]>
Commit | Line | Data |
---|---|---|
caef8b5b ZK |
1 | /* Copyright (C) 2019 Open Information Security Foundation |
2 | * | |
3 | * You can copy, redistribute or modify this Program under the terms of | |
4 | * the GNU General Public License version 2 as published by the Free | |
5 | * Software Foundation. | |
6 | * | |
7 | * This program is distributed in the hope that it will be useful, | |
8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | * GNU General Public License for more details. | |
11 | * | |
12 | * You should have received a copy of the GNU General Public License | |
13 | * version 2 along with this program; if not, write to the Free Software | |
14 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
15 | * 02110-1301, USA. | |
16 | */ | |
17 | ||
18 | // Author: Zach Kelly <zach.kelly@lmco.com> | |
19 | ||
20 | //! RDP application layer | |
21 | ||
e68dfa46 | 22 | use crate::core::{ |
caef8b5b ZK |
23 | self, AppProto, DetectEngineState, Flow, ALPROTO_UNKNOWN, IPPROTO_TCP, |
24 | }; | |
25 | use nom; | |
2f5834cd | 26 | use crate::applayer::*; |
e68dfa46 | 27 | use crate::rdp::parser::*; |
caef8b5b ZK |
28 | use std; |
29 | use std::mem::transmute; | |
30 | use tls_parser::{ | |
31 | parse_tls_plaintext, TlsMessage, TlsMessageHandshake, TlsRecordType, | |
32 | }; | |
33 | ||
34 | static mut ALPROTO_RDP: AppProto = ALPROTO_UNKNOWN; | |
35 | ||
36 | // | |
37 | // transactions | |
38 | // | |
39 | ||
40 | #[derive(Debug, PartialEq)] | |
41 | pub struct CertificateBlob { | |
42 | pub data: Vec<u8>, | |
43 | } | |
44 | ||
45 | #[derive(Debug, PartialEq)] | |
46 | pub enum RdpTransactionItem { | |
47 | X224ConnectionRequest(X224ConnectionRequest), | |
48 | X224ConnectionConfirm(X224ConnectionConfirm), | |
49 | McsConnectRequest(McsConnectRequest), | |
50 | McsConnectResponse(McsConnectResponse), | |
51 | TlsCertificateChain(Vec<CertificateBlob>), | |
52 | } | |
53 | ||
54 | #[derive(Debug, PartialEq)] | |
55 | pub struct RdpTransaction { | |
56 | pub id: u64, | |
57 | pub item: RdpTransactionItem, | |
58 | // managed by macros `export_tx_get_detect_state!` and `export_tx_set_detect_state!` | |
59 | de_state: Option<*mut DetectEngineState>, | |
60 | } | |
61 | ||
62 | impl RdpTransaction { | |
63 | fn new(id: u64, item: RdpTransactionItem) -> Self { | |
64 | Self { | |
65 | id, | |
66 | item, | |
67 | de_state: None, | |
68 | } | |
69 | } | |
70 | ||
71 | fn free(&mut self) { | |
72 | if let Some(de_state) = self.de_state { | |
73 | core::sc_detect_engine_state_free(de_state); | |
74 | } | |
75 | } | |
76 | } | |
77 | ||
78 | impl Drop for RdpTransaction { | |
79 | fn drop(&mut self) { | |
80 | self.free(); | |
81 | } | |
82 | } | |
83 | ||
84 | #[no_mangle] | |
85 | pub extern "C" fn rs_rdp_state_get_tx( | |
86 | state: *mut std::os::raw::c_void, | |
87 | tx_id: u64, | |
88 | ) -> *mut std::os::raw::c_void { | |
89 | let state = cast_pointer!(state, RdpState); | |
90 | match state.get_tx(tx_id) { | |
91 | Some(tx) => { | |
92 | return unsafe { transmute(tx) }; | |
93 | } | |
94 | None => { | |
95 | return std::ptr::null_mut(); | |
96 | } | |
97 | } | |
98 | } | |
99 | ||
100 | #[no_mangle] | |
101 | pub extern "C" fn rs_rdp_state_get_tx_count( | |
102 | state: *mut std::os::raw::c_void, | |
103 | ) -> u64 { | |
104 | let state = cast_pointer!(state, RdpState); | |
105 | return state.next_id; | |
106 | } | |
107 | ||
108 | #[no_mangle] | |
109 | pub extern "C" fn rs_rdp_tx_get_progress_complete( | |
110 | _direction: u8, | |
111 | ) -> std::os::raw::c_int { | |
112 | // a parser can implement a multi-step tx completion by using an arbitrary `n` | |
113 | return 1; | |
114 | } | |
115 | ||
116 | #[no_mangle] | |
117 | pub extern "C" fn rs_rdp_tx_get_progress( | |
118 | _tx: *mut std::os::raw::c_void, | |
119 | _direction: u8, | |
120 | ) -> std::os::raw::c_int { | |
121 | // tx complete when `rs_rdp_tx_get_progress(...) == rs_rdp_tx_get_progress_complete(...)` | |
122 | // here, all transactions are immediately complete on insert | |
123 | return 1; | |
124 | } | |
125 | ||
126 | // | |
127 | // state | |
128 | // | |
129 | ||
130 | #[derive(Debug, PartialEq)] | |
131 | pub struct RdpState { | |
132 | next_id: u64, | |
133 | to_client: Vec<u8>, | |
134 | to_server: Vec<u8>, | |
135 | transactions: Vec<RdpTransaction>, | |
136 | tls_parsing: bool, | |
137 | bypass_parsing: bool, | |
138 | } | |
139 | ||
140 | impl RdpState { | |
141 | fn new() -> Self { | |
142 | Self { | |
143 | next_id: 0, | |
144 | to_client: Vec::new(), | |
145 | to_server: Vec::new(), | |
146 | transactions: Vec::new(), | |
147 | tls_parsing: false, | |
148 | bypass_parsing: false, | |
149 | } | |
150 | } | |
151 | ||
152 | fn free_tx(&mut self, tx_id: u64) { | |
153 | let len = self.transactions.len(); | |
154 | let mut found = false; | |
155 | let mut index = 0; | |
156 | for ii in 0..len { | |
157 | let tx = &self.transactions[ii]; | |
158 | if tx.id == tx_id { | |
159 | found = true; | |
160 | index = ii; | |
161 | break; | |
162 | } | |
163 | } | |
164 | if found { | |
165 | self.transactions.remove(index); | |
166 | } | |
167 | } | |
168 | ||
169 | fn get_tx(&self, tx_id: u64) -> Option<&RdpTransaction> { | |
170 | for tx in &self.transactions { | |
171 | if tx.id == tx_id { | |
172 | return Some(tx); | |
173 | } | |
174 | } | |
175 | return None; | |
176 | } | |
177 | ||
178 | fn new_tx(&mut self, item: RdpTransactionItem) -> RdpTransaction { | |
179 | let tx = RdpTransaction::new(self.next_id, item); | |
180 | self.next_id += 1; | |
181 | return tx; | |
182 | } | |
183 | ||
184 | /// parse buffer captures from client to server | |
185 | fn parse_ts(&mut self, input: &[u8]) -> bool { | |
186 | // no need to process input buffer | |
187 | if self.bypass_parsing { | |
188 | return true; | |
189 | } | |
190 | // combine residual buffer with provided buffer | |
191 | self.to_server.extend(input); | |
192 | let temp: Vec<u8> = self.to_server.split_off(0); | |
193 | let mut available = temp.as_slice(); | |
194 | ||
195 | loop { | |
196 | if available.len() == 0 { | |
197 | return true; | |
198 | } | |
199 | if self.tls_parsing { | |
200 | match parse_tls_plaintext(&available) { | |
201 | Ok((remainder, _tls)) => { | |
202 | // update awaiting-parsing buffer | |
203 | available = remainder; | |
204 | } | |
205 | ||
206 | Err(nom::Err::Incomplete(_)) => { | |
207 | // save unparsed residual buffer for next parse | |
208 | self.to_server.extend(available); | |
209 | return true; | |
210 | } | |
211 | ||
212 | Err(nom::Err::Failure(_)) | Err(nom::Err::Error(_)) => { | |
213 | return false; | |
214 | } | |
215 | } | |
216 | } else { | |
217 | // every message should be encapsulated within a T.123 tpkt | |
218 | match parse_t123_tpkt(&available) { | |
219 | // success | |
220 | Ok((remainder, t123)) => { | |
221 | // update awaiting-parsing buffer | |
222 | available = remainder; | |
223 | // evaluate message within the tpkt | |
224 | match t123.child { | |
225 | // X.224 connection request | |
226 | T123TpktChild::X224ConnectionRequest(x224) => { | |
227 | let tx = self.new_tx( | |
228 | RdpTransactionItem::X224ConnectionRequest( | |
229 | x224, | |
230 | ), | |
231 | ); | |
232 | self.transactions.push(tx); | |
233 | } | |
234 | ||
235 | // X.223 data packet, evaluate what it encapsulates | |
236 | T123TpktChild::Data(x223) => { | |
237 | match x223.child { | |
238 | X223DataChild::McsConnectRequest(mcs) => { | |
239 | let tx = | |
240 | self.new_tx(RdpTransactionItem::McsConnectRequest(mcs)); | |
241 | self.transactions.push(tx); | |
242 | } | |
243 | // unknown message in X.223, skip | |
244 | _ => (), | |
245 | } | |
246 | } | |
247 | ||
248 | // unknown message in T.123, skip | |
249 | _ => (), | |
250 | } | |
251 | } | |
252 | ||
253 | Err(nom::Err::Incomplete(_)) => { | |
254 | // save unparsed residual buffer for next parse | |
255 | self.to_server.extend(available); | |
256 | return true; | |
257 | } | |
258 | ||
259 | Err(nom::Err::Failure(_)) | Err(nom::Err::Error(_)) => { | |
260 | if probe_tls_handshake(available) { | |
261 | self.tls_parsing = true; | |
262 | return self.parse_ts(available); | |
263 | } else { | |
264 | return false; | |
265 | } | |
266 | } | |
267 | } | |
268 | } | |
269 | } | |
270 | } | |
271 | ||
272 | /// parse buffer captures from server to client | |
273 | fn parse_tc(&mut self, input: &[u8]) -> bool { | |
274 | // no need to process input buffer | |
275 | if self.bypass_parsing { | |
276 | return true; | |
277 | } | |
278 | // combine residual buffer with provided buffer | |
279 | self.to_client.extend(input); | |
280 | let temp: Vec<u8> = self.to_client.split_off(0); | |
281 | let mut available = temp.as_slice(); | |
282 | ||
283 | loop { | |
284 | if available.len() == 0 { | |
285 | return true; | |
286 | } | |
287 | if self.tls_parsing { | |
288 | match parse_tls_plaintext(&available) { | |
289 | Ok((remainder, tls)) => { | |
290 | // update awaiting-parsing buffer | |
291 | available = remainder; | |
292 | for message in &tls.msg { | |
293 | match message { | |
294 | TlsMessage::Handshake( | |
295 | TlsMessageHandshake::Certificate(contents), | |
296 | ) => { | |
297 | let mut chain = Vec::new(); | |
298 | for cert in &contents.cert_chain { | |
299 | chain.push(CertificateBlob { | |
300 | data: cert.data.to_vec(), | |
301 | }); | |
302 | } | |
303 | let tx = self.new_tx( | |
304 | RdpTransactionItem::TlsCertificateChain( | |
305 | chain, | |
306 | ), | |
307 | ); | |
308 | self.transactions.push(tx); | |
309 | self.bypass_parsing = true; | |
310 | } | |
311 | _ => {} | |
312 | } | |
313 | } | |
314 | } | |
315 | ||
316 | Err(nom::Err::Incomplete(_)) => { | |
317 | // save unparsed residual buffer for next parse | |
318 | self.to_client.extend(available); | |
319 | return true; | |
320 | } | |
321 | ||
322 | Err(nom::Err::Failure(_)) | Err(nom::Err::Error(_)) => { | |
323 | return false; | |
324 | } | |
325 | } | |
326 | } else { | |
327 | // every message should be encapsulated within a T.123 tpkt | |
328 | match parse_t123_tpkt(&available) { | |
329 | // success | |
330 | Ok((remainder, t123)) => { | |
331 | // update awaiting-parsing buffer | |
332 | available = remainder; | |
333 | // evaluate message within the tpkt | |
334 | match t123.child { | |
335 | // X.224 connection confirm | |
336 | T123TpktChild::X224ConnectionConfirm(x224) => { | |
337 | let tx = self.new_tx( | |
338 | RdpTransactionItem::X224ConnectionConfirm( | |
339 | x224, | |
340 | ), | |
341 | ); | |
342 | self.transactions.push(tx); | |
343 | } | |
344 | ||
345 | // X.223 data packet, evaluate what it encapsulates | |
346 | T123TpktChild::Data(x223) => { | |
347 | match x223.child { | |
348 | X223DataChild::McsConnectResponse(mcs) => { | |
349 | let tx = self | |
350 | .new_tx(RdpTransactionItem::McsConnectResponse(mcs)); | |
351 | self.transactions.push(tx); | |
352 | self.bypass_parsing = true; | |
353 | return true; | |
354 | } | |
355 | ||
356 | // unknown message in X.223, skip | |
357 | _ => (), | |
358 | } | |
359 | } | |
360 | ||
361 | // unknown message in T.123, skip | |
362 | _ => (), | |
363 | } | |
364 | } | |
365 | ||
366 | Err(nom::Err::Incomplete(_)) => { | |
367 | self.to_client.extend(available); | |
368 | return true; | |
369 | } | |
370 | ||
371 | Err(nom::Err::Failure(_)) | Err(nom::Err::Error(_)) => { | |
372 | if probe_tls_handshake(available) { | |
373 | self.tls_parsing = true; | |
374 | return self.parse_tc(available); | |
375 | } else { | |
376 | return false; | |
377 | } | |
378 | } | |
379 | } | |
380 | } | |
381 | } | |
382 | } | |
383 | } | |
384 | ||
385 | #[no_mangle] | |
386 | pub extern "C" fn rs_rdp_state_new() -> *mut std::os::raw::c_void { | |
387 | let state = RdpState::new(); | |
388 | let boxed = Box::new(state); | |
389 | return unsafe { std::mem::transmute(boxed) }; | |
390 | } | |
391 | ||
392 | #[no_mangle] | |
393 | pub extern "C" fn rs_rdp_state_free(state: *mut std::os::raw::c_void) { | |
394 | let _drop: Box<RdpState> = unsafe { std::mem::transmute(state) }; | |
395 | } | |
396 | ||
397 | #[no_mangle] | |
398 | pub extern "C" fn rs_rdp_state_tx_free( | |
399 | state: *mut std::os::raw::c_void, | |
400 | tx_id: u64, | |
401 | ) { | |
402 | let state = cast_pointer!(state, RdpState); | |
403 | state.free_tx(tx_id); | |
404 | } | |
405 | ||
406 | // | |
407 | // detection state | |
408 | // | |
409 | ||
410 | export_tx_get_detect_state!(rs_rdp_tx_get_detect_state, RdpTransaction); | |
411 | export_tx_set_detect_state!(rs_rdp_tx_set_detect_state, RdpTransaction); | |
412 | ||
413 | // | |
414 | // probe | |
415 | // | |
416 | ||
417 | /// probe for T.123 type identifier, as each message is encapsulated in T.123 | |
418 | fn probe_rdp(input: &[u8]) -> bool { | |
419 | input.len() > 0 && input[0] == TpktVersion::T123 as u8 | |
420 | } | |
421 | ||
422 | /// probe for T.123 message, whether to client or to server | |
423 | #[no_mangle] | |
424 | pub extern "C" fn rs_rdp_probe_ts_tc( | |
425 | _flow: *const Flow, | |
426 | _direction: u8, | |
427 | input: *const u8, | |
428 | input_len: u32, | |
429 | _rdir: *mut u8, | |
430 | ) -> AppProto { | |
431 | if input != std::ptr::null_mut() { | |
432 | // probe bytes for `rdp` protocol pattern | |
433 | let slice = build_slice!(input, input_len as usize); | |
434 | ||
435 | // Some sessions immediately (first byte) switch to TLS/SSL, e.g. | |
436 | // https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=rdp-ssl.pcap.gz | |
437 | // but this callback will not be exercised, so `probe_tls_handshake` not needed here. | |
438 | if probe_rdp(slice) { | |
439 | return unsafe { ALPROTO_RDP }; | |
440 | } | |
441 | } | |
442 | return ALPROTO_UNKNOWN; | |
443 | } | |
444 | ||
445 | /// probe for TLS | |
446 | fn probe_tls_handshake(input: &[u8]) -> bool { | |
447 | input.len() > 0 && input[0] == u8::from(TlsRecordType::Handshake) | |
448 | } | |
449 | ||
450 | // | |
451 | // parse | |
452 | // | |
453 | ||
454 | #[no_mangle] | |
455 | pub extern "C" fn rs_rdp_parse_ts( | |
456 | _flow: *const Flow, | |
457 | state: *mut std::os::raw::c_void, | |
458 | _pstate: *mut std::os::raw::c_void, | |
459 | input: *const u8, | |
460 | input_len: u32, | |
461 | _data: *const std::os::raw::c_void, | |
462 | _flags: u8, | |
44d3f264 | 463 | ) -> AppLayerResult { |
caef8b5b ZK |
464 | let state = cast_pointer!(state, RdpState); |
465 | let buf = build_slice!(input, input_len as usize); | |
466 | // attempt to parse bytes as `rdp` protocol | |
467 | if state.parse_ts(buf) { | |
44d3f264 VJ |
468 | AppLayerResult::ok() |
469 | } else { | |
470 | // no need for further parsing | |
471 | AppLayerResult::err() | |
caef8b5b | 472 | } |
caef8b5b ZK |
473 | } |
474 | ||
475 | #[no_mangle] | |
476 | pub extern "C" fn rs_rdp_parse_tc( | |
477 | _flow: *const Flow, | |
478 | state: *mut std::os::raw::c_void, | |
479 | _pstate: *mut std::os::raw::c_void, | |
480 | input: *const u8, | |
481 | input_len: u32, | |
482 | _data: *const std::os::raw::c_void, | |
483 | _flags: u8, | |
44d3f264 | 484 | ) -> AppLayerResult { |
caef8b5b ZK |
485 | let state = cast_pointer!(state, RdpState); |
486 | let buf = build_slice!(input, input_len as usize); | |
487 | // attempt to parse bytes as `rdp` protocol | |
488 | if state.parse_tc(buf) { | |
44d3f264 VJ |
489 | AppLayerResult::ok() |
490 | } else { | |
491 | // no need for further parsing | |
492 | AppLayerResult::err() | |
caef8b5b | 493 | } |
caef8b5b ZK |
494 | } |
495 | ||
496 | // | |
497 | // registration | |
498 | // | |
499 | ||
500 | const PARSER_NAME: &'static [u8] = b"rdp\0"; | |
501 | ||
502 | #[no_mangle] | |
503 | pub unsafe extern "C" fn rs_rdp_register_parser() { | |
504 | let default_port = std::ffi::CString::new("[3389]").unwrap(); | |
505 | let parser = RustParser { | |
506 | name: PARSER_NAME.as_ptr() as *const std::os::raw::c_char, | |
507 | default_port: default_port.as_ptr(), | |
508 | ipproto: IPPROTO_TCP, | |
66632465 PA |
509 | probe_ts: Some(rs_rdp_probe_ts_tc), |
510 | probe_tc: Some(rs_rdp_probe_ts_tc), | |
caef8b5b ZK |
511 | min_depth: 0, |
512 | max_depth: 16, | |
513 | state_new: rs_rdp_state_new, | |
514 | state_free: rs_rdp_state_free, | |
515 | tx_free: rs_rdp_state_tx_free, | |
516 | parse_ts: rs_rdp_parse_ts, | |
517 | parse_tc: rs_rdp_parse_tc, | |
518 | get_tx_count: rs_rdp_state_get_tx_count, | |
519 | get_tx: rs_rdp_state_get_tx, | |
520 | tx_get_comp_st: rs_rdp_tx_get_progress_complete, | |
521 | tx_get_progress: rs_rdp_tx_get_progress, | |
caef8b5b ZK |
522 | get_de_state: rs_rdp_tx_get_detect_state, |
523 | set_de_state: rs_rdp_tx_set_detect_state, | |
524 | get_events: None, | |
525 | get_eventinfo: None, | |
526 | get_eventinfo_byid: None, | |
527 | localstorage_new: None, | |
528 | localstorage_free: None, | |
caef8b5b ZK |
529 | get_files: None, |
530 | get_tx_iterator: None, | |
cde49ec2 JI |
531 | get_tx_detect_flags: None, |
532 | set_tx_detect_flags: None, | |
411f428a | 533 | get_tx_data: None, |
5665fc83 | 534 | apply_tx_config: None, |
caef8b5b ZK |
535 | }; |
536 | ||
537 | let ip_proto_str = std::ffi::CString::new("tcp").unwrap(); | |
538 | ||
539 | if AppLayerProtoDetectConfProtoDetectionEnabled( | |
540 | ip_proto_str.as_ptr(), | |
541 | parser.name, | |
542 | ) != 0 | |
543 | { | |
544 | let alproto = AppLayerRegisterProtocolDetection(&parser, 1); | |
545 | ALPROTO_RDP = alproto; | |
546 | if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) | |
547 | != 0 | |
548 | { | |
549 | let _ = AppLayerRegisterParser(&parser, alproto); | |
550 | } | |
551 | } | |
552 | } | |
553 | ||
554 | #[cfg(test)] | |
555 | mod tests { | |
556 | use super::*; | |
e68dfa46 | 557 | use crate::rdp::parser::{RdpCookie, X224ConnectionRequest}; |
caef8b5b ZK |
558 | |
559 | #[test] | |
560 | fn test_probe_rdp() { | |
561 | let buf: &[u8] = &[0x03, 0x00]; | |
562 | assert_eq!(true, probe_rdp(&buf)); | |
563 | } | |
564 | ||
565 | #[test] | |
566 | fn test_probe_rdp_other() { | |
567 | let buf: &[u8] = &[0x04, 0x00]; | |
568 | assert_eq!(false, probe_rdp(&buf)); | |
569 | } | |
570 | ||
571 | #[test] | |
572 | fn test_probe_tls_handshake() { | |
573 | let buf: &[u8] = &[0x16, 0x00]; | |
574 | assert_eq!(true, probe_tls_handshake(&buf)); | |
575 | } | |
576 | ||
577 | #[test] | |
578 | fn test_probe_tls_handshake_other() { | |
579 | let buf: &[u8] = &[0x17, 0x00]; | |
580 | assert_eq!(false, probe_tls_handshake(&buf)); | |
581 | } | |
582 | ||
583 | #[test] | |
584 | fn test_parse_ts_rdp() { | |
585 | let buf_1: &[u8] = &[0x03, 0x00, 0x00, 0x25, 0x20, 0xe0, 0x00, 0x00]; | |
586 | let buf_2: &[u8] = &[ | |
587 | 0x00, 0x00, 0x00, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x3a, 0x20, | |
588 | 0x6d, 0x73, 0x74, 0x73, 0x68, 0x61, 0x73, 0x68, 0x3d, 0x75, 0x73, | |
589 | 0x65, 0x72, 0x31, 0x32, 0x33, 0x0d, 0x0a, | |
590 | ]; | |
591 | let mut state = RdpState::new(); | |
592 | assert_eq!(true, state.parse_ts(&buf_1)); | |
593 | assert_eq!(0, state.transactions.len()); | |
594 | assert_eq!(true, state.parse_ts(&buf_2)); | |
595 | assert_eq!(1, state.transactions.len()); | |
596 | let item = | |
597 | RdpTransactionItem::X224ConnectionRequest(X224ConnectionRequest { | |
598 | cdt: 0, | |
599 | dst_ref: 0, | |
600 | src_ref: 0, | |
601 | class: 0, | |
602 | options: 0, | |
603 | cookie: Some(RdpCookie { | |
604 | mstshash: String::from("user123"), | |
605 | }), | |
606 | negotiation_request: None, | |
607 | data: Vec::new(), | |
608 | }); | |
609 | assert_eq!(item, state.transactions[0].item); | |
610 | } | |
611 | ||
612 | #[test] | |
613 | fn test_parse_ts_other() { | |
614 | let buf: &[u8] = &[0x03, 0x00, 0x00, 0x01, 0x00]; | |
615 | let mut state = RdpState::new(); | |
616 | assert_eq!(false, state.parse_ts(&buf)); | |
617 | } | |
618 | ||
619 | #[test] | |
620 | fn test_parse_tc_rdp() { | |
621 | let buf_1: &[u8] = &[0x03, 0x00, 0x00, 0x09, 0x02]; | |
622 | let buf_2: &[u8] = &[0xf0, 0x80, 0x7f, 0x66]; | |
623 | let mut state = RdpState::new(); | |
624 | assert_eq!(true, state.parse_tc(&buf_1)); | |
625 | assert_eq!(0, state.transactions.len()); | |
626 | assert_eq!(true, state.parse_tc(&buf_2)); | |
627 | assert_eq!(1, state.transactions.len()); | |
628 | let item = | |
629 | RdpTransactionItem::McsConnectResponse(McsConnectResponse {}); | |
630 | assert_eq!(item, state.transactions[0].item); | |
631 | } | |
632 | ||
633 | #[test] | |
634 | fn test_parse_tc_other() { | |
635 | let buf: &[u8] = &[0x03, 0x00, 0x00, 0x01, 0x00]; | |
636 | let mut state = RdpState::new(); | |
637 | assert_eq!(false, state.parse_tc(&buf)); | |
638 | } | |
639 | ||
640 | #[test] | |
641 | fn test_state_new_tx() { | |
642 | let mut state = RdpState::new(); | |
643 | let item0 = RdpTransactionItem::McsConnectRequest(McsConnectRequest { | |
644 | children: Vec::new(), | |
645 | }); | |
646 | let item1 = RdpTransactionItem::McsConnectRequest(McsConnectRequest { | |
647 | children: Vec::new(), | |
648 | }); | |
649 | let tx0 = state.new_tx(item0); | |
650 | let tx1 = state.new_tx(item1); | |
651 | assert_eq!(2, state.next_id); | |
652 | state.transactions.push(tx0); | |
653 | state.transactions.push(tx1); | |
654 | assert_eq!(2, state.transactions.len()); | |
655 | assert_eq!(0, state.transactions[0].id); | |
656 | assert_eq!(1, state.transactions[1].id); | |
657 | assert_eq!(false, state.tls_parsing); | |
658 | assert_eq!(false, state.bypass_parsing); | |
659 | } | |
660 | ||
661 | #[test] | |
662 | fn test_state_get_tx() { | |
663 | let mut state = RdpState::new(); | |
664 | let item0 = RdpTransactionItem::McsConnectRequest(McsConnectRequest { | |
665 | children: Vec::new(), | |
666 | }); | |
667 | let item1 = RdpTransactionItem::McsConnectRequest(McsConnectRequest { | |
668 | children: Vec::new(), | |
669 | }); | |
670 | let item2 = RdpTransactionItem::McsConnectRequest(McsConnectRequest { | |
671 | children: Vec::new(), | |
672 | }); | |
673 | let tx0 = state.new_tx(item0); | |
674 | let tx1 = state.new_tx(item1); | |
675 | let tx2 = state.new_tx(item2); | |
676 | state.transactions.push(tx0); | |
677 | state.transactions.push(tx1); | |
678 | state.transactions.push(tx2); | |
679 | assert_eq!(Some(&state.transactions[1]), state.get_tx(1)); | |
680 | } | |
681 | ||
682 | #[test] | |
683 | fn test_state_free_tx() { | |
684 | let mut state = RdpState::new(); | |
685 | let item0 = RdpTransactionItem::McsConnectRequest(McsConnectRequest { | |
686 | children: Vec::new(), | |
687 | }); | |
688 | let item1 = RdpTransactionItem::McsConnectRequest(McsConnectRequest { | |
689 | children: Vec::new(), | |
690 | }); | |
691 | let item2 = RdpTransactionItem::McsConnectRequest(McsConnectRequest { | |
692 | children: Vec::new(), | |
693 | }); | |
694 | let tx0 = state.new_tx(item0); | |
695 | let tx1 = state.new_tx(item1); | |
696 | let tx2 = state.new_tx(item2); | |
697 | state.transactions.push(tx0); | |
698 | state.transactions.push(tx1); | |
699 | state.transactions.push(tx2); | |
700 | state.free_tx(1); | |
701 | assert_eq!(3, state.next_id); | |
702 | assert_eq!(2, state.transactions.len()); | |
703 | assert_eq!(0, state.transactions[0].id); | |
704 | assert_eq!(2, state.transactions[1].id); | |
705 | assert_eq!(None, state.get_tx(1)); | |
706 | } | |
707 | } |