From: Jason Ish Date: Mon, 30 Aug 2021 21:49:58 +0000 (-0600) Subject: ike: use derive macro from app-layer events X-Git-Tag: suricata-7.0.0-beta1~1455 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=71679c6ad0624808729415745a87c15f8254483a;p=thirdparty%2Fsuricata.git ike: use derive macro from app-layer events --- diff --git a/rust/src/ike/ike.rs b/rust/src/ike/ike.rs index 38aefeb01b..cc30b42813 100644 --- a/rust/src/ike/ike.rs +++ b/rust/src/ike/ike.rs @@ -31,17 +31,17 @@ use crate::ike::parser::*; use nom; use std; use std::collections::HashSet; -use std::ffi::{CStr, CString}; +use std::ffi::CString; -#[repr(u32)] +#[derive(AppLayerEvent)] pub enum IkeEvent { - MalformedData = 0, + MalformedData, NoEncryption, WeakCryptoEnc, - WeakCryptoPRF, - WeakCryptoDH, + WeakCryptoPrf, + WeakCryptoDh, WeakCryptoAuth, - WeakCryptoNoDH, + WeakCryptoNoDh, WeakCryptoNoAuth, InvalidProposal, UnknownProposal, @@ -49,26 +49,6 @@ pub enum IkeEvent { MultipleServerProposal, } -impl IkeEvent { - pub fn from_i32(value: i32) -> Option { - match value { - 0 => Some(IkeEvent::MalformedData), - 1 => Some(IkeEvent::NoEncryption), - 2 => Some(IkeEvent::WeakCryptoEnc), - 3 => Some(IkeEvent::WeakCryptoPRF), - 4 => Some(IkeEvent::WeakCryptoDH), - 5 => Some(IkeEvent::WeakCryptoAuth), - 6 => Some(IkeEvent::WeakCryptoNoDH), - 7 => Some(IkeEvent::WeakCryptoNoAuth), - 8 => Some(IkeEvent::InvalidProposal), - 9 => Some(IkeEvent::UnknownProposal), - 10 => Some(IkeEvent::PayloadExtraData), - 11 => Some(IkeEvent::MultipleServerProposal), - _ => None, - } - } -} - pub struct IkeHeaderWrapper { pub spi_initiator: String, pub spi_responder: String, @@ -439,68 +419,6 @@ pub unsafe extern "C" fn rs_ike_state_get_events( return tx.events; } -#[no_mangle] -pub unsafe extern "C" fn rs_ike_state_get_event_info_by_id( - event_id: std::os::raw::c_int, event_name: *mut *const std::os::raw::c_char, - event_type: *mut core::AppLayerEventType, -) -> i8 { - if let Some(e) = IkeEvent::from_i32(event_id as i32) { - let estr = match e { - IkeEvent::MalformedData => "malformed_data\0", - IkeEvent::NoEncryption => "no_encryption\0", - IkeEvent::WeakCryptoEnc => "weak_crypto_enc\0", - IkeEvent::WeakCryptoPRF => "weak_crypto_prf\0", - IkeEvent::WeakCryptoDH => "weak_crypto_dh\0", - IkeEvent::WeakCryptoAuth => "weak_crypto_auth\0", - IkeEvent::WeakCryptoNoDH => "weak_crypto_nodh\0", - IkeEvent::WeakCryptoNoAuth => "weak_crypto_noauth\0", - IkeEvent::InvalidProposal => "invalid_proposal\0", - IkeEvent::UnknownProposal => "unknown_proposal\0", - IkeEvent::PayloadExtraData => "payload_extra_data\0", - IkeEvent::MultipleServerProposal => "multiple_server_proposal\0", - }; - *event_name = estr.as_ptr() as *const std::os::raw::c_char; - *event_type = core::APP_LAYER_EVENT_TYPE_TRANSACTION; - 0 - } else { - -1 - } -} - -#[no_mangle] -pub unsafe extern "C" fn rs_ike_state_get_event_info( - event_name: *const std::os::raw::c_char, event_id: *mut std::os::raw::c_int, - event_type: *mut core::AppLayerEventType, -) -> std::os::raw::c_int { - if event_name == std::ptr::null() { - return -1; - } - let c_event_name: &CStr = CStr::from_ptr(event_name); - let event = match c_event_name.to_str() { - Ok(s) => { - match s { - "malformed_data" => IkeEvent::MalformedData as i32, - "no_encryption" => IkeEvent::NoEncryption as i32, - "weak_crypto_enc" => IkeEvent::WeakCryptoEnc as i32, - "weak_crypto_prf" => IkeEvent::WeakCryptoPRF as i32, - "weak_crypto_auth" => IkeEvent::WeakCryptoAuth as i32, - "weak_crypto_dh" => IkeEvent::WeakCryptoDH as i32, - "weak_crypto_nodh" => IkeEvent::WeakCryptoNoDH as i32, - "weak_crypto_noauth" => IkeEvent::WeakCryptoNoAuth as i32, - "invalid_proposal" => IkeEvent::InvalidProposal as i32, - "unknown_proposal" => IkeEvent::UnknownProposal as i32, - "payload_extra_data" => IkeEvent::PayloadExtraData as i32, - "multiple_server_proposal" => IkeEvent::MultipleServerProposal as i32, - _ => -1, // unknown event - } - } - Err(_) => -1, // UTF-8 conversion failed - }; - *event_type = core::APP_LAYER_EVENT_TYPE_TRANSACTION; - *event_id = event as std::os::raw::c_int; - 0 -} - static mut ALPROTO_IKE : AppProto = ALPROTO_UNKNOWN; #[no_mangle] @@ -551,8 +469,8 @@ pub unsafe extern "C" fn rs_ike_register_parser() { get_de_state : rs_ike_tx_get_detect_state, set_de_state : rs_ike_tx_set_detect_state, get_events : Some(rs_ike_state_get_events), - get_eventinfo : Some(rs_ike_state_get_event_info), - get_eventinfo_byid : Some(rs_ike_state_get_event_info_by_id), + get_eventinfo : Some(IkeEvent::get_event_info), + get_eventinfo_byid : Some(IkeEvent::get_event_info_by_id), localstorage_new : None, localstorage_free : None, get_files : None, diff --git a/rust/src/ike/ikev2.rs b/rust/src/ike/ikev2.rs index 6a597c9e8e..6082a5beea 100644 --- a/rust/src/ike/ikev2.rs +++ b/rust/src/ike/ikev2.rs @@ -246,7 +246,7 @@ fn add_proposals(state: &mut IKEState, prop: &Vec, direction: u8) } IkeTransformPRFType::PRF_HMAC_MD5 | IkeTransformPRFType::PRF_HMAC_SHA1 => { SCLogDebug!("Weak PRF: {:?}", prf); - state.set_event(IkeEvent::WeakCryptoPRF); + state.set_event(IkeEvent::WeakCryptoPrf); } _ => (), }, @@ -279,7 +279,7 @@ fn add_proposals(state: &mut IKEState, prop: &Vec, direction: u8) | IkeTransformDHType::Modp1024s160 | IkeTransformDHType::Modp1536 => { SCLogDebug!("Weak DH: {:?}", dh); - state.set_event(IkeEvent::WeakCryptoDH); + state.set_event(IkeEvent::WeakCryptoDh); } _ => (), }, @@ -296,7 +296,7 @@ fn add_proposals(state: &mut IKEState, prop: &Vec, direction: u8) _ => false, }) { SCLogDebug!("No DH transform found"); - state.set_event(IkeEvent::WeakCryptoNoDH); + state.set_event(IkeEvent::WeakCryptoNoDh); } // Rule 3: check if proposing AH ([RFC7296] section 3.3.1) if p.protocol_id == ProtocolID::AH {