OISF · victorjulien · Jan 18, 2025 · Jan 17, 2025 · Jan 17, 2025 · Jan 17, 2025
@@ -18,8 +18,10 @@
 //! Parser registration functions and common interface module.
 
 use std;
-use crate::core::{self,DetectEngineState,Flow,AppLayerEventType,AppProto,Direction};
+use crate::core::{self,DetectEngineState,AppLayerEventType,AppProto};
+use crate::direction::Direction;
 use crate::filecontainer::FileContainer;
+use crate::flow::Flow;
 use std::os::raw::{c_void,c_char,c_int};
 use crate::core::SC;
 use std::ffi::CStr;

@@ -19,7 +19,7 @@ use super::template::{TemplateTransaction, ALPROTO_TEMPLATE};
 /* TEMPLATE_START_REMOVE */
 use crate::conf::conf_get_node;
 /* TEMPLATE_END_REMOVE */
-use crate::core::Direction;
+use crate::direction::Direction;
 use crate::detect::{
     DetectBufferSetActiveList, DetectHelperBufferMpmRegister, DetectHelperGetData,
     DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableElmt,

@@ -18,7 +18,8 @@
 use super::parser;
 use crate::applayer::{self, *};
 use crate::conf::conf_get;
-use crate::core::{AppProto, Flow, ALPROTO_UNKNOWN, IPPROTO_TCP};
+use crate::core::{AppProto, ALPROTO_UNKNOWN, IPPROTO_TCP};
+use crate::flow::Flow;
 use nom7 as nom;
 use std;
 use std::collections::VecDeque;

@@ -19,7 +19,9 @@ use crate::applayer::{self, *};
 use crate::bittorrent_dht::parser::{
     parse_bittorrent_dht_packet, BitTorrentDHTError, BitTorrentDHTRequest, BitTorrentDHTResponse,
 };
-use crate::core::{AppProto, Flow, ALPROTO_UNKNOWN, IPPROTO_UDP, Direction};
+use crate::core::{AppProto, ALPROTO_UNKNOWN, IPPROTO_UDP};
+use crate::direction::Direction;
+use crate::flow::Flow;
 use std::ffi::CString;
 use std::os::raw::c_char;
 
@@ -98,7 +100,7 @@ impl BitTorrentDHTState {
         }
     }
 
-    pub fn parse(&mut self, input: &[u8], _direction: crate::core::Direction) -> bool {
+    pub fn parse(&mut self, input: &[u8], _direction: Direction) -> bool {
         if !Self::is_dht(input) {
             return true;
         }
@@ -170,7 +172,7 @@ pub unsafe extern "C" fn rs_bittorrent_dht_parse_ts(
 ) -> AppLayerResult {
     return rs_bittorrent_dht_parse(
         _flow, state, _pstate, stream_slice,
-        _data, crate::core::Direction::ToServer);
+        _data, Direction::ToServer);
 }
 
 #[no_mangle]
@@ -180,14 +182,14 @@ pub unsafe extern "C" fn rs_bittorrent_dht_parse_tc(
 ) -> AppLayerResult {
     return rs_bittorrent_dht_parse(
         _flow, state, _pstate, stream_slice,
-        _data, crate::core::Direction::ToClient);
+        _data, Direction::ToClient);
 }
 
 #[no_mangle]
 pub unsafe extern "C" fn rs_bittorrent_dht_parse(
     _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
     stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
-    direction: crate::core::Direction,
+    direction: Direction,
 ) -> AppLayerResult {
     let state = cast_pointer!(state, BitTorrentDHTState);
     let buf = stream_slice.as_slice();
@@ -301,7 +303,7 @@ pub unsafe extern "C" fn rs_bittorrent_dht_udp_register_parser() {
             BITTORRENT_DHT_PAYLOAD_PREFIX.as_ptr() as *const c_char,
             BITTORRENT_DHT_PAYLOAD_PREFIX.len() as u16 - 1,
             0,
-            crate::core::Direction::ToServer.into(),
+            Direction::ToServer.into(),
         ) < 0
         {
             SCLogDebug!("Failed to register protocol detection pattern for direction TOSERVER");
@@ -312,7 +314,7 @@ pub unsafe extern "C" fn rs_bittorrent_dht_udp_register_parser() {
             BITTORRENT_DHT_PAYLOAD_PREFIX.as_ptr() as *const c_char,
             BITTORRENT_DHT_PAYLOAD_PREFIX.len() as u16 - 1,
             0,
-            crate::core::Direction::ToClient.into(),
+            Direction::ToClient.into(),
         ) < 0
         {
             SCLogDebug!("Failed to register protocol detection pattern for direction TOCLIENT");

@@ -446,7 +446,7 @@ pub fn parse_bittorrent_dht_packet(
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::core::Direction;
+    use crate::direction::Direction;
     use test_case::test_case;
 
     #[test_case(

@@ -62,39 +62,6 @@ pub mod nom7 {
     }
 }
 
-#[cfg(not(feature = "debug-validate"))]
-#[macro_export]
-macro_rules! debug_validate_bug_on (
-  ($item:expr) => {};
-);
-
-#[cfg(feature = "debug-validate")]
-#[macro_export]
-macro_rules! debug_validate_bug_on (
-  ($item:expr) => {
-    if $item {
-        panic!("Condition check failed");
-    }
-  };
-);
-
-#[cfg(not(feature = "debug-validate"))]
-#[macro_export]
-macro_rules! debug_validate_fail (
-  ($msg:expr) => {};
-);
-
-#[cfg(feature = "debug-validate")]
-#[macro_export]
-macro_rules! debug_validate_fail (
-  ($msg:expr) => {
-    // Wrap in a conditional to prevent unreachable code warning in caller.
-    if true {
-      panic!($msg);
-    }
-  };
-);
-
 /// Convert a String to C-compatible string
 ///
 /// This function will consume the provided data and use the underlying bytes to construct a new

@@ -19,7 +19,7 @@
 
 use std;
 use crate::filecontainer::*;
-use crate::debug_validate_fail;
+use crate::flow::Flow;
 
 /// Opaque C types.
 pub enum DetectEngineState {}
@@ -40,70 +40,6 @@ pub const STREAM_TOCLIENT: u8 = 0x08;
 pub const STREAM_GAP:      u8 = 0x10;
 pub const STREAM_DEPTH:    u8 = 0x20;
 pub const STREAM_MIDSTREAM:u8 = 0x40;
-pub const DIR_BOTH:        u8 = 0b0000_1100;
-const DIR_TOSERVER:        u8 = 0b0000_0100;
-const DIR_TOCLIENT:        u8 = 0b0000_1000;
-
-#[repr(C)]
-#[derive(Debug, PartialEq, Eq, Clone, Copy)]
-pub enum Direction {
-    ToServer = 0x04,
-    ToClient = 0x08,
-}
-
-impl Direction {
-    /// Return true if the direction is to server.
-    pub fn is_to_server(&self) -> bool {
-	matches!(self, Self::ToServer)
-    }
-
-    /// Return true if the direction is to client.
-    pub fn is_to_client(&self) -> bool {
-	matches!(self, Self::ToClient)
-    }
-
-    pub fn index(&self) -> usize {
-        match self {
-            Self::ToClient => 0,
-            _ => 1,
-        }
-    }
-}
-
-impl Default for Direction {
-    fn default() -> Self { Direction::ToServer }
-}
-
-impl std::fmt::Display for Direction {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        match self {
-            Self::ToServer => write!(f, "toserver"),
-            Self::ToClient => write!(f, "toclient"),
-        }
-    }
-}
-
-impl From<u8> for Direction {
-    fn from(d: u8) -> Self {
-        if d & (DIR_TOSERVER | DIR_TOCLIENT) == (DIR_TOSERVER | DIR_TOCLIENT) {
-            debug_validate_fail!("Both directions are set");
-            Direction::ToServer
-        } else if d & DIR_TOSERVER != 0 {
-            Direction::ToServer
-        } else if d & DIR_TOCLIENT != 0 {
-            Direction::ToClient
-        } else {
-            debug_validate_fail!("Unknown direction!!");
-            Direction::ToServer
-        }
-    }
-}
-
-impl From<Direction> for u8 {
-    fn from(d: Direction) -> u8 {
-        d as u8
-    }
-}
 
 // Application layer protocol identifiers (app-layer-protos.h)
 pub type AppProto = u16;
@@ -131,9 +67,6 @@ macro_rules!BIT_U64 {
     ($x:expr) => (1 << $x);
 }
 
-// Flow flags
-pub const FLOW_DIR_REVERSED: u32 = BIT_U32!(26);
-
 // Defined in app-layer-protos.h
 /// cbindgen:ignore
 extern {
@@ -243,7 +176,6 @@ pub struct SuricataFileContext {
 /// cbindgen:ignore
 extern {
     pub fn SCGetContext() -> &'static mut SuricataContext;
-    pub fn SCLogGetLogLevel() -> i32;
 }
 
 pub static mut SC: Option<&'static SuricataContext> = None;
@@ -301,54 +233,3 @@ pub fn sc_app_layer_decoder_events_free_events(
         }
     }
 }
-
-/// Opaque flow type (defined in C)
-pub enum Flow {}
-
-// Extern functions operating on Flow.
-/// cbindgen:ignore
-extern {
-    pub fn FlowGetLastTimeAsParts(flow: &Flow, secs: *mut u64, usecs: *mut u64);
-    pub fn FlowGetFlags(flow: &Flow) -> u32;
-    pub fn FlowGetSourcePort(flow: &Flow) -> u16;
-    pub fn FlowGetDestinationPort(flow: &Flow) -> u16;
-}
-
-/// Rust implementation of Flow.
-impl Flow {
-
-    /// Return the time of the last flow update as a `Duration`
-    /// since the epoch.
-    pub fn get_last_time(&mut self) -> std::time::Duration {
-        unsafe {
-            let mut secs: u64 = 0;
-            let mut usecs: u64 = 0;
-            FlowGetLastTimeAsParts(self, &mut secs, &mut usecs);
-            std::time::Duration::new(secs, usecs as u32 * 1000)
-        }
-    }
-
-    /// Return the flow flags.
-    pub fn get_flags(&self) -> u32 {
-        unsafe { FlowGetFlags(self) }
-    }
-
-    /// Return flow ports
-    pub fn get_ports(&self) -> (u16, u16) {
-        unsafe { (FlowGetSourcePort(self), FlowGetDestinationPort(self)) }
-    }
-}
-
-#[cfg(test)]
-mod test {
-    use super::*;
-
-    #[test]
-    fn test_direction() {
-	assert!(Direction::ToServer.is_to_server());
-	assert!(!Direction::ToServer.is_to_client());
-
-	assert!(Direction::ToClient.is_to_client());
-	assert!(!Direction::ToClient.is_to_server());
-    }
-}
@@ -18,6 +18,8 @@
 use crate::applayer::{self, *};
 use crate::core::{self, *};
 use crate::dcerpc::parser;
+use crate::direction::{Direction, DIR_BOTH};
+use crate::flow::Flow;
 use nom7::error::{Error, ErrorKind};
 use nom7::number::Endianness;
 use nom7::{Err, IResult, Needed};
@@ -322,7 +324,7 @@ pub struct DCERPCState {
     pub tc_gap: bool,
     pub ts_ssn_gap: bool,
     pub tc_ssn_gap: bool,
-    pub flow: Option<*const core::Flow>,
+    pub flow: Option<*const Flow>,
     state_data: AppLayerStateData,
 }
 
@@ -1129,7 +1131,7 @@ pub extern "C" fn rs_parse_dcerpc_response_gap(
 
 #[no_mangle]
 pub unsafe extern "C" fn rs_dcerpc_parse_request(
-    flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+    flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
     stream_slice: StreamSlice,
     _data: *const std::os::raw::c_void,
 ) -> AppLayerResult {
@@ -1154,7 +1156,7 @@ pub unsafe extern "C" fn rs_dcerpc_parse_request(
 
 #[no_mangle]
 pub unsafe extern "C" fn rs_dcerpc_parse_response(
-    flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+    flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
     stream_slice: StreamSlice,
     _data: *const std::os::raw::c_void,
 ) -> AppLayerResult {
@@ -1269,7 +1271,7 @@ fn probe(input: &[u8]) -> (bool, bool) {
     }
 }
 
-pub unsafe extern "C" fn rs_dcerpc_probe_tcp(_f: *const core::Flow, direction: u8, input: *const u8,
+pub unsafe extern "C" fn rs_dcerpc_probe_tcp(_f: *const Flow, direction: u8, input: *const u8,
                                       len: u32, rdir: *mut u8) -> AppProto
 {
     SCLogDebug!("Probing packet for DCERPC");
@@ -1386,8 +1388,8 @@ pub unsafe extern "C" fn rs_dcerpc_register_parser() {
 #[cfg(test)]
 mod tests {
     use crate::applayer::AppLayerResult;
-    use crate::core::*;
     use crate::dcerpc::dcerpc::DCERPCState;
+    use crate::direction::Direction;
     use std::cmp;
 
     #[test]

@@ -15,12 +15,14 @@
  * 02110-1301, USA.
  */
 
+use crate::core;
 use crate::applayer::{self, *};
-use crate::core::{self, Direction, DIR_BOTH};
 use crate::dcerpc::dcerpc::{
     DCERPCTransaction, DCERPC_MAX_TX, DCERPC_TYPE_REQUEST, DCERPC_TYPE_RESPONSE, PFCL1_FRAG, PFCL1_LASTFRAG,
     rs_dcerpc_get_alstate_progress, ALPROTO_DCERPC, PARSER_NAME,
 };
+use crate::direction::{Direction, DIR_BOTH};
+use crate::flow::Flow;
 use nom7::Err;
 use std;
 use std::ffi::CString;
@@ -233,7 +235,7 @@ impl DCERPCUDPState {
 
 #[no_mangle]
 pub unsafe extern "C" fn rs_dcerpc_udp_parse(
-    _flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+    _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
     stream_slice: StreamSlice,
     _data: *const std::os::raw::c_void,
 ) -> AppLayerResult {
@@ -310,7 +312,7 @@ fn probe(input: &[u8]) -> (bool, bool) {
     }
 }
 
-pub unsafe extern "C" fn rs_dcerpc_probe_udp(_f: *const core::Flow, direction: u8, input: *const u8,
+pub unsafe extern "C" fn rs_dcerpc_probe_udp(_f: *const Flow, direction: u8, input: *const u8,
                                       len: u32, rdir: *mut u8) -> core::AppProto
 {
     SCLogDebug!("Probing the packet for DCERPC/UDP");