[people/ms/suricata.git] / rust / src / smb / events.rs

/* Copyright (C) 2018 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

use core::*;
use log::*;
use smb::smb::*;

#[repr(u32)]
pub enum SMBEvent {
    InternalError = 0,
    MalformedData = 1,
    RecordOverflow = 2,
    MalformedNtlmsspRequest = 3,
    MalformedNtlmsspResponse = 4,
    DuplicateNegotiate = 5,
    NegotiateMalformedDialects = 6,
}

impl SMBEvent {
    pub fn from_i32(value: i32) -> Option<SMBEvent> {
        match value {
            0 => Some(SMBEvent::InternalError),
            1 => Some(SMBEvent::MalformedData),
            2 => Some(SMBEvent::RecordOverflow),
            3 => Some(SMBEvent::MalformedNtlmsspRequest),
            4 => Some(SMBEvent::MalformedNtlmsspResponse),
            5 => Some(SMBEvent::DuplicateNegotiate),
            6 => Some(SMBEvent::NegotiateMalformedDialects),
            _ => None,
        }
    }
}

pub fn smb_str_to_event(instr: &str) -> i32 {
    SCLogDebug!("checking {}", instr);
    match instr {
        "internal_error"                => SMBEvent::InternalError as i32,
        "malformed_data"                => SMBEvent::MalformedData as i32,
        "record_overflow"               => SMBEvent::RecordOverflow as i32,
        "malformed_ntlmssp_request"     => SMBEvent::MalformedNtlmsspRequest as i32,
        "malformed_ntlmssp_response"    => SMBEvent::MalformedNtlmsspResponse as i32,
        "duplicate_negotiate"           => SMBEvent::DuplicateNegotiate as i32,
        "negotiate_malformed_dialects"  => SMBEvent::NegotiateMalformedDialects as i32,
        _ => -1,
    }
}

impl SMBTransaction {
    /// Set event.
    pub fn set_event(&mut self, e: SMBEvent) {
        sc_app_layer_decoder_events_set_event_raw(&mut self.events, e as u8);
    }

    /// Set events from vector of events.
    pub fn set_events(&mut self, events: Vec<SMBEvent>) {
        for e in events {
            sc_app_layer_decoder_events_set_event_raw(&mut self.events, e as u8);
        }
    }
}

impl SMBState {
    /// Set an event. The event is set on the most recent transaction.
    pub fn set_event(&mut self, event: SMBEvent) {
        let len = self.transactions.len();
        if len == 0 {
            return;
        }

        let tx = &mut self.transactions[len - 1];
        tx.set_event(event);
        //sc_app_layer_decoder_events_set_event_raw(&mut tx.events, event as u8);
    }
}
Commit	Line	Data
75d7c9d6 VJ	1	/* Copyright (C) 2018 Open Information Security Foundation
	2	*
	3	* You can copy, redistribute or modify this Program under the terms of
	4	* the GNU General Public License version 2 as published by the Free
	5	* Software Foundation.
	6	*
	7	* This program is distributed in the hope that it will be useful,
	8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	10	* GNU General Public License for more details.
	11	*
	12	* You should have received a copy of the GNU General Public License
	13	* version 2 along with this program; if not, write to the Free Software
	14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
	15	* 02110-1301, USA.
	16	*/
	17
	18	use core::*;
	19	use log::*;
	20	use smb::smb::*;
	21
	22	#[repr(u32)]
	23	pub enum SMBEvent {
	24	InternalError = 0,
	25	MalformedData = 1,
	26	RecordOverflow = 2,
	27	MalformedNtlmsspRequest = 3,
	28	MalformedNtlmsspResponse = 4,
	29	DuplicateNegotiate = 5,
1d4aac1d	30	NegotiateMalformedDialects = 6,
75d7c9d6 VJ	31	}
75d7c9d6 VJ	32
9ccc28ba JL	33	impl SMBEvent {
	34	pub fn from_i32(value: i32) -> Option<SMBEvent> {
	35	match value {
	36	0 => Some(SMBEvent::InternalError),
	37	1 => Some(SMBEvent::MalformedData),
	38	2 => Some(SMBEvent::RecordOverflow),
	39	3 => Some(SMBEvent::MalformedNtlmsspRequest),
	40	4 => Some(SMBEvent::MalformedNtlmsspResponse),
	41	5 => Some(SMBEvent::DuplicateNegotiate),
	42	6 => Some(SMBEvent::NegotiateMalformedDialects),
	43	_ => None,
	44	}
	45	}
	46	}
	47
75d7c9d6 VJ	48	pub fn smb_str_to_event(instr: &str) -> i32 {
	49	SCLogDebug!("checking {}", instr);
	50	match instr {
	51	"internal_error" => SMBEvent::InternalError as i32,
	52	"malformed_data" => SMBEvent::MalformedData as i32,
	53	"record_overflow" => SMBEvent::RecordOverflow as i32,
	54	"malformed_ntlmssp_request" => SMBEvent::MalformedNtlmsspRequest as i32,
	55	"malformed_ntlmssp_response" => SMBEvent::MalformedNtlmsspResponse as i32,
	56	"duplicate_negotiate" => SMBEvent::DuplicateNegotiate as i32,
1d4aac1d	57	"negotiate_malformed_dialects" => SMBEvent::NegotiateMalformedDialects as i32,
75d7c9d6 VJ	58	_ => -1,
	59	}
	60	}
	61
	62	impl SMBTransaction {
	63	/// Set event.
	64	pub fn set_event(&mut self, e: SMBEvent) {
	65	sc_app_layer_decoder_events_set_event_raw(&mut self.events, e as u8);
	66	}
	67
	68	/// Set events from vector of events.
	69	pub fn set_events(&mut self, events: Vec<SMBEvent>) {
	70	for e in events {
	71	sc_app_layer_decoder_events_set_event_raw(&mut self.events, e as u8);
	72	}
	73	}
	74	}
	75
	76	impl SMBState {
	77	/// Set an event. The event is set on the most recent transaction.
	78	pub fn set_event(&mut self, event: SMBEvent) {
	79	let len = self.transactions.len();
	80	if len == 0 {
	81	return;
	82	}
	83
	84	let tx = &mut self.transactions[len - 1];
	85	tx.set_event(event);
	86	//sc_app_layer_decoder_events_set_event_raw(&mut tx.events, event as u8);
	87	}
	88	}