|
|
|
|
@ -37,6 +37,16 @@ pub enum KRB5Event {
|
|
|
|
|
WeakEncryption,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl KRB5Event {
|
|
|
|
|
fn from_i32(value: i32) -> Option<KRB5Event> {
|
|
|
|
|
match value {
|
|
|
|
|
0 => Some(KRB5Event::MalformedData),
|
|
|
|
|
1 => Some(KRB5Event::WeakEncryption),
|
|
|
|
|
_ => None,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub struct KRB5State {
|
|
|
|
|
pub req_id: u8,
|
|
|
|
|
|
|
|
|
|
@ -364,6 +374,26 @@ pub extern "C" fn rs_krb5_state_get_tx_detect_state(
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[no_mangle]
|
|
|
|
|
pub extern "C" fn rs_krb5_state_get_event_info_by_id(event_id: std::os::raw::c_int,
|
|
|
|
|
event_name: *mut *const std::os::raw::c_char,
|
|
|
|
|
event_type: *mut core::AppLayerEventType)
|
|
|
|
|
-> i8
|
|
|
|
|
{
|
|
|
|
|
if let Some(e) = KRB5Event::from_i32(event_id as i32) {
|
|
|
|
|
let estr = match e {
|
|
|
|
|
KRB5Event::MalformedData => { "malformed_data\0" },
|
|
|
|
|
KRB5Event::WeakEncryption => { "weak_encryption\0" },
|
|
|
|
|
};
|
|
|
|
|
unsafe{
|
|
|
|
|
*event_name = estr.as_ptr() as *const std::os::raw::c_char;
|
|
|
|
|
*event_type = core::APP_LAYER_EVENT_TYPE_TRANSACTION;
|
|
|
|
|
};
|
|
|
|
|
0
|
|
|
|
|
} else {
|
|
|
|
|
-1
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[no_mangle]
|
|
|
|
|
pub extern "C" fn rs_krb5_state_get_events(tx: *mut std::os::raw::c_void)
|
|
|
|
|
@ -506,7 +536,7 @@ pub extern "C" fn rs_krb5_parse_request_tcp(_flow: *const core::Flow,
|
|
|
|
|
_ => {
|
|
|
|
|
// sanity check to avoid memory exhaustion
|
|
|
|
|
if state.defrag_buf_ts.len() + buf.len() > 100000 {
|
|
|
|
|
SCLogDebug!("rs_krb5_parse_resquest_tcp: TCP buffer exploded {} {}",
|
|
|
|
|
SCLogDebug!("rs_krb5_parse_request_tcp: TCP buffer exploded {} {}",
|
|
|
|
|
state.defrag_buf_ts.len(), buf.len());
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
@ -632,6 +662,7 @@ pub unsafe extern "C" fn rs_register_krb5_parser() {
|
|
|
|
|
set_de_state : rs_krb5_state_set_tx_detect_state,
|
|
|
|
|
get_events : Some(rs_krb5_state_get_events),
|
|
|
|
|
get_eventinfo : Some(rs_krb5_state_get_event_info),
|
|
|
|
|
get_eventinfo_byid : Some(rs_krb5_state_get_event_info_by_id),
|
|
|
|
|
localstorage_new : None,
|
|
|
|
|
localstorage_free : None,
|
|
|
|
|
get_tx_mpm_id : None,
|
|
|
|
|
@ -649,7 +680,7 @@ pub unsafe extern "C" fn rs_register_krb5_parser() {
|
|
|
|
|
let _ = AppLayerRegisterParser(&parser, alproto);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
SCLogDebug!("Protocol detecter and parser disabled for KRB5/UDP.");
|
|
|
|
|
SCLogDebug!("Protocol detector and parser disabled for KRB5/UDP.");
|
|
|
|
|
}
|
|
|
|
|
// register TCP parser
|
|
|
|
|
parser.ipproto = core::IPPROTO_TCP;
|
|
|
|
|
@ -666,6 +697,6 @@ pub unsafe extern "C" fn rs_register_krb5_parser() {
|
|
|
|
|
let _ = AppLayerRegisterParser(&parser, alproto);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
SCLogDebug!("Protocol detecter and parser disabled for KRB5/TCP.");
|
|
|
|
|
SCLogDebug!("Protocol detector and parser disabled for KRB5/TCP.");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Jeff Lucovsky
6 years ago
committed by
Victor Julien