app-layer: configurable GetActiveTxId function

In preparation of a patchset that will allow for disabling the detect
module, this patch introduces a way to register a function for getting
the lowest active tx id. This is used by the app layer for cleaning up
transactions that already fully inspected, and by the flow timeout code
to determine if a flow is fully inspected and logged at timeout.

The registration function RegisterAppLayerGetActiveTxIdFunc allows for
registration of a custom function of type:
  uint64_t (*GetActiveTxIdFunc)(Flow *f, uint8_t flags);

If no function is called, AppLayerTransactionGetActiveDetectLog is used,
which implements the existing behaviour of considering both the
inspect_id's and the log_id.

diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index 1532fd6a732c6539aea1b4191ca05ca57dd6f196..a25acfaa81a745ac81da33a197c8f2859915e1f2 100644 (file)
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -68,6 +68,8 @@
 
 #include "runmodes.h"
 
+static GetActiveTxIdFunc AppLayerGetActiveTxIdFuncPtr = NULL;
+
 struct AppLayerParserThreadCtx_ {
     void *alproto_local_storage[FLOW_PROTO_MAX][ALPROTO_MAX];
 };
@@ -168,6 +170,11 @@ int AppLayerParserSetup(void)
 
     memset(&alp_ctx, 0, sizeof(alp_ctx));
 
+    /* set the default tx handler if none was set explicitly */
+    if (AppLayerGetActiveTxIdFuncPtr == NULL) {
+        RegisterAppLayerGetActiveTxIdFunc(AppLayerTransactionGetActiveDetectLog);
+    }
+
     SCReturnInt(0);
 }
 
@@ -592,12 +599,10 @@ FileContainer *AppLayerParserGetFiles(uint8_t ipproto, AppProto alproto,
     SCReturnPtr(ptr, "FileContainer *");
 }
 
-/**
- *  \brief Get 'active' tx id, meaning the lowest id that still need work.
+/** \brief active TX retrieval for normal ops: so with detection and logging
  *
- *  \retval id tx id
- */
-static uint64_t AppLayerTransactionGetActive(Flow *f, uint8_t flags) {
+ *  \retval tx_id lowest tx_id that still needs work */
+uint64_t AppLayerTransactionGetActiveDetectLog(Flow *f, uint8_t flags) {
     AppLayerParserProtoCtx *p = &alp_ctx.ctxs[FlowGetProtoMapping(f->proto)][f->alproto];
     uint64_t log_id = f->alparser->log_id;
     uint64_t inspect_id = f->alparser->inspect_id[flags & STREAM_TOSERVER ? 0 : 1];
@@ -608,6 +613,22 @@ static uint64_t AppLayerTransactionGetActive(Flow *f, uint8_t flags) {
     }
 }
 
+void RegisterAppLayerGetActiveTxIdFunc(GetActiveTxIdFunc FuncPtr) {
+    BUG_ON(AppLayerGetActiveTxIdFuncPtr != NULL);
+    AppLayerGetActiveTxIdFuncPtr = FuncPtr;
+}
+
+/**
+ *  \brief Get 'active' tx id, meaning the lowest id that still need work.
+ *
+ *  \retval id tx id
+ */
+static uint64_t AppLayerTransactionGetActive(Flow *f, uint8_t flags) {
+    BUG_ON(AppLayerGetActiveTxIdFuncPtr == NULL);
+
+    return AppLayerGetActiveTxIdFuncPtr(f, flags);
+}
+
 #ifndef MIN
 #define MIN(a, b) (((a) < (b)) ? (a) : (b))
 #endif
@@ -661,7 +682,6 @@ int AppLayerParserGetStateProgressCompletionStatus(uint8_t ipproto, AppProto alp
     SCEnter();
     SCReturnInt(alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
                 StateGetProgressCompletionStatus(direction));
-
 }
 
 int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name,

diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h
index 99eb54f5bccb366b4ca5ec518a6678e1722aa265..1028bcfe037cdc2d2f22c63cc9035f8e31756cb9 100644 (file)
--- a/src/app-layer-parser.h
+++ b/src/app-layer-parser.h
@@ -32,6 +32,28 @@
 #define APP_LAYER_PARSER_NO_INSPECTION  0x02
 #define APP_LAYER_PARSER_NO_REASSEMBLY  0x04
 
+
+
+/***** transaction handling *****/
+
+/** \brief Function ptr type for getting active TxId from a flow
+ *  Used by AppLayerTransactionGetActive.
+ */
+typedef uint64_t (*GetActiveTxIdFunc)(Flow *f, uint8_t flags);
+
+/** \brief Register GetActiveTxId Function
+ *
+ */
+void RegisterAppLayerGetActiveTxIdFunc(GetActiveTxIdFunc FuncPtr);
+
+/** \brief active TX retrieval for normal ops: so with detection and logging
+ *
+ *  \retval tx_id lowest tx_id that still needs work
+ *
+ *  This is the default function.
+ */
+uint64_t AppLayerTransactionGetActiveDetectLog(Flow *f, uint8_t flags);
+
 int AppLayerParserSetup(void);
 
 int AppLayerParserDeSetup(void);