From: Jason Ish Date: Tue, 26 Nov 2019 22:18:51 +0000 (-0600) Subject: dcerpc: add tx detect flags X-Git-Tag: suricata-5.0.1~66 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cb62c8dacffd787795c2f30b12b05342ab70d37c;p=thirdparty%2Fsuricata.git dcerpc: add tx detect flags --- diff --git a/src/app-layer-dcerpc.c b/src/app-layer-dcerpc.c index 7bae7f470d..c78ad6c05e 100644 --- a/src/app-layer-dcerpc.c +++ b/src/app-layer-dcerpc.c @@ -2039,6 +2039,26 @@ static int DCERPCGetAlstateProgress(void *tx, uint8_t direction) return 0; } +static void DCERPCSetTxDetectFlags(void *vtx, uint8_t dir, uint64_t flags) +{ + DCERPCState *dcerpc_state = (DCERPCState *)vtx; + if (dir & STREAM_TOSERVER) { + dcerpc_state->detect_flags_ts = flags; + } else { + dcerpc_state->detect_flags_tc = flags; + } +} + +static uint64_t DCERPCGetTxDetectFlags(void *vtx, uint8_t dir) +{ + DCERPCState *dcerpc_state = (DCERPCState *)vtx; + if (dir & STREAM_TOSERVER) { + return dcerpc_state->detect_flags_ts; + } else { + return dcerpc_state->detect_flags_tc; + } +} + static int DCERPCRegisterPatternsForProtocolDetection(void) { if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_DCERPC, @@ -2092,6 +2112,8 @@ void RegisterDCERPCParsers(void) AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_DCERPC, DCERPCGetAlstateProgressCompletionStatus); + AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_TCP, ALPROTO_DCERPC, + DCERPCGetTxDetectFlags, DCERPCSetTxDetectFlags); } else { SCLogInfo("Parsed disabled for %s protocol. Protocol detection" "still on.", proto_name); diff --git a/src/app-layer-dcerpc.h b/src/app-layer-dcerpc.h index 5a8410c761..b52bf4b72d 100644 --- a/src/app-layer-dcerpc.h +++ b/src/app-layer-dcerpc.h @@ -35,6 +35,8 @@ typedef struct DCERPCState_ { DCERPC dcerpc; uint8_t data_needed_for_dir; DetectEngineState *de_state; + uint64_t detect_flags_ts; + uint64_t detect_flags_tc; } DCERPCState; void DCERPCInit(DCERPC *dcerpc);