From: Victor Julien Date: Thu, 15 Jun 2017 09:29:55 +0000 (+0200) Subject: dcerpc/udp: add missing tx support X-Git-Tag: suricata-4.0.0-rc1~60 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d090cd2edf0ce1adb9e9a7e827c9c465168c1432;p=thirdparty%2Fsuricata.git dcerpc/udp: add missing tx support --- diff --git a/src/app-layer-dcerpc-udp.c b/src/app-layer-dcerpc-udp.c index ba2861055b..6eaf40affe 100644 --- a/src/app-layer-dcerpc-udp.c +++ b/src/app-layer-dcerpc-udp.c @@ -819,9 +819,62 @@ static void DCERPCUDPStateFree(void *s) sstate->dcerpc.dcerpcresponse.stub_data_buffer = NULL; sstate->dcerpc.dcerpcresponse.stub_data_buffer_len = 0; } + + if (sstate->de_state != NULL) { + DetectEngineStateFree(sstate->de_state); + } + SCFree(s); } +static int DCERPCUDPStateHasTxDetectState(void *state) +{ + DCERPCUDPState *dce_state = (DCERPCUDPState *)state; + if (dce_state->de_state) + return 1; + return 0; +} + +static int DCERPCUDPSetTxDetectState(void *state, void *vtx, DetectEngineState *de_state) +{ + DCERPCUDPState *dce_state = (DCERPCUDPState *)state; + dce_state->de_state = de_state; + return 0; +} + +static DetectEngineState *DCERPCUDPGetTxDetectState(void *vtx) +{ + DCERPCUDPState *dce_state = (DCERPCUDPState *)vtx; + return dce_state->de_state; +} + +static void DCERPCUDPStateTransactionFree(void *state, uint64_t tx_id) +{ + /* do nothing */ +} + +static void *DCERPCUDPGetTx(void *state, uint64_t tx_id) +{ + DCERPCUDPState *dce_state = (DCERPCUDPState *)state; + return dce_state; +} + +static uint64_t DCERPCUDPGetTxCnt(void *state) +{ + /* single tx */ + return 1; +} + +static int DCERPCUDPGetAlstateProgressCompletionStatus(uint8_t direction) +{ + return 1; +} + +static int DCERPCUDPGetAlstateProgress(void *tx, uint8_t direction) +{ + return 0; +} + static int DCERPCUDPRegisterPatternsForProtocolDetection(void) { if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_DCERPC, @@ -855,6 +908,20 @@ void RegisterDCERPCUDPParsers(void) AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPStateAlloc, DCERPCUDPStateFree); AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_UDP, ALPROTO_DCERPC, STREAM_TOSERVER); + + AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPStateTransactionFree); + + AppLayerParserRegisterDetectStateFuncs(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPStateHasTxDetectState, + DCERPCUDPGetTxDetectState, DCERPCUDPSetTxDetectState); + + AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPGetTx); + + AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPGetTxCnt); + + AppLayerParserRegisterGetStateProgressFunc(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPGetAlstateProgress); + + AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_DCERPC, + DCERPCUDPGetAlstateProgressCompletionStatus); } else { SCLogInfo("Parsed disabled for %s protocol. Protocol detection" "still on.", "dcerpc"); @@ -1072,6 +1139,7 @@ static int DCERPCUDPParserTest01(void) f.protoctx = (void *)&ssn; f.proto = IPPROTO_UDP; f.protomap = FlowGetProtoMapping(f.proto); + f.alproto = ALPROTO_DCERPC; StreamTcpInitConfig(TRUE); diff --git a/src/app-layer-dcerpc-udp.h b/src/app-layer-dcerpc-udp.h index c9054d6d4e..c8b7b6816c 100644 --- a/src/app-layer-dcerpc-udp.h +++ b/src/app-layer-dcerpc-udp.h @@ -21,6 +21,7 @@ typedef struct DCERPCUDPState_ { uint8_t *frag_data; DCERPCUuidEntry *uuid_entry; TAILQ_HEAD(, DCERPCUuidEntry_) uuid_list; + DetectEngineState *de_state; } DCERPCUDPState; void RegisterDCERPCUDPParsers(void);