jsonbuilder: restrict visibility

JsonBuilder struct should not be made public because it is not repr(C), and thus cannot be used as such by plugins, because rust compiler does nots guarantee struct layout if we do not use a fixed representation. Also define a generic standard prototype for EveJsonSimpleTxLogFunc and enfore it without cast for every function, each function taking care of casting to its specific transaction type.
OISF · Jan 23, 2025 · 355b687 · 355b687
1 parent a33c797
commit 355b687
Show file tree

Hide file tree

Showing 48 changed files with 215 additions and 159 deletions.
diff --git a/rust/src/bittorrent_dht/logger.rs b/rust/src/bittorrent_dht/logger.rs
@@ -132,8 +132,9 @@ fn log_bittorrent_dht(
 
 #[no_mangle]
 pub unsafe extern "C" fn rs_bittorrent_dht_logger_log(
-    tx: *mut std::os::raw::c_void, js: &mut JsonBuilder,
+    tx: *const std::os::raw::c_void, js: *mut std::os::raw::c_void,
 ) -> bool {
+    let js = cast_pointer!(js, JsonBuilder);
     let tx = cast_pointer!(tx, BitTorrentDHTTransaction);
     log_bittorrent_dht(tx, js).is_ok()
 }
diff --git a/rust/src/dcerpc/log.rs b/rust/src/dcerpc/log.rs
@@ -19,6 +19,7 @@ use uuid::Uuid;
 use crate::dcerpc::dcerpc::*;
 use crate::dcerpc::dcerpc_udp::*;
 use crate::jsonbuilder::{JsonBuilder, JsonError};
+use std::ffi::c_void;
 
 fn log_dcerpc_header_tcp(
     jsb: &mut JsonBuilder, state: &DCERPCState, tx: &DCERPCTransaction,
@@ -122,15 +123,17 @@ fn log_dcerpc_header_udp(
 }
 
 #[no_mangle]
-pub extern "C" fn rs_dcerpc_log_json_record_tcp(
-    state: &DCERPCState, tx: &DCERPCTransaction, jsb: &mut JsonBuilder,
+pub unsafe extern "C" fn rs_dcerpc_log_json_record_tcp(
+    state: &DCERPCState, tx: &DCERPCTransaction, jsb: *mut c_void,
 ) -> bool {
+    let jsb = cast_pointer!(jsb, JsonBuilder);
     log_dcerpc_header_tcp(jsb, state, tx).is_ok()
 }
 
 #[no_mangle]
-pub extern "C" fn rs_dcerpc_log_json_record_udp(
-    state: &DCERPCUDPState, tx: &DCERPCTransaction, jsb: &mut JsonBuilder,
+pub unsafe extern "C" fn rs_dcerpc_log_json_record_udp(
+    state: &DCERPCUDPState, tx: &DCERPCTransaction, jsb: *mut c_void,
 ) -> bool {
+    let jsb = cast_pointer!(jsb, JsonBuilder);
     log_dcerpc_header_udp(jsb, state, tx).is_ok()
 }
diff --git a/rust/src/detect/tojson/mod.rs b/rust/src/detect/tojson/mod.rs
@@ -17,8 +17,9 @@
 
 use crate::detect::uint::{DetectIntType, DetectUintData, DetectUintMode};
 use crate::jsonbuilder::{JsonBuilder, JsonError};
+use std::ffi::c_void;
 
-pub fn detect_uint_to_json<T: DetectIntType>(
+pub(crate) fn detect_uint_to_json<T: DetectIntType>(
     js: &mut JsonBuilder, du: &DetectUintData<T>,
 ) -> Result<(), JsonError>
 where
@@ -75,14 +76,16 @@ where
 
 #[no_mangle]
 pub unsafe extern "C" fn SCDetectU16ToJson(
-    js: &mut JsonBuilder, du: &DetectUintData<u16>,
+    js: *mut c_void, du: &DetectUintData<u16>,
 ) -> bool {
+    let js = cast_pointer!(js, JsonBuilder);
     return detect_uint_to_json(js, du).is_ok();
 }
 
 #[no_mangle]
 pub unsafe extern "C" fn SCDetectU32ToJson(
-    js: &mut JsonBuilder, du: &DetectUintData<u32>,
+    js: *mut c_void, du: &DetectUintData<u32>,
 ) -> bool {
+    let js = cast_pointer!(js, JsonBuilder);
     return detect_uint_to_json(js, du).is_ok();
 }
diff --git a/rust/src/dhcp/logger.rs b/rust/src/dhcp/logger.rs
@@ -69,7 +69,7 @@ impl DHCPLogger {
         return true;
     }
 
-    pub fn log(&self, tx: &DHCPTransaction, js: &mut JsonBuilder) -> Result<(), JsonError> {
+    fn log(&self, tx: &DHCPTransaction, js: &mut JsonBuilder) -> Result<(), JsonError> {
         let header = &tx.message.header;
         let options = &tx.message.options;
 
@@ -269,16 +269,17 @@ pub unsafe extern "C" fn rs_dhcp_logger_free(logger: *mut std::os::raw::c_void)
 
 #[no_mangle]
 pub unsafe extern "C" fn rs_dhcp_logger_log(logger: *mut std::os::raw::c_void,
-                                     tx: *mut std::os::raw::c_void,
-                                     js: &mut JsonBuilder) -> bool {
+                                     tx: *const std::os::raw::c_void,
+                                     js: *mut std::os::raw::c_void) -> bool {
     let logger = cast_pointer!(logger, DHCPLogger);
     let tx = cast_pointer!(tx, DHCPTransaction);
+    let js = cast_pointer!(js, JsonBuilder);
     logger.log(tx, js).is_ok()
 }
 
 #[no_mangle]
 pub unsafe extern "C" fn rs_dhcp_logger_do_log(logger: *mut std::os::raw::c_void,
-                                        tx: *mut std::os::raw::c_void)
+                                        tx: *const std::os::raw::c_void)
                                         -> bool {
     let logger = cast_pointer!(logger, DHCPLogger);
     let tx = cast_pointer!(tx, DHCPTransaction);

diff --git a/rust/src/dns/log.rs b/rust/src/dns/log.rs
@@ -21,6 +21,7 @@ use std::string::String;
 
 use crate::dns::dns::*;
 use crate::jsonbuilder::{JsonBuilder, JsonError};
+use std::ffi::c_void;
 
 pub const LOG_A: u64 = BIT_U64!(2);
 pub const LOG_NS: u64 = BIT_U64!(3);
@@ -800,9 +801,10 @@ fn dns_log_query(
 }
 
 #[no_mangle]
-pub extern "C" fn SCDnsLogJsonQuery(
-    tx: &DNSTransaction, i: u16, flags: u64, jb: &mut JsonBuilder,
+pub unsafe extern "C" fn SCDnsLogJsonQuery(
+    tx: &DNSTransaction, i: u16, flags: u64, jb: *mut c_void,
 ) -> bool {
+    let jb = cast_pointer!(jb, JsonBuilder);
     match dns_log_query(tx, i, flags, jb) {
         Ok(false) | Err(_) => {
             return false;
@@ -921,7 +923,8 @@ fn log_json(tx: &DNSTransaction, flags: u64, jb: &mut JsonBuilder) -> Result<(),
 
 /// FFI wrapper around the common V3 style DNS logger.
 #[no_mangle]
-pub extern "C" fn SCDnsLogJson(tx: &DNSTransaction, flags: u64, jb: &mut JsonBuilder) -> bool {
+pub unsafe extern "C" fn SCDnsLogJson(tx: &DNSTransaction, flags: u64, jb: *mut c_void) -> bool {
+    let jb = cast_pointer!(jb, JsonBuilder);
     log_json(tx, flags, jb).is_ok()
 }
 
@@ -948,9 +951,10 @@ pub extern "C" fn SCDnsLogEnabled(tx: &DNSTransaction, flags: u64) -> bool {
 
 /// Note: For v2 style logging.
 #[no_mangle]
-pub extern "C" fn SCDnsLogJsonAnswer(
-    tx: &DNSTransaction, flags: u64, js: &mut JsonBuilder,
+pub unsafe extern "C" fn SCDnsLogJsonAnswer(
+    tx: &DNSTransaction, flags: u64, js: *mut c_void,
 ) -> bool {
+    let js = cast_pointer!(js, JsonBuilder);
     if let Some(response) = &tx.response {
         for query in &response.queries {
             if dns_log_rrtype_enabled(query.rrtype, flags) {

diff --git a/rust/src/enip/logger.rs b/rust/src/enip/logger.rs
@@ -1891,8 +1891,9 @@ fn log_enip(tx: &EnipTransaction, js: &mut JsonBuilder) -> Result<(), JsonError>
 
 #[no_mangle]
 pub unsafe extern "C" fn SCEnipLoggerLog(
-    tx: *mut std::os::raw::c_void, js: &mut JsonBuilder,
+    tx: *const std::os::raw::c_void, js: *mut std::os::raw::c_void,
 ) -> bool {
+    let js = cast_pointer!(js, JsonBuilder);
     let tx = cast_pointer!(tx, EnipTransaction);
     if tx.request.is_none() && tx.response.is_none() {
         return false;

diff --git a/rust/src/http2/logger.rs b/rust/src/http2/logger.rs
@@ -286,8 +286,9 @@ fn log_http2(tx: &HTTP2Transaction, js: &mut JsonBuilder) -> Result<bool, JsonEr
 
 #[no_mangle]
 pub unsafe extern "C" fn rs_http2_log_json(
-    tx: *mut std::os::raw::c_void, js: &mut JsonBuilder,
+    tx: *const std::os::raw::c_void, js: *mut std::os::raw::c_void,
 ) -> bool {
+    let js = cast_pointer!(js, JsonBuilder);
     let tx = cast_pointer!(tx, HTTP2Transaction);
     if let Ok(x) = log_http2(tx, js) {
         return x;

diff --git a/rust/src/ike/logger.rs b/rust/src/ike/logger.rs
@@ -227,8 +227,9 @@ fn log_ikev2(tx: &IKETransaction, jb: &mut JsonBuilder) -> Result<(), JsonError>
 
 #[no_mangle]
 pub unsafe extern "C" fn rs_ike_logger_log(
-    state: &mut IKEState, tx: *mut std::os::raw::c_void, flags: u32, js: &mut JsonBuilder,
+    state: &mut IKEState, tx: *mut std::os::raw::c_void, flags: u32, js: *mut std::os::raw::c_void,
 ) -> bool {
+    let js = cast_pointer!(js, JsonBuilder);
     let tx = cast_pointer!(tx, IKETransaction);
     log_ike(state, tx, flags, js).is_ok()
 }