WIP: suricata-plugin crate

configure.ac

@@ -2515,7 +2515,7 @@ AC_SUBST(enable_non_bundled_htp)
 
 AM_CONDITIONAL([BUILD_SHARED_LIBRARY], [test "x$enable_shared" = "xyes"] && [test "x$can_build_shared_library" = "xyes"])
 
-AC_CONFIG_FILES(Makefile src/Makefile rust/Makefile rust/Cargo.lock rust/Cargo.toml rust/derive/Cargo.toml rust/.cargo/config.toml)
+AC_CONFIG_FILES(Makefile src/Makefile rust/Makefile rust/Cargo.lock rust/Cargo.toml rust/derive/Cargo.toml rust/plugin/Cargo.toml rust/.cargo/config.toml)
 AC_CONFIG_FILES(qa/Makefile qa/coccinelle/Makefile)
 AC_CONFIG_FILES(rules/Makefile doc/Makefile doc/userguide/Makefile)
 AC_CONFIG_FILES(contrib/Makefile contrib/file_processor/Makefile contrib/file_processor/Action/Makefile contrib/file_processor/Processor/Makefile)

examples/plugins/altemplate/Cargo.toml

@@ -9,6 +9,7 @@ crate-type = ["cdylib"]
 [dependencies]
 nom7 = { version="7.0", package="nom" }
 libc = "~0.2.82"
+suricata-plugin = { path = "../../../rust/plugin" }
 
 [features]
 default = ["suricata8"]

examples/plugins/altemplate/src/detect.rs

@@ -23,10 +23,10 @@
 use crate::suricata::{
     cast_pointer, DetectBufferSetActiveList, DetectHelperBufferMpmRegister, DetectHelperGetData,
     DetectHelperKeywordRegister, DetectSignatureSetAppProto, Direction, SCSigTableElmt,
-    SIGMATCH_INFO_STICKY_BUFFER, SIGMATCH_NOOPT,
 };
 use crate::template::{TemplateTransaction, ALPROTO_TEMPLATE};
 use std::os::raw::{c_int, c_void};
+use suricata_plugin::{SIGMATCH_INFO_STICKY_BUFFER, SIGMATCH_NOOPT};
 
 static mut G_TEMPLATE_BUFFER_BUFFER_ID: c_int = 0;
 

examples/plugins/altemplate/src/plugin.rs

@@ -17,7 +17,10 @@ extern "C" fn altemplate_plugin_init() {
     };
     unsafe {
         if SCPluginRegisterAppLayer(Box::into_raw(Box::new(plugin))) != 0 {
-            SCLog!(suricata::Level::Error, "Failed to register altemplate plugin");
+            SCLog!(
+                suricata::Level::Error,
+                "Failed to register altemplate plugin"
+            );
         }
     }
 }

examples/plugins/altemplate/src/suricata.rs

@@ -4,25 +4,7 @@
 use std::ffi::{CStr, CString};
 use std::os::raw::{c_char, c_int, c_void};
 
-// Type definitions
-pub type AppProto = u16;
-pub type AppLayerEventType = c_int;
-
-// Constant definitions
-pub const ALPROTO_UNKNOWN: AppProto = 0;
-
-pub const IPPROTO_TCP: u8 = 6;
-
-pub const APP_LAYER_PARSER_OPT_ACCEPT_GAPS: u32 = 0x00000001;
-
-pub const APP_LAYER_PARSER_EOF_TC: u16 = 0x0040;
-pub const APP_LAYER_PARSER_EOF_TS: u16 = 0x0020;
-
-pub const APP_LAYER_EVENT_TYPE_TRANSACTION: i32 = 1;
-
-pub const SIGMATCH_NOOPT: u16 = 1;
-pub const SIGMATCH_INFO_STICKY_BUFFER: u16 = 0x200;
-
+use suricata_plugin::AppProto;
 //pub const STREAM_TOCLIENT: u8 = 0x08;
 
 // Opaque definitions
@@ -215,10 +197,8 @@ pub type StateTxFreeFn = unsafe extern "C" fn(*mut c_void, u64);
 pub type StateGetTxFn = unsafe extern "C" fn(*mut c_void, u64) -> *mut c_void;
 pub type StateGetTxCntFn = unsafe extern "C" fn(*mut c_void) -> u64;
 pub type StateGetProgressFn = unsafe extern "C" fn(*mut c_void, u8) -> c_int;
-pub type GetEventInfoFn =
-    unsafe extern "C" fn(*const c_char, *mut c_int, *mut AppLayerEventType) -> c_int;
-pub type GetEventInfoByIdFn =
-    unsafe extern "C" fn(c_int, *mut *const c_char, *mut AppLayerEventType) -> i8;
+pub type GetEventInfoFn = unsafe extern "C" fn(*const c_char, *mut c_int, *mut c_int) -> c_int;
+pub type GetEventInfoByIdFn = unsafe extern "C" fn(c_int, *mut *const c_char, *mut c_int) -> i8;
 pub type LocalStorageNewFn = extern "C" fn() -> *mut c_void;
 pub type LocalStorageFreeFn = extern "C" fn(*mut c_void);
 pub type GetTxFilesFn = unsafe extern "C" fn(*mut c_void, *mut c_void, u8) -> AppLayerGetFileState;

examples/plugins/altemplate/src/template.rs

@@ -28,16 +28,18 @@ use crate::suricata::{
     build_slice, cast_pointer, conf_get, AppLayerGetTxIterTuple, AppLayerParserConfParserEnabled,
     AppLayerParserRegisterLogger, AppLayerParserStateIssetFlag,
     AppLayerProtoDetectConfProtoDetectionEnabled, AppLayerRegisterParser,
-    AppLayerRegisterProtocolDetection, AppLayerResult, AppLayerStateData, AppLayerTxData, AppProto,
-    Flow, Level, RustParser, SCLogError, SCLogNotice, StreamSlice, ALPROTO_UNKNOWN,
-    APP_LAYER_EVENT_TYPE_TRANSACTION, APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS,
-    APP_LAYER_PARSER_OPT_ACCEPT_GAPS, IPPROTO_TCP,
+    AppLayerRegisterProtocolDetection, AppLayerResult, AppLayerStateData, AppLayerTxData, Flow,
+    Level, RustParser, SCLogError, SCLogNotice, StreamSlice,
 };
 use nom7 as nom;
 use std;
 use std::collections::VecDeque;
 use std::ffi::{CStr, CString};
 use std::os::raw::{c_char, c_int, c_void};
+use suricata_plugin::{
+    AppProto, ALPROTO_UNKNOWN, APP_LAYER_EVENT_TYPE_TRANSACTION, APP_LAYER_PARSER_EOF_TC,
+    APP_LAYER_PARSER_EOF_TS, APP_LAYER_PARSER_OPT_ACCEPT_GAPS, IPPROTO_TCP,
+};
 
 static mut TEMPLATE_MAX_TX: usize = 256;
 
@@ -91,7 +93,7 @@ impl TemplateEvent {
                 return -1;
             }
         };
-        *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
+        *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION as std::os::raw::c_int;
         *event_id = event as std::os::raw::c_int;
         0
     }
@@ -102,7 +104,7 @@ impl TemplateEvent {
     ) -> i8 {
         if let Some(e) = TemplateEvent::from_id(event_id) {
             *event_name = e.to_cstring().as_ptr() as *const std::os::raw::c_char;
-            *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
+            *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION as std::os::raw::c_int;
             return 0;
         }
         -1

rust/Cargo.toml.in

@@ -7,7 +7,7 @@ edition = "2021"
 rust-version = "1.67.1"
 
 [workspace]
-members = [".", "./derive"]
+members = [".", "./derive", "./plugin"]
 
 [lib]
 crate-type = ["staticlib", "rlib"]

rust/Makefile.am

@@ -1,9 +1,10 @@
-EXTRA_DIST =	src derive \
+EXTRA_DIST =	src derive plugin \
 		.cargo/config.toml.in \
 		cbindgen.toml \
 		dist/rust-bindings.h \
 		vendor \
 		Cargo.toml Cargo.lock \
+		plugin/Cargo.toml \
 		derive/Cargo.toml
 
 if !DEBUG

rust/plugin/Cargo.toml.in

@@ -0,0 +1,9 @@
+[package]
+name = "suricata-plugin"
+version = "@PACKAGE_VERSION@"
+license = "GPL-2.0-only"
+description = "Re-exports for Suricata plugins"
+edition = "2021"
+
+[dependencies]
+suricata = { path = "../", version = "@PACKAGE_VERSION@" }

rust/plugin/src/lib.rs

@@ -0,0 +1,35 @@
+/* Copyright (C) 2020-2023 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+ use suricata::*;
+
+// Type definitions
+pub type AppProto = core::AppProto;
+pub type AppLayerEventType = core::AppLayerEventType;
+
+// Constant definitions
+pub const ALPROTO_UNKNOWN: AppProto = core::ALPROTO_UNKNOWN;
+pub const IPPROTO_TCP : u8 = core::IPPROTO_TCP;
+
+pub const APP_LAYER_PARSER_OPT_ACCEPT_GAPS : u32 = applayer::APP_LAYER_PARSER_OPT_ACCEPT_GAPS;
+pub const APP_LAYER_PARSER_EOF_TC : u16 = applayer::APP_LAYER_PARSER_EOF_TC;
+pub const APP_LAYER_PARSER_EOF_TS : u16 = applayer::APP_LAYER_PARSER_EOF_TS;
+
+pub const APP_LAYER_EVENT_TYPE_TRANSACTION : AppLayerEventType = AppLayerEventType::APP_LAYER_EVENT_TYPE_TRANSACTION;
+
+pub const SIGMATCH_NOOPT: u16 = detect::SIGMATCH_NOOPT;
+pub const SIGMATCH_INFO_STICKY_BUFFER: u16 = detect::SIGMATCH_INFO_STICKY_BUFFER;

rust/src/detect/mod.rs

@@ -76,9 +76,9 @@ pub struct SCSigTableElmt {
     >,
 }
 
-pub(crate) const SIGMATCH_NOOPT: u16 = 1; // BIT_U16(0) in detect.h
-pub(crate) const SIGMATCH_QUOTES_MANDATORY: u16 = 0x40; // BIT_U16(6) in detect.h
-pub(crate) const SIGMATCH_INFO_STICKY_BUFFER: u16 = 0x200; // BIT_U16(9)
+pub const SIGMATCH_NOOPT: u16 = 1; // BIT_U16(0) in detect.h
+pub const SIGMATCH_QUOTES_MANDATORY: u16 = 0x40; // BIT_U16(6) in detect.h
+pub const SIGMATCH_INFO_STICKY_BUFFER: u16 = 0x200; // BIT_U16(9)
 
 /// cbindgen:ignore
 extern {