Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Training/ams2018/v4 #3487

Merged
merged 24 commits into from
Sep 20, 2018
Merged

Training/ams2018/v4 #3487

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
234d113
detect/template: clean up unittest
victorjulien Sep 17, 2018
1bb8fce
detect/template: switch to v2 API, add MPM
victorjulien Sep 17, 2018
d3e5c15
detect/template: move test to own file in src/tests/
victorjulien Sep 17, 2018
33914c2
detect/template: clean up packet keyword
victorjulien Sep 18, 2018
a013cec
app-layer/template: code cleanups
victorjulien Sep 18, 2018
e232fcc
setup-app-layer: rewrite script in Python
jasonish Aug 29, 2018
9da00be
scripts/setup: remove 'ed' based setup scripts
jasonish Aug 30, 2018
452355b
setup-simple-detect: update for new tests location
victorjulien Sep 19, 2018
5ed7e4f
setup-app-layer-detect: update for tests/ dir
victorjulien Sep 19, 2018
4d0fc67
decode/template: minor updates
victorjulien Sep 19, 2018
4860545
detect/template2: template with prefilter (copy of ttl)
victorjulien Sep 19, 2018
789b147
detect/template2: setup script
victorjulien Sep 19, 2018
96dc20a
templates: C stub template for Rust parser
jasonish Aug 28, 2018
ee3aba9
templates: C stub output for Rust logger
jasonish Aug 30, 2018
90dfcf4
rust/gen-c-headers: don't attempt to split empty lines
jasonish Aug 30, 2018
9636b9d
rust: expose AppLayerParserStateIssetFlag to Rust.
jasonish Aug 30, 2018
7682b1b
rustfmt.toml: set to 80 char line width
jasonish Sep 18, 2018
c3f1a35
rust: app-layer template parser and logger
jasonish Aug 31, 2018
01f7dcf
rust template parser: sample pcap
jasonish Sep 18, 2018
58933ba
rust app layer template: functions to get buffers
jasonish Sep 19, 2018
15922dc
setup-app-layer.py: attempt to cd into correct directory
jasonish Sep 19, 2018
35fd10b
rust: app-layer detect template for rust parsers
jasonish Sep 19, 2018
7ec7d85
setup-app-layer.py: integrate detect buffer setup
jasonish Sep 19, 2018
0b5a2ab
setup-app-layer: support tests in tests/
victorjulien Sep 19, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion rust/gen-c-headers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ def gen_headers(filename):
fnName = fn[1]

for arg in fn[2].split(","):
if not arg:
if not arg.strip():
continue
arg_name, rs_type = arg.split(":", 1)
arg_name = arg_name.strip()
Expand Down
2 changes: 2 additions & 0 deletions rust/rustfmt.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# Rust default is 100. Use 80 to bring in line with Suricata C code.
max_width = 80
41 changes: 41 additions & 0 deletions rust/src/applayertemplate/logger.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
/* Copyright (C) 2018 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/

use libc;
use std;
use json::*;
use super::template::TemplateTransaction;

fn log_template(tx: &TemplateTransaction) -> Option<Json> {
let js = Json::object();
if let Some(ref request) = tx.request {
js.set_string("request", request);
}
if let Some(ref response) = tx.response {
js.set_string("response", response);
}
return Some(js);
}

#[no_mangle]
pub extern "C" fn rs_template_logger_log(tx: *mut libc::c_void) -> *mut JsonT {
let tx = cast_pointer!(tx, TemplateTransaction);
match log_template(tx) {
Some(js) => js.unwrap(),
None => std::ptr::null_mut(),
}
}
22 changes: 22 additions & 0 deletions rust/src/applayertemplate/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
/* Copyright (C) 2018 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/

pub mod template;
mod parser;
/* TEMPLATE_START_REMOVE */
pub mod logger;
/* TEMPLATE_END_REMOVE */
64 changes: 64 additions & 0 deletions rust/src/applayertemplate/parser.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
/* Copyright (C) 2018 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/

use std;

fn parse_len(input: &str) -> Result<u32, std::num::ParseIntError> {
input.parse::<u32>()
}

named!(pub parse_message<String>,
do_parse!(
len: map_res!(
map_res!(take_until_s!(":"), std::str::from_utf8), parse_len) >>
sep: take!(1) >>
msg: take_str!(len) >>
(
msg.to_string()
)
));

#[cfg(test)]
mod tests {

use nom::*;
use super::*;

/// Simple test of some valid data.
#[test]
fn test_parse_valid() {
let buf = b"12:Hello World!4:Bye.";

let result = parse_message(buf);
match result {
IResult::Done(remainder, message) => {
// Check the first message.
assert_eq!(message, "Hello World!");

// And we should have 6 bytes left.
assert_eq!(remainder.len(), 6);
}
IResult::Incomplete(_) => {
panic!("Result should not have been incomplete.");
}
IResult::Error(err) => {
panic!("Result should not be an error: {:?}.", err);
}
}
}

}
Binary file added rust/src/applayertemplate/template.pcap
View file
Open in desktop
Binary file not shown.
Loading