detect/config: set config for special cases

Allow app-layer to declare the txs are uni-directional and special
care is needed for applying config.

diff --git a/rust/src/applayer.rs b/rust/src/applayer.rs
index 9ea23a3db7413b68f1440804f66465e3c19ff208..8c9bc521aebe1b74462886b7e9381b7ac51afaf2 100644 (file)
--- a/rust/src/applayer.rs
+++ b/rust/src/applayer.rs
@@ -297,6 +297,7 @@ pub const APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD : u8 = 0b100;
 pub const APP_LAYER_PARSER_BYPASS_READY : u8 = 0b1000;
 
 pub const APP_LAYER_PARSER_OPT_ACCEPT_GAPS: u32 = BIT_U32!(0);
+pub const APP_LAYER_PARSER_OPT_UNIDIR_TXS: u32 = BIT_U32!(1);
 
 pub type AppLayerGetTxIteratorFn = extern "C" fn (ipproto: u8,
                                                   alproto: AppProto,

diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs
index e0fa1ce1255fcb74a0a20e678bed5063c0f79421..eed58640485e3cead6f946cbbf64c8c7b14edece 100644 (file)
--- a/rust/src/dns/dns.rs
+++ b/rust/src/dns/dns.rs
@@ -989,6 +989,8 @@ pub unsafe extern "C" fn rs_dns_udp_register_parser() {
         if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
             let _ = AppLayerRegisterParser(&parser, alproto);
         }
+        AppLayerParserRegisterOptionFlags(IPPROTO_UDP as u8, ALPROTO_DNS,
+            crate::applayer::APP_LAYER_PARSER_OPT_UNIDIR_TXS);
     }
 }
 
@@ -1034,6 +1036,8 @@ pub unsafe extern "C" fn rs_dns_tcp_register_parser() {
         }
         AppLayerParserRegisterOptionFlags(IPPROTO_TCP as u8, ALPROTO_DNS,
             crate::applayer::APP_LAYER_PARSER_OPT_ACCEPT_GAPS);
+        AppLayerParserRegisterOptionFlags(IPPROTO_TCP as u8, ALPROTO_DNS,
+            crate::applayer::APP_LAYER_PARSER_OPT_UNIDIR_TXS);
     }
 }
 

diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index badc85c1a3b8154aa2009013ece0a298fdc65dca..22636d6fc146eb49580a360feaef45ec51ced77b 100644 (file)
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -387,6 +387,12 @@ void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto,
     SCReturn;
 }
 
+uint32_t AppLayerParserGetOptionFlags(uint8_t protomap, AppProto alproto)
+{
+    SCEnter();
+    SCReturnUInt(alp_ctx.ctxs[protomap][alproto].option_flags);
+}
+
 void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto,
                            void *(*StateAlloc)(void),
                            void (*StateFree)(void *))

diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h
index e8f00f5691d3655fd29da0d1e76a68f09ee599fa..85623d3a4e230293604b6ae773fb51c01115e3b8 100644 (file)
--- a/src/app-layer-parser.h
+++ b/src/app-layer-parser.h
@@ -41,6 +41,7 @@
 
 /* Flags for AppLayerParserProtoCtx. */
 #define APP_LAYER_PARSER_OPT_ACCEPT_GAPS        BIT_U32(0)
+#define APP_LAYER_PARSER_OPT_UNIDIR_TXS         BIT_U32(1)
 
 #define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET   BIT_U32(0)
 
@@ -192,6 +193,7 @@ void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto,
 
 /***** Get and transaction functions *****/
 
+uint32_t AppLayerParserGetOptionFlags(uint8_t protomap, AppProto alproto);
 AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto,
          const AppProto alproto);
 

diff --git a/src/detect-config.c b/src/detect-config.c
index 315cacb7cf123a7570b6f3466515d60fe662741b..37d0d7a1aa8168e3421fd534dd577c73d5f5173c 100644 (file)
--- a/src/detect-config.c
+++ b/src/detect-config.c
@@ -95,6 +95,16 @@ static void ConfigApplyTx(Flow *f,
         } else {
             SCLogDebug("no tx data");
         }
+
+        if (AppLayerParserGetOptionFlags(f->protomap, f->alproto) &
+                APP_LAYER_PARSER_OPT_UNIDIR_TXS) {
+            SCLogDebug("handle unidir tx");
+            AppLayerTxConfig req;
+            memset(&req, 0, sizeof(req));
+            req.log_flags = BIT_U8(config->type);
+            AppLayerParserApplyTxConfig(f->proto, f->alproto, f->alstate, tx,
+                    CONFIG_ACTION_SET, req);
+        }
     } else {
         SCLogDebug("no tx");
     }