dcerpc/udp: add missing tx support

diff --git a/src/app-layer-dcerpc-udp.c b/src/app-layer-dcerpc-udp.c
index ba2861055bc24fe84f8348ca3c42911dc81b3a59..6eaf40affe0b6c77c2641d1a5ddb6cd44dfe9e84 100644 (file)
--- a/src/app-layer-dcerpc-udp.c
+++ b/src/app-layer-dcerpc-udp.c
@@ -819,9 +819,62 @@ static void DCERPCUDPStateFree(void *s)
         sstate->dcerpc.dcerpcresponse.stub_data_buffer = NULL;
         sstate->dcerpc.dcerpcresponse.stub_data_buffer_len = 0;
     }
+
+    if (sstate->de_state != NULL) {
+        DetectEngineStateFree(sstate->de_state);
+    }
+
     SCFree(s);
 }
 
+static int DCERPCUDPStateHasTxDetectState(void *state)
+{
+    DCERPCUDPState *dce_state = (DCERPCUDPState *)state;
+    if (dce_state->de_state)
+        return 1;
+    return 0;
+}
+
+static int DCERPCUDPSetTxDetectState(void *state, void *vtx, DetectEngineState *de_state)
+{
+    DCERPCUDPState *dce_state = (DCERPCUDPState *)state;
+    dce_state->de_state = de_state;
+    return 0;
+}
+
+static DetectEngineState *DCERPCUDPGetTxDetectState(void *vtx)
+{
+    DCERPCUDPState *dce_state = (DCERPCUDPState *)vtx;
+    return dce_state->de_state;
+}
+
+static void DCERPCUDPStateTransactionFree(void *state, uint64_t tx_id)
+{
+    /* do nothing */
+}
+
+static void *DCERPCUDPGetTx(void *state, uint64_t tx_id)
+{
+    DCERPCUDPState *dce_state = (DCERPCUDPState *)state;
+    return dce_state;
+}
+
+static uint64_t DCERPCUDPGetTxCnt(void *state)
+{
+    /* single tx */
+    return 1;
+}
+
+static int DCERPCUDPGetAlstateProgressCompletionStatus(uint8_t direction)
+{
+    return 1;
+}
+
+static int DCERPCUDPGetAlstateProgress(void *tx, uint8_t direction)
+{
+    return 0;
+}
+
 static int DCERPCUDPRegisterPatternsForProtocolDetection(void)
 {
     if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_DCERPC,
@@ -855,6 +908,20 @@ void RegisterDCERPCUDPParsers(void)
         AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPStateAlloc,
             DCERPCUDPStateFree);
         AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_UDP, ALPROTO_DCERPC, STREAM_TOSERVER);
+
+        AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPStateTransactionFree);
+
+        AppLayerParserRegisterDetectStateFuncs(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPStateHasTxDetectState,
+                                               DCERPCUDPGetTxDetectState, DCERPCUDPSetTxDetectState);
+
+        AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPGetTx);
+
+        AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPGetTxCnt);
+
+        AppLayerParserRegisterGetStateProgressFunc(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPGetAlstateProgress);
+
+        AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_DCERPC,
+                                                               DCERPCUDPGetAlstateProgressCompletionStatus);
     } else {
         SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
             "still on.", "dcerpc");
@@ -1072,6 +1139,7 @@ static int DCERPCUDPParserTest01(void)
     f.protoctx = (void *)&ssn;
     f.proto = IPPROTO_UDP;
     f.protomap = FlowGetProtoMapping(f.proto);
+    f.alproto = ALPROTO_DCERPC;
 
     StreamTcpInitConfig(TRUE);
 

diff --git a/src/app-layer-dcerpc-udp.h b/src/app-layer-dcerpc-udp.h
index c9054d6d4ecb0d622092352e2b0bc15c0072c8a3..c8b7b6816c2df311d8f41a1e3dce96cb9c929335 100644 (file)
--- a/src/app-layer-dcerpc-udp.h
+++ b/src/app-layer-dcerpc-udp.h
@@ -21,6 +21,7 @@ typedef struct DCERPCUDPState_ {
     uint8_t *frag_data;
     DCERPCUuidEntry *uuid_entry;
     TAILQ_HEAD(, DCERPCUuidEntry_) uuid_list;
+    DetectEngineState *de_state;
 } DCERPCUDPState;
 
 void RegisterDCERPCUDPParsers(void);