diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 28d8b3ee7218..5206f2a5898c 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -21,20 +21,18 @@ jobs: runs-on: ubuntu-latest container: almalinux:9 steps: - - name: Cache rust - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 - with: - path: ~/.cargo - key: check-rust - - name: Install system packages run: | - dnf -y install dnf-plugins-core + dnf -y install dnf-plugins-core epel-release dnf config-manager --set-enabled crb dnf -y install \ autoconf \ automake \ - cargo-vendor \ + bindgen \ + cargo \ + cbindgen \ + clang-devel \ + clippy \ diffutils \ numactl-devel \ dpdk-devel \ @@ -61,21 +59,28 @@ jobs: python3-devel \ python3-sphinx \ python3-yaml \ + rust \ + rustfmt \ sudo \ which \ zlib-devel - - name: Installing Rust - run: | - curl https://sh.rustup.rs -sSf | sh -s -- -y - echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - name: Install cbindgen - run: cargo install --debug cbindgen - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - run: ./scripts/bundle.sh - run: ./autogen.sh - run: ./configure --enable-warnings + - name: Checking bindgen output + working-directory: rust + run: | + bindgen --version + make update-bindings + diff=$(git diff src/_sys.rs) + if [ "${diff}" ]; then + echo "${diff}" + echo "::error ::Bindgen bindings appear to be out of date" + exit 1 + fi - run: cargo clippy --all-features --fix --allow-no-vcs working-directory: rust - run: | diff --git a/configure.ac b/configure.ac index ca964d9039a0..a721e6cebb4c 100644 --- a/configure.ac +++ b/configure.ac @@ -2269,6 +2269,9 @@ fi fi fi + AC_PATH_PROG([BINDGEN], [bindgen], [no]) + AM_CONDITIONAL([HAVE_BINDGEN], [test "x$BINDGEN" != "xno"]) + AC_PATH_PROG(CBINDGEN, cbindgen, "no") if test "x$CBINDGEN" != "xno"; then cbindgen_version=$(cbindgen --version 2>&1 | cut -d' ' -f2-) diff --git a/rust/Makefile.am b/rust/Makefile.am index d53eb97090e1..49af45bc8eb2 100644 --- a/rust/Makefile.am +++ b/rust/Makefile.am @@ -38,12 +38,18 @@ if HAVE_CYGPATH CARGO_ENV = @rustup_home@ \ CARGO_HOME="$(CARGO_HOME)" \ CARGO_TARGET_DIR="$(e_rustdir)/target" \ - SURICATA_LUA_SYS_HEADER_DST="$(e_rustdir)/gen" + SURICATA_LUA_SYS_HEADER_DST="$(e_rustdir)/gen" \ + TOP_BUILDDIR=$(abs_top_builddir) \ + TOP_SRCDIR=$(abs_top_srcdir) \ + RUST_GENDIR=$(e_rustdir)/gen else CARGO_ENV = @rustup_home@ \ CARGO_HOME="$(CARGO_HOME)" \ CARGO_TARGET_DIR="$(abs_top_builddir)/rust/target" \ - SURICATA_LUA_SYS_HEADER_DST="$(abs_top_builddir)/rust/gen" + SURICATA_LUA_SYS_HEADER_DST="$(abs_top_builddir)/rust/gen" \ + TOP_BUILDDIR=$(abs_top_builddir) \ + TOP_SRCDIR=$(abs_top_srcdir) \ + RUST_GENDIR=$(abs_top_builddir)/rust/gen endif all-local: Cargo.toml @@ -75,14 +81,51 @@ clean-local: distclean-local: rm -rf vendor dist +check-bindgen-bindings: +if HAVE_BINDGEN + if test "$(top_srcdir)" = "$(top_builddir)"; then \ + cp src/_sys.rs src/_sys.rs.orig; \ + $(MAKE) update-bindings; \ + if diff src/_sys.rs src/_sys.rs.orig > /dev/null 2>&1; then \ + rm -f src/_sys.rs.orig; \ + else \ + echo "WARNING: bindgen bindings may be out of date"; \ + fi \ + else \ + echo "Not checking bindings for out of tree build"; \ + fi +else + @echo "Unable to check bindgen bindings: bindgen not found" +endif + check: cd $(abs_top_srcdir)/rust && \ $(CARGO_ENV) \ $(CARGO) test --all $(RELEASE) --features "$(RUST_FEATURES)" + $(MAKE) check-bindgen-bindings vendor: $(CARGO_ENV) $(CARGO) vendor +update-bindings: +if HAVE_BINDGEN + $(BINDGEN) \ + -o src/_sys.rs \ + --disable-header-comment \ + --allowlist-type 'SCAppLayerEventType' \ + --rustified-enum 'SCAppLayerEventType' \ + --allowlist-type 'SCAppLayerStateGetEventInfoByIdFn' \ + --allowlist-type 'AppProto' \ + --allowlist-type 'AppProtoEnum' \ + --rustified-enum 'AppProtoEnum' \ + $(abs_top_srcdir)/src/bindgen.h \ + -- \ + -DHAVE_CONFIG_H -I../src $(CPPFLAGS) +else + @echo "error: bindgen not installed, can't update bindings" + exit 1 +endif + if HAVE_CBINDGEN gen/rust-bindings.h: $(RUST_SURICATA_LIB) cd $(abs_top_srcdir)/rust && \ @@ -93,7 +136,10 @@ gen/rust-bindings.h: endif doc: - CARGO_HOME=$(CARGO_HOME) $(CARGO) doc --all-features --no-deps + CARGO_HOME=$(CARGO_HOME) \ + $(CARGO_ENV) \ + SURICATA_LUA_SYS_HEADER_DST="" $(CARGO) doc \ + --all-features --no-deps if HAVE_CBINDGEN dist/rust-bindings.h: diff --git a/rust/derive/src/applayerevent.rs b/rust/derive/src/applayerevent.rs index 1b1a3f86ee9c..52373a497cbb 100644 --- a/rust/derive/src/applayerevent.rs +++ b/rust/derive/src/applayerevent.rs @@ -89,7 +89,7 @@ pub fn derive_app_layer_event(input: TokenStream) -> TokenStream { unsafe extern "C" fn get_event_info( event_name: *const std::os::raw::c_char, event_id: *mut u8, - event_type: *mut #crate_id::core::AppLayerEventType, + event_type: *mut #crate_id::sys::SCAppLayerEventType, ) -> std::os::raw::c_int { #crate_id::applayer::get_event_info::<#name>(event_name, event_id, event_type) } @@ -97,7 +97,7 @@ pub fn derive_app_layer_event(input: TokenStream) -> TokenStream { unsafe extern "C" fn get_event_info_by_id( event_id: u8, event_name: *mut *const std::os::raw::c_char, - event_type: *mut #crate_id::core::AppLayerEventType, + event_type: *mut #crate_id::sys::SCAppLayerEventType, ) -> std::os::raw::c_int { #crate_id::applayer::get_event_info_by_id::<#name>(event_id, event_name, event_type) } diff --git a/rust/src/_sys.rs b/rust/src/_sys.rs new file mode 100644 index 000000000000..31eaeceb1c66 --- /dev/null +++ b/rust/src/_sys.rs @@ -0,0 +1,58 @@ +#[repr(u32)] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum AppProtoEnum { + ALPROTO_UNKNOWN = 0, + ALPROTO_FAILED = 1, + ALPROTO_HTTP1 = 2, + ALPROTO_FTP = 3, + ALPROTO_SMTP = 4, + ALPROTO_TLS = 5, + ALPROTO_SSH = 6, + ALPROTO_IMAP = 7, + ALPROTO_JABBER = 8, + ALPROTO_SMB = 9, + ALPROTO_DCERPC = 10, + ALPROTO_IRC = 11, + ALPROTO_DNS = 12, + ALPROTO_MODBUS = 13, + ALPROTO_ENIP = 14, + ALPROTO_DNP3 = 15, + ALPROTO_NFS = 16, + ALPROTO_NTP = 17, + ALPROTO_FTPDATA = 18, + ALPROTO_TFTP = 19, + ALPROTO_IKE = 20, + ALPROTO_KRB5 = 21, + ALPROTO_QUIC = 22, + ALPROTO_DHCP = 23, + ALPROTO_SNMP = 24, + ALPROTO_SIP = 25, + ALPROTO_RFB = 26, + ALPROTO_MQTT = 27, + ALPROTO_PGSQL = 28, + ALPROTO_TELNET = 29, + ALPROTO_WEBSOCKET = 30, + ALPROTO_LDAP = 31, + ALPROTO_DOH2 = 32, + ALPROTO_TEMPLATE = 33, + ALPROTO_RDP = 34, + ALPROTO_HTTP2 = 35, + ALPROTO_BITTORRENT_DHT = 36, + ALPROTO_POP3 = 37, + ALPROTO_HTTP = 38, + ALPROTO_MAX_STATIC = 39, +} +pub type AppProto = u16; +#[repr(u32)] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum SCAppLayerEventType { + APP_LAYER_EVENT_TYPE_TRANSACTION = 1, + APP_LAYER_EVENT_TYPE_PACKET = 2, +} +pub type SCAppLayerStateGetEventInfoByIdFn = ::std::option::Option< + unsafe extern "C" fn( + event_id: u8, + event_name: *mut *const ::std::os::raw::c_char, + event_type: *mut SCAppLayerEventType, + ) -> ::std::os::raw::c_int, +>; diff --git a/rust/src/applayer.rs b/rust/src/applayer.rs index 048afbe5a7f5..b955cdf5dbdc 100644 --- a/rust/src/applayer.rs +++ b/rust/src/applayer.rs @@ -18,10 +18,11 @@ //! Parser registration functions and common interface module. use std; -use crate::core::{self,DetectEngineState,AppLayerEventType,AppProto}; +use crate::core::{self,DetectEngineState,AppProto}; use crate::direction::Direction; use crate::filecontainer::FileContainer; use crate::flow::Flow; +use crate::sys::SCAppLayerEventType; use std::os::raw::{c_void,c_char,c_int}; use crate::core::SC; use std::ffi::CStr; @@ -387,7 +388,7 @@ pub struct RustParser { /// Function to get an event id from a description pub get_eventinfo: Option, /// Function to get an event description from an event id - pub get_eventinfo_byid: Option, + pub get_eventinfo_byid: crate::sys::SCAppLayerStateGetEventInfoByIdFn, /// Function to allocate local storage pub localstorage_new: Option, @@ -457,8 +458,8 @@ pub type StateTxFreeFn = unsafe extern "C" fn (*mut c_void, u64); pub type StateGetTxFn = unsafe extern "C" fn (*mut c_void, u64) -> *mut c_void; pub type StateGetTxCntFn = unsafe extern "C" fn (*mut c_void) -> u64; pub type StateGetProgressFn = unsafe extern "C" fn (*mut c_void, u8) -> c_int; -pub type GetEventInfoFn = unsafe extern "C" fn (*const c_char, event_id: *mut u8, *mut AppLayerEventType) -> c_int; -pub type GetEventInfoByIdFn = unsafe extern "C" fn (event_id: u8, *mut *const c_char, *mut AppLayerEventType) -> c_int; +pub type GetEventInfoFn = unsafe extern "C" fn (*const c_char, event_id: *mut u8, *mut SCAppLayerEventType) -> c_int; +pub type GetEventInfoByIdFn = unsafe extern "C" fn (event_id: u8, *mut *const c_char, *mut SCAppLayerEventType) -> c_int; pub type LocalStorageNewFn = extern "C" fn () -> *mut c_void; pub type LocalStorageFreeFn = extern "C" fn (*mut c_void); pub type GetTxFilesFn = unsafe extern "C" fn (*mut c_void, u8) -> AppLayerGetFileState; @@ -596,13 +597,13 @@ pub trait AppLayerEvent { unsafe extern "C" fn get_event_info( event_name: *const std::os::raw::c_char, event_id: *mut u8, - event_type: *mut core::AppLayerEventType, + event_type: *mut SCAppLayerEventType, ) -> std::os::raw::c_int; unsafe extern "C" fn get_event_info_by_id( event_id: u8, event_name: *mut *const std::os::raw::c_char, - event_type: *mut core::AppLayerEventType, + event_type: *mut SCAppLayerEventType, ) -> std::os::raw::c_int; } @@ -625,7 +626,7 @@ pub trait AppLayerEvent { pub unsafe fn get_event_info( event_name: *const std::os::raw::c_char, event_id: *mut u8, - event_type: *mut core::AppLayerEventType, + event_type: *mut SCAppLayerEventType, ) -> std::os::raw::c_int { if event_name.is_null() { return -1; @@ -637,7 +638,7 @@ pub unsafe fn get_event_info( return -1; } }; - *event_type = core::AppLayerEventType::APP_LAYER_EVENT_TYPE_TRANSACTION; + *event_type = SCAppLayerEventType::APP_LAYER_EVENT_TYPE_TRANSACTION; *event_id = event; return 0; } @@ -648,11 +649,11 @@ pub unsafe fn get_event_info( pub unsafe fn get_event_info_by_id( event_id: u8, event_name: *mut *const std::os::raw::c_char, - event_type: *mut core::AppLayerEventType, + event_type: *mut SCAppLayerEventType, ) -> std::os::raw::c_int { if let Some(e) = T::from_id(event_id) { *event_name = e.to_cstring().as_ptr() as *const std::os::raw::c_char; - *event_type = core::AppLayerEventType::APP_LAYER_EVENT_TYPE_TRANSACTION; + *event_type = SCAppLayerEventType::APP_LAYER_EVENT_TYPE_TRANSACTION; return 0; } return -1; diff --git a/rust/src/core.rs b/rust/src/core.rs index 7e1094a39e90..4f5699cde0b5 100644 --- a/rust/src/core.rs +++ b/rust/src/core.rs @@ -21,18 +21,12 @@ use std; use crate::filecontainer::*; use crate::flow::Flow; +pub use crate::sys::{AppProto, AppProtoEnum}; + /// Opaque C types. pub enum DetectEngineState {} pub enum AppLayerDecoderEvents {} -#[repr(C)] -#[derive(Debug, PartialEq, Eq, Clone, Copy)] -#[allow(non_camel_case_types)] -pub enum AppLayerEventType { - APP_LAYER_EVENT_TYPE_TRANSACTION = 1, - APP_LAYER_EVENT_TYPE_PACKET = 2, -} - pub const STREAM_START: u8 = 0x01; pub const STREAM_EOF: u8 = 0x02; pub const STREAM_TOSERVER: u8 = 0x04; @@ -41,11 +35,8 @@ pub const STREAM_GAP: u8 = 0x10; pub const STREAM_DEPTH: u8 = 0x20; pub const STREAM_MIDSTREAM:u8 = 0x40; -// Application layer protocol identifiers (app-layer-protos.h) -pub type AppProto = u16; - -pub const ALPROTO_UNKNOWN : AppProto = 0; -pub const ALPROTO_FAILED : AppProto = 1; +pub const ALPROTO_UNKNOWN : AppProto = AppProtoEnum::ALPROTO_UNKNOWN as u16; +pub const ALPROTO_FAILED : AppProto = AppProtoEnum::ALPROTO_FAILED as u16; pub const IPPROTO_TCP : u8 = 6; pub const IPPROTO_UDP : u8 = 17; diff --git a/rust/src/dhcp/dhcp.rs b/rust/src/dhcp/dhcp.rs index 28f6f2613797..61066b890986 100644 --- a/rust/src/dhcp/dhcp.rs +++ b/rust/src/dhcp/dhcp.rs @@ -19,10 +19,11 @@ use crate::applayer::{self, *}; use crate::core::{ALPROTO_UNKNOWN, AppProto, IPPROTO_UDP}; use crate::dhcp::parser::*; use crate::flow::Flow; +use crate::sys::AppProtoEnum; use std; use std::ffi::CString; -pub(super) static mut ALPROTO_DHCP: AppProto = ALPROTO_UNKNOWN; +pub(super) static ALPROTO_DHCP: AppProto = AppProtoEnum::ALPROTO_DHCP as AppProto; static DHCP_MIN_FRAME_LEN: u32 = 232; @@ -305,10 +306,9 @@ pub unsafe extern "C" fn rs_dhcp_register_parser() { let ip_proto_str = CString::new("udp").unwrap(); if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 { - let alproto = AppLayerRegisterProtocolDetection(&parser, 1); - ALPROTO_DHCP = alproto; + AppLayerRegisterProtocolDetection(&parser, 1); if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 { - let _ = AppLayerRegisterParser(&parser, alproto); + let _ = AppLayerRegisterParser(&parser, ALPROTO_DHCP); } } else { SCLogDebug!("Protocol detector and parser disabled for DHCP."); diff --git a/rust/src/ftp/event.rs b/rust/src/ftp/event.rs index cc327369d875..a7edc1688176 100644 --- a/rust/src/ftp/event.rs +++ b/rust/src/ftp/event.rs @@ -15,7 +15,7 @@ * 02110-1301, USA. */ -use crate::core::AppLayerEventType; +use crate::sys::SCAppLayerEventType; use std::os::raw::{c_char, c_int}; #[derive(Debug, PartialEq, Eq, AppLayerEvent)] @@ -33,7 +33,7 @@ pub enum FtpEvent { /// Unsafe as called from C. #[no_mangle] pub unsafe extern "C" fn ftp_get_event_info( - event_name: *const c_char, event_id: *mut u8, event_type: *mut AppLayerEventType, + event_name: *const c_char, event_id: *mut u8, event_type: *mut SCAppLayerEventType, ) -> c_int { crate::applayer::get_event_info::(event_name, event_id, event_type) } @@ -44,7 +44,7 @@ pub unsafe extern "C" fn ftp_get_event_info( /// Unsafe as called from C. #[no_mangle] pub unsafe extern "C" fn ftp_get_event_info_by_id( - event_id: u8, event_name: *mut *const c_char, event_type: *mut AppLayerEventType, + event_id: u8, event_name: *mut *const c_char, event_type: *mut SCAppLayerEventType, ) -> c_int { crate::applayer::get_event_info_by_id::(event_id, event_name, event_type) as c_int } diff --git a/rust/src/lib.rs b/rust/src/lib.rs index f28e4c249ace..37dca552e48c 100644 --- a/rust/src/lib.rs +++ b/rust/src/lib.rs @@ -143,3 +143,7 @@ pub mod direction; #[allow(unused_imports)] pub use suricata_lua_sys; + +// Generated Rust bindings from C. +/// cbindgen:ignore +pub mod sys; diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index 43a44545ad09..4ea2986dfd53 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -57,6 +57,7 @@ use crate::smb::session::*; use crate::smb::events::*; use crate::smb::files::*; use crate::smb::smb2_ioctl::*; +use crate::sys::SCAppLayerEventType; #[derive(AppLayerFrameType)] pub enum SMBFrameType { @@ -2267,7 +2268,7 @@ pub unsafe extern "C" fn rs_smb_get_tx_data( pub unsafe extern "C" fn rs_smb_state_get_event_info_by_id( event_id: u8, event_name: *mut *const std::os::raw::c_char, - event_type: *mut AppLayerEventType, + event_type: *mut SCAppLayerEventType, ) -> std::os::raw::c_int { SMBEvent::get_event_info_by_id(event_id, event_name, event_type) } @@ -2276,7 +2277,7 @@ pub unsafe extern "C" fn rs_smb_state_get_event_info_by_id( pub unsafe extern "C" fn rs_smb_state_get_event_info( event_name: *const std::os::raw::c_char, event_id: *mut u8, - event_type: *mut AppLayerEventType, + event_type: *mut SCAppLayerEventType, ) -> std::os::raw::c_int { SMBEvent::get_event_info(event_name, event_id, event_type) } diff --git a/rust/src/sys.rs b/rust/src/sys.rs new file mode 100644 index 000000000000..35cef07d7c84 --- /dev/null +++ b/rust/src/sys.rs @@ -0,0 +1,21 @@ +/* Copyright (C) 2024 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +// We do this as an include so we can allow non_camel_case_types. +#![allow(non_camel_case_types)] +#![allow(non_snake_case)] +include!("_sys.rs"); diff --git a/src/Makefile.am b/src/Makefile.am index 615816953542..a5c9dfecddd5 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -42,6 +42,7 @@ noinst_HEADERS = \ app-layer-ssh.h \ app-layer-ssl.h \ app-layer-tftp.h \ + app-layer-types.h \ app-layer-imap.h \ build-info.h \ conf.h \ diff --git a/src/app-layer-dnp3.c b/src/app-layer-dnp3.c index a1daf3a2e1a4..5538df98c00b 100644 --- a/src/app-layer-dnp3.c +++ b/src/app-layer-dnp3.c @@ -1434,7 +1434,7 @@ static int DNP3GetAlstateProgress(void *tx, uint8_t direction) * \brief App-layer support. */ static int DNP3StateGetEventInfo( - const char *event_name, uint8_t *event_id, AppLayerEventType *event_type) + const char *event_name, uint8_t *event_id, SCAppLayerEventType *event_type) { if (SCAppLayerGetEventIdByName(event_name, dnp3_decoder_event_table, event_id) == 0) { *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; @@ -1447,7 +1447,7 @@ static int DNP3StateGetEventInfo( * \brief App-layer support. */ static int DNP3StateGetEventInfoById( - uint8_t event_id, const char **event_name, AppLayerEventType *event_type) + uint8_t event_id, const char **event_name, SCAppLayerEventType *event_type) { *event_name = SCMapEnumValueToName(event_id, dnp3_decoder_event_table); if (*event_name == NULL) { diff --git a/src/app-layer-events.c b/src/app-layer-events.c index eb32ea394671..87d72d890c89 100644 --- a/src/app-layer-events.c +++ b/src/app-layer-events.c @@ -23,6 +23,7 @@ */ #include "app-layer-events.h" +#include "rust.h" #include "util-enum.h" int SCAppLayerGetEventIdByName(const char *event_name, SCEnumCharMap *table, uint8_t *event_id) @@ -61,7 +62,7 @@ SCEnumCharMap app_layer_event_pkt_table[ ] = { }; int AppLayerGetEventInfoById( - uint8_t event_id, const char **event_name, AppLayerEventType *event_type) + uint8_t event_id, const char **event_name, SCAppLayerEventType *event_type) { *event_name = SCMapEnumValueToName(event_id, app_layer_event_pkt_table); if (*event_name == NULL) { @@ -165,7 +166,7 @@ SCEnumCharMap det_ctx_event_table[] = { }; int DetectEngineGetEventInfo( - const char *event_name, uint8_t *event_id, AppLayerEventType *event_type) + const char *event_name, uint8_t *event_id, SCAppLayerEventType *event_type) { if (SCAppLayerGetEventIdByName(event_name, det_ctx_event_table, event_id) == 0) { *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; diff --git a/src/app-layer-events.h b/src/app-layer-events.h index 7b4e5e06d075..c33db5db3e26 100644 --- a/src/app-layer-events.h +++ b/src/app-layer-events.h @@ -26,14 +26,14 @@ #define SURICATA_APP_LAYER_EVENTS_H /* contains fwd declaration of AppLayerDecoderEvents_ */ -#include "decode.h" -#include "rust.h" +#include "suricata-common.h" +#include "app-layer-types.h" #include "util-enum.h" /** * \brief Data structure to store app layer decoder events. */ -struct AppLayerDecoderEvents_ { +typedef struct AppLayerDecoderEvents_ { /* array of events */ uint8_t *events; /* number of events in the above buffer */ @@ -42,7 +42,7 @@ struct AppLayerDecoderEvents_ { uint8_t events_buffer_size; /* last logged */ uint8_t event_last_logged; -}; +} AppLayerDecoderEvents; /* app layer pkt level events */ enum { @@ -57,7 +57,7 @@ enum { int AppLayerGetPktEventInfo(const char *event_name, uint8_t *event_id); int AppLayerGetEventInfoById( - uint8_t event_id, const char **event_name, AppLayerEventType *event_type); + uint8_t event_id, const char **event_name, SCAppLayerEventType *event_type); void AppLayerDecoderEventsSetEventRaw(AppLayerDecoderEvents **sevents, uint8_t event); static inline int AppLayerDecoderEventsIsEventSet( @@ -78,7 +78,7 @@ static inline int AppLayerDecoderEventsIsEventSet( void AppLayerDecoderEventsResetEvents(AppLayerDecoderEvents *events); void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events); int DetectEngineGetEventInfo( - const char *event_name, uint8_t *event_id, AppLayerEventType *event_type); + const char *event_name, uint8_t *event_id, SCAppLayerEventType *event_type); int SCAppLayerGetEventIdByName(const char *event_name, SCEnumCharMap *table, uint8_t *event_id); #endif /* SURICATA_APP_LAYER_EVENTS_H */ diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index 2448c2b2722c..7524962bb8f5 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -2728,7 +2728,7 @@ void *HtpGetTxForH2(void *alstate) } static int HTPStateGetEventInfo( - const char *event_name, uint8_t *event_id, AppLayerEventType *event_type) + const char *event_name, uint8_t *event_id, SCAppLayerEventType *event_type) { if (SCAppLayerGetEventIdByName(event_name, http_decoder_event_table, event_id) == 0) { *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; @@ -2738,7 +2738,7 @@ static int HTPStateGetEventInfo( } static int HTPStateGetEventInfoById( - uint8_t event_id, const char **event_name, AppLayerEventType *event_type) + uint8_t event_id, const char **event_name, SCAppLayerEventType *event_type) { *event_name = SCMapEnumValueToName(event_id, http_decoder_event_table); if (*event_name == NULL) { diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 6285b67d256c..eb982e98f26d 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -94,9 +94,9 @@ typedef struct AppLayerParserProtoCtx_ int complete_ts; int complete_tc; int (*StateGetEventInfoById)( - uint8_t event_id, const char **event_name, AppLayerEventType *event_type); + uint8_t event_id, const char **event_name, SCAppLayerEventType *event_type); int (*StateGetEventInfo)( - const char *event_name, uint8_t *event_id, AppLayerEventType *event_type); + const char *event_name, uint8_t *event_id, SCAppLayerEventType *event_type); AppLayerStateData *(*GetStateData)(void *state); AppLayerTxData *(*GetTxData)(void *tx); @@ -535,9 +535,8 @@ void AppLayerParserRegisterStateProgressCompletionStatus( alp_ctx.ctxs[alproto][FLOW_PROTO_DEFAULT].complete_tc = tc; } -void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, - int (*StateGetEventInfoById)( - uint8_t event_id, const char **event_name, AppLayerEventType *event_type)) +void AppLayerParserRegisterGetEventInfoById( + uint8_t ipproto, AppProto alproto, SCAppLayerStateGetEventInfoByIdFn StateGetEventInfoById) { SCEnter(); @@ -559,7 +558,7 @@ void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int (*StateGetEventInfo)( - const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)) + const char *event_name, uint8_t *event_id, SCAppLayerEventType *event_type)) { SCEnter(); @@ -1105,7 +1104,7 @@ int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto, } int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name, - uint8_t *event_id, AppLayerEventType *event_type) + uint8_t *event_id, SCAppLayerEventType *event_type) { SCEnter(); const int ipproto_map = FlowGetProtoMapping(ipproto); @@ -1117,7 +1116,7 @@ int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *ev } int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, uint8_t event_id, - const char **event_name, AppLayerEventType *event_type) + const char **event_name, SCAppLayerEventType *event_type) { SCEnter(); const int ipproto_map = FlowGetProtoMapping(ipproto); diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index d233edf9eb1f..1e6d77fe98cd 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -197,10 +197,10 @@ void AppLayerParserRegisterStateProgressCompletionStatus( AppProto alproto, const int ts, const int tc); void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int (*StateGetEventInfo)( - const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)); + const char *event_name, uint8_t *event_id, SCAppLayerEventType *event_type)); void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int (*StateGetEventInfoById)( - uint8_t event_id, const char **event_name, AppLayerEventType *event_type)); + uint8_t event_id, const char **event_name, SCAppLayerEventType *event_type)); void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetFrameIdByName, AppLayerParserGetFrameNameByIdFn GetFrameNameById); @@ -240,9 +240,9 @@ uint64_t AppLayerParserGetTxCnt(const Flow *, void *alstate); void *AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id); int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto, uint8_t direction); int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name, - uint8_t *event_id, AppLayerEventType *event_type); + uint8_t *event_id, SCAppLayerEventType *event_type); int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, uint8_t event_id, - const char **event_name, AppLayerEventType *event_type); + const char **event_name, SCAppLayerEventType *event_type); uint64_t AppLayerParserGetTransactionActive(const Flow *f, AppLayerParserState *pstate, uint8_t direction); diff --git a/src/app-layer-protos.h b/src/app-layer-protos.h index 813e58f13d3b..a2e1f7374289 100644 --- a/src/app-layer-protos.h +++ b/src/app-layer-protos.h @@ -25,6 +25,8 @@ #ifndef SURICATA_APP_LAYER_PROTOS_H #define SURICATA_APP_LAYER_PROTOS_H +#include "suricata-common.h" + enum AppProtoEnum { ALPROTO_UNKNOWN = 0, /* used by the probing parser when alproto detection fails diff --git a/src/app-layer-register.h b/src/app-layer-register.h index 6f489c73e248..76b9d9b1549e 100644 --- a/src/app-layer-register.h +++ b/src/app-layer-register.h @@ -52,9 +52,9 @@ typedef struct AppLayerParser { int (*StateGetProgress)(void *alstate, uint8_t direction); int (*StateGetEventInfo)( - const char *event_name, uint8_t *event_id, AppLayerEventType *event_type); + const char *event_name, uint8_t *event_id, SCAppLayerEventType *event_type); int (*StateGetEventInfoById)( - uint8_t event_id, const char **event_name, AppLayerEventType *event_type); + uint8_t event_id, const char **event_name, SCAppLayerEventType *event_type); void *(*LocalStorageAlloc)(void); void (*LocalStorageFree)(void *); diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index b2bf22a53145..6243cbabaee2 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -1649,7 +1649,7 @@ static void SMTPFreeMpmState(void) } static int SMTPStateGetEventInfo( - const char *event_name, uint8_t *event_id, AppLayerEventType *event_type) + const char *event_name, uint8_t *event_id, SCAppLayerEventType *event_type) { if (SCAppLayerGetEventIdByName(event_name, smtp_decoder_event_table, event_id) == 0) { *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; @@ -1659,7 +1659,7 @@ static int SMTPStateGetEventInfo( } static int SMTPStateGetEventInfoById( - uint8_t event_id, const char **event_name, AppLayerEventType *event_type) + uint8_t event_id, const char **event_name, SCAppLayerEventType *event_type) { *event_name = SCMapEnumValueToName(event_id, smtp_decoder_event_table); if (*event_name == NULL) { diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index e387c6cc46c4..4a5cb286524e 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -2983,7 +2983,7 @@ static const char *SSLStateGetFrameNameById(const uint8_t frame_id) } static int SSLStateGetEventInfo( - const char *event_name, uint8_t *event_id, AppLayerEventType *event_type) + const char *event_name, uint8_t *event_id, SCAppLayerEventType *event_type) { if (SCAppLayerGetEventIdByName(event_name, tls_decoder_event_table, event_id) == 0) { *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; @@ -2993,7 +2993,7 @@ static int SSLStateGetEventInfo( } static int SSLStateGetEventInfoById( - uint8_t event_id, const char **event_name, AppLayerEventType *event_type) + uint8_t event_id, const char **event_name, SCAppLayerEventType *event_type) { *event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table); if (*event_name == NULL) { diff --git a/src/app-layer-tftp.c b/src/app-layer-tftp.c index 4a9b41176af2..caa23c5c23ba 100644 --- a/src/app-layer-tftp.c +++ b/src/app-layer-tftp.c @@ -63,7 +63,7 @@ static void TFTPStateTxFree(void *state, uint64_t tx_id) } static int TFTPStateGetEventInfo( - const char *event_name, uint8_t *event_id, AppLayerEventType *event_type) + const char *event_name, uint8_t *event_id, SCAppLayerEventType *event_type) { return -1; } diff --git a/src/app-layer-types.h b/src/app-layer-types.h new file mode 100644 index 000000000000..08f8ed526f67 --- /dev/null +++ b/src/app-layer-types.h @@ -0,0 +1,31 @@ +/* Copyright (C) 2024 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +#ifndef SURICATA_APP_LAYER_TYPES_H +#define SURICATA_APP_LAYER_TYPES_H + +#include + +typedef enum SCAppLayerEventType { + APP_LAYER_EVENT_TYPE_TRANSACTION = 1, + APP_LAYER_EVENT_TYPE_PACKET = 2, +} SCAppLayerEventType; + +typedef int (*SCAppLayerStateGetEventInfoByIdFn)( + uint8_t event_id, const char **event_name, SCAppLayerEventType *event_type); + +#endif /* !SURICATA_APP_LAYER_TYPES_H */ diff --git a/src/bindgen.h b/src/bindgen.h new file mode 100644 index 000000000000..ac7c36c8a055 --- /dev/null +++ b/src/bindgen.h @@ -0,0 +1,35 @@ +/* Copyright (C) 2017 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file Input to bindgen to generate Rust bindings. + * + * This file should include every header that should have Rust + * bindings generated for it. It is then used by bindgen to generate + * the Rust bindings. + */ + +#ifndef SURICATA_BINDGEN_H +#define SURICATA_BINDGEN_H + +#include +#include + +#include "app-layer-protos.h" +#include "app-layer-events.h" + +#endif diff --git a/src/decode.h b/src/decode.h index 1b299864a7c0..e7893f50c0ce 100644 --- a/src/decode.h +++ b/src/decode.h @@ -94,16 +94,14 @@ enum PktSrcEnum { #include "util-validate.h" +#include "app-layer-events.h" + /* forward declarations */ struct DetectionEngineThreadCtx_; typedef struct AppLayerThreadCtx_ AppLayerThreadCtx; struct PktPool_; -/* declare these here as they are called from the - * PACKET_RECYCLE and PACKET_CLEANUP macro's. */ -typedef struct AppLayerDecoderEvents_ AppLayerDecoderEvents; - /* Address */ typedef struct Address_ { char family; diff --git a/src/detect-app-layer-event.c b/src/detect-app-layer-event.c index 8dd9229f074e..a48def98ab77 100644 --- a/src/detect-app-layer-event.c +++ b/src/detect-app-layer-event.c @@ -141,8 +141,8 @@ static int DetectAppLayerEventPktMatch(DetectEngineThreadCtx *det_ctx, aled->event_id); } -static DetectAppLayerEventData *DetectAppLayerEventParsePkt(const char *arg, - AppLayerEventType *event_type) +static DetectAppLayerEventData *DetectAppLayerEventParsePkt( + const char *arg, SCAppLayerEventType *event_type) { uint8_t event_id = 0; if (AppLayerGetPktEventInfo(arg, &event_id) != 0) { @@ -193,7 +193,7 @@ static int DetectAppLayerEventSetup(DetectEngineCtx *de_ctx, Signature *s, const while (*arg != '\0' && isspace((unsigned char)*arg)) arg++; - AppLayerEventType event_type; + SCAppLayerEventType event_type; DetectAppLayerEventData *data = NULL; if (strchr(arg, '.') == NULL) { diff --git a/src/output-json-anomaly.c b/src/output-json-anomaly.c index 00f82fa3685e..ae8faf9a3503 100644 --- a/src/output-json-anomaly.c +++ b/src/output-json-anomaly.c @@ -181,7 +181,7 @@ static int AnomalyAppLayerDecoderEventJson(ThreadVars *tv, JsonAnomalyLogThread const char *event_name = NULL; uint8_t event_code = decoder_events->events[i]; - AppLayerEventType event_type; + SCAppLayerEventType event_type; int r; if (is_pktlayer) { r = AppLayerGetEventInfoById(event_code, &event_name, &event_type); diff --git a/src/rust.h b/src/rust.h index 03cff24c8d26..251254e351a1 100644 --- a/src/rust.h +++ b/src/rust.h @@ -21,6 +21,8 @@ // hack for include orders cf SCSha256 typedef struct HttpRangeContainerBlock HttpRangeContainerBlock; #include "rust-context.h" +#include "app-layer-events.h" +#include "app-layer-types.h" #include "rust-bindings.h" #define JB_SET_STRING(jb, key, val) jb_set_formatted((jb), "\"" key "\":\"" val "\"")