From: Victor Julien Date: Thu, 5 Oct 2017 19:07:41 +0000 (+0200) Subject: app-layer: register per proto logger bits X-Git-Tag: suricata-4.1.0-beta1~367 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=01724f04fab479b208534bc9e5fc9ea8b957f29b;p=thirdparty%2Fsuricata.git app-layer: register per proto logger bits Create a bitmap of the loggers per protocol. This is done at runtime based on the loggers that are enabled. Take the logger_id for each logger and store it as a bitmap in the app-layer protcol storage. Goal is to be able to use it as an expectation later. --- diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 3e5ba2436a..7cab8c4254 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -90,6 +90,7 @@ typedef struct AppLayerParserProtoCtx_ /* 0 - to_server, 1 - to_client. */ AppLayerParserFPtr Parser[2]; bool logger; + uint32_t logger_bits; /**< registered loggers for this proto */ void *(*StateAlloc)(void); void (*StateFree)(void *); @@ -453,6 +454,15 @@ void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto, SCReturn; } +void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits) +{ + SCEnter(); + + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger_bits = bits; + + SCReturn; +} + void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto) { SCEnter(); diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index 29a7df70ca..0a439058d6 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -141,6 +141,7 @@ void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto, int (*StateGetTxLogged)(void *, void *, uint32_t), void (*StateSetTxLogged)(void *, void *, uint32_t)); void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto); +void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits); void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto, void (*Truncate)(void *, uint8_t)); void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, diff --git a/src/runmodes.c b/src/runmodes.c index 79e5f4d7e0..2abf9dd97b 100644 --- a/src/runmodes.c +++ b/src/runmodes.c @@ -26,6 +26,7 @@ #include "detect.h" #include "detect-engine.h" #include "detect-engine-mpm.h" +#include "app-layer-parser.h" #include "tm-threads.h" #include "util-debug.h" #include "util-time.h" @@ -454,6 +455,7 @@ static void RunOutputFreeList(void) static int file_logger_count = 0; static int filedata_logger_count = 0; +static LoggerId logger_bits[ALPROTO_MAX]; int RunModeOutputFileEnabled(void) { @@ -548,6 +550,7 @@ static void SetupOutput(const char *name, OutputModule *module, OutputCtx *outpu module->ts_log_progress, module->TxLogCondition, module->ThreadInit, module->ThreadDeinit, module->ThreadExitPrintStats); + logger_bits[module->alproto] |= (1<logger_id); } else if (module->FiledataLogFunc) { SCLogDebug("%s is a filedata logger", module->name); OutputRegisterFiledataLogger(module->logger_id, module->name, @@ -681,6 +684,8 @@ void RunModeInitializeOutputs(void) char tls_log_enabled = 0; char tls_store_present = 0; + memset(&logger_bits, 0, sizeof(logger_bits)); + TAILQ_FOREACH(output, &outputs->head, next) { output_config = ConfNodeLookupChild(output, output->val); @@ -821,6 +826,25 @@ void RunModeInitializeOutputs(void) } } + /* register the logger bits to the app-layer */ + int a; + for (a = 0; a < ALPROTO_MAX; a++) { + if (logger_bits[a] == 0) + continue; + + const int tcp = AppLayerParserProtocolHasLogger(IPPROTO_TCP, a); + const int udp = AppLayerParserProtocolHasLogger(IPPROTO_UDP, a); + + SCLogDebug("logger for %s: %s %s", AppProtoToString(a), + tcp ? "true" : "false", udp ? "true" : "false"); + + SCLogDebug("logger bits for %s: %08x", AppProtoToString(a), logger_bits[a]); + if (tcp) + AppLayerParserRegisterLoggerBits(IPPROTO_TCP, a, logger_bits[a]); + if (udp) + AppLayerParserRegisterLoggerBits(IPPROTO_UDP, a, logger_bits[a]); + + } } float threading_detect_ratio = 1;