[people/ms/suricata.git] / src / app-layer-register.c

/* Copyright (C) 2017 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author Pierre Chifflier <chifflier@wzdftpd.net>
 *
 * Parser registration functions.
 */

#include "suricata-common.h"
#include "stream.h"
#include "conf.h"

#include "app-layer-detect-proto.h"
#include "app-layer-parser.h"

#include "app-layer-register.h"

static const char * IpProtoToString(int ip_proto);

AppProto AppLayerRegisterProtocolDetection(const struct AppLayerParser *p, int enable_default)
{
    AppProto alproto;
    const char *ip_proto_str = NULL;

    if (p == NULL)
        FatalError(SC_ERR_FATAL, "Call to %s with NULL pointer.", __FUNCTION__);

    alproto = StringToAppProto(p->name);
    if (alproto == ALPROTO_UNKNOWN || alproto == ALPROTO_FAILED)
        FatalError(SC_ERR_FATAL, "Unknown or invalid AppProto '%s'.", p->name);

    ip_proto_str = IpProtoToString(p->ip_proto);
    if (ip_proto_str == NULL)
        FatalError(SC_ERR_FATAL, "Unknown or unsupported ip_proto field in parser '%s'", p->name);

    SCLogDebug("%s %s protocol detection enabled.", ip_proto_str, p->name);

    AppLayerProtoDetectRegisterProtocol(alproto, p->name);

    if (RunmodeIsUnittests()) {

        SCLogDebug("Unittest mode, registering default configuration.");
        AppLayerProtoDetectPPRegister(p->ip_proto, p->default_port,
                alproto, p->min_depth, p->max_depth, STREAM_TOSERVER,
                p->ProbeTS, p->ProbeTC);

    }
    else {

        if (!AppLayerProtoDetectPPParseConfPorts(ip_proto_str, p->ip_proto,
                    p->name, alproto, p->min_depth, p->max_depth,
                    p->ProbeTS, p->ProbeTC)) {
            if (enable_default != 0) {
                SCLogDebug("No %s app-layer configuration, enabling %s"
                        " detection %s detection on port %s.",
                        p->name, p->name, ip_proto_str, p->default_port);
                AppLayerProtoDetectPPRegister(p->ip_proto,
                        p->default_port, alproto,
                        p->min_depth, p->max_depth, STREAM_TOSERVER,
                        p->ProbeTS, p->ProbeTC);
            } else {
                SCLogDebug("No %s app-layer configuration for detection port (%s).",
                        p->name, ip_proto_str);
            }
        }

    }

    return alproto;
}

int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto)
{
    const char *ip_proto_str = NULL;

    if (p == NULL)
        FatalError(SC_ERR_FATAL, "Call to %s with NULL pointer.", __FUNCTION__);

    if (alproto == ALPROTO_UNKNOWN || alproto >= ALPROTO_FAILED)
        FatalError(SC_ERR_FATAL, "Unknown or invalid AppProto '%s'.", p->name);

    ip_proto_str = IpProtoToString(p->ip_proto);
    if (ip_proto_str == NULL)
        FatalError(SC_ERR_FATAL, "Unknown or unsupported ip_proto field in parser '%s'", p->name);

    SCLogDebug("Registering %s protocol parser.", p->name);

    /* Register functions for state allocation and freeing. A
     * state is allocated for every new flow. */
    AppLayerParserRegisterStateFuncs(p->ip_proto, alproto,
        p->StateAlloc, p->StateFree);

    /* Register request parser for parsing frame from server to server. */
    AppLayerParserRegisterParser(p->ip_proto, alproto,
        STREAM_TOSERVER, p->ParseTS);

    /* Register response parser for parsing frames from server to client. */
    AppLayerParserRegisterParser(p->ip_proto, alproto,
        STREAM_TOCLIENT, p->ParseTC);

    /* Register a function to be called by the application layer
     * when a transaction is to be freed. */
    AppLayerParserRegisterTxFreeFunc(p->ip_proto, alproto,
        p->StateTransactionFree);

    /* Register a function to return the current transaction count. */
    AppLayerParserRegisterGetTxCnt(p->ip_proto, alproto,
        p->StateGetTxCnt);

    /* Transaction handling. */
    AppLayerParserRegisterGetStateProgressCompletionStatus(alproto,
        p->StateGetProgressCompletionStatus);
    AppLayerParserRegisterGetStateProgressFunc(p->ip_proto, alproto,
        p->StateGetProgress);
    AppLayerParserRegisterGetTx(p->ip_proto, alproto,
        p->StateGetTx);

    if (p->StateGetTxLogged && p->StateSetTxLogged) {
        AppLayerParserRegisterLoggerFuncs(p->ip_proto, alproto,
                p->StateGetTxLogged, p->StateSetTxLogged);
    }

    /* What is this being registered for? */
    AppLayerParserRegisterDetectStateFuncs(p->ip_proto, alproto,
        p->GetTxDetectState, p->SetTxDetectState);

    if (p->StateGetEventInfo) {
        AppLayerParserRegisterGetEventInfo(p->ip_proto, alproto,
                p->StateGetEventInfo);
    }
    if (p->StateGetEvents) {
        AppLayerParserRegisterGetEventsFunc(p->ip_proto, alproto,
                p->StateGetEvents);
    }
    if (p->LocalStorageAlloc && p->LocalStorageFree) {
        AppLayerParserRegisterLocalStorageFunc(p->ip_proto, alproto,
                p->LocalStorageAlloc, p->LocalStorageFree);
    }
    if (p->GetTxMpmIDs && p->SetTxMpmIDs) {
        AppLayerParserRegisterMpmIDsFuncs(p->ip_proto, alproto,
                p->GetTxMpmIDs, p->SetTxMpmIDs);
    }
    if (p->StateGetFiles) {
        AppLayerParserRegisterGetFilesFunc(p->ip_proto, alproto,
                p->StateGetFiles);
    }

    if (p->GetTxIterator) {
        AppLayerParserRegisterGetTxIterator(p->ip_proto, alproto,
                p->GetTxIterator);
    }

    return 0;
}

static const char * IpProtoToString(int ip_proto)
{
    switch (ip_proto) {
        case IPPROTO_TCP:
            return "tcp";
        case IPPROTO_UDP:
            return "udp";
        default:
            return NULL;
    };

}
Commit	Line	Data
3edc7653 PC	1	/* Copyright (C) 2017 Open Information Security Foundation
	2	*
	3	* You can copy, redistribute or modify this Program under the terms of
	4	* the GNU General Public License version 2 as published by the Free
	5	* Software Foundation.
	6	*
	7	* This program is distributed in the hope that it will be useful,
	8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	10	* GNU General Public License for more details.
	11	*
	12	* You should have received a copy of the GNU General Public License
	13	* version 2 along with this program; if not, write to the Free Software
	14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
	15	* 02110-1301, USA.
	16	*/
	17
	18	/**
	19	* \file
	20	*
	21	* \author Pierre Chifflier <chifflier@wzdftpd.net>
	22	*
	23	* Parser registration functions.
	24	*/
	25
	26	#include "suricata-common.h"
	27	#include "stream.h"
	28	#include "conf.h"
	29
	30	#include "app-layer-detect-proto.h"
	31	#include "app-layer-parser.h"
	32
	33	#include "app-layer-register.h"
	34
	35	static const char * IpProtoToString(int ip_proto);
	36
	37	AppProto AppLayerRegisterProtocolDetection(const struct AppLayerParser *p, int enable_default)
	38	{
	39	AppProto alproto;
	40	const char *ip_proto_str = NULL;
	41
	42	if (p == NULL)
	43	FatalError(SC_ERR_FATAL, "Call to %s with NULL pointer.", __FUNCTION__);
	44
	45	alproto = StringToAppProto(p->name);
	46	if (alproto == ALPROTO_UNKNOWN \|\| alproto == ALPROTO_FAILED)
	47	FatalError(SC_ERR_FATAL, "Unknown or invalid AppProto '%s'.", p->name);
	48
	49	ip_proto_str = IpProtoToString(p->ip_proto);
	50	if (ip_proto_str == NULL)
	51	FatalError(SC_ERR_FATAL, "Unknown or unsupported ip_proto field in parser '%s'", p->name);
	52
	53	SCLogDebug("%s %s protocol detection enabled.", ip_proto_str, p->name);
	54
	55	AppLayerProtoDetectRegisterProtocol(alproto, p->name);
	56
	57	if (RunmodeIsUnittests()) {
	58
	59	SCLogDebug("Unittest mode, registering default configuration.");
	60	AppLayerProtoDetectPPRegister(p->ip_proto, p->default_port,
	61	alproto, p->min_depth, p->max_depth, STREAM_TOSERVER,
	62	p->ProbeTS, p->ProbeTC);
	63
	64	}
65	else {
66
67	if (!AppLayerProtoDetectPPParseConfPorts(ip_proto_str, p->ip_proto,
68	p->name, alproto, p->min_depth, p->max_depth,
69	p->ProbeTS, p->ProbeTC)) {
70	if (enable_default != 0) {
71	SCLogDebug("No %s app-layer configuration, enabling %s"
72	" detection %s detection on port %s.",
73	p->name, p->name, ip_proto_str, p->default_port);
74	AppLayerProtoDetectPPRegister(p->ip_proto,
75	p->default_port, alproto,
76	p->min_depth, p->max_depth, STREAM_TOSERVER,
77	p->ProbeTS, p->ProbeTC);
78	} else {
79	SCLogDebug("No %s app-layer configuration for detection port (%s).",
80	p->name, ip_proto_str);
81	}
82	}
83
84	}
85
86	return alproto;
87	}
88
89	int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto)
90	{
91	const char *ip_proto_str = NULL;
92
93	if (p == NULL)
94	FatalError(SC_ERR_FATAL, "Call to %s with NULL pointer.", __FUNCTION__);
95
96	if (alproto == ALPROTO_UNKNOWN \|\| alproto >= ALPROTO_FAILED)
97	FatalError(SC_ERR_FATAL, "Unknown or invalid AppProto '%s'.", p->name);
98
99	ip_proto_str = IpProtoToString(p->ip_proto);
100	if (ip_proto_str == NULL)
101	FatalError(SC_ERR_FATAL, "Unknown or unsupported ip_proto field in parser '%s'", p->name);
102
103	SCLogDebug("Registering %s protocol parser.", p->name);
104
105	/* Register functions for state allocation and freeing. A
106	* state is allocated for every new flow. */
107	AppLayerParserRegisterStateFuncs(p->ip_proto, alproto,
108	p->StateAlloc, p->StateFree);
109
110	/* Register request parser for parsing frame from server to server. */
111	AppLayerParserRegisterParser(p->ip_proto, alproto,
112	STREAM_TOSERVER, p->ParseTS);
113
114	/* Register response parser for parsing frames from server to client. */
115	AppLayerParserRegisterParser(p->ip_proto, alproto,
116	STREAM_TOCLIENT, p->ParseTC);
117
118	/* Register a function to be called by the application layer
119	* when a transaction is to be freed. */
120	AppLayerParserRegisterTxFreeFunc(p->ip_proto, alproto,
121	p->StateTransactionFree);
122
123	/* Register a function to return the current transaction count. */
124	AppLayerParserRegisterGetTxCnt(p->ip_proto, alproto,
125	p->StateGetTxCnt);
126
127	/* Transaction handling. */
128	AppLayerParserRegisterGetStateProgressCompletionStatus(alproto,
129	p->StateGetProgressCompletionStatus);
130	AppLayerParserRegisterGetStateProgressFunc(p->ip_proto, alproto,
131	p->StateGetProgress);
132	AppLayerParserRegisterGetTx(p->ip_proto, alproto,
133	p->StateGetTx);
134
135	if (p->StateGetTxLogged && p->StateSetTxLogged) {
136	AppLayerParserRegisterLoggerFuncs(p->ip_proto, alproto,
137	p->StateGetTxLogged, p->StateSetTxLogged);
138	}
139
3edc7653 PC	140	/* What is this being registered for? */
3edc7653 PC	141	AppLayerParserRegisterDetectStateFuncs(p->ip_proto, alproto,
7548944b	142	p->GetTxDetectState, p->SetTxDetectState);
3edc7653 PC	143
	144	if (p->StateGetEventInfo) {
	145	AppLayerParserRegisterGetEventInfo(p->ip_proto, alproto,
	146	p->StateGetEventInfo);
	147	}
	148	if (p->StateGetEvents) {
	149	AppLayerParserRegisterGetEventsFunc(p->ip_proto, alproto,
	150	p->StateGetEvents);
	151	}
	152	if (p->LocalStorageAlloc && p->LocalStorageFree) {
	153	AppLayerParserRegisterLocalStorageFunc(p->ip_proto, alproto,
	154	p->LocalStorageAlloc, p->LocalStorageFree);
	155	}
	156	if (p->GetTxMpmIDs && p->SetTxMpmIDs) {
	157	AppLayerParserRegisterMpmIDsFuncs(p->ip_proto, alproto,
	158	p->GetTxMpmIDs, p->SetTxMpmIDs);
	159	}
	160	if (p->StateGetFiles) {
	161	AppLayerParserRegisterGetFilesFunc(p->ip_proto, alproto,
	162	p->StateGetFiles);
	163	}
	164
14843a7b JI	165	if (p->GetTxIterator) {
	166	AppLayerParserRegisterGetTxIterator(p->ip_proto, alproto,
	167	p->GetTxIterator);
	168	}
	169
3edc7653 PC	170	return 0;
	171	}
	172
	173	static const char * IpProtoToString(int ip_proto)
	174	{
	175	switch (ip_proto) {
	176	case IPPROTO_TCP:
	177	return "tcp";
	178	case IPPROTO_UDP:
	179	return "udp";
	180	default:
	181	return NULL;
	182	};
	183
	184	}