detectproto: adding missing probing parsers

In direction TO_CLIENT for symetric protocols
6 years ago · 5ff50773bd
parent cf98b0223e
commit 5ff50773bd
5 changed files with 38 additions and 15 deletions
--- a/src/app-layer-dnp3.c
+++ b/src/app-layer-dnp3.c
@ -1609,12 +1609,12 @@ void RegisterDNP3Parsers(void)
        if (RunmodeIsUnittests()) {
            AppLayerProtoDetectPPRegister(IPPROTO_TCP, DNP3_DEFAULT_PORT,
                ALPROTO_DNP3, 0, sizeof(DNP3LinkHeader), STREAM_TOSERVER,
-                DNP3ProbingParser, NULL);
+                DNP3ProbingParser, DNP3ProbingParser);
        }
        else {
            if (!AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
                    proto_name, ALPROTO_DNP3, 0, sizeof(DNP3LinkHeader),
-                    DNP3ProbingParser, NULL)) {
+                    DNP3ProbingParser, DNP3ProbingParser)) {
 #ifndef AFLFUZZ_APPLAYER
                return;
 #endif
--- a/src/app-layer-modbus.c
+++ b/src/app-layer-modbus.c
@ -1482,14 +1482,14 @@ void RegisterModbusParsers(void)
                                          ALPROTO_MODBUS,
                                          0, sizeof(ModbusHeader),
                                          STREAM_TOSERVER,
-                                          ModbusProbingParser, NULL);
+                                          ModbusProbingParser, ModbusProbingParser);
        } else {
            /* If there is no app-layer section for Modbus, silently
             * leave it disabled. */
            if (!AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
                                                proto_name, ALPROTO_MODBUS,
                                                0, sizeof(ModbusHeader),
-                                                ModbusProbingParser, NULL)) {
+                                                ModbusProbingParser, ModbusProbingParser)) {
 #ifndef AFLFUZZ_APPLAYER
                return;
 #endif
--- a/src/app-layer-smb.c
+++ b/src/app-layer-smb.c
@ -273,7 +273,7 @@ void RegisterSMBParsers(void)
        if (RunmodeIsUnittests()) {
            AppLayerProtoDetectPPRegister(IPPROTO_TCP, "445", ALPROTO_SMB, 0,
                    MIN_REC_SIZE, STREAM_TOSERVER, SMBTCPProbe,
-                    NULL);
+                    SMBTCPProbe);
        } else {
            int have_cfg = AppLayerProtoDetectPPParseConfPorts("tcp",
                    IPPROTO_TCP, proto_name, ALPROTO_SMB, 0,
--- a/src/app-layer-template.c
+++ b/src/app-layer-template.c
@ -196,12 +196,35 @@ static AppLayerDecoderEvents *TemplateGetEvents(void *tx)
 }

 /**
- * \brief Probe the input to see if it looks like template.
+ * \brief Probe the input to server to see if it looks like template.
 *
- * \retval ALPROTO_TEMPLATE if it looks like template, otherwise
- *     ALPROTO_UNKNOWN.
+ * \retval ALPROTO_TEMPLATE if it looks like template,
+ *     ALPROTO_FAILED, if it is clearly not ALPROTO_TEMPLATE,
+ *     otherwise ALPROTO_UNKNOWN.
 */
-static AppProto TemplateProbingParser(Flow *f, uint8_t direction,
+static AppProto TemplateProbingParserTs(Flow *f, uint8_t direction,
+        uint8_t *input, uint32_t input_len, uint8_t *rdir)
+{
+    /* Very simple test - if there is input, this is template. */
+    if (input_len >= TEMPLATE_MIN_FRAME_LEN) {
+        SCLogNotice("Detected as ALPROTO_TEMPLATE.");
+        return ALPROTO_TEMPLATE;
+    }
+
+    SCLogNotice("Protocol not detected as ALPROTO_TEMPLATE.");
+    return ALPROTO_UNKNOWN;
+}
+
+/**
+ * \brief Probe the input to client to see if it looks like template.
+ *     TemplateProbingParserTs can be used instead if the protocol
+ *     is symmetric.
+ *
+ * \retval ALPROTO_TEMPLATE if it looks like template,
+ *     ALPROTO_FAILED, if it is clearly not ALPROTO_TEMPLATE,
+ *     otherwise ALPROTO_UNKNOWN.
+ */
+static AppProto TemplateProbingParserTc(Flow *f, uint8_t direction,
        uint8_t *input, uint32_t input_len, uint8_t *rdir)
 {
    /* Very simple test - if there is input, this is template. */
@ -472,21 +495,21 @@ void RegisterTemplateParsers(void)
            SCLogNotice("Unittest mode, registeringd default configuration.");
            AppLayerProtoDetectPPRegister(IPPROTO_TCP, TEMPLATE_DEFAULT_PORT,
                ALPROTO_TEMPLATE, 0, TEMPLATE_MIN_FRAME_LEN, STREAM_TOSERVER,
-                TemplateProbingParser, NULL);
+                TemplateProbingParserTs, TemplateProbingParserTc);

        }
        else {

            if (!AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
                    proto_name, ALPROTO_TEMPLATE, 0, TEMPLATE_MIN_FRAME_LEN,
-                    TemplateProbingParser, NULL)) {
+                    TemplateProbingParserTs, TemplateProbingParserTc)) {
                SCLogNotice("No template app-layer configuration, enabling echo"
                    " detection TCP detection on port %s.",
                    TEMPLATE_DEFAULT_PORT);
                AppLayerProtoDetectPPRegister(IPPROTO_TCP,
                    TEMPLATE_DEFAULT_PORT, ALPROTO_TEMPLATE, 0,
                    TEMPLATE_MIN_FRAME_LEN, STREAM_TOSERVER,
-                    TemplateProbingParser, NULL);
+                    TemplateProbingParserTs, TemplateProbingParserTc);
            }

        }
--- a/src/app-layer-tftp.c
+++ b/src/app-layer-tftp.c
@ -203,12 +203,12 @@ void RegisterTFTPParsers(void)
            AppLayerProtoDetectPPRegister(IPPROTO_UDP, TFTP_DEFAULT_PORT,
                                          ALPROTO_TFTP, 0, TFTP_MIN_FRAME_LEN,
                                          STREAM_TOSERVER, TFTPProbingParser,
-                                          NULL);
+                                          TFTPProbingParser);
        } else {
            if (!AppLayerProtoDetectPPParseConfPorts("udp", IPPROTO_UDP,
                                                     proto_name, ALPROTO_TFTP,
                                                     0, TFTP_MIN_FRAME_LEN,
-                                                     TFTPProbingParser, NULL)) {
+                                                     TFTPProbingParser, TFTPProbingParser)) {
                SCLogDebug("No echo app-layer configuration, enabling echo"
                           " detection UDP detection on port %s.",
                           TFTP_DEFAULT_PORT);
@ -216,7 +216,7 @@ void RegisterTFTPParsers(void)
                                              TFTP_DEFAULT_PORT, ALPROTO_TFTP,
                                              0, TFTP_MIN_FRAME_LEN,
                                              STREAM_TOSERVER,TFTPProbingParser,
-                                              NULL);
+                                              TFTPProbingParser);
            }
        }
    } else {