From: Mats Klepsland Date: Wed, 4 May 2016 09:03:57 +0000 (+0200) Subject: tx: add functions for logging X-Git-Tag: suricata-3.1RC1~167 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f3599323e4ff649fa9e5a033df87361e05dc643b;p=thirdparty%2Fsuricata.git tx: add functions for logging Add function AppLayerParserRegisterLoggerFuncs for registering a callback function for checking if a specific logger has logged a transaction, and a callback function for specifying that it has. Also add functions AppLayerParserGetTxLogged and AppLayerParserSetTxLogged to invoke these callback functions. --- diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index f3985625e4..018214cc07 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -107,6 +107,9 @@ typedef struct AppLayerParserProtoCtx_ int (*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type); + int (*StateGetTxLogged)(void *alstate, void *tx, uint32_t logger); + void (*StateSetTxLogged)(void *alstate, void *tx, uint32_t logger); + int (*StateHasTxDetectState)(void *alstate); DetectEngineState *(*GetTxDetectState)(void *tx); int (*SetTxDetectState)(void *alstate, void *tx, DetectEngineState *); @@ -386,6 +389,21 @@ void AppLayerParserRegisterHasEventsFunc(uint8_t ipproto, AppProto alproto, SCReturn; } +void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto, + int (*StateGetTxLogged)(void *, void *, uint32_t), + void (*StateSetTxLogged)(void *, void *, uint32_t)) +{ + SCEnter(); + + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTxLogged = + StateGetTxLogged; + + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateSetTxLogged = + StateSetTxLogged; + + SCReturn; +} + void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto) { SCEnter(); @@ -518,6 +536,35 @@ void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto a SCReturn; } +void AppLayerParserSetTxLogged(uint8_t ipproto, AppProto alproto, + void *alstate, void *tx, uint32_t logger) +{ + SCEnter(); + + if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateSetTxLogged != NULL) { + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateSetTxLogged(alstate, tx, logger); + } + + SCReturn; +} + +int AppLayerParserGetTxLogged(uint8_t ipproto, AppProto alproto, + void *alstate, void *tx, uint32_t logger) +{ + SCEnter(); + + uint8_t r = 0; + if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateGetTxLogged != NULL) { + r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateGetTxLogged(alstate, tx, logger); + } + + SCReturnInt(r); +} + uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate) { SCEnter(); diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index a5eb374706..7a319510c6 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -125,6 +125,9 @@ void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto proto, AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t)); void AppLayerParserRegisterHasEventsFunc(uint8_t ipproto, AppProto alproto, int (*StateHasEvents)(void *)); +void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto, + int (*StateGetTxLogged)(void *, void *, uint32_t), + void (*StateSetTxLogged)(void *, void *, uint32_t)); void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto); void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto, void (*Truncate)(void *, uint8_t)); @@ -155,6 +158,10 @@ void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto a uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate); void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate); +void AppLayerParserSetTxLogged(uint8_t ipproto, AppProto alproto, void *alstate, + void *tx, uint32_t logger); +int AppLayerParserGetTxLogged(uint8_t ipproto, AppProto alproto, void *alstate, + void *tx, uint32_t logger); uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction); void AppLayerParserSetTransactionInspectId(AppLayerParserState *pstate, const uint8_t ipproto, const AppProto alproto, void *alstate,