Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rust/app-layer: derive functions for app-layer events - v10 #6318

Closed
wants to merge 18 commits into from
Closed
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
ntp: use derived app-layer event
jasonish committed Aug 30, 2021

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit 8e2416545b6a06e537234460724729ca5774abd4
66 changes: 5 additions & 61 deletions rust/src/ntp/ntp.rs
Original file line number Diff line number Diff line change
@@ -23,30 +23,18 @@ use crate::core;
use crate::core::{AppProto,Flow,ALPROTO_UNKNOWN,ALPROTO_FAILED};
use crate::applayer::{self, *};
use std;
use std::ffi::{CStr,CString};
use std::ffi::CString;

use nom;

#[repr(u32)]
#[derive(AppLayerEvent)]
pub enum NTPEvent {
UnsolicitedResponse = 0,
UnsolicitedResponse ,
MalformedData,
NotRequest,
NotResponse,
}

impl NTPEvent {
fn from_i32(value: i32) -> Option<NTPEvent> {
match value {
0 => Some(NTPEvent::UnsolicitedResponse),
1 => Some(NTPEvent::MalformedData),
2 => Some(NTPEvent::NotRequest),
3 => Some(NTPEvent::NotResponse),
_ => None,
}
}
}

pub struct NTPState {
/// List of transactions for this session
transactions: Vec<NTPTransaction>,
@@ -279,27 +267,6 @@ pub unsafe extern "C" fn rs_ntp_state_get_tx_detect_state(
}
}

#[no_mangle]
pub unsafe extern "C" fn rs_ntp_state_get_event_info_by_id(event_id: std::os::raw::c_int,
event_name: *mut *const std::os::raw::c_char,
event_type: *mut core::AppLayerEventType)
-> i8
{
if let Some(e) = NTPEvent::from_i32(event_id as i32) {
let estr = match e {
NTPEvent::UnsolicitedResponse => { "unsolicited_response\0" },
NTPEvent::MalformedData => { "malformed_data\0" },
NTPEvent::NotRequest => { "not_request\0" },
NTPEvent::NotResponse => { "not_response\0" },
};
*event_name = estr.as_ptr() as *const std::os::raw::c_char;
*event_type = core::APP_LAYER_EVENT_TYPE_TRANSACTION;
0
} else {
-1
}
}

#[no_mangle]
pub unsafe extern "C" fn rs_ntp_state_get_events(tx: *mut std::os::raw::c_void)
-> *mut core::AppLayerDecoderEvents
@@ -308,29 +275,6 @@ pub unsafe extern "C" fn rs_ntp_state_get_events(tx: *mut std::os::raw::c_void)
return tx.events;
}

#[no_mangle]
pub unsafe extern "C" fn rs_ntp_state_get_event_info(event_name: *const std::os::raw::c_char,
event_id: *mut std::os::raw::c_int,
event_type: *mut core::AppLayerEventType)
-> std::os::raw::c_int
{
if event_name == std::ptr::null() { return -1; }
let c_event_name: &CStr = CStr::from_ptr(event_name);
let event = match c_event_name.to_str() {
Ok(s) => {
match s {
"malformed_data" => NTPEvent::MalformedData as i32,
_ => -1, // unknown event
}
},
Err(_) => -1, // UTF-8 conversion failed
};
*event_type = core::APP_LAYER_EVENT_TYPE_TRANSACTION;
*event_id = event as std::os::raw::c_int;
0
}


static mut ALPROTO_NTP : AppProto = ALPROTO_UNKNOWN;

#[no_mangle]
@@ -386,8 +330,8 @@ pub unsafe extern "C" fn rs_register_ntp_parser() {
get_de_state : rs_ntp_state_get_tx_detect_state,
set_de_state : rs_ntp_state_set_tx_detect_state,
get_events : Some(rs_ntp_state_get_events),
get_eventinfo : Some(rs_ntp_state_get_event_info),
get_eventinfo_byid : Some(rs_ntp_state_get_event_info_by_id),
get_eventinfo : Some(NTPEvent::get_event_info),
get_eventinfo_byid : Some(NTPEvent::get_event_info_by_id),
localstorage_new : None,
localstorage_free : None,
get_files : None,