if (RunmodeIsUnittests()) {
AppLayerProtoDetectPPRegister(IPPROTO_TCP, DNP3_DEFAULT_PORT,
ALPROTO_DNP3, 0, sizeof(DNP3LinkHeader), STREAM_TOSERVER,
- DNP3ProbingParser, NULL);
+ DNP3ProbingParser, DNP3ProbingParser);
}
else {
if (!AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
proto_name, ALPROTO_DNP3, 0, sizeof(DNP3LinkHeader),
- DNP3ProbingParser, NULL)) {
+ DNP3ProbingParser, DNP3ProbingParser)) {
#ifndef AFLFUZZ_APPLAYER
return;
#endif
}
/**
- * \brief Probe the input to see if it looks like template.
+ * \brief Probe the input to server to see if it looks like template.
*
- * \retval ALPROTO_TEMPLATE if it looks like template, otherwise
- * ALPROTO_UNKNOWN.
+ * \retval ALPROTO_TEMPLATE if it looks like template,
+ * ALPROTO_FAILED, if it is clearly not ALPROTO_TEMPLATE,
+ * otherwise ALPROTO_UNKNOWN.
*/
-static AppProto TemplateProbingParser(Flow *f, uint8_t direction,
+static AppProto TemplateProbingParserTs(Flow *f, uint8_t direction,
+ uint8_t *input, uint32_t input_len, uint8_t *rdir)
+{
+ /* Very simple test - if there is input, this is template. */
+ if (input_len >= TEMPLATE_MIN_FRAME_LEN) {
+ SCLogNotice("Detected as ALPROTO_TEMPLATE.");
+ return ALPROTO_TEMPLATE;
+ }
+
+ SCLogNotice("Protocol not detected as ALPROTO_TEMPLATE.");
+ return ALPROTO_UNKNOWN;
+}
+
+/**
+ * \brief Probe the input to client to see if it looks like template.
+ * TemplateProbingParserTs can be used instead if the protocol
+ * is symmetric.
+ *
+ * \retval ALPROTO_TEMPLATE if it looks like template,
+ * ALPROTO_FAILED, if it is clearly not ALPROTO_TEMPLATE,
+ * otherwise ALPROTO_UNKNOWN.
+ */
+static AppProto TemplateProbingParserTc(Flow *f, uint8_t direction,
uint8_t *input, uint32_t input_len, uint8_t *rdir)
{
/* Very simple test - if there is input, this is template. */
SCLogNotice("Unittest mode, registeringd default configuration.");
AppLayerProtoDetectPPRegister(IPPROTO_TCP, TEMPLATE_DEFAULT_PORT,
ALPROTO_TEMPLATE, 0, TEMPLATE_MIN_FRAME_LEN, STREAM_TOSERVER,
- TemplateProbingParser, NULL);
+ TemplateProbingParserTs, TemplateProbingParserTc);
}
else {
if (!AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
proto_name, ALPROTO_TEMPLATE, 0, TEMPLATE_MIN_FRAME_LEN,
- TemplateProbingParser, NULL)) {
+ TemplateProbingParserTs, TemplateProbingParserTc)) {
SCLogNotice("No template app-layer configuration, enabling echo"
" detection TCP detection on port %s.",
TEMPLATE_DEFAULT_PORT);
AppLayerProtoDetectPPRegister(IPPROTO_TCP,
TEMPLATE_DEFAULT_PORT, ALPROTO_TEMPLATE, 0,
TEMPLATE_MIN_FRAME_LEN, STREAM_TOSERVER,
- TemplateProbingParser, NULL);
+ TemplateProbingParserTs, TemplateProbingParserTc);
}
}
AppLayerProtoDetectPPRegister(IPPROTO_UDP, TFTP_DEFAULT_PORT,
ALPROTO_TFTP, 0, TFTP_MIN_FRAME_LEN,
STREAM_TOSERVER, TFTPProbingParser,
- NULL);
+ TFTPProbingParser);
} else {
if (!AppLayerProtoDetectPPParseConfPorts("udp", IPPROTO_UDP,
proto_name, ALPROTO_TFTP,
0, TFTP_MIN_FRAME_LEN,
- TFTPProbingParser, NULL)) {
+ TFTPProbingParser, TFTPProbingParser)) {
SCLogDebug("No echo app-layer configuration, enabling echo"
" detection UDP detection on port %s.",
TFTP_DEFAULT_PORT);
TFTP_DEFAULT_PORT, ALPROTO_TFTP,
0, TFTP_MIN_FRAME_LEN,
STREAM_TOSERVER,TFTPProbingParser,
- NULL);
+ TFTPProbingParser);
}
}
} else {
projects / thirdparty / suricata.git / commitdiff
