aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect-less: add log only TX handling function

Browse Source 
When running w/o detect, TX cleanup handling needs to ignore the
inspect_id as it's only updated by detect.

This patch introduces a new ActiveTx handler for logging only:
AppLayerTransactionGetActiveLogOnly

If --disable-detection is passed on the commandline, this function
is registered.
pull/796/head
Victor Julien 11 years ago
parent 50f5b246db
commit 5cc880c5c1
3 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File

15
src/app-layer-parser.c
Unescape Escape View File

@ -613,9 +613,22 @@ uint64_t AppLayerTransactionGetActiveDetectLog(Flow *f, uint8_t flags) {
}
}
/** \brief active TX retrieval for logging only: so NO detection
*
* We simply return the log_id here.
*
* \todo what if a logger is disabled?
**/
uint64_t AppLayerTransactionGetActiveLogOnly(Flow *f, uint8_t flags) {
uint64_t log_id = f->alparser->log_id;
SCLogDebug("returning %"PRIu64, log_id);
return log_id;
}
void RegisterAppLayerGetActiveTxIdFunc(GetActiveTxIdFunc FuncPtr) {
BUG_ON(AppLayerGetActiveTxIdFuncPtr != NULL);
//BUG_ON(AppLayerGetActiveTxIdFuncPtr != NULL);
AppLayerGetActiveTxIdFuncPtr = FuncPtr;
SCLogDebug("AppLayerGetActiveTxIdFuncPtr is now %p", AppLayerGetActiveTxIdFuncPtr);
}
/**

7
src/app-layer-parser.h
Unescape Escape View File

@ -54,6 +54,13 @@ void RegisterAppLayerGetActiveTxIdFunc(GetActiveTxIdFunc FuncPtr);
*/
uint64_t AppLayerTransactionGetActiveDetectLog(Flow *f, uint8_t flags);
/** \brief active TX retrieval for logging only ops
*
* \retval tx_id lowest tx_id that still needs work
*/
uint64_t AppLayerTransactionGetActiveLogOnly(Flow *f, uint8_t flags);
int AppLayerParserSetup(void);
int AppLayerParserDeSetup(void);

4
src/suricata.c
Unescape Escape View File

@ -119,6 +119,7 @@
#include "unix-manager.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "util-radix-tree.h"
@ -2102,6 +2103,9 @@ int main(int argc, char **argv)
if (ActionInitConfig() < 0) {
exit(EXIT_FAILURE);
}
} else {
/* tell the app layer to consider only the log id */
RegisterAppLayerGetActiveTxIdFunc(AppLayerTransactionGetActiveLogOnly);
}
if (MagicInit() != 0)

Write Preview
Loading…
Cancel
Save