aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

UDP support at AppLayer message handling

Browse Source
remotes/origin/master-1.0.x
Pablo Rincon 16 years ago committed by Victor Julien
parent e07e9e16ae
commit 8cc525c939
47 changed files with 904 additions and 619 deletions
Show Stats Download Patch File Download Diff File

18
src/app-layer-dcerpc.c
Unescape Escape View File

@ -1759,7 +1759,7 @@ int DCERPCParserTest01(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcbind, bindlen);
if (r != 0) {
@ -1768,7 +1768,7 @@ int DCERPCParserTest01(void) {
goto end;
}
DCERPCState *dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
DCERPCState *dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
printf("no dcerpc state: ");
result = 0;
@ -1827,7 +1827,7 @@ int DCERPCParserTest01(void) {
goto end;
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1978,7 +1978,7 @@ int DCERPCParserTest02(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcrequest, requestlen);
if (r != 0) {
@ -1987,7 +1987,7 @@ int DCERPCParserTest02(void) {
goto end;
}
DCERPCState *dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
DCERPCState *dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
printf("no dcerpc state: ");
result = 0;
@ -2020,7 +2020,7 @@ int DCERPCParserTest02(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -2171,7 +2171,7 @@ int DCERPCParserTest03(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcrequest, requestlen);
if (r != 0) {
@ -2180,7 +2180,7 @@ int DCERPCParserTest03(void) {
goto end;
}
DCERPCState *dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
DCERPCState *dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
printf("no dcerpc state: ");
result = 0;
@ -2206,7 +2206,7 @@ int DCERPCParserTest03(void) {
goto end;
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

132
src/app-layer-detect-proto.c
Unescape Escape View File

@ -100,13 +100,14 @@ void AlpProtoInit(AlpProtoDetectCtx *ctx) {
* \param co the content match
* \param proto the proto id
*/
static void AlpProtoAddSignature(AlpProtoDetectCtx *ctx, DetectContentData *co, uint16_t proto) {
static void AlpProtoAddSignature(AlpProtoDetectCtx *ctx, DetectContentData *co, uint16_t ip_proto, uint16_t proto) {
AlpProtoSignature *s = SCMalloc(sizeof(AlpProtoSignature));
if (s == NULL) {
return;
}
memset(s, 0x00, sizeof(AlpProtoSignature));
s->ip_proto = ip_proto;
s->proto = proto;
s->co = co;
@ -225,7 +226,7 @@ void AlpProtoAdd(AlpProtoDetectCtx *ctx, uint16_t ip_proto, uint16_t al_proto, c
dir->min_len = depth;
/* finally turn into a signature and add to the ctx */
AlpProtoAddSignature(ctx, cd, al_proto);
AlpProtoAddSignature(ctx, cd, ip_proto, al_proto);
}
#ifdef UNITTESTS
@ -427,13 +428,13 @@ void AppLayerDetectProtoThreadInit(void) {
*
* \retval proto App Layer proto, or ALPROTO_UNKNOWN if unknown
*/
uint16_t AppLayerDetectGetProto(AlpProtoDetectCtx *ctx, AlpProtoDetectThreadCtx *tctx, uint8_t *buf, uint16_t buflen, uint8_t flags) {
uint16_t AppLayerDetectGetProto(AlpProtoDetectCtx *ctx, AlpProtoDetectThreadCtx *tctx, uint8_t *buf, uint16_t buflen, uint8_t flags, uint8_t ipproto) {
SCEnter();
AlpProtoDetectDirection *dir;
AlpProtoDetectDirectionThread *tdir;
if (flags & STREAM_TOSERVER) {
if (flags & FLOW_AL_STREAM_TOSERVER) {
dir = &ctx->toserver;
tdir = &tctx->toserver;
} else {
@ -498,7 +499,9 @@ uint16_t AppLayerDetectGetProto(AlpProtoDetectCtx *ctx, AlpProtoDetectThreadCtx
uint8_t s_cnt = 1;
while (proto == ALPROTO_UNKNOWN && s != NULL) {
proto = AlpProtoMatchSignature(s, buf, buflen);
/* TCP or UPD? */
if (s->ip_proto == ipproto)
proto = AlpProtoMatchSignature(s, buf, buflen);
s = s->map_next;
if (s == NULL && s_cnt < tdir->pmq.pattern_id_array_cnt) {
patid = tdir->pmq.pattern_id_array[s_cnt];
@ -890,7 +893,7 @@ int AlpDetectTest05(void) {
AlpProtoFinalizeGlobal(&ctx);
AlpProtoFinalizeThread(&ctx, &tctx);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data,sizeof(l7data), STREAM_TOCLIENT);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP);
if (proto != ALPROTO_HTTP) {
printf("proto %" PRIu8 " != %" PRIu8 ": ", proto, ALPROTO_HTTP);
r = 0;
@ -959,7 +962,7 @@ int AlpDetectTest06(void) {
AlpProtoFinalizeGlobal(&ctx);
AlpProtoFinalizeThread(&ctx, &tctx);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data,sizeof(l7data), STREAM_TOCLIENT);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP);
if (proto != ALPROTO_FTP) {
printf("proto %" PRIu8 " != %" PRIu8 ": ", proto, ALPROTO_FTP);
r = 0;
@ -1016,7 +1019,7 @@ int AlpDetectTest07(void) {
AlpProtoFinalizeGlobal(&ctx);
AlpProtoFinalizeThread(&ctx, &tctx);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data,sizeof(l7data), STREAM_TOCLIENT);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP);
if (proto != ALPROTO_UNKNOWN) {
printf("proto %" PRIu8 " != %" PRIu8 ": ", proto, ALPROTO_UNKNOWN);
r = 0;
@ -1084,7 +1087,7 @@ int AlpDetectTest08(void) {
AlpProtoFinalizeGlobal(&ctx);
AlpProtoFinalizeThread(&ctx, &tctx);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data,sizeof(l7data), STREAM_TOCLIENT);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP);
if (proto != ALPROTO_SMB) {
printf("proto %" PRIu8 " != %" PRIu8 ": ", proto, ALPROTO_SMB);
r = 0;
@ -1149,7 +1152,7 @@ int AlpDetectTest09(void) {
AlpProtoFinalizeGlobal(&ctx);
AlpProtoFinalizeThread(&ctx, &tctx);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data,sizeof(l7data), STREAM_TOCLIENT);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP);
if (proto != ALPROTO_SMB2) {
printf("proto %" PRIu8 " != %" PRIu8 ": ", proto, ALPROTO_SMB2);
r = 0;
@ -1209,7 +1212,7 @@ int AlpDetectTest10(void) {
AlpProtoFinalizeGlobal(&ctx);
AlpProtoFinalizeThread(&ctx, &tctx);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data,sizeof(l7data), STREAM_TOCLIENT);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP);
if (proto != ALPROTO_DCERPC) {
printf("proto %" PRIu8 " != %" PRIu8 ": ", proto, ALPROTO_DCERPC);
r = 0;
@ -1266,13 +1269,13 @@ int AlpDetectTest11(void) {
AlpProtoFinalizeGlobal(&ctx);
AlpProtoFinalizeThread(&ctx, &tctx);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data, sizeof(l7data), STREAM_TOCLIENT);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data, sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP);
if (proto == ALPROTO_HTTP) {
printf("proto %" PRIu8 " == %" PRIu8 ": ", proto, ALPROTO_HTTP);
r = 0;
}
proto = AppLayerDetectGetProto(&ctx, &tctx, l7data_resp, sizeof(l7data_resp), STREAM_TOSERVER);
proto = AppLayerDetectGetProto(&ctx, &tctx, l7data_resp, sizeof(l7data_resp), STREAM_TOSERVER, IPPROTO_TCP);
if (proto != ALPROTO_HTTP) {
printf("proto %" PRIu8 " != %" PRIu8 ": ", proto, ALPROTO_HTTP);
r = 0;
@ -1321,6 +1324,107 @@ end:
return r;
}
/**
* \test What about if we add some sigs only for udp but call for tcp?
* It should not detect any proto
*/
int AlpDetectTest13(void) {
uint8_t l7data[] = "CONNECT www.ssllabs.com:443 HTTP/1.0\r\n";
uint8_t l7data_resp[] = "HTTP/1.1 405 Method Not Allowed\r\n";
int r = 1;
AlpProtoDetectCtx ctx;
AlpProtoDetectThreadCtx tctx;
AlpProtoInit(&ctx);
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER);
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER);
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER);
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER);
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER);
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT);
if (ctx.toserver.id != 6) {
printf("ctx.toserver.id %u != 6: ", ctx.toserver.id);
r = 0;
}
if (ctx.toserver.map[ctx.toserver.id - 1] != ALPROTO_HTTP) {
printf("ctx.toserver.id %u != %u: ", ctx.toserver.map[ctx.toserver.id - 1],ALPROTO_HTTP);
r = 0;
}
AlpProtoFinalizeGlobal(&ctx);
AlpProtoFinalizeThread(&ctx, &tctx);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data, sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP);
if (proto == ALPROTO_HTTP) {
printf("proto %" PRIu8 " == %" PRIu8 ": ", proto, ALPROTO_HTTP);
r = 0;
}
proto = AppLayerDetectGetProto(&ctx, &tctx, l7data_resp, sizeof(l7data_resp), STREAM_TOSERVER, IPPROTO_TCP);
if (proto == ALPROTO_HTTP) {
printf("proto %" PRIu8 " != %" PRIu8 ": ", proto, ALPROTO_HTTP);
r = 0;
}
AlpProtoTestDestroy(&ctx);
return r;
}
/**
* \test What about if we add some sigs only for udp calling it for UDP?
* It should detect ALPROTO_HTTP (over udp). This is just a check
* to ensure that TCP/UDP differences work correctly.
*/
int AlpDetectTest14(void) {
uint8_t l7data[] = "CONNECT www.ssllabs.com:443 HTTP/1.0\r\n";
uint8_t l7data_resp[] = "HTTP/1.1 405 Method Not Allowed\r\n";
int r = 1;
AlpProtoDetectCtx ctx;
AlpProtoDetectThreadCtx tctx;
AlpProtoInit(&ctx);
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER);
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER);
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER);
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER);
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER);
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT);
if (ctx.toserver.id != 6) {
printf("ctx.toserver.id %u != 6: ", ctx.toserver.id);
r = 0;
}
if (ctx.toserver.map[ctx.toserver.id - 1] != ALPROTO_HTTP) {
printf("ctx.toserver.id %u != %u: ", ctx.toserver.map[ctx.toserver.id - 1],ALPROTO_HTTP);
r = 0;
}
AlpProtoFinalizeGlobal(&ctx);
AlpProtoFinalizeThread(&ctx, &tctx);
uint8_t proto = AppLayerDetectGetProto(&ctx, &tctx, l7data, sizeof(l7data), STREAM_TOCLIENT, IPPROTO_UDP);
if (proto == ALPROTO_HTTP) {
printf("proto %" PRIu8 " == %" PRIu8 ": ", proto, ALPROTO_HTTP);
r = 0;
}
proto = AppLayerDetectGetProto(&ctx, &tctx, l7data_resp, sizeof(l7data_resp), STREAM_TOSERVER, IPPROTO_UDP);
if (proto != ALPROTO_HTTP) {
printf("proto %" PRIu8 " != %" PRIu8 ": ", proto, ALPROTO_HTTP);
r = 0;
}
AlpProtoTestDestroy(&ctx);
return r;
}
#endif /* UNITTESTS */
void AlpDetectRegisterTests(void) {
@ -1337,5 +1441,7 @@ void AlpDetectRegisterTests(void) {
UtRegisterTest("AlpDetectTest10", AlpDetectTest10, 1);
UtRegisterTest("AlpDetectTest11", AlpDetectTest11, 1);
UtRegisterTest("AlpDetectTest12", AlpDetectTest12, 1);
UtRegisterTest("AlpDetectTest13", AlpDetectTest13, 1);
UtRegisterTest("AlpDetectTest14", AlpDetectTest14, 1);
#endif /* UNITTESTS */
}

12
src/app-layer-detect-proto.h
Unescape Escape View File

@ -27,20 +27,12 @@
#include "stream.h"
#include "detect-content.h"
typedef struct AlpProtoDetectDirectionThread_ {
MpmThreadCtx mpm_ctx;
PatternMatcherQueue pmq;
} AlpProtoDetectDirectionThread;
typedef struct AlpProtoDetectThreadCtx_ {
AlpProtoDetectDirectionThread toserver;
AlpProtoDetectDirectionThread toclient;
} AlpProtoDetectThreadCtx;
/** \brief Signature for proto detection
* \todo we might just use SigMatch here
*/
typedef struct AlpProtoSignature_ {
uint16_t ip_proto; /**< protocol (TCP/UDP) */
uint16_t proto; /**< protocol */
DetectContentData *co; /**< content match that needs to match */
struct AlpProtoSignature_ *next; /**< next signature */
@ -88,7 +80,7 @@ void *AppLayerDetectProtoThread(void *td);
void AppLayerDetectProtoThreadInit(void);
uint16_t AppLayerDetectGetProto(AlpProtoDetectCtx *, AlpProtoDetectThreadCtx *, uint8_t *, uint16_t, uint8_t);
uint16_t AppLayerDetectGetProto(AlpProtoDetectCtx *, AlpProtoDetectThreadCtx *, uint8_t *, uint16_t, uint8_t, uint8_t);
void AppLayerDetectProtoThreadSpawn(void);
void AlpDetectRegisterTests(void);

30
src/app-layer-ftp.c
Unescape Escape View File

@ -301,7 +301,7 @@ int FTPParserTest01(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_EOF, ftpbuf, ftplen);
if (r != 0) {
@ -310,7 +310,7 @@ int FTPParserTest01(void) {
goto end;
}
FtpState *ftp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_FTP)];
FtpState *ftp_state = f.aldata[AlpGetStateIdx(ALPROTO_FTP)];
if (ftp_state == NULL) {
SCLogDebug("no ftp state: ");
result = 0;
@ -324,7 +324,7 @@ int FTPParserTest01(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -346,7 +346,7 @@ int FTPParserTest03(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_START, ftpbuf1, ftplen1);
if (r != 0) {
@ -369,7 +369,7 @@ int FTPParserTest03(void) {
goto end;
}
FtpState *ftp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_FTP)];
FtpState *ftp_state = f.aldata[AlpGetStateIdx(ALPROTO_FTP)];
if (ftp_state == NULL) {
SCLogDebug("no ftp state: ");
result = 0;
@ -383,7 +383,7 @@ int FTPParserTest03(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -403,7 +403,7 @@ int FTPParserTest06(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, ftpbuf1, ftplen1);
if (r != 0) {
@ -412,7 +412,7 @@ int FTPParserTest06(void) {
goto end;
}
FtpState *ftp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_FTP)];
FtpState *ftp_state = f.aldata[AlpGetStateIdx(ALPROTO_FTP)];
if (ftp_state == NULL) {
SCLogDebug("no ftp state: ");
result = 0;
@ -426,7 +426,7 @@ int FTPParserTest06(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -448,7 +448,7 @@ int FTPParserTest07(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_START, ftpbuf1, ftplen1);
if (r != 0) {
@ -464,7 +464,7 @@ int FTPParserTest07(void) {
goto end;
}
FtpState *ftp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_FTP)];
FtpState *ftp_state = f.aldata[AlpGetStateIdx(ALPROTO_FTP)];
if (ftp_state == NULL) {
SCLogDebug("no ftp state: ");
result = 0;
@ -478,7 +478,7 @@ int FTPParserTest07(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -499,7 +499,7 @@ int FTPParserTest10(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
uint32_t u;
for (u = 0; u < ftplen1; u++) {
@ -517,7 +517,7 @@ int FTPParserTest10(void) {
}
}
FtpState *ftp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_FTP)];
FtpState *ftp_state = f.aldata[AlpGetStateIdx(ALPROTO_FTP)];
if (ftp_state == NULL) {
SCLogDebug("no ftp state: ");
result = 0;
@ -531,7 +531,7 @@ int FTPParserTest10(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

42
src/app-layer-htp.c
Unescape Escape View File

@ -1058,7 +1058,7 @@ int HTPParserTest01(void) {
f.dst.family = AF_INET;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
uint32_t u;
for (u = 0; u < httplen1; u++) {
@ -1077,7 +1077,7 @@ int HTPParserTest01(void) {
}
}
htp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
htp_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (htp_state == NULL) {
printf("no http state: ");
result = 0;
@ -1105,7 +1105,7 @@ int HTPParserTest01(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
@ -1128,7 +1128,7 @@ int HTPParserTest02(void) {
f.dst.family = AF_INET;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
STREAM_EOF, httpbuf1, httplen1);
@ -1138,7 +1138,7 @@ int HTPParserTest02(void) {
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -1160,7 +1160,7 @@ int HTPParserTest02(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
@ -1185,7 +1185,7 @@ int HTPParserTest03(void) {
f.dst.family = AF_INET;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
uint32_t u;
for (u = 0; u < httplen1; u++) {
@ -1203,7 +1203,7 @@ int HTPParserTest03(void) {
goto end;
}
}
htp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
htp_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (htp_state == NULL) {
printf("no http state: ");
result = 0;
@ -1228,7 +1228,7 @@ int HTPParserTest03(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
@ -1252,12 +1252,12 @@ int HTPParserTest04(void) {
f.dst.family = AF_INET;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
STREAM_EOF, httpbuf1, httplen1);
htp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
htp_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (htp_state == NULL) {
printf("no http state: ");
result = 0;
@ -1282,7 +1282,7 @@ int HTPParserTest04(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
@ -1317,7 +1317,7 @@ int HTPParserTest05(void) {
f.dst.family = AF_INET;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START,
httpbuf1, httplen1);
@ -1365,7 +1365,7 @@ int HTPParserTest05(void) {
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -1398,7 +1398,7 @@ int HTPParserTest05(void) {
goto end;
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
@ -1463,7 +1463,7 @@ int HTPParserTest06(void) {
f.dst.family = AF_INET;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START,
httpbuf1, httplen1);
@ -1481,7 +1481,7 @@ int HTPParserTest06(void) {
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -1516,7 +1516,7 @@ int HTPParserTest06(void) {
goto end;
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
@ -1864,7 +1864,7 @@ libhtp:\n\
}
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
uint32_t u;
for (u = 0; u < httplen1; u++) {
@ -1883,7 +1883,7 @@ libhtp:\n\
}
}
htp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
htp_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (htp_state == NULL) {
printf("no http state: ");
result = 0;
@ -1902,7 +1902,7 @@ end:
ConfDeInit();
ConfRestoreContextBackup();
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);

215
src/app-layer-parser.c
Unescape Escape View File

@ -768,13 +768,11 @@ int AppLayerParse(Flow *f, uint8_t proto, uint8_t flags, uint8_t *input,
AppLayerProto *p = &al_proto_table[proto];
TcpSession *ssn = NULL;
/* Used only if it's TCP */
ssn = f->protoctx;
if (ssn == NULL) {
SCLogDebug("no TCP session");
goto error;
}
if (flags & STREAM_GAP) {
/** Do this check before calling AppLayerParse */
if (flags & FLOW_AL_STREAM_GAP) {
SCLogDebug("stream gap detected (missing packets), this is not yet supported.");
goto error;
}
@ -782,26 +780,27 @@ int AppLayerParse(Flow *f, uint8_t proto, uint8_t flags, uint8_t *input,
/* Get the parser state (if any) */
AppLayerParserStateStore *parser_state_store = NULL;
if (ssn->aldata != NULL) {
if (f->aldata != NULL) {
parser_state_store = (AppLayerParserStateStore *)
ssn->aldata[app_layer_sid];
f->aldata[app_layer_sid];
if (parser_state_store == NULL) {
parser_state_store = AppLayerParserStateStoreAlloc();
if (parser_state_store == NULL)
goto error;
ssn->aldata[app_layer_sid] = (void *)parser_state_store;
f->aldata[app_layer_sid] = (void *)parser_state_store;
}
} else {
SCLogDebug("No App Layer Data");
/* Nothing is there to clean up, so just return from here after setting
* up the no reassembly flags */
StreamTcpSetSessionNoApplayerInspectionFlag(ssn);
FlowSetSessionNoApplayerInspectionFlag(f);
SCReturnInt(-1);
}
AppLayerParserState *parser_state = NULL;
if (flags & STREAM_TOSERVER) {
if (flags & FLOW_AL_STREAM_TOSERVER) {
SCLogDebug("to_server msg (flow %p)", f);
parser_state = &parser_state_store->to_server;
@ -834,12 +833,12 @@ int AppLayerParse(Flow *f, uint8_t proto, uint8_t flags, uint8_t *input,
SCReturnInt(0);
}
if (flags & STREAM_EOF)
if (flags & FLOW_AL_STREAM_EOF)
parser_state->flags |= APP_LAYER_PARSER_EOF;
/* See if we already have a 'app layer' state */
void *app_layer_state = NULL;
app_layer_state = ssn->aldata[p->storage_id];
app_layer_state = f->aldata[p->storage_id];
if (app_layer_state == NULL) {
/* lock the allocation of state as we may
@ -849,12 +848,12 @@ int AppLayerParse(Flow *f, uint8_t proto, uint8_t flags, uint8_t *input,
goto error;
}
ssn->aldata[p->storage_id] = app_layer_state;
f->aldata[p->storage_id] = app_layer_state;
SCLogDebug("alloced new app layer state %p (p->storage_id %u, name %s)",
app_layer_state, p->storage_id, al_proto_table[ssn->alproto].name);
app_layer_state, p->storage_id, al_proto_table[f->alproto].name);
} else {
SCLogDebug("using existing app layer state %p (p->storage_id %u, name %s))",
app_layer_state, p->storage_id, al_proto_table[ssn->alproto].name);
app_layer_state, p->storage_id, al_proto_table[f->alproto].name);
}
/* invoke the recursive parser, but only on data. We may get empty msgs on EOF */
@ -868,12 +867,16 @@ int AppLayerParse(Flow *f, uint8_t proto, uint8_t flags, uint8_t *input,
/* set the packets to no inspection and reassembly for the TLS sessions */
if (parser_state->flags & APP_LAYER_PARSER_NO_INSPECTION) {
FlowSetNoPayloadInspectionFlag(f);
FlowSetSessionNoApplayerInspectionFlag(f);
/* Set the no reassembly flag for both the stream in this TcpSession */
if (parser_state->flags & APP_LAYER_PARSER_NO_REASSEMBLY) {
StreamTcpSetSessionNoReassemblyFlag(ssn, flags & STREAM_TOCLIENT ? 1 : 0);
StreamTcpSetSessionNoReassemblyFlag(ssn, flags & STREAM_TOSERVER ? 1 : 0);
StreamTcpSetSessionNoApplayerInspectionFlag(ssn);
if (ssn != NULL) {
StreamTcpSetSessionNoReassemblyFlag(ssn,
flags & FLOW_AL_STREAM_TOCLIENT ? 1 : 0);
StreamTcpSetSessionNoReassemblyFlag(ssn,
flags & FLOW_AL_STREAM_TOSERVER ? 1 : 0);
}
}
}
@ -892,8 +895,9 @@ int AppLayerParse(Flow *f, uint8_t proto, uint8_t flags, uint8_t *input,
SCReturnInt(0);
error:
if (ssn != NULL) {
/* Set the no reassembly flag for both the stream in this TcpSession */
StreamTcpSetSessionNoApplayerInspectionFlag(ssn);
/* Set the no app layer inspection flag for both
* the stream in this Flow */
FlowSetSessionNoApplayerInspectionFlag(f);
if (f->src.family == AF_INET) {
char src[16];
@ -906,7 +910,7 @@ error:
SCLogError(SC_ERR_ALPARSER, "Error occured in parsing \"%s\" app layer "
"protocol, using network protocol %"PRIu8", source IP "
"address %s, destination IP address %s, src port %"PRIu16" and "
"dst port %"PRIu16"", al_proto_table[ssn->alproto].name,
"dst port %"PRIu16"", al_proto_table[f->alproto].name,
f->proto, src, dst, f->sp, f->dp);
} else {
char dst6[46];
@ -920,7 +924,7 @@ error:
SCLogError(SC_ERR_ALPARSER, "Error occured in parsing \"%s\" app layer "
"protocol, using network protocol %"PRIu8", source IPv6 "
"address %s, destination IPv6 address %s, src port %"PRIu16" and "
"dst port %"PRIu16"", al_proto_table[ssn->alproto].name,
"dst port %"PRIu16"", al_proto_table[f->alproto].name,
f->proto, src6, dst6, f->sp, f->dp);
}
}
@ -932,24 +936,18 @@ error:
int AppLayerTransactionGetBaseId(Flow *f) {
SCEnter();
if (f->proto != IPPROTO_TCP) {
SCLogDebug("no TCP");
goto error;
}
TcpSession *ssn = f->protoctx;
if (ssn == NULL) {
SCLogDebug("no TCP session");
if (f->proto != IPPROTO_TCP && f->proto != IPPROTO_UDP) {
SCLogDebug("no TCP or UDP");
goto error;
}
/* Get the parser state (if any) */
if (ssn->aldata == NULL) {
if (f->aldata == NULL) {
SCLogDebug("no aldata");
goto error;
}
AppLayerParserStateStore *parser_state_store = parser_state_store = (AppLayerParserStateStore *)ssn->aldata[app_layer_sid];
AppLayerParserStateStore *parser_state_store = parser_state_store = (AppLayerParserStateStore *)f->aldata[app_layer_sid];
if (parser_state_store == NULL) {
SCLogDebug("no state store");
goto error;
@ -965,24 +963,18 @@ error:
int AppLayerTransactionGetLoggableId(Flow *f) {
SCEnter();
if (f->proto != IPPROTO_TCP) {
SCLogDebug("no TCP");
goto error;
}
TcpSession *ssn = f->protoctx;
if (ssn == NULL) {
SCLogDebug("no TCP session");
if (f->proto != IPPROTO_TCP && f->proto != IPPROTO_UDP) {
SCLogDebug("no TCP or UDP");
goto error;
}
/* Get the parser state (if any) */
if (ssn->aldata == NULL) {
if (f->aldata == NULL) {
SCLogDebug("no aldata");
goto error;
}
AppLayerParserStateStore *parser_state_store = parser_state_store = (AppLayerParserStateStore *)ssn->aldata[app_layer_sid];
AppLayerParserStateStore *parser_state_store = parser_state_store = (AppLayerParserStateStore *)f->aldata[app_layer_sid];
if (parser_state_store == NULL) {
SCLogDebug("no state store");
goto error;
@ -1007,24 +999,18 @@ error:
void AppLayerTransactionUpdateLoggedId(Flow *f) {
SCEnter();
if (f->proto != IPPROTO_TCP) {
SCLogDebug("no TCP");
goto error;
}
TcpSession *ssn = f->protoctx;
if (ssn == NULL) {
SCLogDebug("no TCP session");
if (f->proto != IPPROTO_TCP && f->proto != IPPROTO_UDP) {
SCLogDebug("no TCP or UDP");
goto error;
}
/* Get the parser state (if any) */
if (ssn->aldata == NULL) {
if (f->aldata == NULL) {
SCLogDebug("no aldata");
goto error;
}
AppLayerParserStateStore *parser_state_store = parser_state_store = (AppLayerParserStateStore *)ssn->aldata[app_layer_sid];
AppLayerParserStateStore *parser_state_store = parser_state_store = (AppLayerParserStateStore *)f->aldata[app_layer_sid];
if (parser_state_store == NULL) {
SCLogDebug("no state store");
goto error;
@ -1040,24 +1026,18 @@ error:
int AppLayerTransactionGetLoggedId(Flow *f) {
SCEnter();
if (f->proto != IPPROTO_TCP) {
SCLogDebug("no TCP");
goto error;
}
TcpSession *ssn = f->protoctx;
if (ssn == NULL) {
SCLogDebug("no TCP session");
if (f->proto != IPPROTO_TCP && f->proto != IPPROTO_UDP) {
SCLogDebug("no TCP or UDP");
goto error;
}
/* Get the parser state (if any) */
if (ssn->aldata == NULL) {
if (f->aldata == NULL) {
SCLogDebug("no aldata");
goto error;
}
AppLayerParserStateStore *parser_state_store = parser_state_store = (AppLayerParserStateStore *)ssn->aldata[app_layer_sid];
AppLayerParserStateStore *parser_state_store = parser_state_store = (AppLayerParserStateStore *)f->aldata[app_layer_sid];
if (parser_state_store == NULL) {
SCLogDebug("no state store");
goto error;
@ -1081,23 +1061,17 @@ int AppLayerTransactionUpdateInspectId(Flow *f)
int r = 0;
if (f->proto != IPPROTO_TCP) {
SCLogDebug("no TCP flow");
goto end;
}
TcpSession *ssn = f->protoctx;
if (ssn == NULL) {
SCLogDebug("no TCP session");
if (f->proto != IPPROTO_TCP && f->proto != IPPROTO_UDP) {
SCLogDebug("no TCP or UDP flow");
goto end;
}
/* Get the parser state (if any) */
AppLayerParserStateStore *parser_state_store = NULL;
if (ssn->aldata != NULL) {
if (f->aldata != NULL) {
parser_state_store = (AppLayerParserStateStore *)
ssn->aldata[app_layer_sid];
f->aldata[app_layer_sid];
if (parser_state_store != NULL) {
/* update inspect_id and see if it there are other transactions
* as well */
@ -1142,38 +1116,38 @@ void RegisterAppLayerParsers(void)
al_result_pool = PoolInit(1000,250,AlpResultElmtPoolAlloc,NULL,AlpResultElmtPoolFree);
}
void AppLayerParserCleanupState(TcpSession *ssn)
void AppLayerParserCleanupState(Flow *f)
{
if (ssn == NULL) {
SCLogDebug("no ssn");
if (f == NULL) {
SCLogDebug("no flow");
return;
}
if (ssn->alproto >= ALPROTO_MAX) {
if (f->alproto >= ALPROTO_MAX) {
SCLogDebug("app layer proto unknown");
return;
}
/* free the parser protocol state */
AppLayerProto *p = &al_proto_table[ssn->alproto];
if (p->StateFree != NULL && ssn->aldata != NULL) {
if (ssn->aldata[p->storage_id] != NULL) {
AppLayerProto *p = &al_proto_table[f->alproto];
if (p->StateFree != NULL && f->aldata != NULL) {
if (f->aldata[p->storage_id] != NULL) {
SCLogDebug("calling StateFree");
p->StateFree(ssn->aldata[p->storage_id]);
ssn->aldata[p->storage_id] = NULL;
p->StateFree(f->aldata[p->storage_id]);
f->aldata[p->storage_id] = NULL;
}
}
/* free the app layer parser api state */
if (ssn->aldata != NULL) {
if (ssn->aldata[app_layer_sid] != NULL) {
if (f->aldata != NULL) {
if (f->aldata[app_layer_sid] != NULL) {
SCLogDebug("calling AppLayerParserStateStoreFree");
AppLayerParserStateStoreFree(ssn->aldata[app_layer_sid]);
ssn->aldata[app_layer_sid] = NULL;
AppLayerParserStateStoreFree(f->aldata[app_layer_sid]);
f->aldata[app_layer_sid] = NULL;
}
StreamTcpDecrMemuse((uint32_t)(StreamL7GetStorageSize() * sizeof(void *)));
SCFree(ssn->aldata);
ssn->aldata = NULL;
//StreamTcpDecrMemuse((uint32_t)(StreamL7GetStorageSize() * sizeof(void *)));
SCFree(f->aldata);
f->aldata = NULL;
}
}
@ -1322,9 +1296,8 @@ static int AppLayerParserTest01 (void)
AppLayerRegisterStateFuncs(ALPROTO_TEST, TestProtocolStateAlloc,
TestProtocolStateFree);
ssn.alproto = ALPROTO_TEST;
FLOW_INITIALIZE(&f);
f.alproto = ALPROTO_TEST;
f.protoctx = (void *)&ssn;
inet_pton(AF_INET, "1.2.3.4", &addr.s_addr);
@ -1340,7 +1313,7 @@ static int AppLayerParserTest01 (void)
f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_TEST, STREAM_TOSERVER|STREAM_EOF, testbuf,
testlen);
@ -1349,7 +1322,7 @@ static int AppLayerParserTest01 (void)
goto end;
}
if (!(ssn.flags & STREAMTCP_FLAG_NO_APPLAYER_INSPECTION))
if (!(f.alflags & FLOW_AL_NO_APPLAYER_INSPECTION))
{
printf("flag should have been set, but is not: ");
goto end;
@ -1357,7 +1330,62 @@ static int AppLayerParserTest01 (void)
result = 1;
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
/** \test Test the deallocation of app layer parser memory on occurance of
* error in the parsing process for UDP.
*/
static int AppLayerParserTest02 (void)
{
int result = 1;
Flow f;
uint8_t testbuf[] = { 0x11 };
uint32_t testlen = sizeof(testbuf);
struct in_addr addr;
struct in_addr addr1;
Address src;
Address dst;
memset(&f, 0, sizeof(f));
memset(&src, 0, sizeof(src));
memset(&dst, 0, sizeof(dst));
/* Register the Test protocol state and parser functions */
AppLayerRegisterProto("test", ALPROTO_TEST, STREAM_TOSERVER,
TestProtocolParser);
AppLayerRegisterStateFuncs(ALPROTO_TEST, TestProtocolStateAlloc,
TestProtocolStateFree);
f.alproto = ALPROTO_TEST;
inet_pton(AF_INET, "1.2.3.4", &addr.s_addr);
src.family = AF_INET;
src.addr_data32[0] = addr.s_addr;
inet_pton(AF_INET, "4.3.2.1", &addr1.s_addr);
dst.family = AF_INET;
dst.addr_data32[0] = addr1.s_addr;
f.src = src;
f.dst = dst;
f.sp = htons(20);
f.dp = htons(40);
f.proto = IPPROTO_UDP;
StreamTcpInitConfig(TRUE);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_TEST, STREAM_TOSERVER|STREAM_EOF, testbuf,
testlen);
if (r != -1) {
printf("returned %" PRId32 ", expected -1: \n", r);
result = 0;
goto end;
}
end:
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1368,5 +1396,6 @@ void AppLayerParserRegisterTests(void)
{
#ifdef UNITTESTS
UtRegisterTest("AppLayerParserTest01", AppLayerParserTest01, 1);
UtRegisterTest("AppLayerParserTest02", AppLayerParserTest02, 1);
#endif /* UNITTESTS */
}

2
src/app-layer-parser.h
Unescape Escape View File

@ -172,7 +172,7 @@ int AppLayerTransactionGetBaseId(Flow *f);
void AppLayerParserRegisterTests(void);
#include "stream-tcp-private.h"
void AppLayerParserCleanupState(TcpSession *);
void AppLayerParserCleanupState(Flow *);
#endif /* __APP_LAYER_PARSER_H__ */

24
src/app-layer-smb.c
Unescape Escape View File

@ -1250,7 +1250,7 @@ int SMBParserTest01(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_EOF, smbbuf, smblen);
if (r != 0) {
@ -1258,7 +1258,7 @@ int SMBParserTest01(void) {
goto end;
}
SMBState *smb_state = ssn.aldata[AlpGetStateIdx(ALPROTO_SMB)];
SMBState *smb_state = f.aldata[AlpGetStateIdx(ALPROTO_SMB)];
if (smb_state == NULL) {
printf("no smb state: ");
goto end;
@ -1281,7 +1281,7 @@ int SMBParserTest01(void) {
result = 1;
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1321,7 +1321,7 @@ int SMBParserTest02(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_EOF, smbbuf, smblen);
if (r != 0) {
@ -1329,7 +1329,7 @@ int SMBParserTest02(void) {
goto end;
}
SMBState *smb_state = ssn.aldata[AlpGetStateIdx(ALPROTO_SMB)];
SMBState *smb_state = f.aldata[AlpGetStateIdx(ALPROTO_SMB)];
if (smb_state == NULL) {
printf("no smb state: ");
goto end;
@ -1353,7 +1353,7 @@ int SMBParserTest02(void) {
printUUID("BIND", smb_state->dcerpc.dcerpcbindbindack.uuid_entry);
result = 1;
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1611,7 +1611,7 @@ int SMBParserTest03(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
r = AppLayerParse(&f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_START, smbbuf1, smblen1);
if (r != 0) {
@ -1619,7 +1619,7 @@ int SMBParserTest03(void) {
goto end;
}
SMBState *smb_state = ssn.aldata[AlpGetStateIdx(ALPROTO_SMB)];
SMBState *smb_state = f.aldata[AlpGetStateIdx(ALPROTO_SMB)];
if (smb_state == NULL) {
printf("no smb state: ");
goto end;
@ -1643,7 +1643,7 @@ int SMBParserTest03(void) {
printUUID("BIND", smb_state->dcerpc.dcerpcbindbindack.uuid_entry);
result = 1;
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1716,7 +1716,7 @@ int SMBParserTest04(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
r = AppLayerParse(&f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_START, smbbuf1, smblen1);
if (r != 0) {
@ -1724,7 +1724,7 @@ int SMBParserTest04(void) {
goto end;
}
SMBState *smb_state = ssn.aldata[AlpGetStateIdx(ALPROTO_SMB)];
SMBState *smb_state = f.aldata[AlpGetStateIdx(ALPROTO_SMB)];
if (smb_state == NULL) {
printf("no smb state: ");
goto end;
@ -1753,7 +1753,7 @@ int SMBParserTest04(void) {
result = 1;
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

6
src/app-layer-smb2.c
Unescape Escape View File

@ -463,7 +463,7 @@ int SMB2ParserTest01(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_SMB2, STREAM_TOSERVER|STREAM_EOF, smb2buf, smb2len);
if (r != 0) {
@ -472,7 +472,7 @@ int SMB2ParserTest01(void) {
goto end;
}
SMB2State *smb2_state = ssn.aldata[AlpGetStateIdx(ALPROTO_SMB2)];
SMB2State *smb2_state = f.aldata[AlpGetStateIdx(ALPROTO_SMB2)];
if (smb2_state == NULL) {
printf("no smb2 state: ");
result = 0;
@ -498,7 +498,7 @@ int SMB2ParserTest01(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

20
src/app-layer-ssl.c
Unescape Escape View File

@ -268,7 +268,7 @@ static int SSLParserTest01(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_SSL, STREAM_TOSERVER|STREAM_EOF, sslbuf, ssllen);
if (r != 0) {
@ -276,7 +276,7 @@ static int SSLParserTest01(void) {
goto end;
}
SslState *ssl_state = ssn.aldata[AlpGetStateIdx(ALPROTO_SSL)];
SslState *ssl_state = f.aldata[AlpGetStateIdx(ALPROTO_SSL)];
if (ssl_state == NULL) {
printf("no ssl state: ");
goto end;
@ -296,7 +296,7 @@ static int SSLParserTest01(void) {
result = 1;
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -321,7 +321,7 @@ static int SSLParserTest02(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_SSL, STREAM_TOCLIENT|STREAM_EOF, sslbuf, ssllen);
if (r != 0) {
@ -330,7 +330,7 @@ static int SSLParserTest02(void) {
goto end;
}
SslState *ssl_state = ssn.aldata[AlpGetStateIdx(ALPROTO_SSL)];
SslState *ssl_state = f.aldata[AlpGetStateIdx(ALPROTO_SSL)];
if (ssl_state == NULL) {
printf("no ssl state: ");
result = 0;
@ -351,7 +351,7 @@ static int SSLParserTest02(void) {
goto end;
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -544,7 +544,7 @@ static int SSLParserTest03(void) {
ssn.client.ra_base_seq = 4276431676UL;
ssn.client.isn = 4276431676UL;
ssn.client.last_ack = 390133221UL;
ssn.alproto = ALPROTO_UNKNOWN;
f.alproto = ALPROTO_UNKNOWN;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
@ -647,7 +647,7 @@ static int SSLParserTest03(void) {
goto end;
}
SslState *ssl_state = ssn.aldata[AlpGetStateIdx(ALPROTO_SSL)];
SslState *ssl_state = f.aldata[AlpGetStateIdx(ALPROTO_SSL)];
if (ssl_state == NULL) {
printf("no ssl state: ");
result = 0;
@ -670,7 +670,7 @@ static int SSLParserTest03(void) {
uint16_t app_layer_sid = AppLayerParserGetStorageId();
AppLayerParserStateStore *parser_state_store = (AppLayerParserStateStore *)
ssn.aldata[app_layer_sid];
f.aldata[app_layer_sid];
AppLayerParserState *parser_state = &parser_state_store->to_server;
if (!(parser_state->flags & APP_LAYER_PARSER_NO_INSPECTION) &&
@ -687,7 +687,7 @@ static int SSLParserTest03(void) {
goto end;
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

66
src/app-layer-tls.c
Unescape Escape View File

@ -581,7 +581,7 @@ static int TLSParserTest01(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_TLS, STREAM_TOSERVER|STREAM_EOF, tlsbuf, tlslen);
if (r != 0) {
@ -590,7 +590,7 @@ static int TLSParserTest01(void) {
goto end;
}
TlsState *tls_state = ssn.aldata[AlpGetStateIdx(ALPROTO_TLS)];
TlsState *tls_state = f.aldata[AlpGetStateIdx(ALPROTO_TLS)];
if (tls_state == NULL) {
printf("no tls state: ");
result = 0;
@ -611,7 +611,7 @@ static int TLSParserTest01(void) {
goto end;
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -631,7 +631,7 @@ static int TLSParserTest02(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
if (r != 0) {
@ -647,7 +647,7 @@ static int TLSParserTest02(void) {
goto end;
}
TlsState *tls_state = ssn.aldata[AlpGetStateIdx(ALPROTO_TLS)];
TlsState *tls_state = f.aldata[AlpGetStateIdx(ALPROTO_TLS)];
if (tls_state == NULL) {
printf("no tls state: ");
result = 0;
@ -668,7 +668,7 @@ static int TLSParserTest02(void) {
goto end;
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -690,7 +690,7 @@ static int TLSParserTest03(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
if (r != 0) {
@ -713,7 +713,7 @@ static int TLSParserTest03(void) {
goto end;
}
TlsState *tls_state = ssn.aldata[AlpGetStateIdx(ALPROTO_TLS)];
TlsState *tls_state = f.aldata[AlpGetStateIdx(ALPROTO_TLS)];
if (tls_state == NULL) {
printf("no tls state: ");
result = 0;
@ -734,7 +734,7 @@ static int TLSParserTest03(void) {
goto end;
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -758,7 +758,7 @@ static int TLSParserTest04(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
if (r != 0) {
@ -788,7 +788,7 @@ static int TLSParserTest04(void) {
goto end;
}
TlsState *tls_state = ssn.aldata[AlpGetStateIdx(ALPROTO_TLS)];
TlsState *tls_state = f.aldata[AlpGetStateIdx(ALPROTO_TLS)];
if (tls_state == NULL) {
printf("no tls state: ");
result = 0;
@ -809,7 +809,7 @@ static int TLSParserTest04(void) {
goto end;
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -828,7 +828,7 @@ static int TLSParserTest05(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
if (r != 0) {
@ -871,7 +871,7 @@ static int TLSParserTest05(void) {
goto end;
}
TlsState *tls_state = ssn.aldata[AlpGetStateIdx(ALPROTO_TLS)];
TlsState *tls_state = f.aldata[AlpGetStateIdx(ALPROTO_TLS)];
if (tls_state == NULL) {
printf("no tls state: ");
result = 0;
@ -894,7 +894,7 @@ static int TLSParserTest05(void) {
uint16_t app_layer_sid = AppLayerParserGetStorageId();
AppLayerParserStateStore *parser_state_store = (AppLayerParserStateStore *)
ssn.aldata[app_layer_sid];
f.aldata[app_layer_sid];
AppLayerParserState *parser_state = &parser_state_store->to_server;
if (!(parser_state->flags & APP_LAYER_PARSER_NO_INSPECTION) &&
@ -912,7 +912,7 @@ static int TLSParserTest05(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -932,7 +932,7 @@ static int TLSParserTest06(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
if (r != 0) {
@ -966,7 +966,7 @@ static int TLSParserTest06(void) {
goto end;
}
TlsState *tls_state = ssn.aldata[AlpGetStateIdx(ALPROTO_TLS)];
TlsState *tls_state = f.aldata[AlpGetStateIdx(ALPROTO_TLS)];
if (tls_state == NULL) {
printf("no tls state: ");
result = 0;
@ -989,7 +989,7 @@ static int TLSParserTest06(void) {
uint16_t app_layer_sid = AppLayerParserGetStorageId();
AppLayerParserStateStore *parser_state_store = (AppLayerParserStateStore *)
ssn.aldata[app_layer_sid];
f.aldata[app_layer_sid];
AppLayerParserState *parser_state = &parser_state_store->to_server;
if ((parser_state->flags & APP_LAYER_PARSER_NO_INSPECTION) ||
@ -1033,7 +1033,7 @@ static int TLSParserTest06(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1078,7 +1078,7 @@ static int TLSParserMultimsgTest01(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
if (r != 0) {
@ -1087,7 +1087,7 @@ static int TLSParserMultimsgTest01(void) {
goto end;
}
TlsState *tls_state = ssn.aldata[AlpGetStateIdx(ALPROTO_TLS)];
TlsState *tls_state = f.aldata[AlpGetStateIdx(ALPROTO_TLS)];
if (tls_state == NULL) {
printf("no tls state: ");
result = 0;
@ -1108,7 +1108,7 @@ static int TLSParserMultimsgTest01(void) {
goto end;
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1153,7 +1153,7 @@ static int TLSParserMultimsgTest02(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf1, tlslen1);
if (r != 0) {
@ -1162,7 +1162,7 @@ static int TLSParserMultimsgTest02(void) {
goto end;
}
TlsState *tls_state = ssn.aldata[AlpGetStateIdx(ALPROTO_TLS)];
TlsState *tls_state = f.aldata[AlpGetStateIdx(ALPROTO_TLS)];
if (tls_state == NULL) {
printf("no tls state: ");
result = 0;
@ -1183,7 +1183,7 @@ static int TLSParserMultimsgTest02(void) {
goto end;
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1217,7 +1217,7 @@ static int TLSParserTest07(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
if (r != 0) {
@ -1226,7 +1226,7 @@ static int TLSParserTest07(void) {
goto end;
}
TlsState *tls_state = ssn.aldata[AlpGetStateIdx(ALPROTO_TLS)];
TlsState *tls_state = f.aldata[AlpGetStateIdx(ALPROTO_TLS)];
if (tls_state == NULL) {
printf("no tls state: ");
result = 0;
@ -1248,7 +1248,7 @@ static int TLSParserTest07(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1267,7 +1267,7 @@ static int TLSParserTest08(void) {
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
if (r != 0) {
@ -1310,7 +1310,7 @@ static int TLSParserTest08(void) {
goto end;
}
TlsState *tls_state = ssn.aldata[AlpGetStateIdx(ALPROTO_TLS)];
TlsState *tls_state = f.aldata[AlpGetStateIdx(ALPROTO_TLS)];
if (tls_state == NULL) {
printf("no tls state: ");
result = 0;
@ -1333,7 +1333,7 @@ static int TLSParserTest08(void) {
uint16_t app_layer_sid = AppLayerParserGetStorageId();
AppLayerParserStateStore *parser_state_store = (AppLayerParserStateStore *)
ssn.aldata[app_layer_sid];
f.aldata[app_layer_sid];
AppLayerParserState *parser_state = &parser_state_store->to_server;
if (!(parser_state->flags & APP_LAYER_PARSER_NO_INSPECTION) &&
@ -1351,7 +1351,7 @@ static int TLSParserTest08(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

124
src/app-layer.c
Unescape Escape View File

@ -24,10 +24,13 @@
*/
#include "suricata-common.h"
#include "app-layer.h"
#include "app-layer-detect-proto.h"
#include "stream-tcp-reassemble.h"
#include "stream-tcp-private.h"
#include "flow.h"
#include "util-debug.h"
/** \brief Get the active app layer proto from the packet
@ -42,13 +45,13 @@ uint16_t AppLayerGetProtoFromPacket(Packet *p) {
}
TcpSession *ssn = (TcpSession *)p->flow->protoctx;
if (ssn == NULL) {
if (ssn == NULL && p->flow->aldata == NULL) {
SCReturnUInt(ALPROTO_UNKNOWN);
}
SCLogDebug("ssn->alproto %"PRIu16"", ssn->alproto);
SCLogDebug("p->flow->alproto %"PRIu16"", p->flow->alproto);
SCReturnUInt(ssn->alproto);
SCReturnUInt(p->flow->alproto);
}
/** \brief Get the active app layer state from the packet
@ -63,13 +66,13 @@ void *AppLayerGetProtoStateFromPacket(Packet *p) {
}
TcpSession *ssn = (TcpSession *)p->flow->protoctx;
if (ssn == NULL || ssn->aldata == NULL) {
if (ssn == NULL && p->flow->aldata == NULL) {
SCReturnPtr(NULL, "void");
}
SCLogDebug("ssn->alproto %"PRIu16"", ssn->alproto);
SCLogDebug("p->flow->alproto %"PRIu16"", p->flow->alproto);
void *alstate = ssn->aldata[AlpGetStateIdx(ssn->alproto)];
void *alstate = p->flow->aldata[AlpGetStateIdx(p->flow->alproto)];
SCLogDebug("p->flow %p", p->flow);
SCReturnPtr(alstate, "void");
@ -86,12 +89,12 @@ void *AppLayerGetProtoStateFromFlow(Flow *f) {
SCReturnPtr(NULL, "void");
TcpSession *ssn = (TcpSession *)f->protoctx;
if (ssn == NULL || ssn->aldata == NULL)
if (ssn == NULL || f->aldata == NULL)
SCReturnPtr(NULL, "void");
SCLogDebug("ssn->alproto %"PRIu16"", ssn->alproto);
SCLogDebug("f->alproto %"PRIu16"", f->alproto);
void *alstate = ssn->aldata[AlpGetStateIdx(ssn->alproto)];
void *alstate = f->aldata[AlpGetStateIdx(f->alproto)];
SCReturnPtr(alstate, "void");
}
@ -99,7 +102,7 @@ void *AppLayerGetProtoStateFromFlow(Flow *f) {
extern AlpProtoDetectCtx alp_proto_ctx;
/**
* \brief Handle a app layer message
* \brief Handle a app layer TCP message
*
* If the protocol is yet unknown, the proto detection code is run first.
*
@ -122,9 +125,19 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg)
TcpSession *ssn = smsg->flow->protoctx;
if (ssn != NULL) {
alproto = ssn->alproto;
if (!(ssn->flags & STREAMTCP_FLAG_NO_APPLAYER_INSPECTION)) {
alproto = smsg->flow->alproto;
/* Copy some needed flags */
if (smsg->flags & STREAM_TOSERVER)
smsg->flow->alflags |= FLOW_AL_STREAM_TOSERVER;
if (smsg->flags & STREAM_TOCLIENT)
smsg->flow->alflags |= FLOW_AL_STREAM_TOCLIENT;
if (smsg->flags & STREAM_GAP)
smsg->flow->alflags |= FLOW_AL_STREAM_GAP;
if (smsg->flags & STREAM_EOF)
smsg->flow->alflags |= FLOW_AL_STREAM_EOF;
if (!(smsg->flow->alflags & FLOW_AL_NO_APPLAYER_INSPECTION)) {
/* if we don't know the proto yet and we have received a stream
* initializer message, we run proto detection.
* We receive 2 stream init msgs (one for each direction) but we
@ -138,14 +151,14 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg)
//printf("=> Init Stream Data -- end\n");
alproto = AppLayerDetectGetProto(&alp_proto_ctx, dp_ctx,
smsg->data.data, smsg->data.data_len, smsg->flags);
smsg->data.data, smsg->data.data_len, smsg->flow->alflags, IPPROTO_TCP);
if (alproto != ALPROTO_UNKNOWN) {
/* store the proto and setup the L7 data array */
StreamL7DataPtrInit(ssn);
ssn->alproto = alproto;
FlowL7DataPtrInit(smsg->flow);
smsg->flow->alproto = alproto;
ssn->flags |= STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED;
r = AppLayerParse(smsg->flow, alproto, smsg->flags,
r = AppLayerParse(smsg->flow, alproto, smsg->flow->alflags,
smsg->data.data, smsg->data.data_len);
} else {
if (smsg->flags & STREAM_TOSERVER) {
@ -240,3 +253,80 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg)
SCReturnInt(r);
}
/**
* \brief Handle a app layer UDP message
*
* If the protocol is yet unknown, the proto detection code is run first.
*
* \param dp_ctx Thread app layer detect context
* \param smsg Stream message
*
* \retval 0 ok
* \retval -1 error
*/
int AppLayerHandleUdp(AlpProtoDetectThreadCtx *dp_ctx, Flow *f, Packet *p)
{
SCEnter();
uint16_t alproto = ALPROTO_UNKNOWN;
int r = 0;
if (f == NULL)
return r;
alproto = f->alproto;
if (FlowGetPacketDirection(f,p) == TOSERVER) {
f->alflags |= FLOW_AL_STREAM_TOSERVER;
} else {
f->alflags |= FLOW_AL_STREAM_TOCLIENT;
}
/* if we don't know the proto yet and we have received a stream
* initializer message, we run proto detection.
* We receive 2 stream init msgs (one for each direction) but we
* only run the proto detection once. */
if (alproto == ALPROTO_UNKNOWN && !(f->alflags & FLOW_AL_PROTO_DETECT_DONE)) {
SCLogDebug("Detecting AL proto on udp mesg (len %" PRIu32 ")",
p->payload_len);
//printf("=> Init Stream Data -- start\n");
//PrintRawDataFp(stdout, smsg->init.data, smsg->init.data_len);
//printf("=> Init Stream Data -- end\n");
alproto = AppLayerDetectGetProto(&alp_proto_ctx, dp_ctx,
p->payload, p->payload_len, f->alflags, IPPROTO_UDP);
if (alproto != ALPROTO_UNKNOWN) {
/* store the proto and setup the L7 data array */
FlowL7DataPtrInit(f);
f->alproto = alproto;
f->alflags &= ~FLOW_AL_PROTO_UNKNOWN;
f->alflags |= FLOW_AL_PROTO_DETECT_DONE;
r = AppLayerParse(f, alproto, f->alflags,
p->payload, p->payload_len);
} else {
f->alflags |= FLOW_AL_PROTO_DETECT_DONE;
SCLogDebug("ALPROTO_UNKNOWN flow %p", f);
}
} else {
SCLogDebug("stream data (len %" PRIu32 " ), alproto "
"%"PRIu16" (flow %p)", p->payload_len, alproto, f);
//printf("=> Stream Data -- start\n");
//PrintRawDataFp(stdout, smsg->data.data, smsg->data.data_len);
//printf("=> Stream Data -- end\n");
/* if we don't have a data object here we are not getting it
* a start msg should have gotten us one */
if (alproto != ALPROTO_UNKNOWN) {
r = AppLayerParse(f, alproto, f->alflags,
p->payload, p->payload_len);
} else {
SCLogDebug(" udp session not start, but no l7 data? Weird");
}
}
SCReturnInt(r);
}

3
src/app-layer.h
Unescape Escape View File

@ -35,7 +35,8 @@
uint16_t AppLayerGetProtoFromPacket(Packet *);
void *AppLayerGetProtoStateFromPacket(Packet *);
void *AppLayerGetProtoStateFromFlow(Flow *);
int AppLayerHandleMsg(AlpProtoDetectThreadCtx *, StreamMsg *smsg);
int AppLayerHandleMsg(AlpProtoDetectThreadCtx *, StreamMsg *);
int AppLayerHandleUdp(AlpProtoDetectThreadCtx *, Flow *, Packet *p);
#endif /* __APP_LAYER_H__ */

2
src/decode-udp.c
Unescape Escape View File

@ -30,6 +30,7 @@
#include "util-unittest.h"
#include "util-debug.h"
#include "flow.h"
#include "app-layer.h"
static int DecodeUDPPacket(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len)
{
@ -76,6 +77,7 @@ void DecodeUDP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
/* Flow is an integral part of us */
FlowHandlePacket(tv, p);
AppLayerHandleUdp(&dtv->udp_dp_ctx, p->flow, p);
return;
}

15
src/decode.c
Unescape Escape View File

@ -27,6 +27,9 @@
#include "suricata.h"
#include "decode.h"
#include "util-debug.h"
#include "app-layer-detect-proto.h"
#include "tm-modules.h"
#include "util-error.h"
void DecodeTunnel(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{
@ -220,3 +223,15 @@ void AddressDebugPrint(Address *a) {
}
}
DecodeThreadVars *DecodeThreadVarsAlloc() {
DecodeThreadVars *dtv = NULL;
if ( (dtv = SCMalloc(sizeof(DecodeThreadVars))) == NULL)
return NULL;
memset(dtv, 0, sizeof(DecodeThreadVars));
AlpProtoFinalize2Thread(&dtv->udp_dp_ctx);
return dtv;
}

17
src/decode.h
Unescape Escape View File

@ -370,9 +370,24 @@ typedef struct PacketQueue_ {
#endif /* DBG_PERF */
} PacketQueue;
/** \brief Specific ctx for AL proto detection */
typedef struct AlpProtoDetectDirectionThread_ {
MpmThreadCtx mpm_ctx;
PatternMatcherQueue pmq;
} AlpProtoDetectDirectionThread;
/** \brief Specific ctx for AL proto detection */
typedef struct AlpProtoDetectThreadCtx_ {
AlpProtoDetectDirectionThread toserver;
AlpProtoDetectDirectionThread toclient;
} AlpProtoDetectThreadCtx;
/** \brief Structure to hold thread specific data for all decode modules */
typedef struct DecodeThreadVars_
{
/** Specific context for udp protocol detection (here atm) */
AlpProtoDetectThreadCtx udp_dp_ctx;
/** stats/counters */
uint16_t counter_pkts;
uint16_t counter_pkts_per_sec;
@ -492,6 +507,8 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *, ThreadVars *);
Packet *PacketPseudoPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t proto);
Packet *PacketGetFromQueueOrAlloc(void);
DecodeThreadVars *DecodeThreadVarsAlloc();
/* decoder functions */
void DecodeEthernet(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
void DecodeSll(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);

24
src/detect-dce-iface.c
Unescape Escape View File

@ -853,10 +853,10 @@ static int DetectDceIfaceTestParse12(void)
f.protoctx = (void *)&ssn;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_DCERPC;
f.alproto = ALPROTO_DCERPC;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -883,7 +883,7 @@ static int DetectDceIfaceTestParse12(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
SCLogDebug("no dcerpc state: ");
goto end;
@ -923,7 +923,7 @@ end:
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1070,10 +1070,10 @@ static int DetectDceIfaceTestParse13(void)
f.proto = IPPROTO_TCP;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_DCERPC;
f.alproto = ALPROTO_DCERPC;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -1098,7 +1098,7 @@ static int DetectDceIfaceTestParse13(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
SCLogDebug("no dcerpc state: ");
goto end;
@ -1240,7 +1240,7 @@ static int DetectDceIfaceTestParse13(void)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1303,10 +1303,10 @@ static int DetectDceIfaceTestParse14(void)
f.protoctx = (void *)&ssn;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_DCERPC;
f.alproto = ALPROTO_DCERPC;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -1331,7 +1331,7 @@ static int DetectDceIfaceTestParse14(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
SCLogDebug("no dcerpc state: ");
goto end;
@ -1367,7 +1367,7 @@ static int DetectDceIfaceTestParse14(void)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

64
src/detect-dce-opnum.c
Unescape Escape View File

@ -1137,10 +1137,10 @@ static int DetectDceOpnumTestParse08(void)
f.protoctx = (void *)&ssn;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_DCERPC;
f.alproto = ALPROTO_DCERPC;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -1166,7 +1166,7 @@ static int DetectDceOpnumTestParse08(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
SCLogDebug("no dcerpc state: ");
goto end;
@ -1186,7 +1186,7 @@ static int DetectDceOpnumTestParse08(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
SCLogDebug("no dcerpc state: ");
goto end;
@ -1207,7 +1207,7 @@ static int DetectDceOpnumTestParse08(void)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1664,10 +1664,10 @@ static int DetectDceOpnumTestParse09(void)
f.protoctx = (void *)&ssn;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_DCERPC;
f.alproto = ALPROTO_DCERPC;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -1693,7 +1693,7 @@ static int DetectDceOpnumTestParse09(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
SCLogDebug("no dcerpc state: ");
goto end;
@ -1714,7 +1714,7 @@ static int DetectDceOpnumTestParse09(void)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1862,10 +1862,10 @@ static int DetectDceOpnumTestParse10(void)
f.proto = IPPROTO_TCP;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_DCERPC;
f.alproto = ALPROTO_DCERPC;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -1892,7 +1892,7 @@ static int DetectDceOpnumTestParse10(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
SCLogDebug("no dcerpc state: ");
goto end;
@ -2018,7 +2018,7 @@ static int DetectDceOpnumTestParse10(void)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -2139,10 +2139,10 @@ static int DetectDceOpnumTestParse11(void)
f.proto = IPPROTO_TCP;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_DCERPC;
f.alproto = ALPROTO_DCERPC;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -2170,7 +2170,7 @@ static int DetectDceOpnumTestParse11(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
SCLogDebug("no dcerpc state: ");
printf("no dcerpc state: ");
@ -2267,7 +2267,7 @@ static int DetectDceOpnumTestParse11(void)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -2403,10 +2403,10 @@ static int DetectDceOpnumTestParse12(void)
f.proto = IPPROTO_TCP;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_DCERPC;
f.alproto = ALPROTO_DCERPC;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -2430,7 +2430,7 @@ static int DetectDceOpnumTestParse12(void)
}
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
printf("no dcerpc state: ");
goto end;
@ -2454,7 +2454,7 @@ static int DetectDceOpnumTestParse12(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
printf("no dcerpc state: ");
goto end;
@ -2482,7 +2482,7 @@ static int DetectDceOpnumTestParse12(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
printf("no dcerpc state: ");
goto end;
@ -2510,7 +2510,7 @@ static int DetectDceOpnumTestParse12(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
printf("no dcerpc state: ");
goto end;
@ -2538,7 +2538,7 @@ static int DetectDceOpnumTestParse12(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
printf("no dcerpc state: ");
goto end;
@ -2567,7 +2567,7 @@ end:
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -2676,10 +2676,10 @@ static int DetectDceOpnumTestParse13(void)
f.proto = IPPROTO_TCP;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_DCERPC;
f.alproto = ALPROTO_DCERPC;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -2706,7 +2706,7 @@ static int DetectDceOpnumTestParse13(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
printf("no dcerpc state: ");
goto end;
@ -2732,7 +2732,7 @@ static int DetectDceOpnumTestParse13(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
printf("no dcerpc state: ");
goto end;
@ -2759,7 +2759,7 @@ static int DetectDceOpnumTestParse13(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
printf("no dcerpc state: ");
goto end;
@ -2785,7 +2785,7 @@ static int DetectDceOpnumTestParse13(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
printf("no dcerpc state: ");
goto end;
@ -2812,7 +2812,7 @@ static int DetectDceOpnumTestParse13(void)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

32
src/detect-dce-stub-data.c
Unescape Escape View File

@ -636,10 +636,10 @@ static int DetectDceStubDataTestParse02(void)
f.protoctx = (void *)&ssn;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_DCERPC;
f.alproto = ALPROTO_DCERPC;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -665,7 +665,7 @@ static int DetectDceStubDataTestParse02(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
SCLogDebug("no dcerpc state: ");
goto end;
@ -716,7 +716,7 @@ static int DetectDceStubDataTestParse02(void)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1173,10 +1173,10 @@ static int DetectDceStubDataTestParse03(void)
f.protoctx = (void *)&ssn;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_DCERPC;
f.alproto = ALPROTO_DCERPC;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -1202,7 +1202,7 @@ static int DetectDceStubDataTestParse03(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
SCLogDebug("no dcerpc state: ");
goto end;
@ -1223,7 +1223,7 @@ static int DetectDceStubDataTestParse03(void)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1367,10 +1367,10 @@ static int DetectDceStubDataTestParse04(void)
f.proto = IPPROTO_TCP;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_DCERPC;
f.alproto = ALPROTO_DCERPC;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -1394,7 +1394,7 @@ static int DetectDceStubDataTestParse04(void)
}
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
SCLogDebug("no dcerpc state: ");
goto end;
@ -1501,7 +1501,7 @@ static int DetectDceStubDataTestParse04(void)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1618,10 +1618,10 @@ static int DetectDceStubDataTestParse05(void)
f.proto = IPPROTO_TCP;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_DCERPC;
f.alproto = ALPROTO_DCERPC;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -1648,7 +1648,7 @@ static int DetectDceStubDataTestParse05(void)
goto end;
}
dcerpc_state = ssn.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)];
if (dcerpc_state == NULL) {
SCLogDebug("no dcerpc state: ");
goto end;
@ -1739,7 +1739,7 @@ static int DetectDceStubDataTestParse05(void)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

42
src/detect-engine-state.c
Unescape Escape View File

@ -250,20 +250,22 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineThreadCtx *det_ctx,
int match = 0;
int r = 0;
for ( ; sm != NULL; sm = sm->next) {
SCLogDebug("sm %p, sm->next %p", sm, sm->next);
if (sigmatch_table[sm->type].AppLayerMatch != NULL &&
alproto == sigmatch_table[sm->type].alproto &&
alstate != NULL)
{
match = sigmatch_table[sm->type].AppLayerMatch(tv, det_ctx, f, flags, alstate, s, sm);
if (match == 0) {
break;
} else if (sm->next == NULL) {
r = 1;
sm = NULL; /* set to NULL as we have a match */
break;
if (alstate != NULL) {
for ( ; sm != NULL; sm = sm->next) {
SCLogDebug("sm %p, sm->next %p", sm, sm->next);
if (sigmatch_table[sm->type].AppLayerMatch != NULL &&
alproto == sigmatch_table[sm->type].alproto &&
alstate != NULL)
{
match = sigmatch_table[sm->type].AppLayerMatch(tv, det_ctx, f, flags, alstate, s, sm);
if (match == 0) {
break;
} else if (sm->next == NULL) {
r = 1;
sm = NULL; /* set to NULL as we have a match */
break;
}
}
}
}
@ -598,10 +600,10 @@ static int DeStateTest03(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -685,7 +687,7 @@ end:
DetectEngineCtxFree(de_ctx);
}
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -733,10 +735,10 @@ static int DeStateTest04(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -865,7 +867,7 @@ end:
DetectEngineCtxFree(de_ctx);
}
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

6
src/detect-fragbits.c
Unescape Escape View File

@ -32,6 +32,7 @@
#include "flow-var.h"
#include "decode-events.h"
#include "app-layer-detect-proto.h"
#include "detect-fragbits.h"
#include "util-unittest.h"
@ -404,6 +405,7 @@ static int FragBitsTestParse03 (void) {
memset(&p, 0, sizeof(Packet));
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&ipv4h, 0, sizeof(IPV4Hdr));
AlpProtoFinalize2Thread(&dtv.udp_dp_ctx);
p.ip4h = &ipv4h;
@ -411,8 +413,6 @@ static int FragBitsTestParse03 (void) {
DecodeEthernet(&tv, &dtv, &p, raw_eth, sizeof(raw_eth), NULL);
FlowShutdown();
de = DetectFragBitsParse("D");
if (de == NULL || (de->fragbits != IPV4_CACHE_DF))
@ -434,6 +434,7 @@ static int FragBitsTestParse03 (void) {
}
error:
FlowShutdown();
if (de) SCFree(de);
if (sm) SCFree(sm);
return 0;
@ -496,6 +497,7 @@ static int FragBitsTestParse04 (void) {
memset(&p, 0, sizeof(Packet));
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&ipv4h, 0, sizeof(IPV4Hdr));
AlpProtoFinalize2Thread(&dtv.udp_dp_ctx);
p.ip4h = &ipv4h;

18
src/detect-ftpbounce.c
Unescape Escape View File

@ -346,10 +346,10 @@ static int DetectFtpbounceTestALMatch02(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_FTP;
f.alproto = ALPROTO_FTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -367,7 +367,7 @@ static int DetectFtpbounceTestALMatch02(void) {
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v,(void *)de_ctx,(void *)&det_ctx);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
int r = AppLayerParse(&f, ALPROTO_FTP, STREAM_TOSERVER, ftpbuf1, ftplen1);
if (r != 0) {
SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
@ -396,7 +396,7 @@ static int DetectFtpbounceTestALMatch02(void) {
goto end;
}
FtpState *ftp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_FTP)];
FtpState *ftp_state = f.aldata[AlpGetStateIdx(ALPROTO_FTP)];
if (ftp_state == NULL) {
SCLogDebug("no ftp state: ");
result = 0;
@ -424,7 +424,7 @@ end:
DetectEngineThreadCtxDeinit(&th_v,(void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -471,10 +471,10 @@ static int DetectFtpbounceTestALMatch03(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_FTP;
f.alproto = ALPROTO_FTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -520,7 +520,7 @@ static int DetectFtpbounceTestALMatch03(void) {
goto end;
}
FtpState *ftp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_FTP)];
FtpState *ftp_state = f.aldata[AlpGetStateIdx(ALPROTO_FTP)];
if (ftp_state == NULL) {
SCLogDebug("no ftp state: ");
result = 0;
@ -550,7 +550,7 @@ end:
DetectEngineThreadCtxDeinit(&th_v,(void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

64
src/detect-http-client-body.c
Unescape Escape View File

@ -479,10 +479,10 @@ static int DetectHttpClientBodyTest06(void)
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -507,7 +507,7 @@ static int DetectHttpClientBodyTest06(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: \n");
result = 0;
@ -531,7 +531,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -592,10 +592,10 @@ static int DetectHttpClientBodyTest07(void)
p1.flowflags |= FLOW_PKT_TOSERVER;
p2.flow = &f;
p2.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -620,7 +620,7 @@ static int DetectHttpClientBodyTest07(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
goto end;
@ -658,7 +658,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -719,10 +719,10 @@ static int DetectHttpClientBodyTest08(void)
p1.flowflags |= FLOW_PKT_TOSERVER;
p2.flow = &f;
p2.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -747,7 +747,7 @@ static int DetectHttpClientBodyTest08(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -786,7 +786,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -847,10 +847,10 @@ static int DetectHttpClientBodyTest09(void)
p1.flowflags |= FLOW_PKT_TOSERVER;
p2.flow = &f;
p2.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -875,7 +875,7 @@ static int DetectHttpClientBodyTest09(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -914,7 +914,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -975,10 +975,10 @@ static int DetectHttpClientBodyTest10(void)
p1.flowflags |= FLOW_PKT_TOSERVER;
p2.flow = &f;
p2.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -1003,7 +1003,7 @@ static int DetectHttpClientBodyTest10(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: \n");
result = 0;
@ -1042,7 +1042,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1090,10 +1090,10 @@ static int DetectHttpClientBodyTest11(void)
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -1118,7 +1118,7 @@ static int DetectHttpClientBodyTest11(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -1142,7 +1142,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1190,10 +1190,10 @@ static int DetectHttpClientBodyTest12(void)
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -1218,7 +1218,7 @@ static int DetectHttpClientBodyTest12(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -1242,7 +1242,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1290,10 +1290,10 @@ static int DetectHttpClientBodyTest13(void)
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -1318,7 +1318,7 @@ static int DetectHttpClientBodyTest13(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -1342,7 +1342,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

77
src/detect-http-cookie.c
Unescape Escape View File

@ -507,10 +507,10 @@ static int DetectHttpCookieSigTest01(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -543,7 +543,7 @@ static int DetectHttpCookieSigTest01(void) {
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -564,9 +564,6 @@ static int DetectHttpCookieSigTest01(void) {
result = 1;
end:
if (http_state != NULL) {
HTPStateFree(http_state);
}
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
@ -575,7 +572,7 @@ end:
DetectEngineCtxFree(de_ctx);
}
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -611,10 +608,10 @@ static int DetectHttpCookieSigTest02(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -640,7 +637,7 @@ static int DetectHttpCookieSigTest02(void) {
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -657,9 +654,6 @@ static int DetectHttpCookieSigTest02(void) {
result = 1;
end:
if (http_state != NULL) {
HTPStateFree(http_state);
}
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
@ -667,7 +661,7 @@ end:
SigGroupCleanup(de_ctx);
DetectEngineCtxFree(de_ctx);
}
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -704,10 +698,10 @@ static int DetectHttpCookieSigTest03(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -733,7 +727,7 @@ static int DetectHttpCookieSigTest03(void) {
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -749,9 +743,6 @@ static int DetectHttpCookieSigTest03(void) {
result = 1;
end:
if (http_state != NULL) {
HTPStateFree(http_state);
}
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
@ -760,7 +751,7 @@ end:
DetectEngineCtxFree(de_ctx);
}
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -797,10 +788,10 @@ static int DetectHttpCookieSigTest04(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -826,7 +817,7 @@ static int DetectHttpCookieSigTest04(void) {
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -842,9 +833,6 @@ static int DetectHttpCookieSigTest04(void) {
result = 1;
end:
if (http_state != NULL) {
HTPStateFree(http_state);
}
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
@ -853,7 +841,7 @@ end:
DetectEngineCtxFree(de_ctx);
}
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -890,10 +878,10 @@ static int DetectHttpCookieSigTest05(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -919,7 +907,7 @@ static int DetectHttpCookieSigTest05(void) {
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -935,9 +923,6 @@ static int DetectHttpCookieSigTest05(void) {
result = 1;
end:
if (http_state != NULL) {
HTPStateFree(http_state);
}
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
@ -946,7 +931,7 @@ end:
DetectEngineCtxFree(de_ctx);
}
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -983,10 +968,10 @@ static int DetectHttpCookieSigTest06(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -1012,7 +997,7 @@ static int DetectHttpCookieSigTest06(void) {
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
goto end;
@ -1028,9 +1013,6 @@ static int DetectHttpCookieSigTest06(void) {
result = 1;
end:
if (http_state != NULL) {
HTPStateFree(http_state);
}
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
@ -1039,7 +1021,7 @@ end:
DetectEngineCtxFree(de_ctx);
}
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1076,10 +1058,10 @@ static int DetectHttpCookieSigTest07(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -1105,7 +1087,7 @@ static int DetectHttpCookieSigTest07(void) {
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -1121,9 +1103,6 @@ static int DetectHttpCookieSigTest07(void) {
result = 1;
end:
if (http_state != NULL) {
HTPStateFree(http_state);
}
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
@ -1132,7 +1111,7 @@ end:
DetectEngineCtxFree(de_ctx);
}
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

64
src/detect-http-header.c
Unescape Escape View File

@ -474,10 +474,10 @@ static int DetectHttpHeaderTest06(void)
f.dst.family = AF_INET;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -502,7 +502,7 @@ static int DetectHttpHeaderTest06(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -526,7 +526,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -585,10 +585,10 @@ static int DetectHttpHeaderTest07(void)
p1.flowflags |= FLOW_PKT_TOSERVER;
p2.flow = &f;
p2.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -613,7 +613,7 @@ static int DetectHttpHeaderTest07(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -652,7 +652,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -710,10 +710,10 @@ static int DetectHttpHeaderTest08(void)
p1.flowflags |= FLOW_PKT_TOSERVER;
p2.flow = &f;
p2.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -738,7 +738,7 @@ static int DetectHttpHeaderTest08(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -777,7 +777,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -836,10 +836,10 @@ static int DetectHttpHeaderTest09(void)
p1.flowflags |= FLOW_PKT_TOSERVER;
p2.flow = &f;
p2.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -864,7 +864,7 @@ static int DetectHttpHeaderTest09(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -903,7 +903,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -962,10 +962,10 @@ static int DetectHttpHeaderTest10(void)
p1.flowflags |= FLOW_PKT_TOSERVER;
p2.flow = &f;
p2.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -990,7 +990,7 @@ static int DetectHttpHeaderTest10(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -1029,7 +1029,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1076,10 +1076,10 @@ static int DetectHttpHeaderTest11(void)
f.dst.family = AF_INET;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -1104,7 +1104,7 @@ static int DetectHttpHeaderTest11(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -1128,7 +1128,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1175,10 +1175,10 @@ static int DetectHttpHeaderTest12(void)
f.dst.family = AF_INET;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -1203,7 +1203,7 @@ static int DetectHttpHeaderTest12(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -1227,7 +1227,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1275,10 +1275,10 @@ static int DetectHttpHeaderTest13(void)
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
@ -1303,7 +1303,7 @@ static int DetectHttpHeaderTest13(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -1327,7 +1327,7 @@ end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

30
src/detect-http-method.c
Unescape Escape View File

@ -423,10 +423,10 @@ static int DetectHttpMethodSigTest01(void)
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -462,7 +462,7 @@ static int DetectHttpMethodSigTest01(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
SCLogDebug("no http state: ");
goto end;
@ -480,12 +480,12 @@ static int DetectHttpMethodSigTest01(void)
result = 1;
end:
if (http_state != NULL) HTPStateFree(http_state);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -524,10 +524,10 @@ static int DetectHttpMethodSigTest02(void)
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -563,7 +563,7 @@ static int DetectHttpMethodSigTest02(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
SCLogDebug("no http state: ");
goto end;
@ -581,13 +581,13 @@ static int DetectHttpMethodSigTest02(void)
result = 1;
end:
if (http_state != NULL) HTPStateFree(http_state);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, (void *) det_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -624,10 +624,10 @@ static int DetectHttpMethodSigTest03(void)
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -655,7 +655,7 @@ static int DetectHttpMethodSigTest03(void)
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
SCLogDebug("no http state: ");
goto end;
@ -670,12 +670,12 @@ static int DetectHttpMethodSigTest03(void)
result = 1;
end:
if (http_state != NULL) HTPStateFree(http_state);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

16
src/detect-pcre.c
Unescape Escape View File

@ -1175,10 +1175,10 @@ static int DetectPcreModifPTest04(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -1210,7 +1210,7 @@ static int DetectPcreModifPTest04(void) {
goto end;
}
HtpState *http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
HtpState *http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -1235,7 +1235,7 @@ end:
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1312,10 +1312,10 @@ static int DetectPcreModifPTest05(void) {
p1.flowflags |= FLOW_PKT_TOSERVER;
p2.flow = &f;
p2.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -1357,7 +1357,7 @@ static int DetectPcreModifPTest05(void) {
goto end;
}
HtpState *http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
HtpState *http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
result = 0;
@ -1395,7 +1395,7 @@ end:
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

24
src/detect-tls-version.c
Unescape Escape View File

@ -339,10 +339,10 @@ static int DetectTlsVersionTestDetect01(void) {
f.protoctx = (void *)&ssn;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_TLS;
f.alproto = ALPROTO_TLS;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -383,7 +383,7 @@ static int DetectTlsVersionTestDetect01(void) {
goto end;
}
TlsState *tls_state = ssn.aldata[AlpGetStateIdx(ALPROTO_TLS)];
TlsState *tls_state = f.aldata[AlpGetStateIdx(ALPROTO_TLS)];
if (tls_state == NULL) {
printf("no tls state: ");
goto end;
@ -417,7 +417,7 @@ end:
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -454,10 +454,10 @@ static int DetectTlsVersionTestDetect02(void) {
f.protoctx = (void *)&ssn;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_TLS;
f.alproto = ALPROTO_TLS;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -498,7 +498,7 @@ static int DetectTlsVersionTestDetect02(void) {
goto end;
}
TlsState *tls_state = ssn.aldata[AlpGetStateIdx(ALPROTO_TLS)];
TlsState *tls_state = f.aldata[AlpGetStateIdx(ALPROTO_TLS)];
if (tls_state == NULL) {
printf("no tls state: ");
goto end;
@ -530,7 +530,7 @@ end:
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -567,10 +567,10 @@ static int DetectTlsVersionTestDetect03(void) {
f.protoctx = (void *)&ssn;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_TLS;
f.alproto = ALPROTO_TLS;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
StreamMsg *stream_msg = StreamMsgGetFromPool();
if (stream_msg == NULL) {
@ -627,7 +627,7 @@ static int DetectTlsVersionTestDetect03(void) {
goto end;
}
TlsState *tls_state = ssn.aldata[AlpGetStateIdx(ALPROTO_TLS)];
TlsState *tls_state = f.aldata[AlpGetStateIdx(ALPROTO_TLS)];
if (tls_state == NULL) {
printf("no tls state: ");
goto end;
@ -659,7 +659,7 @@ end:
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

73
src/detect-uricontent.c
Unescape Escape View File

@ -474,11 +474,11 @@ static int HTTPUriTest01(void) {
f.dst.family = AF_INET;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
STREAM_EOF, httpbuf1, httplen1);
HtpState *htp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
HtpState *htp_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (htp_state == NULL) {
printf("no http state: ");
result = 0;
@ -516,7 +516,7 @@ static int HTTPUriTest01(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -541,12 +541,12 @@ static int HTTPUriTest02(void) {
f.dst.family = AF_INET;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
STREAM_EOF, httpbuf1, httplen1);
htp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
htp_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (htp_state == NULL) {
printf("no http state: ");
result = 0;
@ -585,7 +585,7 @@ static int HTTPUriTest02(void) {
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
if (htp_state == NULL)
HTPStateFree(htp_state);
@ -611,12 +611,12 @@ static int HTTPUriTest03(void) {
f.dst.family = AF_INET;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
STREAM_EOF, httpbuf1, httplen1);
HtpState *htp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
HtpState *htp_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (htp_state == NULL) {
printf("no http state: ");
result = 0;
@ -654,7 +654,7 @@ static int HTTPUriTest03(void) {
}
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
if (htp_state == NULL)
HTPStateFree(htp_state);
@ -681,12 +681,12 @@ static int HTTPUriTest04(void) {
f.dst.family = AF_INET;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
r = AppLayerParse(&f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
STREAM_EOF, httpbuf1, httplen1);
HtpState *htp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
HtpState *htp_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (htp_state == NULL) {
printf("no http state: ");
result = 0;
@ -725,7 +725,7 @@ static int HTTPUriTest04(void) {
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
if (htp_state == NULL)
HTPStateFree(htp_state);
@ -810,10 +810,10 @@ static int DetectUriSigTest02(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -853,7 +853,7 @@ static int DetectUriSigTest02(void) {
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
goto end;
@ -875,13 +875,13 @@ static int DetectUriSigTest02(void) {
result = 1;
end:
if (http_state != NULL) HTPStateFree(http_state);
//if (http_state != NULL) HTPStateFree(http_state);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -922,10 +922,10 @@ static int DetectUriSigTest03(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -974,7 +974,7 @@ static int DetectUriSigTest03(void) {
goto end;
}
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
goto end;
@ -996,13 +996,13 @@ static int DetectUriSigTest03(void) {
result = 1;
end:
if (http_state != NULL) HTPStateFree(http_state);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
//FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1238,10 +1238,10 @@ static int DetectUriSigTest05(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
StreamMsg *stream_msg = StreamMsgGetFromPool();
if (stream_msg == NULL) {
@ -1299,7 +1299,7 @@ static int DetectUriSigTest05(void) {
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
goto end;
@ -1318,13 +1318,12 @@ static int DetectUriSigTest05(void) {
result = 1;
end:
if (http_state != NULL) HTPStateFree(http_state);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1363,10 +1362,10 @@ static int DetectUriSigTest06(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
StreamMsg *stream_msg = StreamMsgGetFromPool();
if (stream_msg == NULL) {
@ -1431,7 +1430,7 @@ static int DetectUriSigTest06(void) {
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
goto end;
@ -1450,13 +1449,13 @@ static int DetectUriSigTest06(void) {
result = 1;
end:
if (http_state != NULL) HTPStateFree(http_state);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -1495,10 +1494,10 @@ static int DetectUriSigTest07(void) {
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -1551,7 +1550,7 @@ static int DetectUriSigTest07(void) {
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (http_state == NULL) {
printf("no http state: ");
goto end;
@ -1570,13 +1569,13 @@ static int DetectUriSigTest07(void) {
result = 1;
end:
if (http_state != NULL) HTPStateFree(http_state);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

8
src/detect-urilen.c
Unescape Escape View File

@ -511,10 +511,10 @@ static int DetectUrilenSigTest01(void)
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -548,7 +548,7 @@ static int DetectUrilenSigTest01(void)
goto end;
}
HtpState *htp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
HtpState *htp_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];
if (htp_state == NULL) {
SCLogDebug("no http state: ");
goto end;
@ -572,7 +572,7 @@ end:
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

46
src/detect.c
Unescape Escape View File

@ -3422,10 +3422,10 @@ static int SigTest06Real (int mpm_type) {
f.dst.family = AF_INET;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -3472,7 +3472,7 @@ static int SigTest06Real (int mpm_type) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -3519,10 +3519,10 @@ static int SigTest07Real (int mpm_type) {
f.dst.family = AF_INET;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -3561,9 +3561,9 @@ static int SigTest07Real (int mpm_type) {
result = 1;
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
AppLayerParserCleanupState(&ssn);
AppLayerParserCleanupState(&f);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
@ -3616,10 +3616,10 @@ static int SigTest08Real (int mpm_type) {
f.dst.family = AF_INET;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -3659,7 +3659,7 @@ static int SigTest08Real (int mpm_type) {
PacketAlertCheck(&p, 1) ? "OK" : "FAIL",
PacketAlertCheck(&p, 2) ? "OK" : "FAIL");
AppLayerParserCleanupState(&ssn);
AppLayerParserCleanupState(&f);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
@ -3667,7 +3667,7 @@ static int SigTest08Real (int mpm_type) {
//PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -3714,10 +3714,10 @@ static int SigTest09Real (int mpm_type) {
f.dst.family = AF_INET;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -3755,14 +3755,14 @@ static int SigTest09Real (int mpm_type) {
else
result = 0;
AppLayerParserCleanupState(&ssn);
AppLayerParserCleanupState(&f);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
//PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -3804,10 +3804,10 @@ static int SigTest10Real (int mpm_type) {
f.dst.family = AF_INET;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -3845,14 +3845,14 @@ static int SigTest10Real (int mpm_type) {
else
result = 1;
AppLayerParserCleanupState(&ssn);
AppLayerParserCleanupState(&f);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
//PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}
@ -3895,10 +3895,10 @@ static int SigTest11Real (int mpm_type) {
f.dst.family = AF_INET;
p.flow = &f;
p.flowflags |= FLOW_PKT_TOSERVER;
ssn.alproto = ALPROTO_HTTP;
f.alproto = ALPROTO_HTTP;
StreamTcpInitConfig(TRUE);
StreamL7DataPtrInit(&ssn);
FlowL7DataPtrInit(&f);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
@ -3924,12 +3924,12 @@ static int SigTest11Real (int mpm_type) {
if (PacketAlertCheck(&p, 1) && PacketAlertCheck(&p, 2))
result = 1;
AppLayerParserCleanupState(&ssn);
AppLayerParserCleanupState(&f);
SigGroupCleanup(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
end:
StreamL7DataPtrFree(&ssn);
FlowL7DataPtrFree(&f);
StreamTcpFreeConfig(TRUE);
return result;
}

1
src/flow-hash.c
Unescape Escape View File

@ -34,6 +34,7 @@
#include "flow-hash.h"
#include "flow-util.h"
#include "flow-private.h"
#include "app-layer-parser.h"
#include "util-time.h"
#include "util-debug.h"

7
src/flow-util.c
Unescape Escape View File

@ -30,6 +30,7 @@
#include "flow-private.h"
#include "flow-util.h"
#include "flow-var.h"
#include "app-layer.h"
#include "util-var.h"
#include "util-debug.h"
@ -63,6 +64,10 @@ Flow *FlowAlloc(void)
FLOW_INITIALIZE(f);
f->alproto = 0;
f->aldata = NULL;
f->alflags = FLOW_AL_PROTO_UNKNOWN;
return f;
}
@ -142,6 +147,8 @@ void FlowInit(Flow *f, Packet *p)
printf("FIXME: %s:%s:%" PRId32 "\n", __FILE__, __FUNCTION__, __LINE__);
}
f->alflags = FLOW_AL_PROTO_UNKNOWN;
FlowL7DataPtrInit(f);
COPY_TIMESTAMP(&p->ts, &f->startts);
f->protomap = FlowGetProtoMapping(f->proto);

15
src/flow-util.h
Unescape Escape View File

@ -46,6 +46,9 @@
(f)->de_state = NULL; \
(f)->sgh_toserver = NULL; \
(f)->sgh_toclient = NULL; \
(f)->aldata = NULL; \
(f)->alflags = FLOW_AL_PROTO_UNKNOWN; \
(f)->alproto = 0; \
} while (0)
#define FLOW_RECYCLE(f) do { \
@ -69,6 +72,12 @@
(f)->de_state = NULL; \
(f)->sgh_toserver = NULL; \
(f)->sgh_toclient = NULL; \
AppLayerParserCleanupState(f); \
FlowL7DataPtrFree(f); \
SCFree((f)->aldata); \
(f)->aldata = NULL; \
(f)->alflags = FLOW_AL_PROTO_UNKNOWN; \
(f)->alproto = 0; \
} while(0)
#define FLOW_DESTROY(f) do { \
@ -79,6 +88,12 @@
SC_ATOMIC_DESTROY((f)->use_cnt); \
DetectEngineStateFree((f)->de_state); \
(f)->de_state = NULL; \
AppLayerParserCleanupState(f); \
FlowL7DataPtrFree(f); \
SCFree((f)->aldata); \
(f)->aldata = NULL; \
(f)->alflags = FLOW_AL_PROTO_UNKNOWN; \
(f)->alproto = 0; \
} while(0)
Flow *FlowAlloc(void);

59
src/flow.c
Unescape Escape View File

@ -53,6 +53,9 @@
#include "detect.h"
#include "detect-engine-state.h"
#include "stream.h"
#include "app-layer-parser.h"
#define FLOW_DEFAULT_EMERGENCY_RECOVERY 30
#define FLOW_DEFAULT_FLOW_PRUNE 5
@ -77,6 +80,49 @@ int FlowKill (FlowQueue *);
/* Run mode selected at suricata.c */
extern int run_mode;
/** \brief Initialize the l7data ptr in the Flow session used by the L7 Modules
* for data storage.
*
* \param f Flow to init the ptrs for
* \param cnt number of items in the array
*
* \todo VJ use a pool?
*/
void FlowL7DataPtrInit(Flow *f) {
if (f->aldata != NULL)
return;
uint32_t size = (uint32_t)(sizeof (void *) * StreamL7GetStorageSize());
/////////XXXPR pass to flow memcap if (StreamTcpCheckMemcap(size) == 0)
/////////XXXPR pass to flow memcap return;
f->aldata = (void **) SCMalloc(size);
if (f->aldata != NULL) {
// StreamTcpIncrMemuse(size);
uint8_t u;
for (u = 0; u < StreamL7GetStorageSize(); u++) {
f->aldata[u] = NULL;
}
}
}
void FlowL7DataPtrFree(Flow *f) {
if (f == NULL)
return;
if (f->aldata == NULL)
return;
AppLayerParserCleanupState(f);
SCFree(f->aldata);
f->aldata = NULL;
//// uint32_t size = (uint32_t)(sizeof (void *) * StreamL7GetStorageSize());
//// StreamTcpDecrMemuse(size);
}
/** \brief Update the flows position in the queue's
* \param f Flow to requeue.
* \todo if we have a flow state func rely on that soly
@ -575,15 +621,12 @@ void FlowDecrUsecnt(Flow *f) {
SC_ATOMIC_SUB(f->use_cnt, 1);
}
#define TOSERVER 0
#define TOCLIENT 1
/**
* \brief determine the direction of the packet compared to the flow
* \retval 0 to_server
* \retval 1 to_client
*/
static inline int FlowGetPacketDirection(Flow *f, Packet *p) {
int FlowGetPacketDirection(Flow *f, Packet *p) {
if (p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP) {
if (!(CMP_PORT(p->sp,p->dp))) {
/* update flags and counters */
@ -1443,6 +1486,14 @@ void FlowSetNoPayloadInspectionFlag(Flow *f) {
SCReturn;
}
/** \brief set flow flag to disable app layer inspection
*
* \param f *LOCKED* flow
*/
void FlowSetSessionNoApplayerInspectionFlag(Flow *f) {
f->alflags |= FLOW_AL_NO_APPLAYER_INSPECTION;
}
#ifdef UNITTESTS
#include "stream-tcp-private.h"
#include "threads.h"

24
src/flow.h
Unescape Escape View File

@ -31,6 +31,9 @@
#define FLOW_QUIET TRUE
#define FLOW_VERBOSE FALSE
#define TOSERVER 0
#define TOCLIENT 1
/* per flow flags */
/** At least on packet from the source address was seen */
@ -189,8 +192,22 @@ typedef struct Flow_
struct Flow_ *lprev;
struct FlowBucket_ *fb;
uint16_t alproto; /**< application level protocol */
void **aldata; /**< application level storage ptrs */
uint8_t alflags; /**< application level specific flags */
} Flow;
/** Flow Application Level flags */
#define FLOW_AL_PROTO_UNKNOWN 0x01
#define FLOW_AL_PROTO_DETECT_DONE 0x02
#define FLOW_AL_STREAM_TOSERVER 0x04
#define FLOW_AL_STREAM_TOCLIENT 0x08
#define FLOW_AL_STREAM_GAP 0x10
#define FLOW_AL_STREAM_EOF 0x20
#define FLOW_AL_NO_APPLAYER_INSPECTION 0x40 /** \todo move to flow flags later */
enum {
FLOW_STATE_NEW = 0,
FLOW_STATE_ESTABLISHED,
@ -230,10 +247,17 @@ int FlowSetProtoEmergencyTimeout(uint8_t ,uint32_t ,uint32_t ,uint32_t);
int FlowSetProtoFreeFunc (uint8_t , void (*Free)(void *));
int FlowSetFlowStateFunc (uint8_t , int (*GetProtoState)(void *));
void FlowUpdateQueue(Flow *);
void FlowLockSetNoPacketInspectionFlag(Flow *);
void FlowSetNoPacketInspectionFlag(Flow *);
void FlowLockSetNoPayloadInspectionFlag(Flow *);
void FlowSetNoPayloadInspectionFlag(Flow *);
void FlowSetSessionNoApplayerInspectionFlag(Flow *);
int FlowGetPacketDirection(Flow *, Packet *);
void FlowL7DataPtrInit(Flow *);
void FlowL7DataPtrFree(Flow *);
#endif /* __FLOW_H__ */

4
src/source-erf-file.c
Unescape Escape View File

@ -199,10 +199,10 @@ DecodeErfFileThreadInit(ThreadVars *tv, void *initdata, void **data)
{
SCEnter();
DecodeThreadVars *dtv = NULL;
dtv = DecodeThreadVarsAlloc();
if ((dtv = SCMalloc(sizeof(DecodeThreadVars))) == NULL)
if (dtv == NULL)
SCReturnInt(TM_ECODE_FAILED);
memset(dtv, 0, sizeof(DecodeThreadVars));
DecodeRegisterPerfCounters(dtv, tv);

4
src/source-ipfw.c
Unescape Escape View File

@ -442,10 +442,10 @@ TmEcode DecodeIPFW(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
TmEcode DecodeIPFWThreadInit(ThreadVars *tv, void *initdata, void **data)
{
DecodeThreadVars *dtv = NULL;
dtv = DecodeThreadVarsAlloc();
if ( (dtv = SCMalloc(sizeof(DecodeThreadVars))) == NULL)
if (dtv == NULL)
SCReturnInt(TM_ECODE_FAILED);
memset(dtv, 0, sizeof(DecodeThreadVars));
DecodeRegisterPerfCounters(dtv, tv);

6
src/source-nfq.c
Unescape Escape View File

@ -644,10 +644,10 @@ TmEcode DecodeNFQ(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Packet
TmEcode DecodeNFQThreadInit(ThreadVars *tv, void *initdata, void **data)
{
DecodeThreadVars *dtv = NULL;
dtv = DecodeThreadVarsAlloc();
if ( (dtv = SCMalloc(sizeof(DecodeThreadVars))) == NULL)
return TM_ECODE_FAILED;
memset(dtv, 0, sizeof(DecodeThreadVars));
if (dtv == NULL)
SCReturnInt(TM_ECODE_FAILED);
DecodeRegisterPerfCounters(dtv, tv);

4
src/source-pcap-file.c
Unescape Escape View File

@ -327,10 +327,10 @@ TmEcode DecodePcapFileThreadInit(ThreadVars *tv, void *initdata, void **data)
{
SCEnter();
DecodeThreadVars *dtv = NULL;
dtv = DecodeThreadVarsAlloc();
if ( (dtv = SCMalloc(sizeof(DecodeThreadVars))) == NULL)
if (dtv == NULL)
SCReturnInt(TM_ECODE_FAILED);
memset(dtv, 0, sizeof(DecodeThreadVars));
DecodeRegisterPerfCounters(dtv, tv);

5
src/source-pcap.c
Unescape Escape View File

@ -509,9 +509,10 @@ TmEcode DecodePcapThreadInit(ThreadVars *tv, void *initdata, void **data)
SCEnter();
DecodeThreadVars *dtv = NULL;
if ( (dtv = SCMalloc(sizeof(DecodeThreadVars))) == NULL)
dtv = DecodeThreadVarsAlloc();
if (dtv == NULL)
SCReturnInt(TM_ECODE_FAILED);
memset(dtv, 0, sizeof(DecodeThreadVars));
DecodeRegisterPerfCounters(dtv, tv);

7
src/source-pfring.c
Unescape Escape View File

@ -378,9 +378,10 @@ TmEcode DecodePfringThreadInit(ThreadVars *tv, void *initdata, void **data)
{
DecodeThreadVars *dtv = NULL;
if ( (dtv = SCMalloc(sizeof(DecodeThreadVars))) == NULL)
return TM_ECODE_FAILED;
memset(dtv, 0, sizeof(DecodeThreadVars));
dtv = DecodeThreadVarsAlloc();
if (dtv == NULL)
SCReturnInt(TM_ECODE_FAILED);
DecodeRegisterPerfCounters(dtv, tv);

2
src/stream-tcp-private.h
Unescape Escape View File

@ -160,10 +160,8 @@ enum
typedef struct TcpSession_ {
uint8_t state;
uint16_t flags;
uint16_t alproto; /**< application level protocol */
TcpStream server;
TcpStream client;
void **aldata; /**< application level storage ptrs */
struct StreamMsg_ *toserver_smsg_head; /**< list of stream msgs (for detection inspection) */
struct StreamMsg_ *toserver_smsg_tail; /**< list of stream msgs (for detection inspection) */
struct StreamMsg_ *toclient_smsg_head; /**< list of stream msgs (for detection inspection) */

56
src/stream-tcp-reassemble.c
Unescape Escape View File

@ -1964,48 +1964,6 @@ int StreamTcpReassembleHandleSegment(TcpReassemblyThreadCtx *ra_ctx,
SCReturnInt(0);
}
/** \brief Initialize the l7data ptr in the TCP session used by the L7 Modules
* for data storage.
*
* \param ssn TcpSesssion to init the ptrs for
* \param cnt number of items in the array
*
* \todo VJ use a pool?
*/
void StreamL7DataPtrInit(TcpSession *ssn) {
if (ssn->aldata != NULL)
return;
uint32_t size = (uint32_t)(sizeof (void *) * StreamL7GetStorageSize());
if (StreamTcpCheckMemcap(size) == 0)
return;
ssn->aldata = (void **) SCMalloc(size);
if (ssn->aldata != NULL) {
StreamTcpIncrMemuse(size);
uint8_t u;
for (u = 0; u < StreamL7GetStorageSize(); u++) {
ssn->aldata[u] = NULL;
}
}
}
void StreamL7DataPtrFree(TcpSession *ssn) {
if (ssn == NULL)
return;
if (ssn->aldata == NULL)
return;
SCFree(ssn->aldata);
ssn->aldata = NULL;
uint32_t size = (uint32_t)(sizeof (void *) * StreamL7GetStorageSize());
StreamTcpDecrMemuse(size);
}
/**
* \brief Function to replace the data from a specific point up to given length.
*
@ -4376,7 +4334,7 @@ static int StreamTcpReassembleTest38 (void) {
ssn.client.ra_base_seq = 9;
ssn.client.isn = 9;
ssn.client.last_ack = 60;
ssn.alproto = ALPROTO_UNKNOWN;
f.alproto = ALPROTO_UNKNOWN;
f.src = src;
f.dst = dst;
@ -4526,7 +4484,7 @@ static int StreamTcpReassembleTest39 (void) {
ssn.client.ra_base_seq = 9;
ssn.client.isn = 9;
ssn.client.last_ack = 60;
ssn.alproto = ALPROTO_UNKNOWN;
f.alproto = ALPROTO_UNKNOWN;
inet_pton(AF_INET, "1.2.3.4", &in);
src.family = AF_INET;
@ -4716,7 +4674,7 @@ static int StreamTcpReassembleTest40 (void) {
ssn.client.ra_base_seq = 9;
ssn.client.isn = 9;
ssn.client.last_ack = 10;
ssn.alproto = ALPROTO_UNKNOWN;
f.alproto = ALPROTO_UNKNOWN;
inet_pton(AF_INET, "1.2.3.4", &in);
src.family = AF_INET;
@ -4901,7 +4859,7 @@ static int StreamTcpReassembleTest40 (void) {
goto end;
}
if (ssn.alproto != ALPROTO_HTTP) {
if (f.alproto != ALPROTO_HTTP) {
printf("app layer proto has not been detected\n");
goto end;
}
@ -4980,7 +4938,7 @@ static int StreamTcpReassembleTest41 (void) {
ssn.client.ra_base_seq = 9;
ssn.client.isn = 9;
ssn.client.last_ack = 600;
ssn.alproto = ALPROTO_UNKNOWN;
f.alproto = ALPROTO_UNKNOWN;
inet_pton(AF_INET, "1.2.3.4", &in);
src.family = AF_INET;
@ -5145,7 +5103,7 @@ static int StreamTcpReassembleTest42 (void) {
ssn.client.ra_base_seq = 9;
ssn.client.isn = 9;
ssn.client.last_ack = 60;
ssn.alproto = ALPROTO_UNKNOWN;
f.alproto = ALPROTO_UNKNOWN;
inet_pton(AF_INET, "1.2.3.4", &in);
src.family = AF_INET;
@ -5317,7 +5275,7 @@ static int StreamTcpReassembleTest43 (void) {
ssn.client.ra_base_seq = 9;
ssn.client.isn = 9;
ssn.client.last_ack = 600;
ssn.alproto = ALPROTO_UNKNOWN;
f.alproto = ALPROTO_UNKNOWN;
/* Check the minimum init smsg length. It should be equal to the min length
of given signature in toserver direction. */

4
src/stream-tcp-reassemble.h
Unescape Escape View File

@ -66,10 +66,6 @@ int StreamTcpReassembleProcessAppLayer(TcpReassemblyThreadCtx *);
void StreamTcpCreateTestPacket(uint8_t *, uint8_t, uint8_t, uint8_t);
void StreamL7DataPtrInit(TcpSession *);
void StreamL7DataPtrFree(TcpSession *);
void StreamTcpSetSessionNoApplayerInspectionFlag(TcpSession *);
void StreamTcpSetSessionNoReassemblyFlag (TcpSession *, char );
void StreamTcpSetOSPolicy(TcpStream *, Packet *);

8
src/stream-tcp.c
Unescape Escape View File

@ -183,7 +183,7 @@ void StreamTcpSessionClear(void *ssnptr)
StreamTcpReturnStreamSegments(&ssn->client);
StreamTcpReturnStreamSegments(&ssn->server);
AppLayerParserCleanupState(ssn);
//AppLayerParserCleanupState(ssn);
/* if we have (a) smsg(s), return to the pool */
smsg = ssn->toserver_smsg_head;
@ -331,7 +331,6 @@ void StreamTcpSessionPoolFree(void *s)
}
ssn->toclient_smsg_head = NULL;
StreamL7DataPtrFree(ssn);
SCFree(ssn);
StreamTcpDecrMemuse((uint32_t)sizeof(TcpSession));
@ -476,7 +475,6 @@ TcpSession *StreamTcpNewSession (Packet *p)
}
ssn->state = TCP_NONE;
ssn->aldata = NULL;
}
return ssn;
@ -2532,7 +2530,7 @@ static int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt)
SCReturnInt(-1);
if (ssn != NULL)
SCLogDebug("ssn->alproto %"PRIu16"", ssn->alproto);
SCLogDebug("ssn->alproto %"PRIu16"", p->flow->alproto);
} else {
/* check if the packet is in right direction, when we missed the
SYN packet and picked up midstream session. */
@ -3047,7 +3045,7 @@ static int StreamTcpTest01 (void) {
}
f.protoctx = ssn;
if (ssn->aldata != NULL) {
if (f.aldata != NULL) {
printf("AppLayer field not set to NULL: ");
goto end;
}

1
src/util-unittest-helper.c
Unescape Escape View File

@ -146,6 +146,7 @@ Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
p->ip4h->ip_src.s_addr = p->src.addr_data32[0];
p->ip4h->ip_dst.s_addr = p->dst.addr_data32[0];
p->proto = ipproto;
switch (ipproto) {
case IPPROTO_UDP:

Write Preview
Loading…
Cancel
Save