From: Philippe Antoine Date: Fri, 26 Apr 2024 08:45:08 +0000 (+0200) Subject: frames: rust API makes tx_id explicit X-Git-Tag: suricata-8.0.0-beta1~1330 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=715bf048ee13fd6e5a2ad4c8b90dd504a050d3b3;p=thirdparty%2Fsuricata.git frames: rust API makes tx_id explicit And set it right for SIP and websocket, so that relevant tx app-layer metadata gets logged. Ticket: 6973 --- diff --git a/doc/userguide/devguide/extending/app-layer/app-layer-frames.rst b/doc/userguide/devguide/extending/app-layer/app-layer-frames.rst index a810f5588d..cee854c6f3 100644 --- a/doc/userguide/devguide/extending/app-layer/app-layer-frames.rst +++ b/doc/userguide/devguide/extending/app-layer/app-layer-frames.rst @@ -142,6 +142,7 @@ The Frame API calls parameters represent: - ``frame_start``: a pointer to the start of the frame buffer in the stream (``cur_i`` in the SMB code snippet) - ``frame_len``: what we expect the frame length to be (the engine may need to wait until it has enough data. See what is done in the telnet snippet request frames registering) - ``frame_type``: type of frame it's being registering (defined in an enum, as shown further above) +- ``tx_id``: an optional transaction id, if the frame belongs to a transaction. May be set later like `frame_len` ``StreamSlice`` contains the input data to the parser, alongside other Stream-related data important in parsing context. Definition is found in *applayer.rs*: diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 5aaf5d00bf..4aac9ed90e 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -437,6 +437,7 @@ impl DNSState { input, input.len() as i64, DnsFrameType::Pdu as u8, + None, ); self.parse_request(input, false) } @@ -449,6 +450,7 @@ impl DNSState { input, input.len() as i64, DnsFrameType::Pdu as u8, + None, ); self.parse_response(input, false) } @@ -547,6 +549,7 @@ impl DNSState { msg, msg.len() as i64, DnsFrameType::Pdu as u8, + None, ); if self.parse_request(msg, true) { cur_i = &cur_i[(size + 2)..]; @@ -609,6 +612,7 @@ impl DNSState { msg, msg.len() as i64, DnsFrameType::Pdu as u8, + None, ); if self.parse_response(msg, true) { cur_i = &cur_i[(size + 2)..]; diff --git a/rust/src/frames.rs b/rust/src/frames.rs index 3a45d014b4..de1ee0e79c 100644 --- a/rust/src/frames.rs +++ b/rust/src/frames.rs @@ -59,7 +59,7 @@ impl Frame { #[allow(clippy::not_unsafe_ptr_arg_deref)] pub fn new( flow: *const Flow, stream_slice: &StreamSlice, frame_start: &[u8], frame_len: i64, - frame_type: u8, + frame_type: u8, tx_id: Option, ) -> Option { let offset = frame_start.as_ptr() as usize - stream_slice.as_slice().as_ptr() as usize; SCLogDebug!("offset {} stream_slice.len() {} frame_start.len() {}", offset, stream_slice.len(), frame_start.len()); @@ -75,10 +75,16 @@ impl Frame { }; let id = unsafe { AppLayerFrameGetId(frame) }; if id > 0 { - Some(Self { + let r = Self { id, direction: Direction::from(stream_slice.flags()), - }) + }; + if let Some(tx_id) = tx_id { + unsafe { + AppLayerFrameSetTxIdById(flow, r.direction(), id, tx_id); + }; + } + Some(r) } else { None } @@ -90,7 +96,7 @@ impl Frame { #[cfg(test)] pub fn new( _flow: *const Flow, _stream_slice: &StreamSlice, _frame_start: &[u8], _frame_len: i64, - _frame_type: u8, + _frame_type: u8, _tx_id: Option, ) -> Option { None } diff --git a/rust/src/mqtt/mqtt.rs b/rust/src/mqtt/mqtt.rs index 3b09e4423c..66067eb6fa 100644 --- a/rust/src/mqtt/mqtt.rs +++ b/rust/src/mqtt/mqtt.rs @@ -436,6 +436,7 @@ impl MQTTState { current, (current.len() - rem.len()) as i64, MQTTFrameType::Pdu as u8, + None, ); SCLogDebug!("request msg {:?}", msg); if let MQTTOperation::TRUNCATED(ref trunc) = msg.op { @@ -521,6 +522,7 @@ impl MQTTState { current, (current.len() - rem.len()) as i64, MQTTFrameType::Pdu as u8, + None, ); SCLogDebug!("response msg {:?}", msg); @@ -595,7 +597,7 @@ impl MQTTState { ) { let hdr = stream_slice.as_slice(); //MQTT payload has a fixed header of 2 bytes - let _mqtt_hdr = Frame::new(flow, stream_slice, hdr, 2, MQTTFrameType::Header as u8); + let _mqtt_hdr = Frame::new(flow, stream_slice, hdr, 2, MQTTFrameType::Header as u8, None); SCLogDebug!("mqtt_hdr Frame {:?}", _mqtt_hdr); let rem_length = input.header.remaining_length as usize; let data = &hdr[2..rem_length + 2]; @@ -605,6 +607,7 @@ impl MQTTState { data, rem_length as i64, MQTTFrameType::Data as u8, + None, ); SCLogDebug!("mqtt_data Frame {:?}", _mqtt_data); } diff --git a/rust/src/nfs/nfs.rs b/rust/src/nfs/nfs.rs index c1d257d229..98fb56b7e4 100644 --- a/rust/src/nfs/nfs.rs +++ b/rust/src/nfs/nfs.rs @@ -499,68 +499,68 @@ impl NFSState { } fn add_rpc_udp_ts_pdu(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], rpc_len: i64) -> Option { - let rpc_udp_ts_pdu = Frame::new(flow, stream_slice, input, rpc_len, NFSFrameType::RPCPdu as u8); + let rpc_udp_ts_pdu = Frame::new(flow, stream_slice, input, rpc_len, NFSFrameType::RPCPdu as u8, None); SCLogDebug!("rpc_udp_pdu ts frame {:?}", rpc_udp_ts_pdu); rpc_udp_ts_pdu } fn add_rpc_udp_ts_creds(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], creds_len: i64) { - let _rpc_udp_ts_creds = Frame::new(flow, stream_slice, input, creds_len, NFSFrameType::RPCCreds as u8); + let _rpc_udp_ts_creds = Frame::new(flow, stream_slice, input, creds_len, NFSFrameType::RPCCreds as u8, None); SCLogDebug!("rpc_creds ts frame {:?}", _rpc_udp_ts_creds); } fn add_rpc_tcp_ts_pdu(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], rpc_len: i64) -> Option { - let rpc_tcp_ts_pdu = Frame::new(flow, stream_slice, input, rpc_len, NFSFrameType::RPCPdu as u8); + let rpc_tcp_ts_pdu = Frame::new(flow, stream_slice, input, rpc_len, NFSFrameType::RPCPdu as u8, None); SCLogDebug!("rpc_tcp_pdu ts frame {:?}", rpc_tcp_ts_pdu); rpc_tcp_ts_pdu } fn add_rpc_tcp_ts_creds(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], creds_len: i64) { - let _rpc_tcp_ts_creds = Frame::new(flow, stream_slice, input, creds_len, NFSFrameType::RPCCreds as u8); + let _rpc_tcp_ts_creds = Frame::new(flow, stream_slice, input, creds_len, NFSFrameType::RPCCreds as u8, None); SCLogDebug!("rpc_tcp_ts_creds {:?}", _rpc_tcp_ts_creds); } fn add_nfs_ts_frame(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nfs_len: i64) { - let _nfs_req_pdu = Frame::new(flow, stream_slice, input, nfs_len, NFSFrameType::NFSPdu as u8); + let _nfs_req_pdu = Frame::new(flow, stream_slice, input, nfs_len, NFSFrameType::NFSPdu as u8, None); SCLogDebug!("nfs_ts_pdu Frame {:?}", _nfs_req_pdu); } fn add_nfs4_ts_frames(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nfs4_len: i64) { - let _nfs4_ts_pdu = Frame::new(flow, stream_slice, input, nfs4_len, NFSFrameType::NFS4Pdu as u8); + let _nfs4_ts_pdu = Frame::new(flow, stream_slice, input, nfs4_len, NFSFrameType::NFS4Pdu as u8, None); SCLogDebug!("nfs4_ts_pdu Frame: {:?}", _nfs4_ts_pdu); if nfs4_len > 8 { - let _nfs4_ts_hdr = Frame::new(flow, stream_slice, input, 8, NFSFrameType::NFS4Hdr as u8); + let _nfs4_ts_hdr = Frame::new(flow, stream_slice, input, 8, NFSFrameType::NFS4Hdr as u8, None); SCLogDebug!("nfs4_ts_hdr Frame {:?}", _nfs4_ts_hdr); - let _nfs4_ts_ops = Frame::new(flow, stream_slice, &input[8..], nfs4_len - 8, NFSFrameType::NFS4Ops as u8); + let _nfs4_ts_ops = Frame::new(flow, stream_slice, &input[8..], nfs4_len - 8, NFSFrameType::NFS4Ops as u8, None); SCLogDebug!("nfs4_ts_ops Frame {:?}", _nfs4_ts_ops); } } fn add_rpc_udp_tc_pdu(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], rpc_len: i64) -> Option { - let rpc_udp_tc_pdu = Frame::new(flow, stream_slice, input, rpc_len, NFSFrameType::RPCPdu as u8); + let rpc_udp_tc_pdu = Frame::new(flow, stream_slice, input, rpc_len, NFSFrameType::RPCPdu as u8, None); SCLogDebug!("rpc_tc_pdu frame {:?}", rpc_udp_tc_pdu); rpc_udp_tc_pdu } fn add_rpc_udp_tc_frames(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], rpc_len: i64) { if rpc_len > 8 { - let _rpc_udp_tc_hdr = Frame::new(flow, stream_slice, input, 8, NFSFrameType::RPCHdr as u8); - let _rpc_udp_tc_data = Frame::new(flow, stream_slice, &input[8..], rpc_len - 8, NFSFrameType::RPCData as u8); + let _rpc_udp_tc_hdr = Frame::new(flow, stream_slice, input, 8, NFSFrameType::RPCHdr as u8, None); + let _rpc_udp_tc_data = Frame::new(flow, stream_slice, &input[8..], rpc_len - 8, NFSFrameType::RPCData as u8, None); SCLogDebug!("rpc_udp_tc_hdr frame {:?}", _rpc_udp_tc_hdr); SCLogDebug!("rpc_udp_tc_data frame {:?}", _rpc_udp_tc_data); } } fn add_rpc_tcp_tc_pdu(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], rpc_tcp_len: i64) -> Option { - let rpc_tcp_tc_pdu = Frame::new(flow, stream_slice, input, rpc_tcp_len, NFSFrameType::RPCPdu as u8); + let rpc_tcp_tc_pdu = Frame::new(flow, stream_slice, input, rpc_tcp_len, NFSFrameType::RPCPdu as u8, None); SCLogDebug!("rpc_tcp_pdu tc frame {:?}", rpc_tcp_tc_pdu); rpc_tcp_tc_pdu } fn add_rpc_tcp_tc_frames(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], rpc_tcp_len: i64) { if rpc_tcp_len > 12 { - let _rpc_tcp_tc_hdr = Frame::new(flow, stream_slice, input, 12, NFSFrameType::RPCHdr as u8); - let _rpc_tcp_tc_data = Frame::new(flow, stream_slice, &input[12..], rpc_tcp_len - 12, NFSFrameType::RPCData as u8); + let _rpc_tcp_tc_hdr = Frame::new(flow, stream_slice, input, 12, NFSFrameType::RPCHdr as u8, None); + let _rpc_tcp_tc_data = Frame::new(flow, stream_slice, &input[12..], rpc_tcp_len - 12, NFSFrameType::RPCData as u8, None); SCLogDebug!("rpc_tcp_tc_hdr frame {:?}", _rpc_tcp_tc_hdr); SCLogDebug!("rpc_tcp_tc_data frame {:?}", _rpc_tcp_tc_data); } @@ -568,24 +568,24 @@ impl NFSState { fn add_nfs_tc_frames(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nfs_len: i64) { if nfs_len > 0 { - let _nfs_tc_pdu = Frame::new(flow, stream_slice, input, nfs_len, NFSFrameType::NFSPdu as u8); + let _nfs_tc_pdu = Frame::new(flow, stream_slice, input, nfs_len, NFSFrameType::NFSPdu as u8, None); SCLogDebug!("nfs_tc_pdu frame {:?}", _nfs_tc_pdu); - let _nfs_res_status = Frame::new(flow, stream_slice, input, 4, NFSFrameType::NFSStatus as u8); + let _nfs_res_status = Frame::new(flow, stream_slice, input, 4, NFSFrameType::NFSStatus as u8, None); SCLogDebug!("nfs_tc_status frame {:?}", _nfs_res_status); } } fn add_nfs4_tc_frames(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nfs4_len: i64) { if nfs4_len > 0 { - let _nfs4_tc_pdu = Frame::new(flow, stream_slice, input, nfs4_len, NFSFrameType::NFS4Pdu as u8); + let _nfs4_tc_pdu = Frame::new(flow, stream_slice, input, nfs4_len, NFSFrameType::NFS4Pdu as u8, None); SCLogDebug!("nfs4_tc_pdu frame {:?}", _nfs4_tc_pdu); - let _nfs4_tc_status = Frame::new(flow, stream_slice, input, 4, NFSFrameType::NFS4Status as u8); + let _nfs4_tc_status = Frame::new(flow, stream_slice, input, 4, NFSFrameType::NFS4Status as u8, None); SCLogDebug!("nfs4_tc_status frame {:?}", _nfs4_tc_status); } if nfs4_len > 8 { - let _nfs4_tc_hdr = Frame::new(flow, stream_slice, input, 8, NFSFrameType::NFS4Hdr as u8); + let _nfs4_tc_hdr = Frame::new(flow, stream_slice, input, 8, NFSFrameType::NFS4Hdr as u8, None); SCLogDebug!("nfs4_tc_hdr frame {:?}", _nfs4_tc_hdr); - let _nfs4_tc_ops = Frame::new(flow, stream_slice, &input[8..], nfs4_len - 8, NFSFrameType::NFS4Ops as u8); + let _nfs4_tc_ops = Frame::new(flow, stream_slice, &input[8..], nfs4_len - 8, NFSFrameType::NFS4Ops as u8, None); SCLogDebug!("nfs4_tc_ops frame {:?}", _nfs4_tc_ops); } } diff --git a/rust/src/rfb/rfb.rs b/rust/src/rfb/rfb.rs index 058ec53f66..c17455bc06 100644 --- a/rust/src/rfb/rfb.rs +++ b/rust/src/rfb/rfb.rs @@ -194,6 +194,7 @@ impl RFBState { current, consumed as i64, RFBFrameType::Pdu as u8, + None, ); current = rem; @@ -235,6 +236,7 @@ impl RFBState { current, consumed as i64, RFBFrameType::Pdu as u8, + None, ); current = rem; @@ -293,6 +295,7 @@ impl RFBState { current, consumed as i64, RFBFrameType::Pdu as u8, + None, ); current = rem; @@ -330,6 +333,7 @@ impl RFBState { current, consumed as i64, RFBFrameType::Pdu as u8, + None, ); current = rem; @@ -413,6 +417,7 @@ impl RFBState { current, consumed as i64, RFBFrameType::Pdu as u8, + None, ); current = rem; @@ -449,6 +454,7 @@ impl RFBState { current, consumed as i64, RFBFrameType::Pdu as u8, + None, ); current = rem; @@ -503,6 +509,7 @@ impl RFBState { current, consumed as i64, RFBFrameType::Pdu as u8, + None, ); current = rem; @@ -566,6 +573,7 @@ impl RFBState { current, consumed as i64, RFBFrameType::Pdu as u8, + None, ); current = rem; @@ -604,6 +612,7 @@ impl RFBState { current, consumed as i64, RFBFrameType::Pdu as u8, + None, ); current = rem; @@ -684,6 +693,7 @@ impl RFBState { current, consumed as i64, RFBFrameType::Pdu as u8, + None, ); current = rem; diff --git a/rust/src/sip/sip.rs b/rust/src/sip/sip.rs index e34783fe74..a7613bb671 100755 --- a/rust/src/sip/sip.rs +++ b/rust/src/sip/sip.rs @@ -112,15 +112,6 @@ impl SIPState { } } - fn build_tx_request(&mut self, input: &[u8], request: Request) { - let mut tx = self.new_tx(crate::core::Direction::ToServer); - tx.request = Some(request); - if let Ok((_, req_line)) = sip_take_line(input) { - tx.request_line = req_line; - } - self.transactions.push_back(tx); - } - // app-layer-frame-documentation tag start: parse_request fn parse_request(&mut self, flow: *const core::Flow, stream_slice: StreamSlice) -> bool { let input = stream_slice.as_slice(); @@ -130,13 +121,19 @@ impl SIPState { input, input.len() as i64, SIPFrameType::Pdu as u8, + None, ); SCLogDebug!("ts: pdu {:?}", _pdu); match sip_parse_request(input) { Ok((_, request)) => { - sip_frames_ts(flow, &stream_slice, &request); - self.build_tx_request(input, request); + let mut tx = self.new_tx(crate::core::Direction::ToServer); + sip_frames_ts(flow, &stream_slice, &request, tx.id); + tx.request = Some(request); + if let Ok((_, req_line)) = sip_take_line(input) { + tx.request_line = req_line; + } + self.transactions.push_back(tx); return true; } // app-layer-frame-documentation tag end: parse_request @@ -168,18 +165,26 @@ impl SIPState { start, -1_i64, SIPFrameType::Pdu as u8, + None, ); SCLogDebug!("ts: pdu {:?}", self.request_frame); } match sip_parse_request(start) { Ok((rem, request)) => { - sip_frames_ts(flow, &stream_slice, &request); - self.build_tx_request(start, request); + let mut tx = self.new_tx(crate::core::Direction::ToServer); + let tx_id = tx.id; + sip_frames_ts(flow, &stream_slice, &request, tx_id); + tx.request = Some(request); + if let Ok((_, req_line)) = sip_take_line(input) { + tx.request_line = req_line; + } + self.transactions.push_back(tx); let consumed = start.len() - rem.len(); start = rem; if let Some(frame) = &self.request_frame { frame.set_len(flow, consumed as i64); + frame.set_tx(flow, tx_id); self.request_frame = None; } } @@ -204,15 +209,6 @@ impl SIPState { return AppLayerResult::ok(); } - fn build_tx_response(&mut self, input: &[u8], response: Response) { - let mut tx = self.new_tx(crate::core::Direction::ToClient); - tx.response = Some(response); - if let Ok((_, resp_line)) = sip_take_line(input) { - tx.response_line = resp_line; - } - self.transactions.push_back(tx); - } - fn parse_response(&mut self, flow: *const core::Flow, stream_slice: StreamSlice) -> bool { let input = stream_slice.as_slice(); let _pdu = Frame::new( @@ -221,13 +217,19 @@ impl SIPState { input, input.len() as i64, SIPFrameType::Pdu as u8, + None, ); SCLogDebug!("tc: pdu {:?}", _pdu); match sip_parse_response(input) { Ok((_, response)) => { - sip_frames_tc(flow, &stream_slice, &response); - self.build_tx_response(input, response); + let mut tx = self.new_tx(crate::core::Direction::ToClient); + sip_frames_tc(flow, &stream_slice, &response, tx.id); + tx.response = Some(response); + if let Ok((_, resp_line)) = sip_take_line(input) { + tx.response_line = resp_line; + } + self.transactions.push_back(tx); return true; } Err(Err::Incomplete(_)) => { @@ -258,18 +260,26 @@ impl SIPState { start, -1_i64, SIPFrameType::Pdu as u8, + None, ); SCLogDebug!("tc: pdu {:?}", self.request_frame); } match sip_parse_response(start) { Ok((rem, response)) => { - sip_frames_tc(flow, &stream_slice, &response); - self.build_tx_response(start, response); + let mut tx = self.new_tx(crate::core::Direction::ToClient); + let tx_id = tx.id; + sip_frames_tc(flow, &stream_slice, &response, tx_id); + tx.response = Some(response); + if let Ok((_, resp_line)) = sip_take_line(input) { + tx.response_line = resp_line; + } + self.transactions.push_back(tx); let consumed = start.len() - rem.len(); start = rem; if let Some(frame) = &self.response_frame { frame.set_len(flow, consumed as i64); + frame.set_tx(flow, tx_id); self.response_frame = None; } } @@ -309,7 +319,7 @@ impl SIPTransaction { } // app-layer-frame-documentation tag start: function to add frames -fn sip_frames_ts(flow: *const core::Flow, stream_slice: &StreamSlice, r: &Request) { +fn sip_frames_ts(flow: *const core::Flow, stream_slice: &StreamSlice, r: &Request, tx_id: u64) { let oi = stream_slice.as_slice(); let _f = Frame::new( flow, @@ -317,6 +327,7 @@ fn sip_frames_ts(flow: *const core::Flow, stream_slice: &StreamSlice, r: &Reques oi, r.request_line_len as i64, SIPFrameType::RequestLine as u8, + Some(tx_id), ); SCLogDebug!("ts: request_line {:?}", _f); let hi = &oi[r.request_line_len as usize..]; @@ -326,6 +337,7 @@ fn sip_frames_ts(flow: *const core::Flow, stream_slice: &StreamSlice, r: &Reques hi, r.headers_len as i64, SIPFrameType::RequestHeaders as u8, + Some(tx_id), ); SCLogDebug!("ts: request_headers {:?}", _f); if r.body_len > 0 { @@ -336,13 +348,14 @@ fn sip_frames_ts(flow: *const core::Flow, stream_slice: &StreamSlice, r: &Reques bi, r.body_len as i64, SIPFrameType::RequestBody as u8, + Some(tx_id), ); SCLogDebug!("ts: request_body {:?}", _f); } } // app-layer-frame-documentation tag end: function to add frames -fn sip_frames_tc(flow: *const core::Flow, stream_slice: &StreamSlice, r: &Response) { +fn sip_frames_tc(flow: *const core::Flow, stream_slice: &StreamSlice, r: &Response, tx_id: u64) { let oi = stream_slice.as_slice(); let _f = Frame::new( flow, @@ -350,6 +363,7 @@ fn sip_frames_tc(flow: *const core::Flow, stream_slice: &StreamSlice, r: &Respon oi, r.response_line_len as i64, SIPFrameType::ResponseLine as u8, + Some(tx_id), ); let hi = &oi[r.response_line_len as usize..]; SCLogDebug!("tc: response_line {:?}", _f); @@ -359,6 +373,7 @@ fn sip_frames_tc(flow: *const core::Flow, stream_slice: &StreamSlice, r: &Respon hi, r.headers_len as i64, SIPFrameType::ResponseHeaders as u8, + Some(tx_id), ); SCLogDebug!("tc: response_headers {:?}", _f); if r.body_len > 0 { @@ -369,6 +384,7 @@ fn sip_frames_tc(flow: *const core::Flow, stream_slice: &StreamSlice, r: &Respon bi, r.body_len as i64, SIPFrameType::ResponseBody as u8, + Some(tx_id), ); SCLogDebug!("tc: response_body {:?}", _f); } diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index 4f777d6846..fbbb636e89 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -1196,53 +1196,53 @@ impl SMBState { } fn add_nbss_ts_frames(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nbss_len: i64) -> (Option, Option, Option) { - let nbss_pdu = Frame::new(flow, stream_slice, input, nbss_len + 4, SMBFrameType::NBSSPdu as u8); + let nbss_pdu = Frame::new(flow, stream_slice, input, nbss_len + 4, SMBFrameType::NBSSPdu as u8, None); SCLogDebug!("NBSS PDU frame {:?}", nbss_pdu); - let nbss_hdr_frame = Frame::new(flow, stream_slice, input, 4_i64, SMBFrameType::NBSSHdr as u8); + let nbss_hdr_frame = Frame::new(flow, stream_slice, input, 4_i64, SMBFrameType::NBSSHdr as u8, None); SCLogDebug!("NBSS HDR frame {:?}", nbss_hdr_frame); - let nbss_data_frame = Frame::new(flow, stream_slice, &input[4..], nbss_len, SMBFrameType::NBSSData as u8); + let nbss_data_frame = Frame::new(flow, stream_slice, &input[4..], nbss_len, SMBFrameType::NBSSData as u8, None); SCLogDebug!("NBSS DATA frame {:?}", nbss_data_frame); (nbss_pdu, nbss_hdr_frame, nbss_data_frame) } fn add_smb1_ts_pdu_frame(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nbss_len: i64) -> Option { - let smb_pdu = Frame::new(flow, stream_slice, input, nbss_len, SMBFrameType::SMB1Pdu as u8); + let smb_pdu = Frame::new(flow, stream_slice, input, nbss_len, SMBFrameType::SMB1Pdu as u8, None); SCLogDebug!("SMB PDU frame {:?}", smb_pdu); smb_pdu } fn add_smb1_ts_hdr_data_frames(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nbss_len: i64) { - let _smb1_hdr = Frame::new(flow, stream_slice, input, 32_i64, SMBFrameType::SMB1Hdr as u8); + let _smb1_hdr = Frame::new(flow, stream_slice, input, 32_i64, SMBFrameType::SMB1Hdr as u8, None); SCLogDebug!("SMBv1 HDR frame {:?}", _smb1_hdr); if input.len() > 32 { - let _smb1_data = Frame::new(flow, stream_slice, &input[32..], nbss_len - 32, SMBFrameType::SMB1Data as u8); + let _smb1_data = Frame::new(flow, stream_slice, &input[32..], nbss_len - 32, SMBFrameType::SMB1Data as u8, None); SCLogDebug!("SMBv1 DATA frame {:?}", _smb1_data); } } fn add_smb2_ts_pdu_frame(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nbss_len: i64) -> Option { - let smb_pdu = Frame::new(flow, stream_slice, input, nbss_len, SMBFrameType::SMB2Pdu as u8); + let smb_pdu = Frame::new(flow, stream_slice, input, nbss_len, SMBFrameType::SMB2Pdu as u8, None); SCLogDebug!("SMBv2 PDU frame {:?}", smb_pdu); smb_pdu } fn add_smb2_ts_hdr_data_frames(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nbss_len: i64, hdr_len: i64) { - let _smb2_hdr = Frame::new(flow, stream_slice, input, hdr_len, SMBFrameType::SMB2Hdr as u8); + let _smb2_hdr = Frame::new(flow, stream_slice, input, hdr_len, SMBFrameType::SMB2Hdr as u8, None); SCLogDebug!("SMBv2 HDR frame {:?}", _smb2_hdr); if input.len() > hdr_len as usize { - let _smb2_data = Frame::new(flow, stream_slice, &input[hdr_len as usize..], nbss_len - hdr_len, SMBFrameType::SMB2Data as u8); + let _smb2_data = Frame::new(flow, stream_slice, &input[hdr_len as usize..], nbss_len - hdr_len, SMBFrameType::SMB2Data as u8, None); SCLogDebug!("SMBv2 DATA frame {:?}", _smb2_data); } } fn add_smb3_ts_pdu_frame(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nbss_len: i64) -> Option { - let smb_pdu = Frame::new(flow, stream_slice, input, nbss_len, SMBFrameType::SMB3Pdu as u8); + let smb_pdu = Frame::new(flow, stream_slice, input, nbss_len, SMBFrameType::SMB3Pdu as u8, None); SCLogDebug!("SMBv3 PDU frame {:?}", smb_pdu); smb_pdu } fn add_smb3_ts_hdr_data_frames(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nbss_len: i64) { - let _smb3_hdr = Frame::new(flow, stream_slice, input, 52_i64, SMBFrameType::SMB3Hdr as u8); + let _smb3_hdr = Frame::new(flow, stream_slice, input, 52_i64, SMBFrameType::SMB3Hdr as u8, None); SCLogDebug!("SMBv3 HDR frame {:?}", _smb3_hdr); if input.len() > 52 { - let _smb3_data = Frame::new(flow, stream_slice, &input[52..], nbss_len - 52, SMBFrameType::SMB3Data as u8); + let _smb3_data = Frame::new(flow, stream_slice, &input[52..], nbss_len - 52, SMBFrameType::SMB3Data as u8, None); SCLogDebug!("SMBv3 DATA frame {:?}", _smb3_data); } } @@ -1532,53 +1532,53 @@ impl SMBState { } fn add_nbss_tc_frames(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nbss_len: i64) -> (Option, Option, Option) { - let nbss_pdu = Frame::new(flow, stream_slice, input, nbss_len + 4, SMBFrameType::NBSSPdu as u8); + let nbss_pdu = Frame::new(flow, stream_slice, input, nbss_len + 4, SMBFrameType::NBSSPdu as u8, None); SCLogDebug!("NBSS PDU frame {:?}", nbss_pdu); - let nbss_hdr_frame = Frame::new(flow, stream_slice, input, 4_i64, SMBFrameType::NBSSHdr as u8); + let nbss_hdr_frame = Frame::new(flow, stream_slice, input, 4_i64, SMBFrameType::NBSSHdr as u8, None); SCLogDebug!("NBSS HDR frame {:?}", nbss_hdr_frame); - let nbss_data_frame = Frame::new(flow, stream_slice, &input[4..], nbss_len, SMBFrameType::NBSSData as u8); + let nbss_data_frame = Frame::new(flow, stream_slice, &input[4..], nbss_len, SMBFrameType::NBSSData as u8, None); SCLogDebug!("NBSS DATA frame {:?}", nbss_data_frame); (nbss_pdu, nbss_hdr_frame, nbss_data_frame) } fn add_smb1_tc_pdu_frame(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nbss_len: i64) -> Option { - let smb_pdu = Frame::new(flow, stream_slice, input, nbss_len, SMBFrameType::SMB1Pdu as u8); + let smb_pdu = Frame::new(flow, stream_slice, input, nbss_len, SMBFrameType::SMB1Pdu as u8, None); SCLogDebug!("SMB PDU frame {:?}", smb_pdu); smb_pdu } fn add_smb1_tc_hdr_data_frames(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nbss_len: i64) { - let _smb1_hdr = Frame::new(flow, stream_slice, input, SMB1_HEADER_SIZE as i64, SMBFrameType::SMB1Hdr as u8); + let _smb1_hdr = Frame::new(flow, stream_slice, input, SMB1_HEADER_SIZE as i64, SMBFrameType::SMB1Hdr as u8, None); SCLogDebug!("SMBv1 HDR frame {:?}", _smb1_hdr); if input.len() > SMB1_HEADER_SIZE { let _smb1_data = Frame::new(flow, stream_slice, &input[SMB1_HEADER_SIZE..], nbss_len - SMB1_HEADER_SIZE as i64, - SMBFrameType::SMB1Data as u8); + SMBFrameType::SMB1Data as u8, None); SCLogDebug!("SMBv1 DATA frame {:?}", _smb1_data); } } fn add_smb2_tc_pdu_frame(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nbss_len: i64) -> Option { - let smb_pdu = Frame::new(flow, stream_slice, input, nbss_len, SMBFrameType::SMB2Pdu as u8); + let smb_pdu = Frame::new(flow, stream_slice, input, nbss_len, SMBFrameType::SMB2Pdu as u8, None); SCLogDebug!("SMBv2 PDU frame {:?}", smb_pdu); smb_pdu } fn add_smb2_tc_hdr_data_frames(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nbss_len: i64, hdr_len: i64) { - let _smb2_hdr = Frame::new(flow, stream_slice, input, hdr_len, SMBFrameType::SMB2Hdr as u8); + let _smb2_hdr = Frame::new(flow, stream_slice, input, hdr_len, SMBFrameType::SMB2Hdr as u8, None); SCLogDebug!("SMBv2 HDR frame {:?}", _smb2_hdr); if input.len() > hdr_len as usize { - let _smb2_data = Frame::new(flow, stream_slice, &input[hdr_len as usize ..], nbss_len - hdr_len, SMBFrameType::SMB2Data as u8); + let _smb2_data = Frame::new(flow, stream_slice, &input[hdr_len as usize ..], nbss_len - hdr_len, SMBFrameType::SMB2Data as u8, None); SCLogDebug!("SMBv2 DATA frame {:?}", _smb2_data); } } fn add_smb3_tc_pdu_frame(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nbss_len: i64) { - let _smb_pdu = Frame::new(flow, stream_slice, input, nbss_len, SMBFrameType::SMB3Pdu as u8); + let _smb_pdu = Frame::new(flow, stream_slice, input, nbss_len, SMBFrameType::SMB3Pdu as u8, None); SCLogDebug!("SMBv3 PDU frame {:?}", _smb_pdu); } fn add_smb3_tc_hdr_data_frames(&mut self, flow: *const Flow, stream_slice: &StreamSlice, input: &[u8], nbss_len: i64) { - let _smb3_hdr = Frame::new(flow, stream_slice, input, 52_i64, SMBFrameType::SMB3Hdr as u8); + let _smb3_hdr = Frame::new(flow, stream_slice, input, 52_i64, SMBFrameType::SMB3Hdr as u8, None); SCLogDebug!("SMBv3 HDR frame {:?}", _smb3_hdr); if input.len() > 52 { - let _smb3_data = Frame::new(flow, stream_slice, &input[52..], nbss_len - 52, SMBFrameType::SMB3Data as u8); + let _smb3_data = Frame::new(flow, stream_slice, &input[52..], nbss_len - 52, SMBFrameType::SMB3Data as u8, None); SCLogDebug!("SMBv3 DATA frame {:?}", _smb3_data); } } diff --git a/rust/src/telnet/telnet.rs b/rust/src/telnet/telnet.rs index f1e7eec502..2a63b73321 100644 --- a/rust/src/telnet/telnet.rs +++ b/rust/src/telnet/telnet.rs @@ -164,6 +164,7 @@ impl TelnetState { start, -1_i64, TelnetFrameType::Pdu as u8, + None, ); } if self.request_specific_frame.is_none() { @@ -175,6 +176,7 @@ impl TelnetState { start, -1_i64, TelnetFrameType::Ctl as u8, + None, ) } else { Frame::new( @@ -183,6 +185,7 @@ impl TelnetState { start, -1_i64, TelnetFrameType::Data as u8, + None, ) // app-layer-frame-documentation tag end: parse_request }; @@ -266,14 +269,14 @@ impl TelnetState { let mut start = input; while !start.is_empty() { if self.response_frame.is_none() { - self.response_frame = Frame::new(flow, stream_slice, start, -1_i64, TelnetFrameType::Pdu as u8); + self.response_frame = Frame::new(flow, stream_slice, start, -1_i64, TelnetFrameType::Pdu as u8, None); } if self.response_specific_frame.is_none() { if let Ok((_, is_ctl)) = parser::peek_message_is_ctl(start) { self.response_specific_frame = if is_ctl { - Frame::new(flow, stream_slice, start, -1_i64, TelnetFrameType::Ctl as u8) + Frame::new(flow, stream_slice, start, -1_i64, TelnetFrameType::Ctl as u8, None) } else { - Frame::new(flow, stream_slice, start, -1_i64, TelnetFrameType::Data as u8) + Frame::new(flow, stream_slice, start, -1_i64, TelnetFrameType::Data as u8, None) }; } } diff --git a/rust/src/websocket/websocket.rs b/rust/src/websocket/websocket.rs index 4e94ea79b4..8e5f24816b 100644 --- a/rust/src/websocket/websocket.rs +++ b/rust/src/websocket/websocket.rs @@ -158,12 +158,14 @@ impl WebSocketState { while !start.is_empty() { match parser::parse_message(start, max_pl_size) { Ok((rem, pdu)) => { + let mut tx = self.new_tx(direction); let _pdu = Frame::new( flow, &stream_slice, start, (start.len() - rem.len() - pdu.payload.len()) as i64, WebSocketFrameType::Header as u8, + Some(tx.tx_id), ); let _pdu = Frame::new( flow, @@ -171,9 +173,9 @@ impl WebSocketState { start, (start.len() - rem.len()) as i64, WebSocketFrameType::Pdu as u8, + Some(tx.tx_id), ); start = rem; - let mut tx = self.new_tx(direction); if pdu.to_skip > 0 { if direction == Direction::ToClient { self.to_skip_tc = pdu.to_skip;