From 5cc880c5c1f309ba48b0f6eb908cbb9c575fc851 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Sat, 11 Jan 2014 11:14:56 +0100 Subject: [PATCH] detect-less: add log only TX handling function When running w/o detect, TX cleanup handling needs to ignore the inspect_id as it's only updated by detect. This patch introduces a new ActiveTx handler for logging only: AppLayerTransactionGetActiveLogOnly If --disable-detection is passed on the commandline, this function is registered. --- src/app-layer-parser.c | 15 ++++++++++++++- src/app-layer-parser.h | 7 +++++++ src/suricata.c | 4 ++++ 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 4d297c80b3..221a003920 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -613,9 +613,22 @@ uint64_t AppLayerTransactionGetActiveDetectLog(Flow *f, uint8_t flags) { } } +/** \brief active TX retrieval for logging only: so NO detection + * + * We simply return the log_id here. + * + * \todo what if a logger is disabled? + **/ +uint64_t AppLayerTransactionGetActiveLogOnly(Flow *f, uint8_t flags) { + uint64_t log_id = f->alparser->log_id; + SCLogDebug("returning %"PRIu64, log_id); + return log_id; +} + void RegisterAppLayerGetActiveTxIdFunc(GetActiveTxIdFunc FuncPtr) { - BUG_ON(AppLayerGetActiveTxIdFuncPtr != NULL); + //BUG_ON(AppLayerGetActiveTxIdFuncPtr != NULL); AppLayerGetActiveTxIdFuncPtr = FuncPtr; + SCLogDebug("AppLayerGetActiveTxIdFuncPtr is now %p", AppLayerGetActiveTxIdFuncPtr); } /** diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index cefd7287ad..0f3cc7e885 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -54,6 +54,13 @@ void RegisterAppLayerGetActiveTxIdFunc(GetActiveTxIdFunc FuncPtr); */ uint64_t AppLayerTransactionGetActiveDetectLog(Flow *f, uint8_t flags); +/** \brief active TX retrieval for logging only ops + * + * \retval tx_id lowest tx_id that still needs work + */ +uint64_t AppLayerTransactionGetActiveLogOnly(Flow *f, uint8_t flags); + + int AppLayerParserSetup(void); int AppLayerParserDeSetup(void); diff --git a/src/suricata.c b/src/suricata.c index 6125aa181f..f09681738e 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -119,6 +119,7 @@ #include "unix-manager.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "app-layer-htp.h" #include "util-radix-tree.h" @@ -2102,6 +2103,9 @@ int main(int argc, char **argv) if (ActionInitConfig() < 0) { exit(EXIT_FAILURE); } + } else { + /* tell the app layer to consider only the log id */ + RegisterAppLayerGetActiveTxIdFunc(AppLayerTransactionGetActiveLogOnly); } if (MagicInit() != 0)