use std;
use crate::core::{self,DetectEngineState,Flow,AppLayerEventType,AppProto,Direction};
use crate::filecontainer::FileContainer;
-use crate::applayer;
use std::os::raw::{c_void,c_char,c_int};
use crate::core::SC;
use std::ffi::CStr;
impl StreamSlice {
/// Create a StreamSlice from a Rust slice. Useful in unit tests.
+ #[cfg(test)]
pub fn from_slice(slice: &[u8], flags: u8, offset: u64) -> Self {
Self {
input: slice.as_ptr() as *const u8,
log_flags: 0,
}
}
-
- pub fn add_log_flags(&mut self, flags: u8) {
- self.log_flags |= flags;
- }
- pub fn set_log_flags(&mut self, flags: u8) {
- self.log_flags = flags;
- }
- pub fn get_log_flags(&self) -> u8 {
- self.log_flags
- }
}
#[repr(C)]
file_flags: 0,
}
}
- pub fn update_file_flags(&mut self, flags: u16) {
- self.file_flags |= flags;
- }
}
#[macro_export]
};
}
- pub fn is_ok(self) -> bool {
- self.status == 0
- }
pub fn is_incomplete(self) -> bool {
self.status == 1
}
- pub fn is_err(self) -> bool {
- self.status == -1
- }
}
impl From<bool> for AppLayerResult {
pub const APP_LAYER_TX_SKIP_INSPECT_FLAG: u64 = BIT_U64!(62);
-pub type AppLayerGetTxIteratorFn = unsafe extern "C" fn (ipproto: u8,
- alproto: AppProto,
- alstate: *mut c_void,
- min_tx_id: u64,
- max_tx_id: u64,
- istate: &mut u64) -> applayer::AppLayerGetTxIterTuple;
-
extern {
pub fn AppLayerParserStateSetFlag(state: *mut c_void, flag: u16);
pub fn AppLayerParserStateIssetFlag(state: *mut c_void, flag: u16) -> u16;
pub fn AppLayerParserSetStreamDepth(ipproto: u8, alproto: AppProto, stream_depth: u32);
pub fn AppLayerParserConfParserEnabled(ipproto: *const c_char, proto: *const c_char) -> c_int;
- pub fn AppLayerParserRegisterGetTxIterator(ipproto: u8, alproto: AppProto, fun: AppLayerGetTxIteratorFn);
- pub fn AppLayerParserRegisterOptionFlags(ipproto: u8, alproto: AppProto, flags: u32);
}
#[repr(C)]
/// Opaque C types.
pub enum DetectEngineState {}
pub enum AppLayerDecoderEvents {}
-pub enum AppLayerParserState {}
// From app-layer-events.h
pub type AppLayerEventType = std::os::raw::c_int;
None
}
- pub fn get_hdr_rpc_vers(&self) -> Option<u8> {
- debug_validate_bug_on!(self.header.is_none());
- if let Some(ref hdr) = self.header {
- return Some(hdr.rpc_vers);
- }
- // Shouldn't happen
- None
- }
-
pub fn get_hdr_call_id(&self) -> Option<u32> {
debug_validate_bug_on!(self.header.is_none());
if let Some(ref hdr) = self.header {
None
}
- pub fn handle_gap_ts(&mut self) -> u8 {
- if !self.buffer_ts.is_empty() {
- self.buffer_ts.clear();
- }
- return 0;
- }
-
- pub fn handle_gap_tc(&mut self) -> u8 {
- if !self.buffer_tc.is_empty() {
- self.buffer_tc.clear();
- }
- return 0;
- }
-
pub fn clean_buffer(&mut self, direction: Direction) {
match direction {
Direction::ToServer => {
#[derive(Copy, Clone, Debug, PartialEq, Eq)]
// endian <big|little|dce>
pub enum ByteMathEndian {
- EndianNone = 0,
+ _EndianNone = 0,
BigEndian = 1,
LittleEndian = 2,
EndianDCE = 3,
#[repr(u8)]
#[derive(Copy, Clone, Debug, PartialEq, Eq)]
pub enum ByteMathBase {
- BaseNone = 0,
+ _BaseNone = 0,
BaseOct = 8,
BaseDec = 10,
BaseHex = 16,
pub const DHCP_OPT_REQUESTED_IP: u8 = 50;
pub const DHCP_OPT_ADDRESS_TIME: u8 = 51;
pub const DHCP_OPT_TYPE: u8 = 53;
-pub const DHCP_OPT_SERVER_ID: u8 = 54;
+//unused pub const DHCP_OPT_SERVER_ID: u8 = 54;
pub const DHCP_OPT_PARAMETER_LIST: u8 = 55;
pub const DHCP_OPT_RENEWAL_TIME: u8 = 58;
pub const DHCP_OPT_REBINDING_TIME: u8 = 59;
use crate::dhcp::dhcp::*;
use nom7::bytes::streaming::take;
-use nom7::combinator::{complete, verify};
-use nom7::multi::many0;
+use nom7::combinator::verify;
use nom7::number::streaming::{be_u16, be_u32, be_u8};
use nom7::IResult;
}
}
-// Parse and return all the options. Upon the end of option indicator
-// all the data will be consumed.
-pub fn parse_all_options(i: &[u8]) -> IResult<&[u8], Vec<DHCPOption>> {
- many0(complete(parse_option))(i)
-}
-
pub fn dhcp_parse(input: &[u8]) -> IResult<&[u8], DHCPMessage> {
match parse_header(input) {
Ok((rem, header)) => {
// Support for OPT RR from RFC6891 will be needed to
// parse RCODE values over 15
pub const DNS_RCODE_BADVERS: u16 = 16;
-pub const DNS_RCODE_BADSIG: u16 = 16;
+//also pub const DNS_RCODE_BADSIG: u16 = 16;
pub const DNS_RCODE_BADKEY: u16 = 17;
pub const DNS_RCODE_BADTIME: u16 = 18;
pub const DNS_RCODE_BADMODE: u16 = 19;
use crate::dns::dns::*;
use crate::jsonbuilder::{JsonBuilder, JsonError};
-pub const LOG_QUERIES: u64 = BIT_U64!(0);
-pub const LOG_ANSWER: u64 = BIT_U64!(1);
-
pub const LOG_A: u64 = BIT_U64!(2);
pub const LOG_NS: u64 = BIT_U64!(3);
pub const LOG_MD: u64 = BIT_U64!(4);
return Ok((input, answers));
}
-/// Parse a DNS response.
-pub fn dns_parse_response(message: &[u8]) -> IResult<&[u8], DNSResponse> {
- let i = message;
- let (i, header) = dns_parse_header(i)?;
- dns_parse_response_body(i, message, header)
-}
-
pub fn dns_parse_response_body<'a>(
i: &'a [u8], message: &'a [u8], header: DNSHeader,
) -> IResult<&'a [u8], DNSResponse> {
}
}
+ /// Parse a DNS response.
+ fn dns_parse_response(message: &[u8]) -> IResult<&[u8], DNSResponse> {
+ let i = message;
+ let (i, header) = dns_parse_header(i)?;
+ dns_parse_response_body(i, message, header)
+ }
+
#[test]
fn test_dns_parse_response() {
// DNS response from dig-a-www.suricata-ids.org.pcap.
pub const FILE_USE_DETECT: u16 = BIT_U16!(13);
-// Generic file structure, so it can be used by different protocols
-#[derive(Debug, Default)]
-pub struct Files {
- pub files_ts: FileContainer,
- pub files_tc: FileContainer,
- pub flags_ts: u16,
- pub flags_tc: u16,
-}
-
-impl Files {
- pub fn get(&mut self, direction: Direction) -> (&mut FileContainer, u16)
- {
- if direction == Direction::ToServer {
- (&mut self.files_ts, self.flags_ts)
- } else {
- (&mut self.files_tc, self.flags_tc)
- }
- }
-}
-
#[repr(C)]
#[derive(Debug)]
pub struct FileContainer {
self.cur_ooo = 0;
}
- pub fn create(&mut self, _name: &[u8], _file_size: u64) {
- if self.file_open { panic!("close existing file first"); }
-
- SCLogDebug!("CREATE: name {:?} file_size {}", _name, _file_size);
- }
-
pub fn new_chunk(&mut self, config: &'static SuricataFileContext,
name: &[u8], data: &[u8], chunk_offset: u64, chunk_size: u32,
fill_bytes: u8, is_last: bool, xid: &u32) -> u32
InitNonceSent,
RespSASent,
RespKESent,
- RespNonceSent,
- RespCertReqSent,
ParsingDone,
(&InitKESent, &IkeV2PayloadContent::Nonce(_)) => InitNonceSent,
(&InitNonceSent, &IkeV2PayloadContent::SA(_)) => RespSASent,
(&RespSASent, &IkeV2PayloadContent::KE(_)) => RespKESent,
- (&RespKESent, &IkeV2PayloadContent::Nonce(_)) => ParsingDone, // RespNonceSent,
- (&RespNonceSent, &IkeV2PayloadContent::CertificateRequest(_)) => ParsingDone, // RespCertReqSent,
+ (&RespKESent, &IkeV2PayloadContent::Nonce(_)) => ParsingDone, // should go to RespNonceSent,
(&ParsingDone, _) => self.clone(),
(_, &IkeV2PayloadContent::Notify(_)) => self.clone(),
(_, &IkeV2PayloadContent::Dummy) => self.clone(),
pub enum SecBlobError {
NotSpNego,
KrbFmtError,
- KrbReqError,
Ber(BerError),
NomError(ErrorKind),
}
}
}
-pub fn to_hex_string(bytes: &[u8]) -> String {
- let mut s = String::new();
- for &b in bytes {
- s.push_str(&format!("{:02X}", b));
- }
- s
-}
-
impl Default for KRB5State {
fn default() -> Self {
Self::new()
#[repr(C)]
pub enum Level {
NotSet = -1,
- None = 0,
+ _None = 0,
Error,
- Warning,
+ _Warning,
Notice,
Info,
- Perf,
+ _Perf,
Config,
+ #[cfg(feature = "debug")]
Debug,
}
return -1;
}
-/* http://www.iana.org/assignments/rpc-authentication-numbers/rpc-authentication-numbers.xhtml */
-pub const RPCAUTH_OK: u32 = 0; // success/failed at remote end [RFC5531]
-pub const RPCAUTH_BADCRED: u32 = 1; // bad credential (seal broken) [RFC5531]
-pub const RPCAUTH_REJECTEDCRED: u32 = 2; // client must begin new session [RFC5531]
-pub const RPCAUTH_BADVERF: u32 = 3; // bad verifier (seal broken) [RFC5531]
-pub const RPCAUTH_REJECTEDVERF: u32 = 4; // verifier expired or replayed [RFC5531]
-pub const RPCAUTH_TOOWEAK: u32 = 5; // rejected for security reasons/failed locally [RFC5531]
-pub const RPCAUTH_INVALIDRESP: u32 = 6; // bogus response verifier [RFC5531]
-pub const RPCAUTH_FAILED: u32 = 7; // reason unknown/AUTH_KERB errors; deprecated. See [RFC2695] [RFC5531]
-pub const RPCAUTH_KERB_GENERIC: u32 = 8; // kerberos generic error [RFC5531]
-pub const RPCAUTH_TIMEEXPIRE: u32 = 9; // time of credential expired [RFC5531]
-pub const RPCAUTH_TKT_FILE: u32 = 10; // problem with ticket file [RFC5531]
-pub const RPCAUTH_DECODE: u32 = 11; // can't decode authenticator [RFC5531]
-pub const RPCAUTH_NET_ADDR: u32 = 12; // wrong net address in ticket/RPCSEC_GSS GSS related errors [RFC5531]
-pub const RPCSEC_GSS_CREDPROBLEM: u32 = 13; // no credentials for user [RFC5531]
-pub const RPCSEC_GSS_CTXPROBLEM: u32 = 14; // problem with context [RFC5531]
-pub const RPCSEC_GSS_INNER_CREDPROBLEM: u32 = 15; // No credentials for multi-principal assertion inner context user [RFC7861]
-pub const RPCSEC_GSS_LABEL_PROBLEM: u32 = 16; // Problem with label assertion [RFC7861]
-pub const RPCSEC_GSS_PRIVILEGE_PROBLEM: u32 = 17; // Problem with structured privilege assertion [RFC7861]
-pub const RPCSEC_GSS_UNKNOWN_MESSAGE: u32 = 18; // Unknown structured privilege assertion [RFC7861]
-
-pub fn rpc_auth_status_string(auth_status: u32) -> String {
- match auth_status {
- RPCAUTH_OK => "OK",
- RPCAUTH_BADCRED => "BADCRED",
- RPCAUTH_REJECTEDCRED => "REJECTEDCRED",
- RPCAUTH_BADVERF => "BADVERF",
- RPCAUTH_REJECTEDVERF => "REJECTEDVERF",
- RPCAUTH_TOOWEAK => "TOOWEAK",
- RPCAUTH_INVALIDRESP => "NVALIDRESP",
- RPCAUTH_FAILED => "FAILED",
- RPCAUTH_KERB_GENERIC => "KERB_GENERIC",
- RPCAUTH_TIMEEXPIRE => "TIMEEXPIRE",
- RPCAUTH_TKT_FILE => "TKT_FILE",
- RPCAUTH_DECODE => "DECODE",
- RPCAUTH_NET_ADDR => "NET_ADDR",
- RPCSEC_GSS_CREDPROBLEM => "GSS_CREDPROBLEM",
- RPCSEC_GSS_CTXPROBLEM => "GSS_CTXPROBLEM",
- RPCSEC_GSS_INNER_CREDPROBLEM => "GSS_INNER_CREDPROBLEM",
- RPCSEC_GSS_LABEL_PROBLEM => "GSS_LABEL_PROBLEM",
- RPCSEC_GSS_PRIVILEGE_PROBLEM => "GSS_PRIVILEGE_PROBLEM",
- RPCSEC_GSS_UNKNOWN_MESSAGE => "GSS_UNKNOWN_MESSAGE",
- _ => {
- return (auth_status).to_string();
- },
- }.to_string()
-}
pub const NFSPROC4_NULL: u32 = 0;
pub const NFSPROC4_COMPOUND: u32 = 1;
pub message_body: Vec<PgsqlErrorNoticeMessageField>,
}
-impl ErrorNoticeMessage {
- pub fn new(identifier: u8, length: u32) -> Self {
- ErrorNoticeMessage {
- identifier,
- length,
- message_body: Vec::new(),
- }
- }
-}
-
#[derive(Debug, PartialEq, Eq)]
pub enum SSLResponseMessage {
SSLAccepted,
InvalidResponse,
}
-impl SSLResponseMessage {
- pub fn to_str(&self) -> &'static str {
- match self {
- SSLResponseMessage::SSLAccepted => "SSL Accepted",
- SSLResponseMessage::SSLRejected => "SSL Rejected",
- SSLResponseMessage::InvalidResponse => "Invalid server response",
- }
- }
-}
-
impl From<u8> for SSLResponseMessage {
fn from(identifier: u8) -> Self {
match identifier {
use super::*;
use nom7::Needed;
+ impl ErrorNoticeMessage {
+ pub fn new(identifier: u8, length: u32) -> Self {
+ ErrorNoticeMessage {
+ identifier,
+ length,
+ message_body: Vec::new(),
+ }
+ }
+ }
+
#[test]
fn test_parse_request() {
// An SSLRequest
pub enum PgsqlStateProgress {
IdleState,
SSLRequestReceived,
- SSLAcceptedReceived,
SSLRejectedReceived,
StartupMessageReceived,
SASLAuthenticationReceived,
CommandCompletedReceived,
ErrorMessageReceived,
ConnectionTerminated,
+ #[cfg(test)]
UnknownState,
Finished,
}
/// responses, we must track State progress to decide on tx completion
fn is_tx_completed(&self) -> bool {
if let PgsqlStateProgress::ReadyForQueryReceived
- | PgsqlStateProgress::SSLAcceptedReceived
| PgsqlStateProgress::SSLRejectedReceived
| PgsqlStateProgress::SimpleAuthenticationReceived
| PgsqlStateProgress::SASLAuthenticationReceived
pub struct QuicVersion(pub u32);
impl QuicVersion {
- pub const Q039: QuicVersion = QuicVersion(0x51303339);
pub const Q043: QuicVersion = QuicVersion(0x51303433);
pub const Q044: QuicVersion = QuicVersion(0x51303434);
pub const Q045: QuicVersion = QuicVersion(0x51303435);
pub enum X224Type {
ConnectionConfirm = 0xd,
ConnectionRequest = 0xe,
- Data = 0xf,
+ _Data = 0xf,
}
/// x.224-spec, section 13.3
pub body_len: u16,
}
-#[derive(PartialEq, Eq, Debug, Clone)]
-pub enum Method {
- Register,
- Custom(String),
-}
-
#[inline]
fn is_token_char(b: u8) -> bool {
is_alphanumeric(b) || b"!%'*+-._`".contains(&b)
}
pub const NTLMSSP_NEGOTIATE: u32 = 1;
+#[cfg(feature = "debug")]
pub const NTLMSSP_CHALLENGE: u32 = 2;
pub const NTLMSSP_AUTH: u32 = 3;
+#[cfg(feature = "debug")]
pub fn ntlmssp_type_string(c: u32) -> String {
match c {
NTLMSSP_NEGOTIATE => "NTLMSSP_NEGOTIATE",
pub const SMBHDR_TYPE_OFFSET: u32 = 4;
pub const SMBHDR_TYPE_GENERICTX: u32 = 5;
pub const SMBHDR_TYPE_HEADER: u32 = 6;
-pub const SMBHDR_TYPE_MAX_SIZE: u32 = 7; // max resp size for SMB1_COMMAND_TRANS
+//unused pub const SMBHDR_TYPE_MAX_SIZE: u32 = 7; // max resp size for SMB1_COMMAND_TRANS
pub const SMBHDR_TYPE_TRANS_FRAG: u32 = 8;
pub const SMBHDR_TYPE_TREE: u32 = 9;
pub const SMBHDR_TYPE_DCERPCTX: u32 = 10;
return tx_ref.unwrap();
}
- pub fn get_create_tx_by_hdr(&mut self, hdr: &SMBCommonHdr)
- -> Option<&mut SMBTransaction>
- {
- for tx in &mut self.transactions {
- let found = match tx.type_data {
- Some(SMBTransactionTypeData::CREATE(ref _d)) => {
- tx.hdr.compare(hdr)
- },
- _ => { false },
- };
-
- if found {
- SCLogDebug!("SMB: Found SMB create TX with ID {}", tx.id);
- return Some(tx);
- }
- }
- SCLogDebug!("SMB: Failed to find SMB create TX with key {:?}", hdr);
- return None;
- }
-
pub fn get_service_for_guid(&self, guid: &[u8]) -> (&'static str, bool)
{
let (name, is_dcerpc) = match self.guid2name_map.get(&guid.to_vec()) {
pub fn has_unicode_support(&self) -> bool {
self.flags2 & 0x8000_u16 != 0
}
- pub fn is_dos_error(&self) -> bool {
- self.flags2 & 0x4000_u16 != 0
- }
/// Return true if record is a request.
pub fn is_request(&self) -> bool {
}
impl<'a> Smb2Record<'a> {
- pub fn is_async(&self) -> bool {
- self.async_id != 0
- }
-
pub fn is_request(&self) -> bool {
self.direction == 0
}
tx_data: AppLayerTxData,
}
-impl SSHTransaction {
- pub fn new() -> SSHTransaction {
- Default::default()
- }
-}
-
#[derive(Default)]
pub struct SSHState {
state_data: AppLayerStateData,
tx_data: AppLayerTxData,
}
-impl TelnetTransaction {
- pub fn new() -> Self {
- Default::default()
- }
-}
-
impl Transaction for TelnetTransaction {
fn id(&self) -> u64 {
self.tx_id
self.transactions.iter().find(|tx| tx.tx_id == tx_id + 1)
}
- fn _new_tx(&mut self) -> TelnetTransaction {
- let mut tx = TelnetTransaction::new();
- self.tx_id += 1;
- tx.tx_id = self.tx_id;
- return tx;
- }
-
fn _find_request(&mut self) -> Option<&mut TelnetTransaction> {
// TODO
None
#[repr(u32)]
pub enum X509DecodeError {
- Success = 0,
+ _Success = 0,
/// Generic decoding error
InvalidCert,
/// Some length does not match, or certificate is incomplete
projects / thirdparty / suricata.git / commitdiff
