suricata
app-layer-nfs-udp.c
Go to the documentation of this file.
1 /* Copyright (C) 2015-2021 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * NFS application layer detector and parser
24  */
25 
26 #include "suricata-common.h"
27 #include "stream.h"
28 #include "conf.h"
29 
30 #include "util-unittest.h"
31 
32 #include "app-layer-detect-proto.h"
33 #include "app-layer-parser.h"
34 
35 #include "app-layer-nfs-udp.h"
36 #include "util-enum.h"
37 
38 #include "rust.h"
39 
40 /* Enum of app-layer events for an echo protocol. Normally you might
41  * have events for errors in parsing data, like unexpected data being
42  * received. For echo we'll make something up, and log an app-layer
43  * level alert if an empty message is received.
44  *
45  * Example rule:
46  *
47  * alert nfs any any -> any any (msg:"SURICATA NFS empty message"; \
48  * app-layer-event:nfs.empty_message; sid:X; rev:Y;)
49  */
50 enum {
51  NFS_DECODER_EVENT_EMPTY_MESSAGE,
52 };
53 
54 SCEnumCharMap nfs_udp_decoder_event_table[] = {
55  {"EMPTY_MESSAGE", NFS_DECODER_EVENT_EMPTY_MESSAGE},
56  { NULL, 0 }
57 };
58 
59 
60 static StreamingBufferConfig sbcfg = STREAMING_BUFFER_CONFIG_INITIALIZER;
61 static SuricataFileContext sfc = { &sbcfg };
62 
63 void RegisterNFSUDPParsers(void)
64 {
65  rs_nfs_init(&sfc);
66  rs_nfs_udp_register_parser();
67 
68 #ifdef UNITTESTS
69  AppLayerParserRegisterProtocolUnittests(IPPROTO_UDP, ALPROTO_NFS,
70  NFSUDPParserRegisterTests);
71 #endif
72 }
73 
74 #ifdef UNITTESTS
75 #endif
76 
77 void NFSUDPParserRegisterTests(void)
78 {
79 #ifdef UNITTESTS
80 #endif
81 }
app-layer-nfs-udp.h
STREAMING_BUFFER_CONFIG_INITIALIZER
#define STREAMING_BUFFER_CONFIG_INITIALIZER
Definition: util-streaming-buffer.h:74
rust.h
util-unittest.h
app-layer-detect-proto.h
app-layer-parser.h
stream.h
AppLayerParserRegisterProtocolUnittests
void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void))
Definition: app-layer-parser.c:1871
conf.h
suricata-common.h
SCEnumCharMap_
Definition: util-enum.h:27
StreamingBufferConfig_
Definition: util-streaming-buffer.h:65
SuricataFileContext_
Definition: rust-context.h:66
NFS_DECODER_EVENT_EMPTY_MESSAGE
@ NFS_DECODER_EVENT_EMPTY_MESSAGE
Definition: app-layer-nfs-udp.c:51
nfs_udp_decoder_event_table
SCEnumCharMap nfs_udp_decoder_event_table[]
Definition: app-layer-nfs-udp.c:54
RegisterNFSUDPParsers
void RegisterNFSUDPParsers(void)
Definition: app-layer-nfs-udp.c:63
util-enum.h
ALPROTO_NFS
@ ALPROTO_NFS
Definition: app-layer-protos.h:45
NFSUDPParserRegisterTests
void NFSUDPParserRegisterTests(void)
Definition: app-layer-nfs-udp.c:77