mqtt: raise event on parse error

pull/7223/head
Sascha Steinbiss 3 years ago committed by Victor Julien
parent 5618273ef4
commit 1ba62993d5

@ -14,3 +14,4 @@ alert mqtt any any -> any any (msg:"SURICATA MQTT invalid QOS level"; app-layer-
alert mqtt any any -> any any (msg:"SURICATA MQTT missing message ID"; app-layer-event:mqtt.missing_msg_id; classtype:protocol-command-decode; sid:2229007; rev:1;)
alert mqtt any any -> any any (msg:"SURICATA MQTT unassigned message type (0 or >15)"; app-layer-event:mqtt.unassigned_msg_type; classtype:protocol-command-decode; sid:2229008; rev:1;)
alert mqtt any any -> any any (msg:"SURICATA MQTT too many transactions"; app-layer-event:mqtt.too_many_transactions; classtype:protocol-command-decode; sid:2229009; rev:1;)
alert mqtt any any -> any any (msg:"SURICATA MQTT malformed traffic"; app-layer-event:mqtt.malformed_traffic; classtype:protocol-command-decode; sid:2229010; rev:1;)

@ -52,6 +52,7 @@ pub enum MQTTEvent {
MissingMsgId,
UnassignedMsgType,
TooManyTransactions,
MalformedTraffic,
}
#[derive(Debug)]
@ -69,7 +70,13 @@ pub struct MQTTTransaction {
impl MQTTTransaction {
pub fn new(msg: MQTTMessage) -> MQTTTransaction {
let mut m = MQTTTransaction {
let mut m = MQTTTransaction::new_empty();
m.msg.push(msg);
return m;
}
pub fn new_empty() -> MQTTTransaction {
return MQTTTransaction {
tx_id: 0,
pkt_id: None,
complete: false,
@ -79,8 +86,6 @@ impl MQTTTransaction {
toserver: false,
tx_data: applayer::AppLayerTxData::new(),
};
m.msg.push(msg);
return m;
}
}
@ -457,6 +462,7 @@ impl MQTTState {
return AppLayerResult::incomplete(consumed as u32, (current.len() + 1) as u32);
}
Err(_) => {
self.set_event_notx(MQTTEvent::MalformedTraffic, false);
return AppLayerResult::err();
}
}
@ -514,6 +520,7 @@ impl MQTTState {
return AppLayerResult::incomplete(consumed as u32, (current.len() + 1) as u32);
}
Err(_) => {
self.set_event_notx(MQTTEvent::MalformedTraffic, true);
return AppLayerResult::err();
}
}
@ -525,6 +532,20 @@ impl MQTTState {
fn set_event(tx: &mut MQTTTransaction, event: MQTTEvent) {
tx.tx_data.set_event(event as u8);
}
fn set_event_notx(&mut self, event: MQTTEvent, toclient: bool) {
let mut tx = MQTTTransaction::new_empty();
self.tx_id += 1;
tx.tx_id = self.tx_id;
if toclient {
tx.toclient = true;
} else {
tx.toserver = true;
}
tx.complete = true;
tx.tx_data.set_event(event as u8);
self.transactions.push(tx);
}
}
// C exports.

Loading…
Cancel
Save