diff --git a/rust/gen-c-headers.py b/rust/gen-c-headers.py index 8abf3c3299..fe96e3fd2f 100755 --- a/rust/gen-c-headers.py +++ b/rust/gen-c-headers.py @@ -75,8 +75,8 @@ type_map = { "Flow": "Flow", "DNSState": "RSDNSState", "DNSTransaction": "RSDNSTransaction", - "NFS3State": "NFS3State", - "NFS3Transaction": "NFS3Transaction", + "NFSState": "NFSState", + "NFSTransaction": "NFSTransaction", "JsonT": "json_t", "DetectEngineState": "DetectEngineState", "core::DetectEngineState": "DetectEngineState", diff --git a/rust/src/nfs/log.rs b/rust/src/nfs/log.rs index 28e5a9249f..2daef3a87a 100644 --- a/rust/src/nfs/log.rs +++ b/rust/src/nfs/log.rs @@ -19,12 +19,11 @@ extern crate libc; use std::string::String; use json::*; -//use log::*; use nfs::types::*; -use nfs::nfs3::*; +use nfs::nfs::*; #[no_mangle] -pub extern "C" fn rs_nfs3_tx_logging_is_filtered(tx: &mut NFS3Transaction) +pub extern "C" fn rs_nfs_tx_logging_is_filtered(tx: &mut NFSTransaction) -> libc::uint8_t { // TODO probably best to make this configurable @@ -36,14 +35,14 @@ pub extern "C" fn rs_nfs3_tx_logging_is_filtered(tx: &mut NFS3Transaction) return 0; } -fn nfs3_rename_object(tx: &NFS3Transaction) -> Json +fn nfs_rename_object(tx: &NFSTransaction) -> Json { let js = Json::object(); let from_str = String::from_utf8_lossy(&tx.file_name); js.set_string("from", &from_str); let to_vec = match tx.type_data { - Some(NFS3TransactionTypeData::RENAME(ref x)) => { x.to_vec() }, + Some(NFSTransactionTypeData::RENAME(ref x)) => { x.to_vec() }, _ => { Vec::new() } }; @@ -52,7 +51,7 @@ fn nfs3_rename_object(tx: &NFS3Transaction) -> Json return js; } -fn nfs3_creds_object(tx: &NFS3Transaction) -> Json +fn nfs_creds_object(tx: &NFSTransaction) -> Json { let js = Json::object(); let mach_name = String::from_utf8_lossy(&tx.request_machine_name); @@ -62,14 +61,14 @@ fn nfs3_creds_object(tx: &NFS3Transaction) -> Json return js; } -fn nfs3_file_object(tx: &NFS3Transaction) -> Json +fn nfs_file_object(tx: &NFSTransaction) -> Json { let js = Json::object(); js.set_boolean("first", tx.is_first); js.set_boolean("last", tx.is_last); let ref tdf = match tx.type_data { - Some(NFS3TransactionTypeData::FILE(ref x)) => x, + Some(NFSTransactionTypeData::FILE(ref x)) => x, _ => { panic!("BUG") }, }; @@ -77,7 +76,7 @@ fn nfs3_file_object(tx: &NFS3Transaction) -> Json return js; } -fn nfs3_common_header(tx: &NFS3Transaction) -> Json +fn nfs_common_header(tx: &NFSTransaction) -> Json { let js = Json::object(); js.set_string("procedure", &nfs3_procedure_string(tx.procedure)); @@ -89,29 +88,29 @@ fn nfs3_common_header(tx: &NFS3Transaction) -> Json } #[no_mangle] -pub extern "C" fn rs_nfs3_log_json_request(tx: &mut NFS3Transaction) -> *mut JsonT +pub extern "C" fn rs_nfs_log_json_request(tx: &mut NFSTransaction) -> *mut JsonT { - let js = nfs3_common_header(tx); + let js = nfs_common_header(tx); js.set_string("type", "request"); return js.unwrap(); } #[no_mangle] -pub extern "C" fn rs_nfs3_log_json_response(tx: &mut NFS3Transaction) -> *mut JsonT +pub extern "C" fn rs_nfs_log_json_response(tx: &mut NFSTransaction) -> *mut JsonT { - let js = nfs3_common_header(tx); + let js = nfs_common_header(tx); js.set_string("type", "response"); js.set_string("status", &nfs3_status_string(tx.nfs_response_status)); if tx.procedure == NFSPROC3_READ { - let read_js = nfs3_file_object(tx); + let read_js = nfs_file_object(tx); js.set("read", read_js); } else if tx.procedure == NFSPROC3_WRITE { - let write_js = nfs3_file_object(tx); + let write_js = nfs_file_object(tx); js.set("write", write_js); } else if tx.procedure == NFSPROC3_RENAME { - let rename_js = nfs3_rename_object(tx); + let rename_js = nfs_rename_object(tx); js.set("rename", rename_js); } @@ -120,14 +119,14 @@ pub extern "C" fn rs_nfs3_log_json_response(tx: &mut NFS3Transaction) -> *mut Js #[no_mangle] -pub extern "C" fn rs_rpc_log_json_response(tx: &mut NFS3Transaction) -> *mut JsonT +pub extern "C" fn rs_rpc_log_json_response(tx: &mut NFSTransaction) -> *mut JsonT { let js = Json::object(); js.set_integer("xid", tx.xid as u64); js.set_string("status", &rpc_status_string(tx.rpc_response_status)); js.set_string("auth_type", &rpc_auth_type_string(tx.auth_type)); if tx.auth_type == RPCAUTH_UNIX { - let creds_js = nfs3_creds_object(tx); + let creds_js = nfs_creds_object(tx); js.set("creds", creds_js); } diff --git a/rust/src/nfs/mod.rs b/rust/src/nfs/mod.rs index 0a03505aec..b9b7970836 100644 --- a/rust/src/nfs/mod.rs +++ b/rust/src/nfs/mod.rs @@ -20,7 +20,7 @@ pub mod rpc_records; pub mod nfs_records; pub mod nfs2_records; pub mod nfs3_records; -pub mod nfs3; +pub mod nfs; pub mod log; //#[cfg(feature = "lua")] diff --git a/rust/src/nfs/nfs3.rs b/rust/src/nfs/nfs.rs similarity index 93% rename from rust/src/nfs/nfs3.rs rename to rust/src/nfs/nfs.rs index 39af946729..107ef25058 100644 --- a/rust/src/nfs/nfs3.rs +++ b/rust/src/nfs/nfs.rs @@ -65,7 +65,7 @@ pub static mut suricata_nfs3_file_config: Option<&'static SuricataFileContext> = * if a client did a file listing (e.g. READDIRPLUS) and would READ the * file afterwards, the name will only appear in the READDIRPLUS answer. * To be able to log the names we store a mapping between file handles - * and file names in NFS3State::namemap. + * and file names in NFSState::namemap. * * Mapping NFS to Suricata's transaction model. * @@ -89,18 +89,18 @@ pub static mut suricata_nfs3_file_config: Option<&'static SuricataFileContext> = * File tracking * * Files are tracked per 'FileTransferTracker' and are stored in the - * NFS3Transaction where they can be looked up per handle as part of the + * NFSTransaction where they can be looked up per handle as part of the * Transaction lookup. */ #[derive(Debug)] -pub enum NFS3TransactionTypeData { +pub enum NFSTransactionTypeData { RENAME(Vec), - FILE(NFS3TransactionFile), + FILE(NFSTransactionFile), } #[derive(Debug)] -pub struct NFS3TransactionFile { +pub struct NFSTransactionFile { /// additional procedures part of a single file transfer. Currently /// only COMMIT on WRITEs. pub file_additional_procs: Vec, @@ -113,9 +113,9 @@ pub struct NFS3TransactionFile { pub file_tracker: FileTransferTracker, } -impl NFS3TransactionFile { - pub fn new() -> NFS3TransactionFile { - return NFS3TransactionFile { +impl NFSTransactionFile { + pub fn new() -> NFSTransactionFile { + return NFSTransactionFile { file_additional_procs: Vec::new(), file_last_xid: 0, file_tracker: FileTransferTracker::new(), @@ -124,7 +124,7 @@ impl NFS3TransactionFile { } #[derive(Debug)] -pub struct NFS3Transaction { +pub struct NFSTransaction { pub id: u64, /// internal id pub xid: u32, /// nfs3 req/reply pair id pub procedure: u32, @@ -156,18 +156,18 @@ pub struct NFS3Transaction { pub file_handle: Vec, /// Procedure type specific data - /// TODO see if this can be an Option>. Initial + /// TODO see if this can be an Option>. Initial /// attempt failed. - pub type_data: Option, + pub type_data: Option, pub logged: LoggerFlags, pub de_state: Option<*mut DetectEngineState>, pub events: *mut AppLayerDecoderEvents, } -impl NFS3Transaction { - pub fn new() -> NFS3Transaction { - return NFS3Transaction{ +impl NFSTransaction { + pub fn new() -> NFSTransaction { + return NFSTransaction{ id: 0, xid: 0, procedure: 0, @@ -200,7 +200,7 @@ impl NFS3Transaction { } #[derive(Debug)] -pub struct NFS3RequestXidMap { +pub struct NFSRequestXidMap { progver: u32, procedure: u32, chunk_offset: u64, @@ -210,9 +210,9 @@ pub struct NFS3RequestXidMap { file_handle:Vec, } -impl NFS3RequestXidMap { - pub fn new(progver: u32, procedure: u32, chunk_offset: u64) -> NFS3RequestXidMap { - NFS3RequestXidMap { +impl NFSRequestXidMap { + pub fn new(progver: u32, procedure: u32, chunk_offset: u64) -> NFSRequestXidMap { + NFSRequestXidMap { progver:progver, procedure:procedure, chunk_offset:chunk_offset, @@ -223,16 +223,16 @@ impl NFS3RequestXidMap { } #[derive(Debug)] -pub struct NFS3Files { +pub struct NFSFiles { pub files_ts: FileContainer, pub files_tc: FileContainer, pub flags_ts: u16, pub flags_tc: u16, } -impl NFS3Files { - pub fn new() -> NFS3Files { - NFS3Files { +impl NFSFiles { + pub fn new() -> NFSFiles { + NFSFiles { files_ts:FileContainer::default(), files_tc:FileContainer::default(), flags_ts:0, @@ -268,21 +268,21 @@ fn filetracker_newchunk(ft: &mut FileTransferTracker, files: &mut FileContainer, } #[derive(Debug)] -pub struct NFS3State { +pub struct NFSState { /// map xid to procedure so replies can lookup the procedure - pub requestmap: HashMap, + pub requestmap: HashMap, /// map file handle (1) to name (2) pub namemap: HashMap, Vec>, /// transactions list - pub transactions: Vec, + pub transactions: Vec, /// TCP segments defragmentation buffer pub tcp_buffer_ts: Vec, pub tcp_buffer_tc: Vec, - pub files: NFS3Files, + pub files: NFSFiles, /// partial record tracking ts_chunk_xid: u32, @@ -310,16 +310,16 @@ pub struct NFS3State { //pub tc_txs_updated: bool, } -impl NFS3State { +impl NFSState { /// Allocation function for a new TLS parser instance - pub fn new() -> NFS3State { - NFS3State { + pub fn new() -> NFSState { + NFSState { requestmap:HashMap::new(), namemap:HashMap::new(), transactions: Vec::new(), tcp_buffer_ts:Vec::with_capacity(8192), tcp_buffer_tc:Vec::with_capacity(8192), - files:NFS3Files::new(), + files:NFSFiles::new(), ts_chunk_xid:0, tc_chunk_xid:0, ts_chunk_left:0, @@ -339,8 +339,8 @@ impl NFS3State { self.files.free(); } - pub fn new_tx(&mut self) -> NFS3Transaction { - let mut tx = NFS3Transaction::new(); + pub fn new_tx(&mut self) -> NFSTransaction { + let mut tx = NFSTransaction::new(); self.tx_id += 1; tx.id = self.tx_id; return tx; @@ -376,27 +376,27 @@ impl NFS3State { } } - pub fn get_tx_by_id(&mut self, tx_id: u64) -> Option<&NFS3Transaction> { + pub fn get_tx_by_id(&mut self, tx_id: u64) -> Option<&NFSTransaction> { SCLogDebug!("get_tx_by_id: tx_id={}", tx_id); for tx in &mut self.transactions { if tx.id == tx_id + 1 { - SCLogDebug!("Found NFS3 TX with ID {}", tx_id); + SCLogDebug!("Found NFS TX with ID {}", tx_id); return Some(tx); } } - SCLogDebug!("Failed to find NFS3 TX with ID {}", tx_id); + SCLogDebug!("Failed to find NFS TX with ID {}", tx_id); return None; } - pub fn get_tx_by_xid(&mut self, tx_xid: u32) -> Option<&mut NFS3Transaction> { + pub fn get_tx_by_xid(&mut self, tx_xid: u32) -> Option<&mut NFSTransaction> { SCLogDebug!("get_tx_by_xid: tx_xid={}", tx_xid); for tx in &mut self.transactions { if !tx.is_file_tx && tx.xid == tx_xid { - SCLogDebug!("Found NFS3 TX with ID {} XID {}", tx.id, tx.xid); + SCLogDebug!("Found NFS TX with ID {} XID {}", tx.id, tx.xid); return Some(tx); } } - SCLogDebug!("Failed to find NFS3 TX with XID {}", tx_xid); + SCLogDebug!("Failed to find NFS TX with XID {}", tx_xid); return None; } @@ -420,7 +420,7 @@ impl NFS3State { //self.tc_txs_updated = true; } - fn process_request_record_lookup<'b>(&mut self, r: &RpcPacket<'b>, xidmap: &mut NFS3RequestXidMap) { + fn process_request_record_lookup<'b>(&mut self, r: &RpcPacket<'b>, xidmap: &mut NFSRequestXidMap) { match parse_nfs3_request_lookup(r.prog_data) { IResult::Done(_, lookup) => { SCLogDebug!("LOOKUP {:?}", lookup); @@ -431,7 +431,7 @@ impl NFS3State { }; } - fn xidmap_handle2name(&mut self, xidmap: &mut NFS3RequestXidMap) { + fn xidmap_handle2name(&mut self, xidmap: &mut NFSRequestXidMap) { match self.namemap.get(&xidmap.file_handle) { Some(n) => { SCLogDebug!("xidmap_handle2name: name {:?}", n); @@ -449,7 +449,7 @@ impl NFS3State { SCLogDebug!("REQUEST {} procedure {} ({}) blob size {}", r.hdr.xid, r.procedure, self.requestmap.len(), r.prog_data.len()); - let mut xidmap = NFS3RequestXidMap::new(r.progver, r.procedure, 0); + let mut xidmap = NFSRequestXidMap::new(r.progver, r.procedure, 0); let mut aux_file_name = Vec::new(); if r.procedure == NFSPROC3_LOOKUP { @@ -557,7 +557,7 @@ impl NFS3State { match self.get_file_tx_by_handle(&file_handle, STREAM_TOSERVER) { Some((tx, files, flags)) => { let tdf = match tx.type_data { - Some(NFS3TransactionTypeData::FILE(ref mut d)) => d, + Some(NFSTransactionTypeData::FILE(ref mut d)) => d, _ => panic!("BUG"), }; tdf.file_additional_procs.push(NFSPROC3_COMMIT); @@ -586,7 +586,7 @@ impl NFS3State { //self.ts_txs_updated = true; if r.procedure == NFSPROC3_RENAME { - tx.type_data = Some(NFS3TransactionTypeData::RENAME(aux_file_name)); + tx.type_data = Some(NFSTransactionTypeData::RENAME(aux_file_name)); } tx.auth_type = r.creds_flavor; @@ -635,7 +635,7 @@ impl NFS3State { SCLogDebug!("NFSv2 REQUEST {} procedure {} ({}) blob size {}", r.hdr.xid, r.procedure, self.requestmap.len(), r.prog_data.len()); - let mut xidmap = NFS3RequestXidMap::new(r.progver, r.procedure, 0); + let mut xidmap = NFSRequestXidMap::new(r.progver, r.procedure, 0); let aux_file_name = Vec::new(); if r.procedure == NFSPROC3_LOOKUP { @@ -671,7 +671,7 @@ impl NFS3State { //self.ts_txs_updated = true; if r.procedure == NFSPROC3_RENAME { - tx.type_data = Some(NFS3TransactionTypeData::RENAME(aux_file_name)); + tx.type_data = Some(NFSTransactionTypeData::RENAME(aux_file_name)); } tx.auth_type = r.creds_flavor; @@ -694,7 +694,7 @@ impl NFS3State { } fn new_file_tx(&mut self, file_handle: &Vec, file_name: &Vec, direction: u8) - -> (&mut NFS3Transaction, &mut FileContainer, u16) + -> (&mut NFSTransaction, &mut FileContainer, u16) { let mut tx = self.new_tx(); tx.file_name = file_name.to_vec(); @@ -702,9 +702,9 @@ impl NFS3State { tx.is_file_tx = true; tx.file_tx_direction = direction; - tx.type_data = Some(NFS3TransactionTypeData::FILE(NFS3TransactionFile::new())); + tx.type_data = Some(NFSTransactionTypeData::FILE(NFSTransactionFile::new())); match tx.type_data { - Some(NFS3TransactionTypeData::FILE(ref mut d)) => { + Some(NFSTransactionTypeData::FILE(ref mut d)) => { d.file_tracker.tx_id = tx.id; }, _ => { }, @@ -718,7 +718,7 @@ impl NFS3State { } fn get_file_tx_by_handle(&mut self, file_handle: &Vec, direction: u8) - -> Option<(&mut NFS3Transaction, &mut FileContainer, u16)> + -> Option<(&mut NFSTransaction, &mut FileContainer, u16)> { let fh = file_handle.to_vec(); for tx in &mut self.transactions { @@ -726,12 +726,12 @@ impl NFS3State { direction == tx.file_tx_direction && tx.file_handle == fh { - SCLogDebug!("Found NFS3 file TX with ID {} XID {}", tx.id, tx.xid); + SCLogDebug!("Found NFS file TX with ID {} XID {}", tx.id, tx.xid); let (files, flags) = self.files.get(direction); return Some((tx, files, flags)); } } - SCLogDebug!("Failed to find NFS3 TX with handle {:?}", file_handle); + SCLogDebug!("Failed to find NFS TX with handle {:?}", file_handle); return None; } @@ -760,7 +760,7 @@ impl NFS3State { let found = match self.get_file_tx_by_handle(&file_handle, STREAM_TOSERVER) { Some((tx, files, flags)) => { let ref mut tdf = match tx.type_data { - Some(NFS3TransactionTypeData::FILE(ref mut x)) => x, + Some(NFSTransactionTypeData::FILE(ref mut x)) => x, _ => { panic!("BUG") }, }; filetracker_newchunk(&mut tdf.file_tracker, files, flags, @@ -778,7 +778,7 @@ impl NFS3State { if !found { let (tx, files, flags) = self.new_file_tx(&file_handle, &file_name, STREAM_TOSERVER); let ref mut tdf = match tx.type_data { - Some(NFS3TransactionTypeData::FILE(ref mut x)) => x, + Some(NFSTransactionTypeData::FILE(ref mut x)) => x, _ => { panic!("BUG") }, }; filetracker_newchunk(&mut tdf.file_tracker, files, flags, @@ -808,14 +808,14 @@ impl NFS3State { panic!("call me for procedure WRITE *only*"); } - let mut xidmap = NFS3RequestXidMap::new(r.progver, r.procedure, 0); + let mut xidmap = NFSRequestXidMap::new(r.progver, r.procedure, 0); xidmap.file_handle = w.handle.value.to_vec(); self.requestmap.insert(r.hdr.xid, xidmap); return self.process_write_record(r, w); } - fn process_reply_record_v3<'b>(&mut self, r: &RpcReplyPacket<'b>, xidmap: &mut NFS3RequestXidMap) -> u32 { + fn process_reply_record_v3<'b>(&mut self, r: &RpcReplyPacket<'b>, xidmap: &mut NFSRequestXidMap) -> u32 { let nfs_status; if xidmap.procedure == NFSPROC3_LOOKUP { @@ -921,7 +921,7 @@ impl NFS3State { 0 } - fn process_reply_record_v2<'b>(&mut self, r: &RpcReplyPacket<'b>, xidmap: &NFS3RequestXidMap) -> u32 { + fn process_reply_record_v2<'b>(&mut self, r: &RpcReplyPacket<'b>, xidmap: &NFSRequestXidMap) -> u32 { let nfs_status; if xidmap.procedure == NFSPROC3_READ { @@ -1053,7 +1053,7 @@ impl NFS3State { let consumed = match self.get_file_tx_by_handle(&file_handle, direction) { Some((tx, files, flags)) => { let ref mut tdf = match tx.type_data { - Some(NFS3TransactionTypeData::FILE(ref mut x)) => x, + Some(NFSTransactionTypeData::FILE(ref mut x)) => x, _ => { panic!("BUG") }, }; if ssn_gap { @@ -1075,7 +1075,7 @@ impl NFS3State { /// xidmapr is an Option as it's already removed from the map if we /// have a complete record. Otherwise we do a lookup ourselves. fn process_read_record<'b>(&mut self, r: &RpcReplyPacket<'b>, - reply: &NfsReplyRead<'b>, xidmapr: Option<&NFS3RequestXidMap>) -> u32 + reply: &NfsReplyRead<'b>, xidmapr: Option<&NFSRequestXidMap>) -> u32 { let file_name; let file_handle; @@ -1129,7 +1129,7 @@ impl NFS3State { let found = match self.get_file_tx_by_handle(&file_handle, STREAM_TOCLIENT) { Some((tx, files, flags)) => { let ref mut tdf = match tx.type_data { - Some(NFS3TransactionTypeData::FILE(ref mut x)) => x, + Some(NFSTransactionTypeData::FILE(ref mut x)) => x, _ => { panic!("BUG") }, }; filetracker_newchunk(&mut tdf.file_tracker, files, flags, @@ -1149,7 +1149,7 @@ impl NFS3State { if !found { let (tx, files, flags) = self.new_file_tx(&file_handle, &file_name, STREAM_TOCLIENT); let ref mut tdf = match tx.type_data { - Some(NFS3TransactionTypeData::FILE(ref mut x)) => x, + Some(NFSTransactionTypeData::FILE(ref mut x)) => x, _ => { panic!("BUG") }, }; filetracker_newchunk(&mut tdf.file_tracker, files, flags, @@ -1562,29 +1562,29 @@ impl NFS3State { } } -/// Returns *mut NFS3State +/// Returns *mut NFSState #[no_mangle] pub extern "C" fn rs_nfs3_state_new() -> *mut libc::c_void { - let state = NFS3State::new(); + let state = NFSState::new(); let boxed = Box::new(state); SCLogDebug!("allocating state"); return unsafe{transmute(boxed)}; } /// Params: -/// - state: *mut NFS3State as void pointer +/// - state: *mut NFSState as void pointer #[no_mangle] pub extern "C" fn rs_nfs3_state_free(state: *mut libc::c_void) { // Just unbox... SCLogDebug!("freeing state"); - let mut nfs3_state: Box = unsafe{transmute(state)}; + let mut nfs3_state: Box = unsafe{transmute(state)}; nfs3_state.free(); } /// C binding parse a DNS request. Returns 1 on success, -1 on failure. #[no_mangle] pub extern "C" fn rs_nfs3_parse_request(_flow: *mut Flow, - state: &mut NFS3State, + state: &mut NFSState, _pstate: *mut libc::c_void, input: *mut libc::uint8_t, input_len: libc::uint32_t, @@ -1610,7 +1610,7 @@ pub extern "C" fn rs_nfs3_parse_request(_flow: *mut Flow, #[no_mangle] pub extern "C" fn rs_nfs3_parse_response(_flow: *mut Flow, - state: &mut NFS3State, + state: &mut NFSState, _pstate: *mut libc::c_void, input: *mut libc::uint8_t, input_len: libc::uint32_t, @@ -1637,7 +1637,7 @@ pub extern "C" fn rs_nfs3_parse_response(_flow: *mut Flow, /// C binding parse a DNS request. Returns 1 on success, -1 on failure. #[no_mangle] pub extern "C" fn rs_nfs3_parse_request_udp(_flow: *mut Flow, - state: &mut NFS3State, + state: &mut NFSState, _pstate: *mut libc::c_void, input: *mut libc::uint8_t, input_len: libc::uint32_t, @@ -1656,7 +1656,7 @@ pub extern "C" fn rs_nfs3_parse_request_udp(_flow: *mut Flow, #[no_mangle] pub extern "C" fn rs_nfs3_parse_response_udp(_flow: *mut Flow, - state: &mut NFS3State, + state: &mut NFSState, _pstate: *mut libc::c_void, input: *mut libc::uint8_t, input_len: libc::uint32_t, @@ -1674,7 +1674,7 @@ pub extern "C" fn rs_nfs3_parse_response_udp(_flow: *mut Flow, } #[no_mangle] -pub extern "C" fn rs_nfs3_state_get_tx_count(state: &mut NFS3State) +pub extern "C" fn rs_nfs3_state_get_tx_count(state: &mut NFSState) -> libc::uint64_t { SCLogDebug!("rs_nfs3_state_get_tx_count: returning {}", state.tx_id); @@ -1682,9 +1682,9 @@ pub extern "C" fn rs_nfs3_state_get_tx_count(state: &mut NFS3State) } #[no_mangle] -pub extern "C" fn rs_nfs3_state_get_tx(state: &mut NFS3State, +pub extern "C" fn rs_nfs3_state_get_tx(state: &mut NFSState, tx_id: libc::uint64_t) - -> *mut NFS3Transaction + -> *mut NFSTransaction { match state.get_tx_by_id(tx_id) { Some(tx) => { @@ -1697,7 +1697,7 @@ pub extern "C" fn rs_nfs3_state_get_tx(state: &mut NFS3State, } #[no_mangle] -pub extern "C" fn rs_nfs3_state_tx_free(state: &mut NFS3State, +pub extern "C" fn rs_nfs3_state_tx_free(state: &mut NFSState, tx_id: libc::uint64_t) { state.free_tx(tx_id); @@ -1712,7 +1712,7 @@ pub extern "C" fn rs_nfs3_state_progress_completion_status( } #[no_mangle] -pub extern "C" fn rs_nfs3_tx_get_alstate_progress(tx: &mut NFS3Transaction, +pub extern "C" fn rs_nfs3_tx_get_alstate_progress(tx: &mut NFSTransaction, direction: libc::uint8_t) -> libc::uint8_t { @@ -1730,7 +1730,7 @@ pub extern "C" fn rs_nfs3_tx_get_alstate_progress(tx: &mut NFS3Transaction, /* #[no_mangle] -pub extern "C" fn rs_nfs3_get_txs_updated(state: &mut NFS3State, +pub extern "C" fn rs_nfs3_get_txs_updated(state: &mut NFSState, direction: u8) -> bool { if direction == STREAM_TOSERVER { @@ -1741,7 +1741,7 @@ pub extern "C" fn rs_nfs3_get_txs_updated(state: &mut NFS3State, } #[no_mangle] -pub extern "C" fn rs_nfs3_reset_txs_updated(state: &mut NFS3State, +pub extern "C" fn rs_nfs3_reset_txs_updated(state: &mut NFSState, direction: u8) { if direction == STREAM_TOSERVER { @@ -1753,16 +1753,16 @@ pub extern "C" fn rs_nfs3_reset_txs_updated(state: &mut NFS3State, */ #[no_mangle] -pub extern "C" fn rs_nfs3_tx_set_logged(_state: &mut NFS3State, - tx: &mut NFS3Transaction, +pub extern "C" fn rs_nfs3_tx_set_logged(_state: &mut NFSState, + tx: &mut NFSTransaction, logger: libc::uint32_t) { tx.logged.set_logged(logger); } #[no_mangle] -pub extern "C" fn rs_nfs3_tx_get_logged(_state: &mut NFS3State, - tx: &mut NFS3Transaction, +pub extern "C" fn rs_nfs3_tx_get_logged(_state: &mut NFSState, + tx: &mut NFSTransaction, logger: libc::uint32_t) -> i8 { @@ -1773,7 +1773,7 @@ pub extern "C" fn rs_nfs3_tx_get_logged(_state: &mut NFS3State, } #[no_mangle] -pub extern "C" fn rs_nfs3_state_has_detect_state(state: &mut NFS3State) -> u8 +pub extern "C" fn rs_nfs3_state_has_detect_state(state: &mut NFSState) -> u8 { if state.de_state_count > 0 { return 1; @@ -1783,8 +1783,8 @@ pub extern "C" fn rs_nfs3_state_has_detect_state(state: &mut NFS3State) -> u8 #[no_mangle] pub extern "C" fn rs_nfs3_state_set_tx_detect_state( - state: &mut NFS3State, - tx: &mut NFS3Transaction, + state: &mut NFSState, + tx: &mut NFSTransaction, de_state: &mut DetectEngineState) { state.de_state_count += 1; @@ -1793,7 +1793,7 @@ pub extern "C" fn rs_nfs3_state_set_tx_detect_state( #[no_mangle] pub extern "C" fn rs_nfs3_state_get_tx_detect_state( - tx: &mut NFS3Transaction) + tx: &mut NFSTransaction) -> *mut DetectEngineState { match tx.de_state { @@ -1810,7 +1810,7 @@ pub extern "C" fn rs_nfs3_state_get_tx_detect_state( /// otherwise get procs from the 'file_additional_procs'. /// Keep calling until 0 is returned. #[no_mangle] -pub extern "C" fn rs_nfs3_tx_get_procedures(tx: &mut NFS3Transaction, +pub extern "C" fn rs_nfs3_tx_get_procedures(tx: &mut NFSTransaction, i: libc::uint16_t, procedure: *mut libc::uint32_t) -> libc::uint8_t @@ -1829,7 +1829,7 @@ pub extern "C" fn rs_nfs3_tx_get_procedures(tx: &mut NFS3Transaction, /* file tx handling follows */ let ref tdf = match tx.type_data { - Some(NFS3TransactionTypeData::FILE(ref x)) => x, + Some(NFSTransactionTypeData::FILE(ref x)) => x, _ => { panic!("BUG") }, }; @@ -1988,16 +1988,15 @@ pub extern "C" fn rs_nfs_probe_udp_tc(input: *const libc::uint8_t, len: libc::ui } #[no_mangle] -pub extern "C" fn rs_nfs3_getfiles(direction: u8, ptr: *mut NFS3State) -> * mut FileContainer { +pub extern "C" fn rs_nfs3_getfiles(direction: u8, ptr: *mut NFSState) -> * mut FileContainer { if ptr.is_null() { panic!("NULL ptr"); }; let parser = unsafe { &mut *ptr }; parser.getfiles(direction) } #[no_mangle] -pub extern "C" fn rs_nfs3_setfileflags(direction: u8, ptr: *mut NFS3State, flags: u16) { +pub extern "C" fn rs_nfs3_setfileflags(direction: u8, ptr: *mut NFSState, flags: u16) { if ptr.is_null() { panic!("NULL ptr"); }; let parser = unsafe { &mut *ptr }; SCLogDebug!("direction {} flags {}", direction, flags); parser.setfileflags(direction, flags) } - diff --git a/src/Makefile.am b/src/Makefile.am index 84f517979b..4277cc9535 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -39,8 +39,8 @@ app-layer-protos.c app-layer-protos.h \ app-layer-smb2.c app-layer-smb2.h \ app-layer-smb.c app-layer-smb.h \ app-layer-smtp.c app-layer-smtp.h \ -app-layer-nfs3.c app-layer-nfs3.h \ -app-layer-nfs3-udp.c app-layer-nfs3-udp.h \ +app-layer-nfs-tcp.c app-layer-nfs-tcp.h \ +app-layer-nfs-udp.c app-layer-nfs-udp.h \ app-layer-template.c app-layer-template.h \ app-layer-ssh.c app-layer-ssh.h \ app-layer-ssl.c app-layer-ssl.h \ @@ -209,7 +209,7 @@ detect-lua-extensions.c detect-lua-extensions.h \ detect-mark.c detect-mark.h \ detect-metadata.c detect-metadata.h \ detect-msg.c detect-msg.h \ -detect-nfs3-procedure.c detect-nfs3-procedure.h \ +detect-nfs-procedure.c detect-nfs-procedure.h \ detect-noalert.c detect-noalert.h \ detect-nocase.c detect-nocase.h \ detect-offset.c detect-offset.h \ @@ -300,7 +300,7 @@ output-json-smtp.c output-json-smtp.h \ output-json-ssh.c output-json-ssh.h \ output-json-stats.c output-json-stats.h \ output-json-tls.c output-json-tls.h \ -output-json-nfs3.c output-json-nfs3.h \ +output-json-nfs.c output-json-nfs.h \ output-json-template.c output-json-template.h \ output-json-vars.c output-json-vars.h \ output-lua.c output-lua.h \ diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c index 05c11f368f..1a0abdfb7c 100644 --- a/src/app-layer-detect-proto.c +++ b/src/app-layer-detect-proto.c @@ -696,8 +696,8 @@ static void AppLayerProtoDetectPrintProbingParsers(AppLayerProtoDetectProbingPar printf(" alproto: ALPROTO_MODBUS\n"); else if (pp_pe->alproto == ALPROTO_ENIP) printf(" alproto: ALPROTO_ENIP\n"); - else if (pp_pe->alproto == ALPROTO_NFS3) - printf(" alproto: ALPROTO_NFS3\n"); + else if (pp_pe->alproto == ALPROTO_NFS) + printf(" alproto: ALPROTO_NFS\n"); else if (pp_pe->alproto == ALPROTO_TEMPLATE) printf(" alproto: ALPROTO_TEMPLATE\n"); else if (pp_pe->alproto == ALPROTO_DNP3) @@ -755,8 +755,8 @@ static void AppLayerProtoDetectPrintProbingParsers(AppLayerProtoDetectProbingPar printf(" alproto: ALPROTO_MODBUS\n"); else if (pp_pe->alproto == ALPROTO_ENIP) printf(" alproto: ALPROTO_ENIP\n"); - else if (pp_pe->alproto == ALPROTO_NFS3) - printf(" alproto: ALPROTO_NFS3\n"); + else if (pp_pe->alproto == ALPROTO_NFS) + printf(" alproto: ALPROTO_NFS\n"); else if (pp_pe->alproto == ALPROTO_TEMPLATE) printf(" alproto: ALPROTO_TEMPLATE\n"); else if (pp_pe->alproto == ALPROTO_DNP3) diff --git a/src/app-layer-nfs3.c b/src/app-layer-nfs-tcp.c similarity index 61% rename from src/app-layer-nfs3.c rename to src/app-layer-nfs-tcp.c index 060e85efa7..38623f1a6d 100644 --- a/src/app-layer-nfs3.c +++ b/src/app-layer-nfs-tcp.c @@ -20,11 +20,10 @@ * * \author Victor Julien * - * NFS3 application layer detector and parser for learning and - * nfs3 pruposes. + * NFS application layer detector and parser. * - * This nfs3 implements a simple application layer for something - * like the NFS3 protocol running on port 2049. + * This implements a application layer for the NFS protocol + * running on port 2049. */ #include "suricata-common.h" @@ -36,25 +35,25 @@ #include "app-layer-detect-proto.h" #include "app-layer-parser.h" -#include "app-layer-nfs3.h" +#include "app-layer-nfs-tcp.h" #ifndef HAVE_RUST -void RegisterNFS3Parsers(void) +void RegisterNFSTCPParsers(void) { } #else #include "rust.h" -#include "rust-nfs-nfs3-gen.h" +#include "rust-nfs-nfs-gen.h" /* The default port to probe for echo traffic if not provided in the * configuration file. */ -#define NFS3_DEFAULT_PORT "2049" +#define NFSTCP_DEFAULT_PORT "2049" /* The minimum size for a RFC message. For some protocols this might * be the size of a header. TODO actual min size is likely larger */ -#define NFS3_MIN_FRAME_LEN 32 +#define NFSTCP_MIN_FRAME_LEN 32 /* Enum of app-layer events for an echo protocol. Normally you might * have events for errors in parsing data, like unexpected data being @@ -63,24 +62,24 @@ void RegisterNFS3Parsers(void) * * Example rule: * - * alert nfs3 any any -> any any (msg:"SURICATA NFS3 empty message"; \ - * app-layer-event:nfs3.empty_message; sid:X; rev:Y;) + * alert nfs any any -> any any (msg:"SURICATA NFS empty message"; \ + * app-layer-event:nfs.empty_message; sid:X; rev:Y;) */ enum { - NFS3_DECODER_EVENT_EMPTY_MESSAGE, + NFSTCP_DECODER_EVENT_EMPTY_MESSAGE, }; -SCEnumCharMap nfs3_decoder_event_table[] = { - {"EMPTY_MESSAGE", NFS3_DECODER_EVENT_EMPTY_MESSAGE}, +SCEnumCharMap nfs_decoder_event_table[] = { + {"EMPTY_MESSAGE", NFSTCP_DECODER_EVENT_EMPTY_MESSAGE}, { NULL, 0 } }; -static void *NFS3StateAlloc(void) +static void *NFSTCPStateAlloc(void) { return rs_nfs3_state_new(); } -static void NFS3StateFree(void *state) +static void NFSTCPStateFree(void *state) { rs_nfs3_state_free(state); } @@ -88,22 +87,22 @@ static void NFS3StateFree(void *state) /** * \brief Callback from the application layer to have a transaction freed. * - * \param state a void pointer to the NFS3State object. + * \param state a void pointer to the NFSTCPState object. * \param tx_id the transaction ID to free. */ -static void NFS3StateTxFree(void *state, uint64_t tx_id) +static void NFSTCPStateTxFree(void *state, uint64_t tx_id) { rs_nfs3_state_tx_free(state, tx_id); } #if 0 -static int NFS3StateGetEventInfo(const char *event_name, int *event_id, +static int NFSTCPStateGetEventInfo(const char *event_name, int *event_id, AppLayerEventType *event_type) { - *event_id = SCMapEnumNameToValue(event_name, nfs3_decoder_event_table); + *event_id = SCMapEnumNameToValue(event_name, nfs_decoder_event_table); if (*event_id == -1) { SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in " - "nfs3 enum map table.", event_name); + "nfs enum map table.", event_name); /* This should be treated as fatal. */ return -1; } @@ -113,12 +112,12 @@ static int NFS3StateGetEventInfo(const char *event_name, int *event_id, return 0; } -static AppLayerDecoderEvents *NFS3GetEvents(void *state, uint64_t tx_id) +static AppLayerDecoderEvents *NFSTCPGetEvents(void *state, uint64_t tx_id) { - NFS3State *nfs3_state = state; - NFS3Transaction *tx; + NFSTCPState *nfs_state = state; + NFSTCPTransaction *tx; - TAILQ_FOREACH(tx, &nfs3_state->tx_list, next) { + TAILQ_FOREACH(tx, &nfs_state->tx_list, next) { if (tx->tx_id == tx_id) { return tx->decoder_events; } @@ -127,9 +126,9 @@ static AppLayerDecoderEvents *NFS3GetEvents(void *state, uint64_t tx_id) return NULL; } -static int NFS3HasEvents(void *state) +static int NFSTCPHasEvents(void *state) { - NFS3State *echo = state; + NFSTCPState *echo = state; return echo->events; } #endif @@ -137,46 +136,46 @@ static int NFS3HasEvents(void *state) /** * \brief Probe the input to see if it looks like echo. * - * \retval ALPROTO_NFS3 if it looks like echo, otherwise + * \retval ALPROTO_NFS if it looks like echo, otherwise * ALPROTO_UNKNOWN. */ -static AppProto NFS3ProbingParserTS(uint8_t *input, uint32_t input_len, +static AppProto NFSTCPProbingParserTS(uint8_t *input, uint32_t input_len, uint32_t *offset) { - if (input_len < NFS3_MIN_FRAME_LEN) { + if (input_len < NFSTCP_MIN_FRAME_LEN) { return ALPROTO_UNKNOWN; } int8_t r = rs_nfs_probe_ts(input, input_len); if (r == 1) { - return ALPROTO_NFS3; + return ALPROTO_NFS; } else if (r == -1) { return ALPROTO_FAILED; } - SCLogDebug("Protocol not detected as ALPROTO_NFS3."); + SCLogDebug("Protocol not detected as ALPROTO_NFS."); return ALPROTO_UNKNOWN; } -static AppProto NFS3ProbingParserTC(uint8_t *input, uint32_t input_len, +static AppProto NFSTCPProbingParserTC(uint8_t *input, uint32_t input_len, uint32_t *offset) { - if (input_len < NFS3_MIN_FRAME_LEN) { + if (input_len < NFSTCP_MIN_FRAME_LEN) { return ALPROTO_UNKNOWN; } int8_t r = rs_nfs_probe_tc(input, input_len); if (r == 1) { - return ALPROTO_NFS3; + return ALPROTO_NFS; } else if (r == -1) { return ALPROTO_FAILED; } - SCLogDebug("Protocol not detected as ALPROTO_NFS3."); + SCLogDebug("Protocol not detected as ALPROTO_NFS."); return ALPROTO_UNKNOWN; } -static int NFS3ParseRequest(Flow *f, void *state, +static int NFSTCPParseRequest(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, void *local_data) { @@ -186,7 +185,7 @@ static int NFS3ParseRequest(Flow *f, void *state, return rs_nfs3_parse_request(f, state, pstate, input, input_len, local_data); } -static int NFS3ParseResponse(Flow *f, void *state, AppLayerParserState *pstate, +static int NFSTCPParseResponse(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, void *local_data) { uint16_t file_flags = FileFlowToFlags(f, STREAM_TOCLIENT); @@ -195,22 +194,22 @@ static int NFS3ParseResponse(Flow *f, void *state, AppLayerParserState *pstate, return rs_nfs3_parse_response(f, state, pstate, input, input_len, local_data); } -static uint64_t NFS3GetTxCnt(void *state) +static uint64_t NFSTCPGetTxCnt(void *state) { return rs_nfs3_state_get_tx_count(state); } -static void *NFS3GetTx(void *state, uint64_t tx_id) +static void *NFSTCPGetTx(void *state, uint64_t tx_id) { return rs_nfs3_state_get_tx(state, tx_id); } -static void NFS3SetTxLogged(void *state, void *vtx, uint32_t logger) +static void NFSTCPSetTxLogged(void *state, void *vtx, uint32_t logger) { rs_nfs3_tx_set_logged(state, vtx, logger); } -static int NFS3GetTxLogged(void *state, void *vtx, uint32_t logger) +static int NFSTCPGetTxLogged(void *state, void *vtx, uint32_t logger) { return rs_nfs3_tx_get_logged(state, vtx, logger); } @@ -220,7 +219,7 @@ static int NFS3GetTxLogged(void *state, void *vtx, uint32_t logger) * * In most cases 1 can be returned here. */ -static int NFS3GetAlstateProgressCompletionStatus(uint8_t direction) { +static int NFSTCPGetAlstateProgressCompletionStatus(uint8_t direction) { return rs_nfs3_state_progress_completion_status(direction); } @@ -237,7 +236,7 @@ static int NFS3GetAlstateProgressCompletionStatus(uint8_t direction) { * needs to be seen. The response_done flag is set on response for * checking here. */ -static int NFS3GetStateProgress(void *tx, uint8_t direction) +static int NFSTCPGetStateProgress(void *tx, uint8_t direction) { return rs_nfs3_tx_get_alstate_progress(tx, direction); } @@ -245,7 +244,7 @@ static int NFS3GetStateProgress(void *tx, uint8_t direction) /** * \brief get stored tx detect state */ -static DetectEngineState *NFS3GetTxDetectState(void *vtx) +static DetectEngineState *NFSTCPGetTxDetectState(void *vtx) { return rs_nfs3_state_get_tx_detect_state(vtx); } @@ -253,14 +252,14 @@ static DetectEngineState *NFS3GetTxDetectState(void *vtx) /** * \brief set store tx detect state */ -static int NFS3SetTxDetectState(void *state, void *vtx, +static int NFSTCPSetTxDetectState(void *state, void *vtx, DetectEngineState *s) { rs_nfs3_state_set_tx_detect_state(state, vtx, s); return 0; } -static FileContainer *NFS3GetFiles(void *state, uint8_t direction) +static FileContainer *NFSTCPGetFiles(void *state, uint8_t direction) { return rs_nfs3_getfiles(direction, state); } @@ -268,40 +267,40 @@ static FileContainer *NFS3GetFiles(void *state, uint8_t direction) static StreamingBufferConfig sbcfg = STREAMING_BUFFER_CONFIG_INITIALIZER; static SuricataFileContext sfc = { &sbcfg }; -void RegisterNFS3Parsers(void) +void RegisterNFSTCPParsers(void) { - const char *proto_name = "nfs3"; + const char *proto_name = "nfs"; - /* Check if NFS3 TCP detection is enabled. If it does not exist in + /* Check if NFSTCP TCP detection is enabled. If it does not exist in * the configuration file then it will be enabled by default. */ if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) { rs_nfs3_init(&sfc); - SCLogDebug("NFS3 TCP protocol detection enabled."); + SCLogDebug("NFSTCP TCP protocol detection enabled."); - AppLayerProtoDetectRegisterProtocol(ALPROTO_NFS3, proto_name); + AppLayerProtoDetectRegisterProtocol(ALPROTO_NFS, proto_name); if (RunmodeIsUnittests()) { SCLogDebug("Unittest mode, registering default configuration."); - AppLayerProtoDetectPPRegister(IPPROTO_TCP, NFS3_DEFAULT_PORT, - ALPROTO_NFS3, 0, NFS3_MIN_FRAME_LEN, STREAM_TOSERVER, - NFS3ProbingParserTS, NFS3ProbingParserTC); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, NFSTCP_DEFAULT_PORT, + ALPROTO_NFS, 0, NFSTCP_MIN_FRAME_LEN, STREAM_TOSERVER, + NFSTCPProbingParserTS, NFSTCPProbingParserTC); } else { if (!AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP, - proto_name, ALPROTO_NFS3, 0, NFS3_MIN_FRAME_LEN, - NFS3ProbingParserTS, NFS3ProbingParserTC)) { - SCLogDebug("No NFS3 app-layer configuration, enabling NFS3" + proto_name, ALPROTO_NFS, 0, NFSTCP_MIN_FRAME_LEN, + NFSTCPProbingParserTS, NFSTCPProbingParserTC)) { + SCLogDebug("No NFSTCP app-layer configuration, enabling NFSTCP" " detection TCP detection on port %s.", - NFS3_DEFAULT_PORT); + NFSTCP_DEFAULT_PORT); AppLayerProtoDetectPPRegister(IPPROTO_TCP, - NFS3_DEFAULT_PORT, ALPROTO_NFS3, 0, - NFS3_MIN_FRAME_LEN, STREAM_TOSERVER, - NFS3ProbingParserTS, NFS3ProbingParserTC); + NFSTCP_DEFAULT_PORT, ALPROTO_NFS, 0, + NFSTCP_MIN_FRAME_LEN, STREAM_TOSERVER, + NFSTCPProbingParserTS, NFSTCPProbingParserTC); } } @@ -309,80 +308,80 @@ void RegisterNFS3Parsers(void) } else { - SCLogDebug("Protocol detecter and parser disabled for NFS3."); + SCLogDebug("Protocol detecter and parser disabled for NFSTCP."); return; } if (AppLayerParserConfParserEnabled("tcp", proto_name)) { - SCLogDebug("Registering NFS3 protocol parser."); + SCLogDebug("Registering NFSTCP protocol parser."); /* Register functions for state allocation and freeing. A - * state is allocated for every new NFS3 flow. */ - AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_NFS3, - NFS3StateAlloc, NFS3StateFree); + * state is allocated for every new NFSTCP flow. */ + AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_NFS, + NFSTCPStateAlloc, NFSTCPStateFree); /* Register request parser for parsing frame from server to client. */ - AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_NFS3, - STREAM_TOSERVER, NFS3ParseRequest); + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_NFS, + STREAM_TOSERVER, NFSTCPParseRequest); /* Register response parser for parsing frames from server to client. */ - AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_NFS3, - STREAM_TOCLIENT, NFS3ParseResponse); + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_NFS, + STREAM_TOCLIENT, NFSTCPParseResponse); /* Register a function to be called by the application layer * when a transaction is to be freed. */ - AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_NFS3, - NFS3StateTxFree); + AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_NFS, + NFSTCPStateTxFree); - AppLayerParserRegisterLoggerFuncs(IPPROTO_TCP, ALPROTO_NFS3, - NFS3GetTxLogged, NFS3SetTxLogged); + AppLayerParserRegisterLoggerFuncs(IPPROTO_TCP, ALPROTO_NFS, + NFSTCPGetTxLogged, NFSTCPSetTxLogged); /* Register a function to return the current transaction count. */ - AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_NFS3, - NFS3GetTxCnt); + AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_NFS, + NFSTCPGetTxCnt); /* Transaction handling. */ - AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_NFS3, - NFS3GetAlstateProgressCompletionStatus); + AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_NFS, + NFSTCPGetAlstateProgressCompletionStatus); AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, - ALPROTO_NFS3, NFS3GetStateProgress); - AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_NFS3, - NFS3GetTx); + ALPROTO_NFS, NFSTCPGetStateProgress); + AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_NFS, + NFSTCPGetTx); - AppLayerParserRegisterGetFilesFunc(IPPROTO_TCP, ALPROTO_NFS3, NFS3GetFiles); + AppLayerParserRegisterGetFilesFunc(IPPROTO_TCP, ALPROTO_NFS, NFSTCPGetFiles); /* Application layer event handling. */ -// AppLayerParserRegisterHasEventsFunc(IPPROTO_TCP, ALPROTO_NFS3, -// NFS3HasEvents); +// AppLayerParserRegisterHasEventsFunc(IPPROTO_TCP, ALPROTO_NFS, +// NFSTCPHasEvents); /* What is this being registered for? */ - AppLayerParserRegisterDetectStateFuncs(IPPROTO_TCP, ALPROTO_NFS3, - NULL, NFS3GetTxDetectState, NFS3SetTxDetectState); + AppLayerParserRegisterDetectStateFuncs(IPPROTO_TCP, ALPROTO_NFS, + NULL, NFSTCPGetTxDetectState, NFSTCPSetTxDetectState); -// AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_NFS3, -// NFS3StateGetEventInfo); -// AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_NFS3, -// NFS3GetEvents); +// AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_NFS, +// NFSTCPStateGetEventInfo); +// AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_NFS, +// NFSTCPGetEvents); /* This parser accepts gaps. */ - AppLayerParserRegisterOptionFlags(IPPROTO_TCP, ALPROTO_NFS3, + AppLayerParserRegisterOptionFlags(IPPROTO_TCP, ALPROTO_NFS, APP_LAYER_PARSER_OPT_ACCEPT_GAPS); } else { - SCLogDebug("NFS3 protocol parsing disabled."); + SCLogDebug("NFSTCP protocol parsing disabled."); } #ifdef UNITTESTS - AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_NFS3, - NFS3ParserRegisterTests); + AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_NFS, + NFSTCPParserRegisterTests); #endif } #ifdef UNITTESTS #endif -void NFS3ParserRegisterTests(void) +void NFSTCPParserRegisterTests(void) { #ifdef UNITTESTS #endif diff --git a/src/app-layer-nfs3-udp.h b/src/app-layer-nfs-tcp.h similarity index 81% rename from src/app-layer-nfs3-udp.h rename to src/app-layer-nfs-tcp.h index bfe105d592..ad9671f1ef 100644 --- a/src/app-layer-nfs3-udp.h +++ b/src/app-layer-nfs-tcp.h @@ -21,10 +21,10 @@ * \author Victor Julien */ -#ifndef __APP_LAYER_NFS3_UDP_H__ -#define __APP_LAYER_NFS3_UDP_H__ +#ifndef __APP_LAYER_NFS_TCP_H__ +#define __APP_LAYER_NFS_TCP_H__ -void RegisterNFS3UDPParsers(void); -void NFS3UDPParserRegisterTests(void); +void RegisterNFSTCPParsers(void); +void NFSTCPParserRegisterTests(void); -#endif /* __APP_LAYER_NFS3_H__ */ +#endif /* __APP_LAYER_NFS_TCP_H__ */ diff --git a/src/app-layer-nfs3-udp.c b/src/app-layer-nfs-udp.c similarity index 61% rename from src/app-layer-nfs3-udp.c rename to src/app-layer-nfs-udp.c index b615d40c56..65bd41a77c 100644 --- a/src/app-layer-nfs3-udp.c +++ b/src/app-layer-nfs-udp.c @@ -20,11 +20,7 @@ * * \author Victor Julien * - * NFS3 application layer detector and parser for learning and - * nfs3 pruposes. - * - * This nfs3 implements a simple application layer for something - * like the NFS3 protocol running on port 2049. + * NFS application layer detector and parser */ #include "suricata-common.h" @@ -36,25 +32,25 @@ #include "app-layer-detect-proto.h" #include "app-layer-parser.h" -#include "app-layer-nfs3-udp.h" +#include "app-layer-nfs-udp.h" #ifndef HAVE_RUST -void RegisterNFS3UDPParsers(void) +void RegisterNFSUDPParsers(void) { } #else #include "rust.h" -#include "rust-nfs-nfs3-gen.h" +#include "rust-nfs-nfs-gen.h" /* The default port to probe for echo traffic if not provided in the * configuration file. */ -#define NFS3_DEFAULT_PORT "2049" +#define NFS_DEFAULT_PORT "2049" /* The minimum size for a RFC message. For some protocols this might * be the size of a header. TODO actual min size is likely larger */ -#define NFS3_MIN_FRAME_LEN 32 +#define NFS_MIN_FRAME_LEN 32 /* Enum of app-layer events for an echo protocol. Normally you might * have events for errors in parsing data, like unexpected data being @@ -63,24 +59,24 @@ void RegisterNFS3UDPParsers(void) * * Example rule: * - * alert nfs3 any any -> any any (msg:"SURICATA NFS3 empty message"; \ - * app-layer-event:nfs3.empty_message; sid:X; rev:Y;) + * alert nfs3 any any -> any any (msg:"SURICATA NFS empty message"; \ + * app-layer-event:nfs.empty_message; sid:X; rev:Y;) */ enum { - NFS3_DECODER_EVENT_EMPTY_MESSAGE, + NFS_DECODER_EVENT_EMPTY_MESSAGE, }; -SCEnumCharMap nfs3_udp_decoder_event_table[] = { - {"EMPTY_MESSAGE", NFS3_DECODER_EVENT_EMPTY_MESSAGE}, +SCEnumCharMap nfs_udp_decoder_event_table[] = { + {"EMPTY_MESSAGE", NFS_DECODER_EVENT_EMPTY_MESSAGE}, { NULL, 0 } }; -static void *NFS3StateAlloc(void) +static void *NFSStateAlloc(void) { return rs_nfs3_state_new(); } -static void NFS3StateFree(void *state) +static void NFSStateFree(void *state) { rs_nfs3_state_free(state); } @@ -88,22 +84,22 @@ static void NFS3StateFree(void *state) /** * \brief Callback from the application layer to have a transaction freed. * - * \param state a void pointer to the NFS3State object. + * \param state a void pointer to the NFSState object. * \param tx_id the transaction ID to free. */ -static void NFS3StateTxFree(void *state, uint64_t tx_id) +static void NFSStateTxFree(void *state, uint64_t tx_id) { rs_nfs3_state_tx_free(state, tx_id); } #if 0 -static int NFS3StateGetEventInfo(const char *event_name, int *event_id, +static int NFSStateGetEventInfo(const char *event_name, int *event_id, AppLayerEventType *event_type) { - *event_id = SCMapEnumNameToValue(event_name, nfs3_decoder_event_table); + *event_id = SCMapEnumNameToValue(event_name, nfs_decoder_event_table); if (*event_id == -1) { SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in " - "nfs3 enum map table.", event_name); + "nfs enum map table.", event_name); /* This should be treated as fatal. */ return -1; } @@ -113,10 +109,10 @@ static int NFS3StateGetEventInfo(const char *event_name, int *event_id, return 0; } -static AppLayerDecoderEvents *NFS3GetEvents(void *state, uint64_t tx_id) +static AppLayerDecoderEvents *NFSGetEvents(void *state, uint64_t tx_id) { - NFS3State *nfs3_state = state; - NFS3Transaction *tx; + NFSState *nfs_state = state; + NFSTransaction *tx; TAILQ_FOREACH(tx, &nfs3_state->tx_list, next) { if (tx->tx_id == tx_id) { @@ -127,9 +123,9 @@ static AppLayerDecoderEvents *NFS3GetEvents(void *state, uint64_t tx_id) return NULL; } -static int NFS3HasEvents(void *state) +static int NFSHasEvents(void *state) { - NFS3State *echo = state; + NFSState *echo = state; return echo->events; } #endif @@ -137,54 +133,54 @@ static int NFS3HasEvents(void *state) /** * \brief Probe the input to see if it looks like echo. * - * \retval ALPROTO_NFS3 if it looks like echo, otherwise + * \retval ALPROTO_NFS if it looks like echo, otherwise * ALPROTO_UNKNOWN. */ -static AppProto NFS3ProbingParserTS(uint8_t *input, uint32_t input_len, +static AppProto NFSProbingParserTS(uint8_t *input, uint32_t input_len, uint32_t *offset) { SCLogDebug("probing"); - if (input_len < NFS3_MIN_FRAME_LEN) { + if (input_len < NFS_MIN_FRAME_LEN) { SCLogDebug("unknown"); return ALPROTO_UNKNOWN; } int8_t r = rs_nfs_probe_udp_ts(input, input_len); if (r == 1) { - SCLogDebug("nfs3"); - return ALPROTO_NFS3; + SCLogDebug("nfs"); + return ALPROTO_NFS; } else if (r == -1) { SCLogDebug("failed"); return ALPROTO_FAILED; } - SCLogDebug("Protocol not detected as ALPROTO_NFS3."); + SCLogDebug("Protocol not detected as ALPROTO_NFS."); return ALPROTO_UNKNOWN; } -static AppProto NFS3ProbingParserTC(uint8_t *input, uint32_t input_len, +static AppProto NFSProbingParserTC(uint8_t *input, uint32_t input_len, uint32_t *offset) { SCLogDebug("probing"); - if (input_len < NFS3_MIN_FRAME_LEN) { + if (input_len < NFS_MIN_FRAME_LEN) { SCLogDebug("unknown"); return ALPROTO_UNKNOWN; } int8_t r = rs_nfs_probe_tc(input, input_len); if (r == 1) { - SCLogDebug("nfs3"); - return ALPROTO_NFS3; + SCLogDebug("nfs"); + return ALPROTO_NFS; } else if (r == -1) { SCLogDebug("failed"); return ALPROTO_FAILED; } - SCLogDebug("Protocol not detected as ALPROTO_NFS3."); + SCLogDebug("Protocol not detected as ALPROTO_NFS."); return ALPROTO_UNKNOWN; } -static int NFS3ParseRequest(Flow *f, void *state, +static int NFSParseRequest(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, void *local_data) { @@ -194,7 +190,7 @@ static int NFS3ParseRequest(Flow *f, void *state, return rs_nfs3_parse_request_udp(f, state, pstate, input, input_len, local_data); } -static int NFS3ParseResponse(Flow *f, void *state, AppLayerParserState *pstate, +static int NFSParseResponse(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, void *local_data) { uint16_t file_flags = FileFlowToFlags(f, STREAM_TOCLIENT); @@ -203,22 +199,22 @@ static int NFS3ParseResponse(Flow *f, void *state, AppLayerParserState *pstate, return rs_nfs3_parse_response_udp(f, state, pstate, input, input_len, local_data); } -static uint64_t NFS3GetTxCnt(void *state) +static uint64_t NFSGetTxCnt(void *state) { return rs_nfs3_state_get_tx_count(state); } -static void *NFS3GetTx(void *state, uint64_t tx_id) +static void *NFSGetTx(void *state, uint64_t tx_id) { return rs_nfs3_state_get_tx(state, tx_id); } -static void NFS3SetTxLogged(void *state, void *vtx, uint32_t logger) +static void NFSSetTxLogged(void *state, void *vtx, uint32_t logger) { rs_nfs3_tx_set_logged(state, vtx, logger); } -static int NFS3GetTxLogged(void *state, void *vtx, uint32_t logger) +static int NFSGetTxLogged(void *state, void *vtx, uint32_t logger) { return rs_nfs3_tx_get_logged(state, vtx, logger); } @@ -228,7 +224,7 @@ static int NFS3GetTxLogged(void *state, void *vtx, uint32_t logger) * * In most cases 1 can be returned here. */ -static int NFS3GetAlstateProgressCompletionStatus(uint8_t direction) { +static int NFSGetAlstateProgressCompletionStatus(uint8_t direction) { return rs_nfs3_state_progress_completion_status(direction); } @@ -245,7 +241,7 @@ static int NFS3GetAlstateProgressCompletionStatus(uint8_t direction) { * needs to be seen. The response_done flag is set on response for * checking here. */ -static int NFS3GetStateProgress(void *tx, uint8_t direction) +static int NFSGetStateProgress(void *tx, uint8_t direction) { return rs_nfs3_tx_get_alstate_progress(tx, direction); } @@ -253,7 +249,7 @@ static int NFS3GetStateProgress(void *tx, uint8_t direction) /** * \brief get stored tx detect state */ -static DetectEngineState *NFS3GetTxDetectState(void *vtx) +static DetectEngineState *NFSGetTxDetectState(void *vtx) { return rs_nfs3_state_get_tx_detect_state(vtx); } @@ -261,14 +257,14 @@ static DetectEngineState *NFS3GetTxDetectState(void *vtx) /** * \brief set store tx detect state */ -static int NFS3SetTxDetectState(void *state, void *vtx, +static int NFSSetTxDetectState(void *state, void *vtx, DetectEngineState *s) { rs_nfs3_state_set_tx_detect_state(state, vtx, s); return 0; } -static FileContainer *NFS3GetFiles(void *state, uint8_t direction) +static FileContainer *NFSGetFiles(void *state, uint8_t direction) { return rs_nfs3_getfiles(direction, state); } @@ -276,40 +272,40 @@ static FileContainer *NFS3GetFiles(void *state, uint8_t direction) static StreamingBufferConfig sbcfg = STREAMING_BUFFER_CONFIG_INITIALIZER; static SuricataFileContext sfc = { &sbcfg }; -void RegisterNFS3UDPParsers(void) +void RegisterNFSUDPParsers(void) { - const char *proto_name = "nfs3"; + const char *proto_name = "nfs"; - /* Check if NFS3 TCP detection is enabled. If it does not exist in + /* Check if NFS TCP detection is enabled. If it does not exist in * the configuration file then it will be enabled by default. */ if (AppLayerProtoDetectConfProtoDetectionEnabled("udp", proto_name)) { rs_nfs3_init(&sfc); - SCLogDebug("NFS3 UDP protocol detection enabled."); + SCLogDebug("NFS UDP protocol detection enabled."); - AppLayerProtoDetectRegisterProtocol(ALPROTO_NFS3, proto_name); + AppLayerProtoDetectRegisterProtocol(ALPROTO_NFS, proto_name); if (RunmodeIsUnittests()) { SCLogDebug("Unittest mode, registering default configuration."); - AppLayerProtoDetectPPRegister(IPPROTO_UDP, NFS3_DEFAULT_PORT, - ALPROTO_NFS3, 0, NFS3_MIN_FRAME_LEN, STREAM_TOSERVER, - NFS3ProbingParserTS, NFS3ProbingParserTC); + AppLayerProtoDetectPPRegister(IPPROTO_UDP, NFS_DEFAULT_PORT, + ALPROTO_NFS, 0, NFS_MIN_FRAME_LEN, STREAM_TOSERVER, + NFSProbingParserTS, NFSProbingParserTC); } else { if (!AppLayerProtoDetectPPParseConfPorts("udp", IPPROTO_UDP, - proto_name, ALPROTO_NFS3, 0, NFS3_MIN_FRAME_LEN, - NFS3ProbingParserTS, NFS3ProbingParserTC)) { - SCLogDebug("No NFS3 app-layer configuration, enabling NFS3" + proto_name, ALPROTO_NFS, 0, NFS_MIN_FRAME_LEN, + NFSProbingParserTS, NFSProbingParserTC)) { + SCLogDebug("No NFS app-layer configuration, enabling NFS" " detection TCP detection on port %s.", - NFS3_DEFAULT_PORT); + NFS_DEFAULT_PORT); AppLayerProtoDetectPPRegister(IPPROTO_UDP, - NFS3_DEFAULT_PORT, ALPROTO_NFS3, 0, - NFS3_MIN_FRAME_LEN, STREAM_TOSERVER, - NFS3ProbingParserTS, NFS3ProbingParserTC); + NFS_DEFAULT_PORT, ALPROTO_NFS, 0, + NFS_MIN_FRAME_LEN, STREAM_TOSERVER, + NFSProbingParserTS, NFSProbingParserTC); } } @@ -317,76 +313,76 @@ void RegisterNFS3UDPParsers(void) } else { - SCLogDebug("Protocol detecter and parser disabled for NFS3."); + SCLogDebug("Protocol detecter and parser disabled for NFS."); return; } if (AppLayerParserConfParserEnabled("udp", proto_name)) { - SCLogDebug("Registering NFS3 protocol parser."); + SCLogDebug("Registering NFS protocol parser."); /* Register functions for state allocation and freeing. A - * state is allocated for every new NFS3 flow. */ - AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_NFS3, - NFS3StateAlloc, NFS3StateFree); + * state is allocated for every new NFS flow. */ + AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_NFS, + NFSStateAlloc, NFSStateFree); /* Register request parser for parsing frame from server to client. */ - AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_NFS3, - STREAM_TOSERVER, NFS3ParseRequest); + AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_NFS, + STREAM_TOSERVER, NFSParseRequest); /* Register response parser for parsing frames from server to client. */ - AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_NFS3, - STREAM_TOCLIENT, NFS3ParseResponse); + AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_NFS, + STREAM_TOCLIENT, NFSParseResponse); /* Register a function to be called by the application layer * when a transaction is to be freed. */ - AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_NFS3, - NFS3StateTxFree); + AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_NFS, + NFSStateTxFree); - AppLayerParserRegisterLoggerFuncs(IPPROTO_UDP, ALPROTO_NFS3, - NFS3GetTxLogged, NFS3SetTxLogged); + AppLayerParserRegisterLoggerFuncs(IPPROTO_UDP, ALPROTO_NFS, + NFSGetTxLogged, NFSSetTxLogged); /* Register a function to return the current transaction count. */ - AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_NFS3, - NFS3GetTxCnt); + AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_NFS, + NFSGetTxCnt); /* Transaction handling. */ - AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_NFS3, - NFS3GetAlstateProgressCompletionStatus); + AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_NFS, + NFSGetAlstateProgressCompletionStatus); AppLayerParserRegisterGetStateProgressFunc(IPPROTO_UDP, - ALPROTO_NFS3, NFS3GetStateProgress); - AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_NFS3, - NFS3GetTx); + ALPROTO_NFS, NFSGetStateProgress); + AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_NFS, + NFSGetTx); - AppLayerParserRegisterGetFilesFunc(IPPROTO_UDP, ALPROTO_NFS3, NFS3GetFiles); + AppLayerParserRegisterGetFilesFunc(IPPROTO_UDP, ALPROTO_NFS, NFSGetFiles); /* Application layer event handling. */ -// AppLayerParserRegisterHasEventsFunc(IPPROTO_UDP, ALPROTO_NFS3, -// NFS3HasEvents); +// AppLayerParserRegisterHasEventsFunc(IPPROTO_UDP, ALPROTO_NFS, +// NFSHasEvents); /* What is this being registered for? */ - AppLayerParserRegisterDetectStateFuncs(IPPROTO_UDP, ALPROTO_NFS3, - NULL, NFS3GetTxDetectState, NFS3SetTxDetectState); + AppLayerParserRegisterDetectStateFuncs(IPPROTO_UDP, ALPROTO_NFS, + NULL, NFSGetTxDetectState, NFSSetTxDetectState); -// AppLayerParserRegisterGetEventInfo(IPPROTO_UDP, ALPROTO_NFS3, -// NFS3StateGetEventInfo); -// AppLayerParserRegisterGetEventsFunc(IPPROTO_UDP, ALPROTO_NFS3, -// NFS3GetEvents); +// AppLayerParserRegisterGetEventInfo(IPPROTO_UDP, ALPROTO_NFS, +// NFSStateGetEventInfo); +// AppLayerParserRegisterGetEventsFunc(IPPROTO_UDP, ALPROTO_NFS, +// NFSGetEvents); } else { - SCLogNotice("NFS3 protocol parsing disabled."); + SCLogNotice("NFS protocol parsing disabled."); } #ifdef UNITTESTS - AppLayerParserRegisterProtocolUnittests(IPPROTO_UDP, ALPROTO_NFS3, - NFS3UDPParserRegisterTests); + AppLayerParserRegisterProtocolUnittests(IPPROTO_UDP, ALPROTO_NFS, + NFSUDPParserRegisterTests); #endif } #ifdef UNITTESTS #endif -void NFS3UDPParserRegisterTests(void) +void NFSUDPParserRegisterTests(void) { #ifdef UNITTESTS #endif diff --git a/src/output-json-nfs3.h b/src/app-layer-nfs-udp.h similarity index 70% rename from src/output-json-nfs3.h rename to src/app-layer-nfs-udp.h index c2301b1eb5..4cb11dd126 100644 --- a/src/output-json-nfs3.h +++ b/src/app-layer-nfs-udp.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2015 Open Information Security Foundation +/* Copyright (C) 2017 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -18,12 +18,13 @@ /** * \file * - * \author FirstName LastName + * \author Victor Julien */ -#ifndef __OUTPUT_JSON_NFS3_H__ -#define __OUTPUT_JSON_NFS3_H__ +#ifndef __APP_LAYER_NFS_UDP_H__ +#define __APP_LAYER_NFS_UDP_H__ -void JsonNFS3LogRegister(void); +void RegisterNFSUDPParsers(void); +void NFSUDPParserRegisterTests(void); -#endif /* __OUTPUT_JSON_NFS3_H__ */ +#endif /* __APP_LAYER_NFS_UDP_H__ */ diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 8d91b332ff..27f35555e4 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -60,8 +60,8 @@ #include "app-layer-modbus.h" #include "app-layer-enip.h" #include "app-layer-dnp3.h" -#include "app-layer-nfs3.h" -#include "app-layer-nfs3-udp.h" +#include "app-layer-nfs-tcp.h" +#include "app-layer-nfs-udp.h" #include "app-layer-template.h" #include "conf.h" @@ -1384,8 +1384,8 @@ void AppLayerParserRegisterProtocolParsers(void) RegisterENIPUDPParsers(); RegisterENIPTCPParsers(); RegisterDNP3Parsers(); - RegisterNFS3Parsers(); - RegisterNFS3UDPParsers(); + RegisterNFSTCPParsers(); + RegisterNFSUDPParsers(); RegisterTemplateParsers(); /** IMAP */ diff --git a/src/app-layer-protos.c b/src/app-layer-protos.c index fb500d8f7a..945d34f58c 100644 --- a/src/app-layer-protos.c +++ b/src/app-layer-protos.c @@ -81,8 +81,8 @@ const char *AppProtoToString(AppProto alproto) case ALPROTO_DNP3: proto_name = "dnp3"; break; - case ALPROTO_NFS3: - proto_name = "nfs3"; + case ALPROTO_NFS: + proto_name = "nfs"; break; case ALPROTO_TEMPLATE: proto_name = "template"; diff --git a/src/app-layer-protos.h b/src/app-layer-protos.h index 45a4cf4aa1..dac94cc9ff 100644 --- a/src/app-layer-protos.h +++ b/src/app-layer-protos.h @@ -44,7 +44,7 @@ enum AppProtoEnum { ALPROTO_MODBUS, ALPROTO_ENIP, ALPROTO_DNP3, - ALPROTO_NFS3, + ALPROTO_NFS, ALPROTO_TEMPLATE, /* used by the probing parser when alproto detection fails diff --git a/src/detect-filename.c b/src/detect-filename.c index 180f2f3169..27e8dd2b10 100644 --- a/src/detect-filename.c +++ b/src/detect-filename.c @@ -85,10 +85,10 @@ void DetectFilenameRegister(void) DetectFileInspectGeneric); DetectAppLayerInspectEngineRegister("files", - ALPROTO_NFS3, SIG_FLAG_TOSERVER, 0, + ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectFileInspectGeneric); DetectAppLayerInspectEngineRegister("files", - ALPROTO_NFS3, SIG_FLAG_TOCLIENT, 0, + ALPROTO_NFS, SIG_FLAG_TOCLIENT, 0, DetectFileInspectGeneric); g_file_match_list_id = DetectBufferTypeGetByName("files"); diff --git a/src/detect-nfs3-procedure.c b/src/detect-nfs-procedure.c similarity index 74% rename from src/detect-nfs3-procedure.c rename to src/detect-nfs-procedure.c index 1812c163a9..7f7cbd7246 100644 --- a/src/detect-nfs3-procedure.c +++ b/src/detect-nfs-procedure.c @@ -32,7 +32,7 @@ #include "detect-engine-mpm.h" #include "detect-content.h" #include "detect-pcre.h" -#include "detect-nfs3-procedure.h" +#include "detect-nfs-procedure.h" #include "flow.h" #include "flow-util.h" @@ -42,24 +42,24 @@ #include "util-unittest-helper.h" #ifndef HAVE_RUST -void DetectNfs3ProcedureRegister(void) +void DetectNfsProcedureRegister(void) { } #else -#include "app-layer-nfs3.h" +#include "app-layer-nfs-tcp.h" #include "rust.h" -#include "rust-nfs-nfs3-gen.h" +#include "rust-nfs-nfs-gen.h" /** - * [nfs3_procedure]:[<|>][<>]; + * [nfs_procedure]:[<|>][<>]; */ #define PARSE_REGEX "^\\s*(<=|>=|<|>)?\\s*([0-9]+)\\s*(?:(<>)\\s*([0-9]+))?\\s*$" static pcre *parse_regex; static pcre_extra *parse_regex_study; -enum DetectNfs3ProcedureMode { +enum DetectNfsProcedureMode { PROCEDURE_EQ = 1, /* equal */ PROCEDURE_LT, /* less than */ PROCEDURE_LE, /* less than */ @@ -68,55 +68,55 @@ enum DetectNfs3ProcedureMode { PROCEDURE_RA, /* range */ }; -typedef struct DetectNfs3ProcedureData_ { +typedef struct DetectNfsProcedureData_ { uint32_t lo; uint32_t hi; - enum DetectNfs3ProcedureMode mode; -} DetectNfs3ProcedureData; + enum DetectNfsProcedureMode mode; +} DetectNfsProcedureData; -static DetectNfs3ProcedureData *DetectNfs3ProcedureParse (const char *); -static int DetectNfs3ProcedureSetup (DetectEngineCtx *, Signature *s, const char *str); -static void DetectNfs3ProcedureFree(void *); -static void DetectNfs3ProcedureRegisterTests(void); -static int g_nfs3_request_buffer_id = 0; +static DetectNfsProcedureData *DetectNfsProcedureParse (const char *); +static int DetectNfsProcedureSetup (DetectEngineCtx *, Signature *s, const char *str); +static void DetectNfsProcedureFree(void *); +static void DetectNfsProcedureRegisterTests(void); +static int g_nfs_request_buffer_id = 0; -static int DetectEngineInspectNfs3RequestGeneric(ThreadVars *tv, +static int DetectEngineInspectNfsRequestGeneric(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); -static int DetectNfs3ProcedureMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, +static int DetectNfsProcedureMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, const Signature *, const SigMatchCtx *); /** - * \brief Registration function for nfs3_procedure keyword. + * \brief Registration function for nfs_procedure keyword. */ -void DetectNfs3ProcedureRegister (void) +void DetectNfsProcedureRegister (void) { - sigmatch_table[DETECT_AL_NFS3_PROCEDURE].name = "nfs3_procedure"; - sigmatch_table[DETECT_AL_NFS3_PROCEDURE].desc = "match NFSv3 procedure"; - sigmatch_table[DETECT_AL_NFS3_PROCEDURE].url = DOC_URL DOC_VERSION "/rules/nfs3-keywords.html#procedure"; - sigmatch_table[DETECT_AL_NFS3_PROCEDURE].Match = NULL; - sigmatch_table[DETECT_AL_NFS3_PROCEDURE].AppLayerTxMatch = DetectNfs3ProcedureMatch; - sigmatch_table[DETECT_AL_NFS3_PROCEDURE].Setup = DetectNfs3ProcedureSetup; - sigmatch_table[DETECT_AL_NFS3_PROCEDURE].Free = DetectNfs3ProcedureFree; - sigmatch_table[DETECT_AL_NFS3_PROCEDURE].RegisterTests = DetectNfs3ProcedureRegisterTests; + sigmatch_table[DETECT_AL_NFS_PROCEDURE].name = "nfs_procedure"; + sigmatch_table[DETECT_AL_NFS_PROCEDURE].desc = "match NFS procedure"; + sigmatch_table[DETECT_AL_NFS_PROCEDURE].url = DOC_URL DOC_VERSION "/rules/nfs-keywords.html#procedure"; + sigmatch_table[DETECT_AL_NFS_PROCEDURE].Match = NULL; + sigmatch_table[DETECT_AL_NFS_PROCEDURE].AppLayerTxMatch = DetectNfsProcedureMatch; + sigmatch_table[DETECT_AL_NFS_PROCEDURE].Setup = DetectNfsProcedureSetup; + sigmatch_table[DETECT_AL_NFS_PROCEDURE].Free = DetectNfsProcedureFree; + sigmatch_table[DETECT_AL_NFS_PROCEDURE].RegisterTests = DetectNfsProcedureRegisterTests; DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); - DetectAppLayerInspectEngineRegister("nfs3_request", - ALPROTO_NFS3, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectNfs3RequestGeneric); + DetectAppLayerInspectEngineRegister("nfs_request", + ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, + DetectEngineInspectNfsRequestGeneric); - g_nfs3_request_buffer_id = DetectBufferTypeGetByName("nfs3_request"); + g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request"); - SCLogDebug("g_nfs3_request_buffer_id %d", g_nfs3_request_buffer_id); + SCLogDebug("g_nfs_request_buffer_id %d", g_nfs_request_buffer_id); } -static int DetectEngineInspectNfs3RequestGeneric(ThreadVars *tv, +static int DetectEngineInspectNfsRequestGeneric(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, @@ -128,7 +128,7 @@ static int DetectEngineInspectNfs3RequestGeneric(ThreadVars *tv, static inline int ProcedureMatch(const uint32_t procedure, - enum DetectNfs3ProcedureMode mode, uint32_t lo, uint32_t hi) + enum DetectNfsProcedureMode mode, uint32_t lo, uint32_t hi) { switch (mode) { case PROCEDURE_EQ: @@ -172,19 +172,19 @@ ProcedureMatch(const uint32_t procedure, * \param state App layer state. * \param s Pointer to the Signature. * \param m Pointer to the sigmatch that we will cast into - * DetectNfs3ProcedureData. + * DetectNfsProcedureData. * * \retval 0 no match. * \retval 1 match. */ -static int DetectNfs3ProcedureMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, +static int DetectNfsProcedureMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, void *state, void *txv, const Signature *s, const SigMatchCtx *ctx) { SCEnter(); - const DetectNfs3ProcedureData *dd = (const DetectNfs3ProcedureData *)ctx; + const DetectNfsProcedureData *dd = (const DetectNfsProcedureData *)ctx; uint16_t i; for (i = 0; i < 256; i++) { uint32_t procedure; @@ -206,12 +206,12 @@ static int DetectNfs3ProcedureMatch (ThreadVars *t, DetectEngineThreadCtx *det_c * * \param rawstr Pointer to the user provided options. * - * \retval dd pointer to DetectNfs3ProcedureData on success. + * \retval dd pointer to DetectNfsProcedureData on success. * \retval NULL on failure. */ -static DetectNfs3ProcedureData *DetectNfs3ProcedureParse (const char *rawstr) +static DetectNfsProcedureData *DetectNfsProcedureParse (const char *rawstr) { - DetectNfs3ProcedureData *dd = NULL; + DetectNfsProcedureData *dd = NULL; #define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; @@ -264,7 +264,7 @@ static DetectNfs3ProcedureData *DetectNfs3ProcedureParse (const char *rawstr) } } - dd = SCCalloc(1, sizeof(DetectNfs3ProcedureData)); + dd = SCCalloc(1, sizeof(DetectNfsProcedureData)); if (unlikely(dd == NULL)) goto error; @@ -336,18 +336,18 @@ error: * \retval 0 on Success. * \retval -1 on Failure. */ -static int DetectNfs3ProcedureSetup (DetectEngineCtx *de_ctx, Signature *s, +static int DetectNfsProcedureSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr) { - DetectNfs3ProcedureData *dd = NULL; + DetectNfsProcedureData *dd = NULL; SigMatch *sm = NULL; SCLogDebug("\'%s\'", rawstr); - if (DetectSignatureSetAppProto(s, ALPROTO_NFS3) != 0) + if (DetectSignatureSetAppProto(s, ALPROTO_NFS) != 0) return -1; - dd = DetectNfs3ProcedureParse(rawstr); + dd = DetectNfsProcedureParse(rawstr); if (dd == NULL) { SCLogError(SC_ERR_INVALID_ARGUMENT,"Parsing \'%s\' failed", rawstr); goto error; @@ -359,26 +359,26 @@ static int DetectNfs3ProcedureSetup (DetectEngineCtx *de_ctx, Signature *s, if (sm == NULL) goto error; - sm->type = DETECT_AL_NFS3_PROCEDURE; + sm->type = DETECT_AL_NFS_PROCEDURE; sm->ctx = (void *)dd; s->flags |= SIG_FLAG_STATE_MATCH; SCLogDebug("low %u hi %u", dd->lo, dd->hi); - SigMatchAppendSMToList(s, sm, g_nfs3_request_buffer_id); + SigMatchAppendSMToList(s, sm, g_nfs_request_buffer_id); return 0; error: - DetectNfs3ProcedureFree(dd); + DetectNfsProcedureFree(dd); return -1; } /** * \internal - * \brief Function to free memory associated with DetectNfs3ProcedureData. + * \brief Function to free memory associated with DetectNfsProcedureData. * - * \param de_ptr Pointer to DetectNfs3ProcedureData. + * \param de_ptr Pointer to DetectNfsProcedureData. */ -void DetectNfs3ProcedureFree(void *ptr) +void DetectNfsProcedureFree(void *ptr) { SCFree(ptr); } @@ -393,11 +393,11 @@ void DetectNfs3ProcedureFree(void *ptr) */ static int ValidityTestParse01 (void) { - DetectNfs3ProcedureData *dd = NULL; - dd = DetectNfs3ProcedureParse("1430000000"); + DetectNfsProcedureData *dd = NULL; + dd = DetectNfsProcedureParse("1430000000"); FAIL_IF_NULL(dd); FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_EQ); - DetectNfs3ProcedureFree(dd); + DetectNfsProcedureFree(dd); PASS; } @@ -409,11 +409,11 @@ static int ValidityTestParse01 (void) */ static int ValidityTestParse02 (void) { - DetectNfs3ProcedureData *dd = NULL; - dd = DetectNfs3ProcedureParse(">1430000000"); + DetectNfsProcedureData *dd = NULL; + dd = DetectNfsProcedureParse(">1430000000"); FAIL_IF_NULL(dd); FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_GT); - DetectNfs3ProcedureFree(dd); + DetectNfsProcedureFree(dd); PASS; } @@ -425,11 +425,11 @@ static int ValidityTestParse02 (void) */ static int ValidityTestParse03 (void) { - DetectNfs3ProcedureData *dd = NULL; - dd = DetectNfs3ProcedureParse("<1430000000"); + DetectNfsProcedureData *dd = NULL; + dd = DetectNfsProcedureParse("<1430000000"); FAIL_IF_NULL(dd); FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_LT); - DetectNfs3ProcedureFree(dd); + DetectNfsProcedureFree(dd); PASS; } @@ -441,12 +441,12 @@ static int ValidityTestParse03 (void) */ static int ValidityTestParse04 (void) { - DetectNfs3ProcedureData *dd = NULL; - dd = DetectNfs3ProcedureParse("1430000000<>1470000000"); + DetectNfsProcedureData *dd = NULL; + dd = DetectNfsProcedureParse("1430000000<>1470000000"); FAIL_IF_NULL(dd); FAIL_IF_NOT(dd->lo == 1430000000 && dd->hi == 1470000000 && dd->mode == PROCEDURE_RA); - DetectNfs3ProcedureFree(dd); + DetectNfsProcedureFree(dd); PASS; } @@ -458,8 +458,8 @@ static int ValidityTestParse04 (void) */ static int ValidityTestParse05 (void) { - DetectNfs3ProcedureData *dd = NULL; - dd = DetectNfs3ProcedureParse("A"); + DetectNfsProcedureData *dd = NULL; + dd = DetectNfsProcedureParse("A"); FAIL_IF_NOT_NULL(dd); PASS; } @@ -472,8 +472,8 @@ static int ValidityTestParse05 (void) */ static int ValidityTestParse06 (void) { - DetectNfs3ProcedureData *dd = NULL; - dd = DetectNfs3ProcedureParse(">1430000000<>1470000000"); + DetectNfsProcedureData *dd = NULL; + dd = DetectNfsProcedureParse(">1430000000<>1470000000"); FAIL_IF_NOT_NULL(dd); PASS; } @@ -486,8 +486,8 @@ static int ValidityTestParse06 (void) */ static int ValidityTestParse07 (void) { - DetectNfs3ProcedureData *dd = NULL; - dd = DetectNfs3ProcedureParse("1430000000<>"); + DetectNfsProcedureData *dd = NULL; + dd = DetectNfsProcedureParse("1430000000<>"); FAIL_IF_NOT_NULL(dd); PASS; } @@ -500,8 +500,8 @@ static int ValidityTestParse07 (void) */ static int ValidityTestParse08 (void) { - DetectNfs3ProcedureData *dd = NULL; - dd = DetectNfs3ProcedureParse("<>1430000000"); + DetectNfsProcedureData *dd = NULL; + dd = DetectNfsProcedureParse("<>1430000000"); FAIL_IF_NOT_NULL(dd); PASS; } @@ -514,8 +514,8 @@ static int ValidityTestParse08 (void) */ static int ValidityTestParse09 (void) { - DetectNfs3ProcedureData *dd = NULL; - dd = DetectNfs3ProcedureParse(""); + DetectNfsProcedureData *dd = NULL; + dd = DetectNfsProcedureParse(""); FAIL_IF_NOT_NULL(dd); PASS; } @@ -528,8 +528,8 @@ static int ValidityTestParse09 (void) */ static int ValidityTestParse10 (void) { - DetectNfs3ProcedureData *dd = NULL; - dd = DetectNfs3ProcedureParse(" "); + DetectNfsProcedureData *dd = NULL; + dd = DetectNfsProcedureParse(" "); FAIL_IF_NOT_NULL(dd); PASS; } @@ -542,8 +542,8 @@ static int ValidityTestParse10 (void) */ static int ValidityTestParse11 (void) { - DetectNfs3ProcedureData *dd = NULL; - dd = DetectNfs3ProcedureParse("1490000000<>1430000000"); + DetectNfsProcedureData *dd = NULL; + dd = DetectNfsProcedureParse("1490000000<>1430000000"); FAIL_IF_NOT_NULL(dd); PASS; } @@ -556,12 +556,12 @@ static int ValidityTestParse11 (void) */ static int ValidityTestParse12 (void) { - DetectNfs3ProcedureData *dd = NULL; - dd = DetectNfs3ProcedureParse("1430000000 <> 1490000000"); + DetectNfsProcedureData *dd = NULL; + dd = DetectNfsProcedureParse("1430000000 <> 1490000000"); FAIL_IF_NULL(dd); FAIL_IF_NOT(dd->lo == 1430000000 && dd->hi == 1490000000 && dd->mode == PROCEDURE_RA); - DetectNfs3ProcedureFree(dd); + DetectNfsProcedureFree(dd); PASS; } @@ -573,11 +573,11 @@ static int ValidityTestParse12 (void) */ static int ValidityTestParse13 (void) { - DetectNfs3ProcedureData *dd = NULL; - dd = DetectNfs3ProcedureParse("> 1430000000 "); + DetectNfsProcedureData *dd = NULL; + dd = DetectNfsProcedureParse("> 1430000000 "); FAIL_IF_NULL(dd); FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_GT); - DetectNfs3ProcedureFree(dd); + DetectNfsProcedureFree(dd); PASS; } @@ -589,11 +589,11 @@ static int ValidityTestParse13 (void) */ static int ValidityTestParse14 (void) { - DetectNfs3ProcedureData *dd = NULL; - dd = DetectNfs3ProcedureParse("< 1490000000 "); + DetectNfsProcedureData *dd = NULL; + dd = DetectNfsProcedureParse("< 1490000000 "); FAIL_IF_NULL(dd); FAIL_IF_NOT(dd->lo == 1490000000 && dd->mode == PROCEDURE_LT); - DetectNfs3ProcedureFree(dd); + DetectNfsProcedureFree(dd); PASS; } @@ -605,20 +605,20 @@ static int ValidityTestParse14 (void) */ static int ValidityTestParse15 (void) { - DetectNfs3ProcedureData *dd = NULL; - dd = DetectNfs3ProcedureParse(" 1490000000 "); + DetectNfsProcedureData *dd = NULL; + dd = DetectNfsProcedureParse(" 1490000000 "); FAIL_IF_NULL(dd); FAIL_IF_NOT(dd->lo == 1490000000 && dd->mode == PROCEDURE_EQ); - DetectNfs3ProcedureFree(dd); + DetectNfsProcedureFree(dd); PASS; } #endif /* UNITTESTS */ /** - * \brief Register unit tests for nfs3_procedure. + * \brief Register unit tests for nfs_procedure. */ -void DetectNfs3ProcedureRegisterTests(void) +void DetectNfsProcedureRegisterTests(void) { #ifdef UNITTESTS /* UNITTESTS */ UtRegisterTest("ValidityTestParse01", ValidityTestParse01); diff --git a/src/detect-nfs3-procedure.h b/src/detect-nfs-procedure.h similarity index 83% rename from src/detect-nfs3-procedure.h rename to src/detect-nfs-procedure.h index 61889d9e21..e7b2256778 100644 --- a/src/detect-nfs3-procedure.h +++ b/src/detect-nfs-procedure.h @@ -21,10 +21,10 @@ * \author Victor Julien */ -#ifndef __DETECT_NFS3_PROCEDURE_H__ -#define __DETECT_NFS3_PROCEDURE_H__ +#ifndef __DETECT_NFS_PROCEDURE_H__ +#define __DETECT_NFS_PROCEDURE_H__ /* prototypes */ -void DetectNfs3ProcedureRegister (void); +void DetectNfsProcedureRegister (void); -#endif /* __DETECT_NFS3_PROCEDURE_H__ */ +#endif /* __DETECT_NFS_PROCEDURE_H__ */ diff --git a/src/detect.c b/src/detect.c index 775e724003..227e083484 100644 --- a/src/detect.c +++ b/src/detect.c @@ -63,7 +63,7 @@ #include "detect-http-hh.h" #include "detect-http-hrh.h" -#include "detect-nfs3-procedure.h" +#include "detect-nfs-procedure.h" #include "detect-engine-event.h" #include "decode.h" @@ -3912,7 +3912,7 @@ void SigTableSetup(void) DetectTlsRegister(); DetectTlsValidityRegister(); DetectTlsVersionRegister(); - DetectNfs3ProcedureRegister(); + DetectNfsProcedureRegister(); DetectUrilenRegister(); DetectDetectionFilterRegister(); DetectAsn1Register(); diff --git a/src/detect.h b/src/detect.h index 0abadec098..2369fd513e 100644 --- a/src/detect.h +++ b/src/detect.h @@ -1296,7 +1296,7 @@ enum { DETECT_AL_HTTP_RAW_HOST, DETECT_AL_HTTP_REQUEST_LINE, DETECT_AL_HTTP_RESPONSE_LINE, - DETECT_AL_NFS3_PROCEDURE, + DETECT_AL_NFS_PROCEDURE, DETECT_AL_SSH_PROTOCOL, DETECT_AL_SSH_PROTOVERSION, DETECT_AL_SSH_SOFTWARE, diff --git a/src/output-json-nfs3.c b/src/output-json-nfs.c similarity index 54% rename from src/output-json-nfs3.c rename to src/output-json-nfs.c index 52eb711687..6ca9398d8e 100644 --- a/src/output-json-nfs3.c +++ b/src/output-json-nfs.c @@ -15,18 +15,12 @@ * 02110-1301, USA. */ -/* - * TODO: Update \author in this file and in output-json-nfs3.h. - * TODO: Remove SCLogNotice statements, or convert to debug. - * TODO: Implement your app-layers logging. - */ - /** * \file * - * \author FirstName LastName + * \author Victor Julien * - * Implement JSON/eve logging app-layer NFS3. + * Implement JSON/eve logging app-layer NFS. */ #include "suricata-common.h" @@ -50,36 +44,35 @@ #include "app-layer.h" #include "app-layer-parser.h" -#include "app-layer-nfs3.h" -#include "output-json-nfs3.h" +#include "output-json-nfs.h" #ifdef HAVE_RUST #ifdef HAVE_LIBJANSSON #include "rust.h" #include "rust-nfs-log-gen.h" -typedef struct LogNFS3FileCtx_ { +typedef struct LogNFSFileCtx_ { LogFileCtx *file_ctx; uint32_t flags; -} LogNFS3FileCtx; +} LogNFSFileCtx; -typedef struct LogNFS3LogThread_ { - LogNFS3FileCtx *nfs3log_ctx; +typedef struct LogNFSLogThread_ { + LogNFSFileCtx *nfslog_ctx; uint32_t count; MemBuffer *buffer; -} LogNFS3LogThread; +} LogNFSLogThread; -static int JsonNFS3Logger(ThreadVars *tv, void *thread_data, +static int JsonNFSLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id) { - NFS3Transaction *nfs3tx = tx; - LogNFS3LogThread *thread = thread_data; - json_t *js, *nfs3js; + NFSTransaction *nfstx = tx; + LogNFSLogThread *thread = thread_data; + json_t *js, *nfsjs; - if (rs_nfs3_tx_logging_is_filtered(nfs3tx)) + if (rs_nfs_tx_logging_is_filtered(nfstx)) return TM_ECODE_OK; - js = CreateJSONHeader((Packet *)p, 0, "nfs3"); + js = CreateJSONHeader((Packet *)p, 0, "nfs"); if (unlikely(js == NULL)) { return TM_ECODE_FAILED; } @@ -90,14 +83,14 @@ static int JsonNFS3Logger(ThreadVars *tv, void *thread_data, } json_object_set_new(js, "rpc", rpcjs); - nfs3js = rs_nfs3_log_json_response(tx); - if (unlikely(nfs3js == NULL)) { + nfsjs = rs_nfs_log_json_response(tx); + if (unlikely(nfsjs == NULL)) { goto error; } - json_object_set_new(js, "nfs3", nfs3js); + json_object_set_new(js, "nfs", nfsjs); MemBufferReset(thread->buffer); - OutputJSONBuffer(js, thread->nfs3log_ctx->file_ctx, &thread->buffer); + OutputJSONBuffer(js, thread->nfslog_ctx->file_ctx, &thread->buffer); json_decref(js); return TM_ECODE_OK; @@ -107,51 +100,51 @@ error: return TM_ECODE_FAILED; } -static void OutputNFS3LogDeInitCtxSub(OutputCtx *output_ctx) +static void OutputNFSLogDeInitCtxSub(OutputCtx *output_ctx) { - LogNFS3FileCtx *nfs3log_ctx = (LogNFS3FileCtx *)output_ctx->data; - SCFree(nfs3log_ctx); + LogNFSFileCtx *nfslog_ctx = (LogNFSFileCtx *)output_ctx->data; + SCFree(nfslog_ctx); SCFree(output_ctx); } -static OutputCtx *OutputNFS3LogInitSub(ConfNode *conf, +static OutputCtx *OutputNFSLogInitSub(ConfNode *conf, OutputCtx *parent_ctx) { AlertJsonThread *ajt = parent_ctx->data; - LogNFS3FileCtx *nfs3log_ctx = SCCalloc(1, sizeof(*nfs3log_ctx)); - if (unlikely(nfs3log_ctx == NULL)) { + LogNFSFileCtx *nfslog_ctx = SCCalloc(1, sizeof(*nfslog_ctx)); + if (unlikely(nfslog_ctx == NULL)) { return NULL; } - nfs3log_ctx->file_ctx = ajt->file_ctx; + nfslog_ctx->file_ctx = ajt->file_ctx; OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx)); if (unlikely(output_ctx == NULL)) { - SCFree(nfs3log_ctx); + SCFree(nfslog_ctx); return NULL; } - output_ctx->data = nfs3log_ctx; - output_ctx->DeInit = OutputNFS3LogDeInitCtxSub; + output_ctx->data = nfslog_ctx; + output_ctx->DeInit = OutputNFSLogDeInitCtxSub; - SCLogDebug("NFS3 log sub-module initialized."); + SCLogDebug("NFS log sub-module initialized."); - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_NFS3); - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_NFS3); + AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_NFS); + AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_NFS); return output_ctx; } #define OUTPUT_BUFFER_SIZE 65535 -static TmEcode JsonNFS3LogThreadInit(ThreadVars *t, const void *initdata, void **data) +static TmEcode JsonNFSLogThreadInit(ThreadVars *t, const void *initdata, void **data) { - LogNFS3LogThread *thread = SCCalloc(1, sizeof(*thread)); + LogNFSLogThread *thread = SCCalloc(1, sizeof(*thread)); if (unlikely(thread == NULL)) { return TM_ECODE_FAILED; } if (initdata == NULL) { - SCLogDebug("Error getting context for EveLogNFS3. \"initdata\" is NULL."); + SCLogDebug("Error getting context for EveLogNFS. \"initdata\" is NULL."); SCFree(thread); return TM_ECODE_FAILED; } @@ -162,15 +155,15 @@ static TmEcode JsonNFS3LogThreadInit(ThreadVars *t, const void *initdata, void * return TM_ECODE_FAILED; } - thread->nfs3log_ctx = ((OutputCtx *)initdata)->data; + thread->nfslog_ctx = ((OutputCtx *)initdata)->data; *data = (void *)thread; return TM_ECODE_OK; } -static TmEcode JsonNFS3LogThreadDeinit(ThreadVars *t, void *data) +static TmEcode JsonNFSLogThreadDeinit(ThreadVars *t, void *data) { - LogNFS3LogThread *thread = (LogNFS3LogThread *)data; + LogNFSLogThread *thread = (LogNFSLogThread *)data; if (thread == NULL) { return TM_ECODE_OK; } @@ -181,20 +174,20 @@ static TmEcode JsonNFS3LogThreadDeinit(ThreadVars *t, void *data) return TM_ECODE_OK; } -void JsonNFS3LogRegister(void) +void JsonNFSLogRegister(void) { /* Register as an eve sub-module. */ - OutputRegisterTxSubModule(LOGGER_JSON_NFS3, "eve-log", "JsonNFS3Log", - "eve-log.nfs3", OutputNFS3LogInitSub, ALPROTO_NFS3, - JsonNFS3Logger, JsonNFS3LogThreadInit, - JsonNFS3LogThreadDeinit, NULL); + OutputRegisterTxSubModule(LOGGER_JSON_NFS, "eve-log", "JsonNFSLog", + "eve-log.nfs", OutputNFSLogInitSub, ALPROTO_NFS, + JsonNFSLogger, JsonNFSLogThreadInit, + JsonNFSLogThreadDeinit, NULL); - SCLogDebug("NFS3 JSON logger registered."); + SCLogDebug("NFS JSON logger registered."); } #else /* No JSON support. */ -void JsonNFS3LogRegister(void) +void JsonNFSLogRegister(void) { } @@ -202,7 +195,7 @@ void JsonNFS3LogRegister(void) #else /* no rust */ -void JsonNFS3LogRegister(void) +void JsonNFSLogRegister(void) { } diff --git a/src/app-layer-nfs3.h b/src/output-json-nfs.h similarity index 82% rename from src/app-layer-nfs3.h rename to src/output-json-nfs.h index f50fb507ea..93e17510c5 100644 --- a/src/app-layer-nfs3.h +++ b/src/output-json-nfs.h @@ -21,10 +21,9 @@ * \author Victor Julien */ -#ifndef __APP_LAYER_NFS3_H__ -#define __APP_LAYER_NFS3_H__ +#ifndef __OUTPUT_JSON_NFS_H__ +#define __OUTPUT_JSON_NFS_H__ -void RegisterNFS3Parsers(void); -void NFS3ParserRegisterTests(void); +void JsonNFSLogRegister(void); -#endif /* __APP_LAYER_NFS3_H__ */ +#endif /* __OUTPUT_JSON_NFS_H__ */ diff --git a/src/output.c b/src/output.c index c8f91c4b1e..4919c3c0a2 100644 --- a/src/output.c +++ b/src/output.c @@ -68,7 +68,7 @@ #include "log-tcp-data.h" #include "log-stats.h" #include "output-json.h" -#include "output-json-nfs3.h" +#include "output-json-nfs.h" #include "output-json-template.h" #include "output-lua.h" #include "output-json-dnp3.h" @@ -1082,8 +1082,8 @@ void OutputRegisterLoggers(void) JsonDNP3LogRegister(); JsonVarsLogRegister(); - /* NFS3 JSON logger. */ - JsonNFS3LogRegister(); + /* NFS JSON logger. */ + JsonNFSLogRegister(); /* Template JSON logger. */ JsonTemplateLogRegister(); } diff --git a/src/rust.h b/src/rust.h index 1bcb13fb15..848490e916 100644 --- a/src/rust.h +++ b/src/rust.h @@ -51,7 +51,7 @@ struct _Store; typedef struct _Store Store; /** Opaque Rust types. */ -typedef struct NFS3tate_ NFS3State; -typedef struct NFS3Transaction_ NFS3Transaction; +typedef struct NFState_ NFSState; +typedef struct NFSTransaction_ NFSTransaction; #endif /* !__RUST_H__ */ diff --git a/src/suricata-common.h b/src/suricata-common.h index 181279c357..41e969abd8 100644 --- a/src/suricata-common.h +++ b/src/suricata-common.h @@ -396,7 +396,7 @@ typedef enum { LOGGER_JSON_HTTP, LOGGER_JSON_SMTP, LOGGER_JSON_TLS, - LOGGER_JSON_NFS3, + LOGGER_JSON_NFS, LOGGER_JSON_TEMPLATE, LOGGER_TLS_STORE, LOGGER_TLS, diff --git a/suricata.yaml.in b/suricata.yaml.in index e8f806ffee..9e401aee23 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -236,7 +236,7 @@ outputs: #md5: [body, subject] #- dnp3 - #- nfs3 + #- nfs - ssh - stats: totals: yes # stats for all threads merged together @@ -683,7 +683,7 @@ pcap-file: # "detection-only" enables protocol detection only (parser disabled). app-layer: protocols: - nfs3: + nfs: enabled: yes tls: enabled: yes