From 73b59bda532a6bb232deddf79b5287b6ae0bb20f Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 16 Oct 2017 15:56:53 +0200 Subject: [PATCH] smtp: implement DetectFlags API --- src/app-layer-smtp.c | 23 +++++++++++++++++++++++ src/app-layer-smtp.h | 4 ++++ 2 files changed, 27 insertions(+) diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index 606aa6cc99..777a71911b 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -1631,6 +1631,26 @@ static int SMTPSetTxDetectState(void *state, void *vtx, DetectEngineState *s) return 0; } +static uint64_t SMTPGetTxDetectFlags(void *vtx, uint8_t dir) +{ + SMTPTransaction *tx = (SMTPTransaction *)vtx; + if (dir & STREAM_TOSERVER) { + return tx->detect_flags_ts; + } else { + return tx->detect_flags_tc; + } +} + +static void SMTPSetTxDetectFlags(void *vtx, uint8_t dir, uint64_t flags) +{ + SMTPTransaction *tx = (SMTPTransaction *)vtx; + if (dir & STREAM_TOSERVER) { + tx->detect_flags_ts = flags; + } else { + tx->detect_flags_tc = flags; + } +} + /** * \brief Register the SMTP Protocol parser. */ @@ -1660,6 +1680,9 @@ void RegisterSMTPParsers(void) AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPGetEvents); AppLayerParserRegisterDetectStateFuncs(IPPROTO_TCP, ALPROTO_SMTP, NULL, SMTPGetTxDetectState, SMTPSetTxDetectState); + AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_TCP, ALPROTO_SMTP, + SMTPGetTxDetectFlags, SMTPSetTxDetectFlags); + AppLayerParserRegisterLocalStorageFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPLocalStorageAlloc, SMTPLocalStorageFree); diff --git a/src/app-layer-smtp.h b/src/app-layer-smtp.h index face8f93fa..24098120e7 100644 --- a/src/app-layer-smtp.h +++ b/src/app-layer-smtp.h @@ -66,6 +66,10 @@ typedef struct SMTPString_ { typedef struct SMTPTransaction_ { /** id of this tx, starting at 0 */ uint64_t tx_id; + + uint64_t detect_flags_ts; + uint64_t detect_flags_tc; + int done; /** indicates loggers done logging */ uint32_t logged;