pgsql: add unknonwn frontend message type

author Juliana Fajardini <jufajardini@oisf.net>

Mon, 27 Nov 2023 20:22:19 +0000 (17:22 -0300)

committer Victor Julien <victor@inliniac.net>

Fri, 8 Dec 2023 20:15:42 +0000 (21:15 +0100)
author Juliana Fajardini <jufajardini@oisf.net>
Mon, 27 Nov 2023 20:22:19 +0000 (17:22 -0300)
committer Victor Julien <victor@inliniac.net>
Fri, 8 Dec 2023 20:15:42 +0000 (21:15 +0100)
diff --git a/rust/src/pgsql/logger.rs b/rust/src/pgsql/logger.rs

index 03b1ad0f4677a2a1dfa462ab99bc435fd1c2d409..57a3e526709c37ec27ae22aeb04054dfbb36b423 100644 (file)
--- a/rust/src/pgsql/logger.rs
+++ b/rust/src/pgsql/logger.rs
@@ -102,6 +102,13 @@ fn log_request(req: &PgsqlFEMessage, flags: u32) -> Result<JsonBuilder, JsonErro
          }) => {
              js.set_string("message", req.to_str())?;
          }
+        PgsqlFEMessage::UnknownMessageType(RegularPacket {
+            identifier: _,
+            length: _,
+            payload: _,
+        }) => {
+            // We don't want to log these, for now. Cf redmine: #6576
+        }
      }
      js.close()?;
      Ok(js)
diff --git a/rust/src/pgsql/parser.rs b/rust/src/pgsql/parser.rs

index ae07d5d5a0788400ccb1c2ff4eec705614baa893..27ea3217e88ced5196cbb8eda7d8d61b1fb18f79 100644 (file)
--- a/rust/src/pgsql/parser.rs
+++ b/rust/src/pgsql/parser.rs
@@ -320,6 +320,7 @@ pub enum PgsqlFEMessage {
      SASLResponse(RegularPacket),
      SimpleQuery(RegularPacket),
      Terminate(TerminationMessage),
+    UnknownMessageType(RegularPacket),
  }
  
  impl PgsqlFEMessage {
@@ -332,6 +333,7 @@ impl PgsqlFEMessage {
              PgsqlFEMessage::SASLResponse(_) => "sasl_response",
              PgsqlFEMessage::SimpleQuery(_) => "simple_query",
              PgsqlFEMessage::Terminate(_) => "termination_message",
+            PgsqlFEMessage::UnknownMessageType(_) => "unknown_message_type",
          }
      }
  }
@@ -673,7 +675,17 @@ pub fn parse_request(i: &[u8]) -> IResult<&[u8], PgsqlFEMessage> {
          b'\0' => pgsql_parse_startup_packet(i)?,
          b'Q' => parse_simple_query(i)?,
          b'X' => parse_terminate_message(i)?,
-        _ => return Err(Err::Error(make_error(i, ErrorKind::Switch))),
+        _ => {
+            let (i, identifier) = be_u8(i)?;
+            let (i, length) = verify(be_u32, |&x| x > PGSQL_LENGTH_FIELD)(i)?;
+            let (i, payload) = take(length - PGSQL_LENGTH_FIELD)(i)?;
+            let unknown = PgsqlFEMessage::UnknownMessageType (RegularPacket{
+                identifier,
+                length,
+                payload: payload.to_vec(),
+            });
+            (i, unknown)
+        }
      };
      Ok((i, message))
  }
diff --git a/rust/src/pgsql/pgsql.rs b/rust/src/pgsql/pgsql.rs

index f5fbebc8f950e5d08315f7042b551b6b1589560b..fa19785ff9e1ee9c54590597caa91ae01d7c7a49 100644 (file)
--- a/rust/src/pgsql/pgsql.rs
+++ b/rust/src/pgsql/pgsql.rs
@@ -284,6 +284,11 @@ impl PgsqlState {
                  SCLogDebug!("Match: Terminate message");
                  Some(PgsqlStateProgress::ConnectionTerminated)
              }
+            PgsqlFEMessage::UnknownMessageType(_) => {
+                SCLogDebug!("Match: Unknown message type");
+                // Not changing state when we don't know the message
+                None
+            }
          }
      }
author	Juliana Fajardini <jufajardini@oisf.net>
	Mon, 27 Nov 2023 20:22:19 +0000 (17:22 -0300)
committer	Victor Julien <victor@inliniac.net>
	Fri, 8 Dec 2023 20:15:42 +0000 (21:15 +0100)
rust/src/pgsql/logger.rs		patch \| blob \| blame \| history
rust/src/pgsql/parser.rs		patch \| blob \| blame \| history
rust/src/pgsql/pgsql.rs		patch \| blob \| blame \| history