template: move detect keywords to pure rust

Ticket: 3195 Also remove unused src/tests/detect-template-buffer.c Completes commit 4a7567b to remove references to template-rust
ntop · Oct 12, 2024 · 96c8470 · 96c8470
1 parent 87e6e93
commit 96c8470
Show file tree

Hide file tree

Showing 10 changed files with 131 additions and 420 deletions.
diff --git a/rust/src/applayertemplate/detect.rs b/rust/src/applayertemplate/detect.rs
@@ -0,0 +1,111 @@
+/* Copyright (C) 2024 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+use super::template::{TemplateTransaction, ALPROTO_TEMPLATE};
+/* TEMPLATE_START_REMOVE */
+use crate::conf::conf_get_node;
+/* TEMPLATE_END_REMOVE */
+use crate::core::Direction;
+use crate::detect::{
+    DetectBufferSetActiveList, DetectHelperBufferMpmRegister, DetectHelperGetData,
+    DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableElmt,
+    SIGMATCH_INFO_STICKY_BUFFER, SIGMATCH_NOOPT,
+};
+use std::os::raw::{c_int, c_void};
+
+static mut G_TEMPLATE_BUFFER_BUFFER_ID: c_int = 0;
+
+unsafe extern "C" fn template_buffer_setup(
+    de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+) -> c_int {
+    if DetectSignatureSetAppProto(s, ALPROTO_TEMPLATE) != 0 {
+        return -1;
+    }
+    if DetectBufferSetActiveList(de, s, G_TEMPLATE_BUFFER_BUFFER_ID) < 0 {
+        return -1;
+    }
+    return 0;
+}
+
+/// Get the request/response buffer for a transaction from C.
+unsafe extern "C" fn template_buffer_get_data(
+    tx: *const c_void, flags: u8, buf: *mut *const u8, len: *mut u32,
+) -> bool {
+    let tx = cast_pointer!(tx, TemplateTransaction);
+    if flags & Direction::ToClient as u8 != 0 {
+        if let Some(ref response) = tx.response {
+            if !response.is_empty() {
+                *len = response.len() as u32;
+                *buf = response.as_ptr();
+                return true;
+            }
+        }
+    } else if let Some(ref request) = tx.request {
+        if !request.is_empty() {
+            *len = request.len() as u32;
+            *buf = request.as_ptr();
+            return true;
+        }
+    }
+    return false;
+}
+
+unsafe extern "C" fn template_buffer_get(
+    de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
+    tx: *const c_void, list_id: c_int,
+) -> *mut c_void {
+    return DetectHelperGetData(
+        de,
+        transforms,
+        flow,
+        flow_flags,
+        tx,
+        list_id,
+        template_buffer_get_data,
+    );
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn ScDetectTemplateRegister() {
+    /* TEMPLATE_START_REMOVE */
+    if conf_get_node("app-layer.protocols.template").is_none() {
+        return;
+    }
+    /* TEMPLATE_END_REMOVE */
+    // TODO create a suricata-verify test
+    // Setup a keyword structure and register it
+    let kw = SCSigTableElmt {
+        name: b"template.buffer\0".as_ptr() as *const libc::c_char,
+        desc: b"Template content modifier to match on the template buffer\0".as_ptr()
+            as *const libc::c_char,
+        // TODO use the right anchor for url and write doc
+        url: b"/rules/template-keywords.html#buffer\0".as_ptr() as *const libc::c_char,
+        Setup: template_buffer_setup,
+        flags: SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER,
+        AppLayerTxMatch: None,
+        Free: None,
+    };
+    let _g_template_buffer_kw_id = DetectHelperKeywordRegister(&kw);
+    G_TEMPLATE_BUFFER_BUFFER_ID = DetectHelperBufferMpmRegister(
+        b"template.buffer\0".as_ptr() as *const libc::c_char,
+        b"template.buffer intern description\0".as_ptr() as *const libc::c_char,
+        ALPROTO_TEMPLATE,
+        true, //toclient
+        true, //toserver
+        template_buffer_get,
+    );
+}
diff --git a/rust/src/applayertemplate/mod.rs b/rust/src/applayertemplate/mod.rs
@@ -21,4 +21,5 @@ mod parser;
 pub mod template;
 /* TEMPLATE_START_REMOVE */
 pub mod logger;
+pub mod detect;
 /* TEMPLATE_END_REMOVE */
diff --git a/rust/src/applayertemplate/template.rs b/rust/src/applayertemplate/template.rs
@@ -27,7 +27,7 @@ use std::os::raw::{c_char, c_int, c_void};
 
 static mut TEMPLATE_MAX_TX: usize = 256;
 
-static mut ALPROTO_TEMPLATE: AppProto = ALPROTO_UNKNOWN;
+pub(super) static mut ALPROTO_TEMPLATE: AppProto = ALPROTO_UNKNOWN;
 
 #[derive(AppLayerEvent)]
 enum TemplateEvent {
@@ -347,41 +347,6 @@ unsafe extern "C" fn rs_template_tx_get_alstate_progress(tx: *mut c_void, _direc
     return 0;
 }
 
-/// Get the request buffer for a transaction from C.
-///
-/// No required for parsing, but an example function for retrieving a
-/// pointer to the request buffer from C for detection.
-#[no_mangle]
-pub unsafe extern "C" fn rs_template_get_request_buffer(
-    tx: *mut c_void, buf: *mut *const u8, len: *mut u32,
-) -> u8 {
-    let tx = cast_pointer!(tx, TemplateTransaction);
-    if let Some(ref request) = tx.request {
-        if !request.is_empty() {
-            *len = request.len() as u32;
-            *buf = request.as_ptr();
-            return 1;
-        }
-    }
-    return 0;
-}
-
-/// Get the response buffer for a transaction from C.
-#[no_mangle]
-pub unsafe extern "C" fn rs_template_get_response_buffer(
-    tx: *mut c_void, buf: *mut *const u8, len: *mut u32,
-) -> u8 {
-    let tx = cast_pointer!(tx, TemplateTransaction);
-    if let Some(ref response) = tx.response {
-        if !response.is_empty() {
-            *len = response.len() as u32;
-            *buf = response.as_ptr();
-            return 1;
-        }
-    }
-    return 0;
-}
-
 export_tx_data_get!(rs_template_get_tx_data, TemplateTransaction);
 export_state_data_get!(rs_template_get_state_data, TemplateState);
 

diff --git a/scripts/setup-app-layer.py b/scripts/setup-app-layer.py
@@ -101,7 +101,8 @@ def patch_rust_lib_rs(protoname):
             output.write(line)
     open(filename, "w").write(output.getvalue())
 
-def patch_rust_applayer_mod_rs(protoname):
+# arg is the name of the new module to add
+def patch_rust_applayer_mod_rs(protoname, arg):
     lower = protoname.lower()
     filename = "rust/src/applayer%s/mod.rs" % (lower)
     print("Patching %s." % (filename))
@@ -110,7 +111,7 @@ def patch_rust_applayer_mod_rs(protoname):
     with open(filename) as infile:
         for line in infile:
             if not done and line.find("mod parser") > -1:
-                output.write("pub mod logger;\n")
+                output.write("pub mod %s;\n" % arg)
                 done = True
             output.write(line)
     open(filename, "w").write(output.getvalue())
@@ -234,68 +235,32 @@ def detect_copy_templates(proto, buffername):
     buffername_lower = buffername.lower()
 
     pairs = (
-        ("src/detect-template-rust-buffer.h",
-         "src/detect-%s-%s.h" % (lower, buffername_lower)),
-        ("src/detect-template-rust-buffer.c",
-         "src/detect-%s-%s.c" % (lower, buffername_lower)),
+        ("rust/src/applayertemplate/detect.rs",
+         "rust/src/applayer%s/detect.rs" % (lower)),
     )
     replacements = (
-        ("TEMPLATE_RUST_BUFFER", "%s_%s" % (
+        ("TEMPLATE_BUFFER", "%s_%s" % (
             proto.upper(), buffername.upper())),
-        ("template-rust-buffer", "%s-%s" % (
+        ("template.buffer", "%s.%s" % (
             proto.lower(), buffername.lower())),
-        ("template_rust_buffer", "%s_%s" % (
+        ("template_buffer", "%s_%s" % (
             proto.lower(), buffername.lower())),
-        ("TemplateRustBuffer", "%s%s" % (proto, buffername)),
     )
 
     common_copy_templates(proto, pairs, replacements)
 
-def detect_patch_makefile_am(protoname, buffername):
-    filename = "src/Makefile.am"
-    print("Patching %s." % (filename))
-    output = io.StringIO()
-    with open(filename) as infile:
-        for line in infile:
-            if line.lstrip().startswith("detect-template-buffer."):
-                new = line.replace("template-buffer", "%s-%s" % (
-                    protoname.lower(), buffername.lower()))
-                output.write(new)
-            output.write(line)
-    open(filename, "w").write(output.getvalue())
-
-def detect_patch_detect_engine_register_c(protoname, buffername):
+def detect_patch_detect_engine_register_c(protoname):
     filename = "src/detect-engine-register.c"
     print("Patching %s." % (filename))
     output = io.StringIO()
     with open(filename) as infile:
         for line in infile:
-
-            if line.find("detect-template-buffer.h") > -1:
-                new = line.replace("template-buffer", "%s-%s" % (
-                    protoname.lower(), buffername.lower()))
-                output.write(new)
-
-            if line.find("DetectTemplateBufferRegister") > -1:
-                new = line.replace("TemplateBuffer", "%s%s" % (
-                    protoname, buffername))
-                output.write(new)
-
-            output.write(line)
-    open(filename, "w").write(output.getvalue())
-
-def detect_patch_detect_engine_register_h(protoname, buffername):
-    filename = "src/detect-engine-register.h"
-    print("Patching %s." % (filename))
-    output = io.StringIO()
-    with open(filename) as infile:
-        for line in infile:
-
-            if line.find("DETECT_AL_TEMPLATE_BUFFER") > -1:
-                new = line.replace("TEMPLATE_BUFFER", "%s_%s" % (
-                    protoname.upper(), buffername.upper()))
+            if line.find("ScDetect%sRegister" % protoname) > -1:
+                # patch already applied
+                return
+            if line.find("ScDetectTemplateRegister") > -1:
+                new = line.replace("Template", "%s" % protoname)
                 output.write(new)
-
             output.write(line)
     open(filename, "w").write(output.getvalue())
 
@@ -388,17 +353,16 @@ def main():
         if not proto_exists(proto):
             raise SetupError("no app-layer parser exists for %s" % (proto))
         logger_copy_templates(proto)
-        patch_rust_applayer_mod_rs(proto)
+        patch_rust_applayer_mod_rs(proto, "logger")
         logger_patch_output_c(proto)
         logger_patch_suricata_yaml_in(proto)
 
     if detect:
         if not proto_exists(proto):
             raise SetupError("no app-layer parser exists for %s" % (proto))
         detect_copy_templates(proto, args.buffer)
-        detect_patch_makefile_am(proto, args.buffer)
-        detect_patch_detect_engine_register_c(proto, args.buffer)
-        detect_patch_detect_engine_register_h(proto, args.buffer)
+        detect_patch_detect_engine_register_c(proto)
+        patch_rust_applayer_mod_rs(proto, "detect")
 
     if parser:
         print("""

diff --git a/src/Makefile.am b/src/Makefile.am
@@ -287,7 +287,6 @@ noinst_HEADERS = \
 	detect-tcp-window.h \
 	detect-template2.h \
 	detect-template.h \
-	detect-template-rust-buffer.h \
 	detect-threshold.h \
 	detect-tls-alpn.h \
 	detect-tls-cert-fingerprint.h \
@@ -857,7 +856,6 @@ libsuricata_c_a_SOURCES = \
 	detect-tcp-window.c \
 	detect-template2.c \
 	detect-template.c \
-	detect-template-rust-buffer.c \
 	detect-threshold.c \
 	detect-tls.c \
 	detect-tls-alpn.c \
@@ -1176,7 +1174,6 @@ EXTRA_DIST = \
 	tests/detect-http-user-agent.c \
 	tests/detect-ssl-state.c \
 	tests/detect-ssl-version.c \
-	tests/detect-template-buffer.c \
 	tests/detect-tls-cert-fingerprint.c \
 	tests/detect-tls-cert-issuer.c \
 	tests/detect-tls-cert-serial.c \

diff --git a/src/detect-engine-register.c b/src/detect-engine-register.c
@@ -204,7 +204,6 @@
 #include "detect-sip-method.h"
 #include "detect-sip-uri.h"
 #include "detect-target.h"
-#include "detect-template-rust-buffer.h"
 #include "detect-quic-sni.h"
 #include "detect-quic-ua.h"
 #include "detect-quic-version.h"
@@ -660,7 +659,6 @@ void SigTableSetup(void)
     DetectSipMethodRegister();
     DetectSipUriRegister();
     DetectTargetRegister();
-    DetectTemplateRustBufferRegister();
     DetectQuicSniRegister();
     DetectQuicUaRegister();
     DetectQuicVersionRegister();
@@ -695,6 +693,7 @@ void SigTableSetup(void)
     ScDetectMqttRegister();
     ScDetectRfbRegister();
     ScDetectSipRegister();
+    ScDetectTemplateRegister();
 
     /* close keyword registration */
     DetectBufferTypeCloseRegistration();

diff --git a/src/detect-engine-register.h b/src/detect-engine-register.h
@@ -291,7 +291,6 @@ enum DetectKeywordId {
     DETECT_TCPMSS,
     DETECT_FTPDATA,
     DETECT_TARGET,
-    DETECT_AL_TEMPLATE_BUFFER,
     DETECT_AL_QUIC_VERSION,
     DETECT_AL_QUIC_SNI,
     DETECT_AL_QUIC_UA,