From f12e0266967a526e0d7ad0ef9cb8fecb126f3889 Mon Sep 17 00:00:00 2001 From: Jeff Lucovsky Date: Thu, 21 Dec 2023 09:41:29 -0500 Subject: [PATCH] mqtt: Move conf code to rust Issue: 6387 This commit moves the configuration logic to Rust. --- rust/src/mqtt/mqtt.rs | 19 +++++++----- rust/src/mqtt/parser.rs | 4 +-- src/Makefile.am | 2 -- src/app-layer-mqtt.c | 64 ----------------------------------------- src/app-layer-mqtt.h | 30 ------------------- src/app-layer-parser.c | 3 +- src/output-json-mqtt.c | 1 - 7 files changed, 15 insertions(+), 108 deletions(-) delete mode 100644 src/app-layer-mqtt.c delete mode 100644 src/app-layer-mqtt.h diff --git a/rust/src/mqtt/mqtt.rs b/rust/src/mqtt/mqtt.rs index f1c37d83c881..7f60e2a757cd 100644 --- a/rust/src/mqtt/mqtt.rs +++ b/rust/src/mqtt/mqtt.rs @@ -1,4 +1,4 @@ -/* Copyright (C) 2020-2022 Open Information Security Foundation +/* Copyright (C) 2020-2023 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -21,7 +21,7 @@ use super::mqtt_message::*; use super::parser::*; use crate::applayer::*; use crate::applayer::{self, LoggerFlags}; -use crate::conf::conf_get; +use crate::conf::{conf_get, get_memval}; use crate::core::*; use crate::frames::*; use nom7::Err; @@ -112,7 +112,7 @@ pub struct MQTTState { connected: bool, skip_request: usize, skip_response: usize, - max_msg_len: usize, + max_msg_len: u32, tx_index_completed: usize, } @@ -142,7 +142,7 @@ impl MQTTState { connected: false, skip_request: 0, skip_response: 0, - max_msg_len: unsafe { MAX_MSG_LEN as usize }, + max_msg_len: unsafe { MAX_MSG_LEN}, tx_index_completed: 0, } } @@ -778,10 +778,8 @@ export_tx_data_get!(rs_mqtt_get_tx_data, MQTTTransaction); export_state_data_get!(rs_mqtt_get_state_data, MQTTState); #[no_mangle] -pub unsafe extern "C" fn rs_mqtt_register_parser(cfg_max_msg_len: u32) { +pub unsafe extern "C" fn SCMqttRegisterParser() { let default_port = CString::new("[1883]").unwrap(); - let max_msg_len = &mut MAX_MSG_LEN; - *max_msg_len = cfg_max_msg_len; let parser = RustParser { name: PARSER_NAME.as_ptr() as *const std::os::raw::c_char, default_port: default_port.as_ptr(), @@ -830,6 +828,13 @@ pub unsafe extern "C" fn rs_mqtt_register_parser(cfg_max_msg_len: u32) { SCLogError!("Invalid value for mqtt.max-tx"); } } + if let Some(val) = conf_get("app-layer.protocols.mqtt.max-msg-length") { + if let Ok(v) = get_memval(val) { + MAX_MSG_LEN = v as u32; + } else { + SCLogError!("Invalid value for mqtt.max-msg-length: {}", val); + } + } } else { SCLogDebug!("Protocol detector and parser disabled for MQTT."); } diff --git a/rust/src/mqtt/parser.rs b/rust/src/mqtt/parser.rs index 8b1c8c542aba..9b576e54a5c0 100644 --- a/rust/src/mqtt/parser.rs +++ b/rust/src/mqtt/parser.rs @@ -634,7 +634,7 @@ fn parse_remaining_message<'a>( pub fn parse_message( input: &[u8], protocol_version: u8, - max_msg_size: usize, + max_msg_size: u32, ) -> IResult<&[u8], MQTTMessage> { // Parse the fixed header first. This is identical across versions and can // be between 2 and 5 bytes long. @@ -652,7 +652,7 @@ pub fn parse_message( // limit, we return a special truncation message type, containing // no parsed metadata but just the skipped length and the message // type. - if len > max_msg_size { + if len > max_msg_size as usize { let msg = MQTTMessage { header, op: MQTTOperation::TRUNCATED(MQTTTruncatedData { diff --git a/src/Makefile.am b/src/Makefile.am index 9cb4f815531c..133ed47cd1e8 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -36,7 +36,6 @@ noinst_HEADERS = \ app-layer-krb5.h \ app-layer-modbus.h \ app-layer-quic.h \ - app-layer-mqtt.h \ app-layer-nfs-tcp.h \ app-layer-nfs-udp.h \ app-layer-ntp.h \ @@ -655,7 +654,6 @@ libsuricata_c_a_SOURCES = \ app-layer-krb5.c \ app-layer-modbus.c \ app-layer-quic.c \ - app-layer-mqtt.c \ app-layer-nfs-tcp.c \ app-layer-nfs-udp.c \ app-layer-ntp.c \ diff --git a/src/app-layer-mqtt.c b/src/app-layer-mqtt.c deleted file mode 100644 index 96b4cc27afcc..000000000000 --- a/src/app-layer-mqtt.c +++ /dev/null @@ -1,64 +0,0 @@ -/* Copyright (C) 2020 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Sascha Steinbiss - */ - -#include "suricata-common.h" -#include "stream.h" -#include "conf.h" - -#include "util-misc.h" -#include "util-unittest.h" - -#include "app-layer-detect-proto.h" -#include "app-layer-parser.h" - -#include "app-layer-mqtt.h" -#include "rust.h" - -void RegisterMQTTParsers(void) -{ - SCLogDebug("Registering Rust mqtt parser."); - uint32_t max_msg_len = 1048576; /* default: 1MB */ - - if (AppLayerParserConfParserEnabled("tcp", "mqtt")) { - ConfNode *p = ConfGetNode("app-layer.protocols.mqtt.max-msg-length"); - if (p != NULL) { - uint32_t value; - if (ParseSizeStringU32(p->val, &value) < 0) { - SCLogError("invalid value for max-msg-length: %s", p->val); - } else { - max_msg_len = value; - } - } - rs_mqtt_register_parser(max_msg_len); - } -#ifdef UNITTESTS - AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_MQTT, - MQTTParserRegisterTests); -#endif -} - -void MQTTParserRegisterTests(void) -{ -#ifdef UNITTESTS -#endif -} diff --git a/src/app-layer-mqtt.h b/src/app-layer-mqtt.h deleted file mode 100644 index b55720ec8d73..000000000000 --- a/src/app-layer-mqtt.h +++ /dev/null @@ -1,30 +0,0 @@ -/* Copyright (C) 2020 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Sascha Steinbiss - */ - -#ifndef __APP_LAYER_MQTT_H__ -#define __APP_LAYER_MQTT_H__ - -void RegisterMQTTParsers(void); -void MQTTParserRegisterTests(void); - -#endif /* __APP_LAYER_MQTT_H__ */ diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 1f6066471757..96fc607fd257 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -57,7 +57,6 @@ #include "app-layer-krb5.h" #include "app-layer-sip.h" #include "app-layer-rfb.h" -#include "app-layer-mqtt.h" #include "app-layer-snmp.h" #include "app-layer-quic.h" #include "app-layer-rdp.h" @@ -1766,7 +1765,7 @@ void AppLayerParserRegisterProtocolParsers(void) RegisterQuicParsers(); rs_template_register_parser(); RegisterRFBParsers(); - RegisterMQTTParsers(); + SCMqttRegisterParser(); rs_pgsql_register_parser(); RegisterRdpParsers(); RegisterHTTP2Parsers(); diff --git a/src/output-json-mqtt.c b/src/output-json-mqtt.c index 2f600343e20d..b743229f36e3 100644 --- a/src/output-json-mqtt.c +++ b/src/output-json-mqtt.c @@ -41,7 +41,6 @@ #include "app-layer.h" #include "app-layer-parser.h" -#include "app-layer-mqtt.h" #include "output-json-mqtt.h" #include "rust.h"