DCERPCCleanup(&sstate->dcerpc);
+ if (sstate->de_state != NULL) {
+ DetectEngineStateFree(sstate->de_state);
+ }
+
SCFree(s);
}
+static int DCERPCStateHasTxDetectState(void *state)
+{
+ DCERPCState *dce_state = (DCERPCState *)state;
+ if (dce_state->de_state)
+ return 1;
+ return 0;
+}
+
+static int DCERPCSetTxDetectState(void *state, void *vtx, DetectEngineState *de_state)
+{
+ DCERPCState *dce_state = (DCERPCState *)state;
+ dce_state->de_state = de_state;
+ return 0;
+}
+
+static DetectEngineState *DCERPCGetTxDetectState(void *vtx)
+{
+ DCERPCState *dce_state = (DCERPCState *)vtx;
+ return dce_state->de_state;
+}
+
+static void DCERPCStateTransactionFree(void *state, uint64_t tx_id)
+{
+ /* do nothing */
+}
+
+static void *DCERPCGetTx(void *state, uint64_t tx_id)
+{
+ DCERPCState *dce_state = (DCERPCState *)state;
+ return dce_state;
+}
+
+static uint64_t DCERPCGetTxCnt(void *state)
+{
+ /* single tx */
+ return 1;
+}
+
+static int DCERPCGetAlstateProgressCompletionStatus(uint8_t direction)
+{
+ return 1;
+}
+
+static int DCERPCGetAlstateProgress(void *tx, uint8_t direction)
+{
+ return 0;
+}
+
static int DCERPCRegisterPatternsForProtocolDetection(void)
{
if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_DCERPC,
AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_DCERPC, DCERPCStateAlloc,
DCERPCStateFree);
AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_DCERPC, STREAM_TOSERVER);
+
+
+ AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_DCERPC, DCERPCStateTransactionFree);
+
+ AppLayerParserRegisterDetectStateFuncs(IPPROTO_TCP, ALPROTO_DCERPC, DCERPCStateHasTxDetectState,
+ DCERPCGetTxDetectState, DCERPCSetTxDetectState);
+
+ AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_DCERPC, DCERPCGetTx);
+
+ AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_DCERPC, DCERPCGetTxCnt);
+
+ AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_DCERPC, DCERPCGetAlstateProgress);
+
+ AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_DCERPC,
+ DCERPCGetAlstateProgressCompletionStatus);
} else {
SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
"still on.", proto_name);
typedef struct DCERPCState_ {
DCERPC dcerpc;
uint8_t data_needed_for_dir;
+ DetectEngineState *de_state;
} DCERPCState;
void DCERPCInit(DCERPC *dcerpc);
DCERPCCleanup(&sstate->ds.dcerpc);
+ if (sstate->ds.de_state) {
+ DetectEngineStateFree(sstate->ds.de_state);
+ }
+
SCFree(s);
SCReturn;
}
+static int SMBStateHasTxDetectState(void *state)
+{
+ SMBState *smb_state = (SMBState *)state;
+ if (smb_state->ds.de_state)
+ return 1;
+ return 0;
+}
+
+static int SMBSetTxDetectState(void *state, void *vtx, DetectEngineState *de_state)
+{
+ SMBState *smb_state = (SMBState *)state;
+ smb_state->ds.de_state = de_state;
+ return 0;
+}
+
+static DetectEngineState *SMBGetTxDetectState(void *vtx)
+{
+ SMBState *smb_state = (SMBState *)vtx;
+ return smb_state->ds.de_state;
+}
+
+static void SMBStateTransactionFree(void *state, uint64_t tx_id)
+{
+ /* do nothing */
+}
+
+static void *SMBGetTx(void *state, uint64_t tx_id)
+{
+ SMBState *smb_state = (SMBState *)state;
+ return smb_state;
+}
+
+static uint64_t SMBGetTxCnt(void *state)
+{
+ /* single tx */
+ return 1;
+}
+
+static int SMBGetAlstateProgressCompletionStatus(uint8_t direction)
+{
+ return 1;
+}
+
+static int SMBGetAlstateProgress(void *tx, uint8_t direction)
+{
+ return 0;
+}
+
#define SMB_PROBING_PARSER_MIN_DEPTH 8
static uint16_t SMBProbingParser(uint8_t *input, uint32_t ilen, uint32_t *offset)
AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_SMB, STREAM_TOSERVER, SMBParseRequest);
AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_SMB, STREAM_TOCLIENT, SMBParseResponse);
AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_SMB, SMBStateAlloc, SMBStateFree);
+
+ AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_SMB, SMBStateTransactionFree);
+
+ AppLayerParserRegisterDetectStateFuncs(IPPROTO_TCP, ALPROTO_SMB, SMBStateHasTxDetectState,
+ SMBGetTxDetectState, SMBSetTxDetectState);
+
+ AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_SMB, SMBGetTx);
+
+ AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_SMB, SMBGetTxCnt);
+
+ AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_SMB, SMBGetAlstateProgress);
+
+ AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_SMB,
+ SMBGetAlstateProgressCompletionStatus);
} else {
SCLogInfo("Parsed disabled for %s protocol. Protocol detection "
"still on.", proto_name);
*/
static int DetectDceStubDataTestParse03(void)
{
- int result = 0;
Signature *s = NULL;
ThreadVars th_v;
Packet *p = NULL;
StreamTcpInitConfig(TRUE);
de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL)
- goto end;
+ FAIL_IF(de_ctx == NULL);
de_ctx->flags |= DE_QUIET;
"(msg:\"DCERPC\"; "
"dce_stub_data; content:\"|42 42 42 42|\";"
"sid:1;)");
- if (s == NULL)
- goto end;
+ FAIL_IF(s == NULL);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- FLOWLOCK_WRLOCK(&f);
r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_DCERPC,
STREAM_TOSERVER | STREAM_START, dcerpc_request,
dcerpc_request_len);
- if (r != 0) {
- SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
- FLOWLOCK_UNLOCK(&f);
- goto end;
- }
- FLOWLOCK_UNLOCK(&f);
+ FAIL_IF(r != 0);
dcerpc_state = f.alstate;
- if (dcerpc_state == NULL) {
- SCLogDebug("no dcerpc state: ");
- goto end;
- }
+ FAIL_IF (dcerpc_state == NULL);
p->flowflags &=~ FLOW_PKT_TOCLIENT;
p->flowflags |= FLOW_PKT_TOSERVER;
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ FAIL_IF(!PacketAlertCheck(p, 1));
- if (!PacketAlertCheck(p, 1))
- goto end;
-
- result = 1;
-
- end:
if (alp_tctx != NULL)
AppLayerParserThreadCtxFree(alp_tctx);
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
-
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
-
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
UTHFreePackets(&p, 1);
- return result;
+ PASS;
}
static int DetectDceStubDataTestParse04(void)
if (next_tx_no_progress)
break;
} /* for */
-
+ }
/* DCERPC matches */
- } else if (s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL &&
+ if (s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL &&
(alproto == ALPROTO_DCERPC || alproto == ALPROTO_SMB ||
alproto == ALPROTO_SMB2))
{
projects / thirdparty / suricata.git / commitdiff
