|
|
|
|
@ -23,30 +23,18 @@ use crate::core;
|
|
|
|
|
use crate::core::{AppProto,Flow,ALPROTO_UNKNOWN,ALPROTO_FAILED};
|
|
|
|
|
use crate::applayer::{self, *};
|
|
|
|
|
use std;
|
|
|
|
|
use std::ffi::{CStr,CString};
|
|
|
|
|
use std::ffi::CString;
|
|
|
|
|
|
|
|
|
|
use nom;
|
|
|
|
|
|
|
|
|
|
#[repr(u32)]
|
|
|
|
|
#[derive(AppLayerEvent)]
|
|
|
|
|
pub enum NTPEvent {
|
|
|
|
|
UnsolicitedResponse = 0,
|
|
|
|
|
UnsolicitedResponse ,
|
|
|
|
|
MalformedData,
|
|
|
|
|
NotRequest,
|
|
|
|
|
NotResponse,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl NTPEvent {
|
|
|
|
|
fn from_i32(value: i32) -> Option<NTPEvent> {
|
|
|
|
|
match value {
|
|
|
|
|
0 => Some(NTPEvent::UnsolicitedResponse),
|
|
|
|
|
1 => Some(NTPEvent::MalformedData),
|
|
|
|
|
2 => Some(NTPEvent::NotRequest),
|
|
|
|
|
3 => Some(NTPEvent::NotResponse),
|
|
|
|
|
_ => None,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub struct NTPState {
|
|
|
|
|
/// List of transactions for this session
|
|
|
|
|
transactions: Vec<NTPTransaction>,
|
|
|
|
|
@ -279,27 +267,6 @@ pub unsafe extern "C" fn rs_ntp_state_get_tx_detect_state(
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[no_mangle]
|
|
|
|
|
pub unsafe extern "C" fn rs_ntp_state_get_event_info_by_id(event_id: std::os::raw::c_int,
|
|
|
|
|
event_name: *mut *const std::os::raw::c_char,
|
|
|
|
|
event_type: *mut core::AppLayerEventType)
|
|
|
|
|
-> i8
|
|
|
|
|
{
|
|
|
|
|
if let Some(e) = NTPEvent::from_i32(event_id as i32) {
|
|
|
|
|
let estr = match e {
|
|
|
|
|
NTPEvent::UnsolicitedResponse => { "unsolicited_response\0" },
|
|
|
|
|
NTPEvent::MalformedData => { "malformed_data\0" },
|
|
|
|
|
NTPEvent::NotRequest => { "not_request\0" },
|
|
|
|
|
NTPEvent::NotResponse => { "not_response\0" },
|
|
|
|
|
};
|
|
|
|
|
*event_name = estr.as_ptr() as *const std::os::raw::c_char;
|
|
|
|
|
*event_type = core::APP_LAYER_EVENT_TYPE_TRANSACTION;
|
|
|
|
|
0
|
|
|
|
|
} else {
|
|
|
|
|
-1
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[no_mangle]
|
|
|
|
|
pub unsafe extern "C" fn rs_ntp_state_get_events(tx: *mut std::os::raw::c_void)
|
|
|
|
|
-> *mut core::AppLayerDecoderEvents
|
|
|
|
|
@ -308,29 +275,6 @@ pub unsafe extern "C" fn rs_ntp_state_get_events(tx: *mut std::os::raw::c_void)
|
|
|
|
|
return tx.events;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[no_mangle]
|
|
|
|
|
pub unsafe extern "C" fn rs_ntp_state_get_event_info(event_name: *const std::os::raw::c_char,
|
|
|
|
|
event_id: *mut std::os::raw::c_int,
|
|
|
|
|
event_type: *mut core::AppLayerEventType)
|
|
|
|
|
-> std::os::raw::c_int
|
|
|
|
|
{
|
|
|
|
|
if event_name == std::ptr::null() { return -1; }
|
|
|
|
|
let c_event_name: &CStr = CStr::from_ptr(event_name);
|
|
|
|
|
let event = match c_event_name.to_str() {
|
|
|
|
|
Ok(s) => {
|
|
|
|
|
match s {
|
|
|
|
|
"malformed_data" => NTPEvent::MalformedData as i32,
|
|
|
|
|
_ => -1, // unknown event
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
Err(_) => -1, // UTF-8 conversion failed
|
|
|
|
|
};
|
|
|
|
|
*event_type = core::APP_LAYER_EVENT_TYPE_TRANSACTION;
|
|
|
|
|
*event_id = event as std::os::raw::c_int;
|
|
|
|
|
0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static mut ALPROTO_NTP : AppProto = ALPROTO_UNKNOWN;
|
|
|
|
|
|
|
|
|
|
#[no_mangle]
|
|
|
|
|
@ -386,8 +330,8 @@ pub unsafe extern "C" fn rs_register_ntp_parser() {
|
|
|
|
|
get_de_state : rs_ntp_state_get_tx_detect_state,
|
|
|
|
|
set_de_state : rs_ntp_state_set_tx_detect_state,
|
|
|
|
|
get_events : Some(rs_ntp_state_get_events),
|
|
|
|
|
get_eventinfo : Some(rs_ntp_state_get_event_info),
|
|
|
|
|
get_eventinfo_byid : Some(rs_ntp_state_get_event_info_by_id),
|
|
|
|
|
get_eventinfo : Some(NTPEvent::get_event_info),
|
|
|
|
|
get_eventinfo_byid : Some(NTPEvent::get_event_info_by_id),
|
|
|
|
|
localstorage_new : None,
|
|
|
|
|
localstorage_free : None,
|
|
|
|
|
get_files : None,
|
|
|
|
|
|
Jason Ish
4 years ago
committed by
Victor Julien