aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

app-layer: add --list-app-layer-hooks options

Browse Source 
This provides a list of available hooks.

Ticket: #7702.
pull/13211/head
Victor Julien 7 months ago committed by Victor Julien
parent 019c746d79
commit acc7bd0c6f
4 changed files with 84 additions and 11 deletions
Show Stats Download Patch File Download Diff File

1
src/runmodes.h
Unescape Escape View File

@ -45,6 +45,7 @@ typedef enum SCRunModes {
RUNMODE_USER_MAX, /* Last standard running mode */
RUNMODE_LIST_KEYWORDS,
RUNMODE_LIST_APP_LAYERS,
RUNMODE_LIST_APP_LAYER_HOOKS,
RUNMODE_LIST_RUNMODES,
RUNMODE_PRINT_VERSION,
RUNMODE_PRINT_BUILDINFO,

32
src/suricata.c
Unescape Escape View File

@ -621,6 +621,8 @@ static void PrintUsage(const char *progname)
printf("\t--firewall-rules-exclusive=<path> : path to firewall rule file loaded "
"exclusively\n");
printf("\t--list-app-layer-protos : list supported app layer protocols\n");
printf("\t--list-app-layer-hooks : list supported app layer hooks for use in "
"rules\n");
printf("\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
printf("\t--list-runmodes : list supported runmodes\n");
printf("\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
@ -1325,6 +1327,7 @@ TmEcode SCParseCommandLine(int argc, char **argv)
int dump_config = 0;
int dump_features = 0;
int list_app_layer_protocols = 0;
int list_app_layer_hooks = 0;
int list_unittests = 0;
int list_runmodes = 0;
int list_keywords = 0;
@ -1371,6 +1374,7 @@ TmEcode SCParseCommandLine(int argc, char **argv)
{"pcap-buffer-size", required_argument, 0, 0},
{"unittest-filter", required_argument, 0, 'U'},
{"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
{"list-app-layer-hooks", 0, &list_app_layer_hooks, 1},
{"list-unittests", 0, &list_unittests, 1},
{"list-runmodes", 0, &list_runmodes, 1},
{"list-keywords", optional_argument, &list_keywords, 1},
@ -1562,8 +1566,9 @@ TmEcode SCParseCommandLine(int argc, char **argv)
}
else if(strcmp((long_opts[option_index]).name, "list-app-layer-protocols") == 0) {
/* listing all supported app layer protocols */
}
else if(strcmp((long_opts[option_index]).name, "list-unittests") == 0) {
} else if (strcmp((long_opts[option_index]).name, "list-app-layer-hooks") == 0) {
/* listing all supported app layer hooks */
} else if (strcmp((long_opts[option_index]).name, "list-unittests") == 0) {
#ifdef UNITTESTS
suri->run_mode = RUNMODE_LIST_UNITTEST;
#else
@ -1582,31 +1587,28 @@ TmEcode SCParseCommandLine(int argc, char **argv)
}
} else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
suri->runmode_custom_mode = optarg;
} else if(strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
} else if (strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
// do nothing for now
}
#ifdef OS_WIN32
else if(strcmp((long_opts[option_index]).name, "service-install") == 0) {
else if (strcmp((long_opts[option_index]).name, "service-install") == 0) {
suri->run_mode = RUNMODE_INSTALL_SERVICE;
return TM_ECODE_OK;
}
else if(strcmp((long_opts[option_index]).name, "service-remove") == 0) {
} else if (strcmp((long_opts[option_index]).name, "service-remove") == 0) {
suri->run_mode = RUNMODE_REMOVE_SERVICE;
return TM_ECODE_OK;
}
else if(strcmp((long_opts[option_index]).name, "service-change-params") == 0) {
} else if (strcmp((long_opts[option_index]).name, "service-change-params") == 0) {
suri->run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
return TM_ECODE_OK;
}
#endif /* OS_WIN32 */
else if(strcmp((long_opts[option_index]).name, "pidfile") == 0) {
else if (strcmp((long_opts[option_index]).name, "pidfile") == 0) {
suri->pid_filename = SCStrdup(optarg);
if (suri->pid_filename == NULL) {
SCLogError("strdup failed: %s", strerror(errno));
return TM_ECODE_FAILED;
}
}
else if(strcmp((long_opts[option_index]).name, "disable-detection") == 0) {
} else if (strcmp((long_opts[option_index]).name, "disable-detection") == 0) {
g_detect_disabled = suri->disabled_detect = 1;
} else if (strcmp((long_opts[option_index]).name, "disable-hashing") == 0) {
g_disable_hashing = true;
@ -2065,6 +2067,8 @@ TmEcode SCParseCommandLine(int argc, char **argv)
if (list_app_layer_protocols)
suri->run_mode = RUNMODE_LIST_APP_LAYERS;
if (list_app_layer_hooks)
suri->run_mode = RUNMODE_LIST_APP_LAYER_HOOKS;
if (list_keywords)
suri->run_mode = RUNMODE_LIST_KEYWORDS;
if (list_unittests)
@ -2337,6 +2341,12 @@ int SCStartInternalRunMode(int argc, char **argv)
} else {
return ListAppLayerProtocols(DEFAULT_CONF_FILE);
}
case RUNMODE_LIST_APP_LAYER_HOOKS:
if (suri->conf_filename != NULL) {
return ListAppLayerHooks(suri->conf_filename);
} else {
return ListAppLayerHooks(DEFAULT_CONF_FILE);
}
case RUNMODE_PRINT_VERSION:
PrintVersion();
return TM_ECODE_DONE;

61
src/util-running-modes.c
Unescape Escape View File

@ -24,6 +24,7 @@
#include "app-layer-detect-proto.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "detect-engine.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "conf-yaml-loader.h"
@ -54,3 +55,63 @@ int ListAppLayerProtocols(const char *conf_filename)
return TM_ECODE_DONE;
}
static bool IsBuiltIn(const char *n)
{
if (strcmp(n, "request_started") == 0 || strcmp(n, "response_started") == 0) {
return true;
}
if (strcmp(n, "request_complete") == 0 || strcmp(n, "response_complete") == 0) {
return true;
}
return false;
}
int ListAppLayerHooks(const char *conf_filename)
{
EngineModeSetIDS();
if (SCConfYamlLoadFile(conf_filename) != -1)
SCLogLoadConfig(0, 0, 0, 0);
MpmTableSetup();
SpmTableSetup();
AppLayerSetup();
AppProto alprotos[g_alproto_max];
AppLayerProtoDetectSupportedAppProtocols(alprotos);
printf("=========Supported App Layer Hooks=========\n");
for (AppProto a = 0; a < g_alproto_max; a++) {
if (alprotos[a] != 1)
continue;
const char *alproto_name = AppProtoToString(a);
if (strcmp(alproto_name, "http") == 0)
alproto_name = "http1";
SCLogDebug("alproto %u/%s", a, alproto_name);
const int max_progress_ts =
AppLayerParserGetStateProgressCompletionStatus(a, STREAM_TOSERVER);
const int max_progress_tc =
AppLayerParserGetStateProgressCompletionStatus(a, STREAM_TOCLIENT);
printf("%s:%s\n", alproto_name, "request_started");
for (int p = 0; p <= max_progress_ts; p++) {
const char *name = AppLayerParserGetStateNameById(
IPPROTO_TCP /* TODO no ipproto */, a, p, STREAM_TOSERVER);
if (name != NULL && !IsBuiltIn(name)) {
printf("%s:%s\n", alproto_name, name);
}
}
printf("%s:%s\n", alproto_name, "request_complete");
printf("%s:%s\n", alproto_name, "response_started");
for (int p = 0; p <= max_progress_tc; p++) {
const char *name = AppLayerParserGetStateNameById(
IPPROTO_TCP /* TODO no ipproto */, a, p, STREAM_TOCLIENT);
if (name != NULL && !IsBuiltIn(name)) {
printf("%s:%s\n", alproto_name, name);
}
}
printf("%s:%s\n", alproto_name, "response_complete");
}
return TM_ECODE_DONE;
}

1
src/util-running-modes.h
Unescape Escape View File

@ -25,5 +25,6 @@
int ListKeywords(const char *keyword_info);
int ListAppLayerProtocols(const char *conf_filename);
int ListAppLayerHooks(const char *conf_filename);
#endif /* SURICATA_UTIL_RUNNING_MODES_H */

Write Preview
Loading…
Cancel
Save