app-layer-parser: flag a tx to use stream depth

This adds a new API that permit to set the stream-depth
file for file-storing when a rule with filestore keyword is matched.

diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index 78b5fa0549a983b0f56674f57a185ef479999840..8fc629c56e9d41de1833232db7ec64cd3d1e2078 100644 (file)
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -125,6 +125,8 @@ typedef struct AppLayerParserProtoCtx_
     uint64_t (*GetTxDetectFlags)(void *tx, uint8_t dir);
     void (*SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t);
 
+    void (*SetStreamDepthFlag)(void *tx, uint8_t flags);
+
     /* each app-layer has its own value */
     uint32_t stream_depth;
 
@@ -609,6 +611,16 @@ void AppLayerParserRegisterMpmIDsFuncs(uint8_t ipproto, AppProto alproto,
     SCReturn;
 }
 
+void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto,
+        void (*SetStreamDepthFlag)(void *tx, uint8_t flags))
+{
+    SCEnter();
+
+    alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag = SetStreamDepthFlag;
+
+    SCReturn;
+}
+
 /***** Get and transaction functions *****/
 
 void *AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto)
@@ -1374,6 +1386,20 @@ uint32_t AppLayerParserGetStreamDepth(const Flow *f)
     SCReturnInt(alp_ctx.ctxs[f->protomap][f->alproto].stream_depth);
 }
 
+void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags)
+{
+    SCEnter();
+    void *tx = NULL;
+    if (state != NULL) {
+        if ((tx = AppLayerParserGetTx(ipproto, alproto, state, tx_id)) != NULL) {
+            if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag != NULL) {
+                alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag(tx, flags);
+            }
+        }
+    }
+    SCReturn;
+}
+
 /***** Cleanup *****/
 
 void AppLayerParserStateCleanup(const Flow *f, void *alstate,

diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h
index 23cfd36d28155730f9d61c2d1a6a947f0dd098f7..492e3e5ea5d586a6171a345af4a681c23f404328 100644 (file)
--- a/src/app-layer-parser.h
+++ b/src/app-layer-parser.h
@@ -176,6 +176,8 @@ void AppLayerParserRegisterMpmIDsFuncs(uint8_t ipproto, AppProto alproto,
 void AppLayerParserRegisterDetectFlagsFuncs(uint8_t ipproto, AppProto alproto,
         uint64_t(*GetTxDetectFlags)(void *tx, uint8_t dir),
         void (*SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t));
+void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto,
+        void (*SetStreamDepthFlag)(void *tx, uint8_t flags));
 
 /***** Get and transaction functions *****/
 
@@ -239,6 +241,7 @@ LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto);
 void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction);
 void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth);
 uint32_t AppLayerParserGetStreamDepth(const Flow *f);
+void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags);
 
 /***** Cleanup *****/
 

diff --git a/src/detect-filestore.c b/src/detect-filestore.c
index 9667d52ca6b18258bfb8ab889136b6a271c3d0af..a4bdc249d2bf8a33a6571c8e9a51881282d2a53b 100644 (file)
--- a/src/detect-filestore.c
+++ b/src/detect-filestore.c
@@ -218,6 +218,13 @@ static int DetectFilestorePostMatch(DetectEngineThreadCtx *det_ctx,
     else
         flags |= STREAM_TOSERVER;
 
+    for (uint16_t u = 0; u < det_ctx->filestore_cnt; u++) {
+        AppLayerParserSetStreamDepthFlag(p->flow->proto, p->flow->alproto,
+                                         FlowGetAppState(p->flow),
+                                         det_ctx->filestore[u].tx_id,
+                                         flags);
+    }
+
     FileContainer *ffc = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto,
                                                 p->flow->alstate, flags);