}
};
- match asn1_parse_rule(&arg) {
+ match asn1_parse_rule(arg) {
Ok((_rest, data)) => {
let mut data = data;
}
}
let parsed = self.handle_common_stub(
- &input,
+ input,
(input.len() - leftover_input.len()) as u16,
core::STREAM_TOSERVER,
);
// Check if header data was complete. In case of EoF or incomplete data, wait for more
// data else return error
if self.bytes_consumed < DCERPC_HDR_LEN && input_len > 0 {
- parsed = self.process_header(&buffer);
+ parsed = self.process_header(buffer);
if parsed == -1 {
self.extend_buffer(buffer, direction);
return AppLayerResult::ok();
}
let input_slice = &input[..stub_len as usize];
- stub_data_buffer.extend_from_slice(&input_slice);
+ stub_data_buffer.extend_from_slice(input_slice);
stub_len
}
0x69, 0x00,
];
let mut dcerpc_state = DCERPCState::new();
- assert_eq!(16, dcerpc_state.process_header(&request));
+ assert_eq!(16, dcerpc_state.process_header(request));
assert_eq!(1008, dcerpc_state.process_request_pdu(&request[16..]));
}
let mut dcerpc_state = DCERPCState::new();
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&request, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(request, core::STREAM_TOSERVER)
);
if let Some(hdr) = dcerpc_state.header {
assert_eq!(0, hdr.hdrtype);
let mut dcerpc_state = DCERPCState::new();
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&bind1, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(bind1, core::STREAM_TOSERVER)
);
assert_eq!(
AppLayerResult::ok(), // TODO ASK if this is correct?
- dcerpc_state.handle_input_data(&bind2, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(bind2, core::STREAM_TOSERVER)
);
}
let mut dcerpc_state = DCERPCState::new();
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&bind1, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(bind1, core::STREAM_TOSERVER)
);
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&bind2, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(bind2, core::STREAM_TOSERVER)
);
if let Some(ref bind) = dcerpc_state.bind {
assert_eq!(16, bind.numctxitems);
let mut dcerpc_state = DCERPCState::new();
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&request1, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(request1, core::STREAM_TOSERVER)
);
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&request2, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(request2, core::STREAM_TOSERVER)
);
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&request3, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(request3, core::STREAM_TOSERVER)
);
let tx = &dcerpc_state.transactions[0];
assert_eq!(20, tx.stub_data_buffer_ts.len());
let mut dcerpc_state = DCERPCState::new();
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&request1, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(request1, core::STREAM_TOSERVER)
);
}
let mut dcerpc_state = DCERPCState::new();
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&request1, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(request1, core::STREAM_TOSERVER)
);
}
let mut dcerpc_state = DCERPCState::new();
assert_eq!(
AppLayerResult::err(),
- dcerpc_state.handle_input_data(&fault, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(fault, core::STREAM_TOSERVER)
);
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&request1, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(request1, core::STREAM_TOSERVER)
);
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&request2, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(request2, core::STREAM_TOSERVER)
);
let tx = &dcerpc_state.transactions[0];
assert_eq!(12, tx.stub_data_buffer_ts.len());
let mut dcerpc_state = DCERPCState::new();
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&request1, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(request1, core::STREAM_TOSERVER)
);
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&request2, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(request2, core::STREAM_TOSERVER)
);
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&request3, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(request3, core::STREAM_TOSERVER)
);
}
dcerpc_state.data_needed_for_dir = core::STREAM_TOCLIENT;
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&bind_ack1, core::STREAM_TOCLIENT)
+ dcerpc_state.handle_input_data(bind_ack1, core::STREAM_TOCLIENT)
);
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&bind_ack2, core::STREAM_TOCLIENT)
+ dcerpc_state.handle_input_data(bind_ack2, core::STREAM_TOCLIENT)
);
}
];
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&bindbuf, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(bindbuf, core::STREAM_TOSERVER)
);
if let Some(ref bind) = dcerpc_state.bind {
let bind_uuid = &bind.uuid_list[0].uuid;
let mut dcerpc_state = DCERPCState::new();
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&bindbuf, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(bindbuf, core::STREAM_TOSERVER)
);
}
dcerpc_state.data_needed_for_dir = core::STREAM_TOCLIENT;
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&bind_ack, core::STREAM_TOCLIENT)
+ dcerpc_state.handle_input_data(bind_ack, core::STREAM_TOCLIENT)
);
}
];
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&bind1, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(bind1, core::STREAM_TOSERVER)
);
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&bind_ack1, core::STREAM_TOCLIENT)
+ dcerpc_state.handle_input_data(bind_ack1, core::STREAM_TOCLIENT)
);
if let Some(ref back) = dcerpc_state.bindack {
assert_eq!(1, back.accepted_uuid_list.len());
}
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&bind2, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(bind2, core::STREAM_TOSERVER)
);
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&bind_ack2, core::STREAM_TOCLIENT)
+ dcerpc_state.handle_input_data(bind_ack2, core::STREAM_TOCLIENT)
);
if let Some(ref back) = dcerpc_state.bindack {
assert_eq!(1, back.accepted_uuid_list.len());
}
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&bind3, core::STREAM_TOSERVER)
+ dcerpc_state.handle_input_data(bind3, core::STREAM_TOSERVER)
);
assert_eq!(
AppLayerResult::ok(),
- dcerpc_state.handle_input_data(&bind_ack3, core::STREAM_TOCLIENT)
+ dcerpc_state.handle_input_data(bind_ack3, core::STREAM_TOCLIENT)
);
if let Some(ref back) = dcerpc_state.bindack {
assert_eq!(1, back.accepted_uuid_list.len());
match hdr.pkt_type {
DCERPC_TYPE_REQUEST => {
- tx.stub_data_buffer_ts.extend_from_slice(&input);
+ tx.stub_data_buffer_ts.extend_from_slice(input);
tx.frag_cnt_ts += 1;
if done {
tx.req_done = true;
return true;
}
DCERPC_TYPE_RESPONSE => {
- tx.stub_data_buffer_tc.extend_from_slice(&input);
+ tx.stub_data_buffer_tc.extend_from_slice(input);
tx.frag_cnt_tc += 1;
if done {
tx.resp_done = true;
}
};
- match parse_iface_data(&arg) {
+ match parse_iface_data(arg) {
Ok(detect) => Box::into_raw(Box::new(detect)) as *mut _,
Err(_) => std::ptr::null_mut(),
}
}
};
- match parse_opnum_data(&arg) {
+ match parse_opnum_data(arg) {
Ok(detect) => Box::into_raw(Box::new(detect)) as *mut _,
Err(_) => std::ptr::null_mut(),
}
}
};
- match parse_opcode(&arg) {
+ match parse_opcode(arg) {
Ok(detect) => Box::into_raw(Box::new(detect)) as *mut _,
Err(_) => std::ptr::null_mut(),
}
if cur_i.len() == 1 {
return AppLayerResult::incomplete(consumed as u32, 2 as u32);
}
- let size = match be_u16(&cur_i) as IResult<&[u8],u16> {
+ let size = match be_u16(cur_i) as IResult<&[u8],u16> {
Ok((_, len)) => len,
_ => 0
} as usize;
if cur_i.len() == 1 {
return AppLayerResult::incomplete(consumed as u32, 2 as u32);
}
- let size = match be_u16(&cur_i) as IResult<&[u8],u16> {
+ let size = match be_u16(cur_i) as IResult<&[u8],u16> {
Ok((_, len)) => len,
_ => 0
} as usize;
match &answer.data {
DNSRData::A(addr) | DNSRData::AAAA(addr) => {
- jsa.set_string("rdata", &dns_print_addr(&addr))?;
+ jsa.set_string("rdata", &dns_print_addr(addr))?;
}
DNSRData::CNAME(bytes) |
DNSRData::MX(bytes) |
DNSRData::TXT(bytes) |
DNSRData::NULL(bytes) |
DNSRData::PTR(bytes) => {
- jsa.set_string_from_bytes("rdata", &bytes)?;
+ jsa.set_string_from_bytes("rdata", bytes)?;
}
DNSRData::SOA(soa) => {
- jsa.set_object("soa", &dns_log_soa(&soa)?)?;
+ jsa.set_object("soa", &dns_log_soa(soa)?)?;
}
DNSRData::SSHFP(sshfp) => {
- jsa.set_object("sshfp", &dns_log_sshfp(&sshfp)?)?;
+ jsa.set_object("sshfp", &dns_log_sshfp(sshfp)?)?;
}
DNSRData::SRV(srv) => {
- jsa.set_object("srv", &dns_log_srv(&srv)?)?;
+ jsa.set_object("srv", &dns_log_srv(srv)?)?;
}
_ => {}
}
JsonBuilder::new_array());
}
if let Some(a) = answer_types.get_mut(&type_string) {
- a.append_string(&dns_print_addr(&addr))?;
+ a.append_string(&dns_print_addr(addr))?;
}
}
DNSRData::CNAME(bytes) |
JsonBuilder::new_array());
}
if let Some(a) = answer_types.get_mut(&type_string) {
- a.append_string_from_bytes(&bytes)?;
+ a.append_string_from_bytes(bytes)?;
}
},
DNSRData::SOA(soa) => {
JsonBuilder::new_array());
}
if let Some(a) = answer_types.get_mut(&type_string) {
- a.append_object(&dns_log_soa(&soa)?)?;
+ a.append_object(&dns_log_soa(soa)?)?;
}
},
DNSRData::SSHFP(sshfp) => {
JsonBuilder::new_array());
}
if let Some(a) = answer_types.get_mut(&type_string) {
- a.append_object(&dns_log_sshfp(&sshfp)?)?;
+ a.append_object(&dns_log_sshfp(sshfp)?)?;
}
},
DNSRData::SRV(srv) => {
JsonBuilder::new_array());
}
if let Some(a) = answer_types.get_mut(&type_string) {
- a.append_object(&dns_log_srv(&srv)?)?;
+ a.append_object(&dns_log_srv(srv)?)?;
}
},
_ => {}
match &answer.data {
DNSRData::A(addr) | DNSRData::AAAA(addr) => {
- js.set_string("rdata", &dns_print_addr(&addr))?;
+ js.set_string("rdata", &dns_print_addr(addr))?;
}
DNSRData::CNAME(bytes) |
DNSRData::MX(bytes) |
DNSRData::TXT(bytes) |
DNSRData::NULL(bytes) |
DNSRData::PTR(bytes) => {
- js.set_string_from_bytes("rdata", &bytes)?;
+ js.set_string_from_bytes("rdata", bytes)?;
}
DNSRData::SOA(soa) => {
- js.set_object("soa", &dns_log_soa(&soa)?)?;
+ js.set_object("soa", &dns_log_soa(soa)?)?;
}
DNSRData::SSHFP(sshfp) => {
- js.set_object("sshfp", &dns_log_sshfp(&sshfp)?)?;
+ js.set_object("sshfp", &dns_log_sshfp(sshfp)?)?;
}
_ => {}
}
let output = std::slice::from_raw_parts_mut(out, len as usize);
// This will panic if the sizes differ.
- output[0..len as usize - 1].copy_from_slice(&hex.as_bytes());
+ output[0..len as usize - 1].copy_from_slice(hex.as_bytes());
// Terminate the string.
output[output.len() - 1] = 0;
let output = std::slice::from_raw_parts_mut(out, len as usize);
// This will panic if the sizes differ.
- output[0..len as usize - 1].copy_from_slice(&hex.as_bytes());
+ output[0..len as usize - 1].copy_from_slice(hex.as_bytes());
// Terminate the string.
output[output.len() - 1] = 0;
let hex = format!("{:x}", &hash);
// This will panic if the sizes differ.
- output[0..len as usize - 1].copy_from_slice(&hex.as_bytes());
+ output[0..len as usize - 1].copy_from_slice(hex.as_bytes());
// Terminate the string.
output[output.len() - 1] = 0;
match unsafe {SC} {
None => panic!("BUG no suricata_config"),
Some(c) => {
- (c.FileContainerRecycle)(&self);
+ (c.FileContainerRecycle)(self);
},
}
}
Some(c) => {
SCLogDebug!("FILE {:p} OPEN flags {:04X}", &self, flags);
- let res = (c.FileOpenFile)(&self, cfg.files_sbcfg, *track_id,
+ let res = (c.FileOpenFile)(self, cfg.files_sbcfg, *track_id,
name.as_ptr(), name.len() as u16,
ptr::null(), 0u32, flags);
res
let res = match is_gap {
false => {
SCLogDebug!("appending file data");
- let r = (c.FileAppendData)(&self, *track_id,
+ let r = (c.FileAppendData)(self, *track_id,
data.as_ptr(), data.len() as u32);
r
},
true => {
SCLogDebug!("appending GAP");
- let r = (c.FileAppendGAP)(&self, *track_id,
+ let r = (c.FileAppendGAP)(self, *track_id,
data.as_ptr(), data.len() as u32);
r
},
match unsafe {SC} {
None => panic!("BUG no suricata_config"),
Some(c) => {
- let res = (c.FileCloseFile)(&self, *track_id, ptr::null(), 0u32, flags);
+ let res = (c.FileCloseFile)(self, *track_id, ptr::null(), 0u32, flags);
res
}
}
match unsafe {SC} {
None => panic!("BUG no suricata_config"),
Some(c) => {
- (c.FilePrune)(&self);
+ (c.FilePrune)(self);
}
}
}
match unsafe {SC} {
None => panic!("BUG no suricata_config"),
Some(c) => {
- (c.FileSetTx)(&self, tx_id);
+ (c.FileSetTx)(self, tx_id);
}
}
}
for i in 0..tx.frames_ts.len() {
match &tx.frames_ts[i].data {
HTTP2FrameTypeData::SETTINGS(set) => {
- if http2_detect_settings_match(&set, ctx) != 0 {
+ if http2_detect_settings_match(set, ctx) != 0 {
return 1;
}
}
for i in 0..tx.frames_tc.len() {
match &tx.frames_tc[i].data {
HTTP2FrameTypeData::SETTINGS(set) => {
- if http2_detect_settings_match(&set, ctx) != 0 {
+ if http2_detect_settings_match(set, ctx) != 0 {
return 1;
}
}
for i in 0..tx.frames_ts.len() {
match &tx.frames_ts[i].data {
HTTP2FrameTypeData::HEADERS(hd) => {
- if http2_detect_sizeupdate_match(&hd, ctx) != 0 {
+ if http2_detect_sizeupdate_match(hd, ctx) != 0 {
return 1;
}
}
for i in 0..tx.frames_tc.len() {
match &tx.frames_tc[i].data {
HTTP2FrameTypeData::HEADERS(hd) => {
- if http2_detect_sizeupdate_match(&hd, ctx) != 0 {
+ if http2_detect_sizeupdate_match(hd, ctx) != 0 {
return 1;
}
}
match &tx.frames_ts[i].data {
HTTP2FrameTypeData::HEADERS(hd) => {
if nb < pos + hd.blocks.len() as u32 {
- let ehdr = http2_escape_header(&hd, nb - pos);
+ let ehdr = http2_escape_header(hd, nb - pos);
tx.escaped.push(ehdr);
let idx = tx.escaped.len() - 1;
let value = &tx.escaped[idx];
match &tx.frames_tc[i].data {
HTTP2FrameTypeData::HEADERS(hd) => {
if nb < pos + hd.blocks.len() as u32 {
- let ehdr = http2_escape_header(&hd, nb - pos);
+ let ehdr = http2_escape_header(hd, nb - pos);
tx.escaped.push(ehdr);
let idx = tx.escaped.len() - 1;
let value = &tx.escaped[idx];
let tx = self
.transactions
.iter()
- .position(|ref tx| tx.tx_id == tx_id + 1);
+ .position(|tx| tx.tx_id == tx_id + 1);
debug_assert!(tx != None);
if let Some(idx) = tx {
let _ = self.transactions.remove(idx);
}
fn add_proposals(state: &mut IKEState, prop: &Vec<IkeV2Proposal>, direction: u8) {
- for ref p in prop {
+ for p in prop {
let transforms: Vec<IkeV2Transform> = p.transforms.iter().map(|x| x.into()).collect();
// Rule 1: warn on weak or unknown transforms
for xform in &transforms {
} else if let Some(hex_value) = &attribute.hex_value {
js.set_string(
format!("{}_raw", attribute.attribute_type).as_str(),
- &hex_value,
+ hex_value,
)?;
}
}
}
} else if tx.ike_version == 2 {
if tx.hdr.flags & IKEV2_FLAG_INITIATOR != 0 {
- jb.set_string("role", &"initiator")?;
+ jb.set_string("role", "initiator")?;
} else {
- jb.set_string("role", &"responder")?;
+ jb.set_string("role", "responder")?;
jb.set_string("alg_enc", &format!("{:?}", state.ikev2_container.alg_enc))?;
jb.set_string("alg_auth", &format!("{:?}", state.ikev2_container.alg_auth))?;
jb.set_string("alg_prf", &format!("{:?}", state.ikev2_container.alg_prf))?;
}
fn free_tx(&mut self, tx_id: u64) {
- let tx = self.transactions.iter().position(|ref tx| tx.id == tx_id + 1);
+ let tx = self.transactions.iter().position(|tx| tx.id == tx_id + 1);
debug_assert!(tx != None);
if let Some(idx) = tx {
let _ = self.transactions.remove(idx);
return std::ptr::null_mut();
}
if let Ok(arg) = CStr::from_ptr(c_arg).to_str() {
- match parse_unit_id(&arg)
- .or_else(|_| parse_function(&arg))
- .or_else(|_| parse_access(&arg))
+ match parse_unit_id(arg)
+ .or_else(|_| parse_function(arg))
+ .or_else(|_| parse_access(arg))
{
Ok(detect) => return Box::into_raw(Box::new(detect)) as *mut c_void,
Err(()) => return std::ptr::null_mut(),
if let Some(req) = &tx.request {
js.open_object("request")?;
- log_message(&req, js)?;
+ log_message(req, js)?;
js.close()?;
}
if let Some(resp) = &tx.response {
js.open_object("response")?;
- log_message(&resp, js)?;
+ log_message(resp, js)?;
js.close()?;
}
js.open_object("diagnostic")?;
js.set_uint("raw", func.raw.into())?;
js.set_string("code", &func.code.to_string())?;
- js.set_string_from_bytes("data", &data)?;
+ js.set_string_from_bytes("data", data)?;
js.close()?;
}
Data::MEI { mei_type, data } => {
js.open_object("mei")?;
js.set_uint("raw", mei_type.raw.into())?;
js.set_string("code", &mei_type.code.to_string())?;
- js.set_string_from_bytes("data", &data)?;
+ js.set_string_from_bytes("data", data)?;
js.close()?;
}
Data::Read(read) => {
js.close()?;
}
Data::ByteVec(data) => {
- js.set_string_from_bytes("data", &data)?;
+ js.set_string_from_bytes("data", data)?;
}
Data::Empty => {}
}
js.set_uint("quantity", (*quantity).into())?;
}
Read::Response(data) => {
- js.set_string_from_bytes("data", &data)?;
+ js.set_string_from_bytes("data", data)?;
}
}
} => {
js.set_uint("address", (*address).into())?;
js.set_uint("quantity", (*quantity).into())?;
- js.set_string_from_bytes("data", &data)?;
+ js.set_string_from_bytes("data", data)?;
}
Write::Mask {
address,
let mut state = ModbusState::new();
assert_eq!(
AppLayerResult::ok(),
- state.parse(&RD_COILS_REQ, Direction::ToServer)
+ state.parse(RD_COILS_REQ, Direction::ToServer)
);
assert_eq!(state.transactions.len(), 1);
assert_eq!(
AppLayerResult::ok(),
- state.parse(&RD_COILS_RESP, Direction::ToClient)
+ state.parse(RD_COILS_RESP, Direction::ToClient)
);
assert_eq!(state.transactions.len(), 1);
let mut state = ModbusState::new();
assert_eq!(
AppLayerResult::ok(),
- state.parse(&WR_MULT_REG_REQ, Direction::ToServer)
+ state.parse(WR_MULT_REG_REQ, Direction::ToServer)
);
assert_eq!(state.transactions.len(), 1);
assert_eq!(
AppLayerResult::ok(),
- state.parse(&WR_MULT_REG_RESP, Direction::ToClient)
+ state.parse(WR_MULT_REG_RESP, Direction::ToClient)
);
assert_eq!(state.transactions.len(), 1);
let mut state = ModbusState::new();
assert_eq!(
AppLayerResult::ok(),
- state.parse(&RD_WR_MULT_REG_REQ, Direction::ToServer)
+ state.parse(RD_WR_MULT_REG_REQ, Direction::ToServer)
);
assert_eq!(state.transactions.len(), 1);
assert_eq!(
AppLayerResult::ok(),
- state.parse(&RD_WR_MULT_REG_RESP, Direction::ToClient)
+ state.parse(RD_WR_MULT_REG_RESP, Direction::ToClient)
);
assert_eq!(state.transactions.len(), 1);
let mut state = ModbusState::new();
assert_eq!(
AppLayerResult::ok(),
- state.parse(&FORCE_LISTEN_ONLY_MODE, Direction::ToServer)
+ state.parse(FORCE_LISTEN_ONLY_MODE, Direction::ToServer)
);
assert_eq!(state.transactions.len(), 1);
let mut state = ModbusState::new();
assert_eq!(
AppLayerResult::ok(),
- state.parse(&INVALID_PROTO_REQ, Direction::ToServer)
+ state.parse(INVALID_PROTO_REQ, Direction::ToServer)
);
assert_eq!(state.transactions.len(), 1);
let mut state = ModbusState::new();
assert_eq!(
AppLayerResult::ok(),
- state.parse(&RD_COILS_RESP, Direction::ToClient)
+ state.parse(RD_COILS_RESP, Direction::ToClient)
);
assert_eq!(state.transactions.len(), 1);
let mut state = ModbusState::new();
assert_eq!(
AppLayerResult::incomplete(15, 4),
- state.parse(&INVALID_LEN_WR_MULT_REG_REQ, Direction::ToServer)
+ state.parse(INVALID_LEN_WR_MULT_REG_REQ, Direction::ToServer)
);
assert_eq!(state.transactions.len(), 1);
let mut state = ModbusState::new();
assert_eq!(
AppLayerResult::ok(),
- state.parse(&RD_COILS_REQ, Direction::ToServer)
+ state.parse(RD_COILS_REQ, Direction::ToServer)
);
assert_eq!(state.transactions.len(), 1);
assert_eq!(
AppLayerResult::ok(),
- state.parse(&RD_COILS_ERR_RESP, Direction::ToClient)
+ state.parse(RD_COILS_ERR_RESP, Direction::ToClient)
);
assert_eq!(state.transactions.len(), 1);
assert_eq!(state.transactions.len(), 0);
assert_eq!(
AppLayerResult::ok(),
- state.parse(&RD_COILS_REQ, Direction::ToServer)
+ state.parse(RD_COILS_REQ, Direction::ToServer)
);
assert_eq!(state.transactions.len(), 1);
let mut state = ModbusState::new();
assert_eq!(
AppLayerResult::ok(),
- state.parse(&EXCEEDED_LEN_WR_MULT_REG_REQ, Direction::ToServer)
+ state.parse(EXCEEDED_LEN_WR_MULT_REG_REQ, Direction::ToServer)
);
assert_eq!(state.transactions.len(), 1);
let mut state = ModbusState::new();
assert_eq!(
AppLayerResult::ok(),
- state.parse(&INVALID_PDU_WR_MULT_REG_REQ, Direction::ToServer)
+ state.parse(INVALID_PDU_WR_MULT_REG_REQ, Direction::ToServer)
);
assert_eq!(state.transactions.len(), 1);
let mut state = ModbusState::new();
assert_eq!(
AppLayerResult::ok(),
- state.parse(&MASK_WR_REG_REQ, Direction::ToServer)
+ state.parse(MASK_WR_REG_REQ, Direction::ToServer)
);
assert_eq!(state.transactions.len(), 1);
assert_eq!(
AppLayerResult::ok(),
- state.parse(&MASK_WR_REG_RESP, Direction::ToClient)
+ state.parse(MASK_WR_REG_RESP, Direction::ToClient)
);
assert_eq!(state.transactions.len(), 1);
let mut state = ModbusState::new();
assert_eq!(
AppLayerResult::ok(),
- state.parse(&WR_SINGLE_REG_REQ, Direction::ToServer)
+ state.parse(WR_SINGLE_REG_REQ, Direction::ToServer)
);
assert_eq!(state.transactions.len(), 1);
assert_eq!(
AppLayerResult::ok(),
- state.parse(&WR_SINGLE_REG_RESP, Direction::ToClient)
+ state.parse(WR_SINGLE_REG_RESP, Direction::ToClient)
);
assert_eq!(state.transactions.len(), 1);
let mut state = ModbusState::new();
assert_eq!(
AppLayerResult::ok(),
- state.parse(&INVALID_MASK_WR_REG_REQ, Direction::ToServer)
+ state.parse(INVALID_MASK_WR_REG_REQ, Direction::ToServer)
);
assert_eq!(state.transactions.len(), 1);
assert_eq!(
AppLayerResult::ok(),
- state.parse(&MASK_WR_REG_RESP, Direction::ToClient)
+ state.parse(MASK_WR_REG_RESP, Direction::ToClient)
);
assert_eq!(state.transactions.len(), 1);
let mut state = ModbusState::new();
assert_eq!(
AppLayerResult::ok(),
- state.parse(&INVALID_WR_SINGLE_REG_REQ, Direction::ToServer)
+ state.parse(INVALID_WR_SINGLE_REG_REQ, Direction::ToServer)
);
assert_eq!(state.transactions.len(), 1);
assert_eq!(
AppLayerResult::ok(),
- state.parse(&WR_SINGLE_REG_RESP, Direction::ToClient)
+ state.parse(WR_SINGLE_REG_RESP, Direction::ToClient)
);
assert_eq!(state.transactions.len(), 1);
let mut state = ModbusState::new();
assert_eq!(
AppLayerResult::ok(),
- state.parse(&INVALID_FUNC_CODE, Direction::ToServer)
+ state.parse(INVALID_FUNC_CODE, Direction::ToServer)
);
assert_eq!(state.transactions.len(), 1);
js.set_uint("message_expiry_interval", *v as u64)?;
}
crate::mqtt::mqtt_property::MQTTProperty::CONTENT_TYPE(v) => {
- js.set_string("content_type", &v)?;
+ js.set_string("content_type", v)?;
}
crate::mqtt::mqtt_property::MQTTProperty::RESPONSE_TOPIC(v) => {
- js.set_string("response_topic", &v)?;
+ js.set_string("response_topic", v)?;
}
crate::mqtt::mqtt_property::MQTTProperty::CORRELATION_DATA(v) => {
- js.set_string_from_bytes("correlation_data", &v)?;
+ js.set_string_from_bytes("correlation_data", v)?;
}
crate::mqtt::mqtt_property::MQTTProperty::SUBSCRIPTION_IDENTIFIER(v) => {
js.set_uint("subscription_identifier", *v as u64)?;
js.set_uint("session_expiry_interval", *v as u64)?;
}
crate::mqtt::mqtt_property::MQTTProperty::ASSIGNED_CLIENT_IDENTIFIER(v) => {
- js.set_string("assigned_client_identifier", &v)?;
+ js.set_string("assigned_client_identifier", v)?;
}
crate::mqtt::mqtt_property::MQTTProperty::SERVER_KEEP_ALIVE(v) => {
js.set_uint("server_keep_alive", *v as u64)?;
}
crate::mqtt::mqtt_property::MQTTProperty::AUTHENTICATION_METHOD(v) => {
- js.set_string("authentication_method", &v)?;
+ js.set_string("authentication_method", v)?;
}
crate::mqtt::mqtt_property::MQTTProperty::AUTHENTICATION_DATA(v) => {
- js.set_string_from_bytes("authentication_data", &v)?;
+ js.set_string_from_bytes("authentication_data", v)?;
}
crate::mqtt::mqtt_property::MQTTProperty::REQUEST_PROBLEM_INFORMATION(v) => {
js.set_uint("request_problem_information", *v as u64)?;
js.set_uint("request_response_information", *v as u64)?;
}
crate::mqtt::mqtt_property::MQTTProperty::RESPONSE_INFORMATION(v) => {
- js.set_string("response_information", &v)?;
+ js.set_string("response_information", v)?;
}
crate::mqtt::mqtt_property::MQTTProperty::SERVER_REFERENCE(v) => {
- js.set_string("server_reference", &v)?;
+ js.set_string("server_reference", v)?;
}
crate::mqtt::mqtt_property::MQTTProperty::REASON_STRING(v) => {
- js.set_string("reason_string", &v)?;
+ js.set_string("reason_string", v)?;
}
crate::mqtt::mqtt_property::MQTTProperty::RECEIVE_MAXIMUM(v) => {
js.set_uint("receive_maximum", *v as u64)?;
js.set_uint("retain_available", *v as u64)?;
}
crate::mqtt::mqtt_property::MQTTProperty::USER_PROPERTY((k, v)) => {
- js.set_string(k, &v)?;
+ js.set_string(k, v)?;
}
crate::mqtt::mqtt_property::MQTTProperty::MAXIMUM_PACKET_SIZE(v) => {
js.set_uint("maximum_packet_size", *v as u64)?;
length: be_u16
>> content: take!(length)
>> (
- String::from_utf8_lossy(&content).to_string()
+ String::from_utf8_lossy(content).to_string()
)
));
props.push(val);
let curparselen = (newrem.len() - rem.len()) as u32;
proplen -= curparselen;
- newrem = &rem;
+ newrem = rem;
}
Err(e) => return Err(e),
}
// In this case we return the full input buffer, since this is
// what the skipped_length value also refers to: header _and_
// remaining length.
- return Ok((&input, msg));
+ return Ok((input, msg));
}
// We have not exceeded the maximum length limit, but still do not
{
match unsafe {SURICATA_NFS_FILE_CONFIG} {
Some(sfcm) => {
- ft.new_chunk(sfcm, files, flags, &name, data, chunk_offset,
+ ft.new_chunk(sfcm, files, flags, name, data, chunk_offset,
chunk_size, fill_bytes, is_last, xid); }
None => panic!("no SURICATA_NFS_FILE_CONFIG"),
}
SCLogDebug!("large record {}, likely file xfer", rec_size);
// quick peek, are in READ mode?
- if self.peek_reply_record(&rpc_hdr) == NFSPROC3_READ {
+ if self.peek_reply_record(rpc_hdr) == NFSPROC3_READ {
SCLogDebug!("CONFIRMED large READ record {}, likely file chunk xfer", rec_size);
// we should have enough data to parse the RPC record
match parse_nfs2_reply_read(r.prog_data) {
Ok((_, ref reply)) => {
SCLogDebug!("NFSv2: READ reply record");
- self.process_read_record(r, reply, Some(&xidmap));
+ self.process_read_record(r, reply, Some(xidmap));
nfs_status = reply.status;
},
_ => {
},
}
} else {
- let stat : u32 = match be_u32(&r.prog_data) as IResult<&[u8],_> {
+ let stat : u32 = match be_u32(r.prog_data) as IResult<&[u8],_> {
Ok((_, stat)) => stat,
_ => 0
};
};
} else if xidmap.procedure == NFSPROC3_READ {
if let Ok((_, rd)) = parse_nfs3_reply_read(r.prog_data) {
- self.process_read_record(r, &rd, Some(&xidmap));
+ self.process_read_record(r, &rd, Some(xidmap));
nfs_status = rd.status;
} else {
self.set_event(NFSEvent::MalformedData);
}
// for all other record types only parse the status
else {
- let stat : u32 = match be_u32(&r.prog_data) as IResult<&[u8],_> {
+ let stat : u32 = match be_u32(r.prog_data) as IResult<&[u8],_> {
Ok((_, stat)) => stat,
_ => 0
};
xidmap.file_name = rd.filename.to_vec();
main_opcode = NFSPROC4_CREATE;
}
- &Nfs4RequestContent::Remove(ref rd) => {
+ &Nfs4RequestContent::Remove(rd) => {
SCLogDebug!("REMOVEv4: {:?}", rd);
xidmap.file_name = rd.to_vec();
main_opcode = NFSPROC4_REMOVE;
}
if main_opcode != 0 {
- self.new_tx_v4(r, &xidmap, main_opcode, &aux_opcodes);
+ self.new_tx_v4(r, xidmap, main_opcode, &aux_opcodes);
}
}
match parse_nfs4_request_compound(data) {
Ok((_, rd)) => {
SCLogDebug!("NFSPROC4_COMPOUND: {:?}", rd);
- self.compound_request(&r, &rd, &mut xidmap);
+ self.compound_request(r, &rd, &mut xidmap);
},
Err(nom::Err::Incomplete(_n)) => {
SCLogDebug!("NFSPROC4_COMPOUND: INCOMPLETE {:?}", _n);
data_len: rd.data.len() as u32,
data: rd.data,
};
- self.process_read_record(r, &reply, Some(&xidmap));
+ self.process_read_record(r, &reply, Some(xidmap));
}
},
&Nfs4ResponseContent::Open(_s, ref rd) => {
match parse_nfs4_response_compound(data) {
Ok((_, rd)) => {
SCLogDebug!("COMPOUNDv4: {:?}", rd);
- self.compound_response(&r, &rd, xidmap);
+ self.compound_response(r, &rd, xidmap);
},
Err(nom::Err::Incomplete(_)) => {
self.set_event(NFSEvent::MalformedData);
}
fn free_tx(&mut self, tx_id: u64) {
- let tx = self.transactions.iter().position(|ref tx| tx.id == tx_id + 1);
+ let tx = self.transactions.iter().position(|tx| tx.id == tx_id + 1);
debug_assert!(tx != None);
if let Some(idx) = tx {
let _ = self.transactions.remove(idx);
if net.channels.len() > 0 {
js.open_array("channels")?;
for channel in &net.channels {
- js.append_string(&channel)?;
+ js.append_string(channel)?;
}
js.close()?;
}
return AppLayerResult::ok();
}
if self.tls_parsing {
- match parse_tls_plaintext(&available) {
+ match parse_tls_plaintext(available) {
Ok((remainder, _tls)) => {
// bytes available for futher parsing are what remain
available = remainder;
}
} else {
// every message should be encapsulated within a T.123 tpkt
- match parse_t123_tpkt(&available) {
+ match parse_t123_tpkt(available) {
// success
Ok((remainder, t123)) => {
// bytes available for futher parsing are what remain
return AppLayerResult::ok();
}
if self.tls_parsing {
- match parse_tls_plaintext(&available) {
+ match parse_tls_plaintext(available) {
Ok((remainder, tls)) => {
// bytes available for futher parsing are what remain
available = remainder;
}
} else {
// every message should be encapsulated within a T.123 tpkt
- match parse_t123_tpkt(&available) {
+ match parse_t123_tpkt(available) {
// success
Ok((remainder, t123)) => {
// bytes available for futher parsing are what remain
#[test]
fn test_probe_rdp() {
let buf: &[u8] = &[0x03, 0x00];
- assert_eq!(true, probe_rdp(&buf));
+ assert_eq!(true, probe_rdp(buf));
}
#[test]
fn test_probe_rdp_other() {
let buf: &[u8] = &[0x04, 0x00];
- assert_eq!(false, probe_rdp(&buf));
+ assert_eq!(false, probe_rdp(buf));
}
#[test]
fn test_probe_tls_handshake() {
let buf: &[u8] = &[0x16, 0x00];
- assert_eq!(true, probe_tls_handshake(&buf));
+ assert_eq!(true, probe_tls_handshake(buf));
}
#[test]
fn test_probe_tls_handshake_other() {
let buf: &[u8] = &[0x17, 0x00];
- assert_eq!(false, probe_tls_handshake(&buf));
+ assert_eq!(false, probe_tls_handshake(buf));
}
#[test]
];
let mut state = RdpState::new();
// will consume 0, request length + 1
- assert_eq!(AppLayerResult::incomplete(0, 9), state.parse_ts(&buf_1));
+ assert_eq!(AppLayerResult::incomplete(0, 9), state.parse_ts(buf_1));
assert_eq!(0, state.transactions.len());
// exactly aligns with transaction
- assert_eq!(AppLayerResult::ok(), state.parse_ts(&buf_2));
+ assert_eq!(AppLayerResult::ok(), state.parse_ts(buf_2));
assert_eq!(1, state.transactions.len());
let item = RdpTransactionItem::X224ConnectionRequest(X224ConnectionRequest {
cdt: 0,
fn test_parse_ts_other() {
let buf: &[u8] = &[0x03, 0x00, 0x00, 0x01, 0x00];
let mut state = RdpState::new();
- assert_eq!(AppLayerResult::err(), state.parse_ts(&buf));
+ assert_eq!(AppLayerResult::err(), state.parse_ts(buf));
}
#[test]
let buf_2: &[u8] = &[0x03, 0x00, 0x00, 0x09, 0x02, 0xf0, 0x80, 0x7f, 0x66];
let mut state = RdpState::new();
// will consume 0, request length + 1
- assert_eq!(AppLayerResult::incomplete(0, 6), state.parse_tc(&buf_1));
+ assert_eq!(AppLayerResult::incomplete(0, 6), state.parse_tc(buf_1));
assert_eq!(0, state.transactions.len());
// exactly aligns with transaction
- assert_eq!(AppLayerResult::ok(), state.parse_tc(&buf_2));
+ assert_eq!(AppLayerResult::ok(), state.parse_tc(buf_2));
assert_eq!(1, state.transactions.len());
let item = RdpTransactionItem::McsConnectResponse(McsConnectResponse {});
assert_eq!(item, state.transactions[0].item);
fn test_parse_tc_other() {
let buf: &[u8] = &[0x03, 0x00, 0x00, 0x01, 0x00];
let mut state = RdpState::new();
- assert_eq!(AppLayerResult::err(), state.parse_tc(&buf));
+ assert_eq!(AppLayerResult::err(), state.parse_tc(buf));
}
#[test]
}
if let Some(req_line) = &tx.request_line {
- js.set_string("request_line", &req_line)?;
+ js.set_string("request_line", req_line)?;
}
if let Some(resp) = &tx.response {
}
if let Some(resp_line) = &tx.response_line {
- js.set_string("response_line", &resp_line)?;
+ js.set_string("response_line", resp_line)?;
}
js.close()?;
let tx = self
.transactions
.iter()
- .position(|ref tx| tx.id == tx_id + 1);
+ .position(|tx| tx.id == tx_id + 1);
debug_assert!(tx != None);
if let Some(idx) = tx {
let _ = self.transactions.remove(idx);
}
}
},
- BerObjectContent::OctetString(ref os) => {
+ BerObjectContent::OctetString(os) => {
if have_kerberos {
match parse_kerberos5_request(os) {
Ok((_, t)) => {
dcer.packet_type, tx.id, tx);
if let Some(SMBTransactionTypeData::DCERPC(ref mut tdn)) = tx.type_data {
SCLogDebug!("additional frag of size {}", recr.data.len());
- tdn.stub_data_ts.extend_from_slice(&recr.data);
+ tdn.stub_data_ts.extend_from_slice(recr.data);
tdn.frag_cnt_ts += 1;
SCLogDebug!("stub_data now {}", tdn.stub_data_ts.len());
}
SCLogDebug!("DCERPC: REQUEST {:?}", recr);
if let Some(SMBTransactionTypeData::DCERPC(ref mut tdn)) = tx.type_data {
SCLogDebug!("first frag size {}", recr.data.len());
- tdn.stub_data_ts.extend_from_slice(&recr.data);
+ tdn.stub_data_ts.extend_from_slice(recr.data);
tdn.opnum = recr.opnum;
tdn.frag_cnt_ts += 1;
SCLogDebug!("DCERPC: REQUEST opnum {} stub data len {}",
if let Some(SMBTransactionTypeData::DCERPC(ref mut tdn)) = tx.type_data {
SCLogDebug!("CMD 11 found at tx {}", tx.id);
tdn.set_result(DCERPC_TYPE_RESPONSE);
- tdn.stub_data_tc.extend_from_slice(&respr.data);
+ tdn.stub_data_tc.extend_from_slice(respr.data);
tdn.frag_cnt_tc += 1;
}
tx.vercmd.set_ntstatus(ntstatus);
None => Vec::new(),
};
SCLogDebug!("indata {} prevdata {}", indata.len(), prevdata.len());
- prevdata.extend_from_slice(&indata);
+ prevdata.extend_from_slice(indata);
let data = prevdata;
let mut malformed = false;
{
match unsafe {SURICATA_SMB_FILE_CONFIG} {
Some(sfcm) => {
- ft.new_chunk(sfcm, files, flags, &name, data, chunk_offset,
+ ft.new_chunk(sfcm, files, flags, name, data, chunk_offset,
chunk_size, fill_bytes, is_last, xid); }
None => panic!("no SURICATA_SMB_FILE_CONFIG"),
}
if state.dialect != 0 {
let dialect = &smb2_dialect_string(state.dialect);
- jsb.set_string("dialect", &dialect)?;
+ jsb.set_string("dialect", dialect)?;
} else {
let dialect = match &state.dialect_vec {
- &Some(ref d) => str::from_utf8(&d).unwrap_or("invalid"),
+ &Some(ref d) => str::from_utf8(d).unwrap_or("invalid"),
&None => "unknown",
};
- jsb.set_string("dialect", &dialect)?;
+ jsb.set_string("dialect", dialect)?;
}
match tx.vercmd.get_version() {
jsb.set_string("realm", &ticket.realm.0)?;
jsb.open_array("snames")?;
for sname in ticket.sname.name_string.iter() {
- jsb.append_string(&sname)?;
+ jsb.append_string(sname)?;
}
jsb.close()?;
jsb.close()?;
if x.smb_ver == 1 {
jsb.open_array("client_dialects")?;
for d in &x.dialects {
- let dialect = String::from_utf8_lossy(&d);
+ let dialect = String::from_utf8_lossy(d);
jsb.append_string(&dialect)?;
}
jsb.close()?;
} else if x.smb_ver == 2 {
jsb.open_array("client_dialects")?;
for d in &x.dialects2 {
- let dialect = String::from_utf8_lossy(&d);
+ let dialect = String::from_utf8_lossy(d);
jsb.append_string(&dialect)?;
}
jsb.close()?;
jsb.open_object("service")?;
if let Some(ref s) = x.req_service {
- let serv = String::from_utf8_lossy(&s);
+ let serv = String::from_utf8_lossy(s);
jsb.set_string("request", &serv)?;
}
if let Some(ref s) = x.res_service {
- let serv = String::from_utf8_lossy(&s);
+ let serv = String::from_utf8_lossy(s);
jsb.set_string("response", &serv)?;
}
jsb.close()?;
0x64, 0x0b, 0x66, 0xba, 0x4a, 0xbb, 0x81, 0xe1, 0xea,
0x54, 0xae, 0xb8, 0x66];
- let result = parse_nbss_record(&buff);
+ let result = parse_nbss_record(buff);
match result {
Ok((remainder, p)) => {
assert_eq!(p.message_type, NBSS_MSGTYPE_SESSION_MESSAGE);
0x64, 0x0b, 0x66, 0xba, 0x4a, 0xbb, 0x81, 0xe1, 0xea,
0x54, 0xae, 0xb8, 0x66];
- let result_not_smb = parse_nbss_record(&buff_not_smb);
+ let result_not_smb = parse_nbss_record(buff_not_smb);
match result_not_smb {
Ok((remainder, p_not_smb)) => {
assert_eq!(p_not_smb.message_type, NBSS_MSGTYPE_SESSION_MESSAGE);
0x02, 0x08, 0xbd, 0x20, 0x02, 0x08, 0x06, 0x00,
0x02, 0x40, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00];
- let result = parse_nbss_record_partial(&buff);
+ let result = parse_nbss_record_partial(buff);
match result {
Ok((remainder, p)) => {
assert_eq!(p.message_type, NBSS_MSGTYPE_SESSION_MESSAGE);
for tx in &mut self.transactions {
let found = match tx.type_data {
Some(SMBTransactionTypeData::CREATE(ref _d)) => {
- tx.hdr.compare(&hdr)
+ tx.hdr.compare(hdr)
},
_ => { false },
};
_ => { ("UNKNOWN", false) },
};
SCLogDebug!("service {} is_dcerpc {}", name, is_dcerpc);
- (&name, is_dcerpc)
+ (name, is_dcerpc)
}
fn post_gap_housekeeping_for_files(&mut self)
Ok((output, ref nbss_part_hdr)) => {
SCLogDebug!("parse_nbss_record_partial ok, output len {}", output.len());
if nbss_part_hdr.message_type == NBSS_MSGTYPE_SESSION_MESSAGE {
- match parse_smb_version(&nbss_part_hdr.data) {
+ match parse_smb_version(nbss_part_hdr.data) {
Ok((_, ref smb)) => {
SCLogDebug!("SMB {:?}", smb);
if smb.version == 0xff_u8 { // SMB1
SCLogDebug!("SMBv1 record");
- match parse_smb_record(&nbss_part_hdr.data) {
+ match parse_smb_record(nbss_part_hdr.data) {
Ok((_, ref r)) => {
if r.command == SMB1_COMMAND_WRITE_ANDX {
// see if it's a write to a pipe. We only handle those
} else if smb.version == 0xfe_u8 { // SMB2
SCLogDebug!("NBSS record {:?}", nbss_part_hdr);
SCLogDebug!("SMBv2 record");
- match parse_smb2_request_record(&nbss_part_hdr.data) {
+ match parse_smb2_request_record(nbss_part_hdr.data) {
Ok((_, ref smb_record)) => {
SCLogDebug!("SMB2: partial record {}",
&smb2_command_string(smb_record.command));
if nbss_hdr.message_type == NBSS_MSGTYPE_SESSION_MESSAGE {
// we have the full records size worth of data,
// let's parse it
- match parse_smb_version(&nbss_hdr.data) {
+ match parse_smb_version(nbss_hdr.data) {
Ok((_, ref smb)) => {
SCLogDebug!("SMB {:?}", smb);
if smb.version == 0xff_u8 { // SMB1
SCLogDebug!("SMBv1 record");
- match parse_smb_record(&nbss_hdr.data) {
+ match parse_smb_record(nbss_hdr.data) {
Ok((_, ref smb_record)) => {
smb1_request_record(self, smb_record);
},
let mut nbss_data = nbss_hdr.data;
while nbss_data.len() > 0 {
SCLogDebug!("SMBv2 record");
- match parse_smb2_request_record(&nbss_data) {
+ match parse_smb2_request_record(nbss_data) {
Ok((nbss_data_rem, ref smb_record)) => {
SCLogDebug!("nbss_data_rem {}", nbss_data_rem.len());
let mut nbss_data = nbss_hdr.data;
while nbss_data.len() > 0 {
SCLogDebug!("SMBv3 transform record");
- match parse_smb3_transform_record(&nbss_data) {
+ match parse_smb3_transform_record(nbss_data) {
Ok((nbss_data_rem, ref _smb3_record)) => {
nbss_data = nbss_data_rem;
},
Ok((output, ref nbss_part_hdr)) => {
SCLogDebug!("parse_nbss_record_partial ok, output len {}", output.len());
if nbss_part_hdr.message_type == NBSS_MSGTYPE_SESSION_MESSAGE {
- match parse_smb_version(&nbss_part_hdr.data) {
+ match parse_smb_version(nbss_part_hdr.data) {
Ok((_, ref smb)) => {
SCLogDebug!("SMB {:?}", smb);
if smb.version == 255u8 { // SMB1
SCLogDebug!("SMBv1 record");
- match parse_smb_record(&nbss_part_hdr.data) {
+ match parse_smb_record(nbss_part_hdr.data) {
Ok((_, ref r)) => {
SCLogDebug!("SMB1: partial record {}",
r.command);
}
} else if smb.version == 254u8 { // SMB2
SCLogDebug!("SMBv2 record");
- match parse_smb2_response_record(&nbss_part_hdr.data) {
+ match parse_smb2_response_record(nbss_part_hdr.data) {
Ok((_, ref smb_record)) => {
SCLogDebug!("SMB2: partial record {}",
&smb2_command_string(smb_record.command));
if nbss_hdr.message_type == NBSS_MSGTYPE_SESSION_MESSAGE {
// we have the full records size worth of data,
// let's parse it
- match parse_smb_version(&nbss_hdr.data) {
+ match parse_smb_version(nbss_hdr.data) {
Ok((_, ref smb)) => {
SCLogDebug!("SMB {:?}", smb);
if smb.version == 0xff_u8 { // SMB1
SCLogDebug!("SMBv1 record");
- match parse_smb_record(&nbss_hdr.data) {
+ match parse_smb_record(nbss_hdr.data) {
Ok((_, ref smb_record)) => {
smb1_response_record(self, smb_record);
},
let mut nbss_data = nbss_hdr.data;
while nbss_data.len() > 0 {
SCLogDebug!("SMBv2 record");
- match parse_smb2_response_record(&nbss_data) {
+ match parse_smb2_response_record(nbss_data) {
Ok((nbss_data_rem, ref smb_record)) => {
smb2_response_record(self, smb_record);
nbss_data = nbss_data_rem;
let mut nbss_data = nbss_hdr.data;
while nbss_data.len() > 0 {
SCLogDebug!("SMBv3 transform record");
- match parse_smb3_transform_record(&nbss_data) {
+ match parse_smb3_transform_record(nbss_data) {
Ok((nbss_data_rem, ref _smb3_record)) => {
nbss_data = nbss_data_rem;
},
fn smb_probe_tcp_midstream(direction: u8, slice: &[u8], rdir: *mut u8) -> i8
{
match search_smb_record(slice) {
- Ok((_, ref data)) => {
+ Ok((_, data)) => {
SCLogDebug!("smb found");
match parse_smb_version(data) {
Ok((_, ref smb)) => {
{
// we can have created 2 txs for a FID: one for reads
// and one for writes. So close both.
- match state.get_file_tx_by_fuid(&fid, STREAM_TOSERVER) {
+ match state.get_file_tx_by_fuid(fid, STREAM_TOSERVER) {
Some((tx, files, flags)) => {
SCLogDebug!("found tx {}", tx.id);
if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
},
None => { },
}
- match state.get_file_tx_by_fuid(&fid, STREAM_TOCLIENT) {
+ match state.get_file_tx_by_fuid(fid, STREAM_TOCLIENT) {
Some((tx, files, flags)) => {
SCLogDebug!("found tx {}", tx.id);
if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
let have_tx = match command {
SMB1_COMMAND_READ_ANDX => {
- smb1_read_response_record(state, &r, *andx_offset);
+ smb1_read_response_record(state, r, *andx_offset);
true // tx handling in func
},
SMB1_COMMAND_NEGOTIATE_PROTOCOL => {
SCLogDebug!("SMBv1 TRANS TO PIPE");
let hdr = SMBCommonHdr::from1(r, SMBHDR_TYPE_HEADER);
let vercmd = SMBVerCmdStat::new1(r.command);
- smb_write_dcerpc_record(state, vercmd, hdr, &rd.data.data);
+ smb_write_dcerpc_record(state, vercmd, hdr, rd.data.data);
}
},
_ => {
SCLogDebug!("SMBv1 TRANS TO PIPE");
let hdr = SMBCommonHdr::from1(r, SMBHDR_TYPE_HEADER);
let vercmd = SMBVerCmdStat::new1_with_ntstatus(r.command, r.nt_status);
- smb_read_dcerpc_record(state, vercmd, hdr, &fid, &rd.data);
+ smb_read_dcerpc_record(state, vercmd, hdr, &fid, rd.data);
}
},
_ => {
SCLogDebug!("SMBv1 WRITE TO PIPE");
let hdr = SMBCommonHdr::from1(r, SMBHDR_TYPE_HEADER);
let vercmd = SMBVerCmdStat::new1_with_ntstatus(command, r.nt_status);
- smb_write_dcerpc_record(state, vercmd, hdr, &rd.data);
+ smb_write_dcerpc_record(state, vercmd, hdr, rd.data);
} else {
let (tx, files, flags) = state.new_file_tx(&file_fid, &file_name, STREAM_TOSERVER);
if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
// hack: we store fid with ssn id mixed in, but here we want the
// real thing instead.
let pure_fid = if file_fid.len() > 2 { &file_fid[0..2] } else { &[] };
- smb_read_dcerpc_record(state, vercmd, hdr, &pure_fid, &rd.data);
+ smb_read_dcerpc_record(state, vercmd, hdr, pure_fid, rd.data);
}
state.set_file_left(STREAM_TOCLIENT, rd.len, rd.data.len() as u32, file_fid.to_vec());
let res = SmbRecordTransRequest {
params: params, pipe: pipe, txname: n, data: recdata,
};
- Ok((&rem, res))
+ Ok((rem, res))
}
_ => { (Vec::new(), false) },
};
let mut is_dcerpc = if is_pipe || (share_name.len() == 0 && !is_pipe) {
- match state.get_service_for_guid(&wr.guid) {
+ match state.get_service_for_guid(wr.guid) {
(_, x) => x,
}
} else {
}
},
SMB2_COMMAND_WRITE => {
- smb2_write_request_record(state, &r);
+ smb2_write_request_record(state, r);
true // write handling creates both file tx and generic tx
},
SMB2_COMMAND_CLOSE => {
SMB2_COMMAND_READ => {
if r.nt_status == SMB_NTSTATUS_SUCCESS ||
r.nt_status == SMB_NTSTATUS_BUFFER_OVERFLOW {
- smb2_read_response_record(state, &r);
+ smb2_read_response_record(state, r);
false
} else if r.nt_status == SMB_NTSTATUS_END_OF_FILE {
match parse_smb2_request_ioctl(r.data) {
Ok((_, rd)) => {
SCLogDebug!("IOCTL request data: {:?}", rd);
- let is_dcerpc = rd.is_pipe && match state.get_service_for_guid(&rd.guid) {
+ let is_dcerpc = rd.is_pipe && match state.get_service_for_guid(rd.guid) {
(_, x) => x,
};
if is_dcerpc {
Ok((_, rd)) => {
SCLogDebug!("IOCTL response data: {:?}", rd);
- let is_dcerpc = rd.is_pipe && match state.get_service_for_guid(&rd.guid) {
+ let is_dcerpc = rd.is_pipe && match state.get_service_for_guid(rd.guid) {
(_, x) => x,
};
if is_dcerpc {
{
match tx.community {
Some(ref c) => {
- *buf = (&c).as_ptr();
+ *buf = c.as_ptr();
*len = c.len() as u32;
},
None => ()
}
fn free_tx(&mut self, tx_id: u64) {
- let tx = self.transactions.iter().position(|ref tx| tx.id == tx_id + 1);
+ let tx = self.transactions.iter().position(|tx| tx.id == tx_id + 1);
debug_assert!(tx != None);
if let Some(idx) = tx {
let _ = self.transactions.remove(idx);
}
fn free_tx(&mut self, tx_id: u64) {
- let tx = self.transactions.iter().position(|ref tx| tx.id == tx_id + 1);
+ let tx = self.transactions.iter().position(|tx| tx.id == tx_id + 1);
debug_assert!(tx != None);
if let Some(idx) = tx {
let _ = self.transactions.remove(idx);
projects / thirdparty / suricata.git / commitdiff
