pub const APP_LAYER_PARSER_TRUNC_TC : u16 = BIT_U16!(8);
pub const APP_LAYER_PARSER_OPT_ACCEPT_GAPS: u32 = BIT_U32!(0);
-pub const APP_LAYER_PARSER_OPT_UNIDIR_TXS: u32 = BIT_U32!(1);
pub const APP_LAYER_TX_SKIP_INSPECT_FLAG: u64 = BIT_U64!(62);
get_tx_data: rs_bittorrent_dht_get_tx_data,
get_state_data: rs_bittorrent_dht_get_state_data,
apply_tx_config: None,
- flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
+ flags: 0,
truncate: None,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_tx_data: rs_dcerpc_udp_get_tx_data,
get_state_data: rs_dcerpc_udp_get_state_data,
apply_tx_config: None,
- flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
+ flags: 0,
truncate: None,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_tx_data : rs_dhcp_get_tx_data,
get_state_data : rs_dhcp_get_state_data,
apply_tx_config : None,
- flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
+ flags : 0,
truncate : None,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_tx_data: rs_dns_state_get_tx_data,
get_state_data: rs_dns_get_state_data,
apply_tx_config: Some(rs_dns_apply_tx_config),
- flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
+ flags: 0,
truncate: None,
get_frame_id_by_name: Some(DnsFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(DnsFrameType::ffi_name_from_id),
get_tx_data: rs_dns_state_get_tx_data,
get_state_data: rs_dns_get_state_data,
apply_tx_config: Some(rs_dns_apply_tx_config),
- flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS | APP_LAYER_PARSER_OPT_UNIDIR_TXS,
+ flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
truncate: None,
get_frame_id_by_name: Some(DnsFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(DnsFrameType::ffi_name_from_id),
get_tx_data: rs_ike_get_tx_data,
get_state_data: rs_ike_get_state_data,
apply_tx_config: None,
- flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
+ flags: 0,
truncate: None,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_tx_data : rs_krb5_get_tx_data,
get_state_data : rs_krb5_get_state_data,
apply_tx_config : None,
- flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
+ flags : 0,
truncate : None,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_tx_data: rs_mqtt_get_tx_data,
get_state_data: rs_mqtt_get_state_data,
apply_tx_config: None,
- flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
+ flags: 0,
truncate: None,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_tx_data : rs_ntp_get_tx_data,
get_state_data : rs_ntp_get_state_data,
apply_tx_config : None,
- flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
+ flags : 0,
truncate : None,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_tx_data: rs_quic_get_tx_data,
get_state_data: rs_quic_get_state_data,
apply_tx_config: None,
- flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
+ flags: 0,
truncate: None,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_tx_data: rs_rdp_get_tx_data,
get_state_data: rs_rdp_get_state_data,
apply_tx_config: None,
- flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
+ flags: 0,
truncate: None,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_tx_data: rs_sip_get_tx_data,
get_state_data: rs_sip_get_state_data,
apply_tx_config: None,
- flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
+ flags: 0,
truncate: None,
get_frame_id_by_name: Some(SIPFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(SIPFrameType::ffi_name_from_id),
get_tx_data : rs_snmp_get_tx_data,
get_state_data : rs_snmp_get_state_data,
apply_tx_config : None,
- flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
+ flags : 0,
truncate : None,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_DNP3,
DNP3GetTxData);
AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_DNP3, DNP3GetStateData);
-
- AppLayerParserRegisterOptionFlags(
- IPPROTO_TCP, ALPROTO_DNP3, APP_LAYER_PARSER_OPT_UNIDIR_TXS);
}
else {
SCLogConfig("Parser disabled for protocol %s. "
AppLayerParserRegisterGetEventInfo(IPPROTO_UDP, ALPROTO_ENIP, ENIPStateGetEventInfo);
AppLayerParserRegisterGetEventInfoById(IPPROTO_UDP, ALPROTO_ENIP, ENIPStateGetEventInfoById);
- AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_UDP,
- ALPROTO_ENIP, STREAM_TOSERVER | STREAM_TOCLIENT);
- AppLayerParserRegisterOptionFlags(
- IPPROTO_UDP, ALPROTO_ENIP, APP_LAYER_PARSER_OPT_UNIDIR_TXS);
+ AppLayerParserRegisterParserAcceptableDataDirection(
+ IPPROTO_UDP, ALPROTO_ENIP, STREAM_TOSERVER | STREAM_TOCLIENT);
} else
{
SCLogInfo(
AppLayerParserRegisterOptionFlags(IPPROTO_TCP, ALPROTO_ENIP,
APP_LAYER_PARSER_OPT_ACCEPT_GAPS);
- AppLayerParserRegisterOptionFlags(
- IPPROTO_TCP, ALPROTO_ENIP, APP_LAYER_PARSER_OPT_UNIDIR_TXS);
+ AppLayerParserRegisterOptionFlags(IPPROTO_TCP, ALPROTO_ENIP, 0);
} else
{
SCLogConfig("Parser disabled for %s protocol. Protocol detection still on.",
SCReturnCT(pstate->inspect_id[(direction & STREAM_TOSERVER) ? 0 : 1], "uint64_t");
}
-static inline uint64_t GetTxDetectFlags(AppLayerTxData *txd, const uint8_t dir)
+inline uint64_t AppLayerParserGetTxDetectFlags(AppLayerTxData *txd, const uint8_t dir)
{
uint64_t detect_flags =
(dir & STREAM_TOSERVER) ? txd->detect_flags_ts : txd->detect_flags_tc;
AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
if (txd && tag_txs_as_inspected) {
- uint64_t detect_flags = GetTxDetectFlags(txd, flags);
+ uint64_t detect_flags = AppLayerParserGetTxDetectFlags(txd, flags);
if ((detect_flags & APP_LAYER_TX_INSPECTED_FLAG) == 0) {
detect_flags |= APP_LAYER_TX_INSPECTED_FLAG;
SetTxDetectFlags(txd, flags, detect_flags);
/* txd can be NULL for HTTP sessions where the user data alloc failed */
AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
if (likely(txd)) {
- uint64_t detect_flags = GetTxDetectFlags(txd, flags);
+ uint64_t detect_flags = AppLayerParserGetTxDetectFlags(txd, flags);
if ((detect_flags & APP_LAYER_TX_INSPECTED_FLAG) == 0) {
detect_flags |= APP_LAYER_TX_INSPECTED_FLAG;
SetTxDetectFlags(txd, flags, detect_flags);
uint64_t new_min = min;
SCLogDebug("start min %"PRIu64, min);
bool skipped = false;
- const bool is_unidir =
- AppLayerParserGetOptionFlags(f->protomap, f->alproto) & APP_LAYER_PARSER_OPT_UNIDIR_TXS;
// const bool support_files = AppLayerParserSupportsFiles(f->proto, f->alproto);
while (1) {
goto next;
}
- bool inspected = false;
if (txd && has_tx_detect_flags) {
if (!IS_DISRUPTED(ts_disrupt_flags) && f->sgh_toserver != NULL) {
- uint64_t detect_flags_ts = GetTxDetectFlags(txd, STREAM_TOSERVER);
- if (!(detect_flags_ts & APP_LAYER_TX_INSPECTED_FLAG)) {
- SCLogDebug("%p/%"PRIu64" skipping: TS inspect not done: ts:%"PRIx64,
- tx, i, detect_flags_ts);
+ uint64_t detect_flags_ts = AppLayerParserGetTxDetectFlags(txd, STREAM_TOSERVER);
+ if (!(detect_flags_ts &
+ (APP_LAYER_TX_INSPECTED_FLAG | APP_LAYER_TX_SKIP_INSPECT_FLAG))) {
+ SCLogDebug("%p/%" PRIu64 " skipping: TS inspect not done: ts:%" PRIx64, tx, i,
+ detect_flags_ts);
tx_skipped = true;
- } else {
- inspected = true;
}
}
if (!IS_DISRUPTED(tc_disrupt_flags) && f->sgh_toclient != NULL) {
- uint64_t detect_flags_tc = GetTxDetectFlags(txd, STREAM_TOCLIENT);
- if (!(detect_flags_tc & APP_LAYER_TX_INSPECTED_FLAG)) {
- SCLogDebug("%p/%"PRIu64" skipping: TC inspect not done: tc:%"PRIx64,
- tx, i, detect_flags_tc);
+ uint64_t detect_flags_tc = AppLayerParserGetTxDetectFlags(txd, STREAM_TOCLIENT);
+ if (!(detect_flags_tc &
+ (APP_LAYER_TX_INSPECTED_FLAG | APP_LAYER_TX_SKIP_INSPECT_FLAG))) {
+ SCLogDebug("%p/%" PRIu64 " skipping: TC inspect not done: ts:%" PRIx64, tx, i,
+ detect_flags_tc);
tx_skipped = true;
- } else {
- inspected = true;
}
}
}
- // If not a unidirectional transaction both sides are required to have
- // been inspected.
- if (!is_unidir && tx_skipped) {
- SCLogDebug("%p/%" PRIu64 " !is_unidir && tx_skipped", tx, i);
- skipped = true;
- goto next;
- }
-
- // If this is a unidirectional transaction require only one side to be
- // inspected, which the inspected flag tells us. This is also guarded
- // with skip to limit this check to transactions that actually had the
- // tx inspected flag checked.
- if (is_unidir && tx_skipped && !inspected) {
- SCLogDebug("%p/%" PRIu64 " is_unidir && tx_skipped && !inspected", tx, i);
+ if (tx_skipped) {
+ SCLogDebug("%p/%" PRIu64 " tx_skipped", tx, i);
skipped = true;
goto next;
}
#define APP_LAYER_PARSER_SFRAME_TC BIT_U16(10)
/* Flags for AppLayerParserProtoCtx. */
-#define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0)
-#define APP_LAYER_PARSER_OPT_UNIDIR_TXS BIT_U32(1)
+#define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0)
#define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0)
int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto);
AppLayerTxData *AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx);
+uint64_t AppLayerParserGetTxDetectFlags(AppLayerTxData *txd, const uint8_t dir);
AppLayerStateData *AppLayerParserGetStateData(uint8_t ipproto, AppProto alproto, void *state);
void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto,
void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig);
if (txd) {
SCLogDebug("tx %p txd %p: log_flags %x", tx, txd, txd->config.log_flags);
txd->config.log_flags |= BIT_U8(config->type);
+
+ uint64_t unidir = ((AppLayerParserGetTxDetectFlags(txd, STREAM_TOSERVER) |
+ AppLayerParserGetTxDetectFlags(txd, STREAM_TOCLIENT)) &
+ APP_LAYER_TX_SKIP_INSPECT_FLAG) != 0;
+ if (unidir) {
+ SCLogDebug("handle unidir tx");
+ AppLayerTxConfig req;
+ memset(&req, 0, sizeof(req));
+ req.log_flags = BIT_U8(config->type);
+ AppLayerParserApplyTxConfig(
+ f->proto, f->alproto, f->alstate, tx, CONFIG_ACTION_SET, req);
+ }
} else {
SCLogDebug("no tx data");
}
-
- if (AppLayerParserGetOptionFlags(f->protomap, f->alproto) &
- APP_LAYER_PARSER_OPT_UNIDIR_TXS) {
- SCLogDebug("handle unidir tx");
- AppLayerTxConfig req;
- memset(&req, 0, sizeof(req));
- req.log_flags = BIT_U8(config->type);
- AppLayerParserApplyTxConfig(f->proto, f->alproto, f->alstate, tx,
- CONFIG_ACTION_SET, req);
- }
} else {
SCLogDebug("no tx");
}
projects / thirdparty / suricata.git / commitdiff
