Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

app-layer events: consistently use uint8_t/u8 as the event id #12010

Closed
wants to merge 3 commits into from
Closed

app-layer events: consistently use uint8_t/u8 as the event id #12010

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b44fc62
eve/schema: add missing field "code" anomaly events
jasonish Oct 22, 2024
45384ef
rust/applayer: use c_int as return type for get_info_by_id
jasonish Oct 22, 2024
fe88be3
app-layer: use uint8_t consistent for event IDs
jasonish Oct 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions etc/schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -340,6 +340,9 @@
},
"type": {
"type": "string"
},
"code": {
"type": "integer"
}
},
"additionalProperties": false
Expand Down
12 changes: 6 additions & 6 deletions rust/derive/src/applayerevent.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ pub fn derive_app_layer_event(input: TokenStream) -> TokenStream {
let cname = format!("{}\0", event_name);
event_names.push(event_name);
event_cstrings.push(cname);
event_ids.push(i as i32);
event_ids.push(i as u8);
}
}
_ => panic!("AppLayerEvent can only be derived for enums"),
Expand All @@ -60,14 +60,14 @@ pub fn derive_app_layer_event(input: TokenStream) -> TokenStream {

let expanded = quote! {
impl #crate_id::applayer::AppLayerEvent for #name {
fn from_id(id: i32) -> Option<#name> {
fn from_id(id: u8) -> Option<#name> {
match id {
#( #event_ids => Some(#name::#fields) ,)*
_ => None,
}
}

fn as_i32(&self) -> i32 {
fn as_u8(&self) -> u8 {
match *self {
#( #name::#fields => #event_ids ,)*
}
Expand All @@ -88,17 +88,17 @@ pub fn derive_app_layer_event(input: TokenStream) -> TokenStream {

unsafe extern "C" fn get_event_info(
event_name: *const std::os::raw::c_char,
event_id: *mut std::os::raw::c_int,
event_id: *mut u8,
event_type: *mut #crate_id::core::AppLayerEventType,
) -> std::os::raw::c_int {
#crate_id::applayer::get_event_info::<#name>(event_name, event_id, event_type)
}

unsafe extern "C" fn get_event_info_by_id(
event_id: std::os::raw::c_int,
event_id: u8,
event_name: *mut *const std::os::raw::c_char,
event_type: *mut #crate_id::core::AppLayerEventType,
) -> i8 {
) -> std::os::raw::c_int {
#crate_id::applayer::get_event_info_by_id::<#name>(event_id, event_name, event_type)
}

Expand Down
28 changes: 15 additions & 13 deletions rust/src/applayer.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -444,8 +444,8 @@ pub type StateTxFreeFn = unsafe extern "C" fn (*mut c_void, u64);
pub type StateGetTxFn = unsafe extern "C" fn (*mut c_void, u64) -> *mut c_void;
pub type StateGetTxCntFn = unsafe extern "C" fn (*mut c_void) -> u64;
pub type StateGetProgressFn = unsafe extern "C" fn (*mut c_void, u8) -> c_int;
pub type GetEventInfoFn = unsafe extern "C" fn (*const c_char, *mut c_int, *mut AppLayerEventType) -> c_int;
pub type GetEventInfoByIdFn = unsafe extern "C" fn (c_int, *mut *const c_char, *mut AppLayerEventType) -> i8;
pub type GetEventInfoFn = unsafe extern "C" fn (*const c_char, event_id: *mut u8, *mut AppLayerEventType) -> c_int;
pub type GetEventInfoByIdFn = unsafe extern "C" fn (event_id: u8, *mut *const c_char, *mut AppLayerEventType) -> c_int;
pub type LocalStorageNewFn = extern "C" fn () -> *mut c_void;
pub type LocalStorageFreeFn = extern "C" fn (*mut c_void);
pub type GetTxFilesFn = unsafe extern "C" fn (*mut c_void, u8) -> AppLayerGetFileState;
Expand Down Expand Up @@ -569,7 +569,7 @@ impl LoggerFlags {
/// derive AppLayerEvent.
pub trait AppLayerEvent {
/// Return the enum variant of the given ID.
fn from_id(id: i32) -> Option<Self> where Self: std::marker::Sized;
fn from_id(id: u8) -> Option<Self> where Self: std::marker::Sized;

/// Convert the enum variant to a C-style string (suffixed with \0).
fn to_cstring(&self) -> &str;
Expand All @@ -578,19 +578,19 @@ pub trait AppLayerEvent {
fn from_string(s: &str) -> Option<Self> where Self: std::marker::Sized;

/// Return the ID value of the enum variant.
fn as_i32(&self) -> i32;
fn as_u8(&self) -> u8;

unsafe extern "C" fn get_event_info(
event_name: *const std::os::raw::c_char,
event_id: *mut std::os::raw::c_int,
event_id: *mut u8,
event_type: *mut core::AppLayerEventType,
) -> std::os::raw::c_int;

unsafe extern "C" fn get_event_info_by_id(
event_id: std::os::raw::c_int,
event_id: u8,
event_name: *mut *const std::os::raw::c_char,
event_type: *mut core::AppLayerEventType,
) -> i8;
) -> std::os::raw::c_int;
}

/// Generic `get_info_info` implementation for enums implementing
Expand All @@ -611,30 +611,32 @@ pub trait AppLayerEvent {
#[inline(always)]
pub unsafe fn get_event_info<T: AppLayerEvent>(
event_name: *const std::os::raw::c_char,
event_id: *mut std::os::raw::c_int,
event_id: *mut u8,
event_type: *mut core::AppLayerEventType,
) -> std::os::raw::c_int {
if event_name.is_null() {
return -1;
}

let event = match CStr::from_ptr(event_name).to_str().map(T::from_string) {
Ok(Some(event)) => event.as_i32(),
_ => -1,
Ok(Some(event)) => event.as_u8(),
_ => {
return -1;
}
};
*event_type = core::AppLayerEventType::APP_LAYER_EVENT_TYPE_TRANSACTION;
*event_id = event as std::os::raw::c_int;
*event_id = event;
return 0;
}

/// Generic `get_info_info_by_id` implementation for enums implementing
/// AppLayerEvent.
#[inline(always)]
pub unsafe fn get_event_info_by_id<T: AppLayerEvent>(
event_id: std::os::raw::c_int,
event_id: u8,
event_name: *mut *const std::os::raw::c_char,
event_type: *mut core::AppLayerEventType,
) -> i8 {
) -> std::os::raw::c_int {
if let Some(e) = T::from_id(event_id) {
*event_name = e.to_cstring().as_ptr() as *const std::os::raw::c_char;
*event_type = core::AppLayerEventType::APP_LAYER_EVENT_TYPE_TRANSACTION;
Expand Down
4 changes: 2 additions & 2 deletions rust/src/ftp/event.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ pub enum FtpEvent {
/// Unsafe as called from C.
#[no_mangle]
pub unsafe extern "C" fn ftp_get_event_info(
event_name: *const c_char, event_id: *mut c_int, event_type: *mut AppLayerEventType,
event_name: *const c_char, event_id: *mut u8, event_type: *mut AppLayerEventType,
) -> c_int {
crate::applayer::get_event_info::<FtpEvent>(event_name, event_id, event_type)
}
Expand All @@ -44,7 +44,7 @@ pub unsafe extern "C" fn ftp_get_event_info(
/// Unsafe as called from C.
#[no_mangle]
pub unsafe extern "C" fn ftp_get_event_info_by_id(
event_id: c_int, event_name: *mut *const c_char, event_type: *mut AppLayerEventType,
event_id: u8, event_name: *mut *const c_char, event_type: *mut AppLayerEventType,
) -> c_int {
crate::applayer::get_event_info_by_id::<FtpEvent>(event_id, event_name, event_type) as c_int
}
6 changes: 3 additions & 3 deletions rust/src/smb/smb.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2203,17 +2203,17 @@ pub unsafe extern "C" fn rs_smb_get_tx_data(

#[no_mangle]
pub unsafe extern "C" fn rs_smb_state_get_event_info_by_id(
event_id: std::os::raw::c_int,
event_id: u8,
event_name: *mut *const std::os::raw::c_char,
event_type: *mut AppLayerEventType,
) -> i8 {
) -> std::os::raw::c_int {
SMBEvent::get_event_info_by_id(event_id, event_name, event_type)
}

#[no_mangle]
pub unsafe extern "C" fn rs_smb_state_get_event_info(
event_name: *const std::os::raw::c_char,
event_id: *mut std::os::raw::c_int,
event_id: *mut u8,
event_type: *mut AppLayerEventType,
) -> std::os::raw::c_int {
SMBEvent::get_event_info(event_name, event_id, event_type)
Expand Down
13 changes: 7 additions & 6 deletions src/app-layer-dnp3.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1435,17 +1435,18 @@ static int DNP3GetAlstateProgress(void *tx, uint8_t direction)
/**
* \brief App-layer support.
*/
static int DNP3StateGetEventInfo(const char *event_name, int *event_id,
AppLayerEventType *event_type)
static int DNP3StateGetEventInfo(
const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)
{
*event_id = SCMapEnumNameToValue(event_name, dnp3_decoder_event_table);
if (*event_id == -1) {
int value = SCMapEnumNameToValue(event_name, dnp3_decoder_event_table);
if (value == -1) {
SCLogError("Event \"%s\" not present in "
"the DNP3 enum event map table.",
event_name);
return -1;
}

*event_id = (uint8_t)value;
jasonish marked this conversation as resolved.
Show resolved Hide resolved
*event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;

return 0;
Expand All @@ -1454,8 +1455,8 @@ static int DNP3StateGetEventInfo(const char *event_name, int *event_id,
/**
* \brief App-layer support.
*/
static int DNP3StateGetEventInfoById(int event_id, const char **event_name,
AppLayerEventType *event_type)
static int DNP3StateGetEventInfoById(
uint8_t event_id, const char **event_name, AppLayerEventType *event_type)
{
*event_name = SCMapEnumValueToName(event_id, dnp3_decoder_event_table);
if (*event_name == NULL) {
Expand Down
16 changes: 11 additions & 5 deletions src/app-layer-events.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,8 @@ SCEnumCharMap app_layer_event_pkt_table[ ] = {
-1 },
};

int AppLayerGetEventInfoById(int event_id, const char **event_name,
AppLayerEventType *event_type)
int AppLayerGetEventInfoById(
uint8_t event_id, const char **event_name, AppLayerEventType *event_type)
{
*event_name = SCMapEnumValueToName(event_id, app_layer_event_pkt_table);
if (*event_name == NULL) {
Expand Down Expand Up @@ -161,16 +161,22 @@ SCEnumCharMap det_ctx_event_table[] = {
{ NULL, -1 },
};

int DetectEngineGetEventInfo(const char *event_name, int *event_id, AppLayerEventType *event_type)
int DetectEngineGetEventInfo(
const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)
{
*event_id = SCMapEnumNameToValue(event_name, det_ctx_event_table);
if (*event_id == -1) {
int value = SCMapEnumNameToValue(event_name, det_ctx_event_table);
if (value == -1) {
SCLogError("event \"%s\" not present in "
"det_ctx's enum map table.",
event_name);
/* this should be treated as fatal */
return -1;
} else if (value > UINT8_MAX) {
jasonish marked this conversation as resolved.
Show resolved Hide resolved
SCLogError("event \"%s\" has invalid value", event_name);
/* this should be treated as fatal */
return -1;
}
*event_id = (uint8_t)value;
*event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;

return 0;
Expand Down
7 changes: 4 additions & 3 deletions src/app-layer-events.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,8 @@ enum {

int AppLayerGetPktEventInfo(const char *event_name, int *event_id);

int AppLayerGetEventInfoById(int event_id, const char **event_name,
AppLayerEventType *event_type);
int AppLayerGetEventInfoById(
uint8_t event_id, const char **event_name, AppLayerEventType *event_type);
void AppLayerDecoderEventsSetEventRaw(AppLayerDecoderEvents **sevents, uint8_t event);

static inline int AppLayerDecoderEventsIsEventSet(
Expand All @@ -76,6 +76,7 @@ static inline int AppLayerDecoderEventsIsEventSet(

void AppLayerDecoderEventsResetEvents(AppLayerDecoderEvents *events);
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events);
int DetectEngineGetEventInfo(const char *event_name, int *event_id, AppLayerEventType *event_type);
int DetectEngineGetEventInfo(
const char *event_name, uint8_t *event_id, AppLayerEventType *event_type);

#endif /* SURICATA_APP_LAYER_EVENTS_H */
13 changes: 7 additions & 6 deletions src/app-layer-htp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2718,25 +2718,26 @@ void *HtpGetTxForH2(void *alstate)
return NULL;
}

static int HTPStateGetEventInfo(const char *event_name,
int *event_id, AppLayerEventType *event_type)
static int HTPStateGetEventInfo(
const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)
{
*event_id = SCMapEnumNameToValue(event_name, http_decoder_event_table);
if (*event_id == -1) {
int value = SCMapEnumNameToValue(event_name, http_decoder_event_table);
if (value == -1) {
SCLogError("event \"%s\" not present in "
"http's enum map table.",
event_name);
/* this should be treated as fatal */
return -1;
}

*event_id = (uint8_t)value;
*event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;

return 0;
}

static int HTPStateGetEventInfoById(int event_id, const char **event_name,
AppLayerEventType *event_type)
static int HTPStateGetEventInfoById(
uint8_t event_id, const char **event_name, AppLayerEventType *event_type)
{
*event_name = SCMapEnumValueToName(event_id, http_decoder_event_table);
if (*event_name == NULL) {
Expand Down
22 changes: 11 additions & 11 deletions src/app-layer-parser.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,10 +93,10 @@ typedef struct AppLayerParserProtoCtx_
AppLayerGetTxIteratorFunc StateGetTxIterator;
int complete_ts;
int complete_tc;
int (*StateGetEventInfoById)(int event_id, const char **event_name,
AppLayerEventType *event_type);
int (*StateGetEventInfo)(const char *event_name,
int *event_id, AppLayerEventType *event_type);
int (*StateGetEventInfoById)(
uint8_t event_id, const char **event_name, AppLayerEventType *event_type);
int (*StateGetEventInfo)(
const char *event_name, uint8_t *event_id, AppLayerEventType *event_type);

AppLayerStateData *(*GetStateData)(void *state);
AppLayerTxData *(*GetTxData)(void *tx);
Expand Down Expand Up @@ -531,8 +531,8 @@ void AppLayerParserRegisterStateProgressCompletionStatus(
}

void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto,
int (*StateGetEventInfoById)(int event_id, const char **event_name,
AppLayerEventType *event_type))
int (*StateGetEventInfoById)(
uint8_t event_id, const char **event_name, AppLayerEventType *event_type))
{
SCEnter();

Expand All @@ -553,8 +553,8 @@ void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto,
}

void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto,
int (*StateGetEventInfo)(const char *event_name, int *event_id,
AppLayerEventType *event_type))
int (*StateGetEventInfo)(
const char *event_name, uint8_t *event_id, AppLayerEventType *event_type))
{
SCEnter();

Expand Down Expand Up @@ -1100,7 +1100,7 @@ int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto,
}

int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name,
int *event_id, AppLayerEventType *event_type)
uint8_t *event_id, AppLayerEventType *event_type)
{
SCEnter();
const int ipproto_map = FlowGetProtoMapping(ipproto);
Expand All @@ -1109,8 +1109,8 @@ int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *ev
SCReturnInt(r);
}

int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, int event_id,
const char **event_name, AppLayerEventType *event_type)
int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, uint8_t event_id,
const char **event_name, AppLayerEventType *event_type)
{
SCEnter();
const int ipproto_map = FlowGetProtoMapping(ipproto);
Expand Down
14 changes: 7 additions & 7 deletions src/app-layer-parser.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,11 +195,11 @@ void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto,
void AppLayerParserRegisterStateProgressCompletionStatus(
AppProto alproto, const int ts, const int tc);
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto,
int (*StateGetEventInfo)(const char *event_name, int *event_id,
AppLayerEventType *event_type));
int (*StateGetEventInfo)(
const char *event_name, uint8_t *event_id, AppLayerEventType *event_type));
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto,
int (*StateGetEventInfoById)(int event_id, const char **event_name,
AppLayerEventType *event_type));
int (*StateGetEventInfoById)(
uint8_t event_id, const char **event_name, AppLayerEventType *event_type));
void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto,
AppLayerParserGetFrameIdByNameFn GetFrameIdByName,
AppLayerParserGetFrameNameByIdFn GetFrameNameById);
Expand Down Expand Up @@ -239,9 +239,9 @@ uint64_t AppLayerParserGetTxCnt(const Flow *, void *alstate);
void *AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id);
int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto, uint8_t direction);
int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name,
int *event_id, AppLayerEventType *event_type);
int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, int event_id,
const char **event_name, AppLayerEventType *event_type);
uint8_t *event_id, AppLayerEventType *event_type);
int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, uint8_t event_id,
const char **event_name, AppLayerEventType *event_type);

uint64_t AppLayerParserGetTransactionActive(const Flow *f, AppLayerParserState *pstate, uint8_t direction);

Expand Down
Loading
Loading