app-layer: register per proto logger bits

Create a bitmap of the loggers per protocol. This is done at runtime
based on the loggers that are enabled. Take the logger_id for each
logger and store it as a bitmap in the app-layer protcol storage.

Goal is to be able to use it as an expectation later.

diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index 3e5ba2436a121a7e21bccaea481640fa26b897bf..7cab8c4254a183c71f1f8e0649ae223f0fb115ac 100644 (file)
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -90,6 +90,7 @@ typedef struct AppLayerParserProtoCtx_
     /* 0 - to_server, 1 - to_client. */
     AppLayerParserFPtr Parser[2];
     bool logger;
+    uint32_t logger_bits;   /**< registered loggers for this proto */
 
     void *(*StateAlloc)(void);
     void (*StateFree)(void *);
@@ -453,6 +454,15 @@ void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto,
     SCReturn;
 }
 
+void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits)
+{
+    SCEnter();
+
+    alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger_bits = bits;
+
+    SCReturn;
+}
+
 void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
 {
     SCEnter();

diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h
index 29a7df70ca603d74bae9cf52a4ad0639556b0eaa..0a439058d691b37faef26f2b443c7fbef1c26e0d 100644 (file)
--- a/src/app-layer-parser.h
+++ b/src/app-layer-parser.h
@@ -141,6 +141,7 @@ void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto,
                          int (*StateGetTxLogged)(void *, void *, uint32_t),
                          void (*StateSetTxLogged)(void *, void *, uint32_t));
 void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto);
+void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits);
 void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto,
                              void (*Truncate)(void *, uint8_t));
 void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto,

diff --git a/src/runmodes.c b/src/runmodes.c
index 79e5f4d7e0384febb8aafab9f0a3f45b0cf3d70d..2abf9dd97bc3d2e9cbeea83ec58e1b1329a444cf 100644 (file)
--- a/src/runmodes.c
+++ b/src/runmodes.c
@@ -26,6 +26,7 @@
 #include "detect.h"
 #include "detect-engine.h"
 #include "detect-engine-mpm.h"
+#include "app-layer-parser.h"
 #include "tm-threads.h"
 #include "util-debug.h"
 #include "util-time.h"
@@ -454,6 +455,7 @@ static void RunOutputFreeList(void)
 
 static int file_logger_count = 0;
 static int filedata_logger_count = 0;
+static LoggerId logger_bits[ALPROTO_MAX];
 
 int RunModeOutputFileEnabled(void)
 {
@@ -548,6 +550,7 @@ static void SetupOutput(const char *name, OutputModule *module, OutputCtx *outpu
                 module->ts_log_progress, module->TxLogCondition,
                 module->ThreadInit, module->ThreadDeinit,
                 module->ThreadExitPrintStats);
+        logger_bits[module->alproto] |= (1<<module->logger_id);
     } else if (module->FiledataLogFunc) {
         SCLogDebug("%s is a filedata logger", module->name);
         OutputRegisterFiledataLogger(module->logger_id, module->name,
@@ -681,6 +684,8 @@ void RunModeInitializeOutputs(void)
     char tls_log_enabled = 0;
     char tls_store_present = 0;
 
+    memset(&logger_bits, 0, sizeof(logger_bits));
+
     TAILQ_FOREACH(output, &outputs->head, next) {
 
         output_config = ConfNodeLookupChild(output, output->val);
@@ -821,6 +826,25 @@ void RunModeInitializeOutputs(void)
         }
     }
 
+    /* register the logger bits to the app-layer */
+    int a;
+    for (a = 0; a < ALPROTO_MAX; a++) {
+        if (logger_bits[a] == 0)
+            continue;
+
+        const int tcp = AppLayerParserProtocolHasLogger(IPPROTO_TCP, a);
+        const int udp = AppLayerParserProtocolHasLogger(IPPROTO_UDP, a);
+
+        SCLogDebug("logger for %s: %s %s", AppProtoToString(a),
+                tcp ? "true" : "false", udp ? "true" : "false");
+
+        SCLogDebug("logger bits for %s: %08x", AppProtoToString(a), logger_bits[a]);
+        if (tcp)
+            AppLayerParserRegisterLoggerBits(IPPROTO_TCP, a, logger_bits[a]);
+        if (udp)
+            AppLayerParserRegisterLoggerBits(IPPROTO_UDP, a, logger_bits[a]);
+
+    }
 }
 
 float threading_detect_ratio = 1;