From: Victor Julien Date: Sun, 7 Jun 2020 14:30:58 +0000 (+0200) Subject: dcerpc: support AppLayerTxData X-Git-Tag: suricata-6.0.0-beta1~179 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3202d293252dd51eff9f718f2c54d6001ccadfbe;p=thirdparty%2Fsuricata.git dcerpc: support AppLayerTxData --- diff --git a/rust/src/dcerpc/dcerpc.rs b/rust/src/dcerpc/dcerpc.rs index e414be15a1..7bc8d4da47 100644 --- a/rust/src/dcerpc/dcerpc.rs +++ b/rust/src/dcerpc/dcerpc.rs @@ -17,7 +17,7 @@ use std::mem::transmute; -use crate::applayer::AppLayerResult; +use crate::applayer::{AppLayerResult, AppLayerTxData}; use crate::core; use crate::dcerpc::parser; use crate::log::*; @@ -248,9 +248,8 @@ pub struct DCERPCState { pub query_completed: bool, pub data_needed_for_dir: u8, pub prev_dir: u8, - pub detect_flags_ts: u64, - pub detect_flags_tc: u64, pub de_state: Option<*mut core::DetectEngineState>, + pub tx_data: AppLayerTxData, } impl DCERPCState { @@ -270,9 +269,8 @@ impl DCERPCState { query_completed: false, data_needed_for_dir: core::STREAM_TOSERVER, prev_dir: core::STREAM_TOSERVER, - detect_flags_ts: 0, - detect_flags_tc: 0, de_state: None, + tx_data: AppLayerTxData::new(), }; } @@ -937,26 +935,12 @@ pub extern "C" fn rs_dcerpc_get_alstate_progress_completion_status(_direction: u } #[no_mangle] -pub extern "C" fn rs_dcerpc_get_tx_detect_flags(vtx: *mut std::os::raw::c_void, dir: u8) -> u64 { - let state = cast_pointer!(vtx, DCERPCState); - if dir & core::STREAM_TOSERVER != 0 { - return state.detect_flags_ts; - } - state.detect_flags_tc -} - -#[no_mangle] -pub extern "C" fn rs_dcerpc_set_tx_detect_flags( - vtx: *mut std::os::raw::c_void, - dir: u8, - flags: u64, -) { - let state = cast_pointer!(vtx, DCERPCState); - if dir & core::STREAM_TOSERVER != 0 { - state.detect_flags_ts = flags; - } else { - state.detect_flags_tc = flags; - } +pub extern "C" fn rs_dcerpc_get_tx_data( + tx: *mut std::os::raw::c_void) + -> *mut AppLayerTxData +{ + let tx = cast_pointer!(tx, DCERPCState); + return &mut tx.tx_data; } #[no_mangle] diff --git a/src/app-layer-dcerpc.c b/src/app-layer-dcerpc.c index d8bca5e398..e9cffaca44 100644 --- a/src/app-layer-dcerpc.c +++ b/src/app-layer-dcerpc.c @@ -126,16 +126,6 @@ static int DCERPCGetAlstateProgress(void *tx, uint8_t direction) return rs_dcerpc_get_alstate_progress(tx, direction); } -static void DCERPCSetTxDetectFlags(void *vtx, uint8_t dir, uint64_t flags) -{ - return rs_dcerpc_set_tx_detect_flags(vtx, dir, flags); -} - -static uint64_t DCERPCGetTxDetectFlags(void *vtx, uint8_t dir) -{ - return rs_dcerpc_get_tx_detect_flags(vtx, dir); -} - static int DCERPCRegisterPatternsForProtocolDetection(void) { if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_DCERPC, @@ -182,6 +172,7 @@ void RegisterDCERPCParsers(void) DCERPCGetTxDetectState, DCERPCSetTxDetectState); AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_DCERPC, DCERPCGetTx); + AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_DCERPC, rs_dcerpc_get_tx_data); AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_DCERPC, DCERPCGetTxCnt); @@ -189,8 +180,6 @@ void RegisterDCERPCParsers(void) AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_DCERPC, DCERPCGetAlstateProgressCompletionStatus); - AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_TCP, ALPROTO_DCERPC, - DCERPCGetTxDetectFlags, DCERPCSetTxDetectFlags); } else { SCLogInfo("Parsed disabled for %s protocol. Protocol detection" "still on.", proto_name);