smb: use derived get_event_info/get_event_info_by_id

5 years ago · b9f10ba22f
parent 8eac5fc221
commit b9f10ba22f
2 changed files with 23 additions and 84 deletions
--- a/rust/src/smb/events.rs
+++ b/rust/src/smb/events.rs
@ -18,47 +18,16 @@
 use crate::core::*;
 use crate::smb::smb::*;
-#[repr(u32)]
+#[derive(AppLayerEvent)]
 pub enum SMBEvent {
-    InternalError = 0,
+    InternalError,
-    MalformedData = 1,
+    MalformedData,
-    RecordOverflow = 2,
+    RecordOverflow,
-    MalformedNtlmsspRequest = 3,
+    MalformedNtlmsspRequest,
-    MalformedNtlmsspResponse = 4,
+    MalformedNtlmsspResponse,
-    DuplicateNegotiate = 5,
+    DuplicateNegotiate,
-    NegotiateMalformedDialects = 6,
+    NegotiateMalformedDialects,
-    FileOverlap = 7,
+    FileOverlap,
 }
 impl SMBEvent {
    pub fn from_i32(value: i32) -> Option<SMBEvent> {
        match value {
            0 => Some(SMBEvent::InternalError),
            1 => Some(SMBEvent::MalformedData),
            2 => Some(SMBEvent::RecordOverflow),
            3 => Some(SMBEvent::MalformedNtlmsspRequest),
            4 => Some(SMBEvent::MalformedNtlmsspResponse),
            5 => Some(SMBEvent::DuplicateNegotiate),
            6 => Some(SMBEvent::NegotiateMalformedDialects),
            7 => Some(SMBEvent::FileOverlap),
            _ => None,
        }
    }
 }
 pub fn smb_str_to_event(instr: &str) -> i32 {
    SCLogDebug!("checking {}", instr);
    match instr {
        "internal_error"                => SMBEvent::InternalError as i32,
        "malformed_data"                => SMBEvent::MalformedData as i32,
        "record_overflow"               => SMBEvent::RecordOverflow as i32,
        "malformed_ntlmssp_request"     => SMBEvent::MalformedNtlmsspRequest as i32,
        "malformed_ntlmssp_response"    => SMBEvent::MalformedNtlmsspResponse as i32,
        "duplicate_negotiate"           => SMBEvent::DuplicateNegotiate as i32,
        "negotiate_malformed_dialects"  => SMBEvent::NegotiateMalformedDialects as i32,
        "file_overlap"                  => SMBEvent::FileOverlap as i32,
        _ => -1,
    }
 }
 impl SMBTransaction {
--- a/rust/src/smb/smb.rs
+++ b/rust/src/smb/smb.rs
@ -27,7 +27,7 @@
 use std;
 use std::str;
-use std::ffi::{self, CStr, CString};
+use std::ffi::{self, CString};
 use std::collections::HashMap;
@ -38,6 +38,7 @@ use crate::applayer;
 use crate::applayer::*;
 use crate::conf::*;
 use crate::filecontainer::*;
 use crate::applayer::{AppLayerResult, AppLayerTxData, AppLayerEvent};
 use crate::smb::nbss_records::*;
 use crate::smb::smb1_records::*;
@ -2137,52 +2138,21 @@ pub unsafe extern "C" fn rs_smb_state_get_events(tx: *mut std::os::raw::c_void)
 }
 #[no_mangle]
-pub unsafe extern "C" fn rs_smb_state_get_event_info_by_id(event_id: std::os::raw::c_int,
+pub unsafe extern "C" fn rs_smb_state_get_event_info_by_id(
-                                              event_name: *mut *const std::os::raw::c_char,
+    event_id: std::os::raw::c_int,
-                                              event_type: *mut AppLayerEventType)
+    event_name: *mut *const std::os::raw::c_char,
-                                              -> i8
+    event_type: *mut AppLayerEventType,
-{
+) -> i8 {
-    if let Some(e) = SMBEvent::from_i32(event_id as i32) {
+    SMBEvent::get_event_info_by_id(event_id, event_name, event_type)
        let estr = match e {
            SMBEvent::InternalError => { "internal_error\0" },
            SMBEvent::MalformedData => { "malformed_data\0" },
            SMBEvent::RecordOverflow => { "record_overflow\0" },
            SMBEvent::MalformedNtlmsspRequest => { "malformed_ntlmssp_request\0" },
            SMBEvent::MalformedNtlmsspResponse => { "malformed_ntlmssp_response\0" },
            SMBEvent::DuplicateNegotiate => { "duplicate_negotiate\0" },
            SMBEvent::NegotiateMalformedDialects => { "netogiate_malformed_dialects\0" },
            SMBEvent::FileOverlap => { "file_overlap\0" },
        };
        *event_name = estr.as_ptr() as *const std::os::raw::c_char;
        *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
        0
    } else {
        -1
    }
 }
 #[no_mangle]
-pub unsafe extern "C" fn rs_smb_state_get_event_info(event_name: *const std::os::raw::c_char,
+pub unsafe extern "C" fn rs_smb_state_get_event_info(
-                                              event_id: *mut std::os::raw::c_int,
+    event_name: *const std::os::raw::c_char,
-                                              event_type: *mut AppLayerEventType)
+    event_id: *mut std::os::raw::c_int,
-                                              -> i32
+    event_type: *mut AppLayerEventType,
-{
+) -> std::os::raw::c_int {
-    if event_name == std::ptr::null() {
+    SMBEvent::get_event_info(event_name, event_id, event_type)
        return -1;
    }
    let c_event_name: &CStr = CStr::from_ptr(event_name);
    let event = match c_event_name.to_str() {
        Ok(s) => {
            smb_str_to_event(s)
        },
        Err(_) => -1, // UTF-8 conversion failed
    };
    *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION;
    *event_id = event as std::os::raw::c_int;
    if event == -1 {
        return -1;
    }
    0
 }
 pub unsafe extern "C" fn smb3_probe_tcp(f: *const Flow, dir: u8, input: *const u8, len: u32, rdir: *mut u8) -> u16 {