aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ike: use Direction enum

Browse Source
pull/6629/head
Shivani Bhardwaj 4 years ago committed by Victor Julien
parent ee5b300ccf
commit 243960a511
3 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File

24
rust/src/ike/ike.rs
Unescape Escape View File

@ -22,9 +22,7 @@ use self::ipsec_parser::*;
use crate::applayer;
use crate::applayer::*;
use crate::core::{
self, AppProto, Flow, ALPROTO_FAILED, ALPROTO_UNKNOWN, STREAM_TOCLIENT, STREAM_TOSERVER,
};
use crate::core::{self, *};
use crate::ike::ikev1::{handle_ikev1, IkeV1Header, Ikev1Container};
use crate::ike::ikev2::{handle_ikev2, Ikev2Container};
use crate::ike::parser::*;
@ -201,7 +199,7 @@ impl IKEState {
}
}
fn handle_input(&mut self, input: &[u8], direction: u8) -> AppLayerResult {
fn handle_input(&mut self, input: &[u8], direction: Direction) -> AppLayerResult {
// We're not interested in empty requests.
if input.len() == 0 {
return AppLayerResult::ok();
@ -259,13 +257,13 @@ impl IKEState {
}
/// Probe to see if this input looks like a request or response.
fn probe(input: &[u8], direction: u8, rdir: *mut u8) -> bool {
fn probe(input: &[u8], direction: Direction, rdir: *mut u8) -> bool {
match parse_isakmp_header(input) {
Ok((_, isakmp_header)) => {
if isakmp_header.maj_ver == 1 {
if isakmp_header.resp_spi == 0 && direction != STREAM_TOSERVER {
if isakmp_header.resp_spi == 0 && direction != Direction::ToServer {
unsafe {
*rdir = STREAM_TOSERVER;
*rdir = Direction::ToServer.into();
}
}
return true;
@ -288,9 +286,9 @@ fn probe(input: &[u8], direction: u8, rdir: *mut u8) -> bool {
return false;
}
if isakmp_header.resp_spi == 0 && direction != STREAM_TOSERVER {
if isakmp_header.resp_spi == 0 && direction != Direction::ToServer {
unsafe {
*rdir = STREAM_TOSERVER;
*rdir = Direction::ToServer.into();
}
}
return true;
@ -318,8 +316,8 @@ pub unsafe extern "C" fn rs_ike_probing_parser(
if !input.is_null() {
let slice = build_slice!(input, input_len as usize);
if probe(slice, direction, rdir) {
return ALPROTO_IKE ;
if probe(slice, direction.into(), rdir) {
return ALPROTO_IKE;
}
}
return ALPROTO_FAILED;
@ -354,7 +352,7 @@ pub unsafe extern "C" fn rs_ike_parse_request(
let state = cast_pointer!(state, IKEState);
let buf = build_slice!(input, input_len as usize);
return state.handle_input(buf, STREAM_TOSERVER);
return state.handle_input(buf, Direction::ToServer);
}
#[no_mangle]
@ -364,7 +362,7 @@ pub unsafe extern "C" fn rs_ike_parse_response(
) -> AppLayerResult {
let state = cast_pointer!(state, IKEState);
let buf = build_slice!(input, input_len as usize);
return state.handle_input(buf, STREAM_TOCLIENT);
return state.handle_input(buf, Direction::ToClient);
}
#[no_mangle]

8
rust/src/ike/ikev1.rs
Unescape Escape View File

@ -19,7 +19,7 @@
use crate::applayer::*;
use crate::common::to_hex;
use crate::core::STREAM_TOSERVER;
use crate::core::Direction;
use crate::ike::ike::{IKEState, IkeEvent};
use crate::ike::parser::*;
use nom;
@ -72,7 +72,7 @@ pub struct Ikev1Container {
}
pub fn handle_ikev1(
state: &mut IKEState, current: &[u8], isakmp_header: IsakmpHeader, direction: u8,
state: &mut IKEState, current: &[u8], isakmp_header: IsakmpHeader, direction: Direction,
) -> AppLayerResult {
let mut tx = state.new_tx();
@ -114,7 +114,7 @@ pub fn handle_ikev1(
if payload_types.contains(&(IsakmpPayloadType::SecurityAssociation as u8)) {
// clear transforms on a new SA in case there is happening a new key exchange
// on the same flow, elsewise properties would be added to the old/other SA
if direction == STREAM_TOSERVER {
if direction == Direction::ToServer {
state.ikev1_container.client.reset();
} else {
state.ikev1_container.server.reset();
@ -122,7 +122,7 @@ pub fn handle_ikev1(
}
// add transaction values to state values
if direction == STREAM_TOSERVER {
if direction == Direction::ToServer {
state.ikev1_container.client.update(
&to_hex(tx.hdr.ikev1_header.key_exchange.as_ref()),
&to_hex(tx.hdr.ikev1_header.nonce.as_ref()),

14
rust/src/ike/ikev2.rs
Unescape Escape View File

@ -18,7 +18,7 @@
// written by Pierre Chifflier <chifflier@wzdftpd.net>
use crate::applayer::*;
use crate::core::STREAM_TOCLIENT;
use crate::core::Direction;
use crate::ike::ipsec_parser::*;
use super::ipsec_parser::IkeV2Transform;
@ -99,7 +99,7 @@ impl Default for Ikev2Container {
}
pub fn handle_ikev2(
mut state: &mut IKEState, current: &[u8], isakmp_header: IsakmpHeader, direction: u8,
mut state: &mut IKEState, current: &[u8], isakmp_header: IsakmpHeader, direction: Direction,
) -> AppLayerResult {
let hdr = IkeV2Header {
init_spi: isakmp_header.init_spi,
@ -140,7 +140,7 @@ pub fn handle_ikev2(
}
IkeV2PayloadContent::KE(ref kex) => {
SCLogDebug!("KEX {:?}", kex.dh_group);
if direction == STREAM_TOCLIENT {
if direction == Direction::ToClient {
state.ikev2_container.dh_group = kex.dh_group;
}
}
@ -181,7 +181,9 @@ pub fn handle_ikev2(
return AppLayerResult::ok();
}
fn add_proposals(state: &mut IKEState, tx: &mut IKETransaction, prop: &Vec<IkeV2Proposal>, direction: u8) {
fn add_proposals(
state: &mut IKEState, tx: &mut IKETransaction, prop: &Vec<IkeV2Proposal>, direction: Direction,
) {
for p in prop {
let transforms: Vec<IkeV2Transform> = p.transforms.iter().map(|x| x.into()).collect();
// Rule 1: warn on weak or unknown transforms
@ -286,7 +288,7 @@ fn add_proposals(state: &mut IKEState, tx: &mut IKETransaction, prop: &Vec<IkeV2
}
}
// Finally
if direction == STREAM_TOCLIENT {
if direction == Direction::ToClient {
transforms.iter().for_each(|t| match *t {
IkeV2Transform::Encryption(ref e) => {
state.ikev2_container.alg_enc = *e;
@ -308,7 +310,7 @@ fn add_proposals(state: &mut IKEState, tx: &mut IKETransaction, prop: &Vec<IkeV2
state.ikev2_container.alg_esn = *e;
tx.hdr.ikev2_transforms.push(IkeV2Transform::ESN(*e));
}
_ => {},
_ => {}
});
SCLogDebug!("Selected transforms: {:?}", transforms);
} else {

Write Preview
Loading…
Cancel
Save