From 1cf02560c8aa60ec3f009f4efee28ac08dcfb637 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Fri, 6 Mar 2015 19:11:10 +0100 Subject: [PATCH] app-layer: per tx destate Add API calls for storing detection state in the TX. --- src/app-layer-parser.c | 40 ++++++++++++++++++++++++++++++++++++++++ src/app-layer-parser.h | 8 ++++++++ 2 files changed, 48 insertions(+) diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index c32f721c12..42ad4e1edd 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -106,6 +106,9 @@ typedef struct AppLayerParserProtoCtx_ int (*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type); + DetectEngineState *(*GetTxDetectState)(void *tx); + int (*SetTxDetectState)(void *tx, DetectEngineState *); + /* Indicates the direction the parser is ready to see the data * the first time for a flow. Values accepted - * STREAM_TOSERVER, STREAM_TOCLIENT */ @@ -468,6 +471,18 @@ void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, SCReturn; } +void AppLayerParserRegisterDetectStateFuncs(uint8_t ipproto, AppProto alproto, + DetectEngineState *(*GetTxDetectState)(void *tx), + int (*SetTxDetectState)(void *tx, DetectEngineState *)) +{ + SCEnter(); + + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectState = GetTxDetectState; + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetTxDetectState = SetTxDetectState; + + SCReturn; +} + /***** Get and transaction functions *****/ void *AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto) @@ -782,6 +797,31 @@ uint64_t AppLayerParserGetTransactionActive(uint8_t ipproto, AppProto alproto, SCReturnCT(active_id, "uint64_t"); } +int AppLayerParserSupportsTxDetectState(uint8_t ipproto, AppProto alproto) +{ + if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectState != NULL) + return TRUE; + return FALSE; +} + +DetectEngineState *AppLayerParserGetTxDetectState(uint8_t ipproto, AppProto alproto, void *tx) +{ + SCEnter(); + DetectEngineState *s; + s = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectState(tx); + SCReturnPtr(s, "DetectEngineState"); +} + +int AppLayerParserSetTxDetectState(uint8_t ipproto, AppProto alproto, void *tx, DetectEngineState *s) +{ + int r; + SCEnter(); + if ((alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectState(tx) != NULL)) + SCReturnInt(-EBUSY); + r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetTxDetectState(tx, s); + SCReturnInt(r); +} + /***** General *****/ int AppLayerParserParse(AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index a000f0fbb0..44f27b76c8 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -26,6 +26,7 @@ #define __APP_LAYER_PARSER_H__ #include "app-layer-events.h" +#include "detect-engine-state.h" #include "util-file.h" #define APP_LAYER_PARSER_EOF 0x01 @@ -141,6 +142,9 @@ void AppLayerParserRegisterGetStateProgressCompletionStatus(uint8_t ipproto, void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int (*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type)); +void AppLayerParserRegisterDetectStateFuncs(uint8_t ipproto, AppProto alproto, + DetectEngineState *(*GetTxDetectState)(void *tx), + int (*SetTxDetectState)(void *tx, DetectEngineState *)); /***** Get and transaction functions *****/ @@ -175,6 +179,10 @@ uint64_t AppLayerParserGetTransactionActive(uint8_t ipproto, AppProto alproto, A uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto); +int AppLayerParserSupportsTxDetectState(uint8_t ipproto, AppProto alproto); +DetectEngineState *AppLayerParserGetTxDetectState(uint8_t ipproto, AppProto alproto, void *tx); +int AppLayerParserSetTxDetectState(uint8_t ipproto, AppProto alproto, void *tx, DetectEngineState *s); + /***** General *****/ int AppLayerParserParse(AppLayerParserThreadCtx *tctx, Flow *f, AppProto alproto,