Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

transform: luaxform transform script #12187

Closed
wants to merge 7 commits into from
Closed

transform: luaxform transform script #12187

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
5e26a7e
transforms: Make ctx available
jlucovsky Sep 12, 2024
30e03c0
hash: Provide detection engine context to free fn
jlucovsky Sep 12, 2024
c597f45
detect/engine: Prevent double-free of keyword hash
jlucovsky Sep 12, 2024
2e62e42
transform: Add luaxform files
jlucovsky Sep 9, 2024
57cf185
doc: Document luaxform transform
jlucovsky Sep 18, 2024
e3046ff
detect/transform: Refactor setup/apply pattern
jlucovsky Oct 10, 2024
38a9a39
clang/format: Formatting fixups
jlucovsky Nov 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
detect/transform: Refactor setup/apply pattern 
git grep -A 1 -w InspectionBufferSetup shows numbers cases of the pattern:
    - InspectionBufferSetup
    - InspectionBufferApplyTransforms

Refactor the implementations of those functions into
InspectionBufferSetupAndApplyTransforms to reduce function call count.

Issuer: 2290
  • Loading branch information
@jlucovsky
jlucovsky committed Nov 30, 2024
commit e3046ff01d99ca001c50159cae4e0a34b6c35724
8 changes: 4 additions & 4 deletions src/detect-dce-stub-data.c
View file
Original file line number Diff line number Diff line change
@@ -79,8 +79,8 @@ static InspectionBuffer *GetSMBData(DetectEngineThreadCtx *det_ctx,
return NULL;
SCLogDebug("have data!");

InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, data, data_len, transforms);
}
return buffer;
}
@@ -105,8 +105,8 @@ static InspectionBuffer *GetDCEData(DetectEngineThreadCtx *det_ctx,
} else {
buffer->flags |= DETECT_CI_FLAGS_DCE_BE;
}
InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, data, data_len, transforms);
}
return buffer;
}
4 changes: 2 additions & 2 deletions src/detect-dnp3.c
View file
Original file line number Diff line number Diff line change
@@ -166,8 +166,8 @@ static InspectionBuffer *GetDNP3Data(DetectEngineThreadCtx *det_ctx,
}

SCLogDebug("tx %p data %p data_len %u", tx, tx->buffer, tx->buffer_len);
InspectionBufferSetup(det_ctx, list_id, buffer, tx->buffer, tx->buffer_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, tx->buffer, tx->buffer_len, transforms);
}
return buffer;
}
3 changes: 1 addition & 2 deletions src/detect-engine-helper.c
View file
Original file line number Diff line number Diff line change
@@ -56,8 +56,7 @@ InspectionBuffer *DetectHelperGetData(struct DetectEngineThreadCtx_ *det_ctx,
if (!GetBuf(txv, flow_flags, &b, &b_len))
return NULL;

InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
}
return buffer;
}
59 changes: 41 additions & 18 deletions src/detect-engine.c
View file
Original file line number Diff line number Diff line change
@@ -105,6 +105,9 @@ static uint32_t DetectEngineTenantGetIdFromLivedev(const void *ctx, const Packet
static uint32_t DetectEngineTenantGetIdFromVlanId(const void *ctx, const Packet *p);
static uint32_t DetectEngineTenantGetIdFromPcap(const void *ctx, const Packet *p);

static inline void InspectionBufferApplyTransformsInternal(
DetectEngineThreadCtx *, InspectionBuffer *, const DetectEngineTransforms *);

static DetectEngineAppInspectionEngine *g_app_inspect_engines = NULL;
static DetectEnginePktInspectionEngine *g_pkt_inspect_engines = NULL;
static DetectEngineFrameInspectionEngine *g_frame_inspect_engines = NULL;
@@ -1557,6 +1560,27 @@ InspectionBuffer *InspectionBufferMultipleForListGet(
return buffer;
}

static inline void InspectionBufferApplyTransformsInternal(DetectEngineThreadCtx *det_ctx,
InspectionBuffer *buffer, const DetectEngineTransforms *transforms)
{
if (transforms) {
for (int i = 0; i < DETECT_TRANSFORMS_MAX; i++) {
const int id = transforms->transforms[i].transform;
if (id == 0)
break;
BUG_ON(sigmatch_table[id].Transform == NULL);
sigmatch_table[id].Transform(det_ctx, buffer, transforms->transforms[i].options);
SCLogDebug("applied transform %s", sigmatch_table[id].name);
}
}
}

void InspectionBufferApplyTransforms(DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer,
const DetectEngineTransforms *transforms)
{
InspectionBufferApplyTransformsInternal(det_ctx, buffer, transforms);
}

void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size)
{
memset(buffer, 0, sizeof(*buffer));
@@ -1591,11 +1615,10 @@ void InspectionBufferSetupMulti(DetectEngineThreadCtx *det_ctx, InspectionBuffer
buffer->len = 0;
buffer->initialized = true;

InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferApplyTransformsInternal(det_ctx, buffer, transforms);
}

/** \brief setup the buffer with our initial data */
void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id,
static inline void InspectionBufferSetupInternal(DetectEngineThreadCtx *det_ctx, const int list_id,
InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
{
#ifdef DEBUG_VALIDATION
@@ -1613,6 +1636,21 @@ void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id,
buffer->len = 0;
buffer->initialized = true;
}
/** \brief setup the buffer with our initial data */
void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id,
InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
{
InspectionBufferSetupInternal(det_ctx, list_id, buffer, data, data_len);
}

/** \brief setup the buffer with our initial data */
void InspectionBufferSetupAndApplyTransforms(DetectEngineThreadCtx *det_ctx, const int list_id,
InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len,
const DetectEngineTransforms *transforms)
{
InspectionBufferSetupInternal(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransformsInternal(det_ctx, buffer, transforms);
}

void InspectionBufferFree(InspectionBuffer *buffer)
{
@@ -1711,21 +1749,6 @@ bool DetectEngineBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_lis
return true;
}

void InspectionBufferApplyTransforms(DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer,
const DetectEngineTransforms *transforms)
{
if (transforms) {
for (int i = 0; i < DETECT_TRANSFORMS_MAX; i++) {
const int id = transforms->transforms[i].transform;
if (id == 0)
break;
BUG_ON(sigmatch_table[id].Transform == NULL);
sigmatch_table[id].Transform(det_ctx, buffer, transforms->transforms[i].options);
SCLogDebug("applied transform %s", sigmatch_table[id].name);
}
}
}

static void DetectBufferTypeSetupDetectEngine(DetectEngineCtx *de_ctx)
{
const int size = g_buffer_type_id;
3 changes: 3 additions & 0 deletions src/detect-engine.h
View file
Original file line number Diff line number Diff line change
@@ -30,6 +30,9 @@
void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size);
void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id,
InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len);
void InspectionBufferSetupAndApplyTransforms(DetectEngineThreadCtx *det_ctx, const int list_id,
InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len,
const DetectEngineTransforms *transforms);
void InspectionBufferFree(InspectionBuffer *buffer);
void *InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size);
void InspectionBufferTruncate(InspectionBuffer *buffer, uint32_t buf_len);
14 changes: 6 additions & 8 deletions src/detect-http-cookie.c
View file
Original file line number Diff line number Diff line change
@@ -190,8 +190,8 @@ static InspectionBuffer *GetRequestData(DetectEngineThreadCtx *det_ctx,
const uint32_t data_len = bstr_len(h->value);
const uint8_t *data = bstr_ptr(h->value);

InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, data, data_len, transforms);
}

return buffer;
@@ -218,8 +218,8 @@ static InspectionBuffer *GetResponseData(DetectEngineThreadCtx *det_ctx,
const uint32_t data_len = bstr_len(h->value);
const uint8_t *data = bstr_ptr(h->value);

InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, data, data_len, transforms);
}

return buffer;
@@ -239,8 +239,7 @@ static InspectionBuffer *GetRequestData2(DetectEngineThreadCtx *det_ctx,
if (b == NULL || b_len == 0)
return NULL;

InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
}

return buffer;
@@ -260,8 +259,7 @@ static InspectionBuffer *GetResponseData2(DetectEngineThreadCtx *det_ctx,
if (b == NULL || b_len == 0)
return NULL;

InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
}

return buffer;
7 changes: 3 additions & 4 deletions src/detect-http-header-names.c
View file
Original file line number Diff line number Diff line change
@@ -153,8 +153,8 @@ static InspectionBuffer *GetBuffer1ForTX(DetectEngineThreadCtx *det_ctx,
if (rawdata_len == 0)
return NULL;

InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, rawdata, rawdata_len, transforms);
}

return buffer;
@@ -174,8 +174,7 @@ static InspectionBuffer *GetBuffer2ForTX(DetectEngineThreadCtx *det_ctx,
if (b == NULL || b_len == 0)
return NULL;

InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
}

return buffer;
11 changes: 5 additions & 6 deletions src/detect-http-header.c
View file
Original file line number Diff line number Diff line change
@@ -158,8 +158,7 @@ static InspectionBuffer *GetBuffer2ForTX(DetectEngineThreadCtx *det_ctx,
if (b == NULL || b_len == 0)
return NULL;

InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
}

return buffer;
@@ -197,8 +196,8 @@ static uint8_t DetectEngineInspectBufferHttpHeader(DetectEngineCtx *de_ctx,
goto end;
}
/* setup buffer and apply transforms */
InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, rawdata, rawdata_len, transforms);
}

const uint32_t data_len = buffer->inspect_len;
@@ -252,8 +251,8 @@ static void PrefilterMpmHttpHeader(DetectEngineThreadCtx *det_ctx, const void *p
return;

/* setup buffer and apply transforms */
InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len);
InspectionBufferApplyTransforms(det_ctx, buffer, ctx->transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, rawdata, rawdata_len, ctx->transforms);
}

const uint32_t data_len = buffer->inspect_len;
14 changes: 6 additions & 8 deletions src/detect-http-headers-stub.h
View file
Original file line number Diff line number Diff line change
@@ -67,8 +67,8 @@ static InspectionBuffer *GetRequestData(DetectEngineThreadCtx *det_ctx,
const uint32_t data_len = bstr_len(h->value);
const uint8_t *data = bstr_ptr(h->value);

InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, data, data_len, transforms);
}

return buffer;
@@ -90,8 +90,7 @@ static InspectionBuffer *GetRequestData2(DetectEngineThreadCtx *det_ctx,
if (b == NULL || b_len == 0)
return NULL;

InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
}

return buffer;
@@ -123,8 +122,8 @@ static InspectionBuffer *GetResponseData(DetectEngineThreadCtx *det_ctx,
const uint32_t data_len = bstr_len(h->value);
const uint8_t *data = bstr_ptr(h->value);

InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, data, data_len, transforms);
}

return buffer;
@@ -146,8 +145,7 @@ static InspectionBuffer *GetResponseData2(DetectEngineThreadCtx *det_ctx,
if (b == NULL || b_len == 0)
return NULL;

InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
}

return buffer;
14 changes: 6 additions & 8 deletions src/detect-http-host.c
View file
Original file line number Diff line number Diff line change
@@ -248,8 +248,8 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
const uint32_t data_len = bstr_len(tx->request_hostname);
const uint8_t *data = bstr_ptr(tx->request_hostname);

InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, data, data_len, transforms);
}

return buffer;
@@ -269,8 +269,7 @@ static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
if (b == NULL || b_len == 0)
return NULL;

InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
}

return buffer;
@@ -290,8 +289,7 @@ static InspectionBuffer *GetRawData2(DetectEngineThreadCtx *det_ctx,
if (b == NULL || b_len == 0)
return NULL;

InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
}

return buffer;
@@ -361,8 +359,8 @@ static InspectionBuffer *GetRawData(DetectEngineThreadCtx *det_ctx,
data_len = bstr_len(tx->parsed_uri->hostname);
}

InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, data, data_len, transforms);
}

return buffer;
7 changes: 3 additions & 4 deletions src/detect-http-method.c
View file
Original file line number Diff line number Diff line change
@@ -209,8 +209,8 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
const uint32_t data_len = bstr_len(tx->request_method);
const uint8_t *data = bstr_ptr(tx->request_method);

InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, data, data_len, transforms);
}

return buffer;
@@ -230,8 +230,7 @@ static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
if (b == NULL || b_len == 0)
return NULL;

InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
}

return buffer;
9 changes: 4 additions & 5 deletions src/detect-http-protocol.c
View file
Original file line number Diff line number Diff line change
@@ -107,8 +107,8 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
return NULL;
}

InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, data, data_len, transforms);
}

return buffer;
@@ -120,9 +120,8 @@ static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
{
InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
if (buffer->inspect == NULL) {
InspectionBufferSetup(
det_ctx, list_id, buffer, (const uint8_t *)"HTTP/2", strlen("HTTP/2"));
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, (const uint8_t *)"HTTP/2", strlen("HTTP/2"), transforms);
}

return buffer;
7 changes: 3 additions & 4 deletions src/detect-http-raw-header.c
View file
Original file line number Diff line number Diff line change
@@ -197,8 +197,8 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
const uint32_t data_len = ts ?
tx_ud->request_headers_raw_len : tx_ud->response_headers_raw_len;

InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(
det_ctx, list_id, buffer, data, data_len, transforms);
}

return buffer;
@@ -218,8 +218,7 @@ static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
if (b == NULL || b_len == 0)
return NULL;

InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
}

return buffer;
Loading