alert mqtt any any -> any any (msg:"SURICATA MQTT invalid QOS level"; app-layer-event:mqtt.invalid_qos_level; classtype:protocol-command-decode; sid:2229006; rev:1;)
alert mqtt any any -> any any (msg:"SURICATA MQTT missing message ID"; app-layer-event:mqtt.missing_msg_id; classtype:protocol-command-decode; sid:2229007; rev:1;)
alert mqtt any any -> any any (msg:"SURICATA MQTT unassigned message type (0 or >15)"; app-layer-event:mqtt.unassigned_msg_type; classtype:protocol-command-decode; sid:2229008; rev:1;)
+alert mqtt any any -> any any (msg:"SURICATA MQTT malformed traffic"; app-layer-event:mqtt.malformed_traffic; classtype:protocol-command-decode; sid:2229010; rev:1;)
InvalidQosLevel,
MissingMsgId,
UnassignedMsgtype,
+ MalformedTraffic,
}
#[derive(Debug)]
impl MQTTTransaction {
pub fn new(msg: MQTTMessage) -> MQTTTransaction {
- let mut m = MQTTTransaction {
+ let mut m = MQTTTransaction::new_empty();
+ m.msg.push(msg);
+ return m;
+ }
+
+ pub fn new_empty() -> MQTTTransaction {
+ return MQTTTransaction {
tx_id: 0,
pkt_id: None,
complete: false,
events: std::ptr::null_mut(),
tx_data: applayer::AppLayerTxData::new(),
};
- m.msg.push(msg);
- return m;
}
pub fn free(&mut self) {
return AppLayerResult::incomplete(consumed as u32, (current.len() + 1) as u32);
}
Err(_) => {
+ self.set_event_notx(MQTTEvent::MalformedTraffic, false);
return AppLayerResult::err();
}
}
return AppLayerResult::incomplete(consumed as u32, (current.len() + 1) as u32);
}
Err(_) => {
+ self.set_event_notx(MQTTEvent::MalformedTraffic, true);
return AppLayerResult::err();
}
}
return None;
}
+
+ fn set_event_notx(&mut self, event: MQTTEvent, toclient: bool) {
+ let mut tx = MQTTTransaction::new_empty();
+ self.tx_id += 1;
+ tx.tx_id = self.tx_id;
+ if toclient {
+ tx.toclient = true;
+ } else {
+ tx.toserver = true;
+ }
+ tx.complete = true;
+ MQTTState::set_event(&mut tx, event);
+ self.transactions.push(tx);
+ }
}
// C exports.
MQTTEvent::InvalidQosLevel => { "invalid_qos_level\0" },
MQTTEvent::MissingMsgId => { "missing_msg_id\0" },
MQTTEvent::UnassignedMsgtype => { "unassigned_msg_type\0" },
+ MQTTEvent::MalformedTraffic => { "malformed_traffic\0" },
};
unsafe{
*event_name = estr.as_ptr() as *const std::os::raw::c_char;
"invalid_qos_level" => MQTTEvent::InvalidQosLevel as i32,
"missing_msg_id" => MQTTEvent::MissingMsgId as i32,
"unassigned_msg_type" => MQTTEvent::UnassignedMsgtype as i32,
+ "malformed_traffic" => MQTTEvent::MalformedTraffic as i32,
_ => -1, // unknown event
}
},
projects / thirdparty / suricata.git / commitdiff
