From: Shivani Bhardwaj Date: Thu, 12 Aug 2021 12:30:53 +0000 (+0530) Subject: ike: use Direction enum X-Git-Tag: suricata-7.0.0-beta1~1222 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=243960a5117693af66e3617ebc75e51027545bc7;p=thirdparty%2Fsuricata.git ike: use Direction enum --- diff --git a/rust/src/ike/ike.rs b/rust/src/ike/ike.rs index 8bdb5e051e..f445e81581 100644 --- a/rust/src/ike/ike.rs +++ b/rust/src/ike/ike.rs @@ -22,9 +22,7 @@ use self::ipsec_parser::*; use crate::applayer; use crate::applayer::*; -use crate::core::{ - self, AppProto, Flow, ALPROTO_FAILED, ALPROTO_UNKNOWN, STREAM_TOCLIENT, STREAM_TOSERVER, -}; +use crate::core::{self, *}; use crate::ike::ikev1::{handle_ikev1, IkeV1Header, Ikev1Container}; use crate::ike::ikev2::{handle_ikev2, Ikev2Container}; use crate::ike::parser::*; @@ -201,7 +199,7 @@ impl IKEState { } } - fn handle_input(&mut self, input: &[u8], direction: u8) -> AppLayerResult { + fn handle_input(&mut self, input: &[u8], direction: Direction) -> AppLayerResult { // We're not interested in empty requests. if input.len() == 0 { return AppLayerResult::ok(); @@ -259,13 +257,13 @@ impl IKEState { } /// Probe to see if this input looks like a request or response. -fn probe(input: &[u8], direction: u8, rdir: *mut u8) -> bool { +fn probe(input: &[u8], direction: Direction, rdir: *mut u8) -> bool { match parse_isakmp_header(input) { Ok((_, isakmp_header)) => { if isakmp_header.maj_ver == 1 { - if isakmp_header.resp_spi == 0 && direction != STREAM_TOSERVER { + if isakmp_header.resp_spi == 0 && direction != Direction::ToServer { unsafe { - *rdir = STREAM_TOSERVER; + *rdir = Direction::ToServer.into(); } } return true; @@ -288,9 +286,9 @@ fn probe(input: &[u8], direction: u8, rdir: *mut u8) -> bool { return false; } - if isakmp_header.resp_spi == 0 && direction != STREAM_TOSERVER { + if isakmp_header.resp_spi == 0 && direction != Direction::ToServer { unsafe { - *rdir = STREAM_TOSERVER; + *rdir = Direction::ToServer.into(); } } return true; @@ -318,8 +316,8 @@ pub unsafe extern "C" fn rs_ike_probing_parser( if !input.is_null() { let slice = build_slice!(input, input_len as usize); - if probe(slice, direction, rdir) { - return ALPROTO_IKE ; + if probe(slice, direction.into(), rdir) { + return ALPROTO_IKE; } } return ALPROTO_FAILED; @@ -354,7 +352,7 @@ pub unsafe extern "C" fn rs_ike_parse_request( let state = cast_pointer!(state, IKEState); let buf = build_slice!(input, input_len as usize); - return state.handle_input(buf, STREAM_TOSERVER); + return state.handle_input(buf, Direction::ToServer); } #[no_mangle] @@ -364,7 +362,7 @@ pub unsafe extern "C" fn rs_ike_parse_response( ) -> AppLayerResult { let state = cast_pointer!(state, IKEState); let buf = build_slice!(input, input_len as usize); - return state.handle_input(buf, STREAM_TOCLIENT); + return state.handle_input(buf, Direction::ToClient); } #[no_mangle] diff --git a/rust/src/ike/ikev1.rs b/rust/src/ike/ikev1.rs index c7f85945e7..02aa5b0cb1 100644 --- a/rust/src/ike/ikev1.rs +++ b/rust/src/ike/ikev1.rs @@ -19,7 +19,7 @@ use crate::applayer::*; use crate::common::to_hex; -use crate::core::STREAM_TOSERVER; +use crate::core::Direction; use crate::ike::ike::{IKEState, IkeEvent}; use crate::ike::parser::*; use nom; @@ -72,7 +72,7 @@ pub struct Ikev1Container { } pub fn handle_ikev1( - state: &mut IKEState, current: &[u8], isakmp_header: IsakmpHeader, direction: u8, + state: &mut IKEState, current: &[u8], isakmp_header: IsakmpHeader, direction: Direction, ) -> AppLayerResult { let mut tx = state.new_tx(); @@ -114,7 +114,7 @@ pub fn handle_ikev1( if payload_types.contains(&(IsakmpPayloadType::SecurityAssociation as u8)) { // clear transforms on a new SA in case there is happening a new key exchange // on the same flow, elsewise properties would be added to the old/other SA - if direction == STREAM_TOSERVER { + if direction == Direction::ToServer { state.ikev1_container.client.reset(); } else { state.ikev1_container.server.reset(); @@ -122,7 +122,7 @@ pub fn handle_ikev1( } // add transaction values to state values - if direction == STREAM_TOSERVER { + if direction == Direction::ToServer { state.ikev1_container.client.update( &to_hex(tx.hdr.ikev1_header.key_exchange.as_ref()), &to_hex(tx.hdr.ikev1_header.nonce.as_ref()), diff --git a/rust/src/ike/ikev2.rs b/rust/src/ike/ikev2.rs index e731637522..054f10e314 100644 --- a/rust/src/ike/ikev2.rs +++ b/rust/src/ike/ikev2.rs @@ -18,7 +18,7 @@ // written by Pierre Chifflier use crate::applayer::*; -use crate::core::STREAM_TOCLIENT; +use crate::core::Direction; use crate::ike::ipsec_parser::*; use super::ipsec_parser::IkeV2Transform; @@ -99,7 +99,7 @@ impl Default for Ikev2Container { } pub fn handle_ikev2( - mut state: &mut IKEState, current: &[u8], isakmp_header: IsakmpHeader, direction: u8, + mut state: &mut IKEState, current: &[u8], isakmp_header: IsakmpHeader, direction: Direction, ) -> AppLayerResult { let hdr = IkeV2Header { init_spi: isakmp_header.init_spi, @@ -140,7 +140,7 @@ pub fn handle_ikev2( } IkeV2PayloadContent::KE(ref kex) => { SCLogDebug!("KEX {:?}", kex.dh_group); - if direction == STREAM_TOCLIENT { + if direction == Direction::ToClient { state.ikev2_container.dh_group = kex.dh_group; } } @@ -181,7 +181,9 @@ pub fn handle_ikev2( return AppLayerResult::ok(); } -fn add_proposals(state: &mut IKEState, tx: &mut IKETransaction, prop: &Vec, direction: u8) { +fn add_proposals( + state: &mut IKEState, tx: &mut IKETransaction, prop: &Vec, direction: Direction, +) { for p in prop { let transforms: Vec = p.transforms.iter().map(|x| x.into()).collect(); // Rule 1: warn on weak or unknown transforms @@ -286,7 +288,7 @@ fn add_proposals(state: &mut IKEState, tx: &mut IKETransaction, prop: &Vec { state.ikev2_container.alg_enc = *e; @@ -308,7 +310,7 @@ fn add_proposals(state: &mut IKEState, tx: &mut IKETransaction, prop: &Vec {}, + _ => {} }); SCLogDebug!("Selected transforms: {:?}", transforms); } else {