From: Giuseppe Longo Date: Thu, 24 Jan 2019 22:22:11 +0000 (+0100) Subject: app-layer-parser: flag a tx to use stream depth X-Git-Tag: suricata-5.0.0-rc1~46 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed5a439b8e8680c74b8bec8873e1a126081b7fce;p=thirdparty%2Fsuricata.git app-layer-parser: flag a tx to use stream depth This adds a new API that permit to set the stream-depth file for file-storing when a rule with filestore keyword is matched. --- diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 78b5fa0549..8fc629c56e 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -125,6 +125,8 @@ typedef struct AppLayerParserProtoCtx_ uint64_t (*GetTxDetectFlags)(void *tx, uint8_t dir); void (*SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t); + void (*SetStreamDepthFlag)(void *tx, uint8_t flags); + /* each app-layer has its own value */ uint32_t stream_depth; @@ -609,6 +611,16 @@ void AppLayerParserRegisterMpmIDsFuncs(uint8_t ipproto, AppProto alproto, SCReturn; } +void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, + void (*SetStreamDepthFlag)(void *tx, uint8_t flags)) +{ + SCEnter(); + + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag = SetStreamDepthFlag; + + SCReturn; +} + /***** Get and transaction functions *****/ void *AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto) @@ -1374,6 +1386,20 @@ uint32_t AppLayerParserGetStreamDepth(const Flow *f) SCReturnInt(alp_ctx.ctxs[f->protomap][f->alproto].stream_depth); } +void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags) +{ + SCEnter(); + void *tx = NULL; + if (state != NULL) { + if ((tx = AppLayerParserGetTx(ipproto, alproto, state, tx_id)) != NULL) { + if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag != NULL) { + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag(tx, flags); + } + } + } + SCReturn; +} + /***** Cleanup *****/ void AppLayerParserStateCleanup(const Flow *f, void *alstate, diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index 23cfd36d28..492e3e5ea5 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -176,6 +176,8 @@ void AppLayerParserRegisterMpmIDsFuncs(uint8_t ipproto, AppProto alproto, void AppLayerParserRegisterDetectFlagsFuncs(uint8_t ipproto, AppProto alproto, uint64_t(*GetTxDetectFlags)(void *tx, uint8_t dir), void (*SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t)); +void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, + void (*SetStreamDepthFlag)(void *tx, uint8_t flags)); /***** Get and transaction functions *****/ @@ -239,6 +241,7 @@ LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto); void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction); void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth); uint32_t AppLayerParserGetStreamDepth(const Flow *f); +void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags); /***** Cleanup *****/ diff --git a/src/detect-filestore.c b/src/detect-filestore.c index 9667d52ca6..a4bdc249d2 100644 --- a/src/detect-filestore.c +++ b/src/detect-filestore.c @@ -218,6 +218,13 @@ static int DetectFilestorePostMatch(DetectEngineThreadCtx *det_ctx, else flags |= STREAM_TOSERVER; + for (uint16_t u = 0; u < det_ctx->filestore_cnt; u++) { + AppLayerParserSetStreamDepthFlag(p->flow->proto, p->flow->alproto, + FlowGetAppState(p->flow), + det_ctx->filestore[u].tx_id, + flags); + } + FileContainer *ffc = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto, p->flow->alstate, flags);