pub pad: u8,
pub padleft: u16,
pub tx_id: u64,
- pub ts_gap: bool,
- pub tc_gap: bool,
- pub ts_ssn_gap: bool,
- pub tc_ssn_gap: bool,
+ ts_gap: bool,
+ tc_gap: bool,
+ ts_ssn_gap: bool,
+ tc_ssn_gap: bool,
pub flow: Option<*const Flow>,
state_data: AppLayerStateData,
}
None
}
- pub fn parse_data_gap(&mut self, direction: Direction) -> AppLayerResult {
- match direction {
- Direction::ToServer => {
- self.ts_gap = true;
- self.ts_ssn_gap = true;
- },
- Direction::ToClient => {
- self.tc_gap = true;
- self.tc_ssn_gap = true;
- },
- }
- AppLayerResult::ok()
- }
-
- pub fn post_gap_housekeeping(&mut self, dir: Direction) {
+ fn post_gap_housekeeping(&mut self, dir: Direction) {
SCLogDebug!("ts ssn gap: {:?}, tc ssn gap: {:?}, dir: {:?}", self.ts_ssn_gap, self.tc_ssn_gap, dir);
if self.ts_ssn_gap && dir == Direction::ToServer {
for tx in &mut self.transactions {
stub_len
}
-#[no_mangle]
-pub extern "C" fn rs_parse_dcerpc_request_gap(
- state: &mut DCERPCState,
- _input_len: u32,
-) -> AppLayerResult {
- state.parse_data_gap(Direction::ToServer)
-}
-
-#[no_mangle]
-pub extern "C" fn rs_parse_dcerpc_response_gap(
- state: &mut DCERPCState,
- _input_len: u32,
-) -> AppLayerResult {
- state.parse_data_gap(Direction::ToClient)
-}
-
-#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_parse_request(
+unsafe extern "C" fn parse_request(
flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void,
AppLayerResult::err()
}
-#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_parse_response(
+unsafe extern "C" fn parse_response(
flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void,
AppLayerResult::err()
}
-#[no_mangle]
-pub extern "C" fn rs_dcerpc_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
+extern "C" fn state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
let state = DCERPCState::new();
let boxed = Box::new(state);
return Box::into_raw(boxed) as *mut _;
}
-#[no_mangle]
-pub extern "C" fn rs_dcerpc_state_free(state: *mut std::os::raw::c_void) {
+extern "C" fn state_free(state: *mut std::os::raw::c_void) {
std::mem::drop(unsafe { Box::from_raw(state as *mut DCERPCState)} );
}
-#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_state_transaction_free(state: *mut std::os::raw::c_void, tx_id: u64) {
+unsafe extern "C" fn state_transaction_free(state: *mut std::os::raw::c_void, tx_id: u64) {
let dce_state = cast_pointer!(state, DCERPCState);
SCLogDebug!("freeing tx {}", tx_id);
dce_state.free_tx(tx_id);
}
-#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_get_tx(
+ unsafe extern "C" fn get_tx(
vtx: *mut std::os::raw::c_void, tx_id: u64,
) -> *mut std::os::raw::c_void {
let dce_state = cast_pointer!(vtx, DCERPCState);
}
}
-#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u64 {
+unsafe extern "C" fn get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u64 {
let dce_state = cast_pointer!(vtx, DCERPCState);
dce_state.tx_id
}
-#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_get_alstate_progress(tx: *mut std::os::raw::c_void, direction: u8
+pub(super) unsafe extern "C" fn get_alstate_progress(tx: *mut std::os::raw::c_void, direction: u8
)-> std::os::raw::c_int {
let tx = cast_pointer!(tx, DCERPCTransaction);
if direction == Direction::ToServer.into() && tx.req_done {
return 0;
}
-#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_get_tx_data(
+unsafe extern "C" fn get_tx_data(
tx: *mut std::os::raw::c_void)
-> *mut AppLayerTxData
{
}
#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_get_stub_data(
+pub unsafe extern "C" fn SCDcerpcGetStubData(
tx: &mut DCERPCTransaction, buf: *mut *const u8, len: *mut u32, endianness: *mut u8, dir: u8,
) {
match dir.into() {
}
}
-pub unsafe extern "C" fn rs_dcerpc_probe_tcp(_f: *const Flow, direction: u8, input: *const u8,
+unsafe extern "C" fn probe_tcp(_f: *const Flow, direction: u8, input: *const u8,
len: u32, rdir: *mut u8) -> AppProto
{
SCLogDebug!("Probing packet for DCERPC");
unsafe {
if AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_DCERPC,
b"|05 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0,
- Direction::ToServer.into(), rs_dcerpc_probe_tcp, 0, 0) < 0 {
+ Direction::ToServer.into(), probe_tcp, 0, 0) < 0 {
SCLogDebug!("TOSERVER => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
return -1;
}
if AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_DCERPC,
b"|05 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0,
- Direction::ToClient.into(), rs_dcerpc_probe_tcp, 0, 0) < 0 {
+ Direction::ToClient.into(), probe_tcp, 0, 0) < 0 {
SCLogDebug!("TOCLIENT => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
return -1;
}
0
}
-export_state_data_get!(rs_dcerpc_get_state_data, DCERPCState);
+export_state_data_get!(get_state_data, DCERPCState);
// Parser name as a C style string.
pub const PARSER_NAME: &[u8] = b"dcerpc\0";
#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_register_parser() {
+pub unsafe extern "C" fn SCRegisterDcerpcParser() {
let parser = RustParser {
name: PARSER_NAME.as_ptr() as *const std::os::raw::c_char,
default_port: std::ptr::null(),
probe_tc: None,
min_depth: 0,
max_depth: 16,
- state_new: rs_dcerpc_state_new,
- state_free: rs_dcerpc_state_free,
- tx_free: rs_dcerpc_state_transaction_free,
- parse_ts: rs_dcerpc_parse_request,
- parse_tc: rs_dcerpc_parse_response,
- get_tx_count: rs_dcerpc_get_tx_cnt,
- get_tx: rs_dcerpc_get_tx,
+ state_new,
+ state_free,
+ tx_free: state_transaction_free,
+ parse_ts: parse_request,
+ parse_tc: parse_response,
+ get_tx_count: get_tx_cnt,
+ get_tx,
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
- tx_get_progress: rs_dcerpc_get_alstate_progress,
+ tx_get_progress: get_alstate_progress,
get_eventinfo: None,
get_eventinfo_byid : None,
localstorage_new: None,
localstorage_free: None,
get_tx_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<DCERPCState, DCERPCTransaction>),
- get_tx_data: rs_dcerpc_get_tx_data,
- get_state_data: rs_dcerpc_get_state_data,
+ get_tx_data,
+ get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
get_frame_id_by_name: Some(DCERPCFrameType::ffi_id_from_name),
use crate::applayer::{self, *};
use crate::dcerpc::dcerpc::{
DCERPCTransaction, DCERPC_MAX_TX, DCERPC_TYPE_REQUEST, DCERPC_TYPE_RESPONSE, PFCL1_FRAG, PFCL1_LASTFRAG,
- rs_dcerpc_get_alstate_progress, ALPROTO_DCERPC, PARSER_NAME,
+ get_alstate_progress, ALPROTO_DCERPC, PARSER_NAME,
};
use crate::direction::{Direction, DIR_BOTH};
use crate::flow::Flow;
}
}
-#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_udp_parse(
+unsafe extern "C" fn parse(
_flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void,
AppLayerResult::err()
}
-#[no_mangle]
-pub extern "C" fn rs_dcerpc_udp_state_free(state: *mut std::os::raw::c_void) {
+extern "C" fn state_free(state: *mut std::os::raw::c_void) {
std::mem::drop(unsafe { Box::from_raw(state as *mut DCERPCUDPState) });
}
-#[no_mangle]
-pub extern "C" fn rs_dcerpc_udp_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
+extern "C" fn state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
let state = DCERPCUDPState::new();
let boxed = Box::new(state);
return Box::into_raw(boxed) as *mut _;
}
-#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_udp_state_transaction_free(
+unsafe extern "C" fn state_transaction_free(
state: *mut std::os::raw::c_void, tx_id: u64,
) {
let dce_state = cast_pointer!(state, DCERPCUDPState);
dce_state.free_tx(tx_id);
}
-#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_udp_get_tx_data(
+unsafe extern "C" fn get_tx_data(
tx: *mut std::os::raw::c_void)
-> *mut AppLayerTxData
{
return &mut tx.tx_data;
}
-#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_udp_get_tx(
+unsafe extern "C" fn get_tx(
state: *mut std::os::raw::c_void, tx_id: u64,
) -> *mut std::os::raw::c_void {
let dce_state = cast_pointer!(state, DCERPCUDPState);
}
}
-#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_udp_get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u64 {
+unsafe extern "C" fn get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u64 {
let dce_state = cast_pointer!(vtx, DCERPCUDPState);
dce_state.tx_id
}
}
}
-pub unsafe extern "C" fn rs_dcerpc_probe_udp(_f: *const Flow, direction: u8, input: *const u8,
+unsafe extern "C" fn probe_udp(_f: *const Flow, direction: u8, input: *const u8,
len: u32, rdir: *mut u8) -> AppProto
{
SCLogDebug!("Probing the packet for DCERPC/UDP");
unsafe {
if AppLayerProtoDetectPMRegisterPatternCSwPP(core::IPPROTO_UDP, ALPROTO_DCERPC,
b"|04 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0,
- Direction::ToServer.into(), rs_dcerpc_probe_udp, 0, 0) < 0 {
+ Direction::ToServer.into(), probe_udp, 0, 0) < 0 {
SCLogDebug!("TOSERVER => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
return -1;
}
0
}
-export_state_data_get!(rs_dcerpc_udp_get_state_data, DCERPCUDPState);
+export_state_data_get!(get_state_data, DCERPCUDPState);
#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_udp_register_parser() {
+pub unsafe extern "C" fn SCRegisterDcerpcUdpParser() {
let parser = RustParser {
name: PARSER_NAME.as_ptr() as *const std::os::raw::c_char,
default_port: std::ptr::null(),
probe_tc: None,
min_depth: 0,
max_depth: 16,
- state_new: rs_dcerpc_udp_state_new,
- state_free: rs_dcerpc_udp_state_free,
- tx_free: rs_dcerpc_udp_state_transaction_free,
- parse_ts: rs_dcerpc_udp_parse,
- parse_tc: rs_dcerpc_udp_parse,
- get_tx_count: rs_dcerpc_udp_get_tx_cnt,
- get_tx: rs_dcerpc_udp_get_tx,
+ state_new,
+ state_free,
+ tx_free: state_transaction_free,
+ parse_ts: parse,
+ parse_tc: parse,
+ get_tx_count: get_tx_cnt,
+ get_tx,
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
- tx_get_progress: rs_dcerpc_get_alstate_progress,
+ tx_get_progress: get_alstate_progress,
get_eventinfo: None,
get_eventinfo_byid: None,
localstorage_new: None,
localstorage_free: None,
get_tx_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<DCERPCUDPState, DCERPCTransaction>),
- get_tx_data: rs_dcerpc_udp_get_tx_data,
- get_state_data: rs_dcerpc_udp_get_state_data,
+ get_tx_data,
+ get_state_data,
apply_tx_config: None,
flags: 0,
get_frame_id_by_name: None,
}
#[no_mangle]
-pub extern "C" fn rs_dcerpc_iface_match(
+pub extern "C" fn SCDcerpcIfaceMatch(
tx: &DCERPCTransaction, state: &mut DCERPCState, if_data: &mut DCEIfaceData,
) -> u8 {
let first_req_seen = tx.get_first_req_seen();
}
#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_iface_parse(carg: *const c_char) -> *mut c_void {
+pub unsafe extern "C" fn SCDcerpcIfaceParse(carg: *const c_char) -> *mut c_void {
if carg.is_null() {
return std::ptr::null_mut();
}
}
#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_iface_free(ptr: *mut c_void) {
+pub unsafe extern "C" fn SCDcerpcIfaceFree(ptr: *mut c_void) {
if !ptr.is_null() {
std::mem::drop(Box::from_raw(ptr as *mut DCEIfaceData));
}
}
#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_opnum_match(
+pub unsafe extern "C" fn SCDcerpcOpnumMatch(
tx: &DCERPCTransaction, opnum_data: &mut DCEOpnumData,
) -> u8 {
let first_req_seen = tx.get_first_req_seen();
}
#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_opnum_parse(carg: *const c_char) -> *mut c_void {
+pub unsafe extern "C" fn SCDcerpcOpnumParse(carg: *const c_char) -> *mut c_void {
if carg.is_null() {
return std::ptr::null_mut();
}
}
#[no_mangle]
-pub unsafe extern "C" fn rs_dcerpc_opnum_free(ptr: *mut c_void) {
+pub unsafe extern "C" fn SCDcerpcOpnumFree(ptr: *mut c_void) {
if !ptr.is_null() {
std::mem::drop(Box::from_raw(ptr as *mut DCEOpnumData));
}
}
#[no_mangle]
-pub extern "C" fn rs_dcerpc_log_json_record_tcp(
+pub extern "C" fn SCDcerpcLogJsonRecordTcp(
state: &DCERPCState, tx: &DCERPCTransaction, jsb: &mut JsonBuilder,
) -> bool {
log_dcerpc_header_tcp(jsb, state, tx).is_ok()
}
#[no_mangle]
-pub extern "C" fn rs_dcerpc_log_json_record_udp(
+pub extern "C" fn SCDcerpcLogJsonRecordUdp(
state: &DCERPCUDPState, tx: &DCERPCTransaction, jsb: &mut JsonBuilder,
) -> bool {
log_dcerpc_header_udp(jsb, state, tx).is_ok()
vect
}
-pub fn parse_uuid(i: &[u8]) -> IResult<&[u8], Uuid> {
+fn parse_uuid(i: &[u8]) -> IResult<&[u8], Uuid> {
let (i, time_low) = take(4_usize)(i)?;
let (i, time_mid) = take(2_usize)(i)?;
let (i, time_hi_and_version) = take(2_usize)(i)?;
Ok((i, uuid))
}
-pub fn parse_dcerpc_udp_header(i: &[u8]) -> IResult<&[u8], DCERPCHdrUdp> {
+pub(super) fn parse_dcerpc_udp_header(i: &[u8]) -> IResult<&[u8], DCERPCHdrUdp> {
let (i, rpc_vers) = le_u8(i)?;
let (i, pkt_type) = le_u8(i)?;
let (i, flags1) = le_u8(i)?;
Ok((i, header))
}
-pub fn parse_dcerpc_bindack_result(i: &[u8]) -> IResult<&[u8], DCERPCBindAckResult> {
+pub(super) fn parse_dcerpc_bindack_result(i: &[u8]) -> IResult<&[u8], DCERPCBindAckResult> {
let (i, ack_result) = le_u16(i)?;
let (i, ack_reason) = le_u16(i)?;
let (i, transfer_syntax) = take(16_usize)(i)?;
Ok((i, result))
}
-pub fn parse_dcerpc_bindack(i: &[u8]) -> IResult<&[u8], DCERPCBindAck> {
+pub(super) fn parse_dcerpc_bindack(i: &[u8]) -> IResult<&[u8], DCERPCBindAck> {
let (i, _max_xmit_frag) = le_u16(i)?;
let (i, _max_recv_frag) = le_u16(i)?;
let (i, _assoc_group) = take(4_usize)(i)?;
Ok((i, result))
}
-pub fn parse_bindctx_item(i: &[u8], endianness: Endianness) -> IResult<&[u8], BindCtxItem> {
+pub(super) fn parse_bindctx_item(i: &[u8], endianness: Endianness) -> IResult<&[u8], BindCtxItem> {
let (i, ctxid) = u16(endianness)(i)?;
let (i, _num_trans_items) = le_u8(i)?;
let (i, _) = take(1_usize)(i)?; // Reserved bit
Ok((i, result))
}
-pub fn parse_dcerpc_bind(i: &[u8]) -> IResult<&[u8], DCERPCBind> {
+pub(super) fn parse_dcerpc_bind(i: &[u8]) -> IResult<&[u8], DCERPCBind> {
let (i, _max_xmit_frag) = le_u16(i)?;
let (i, _max_recv_frag) = le_u16(i)?;
let (i, _assoc_group_id) = le_u32(i)?;
Ok((i, result))
}
-pub fn parse_dcerpc_header(i: &[u8]) -> IResult<&[u8], DCERPCHdr> {
+pub(super) fn parse_dcerpc_header(i: &[u8]) -> IResult<&[u8], DCERPCHdr> {
let (i, rpc_vers) = le_u8(i)?;
let (i, rpc_vers_minor) = le_u8(i)?;
let (i, hdrtype) = le_u8(i)?;
Ok((i, header))
}
-pub fn parse_dcerpc_request(i: &[u8], endianness: Endianness) -> IResult<&[u8], DCERPCRequest> {
+pub(super) fn parse_dcerpc_request(i: &[u8], endianness: Endianness) -> IResult<&[u8], DCERPCRequest> {
let (i, _pad) = take(4_usize)(i)?;
let (i, ctxid) = u16(endianness)(i)?;
let (i, opnum) = u16(endianness)(i)?;
RegisterHTPParsers();
RegisterSSLParsers();
- rs_dcerpc_register_parser();
- rs_dcerpc_udp_register_parser();
+ SCRegisterDcerpcParser();
+ SCRegisterDcerpcUdpParser();
RegisterSMBParsers();
RegisterFTPParsers();
RegisterSSHParsers();
if (f->alproto == ALPROTO_DCERPC) {
// TODO check if state is NULL
- return rs_dcerpc_iface_match(txv, state, (void *)m);
+ return SCDcerpcIfaceMatch(txv, state, (void *)m);
}
int ret = 0;
if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0)
return -1;
- void *did = rs_dcerpc_iface_parse(arg);
+ void *did = SCDcerpcIfaceParse(arg);
if (did == NULL) {
SCLogError("Error parsing dce_iface option in "
"signature");
{
SCEnter();
if (ptr != NULL) {
- rs_dcerpc_iface_free(ptr);
+ SCDcerpcIfaceFree(ptr);
}
SCReturn;
}
SCEnter();
if (f->alproto == ALPROTO_DCERPC) {
- return rs_dcerpc_opnum_match(txv, (void *)m);
+ return SCDcerpcOpnumMatch(txv, (void *)m);
}
if (rs_smb_tx_match_dce_opnum(txv, (void *)m) != 1)
/**
* \brief Creates a SigMatch for the "dce_opnum" keyword being sent as argument,
- * and appends it to the rs_dcerpc_opnum_matchSignature(s).
+ * and appends it to the SCDcerpcOpnumMatchSignature(s).
*
* \param de_ctx Pointer to the detection engine context.
* \param s Pointer to signature for the current Signature being parsed
if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0)
return -1;
- void *dod = rs_dcerpc_opnum_parse(arg);
+ void *dod = SCDcerpcOpnumParse(arg);
if (dod == NULL) {
SCLogError("Error parsing dce_opnum option in "
"signature");
{
SCEnter();
if (ptr != NULL) {
- rs_dcerpc_opnum_free(ptr);
+ SCDcerpcOpnumFree(ptr);
}
SCReturn;
}
const uint8_t *data = NULL;
uint8_t endianness;
- rs_dcerpc_get_stub_data(txv, &data, &data_len, &endianness, flow_flags);
+ SCDcerpcGetStubData(txv, &data, &data_len, &endianness, flow_flags);
if (data == NULL || data_len == 0)
return NULL;
jb_get_mark(jb, &mark);
jb_open_object(jb, "dcerpc");
if (p->proto == IPPROTO_TCP) {
- if (!rs_dcerpc_log_json_record_tcp(state, tx, jb)) {
+ if (!SCDcerpcLogJsonRecordTcp(state, tx, jb)) {
jb_restore_mark(jb, &mark);
}
} else {
- if (!rs_dcerpc_log_json_record_udp(state, tx, jb)) {
+ if (!SCDcerpcLogJsonRecordUdp(state, tx, jb)) {
jb_restore_mark(jb, &mark);
}
}
jb_open_object(jb, "dcerpc");
if (p->proto == IPPROTO_TCP) {
- if (!rs_dcerpc_log_json_record_tcp(state, tx, jb)) {
+ if (!SCDcerpcLogJsonRecordTcp(state, tx, jb)) {
goto error;
}
} else {
- if (!rs_dcerpc_log_json_record_udp(state, tx, jb)) {
+ if (!SCDcerpcLogJsonRecordUdp(state, tx, jb)) {
goto error;
}
}
projects / thirdparty / suricata.git / commitdiff
