From: Jason Ish Date: Thu, 9 Jan 2020 22:21:54 +0000 (-0600) Subject: dns: cleanup: move event callbacks into Rust X-Git-Tag: suricata-6.0.0-beta1~664 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1b44f839e67f1b96289b91d8980119e21ec1d5e2;p=thirdparty%2Fsuricata.git dns: cleanup: move event callbacks into Rust Remove app-layer-dns-common.c as its no longer needed. --- diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 3626f5b442..855a4ce326 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -127,10 +127,82 @@ const MAX_TRANSACTIONS: usize = 32; #[repr(u32)] pub enum DNSEvent { - MalformedData, - NotRequest, - NotResponse, - ZFlagSet, + MalformedData = 0, + NotRequest = 1, + NotResponse = 2, + ZFlagSet = 3, +} + +impl DNSEvent { + pub fn to_cstring(&self) -> &str { + match *self { + DNSEvent::MalformedData => "MALFORMED_DATA\0", + DNSEvent::NotRequest => "NOT_A_REQUEST\0", + DNSEvent::NotResponse => "NOT_A_RESPONSE\0", + DNSEvent::ZFlagSet => "Z_FLAG_SET\0", + } + } + + pub fn from_id(id: u32) -> Option { + match id { + 0 => Some(DNSEvent::MalformedData), + 1 => Some(DNSEvent::NotRequest), + 2 => Some(DNSEvent::NotResponse), + 4 => Some(DNSEvent::ZFlagSet), + _ => None, + } + } + + pub fn from_string(s: &str) -> Option { + match s.to_lowercase().as_ref() { + "malformed_data" => Some(DNSEvent::MalformedData), + "not_a_request" => Some(DNSEvent::NotRequest), + "not_a_response" => Some(DNSEvent::NotRequest), + "z_flag_set" => Some(DNSEvent::ZFlagSet), + _ => None + } + } +} + +#[no_mangle] +pub unsafe extern "C" fn rs_dns_state_get_event_info_by_id( + event_id: std::os::raw::c_int, + event_name: *mut *const std::os::raw::c_char, + event_type: *mut core::AppLayerEventType, +) -> std::os::raw::c_int { + if let Some(e) = DNSEvent::from_id(event_id as u32) { + *event_name = e.to_cstring().as_ptr() as *const std::os::raw::c_char; + *event_type = core::APP_LAYER_EVENT_TYPE_TRANSACTION; + return 0; + } + return -1; +} + +#[no_mangle] +pub unsafe extern "C" fn rs_dns_state_get_event_info( + event_name: *const std::os::raw::c_char, + event_id: *mut std::os::raw::c_int, + event_type: *mut core::AppLayerEventType +) -> std::os::raw::c_int { + if event_name == std::ptr::null() { + return -1; + } + + let event_name = std::ffi::CStr::from_ptr(event_name); + if let Ok(event_name) = event_name.to_str() { + if let Some(event) = DNSEvent::from_string(event_name) { + *event_id = event as std::os::raw::c_int; + *event_type = core::APP_LAYER_EVENT_TYPE_TRANSACTION; + } else { + // Unknown event... + return -1; + } + } else { + // UTF-8 conversion failed. Should not happen. + return -1; + } + + return 0; } #[derive(Debug,PartialEq)] diff --git a/src/Makefile.am b/src/Makefile.am index b0e9cf4050..fcdc43ab4a 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -18,7 +18,7 @@ app-layer-dcerpc-udp.c app-layer-dcerpc-udp.h \ app-layer-detect-proto.c app-layer-detect-proto.h \ app-layer-dnp3.c app-layer-dnp3.h \ app-layer-dnp3-objects.c app-layer-dnp3-objects.h \ -app-layer-dns-common.c app-layer-dns-common.h \ +app-layer-dns-common.h \ app-layer-dns-tcp.c app-layer-dns-tcp.h \ app-layer-dns-udp.c app-layer-dns-udp.h \ app-layer-enip.c app-layer-enip.h \ diff --git a/src/app-layer-dns-common.c b/src/app-layer-dns-common.c deleted file mode 100644 index 7d1b4072e0..0000000000 --- a/src/app-layer-dns-common.c +++ /dev/null @@ -1,80 +0,0 @@ -/* Copyright (C) 2013-2014 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Victor Julien - */ - -#include "suricata-common.h" -#include "app-layer-dns-common.h" - -SCEnumCharMap dns_decoder_event_table[ ] = { - { "MALFORMED_DATA", DNS_DECODER_EVENT_MALFORMED_DATA, }, - { "NOT_A_REQUEST", DNS_DECODER_EVENT_NOT_A_REQUEST, }, - { "NOT_A_RESPONSE", DNS_DECODER_EVENT_NOT_A_RESPONSE, }, - { "Z_FLAG_SET", DNS_DECODER_EVENT_Z_FLAG_SET, }, - - { NULL, -1 }, -}; - -int DNSStateGetEventInfo(const char *event_name, - int *event_id, AppLayerEventType *event_type) -{ - *event_id = SCMapEnumNameToValue(event_name, dns_decoder_event_table); - if (*event_id == -1) { - SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in " - "dns's enum map table.", event_name); - /* this should be treated as fatal */ - return -1; - } - - *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; - - return 0; -} - -int DNSStateGetEventInfoById(int event_id, const char **event_name, - AppLayerEventType *event_type) -{ - *event_name = SCMapEnumValueToName(event_id, dns_decoder_event_table); - if (*event_name == NULL) { - SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in " - "dns's enum map table.", event_id); - /* this should be treated as fatal */ - return -1; - } - - *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; - - return 0; -} - -void DNSAppLayerRegisterGetEventInfo(uint8_t ipproto, AppProto alproto) -{ - AppLayerParserRegisterGetEventInfo(ipproto, alproto, DNSStateGetEventInfo); - - return; -} - -void DNSAppLayerRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto) -{ - AppLayerParserRegisterGetEventInfoById(ipproto, alproto, DNSStateGetEventInfoById); - - return; -} diff --git a/src/app-layer-dns-common.h b/src/app-layer-dns-common.h index 1f3e7e122b..0085c5dbda 100644 --- a/src/app-layer-dns-common.h +++ b/src/app-layer-dns-common.h @@ -27,13 +27,6 @@ #include "app-layer-protos.h" #include "app-layer-parser.h" -enum { - DNS_DECODER_EVENT_MALFORMED_DATA, - DNS_DECODER_EVENT_NOT_A_REQUEST, - DNS_DECODER_EVENT_NOT_A_RESPONSE, - DNS_DECODER_EVENT_Z_FLAG_SET, -}; - /** Opaque Rust types. */ /** \brief DNS packet header */ @@ -46,10 +39,6 @@ typedef struct DNSHeader_ { uint16_t additional_rr; } __attribute__((__packed__)) DNSHeader; -int DNSStateGetEventInfo(const char *event_name, - int *event_id, AppLayerEventType *event_type); -int DNSStateGetEventInfoById(int event_id, const char **event_name, - AppLayerEventType *event_type); void DNSAppLayerRegisterGetEventInfo(uint8_t ipproto, AppProto alproto); void DNSAppLayerRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto); diff --git a/src/app-layer-dns-tcp.c b/src/app-layer-dns-tcp.c index c47407c1cb..1617ff0234 100644 --- a/src/app-layer-dns-tcp.c +++ b/src/app-layer-dns-tcp.c @@ -166,8 +166,10 @@ void RegisterDNSTCPParsers(void) RustDNSGetAlstateProgress); AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_DNS, rs_dns_state_progress_completion_status); - DNSAppLayerRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_DNS); - DNSAppLayerRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_DNS); + AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_DNS, + rs_dns_state_get_event_info); + AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_DNS, + rs_dns_state_get_event_info_by_id); /* This parser accepts gaps. */ AppLayerParserRegisterOptionFlags(IPPROTO_TCP, ALPROTO_DNS, diff --git a/src/app-layer-dns-udp.c b/src/app-layer-dns-udp.c index 69251b3a7e..d0f37169d7 100644 --- a/src/app-layer-dns-udp.c +++ b/src/app-layer-dns-udp.c @@ -180,9 +180,10 @@ void RegisterDNSUDPParsers(void) AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_DNS, rs_dns_state_progress_completion_status); - DNSAppLayerRegisterGetEventInfo(IPPROTO_UDP, ALPROTO_DNS); - DNSAppLayerRegisterGetEventInfoById(IPPROTO_UDP, ALPROTO_DNS); - + AppLayerParserRegisterGetEventInfo(IPPROTO_UDP, ALPROTO_DNS, + rs_dns_state_get_event_info); + AppLayerParserRegisterGetEventInfoById(IPPROTO_UDP, ALPROTO_DNS, + rs_dns_state_get_event_info_by_id); } else { SCLogConfig("Parsed disabled for %s protocol. Protocol detection" "still on.", proto_name);