From: Pierre Chifflier <chifflier@wzdftpd.net>
Date: Mon, 19 Jun 2017 11:40:42 +0000 (+0200)
Subject: NTP: change parse function to return the number of parsed messages
X-Git-Tag: suricata-4.0.0-rc1~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a0549c42e9b6b70c53bd3b01b57ba25c95a4953;p=thirdparty%2Fsuricata.git

NTP: change parse function to return the number of parsed messages
---

diff --git a/rust/src/ntp/ntp.rs b/rust/src/ntp/ntp.rs
index de6544977c..3405ec5e26 100644
--- a/rust/src/ntp/ntp.rs
+++ b/rust/src/ntp/ntp.rs
@@ -84,6 +84,9 @@ impl NTPState {
 }
 
 impl NTPState {
+    /// Parse an NTP request message
+    ///
+    /// Returns The number of messages parsed, or -1 on error
     fn parse(&mut self, i: &[u8], _direction: u8) -> i8 {
         match parse_ntp(i) {
             IResult::Done(_,ref msg) => {
@@ -94,7 +97,7 @@ impl NTPState {
                     tx.xid = msg.ref_id;
                     self.transactions.push(tx);
                 }
-                0
+                1
             },
             IResult::Incomplete(_) => {
                 SCLogDebug!("Insufficient data while parsing NTP data");
@@ -367,3 +370,24 @@ pub extern "C" fn rs_ntp_state_get_event_info(event_name: *const libc::c_char,
     };
     0
 }
+
+#[cfg(test)]
+mod tests {
+    use super::NTPState;
+
+    #[test]
+    fn test_ntp_parse_request_valid() {
+        // A UDP NTP v4 request, in client mode
+        const REQ : &[u8] = &[
+            0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x18, 0x57, 0xab, 0xc3, 0x4a, 0x5f, 0x2c, 0xfe
+        ];
+
+        let mut state = NTPState::new();
+        assert_eq!(1, state.parse(REQ, 0));
+    }
+}