From ac3cf6ff75a3e5be39867bba1830076ac43e9f50 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Sat, 6 Jun 2020 19:02:28 +0200 Subject: [PATCH] detect/config: set config for special cases Allow app-layer to declare the txs are uni-directional and special care is needed for applying config. --- rust/src/applayer.rs | 1 + rust/src/dns/dns.rs | 4 ++++ src/app-layer-parser.c | 6 ++++++ src/app-layer-parser.h | 2 ++ src/detect-config.c | 10 ++++++++++ 5 files changed, 23 insertions(+) diff --git a/rust/src/applayer.rs b/rust/src/applayer.rs index 9ea23a3db..8c9bc521a 100644 --- a/rust/src/applayer.rs +++ b/rust/src/applayer.rs @@ -297,6 +297,7 @@ pub const APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD : u8 = 0b100; pub const APP_LAYER_PARSER_BYPASS_READY : u8 = 0b1000; pub const APP_LAYER_PARSER_OPT_ACCEPT_GAPS: u32 = BIT_U32!(0); +pub const APP_LAYER_PARSER_OPT_UNIDIR_TXS: u32 = BIT_U32!(1); pub type AppLayerGetTxIteratorFn = extern "C" fn (ipproto: u8, alproto: AppProto, diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index e0fa1ce12..eed586404 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -989,6 +989,8 @@ pub unsafe extern "C" fn rs_dns_udp_register_parser() { if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 { let _ = AppLayerRegisterParser(&parser, alproto); } + AppLayerParserRegisterOptionFlags(IPPROTO_UDP as u8, ALPROTO_DNS, + crate::applayer::APP_LAYER_PARSER_OPT_UNIDIR_TXS); } } @@ -1034,6 +1036,8 @@ pub unsafe extern "C" fn rs_dns_tcp_register_parser() { } AppLayerParserRegisterOptionFlags(IPPROTO_TCP as u8, ALPROTO_DNS, crate::applayer::APP_LAYER_PARSER_OPT_ACCEPT_GAPS); + AppLayerParserRegisterOptionFlags(IPPROTO_TCP as u8, ALPROTO_DNS, + crate::applayer::APP_LAYER_PARSER_OPT_UNIDIR_TXS); } } diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index badc85c1a..22636d6fc 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -387,6 +387,12 @@ void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto, SCReturn; } +uint32_t AppLayerParserGetOptionFlags(uint8_t protomap, AppProto alproto) +{ + SCEnter(); + SCReturnUInt(alp_ctx.ctxs[protomap][alproto].option_flags); +} + void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void), void (*StateFree)(void *)) diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index e8f00f569..85623d3a4 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -41,6 +41,7 @@ /* Flags for AppLayerParserProtoCtx. */ #define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) +#define APP_LAYER_PARSER_OPT_UNIDIR_TXS BIT_U32(1) #define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) @@ -192,6 +193,7 @@ void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto, /***** Get and transaction functions *****/ +uint32_t AppLayerParserGetOptionFlags(uint8_t protomap, AppProto alproto); AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto, const AppProto alproto); diff --git a/src/detect-config.c b/src/detect-config.c index 315cacb7c..37d0d7a1a 100644 --- a/src/detect-config.c +++ b/src/detect-config.c @@ -95,6 +95,16 @@ static void ConfigApplyTx(Flow *f, } else { SCLogDebug("no tx data"); } + + if (AppLayerParserGetOptionFlags(f->protomap, f->alproto) & + APP_LAYER_PARSER_OPT_UNIDIR_TXS) { + SCLogDebug("handle unidir tx"); + AppLayerTxConfig req; + memset(&req, 0, sizeof(req)); + req.log_flags = BIT_U8(config->type); + AppLayerParserApplyTxConfig(f->proto, f->alproto, f->alstate, tx, + CONFIG_ACTION_SET, req); + } } else { SCLogDebug("no tx"); } -- 2.47.2