rfb: move app-layer registration code to rust

Ticket: 7178
1 year ago · ede77bc4db
parent 62a186ceef
commit ede77bc4db
6 changed files with 28 additions and 189 deletions
--- a/rust/src/applayer.rs
+++ b/rust/src/applayer.rs
@ -479,6 +479,9 @@ extern {
                                               alproto_name: *const c_char, alproto: AppProto,
                                               min_depth: u16, max_depth: u16,
                                               pparser_ts: ProbeFn, pparser_tc: ProbeFn) -> i32;
+    pub fn AppLayerProtoDetectPMRegisterPatternCI(ipproto: u8, alproto: AppProto,
+                                                pattern: *const c_char, depth: u16,
+                                                offset: u16, direction: u8) -> c_int;
    pub fn AppLayerProtoDetectPMRegisterPatternCS(ipproto: u8, alproto: AppProto,
                                                  pattern: *const c_char, depth: u16,
                                                  offset: u16, direction: u8) -> c_int;
--- a/rust/src/rfb/rfb.rs
+++ b/rust/src/rfb/rfb.rs
@ -26,6 +26,7 @@ use crate::frames::*;
 use nom7::Err;
 use std;
 use std::ffi::CString;
+use std::os::raw::c_char;

 pub(super) static mut ALPROTO_RFB: AppProto = ALPROTO_UNKNOWN;

@ -831,7 +832,7 @@ export_tx_data_get!(rs_rfb_get_tx_data, RFBTransaction);
 export_state_data_get!(rs_rfb_get_state_data, RFBState);

 #[no_mangle]
-pub unsafe extern "C" fn rs_rfb_register_parser() {
+pub unsafe extern "C" fn SCRfbRegisterParser() {
    let parser = RustParser {
        name: PARSER_NAME.as_ptr() as *const std::os::raw::c_char,
        default_port: std::ptr::null(),
@ -874,6 +875,28 @@ pub unsafe extern "C" fn rs_rfb_register_parser() {
        }
        SCLogDebug!("Rust rfb parser registered.");
        AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RFB);
+        if AppLayerProtoDetectPMRegisterPatternCI(
+            IPPROTO_TCP,
+            ALPROTO_RFB,
+            b"RFB \0".as_ptr() as *const c_char,
+            b"RFB ".len() as u16,
+            0,
+            crate::core::Direction::ToServer.into(),
+        ) < 0
+        {
+            SCLogDebug!("Failed to register protocol detection pattern for direction TOSERVER");
+        };
+        if AppLayerProtoDetectPMRegisterPatternCI(
+            IPPROTO_TCP,
+            ALPROTO_RFB,
+            b"RFB \0".as_ptr() as *const c_char,
+            b"RFB ".len() as u16,
+            0,
+            crate::core::Direction::ToClient.into(),
+        ) < 0
+        {
+            SCLogDebug!("Failed to register protocol detection pattern for direction TOCLIENT");
+        }
    } else {
        SCLogDebug!("Protocol detector and parser disabled for RFB.");
    }
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -37,7 +37,6 @@ noinst_HEADERS = \
 	app-layer-parser.h \
 	app-layer-protos.h \
 	app-layer-register.h \
-	app-layer-rfb.h \
 	app-layer-smb.h \
 	app-layer-smtp.h \
 	app-layer-ssh.h \
@ -619,7 +618,6 @@ libsuricata_c_a_SOURCES = \
 	app-layer-parser.c \
 	app-layer-protos.c \
 	app-layer-register.c \
-	app-layer-rfb.c \
 	app-layer-smb.c \
 	app-layer-smtp.c \
 	app-layer-ssh.c \
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@ -52,7 +52,6 @@
 #include "app-layer-nfs-udp.h"
 #include "app-layer-tftp.h"
 #include "app-layer-ike.h"
-#include "app-layer-rfb.h"
 #include "app-layer-http2.h"
 #include "app-layer-imap.h"

@ -1725,7 +1724,7 @@ void AppLayerParserRegisterProtocolParsers(void)
    rs_websocket_register_parser();
    rs_ldap_register_parser();
    rs_template_register_parser();
-    RegisterRFBParsers();
+    SCRfbRegisterParser();
    SCMqttRegisterParser();
    rs_pgsql_register_parser();
    rs_rdp_register_parser();
--- a/src/app-layer-rfb.c
+++ b/src/app-layer-rfb.c
@ -1,155 +0,0 @@
-/* Copyright (C) 2020 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Sascha Steinbiss <sascha.steinbiss@dcso.de>
- *
- * RFB (VNC) application layer detector and parser.
- *
- */
-
-#include "suricata-common.h"
-
-#include "util-unittest.h"
-
-#include "app-layer-detect-proto.h"
-#include "app-layer-parser.h"
-#include "app-layer-rfb.h"
-
-#include "rust.h"
-
-static int RFBRegisterPatternsForProtocolDetection(void)
-{
-    if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_RFB,
-                                               "RFB ", 4, 0, STREAM_TOCLIENT) < 0)
-    {
-        return -1;
-    }
-    if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_RFB,
-                                               "RFB ", 4, 0, STREAM_TOSERVER) < 0)
-    {
-        return -1;
-    }
-    return 0;
-}
-
-void RFBParserRegisterTests(void);
-
-void RegisterRFBParsers(void)
-{
-    rs_rfb_register_parser();
-    if (RFBRegisterPatternsForProtocolDetection() < 0 )
-            return;
-#ifdef UNITTESTS
-    AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_RFB,
-        RFBParserRegisterTests);
-#endif
-}
-
-
-#ifdef UNITTESTS
-
-#include "stream-tcp.h"
-#include "util-unittest-helper.h"
-
-static int RFBParserTest(void)
-{
-    uint64_t ret[4];
-    AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
-    FAIL_IF_NULL(alp_tctx);
-
-    StreamTcpInitConfig(true);
-    TcpSession ssn;
-    memset(&ssn, 0, sizeof(ssn));
-
-    Flow *f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 59001, 5900);
-    FAIL_IF_NULL(f);
-    f->protoctx = &ssn;
-    f->proto = IPPROTO_TCP;
-    f->alproto = ALPROTO_RFB;
-
-    static const unsigned char rfb_version_str[12] = {
-            0x52, 0x46, 0x42, 0x20, 0x30, 0x30, 0x33, 0x2e, 0x30, 0x30, 0x37, 0x0a
-    };
-
-    // the RFB server sending the first handshake message
-    int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_RFB, STREAM_TOCLIENT | STREAM_START,
-            (uint8_t *)rfb_version_str, sizeof(rfb_version_str));
-    FAIL_IF_NOT(r == 0);
-
-    r = AppLayerParserParse(
-            NULL, alp_tctx, f, ALPROTO_RFB, STREAM_TOSERVER, (uint8_t *)rfb_version_str, sizeof(rfb_version_str));
-    FAIL_IF_NOT(r == 0);
-
-    static const unsigned char security_types[3] = {
-            0x02, 0x01, 0x02
-    };
-    r = AppLayerParserParse(
-            NULL, alp_tctx, f, ALPROTO_RFB, STREAM_TOCLIENT, (uint8_t *)security_types, sizeof(security_types));
-    FAIL_IF_NOT(r == 0);
-
-    static const unsigned char type_selection[1] = {
-            0x01
-    };
-    r = AppLayerParserParse(
-            NULL, alp_tctx, f, ALPROTO_RFB, STREAM_TOSERVER, (uint8_t *)type_selection, sizeof(type_selection));
-    FAIL_IF_NOT(r == 0);
-
-    static const unsigned char client_init[1] = {
-            0x01
-    };
-    r = AppLayerParserParse(
-            NULL, alp_tctx, f, ALPROTO_RFB, STREAM_TOSERVER, (uint8_t *)client_init, sizeof(client_init));
-    FAIL_IF_NOT(r == 0);
-
-    static const unsigned char server_init[] = {
-          0x05, 0x00, 0x03, 0x20, 0x20, 0x18, 0x00, 0x01,
-          0x00, 0xff, 0x00, 0xff, 0x00, 0xff, 0x10, 0x08,
-          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1e,
-          0x61, 0x6e, 0x65, 0x61, 0x67, 0x6c, 0x65, 0x73,
-          0x40, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f,
-          0x73, 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
-          0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e
-    };
-
-    r = AppLayerParserParse(
-            NULL, alp_tctx, f, ALPROTO_RFB, STREAM_TOCLIENT, (uint8_t *)server_init, sizeof(server_init));
-    FAIL_IF_NOT(r == 0);
-
-    AppLayerParserTransactionsCleanup(f, STREAM_TOCLIENT);
-    UTHAppLayerParserStateGetIds(f->alparser, &ret[0], &ret[1], &ret[2], &ret[3]);
-    FAIL_IF_NOT(ret[0] == 1); // inspect_id[0]
-    FAIL_IF_NOT(ret[1] == 1); // inspect_id[1]
-    FAIL_IF_NOT(ret[2] == 1); // log_id
-    FAIL_IF_NOT(ret[3] == 1); // min_id
-
-    AppLayerParserTransactionsCleanup(f, STREAM_TOCLIENT);
-    AppLayerParserThreadCtxFree(alp_tctx);
-    StreamTcpFreeConfig(true);
-    UTHFreeFlow(f);
-
-    PASS;
-}
-
-void RFBParserRegisterTests(void)
-{
-    UtRegisterTest("RFBParserTest", RFBParserTest);
-}
-
-#endif
--- a/src/app-layer-rfb.h
+++ b/src/app-layer-rfb.h
@ -1,29 +0,0 @@
-/* Copyright (C) 2020 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Sascha Steinbiss <sascha.steinbiss@dcso.de>
- */
-
-#ifndef SURICATA_APP_LAYER_RFB_H
-#define SURICATA_APP_LAYER_RFB_H
-
-void RegisterRFBParsers(void);
-
-#endif /* SURICATA_APP_LAYER_RFB_H */