From: Pierre Chifflier Date: Wed, 30 Oct 2019 12:14:07 +0000 (+0100) Subject: rust: upgrade all parsers to nom 5 X-Git-Tag: suricata-6.0.0-beta1~707 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5b809f77f1ab6322d48b97035564b0a3cce80e16;p=thirdparty%2Fsuricata.git rust: upgrade all parsers to nom 5 --- diff --git a/rust/Cargo.toml.in b/rust/Cargo.toml.in index f885ff7f08..05bea9cffe 100644 --- a/rust/Cargo.toml.in +++ b/rust/Cargo.toml.in @@ -17,7 +17,7 @@ strict = [] debug = [] [dependencies] -nom = "4.2" +nom = "5.0" bitflags = "1.0" byteorder = "1.3" crc = "1.8" @@ -27,11 +27,11 @@ num-derive = "0.2" num-traits = "0.2" widestring = "0.4" -der-parser = "1.1" -kerberos-parser = "0.2" +der-parser = "3.0" +kerberos-parser = "0.4" -ntp-parser = "0.3" -ipsec-parser = "0.4" -snmp-parser = "0.3.0" -tls-parser = "0.8" -x509-parser = "0.4" +ntp-parser = "0.4" +ipsec-parser = "0.5" +snmp-parser = "0.5" +tls-parser = "0.9" +x509-parser = "0.6" diff --git a/rust/src/dhcp/parser.rs b/rust/src/dhcp/parser.rs index 62f87170be..3c82e466b7 100644 --- a/rust/src/dhcp/parser.rs +++ b/rust/src/dhcp/parser.rs @@ -18,7 +18,9 @@ use std::cmp::min; use crate::dhcp::dhcp::*; -use nom::*; +use nom::IResult; +use nom::combinator::rest; +use nom::number::complete::{be_u8, be_u16, be_u32}; pub struct DHCPMessage { pub header: DHCPHeader, @@ -121,7 +123,7 @@ named!(pub parse_header, named!(pub parse_clientid_option, do_parse!( code: be_u8 >> - len: verify!(be_u8, |v| v > 1) >> + len: verify!(be_u8, |&v| v > 1) >> _htype: be_u8 >> data: take!(len - 1) >> ( diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index c9b688f1ff..ddb5119902 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -25,6 +25,8 @@ use crate::applayer::LoggerFlags; use crate::core; use crate::dns::parser; +use nom::number::complete::be_u16; + /// DNS record types. pub const DNS_RECORD_TYPE_A : u16 = 1; pub const DNS_RECORD_TYPE_NS : u16 = 2; @@ -443,7 +445,7 @@ impl DNSState { let mut count = 0; while self.request_buffer.len() > 0 { - let size = match nom::be_u16(&self.request_buffer) { + let size = match be_u16(&self.request_buffer) { Ok((_, len)) => len, _ => 0 } as usize; @@ -484,7 +486,7 @@ impl DNSState { let mut count = 0; while self.response_buffer.len() > 0 { - let size = match nom::be_u16(&self.response_buffer) { + let size = match be_u16(&self.response_buffer) { Ok((_, len)) => len, _ => 0 } as usize; @@ -533,7 +535,7 @@ fn probe(input: &[u8]) -> (bool, bool) { /// Probe TCP input to see if it looks like DNS. pub fn probe_tcp(input: &[u8]) -> (bool, bool) { - match nom::be_u16(input) { + match be_u16(input) { Ok((rem, _)) => { return probe(rem); }, diff --git a/rust/src/dns/parser.rs b/rust/src/dns/parser.rs index e7d7fb32fb..855b96dd4e 100644 --- a/rust/src/dns/parser.rs +++ b/rust/src/dns/parser.rs @@ -17,7 +17,9 @@ //! Nom parsers for DNS. -use nom::{IResult, be_u8, be_u16, be_u32}; +use nom::IResult; +use nom::error::ErrorKind; +use nom::number::complete::{be_u8, be_u16, be_u32}; use nom; use crate::dns::dns::*; @@ -67,7 +69,7 @@ pub fn dns_parse_name<'a, 'b>(start: &'b [u8], pos = &pos[1..]; break; } else if len & 0b1100_0000 == 0 { - match length_bytes!(pos, be_u8) { + match length_data!(pos, be_u8) { Ok((rem, label)) => { if name.len() > 0 { name.push('.' as u8); @@ -77,7 +79,7 @@ pub fn dns_parse_name<'a, 'b>(start: &'b [u8], } _ => { return Err(nom::Err::Error( - error_position!(pos, nom::ErrorKind::OctDigit))); + error_position!(pos, ErrorKind::OctDigit))); } } } else if len & 0b1100_0000 == 0b1100_0000 { @@ -86,7 +88,7 @@ pub fn dns_parse_name<'a, 'b>(start: &'b [u8], let offset = leader & 0x3fff; if offset as usize > message.len() { return Err(nom::Err::Error( - error_position!(pos, nom::ErrorKind::OctDigit))); + error_position!(pos, ErrorKind::OctDigit))); } pos = &message[offset as usize..]; if pivot == start { @@ -95,19 +97,19 @@ pub fn dns_parse_name<'a, 'b>(start: &'b [u8], } _ => { return Err(nom::Err::Error( - error_position!(pos, nom::ErrorKind::OctDigit))); + error_position!(pos, ErrorKind::OctDigit))); } } } else { return Err(nom::Err::Error( - error_position!(pos, nom::ErrorKind::OctDigit))); + error_position!(pos, ErrorKind::OctDigit))); } // Return error if we've looped a certain number of times. count += 1; if count > 255 { return Err(nom::Err::Error( - error_position!(pos, nom::ErrorKind::OctDigit))); + error_position!(pos, ErrorKind::OctDigit))); } } diff --git a/rust/src/ftp/mod.rs b/rust/src/ftp/mod.rs index 289876b7de..5935063714 100644 --- a/rust/src/ftp/mod.rs +++ b/rust/src/ftp/mod.rs @@ -17,6 +17,8 @@ extern crate nom; +use nom::IResult; +use nom::character::complete::digit1; use nom::digit; use nom::types::CompleteByteSlice; use std::str; @@ -39,8 +41,9 @@ named!(getu16, ) ); -named!(parse_digits, - map!(take_while!(nom::is_digit), |b| b.0)); +fn parse_digits(input: &str) -> IResult<&str, &str> { + digit1(input) +} named!(parse_u16, map_res!(map_res!(parse_digits, str::from_utf8), u16::from_str)); @@ -51,9 +54,9 @@ named!(pub ftp_active_port, tag!("PORT") >> ws!(digit) >> tag!(",") >> digit >> tag!(",") >> digit >> tag!(",") >> digit >> tag!(",") >> - part1: verify!(parse_u16, |v| v <= std::u8::MAX as u16) >> + part1: verify!(parse_u16, |&v| v <= std::u8::MAX as u16) >> tag!(",") >> - part2: verify!(parse_u16, |v| v <= std::u8::MAX as u16) >> + part2: verify!(parse_u16, |&v| v <= std::u8::MAX as u16) >> ( part1 * 256 + part2 ) @@ -64,12 +67,13 @@ named!(pub ftp_active_port, named!(pub ftp_pasv_response, do_parse!( tag!("227") >> - take_until_and_consume!("(") >> + take_until!("(") >> + tag!("(") >> digit >> tag!(",") >> digit >> tag!(",") >> digit >> tag!(",") >> digit >> tag!(",") >> - part1: verify!(getu16, |v| v <= std::u8::MAX as u16) >> + part1: verify!(getu16, |&v| v <= std::u8::MAX as u16) >> tag!(",") >> - part2: verify!(getu16, |v| v <= std::u8::MAX as u16) >> + part2: verify!(getu16, |&v| v <= std::u8::MAX as u16) >> alt! (tag!(").") | tag!(")")) >> ( part1 * 256 + part2 @@ -119,7 +123,8 @@ pub extern "C" fn rs_ftp_pasv_response(input: *const u8, len: u32) -> u16 { named!(pub ftp_epsv_response, do_parse!( tag!("229") >> - take_until_and_consume!("|||") >> + take_until!("|||") >> + tag!("|||") >> port: getu16 >> alt! (tag!("|).") | tag!("|)")) >> ( diff --git a/rust/src/kerberos.rs b/rust/src/kerberos.rs index 02343bf57e..8d5d13c501 100644 --- a/rust/src/kerberos.rs +++ b/rust/src/kerberos.rs @@ -18,9 +18,11 @@ use kerberos_parser::krb5_parser::parse_ap_req; use kerberos_parser::krb5::{ApReq,Realm,PrincipalName}; use nom; -use nom::{ErrorKind, IResult, le_u16}; +use nom::IResult; +use nom::error::ErrorKind; +use nom::number::complete::le_u16; use der_parser; -use der_parser::parse_der_oid; +use der_parser::der::parse_der_oid; use crate::log::*; diff --git a/rust/src/krb/krb5.rs b/rust/src/krb/krb5.rs index c2bf66fcce..61004681ca 100644 --- a/rust/src/krb/krb5.rs +++ b/rust/src/krb/krb5.rs @@ -20,8 +20,8 @@ use std; use std::ffi::{CStr,CString}; use nom; -use nom::be_u32; -use der_parser::der_read_element_header; +use nom::number::complete::be_u32; +use der_parser::der::der_read_element_header; use kerberos_parser::krb5_parser; use kerberos_parser::krb5::{EncryptionType,ErrorCode,MessageType,PrincipalName,Realm}; use crate::applayer; @@ -121,9 +121,9 @@ impl KRB5State { Ok((_rem,hdr)) => { // Kerberos messages start with an APPLICATION header if hdr.class != 0b01 { return 1; } - match hdr.tag { + match hdr.tag.0 { 10 => { - self.req_id = hdr.tag; + self.req_id = 10; }, 11 => { let res = krb5_parser::parse_as_rep(i); @@ -142,7 +142,7 @@ impl KRB5State { self.req_id = 0; }, 12 => { - self.req_id = hdr.tag; + self.req_id = 12; }, 13 => { let res = krb5_parser::parse_tgs_rep(i); @@ -161,7 +161,7 @@ impl KRB5State { self.req_id = 0; }, 14 => { - self.req_id = hdr.tag; + self.req_id = 14; }, 15 => { self.req_id = 0; @@ -445,7 +445,7 @@ pub extern "C" fn rs_krb5_probing_parser(_flow: *const Flow, // Kerberos messages start with an APPLICATION header if hdr.class != 0b01 { return unsafe{ALPROTO_FAILED}; } // Tag number should be <= 30 - if hdr.tag >= 30 { return unsafe{ALPROTO_FAILED}; } + if hdr.tag.0 >= 30 { return unsafe{ALPROTO_FAILED}; } // Kerberos messages contain sequences if rem.is_empty() || rem[0] != 0x30 { return unsafe{ALPROTO_FAILED}; } // Check kerberos version diff --git a/rust/src/nfs/nfs2.rs b/rust/src/nfs/nfs2.rs index 719ed41ca6..4db30f1b44 100644 --- a/rust/src/nfs/nfs2.rs +++ b/rust/src/nfs/nfs2.rs @@ -17,7 +17,6 @@ // written by Victor Julien -use nom; use crate::log::*; use crate::nfs::nfs::*; @@ -25,6 +24,8 @@ use crate::nfs::types::*; use crate::nfs::rpc_records::*; use crate::nfs::nfs2_records::*; +use nom::number::complete::be_u32; + impl NFSState { /// complete request record pub fn process_request_record_v2<'b>(&mut self, r: &RpcPacket<'b>) -> u32 { @@ -108,7 +109,7 @@ impl NFSState { }, } } else { - let stat = match nom::be_u32(&r.prog_data) { + let stat = match be_u32(&r.prog_data) { Ok((_, stat)) => { stat as u32 } diff --git a/rust/src/nfs/nfs2_records.rs b/rust/src/nfs/nfs2_records.rs index 348c9919b1..19f6a6c0b9 100644 --- a/rust/src/nfs/nfs2_records.rs +++ b/rust/src/nfs/nfs2_records.rs @@ -16,7 +16,8 @@ */ //! Nom parsers for NFSv2 records -use nom::{be_u32, rest}; +use nom::combinator::rest; +use nom::number::complete::be_u32; use crate::nfs::nfs_records::*; #[derive(Debug,PartialEq)] diff --git a/rust/src/nfs/nfs3.rs b/rust/src/nfs/nfs3.rs index 7e58593233..7b83c6c724 100644 --- a/rust/src/nfs/nfs3.rs +++ b/rust/src/nfs/nfs3.rs @@ -17,7 +17,6 @@ // written by Victor Julien -use nom; use crate::log::*; use crate::core::*; @@ -26,6 +25,8 @@ use crate::nfs::types::*; use crate::nfs::rpc_records::*; use crate::nfs::nfs3_records::*; +use nom::number::complete::be_u32; + impl NFSState { /// complete NFS3 request record pub fn process_request_record_v3<'b>(&mut self, r: &RpcPacket<'b>) -> u32 { @@ -326,7 +327,7 @@ impl NFSState { } // for all other record types only parse the status else { - let stat = match nom::be_u32(&r.prog_data) { + let stat = match be_u32(&r.prog_data) { Ok((_, stat)) => { stat as u32 } diff --git a/rust/src/nfs/nfs3_records.rs b/rust/src/nfs/nfs3_records.rs index 7e793402bf..06ad38057e 100644 --- a/rust/src/nfs/nfs3_records.rs +++ b/rust/src/nfs/nfs3_records.rs @@ -17,7 +17,9 @@ //! Nom parsers for RPC & NFSv3 -use nom::{IResult, be_u32, be_u64, rest}; +use nom::IResult; +use nom::combinator::rest; +use nom::number::complete::{be_u32, be_u64}; use crate::nfs::nfs_records::*; #[derive(Debug,PartialEq)] diff --git a/rust/src/nfs/nfs4.rs b/rust/src/nfs/nfs4.rs index 9f33d9b5a4..7aa1d500d7 100644 --- a/rust/src/nfs/nfs4.rs +++ b/rust/src/nfs/nfs4.rs @@ -18,7 +18,7 @@ // written by Victor Julien use nom; -use nom::be_u32; +use nom::number::complete::be_u32; use crate::core::*; use crate::log::*; diff --git a/rust/src/nfs/nfs4_records.rs b/rust/src/nfs/nfs4_records.rs index 1d2b1b1cf5..9d08919a95 100644 --- a/rust/src/nfs/nfs4_records.rs +++ b/rust/src/nfs/nfs4_records.rs @@ -16,7 +16,7 @@ */ //! Nom parsers for NFSv4 records -use nom::{be_u32, be_u64}; +use nom::number::complete::{be_u32, be_u64}; use crate::nfs::types::*; diff --git a/rust/src/nfs/rpc_records.rs b/rust/src/nfs/rpc_records.rs index 446935a0ba..053756f622 100644 --- a/rust/src/nfs/rpc_records.rs +++ b/rust/src/nfs/rpc_records.rs @@ -17,7 +17,8 @@ //! Nom parsers for RPCv2 -use nom::{be_u32, rest}; +use nom::combinator::rest; +use nom::number::complete::be_u32; #[derive(Debug,PartialEq)] pub enum RpcRequestCreds<'a> { @@ -122,8 +123,8 @@ pub struct RpcPacketHeader<> { named!(pub parse_rpc_packet_header, do_parse!( fraghdr: bits!(tuple!( - take_bits!(u8, 1), // is_last - take_bits!(u32, 31))) // len + take_bits!(1u8), // is_last + take_bits!(31u32))) // len >> xid: be_u32 >> msgtype: be_u32 diff --git a/rust/src/rdp/parser.rs b/rust/src/rdp/parser.rs index ef51eb2797..36357202c2 100644 --- a/rust/src/rdp/parser.rs +++ b/rust/src/rdp/parser.rs @@ -26,7 +26,9 @@ //! * x.224-spec: //! * x.691-spec: -use nom::{be_u16, be_u8, le_u16, le_u32, le_u8, ErrorKind, IResult}; +use nom::IResult; +use nom::error::ErrorKind; +use nom::number::complete::{be_u16, be_u8, le_u16, le_u32, le_u8}; use crate::rdp::error::RDP_NOT_X224_CLASS_0_ERROR; use crate::rdp::util::{ le_slice_to_string, parse_per_length_determinant, utf7_slice_to_string, @@ -433,7 +435,7 @@ pub struct McsConnectResponse {} /// t.123-spec, section 8 pub fn parse_t123_tpkt(input: &[u8]) -> IResult<&[u8], T123Tpkt> { let (i1, _version) = - verify!(input, be_u8, |x| x == TpktVersion::T123 as u8)?; + verify!(input, be_u8, |&x| x == TpktVersion::T123 as u8)?; let (i2, _reserved) = try_parse!(i1, be_u8); // less u8, u8, u16 let (i3, sz) = map_opt!(i2, be_u16, |x: u16| x.checked_sub(4))?; @@ -482,22 +484,22 @@ pub fn parse_t123_tpkt(input: &[u8]) -> IResult<&[u8], T123Tpkt> { fn parse_x224_connection_request( input: &[u8], ) -> IResult<&[u8], X224ConnectionRequest> { - let (i1, length) = verify!(input, be_u8, |x| x != 0xff)?; // 0xff is reserved + let (i1, length) = verify!(input, be_u8, |&x| x != 0xff)?; // 0xff is reserved let (i2, cr_cdt) = bits!( i1, tuple!( - verify!(take_bits!(u8, 4), |x| x + verify!(take_bits!(4u8), |&x| x == X224Type::ConnectionRequest as u8), - verify!(take_bits!(u8, 4), |x| x == 0 || x == 1) + verify!(take_bits!(4u8), |&x| x == 0 || x == 1) ) )?; - let (i3, dst_ref) = verify!(i2, be_u16, |x| x == 0)?; + let (i3, dst_ref) = verify!(i2, be_u16, |&x| x == 0)?; let (i4, src_ref) = try_parse!(i3, be_u16); let (i5, class_options) = bits!( i4, tuple!( - verify!(take_bits!(u8, 4), |x| x <= 4), - verify!(take_bits!(u8, 4), |x| x <= 3) + verify!(take_bits!(4u8), |&x| x <= 4), + verify!(take_bits!(4u8), |&x| x <= 3) ) )?; // less cr_cdt (u8), dst_ref (u16), src_ref (u16), class_options (u8) @@ -592,14 +594,14 @@ fn parse_negotiation_request( input, _typ: verify!( le_u8, - |x| x == X224ConnectionRequestType::NegotiationRequest as u8) + |&x| x == X224ConnectionRequestType::NegotiationRequest as u8) >> flags: map_opt!( le_u8, NegotiationRequestFlags::from_bits) // u8, u8, u16, and u32 give _length of 8 >> _length: verify!( le_u16, - |x| x == 8) + |&x| x == 8) >> protocols: map_opt!( le_u32, ProtocolFlags::from_bits) @@ -612,22 +614,22 @@ fn parse_negotiation_request( fn parse_x224_connection_confirm( input: &[u8], ) -> IResult<&[u8], X224ConnectionConfirm> { - let (i1, length) = verify!(input, be_u8, |x| x != 0xff)?; // 0xff is reserved + let (i1, length) = verify!(input, be_u8, |&x| x != 0xff)?; // 0xff is reserved let (i2, cr_cdt) = bits!( i1, tuple!( - verify!(take_bits!(u8, 4), |x| x + verify!(take_bits!(4u8), |&x| x == X224Type::ConnectionConfirm as u8), - verify!(take_bits!(u8, 4), |x| x == 0 || x == 1) + verify!(take_bits!(4u8), |&x| x == 0 || x == 1) ) )?; - let (i3, dst_ref) = verify!(i2, be_u16, |x| x == 0)?; + let (i3, dst_ref) = verify!(i2, be_u16, |&x| x == 0)?; let (i4, src_ref) = try_parse!(i3, be_u16); let (i5, class_options) = bits!( i4, tuple!( - verify!(take_bits!(u8, 4), |x| x <= 4), - verify!(take_bits!(u8, 4), |x| x <= 3) + verify!(take_bits!(4u8), |&x| x <= 4), + verify!(take_bits!(4u8), |&x| x <= 3) ) )?; @@ -702,14 +704,14 @@ fn parse_negotiation_response( input, _typ: verify!( le_u8, - |x| x == X224ConnectionRequestType::NegotiationResponse as u8) + |&x| x == X224ConnectionRequestType::NegotiationResponse as u8) >> flags: map_opt!( le_u8, NegotiationResponseFlags::from_bits) // u8, u8, u16, and u32 give _length of 8 >> _length: verify!( le_u16, - |x| x == 8) + |&x| x == 8) >> protocol: map_opt!( le_u32, num::FromPrimitive::from_u32) @@ -725,12 +727,12 @@ fn parse_negotiation_failure( input, _typ: verify!( le_u8, - |x| x == X224ConnectionRequestType::NegotiationFailure as u8) + |&x| x == X224ConnectionRequestType::NegotiationFailure as u8) >> _flags: le_u8 // u8, u8, u16, and u32 give _length of 8 >> _length: verify!( le_u16, - |x| x == 8) + |&x| x == 8) >> code: map_opt!( le_u32, num::FromPrimitive::from_u32) @@ -740,16 +742,16 @@ fn parse_negotiation_failure( /// x224-spec, section 13.7 fn parse_x223_data_class_0(input: &[u8]) -> IResult<&[u8], X223Data> { - let (i1, _length) = verify!(input, be_u8, |x| x == 2)?; + let (i1, _length) = verify!(input, be_u8, |&x| x == 2)?; let (i2, _dt_x_roa) = bits!( i1, tuple!( - verify!(take_bits!(u8, 4), |x| x == 0xf), - verify!(take_bits!(u8, 3), |x| x == 0), - verify!(take_bits!(u8, 1), |x| x == 0) + verify!(take_bits!(4u8), |&x| x == 0xf), + verify!(take_bits!(3u8), |&x| x == 0), + verify!(take_bits!(1u8), |&x| x == 0) ) )?; - let (i3, _eot) = verify!(i2, be_u8, |x| x == 0x80)?; + let (i3, _eot) = verify!(i2, be_u8, |&x| x == 0x80)?; // // optionally find exactly one of the child messages @@ -788,9 +790,9 @@ fn parse_mcs_connect(input: &[u8]) -> IResult<&[u8], McsConnectRequest> { input, le_u8, // BER: 0b01=application, 0b1=non-primitive, 0b11111 - |x| x == 0x7f + |&x| x == 0x7f )?; - let (i2, _t125_type) = verify!(i1, le_u8, |x| x + let (i2, _t125_type) = verify!(i1, le_u8, |&x| x == T125Type::T125TypeMcsConnectRequest as u8)?; // skip to, and consume, H.221 client-to-server key @@ -863,7 +865,7 @@ fn parse_mcs_connect(input: &[u8]) -> IResult<&[u8], McsConnectRequest> { /// rdp-spec, section 2.2.1.3.2 fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> { - let (i1, _typ) = verify!(input, le_u16, |x| x == CsType::Core as u16)?; + let (i1, _typ) = verify!(input, le_u16, |&x| x == CsType::Core as u16)?; // less u16, u16 let (i2, sz) = map_opt!(i1, le_u16, |x: u16| x.checked_sub(4))?; let (i3, data) = take!(i2, sz)?; @@ -1049,7 +1051,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> { /// rdp-spec, section 2.2.1.3.4 fn parse_cs_net(input: &[u8]) -> IResult<&[u8], CsNet> { - let (i1, _typ) = verify!(input, le_u16, |x| x == CsType::Net as u16)?; + let (i1, _typ) = verify!(input, le_u16, |&x| x == CsType::Net as u16)?; // less _typ (u16), this length indicator (u16), count (u32) let (i2, sz) = map_opt!(i1, le_u16, |x: u16| x.checked_sub(8))?; let (i3, count) = try_parse!(i2, le_u32); @@ -1101,10 +1103,10 @@ fn parse_mcs_connect_response( _ber_type: verify!( le_u8, // BER: 0b01=application, 0b1=non-primitive, 0b11111 - |x| x == 0x7f) + |&x| x == 0x7f) >> _t125_type: verify!( le_u8, - |x| x == T125Type::T125TypeMcsConnectResponse as u8) + |&x| x == T125Type::T125TypeMcsConnectResponse as u8) >> (McsConnectResponse {}) } } diff --git a/rust/src/rdp/util.rs b/rust/src/rdp/util.rs index 41758b7210..21e17df780 100644 --- a/rust/src/rdp/util.rs +++ b/rust/src/rdp/util.rs @@ -20,7 +20,8 @@ use byteorder::ReadBytesExt; use memchr::memchr; use nom; -use nom::{ErrorKind, IResult, Needed}; +use nom::{IResult, Needed}; +use nom::error::ErrorKind; use crate::rdp::error::RDP_UNIMPLEMENTED_LENGTH_DETERMINANT; use std::io::Cursor; use widestring::U16CString; diff --git a/rust/src/sip/parser.rs b/rust/src/sip/parser.rs index 17d3743dbc..b8877fc71d 100644 --- a/rust/src/sip/parser.rs +++ b/rust/src/sip/parser.rs @@ -18,7 +18,9 @@ // written by Giuseppe Longo use nom::*; -use nom::{crlf, IResult}; +use nom::IResult; +use nom::character::{is_alphabetic, is_alphanumeric, is_space}; +use nom::character::complete::crlf; use std; use std::collections::HashMap; diff --git a/rust/src/smb/auth.rs b/rust/src/smb/auth.rs index ba15a2b72f..69729ec3de 100644 --- a/rust/src/smb/auth.rs +++ b/rust/src/smb/auth.rs @@ -22,8 +22,10 @@ use crate::smb::ntlmssp_records::*; use crate::smb::smb::*; use nom; -use nom::{IResult, ErrorKind}; -use der_parser; +use nom::IResult; +use nom::error::ErrorKind; +use der_parser::ber::BerObjectContent; +use der_parser::der::{parse_der_oid, parse_der_sequence}; fn parse_secblob_get_spnego(blob: &[u8]) -> IResult<&[u8], &[u8]> { @@ -33,7 +35,7 @@ fn parse_secblob_get_spnego(blob: &[u8]) -> IResult<&[u8], &[u8]> Err(_) => { return Err(nom::Err::Error(error_position!(blob,ErrorKind::Custom(SECBLOB_NOT_SPNEGO)))); }, Ok(d) => d, }; - let (next, o) = der_parser::parse_der_oid(d)?; + let (next, o) = parse_der_oid(d)?; SCLogDebug!("parse_secblob_get_spnego: sub_o {:?}", o); let oid = match o.content.as_oid() { @@ -85,7 +87,7 @@ fn parse_secblob_spnego(blob: &[u8]) -> Option let mut kticket : Option = None; let mut ntlmssp : Option = None; - let o = match der_parser::parse_der_sequence(blob) { + let o = match parse_der_sequence(blob) { Ok((_, o)) => o, _ => { return None; }, }; @@ -102,11 +104,11 @@ fn parse_secblob_spnego(blob: &[u8]) -> Option }; SCLogDebug!("o {:?}", o); match o.content { - der_parser::DerObjectContent::Sequence(ref seq) => { + BerObjectContent::Sequence(ref seq) => { for se in seq { SCLogDebug!("SEQ {:?}", se); match se.content { - der_parser::DerObjectContent::OID(ref oid) => { + BerObjectContent::OID(ref oid) => { SCLogDebug!("OID {:?}", oid); match oid.to_string().as_str() { "1.2.840.48018.1.2.2" => { SCLogDebug!("Microsoft Kerberos 5"); }, @@ -123,7 +125,7 @@ fn parse_secblob_spnego(blob: &[u8]) -> Option } } }, - der_parser::DerObjectContent::OctetString(ref os) => { + BerObjectContent::OctetString(ref os) => { if have_kerberos { match parse_kerberos5_request(os) { Ok((_, t)) => { diff --git a/rust/src/smb/dcerpc_records.rs b/rust/src/smb/dcerpc_records.rs index c2033a7598..3d0e4e1a8f 100644 --- a/rust/src/smb/dcerpc_records.rs +++ b/rust/src/smb/dcerpc_records.rs @@ -16,7 +16,11 @@ */ use nom; -use nom::{rest, le_u8, be_u16, le_u16, le_u32, IResult, ErrorKind, Endianness}; +use nom::IResult; +use nom::error::ErrorKind; +use nom::combinator::rest; +use nom::number::Endianness; +use nom::number::complete::{be_u16, le_u8, le_u16, le_u32}; #[derive(Debug,PartialEq)] pub struct DceRpcResponseRecord<'a> { @@ -208,13 +212,13 @@ named!(pub parse_dcerpc_record, >> version_minor: le_u8 >> packet_type: le_u8 >> packet_flags: bits!(tuple!( - take_bits!(u8, 6), - take_bits!(u8, 1), // last (1) - take_bits!(u8, 1))) // first (2) + take_bits!(6u8), + take_bits!(1u8), // last (1) + take_bits!(1u8))) // first (2) >> data_rep: bits!(tuple!( - take_bits!(u32, 3), - take_bits!(u32, 1), // endianess - take_bits!(u32, 28))) + take_bits!(3u32), + take_bits!(1u32), // endianess + take_bits!(28u32))) >> endian: value!(if data_rep.1 == 0 { Endianness::Big } else { Endianness::Little }) >> frag_len: u16!(endian) >> _auth: u16!(endian) diff --git a/rust/src/smb/nbss_records.rs b/rust/src/smb/nbss_records.rs index c07b02a056..fba7557d36 100644 --- a/rust/src/smb/nbss_records.rs +++ b/rust/src/smb/nbss_records.rs @@ -15,7 +15,7 @@ * 02110-1301, USA. */ -use nom::{rest}; +use nom::combinator::rest; pub const NBSS_MSGTYPE_SESSION_MESSAGE: u8 = 0x00; pub const NBSS_MSGTYPE_SESSION_REQUEST: u8 = 0x81; @@ -62,8 +62,8 @@ impl<'a> NbssRecord<'a> { named!(pub parse_nbss_record, do_parse!( type_and_len: bits!(tuple!( - take_bits!(u8, 8), - take_bits!(u32, 24))) + take_bits!(8u8), + take_bits!(24u32))) >> data: take!(type_and_len.1 as usize) >> (NbssRecord { message_type:type_and_len.0, @@ -75,8 +75,8 @@ named!(pub parse_nbss_record, named!(pub parse_nbss_record_partial, do_parse!( type_and_len: bits!(tuple!( - take_bits!(u8, 8), - take_bits!(u32, 24))) + take_bits!(8u8), + take_bits!(24u32))) >> data: rest >> (NbssRecord { message_type:type_and_len.0, diff --git a/rust/src/smb/ntlmssp_records.rs b/rust/src/smb/ntlmssp_records.rs index d5d8c5125c..1f614c3bb0 100644 --- a/rust/src/smb/ntlmssp_records.rs +++ b/rust/src/smb/ntlmssp_records.rs @@ -15,7 +15,8 @@ * 02110-1301, USA. */ -use nom::{rest, le_u8, le_u16, le_u32}; +use nom::combinator::rest; +use nom::number::complete::{le_u8, le_u16, le_u32}; #[derive(Debug,PartialEq)] pub struct NTLMSSPVersion { @@ -82,7 +83,7 @@ named!(pub parse_ntlm_auth_record, >> _ssnkey_blob_maxlen: le_u16 >> _ssnkey_blob_offset: le_u32 - >> nego_flags: bits!(tuple!(take_bits!(u8, 6),take_bits!(u8,1),take_bits!(u32,25))) + >> nego_flags: bits!(tuple!(take_bits!(6u8),take_bits!(1u8),take_bits!(25u32))) >> version: cond!(nego_flags.1==1, parse_ntlm_auth_version) // subtrack 12 as idenfier (8) and type (4) are cut before we are called @@ -112,7 +113,8 @@ pub struct NTLMSSPRecord<'a> { named!(pub parse_ntlmssp, do_parse!( - take_until_and_consume!("NTLMSSP\x00") + take_until!("NTLMSSP\x00") + >> tag!("NTLMSSP\x00") >> msg_type: le_u32 >> data: rest >> (NTLMSSPRecord { diff --git a/rust/src/smb/smb1_records.rs b/rust/src/smb/smb1_records.rs index 35397e5771..83271a256b 100644 --- a/rust/src/smb/smb1_records.rs +++ b/rust/src/smb/smb1_records.rs @@ -16,7 +16,9 @@ */ use crate::log::*; -use nom::{rest, le_u8, le_u16, le_u32, le_u64, IResult}; +use nom::IResult; +use nom::combinator::rest; +use nom::number::complete::{le_u8, le_u16, le_u32, le_u64}; use crate::smb::smb::*; use crate::smb::smb_records::*; @@ -202,7 +204,7 @@ pub fn parse_smb_connect_tree_andx_record<'a>(i: &'a[u8], r: &SmbRecord) -> IRes >> pwlen: le_u16 >> _bcc: le_u16 >> _pw: take!(pwlen) - >> path: apply!(smb1_get_string, r, 11 + pwlen as usize) + >> path: call!(smb1_get_string, r, 11 + pwlen as usize) >> service: take_until_and_consume!("\x00") >> (SmbRecordTreeConnectAndX { path, @@ -522,7 +524,7 @@ named!(pub parse_smb_rename_request_record, >> _oldtype: le_u8 >> oldname: smb_get_unicode_string >> _newtype: le_u8 - >> newname: apply!(smb_get_unicode_string_with_offset, 1) // HACK if we assume oldname is a series of utf16 chars offset would be 1 + >> newname: call!(smb_get_unicode_string_with_offset, 1) // HACK if we assume oldname is a series of utf16 chars offset would be 1 >> (SmbRequestRenameRecord { oldname, newname @@ -547,7 +549,7 @@ pub fn parse_smb_create_andx_request_record<'a>(i: &'a[u8], r: &SmbRecord) >> create_options: le_u32 >> _skip2: take!(5) >> bcc: le_u16 - >> file_name: cond!(bcc >= file_name_len, apply!(smb1_get_string, r, (bcc - file_name_len) as usize)) + >> file_name: cond!(bcc >= file_name_len, call!(smb1_get_string, r, (bcc - file_name_len) as usize)) >> _skip3: rest >> (SmbRequestCreateAndXRecord { disposition: disposition, diff --git a/rust/src/smb/smb2_records.rs b/rust/src/smb/smb2_records.rs index e8f2fdd155..ebfe441311 100644 --- a/rust/src/smb/smb2_records.rs +++ b/rust/src/smb/smb2_records.rs @@ -16,7 +16,9 @@ */ use nom; -use nom::{rest, le_u8, le_u16, le_u32, le_u64, IResult}; +use nom::IResult; +use nom::combinator::rest; +use nom::number::complete::{le_u8, le_u16, le_u32, le_u64}; use crate::smb::smb::*; #[derive(Debug,PartialEq)] @@ -75,14 +77,14 @@ named!(pub parse_smb2_request_record, >> command: le_u16 >> _credits_requested: le_u16 >> flags: bits!(tuple!( - take_bits!(u8, 2), // reserved / unused - take_bits!(u8, 1), // replay op - take_bits!(u8, 1), // dfs op - take_bits!(u32, 24), // reserved / unused - take_bits!(u8, 1), // signing - take_bits!(u8, 1), // chained - take_bits!(u8, 1), // async - take_bits!(u8, 1) // response + take_bits!(2u8), // reserved / unused + take_bits!(1u8), // replay op + take_bits!(1u8), // dfs op + take_bits!(24u32), // reserved / unused + take_bits!(1u8), // signing + take_bits!(1u8), // chained + take_bits!(1u8), // async + take_bits!(1u8) // response )) >> chain_offset: le_u32 >> message_id: le_u64 @@ -379,7 +381,7 @@ named!(pub parse_smb2_request_write, >> _remaining_bytes: le_u32 >> _write_flags: le_u32 >> _skip2: take!(4) - >> data: apply!(parse_smb2_data, wr_len) + >> data: call!(parse_smb2_data, wr_len) >> (Smb2WriteRequestRecord { wr_len:wr_len, wr_offset:wr_offset, @@ -439,7 +441,7 @@ named!(pub parse_smb2_response_read, >> rd_len: le_u32 >> _rd_rem: le_u32 >> _padding: take!(4) - >> data: apply!(parse_smb2_data, rd_len) + >> data: call!(parse_smb2_data, rd_len) >> (Smb2ReadResponseRecord { len : rd_len, data : data, @@ -506,14 +508,14 @@ named!(pub parse_smb2_response_record, >> command: le_u16 >> _credit_granted: le_u16 >> flags: bits!(tuple!( - take_bits!(u8, 2), // reserved / unused - take_bits!(u8, 1), // replay op - take_bits!(u8, 1), // dfs op - take_bits!(u32, 24), // reserved / unused - take_bits!(u8, 1), // signing - take_bits!(u8, 1), // chained - take_bits!(u8, 1), // async - take_bits!(u8, 1) // response + take_bits!(2u8), // reserved / unused + take_bits!(1u8), // replay op + take_bits!(1u8), // dfs op + take_bits!(24u32), // reserved / unused + take_bits!(1u8), // signing + take_bits!(1u8), // chained + take_bits!(1u8), // async + take_bits!(1u8) // response )) >> chain_offset: le_u32 >> message_id: le_u64 diff --git a/rust/src/smb/smb3.rs b/rust/src/smb/smb3.rs index f90cddf71e..7043ef3ac2 100644 --- a/rust/src/smb/smb3.rs +++ b/rust/src/smb/smb3.rs @@ -15,7 +15,7 @@ * 02110-1301, USA. */ -use nom::{le_u16, le_u32, le_u64}; +use nom::number::complete::{le_u16, le_u32, le_u64}; #[derive(Debug,PartialEq)] pub struct Smb3TransformRecord<'a> { diff --git a/rust/src/smb/smb_records.rs b/rust/src/smb/smb_records.rs index 110d8eafeb..3d19fe9bfd 100644 --- a/rust/src/smb/smb_records.rs +++ b/rust/src/smb/smb_records.rs @@ -16,7 +16,8 @@ */ use nom; -use nom::{ErrorKind, IResult}; +use nom::IResult; +use nom::error::ErrorKind; use crate::log::*; /// parse a UTF16 string that is null terminated. Normally by 2 null diff --git a/rust/src/snmp/snmp.rs b/rust/src/snmp/snmp.rs index 954a388c91..36e30345d0 100644 --- a/rust/src/snmp/snmp.rs +++ b/rust/src/snmp/snmp.rs @@ -28,10 +28,12 @@ use std::mem::transmute; use crate::log::*; -use der_parser::{DerObjectContent,parse_der_sequence}; +use der_parser::ber::BerObjectContent; +use der_parser::der::parse_der_sequence; use der_parser::oid::Oid; use nom; -use nom::{ErrorKind,IResult}; +use nom::IResult; +use nom::error::ErrorKind; #[repr(u32)] pub enum SNMPEvent { @@ -537,7 +539,7 @@ fn parse_pdu_enveloppe_version(i:&[u8]) -> IResult<&[u8],u32> { match parse_der_sequence(i) { Ok((_,x)) => { match x.content { - DerObjectContent::Sequence(ref v) => { + BerObjectContent::Sequence(ref v) => { if v.len() == 3 { match v[0].as_u32() { Ok(0) => { return Ok((i,1)); }, // possibly SNMPv1