stream/app layer: add Truncate app layer callback that is called if stream depth...

diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c
index 37230b6bd31fd504bba70cd78b780b5e7452258a..a7d21623692c0639d9a592516deb035e8d8c86c6 100644 (file)
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@@ -2440,6 +2440,13 @@ static FileContainer *HTPStateGetFiles(void *state, uint8_t direction) {
     }
 }
 
+static void HTPStateTruncate(void *state, uint8_t flags) {
+    FileContainer *fc = HTPStateGetFiles(state, flags);
+    if (fc != NULL) {
+        FileTruncateAllOpenFiles(fc);
+    }
+}
+
 /**
  *  \brief  Register the HTTP protocol and state handling functions to APP layer
  *          of the engine.
@@ -2472,6 +2479,8 @@ void RegisterHTPParsers(void)
 
     AppLayerDecoderEventsModuleRegister(ALPROTO_HTTP, http_decoder_event_table);
 
+    AppLayerRegisterTruncateFunc(ALPROTO_HTTP, HTPStateTruncate);
+
     AppLayerRegisterProto(proto_name, ALPROTO_HTTP, STREAM_TOSERVER,
                           HTPHandleRequestData);
     AppLayerRegisterProto(proto_name, ALPROTO_HTTP, STREAM_TOCLIENT,

diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index d4f2b8b0be8b424f6a3b5541196ca798a26a514e..be8f48504838893fe5b1374661d7f3daa9c8e763 100644 (file)
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -632,6 +632,19 @@ void AppLayerRegisterLocalStorageFunc(uint16_t proto,
     return;
 }
 
+void AppLayerRegisterTruncateFunc(uint16_t proto, void (*Truncate)(void *, uint8_t))
+{
+    al_proto_table[proto].Truncate = Truncate;
+
+    return;
+}
+
+void AppLayerStreamTruncated(uint16_t proto, void *state, uint8_t flags) {
+    if (al_proto_table[proto].Truncate != NULL) {
+        al_proto_table[proto].Truncate(state, flags);
+    }
+}
+
 void *AppLayerGetProtocolParserLocalStorage(uint16_t proto)
 {
     if (al_proto_table[proto].LocalStorageAlloc != NULL) {
@@ -966,6 +979,11 @@ int AppLayerParse(void *local_data, Flow *f, uint8_t proto,
         parser_state_store->id_flags |= APP_LAYER_TRANSACTION_EOF;
     }
 
+    /* stream truncated, inform app layer */
+    if (flags & STREAM_DEPTH) {
+        AppLayerStreamTruncated(proto, app_layer_state, flags);
+    }
+
     SCReturnInt(0);
 
 error:

diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h
index f156517cdf735d5ee1507cff934fea5376d5bdfe..6bda0ce0aface742e1a1bc855f509222fe83b48b 100644 (file)
--- a/src/app-layer-parser.h
+++ b/src/app-layer-parser.h
@@ -54,6 +54,9 @@ typedef struct AppLayerProto_ {
     void (*StateTransactionFree)(void *, uint16_t);
     void *(*LocalStorageAlloc)(void);
     void (*LocalStorageFree)(void *);
+
+    /** truncate state after a gap/depth event */
+    void (*Truncate)(void *, uint8_t);
     FileContainer *(*StateGetFiles)(void *, uint8_t);
 
 } AppLayerProto;
@@ -259,6 +262,7 @@ void AppLayerRegisterGetFilesFunc(uint16_t proto,
         FileContainer *(*StateGetFile)(void *, uint8_t));
 void AppLayerRegisterLogger(uint16_t proto);
 uint16_t AppLayerGetProtoByName(const char *);
+void AppLayerRegisterTruncateFunc(uint16_t proto, void (*Truncate)(void *, uint8_t));
 
 int AppLayerParse(void *, Flow *, uint8_t,
                   uint8_t, uint8_t *, uint32_t);

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index abea41caf2002d2080a93c78b7efb864f59a18cd..cebea4a6a69c94c42c25363298097b1a4a4199ed 100644 (file)
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -1656,6 +1656,9 @@ int StreamTcpReassembleHandleSegmentHandleData(ThreadVars *tv, TcpReassemblyThre
     } else { \
         flag |= STREAM_TOSERVER; \
     } \
+    if (stream->flags & STREAMTCP_STREAM_FLAG_DEPTH_REACHED) {    \
+        flag |= STREAM_DEPTH; \
+    } \
 }
 
 #define STREAM_SET_INLINE_FLAGS(ssn, stream, p, flag) { \
@@ -1671,6 +1674,9 @@ int StreamTcpReassembleHandleSegmentHandleData(ThreadVars *tv, TcpReassemblyThre
     } else { \
         flag |= STREAM_TOCLIENT; \
     } \
+    if (stream->flags & STREAMTCP_STREAM_FLAG_DEPTH_REACHED) {    \
+        flag |= STREAM_DEPTH; \
+    } \
 }
 
 static void StreamTcpSetupMsg(TcpSession *ssn, TcpStream *stream, Packet *p,

diff --git a/src/stream.h b/src/stream.h
index 024ecb2aef0cdcdc9a96b7b1a590989255f8e1ce..49b796c5aa7486e3be7b7b89f50e7fd7b0a293eb 100644 (file)
--- a/src/stream.h
+++ b/src/stream.h
@@ -30,7 +30,8 @@
 #define STREAM_EOF              0x02
 #define STREAM_TOSERVER         0x04
 #define STREAM_TOCLIENT         0x08
-#define STREAM_GAP              0x10
+#define STREAM_GAP              0x10    /* data gap encountered */
+#define STREAM_DEPTH            0x20    /* depth reached */
 
 /** size of the data chunks sent to the app layer parser. */
 #define MSG_DATA_SIZE       4024 /* 4096 - 72 (size of rest of the struct) */

diff --git a/src/util-file.c b/src/util-file.c
index dc25167b34d6132d3f2d99373ce8b47ba567d7dd..5486d8aa159ce0b495e0fb03def3ca7885416c08 100644 (file)
--- a/src/util-file.c
+++ b/src/util-file.c
@@ -853,3 +853,16 @@ void FileStoreAllFiles(FileContainer *fc) {
     }
 }
 
+void FileTruncateAllOpenFiles(FileContainer *fc) {
+    File *ptr = NULL;
+
+    SCEnter();
+
+    if (fc != NULL) {
+        for (ptr = fc->head; ptr != NULL; ptr = ptr->next) {
+            if (ptr->state == FILE_STATE_OPENED) {
+                FileCloseFilePtr(ptr, NULL, 0, FILE_TRUNCATED);
+            }
+        }
+    }
+}

diff --git a/src/util-file.h b/src/util-file.h
index b0858450e8ec0e0a7493bec80a8280a330804d58..e2d485c4acbac92d156861b643be6173d50b62c2 100644 (file)
--- a/src/util-file.h
+++ b/src/util-file.h
@@ -184,4 +184,6 @@ void FileStoreAllFiles(FileContainer *);
 void FileStoreAllFilesForTx(FileContainer *, uint16_t);
 void FileStoreFileById(FileContainer *fc, uint16_t);
 
+void FileTruncateAllOpenFiles(FileContainer *);
+
 #endif /* __UTIL_FILE_H__ */