Skip to content

Commit

Permalink
mysql: reassemble mysql packet and remove unused code-v1
Browse files Browse the repository at this point in the history 
Task OISF#3446
  • Loading branch information
@QianKaiLin
QianKaiLin committed Sep 24, 2024
1 parent becd843 commit 512c197
Show file tree
Hide file tree
Showing 7 changed files with 81 additions and 352 deletions.
58 changes: 5 additions & 53 deletions rust/src/mysql/logger.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ use crate::mysql::mysql::*;

fn log_mysql(tx: &MysqlTransaction, _flags: u32, js: &mut JsonBuilder) -> Result<(), JsonError> {
js.open_object("mysql")?;
js.set_uint("tx_id", tx.tx_id)?;
if let Some(version) = &tx.version {
js.set_string("version", version)?;
}
Expand All @@ -32,42 +31,14 @@ fn log_mysql(tx: &MysqlTransaction, _flags: u32, js: &mut JsonBuilder) -> Result
js.set_bool("tls", false)?;
}

if tx.command.is_some() {
let command = tx.command.clone().unwrap();
js.set_string("command", &command)?;
if let Some(command) = &tx.command {
js.set_string("command", command)?;
}
if tx.affected_rows.is_some() {
let affected_rows = tx.affected_rows.unwrap();
js.set_uint("affected_rows", affected_rows)?;
}

js.close()?;

Ok(())
}

fn log_mysql_alert(
tx: &MysqlTransaction, _flags: u32, js: &mut JsonBuilder,
) -> Result<(), JsonError> {
js.open_object("mysql")?;
js.set_uint("tx_id", tx.tx_id)?;
if let Some(version) = &tx.version {
js.set_string("version", version)?;
}
if let Some(tls) = &tx.tls {
js.set_bool("tls", *tls)?;
} else {
js.set_bool("tls", false)?;
}

if tx.command.is_some() {
let command = tx.command.clone().unwrap();
js.set_string("command", &command)?;
}
if tx.affected_rows.is_some() {
let affected_rows = tx.affected_rows.unwrap();
if let Some(affected_rows) = tx.affected_rows {
js.set_uint("affected_rows", affected_rows)?;
}

if let Some(rows) = &tx.rows {
js.open_array("rows")?;
for row in rows {
Expand All @@ -82,7 +53,7 @@ fn log_mysql_alert(
}

#[no_mangle]
pub unsafe extern "C" fn rs_mysql_logger(
pub unsafe extern "C" fn SCMysqlLogger(
tx: *mut std::os::raw::c_void, flags: u32, js: &mut JsonBuilder,
) -> bool {
let tx_mysql = cast_pointer!(tx, MysqlTransaction);
Expand All @@ -96,22 +67,3 @@ pub unsafe extern "C" fn rs_mysql_logger(
}
return result.is_ok();
}

#[no_mangle]
pub unsafe extern "C" fn rs_mysql_logger_alert(
tx: *mut std::os::raw::c_void, flags: u32, js: &mut JsonBuilder,
) -> bool {
let tx_mysql = cast_pointer!(tx, MysqlTransaction);
SCLogDebug!(
"----------- MySQL rs_mysql_logger_alert call. Tx is {:?}",
tx_mysql
);
let result = log_mysql_alert(tx_mysql, flags, js);
if let Err(ref err) = result {
SCLogError!(
"----------- MySQL rs_mysql_logger_alert failed. err is {:?}",
err
);
}
return result.is_ok();
}
57 changes: 7 additions & 50 deletions rust/src/mysql/mysql.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -506,7 +506,7 @@ impl MysqlState {

// If there was gap, check we can sync up again.
if self.request_gap {
if !probe(i) {
if !probe(i).is_ok() {
SCLogDebug!("Suricata interprets there's a gap in the request");
return AppLayerResult::ok();
}
Expand Down Expand Up @@ -617,9 +617,7 @@ impl MysqlState {
MysqlStateProgress::StmtResetReceived => {
Some(MysqlStateProgress::StmtResetResponseReceived)
}
MysqlStateProgress::ChangeUserReceived => {
Some(MysqlStateProgress::Finished)
}
MysqlStateProgress::ChangeUserReceived => Some(MysqlStateProgress::Finished),
MysqlStateProgress::StmtFetchReceived
| MysqlStateProgress::StmtFetchResponseContinue => {
Some(MysqlStateProgress::StmtFetchResponseReceived)
Expand Down Expand Up @@ -747,8 +745,7 @@ impl MysqlState {
Ok((i, MysqlBEMessage::Response(resp)))
}

MysqlStateProgress::StmtExecReceived
| MysqlStateProgress::StmtExecResponseContinue => {
MysqlStateProgress::StmtExecReceived | MysqlStateProgress::StmtExecResponseContinue => {
let (i, resp) = parse_stmt_execute_response(i)?;
Ok((i, MysqlBEMessage::Response(resp)))
}
Expand Down Expand Up @@ -794,7 +791,7 @@ impl MysqlState {
}

if self.response_gap {
if !probe(i) {
if !probe(i).is_ok() {
SCLogDebug!("Suricata interprets there's a gap in the response");
return AppLayerResult::ok();
}
Expand Down Expand Up @@ -864,12 +861,9 @@ impl MysqlState {
}

/// Probe for a valid mysql message
pub fn probe(input: &[u8]) -> bool {
if parse_packet_header(input).is_ok() {
return true;
}
SCLogDebug!("probe is false");
false
pub fn probe(i: &[u8]) -> IResult<&[u8], ()> {
let (i, _) = parse_packet_header(i)?;
Ok((i, ()))
}

// C exports
Expand Down Expand Up @@ -1021,43 +1015,6 @@ pub unsafe extern "C" fn rs_mysql_tx_get_alstate_progress(
export_tx_data_get!(rs_mysql_get_tx_data, MysqlTransaction);
export_state_data_get!(rs_mysql_get_state_data, MysqlState);

/// Get the mysql query
#[no_mangle]
pub unsafe extern "C" fn SCMysqlTxGetCommandName(
tx: &mut MysqlTransaction, buf: *mut *const u8, len: *mut u32,
) -> bool {
if let Some(command) = &tx.command {
if !command.is_empty() {
*buf = command.as_ptr();
*len = command.len() as u32;
return true;
}
}

false
}

/// Get the mysql rows at index i
#[no_mangle]
pub unsafe extern "C" fn SCMysqlGetRowsData(
tx: &mut MysqlTransaction, i: u32, buf: *mut *const u8, len: *mut u32,
) -> bool {
if let Some(rows) = &tx.rows {
if !rows.is_empty() {
let index = i as usize;
if let Some(row) = rows.get(index) {
if !row.is_empty() {
*buf = row.as_ptr();
*len = row.len() as u32;
return true;
}
}
}
}

false
}

// Parser name as a C style string.
const PARSER_NAME: &[u8] = b"mysql\0";

Expand Down
Loading

0 comments on commit 512c197

Please sign in to comment.