From bb094b17dbec2a22070f6ed0994b23934ca50852 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Wed, 18 Nov 2020 16:01:04 -0600 Subject: [PATCH] ssh: use derived app-layer event --- rust/src/ssh/ssh.rs | 68 ++++----------------------------------------- 1 file changed, 5 insertions(+), 63 deletions(-) diff --git a/rust/src/ssh/ssh.rs b/rust/src/ssh/ssh.rs index 0ebad5cb10..23e74a4dbd 100644 --- a/rust/src/ssh/ssh.rs +++ b/rust/src/ssh/ssh.rs @@ -19,7 +19,7 @@ use super::parser; use crate::applayer::*; use crate::core::STREAM_TOSERVER; use crate::core::{self, AppProto, Flow, ALPROTO_UNKNOWN, IPPROTO_TCP}; -use std::ffi::{CStr, CString}; +use std::ffi::CString; use std::sync::atomic::{AtomicBool, Ordering}; static mut ALPROTO_SSH: AppProto = ALPROTO_UNKNOWN; @@ -29,26 +29,14 @@ fn hassh_is_enabled() -> bool { HASSH_ENABLED.load(Ordering::Relaxed) } -#[repr(u32)] +#[derive(AppLayerEvent)] pub enum SSHEvent { - InvalidBanner = 0, + InvalidBanner, LongBanner, InvalidRecord, LongKexRecord, } -impl SSHEvent { - fn from_i32(value: i32) -> Option { - match value { - 0 => Some(SSHEvent::InvalidBanner), - 1 => Some(SSHEvent::LongBanner), - 2 => Some(SSHEvent::InvalidRecord), - 3 => Some(SSHEvent::LongKexRecord), - _ => None, - } - } -} - #[repr(u8)] #[derive(Copy, Clone, PartialOrd, PartialEq)] pub enum SSHConnectionState { @@ -376,52 +364,6 @@ pub unsafe extern "C" fn rs_ssh_state_get_events( return tx.events; } -#[no_mangle] -pub unsafe extern "C" fn rs_ssh_state_get_event_info( - event_name: *const std::os::raw::c_char, event_id: *mut std::os::raw::c_int, - event_type: *mut core::AppLayerEventType, -) -> std::os::raw::c_int { - if event_name == std::ptr::null() { - return -1; - } - let c_event_name: &CStr = CStr::from_ptr(event_name); - let event = match c_event_name.to_str() { - Ok(s) => { - match s { - "invalid_banner" => SSHEvent::InvalidBanner as i32, - "long_banner" => SSHEvent::LongBanner as i32, - "invalid_record" => SSHEvent::InvalidRecord as i32, - "long_kex_record" => SSHEvent::LongKexRecord as i32, - _ => -1, // unknown event - } - } - Err(_) => -1, // UTF-8 conversion failed - }; - *event_type = core::APP_LAYER_EVENT_TYPE_TRANSACTION; - *event_id = event as std::os::raw::c_int; - 0 -} - -#[no_mangle] -pub unsafe extern "C" fn rs_ssh_state_get_event_info_by_id( - event_id: std::os::raw::c_int, event_name: *mut *const std::os::raw::c_char, - event_type: *mut core::AppLayerEventType, -) -> i8 { - if let Some(e) = SSHEvent::from_i32(event_id as i32) { - let estr = match e { - SSHEvent::InvalidBanner => "invalid_banner\0", - SSHEvent::LongBanner => "long_banner\0", - SSHEvent::InvalidRecord => "invalid_record\0", - SSHEvent::LongKexRecord => "long_kex_record\0", - }; - *event_name = estr.as_ptr() as *const std::os::raw::c_char; - *event_type = core::APP_LAYER_EVENT_TYPE_TRANSACTION; - 0 - } else { - -1 - } -} - #[no_mangle] pub extern "C" fn rs_ssh_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void { let state = SSHState::new(); @@ -547,8 +489,8 @@ pub unsafe extern "C" fn rs_ssh_register_parser() { get_de_state: rs_ssh_tx_get_detect_state, set_de_state: rs_ssh_tx_set_detect_state, get_events: Some(rs_ssh_state_get_events), - get_eventinfo: Some(rs_ssh_state_get_event_info), - get_eventinfo_byid: Some(rs_ssh_state_get_event_info_by_id), + get_eventinfo: Some(SSHEvent::get_event_info), + get_eventinfo_byid: Some(SSHEvent::get_event_info_by_id), localstorage_new: None, localstorage_free: None, get_files: None,