@ -17,8 +17,8 @@
// written by Pierre Chifflier <chifflier@wzdftpd.net>
// written by Pierre Chifflier <chifflier@wzdftpd.net>
use crate ::ike v2 ::ipsec_parser ::* ; use crate ::ike ::ipsec_parser ::* ;
use crate ::ike v2 ::state ::IKE V2 ConnectionState; use crate ::ike ::state ::IKE ConnectionState;
use crate ::core ; use crate ::core ;
use crate ::core ::{ AppProto , Flow , ALPROTO_UNKNOWN , ALPROTO_FAILED , STREAM_TOSERVER , STREAM_TOCLIENT } ; use crate ::core ::{ AppProto , Flow , ALPROTO_UNKNOWN , ALPROTO_FAILED , STREAM_TOSERVER , STREAM_TOCLIENT } ;
use crate ::applayer ::{ self , * } ; use crate ::applayer ::{ self , * } ;
@ -28,7 +28,7 @@ use std::ffi::{CStr,CString};
use nom ; use nom ;
#[ repr(u32) ] #[ repr(u32) ]
pub enum I KEV2 Event { pub enum I ke Event {
MalformedData = 0 , MalformedData = 0 ,
NoEncryption , NoEncryption ,
WeakCryptoEnc , WeakCryptoEnc ,
@ -41,33 +41,33 @@ pub enum IKEV2Event {
UnknownProposal , UnknownProposal ,
} }
impl I KEV2 Event { impl I ke Event {
fn from_i32 ( value : i32 ) -> Option < I KEV2 Event> { fn from_i32 ( value : i32 ) -> Option < I ke Event> {
match value { match value {
0 = > Some ( I KEV2 Event::MalformedData ) , 0 = > Some ( I ke Event::MalformedData ) ,
1 = > Some ( I KEV2 Event::NoEncryption ) , 1 = > Some ( I ke Event::NoEncryption ) ,
2 = > Some ( I KEV2 Event::WeakCryptoEnc ) , 2 = > Some ( I ke Event::WeakCryptoEnc ) ,
3 = > Some ( I KEV2 Event::WeakCryptoPRF ) , 3 = > Some ( I ke Event::WeakCryptoPRF ) ,
4 = > Some ( I KEV2 Event::WeakCryptoDH ) , 4 = > Some ( I ke Event::WeakCryptoDH ) ,
5 = > Some ( I KEV2 Event::WeakCryptoAuth ) , 5 = > Some ( I ke Event::WeakCryptoAuth ) ,
6 = > Some ( I KEV2 Event::WeakCryptoNoDH ) , 6 = > Some ( I ke Event::WeakCryptoNoDH ) ,
7 = > Some ( I KEV2 Event::WeakCryptoNoAuth ) , 7 = > Some ( I ke Event::WeakCryptoNoAuth ) ,
8 = > Some ( I KEV2 Event::InvalidProposal ) , 8 = > Some ( I ke Event::InvalidProposal ) ,
9 = > Some ( I KEV2 Event::UnknownProposal ) , 9 = > Some ( I ke Event::UnknownProposal ) ,
_ = > None , _ = > None ,
} }
} }
} }
pub struct IKE V2 State { pub struct IKE State {
/// List of transactions for this session
/// List of transactions for this session
transactions : Vec < IKE V2 Transaction> , transactions : Vec < IKE Transaction> ,
/// tx counter for assigning incrementing id's to tx's
/// tx counter for assigning incrementing id's to tx's
tx_id : u64 , tx_id : u64 ,
/// The connection state
/// The connection state
connection_state : IKE V2 ConnectionState, connection_state : IKE ConnectionState,
/// The transforms proposed by the initiator
/// The transforms proposed by the initiator
pub client_transforms : Vec < Vec < IkeV2Transform > > , pub client_transforms : Vec < Vec < IkeV2Transform > > ,
@ -92,8 +92,8 @@ pub struct IKEV2State {
} }
#[ derive(Debug) ] #[ derive(Debug) ]
pub struct IKE V2 Transaction { pub struct IKE Transaction {
/// The IKE V2 reference ID
/// The IKE reference ID
pub xid : u64 , pub xid : u64 ,
pub hdr : IkeV2Header , pub hdr : IkeV2Header ,
@ -118,12 +118,12 @@ pub struct IKEV2Transaction {
impl IKE V2 State { impl IKE State {
pub fn new ( ) -> IKE V2 State { pub fn new ( ) -> IKE State {
IKE V2 State{ IKE State{
transactions : Vec ::new ( ) , transactions : Vec ::new ( ) ,
tx_id : 0 , tx_id : 0 ,
connection_state : IKE V2 ConnectionState::Init , connection_state : IKE ConnectionState::Init ,
dh_group : IkeTransformDHType ::None , dh_group : IkeTransformDHType ::None ,
client_transforms : Vec ::new ( ) , client_transforms : Vec ::new ( ) ,
server_transforms : Vec ::new ( ) , server_transforms : Vec ::new ( ) ,
@ -136,8 +136,8 @@ impl IKEV2State {
} }
} }
impl IKE V2 State { impl IKE State {
/// Parse an IKE V2 request message
/// Parse an IKE request message
///
///
/// Returns The number of messages parsed, or -1 on error
/// Returns The number of messages parsed, or -1 on error
fn parse ( & mut self , i : & [ u8 ] , direction : u8 ) -> i32 { fn parse ( & mut self , i : & [ u8 ] , direction : u8 ) -> i32 {
@ -148,11 +148,11 @@ impl IKEV2State {
} }
// Rule 0: check version
// Rule 0: check version
if hdr . maj_ver ! = 2 | | hdr . min_ver ! = 0 { if hdr . maj_ver ! = 2 | | hdr . min_ver ! = 0 {
self . set_event ( I KEV2 Event::MalformedData ) ; self . set_event ( I ke Event::MalformedData ) ;
return - 1 ; return - 1 ;
} }
if hdr . init_spi = = 0 { if hdr . init_spi = = 0 {
self . set_event ( I KEV2 Event::MalformedData ) ; self . set_event ( I ke Event::MalformedData ) ;
return - 1 ; return - 1 ;
} }
// only analyse IKE_SA, other payloads are encrypted
// only analyse IKE_SA, other payloads are encrypted
@ -174,7 +174,7 @@ impl IKEV2State {
match payload . content { match payload . content {
IkeV2PayloadContent ::Dummy = > ( ) , IkeV2PayloadContent ::Dummy = > ( ) ,
IkeV2PayloadContent ::SA ( ref prop ) = > { IkeV2PayloadContent ::SA ( ref prop ) = > {
// if hdr.flags & IKE V2 _FLAG_INITIATOR != 0 {
// if hdr.flags & IKE _FLAG_INITIATOR != 0 {
self . add_proposals ( prop , direction ) ; self . add_proposals ( prop , direction ) ;
// }
// }
} , } ,
@ -213,18 +213,18 @@ impl IKEV2State {
} }
} ; } ;
} , } ,
e = > { SCLogDebug ! ( "parse_ike v2 _payload_with_type: {:?}", e ) ; ( ) } , e = > { SCLogDebug ! ( "parse_ike _payload_with_type: {:?}", e ) ; ( ) } ,
} }
1 1
} , } ,
Err ( nom ::Err ::Incomplete ( _ ) ) = > { Err ( nom ::Err ::Incomplete ( _ ) ) = > {
SCLogDebug ! ( "Insufficient data while parsing IKE V2 data") ; SCLogDebug ! ( "Insufficient data while parsing IKE data") ;
self . set_event ( I KEV2 Event::MalformedData ) ; self . set_event ( I ke Event::MalformedData ) ;
- 1 - 1
} , } ,
Err ( _ ) = > { Err ( _ ) = > {
SCLogDebug ! ( "Error while parsing IKE V2 data") ; SCLogDebug ! ( "Error while parsing IKE data") ;
self . set_event ( I KEV2 Event::MalformedData ) ; self . set_event ( I ke Event::MalformedData ) ;
- 1 - 1
} , } ,
} }
@ -236,12 +236,12 @@ impl IKEV2State {
self . transactions . clear ( ) ; self . transactions . clear ( ) ;
} }
fn new_tx ( & mut self ) -> IKE V2 Transaction { fn new_tx ( & mut self ) -> IKE Transaction {
self . tx_id + = 1 ; self . tx_id + = 1 ;
IKE V2 Transaction::new ( self . tx_id ) IKE Transaction::new ( self . tx_id )
} }
fn get_tx_by_id ( & mut self , tx_id : u64 ) -> Option < & IKE V2 Transaction> { fn get_tx_by_id ( & mut self , tx_id : u64 ) -> Option < & IKE Transaction> {
self . transactions . iter ( ) . find ( | & tx | tx . id = = tx_id + 1 ) self . transactions . iter ( ) . find ( | & tx | tx . id = = tx_id + 1 )
} }
@ -254,7 +254,7 @@ impl IKEV2State {
} }
/// Set an event. The event is set on the most recent transaction.
/// Set an event. The event is set on the most recent transaction.
fn set_event ( & mut self , event : I KEV2 Event) { fn set_event ( & mut self , event : I ke Event) {
if let Some ( tx ) = self . transactions . last_mut ( ) { if let Some ( tx ) = self . transactions . last_mut ( ) {
let ev = event as u8 ; let ev = event as u8 ;
core ::sc_app_layer_decoder_events_set_event_raw ( & mut tx . events , ev ) ; core ::sc_app_layer_decoder_events_set_event_raw ( & mut tx . events , ev ) ;
@ -283,7 +283,7 @@ impl IKEV2State {
IkeTransformEncType ::ENCR_NULL = > { IkeTransformEncType ::ENCR_NULL = > {
SCLogDebug ! ( "Weak Encryption: {:?}" , enc ) ; SCLogDebug ! ( "Weak Encryption: {:?}" , enc ) ;
// XXX send event only if direction == STREAM_TOCLIENT ?
// XXX send event only if direction == STREAM_TOCLIENT ?
self . set_event ( I KEV2 Event::WeakCryptoEnc ) ; self . set_event ( I ke Event::WeakCryptoEnc ) ;
} , } ,
_ = > ( ) , _ = > ( ) ,
} }
@ -292,12 +292,12 @@ impl IKEV2State {
match * prf { match * prf {
IkeTransformPRFType ::PRF_NULL = > { IkeTransformPRFType ::PRF_NULL = > {
SCLogDebug ! ( "'Null' PRF transform proposed" ) ; SCLogDebug ! ( "'Null' PRF transform proposed" ) ;
self . set_event ( I KEV2 Event::InvalidProposal ) ; self . set_event ( I ke Event::InvalidProposal ) ;
} , } ,
IkeTransformPRFType ::PRF_HMAC_MD5 | IkeTransformPRFType ::PRF_HMAC_MD5 |
IkeTransformPRFType ::PRF_HMAC_SHA1 = > { IkeTransformPRFType ::PRF_HMAC_SHA1 = > {
SCLogDebug ! ( "Weak PRF: {:?}" , prf ) ; SCLogDebug ! ( "Weak PRF: {:?}" , prf ) ;
self . set_event ( I KEV2 Event::WeakCryptoPRF ) ; self . set_event ( I ke Event::WeakCryptoPRF ) ;
} , } ,
_ = > ( ) , _ = > ( ) ,
} }
@ -317,7 +317,7 @@ impl IKEV2State {
IkeTransformAuthType ::AUTH_HMAC_MD5_128 | IkeTransformAuthType ::AUTH_HMAC_MD5_128 |
IkeTransformAuthType ::AUTH_HMAC_SHA1_160 = > { IkeTransformAuthType ::AUTH_HMAC_SHA1_160 = > {
SCLogDebug ! ( "Weak auth: {:?}" , auth ) ; SCLogDebug ! ( "Weak auth: {:?}" , auth ) ;
self . set_event ( I KEV2 Event::WeakCryptoAuth ) ; self . set_event ( I ke Event::WeakCryptoAuth ) ;
} , } ,
_ = > ( ) , _ = > ( ) ,
} }
@ -326,21 +326,21 @@ impl IKEV2State {
match * dh { match * dh {
IkeTransformDHType ::None = > { IkeTransformDHType ::None = > {
SCLogDebug ! ( "'None' DH transform proposed" ) ; SCLogDebug ! ( "'None' DH transform proposed" ) ;
self . set_event ( I KEV2 Event::InvalidProposal ) ; self . set_event ( I ke Event::InvalidProposal ) ;
} , } ,
IkeTransformDHType ::Modp768 | IkeTransformDHType ::Modp768 |
IkeTransformDHType ::Modp1024 | IkeTransformDHType ::Modp1024 |
IkeTransformDHType ::Modp1024s160 | IkeTransformDHType ::Modp1024s160 |
IkeTransformDHType ::Modp1536 = > { IkeTransformDHType ::Modp1536 = > {
SCLogDebug ! ( "Weak DH: {:?}" , dh ) ; SCLogDebug ! ( "Weak DH: {:?}" , dh ) ;
self . set_event ( I KEV2 Event::WeakCryptoDH ) ; self . set_event ( I ke Event::WeakCryptoDH ) ;
} , } ,
_ = > ( ) , _ = > ( ) ,
} }
} , } ,
IkeV2Transform ::Unknown ( tx_type , tx_id ) = > { IkeV2Transform ::Unknown ( tx_type , tx_id ) = > {
SCLogDebug ! ( "Unknown proposal: type={:?}, id={}" , tx_type , tx_id ) ; SCLogDebug ! ( "Unknown proposal: type={:?}, id={}" , tx_type , tx_id ) ;
self . set_event ( I KEV2 Event::UnknownProposal ) ; self . set_event ( I ke Event::UnknownProposal ) ;
} , } ,
_ = > ( ) , _ = > ( ) ,
} }
@ -354,12 +354,12 @@ impl IKEV2State {
} ) } )
{ {
SCLogDebug ! ( "No DH transform found" ) ; SCLogDebug ! ( "No DH transform found" ) ;
self . set_event ( I KEV2 Event::WeakCryptoNoDH ) ; self . set_event ( I ke Event::WeakCryptoNoDH ) ;
} }
// Rule 3: check if proposing AH ([RFC7296] section 3.3.1)
// Rule 3: check if proposing AH ([RFC7296] section 3.3.1)
if p . protocol_id = = ProtocolID ::AH { if p . protocol_id = = ProtocolID ::AH {
SCLogDebug ! ( "Proposal uses protocol AH - no confidentiality" ) ; SCLogDebug ! ( "Proposal uses protocol AH - no confidentiality" ) ;
self . set_event ( I KEV2 Event::NoEncryption ) ; self . set_event ( I ke Event::NoEncryption ) ;
} }
// Rule 4: lack of integrity is accepted only if using an AEAD proposal
// Rule 4: lack of integrity is accepted only if using an AEAD proposal
// Look if no auth was proposed, including if proposal is Auth::None
// Look if no auth was proposed, including if proposal is Auth::None
@ -378,7 +378,7 @@ impl IKEV2State {
} }
} ) { } ) {
SCLogDebug ! ( "No integrity transform found" ) ; SCLogDebug ! ( "No integrity transform found" ) ;
self . set_event ( I KEV2 Event::WeakCryptoNoAuth ) ; self . set_event ( I ke Event::WeakCryptoNoAuth ) ;
} }
} }
// Finally
// Finally
@ -402,9 +402,9 @@ impl IKEV2State {
} }
} }
impl IKE V2 Transaction { impl IKE Transaction {
pub fn new ( id : u64 ) -> IKE V2 Transaction { pub fn new ( id : u64 ) -> IKE Transaction {
IKE V2 Transaction { IKE Transaction {
xid : 0 , xid : 0 ,
hdr : IkeV2Header { hdr : IkeV2Header {
init_spi : 0 , init_spi : 0 ,
@ -437,31 +437,31 @@ impl IKEV2Transaction {
} }
} }
impl Drop for IKE V2 Transaction { impl Drop for IKE Transaction {
fn drop ( & mut self ) { fn drop ( & mut self ) {
self . free ( ) ; self . free ( ) ;
} }
} }
/// Returns *mut IKE V2 State
/// Returns *mut IKE State
#[ no_mangle ] #[ no_mangle ]
pub extern "C" fn rs_ike v2 _state_new( _orig_state : * mut std ::os ::raw ::c_void , _orig_proto : AppProto ) -> * mut std ::os ::raw ::c_void { pub extern "C" fn rs_ike _state_new( _orig_state : * mut std ::os ::raw ::c_void , _orig_proto : AppProto ) -> * mut std ::os ::raw ::c_void {
let state = IKE V2 State::new ( ) ; let state = IKE State::new ( ) ;
let boxed = Box ::new ( state ) ; let boxed = Box ::new ( state ) ;
return unsafe { std ::mem ::transmute ( boxed ) } ; return unsafe { std ::mem ::transmute ( boxed ) } ;
} }
/// Params:
/// Params:
/// - state: *mut IKE V2 State as void pointer
/// - state: *mut IKE State as void pointer
#[ no_mangle ] #[ no_mangle ]
pub extern "C" fn rs_ike v2 _state_free( state : * mut std ::os ::raw ::c_void ) { pub extern "C" fn rs_ike _state_free( state : * mut std ::os ::raw ::c_void ) {
// Just unbox...
// Just unbox...
let mut ike v2 _state: Box < IKE V2 State> = unsafe { std ::mem ::transmute ( state ) } ; let mut ike _state: Box < IKE State> = unsafe { std ::mem ::transmute ( state ) } ;
ike v2 _state. free ( ) ; ike _state. free ( ) ;
} }
#[ no_mangle ] #[ no_mangle ]
pub extern "C" fn rs_ike v2 _parse_request( _flow : * const core ::Flow , pub extern "C" fn rs_ike _parse_request( _flow : * const core ::Flow ,
state : * mut std ::os ::raw ::c_void , state : * mut std ::os ::raw ::c_void ,
_pstate : * mut std ::os ::raw ::c_void , _pstate : * mut std ::os ::raw ::c_void ,
input : * const u8 , input : * const u8 ,
@ -469,7 +469,7 @@ pub extern "C" fn rs_ikev2_parse_request(_flow: *const core::Flow,
_data : * const std ::os ::raw ::c_void , _data : * const std ::os ::raw ::c_void ,
_flags : u8 ) -> AppLayerResult { _flags : u8 ) -> AppLayerResult {
let buf = build_slice ! ( input , input_len as usize ) ; let buf = build_slice ! ( input , input_len as usize ) ;
let state = cast_pointer ! ( state , IKE V2 State) ; let state = cast_pointer ! ( state , IKE State) ;
if state . parse ( buf , STREAM_TOSERVER ) < 0 { if state . parse ( buf , STREAM_TOSERVER ) < 0 {
return AppLayerResult ::err ( ) ; return AppLayerResult ::err ( ) ;
} }
@ -477,7 +477,7 @@ pub extern "C" fn rs_ikev2_parse_request(_flow: *const core::Flow,
} }
#[ no_mangle ] #[ no_mangle ]
pub extern "C" fn rs_ike v2 _parse_response( _flow : * const core ::Flow , pub extern "C" fn rs_ike _parse_response( _flow : * const core ::Flow ,
state : * mut std ::os ::raw ::c_void , state : * mut std ::os ::raw ::c_void ,
pstate : * mut std ::os ::raw ::c_void , pstate : * mut std ::os ::raw ::c_void ,
input : * const u8 , input : * const u8 ,
@ -485,9 +485,9 @@ pub extern "C" fn rs_ikev2_parse_response(_flow: *const core::Flow,
_data : * const std ::os ::raw ::c_void , _data : * const std ::os ::raw ::c_void ,
_flags : u8 ) -> AppLayerResult { _flags : u8 ) -> AppLayerResult {
let buf = build_slice ! ( input , input_len as usize ) ; let buf = build_slice ! ( input , input_len as usize ) ;
let state = cast_pointer ! ( state , IKE V2 State) ; let state = cast_pointer ! ( state , IKE State) ;
let res = state . parse ( buf , STREAM_TOCLIENT ) ; let res = state . parse ( buf , STREAM_TOCLIENT ) ;
if state . connection_state = = IKE V2 ConnectionState::ParsingDone { if state . connection_state = = IKE ConnectionState::ParsingDone {
unsafe { unsafe {
AppLayerParserStateSetFlag ( pstate , APP_LAYER_PARSER_NO_INSPECTION | AppLayerParserStateSetFlag ( pstate , APP_LAYER_PARSER_NO_INSPECTION |
APP_LAYER_PARSER_NO_REASSEMBLY | APP_LAYER_PARSER_NO_REASSEMBLY |
@ -501,11 +501,11 @@ pub extern "C" fn rs_ikev2_parse_response(_flow: *const core::Flow,
} }
#[ no_mangle ] #[ no_mangle ]
pub extern "C" fn rs_ike v2 _state_get_tx( state : * mut std ::os ::raw ::c_void , pub extern "C" fn rs_ike _state_get_tx( state : * mut std ::os ::raw ::c_void ,
tx_id : u64 ) tx_id : u64 )
-> * mut std ::os ::raw ::c_void -> * mut std ::os ::raw ::c_void
{ {
let state = cast_pointer ! ( state , IKE V2 State) ; let state = cast_pointer ! ( state , IKE State) ;
match state . get_tx_by_id ( tx_id ) { match state . get_tx_by_id ( tx_id ) {
Some ( tx ) = > unsafe { std ::mem ::transmute ( tx ) } , Some ( tx ) = > unsafe { std ::mem ::transmute ( tx ) } ,
None = > std ::ptr ::null_mut ( ) , None = > std ::ptr ::null_mut ( ) ,
@ -513,23 +513,31 @@ pub extern "C" fn rs_ikev2_state_get_tx(state: *mut std::os::raw::c_void,
} }
#[ no_mangle ] #[ no_mangle ]
pub extern "C" fn rs_ike v2 _state_get_tx_count( state : * mut std ::os ::raw ::c_void ) pub extern "C" fn rs_ike _state_get_tx_count( state : * mut std ::os ::raw ::c_void )
-> u64 -> u64
{ {
let state = cast_pointer ! ( state , IKE V2 State) ; let state = cast_pointer ! ( state , IKE State) ;
state . tx_id state . tx_id
} }
#[ no_mangle ] #[ no_mangle ]
pub extern "C" fn rs_ike v2 _state_tx_free( state : * mut std ::os ::raw ::c_void , pub extern "C" fn rs_ike _state_tx_free( state : * mut std ::os ::raw ::c_void ,
tx_id : u64 ) tx_id : u64 )
{ {
let state = cast_pointer ! ( state , IKE V2 State) ; let state = cast_pointer ! ( state , IKE State) ;
state . free_tx ( tx_id ) ; state . free_tx ( tx_id ) ;
} }
#[ no_mangle ] #[ no_mangle ]
pub extern "C" fn rs_ikev2_tx_get_alstate_progress ( _tx : * mut std ::os ::raw ::c_void , pub extern "C" fn rs_ike_state_progress_completion_status (
_direction : u8 )
-> std ::os ::raw ::c_int
{
return 1 ;
}
#[ no_mangle ]
pub extern "C" fn rs_ike_tx_get_alstate_progress ( _tx : * mut std ::os ::raw ::c_void ,
_direction : u8 ) _direction : u8 )
-> std ::os ::raw ::c_int -> std ::os ::raw ::c_int
{ {
@ -537,21 +545,21 @@ pub extern "C" fn rs_ikev2_tx_get_alstate_progress(_tx: *mut std::os::raw::c_voi
} }
#[ no_mangle ] #[ no_mangle ]
pub extern "C" fn rs_ike v2 _state_set_tx_detect_state( pub extern "C" fn rs_ike _state_set_tx_detect_state(
tx : * mut std ::os ::raw ::c_void , tx : * mut std ::os ::raw ::c_void ,
de_state : & mut core ::DetectEngineState ) -> std ::os ::raw ::c_int de_state : & mut core ::DetectEngineState ) -> std ::os ::raw ::c_int
{ {
let tx = cast_pointer ! ( tx , IKE V2 Transaction) ; let tx = cast_pointer ! ( tx , IKE Transaction) ;
tx . de_state = Some ( de_state ) ; tx . de_state = Some ( de_state ) ;
0 0
} }
#[ no_mangle ] #[ no_mangle ]
pub extern "C" fn rs_ike v2 _state_get_tx_detect_state( pub extern "C" fn rs_ike _state_get_tx_detect_state(
tx : * mut std ::os ::raw ::c_void ) tx : * mut std ::os ::raw ::c_void )
-> * mut core ::DetectEngineState -> * mut core ::DetectEngineState
{ {
let tx = cast_pointer ! ( tx , IKE V2 Transaction) ; let tx = cast_pointer ! ( tx , IKE Transaction) ;
match tx . de_state { match tx . de_state {
Some ( ds ) = > ds , Some ( ds ) = > ds ,
None = > std ::ptr ::null_mut ( ) , None = > std ::ptr ::null_mut ( ) ,
@ -560,31 +568,31 @@ pub extern "C" fn rs_ikev2_state_get_tx_detect_state(
#[ no_mangle ] #[ no_mangle ]
pub extern "C" fn rs_ike v2 _state_get_events( tx : * mut std ::os ::raw ::c_void ) pub extern "C" fn rs_ike _state_get_events( tx : * mut std ::os ::raw ::c_void )
-> * mut core ::AppLayerDecoderEvents -> * mut core ::AppLayerDecoderEvents
{ {
let tx = cast_pointer ! ( tx , IKE V2 Transaction) ; let tx = cast_pointer ! ( tx , IKE Transaction) ;
return tx . events ; return tx . events ;
} }
#[ no_mangle ] #[ no_mangle ]
pub extern "C" fn rs_ike v2 _state_get_event_info_by_id( event_id : std ::os ::raw ::c_int , pub extern "C" fn rs_ike _state_get_event_info_by_id( event_id : std ::os ::raw ::c_int ,
event_name : * mut * const std ::os ::raw ::c_char , event_name : * mut * const std ::os ::raw ::c_char ,
event_type : * mut core ::AppLayerEventType ) event_type : * mut core ::AppLayerEventType )
-> i8 -> i8
{ {
if let Some ( e ) = I KEV2 Event::from_i32 ( event_id as i32 ) { if let Some ( e ) = I ke Event::from_i32 ( event_id as i32 ) {
let estr = match e { let estr = match e {
I KEV2 Event::MalformedData = > { "malformed_data\0" } , I ke Event::MalformedData = > { "malformed_data\0" } ,
I KEV2 Event::NoEncryption = > { "no_encryption\0" } , I ke Event::NoEncryption = > { "no_encryption\0" } ,
I KEV2 Event::WeakCryptoEnc = > { "weak_crypto_enc\0" } , I ke Event::WeakCryptoEnc = > { "weak_crypto_enc\0" } ,
I KEV2 Event::WeakCryptoPRF = > { "weak_crypto_prf\0" } , I ke Event::WeakCryptoPRF = > { "weak_crypto_prf\0" } ,
I KEV2 Event::WeakCryptoDH = > { "weak_crypto_dh\0" } , I ke Event::WeakCryptoDH = > { "weak_crypto_dh\0" } ,
I KEV2 Event::WeakCryptoAuth = > { "weak_crypto_auth\0" } , I ke Event::WeakCryptoAuth = > { "weak_crypto_auth\0" } ,
I KEV2 Event::WeakCryptoNoDH = > { "weak_crypto_nodh\0" } , I ke Event::WeakCryptoNoDH = > { "weak_crypto_nodh\0" } ,
I KEV2 Event::WeakCryptoNoAuth = > { "weak_crypto_noauth\0" } , I ke Event::WeakCryptoNoAuth = > { "weak_crypto_noauth\0" } ,
I KEV2 Event::InvalidProposal = > { "invalid_proposal\0" } , I ke Event::InvalidProposal = > { "invalid_proposal\0" } ,
I KEV2 Event::UnknownProposal = > { "unknown_proposal\0" } , I ke Event::UnknownProposal = > { "unknown_proposal\0" } ,
} ; } ;
unsafe { unsafe {
* event_name = estr . as_ptr ( ) as * const std ::os ::raw ::c_char ; * event_name = estr . as_ptr ( ) as * const std ::os ::raw ::c_char ;
@ -597,7 +605,7 @@ pub extern "C" fn rs_ikev2_state_get_event_info_by_id(event_id: std::os::raw::c_
} }
#[ no_mangle ] #[ no_mangle ]
pub extern "C" fn rs_ike v2 _state_get_event_info( event_name : * const std ::os ::raw ::c_char , pub extern "C" fn rs_ike _state_get_event_info( event_name : * const std ::os ::raw ::c_char ,
event_id : * mut std ::os ::raw ::c_int , event_id : * mut std ::os ::raw ::c_int ,
event_type : * mut core ::AppLayerEventType ) event_type : * mut core ::AppLayerEventType )
-> std ::os ::raw ::c_int -> std ::os ::raw ::c_int
@ -607,16 +615,16 @@ pub extern "C" fn rs_ikev2_state_get_event_info(event_name: *const std::os::raw:
let event = match c_event_name . to_str ( ) { let event = match c_event_name . to_str ( ) {
Ok ( s ) = > { Ok ( s ) = > {
match s { match s {
"malformed_data" = > I KEV2 Event::MalformedData as i32 , "malformed_data" = > I ke Event::MalformedData as i32 ,
"no_encryption" = > I KEV2 Event::NoEncryption as i32 , "no_encryption" = > I ke Event::NoEncryption as i32 ,
"weak_crypto_enc" = > I KEV2 Event::WeakCryptoEnc as i32 , "weak_crypto_enc" = > I ke Event::WeakCryptoEnc as i32 ,
"weak_crypto_prf" = > I KEV2 Event::WeakCryptoPRF as i32 , "weak_crypto_prf" = > I ke Event::WeakCryptoPRF as i32 ,
"weak_crypto_auth" = > I KEV2 Event::WeakCryptoAuth as i32 , "weak_crypto_auth" = > I ke Event::WeakCryptoAuth as i32 ,
"weak_crypto_dh" = > I KEV2 Event::WeakCryptoDH as i32 , "weak_crypto_dh" = > I ke Event::WeakCryptoDH as i32 ,
"weak_crypto_nodh" = > I KEV2 Event::WeakCryptoNoDH as i32 , "weak_crypto_nodh" = > I ke Event::WeakCryptoNoDH as i32 ,
"weak_crypto_noauth" = > I KEV2 Event::WeakCryptoNoAuth as i32 , "weak_crypto_noauth" = > I ke Event::WeakCryptoNoAuth as i32 ,
"invalid_proposal" = > I KEV2 Event::InvalidProposal as i32 , "invalid_proposal" = > I ke Event::InvalidProposal as i32 ,
"unknown_proposal" = > I KEV2 Event::UnknownProposal as i32 , "unknown_proposal" = > I ke Event::UnknownProposal as i32 ,
_ = > - 1 , // unknown event
_ = > - 1 , // unknown event
} }
} , } ,
@ -629,17 +637,16 @@ pub extern "C" fn rs_ikev2_state_get_event_info(event_name: *const std::os::raw:
0 0
} }
static mut ALPROTO_IKE : AppProto = ALPROTO_UNKNOWN ;
static mut ALPROTO_IKEV2 : AppProto = ALPROTO_UNKNOWN ;
#[ no_mangle ] #[ no_mangle ]
pub extern "C" fn rs_ike v2 _probing_parser( _flow : * const Flow , pub extern "C" fn rs_ike _probing_parser( _flow : * const Flow ,
_direction : u8 , _direction : u8 ,
input :* const u8 , input_len : u32 , input :* const u8 , input_len : u32 ,
_rdir : * mut u8 ) -> AppProto _rdir : * mut u8 ) -> AppProto
{ {
let slice = build_slice ! ( input , input_len as usize ) ; let slice = build_slice ! ( input , input_len as usize ) ;
let alproto = unsafe { ALPROTO_IKE V2 } ; let alproto = unsafe { ALPROTO_IKE } ;
match parse_ikev2_header ( slice ) { match parse_ikev2_header ( slice ) {
Ok ( ( _ , ref hdr ) ) = > { Ok ( ( _ , ref hdr ) ) = > {
if hdr . maj_ver ! = 2 | | hdr . min_ver ! = 0 { if hdr . maj_ver ! = 2 | | hdr . min_ver ! = 0 {
@ -667,41 +674,41 @@ pub extern "C" fn rs_ikev2_probing_parser(_flow: *const Flow,
} }
} }
export_tx_data_get ! ( rs_ike v2 _get_tx_data, IKE V2 Transaction) ; export_tx_data_get ! ( rs_ike _get_tx_data, IKE Transaction) ;
const PARSER_NAME : & ' static [ u8 ] = b" ike v2 \0 " ; const PARSER_NAME : & ' static [ u8 ] = b" ike \0 " ;
#[ no_mangle ] #[ no_mangle ]
pub unsafe extern "C" fn rs_register_ike v2 _parser( ) { pub unsafe extern "C" fn rs_register_ike _parser( ) {
let default_port = CString ::new ( "500" ) . unwrap ( ) ; let default_port = CString ::new ( "500" ) . unwrap ( ) ;
let parser = RustParser { let parser = RustParser {
name : PARSER_NAME . as_ptr ( ) as * const std ::os ::raw ::c_char , name : PARSER_NAME . as_ptr ( ) as * const std ::os ::raw ::c_char ,
default_port : default_port . as_ptr ( ) , default_port : default_port . as_ptr ( ) ,
ipproto : core ::IPPROTO_UDP , ipproto : core ::IPPROTO_UDP ,
probe_ts : Some ( rs_ike v2 _probing_parser) , probe_ts : Some ( rs_ike _probing_parser) ,
probe_tc : Some ( rs_ike v2 _probing_parser) , probe_tc : Some ( rs_ike _probing_parser) ,
min_depth : 0 , min_depth : 0 ,
max_depth : 16 , max_depth : 16 ,
state_new : rs_ike v2 _state_new, state_new : rs_ike _state_new,
state_free : rs_ike v2 _state_free, state_free : rs_ike _state_free,
tx_free : rs_ike v2 _state_tx_free, tx_free : rs_ike _state_tx_free,
parse_ts : rs_ike v2 _parse_request, parse_ts : rs_ike _parse_request,
parse_tc : rs_ike v2 _parse_response, parse_tc : rs_ike _parse_response,
get_tx_count : rs_ike v2 _state_get_tx_count, get_tx_count : rs_ike _state_get_tx_count,
get_tx : rs_ike v2 _state_get_tx, get_tx : rs_ike _state_get_tx,
tx_comp_st_ts : 1 , tx_comp_st_ts : 1 ,
tx_comp_st_tc : 1 , tx_comp_st_tc : 1 ,
tx_get_progress : rs_ike v2 _tx_get_alstate_progress, tx_get_progress : rs_ike _tx_get_alstate_progress,
get_de_state : rs_ike v2 _state_get_tx_detect_state, get_de_state : rs_ike _state_get_tx_detect_state,
set_de_state : rs_ike v2 _state_set_tx_detect_state, set_de_state : rs_ike _state_set_tx_detect_state,
get_events : Some ( rs_ike v2 _state_get_events) , get_events : Some ( rs_ike _state_get_events) ,
get_eventinfo : Some ( rs_ike v2 _state_get_event_info) , get_eventinfo : Some ( rs_ike _state_get_event_info) ,
get_eventinfo_byid : Some ( rs_ike v2 _state_get_event_info_by_id) , get_eventinfo_byid : Some ( rs_ike _state_get_event_info_by_id) ,
localstorage_new : None , localstorage_new : None ,
localstorage_free : None , localstorage_free : None ,
get_files : None , get_files : None ,
get_tx_iterator : None , get_tx_iterator : None ,
get_tx_data : rs_ike v2 _get_tx_data, get_tx_data : rs_ike _get_tx_data,
apply_tx_config : None , apply_tx_config : None ,
flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS , flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS ,
truncate : None , truncate : None ,
@ -711,23 +718,23 @@ pub unsafe extern "C" fn rs_register_ikev2_parser() {
if AppLayerProtoDetectConfProtoDetectionEnabled ( ip_proto_str . as_ptr ( ) , parser . name ) ! = 0 { if AppLayerProtoDetectConfProtoDetectionEnabled ( ip_proto_str . as_ptr ( ) , parser . name ) ! = 0 {
let alproto = AppLayerRegisterProtocolDetection ( & parser , 1 ) ; let alproto = AppLayerRegisterProtocolDetection ( & parser , 1 ) ;
// store the allocated ID for the probe function
// store the allocated ID for the probe function
ALPROTO_IKE V2 = alproto ; ALPROTO_IKE = alproto ;
if AppLayerParserConfParserEnabled ( ip_proto_str . as_ptr ( ) , parser . name ) ! = 0 { if AppLayerParserConfParserEnabled ( ip_proto_str . as_ptr ( ) , parser . name ) ! = 0 {
let _ = AppLayerRegisterParser ( & parser , alproto ) ; let _ = AppLayerRegisterParser ( & parser , alproto ) ;
} }
} else { } else {
SCLogDebug ! ( "Protocol detector and parser disabled for IKE V2 .") ; SCLogDebug ! ( "Protocol detector and parser disabled for IKE .") ;
} }
} }
#[ cfg(test) ] #[ cfg(test) ]
mod tests { mod tests {
use super ::IKE V2 State; use super ::IKE State;
#[ test ] #[ test ]
fn test_ike v2 _parse_request_valid( ) { fn test_ike _parse_request_valid( ) {
// A UDP IKE V2 v4 request, in client mode
// A UDP IKE v4 request, in client mode
const REQ : & [ u8 ] = & [ const REQ : & [ u8 ] = & [
0x23 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x23 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 ,
0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 ,
@ -737,7 +744,7 @@ mod tests {
0x18 , 0x57 , 0xab , 0xc3 , 0x4a , 0x5f , 0x2c , 0xfe 0x18 , 0x57 , 0xab , 0xc3 , 0x4a , 0x5f , 0x2c , 0xfe
] ; ] ;
let mut state = IKE V2 State::new ( ) ; let mut state = IKE State::new ( ) ;
assert_eq! ( 1 , state . parse ( REQ , 0 ) ) ; assert_eq! ( 1 , state . parse ( REQ , 0 ) ) ;
} }
} }
frank honza
5 years ago
committed by
Victor Julien