From: Jeff Lucovsky Date: Tue, 14 May 2019 23:58:47 +0000 (-0700) Subject: app-layer/logging: protocol parser updates X-Git-Tag: suricata-5.0.0-rc1~272 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7b934f83f0da14a17bfe34b52f3b7d4b754283e;p=thirdparty%2Fsuricata.git app-layer/logging: protocol parser updates --- diff --git a/src/app-layer-dnp3.c b/src/app-layer-dnp3.c index 723f2706de..b1cf55f4d4 100644 --- a/src/app-layer-dnp3.c +++ b/src/app-layer-dnp3.c @@ -1519,6 +1519,24 @@ static int DNP3StateGetEventInfo(const char *event_name, int *event_id, return 0; } +/** + * \brief App-layer support. + */ +static int DNP3StateGetEventInfoById(int event_id, const char **event_name, + AppLayerEventType *event_type) +{ + *event_name = SCMapEnumValueToName(event_id, dnp3_decoder_event_table); + if (*event_name == NULL) { + SCLogError(SC_ERR_INVALID_ENUM_MAP, "Event \"%d\" not present in " + "the DNP3 enum event map table.", event_id); + return -1; + } + + *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; + + return 0; +} + /** * \brief App-layer support. */ @@ -1654,6 +1672,8 @@ void RegisterDNP3Parsers(void) AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_DNP3, DNP3StateGetEventInfo); + AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_DNP3, + DNP3StateGetEventInfoById); AppLayerParserRegisterLoggerFuncs(IPPROTO_TCP, ALPROTO_DNP3, DNP3GetTxLogged, DNP3SetTxLogged); diff --git a/src/app-layer-dns-common.c b/src/app-layer-dns-common.c index 2c35e2fd89..01b20ba7c9 100644 --- a/src/app-layer-dns-common.c +++ b/src/app-layer-dns-common.c @@ -52,6 +52,22 @@ int DNSStateGetEventInfo(const char *event_name, return 0; } +int DNSStateGetEventInfoById(int event_id, const char **event_name, + AppLayerEventType *event_type) +{ + *event_name = SCMapEnumValueToName(event_id, dns_decoder_event_table); + if (*event_name == NULL) { + SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in " + "dns's enum map table.", event_id); + /* this should be treated as fatal */ + return -1; + } + + *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; + + return 0; +} + void DNSAppLayerRegisterGetEventInfo(uint8_t ipproto, AppProto alproto) { AppLayerParserRegisterGetEventInfo(ipproto, alproto, DNSStateGetEventInfo); @@ -59,6 +75,13 @@ void DNSAppLayerRegisterGetEventInfo(uint8_t ipproto, AppProto alproto) return; } +void DNSAppLayerRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto) +{ + AppLayerParserRegisterGetEventInfoById(ipproto, alproto, DNSStateGetEventInfoById); + + return; +} + void DNSCreateTypeString(uint16_t type, char *str, size_t str_size) { switch (type) { diff --git a/src/app-layer-dns-common.h b/src/app-layer-dns-common.h index c016ba79e1..f5087ca3e3 100644 --- a/src/app-layer-dns-common.h +++ b/src/app-layer-dns-common.h @@ -136,7 +136,10 @@ typedef struct DNSHeader_ { int DNSStateGetEventInfo(const char *event_name, int *event_id, AppLayerEventType *event_type); +int DNSStateGetEventInfoById(int event_id, const char **event_name, + AppLayerEventType *event_type); void DNSAppLayerRegisterGetEventInfo(uint8_t ipproto, AppProto alproto); +void DNSAppLayerRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto); void DNSCreateTypeString(uint16_t type, char *str, size_t str_size); void DNSCreateRcodeString(uint8_t rcode, char *str, size_t str_size); diff --git a/src/app-layer-enip.c b/src/app-layer-enip.c index 6a377f2f28..c4d27b4ea7 100644 --- a/src/app-layer-enip.c +++ b/src/app-layer-enip.c @@ -144,6 +144,22 @@ static int ENIPStateGetEventInfo(const char *event_name, int *event_id, AppLayer return 0; } +static int ENIPStateGetEventInfoById(int event_id, const char **event_name, + AppLayerEventType *event_type) +{ + *event_name = SCMapEnumValueToName(event_id, enip_decoder_event_table); + if (*event_name == NULL) { + SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in " + "enip's enum map table.", event_id); + /* yes this is fatal */ + return -1; + } + + *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; + + return 0; +} + /** \brief Allocate enip state * * return state @@ -441,6 +457,7 @@ void RegisterENIPUDPParsers(void) AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_ENIP, ENIPGetAlstateProgressCompletionStatus); AppLayerParserRegisterGetEventInfo(IPPROTO_UDP, ALPROTO_ENIP, ENIPStateGetEventInfo); + AppLayerParserRegisterGetEventInfoById(IPPROTO_UDP, ALPROTO_ENIP, ENIPStateGetEventInfoById); AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_UDP, ALPROTO_ENIP, STREAM_TOSERVER | STREAM_TOCLIENT); diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index a8a79e0317..6c75c0e6d9 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -2892,6 +2892,22 @@ static int HTPStateGetEventInfo(const char *event_name, return 0; } +static int HTPStateGetEventInfoById(int event_id, const char **event_name, + AppLayerEventType *event_type) +{ + *event_name = SCMapEnumValueToName(event_id, http_decoder_event_table); + if (*event_name == NULL) { + SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in " + "http's enum map table.", event_id); + /* this should be treated as fatal */ + return -1; + } + + *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; + + return 0; +} + static void HTPStateTruncate(void *state, uint8_t direction) { FileContainer *fc = HTPStateGetFiles(state, direction); @@ -3037,6 +3053,7 @@ void RegisterHTPParsers(void) HTPStateGetAlstateProgressCompletionStatus); AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_HTTP, HTPGetEvents); AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_HTTP, HTPStateGetEventInfo); + AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_HTTP, HTPStateGetEventInfoById); AppLayerParserRegisterTruncateFunc(IPPROTO_TCP, ALPROTO_HTTP, HTPStateTruncate); AppLayerParserRegisterDetectStateFuncs(IPPROTO_TCP, ALPROTO_HTTP, diff --git a/src/app-layer-modbus.c b/src/app-layer-modbus.c index 8e660de2c0..3a5d9276f8 100644 --- a/src/app-layer-modbus.c +++ b/src/app-layer-modbus.c @@ -186,6 +186,23 @@ static int ModbusStateGetEventInfo(const char *event_name, int *event_id, AppLay return 0; } +static int ModbusStateGetEventInfoById(int event_id, const char **event_name, + AppLayerEventType *event_type) +{ + *event_name = SCMapEnumValueToName(event_id, modbus_decoder_event_table); + + if (*event_name == NULL) { + SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in " + "modbus's enum map table.", event_id); + /* yes this is fatal */ + return -1; + } + + *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; + + return 0; +} + static void ModbusSetEvent(ModbusState *modbus, uint8_t e) { if (modbus && modbus->curr) { @@ -1538,6 +1555,7 @@ void RegisterModbusParsers(void) ModbusGetAlstateProgressCompletionStatus); AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_MODBUS, ModbusStateGetEventInfo); + AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_MODBUS, ModbusStateGetEventInfoById); AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_MODBUS, STREAM_TOSERVER); diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index a8cf94b93a..f7525b24f8 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -1569,6 +1569,22 @@ static int SMTPStateGetEventInfo(const char *event_name, return 0; } +static int SMTPStateGetEventInfoById(int event_id, const char **event_name, + AppLayerEventType *event_type) +{ + *event_name = SCMapEnumValueToName(event_id, smtp_decoder_event_table); + if (*event_name == NULL) { + SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in " + "smtp's enum map table.", event_id); + /* yes this is fatal */ + return -1; + } + + *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; + + return 0; +} + static int SMTPRegisterPatternsForProtocolDetection(void) { if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_SMTP, @@ -1759,6 +1775,7 @@ void RegisterSMTPParsers(void) SMTPParseServerRecord); AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateGetEventInfo); + AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateGetEventInfoById); AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPGetEvents); AppLayerParserRegisterDetectStateFuncs(IPPROTO_TCP, ALPROTO_SMTP, SMTPGetTxDetectState, SMTPSetTxDetectState); diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index ae7aa46e90..03fa785c65 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -2669,6 +2669,22 @@ static int SSLStateGetEventInfo(const char *event_name, return 0; } +static int SSLStateGetEventInfoById(int event_id, const char **event_name, + AppLayerEventType *event_type) +{ + *event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table); + if (*event_name == NULL) { + SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in " + "ssl's enum map table.", event_id); + /* yes this is fatal */ + return -1; + } + + *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; + + return 0; +} + static int SSLRegisterPatternsForProtocolDetection(void) { if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, @@ -2855,6 +2871,7 @@ void RegisterSSLParsers(void) SSLParseServerRecord); AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfo); + AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfoById); AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TLS, SSLStateAlloc, SSLStateFree);