rust/nfs: implement events

Remove lots of panic statements in favor of setting non-fatal events. Bug #2175.
OISF · Jul 13, 2017 · a306ccf · a306ccf
1 parent 3e9b583
commit a306ccf
Show file tree

Hide file tree

Showing 7 changed files with 189 additions and 99 deletions.
diff --git a/rules/Makefile.am b/rules/Makefile.am
@@ -9,4 +9,5 @@ modbus-events.rules \
 app-layer-events.rules \
 files.rules \
 dnp3-events.rules \
-ntp-events.rules
+ntp-events.rules \
+nfs-events.rules
diff --git a/rules/nfs-events.rules b/rules/nfs-events.rules
@@ -0,0 +1,8 @@
+# NFS app layer event rules
+#
+# SID's fall in the 2223000+ range. See https://redmine.openinfosecfoundation.org/projects/suricata/wiki/AppLayer
+#
+# These sigs fire at most once per connection.
+#
+alert nfs any any -> any any (msg:"SURICATA NFS malformed request data"; flow:to_server; app-layer-event:nfs.malformed_data; classtype:protocol-command-decode; sid:2223000; rev:1;)
+alert nfs any any -> any any (msg:"SURICATA NFS malformed response data"; flow:to_client; app-layer-event:nfs.malformed_data; classtype:protocol-command-decode; sid:2223001; rev:1;)
diff --git a/rust/gen-c-headers.py b/rust/gen-c-headers.py
@@ -84,7 +84,9 @@
     "DetectEngineState": "DetectEngineState",
     "core::DetectEngineState": "DetectEngineState",
     "core::AppLayerDecoderEvents": "AppLayerDecoderEvents",
+    "AppLayerDecoderEvents": "AppLayerDecoderEvents",
     "core::AppLayerEventType": "AppLayerEventType",
+    "AppLayerEventType": "AppLayerEventType",
     "CLuaState": "lua_State",
     "Store": "Store",
 }