detect/mqtt: convert to v2 inspect API

4 years ago · 2320d62872
parent 5611f9ddbd
commit 2320d62872
7 changed files with 77 additions and 112 deletions
--- a/src/detect-mqtt-connack-sessionpresent.c
+++ b/src/detect-mqtt-connack-sessionpresent.c
@ -45,11 +45,9 @@ static int DetectMQTTConnackSessionPresentSetup (DetectEngineCtx *, Signature *,
 void MQTTConnackSessionPresentRegisterTests(void);
 void DetectMQTTConnackSessionPresentFree(DetectEngineCtx *de_ctx, void *);

-static int DetectEngineInspectMQTTConnackSessionPresentGeneric(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *txv, uint64_t tx_id);
+static int DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);

 /**
 * \brief Registration function for mqtt.connack.session_present: keyword
@ -68,21 +66,18 @@ void DetectMQTTConnackSessionPresentRegister (void)

    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);

-    DetectAppLayerInspectEngineRegister("mqtt.connack.session_present",
-            ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
-            DetectEngineInspectMQTTConnackSessionPresentGeneric);
+    DetectAppLayerInspectEngineRegister2("mqtt.connack.session_present", ALPROTO_MQTT,
+            SIG_FLAG_TOSERVER, 1, DetectEngineInspectMQTTConnackSessionPresentGeneric, NULL);

    mqtt_connack_session_present_id = DetectBufferTypeGetByName("mqtt.connack.session_present");
 }

-static int DetectEngineInspectMQTTConnackSessionPresentGeneric(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *txv, uint64_t tx_id)
+static int DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
-    return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd,
-                                          f, flags, alstate, txv, tx_id);
+    return DetectEngineInspectGenericList(
+            NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }

 /**
@ -315,4 +310,4 @@ void MQTTConnackSessionPresentRegisterTests(void)
    UtRegisterTest("MQTTConnackSessionPresentTestParse03", MQTTConnackSessionPresentTestParse03);
    UtRegisterTest("MQTTConnackSessionPresentTestParse04", MQTTConnackSessionPresentTestParse04);
 #endif /* UNITTESTS */
-}
+}
--- a/src/detect-mqtt-connect-flags.c
+++ b/src/detect-mqtt-connect-flags.c
@ -45,11 +45,9 @@ static int DetectMQTTConnectFlagsSetup (DetectEngineCtx *, Signature *, const ch
 void MQTTConnectFlagsRegisterTests(void);
 void DetectMQTTConnectFlagsFree(DetectEngineCtx *de_ctx, void *);

-static int DetectEngineInspectMQTTConnectFlagsGeneric(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *txv, uint64_t tx_id);
+static int DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);

 typedef struct DetectMQTTConnectFlagsData_ {
    MQTTFlagState username,
@ -76,21 +74,18 @@ void DetectMQTTConnectFlagsRegister (void)

    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);

-    DetectAppLayerInspectEngineRegister("mqtt.connect.flags",
-            ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
-            DetectEngineInspectMQTTConnectFlagsGeneric);
+    DetectAppLayerInspectEngineRegister2("mqtt.connect.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
+            DetectEngineInspectMQTTConnectFlagsGeneric, NULL);

    mqtt_connect_flags_id = DetectBufferTypeGetByName("mqtt.connect.flags");
 }

-static int DetectEngineInspectMQTTConnectFlagsGeneric(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *txv, uint64_t tx_id)
+static int DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
-    return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd,
-                                          f, flags, alstate, txv, tx_id);
+    return DetectEngineInspectGenericList(
+            NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }

 /**
@ -403,4 +398,4 @@ void MQTTConnectFlagsRegisterTests(void)
    UtRegisterTest("MQTTConnectFlagsTestParse04", MQTTConnectFlagsTestParse04);
    UtRegisterTest("MQTTConnectFlagsTestParse05", MQTTConnectFlagsTestParse05);
 #endif /* UNITTESTS */
-}
+}
--- a/src/detect-mqtt-flags.c
+++ b/src/detect-mqtt-flags.c
@ -45,11 +45,9 @@ static int DetectMQTTFlagsSetup (DetectEngineCtx *, Signature *, const char *);
 void MQTTFlagsRegisterTests(void);
 void DetectMQTTFlagsFree(DetectEngineCtx *de_ctx, void *);

-static int DetectEngineInspectMQTTFlagsGeneric(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *txv, uint64_t tx_id);
+static int DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);

 typedef struct DetectMQTTFlagsData_ {
    MQTTFlagState retain, dup;
@ -72,21 +70,18 @@ void DetectMQTTFlagsRegister (void)

    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);

-    DetectAppLayerInspectEngineRegister("mqtt.flags",
-            ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
-            DetectEngineInspectMQTTFlagsGeneric);
+    DetectAppLayerInspectEngineRegister2("mqtt.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
+            DetectEngineInspectMQTTFlagsGeneric, NULL);

    mqtt_flags_id = DetectBufferTypeGetByName("mqtt.flags");
 }

-static int DetectEngineInspectMQTTFlagsGeneric(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *txv, uint64_t tx_id)
+static int DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
-    return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd,
-                                          f, flags, alstate, txv, tx_id);
+    return DetectEngineInspectGenericList(
+            NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }

 /**
@ -373,4 +368,4 @@ void MQTTFlagsRegisterTests(void)
    UtRegisterTest("MQTTFlagsTestParse04", MQTTFlagsTestParse04);
    UtRegisterTest("MQTTFlagsTestParse05", MQTTFlagsTestParse05);
 #endif /* UNITTESTS */
-}
+}
--- a/src/detect-mqtt-protocol-version.c
+++ b/src/detect-mqtt-protocol-version.c
@ -44,11 +44,9 @@ static int DetectMQTTProtocolVersionSetup (DetectEngineCtx *, Signature *, const
 void MQTTProtocolVersionRegisterTests(void);
 void DetectMQTTProtocolVersionFree(DetectEngineCtx *de_ctx, void *);

-static int DetectEngineInspectMQTTProtocolVersionGeneric(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *txv, uint64_t tx_id);
+static int DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);

 /**
 * \brief Registration function for mqtt.protocol_version: keyword
@ -65,21 +63,18 @@ void DetectMQTTProtocolVersionRegister (void)
    sigmatch_table[DETECT_AL_MQTT_PROTOCOL_VERSION].RegisterTests = MQTTProtocolVersionRegisterTests;
 #endif

-    DetectAppLayerInspectEngineRegister("mqtt.protocol_version",
-            ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
-            DetectEngineInspectMQTTProtocolVersionGeneric);
+    DetectAppLayerInspectEngineRegister2("mqtt.protocol_version", ALPROTO_MQTT, SIG_FLAG_TOSERVER,
+            1, DetectEngineInspectMQTTProtocolVersionGeneric, NULL);

    mqtt_protocol_version_id = DetectBufferTypeGetByName("mqtt.protocol_version");
 }

-static int DetectEngineInspectMQTTProtocolVersionGeneric(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *txv, uint64_t tx_id)
+static int DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
-    return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd,
-                                          f, flags, alstate, txv, tx_id);
+    return DetectEngineInspectGenericList(
+            NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }

 /**
@ -270,4 +265,4 @@ void MQTTProtocolVersionRegisterTests(void)
    UtRegisterTest("MQTTProtocolVersionTestParse03", MQTTProtocolVersionTestParse03);
    UtRegisterTest("MQTTProtocolVersionTestParse04", MQTTProtocolVersionTestParse04);
 #endif /* UNITTESTS */
-}
+}
--- a/src/detect-mqtt-qos.c
+++ b/src/detect-mqtt-qos.c
@ -43,11 +43,9 @@ static int DetectMQTTQosSetup (DetectEngineCtx *, Signature *, const char *);
 void MQTTQosRegisterTests(void);
 void DetectMQTTQosFree(DetectEngineCtx *de_ctx, void *);

-static int DetectEngineInspectMQTTQosGeneric(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *txv, uint64_t tx_id);
+static int DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);

 /**
 * \brief Registration function for mqtt.qos: keyword
@ -64,21 +62,18 @@ void DetectMQTTQosRegister (void)
    sigmatch_table[DETECT_AL_MQTT_QOS].RegisterTests = MQTTQosRegisterTests;
 #endif

-    DetectAppLayerInspectEngineRegister("mqtt.qos",
-            ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
-            DetectEngineInspectMQTTQosGeneric);
+    DetectAppLayerInspectEngineRegister2("mqtt.qos", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
+            DetectEngineInspectMQTTQosGeneric, NULL);

    mqtt_qos_id = DetectBufferTypeGetByName("mqtt.qos");
 }

-static int DetectEngineInspectMQTTQosGeneric(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *txv, uint64_t tx_id)
+static int DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
-    return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd,
-                                          f, flags, alstate, txv, tx_id);
+    return DetectEngineInspectGenericList(
+            NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }

 /**
@ -279,4 +274,4 @@ void MQTTQosRegisterTests(void)
    UtRegisterTest("MQTTQosTestParse02", MQTTQosTestParse02);
    UtRegisterTest("MQTTQosTestParse03", MQTTQosTestParse03);
 #endif /* UNITTESTS */
-}
+}
--- a/src/detect-mqtt-reason-code.c
+++ b/src/detect-mqtt-reason-code.c
@ -46,11 +46,9 @@ static int DetectMQTTReasonCodeSetup (DetectEngineCtx *, Signature *, const char
 void MQTTReasonCodeRegisterTests(void);
 void DetectMQTTReasonCodeFree(DetectEngineCtx *de_ctx, void *);

-static int DetectEngineInspectMQTTReasonCodeGeneric(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *txv, uint64_t tx_id);
+static int DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);

 /**
 * \brief Registration function for mqtt.reason_code: keyword
@ -70,21 +68,18 @@ void DetectMQTTReasonCodeRegister (void)

    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);

-    DetectAppLayerInspectEngineRegister("mqtt.reason_code",
-            ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
-            DetectEngineInspectMQTTReasonCodeGeneric);
+    DetectAppLayerInspectEngineRegister2("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
+            DetectEngineInspectMQTTReasonCodeGeneric, NULL);

    mqtt_reason_code_id = DetectBufferTypeGetByName("mqtt.reason_code");
 }

-static int DetectEngineInspectMQTTReasonCodeGeneric(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *txv, uint64_t tx_id)
+static int DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
-    return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd,
-                                          f, flags, alstate, txv, tx_id);
+    return DetectEngineInspectGenericList(
+            NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }

 /**
@ -315,4 +310,4 @@ void MQTTReasonCodeRegisterTests(void)
    UtRegisterTest("MQTTReasonCodeTestParse03", MQTTReasonCodeTestParse03);
    UtRegisterTest("MQTTReasonCodeTestParse04", MQTTReasonCodeTestParse04);
 #endif /* UNITTESTS */
-}
+}
--- a/src/detect-mqtt-type.c
+++ b/src/detect-mqtt-type.c
@ -42,11 +42,9 @@ static int DetectMQTTTypeSetup (DetectEngineCtx *, Signature *, const char *);
 void MQTTTypeRegisterTests(void);
 void DetectMQTTTypeFree(DetectEngineCtx *de_ctx, void *);

-static int DetectEngineInspectMQTTTypeGeneric(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *txv, uint64_t tx_id);
+static int DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);

 /**
 * \brief Registration function for ipopts: keyword
@ -63,21 +61,18 @@ void DetectMQTTTypeRegister (void)
    sigmatch_table[DETECT_AL_MQTT_TYPE].RegisterTests = MQTTTypeRegisterTests;
 #endif

-    DetectAppLayerInspectEngineRegister("mqtt.type",
-            ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
-            DetectEngineInspectMQTTTypeGeneric);
+    DetectAppLayerInspectEngineRegister2("mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
+            DetectEngineInspectMQTTTypeGeneric, NULL);

    mqtt_type_id = DetectBufferTypeGetByName("mqtt.type");
 }

-static int DetectEngineInspectMQTTTypeGeneric(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *txv, uint64_t tx_id)
+static int DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
-    return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd,
-                                          f, flags, alstate, txv, tx_id);
+    return DetectEngineInspectGenericList(
+            NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }

 /**
@ -277,4 +272,4 @@ void MQTTTypeRegisterTests(void)
    UtRegisterTest("MQTTTypeTestParse02", MQTTTypeTestParse02);
    UtRegisterTest("MQTTTypeTestParse03", MQTTTypeTestParse03);
 #endif /* UNITTESTS */
-}
+}