From: Anoop Saldanha Date: Tue, 8 Oct 2013 15:22:06 +0000 (+0530) Subject: Inside PP parser, we were using the return value from DetectPortParse as X-Git-Tag: suricata-2.0beta2~230 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=87edd2ade9e84423b77308a369c32fd4b693806e;p=thirdparty%2Fsuricata.git Inside PP parser, we were using the return value from DetectPortParse as the ip_proto value, which is wrong. We have fixed this now. --- diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 5e8842b499..9e9bf16ebd 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -1663,6 +1663,8 @@ void AppLayerParseProbingParserPorts(const char *al_proto_name, uint16_t al_prot ProbingParserFPtr ProbingParser) { char param[100]; + uint8_t ip_proto; + DetectProto dp; int r; ConfNode *node; ConfNode *proto_node = NULL; @@ -1685,11 +1687,24 @@ void AppLayerParseProbingParserPorts(const char *al_proto_name, uint16_t al_prot /* for each proto */ TAILQ_FOREACH(proto_node, &node->head, next) { - DetectProto dp; - int ip_proto = DetectProtoParse(&dp, proto_node->name); - if (ip_proto < 0) { + memset(&dp, 0, sizeof(dp)); + r = DetectProtoParse(&dp, proto_node->name); + if (r < 0) { + SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for " + "%s.%s. Accepted values are tcp, udp and sctp", + param, proto_node->name); + exit(EXIT_FAILURE); + } + if (dp.proto[IPPROTO_TCP / 8] & (1 << (IPPROTO_TCP % 8))) { + ip_proto = IPPROTO_TCP; + } else if (dp.proto[IPPROTO_UDP / 8] & (1 << (IPPROTO_UDP % 8))) { + ip_proto = IPPROTO_UDP; + } else if (dp.proto[IPPROTO_SCTP / 8] & (1 << (IPPROTO_SCTP % 8))) { + ip_proto = IPPROTO_SCTP; + } else { SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for " - "%s.%s", param, proto_node->name); + "%s.%s. Accepted values are tcp, udp and sctp", + param, proto_node->name); exit(EXIT_FAILURE); }