From b44fc62e6023784949f0a5ea0707e36e7f9614da Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Tue, 22 Oct 2024 10:26:22 -0600 Subject: [PATCH 1/2] eve/schema: add missing field "code" anomaly events --- etc/schema.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/etc/schema.json b/etc/schema.json index 03db8c7c3d06..cf03a2db30b6 100644 --- a/etc/schema.json +++ b/etc/schema.json @@ -340,6 +340,9 @@ }, "type": { "type": "string" + }, + "code": { + "type": "integer" } }, "additionalProperties": false From 45384ef969d180d962f4b50f19556c5e2c5cfccc Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Tue, 22 Oct 2024 10:46:13 -0600 Subject: [PATCH 2/2] rust/applayer: use c_int as return type for get_info_by_id Rust was using i8 as the return type, while C uses int. As of Rust 1.82, the return value is turned to garbage over the FFI boundary. Ticket: #7338 --- rust/derive/src/applayerevent.rs | 2 +- rust/src/applayer.rs | 6 +++--- rust/src/smb/smb.rs | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rust/derive/src/applayerevent.rs b/rust/derive/src/applayerevent.rs index c4402381120a..37e5dd0797cc 100644 --- a/rust/derive/src/applayerevent.rs +++ b/rust/derive/src/applayerevent.rs @@ -98,7 +98,7 @@ pub fn derive_app_layer_event(input: TokenStream) -> TokenStream { event_id: std::os::raw::c_int, event_name: *mut *const std::os::raw::c_char, event_type: *mut #crate_id::core::AppLayerEventType, - ) -> i8 { + ) -> std::os::raw::c_int { #crate_id::applayer::get_event_info_by_id::<#name>(event_id, event_name, event_type) } diff --git a/rust/src/applayer.rs b/rust/src/applayer.rs index f863546bbe06..652775a66799 100644 --- a/rust/src/applayer.rs +++ b/rust/src/applayer.rs @@ -445,7 +445,7 @@ pub type StateGetTxFn = unsafe extern "C" fn (*mut c_void, u64) -> *m pub type StateGetTxCntFn = unsafe extern "C" fn (*mut c_void) -> u64; pub type StateGetProgressFn = unsafe extern "C" fn (*mut c_void, u8) -> c_int; pub type GetEventInfoFn = unsafe extern "C" fn (*const c_char, *mut c_int, *mut AppLayerEventType) -> c_int; -pub type GetEventInfoByIdFn = unsafe extern "C" fn (c_int, *mut *const c_char, *mut AppLayerEventType) -> i8; +pub type GetEventInfoByIdFn = unsafe extern "C" fn (c_int, *mut *const c_char, *mut AppLayerEventType) -> c_int; pub type LocalStorageNewFn = extern "C" fn () -> *mut c_void; pub type LocalStorageFreeFn = extern "C" fn (*mut c_void); pub type GetTxFilesFn = unsafe extern "C" fn (*mut c_void, u8) -> AppLayerGetFileState; @@ -590,7 +590,7 @@ pub trait AppLayerEvent { event_id: std::os::raw::c_int, event_name: *mut *const std::os::raw::c_char, event_type: *mut core::AppLayerEventType, - ) -> i8; + ) -> std::os::raw::c_int; } /// Generic `get_info_info` implementation for enums implementing @@ -634,7 +634,7 @@ pub unsafe fn get_event_info_by_id( event_id: std::os::raw::c_int, event_name: *mut *const std::os::raw::c_char, event_type: *mut core::AppLayerEventType, -) -> i8 { +) -> std::os::raw::c_int { if let Some(e) = T::from_id(event_id) { *event_name = e.to_cstring().as_ptr() as *const std::os::raw::c_char; *event_type = core::AppLayerEventType::APP_LAYER_EVENT_TYPE_TRANSACTION; diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index 0d35d6debb3e..c5d2f6916509 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -2206,7 +2206,7 @@ pub unsafe extern "C" fn rs_smb_state_get_event_info_by_id( event_id: std::os::raw::c_int, event_name: *mut *const std::os::raw::c_char, event_type: *mut AppLayerEventType, -) -> i8 { +) -> std::os::raw::c_int { SMBEvent::get_event_info_by_id(event_id, event_name, event_type) }