From: Victor Julien Date: Mon, 16 Oct 2017 13:30:28 +0000 (+0200) Subject: rust/nfs: add support for detect_flags API X-Git-Tag: suricata-4.1.0-beta1~322 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8cda2a43510d3465a8134e2263973919ca990223;p=thirdparty%2Fsuricata.git rust/nfs: add support for detect_flags API --- diff --git a/rust/src/nfs/nfs.rs b/rust/src/nfs/nfs.rs index 9b18d7d904..20b35575e4 100644 --- a/rust/src/nfs/nfs.rs +++ b/rust/src/nfs/nfs.rs @@ -171,6 +171,9 @@ pub struct NFSTransaction { /// attempt failed. pub type_data: Option, + detect_flags_ts: u64, + detect_flags_tc: u64, + pub logged: LoggerFlags, pub de_state: Option<*mut DetectEngineState>, pub events: *mut AppLayerDecoderEvents, @@ -198,6 +201,8 @@ impl NFSTransaction { file_tx_direction: 0, file_handle:Vec::new(), type_data: None, + detect_flags_ts: 0, + detect_flags_tc: 0, logged: LoggerFlags::new(), de_state: None, events: std::ptr::null_mut(), @@ -1916,6 +1921,32 @@ pub extern "C" fn rs_nfs3_state_get_tx_detect_state( } } +#[no_mangle] +pub extern "C" fn rs_nfs_tx_set_detect_flags( + tx: &mut NFSTransaction, + direction: libc::uint8_t, + flags: libc::uint64_t) +{ + if (direction & STREAM_TOSERVER) != 0 { + tx.detect_flags_ts = flags as u64; + } else { + tx.detect_flags_tc = flags as u64; + } +} + +#[no_mangle] +pub extern "C" fn rs_nfs_tx_get_detect_flags( + tx: &mut NFSTransaction, + direction: libc::uint8_t) + -> libc::uint64_t +{ + if (direction & STREAM_TOSERVER) != 0 { + return tx.detect_flags_ts as libc::uint64_t; + } else { + return tx.detect_flags_tc as libc::uint64_t; + } +} + #[no_mangle] pub extern "C" fn rs_nfs_state_has_events(state: &mut NFSState) -> u8 { if state.events > 0 { diff --git a/src/app-layer-nfs-tcp.c b/src/app-layer-nfs-tcp.c index 61e007de58..1c68dd0b7b 100644 --- a/src/app-layer-nfs-tcp.c +++ b/src/app-layer-nfs-tcp.c @@ -242,6 +242,16 @@ static FileContainer *NFSTCPGetFiles(void *state, uint8_t direction) return rs_nfs3_getfiles(direction, state); } +static void NFSTCPSetDetectFlags(void *tx, uint8_t dir, uint64_t flags) +{ + rs_nfs_tx_set_detect_flags(tx, dir, flags); +} + +static uint64_t NFSTCPGetDetectFlags(void *tx, uint8_t dir) +{ + return rs_nfs_tx_get_detect_flags(tx, dir); +} + static StreamingBufferConfig sbcfg = STREAMING_BUFFER_CONFIG_INITIALIZER; static SuricataFileContext sfc = { &sbcfg }; @@ -342,6 +352,9 @@ void RegisterNFSTCPParsers(void) AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_NFS, NFSTCPGetEvents); + AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_TCP, ALPROTO_NFS, + NFSTCPGetDetectFlags, NFSTCPSetDetectFlags); + /* This parser accepts gaps. */ AppLayerParserRegisterOptionFlags(IPPROTO_TCP, ALPROTO_NFS, APP_LAYER_PARSER_OPT_ACCEPT_GAPS); diff --git a/src/app-layer-nfs-udp.c b/src/app-layer-nfs-udp.c index 74d581c88a..71a836c869 100644 --- a/src/app-layer-nfs-udp.c +++ b/src/app-layer-nfs-udp.c @@ -247,6 +247,16 @@ static FileContainer *NFSGetFiles(void *state, uint8_t direction) return rs_nfs3_getfiles(direction, state); } +static void NFSSetDetectFlags(void *tx, uint8_t dir, uint64_t flags) +{ + rs_nfs_tx_set_detect_flags(tx, dir, flags); +} + +static uint64_t NFSGetDetectFlags(void *tx, uint8_t dir) +{ + return rs_nfs_tx_get_detect_flags(tx, dir); +} + static StreamingBufferConfig sbcfg = STREAMING_BUFFER_CONFIG_INITIALIZER; static SuricataFileContext sfc = { &sbcfg }; @@ -346,6 +356,10 @@ void RegisterNFSUDPParsers(void) NFSStateGetEventInfo); AppLayerParserRegisterGetEventsFunc(IPPROTO_UDP, ALPROTO_NFS, NFSGetEvents); + + AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_UDP, ALPROTO_NFS, + NFSGetDetectFlags, NFSSetDetectFlags); + } else { SCLogNotice("NFS protocol parsing disabled.");