CIP_CLASS_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_CIP_CLASS_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_CIP_CLASS_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.cip_class\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1401,11 +1402,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { desc: b"rules for detecting EtherNet/IP vendor_id\0".as_ptr() as *const libc::c_char, url: b"/rules/enip-keyword.html#enip-vendor-id\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(vendor_id_match), - Setup: vendor_id_setup, + Setup: Some(vendor_id_setup), Free: Some(vendor_id_free), flags: 0, }; - G_ENIP_VENDOR_ID_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_VENDOR_ID_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_VENDOR_ID_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.vendor_id\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1416,11 +1417,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { desc: b"rules for detecting EtherNet/IP status\0".as_ptr() as *const libc::c_char, url: b"/rules/enip-keyword.html#enip-status\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(status_match), - Setup: status_setup, + Setup: Some(status_setup), Free: Some(status_free), flags: 0, }; - G_ENIP_STATUS_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_STATUS_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_STATUS_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.status\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1431,11 +1432,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { desc: b"rules for detecting EtherNet/IP state\0".as_ptr() as *const libc::c_char, url: b"/rules/enip-keyword.html#enip-state\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(state_match), - Setup: state_setup, + Setup: Some(state_setup), Free: Some(state_free), flags: 0, }; - G_ENIP_STATE_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_STATE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_STATE_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.state\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1446,11 +1447,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { desc: b"rules for detecting EtherNet/IP serial\0".as_ptr() as *const libc::c_char, url: b"/rules/enip-keyword.html#enip-serial\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(serial_match), - Setup: serial_setup, + Setup: Some(serial_setup), Free: Some(serial_free), flags: 0, }; - G_ENIP_SERIAL_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_SERIAL_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_SERIAL_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.serial\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1461,11 +1462,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { desc: b"rules for detecting EtherNet/IP revision\0".as_ptr() as *const libc::c_char, url: b"/rules/enip-keyword.html#enip-revision\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(revision_match), - Setup: revision_setup, + Setup: Some(revision_setup), Free: Some(revision_free), flags: 0, }; - G_ENIP_REVISION_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_REVISION_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_REVISION_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.revision\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1476,11 +1477,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { desc: b"rules for detecting EtherNet/IP protocol_version\0".as_ptr() as *const libc::c_char, url: b"/rules/enip-keyword.html#enip-protocol-version\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(protocol_version_match), - Setup: protocol_version_setup, + Setup: Some(protocol_version_setup), Free: Some(protocol_version_free), flags: 0, }; - G_ENIP_PROTOCOL_VERSION_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_PROTOCOL_VERSION_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_PROTOCOL_VERSION_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.protocol_version\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1491,11 +1492,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { desc: b"rules for detecting EtherNet/IP product_code\0".as_ptr() as *const libc::c_char, url: b"/rules/enip-keyword.html#enip-product-code\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(product_code_match), - Setup: product_code_setup, + Setup: Some(product_code_setup), Free: Some(product_code_free), flags: 0, }; - G_ENIP_PRODUCT_CODE_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_PRODUCT_CODE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_PRODUCT_CODE_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.product_code\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1506,11 +1507,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { desc: b"rules for detecting EtherNet/IP command\0".as_ptr() as *const libc::c_char, url: b"/rules/enip-keyword.html#enip_command\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(command_match), - Setup: command_setup, + Setup: Some(command_setup), Free: Some(command_free), flags: 0, }; - G_ENIP_COMMAND_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_COMMAND_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_COMMAND_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.command\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1521,11 +1522,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { desc: b"rules for detecting EtherNet/IP identity_status\0".as_ptr() as *const libc::c_char, url: b"/rules/enip-keyword.html#enip-identity-status\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(identity_status_match), - Setup: identity_status_setup, + Setup: Some(identity_status_setup), Free: Some(identity_status_free), flags: 0, }; - G_ENIP_IDENTITY_STATUS_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_IDENTITY_STATUS_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_IDENTITY_STATUS_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.identity_status\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1536,11 +1537,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { desc: b"rules for detecting EtherNet/IP device_type\0".as_ptr() as *const libc::c_char, url: b"/rules/enip-keyword.html#enip-device-type\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(device_type_match), - Setup: device_type_setup, + Setup: Some(device_type_setup), Free: Some(device_type_free), flags: 0, }; - G_ENIP_DEVICE_TYPE_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_DEVICE_TYPE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_DEVICE_TYPE_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.device_type\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1551,11 +1552,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { desc: b"rules for detecting EtherNet/IP cip_status\0".as_ptr() as *const libc::c_char, url: b"/rules/enip-keyword.html#enip-cip-status\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(cip_status_match), - Setup: cip_status_setup, + Setup: Some(cip_status_setup), Free: Some(cip_status_free), flags: 0, }; - G_ENIP_CIP_STATUS_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_CIP_STATUS_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_CIP_STATUS_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.cip_status\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1566,11 +1567,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { desc: b"rules for detecting EtherNet/IP cip_instance\0".as_ptr() as *const libc::c_char, url: b"/rules/enip-keyword.html#enip-cip-instance\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(cip_instance_match), - Setup: cip_instance_setup, + Setup: Some(cip_instance_setup), Free: Some(cip_instance_free), flags: 0, }; - G_ENIP_CIP_INSTANCE_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_CIP_INSTANCE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_CIP_INSTANCE_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.cip_instance\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, @@ -1582,11 +1583,11 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { as *const libc::c_char, url: b"/rules/enip-keyword.html#enip-cip-extendedstatus\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(cip_extendedstatus_match), - Setup: cip_extendedstatus_setup, + Setup: Some(cip_extendedstatus_setup), Free: Some(cip_extendedstatus_free), flags: 0, }; - G_ENIP_CIP_EXTENDEDSTATUS_KW_ID = DetectHelperKeywordRegister(&kw); + G_ENIP_CIP_EXTENDEDSTATUS_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_CIP_EXTENDEDSTATUS_BUFFER_ID = SCDetectHelperBufferRegister( b"enip.cip_extendedstatus\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, diff --git a/rust/src/ldap/detect.rs b/rust/src/ldap/detect.rs index 0d792141e8..114f7fa606 100644 --- a/rust/src/ldap/detect.rs +++ b/rust/src/ldap/detect.rs @@ -23,13 +23,13 @@ use crate::detect::uint::{ }; use crate::detect::{ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData, - DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt, - SigMatchAppendSMToList, SigTableElmtStickyBuffer, + DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer, }; use crate::ldap::types::{LdapMessage, LdapResultCode, ProtocolOp, ProtocolOpCode}; use suricata_sys::sys::{ - DetectEngineCtx, DetectEngineThreadCtx, SCDetectBufferSetActiveList, - SCDetectHelperBufferRegister, SCDetectHelperMultiBufferMpmRegister, Signature, + DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, + SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, + SCDetectHelperMultiBufferMpmRegister, SCSigTableAppLiteElmt, SigMatchCtx, Signature, }; use std::collections::VecDeque; @@ -116,8 +116,8 @@ unsafe extern "C" fn ldap_detect_request_operation_setup( } unsafe extern "C" fn ldap_detect_request_operation_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, LdapTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -128,7 +128,7 @@ unsafe extern "C" fn ldap_detect_request_operation_match( return 0; } -unsafe extern "C" fn ldap_detect_request_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn ldap_detect_request_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU8Free(ctx); @@ -244,8 +244,8 @@ fn match_at_index( } unsafe extern "C" fn ldap_detect_responses_operation_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, LdapTransaction); let ctx = cast_pointer!(ctx, DetectLdapRespOpData); @@ -259,7 +259,7 @@ unsafe extern "C" fn ldap_detect_responses_operation_match( ); } -unsafe extern "C" fn ldap_detect_responses_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn ldap_detect_responses_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectLdapRespOpData); std::mem::drop(Box::from_raw(ctx)); @@ -291,8 +291,8 @@ unsafe extern "C" fn ldap_detect_responses_count_setup( } unsafe extern "C" fn ldap_detect_responses_count_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, LdapTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -300,7 +300,7 @@ unsafe extern "C" fn ldap_detect_responses_count_match( return detect_match_uint(ctx, len) as c_int; } -unsafe extern "C" fn ldap_detect_responses_count_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn ldap_detect_responses_count_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU32Free(ctx); @@ -470,8 +470,8 @@ fn get_ldap_result_code(response: &LdapMessage) -> Option { } unsafe extern "C" fn ldap_detect_responses_result_code_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, LdapTransaction); let ctx = cast_pointer!(ctx, DetectLdapRespResultData); @@ -485,7 +485,9 @@ unsafe extern "C" fn ldap_detect_responses_result_code_match( ); } -unsafe extern "C" fn ldap_detect_responses_result_code_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn ldap_detect_responses_result_code_free( + _de: *mut DetectEngineCtx, ctx: *mut c_void, +) { // Just unbox... let ctx = cast_pointer!(ctx, DetectLdapRespResultData); std::mem::drop(Box::from_raw(ctx)); @@ -640,11 +642,11 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { desc: b"match LDAP request operation\0".as_ptr() as *const libc::c_char, url: b"/rules/ldap-keywords.html#ldap.request.operation\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(ldap_detect_request_operation_match), - Setup: ldap_detect_request_operation_setup, + Setup: Some(ldap_detect_request_operation_setup), Free: Some(ldap_detect_request_free), flags: 0, }; - G_LDAP_REQUEST_OPERATION_KW_ID = DetectHelperKeywordRegister(&kw); + G_LDAP_REQUEST_OPERATION_KW_ID = SCDetectHelperKeywordRegister(&kw); G_LDAP_REQUEST_OPERATION_BUFFER_ID = SCDetectHelperBufferRegister( b"ldap.request.operation\0".as_ptr() as *const libc::c_char, ALPROTO_LDAP, @@ -656,11 +658,11 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { url: b"/rules/ldap-keywords.html#ldap.responses.operation\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(ldap_detect_responses_operation_match), - Setup: ldap_detect_responses_operation_setup, + Setup: Some(ldap_detect_responses_operation_setup), Free: Some(ldap_detect_responses_free), flags: 0, }; - G_LDAP_RESPONSES_OPERATION_KW_ID = DetectHelperKeywordRegister(&kw); + G_LDAP_RESPONSES_OPERATION_KW_ID = SCDetectHelperKeywordRegister(&kw); G_LDAP_RESPONSES_OPERATION_BUFFER_ID = SCDetectHelperBufferRegister( b"ldap.responses.operation\0".as_ptr() as *const libc::c_char, ALPROTO_LDAP, @@ -671,11 +673,11 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { desc: b"match number of LDAP responses\0".as_ptr() as *const libc::c_char, url: b"/rules/ldap-keywords.html#ldap.responses.count\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(ldap_detect_responses_count_match), - Setup: ldap_detect_responses_count_setup, + Setup: Some(ldap_detect_responses_count_setup), Free: Some(ldap_detect_responses_count_free), flags: 0, }; - G_LDAP_RESPONSES_COUNT_KW_ID = DetectHelperKeywordRegister(&kw); + G_LDAP_RESPONSES_COUNT_KW_ID = SCDetectHelperKeywordRegister(&kw); G_LDAP_RESPONSES_COUNT_BUFFER_ID = SCDetectHelperBufferRegister( b"ldap.responses.count\0".as_ptr() as *const libc::c_char, ALPROTO_LDAP, @@ -715,11 +717,11 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { url: b"/rules/ldap-keywords.html#ldap.responses.result_code\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(ldap_detect_responses_result_code_match), - Setup: ldap_detect_responses_result_code_setup, + Setup: Some(ldap_detect_responses_result_code_setup), Free: Some(ldap_detect_responses_result_code_free), flags: 0, }; - G_LDAP_RESPONSES_RESULT_CODE_KW_ID = DetectHelperKeywordRegister(&kw); + G_LDAP_RESPONSES_RESULT_CODE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_LDAP_RESPONSES_RESULT_CODE_BUFFER_ID = SCDetectHelperBufferRegister( b"ldap.responses.result_code\0".as_ptr() as *const libc::c_char, ALPROTO_LDAP, diff --git a/rust/src/mqtt/detect.rs b/rust/src/mqtt/detect.rs index b6317fd1e0..c761a3f91e 100644 --- a/rust/src/mqtt/detect.rs +++ b/rust/src/mqtt/detect.rs @@ -24,12 +24,12 @@ use crate::detect::uint::{ }; use crate::detect::{ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData, - DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt, - SigMatchAppendSMToList, SigTableElmtStickyBuffer, + DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer, }; use suricata_sys::sys::{ - DetectEngineCtx, DetectEngineThreadCtx, SCDetectBufferSetActiveList, - SCDetectHelperBufferRegister, SCDetectHelperMultiBufferMpmRegister, Signature, + DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, + SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, + SCDetectHelperMultiBufferMpmRegister, SCSigTableAppLiteElmt, SigMatchCtx, Signature, }; use nom7::branch::alt; @@ -413,15 +413,15 @@ unsafe extern "C" fn mqtt_type_setup( } unsafe extern "C" fn mqtt_type_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, MQTTTransaction); let ctx = cast_pointer!(ctx, DetectUintData); return mqtt_tx_has_type(tx, ctx); } -unsafe extern "C" fn mqtt_type_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn mqtt_type_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU8Free(ctx); @@ -453,8 +453,8 @@ unsafe extern "C" fn mqtt_reason_code_setup( } unsafe extern "C" fn mqtt_reason_code_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, MQTTTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -466,7 +466,7 @@ unsafe extern "C" fn mqtt_reason_code_match( return mqtt_tx_suback_unsuback_has_reason_code(tx, ctx); } -unsafe extern "C" fn mqtt_reason_code_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn mqtt_reason_code_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU8Free(ctx); @@ -512,15 +512,15 @@ fn mqtt_tx_has_qos(tx: &MQTTTransaction, qos: u8) -> c_int { } unsafe extern "C" fn mqtt_qos_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, MQTTTransaction); let ctx = cast_pointer!(ctx, u8); return mqtt_tx_has_qos(tx, *ctx); } -unsafe extern "C" fn mqtt_qos_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn mqtt_qos_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { std::mem::drop(Box::from_raw(ctx as *mut u8)); } @@ -574,15 +574,15 @@ fn mqtt_tx_get_connack_sessionpresent(tx: &MQTTTransaction, session_present: boo } unsafe extern "C" fn mqtt_connack_sessionpresent_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, MQTTTransaction); let ctx = cast_pointer!(ctx, bool); return mqtt_tx_get_connack_sessionpresent(tx, *ctx); } -unsafe extern "C" fn mqtt_connack_sessionpresent_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn mqtt_connack_sessionpresent_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { std::mem::drop(Box::from_raw(ctx as *mut bool)); } @@ -666,8 +666,8 @@ unsafe extern "C" fn mqtt_protocol_version_setup( } unsafe extern "C" fn mqtt_protocol_version_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, state: *mut c_void, _tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, state: *mut c_void, + _tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let state = cast_pointer!(state, MQTTState); let ctx = cast_pointer!(ctx, DetectUintData); @@ -677,7 +677,7 @@ unsafe extern "C" fn mqtt_protocol_version_match( return 0; } -unsafe extern "C" fn mqtt_protocol_version_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn mqtt_protocol_version_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU8Free(ctx); } @@ -781,15 +781,15 @@ fn mqtt_tx_has_flags(tx: &MQTTTransaction, ctx: &DetectUintData) -> c_int { } unsafe extern "C" fn mqtt_flags_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, MQTTTransaction); let ctx = cast_pointer!(ctx, DetectUintData); return mqtt_tx_has_flags(tx, ctx); } -unsafe extern "C" fn mqtt_flags_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn mqtt_flags_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU8Free(ctx); } @@ -897,15 +897,15 @@ fn mqtt_tx_has_conn_flags(tx: &MQTTTransaction, ctx: &DetectUintData) -> c_i } unsafe extern "C" fn mqtt_conn_flags_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, MQTTTransaction); let ctx = cast_pointer!(ctx, DetectUintData); return mqtt_tx_has_conn_flags(tx, ctx); } -unsafe extern "C" fn mqtt_conn_flags_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn mqtt_conn_flags_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU8Free(ctx); } @@ -1102,11 +1102,11 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { desc: b"match MQTT control packet type\0".as_ptr() as *const libc::c_char, url: b"/rules/mqtt-keywords.html#mqtt-type\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(mqtt_type_match), - Setup: mqtt_type_setup, + Setup: Some(mqtt_type_setup), Free: Some(mqtt_type_free), flags: 0, }; - G_MQTT_TYPE_KW_ID = DetectHelperKeywordRegister(&kw); + G_MQTT_TYPE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_MQTT_TYPE_BUFFER_ID = SCDetectHelperBufferRegister( b"mqtt.type\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, @@ -1142,11 +1142,11 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { //TODO alias "mqtt.connack.return_code" url: b"/rules/mqtt-keywords.html#mqtt-reason-code\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(mqtt_reason_code_match), - Setup: mqtt_reason_code_setup, + Setup: Some(mqtt_reason_code_setup), Free: Some(mqtt_reason_code_free), flags: 0, }; - G_MQTT_REASON_CODE_KW_ID = DetectHelperKeywordRegister(&kw); + G_MQTT_REASON_CODE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_MQTT_REASON_CODE_BUFFER_ID = SCDetectHelperBufferRegister( b"mqtt.reason_code\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, @@ -1158,11 +1158,11 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { url: b"/rules/mqtt-keywords.html#mqtt-connack-session-present\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(mqtt_connack_sessionpresent_match), - Setup: mqtt_connack_sessionpresent_setup, + Setup: Some(mqtt_connack_sessionpresent_setup), Free: Some(mqtt_connack_sessionpresent_free), flags: 0, }; - G_MQTT_CONNACK_SESSIONPRESENT_KW_ID = DetectHelperKeywordRegister(&kw); + G_MQTT_CONNACK_SESSIONPRESENT_KW_ID = SCDetectHelperKeywordRegister(&kw); G_MQTT_CONNACK_SESSIONPRESENT_BUFFER_ID = SCDetectHelperBufferRegister( b"mqtt.connack.session_present\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, @@ -1174,11 +1174,11 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { //TODO alias "mqtt.connack.return_code" url: b"/rules/mqtt-keywords.html#mqtt-qos\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(mqtt_qos_match), - Setup: mqtt_qos_setup, + Setup: Some(mqtt_qos_setup), Free: Some(mqtt_qos_free), flags: 0, }; - G_MQTT_QOS_KW_ID = DetectHelperKeywordRegister(&kw); + G_MQTT_QOS_KW_ID = SCDetectHelperKeywordRegister(&kw); G_MQTT_QOS_BUFFER_ID = SCDetectHelperBufferRegister( b"mqtt.qos\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, @@ -1217,11 +1217,11 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { desc: b"match MQTT protocol version\0".as_ptr() as *const libc::c_char, url: b"/rules/mqtt-keywords.html#mqtt-protocol-version\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(mqtt_protocol_version_match), - Setup: mqtt_protocol_version_setup, + Setup: Some(mqtt_protocol_version_setup), Free: Some(mqtt_protocol_version_free), flags: 0, }; - G_MQTT_PROTOCOL_VERSION_KW_ID = DetectHelperKeywordRegister(&kw); + G_MQTT_PROTOCOL_VERSION_KW_ID = SCDetectHelperKeywordRegister(&kw); G_MQTT_PROTOCOL_VERSION_BUFFER_ID = SCDetectHelperBufferRegister( b"mqtt.protocol_version\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, @@ -1232,11 +1232,11 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { desc: b"match MQTT fixed header flags\0".as_ptr() as *const libc::c_char, url: b"/rules/mqtt-keywords.html#mqtt-flags\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(mqtt_flags_match), - Setup: mqtt_flags_setup, + Setup: Some(mqtt_flags_setup), Free: Some(mqtt_flags_free), flags: 0, }; - G_MQTT_FLAGS_KW_ID = DetectHelperKeywordRegister(&kw); + G_MQTT_FLAGS_KW_ID = SCDetectHelperKeywordRegister(&kw); G_MQTT_FLAGS_BUFFER_ID = SCDetectHelperBufferRegister( b"mqtt.flags\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, @@ -1247,11 +1247,11 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { desc: b"match MQTT CONNECT variable header flags\0".as_ptr() as *const libc::c_char, url: b"/rules/mqtt-keywords.html#mqtt-connect-flags\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(mqtt_conn_flags_match), - Setup: mqtt_conn_flags_setup, + Setup: Some(mqtt_conn_flags_setup), Free: Some(mqtt_conn_flags_free), flags: 0, }; - G_MQTT_CONN_FLAGS_KW_ID = DetectHelperKeywordRegister(&kw); + G_MQTT_CONN_FLAGS_KW_ID = SCDetectHelperKeywordRegister(&kw); G_MQTT_CONN_FLAGS_BUFFER_ID = SCDetectHelperBufferRegister( b"mqtt.connect.flags\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, diff --git a/rust/src/rfb/detect.rs b/rust/src/rfb/detect.rs index 4289fb31a9..0ec574b01e 100644 --- a/rust/src/rfb/detect.rs +++ b/rust/src/rfb/detect.rs @@ -25,14 +25,15 @@ use crate::detect::uint::{ }; use crate::detect::{ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData, - DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt, - SigMatchAppendSMToList, SigTableElmtStickyBuffer, + DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer, }; use std::ffi::CStr; use std::os::raw::{c_int, c_void}; use std::ptr; use suricata_sys::sys::{ - DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferRegister, Signature, + DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, + SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt, + SigMatchCtx, Signature, }; unsafe extern "C" fn rfb_name_get_data( @@ -114,15 +115,15 @@ fn rfb_sec_type_match_aux(tx: &RFBTransaction, ctx: &DetectUintData) -> c_i } unsafe extern "C" fn rfb_sec_type_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let ctx = cast_pointer!(ctx, DetectUintData); let tx = cast_pointer!(tx, RFBTransaction); return rfb_sec_type_match_aux(tx, ctx); } -unsafe extern "C" fn rfb_sec_type_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn rfb_sec_type_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU32Free(ctx); } @@ -175,15 +176,15 @@ fn rfb_sec_result_match_aux(tx: &RFBTransaction, ctx: &DetectUintData) -> c } unsafe extern "C" fn rfb_sec_result_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, RFBTransaction); let ctx = cast_pointer!(ctx, DetectUintData); return rfb_sec_result_match_aux(tx, ctx); } -unsafe extern "C" fn rfb_sec_result_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn rfb_sec_result_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU32Free(ctx); @@ -210,11 +211,11 @@ pub unsafe extern "C" fn SCDetectRfbRegister() { desc: b"match RFB security type\0".as_ptr() as *const libc::c_char, url: b"/rules/rfb-keywords.html#rfb-sectype\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(rfb_sec_type_match), - Setup: rfb_sec_type_setup, + Setup: Some(rfb_sec_type_setup), Free: Some(rfb_sec_type_free), flags: 0, }; - G_RFB_SEC_TYPE_KW_ID = DetectHelperKeywordRegister(&kw); + G_RFB_SEC_TYPE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_RFB_SEC_TYPE_BUFFER_ID = SCDetectHelperBufferRegister( b"rfb.sectype\0".as_ptr() as *const libc::c_char, ALPROTO_RFB, @@ -225,11 +226,11 @@ pub unsafe extern "C" fn SCDetectRfbRegister() { desc: b"match RFB security result\0".as_ptr() as *const libc::c_char, url: b"/rules/rfb-keywords.html#rfb-secresult\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(rfb_sec_result_match), - Setup: rfb_sec_result_setup, + Setup: Some(rfb_sec_result_setup), Free: Some(rfb_sec_result_free), flags: 0, }; - G_RFB_SEC_RESULT_KW_ID = DetectHelperKeywordRegister(&kw); + G_RFB_SEC_RESULT_KW_ID = SCDetectHelperKeywordRegister(&kw); G_RFB_SEC_RESULT_BUFFER_ID = SCDetectHelperBufferRegister( b"rfb.secresult\0".as_ptr() as *const libc::c_char, ALPROTO_RFB, diff --git a/rust/src/snmp/detect.rs b/rust/src/snmp/detect.rs index c50637ff26..6669f0d95d 100644 --- a/rust/src/snmp/detect.rs +++ b/rust/src/snmp/detect.rs @@ -22,12 +22,13 @@ use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER}; use crate::detect::uint::{DetectUintData, SCDetectU32Free, SCDetectU32Match, SCDetectU32Parse}; use crate::detect::{ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData, - DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt, - SigMatchAppendSMToList, SigTableElmtStickyBuffer, + DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer, }; use std::os::raw::{c_int, c_void}; use suricata_sys::sys::{ - DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferRegister, Signature, + DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, + SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt, + SigMatchCtx, Signature, }; static mut G_SNMP_VERSION_KW_ID: c_int = 0; @@ -56,15 +57,15 @@ unsafe extern "C" fn snmp_detect_version_setup( } unsafe extern "C" fn snmp_detect_version_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, SNMPTransaction); let ctx = cast_pointer!(ctx, DetectUintData); return SCDetectU32Match(tx.version, ctx); } -unsafe extern "C" fn snmp_detect_version_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn snmp_detect_version_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU32Free(ctx); @@ -89,8 +90,8 @@ unsafe extern "C" fn snmp_detect_pdutype_setup( } unsafe extern "C" fn snmp_detect_pdutype_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, SNMPTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -101,7 +102,7 @@ unsafe extern "C" fn snmp_detect_pdutype_match( return 0; } -unsafe extern "C" fn snmp_detect_pdutype_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn snmp_detect_pdutype_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU32Free(ctx); @@ -191,11 +192,11 @@ pub(super) unsafe extern "C" fn detect_snmp_register() { desc: b"match SNMP version\0".as_ptr() as *const libc::c_char, url: b"/rules/snmp-keywords.html#snmp-version\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(snmp_detect_version_match), - Setup: snmp_detect_version_setup, + Setup: Some(snmp_detect_version_setup), Free: Some(snmp_detect_version_free), flags: 0, }; - G_SNMP_VERSION_KW_ID = DetectHelperKeywordRegister(&kw); + G_SNMP_VERSION_KW_ID = SCDetectHelperKeywordRegister(&kw); G_SNMP_VERSION_BUFFER_ID = SCDetectHelperBufferRegister( b"snmp.version\0".as_ptr() as *const libc::c_char, ALPROTO_SNMP, @@ -207,11 +208,11 @@ pub(super) unsafe extern "C" fn detect_snmp_register() { desc: b"match SNMP PDU type\0".as_ptr() as *const libc::c_char, url: b"/rules/snmp-keywords.html#snmp-pdu-type\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(snmp_detect_pdutype_match), - Setup: snmp_detect_pdutype_setup, + Setup: Some(snmp_detect_pdutype_setup), Free: Some(snmp_detect_pdutype_free), flags: 0, }; - G_SNMP_PDUTYPE_KW_ID = DetectHelperKeywordRegister(&kw); + G_SNMP_PDUTYPE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_SNMP_PDUTYPE_BUFFER_ID = SCDetectHelperBufferRegister( b"snmp.pdu_type\0".as_ptr() as *const libc::c_char, ALPROTO_SNMP, diff --git a/rust/src/websocket/detect.rs b/rust/src/websocket/detect.rs index 39badd8dca..d1bd9d6760 100644 --- a/rust/src/websocket/detect.rs +++ b/rust/src/websocket/detect.rs @@ -23,12 +23,13 @@ use crate::detect::uint::{ }; use crate::detect::{ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData, - DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt, - SigMatchAppendSMToList, SigTableElmtStickyBuffer, + DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer, }; use crate::websocket::parser::WebSocketOpcode; use suricata_sys::sys::{ - DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferRegister, Signature, + DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, + SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt, + SigMatchCtx, Signature, }; use nom7::branch::alt; @@ -147,15 +148,15 @@ unsafe extern "C" fn websocket_detect_opcode_setup( } unsafe extern "C" fn websocket_detect_opcode_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, WebSocketTransaction); let ctx = cast_pointer!(ctx, DetectUintData); return SCDetectU8Match(tx.pdu.opcode, ctx); } -unsafe extern "C" fn websocket_detect_opcode_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn websocket_detect_opcode_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU8Free(ctx); @@ -187,8 +188,8 @@ unsafe extern "C" fn websocket_detect_mask_setup( } unsafe extern "C" fn websocket_detect_mask_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, WebSocketTransaction); let ctx = cast_pointer!(ctx, DetectUintData); @@ -198,7 +199,7 @@ unsafe extern "C" fn websocket_detect_mask_match( return 0; } -unsafe extern "C" fn websocket_detect_mask_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn websocket_detect_mask_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU32Free(ctx); @@ -230,15 +231,15 @@ unsafe extern "C" fn websocket_detect_flags_setup( } unsafe extern "C" fn websocket_detect_flags_match( - _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void, - _sig: *const c_void, ctx: *const c_void, + _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void, + tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx, ) -> c_int { let tx = cast_pointer!(tx, WebSocketTransaction); let ctx = cast_pointer!(ctx, DetectUintData); return SCDetectU8Match(tx.pdu.flags, ctx); } -unsafe extern "C" fn websocket_detect_flags_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn websocket_detect_flags_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { // Just unbox... let ctx = cast_pointer!(ctx, DetectUintData); SCDetectU8Free(ctx); @@ -287,11 +288,11 @@ pub unsafe extern "C" fn SCDetectWebsocketRegister() { desc: b"match WebSocket opcode\0".as_ptr() as *const libc::c_char, url: b"/rules/websocket-keywords.html#websocket-opcode\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(websocket_detect_opcode_match), - Setup: websocket_detect_opcode_setup, + Setup: Some(websocket_detect_opcode_setup), Free: Some(websocket_detect_opcode_free), flags: 0, }; - G_WEBSOCKET_OPCODE_KW_ID = DetectHelperKeywordRegister(&kw); + G_WEBSOCKET_OPCODE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_WEBSOCKET_OPCODE_BUFFER_ID = SCDetectHelperBufferRegister( b"websocket.opcode\0".as_ptr() as *const libc::c_char, ALPROTO_WEBSOCKET, @@ -302,11 +303,11 @@ pub unsafe extern "C" fn SCDetectWebsocketRegister() { desc: b"match WebSocket mask\0".as_ptr() as *const libc::c_char, url: b"/rules/websocket-keywords.html#websocket-mask\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(websocket_detect_mask_match), - Setup: websocket_detect_mask_setup, + Setup: Some(websocket_detect_mask_setup), Free: Some(websocket_detect_mask_free), flags: 0, }; - G_WEBSOCKET_MASK_KW_ID = DetectHelperKeywordRegister(&kw); + G_WEBSOCKET_MASK_KW_ID = SCDetectHelperKeywordRegister(&kw); G_WEBSOCKET_MASK_BUFFER_ID = SCDetectHelperBufferRegister( b"websocket.mask\0".as_ptr() as *const libc::c_char, ALPROTO_WEBSOCKET, @@ -317,11 +318,11 @@ pub unsafe extern "C" fn SCDetectWebsocketRegister() { desc: b"match WebSocket flags\0".as_ptr() as *const libc::c_char, url: b"/rules/websocket-keywords.html#websocket-flags\0".as_ptr() as *const libc::c_char, AppLayerTxMatch: Some(websocket_detect_flags_match), - Setup: websocket_detect_flags_setup, + Setup: Some(websocket_detect_flags_setup), Free: Some(websocket_detect_flags_free), flags: 0, }; - G_WEBSOCKET_FLAGS_KW_ID = DetectHelperKeywordRegister(&kw); + G_WEBSOCKET_FLAGS_KW_ID = SCDetectHelperKeywordRegister(&kw); G_WEBSOCKET_FLAGS_BUFFER_ID = SCDetectHelperBufferRegister( b"websocket.flags\0".as_ptr() as *const libc::c_char, ALPROTO_WEBSOCKET, diff --git a/rust/sys/src/sys.rs b/rust/sys/src/sys.rs index 7dc5c9468e..4e42ffb4f2 100644 --- a/rust/sys/src/sys.rs +++ b/rust/sys/src/sys.rs @@ -326,6 +326,10 @@ pub struct SCTransformTableElmt { extern "C" { pub fn SCDetectHelperNewKeywordId() -> ::std::os::raw::c_int; } +extern "C" { + pub fn SCDetectHelperKeywordRegister(kw: *const SCSigTableAppLiteElmt) + -> ::std::os::raw::c_int; +} extern "C" { pub fn SCDetectHelperKeywordAliasRegister( kwid: ::std::os::raw::c_int, alias: *const ::std::os::raw::c_char, diff --git a/src/detect-email.c b/src/detect-email.c index 9679ce2eac..4cc36a4aa5 100644 --- a/src/detect-email.c +++ b/src/detect-email.c @@ -337,7 +337,7 @@ void DetectEmailRegister(void) kw.url = "/rules/email-keywords.html#email.from"; kw.Setup = DetectMimeEmailFromSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectHelperKeywordRegister(&kw); + SCDetectHelperKeywordRegister(&kw); g_mime_email_from_buffer_id = DetectHelperBufferMpmRegister( "email.from", "MIME EMAIL FROM", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailFromData); @@ -346,7 +346,7 @@ void DetectEmailRegister(void) kw.url = "/rules/email-keywords.html#email.subject"; kw.Setup = DetectMimeEmailSubjectSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectHelperKeywordRegister(&kw); + SCDetectHelperKeywordRegister(&kw); g_mime_email_subject_buffer_id = DetectHelperBufferMpmRegister("email.subject", "MIME EMAIL SUBJECT", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailSubjectData); @@ -355,7 +355,7 @@ void DetectEmailRegister(void) kw.url = "/rules/email-keywords.html#email.to"; kw.Setup = DetectMimeEmailToSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectHelperKeywordRegister(&kw); + SCDetectHelperKeywordRegister(&kw); g_mime_email_to_buffer_id = DetectHelperBufferMpmRegister( "email.to", "MIME EMAIL TO", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailToData); @@ -364,7 +364,7 @@ void DetectEmailRegister(void) kw.url = "/rules/email-keywords.html#email.cc"; kw.Setup = DetectMimeEmailCcSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectHelperKeywordRegister(&kw); + SCDetectHelperKeywordRegister(&kw); g_mime_email_cc_buffer_id = DetectHelperBufferMpmRegister( "email.cc", "MIME EMAIL CC", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailCcData); @@ -373,7 +373,7 @@ void DetectEmailRegister(void) kw.url = "/rules/email-keywords.html#email.date"; kw.Setup = DetectMimeEmailDateSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectHelperKeywordRegister(&kw); + SCDetectHelperKeywordRegister(&kw); g_mime_email_date_buffer_id = DetectHelperBufferMpmRegister( "email.date", "MIME EMAIL DATE", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailDateData); @@ -382,7 +382,7 @@ void DetectEmailRegister(void) kw.url = "/rules/email-keywords.html#email.message_id"; kw.Setup = DetectMimeEmailMessageIdSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectHelperKeywordRegister(&kw); + SCDetectHelperKeywordRegister(&kw); g_mime_email_message_id_buffer_id = DetectHelperBufferMpmRegister("email.message_id", "MIME EMAIL Message-Id", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailMessageIdData); @@ -391,7 +391,7 @@ void DetectEmailRegister(void) kw.url = "/rules/email-keywords.html#email.x_mailer"; kw.Setup = DetectMimeEmailXMailerSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectHelperKeywordRegister(&kw); + SCDetectHelperKeywordRegister(&kw); g_mime_email_x_mailer_buffer_id = DetectHelperBufferMpmRegister("email.x_mailer", "MIME EMAIL X-Mailer", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailXMailerData); @@ -400,7 +400,7 @@ void DetectEmailRegister(void) kw.url = "/rules/email-keywords.html#email.url"; kw.Setup = DetectMimeEmailUrlSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectHelperKeywordRegister(&kw); + SCDetectHelperKeywordRegister(&kw); g_mime_email_url_buffer_id = SCDetectHelperMultiBufferMpmRegister( "email.url", "MIME EMAIL URL", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailUrlData); @@ -409,7 +409,7 @@ void DetectEmailRegister(void) kw.url = "/rules/email-keywords.html#email.received"; kw.Setup = DetectMimeEmailReceivedSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectHelperKeywordRegister(&kw); + SCDetectHelperKeywordRegister(&kw); g_mime_email_received_buffer_id = SCDetectHelperMultiBufferMpmRegister("email.received", "MIME EMAIL RECEIVED", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailReceivedData); } diff --git a/src/detect-engine-helper.c b/src/detect-engine-helper.c index ea6610c90a..87af817421 100644 --- a/src/detect-engine-helper.c +++ b/src/detect-engine-helper.c @@ -118,7 +118,7 @@ int SCDetectHelperNewKeywordId(void) return DETECT_TBLSIZE_IDX - 1; } -int DetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw) +int SCDetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw) { int keyword_id = SCDetectHelperNewKeywordId(); if (keyword_id < 0) { diff --git a/src/detect-engine-helper.h b/src/detect-engine-helper.h index 125adfa657..284be45713 100644 --- a/src/detect-engine-helper.h +++ b/src/detect-engine-helper.h @@ -75,7 +75,7 @@ typedef struct SCTransformTableElmt { int SCDetectHelperNewKeywordId(void); -int DetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw); +int SCDetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw); void SCDetectHelperKeywordAliasRegister(int kwid, const char *alias); int SCDetectHelperBufferRegister(const char *name, AppProto alproto, uint8_t direction); diff --git a/src/detect-smtp.c b/src/detect-smtp.c index 23f5b3f763..756640dee8 100644 --- a/src/detect-smtp.c +++ b/src/detect-smtp.c @@ -136,7 +136,7 @@ void SCDetectSMTPRegister(void) kw.url = "/rules/smtp-keywords.html#smtp-helo"; kw.Setup = DetectSmtpHeloSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectHelperKeywordRegister(&kw); + SCDetectHelperKeywordRegister(&kw); g_smtp_helo_buffer_id = DetectHelperBufferMpmRegister( "smtp.helo", "SMTP helo", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpHeloData); @@ -145,7 +145,7 @@ void SCDetectSMTPRegister(void) kw.url = "/rules/smtp-keywords.html#smtp-mail-from"; kw.Setup = DetectSmtpMailFromSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectHelperKeywordRegister(&kw); + SCDetectHelperKeywordRegister(&kw); g_smtp_mail_from_buffer_id = DetectHelperBufferMpmRegister( "smtp.mail_from", "SMTP MAIL FROM", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpMailFromData); @@ -154,7 +154,7 @@ void SCDetectSMTPRegister(void) kw.url = "/rules/smtp-keywords.html#smtp-rcpt-to"; kw.Setup = DetectSmtpRcptToSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectHelperKeywordRegister(&kw); + SCDetectHelperKeywordRegister(&kw); g_smtp_rcpt_to_buffer_id = SCDetectHelperMultiBufferMpmRegister( "smtp.rcpt_to", "SMTP RCPT TO", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpRcptToData); }