From: Pierre Chifflier <chifflier@wzdftpd.net>
Date: Wed, 12 Jan 2022 09:50:42 +0000 (+0100)
Subject: rust/ntp: upgrade dependency on ntp-parser
X-Git-Tag: suricata-7.0.0-beta1~908
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b5166bdb9396a7e7b878fea9bd62a11080aafa58;p=thirdparty%2Fsuricata.git

rust/ntp: upgrade dependency on ntp-parser
---

diff --git a/rust/Cargo.toml.in b/rust/Cargo.toml.in
index 1e407bdddc..b53a40d2a9 100644
--- a/rust/Cargo.toml.in
+++ b/rust/Cargo.toml.in
@@ -40,7 +40,7 @@ sawp-modbus = "~0.5.0"
 sawp = "~0.5.0"
 der-parser = "~4.0.2"
 kerberos-parser = "~0.5.0"
-ntp-parser = "~0.4.0"
+ntp-parser = "~0.6.0"
 ipsec-parser = "~0.7.0"
 snmp-parser = "~0.6.0"
 tls-parser = "~0.9.4"
diff --git a/rust/src/ntp/ntp.rs b/rust/src/ntp/ntp.rs
index 51011b4545..ee28ac6ce5 100644
--- a/rust/src/ntp/ntp.rs
+++ b/rust/src/ntp/ntp.rs
@@ -25,7 +25,7 @@ use crate::applayer::{self, *};
 use std;
 use std::ffi::CString;
 
-use nom;
+use nom7::Err;
 
 #[derive(AppLayerEvent)]
 pub enum NTPEvent {
@@ -87,15 +87,19 @@ impl NTPState {
         match parse_ntp(i) {
             Ok((_,ref msg)) => {
                 // SCLogDebug!("parse_ntp: {:?}",msg);
-                if msg.mode == NtpMode::SymmetricActive || msg.mode == NtpMode::Client {
+                let (mode, ref_id) = match msg {
+                    NtpPacket::V3(pkt) => (pkt.mode, pkt.ref_id),
+                    NtpPacket::V4(pkt) => (pkt.mode, pkt.ref_id),
+                };
+                if mode == NtpMode::SymmetricActive || mode == NtpMode::Client {
                     let mut tx = self.new_tx();
                     // use the reference id as identifier
-                    tx.xid = msg.ref_id;
+                    tx.xid = ref_id;
                     self.transactions.push(tx);
                 }
                 0
             },
-            Err(nom::Err::Incomplete(_)) => {
+            Err(Err::Incomplete(_)) => {
                 SCLogDebug!("Insufficient data while parsing NTP data");
                 self.set_event(NTPEvent::MalformedData);
                 -1
@@ -241,14 +245,11 @@ pub extern "C" fn ntp_probing_parser(_flow: *const Flow,
     let slice: &[u8] = unsafe { std::slice::from_raw_parts(input as *mut u8, input_len as usize) };
     let alproto = unsafe{ ALPROTO_NTP };
     match parse_ntp(slice) {
-        Ok((_, ref msg)) => {
-            if msg.version == 3 || msg.version == 4 {
-                return alproto;
-            } else {
-                return unsafe{ALPROTO_FAILED};
-            }
+        Ok((_, _)) => {
+            // parse_ntp already checks for supported version (3 or 4)
+            return alproto;
         },
-        Err(nom::Err::Incomplete(_)) => {
+        Err(Err::Incomplete(_)) => {
             return ALPROTO_UNKNOWN;
         },
         Err(_) => {