From: Victor Julien Date: Sat, 6 Jun 2020 17:02:28 +0000 (+0200) Subject: detect/config: set config for special cases X-Git-Tag: suricata-6.0.0-beta1~158 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac3cf6ff75a3e5be39867bba1830076ac43e9f50;p=thirdparty%2Fsuricata.git detect/config: set config for special cases Allow app-layer to declare the txs are uni-directional and special care is needed for applying config. --- diff --git a/rust/src/applayer.rs b/rust/src/applayer.rs index 9ea23a3db7..8c9bc521ae 100644 --- a/rust/src/applayer.rs +++ b/rust/src/applayer.rs @@ -297,6 +297,7 @@ pub const APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD : u8 = 0b100; pub const APP_LAYER_PARSER_BYPASS_READY : u8 = 0b1000; pub const APP_LAYER_PARSER_OPT_ACCEPT_GAPS: u32 = BIT_U32!(0); +pub const APP_LAYER_PARSER_OPT_UNIDIR_TXS: u32 = BIT_U32!(1); pub type AppLayerGetTxIteratorFn = extern "C" fn (ipproto: u8, alproto: AppProto, diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index e0fa1ce125..eed5864048 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -989,6 +989,8 @@ pub unsafe extern "C" fn rs_dns_udp_register_parser() { if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 { let _ = AppLayerRegisterParser(&parser, alproto); } + AppLayerParserRegisterOptionFlags(IPPROTO_UDP as u8, ALPROTO_DNS, + crate::applayer::APP_LAYER_PARSER_OPT_UNIDIR_TXS); } } @@ -1034,6 +1036,8 @@ pub unsafe extern "C" fn rs_dns_tcp_register_parser() { } AppLayerParserRegisterOptionFlags(IPPROTO_TCP as u8, ALPROTO_DNS, crate::applayer::APP_LAYER_PARSER_OPT_ACCEPT_GAPS); + AppLayerParserRegisterOptionFlags(IPPROTO_TCP as u8, ALPROTO_DNS, + crate::applayer::APP_LAYER_PARSER_OPT_UNIDIR_TXS); } } diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index badc85c1a3..22636d6fc1 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -387,6 +387,12 @@ void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto, SCReturn; } +uint32_t AppLayerParserGetOptionFlags(uint8_t protomap, AppProto alproto) +{ + SCEnter(); + SCReturnUInt(alp_ctx.ctxs[protomap][alproto].option_flags); +} + void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void), void (*StateFree)(void *)) diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index e8f00f5691..85623d3a4e 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -41,6 +41,7 @@ /* Flags for AppLayerParserProtoCtx. */ #define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) +#define APP_LAYER_PARSER_OPT_UNIDIR_TXS BIT_U32(1) #define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) @@ -192,6 +193,7 @@ void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto, /***** Get and transaction functions *****/ +uint32_t AppLayerParserGetOptionFlags(uint8_t protomap, AppProto alproto); AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto, const AppProto alproto); diff --git a/src/detect-config.c b/src/detect-config.c index 315cacb7cf..37d0d7a1aa 100644 --- a/src/detect-config.c +++ b/src/detect-config.c @@ -95,6 +95,16 @@ static void ConfigApplyTx(Flow *f, } else { SCLogDebug("no tx data"); } + + if (AppLayerParserGetOptionFlags(f->protomap, f->alproto) & + APP_LAYER_PARSER_OPT_UNIDIR_TXS) { + SCLogDebug("handle unidir tx"); + AppLayerTxConfig req; + memset(&req, 0, sizeof(req)); + req.log_flags = BIT_U8(config->type); + AppLayerParserApplyTxConfig(f->proto, f->alproto, f->alstate, tx, + CONFIG_ACTION_SET, req); + } } else { SCLogDebug("no tx"); }