]> git.ipfire.org Git - people/ms/suricata.git/blob - rust/src/ssh/detect.rs
projects / people / ms / suricata.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
rust/ssh: add hassh generation
[people/ms/suricata.git] / rust / src / ssh / detect.rs
1 /* Copyright (C) 2020 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18 use super::ssh::SSHTransaction;
19 use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
20 use std::ptr;
21
22 #[no_mangle]
23 pub extern "C" fn rs_ssh_tx_get_protocol(
24 tx: *mut std::os::raw::c_void, buffer: *mut *const u8, buffer_len: *mut u32, direction: u8,
25 ) -> u8 {
26 let tx = cast_pointer!(tx, SSHTransaction);
27 match direction {
28 STREAM_TOSERVER => {
29 let m = &tx.cli_hdr.protover;
30 if m.len() > 0 {
31 unsafe {
32 *buffer = m.as_ptr();
33 *buffer_len = m.len() as u32;
34 }
35 return 1;
36 }
37 }
38 STREAM_TOCLIENT => {
39 let m = &tx.srv_hdr.protover;
40 if m.len() > 0 {
41 unsafe {
42 *buffer = m.as_ptr();
43 *buffer_len = m.len() as u32;
44 }
45 return 1;
46 }
47 }
48 _ => {}
49 }
50 unsafe {
51 *buffer = ptr::null();
52 *buffer_len = 0;
53 }
54
55 return 0;
56 }
57
58 #[no_mangle]
59 pub extern "C" fn rs_ssh_tx_get_software(
60 tx: *mut std::os::raw::c_void, buffer: *mut *const u8, buffer_len: *mut u32, direction: u8,
61 ) -> u8 {
62 let tx = cast_pointer!(tx, SSHTransaction);
63 match direction {
64 STREAM_TOSERVER => {
65 let m = &tx.cli_hdr.swver;
66 if m.len() > 0 {
67 unsafe {
68 *buffer = m.as_ptr();
69 *buffer_len = m.len() as u32;
70 }
71 return 1;
72 }
73 }
74 STREAM_TOCLIENT => {
75 let m = &tx.srv_hdr.swver;
76 if m.len() > 0 {
77 unsafe {
78 *buffer = m.as_ptr();
79 *buffer_len = m.len() as u32;
80 }
81 return 1;
82 }
83 }
84 _ => {}
85 }
86 unsafe {
87 *buffer = ptr::null();
88 *buffer_len = 0;
89 }
90
91 return 0;
92 }
93
94 #[no_mangle]
95 pub extern "C" fn rs_ssh_tx_get_hassh(
96 tx: *mut std::os::raw::c_void,
97 buffer: *mut *const u8,
98 buffer_len: *mut u32,
99 direction: u8,
100 ) -> u8 {
101 let tx = cast_pointer!(tx, SSHTransaction);
102 match direction {
103 STREAM_TOSERVER => {
104 let m = &tx.cli_hdr.hassh;
105 if m.len() > 0 {
106 unsafe {
107 *buffer = m.as_ptr();
108 *buffer_len = m.len() as u32;
109 }
110 return 1;
111 }
112 }
113 STREAM_TOCLIENT => {
114 let m = &tx.srv_hdr.hassh;
115 if m.len() > 0 {
116 unsafe {
117 *buffer = m.as_ptr();
118 *buffer_len = m.len() as u32;
119 }
120 return 1;
121 }
122 }
123 _ => {}
124 }
125 unsafe {
126 *buffer = ptr::null();
127 *buffer_len = 0;
128 }
129
130 return 0;
131 }
132
133 #[no_mangle]
134 pub extern "C" fn rs_ssh_tx_get_hassh_string(
135 tx: *mut std::os::raw::c_void,
136 buffer: *mut *const u8,
137 buffer_len: *mut u32,
138 direction: u8,
139 ) -> u8 {
140 let tx = cast_pointer!(tx, SSHTransaction);
141 match direction {
142 STREAM_TOSERVER => {
143 let m = &tx.cli_hdr.hassh_string;
144 if m.len() > 0 {
145 unsafe {
146 *buffer = m.as_ptr();
147 *buffer_len = m.len() as u32;
148 }
149 return 1;
150 }
151 }
152 STREAM_TOCLIENT => {
153 let m = &tx.srv_hdr.hassh_string;
154 if m.len() > 0 {
155 unsafe {
156 *buffer = m.as_ptr();
157 *buffer_len = m.len() as u32;
158 }
159 return 1;
160 }
161 }
162 _ => {}
163 }
164 unsafe {
165 *buffer = ptr::null();
166 *buffer_len = 0;
167 }
168
169 return 0;
170 }
Michael's tree of suricata