From a5d9d37c348f337374a95b2c2f994d54d06a63d6 Mon Sep 17 00:00:00 2001 From: Jeff Lucovsky Date: Tue, 11 Jun 2019 18:53:35 -0400 Subject: [PATCH] rust/parser: Extend Rust parser for event-by-id Extend the Rust parsing infrastructure with the "get event info by id" calls. This changeset extends the parser structure, the C-based registration handlers and the template parser. --- rust/src/applayertemplate/template.rs | 8 ++++ rust/src/parser.rs | 61 ++++++++++++++------------- src/app-layer-parser.c | 3 +- src/app-layer-register.c | 4 ++ src/app-layer-register.h | 2 + 5 files changed, 48 insertions(+), 30 deletions(-) diff --git a/rust/src/applayertemplate/template.rs b/rust/src/applayertemplate/template.rs index 601631d47b..3409ad67e6 100644 --- a/rust/src/applayertemplate/template.rs +++ b/rust/src/applayertemplate/template.rs @@ -430,6 +430,13 @@ pub extern "C" fn rs_template_state_get_event_info( return -1; } +#[no_mangle] +pub extern "C" fn rs_template_state_get_event_info_by_id(_event_id: std::os::raw::c_int, + _event_name: *mut *const std::os::raw::c_char, + _event_type: *mut core::AppLayerEventType +) -> i8 { + return -1; +} #[no_mangle] pub extern "C" fn rs_template_state_get_tx_iterator( _ipproto: u8, @@ -530,6 +537,7 @@ pub unsafe extern "C" fn rs_template_register_parser() { set_de_state: rs_template_tx_set_detect_state, get_events: Some(rs_template_state_get_events), get_eventinfo: Some(rs_template_state_get_event_info), + get_eventinfo_byid : Some(rs_template_state_get_event_info_by_id), localstorage_new: None, localstorage_free: None, get_tx_mpm_id: None, diff --git a/rust/src/parser.rs b/rust/src/parser.rs index 1da1344a4c..54f47a1dce 100644 --- a/rust/src/parser.rs +++ b/rust/src/parser.rs @@ -30,74 +30,76 @@ use applayer::{AppLayerGetTxIterTuple}; #[repr(C)] pub struct RustParser { /// Parser name. - pub name: *const c_char, + pub name: *const c_char, /// Default port - pub default_port: *const c_char, + pub default_port: *const c_char, /// IP Protocol (core::IPPROTO_UDP, core::IPPROTO_TCP, etc.) - pub ipproto: c_int, + pub ipproto: c_int, /// Probing function, for packets going to server - pub probe_ts: ProbeFn, + pub probe_ts: ProbeFn, /// Probing function, for packets going to client - pub probe_tc: ProbeFn, + pub probe_tc: ProbeFn, /// Minimum frame depth for probing - pub min_depth: u16, + pub min_depth: u16, /// Maximum frame depth for probing - pub max_depth: u16, + pub max_depth: u16, /// Allocation function for a new state - pub state_new: StateAllocFn, + pub state_new: StateAllocFn, /// Function called to free a state - pub state_free: StateFreeFn, + pub state_free: StateFreeFn, /// Parsing function, for packets going to server - pub parse_ts: ParseFn, + pub parse_ts: ParseFn, /// Parsing function, for packets going to client - pub parse_tc: ParseFn, + pub parse_tc: ParseFn, /// Get the current transaction count - pub get_tx_count: StateGetTxCntFn, + pub get_tx_count: StateGetTxCntFn, /// Get a transaction - pub get_tx: StateGetTxFn, + pub get_tx: StateGetTxFn, /// Function called to free a transaction - pub tx_free: StateTxFreeFn, + pub tx_free: StateTxFreeFn, /// Function returning the current transaction completion status - pub tx_get_comp_st: StateGetTxCompletionStatusFn, + pub tx_get_comp_st: StateGetTxCompletionStatusFn, /// Function returning the current transaction progress - pub tx_get_progress: StateGetProgressFn, + pub tx_get_progress: StateGetProgressFn, /// Logged transaction getter function - pub get_tx_logged: Option, + pub get_tx_logged: Option, /// Logged transaction setter function - pub set_tx_logged: Option, + pub set_tx_logged: Option, /// Function called to get a detection state - pub get_de_state: GetDetectStateFn, + pub get_de_state: GetDetectStateFn, /// Function called to set a detection state - pub set_de_state: SetDetectStateFn, + pub set_de_state: SetDetectStateFn, /// Function to get events - pub get_events: Option, - /// Function to get an event description - pub get_eventinfo: Option, + pub get_events: Option, + /// Function to get an event id from a description + pub get_eventinfo: Option, + /// Function to get an event description from an event id + pub get_eventinfo_byid: Option, /// Function to allocate local storage - pub localstorage_new: Option, + pub localstorage_new: Option, /// Function to free local storage - pub localstorage_free: Option, + pub localstorage_free: Option, /// Function to get transaction MPM ID - pub get_tx_mpm_id: Option, + pub get_tx_mpm_id: Option, /// Function to set transaction MPM ID - pub set_tx_mpm_id: Option, + pub set_tx_mpm_id: Option, /// Function to get files - pub get_files: Option, + pub get_files: Option, /// Function to get the TX iterator - pub get_tx_iterator: Option, + pub get_tx_iterator: Option, } @@ -137,6 +139,7 @@ pub type StateGetProgressFn = extern "C" fn (*mut c_void, u8) -> c_int; pub type GetDetectStateFn = extern "C" fn (*mut c_void) -> *mut DetectEngineState; pub type SetDetectStateFn = extern "C" fn (*mut c_void, &mut DetectEngineState) -> c_int; pub type GetEventInfoFn = extern "C" fn (*const c_char, *mut c_int, *mut AppLayerEventType) -> c_int; +pub type GetEventInfoByIdFn = extern "C" fn (c_int, *mut *const c_char, *mut AppLayerEventType) -> i8; pub type GetEventsFn = extern "C" fn (*mut c_void) -> *mut AppLayerDecoderEvents; pub type GetTxLoggedFn = extern "C" fn (*mut c_void, *mut c_void) -> u32; pub type SetTxLoggedFn = extern "C" fn (*mut c_void, *mut c_void, u32); diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 988bdef911..f7f95d036f 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -1410,7 +1410,8 @@ static void ValidateParserProtoDump(AppProto alproto, uint8_t ipproto) printf("Optional:\n"); printf("- LocalStorageAlloc %p LocalStorageFree %p\n", ctx->LocalStorageAlloc, ctx->LocalStorageFree); printf("- StateGetTxLogged %p StateSetTxLogged %p\n", ctx->StateGetTxLogged, ctx->StateSetTxLogged); - printf("- StateGetEvents %p StateGetEventInfo %p\n", ctx->StateGetEvents, ctx->StateGetEventInfo); + printf("- StateGetEvents %p StateGetEventInfo %p StateGetEventInfoById %p\n", ctx->StateGetEvents, ctx->StateGetEventInfo, + ctx->StateGetEventInfoById); } #define BOTH_SET(a, b) ((a) != NULL && (b) != NULL) diff --git a/src/app-layer-register.c b/src/app-layer-register.c index 52bb46602d..4bbaea2d8c 100644 --- a/src/app-layer-register.c +++ b/src/app-layer-register.c @@ -145,6 +145,10 @@ int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto) AppLayerParserRegisterGetEventInfo(p->ip_proto, alproto, p->StateGetEventInfo); } + if (p->StateGetEventInfoById) { + AppLayerParserRegisterGetEventInfoById(p->ip_proto, alproto, + p->StateGetEventInfoById); + } if (p->StateGetEvents) { AppLayerParserRegisterGetEventsFunc(p->ip_proto, alproto, p->StateGetEvents); diff --git a/src/app-layer-register.h b/src/app-layer-register.h index 647da56c1b..70340edd12 100644 --- a/src/app-layer-register.h +++ b/src/app-layer-register.h @@ -57,6 +57,8 @@ typedef struct AppLayerParser { AppLayerDecoderEvents *(*StateGetEvents)(void *); int (*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type); + int (*StateGetEventInfoById)(int event_id, const char **event_name, + AppLayerEventType *event_type); void *(*LocalStorageAlloc)(void); void (*LocalStorageFree)(void *);