[people/ms/suricata.git] / src / app-layer-register.c

/* Copyright (C) 2017-2020 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author Pierre Chifflier <chifflier@wzdftpd.net>
 *
 * Parser registration functions.
 */

#include "suricata-common.h"
#include "stream.h"
#include "conf.h"

#include "app-layer-detect-proto.h"
#include "app-layer-parser.h"

#include "app-layer-register.h"

static const char * IpProtoToString(int ip_proto);

AppProto AppLayerRegisterProtocolDetection(const struct AppLayerParser *p, int enable_default)
{
    AppProto alproto;
    const char *ip_proto_str = NULL;

    if (p == NULL)
        FatalError(SC_ERR_FATAL, "Call to %s with NULL pointer.", __FUNCTION__);

    alproto = StringToAppProto(p->name);
    if (alproto == ALPROTO_UNKNOWN || alproto == ALPROTO_FAILED)
        FatalError(SC_ERR_FATAL, "Unknown or invalid AppProto '%s'.", p->name);

    ip_proto_str = IpProtoToString(p->ip_proto);
    if (ip_proto_str == NULL)
        FatalError(SC_ERR_FATAL, "Unknown or unsupported ip_proto field in parser '%s'", p->name);

    SCLogDebug("%s %s protocol detection enabled.", ip_proto_str, p->name);

    AppLayerProtoDetectRegisterProtocol(alproto, p->name);

    if (p->ProbeTS == NULL && p->ProbeTC == NULL) {
        BUG_ON(p->default_port != NULL);
        return alproto;
    }

    if (RunmodeIsUnittests()) {

        SCLogDebug("Unittest mode, registering default configuration.");
        AppLayerProtoDetectPPRegister(p->ip_proto, p->default_port,
                alproto, p->min_depth, p->max_depth, STREAM_TOSERVER,
                p->ProbeTS, p->ProbeTC);

    }
    else {

        if (!AppLayerProtoDetectPPParseConfPorts(ip_proto_str, p->ip_proto,
                    p->name, alproto, p->min_depth, p->max_depth,
                    p->ProbeTS, p->ProbeTC)) {
            if (enable_default != 0) {
                SCLogDebug("No %s app-layer configuration, enabling %s"
                        " detection %s detection on port %s.",
                        p->name, p->name, ip_proto_str, p->default_port);
                AppLayerProtoDetectPPRegister(p->ip_proto,
                        p->default_port, alproto,
                        p->min_depth, p->max_depth, STREAM_TOSERVER,
                        p->ProbeTS, p->ProbeTC);
            } else {
                SCLogDebug("No %s app-layer configuration for detection port (%s).",
                        p->name, ip_proto_str);
            }
        }

    }

    return alproto;
}

int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto)
{
    const char *ip_proto_str = NULL;

    if (p == NULL)
        FatalError(SC_ERR_FATAL, "Call to %s with NULL pointer.", __FUNCTION__);

    if (alproto == ALPROTO_UNKNOWN || alproto >= ALPROTO_FAILED)
        FatalError(SC_ERR_FATAL, "Unknown or invalid AppProto '%s'.", p->name);

    ip_proto_str = IpProtoToString(p->ip_proto);
    if (ip_proto_str == NULL)
        FatalError(SC_ERR_FATAL, "Unknown or unsupported ip_proto field in parser '%s'", p->name);

    SCLogDebug("Registering %s protocol parser.", p->name);

    /* Register functions for state allocation and freeing. A
     * state is allocated for every new flow. */
    AppLayerParserRegisterStateFuncs(p->ip_proto, alproto,
        p->StateAlloc, p->StateFree);

    /* Register request parser for parsing frame from server to server. */
    AppLayerParserRegisterParser(p->ip_proto, alproto,
        STREAM_TOSERVER, p->ParseTS);

    /* Register response parser for parsing frames from server to client. */
    AppLayerParserRegisterParser(p->ip_proto, alproto,
        STREAM_TOCLIENT, p->ParseTC);

    /* Register a function to be called by the application layer
     * when a transaction is to be freed. */
    AppLayerParserRegisterTxFreeFunc(p->ip_proto, alproto,
        p->StateTransactionFree);

    /* Register a function to return the current transaction count. */
    AppLayerParserRegisterGetTxCnt(p->ip_proto, alproto,
        p->StateGetTxCnt);

    /* Transaction handling. */
    AppLayerParserRegisterStateProgressCompletionStatus(alproto, p->complete_ts, p->complete_tc);

    AppLayerParserRegisterGetStateProgressFunc(p->ip_proto, alproto,
        p->StateGetProgress);
    AppLayerParserRegisterGetTx(p->ip_proto, alproto,
        p->StateGetTx);

    if (p->StateGetEventInfo) {
        AppLayerParserRegisterGetEventInfo(p->ip_proto, alproto,
                p->StateGetEventInfo);
    }
    if (p->StateGetEventInfoById) {
        AppLayerParserRegisterGetEventInfoById(p->ip_proto, alproto,
                p->StateGetEventInfoById);
    }
    if (p->LocalStorageAlloc && p->LocalStorageFree) {
        AppLayerParserRegisterLocalStorageFunc(p->ip_proto, alproto,
                p->LocalStorageAlloc, p->LocalStorageFree);
    }
    if (p->StateGetFiles) {
        AppLayerParserRegisterGetFilesFunc(p->ip_proto, alproto,
                p->StateGetFiles);
    }

    if (p->GetTxIterator) {
        AppLayerParserRegisterGetTxIterator(p->ip_proto, alproto,
                p->GetTxIterator);
    }

    if (p->GetTxData) {
        AppLayerParserRegisterTxDataFunc(p->ip_proto, alproto,
                p->GetTxData);
    }

    if (p->ApplyTxConfig) {
        AppLayerParserRegisterApplyTxConfigFunc(p->ip_proto, alproto,
                p->ApplyTxConfig);
    }

    if (p->flags) {
        AppLayerParserRegisterOptionFlags(p->ip_proto, alproto,
                p->flags);

    }

    if (p->Truncate) {
        AppLayerParserRegisterTruncateFunc(p->ip_proto, alproto, p->Truncate);
    }

    return 0;
}

int AppLayerRegisterParserAlias(const char *proto_name, const char *proto_alias)
{
    AppLayerProtoDetectRegisterAlias(proto_name, proto_alias);

    return 0;
}

static const char * IpProtoToString(int ip_proto)
{
    switch (ip_proto) {
        case IPPROTO_TCP:
            return "tcp";
        case IPPROTO_UDP:
            return "udp";
        default:
            return NULL;
    };

}
Commit	Line	Data
9664f73f	1	/* Copyright (C) 2017-2020 Open Information Security Foundation
3edc7653 PC	2	*
	3	* You can copy, redistribute or modify this Program under the terms of
	4	* the GNU General Public License version 2 as published by the Free
	5	* Software Foundation.
	6	*
	7	* This program is distributed in the hope that it will be useful,
	8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	10	* GNU General Public License for more details.
	11	*
	12	* You should have received a copy of the GNU General Public License
	13	* version 2 along with this program; if not, write to the Free Software
	14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
	15	* 02110-1301, USA.
	16	*/
	17
	18	/**
	19	* \file
	20	*
	21	* \author Pierre Chifflier <chifflier@wzdftpd.net>
	22	*
	23	* Parser registration functions.
	24	*/
	25
	26	#include "suricata-common.h"
	27	#include "stream.h"
	28	#include "conf.h"
	29
	30	#include "app-layer-detect-proto.h"
	31	#include "app-layer-parser.h"
	32
	33	#include "app-layer-register.h"
	34
	35	static const char * IpProtoToString(int ip_proto);
	36
	37	AppProto AppLayerRegisterProtocolDetection(const struct AppLayerParser *p, int enable_default)
	38	{
	39	AppProto alproto;
	40	const char *ip_proto_str = NULL;
	41
	42	if (p == NULL)
	43	FatalError(SC_ERR_FATAL, "Call to %s with NULL pointer.", __FUNCTION__);
	44
	45	alproto = StringToAppProto(p->name);
	46	if (alproto == ALPROTO_UNKNOWN \|\| alproto == ALPROTO_FAILED)
	47	FatalError(SC_ERR_FATAL, "Unknown or invalid AppProto '%s'.", p->name);
	48
	49	ip_proto_str = IpProtoToString(p->ip_proto);
	50	if (ip_proto_str == NULL)
	51	FatalError(SC_ERR_FATAL, "Unknown or unsupported ip_proto field in parser '%s'", p->name);
	52
	53	SCLogDebug("%s %s protocol detection enabled.", ip_proto_str, p->name);
	54
	55	AppLayerProtoDetectRegisterProtocol(alproto, p->name);
	56
6343920d	57	if (p->ProbeTS == NULL && p->ProbeTC == NULL) {
d166acbd	58	BUG_ON(p->default_port != NULL);
66632465 PA	59	return alproto;
	60	}
	61
3edc7653 PC	62	if (RunmodeIsUnittests()) {
	63
	64	SCLogDebug("Unittest mode, registering default configuration.");
	65	AppLayerProtoDetectPPRegister(p->ip_proto, p->default_port,
	66	alproto, p->min_depth, p->max_depth, STREAM_TOSERVER,
	67	p->ProbeTS, p->ProbeTC);
	68
	69	}
	70	else {
	71
	72	if (!AppLayerProtoDetectPPParseConfPorts(ip_proto_str, p->ip_proto,
	73	p->name, alproto, p->min_depth, p->max_depth,
	74	p->ProbeTS, p->ProbeTC)) {
	75	if (enable_default != 0) {
	76	SCLogDebug("No %s app-layer configuration, enabling %s"
	77	" detection %s detection on port %s.",
	78	p->name, p->name, ip_proto_str, p->default_port);
	79	AppLayerProtoDetectPPRegister(p->ip_proto,
	80	p->default_port, alproto,
	81	p->min_depth, p->max_depth, STREAM_TOSERVER,
	82	p->ProbeTS, p->ProbeTC);
	83	} else {
	84	SCLogDebug("No %s app-layer configuration for detection port (%s).",
	85	p->name, ip_proto_str);
	86	}
	87	}
	88
	89	}
	90
	91	return alproto;
	92	}
	93
	94	int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto)
	95	{
	96	const char *ip_proto_str = NULL;
	97
	98	if (p == NULL)
	99	FatalError(SC_ERR_FATAL, "Call to %s with NULL pointer.", __FUNCTION__);
	100
	101	if (alproto == ALPROTO_UNKNOWN \|\| alproto >= ALPROTO_FAILED)
	102	FatalError(SC_ERR_FATAL, "Unknown or invalid AppProto '%s'.", p->name);
	103
	104	ip_proto_str = IpProtoToString(p->ip_proto);
	105	if (ip_proto_str == NULL)
	106	FatalError(SC_ERR_FATAL, "Unknown or unsupported ip_proto field in parser '%s'", p->name);
	107
	108	SCLogDebug("Registering %s protocol parser.", p->name);
	109
	110	/* Register functions for state allocation and freeing. A
	111	* state is allocated for every new flow. */
	112	AppLayerParserRegisterStateFuncs(p->ip_proto, alproto,
	113	p->StateAlloc, p->StateFree);
	114
	115	/* Register request parser for parsing frame from server to server. */
	116	AppLayerParserRegisterParser(p->ip_proto, alproto,
	117	STREAM_TOSERVER, p->ParseTS);
	118
	119	/* Register response parser for parsing frames from server to client. */
	120	AppLayerParserRegisterParser(p->ip_proto, alproto,
	121	STREAM_TOCLIENT, p->ParseTC);
	122
	123	/* Register a function to be called by the application layer
	124	* when a transaction is to be freed. */
	125	AppLayerParserRegisterTxFreeFunc(p->ip_proto, alproto,
126	p->StateTransactionFree);
127
128	/* Register a function to return the current transaction count. */
129	AppLayerParserRegisterGetTxCnt(p->ip_proto, alproto,
130	p->StateGetTxCnt);
131
132	/* Transaction handling. */
efc9a7a3 VJ	133	AppLayerParserRegisterStateProgressCompletionStatus(alproto, p->complete_ts, p->complete_tc);
efc9a7a3 VJ	134
3edc7653 PC	135	AppLayerParserRegisterGetStateProgressFunc(p->ip_proto, alproto,
	136	p->StateGetProgress);
	137	AppLayerParserRegisterGetTx(p->ip_proto, alproto,
	138	p->StateGetTx);
	139
3edc7653 PC	140	if (p->StateGetEventInfo) {
	141	AppLayerParserRegisterGetEventInfo(p->ip_proto, alproto,
	142	p->StateGetEventInfo);
	143	}
a5d9d37c JL	144	if (p->StateGetEventInfoById) {
	145	AppLayerParserRegisterGetEventInfoById(p->ip_proto, alproto,
	146	p->StateGetEventInfoById);
	147	}
3edc7653 PC	148	if (p->LocalStorageAlloc && p->LocalStorageFree) {
	149	AppLayerParserRegisterLocalStorageFunc(p->ip_proto, alproto,
	150	p->LocalStorageAlloc, p->LocalStorageFree);
	151	}
3edc7653 PC	152	if (p->StateGetFiles) {
	153	AppLayerParserRegisterGetFilesFunc(p->ip_proto, alproto,
	154	p->StateGetFiles);
	155	}
	156
14843a7b JI	157	if (p->GetTxIterator) {
	158	AppLayerParserRegisterGetTxIterator(p->ip_proto, alproto,
	159	p->GetTxIterator);
	160	}
	161
411f428a VJ	162	if (p->GetTxData) {
	163	AppLayerParserRegisterTxDataFunc(p->ip_proto, alproto,
	164	p->GetTxData);
	165	}
	166
5665fc83 VJ	167	if (p->ApplyTxConfig) {
	168	AppLayerParserRegisterApplyTxConfigFunc(p->ip_proto, alproto,
	169	p->ApplyTxConfig);
	170	}
	171
53aa967e JI	172	if (p->flags) {
	173	AppLayerParserRegisterOptionFlags(p->ip_proto, alproto,
	174	p->flags);
	175
	176	}
	177
4da0d9bd VJ	178	if (p->Truncate) {
	179	AppLayerParserRegisterTruncateFunc(p->ip_proto, alproto, p->Truncate);
	180	}
	181
3edc7653 PC	182	return 0;
	183	}
	184
ab6171c4	185	int AppLayerRegisterParserAlias(const char proto_name, const char proto_alias)
	186	{
	187	AppLayerProtoDetectRegisterAlias(proto_name, proto_alias);
	188
	189	return 0;
	190	}
	191
3edc7653 PC	192	static const char * IpProtoToString(int ip_proto)
	193	{
	194	switch (ip_proto) {
	195	case IPPROTO_TCP:
	196	return "tcp";
	197	case IPPROTO_UDP:
	198	return "udp";
	199	default:
	200	return NULL;
	201	};
	202
	203	}