From: Anoop Saldanha Date: Tue, 24 Dec 2013 10:00:57 +0000 (+0530) Subject: App layer API rewritten. The main files in question are: X-Git-Tag: suricata-2.0rc1~266 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F745%2Fhead;p=thirdparty%2Fsuricata.git App layer API rewritten. The main files in question are: app-layer.[ch], app-layer-detect-proto.[ch] and app-layer-parser.[ch]. Things addressed in this commit: - Brings out a proper separation between protocol detection phase and the parser phase. - The dns app layer now is registered such that we don't use "dnstcp" and "dnsudp" in the rules. A user who previously wrote a rule like this - "alert dnstcp....." or "alert dnsudp....." would now have to use, alert dns (ipproto:tcp;) or alert udp (app-layer-protocol:dns;) or alert ip (ipproto:udp; app-layer-protocol:dns;) The same rules extend to other another such protocol, dcerpc. - The app layer parser api now takes in the ipproto while registering callbacks. - The app inspection/detection engine also takes an ipproto. - All app layer parser functions now take direction as STREAM_TOSERVER or STREAM_TOCLIENT, as opposed to 0 or 1, which was taken by some of the functions. - FlowInitialize() and FlowRecycle() now resets proto to 0. This is needed by unittests, which would try to clean the flow, and that would call the api, AppLayerParserCleanupParserState(), which would try to clean the app state, but the app layer now needs an ipproto to figure out which api to internally call to clean the state, and if the ipproto is 0, it would return without trying to clean the state. - A lot of unittests are now updated where if they are using a flow and they need to use the app layer, we would set a flow ipproto. - The "app-layer" section in the yaml conf has also been updated as well. --- diff --git a/src/alert-unified2-alert.c b/src/alert-unified2-alert.c index 6ea0e709e7..e8c56a8985 100644 --- a/src/alert-unified2-alert.c +++ b/src/alert-unified2-alert.c @@ -42,6 +42,8 @@ #include "alert-unified2-alert.h" #include "decode-ipv4.h" +#include "flow.h" + #include "host.h" #include "util-profiling.h" #include "decode.h" @@ -52,6 +54,7 @@ #include "util-byte.h" #include "util-misc.h" +#include "app-layer-parser.h" #include "app-layer-htp.h" #include "app-layer.h" @@ -322,18 +325,18 @@ static int GetXFFIPFromTx (Packet *p, uint64_t tx_id, char *xff_header, char *ds htp_tx_t *tx = NULL; uint64_t total_txs = 0; - htp_state = (HtpState *)AppLayerGetProtoStateFromPacket(p); + htp_state = (HtpState *)FlowGetAppState(p->flow); if (htp_state == NULL) { SCLogDebug("no http state, XFF IP cannot be retrieved"); return 0; } - total_txs = AppLayerGetTxCnt(ALPROTO_HTTP, htp_state); + total_txs = AppLayerParserGetTxCnt(p->flow->proto, ALPROTO_HTTP, htp_state); if (tx_id >= total_txs) return 0; - tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, tx_id); + tx = AppLayerParserGetTx(p->flow->proto, ALPROTO_HTTP, htp_state, tx_id); if (tx == NULL) { SCLogDebug("tx is NULL, XFF cannot be retrieved"); return 0; @@ -378,13 +381,13 @@ static int GetXFFIP (Packet *p, char *xff_header, char *dstbuf, int dstbuflen) uint64_t tx_id = 0; uint64_t total_txs = 0; - htp_state = (HtpState *)AppLayerGetProtoStateFromPacket(p); + htp_state = (HtpState *)FlowGetAppState(p->flow); if (htp_state == NULL) { SCLogDebug("no http state, XFF IP cannot be retrieved"); goto end; } - total_txs = AppLayerGetTxCnt(ALPROTO_HTTP, htp_state); + total_txs = AppLayerParserGetTxCnt(p->flow->proto, ALPROTO_HTTP, htp_state); for (; tx_id < total_txs; tx_id++) { if (GetXFFIPFromTx(p, tx_id, xff_header, dstbuf, dstbuflen) == 1) return 1; @@ -414,7 +417,7 @@ TmEcode Unified2Alert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq, Pa if ((aun->unified2alert_ctx->xff_mode & UNIFIED2_ALERT_XFF_OVERWRITE) && p->flow != NULL) { FLOWLOCK_RDLOCK(p->flow); - if (AppLayerGetProtoFromPacket(p) == ALPROTO_HTTP) { + if (FlowGetAppProtocol(p->flow) == ALPROTO_HTTP) { char buffer[UNIFIED2_ALERT_XFF_MAXLEN]; if (GetXFFIP(p, aun->unified2alert_ctx->xff_header, buffer, UNIFIED2_ALERT_XFF_MAXLEN) == 1) { @@ -970,7 +973,7 @@ int Unified2IPv6TypeAlert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq if ((aun->unified2alert_ctx->xff_mode & UNIFIED2_ALERT_XFF_EXTRADATA) && p->flow != NULL) { FLOWLOCK_RDLOCK(p->flow); - if (AppLayerGetProtoFromPacket(p) == ALPROTO_HTTP) { + if (FlowGetAppProtocol(p->flow) == ALPROTO_HTTP) { char buffer[UNIFIED2_ALERT_XFF_MAXLEN]; int have_xff_ip = 0; @@ -1146,7 +1149,7 @@ int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *p if ((aun->unified2alert_ctx->xff_mode & UNIFIED2_ALERT_XFF_EXTRADATA) && p->flow != NULL) { FLOWLOCK_RDLOCK(p->flow); - if (AppLayerGetProtoFromPacket(p) == ALPROTO_HTTP) { + if (FlowGetAppProtocol(p->flow) == ALPROTO_HTTP) { char buffer[UNIFIED2_ALERT_XFF_MAXLEN]; int have_xff_ip = 0; diff --git a/src/app-layer-dcerpc-udp.c b/src/app-layer-dcerpc-udp.c index 4d4eb36a5b..67d3b9905f 100644 --- a/src/app-layer-dcerpc-udp.c +++ b/src/app-layer-dcerpc-udp.c @@ -28,6 +28,7 @@ #include "app-layer-protos.h" #include "app-layer-parser.h" +#include "app-layer.h" #include "util-spm.h" #include "util-unittest.h" @@ -45,8 +46,8 @@ enum { }; static uint32_t FragmentDataParser(Flow *f, void *dcerpcudp_state, - AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - AppLayerParserResult *output) { + void *pstate, uint8_t *input, uint32_t input_len) +{ SCEnter(); DCERPCUDPState *sstate = (DCERPCUDPState *) dcerpcudp_state; uint8_t **stub_data_buffer = NULL; @@ -119,8 +120,8 @@ end: * fragmented packets. */ static int DCERPCUDPParseHeader(Flow *f, void *dcerpcudp_state, - AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - AppLayerParserResult *output) { + void *pstate, uint8_t *input, uint32_t input_len) +{ SCEnter(); uint8_t *p = input; DCERPCUDPState *sstate = (DCERPCUDPState *) dcerpcudp_state; @@ -701,9 +702,9 @@ static int DCERPCUDPParseHeader(Flow *f, void *dcerpcudp_state, } static int DCERPCUDPParse(Flow *f, void *dcerpc_state, - AppLayerParserState *pstate, + void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *local_data) { uint32_t retval = 0; uint32_t parsed = 0; @@ -713,7 +714,7 @@ static int DCERPCUDPParse(Flow *f, void *dcerpc_state, DCERPCUDPState *sstate = (DCERPCUDPState *) dcerpc_state; while (sstate->bytesprocessed < DCERPC_UDP_HDR_LEN && input_len) { hdrretval = DCERPCUDPParseHeader(f, dcerpc_state, pstate, input, - input_len, output); + input_len); if (hdrretval == -1 || hdrretval > (int32_t)input_len) { sstate->bytesprocessed = 0; SCReturnInt(hdrretval); @@ -743,7 +744,7 @@ static int DCERPCUDPParse(Flow *f, void *dcerpc_state, && sstate->bytesprocessed < sstate->dcerpc.dcerpchdrudp.fraglen && input_len) { retval = FragmentDataParser(f, dcerpc_state, pstate, input + parsed, - input_len, output); + input_len); if (retval || retval > input_len) { parsed += retval; input_len -= retval; @@ -761,8 +762,6 @@ static int DCERPCUDPParse(Flow *f, void *dcerpc_state, if (pstate == NULL) SCReturnInt(-1); - pstate->parse_field = 0; - SCReturnInt(1); } @@ -801,31 +800,44 @@ static void DCERPCUDPStateFree(void *s) { } } +static int DCERPCUDPRegisterPatternsForProtocolDetection(void) +{ + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_DCERPC, + "|04 00|", 2, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + + return 0; +} + void RegisterDCERPCUDPParsers(void) { - char *proto_name = "dcerpcudp"; + char *proto_name = "dcerpc"; - if (AppLayerProtoDetectionEnabled("dcerpc")) { - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_UDP, ALPROTO_DCERPC_UDP, "|04 00|", 2, 0, STREAM_TOSERVER); - AppLayerRegisterParserAcceptableDataDirection(ALPROTO_DCERPC_UDP, STREAM_TOSERVER); + if (AppLayerProtoDetectConfProtoDetectionEnabled("udp", proto_name)) { + AppLayerProtoDetectRegisterProtocol(ALPROTO_DCERPC, proto_name); + if (DCERPCUDPRegisterPatternsForProtocolDetection() < 0) + return; } else { SCLogInfo("Protocol detection and parser disabled for %s protocol.", "dcerpc"); return; } - if (AppLayerParserEnabled("dcerpc")) { - AppLayerRegisterProto(proto_name, ALPROTO_DCERPC_UDP, STREAM_TOSERVER, - DCERPCUDPParse); - AppLayerRegisterProto(proto_name, ALPROTO_DCERPC_UDP, STREAM_TOCLIENT, - DCERPCUDPParse); - AppLayerRegisterStateFuncs(ALPROTO_DCERPC_UDP, DCERPCUDPStateAlloc, - DCERPCUDPStateFree); + if (AppLayerParserConfParserEnabled("udp", "dcerpc")) { + AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_DCERPC, STREAM_TOSERVER, + DCERPCUDPParse); + AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_DCERPC, STREAM_TOCLIENT, + DCERPCUDPParse); + AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPStateAlloc, + DCERPCUDPStateFree); + AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_UDP, ALPROTO_DCERPC, STREAM_TOSERVER); } else { SCLogInfo("Parsed disabled for %s protocol. Protocol detection" "still on.", "dcerpc"); } #ifdef UNITTESTS - AppLayerParserRegisterUnittests(ALPROTO_DCERPC_UDP, DCERPCUDPParserRegisterTests); + AppLayerParserRegisterProtocolUnittests(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPParserRegisterTests); #endif return; @@ -1028,16 +1040,18 @@ int DCERPCUDPParserTest01(void) { TcpSession ssn; DCERPCUuidEntry *uuid_entry; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); - f.protoctx = (void *)&ssn; FLOW_INITIALIZE(&f); + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_UDP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_DCERPC_UDP, STREAM_TOSERVER|STREAM_START, dcerpcrequest, requestlen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcrequest, requestlen); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1077,6 +1091,8 @@ int DCERPCUDPParserTest01(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } diff --git a/src/app-layer-dcerpc.c b/src/app-layer-dcerpc.c index d799aa0352..c584bfbdc8 100644 --- a/src/app-layer-dcerpc.c +++ b/src/app-layer-dcerpc.c @@ -60,6 +60,7 @@ #include "app-layer-protos.h" #include "app-layer-parser.h" +#include "app-layer.h" #include "util-spm.h" #include "util-unittest.h" @@ -1890,9 +1891,9 @@ int32_t DCERPCParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_len) { } static int DCERPCParse(Flow *f, void *dcerpc_state, - AppLayerParserState *pstate, + void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output, int dir) { + void *local_data, int dir) { SCEnter(); int32_t retval = 0; @@ -1912,27 +1913,25 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, if (pstate == NULL) SCReturnInt(-1); - pstate->parse_field = 0; - SCReturnInt(1); } static int DCERPCParseRequest(Flow *f, void *dcerpc_state, - AppLayerParserState *pstate, + void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *local_data) { return DCERPCParse(f, dcerpc_state, pstate, input, input_len, - local_data, output, 0); + local_data, 0); } static int DCERPCParseResponse(Flow *f, void *dcerpc_state, - AppLayerParserState *pstate, + void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *local_data) { return DCERPCParse(f, dcerpc_state, pstate, input, input_len, - local_data, output, 1); + local_data, 1); } static void *DCERPCStateAlloc(void) { @@ -1983,33 +1982,49 @@ static void DCERPCStateFree(void *s) { } } +static int DCERPCRegisterPatternsForProtocolDetection(void) +{ + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_DCERPC, + "|05 00|", 2, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_DCERPC, + "|05 00|", 2, 0, STREAM_TOCLIENT) < 0) + { + return -1; + } + + return 0; +} + void RegisterDCERPCParsers(void) { char *proto_name = "dcerpc"; - if (AppLayerProtoDetectionEnabled(proto_name)) { - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_DCERPC, "|05 00|", 2, 0, STREAM_TOSERVER); - /* toclient direction */ - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_DCERPC, "|05 00|", 2, 0, STREAM_TOCLIENT); - AppLayerRegisterParserAcceptableDataDirection(ALPROTO_DCERPC, STREAM_TOSERVER); + if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) { + AppLayerProtoDetectRegisterProtocol(ALPROTO_DCERPC, proto_name); + if (DCERPCRegisterPatternsForProtocolDetection() < 0) + return; } else { SCLogInfo("Protocol detection and parser disabled for %s protocol.", proto_name); return; } - if (AppLayerParserEnabled(proto_name)) { - AppLayerRegisterProto(proto_name, ALPROTO_DCERPC, STREAM_TOSERVER, - DCERPCParseRequest); - AppLayerRegisterProto(proto_name, ALPROTO_DCERPC, STREAM_TOCLIENT, - DCERPCParseResponse); - AppLayerRegisterStateFuncs(ALPROTO_DCERPC, DCERPCStateAlloc, - DCERPCStateFree); + if (AppLayerParserConfParserEnabled("tcp", proto_name)) { + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_DCERPC, STREAM_TOSERVER, + DCERPCParseRequest); + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_DCERPC, STREAM_TOCLIENT, + DCERPCParseResponse); + AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_DCERPC, DCERPCStateAlloc, + DCERPCStateFree); + AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_DCERPC, STREAM_TOSERVER); } else { SCLogInfo("Parsed disabled for %s protocol. Protocol detection" "still on.", proto_name); } #ifdef UNITTESTS - AppLayerParserRegisterUnittests(ALPROTO_DCERPC, DCERPCParserRegisterTests); + AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_DCERPC, DCERPCParserRegisterTests); #endif return; @@ -2380,17 +2395,19 @@ int DCERPCParserTest01(void) { uint32_t bindacklen = sizeof(dcerpcbindack); TcpSession ssn; DCERPCUuidEntry *uuid_entry; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcbind, bindlen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcbind, bindlen); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2426,7 +2443,7 @@ int DCERPCParserTest01(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpcbindack, bindacklen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpcbindack, bindacklen); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2450,7 +2467,7 @@ int DCERPCParserTest01(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_EOF, dcerpcrequest, requestlen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_EOF, dcerpcrequest, requestlen); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2464,6 +2481,8 @@ int DCERPCParserTest01(void) { goto end; } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -2607,17 +2626,19 @@ int DCERPCParserTest02(void) { uint32_t requestlen = sizeof(dcerpcrequest); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcrequest, requestlen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcrequest, requestlen); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2659,6 +2680,8 @@ int DCERPCParserTest02(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -2802,17 +2825,19 @@ int DCERPCParserTest03(void) { uint32_t requestlen = sizeof(dcerpcrequest); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcrequest, requestlen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcrequest, requestlen); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2847,6 +2872,8 @@ int DCERPCParserTest03(void) { goto end; } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -3978,16 +4005,18 @@ int DCERPCParserTest04(void) { uint32_t request9_len = sizeof(request9); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); /* bind */ - int r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, - bind, bind_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, + bind, bind_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4009,8 +4038,8 @@ int DCERPCParserTest04(void) { goto end; /* bind_ack */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - bind_ack, bind_ack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + bind_ack, bind_ack_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4025,8 +4054,8 @@ int DCERPCParserTest04(void) { goto end; /* request1 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request1, request1_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4043,8 +4072,8 @@ int DCERPCParserTest04(void) { dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request2 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4061,8 +4090,8 @@ int DCERPCParserTest04(void) { dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request3 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request3, request3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request3, request3_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4079,8 +4108,8 @@ int DCERPCParserTest04(void) { dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request4 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request4, request4_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request4, request4_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4097,8 +4126,8 @@ int DCERPCParserTest04(void) { dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request5 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request5, request5_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request5, request5_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4112,8 +4141,8 @@ int DCERPCParserTest04(void) { goto end; /* request6 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request6, request6_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request6, request6_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4130,8 +4159,8 @@ int DCERPCParserTest04(void) { dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request7 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request7, request7_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request7, request7_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4148,8 +4177,8 @@ int DCERPCParserTest04(void) { dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request8 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request8, request8_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request8, request8_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4166,8 +4195,8 @@ int DCERPCParserTest04(void) { dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request9 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request9, request9_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request9, request9_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4184,8 +4213,8 @@ int DCERPCParserTest04(void) { dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request1 again */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request1, request1_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4201,6 +4230,8 @@ int DCERPCParserTest04(void) { goto end; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; #endif @@ -4241,18 +4272,20 @@ int DCERPCParserTest05(void) { uint32_t bind2_len = sizeof(bind2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - bind1, bind1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + bind1, bind1_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4277,8 +4310,8 @@ int DCERPCParserTest05(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - bind2, bind2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + bind2, bind2_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4299,6 +4332,8 @@ int DCERPCParserTest05(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -4411,18 +4446,20 @@ int DCERPCParserTest06(void) { uint32_t bind2_len = sizeof(bind2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, - bind1, bind1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, + bind1, bind1_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4444,8 +4481,8 @@ int DCERPCParserTest06(void) { result &= (dcerpc_state->dcerpc.dcerpcbindbindack.numctxitemsleft == 8); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - bind2, bind2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + bind2, bind2_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4460,6 +4497,8 @@ int DCERPCParserTest06(void) { result &= (dcerpc_state->dcerpc.dcerpcbindbindack.numctxitemsleft == 0); end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -4492,18 +4531,20 @@ int DCERPCParserTest07(void) { uint32_t request3_len = sizeof(request3); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, - request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, + request1, request1_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4525,8 +4566,8 @@ int DCERPCParserTest07(void) { result &= (dcerpc_state->dcerpc.pdu_fragged = 1); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4541,8 +4582,8 @@ int DCERPCParserTest07(void) { result &= (dcerpc_state->dcerpc.pdu_fragged = 1); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request3, request3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request3, request3_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4557,6 +4598,8 @@ int DCERPCParserTest07(void) { result &= (dcerpc_state->dcerpc.pdu_fragged == 0); end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -4579,18 +4622,20 @@ int DCERPCParserTest08(void) { uint32_t request_len = sizeof(request); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - request, request_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + request, request_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4612,6 +4657,8 @@ int DCERPCParserTest08(void) { result &= (dcerpc_state->dcerpc.pdu_fragged == 0); end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -4634,18 +4681,20 @@ int DCERPCParserTest09(void) { uint32_t request_len = sizeof(request); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - request, request_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + request, request_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4667,6 +4716,8 @@ int DCERPCParserTest09(void) { result &= (dcerpc_state->dcerpc.pdu_fragged == 1); end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -4703,18 +4754,20 @@ int DCERPCParserTest10(void) { uint32_t request2_len = sizeof(request2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, - fault, fault_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, + fault, fault_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4731,8 +4784,8 @@ int DCERPCParserTest10(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request1, request1_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4746,8 +4799,8 @@ int DCERPCParserTest10(void) { result &= (dcerpc_state->dcerpc.pdu_fragged == 1); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4762,6 +4815,8 @@ int DCERPCParserTest10(void) { result &= (dcerpc_state->dcerpc.pdu_fragged == 0); end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -4799,18 +4854,20 @@ int DCERPCParserTest11(void) { uint32_t request3_len = sizeof(request3); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request1, request1_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4832,8 +4889,8 @@ int DCERPCParserTest11(void) { result &= (dcerpc_state->dcerpc.pdu_fragged == 0); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4846,8 +4903,8 @@ int DCERPCParserTest11(void) { result &= (dcerpc_state->dcerpc.pdu_fragged == 1); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request3, request3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request3, request3_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4862,6 +4919,8 @@ int DCERPCParserTest11(void) { result &= (dcerpc_state->dcerpc.pdu_fragged == 0); end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -4893,18 +4952,20 @@ int DCERPCParserTest12(void) { uint32_t bind_ack2_len = sizeof(bind_ack2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - bind_ack1, bind_ack1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + bind_ack1, bind_ack1_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4924,8 +4985,8 @@ int DCERPCParserTest12(void) { result &= (dcerpc_state->dcerpc.pdu_fragged == 1); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - bind_ack2, bind_ack2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + bind_ack2, bind_ack2_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4938,6 +4999,8 @@ int DCERPCParserTest12(void) { result &= (dcerpc_state->dcerpc.pdu_fragged == 0); end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -4966,18 +5029,20 @@ int DCERPCParserTest13(void) { uint32_t bind_len = sizeof(bind); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - bind, bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + bind, bind_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5019,6 +5084,8 @@ int DCERPCParserTest13(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -5052,18 +5119,20 @@ int DCERPCParserTest14(void) { uint32_t bind_len = sizeof(bind); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - bind, bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + bind, bind_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5080,6 +5149,8 @@ int DCERPCParserTest14(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -5109,18 +5180,20 @@ int DCERPCParserTest15(void) { uint32_t bind_ack_len = sizeof(bind_ack); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - bind_ack, bind_ack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + bind_ack, bind_ack_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5137,6 +5210,8 @@ int DCERPCParserTest15(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -5555,6 +5630,7 @@ int DCERPCParserTest16(void) { TcpSession ssn; DCERPCUuidEntry *item = NULL; int count = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); uint8_t accepted_uuids[3][16] = { {0x4b, 0x32, 0x4f, 0xc8, 0x16, 0x70, 0x01, 0xd3, @@ -5572,12 +5648,13 @@ int DCERPCParserTest16(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - bind1, bind1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + bind1, bind1_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5594,8 +5671,8 @@ int DCERPCParserTest16(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - bind_ack1, bind_ack1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + bind_ack1, bind_ack1_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5626,8 +5703,8 @@ int DCERPCParserTest16(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - bind2, bind2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + bind2, bind2_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5646,8 +5723,8 @@ int DCERPCParserTest16(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - bind_ack2, bind_ack2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + bind_ack2, bind_ack2_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5678,8 +5755,8 @@ int DCERPCParserTest16(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - bind3, bind3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + bind3, bind3_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5698,8 +5775,8 @@ int DCERPCParserTest16(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - bind_ack3, bind_ack3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + bind_ack3, bind_ack3_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5730,6 +5807,8 @@ int DCERPCParserTest16(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -5798,6 +5877,7 @@ int DCERPCParserTest17(void) { TcpSession ssn; DCERPCUuidEntry *item = NULL; int count = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); uint8_t accepted_uuids[2][16] = { {0x57, 0x67, 0x4c, 0xd0, 0x52, 0x00, 0x11, 0xce, @@ -5813,12 +5893,13 @@ int DCERPCParserTest17(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - bind, bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + bind, bind_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5835,8 +5916,8 @@ int DCERPCParserTest17(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - bind_ack, bind_ack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + bind_ack, bind_ack_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5867,8 +5948,8 @@ int DCERPCParserTest17(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - alter_context, alter_context_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + alter_context, alter_context_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5887,8 +5968,8 @@ int DCERPCParserTest17(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - alter_context_resp, alter_context_resp_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + alter_context_resp, alter_context_resp_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5919,6 +6000,8 @@ int DCERPCParserTest17(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -5947,18 +6030,20 @@ int DCERPCParserTest18(void) { uint32_t request2_len = sizeof(request2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request1, request1_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5979,8 +6064,8 @@ int DCERPCParserTest18(void) { result &= (dcerpc_state->dcerpc.pdu_fragged == 1); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5996,6 +6081,8 @@ int DCERPCParserTest18(void) { result &= (dcerpc_state->dcerpc.dcerpcrequest.opnum == 2); end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -6209,17 +6296,19 @@ int DCERPCParserTest19(void) uint32_t bindlen = sizeof(dcerpcbind); uint32_t bindacklen = sizeof(dcerpcbindack); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, dcerpcbind, bindlen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, dcerpcbind, bindlen); if (r != 0) { printf("dcerpc header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -6239,7 +6328,7 @@ int DCERPCParserTest19(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpcbindack, bindacklen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpcbindack, bindacklen); if (r == 0) { printf("dce parser didn't return fail\n"); SCMutexUnlock(&f.m); @@ -6249,6 +6338,8 @@ int DCERPCParserTest19(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c index 0b70290554..1e197885e5 100644 --- a/src/app-layer-detect-proto.c +++ b/src/app-layer-detect-proto.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2013 Open Information Security Foundation +/* Copyright (C) 2007-2014 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -15,16 +15,11 @@ * 02110-1301, USA. */ -/** \file - * - * \author Victor Julien - * - * A simple application layer (L7) protocol detector. It works by allowing - * developers to set a series of patterns that if exactly matching indicate - * that the session is a certain protocol. +/** + * \file * - * \todo More advanced detection methods, regex maybe. - * \todo Fall back to port based classification if other detection fails. + * \author Victor Julien + * \author Anoop Saldanha */ #include "suricata-common.h" @@ -35,13 +30,13 @@ #include "tm-threads.h" #include "detect.h" +#include "detect-engine-port.h" #include "detect-parse.h" #include "detect-engine.h" #include "detect-content.h" #include "detect-engine-mpm.h" #include "detect-engine-state.h" -#include "util-mpm.h" #include "util-print.h" #include "util-pool.h" #include "util-unittest.h" @@ -49,536 +44,285 @@ #include "flow.h" #include "flow-util.h" +#include "flow-private.h" #include "stream-tcp-private.h" #include "stream-tcp-reassemble.h" #include "stream-tcp.h" #include "stream.h" +#include "app-layer.h" #include "app-layer-protos.h" #include "app-layer-parser.h" #include "app-layer-detect-proto.h" +#include "conf.h" +#include "util-memcmp.h" #include "util-spm.h" #include "util-cuda.h" #include "util-debug.h" -#include "conf.h" - -#define INSPECT_BYTES 32 -#define ASYNC_MAX 75000 - -/** global app layer detection context */ -AlpProtoDetectCtx alp_proto_ctx; - -/** \brief Initialize the app layer proto detection */ -void AlpProtoInit(AlpProtoDetectCtx *ctx) { - memset(ctx, 0x00, sizeof(AlpProtoDetectCtx)); - - MpmInitCtx(&ctx->toserver.mpm_ctx, MPM_B2G); - MpmInitCtx(&ctx->toclient.mpm_ctx, MPM_B2G); - - memset(&ctx->toserver.map, 0x00, sizeof(ctx->toserver.map)); - memset(&ctx->toclient.map, 0x00, sizeof(ctx->toclient.map)); +#include "runmodes.h" + +typedef struct AppLayerProtoDetectProbingParserElement_ { + uint16_t alproto; + /* \todo don't really need it. See if you can get rid of it */ + uint16_t port; + /* \todo calculate at runtime and get rid of this var */ + uint32_t alproto_mask; + /* \todo check if we can reduce the bottom 2 vars to uint16_t */ + /* the min length of data that has to be supplied to invoke the parser */ + uint32_t min_depth; + /* the max length of data after which this parser won't be invoked */ + uint32_t max_depth; + /* the probing parser function */ + ProbingParserFPtr ProbingParser; + + struct AppLayerProtoDetectProbingParserElement_ *next; +} AppLayerProtoDetectProbingParserElement; + +typedef struct AppLayerProtoDetectProbingParserPort_ { + /* the port no for which probing parser(s) are invoked */ + uint16_t port; + + uint32_t toserver_alproto_mask; + uint32_t toclient_alproto_mask; + /* the max depth for all the probing parsers registered for this port */ + uint16_t toserver_max_depth; + uint16_t toclient_max_depth; + + AppLayerProtoDetectProbingParserElement *toserver; + AppLayerProtoDetectProbingParserElement *toclient; + + struct AppLayerProtoDetectProbingParserPort_ *next; +} AppLayerProtoDetectProbingParserPort; + +typedef struct AppLayerProtoDetectProbingParser_ { + uint16_t ip_proto; + AppLayerProtoDetectProbingParserPort *port; + + struct AppLayerProtoDetectProbingParser_ *next; +} AppLayerProtoDetectProbingParser; + +typedef struct AppLayerProtoDetectPMSignature_ { + AppProto alproto; + /* \todo Change this into a non-pointer */ + DetectContentData *cd; + struct AppLayerProtoDetectPMSignature_ *next; +} AppLayerProtoDetectPMSignature; + +typedef struct AppLayerProtoDetectPMCtx_ { + uint16_t max_len; + uint16_t min_len; + MpmCtx mpm_ctx; - ctx->toserver.id = 0; - ctx->toclient.id = 0; - ctx->toclient.min_len = INSPECT_BYTES; - ctx->toserver.min_len = INSPECT_BYTES; + /** Mapping between pattern id and signature. As each signature has a + * unique pattern with a unique id, we can lookup the signature by + * the pattern id. */ + AppLayerProtoDetectPMSignature **map; + AppLayerProtoDetectPMSignature *head; - intmax_t value = 0; - if ((ConfGetInt("app-layer.proto-detect.toclient-async-max", &value)) == 1) { - if (value >= 0 && value <= 1048576) { - ctx->toclient.async_max = (uint32_t)value; - } else { - ctx->toclient.async_max = (uint32_t)ASYNC_MAX; - } - } else { - ctx->toclient.async_max = (uint32_t)ASYNC_MAX; - } - if ((ConfGetInt("app-layer.proto-detect.toserver-async-max", &value)) == 1) { - if (value >= 0 && value <= 1048576) { - ctx->toserver.async_max = (uint32_t)value; - } else { - ctx->toserver.async_max = (uint32_t)ASYNC_MAX; - } - } else { - ctx->toserver.async_max = (uint32_t)ASYNC_MAX; - } - SCLogDebug("toclient.async_max %u toserver.async_max %u", - ctx->toclient.async_max, ctx->toserver.async_max); + /* \todo we don't need this except at setup time. Get rid of it. */ + PatIntId max_pat_id; +} AppLayerProtoDetectPMCtx; - ctx->mpm_pattern_id_store = MpmPatternIdTableInitHash(); -} +typedef struct AppLayerProtoDetectCtxIpproto_ { + /* 0 - toserver, 1 - toclient */ + AppLayerProtoDetectPMCtx ctx_pm[2]; +} AppLayerProtoDetectCtxIpproto; /** - * \brief Turn a proto detection into a AlpProtoSignature and store it - * in the ctx. - * - * \param ctx the contex - * \param co the content match - * \param proto the proto id - * \initonly + * \brief The app layer protocol detection context. */ -static void AlpProtoAddSignature(AlpProtoDetectCtx *ctx, DetectContentData *co, uint16_t ip_proto, uint16_t proto) { - AlpProtoSignature *s = SCMalloc(sizeof(AlpProtoSignature)); - if (unlikely(s == NULL)) { - SCLogError(SC_ERR_FATAL, "Error allocating memory. Signature not loaded. Not enough memory so.. exiting.."); - exit(EXIT_FAILURE); - } - memset(s, 0x00, sizeof(AlpProtoSignature)); - - s->ip_proto = ip_proto; - s->proto = proto; - s->co = co; +typedef struct AppLayerProtoDetectCtx_ { + /* Context per ip_proto. + * \todo Modify ctx_ipp to hold for only tcp and udp. The rest can be + * implemented if needed. Waste of space otherwise. */ + AppLayerProtoDetectCtxIpproto ctx_ipp[FLOW_PROTO_DEFAULT]; - if (ctx->head == NULL) { - ctx->head = s; - } else { - s->next = ctx->head; - ctx->head = s; - } - - ctx->sigs++; -} + AppLayerProtoDetectProbingParser *ctx_pp; -/** \brief free a AlpProtoSignature, recursively free any next sig */ -static void AlpProtoFreeSignature(AlpProtoSignature *s) -{ - if (s == NULL) - return; - - DetectContentFree(s->co); - s->co = NULL; - s->proto = 0; + /* Indicates the protocols that have registered themselves + * for protocol detection. This table is independent of the + * ipproto. */ + char *alproto_names[ALPROTO_MAX]; +} AppLayerProtoDetectCtx; - AlpProtoSignature *next_s = s->next; +/** + * \brief The app layer protocol detection thread context. + */ +typedef struct AppLayerProtoDetectCtxThread_ { + PatternMatcherQueue pmq; + /* The value 2 is for direction(0 - toserver, 1 - toclient). */ + MpmThreadCtx mpm_tctx[FLOW_PROTO_DEFAULT][2]; +} AppLayerProtoDetectCtxThread; - SCFree(s); +/* The global app layer proto detection context. */ +AppLayerProtoDetectCtx alpd_ctx; - AlpProtoFreeSignature(next_s); -} +/***** Static Internal Calls: Protocol Retrieval *****/ -/** - * \brief Match a AlpProtoSignature against a buffer - * - * \param s signature - * \param buf pointer to buffer - * \param buflen length of the buffer - * \param ip_proto packet's ip_proto - * - * \retval proto the detected proto or ALPROTO_UNKNOWN if no match - */ -static uint16_t AlpProtoMatchSignature(AlpProtoSignature *s, uint8_t *buf, - uint16_t buflen, uint16_t ip_proto) +static uint16_t AppLayerProtoDetectPMMatchSignature(AppLayerProtoDetectPMSignature *s, + uint8_t *buf, uint16_t buflen, + uint16_t ipproto) { SCEnter(); uint16_t proto = ALPROTO_UNKNOWN; uint8_t *found = NULL; - if (s->ip_proto != ip_proto) { - goto end; - } - - if (s->co->offset > buflen) { + if (s->cd->offset > buflen) { SCLogDebug("s->co->offset (%"PRIu16") > buflen (%"PRIu16")", - s->co->offset, buflen); + s->cd->offset, buflen); goto end; } - if (s->co->depth > buflen) { + if (s->cd->depth > buflen) { SCLogDebug("s->co->depth (%"PRIu16") > buflen (%"PRIu16")", - s->co->depth, buflen); + s->cd->depth, buflen); goto end; } - uint8_t *sbuf = buf + s->co->offset; - uint16_t sbuflen = s->co->depth - s->co->offset; - SCLogDebug("s->co->offset (%"PRIu16") s->co->depth (%"PRIu16")", - s->co->offset, s->co->depth); + uint8_t *sbuf = buf + s->cd->offset; + uint16_t sbuflen = s->cd->depth - s->cd->offset; + SCLogDebug("s->co->offset (%"PRIu16") s->cd->depth (%"PRIu16")", + s->cd->offset, s->cd->depth); - if (s->co->flags & DETECT_CONTENT_NOCASE) - found = SpmNocaseSearch(sbuf, sbuflen, s->co->content, s->co->content_len); + if (s->cd->flags & DETECT_CONTENT_NOCASE) + found = SpmNocaseSearch(sbuf, sbuflen, s->cd->content, s->cd->content_len); else - found = SpmSearch(sbuf, sbuflen, s->co->content, s->co->content_len); + found = SpmSearch(sbuf, sbuflen, s->cd->content, s->cd->content_len); if (found != NULL) - proto = s->proto; + proto = s->alproto; -end: + end: SCReturnInt(proto); } -/** - * \brief Add a proto detection string to the detection ctx. - * - * \param ctx The detection ctx - * \param ip_proto The IP proto (TCP, UDP, etc) - * \param al_proto Application layer proto - * \param content A content string in the 'content:"some|20|string"' format. - * \param depth Depth setting for the content. E.g. 4 means that the content has to match in the first 4 bytes of the stream. - * \param offset Offset setting for the content. E.g. 4 mean that the content has to match after the first 4 bytes of the stream. - * \param flags Set STREAM_TOCLIENT or STREAM_TOSERVER for the direction in which to try to match the content. - * \param ci Pattern is case-insensitive. - */ -void AlpProtoAddPattern(AlpProtoDetectCtx *ctx, char *name, uint16_t ip_proto, - uint16_t al_proto, char *content, uint16_t depth, - uint16_t offset, uint8_t flags, uint8_t ci) -{ - if (al_proto_table[al_proto].name != NULL) { - BUG_ON(strcmp(al_proto_table[al_proto].name, name) != 0); - } else { - al_proto_table[al_proto].name = name; - } - - DetectContentData *cd = DetectContentParseEncloseQuotes(content); - if (cd == NULL) { - return; - } - cd->depth = depth; - cd->offset = offset; - - cd->id = DetectContentGetId(ctx->mpm_pattern_id_store, cd); - - //PrintRawDataFp(stdout,cd->content,cd->content_len); - SCLogDebug("cd->depth %"PRIu16" and cd->offset %"PRIu16" cd->id %"PRIu32"", - cd->depth, cd->offset, cd->id); - - AlpProtoDetectDirection *dir; - if (flags & STREAM_TOCLIENT) { - dir = &ctx->toclient; - } else { - dir = &ctx->toserver; - } - - if (ci == 1) { - cd->flags |= DETECT_CONTENT_NOCASE; - MpmAddPatternCI(&dir->mpm_ctx, cd->content, cd->content_len, - cd->offset, cd->depth, - cd->id, cd->id, 0); - } else { - MpmAddPatternCS(&dir->mpm_ctx, cd->content, cd->content_len, - cd->offset, cd->depth, - cd->id, cd->id, 0); - } - - BUG_ON(dir->id == ALP_DETECT_MAX); - dir->map[dir->id] = al_proto; - dir->id++; - - if (depth > dir->max_len) - dir->max_len = depth; - - /* set the min_len for the stream engine to set the min smsg size for app - layer*/ - if (depth < dir->min_len) - dir->min_len = depth; - - /* finally turn into a signature and add to the ctx */ - AlpProtoAddSignature(ctx, cd, ip_proto, al_proto); -} - - -void AlpProtoAddCI(AlpProtoDetectCtx *ctx, char *name, uint16_t ip_proto, - uint16_t al_proto, char *content, uint16_t depth, - uint16_t offset, uint8_t flags) -{ - AlpProtoAddPattern(ctx, name, ip_proto, al_proto, content, depth, - offset, flags, 1); - - return; -} - -void AlpProtoAdd(AlpProtoDetectCtx *ctx, char *name, uint16_t ip_proto, - uint16_t al_proto, char *content, uint16_t depth, - uint16_t offset, uint8_t flags) +static uint16_t AppLayerProtoDetectPMGetProto(AppLayerProtoDetectCtxThread *tctx, + Flow *f, + uint8_t *buf, uint16_t buflen, + uint8_t direction, + uint8_t ipproto, + AppProto *pm_results) { - AlpProtoAddPattern(ctx, name, ip_proto, al_proto, content, depth, - offset, flags, 0); - - return; -} - -#ifdef UNITTESTS -void AlpProtoTestDestroy(AlpProtoDetectCtx *ctx) { - mpm_table[ctx->toserver.mpm_ctx.mpm_type].DestroyCtx(&ctx->toserver.mpm_ctx); - mpm_table[ctx->toclient.mpm_ctx.mpm_type].DestroyCtx(&ctx->toclient.mpm_ctx); - AlpProtoFreeSignature(ctx->head); - AppLayerFreeProbingParsers(ctx->probing_parsers); - ctx->probing_parsers = NULL; - - return; -} -#endif - -void AlpProtoDestroy() { - SCEnter(); - mpm_table[alp_proto_ctx.toserver.mpm_ctx.mpm_type].DestroyCtx(&alp_proto_ctx.toserver.mpm_ctx); - mpm_table[alp_proto_ctx.toclient.mpm_ctx.mpm_type].DestroyCtx(&alp_proto_ctx.toclient.mpm_ctx); - MpmPatternIdTableFreeHash(alp_proto_ctx.mpm_pattern_id_store); - AlpProtoFreeSignature(alp_proto_ctx.head); - AppLayerFreeProbingParsers(alp_proto_ctx.probing_parsers); - alp_proto_ctx.probing_parsers = NULL; - - SCReturn; -} - -void AlpProtoFinalizeThread(AlpProtoDetectCtx *ctx, AlpProtoDetectThreadCtx *tctx) { - uint32_t sig_maxid = 0; - uint32_t pat_maxid = ctx->mpm_pattern_id_store ? ctx->mpm_pattern_id_store->max_id : 0; - - memset(tctx, 0x00, sizeof(AlpProtoDetectThreadCtx)); - - if (ctx->toclient.id > 0) { - //sig_maxid = ctx->toclient.id; - mpm_table[ctx->toclient.mpm_ctx.mpm_type].InitThreadCtx(&ctx->toclient.mpm_ctx, &tctx->toclient.mpm_ctx, sig_maxid); - PmqSetup(&tctx->toclient.pmq, sig_maxid, pat_maxid); - } - if (ctx->toserver.id > 0) { - //sig_maxid = ctx->toserver.id; - mpm_table[ctx->toserver.mpm_ctx.mpm_type].InitThreadCtx(&ctx->toserver.mpm_ctx, &tctx->toserver.mpm_ctx, sig_maxid); - PmqSetup(&tctx->toserver.pmq, sig_maxid, pat_maxid); - } - - int i; - for (i = 0; i < ALPROTO_MAX; i++) { - tctx->alproto_local_storage[i] = AppLayerGetProtocolParserLocalStorage(i); - } - - return; -} - -void AlpProtoDeFinalize2Thread(AlpProtoDetectThreadCtx *tctx) { - if (alp_proto_ctx.toclient.id > 0) { - mpm_table[alp_proto_ctx.toclient.mpm_ctx.mpm_type].DestroyThreadCtx - (&alp_proto_ctx.toclient.mpm_ctx, &tctx->toclient.mpm_ctx); - PmqFree(&tctx->toclient.pmq); - } - if (alp_proto_ctx.toserver.id > 0) { - mpm_table[alp_proto_ctx.toserver.mpm_ctx.mpm_type].DestroyThreadCtx - (&alp_proto_ctx.toserver.mpm_ctx, &tctx->toserver.mpm_ctx); - PmqFree(&tctx->toserver.pmq); - } - -} -/** \brief to be called by ReassemblyThreadInit - * \todo this is a hack, we need a proper place to store the global ctx */ -void AlpProtoFinalize2Thread(AlpProtoDetectThreadCtx *tctx) { - AlpProtoFinalizeThread(&alp_proto_ctx, tctx); - return; -} - -void AlpProtoFinalizeGlobal(AlpProtoDetectCtx *ctx) { - if (ctx == NULL) - return; - - mpm_table[ctx->toclient.mpm_ctx.mpm_type].Prepare(&ctx->toclient.mpm_ctx); - mpm_table[ctx->toserver.mpm_ctx.mpm_type].Prepare(&ctx->toserver.mpm_ctx); - - /* allocate and initialize the mapping between pattern id and signature */ - ctx->map = (AlpProtoSignature **)SCMalloc(ctx->sigs * sizeof(AlpProtoSignature *)); - if (ctx->map == NULL) { - SCLogError(SC_ERR_MEM_ALLOC, "%s", strerror(errno)); - return; - } - memset(ctx->map, 0x00, ctx->sigs * sizeof(AlpProtoSignature *)); - - AlpProtoSignature *s = ctx->head; - AlpProtoSignature *temp = NULL; - for ( ; s != NULL; s = s->next) { - BUG_ON(s->co == NULL); - - if (ctx->map[s->co->id] == NULL) { - ctx->map[s->co->id] = s; - } else { - temp = ctx->map[s->co->id]; - while (temp->map_next != NULL) - temp = temp->map_next; - temp->map_next = s; - } - } -} - -void AppLayerDetectProtoThreadInit(void) { - AlpProtoInit(&alp_proto_ctx); - RegisterAppLayerParsers(); - AlpProtoFinalizeGlobal(&alp_proto_ctx); - - return; -} - -/** - * \brief Get the app layer proto based on a buffer using a Patter matcher - * parser. - * - * \param ctx Global app layer detection context - * \param tctx Thread app layer detection context - * \param f Pointer to the flow. - * \param buf Pointer to the buffer to inspect - * \param buflen Lenght of the buffer - * \param flags Flags. - * \param Pointer to the results array, ALPROTO_MAX long. - * - * \retval pm_matches Returns the no of alproto matches. - */ -uint16_t AppLayerDetectGetProtoPMParser(AlpProtoDetectCtx *ctx, - AlpProtoDetectThreadCtx *tctx, - Flow *f, - uint8_t *buf, uint16_t buflen, - uint8_t flags, uint8_t ipproto, - uint16_t *pm_results) { SCEnter(); - uint16_t pm_matches = 0; pm_results[0] = ALPROTO_UNKNOWN; - AlpProtoDetectDirection *dir; - AlpProtoDetectDirectionThread *tdir; - uint16_t max_len; + AppLayerProtoDetectPMCtx *pm_ctx; + MpmThreadCtx *mpm_tctx; + uint16_t pm_matches = 0; + uint8_t cnt; + uint16_t searchlen; - if (flags & STREAM_TOSERVER) { - dir = &ctx->toserver; - tdir = &tctx->toserver; - max_len = ctx->toserver.max_len; + if (direction & STREAM_TOSERVER) { + pm_ctx = &alpd_ctx.ctx_ipp[FlowGetProtoMapping(ipproto)].ctx_pm[0]; + mpm_tctx = &tctx->mpm_tctx[FlowGetProtoMapping(ipproto)][0]; } else { - dir = &ctx->toclient; - tdir = &tctx->toclient; - max_len = ctx->toclient.max_len; + pm_ctx = &alpd_ctx.ctx_ipp[FlowGetProtoMapping(ipproto)].ctx_pm[1]; + mpm_tctx = &tctx->mpm_tctx[FlowGetProtoMapping(ipproto)][1]; } - if (dir->id == 0) { + if (pm_ctx->mpm_ctx.pattern_cnt == 0) goto end; - } - /* see if we can limit the data we inspect */ - uint16_t searchlen = buflen; - if (searchlen > dir->max_len) - searchlen = dir->max_len; + searchlen = buflen; + if (searchlen > pm_ctx->max_len) + searchlen = pm_ctx->max_len; uint32_t search_cnt = 0; /* do the mpm search */ - search_cnt = mpm_table[dir->mpm_ctx.mpm_type].Search(&dir->mpm_ctx, - &tdir->mpm_ctx, - &tdir->pmq, buf, - searchlen); - SCLogDebug("search cnt %" PRIu32 "", search_cnt); + search_cnt = mpm_table[pm_ctx->mpm_ctx.mpm_type].Search(&pm_ctx->mpm_ctx, + mpm_tctx, + &tctx->pmq, + buf, searchlen); if (search_cnt == 0) goto end; /* alproto bit field */ - uint8_t pm_results_bf[ALPROTO_MAX / 8]; + uint8_t pm_results_bf[(ALPROTO_MAX / 8) + 1]; memset(pm_results_bf, 0, sizeof(pm_results_bf)); - for (uint8_t s_cnt = 0; s_cnt < search_cnt; s_cnt++) { - AlpProtoSignature *s = ctx->map[tdir->pmq.pattern_id_array[s_cnt]]; - SCLogDebug("array count is %"PRIu32" patid %"PRIu16"", - tdir->pmq.pattern_id_array_cnt, - tdir->pmq.pattern_id_array[s_cnt]); + for (cnt = 0; cnt < search_cnt; cnt++) { + AppLayerProtoDetectPMSignature *s = pm_ctx->map[tctx->pmq.pattern_id_array[cnt]]; while (s != NULL) { - uint16_t proto = AlpProtoMatchSignature(s, buf, buflen, ipproto); - if (proto != ALPROTO_UNKNOWN && !(pm_results_bf[proto / 8] & (1 << (proto % 8))) ) { - pm_results[pm_matches++] = proto; - pm_results_bf[proto / 8] |= 1 << (proto % 8); - } - s = s->map_next; + uint16_t proto = AppLayerProtoDetectPMMatchSignature(s, buf, searchlen, ipproto); + if (proto != ALPROTO_UNKNOWN && + !(pm_results_bf[proto / 8] & (1 << (proto % 8))) ) + { + pm_results[pm_matches++] = proto; + pm_results_bf[proto / 8] |= 1 << (proto % 8); + } + s = s->next; } } -end: - PmqReset(&tdir->pmq); + end: + PmqReset(&tctx->pmq); + if (buflen >= pm_ctx->max_len) + FLOW_SET_PM_DONE(f, direction); + SCReturnUInt(pm_matches); +} - if (mpm_table[dir->mpm_ctx.mpm_type].Cleanup != NULL) { - mpm_table[dir->mpm_ctx.mpm_type].Cleanup(&tdir->mpm_ctx); - } -#if 0 - printf("AppLayerDetectGetProto: returning %" PRIu16 " (%s): ", proto, flags & STREAM_TOCLIENT ? "TOCLIENT" : "TOSERVER"); - switch (proto) { - case ALPROTO_HTTP: - printf("HTTP: "); - /* print the first 32 bytes */ - if (buflen > 0) { - PrintRawUriFp(stdout,buf,(buflen>32)?32:buflen); - } - printf("\n"); - break; - case ALPROTO_FTP: - printf("FTP\n"); - break; - case ALPROTO_SSL: - printf("SSL\n"); - break; - case ALPROTO_SSH: - printf("SSH\n"); - break; - case ALPROTO_TLS: - printf("TLS\n"); - break; - case ALPROTO_IMAP: - printf("IMAP\n"); - break; - case ALPROTO_SMTP: - printf("SMTP\n"); - break; - case ALPROTO_JABBER: - printf("JABBER\n"); - break; - case ALPROTO_MSN: - printf("MSN\n"); - break; - case ALPROTO_SMB: - printf("SMB\n"); - break; - case ALPROTO_SMB2: - printf("SMB2\n"); - break; - case ALPROTO_DCERPC: - printf("DCERPC\n"); +static AppLayerProtoDetectProbingParserPort *AppLayerProtoDetectGetProbingParsers(AppLayerProtoDetectProbingParser *pp, + uint16_t ip_proto, + uint16_t port) +{ + AppLayerProtoDetectProbingParserPort *pp_port = NULL; + + while (pp != NULL) { + if (pp->ip_proto == ip_proto) break; - case ALPROTO_UNKNOWN: - default: - printf("UNKNOWN (%u): cnt was %u (", proto, cnt); - /* print the first 32 bytes */ - if (buflen > 0) { - PrintRawUriFp(stdout,buf,(buflen>32)?32:buflen); - } - printf(")\n"); + + pp = pp->next; + } + + if (pp == NULL) + goto end; + + pp_port = pp->port; + while (pp_port != NULL) { + if (pp_port->port == port || pp_port->port == 0) { break; + } + pp_port = pp_port->next; } -#endif - if (buflen >= max_len) - FLOW_SET_PM_DONE(f, flags); - SCReturnUInt(pm_matches); + + end: + SCReturnPtr(pp_port, "AppLayerProtoDetectProbingParserPort *"); } /** * \brief Call the probing parser if it exists for this src or dst port. */ -uint16_t AppLayerDetectGetProtoProbingParser(AlpProtoDetectCtx *ctx, Flow *f, - uint8_t *buf, uint32_t buflen, - uint8_t flags, uint8_t ipproto) +static AppProto AppLayerProtoDetectPPGetProto(Flow *f, + uint8_t *buf, uint32_t buflen, + uint8_t ipproto, uint8_t direction) { - AppLayerProbingParserPort *pp_port = NULL; - AppLayerProbingParserElement *pe = NULL; - uint32_t *al_proto_masks; - - if (flags & STREAM_TOSERVER) { - pp_port = AppLayerGetProbingParsers(ctx->probing_parsers, ipproto, f->dp); - al_proto_masks = &f->probing_parser_toserver_al_proto_masks; + AppLayerProtoDetectProbingParserPort *pp_port = NULL; + AppLayerProtoDetectProbingParserElement *pe = NULL; + AppProto alproto = ALPROTO_UNKNOWN; + uint32_t *alproto_masks; + + if (direction & STREAM_TOSERVER) { + pp_port = AppLayerProtoDetectGetProbingParsers(alpd_ctx.ctx_pp, ipproto, f->dp); + alproto_masks = &f->probing_parser_toserver_alproto_masks; if (pp_port == NULL) { SCLogDebug("toserver-No probing parser registered for port %"PRIu16, f->dp); - FLOW_SET_PP_DONE(f, flags); - return ALPROTO_UNKNOWN; + FLOW_SET_PP_DONE(f, direction); + goto end; } pe = pp_port->toserver; } else { - pp_port = AppLayerGetProbingParsers(ctx->probing_parsers, ipproto, f->sp); - al_proto_masks = &f->probing_parser_toclient_al_proto_masks; + pp_port = AppLayerProtoDetectGetProbingParsers(alpd_ctx.ctx_pp, ipproto, f->sp); + alproto_masks = &f->probing_parser_toclient_alproto_masks; if (pp_port == NULL) { SCLogDebug("toclient-No probing parser registered for port %"PRIu16, f->sp); - FLOW_SET_PP_DONE(f, flags); - return ALPROTO_UNKNOWN; + FLOW_SET_PP_DONE(f, direction); + goto end; } pe = pp_port->toclient; } @@ -586,567 +330,2164 @@ uint16_t AppLayerDetectGetProtoProbingParser(AlpProtoDetectCtx *ctx, Flow *f, while (pe != NULL) { if ((buflen < pe->min_depth) || - (al_proto_masks[0] & pe->al_proto_mask)) { + (alproto_masks[0] & pe->alproto_mask)) { pe = pe->next; continue; } - int alproto = pe->ProbingParser(buf, buflen, NULL); + alproto = pe->ProbingParser(buf, buflen, NULL); if (alproto != ALPROTO_UNKNOWN && alproto != ALPROTO_FAILED) - return alproto; + goto end; if (alproto == ALPROTO_FAILED || (pe->max_depth != 0 && buflen > pe->max_depth)) { - al_proto_masks[0] |= pe->al_proto_mask; + alproto_masks[0] |= pe->alproto_mask; } pe = pe->next; } - if (flags & STREAM_TOSERVER) { - if (al_proto_masks[0] == pp_port->toserver_al_proto_mask) { - FLOW_SET_PP_DONE(f, flags); - return ALPROTO_UNKNOWN; + if (direction & STREAM_TOSERVER) { + if (alproto_masks[0] == pp_port->toserver_alproto_mask) { + FLOW_SET_PP_DONE(f, direction); + goto end; } } else { - if (al_proto_masks[0] == pp_port->toclient_al_proto_mask) { - FLOW_SET_PP_DONE(f, flags); - return ALPROTO_UNKNOWN; + if (alproto_masks[0] == pp_port->toclient_alproto_mask) { + FLOW_SET_PP_DONE(f, direction); + goto end; } } - return ALPROTO_UNKNOWN; + end: + SCReturnCT(alproto, "AppProto"); } -/** - * \brief Get the app layer proto. - * - * \param ctx Global app layer detection context. - * \param tctx Thread app layer detection context. - * \param f Pointer to the flow. - * \param buf Pointer to the buffer to inspect. - * \param buflen Lenght of the buffer. - * \param flags Flags. - * - * \retval proto App Layer proto, or ALPROTO_UNKNOWN if unknown - */ -uint16_t AppLayerDetectGetProto(AlpProtoDetectCtx *ctx, - AlpProtoDetectThreadCtx *tctx, Flow *f, - uint8_t *buf, uint32_t buflen, - uint8_t flags, uint8_t ipproto) -{ - if (!FLOW_IS_PM_DONE(f, flags)) { - uint16_t pm_results[ALPROTO_MAX]; - uint16_t pm_matches = AppLayerDetectGetProtoPMParser(ctx, tctx, f, buf, buflen, flags, ipproto, pm_results); - uint8_t dir = (flags & STREAM_TOSERVER) ? 0 : 1; - for (uint16_t i = 0; i < pm_matches; i++) { - if (al_proto_table[pm_results[i]].PPAlprotoMap[dir] != NULL) { - if (pm_results[i] != al_proto_table[pm_results[i]].PPAlprotoMap[dir](buf, buflen, NULL)) { - /* \todo set event - Needs some deliberation */ - continue; - } - } +/***** Static Internal Calls: PP registration *****/ + +static void AppLayerProtoDetectPPGetIpprotos(AppProto alproto, + uint8_t *ipprotos) +{ + SCEnter(); + + AppLayerProtoDetectProbingParser *pp; + AppLayerProtoDetectProbingParserPort *pp_port; + AppLayerProtoDetectProbingParserElement *pp_pe; - return pm_results[i]; + for (pp = alpd_ctx.ctx_pp; pp != NULL; pp = pp->next) { + for (pp_port = pp->port; pp_port != NULL; pp_port = pp_port->next) { + for (pp_pe = pp_port->toserver; pp_pe != NULL; pp_pe = pp_pe->next) { + if (alproto == pp_pe->alproto) + ipprotos[pp->ip_proto / 8] |= 1 << (pp->ip_proto % 8); + } + for (pp_pe = pp_port->toclient; pp_pe != NULL; pp_pe = pp_pe->next) { + if (alproto == pp_pe->alproto) + ipprotos[pp->ip_proto / 8] |= 1 << (pp->ip_proto % 8); + } } } - if (!FLOW_IS_PP_DONE(f, flags)) - return AppLayerDetectGetProtoProbingParser(ctx, f, buf, buflen, flags, ipproto); - return ALPROTO_UNKNOWN; -} - -/*****Unittests*****/ -#ifdef UNITTESTS + SCReturn; +} -int AlpDetectTest01(void) { - char *buf = SCStrdup("HTTP"); - int r = 1; - AlpProtoDetectCtx ctx; +static uint32_t AppLayerProtoDetectProbingParserGetMask(uint16_t alproto) +{ + SCEnter(); - AlpProtoInit(&ctx); + if (!(alproto > ALPROTO_UNKNOWN && alproto < ALPROTO_FAILED)) { + SCLogError(SC_ERR_ALPARSER, "Unknown protocol detected - %"PRIu16, + alproto); + exit(EXIT_FAILURE); + } - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT); - SCFree(buf); + SCReturnUInt(1 << alproto); +} - if (ctx.toclient.id != 1) { - r = 0; - } +static inline AppLayerProtoDetectProbingParserElement *AllocAppLayerProtoDetectProbingParserElement(void) +{ + SCEnter(); - buf = SCStrdup("GET"); - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOSERVER); - if (ctx.toserver.id != 1) { - r = 0; + AppLayerProtoDetectProbingParserElement *p = SCMalloc(sizeof(AppLayerProtoDetectProbingParserElement)); + if (unlikely(p == NULL)) { + exit(EXIT_FAILURE); } - SCFree(buf); + memset(p, 0, sizeof(AppLayerProtoDetectProbingParserElement)); - AlpProtoTestDestroy(&ctx); - - return r; + SCReturnPtr(p, "AppLayerProtoDetectProbingParserElement"); } -int AlpDetectTest02(void) { - char *buf = SCStrdup("HTTP"); - int r = 1; - AlpProtoDetectCtx ctx; - AlpProtoInit(&ctx); +static inline void DeAllocAppLayerProtoDetectProbingParserElement(AppLayerProtoDetectProbingParserElement *p) +{ + SCEnter(); + SCFree(p); + SCReturn; +} - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT); - SCFree(buf); +static inline AppLayerProtoDetectProbingParserPort *AllocAppLayerProtoDetectProbingParserPort(void) +{ + SCEnter(); - if (ctx.toclient.id != 1) { - r = 0; + AppLayerProtoDetectProbingParserPort *p = SCMalloc(sizeof(AppLayerProtoDetectProbingParserPort)); + if (unlikely(p == NULL)) { + exit(EXIT_FAILURE); } + memset(p, 0, sizeof(AppLayerProtoDetectProbingParserPort)); - if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_HTTP) { - r = 0; - } + SCReturnPtr(p, "AppLayerProtoDetectProbingParserPort"); +} + +static inline void DeAllocAppLayerProtoDetectProbingParserPort(AppLayerProtoDetectProbingParserPort *p) +{ + SCEnter(); - buf = SCStrdup("220 "); - AlpProtoAdd(&ctx, "ftp", IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT); - SCFree(buf); + AppLayerProtoDetectProbingParserElement *e; - if (ctx.toclient.id != 2) { - r = 0; + e = p->toserver; + while (e != NULL) { + AppLayerProtoDetectProbingParserElement *e_next = e->next; + DeAllocAppLayerProtoDetectProbingParserElement(e); + e = e_next; } - if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_FTP) { - r = 0; + e = p->toclient; + while (e != NULL) { + AppLayerProtoDetectProbingParserElement *e_next = e->next; + DeAllocAppLayerProtoDetectProbingParserElement(e); + e = e_next; } - AlpProtoTestDestroy(&ctx); + SCFree(p); - return r; + SCReturn; } -int AlpDetectTest03(void) { - uint8_t l7data[] = "HTTP/1.1 200 OK\r\nServer: Apache/1.0\r\n\r\n"; - char *buf = SCStrdup("HTTP"); - int r = 1; - AlpProtoDetectCtx ctx; - AlpProtoDetectThreadCtx tctx; +static inline AppLayerProtoDetectProbingParser *AllocAppLayerProtoDetectProbingParser(void) +{ + SCEnter(); - AlpProtoInit(&ctx); + AppLayerProtoDetectProbingParser *p = SCMalloc(sizeof(AppLayerProtoDetectProbingParser)); + if (unlikely(p == NULL)) { + exit(EXIT_FAILURE); + } + memset(p, 0, sizeof(AppLayerProtoDetectProbingParser)); - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT); - SCFree(buf); + SCReturnPtr(p, "AppLayerProtoDetectProbingParser"); +} - if (ctx.toclient.id != 1) { - r = 0; - } +static inline void DeAllocAppLayerProtoDetectProbingParser(AppLayerProtoDetectProbingParser *p) +{ + SCEnter(); - if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_HTTP) { - r = 0; + AppLayerProtoDetectProbingParserPort *pt = p->port; + while (pt != NULL) { + AppLayerProtoDetectProbingParserPort *pt_next = pt->next; + DeAllocAppLayerProtoDetectProbingParserPort(pt); + pt = pt_next; } - buf = SCStrdup("220 "); - AlpProtoAdd(&ctx, "ftp", IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT); - SCFree(buf); + SCFree(p); - if (ctx.toclient.id != 2) { - r = 0; - } + SCReturn; +} - if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_FTP) { - r = 0; - } +static AppLayerProtoDetectProbingParserElement * +AppLayerProtoDetectCreateAppLayerProtoDetectProbingParserElement(uint16_t alproto, + uint16_t port, + uint16_t min_depth, + uint16_t max_depth, + uint16_t (*AppLayerProtoDetectProbingParser) + (uint8_t *input, uint32_t input_len, uint32_t *offset)) +{ + AppLayerProtoDetectProbingParserElement *pe = AllocAppLayerProtoDetectProbingParserElement(); + + pe->alproto = alproto; + pe->port = port; + pe->alproto_mask = AppLayerProtoDetectProbingParserGetMask(alproto); + pe->min_depth = min_depth; + pe->max_depth = max_depth; + pe->ProbingParser = AppLayerProtoDetectProbingParser; + pe->next = NULL; + + if (max_depth != 0 && min_depth >= max_depth) { + SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to " + "register the probing parser. min_depth >= max_depth"); + goto error; + } + if (alproto <= ALPROTO_UNKNOWN || alproto >= ALPROTO_MAX) { + SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to register " + "the probing parser. Invalid alproto - %d", alproto); + goto error; + } + if (AppLayerProtoDetectProbingParser == NULL) { + SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to " + "register the probing parser. Probing parser func NULL"); + goto error; + } + + SCReturnPtr(pe, "AppLayerProtoDetectProbingParserElement"); + error: + DeAllocAppLayerProtoDetectProbingParserElement(pe); + SCReturnPtr(NULL, "AppLayerProtoDetectProbingParserElement"); +} - AlpProtoFinalizeGlobal(&ctx); - AlpProtoFinalizeThread(&ctx, &tctx); +static AppLayerProtoDetectProbingParserElement * +DuplicateAppLayerProtoDetectProbingParserElement(AppLayerProtoDetectProbingParserElement *pe) +{ + SCEnter(); - uint32_t cnt = mpm_table[ctx.toclient.mpm_ctx.mpm_type].Search(&ctx.toclient.mpm_ctx, &tctx.toclient.mpm_ctx, NULL, l7data, sizeof(l7data)); - if (cnt != 1) { - printf("cnt %u != 1: ", cnt); - r = 0; - } + AppLayerProtoDetectProbingParserElement *new_pe = AllocAppLayerProtoDetectProbingParserElement(); - AlpProtoTestDestroy(&ctx); + new_pe->alproto = pe->alproto; + new_pe->port = pe->port; + new_pe->alproto_mask = pe->alproto_mask; + new_pe->min_depth = pe->min_depth; + new_pe->max_depth = pe->max_depth; + new_pe->ProbingParser = pe->ProbingParser; + new_pe->next = NULL; - return r; + SCReturnPtr(new_pe, "AppLayerProtoDetectProbingParserElement"); } -int AlpDetectTest04(void) { - uint8_t l7data[] = "HTTP/1.1 200 OK\r\nServer: Apache/1.0\r\n\r\n"; - char *buf = SCStrdup("200 "); - int r = 1; - AlpProtoDetectCtx ctx; - AlpProtoDetectThreadCtx tctx; +void AppLayerProtoDetectPrintProbingParsers(AppLayerProtoDetectProbingParser *pp) +{ + SCEnter(); - AlpProtoInit(&ctx); + AppLayerProtoDetectProbingParserPort *pp_port = NULL; + AppLayerProtoDetectProbingParserElement *pp_pe = NULL; + + printf("\n"); + + for ( ; pp != NULL; pp = pp->next) { + /* print ip protocol */ + if (pp->ip_proto == IPPROTO_TCP) + printf("IPProto: TCP\n"); + else if (pp->ip_proto == IPPROTO_UDP) + printf("IPProto: UDP\n"); + else + printf("IPProto: %"PRIu16"\n", pp->ip_proto); + + pp_port = pp->port; + for ( ; pp_port != NULL; pp_port = pp_port->next) { + if (pp_port->toserver == NULL) + goto AppLayerProtoDetectPrintProbingParsers_jump_toclient; + printf(" Port: %"PRIu16 "\n", pp_port->port); + + printf(" To_Server: (max-depth: %"PRIu16 ", " + "mask - %"PRIu32")\n", + pp_port->toserver_max_depth, + pp_port->toserver_alproto_mask); + pp_pe = pp_port->toserver; + for ( ; pp_pe != NULL; pp_pe = pp_pe->next) { + + if (pp_pe->alproto == ALPROTO_HTTP) + printf(" alproto: ALPROTO_HTTP\n"); + else if (pp_pe->alproto == ALPROTO_FTP) + printf(" alproto: ALPROTO_FTP\n"); + else if (pp_pe->alproto == ALPROTO_SMTP) + printf(" alproto: ALPROTO_SMTP\n"); + else if (pp_pe->alproto == ALPROTO_TLS) + printf(" alproto: ALPROTO_TLS\n"); + else if (pp_pe->alproto == ALPROTO_SSH) + printf(" alproto: ALPROTO_SSH\n"); + else if (pp_pe->alproto == ALPROTO_IMAP) + printf(" alproto: ALPROTO_IMAP\n"); + else if (pp_pe->alproto == ALPROTO_MSN) + printf(" alproto: ALPROTO_MSN\n"); + else if (pp_pe->alproto == ALPROTO_JABBER) + printf(" alproto: ALPROTO_JABBER\n"); + else if (pp_pe->alproto == ALPROTO_SMB) + printf(" alproto: ALPROTO_SMB\n"); + else if (pp_pe->alproto == ALPROTO_SMB2) + printf(" alproto: ALPROTO_SMB2\n"); + else if (pp_pe->alproto == ALPROTO_DCERPC) + printf(" alproto: ALPROTO_DCERPC\n"); + else if (pp_pe->alproto == ALPROTO_IRC) + printf(" alproto: ALPROTO_IRC\n"); + else + printf("impossible\n"); + + printf(" port: %"PRIu16 "\n", pp_pe->port); + printf(" mask: %"PRIu32 "\n", pp_pe->alproto_mask); + printf(" min_depth: %"PRIu32 "\n", pp_pe->min_depth); + printf(" max_depth: %"PRIu32 "\n", pp_pe->max_depth); + + printf("\n"); + } - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT); - SCFree(buf); + AppLayerProtoDetectPrintProbingParsers_jump_toclient: + if (pp_port->toclient == NULL) { + continue; + } - if (ctx.toclient.id != 1) { - r = 0; + printf(" To_Client: (max-depth: %"PRIu16 ", " + "mask - %"PRIu32")\n", + pp_port->toclient_max_depth, + pp_port->toclient_alproto_mask); + pp_pe = pp_port->toclient; + for ( ; pp_pe != NULL; pp_pe = pp_pe->next) { + + if (pp_pe->alproto == ALPROTO_HTTP) + printf(" alproto: ALPROTO_HTTP\n"); + else if (pp_pe->alproto == ALPROTO_FTP) + printf(" alproto: ALPROTO_FTP\n"); + else if (pp_pe->alproto == ALPROTO_SMTP) + printf(" alproto: ALPROTO_SMTP\n"); + else if (pp_pe->alproto == ALPROTO_TLS) + printf(" alproto: ALPROTO_TLS\n"); + else if (pp_pe->alproto == ALPROTO_SSH) + printf(" alproto: ALPROTO_SSH\n"); + else if (pp_pe->alproto == ALPROTO_IMAP) + printf(" alproto: ALPROTO_IMAP\n"); + else if (pp_pe->alproto == ALPROTO_MSN) + printf(" alproto: ALPROTO_MSN\n"); + else if (pp_pe->alproto == ALPROTO_JABBER) + printf(" alproto: ALPROTO_JABBER\n"); + else if (pp_pe->alproto == ALPROTO_SMB) + printf(" alproto: ALPROTO_SMB\n"); + else if (pp_pe->alproto == ALPROTO_SMB2) + printf(" alproto: ALPROTO_SMB2\n"); + else if (pp_pe->alproto == ALPROTO_DCERPC) + printf(" alproto: ALPROTO_DCERPC\n"); + else if (pp_pe->alproto == ALPROTO_IRC) + printf(" alproto: ALPROTO_IRC\n"); + else + printf("impossible\n"); + + printf(" port: %"PRIu16 "\n", pp_pe->port); + printf(" mask: %"PRIu32 "\n", pp_pe->alproto_mask); + printf(" min_depth: %"PRIu32 "\n", pp_pe->min_depth); + printf(" max_depth: %"PRIu32 "\n", pp_pe->max_depth); + + printf("\n"); + } + } } - if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_HTTP) { - r = 0; - } + SCReturn; +} - AlpProtoFinalizeGlobal(&ctx); - AlpProtoFinalizeThread(&ctx, &tctx); +static inline void AppendAppLayerProtoDetectProbingParserElement(AppLayerProtoDetectProbingParserElement **head_pe, + AppLayerProtoDetectProbingParserElement *new_pe) +{ + SCEnter(); - uint32_t cnt = mpm_table[ctx.toclient.mpm_ctx.mpm_type].Search(&ctx.toclient.mpm_ctx, &tctx.toclient.mpm_ctx, &tctx.toclient.pmq, l7data, sizeof(l7data)); - if (cnt != 1) { - printf("cnt %u != 1: ", cnt); - r = 0; + if (*head_pe == NULL) { + *head_pe = new_pe; + goto end; } - AlpProtoTestDestroy(&ctx); + if ((*head_pe)->port == 0) { + if (new_pe->port != 0) { + new_pe->next = *head_pe; + *head_pe = new_pe; + } else { + AppLayerProtoDetectProbingParserElement *temp_pe = *head_pe; + while (temp_pe->next != NULL) + temp_pe = temp_pe->next; + temp_pe->next = new_pe; + } + } else { + AppLayerProtoDetectProbingParserElement *temp_pe = *head_pe; + if (new_pe->port == 0) { + while (temp_pe->next != NULL) + temp_pe = temp_pe->next; + temp_pe->next = new_pe; + } else { + while (temp_pe->next != NULL && temp_pe->next->port != 0) + temp_pe = temp_pe->next; + new_pe->next = temp_pe->next; + temp_pe->next = new_pe; - return r; + } + } + + end: + SCReturn; } -int AlpDetectTest05(void) { - uint8_t l7data[] = "HTTP/1.1 200 OK\r\nServer: Apache/1.0\r\n\r\nBlahblah"; - char *buf = SCStrdup("HTTP"); - int r = 1; +static inline void AppendAppLayerProtoDetectProbingParser(AppLayerProtoDetectProbingParser **head_pp, + AppLayerProtoDetectProbingParser *new_pp) +{ + SCEnter(); + + if (*head_pp == NULL) { + *head_pp = new_pp; + goto end; + } + + AppLayerProtoDetectProbingParser *temp_pp = *head_pp; + while (temp_pp->next != NULL) + temp_pp = temp_pp->next; + temp_pp->next = new_pp; - AlpProtoDetectCtx ctx; - AlpProtoDetectThreadCtx tctx; + end: + SCReturn; +} - AlpProtoInit(&ctx); +static inline void AppendAppLayerProtoDetectProbingParserPort(AppLayerProtoDetectProbingParserPort **head_port, + AppLayerProtoDetectProbingParserPort *new_port) +{ + SCEnter(); - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT); - SCFree(buf); + if (*head_port == NULL) { + *head_port = new_port; + goto end; + } - if (ctx.toclient.id != 1) { - r = 0; + if ((*head_port)->port == 0) { + new_port->next = *head_port; + *head_port = new_port; + } else { + AppLayerProtoDetectProbingParserPort *temp_port = *head_port; + while (temp_port->next != NULL && temp_port->next->port != 0) { + temp_port = temp_port->next; + } + new_port->next = temp_port->next; + temp_port->next = new_port; } - if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_HTTP) { - r = 0; + end: + SCReturn; +} + +static inline void AppLayerProtoDetectInsertNewProbingParser(AppLayerProtoDetectProbingParser **pp, + uint16_t ip_proto, + uint16_t port, + uint16_t alproto, + uint16_t min_depth, uint16_t max_depth, + uint8_t direction, + ProbingParserFPtr ProbingParser) +{ + SCEnter(); + + /* get the top level ipproto pp */ + AppLayerProtoDetectProbingParser *curr_pp = *pp; + while (curr_pp != NULL) { + if (curr_pp->ip_proto == ip_proto) + break; + curr_pp = curr_pp->next; + } + if (curr_pp == NULL) { + AppLayerProtoDetectProbingParser *new_pp = AllocAppLayerProtoDetectProbingParser(); + new_pp->ip_proto = ip_proto; + AppendAppLayerProtoDetectProbingParser(pp, new_pp); + curr_pp = new_pp; } - buf = SCStrdup("220 "); - AlpProtoAdd(&ctx, "ftp", IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT); - SCFree(buf); + /* get the top level port pp */ + AppLayerProtoDetectProbingParserPort *curr_port = curr_pp->port; + while (curr_port != NULL) { + if (curr_port->port == port) + break; + curr_port = curr_port->next; + } + if (curr_port == NULL) { + AppLayerProtoDetectProbingParserPort *new_port = AllocAppLayerProtoDetectProbingParserPort(); + new_port->port = port; + AppendAppLayerProtoDetectProbingParserPort(&curr_pp->port, new_port); + curr_port = new_port; + if (direction & STREAM_TOSERVER) { + curr_port->toserver_max_depth = max_depth; + } else { + curr_port->toclient_max_depth = max_depth; + } + + AppLayerProtoDetectProbingParserPort *zero_port; + + zero_port = curr_pp->port; + while (zero_port != NULL && zero_port->port != 0) { + zero_port = zero_port->next; + } + if (zero_port != NULL) { + AppLayerProtoDetectProbingParserElement *zero_pe; + + zero_pe = zero_port->toserver; + for ( ; zero_pe != NULL; zero_pe = zero_pe->next) { + if (curr_port->toserver == NULL) + curr_port->toserver_max_depth = zero_pe->max_depth; + if (zero_pe->max_depth == 0) + curr_port->toserver_max_depth = zero_pe->max_depth; + if (curr_port->toserver_max_depth != 0 && + curr_port->toserver_max_depth < zero_pe->max_depth) { + curr_port->toserver_max_depth = zero_pe->max_depth; + } + + AppLayerProtoDetectProbingParserElement *dup_pe = + DuplicateAppLayerProtoDetectProbingParserElement(zero_pe); + AppendAppLayerProtoDetectProbingParserElement(&curr_port->toserver, dup_pe); + curr_port->toserver_alproto_mask |= dup_pe->alproto_mask; + } + + zero_pe = zero_port->toclient; + for ( ; zero_pe != NULL; zero_pe = zero_pe->next) { + if (curr_port->toclient == NULL) + curr_port->toclient_max_depth = zero_pe->max_depth; + if (zero_pe->max_depth == 0) + curr_port->toclient_max_depth = zero_pe->max_depth; + if (curr_port->toclient_max_depth != 0 && + curr_port->toclient_max_depth < zero_pe->max_depth) { + curr_port->toclient_max_depth = zero_pe->max_depth; + } + + AppLayerProtoDetectProbingParserElement *dup_pe = + DuplicateAppLayerProtoDetectProbingParserElement(zero_pe); + AppendAppLayerProtoDetectProbingParserElement(&curr_port->toclient, dup_pe); + curr_port->toclient_alproto_mask |= dup_pe->alproto_mask; + } + } /* if (zero_port != NULL) */ + } /* if (curr_port == NULL) */ + + /* insert the pe_pp */ + AppLayerProtoDetectProbingParserElement *curr_pe; + if (direction & STREAM_TOSERVER) + curr_pe = curr_port->toserver; + else + curr_pe = curr_port->toclient; + while (curr_pe != NULL) { + if (curr_pe->alproto == alproto) { + SCLogError(SC_ERR_ALPARSER, "Duplicate pp registered - " + "ip_proto - %"PRIu16" Port - %"PRIu16" " + "App Protocol - NULL, App Protocol(ID) - " + "%"PRIu16" min_depth - %"PRIu16" " + "max_dept - %"PRIu16".", + ip_proto, port, alproto, + min_depth, max_depth); + goto error; + } + curr_pe = curr_pe->next; + } + /* Get a new parser element */ + AppLayerProtoDetectProbingParserElement *new_pe = + AppLayerProtoDetectCreateAppLayerProtoDetectProbingParserElement(alproto, + curr_port->port, + min_depth, max_depth, + ProbingParser); + if (new_pe == NULL) + goto error; + curr_pe = new_pe; + AppLayerProtoDetectProbingParserElement **head_pe; + if (direction & STREAM_TOSERVER) { + if (curr_port->toserver == NULL) + curr_port->toserver_max_depth = new_pe->max_depth; + if (new_pe->max_depth == 0) + curr_port->toserver_max_depth = new_pe->max_depth; + if (curr_port->toserver_max_depth != 0 && + curr_port->toserver_max_depth < new_pe->max_depth) { + curr_port->toserver_max_depth = new_pe->max_depth; + } + curr_port->toserver_alproto_mask |= new_pe->alproto_mask; + head_pe = &curr_port->toserver; + } else { + if (curr_port->toclient == NULL) + curr_port->toclient_max_depth = new_pe->max_depth; + if (new_pe->max_depth == 0) + curr_port->toclient_max_depth = new_pe->max_depth; + if (curr_port->toclient_max_depth != 0 && + curr_port->toclient_max_depth < new_pe->max_depth) { + curr_port->toclient_max_depth = new_pe->max_depth; + } + curr_port->toclient_alproto_mask |= new_pe->alproto_mask; + head_pe = &curr_port->toclient; + } + AppendAppLayerProtoDetectProbingParserElement(head_pe, new_pe); + + if (curr_port->port == 0) { + AppLayerProtoDetectProbingParserPort *temp_port = curr_pp->port; + while (temp_port != NULL && temp_port->port != 0) { + if (direction & STREAM_TOSERVER) { + if (temp_port->toserver == NULL) + temp_port->toserver_max_depth = curr_pe->max_depth; + if (curr_pe->max_depth == 0) + temp_port->toserver_max_depth = curr_pe->max_depth; + if (temp_port->toserver_max_depth != 0 && + temp_port->toserver_max_depth < curr_pe->max_depth) { + temp_port->toserver_max_depth = curr_pe->max_depth; + } + AppendAppLayerProtoDetectProbingParserElement(&temp_port->toserver, + DuplicateAppLayerProtoDetectProbingParserElement(curr_pe)); + temp_port->toserver_alproto_mask |= curr_pe->alproto_mask; + } else { + if (temp_port->toclient == NULL) + temp_port->toclient_max_depth = curr_pe->max_depth; + if (curr_pe->max_depth == 0) + temp_port->toclient_max_depth = curr_pe->max_depth; + if (temp_port->toclient_max_depth != 0 && + temp_port->toclient_max_depth < curr_pe->max_depth) { + temp_port->toclient_max_depth = curr_pe->max_depth; + } + AppendAppLayerProtoDetectProbingParserElement(&temp_port->toclient, + DuplicateAppLayerProtoDetectProbingParserElement(curr_pe)); + temp_port->toclient_alproto_mask |= curr_pe->alproto_mask; + } + temp_port = temp_port->next; + } /* while */ + } /* if */ + + error: + SCReturn; +} + +/***** Static Internal Calls: PM registration *****/ + +static void AppLayerProtoDetectPMGetIpprotos(AppProto alproto, + uint8_t *ipprotos) +{ + SCEnter(); + + AppLayerProtoDetectPMSignature *s; + int pat_id, max_pat_id; + + int i, j; + uint16_t ipproto; + + for (i = 0; i < FLOW_PROTO_DEFAULT; i++) { + ipproto = FlowGetReverseProtoMapping(i); + for (j = 0; j < 2; j++) { + AppLayerProtoDetectPMCtx *pm_ctx = &alpd_ctx.ctx_ipp[i].ctx_pm[j]; + max_pat_id = pm_ctx->max_pat_id; + + for (pat_id = 0; pat_id < max_pat_id; pat_id++) { + s = pm_ctx->map[pat_id]; + while (s != NULL) { + if (s->alproto == alproto) + ipprotos[ipproto / 8] |= 1 << (ipproto % 8); + s = s->next; + } + } + } + } + + SCReturn; +} + +static int AppLayerProtoDetectPMSetContentIDs(AppLayerProtoDetectPMCtx *ctx) +{ + SCEnter(); + + typedef struct TempContainer_ { + PatIntId id; + uint16_t content_len; + uint8_t *content; + } TempContainer; + + AppLayerProtoDetectPMSignature *s = NULL; + uint32_t struct_total_size = 0; + uint32_t content_total_size = 0; + /* array hash buffer */ + uint8_t *ahb = NULL; + uint8_t *content = NULL; + uint8_t content_len = 0; + PatIntId max_id = 0; + TempContainer *struct_offset = NULL; + uint8_t *content_offset = NULL; + TempContainer *dup = NULL; + int ret = 0; + + if (ctx->head == NULL) + goto end; + + for (s = ctx->head; s != NULL; s = s->next) { + struct_total_size += sizeof(TempContainer); + content_total_size += s->cd->content_len; + } + + ahb = SCMalloc(sizeof(uint8_t) * (struct_total_size + content_total_size)); + if (unlikely(ahb == NULL)) + goto error; + + struct_offset = (TempContainer *)ahb; + content_offset = ahb + struct_total_size; + for (s = ctx->head; s != NULL; s = s->next) { + dup = (TempContainer *)ahb; + content = s->cd->content; + content_len = s->cd->content_len; + + for (; dup != struct_offset; dup++) { + if (dup->content_len != content_len || + SCMemcmp(dup->content, content, dup->content_len) != 0) + { + continue; + } + break; + } + + if (dup != struct_offset) { + s->cd->id = dup->id; + continue; + } + + struct_offset->content_len = content_len; + struct_offset->content = content_offset; + content_offset += content_len; + memcpy(struct_offset->content, content, content_len); + struct_offset->id = max_id++; + s->cd->id = struct_offset->id; + + struct_offset++; + } + + ctx->max_pat_id = max_id; + + goto end; + error: + ret = -1; + end: + if (ahb != NULL) + SCFree(ahb); + SCReturnInt(ret); +} + +static int AppLayerProtoDetectPMMapSignatures(AppLayerProtoDetectPMCtx *ctx) +{ + SCEnter(); + + int ret = 0; + PatIntId max_pat_id = 0, tmp_pat_id; + AppLayerProtoDetectPMSignature *s, *next_s; + int is_ci; + int mpm_ret; + + max_pat_id = ctx->max_pat_id; + + ctx->map = SCMalloc((max_pat_id) * sizeof(ctx->map)); + if (ctx->map == NULL) + goto error; + memset(ctx->map, 0, (max_pat_id) * sizeof(ctx->map)); + + for (s = ctx->head; s != NULL;) { + next_s = s->next; + s->next = ctx->map[s->cd->id]; + ctx->map[s->cd->id] = s; + + s = next_s; + } + ctx->head = NULL; + + for (tmp_pat_id = 0; tmp_pat_id < max_pat_id; tmp_pat_id++) { + is_ci = 0; + for (s = ctx->map[tmp_pat_id]; s != NULL; s = s->next) { + if (s->cd->flags & DETECT_CONTENT_NOCASE) { + is_ci = 1; + break; + } + } + if (is_ci) { + mpm_ret = MpmAddPatternCI(&ctx->mpm_ctx, + s->cd->content, s->cd->content_len, + 0, 0, + tmp_pat_id, 0, 0); + if (mpm_ret < 0) + goto error; + } else { + s = ctx->map[tmp_pat_id]; + mpm_ret = MpmAddPatternCS(&ctx->mpm_ctx, + s->cd->content, s->cd->content_len, + 0, 0, + tmp_pat_id, 0, 0); + if (mpm_ret < 0) + goto error; + } + } + + goto end; + error: + ret = -1; + end: + SCReturnInt(ret); +} + +static int AppLayerProtoDetectPMPrepareMpm(AppLayerProtoDetectPMCtx *ctx) +{ + SCEnter(); + + int ret = 0; + MpmCtx *mpm_ctx = &ctx->mpm_ctx; + + if (mpm_table[mpm_ctx->mpm_type].Prepare(mpm_ctx) < 0) + goto error; + + goto end; + error: + ret = -1; + end: + SCReturnInt(ret); +} + +static void AppLayerProtoDetectPMFreeSignature(AppLayerProtoDetectPMSignature *sig) +{ + SCEnter(); + DetectContentFree(sig->cd); + SCFree(sig); + SCReturn; +} + +static int AppLayerProtoDetectPMAddSignature(AppLayerProtoDetectPMCtx *ctx, DetectContentData *cd, + AppProto alproto) +{ + SCEnter(); + + int ret = 0; + AppLayerProtoDetectPMSignature *s = SCMalloc(sizeof(*s)); + if (unlikely(s == NULL)) + goto error; + memset(s, 0, sizeof(*s)); + + s->alproto = alproto; + s->cd = cd; + + /* prepend to the list */ + s->next = ctx->head; + ctx->head = s; + + goto end; + error: + ret = -1; + end: + SCReturnInt(ret); +} + +static int AppLayerProtoDetectPMRegisterPattern(uint16_t ipproto, uint16_t alproto, + char *pattern, + uint16_t depth, uint16_t offset, + uint8_t direction, + uint8_t is_cs) +{ + SCEnter(); + + AppLayerProtoDetectCtxIpproto *ctx_ipp = &alpd_ctx.ctx_ipp[FlowGetProtoMapping(ipproto)]; + AppLayerProtoDetectPMCtx *ctx_pm = NULL; + DetectContentData *cd; + int ret = 0; + + cd = DetectContentParseEncloseQuotes(pattern); + if (cd == NULL) + goto error; + cd->depth = depth; + cd->offset = offset; + if (!is_cs) + cd->flags |= DETECT_CONTENT_NOCASE; + if (depth < cd->content_len) + goto error; + + if (direction & STREAM_TOSERVER) + ctx_pm = (AppLayerProtoDetectPMCtx *)&ctx_ipp->ctx_pm[0]; + else + ctx_pm = (AppLayerProtoDetectPMCtx *)&ctx_ipp->ctx_pm[1]; + + if (depth > ctx_pm->max_len) + ctx_pm->max_len = depth; + if (depth < ctx_pm->min_len) + ctx_pm->min_len = depth; + + /* Finally turn it into a signature and add to the ctx. */ + AppLayerProtoDetectPMAddSignature(ctx_pm, cd, alproto); + + goto end; + error: + ret = -1; + end: + SCReturnInt(ret); +} + +/***** Protocol Retrieval *****/ + +AppProto AppLayerProtoDetectGetProto(void *tctx, + Flow *f, + uint8_t *buf, uint32_t buflen, + uint8_t ipproto, uint8_t direction) +{ + SCEnter(); + + AppProto alproto = ALPROTO_UNKNOWN; + uint16_t pm_results[ALPROTO_MAX]; + uint16_t pm_matches; + + if (!FLOW_IS_PM_DONE(f, direction)) { + pm_matches = AppLayerProtoDetectPMGetProto(tctx, + f, + buf, buflen, + direction, + ipproto, + pm_results); + if (pm_matches > 0) { + alproto = pm_results[0]; + goto end; + } + } + + if (!FLOW_IS_PP_DONE(f, direction)) + alproto = AppLayerProtoDetectPPGetProto(f, buf, buflen, ipproto, direction); + + end: + SCReturnCT(alproto, "AppProto"); +} + +static void AppLayerProtoDetectFreeProbingParsers(AppLayerProtoDetectProbingParser *pp) +{ + SCEnter(); + + AppLayerProtoDetectProbingParser *tmp_pp = NULL; + + if (pp == NULL) + goto end; + + while (pp != NULL) { + tmp_pp = pp->next; + DeAllocAppLayerProtoDetectProbingParser(pp); + pp = tmp_pp; + } + + end: + SCReturn; +} + +/***** State Preparation *****/ + +int AppLayerProtoDetectPrepareState(void) +{ + SCEnter(); + + AppLayerProtoDetectPMCtx *ctx_pm; + int i, j; + int ret = 0; + + for (i = 0; i < FLOW_PROTO_DEFAULT; i++) { + for (j = 0; j < 2; j++) { + ctx_pm = &alpd_ctx.ctx_ipp[i].ctx_pm[j]; + + if (AppLayerProtoDetectPMSetContentIDs(ctx_pm) < 0) + goto error; + + if (ctx_pm->max_pat_id == 0) + continue; + + if (AppLayerProtoDetectPMMapSignatures(ctx_pm) < 0) + goto error; + if (AppLayerProtoDetectPMPrepareMpm(ctx_pm) < 0) + goto error; + } + } + + goto end; + error: + ret = -1; + end: + SCReturnInt(ret); +} + +/***** PP registration *****/ + +void AppLayerProtoDetectPPRegister(uint16_t ipproto, + char *portstr, + uint16_t alproto, + uint16_t min_depth, uint16_t max_depth, + uint8_t direction, + ProbingParserFPtr ProbingParser) +{ + SCEnter(); + + DetectPort *head = NULL; + DetectPortParse(&head, portstr); + DetectPort *temp_dp = head; + while (temp_dp != NULL) { + uint32_t port = temp_dp->port; + if (port == 0 && temp_dp->port2 != 0) + port++; + for ( ; port <= temp_dp->port2; port++) { + AppLayerProtoDetectInsertNewProbingParser(&alpd_ctx.ctx_pp, + ipproto, + port, + alproto, + min_depth, max_depth, + direction, + ProbingParser); + } + temp_dp = temp_dp->next; + } + DetectPortCleanupList(head); + + SCReturn; +} + +void AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, + uint16_t ipproto, + const char *alproto_name, + AppProto alproto, + uint16_t min_depth, uint16_t max_depth, + ProbingParserFPtr ProbingParser) +{ + SCEnter(); + + char param[100]; + int r; + ConfNode *node; + ConfNode *port_node = NULL; + + r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.", + alproto_name, ".detection-ports"); + if (r < 0) { + SCLogError(SC_ERR_FATAL, "snprintf failure."); + exit(EXIT_FAILURE); + } else if (r > (int)sizeof(param)) { + SCLogError(SC_ERR_FATAL, "buffer not big enough to write param."); + exit(EXIT_FAILURE); + } + node = ConfGetNode(param); + if (node == NULL) { + SCLogDebug("Entry for %s not found.", param); + r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.", + alproto_name, ".", ipproto_name, ".detection-ports"); + if (r < 0) { + SCLogError(SC_ERR_FATAL, "snprintf failure."); + exit(EXIT_FAILURE); + } else if (r > (int)sizeof(param)) { + SCLogError(SC_ERR_FATAL, "buffer not big enough to write param."); + exit(EXIT_FAILURE); + } + node = ConfGetNode(param); + if (node == NULL) + goto end; + } + + port_node = ConfNodeLookupChild(node, "toserver"); + if (port_node != NULL && port_node->val != NULL) { + AppLayerProtoDetectPPRegister(ipproto, + port_node->val, + alproto, + min_depth, max_depth, + STREAM_TOSERVER, + ProbingParser); + } + port_node = ConfNodeLookupChild(node, "toclient"); + + if (port_node != NULL && port_node->val != NULL) { + AppLayerProtoDetectPPRegister(ipproto, + port_node->val, + alproto, + min_depth, max_depth, + STREAM_TOCLIENT, + ProbingParser); + + } + + end: + SCReturn; +} + +/***** PM registration *****/ + +int AppLayerProtoDetectPMRegisterPatternCS(uint16_t ipproto, AppProto alproto, + char *pattern, + uint16_t depth, uint16_t offset, + uint8_t direction) +{ + SCEnter(); + SCReturnInt(AppLayerProtoDetectPMRegisterPattern(ipproto, alproto, + pattern, + depth, offset, + direction, + 1 /* case-sensitive */)); +} + +int AppLayerProtoDetectPMRegisterPatternCI(uint16_t ipproto, AppProto alproto, + char *pattern, + uint16_t depth, uint16_t offset, + uint8_t direction) +{ + SCEnter(); + SCReturnInt(AppLayerProtoDetectPMRegisterPattern(ipproto, alproto, + pattern, + depth, offset, + direction, + 0 /* !case-sensitive */)); +} + +/***** Setup/General Registration *****/ + +int AppLayerProtoDetectSetup(void) +{ + SCEnter(); + + int i, j; + + memset(&alpd_ctx, 0, sizeof(alpd_ctx)); + + for (i = 0; i < FLOW_PROTO_DEFAULT; i++) { + for (j = 0; j < 2; j++) { + MpmInitCtx(&alpd_ctx.ctx_ipp[i].ctx_pm[j].mpm_ctx, MPM_AC); + } + } + + SCReturnInt(0); +} + +/** + * \todo incomplete. Need more work. + */ +int AppLayerProtoDetectDeSetup(void) +{ + SCEnter(); + + int ipproto_map = 0; + int dir = 0; + PatIntId id = 0; + AppLayerProtoDetectPMCtx *pm_ctx = NULL; + AppLayerProtoDetectPMSignature *sig = NULL, *next_sig = NULL; + + for (ipproto_map = 0; ipproto_map < FLOW_PROTO_DEFAULT; ipproto_map++) { + for (dir = 0; dir < 2; dir++) { + pm_ctx = &alpd_ctx.ctx_ipp[ipproto_map].ctx_pm[dir]; + mpm_table[pm_ctx->mpm_ctx.mpm_type].DestroyCtx(pm_ctx->mpm_ctx.ctx); + for (id = 0; id < pm_ctx->max_pat_id; id++) { + sig = pm_ctx->map[id]; + next_sig = sig->next; + while (sig != NULL) { + AppLayerProtoDetectPMFreeSignature(sig); + sig = next_sig; + } + } + } + } + + AppLayerProtoDetectFreeProbingParsers(alpd_ctx.ctx_pp); + + SCReturnInt(0); +} + +void AppLayerProtoDetectRegisterProtocol(AppProto alproto, char *alproto_name) +{ + SCEnter(); + + if (alpd_ctx.alproto_names[alproto] != NULL) + goto end; + + alpd_ctx.alproto_names[alproto] = alproto_name; + + goto end; + end: + SCReturn; +} + +int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, + const char *alproto) +{ + SCEnter(); + + BUG_ON(ipproto == NULL || alproto == NULL); + + int enabled = 1; + char param[100]; + ConfNode *node; + int r; + + if (RunmodeIsUnittests()) + goto enabled; + + r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.", + alproto, ".enabled"); + if (r < 0) { + SCLogError(SC_ERR_FATAL, "snprintf failure."); + exit(EXIT_FAILURE); + } else if (r > (int)sizeof(param)) { + SCLogError(SC_ERR_FATAL, "buffer not big enough to write param."); + exit(EXIT_FAILURE); + } + + node = ConfGetNode(param); + if (node == NULL) { + SCLogDebug("Entry for %s not found.", param); + r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.", + alproto, ".", ipproto, ".enabled"); + if (r < 0) { + SCLogError(SC_ERR_FATAL, "snprintf failure."); + exit(EXIT_FAILURE); + } else if (r > (int)sizeof(param)) { + SCLogError(SC_ERR_FATAL, "buffer not big enough to write param."); + exit(EXIT_FAILURE); + } + + node = ConfGetNode(param); + if (node == NULL) { + SCLogDebug("Entry for %s not found.", param); + goto enabled; + } + } + + if (strcasecmp(node->val, "yes") == 0) { + goto enabled; + } else if (strcasecmp(node->val, "no") == 0) { + goto disabled; + } else if (strcasecmp(node->val, "detection-only") == 0) { + goto enabled; + } else { + SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param); + exit(EXIT_FAILURE); + } + + disabled: + enabled = 0; + enabled: + SCReturnInt(enabled); +} + +void *AppLayerProtoDetectGetCtxThread(void) +{ + SCEnter(); + + AppLayerProtoDetectCtxThread *alpd_tctx = NULL; + MpmCtx *mpm_ctx; + MpmThreadCtx *mpm_tctx; + int i, j; + PatIntId max_pat_id = 0; + + for (i = 0; i < FLOW_PROTO_DEFAULT; i++) { + for (j = 0; j < 2; j++) { + if (max_pat_id == 0) + { + max_pat_id = alpd_ctx.ctx_ipp[i].ctx_pm[j].max_pat_id; + } else if (alpd_ctx.ctx_ipp[i].ctx_pm[j].max_pat_id && + max_pat_id < alpd_ctx.ctx_ipp[i].ctx_pm[j].max_pat_id) + { + max_pat_id = alpd_ctx.ctx_ipp[i].ctx_pm[j].max_pat_id; + } + } + } + + alpd_tctx = SCMalloc(sizeof(*alpd_tctx)); + if (alpd_tctx == NULL) + goto error; + memset(alpd_tctx, 0, sizeof(*alpd_tctx)); + + /* Get the max pat id for all the mpm ctxs. */ + if (PmqSetup(&alpd_tctx->pmq, max_pat_id) < 0) + goto error; + + for (i = 0; i < FLOW_PROTO_DEFAULT; i++) { + for (j = 0; j < 2; j++) { + mpm_ctx = &alpd_ctx.ctx_ipp[i].ctx_pm[j].mpm_ctx; + mpm_tctx = &alpd_tctx->mpm_tctx[i][j]; + mpm_table[mpm_ctx->mpm_type].InitThreadCtx(mpm_ctx, mpm_tctx, 0); + } + } + + goto end; + error: + if (alpd_tctx != NULL) + AppLayerProtoDetectDestroyCtxThread(alpd_tctx); + alpd_tctx = NULL; + end: + SCReturnPtr(alpd_tctx, "void *"); +} + +void AppLayerProtoDetectDestroyCtxThread(void *tctx) +{ + SCEnter(); + + AppLayerProtoDetectCtxThread *alpd_tctx = (AppLayerProtoDetectCtxThread *)tctx; + MpmCtx *mpm_ctx; + MpmThreadCtx *mpm_tctx; + int ipproto_map, dir; + + for (ipproto_map = 0; ipproto_map < FLOW_PROTO_DEFAULT; ipproto_map++) { + for (dir = 0; dir < 2; dir++) { + mpm_ctx = &alpd_ctx.ctx_ipp[ipproto_map].ctx_pm[dir].mpm_ctx; + mpm_tctx = &alpd_tctx->mpm_tctx[ipproto_map][dir]; + mpm_table[mpm_ctx->mpm_type].DestroyThreadCtx(mpm_ctx, mpm_tctx); + } + } + PmqFree(&alpd_tctx->pmq); + SCFree(alpd_tctx); + + SCReturn; +} + +/***** Utility *****/ + +void AppLayerProtoDetectSupportedIpprotos(AppProto alproto, uint8_t *ipprotos) +{ + SCEnter(); + + AppLayerProtoDetectPMGetIpprotos(alproto, ipprotos); + AppLayerProtoDetectPPGetIpprotos(alproto, ipprotos); + + SCReturn; +} + +AppProto AppLayerProtoDetectGetProtoByName(char *alproto_name) +{ + SCEnter(); + + AppProto a = ALPROTO_UNKNOWN; + + for (a = 0; a < ALPROTO_MAX; a++) { + if (alpd_ctx.alproto_names[a] != NULL && + strlen(alpd_ctx.alproto_names[a]) == strlen(alproto_name) && + (SCMemcmp(alpd_ctx.alproto_names[a], alproto_name, strlen(alproto_name)) == 0)) + { + goto end; + } + } + + end: + SCReturnCT(a, "AppProto"); +} + +char *AppLayerProtoDetectGetProtoName(AppProto alproto) +{ + return alpd_ctx.alproto_names[alproto]; +} + +void AppLayerProtoDetectSupportedAppProtocols(AppProto *alprotos) +{ + SCEnter(); + + memset(alprotos, 0, ALPROTO_MAX * sizeof(AppProto)); + + int alproto; + + for (alproto = 0; alproto != ALPROTO_MAX; alproto++) { + if (alpd_ctx.alproto_names[alproto] != NULL) + alprotos[alproto] = 1; + } + + SCReturn; +} + +/***** Unittests *****/ + +#ifdef UNITTESTS + +static AppLayerProtoDetectCtx alpd_ctx_ut; + +void AppLayerProtoDetectUnittestCtxBackup(void) +{ + SCEnter(); + alpd_ctx_ut = alpd_ctx; + memset(&alpd_ctx, 0, sizeof(alpd_ctx)); + SCReturn; +} + +void AppLayerProtoDetectUnittestCtxRestore(void) +{ + SCEnter(); + alpd_ctx = alpd_ctx_ut; + memset(&alpd_ctx_ut, 0, sizeof(alpd_ctx_ut)); + SCReturn; +} + +int AppLayerProtoDetectTest01(void) +{ + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + + char *buf; + int r = 0; + + buf = "HTTP"; + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT); + buf = "GET"; + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOSERVER); + + AppLayerProtoDetectPrepareState(); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 1) { + printf("Failure - " + "alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 1\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1) { + printf("Failure - " + "alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1\n"); + goto end; + } + + r = 1; + + end: + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); + return r; +} + +int AppLayerProtoDetectTest02(void) +{ + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + + char *buf; + int r = 0; + + buf = "HTTP"; + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT); + buf = "ftp"; + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT); + + AppLayerProtoDetectPrepareState(); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n"); + goto end; + } + + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n"); + goto end; + } + + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_FTP) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_FTP\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1]->alproto != ALPROTO_HTTP) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1].alproto != ALPROTO_HTTP\n"); + goto end; + } + + r = 1; + + end: + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); + return r; +} + +int AppLayerProtoDetectTest03(void) +{ + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + + uint8_t l7data[] = "HTTP/1.1 200 OK\r\nServer: Apache/1.0\r\n\r\n"; + char *buf; + int r = 0; + Flow f; + uint16_t pm_results[ALPROTO_MAX]; + void *alpd_tctx; + + memset(pm_results, 0, sizeof(pm_results)); + + buf = "HTTP"; + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT); + buf = "220 "; + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT); + + AppLayerProtoDetectPrepareState(); + /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since + * it sets internal structures which depends on the above function. */ + alpd_tctx = AppLayerProtoDetectGetCtxThread(); + + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n"); + goto end; + } + + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n"); + goto end; + } + + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_FTP) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_FTP\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1]->alproto != ALPROTO_HTTP) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1].alproto != ALPROTO_HTTP\n"); + goto end; + } + + uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx, + &f, + l7data, sizeof(l7data), + STREAM_TOCLIENT, + IPPROTO_TCP, + pm_results); + if (cnt != 1 && pm_results[0] != ALPROTO_HTTP) { + printf("cnt != 1 && pm_results[0] != AlPROTO_HTTP\n"); + goto end; + } + + r = 1; + + end: + if (alpd_tctx != NULL) + AppLayerProtoDetectDestroyCtxThread(alpd_tctx); + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); + return r; +} + +int AppLayerProtoDetectTest04(void) +{ + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + + uint8_t l7data[] = "HTTP/1.1 200 OK\r\nServer: Apache/1.0\r\n\r\n"; + char *buf; + int r = 0; + Flow f; + uint16_t pm_results[ALPROTO_MAX]; + void *alpd_tctx; + + memset(pm_results, 0, sizeof(pm_results)); + + buf = "200 "; + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 13, 0, STREAM_TOCLIENT); + + AppLayerProtoDetectPrepareState(); + /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since + * it sets internal structures which depends on the above function. */ + alpd_tctx = AppLayerProtoDetectGetCtxThread(); + + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n"); + goto end; + } + + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n"); + goto end; + } + + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_HTTP) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_HTTP\n"); + goto end; + } + + uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx, + &f, + l7data, sizeof(l7data), + STREAM_TOCLIENT, + IPPROTO_TCP, + pm_results); + if (cnt != 1 && pm_results[0] != ALPROTO_HTTP) { + printf("cnt != 1 && pm_results[0] != AlPROTO_HTTP\n"); + goto end; + } + + r = 1; + + end: + if (alpd_tctx != NULL) + AppLayerProtoDetectDestroyCtxThread(alpd_tctx); + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); + return r; +} + +int AppLayerProtoDetectTest05(void) +{ + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + + uint8_t l7data[] = "HTTP/1.1 200 OK\r\nServer: Apache/1.0\r\n\r\nBlahblah"; + char *buf; + int r = 0; + Flow f; + uint16_t pm_results[ALPROTO_MAX]; + void *alpd_tctx; + + memset(pm_results, 0, sizeof(pm_results)); + + buf = "HTTP"; + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT); + buf = "220 "; + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT); + + AppLayerProtoDetectPrepareState(); + /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since + * it sets internal structures which depends on the above function. */ + alpd_tctx = AppLayerProtoDetectGetCtxThread(); - if (ctx.toclient.id != 2) { - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n"); + goto end; } - if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_FTP) { - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n"); + goto end; } - AlpProtoFinalizeGlobal(&ctx); - AlpProtoFinalizeThread(&ctx, &tctx); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_FTP) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_FTP\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1]->alproto != ALPROTO_HTTP) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1].alproto != ALPROTO_HTTP\n"); + goto end; + } - uint16_t pm_results[ALPROTO_MAX]; - Flow f; - AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results); - if (pm_results[0] != ALPROTO_HTTP) { - printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_HTTP); - r = 0; + uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx, + &f, + l7data, sizeof(l7data), + STREAM_TOCLIENT, + IPPROTO_TCP, + pm_results); + if (cnt != 1 && pm_results[0] != ALPROTO_HTTP) { + printf("cnt != 1 && pm_results[0] != AlPROTO_HTTP\n"); + goto end; } - AlpProtoTestDestroy(&ctx); + r = 1; + end: + if (alpd_tctx != NULL) + AppLayerProtoDetectDestroyCtxThread(alpd_tctx); + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); return r; } -int AlpDetectTest06(void) { +int AppLayerProtoDetectTest06(void) +{ + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + uint8_t l7data[] = "220 Welcome to the OISF FTP server\r\n"; - char *buf = SCStrdup("HTTP"); - int r = 1; - AlpProtoDetectCtx ctx; - AlpProtoDetectThreadCtx tctx; + char *buf; + int r = 0; + Flow f; + uint16_t pm_results[ALPROTO_MAX]; + void *alpd_tctx; - AlpProtoInit(&ctx); + buf = "HTTP"; + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT); + buf = "220 "; + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT); - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT); - SCFree(buf); + AppLayerProtoDetectPrepareState(); + /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since + * it sets internal structures which depends on the above function. */ + alpd_tctx = AppLayerProtoDetectGetCtxThread(); - if (ctx.toclient.id != 1) { - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n"); + goto end; } - - if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_HTTP) { - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n"); + goto end; } - buf = SCStrdup("220 "); - AlpProtoAdd(&ctx, "ftp", IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT); - SCFree(buf); - - if (ctx.toclient.id != 2) { - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n"); + goto end; } - - if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_FTP) { - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n"); + goto end; } - AlpProtoFinalizeGlobal(&ctx); - AlpProtoFinalizeThread(&ctx, &tctx); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_FTP) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_FTP\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1]->alproto != ALPROTO_HTTP) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1].alproto != ALPROTO_HTTP\n"); + goto end; + } - uint16_t pm_results[ALPROTO_MAX]; - Flow f; - AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results); - if (pm_results[0] != ALPROTO_FTP) { - printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_FTP); - r = 0; + uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx, + &f, + l7data, sizeof(l7data), + STREAM_TOCLIENT, + IPPROTO_TCP, + pm_results); + if (cnt != 1 && pm_results[0] != ALPROTO_FTP) { + printf("cnt != 1 && pm_results[0] != AlPROTO_FTP\n"); + goto end; } - AlpProtoTestDestroy(&ctx); + r = 1; + end: + if (alpd_tctx != NULL) + AppLayerProtoDetectDestroyCtxThread(alpd_tctx); + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); return r; } -int AlpDetectTest07(void) { +int AppLayerProtoDetectTest07(void) +{ + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + uint8_t l7data[] = "220 Welcome to the OISF HTTP/FTP server\r\n"; - char *buf = SCStrdup("HTTP"); - int r = 1; - AlpProtoDetectCtx ctx; - AlpProtoDetectThreadCtx tctx; + char *buf; + int r = 0; + Flow f; + uint16_t pm_results[ALPROTO_MAX]; + void *alpd_tctx; + + memset(pm_results, 0, sizeof(pm_results)); - AlpProtoInit(&ctx); + buf = "HTTP"; + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT); - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT); - SCFree(buf); + AppLayerProtoDetectPrepareState(); + /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since + * it sets internal structures which depends on the above function. */ + alpd_tctx = AppLayerProtoDetectGetCtxThread(); - if (ctx.toclient.id != 1) { - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n"); + goto end; } - if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_HTTP) { - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n"); + goto end; } - AlpProtoFinalizeGlobal(&ctx); - AlpProtoFinalizeThread(&ctx, &tctx); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_HTTP) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_HTTP\n"); + goto end; + } - uint16_t pm_results[ALPROTO_MAX]; - Flow f; - AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results); - if (pm_results[0] != ALPROTO_UNKNOWN) { - printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_UNKNOWN); - r = 0; + uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx, + &f, + l7data, sizeof(l7data), + STREAM_TOCLIENT, + IPPROTO_TCP, + pm_results); + if (cnt != 0) { + printf("cnt != 0\n"); + goto end; } - AlpProtoTestDestroy(&ctx); + r = 1; + end: + if (alpd_tctx != NULL) + AppLayerProtoDetectDestroyCtxThread(alpd_tctx); + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); return r; } -int AlpDetectTest08(void) { - uint8_t l7data[] = "\x00\x00\x00\x85" // NBSS - "\xff\x53\x4d\x42\x72\x00\x00\x00" // SMB - "\x00\x18\x53\xc8\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\xff\xfe\x00\x00\x00\x00" - "\x00" // WordCount - "\x62\x00" // ByteCount - "\x02\x50\x43\x20\x4e\x45\x54\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20" - "\x31\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00\x02\x57\x69\x6e\x64\x6f\x77\x73" - "\x20\x66\x6f\x72\x20\x57\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61\x00\x02\x4c" - "\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54" - "\x20\x4c\x4d\x20\x30\x2e\x31\x32\x00"; - char *buf = SCStrdup("|ff|SMB"); - int r = 1; - AlpProtoDetectCtx ctx; - AlpProtoDetectThreadCtx tctx; +int AppLayerProtoDetectTest08(void) +{ + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + + uint8_t l7data[] = { + 0x00, 0x00, 0x00, 0x85, 0xff, 0x53, 0x4d, 0x42, + 0x72, 0x00, 0x00, 0x00, 0x00, 0x18, 0x53, 0xc8, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xfe, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x62, 0x00, 0x02, + 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, + 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, + 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, 0x2e, + 0x30, 0x00, 0x02, 0x57, 0x69, 0x6e, 0x64, 0x6f, + 0x77, 0x73, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x57, + 0x6f, 0x72, 0x6b, 0x67, 0x72, 0x6f, 0x75, 0x70, + 0x73, 0x20, 0x33, 0x2e, 0x31, 0x61, 0x00, 0x02, + 0x4c, 0x4d, 0x31, 0x2e, 0x32, 0x58, 0x30, 0x30, + 0x32, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, + 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4e, 0x54, + 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, + 0x00 + }; + char *buf; + int r = 0; + Flow f; + uint16_t pm_results[ALPROTO_MAX]; + void *alpd_tctx; + + memset(pm_results, 0, sizeof(pm_results)); - AlpProtoInit(&ctx); + buf = "|ff|SMB"; + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB, buf, 8, 4, STREAM_TOCLIENT); - AlpProtoAdd(&ctx, "smb", IPPROTO_TCP, ALPROTO_SMB, buf, 8, 4, STREAM_TOCLIENT); - SCFree(buf); + AppLayerProtoDetectPrepareState(); + /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since + * it sets internal structures which depends on the above function. */ + alpd_tctx = AppLayerProtoDetectGetCtxThread(); - if (ctx.toclient.id != 1) { - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n"); + goto end; } - if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_SMB) { - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n"); + goto end; } - AlpProtoFinalizeGlobal(&ctx); - AlpProtoFinalizeThread(&ctx, &tctx); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_SMB) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_SMB\n"); + goto end; + } - uint16_t pm_results[ALPROTO_MAX]; - Flow f; - AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results); - if (pm_results[0] != ALPROTO_SMB) { - printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_SMB); - r = 0; + uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx, + &f, + l7data, sizeof(l7data), + STREAM_TOCLIENT, + IPPROTO_TCP, + pm_results); + if (cnt != 1 && pm_results[0] != ALPROTO_SMB) { + printf("cnt != 1 && pm_results[0] != AlPROTO_SMB\n"); + goto end; } - AlpProtoTestDestroy(&ctx); + r = 1; + end: + if (alpd_tctx != NULL) + AppLayerProtoDetectDestroyCtxThread(alpd_tctx); + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); return r; } -int AlpDetectTest09(void) { - uint8_t l7data[] = - "\x00\x00\x00\x66" // NBSS - "\xfe\x53\x4d\x42\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00" // SMB2 - "\x3f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x24\x00\x01\x00x00\x00\x00\x00\x00\x00\x0\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x02"; +int AppLayerProtoDetectTest09(void) +{ + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + + uint8_t l7data[] = { + 0x00, 0x00, 0x00, 0x66, 0xfe, 0x53, 0x4d, 0x42, + 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x3f, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x01, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x02, 0x02 + }; + char *buf; + int r = 0; + Flow f; + uint16_t pm_results[ALPROTO_MAX]; + void *alpd_tctx; - char *buf = SCStrdup("|fe|SMB"); - int r = 1; - AlpProtoDetectCtx ctx; - AlpProtoDetectThreadCtx tctx; + memset(pm_results, 0, sizeof(pm_results)); - AlpProtoInit(&ctx); + buf = "|fe|SMB"; + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB2, buf, 8, 4, STREAM_TOCLIENT); - AlpProtoAdd(&ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, buf, 8, 4, STREAM_TOCLIENT); - SCFree(buf); + AppLayerProtoDetectPrepareState(); + /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since + * it sets internal structures which depends on the above function. */ + alpd_tctx = AppLayerProtoDetectGetCtxThread(); - if (ctx.toclient.id != 1) { - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n"); + goto end; } - if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_SMB2) { - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n"); + goto end; } - AlpProtoFinalizeGlobal(&ctx); - AlpProtoFinalizeThread(&ctx, &tctx); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_SMB2) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_SMB2\n"); + goto end; + } - uint16_t pm_results[ALPROTO_MAX]; - Flow f; - AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results); - if (pm_results[0] != ALPROTO_SMB2) { - printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_SMB2); - r = 0; + uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx, + &f, + l7data, sizeof(l7data), + STREAM_TOCLIENT, + IPPROTO_TCP, + pm_results); + if (cnt != 1 && pm_results[0] != ALPROTO_SMB2) { + printf("cnt != 1 && pm_results[0] != AlPROTO_SMB2\n"); + goto end; } - AlpProtoTestDestroy(&ctx); + r = 1; + end: + if (alpd_tctx != NULL) + AppLayerProtoDetectDestroyCtxThread(alpd_tctx); + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); return r; } -int AlpDetectTest10(void) { - uint8_t l7data[] = "\x05\x00\x0b\x03\x10\x00\x00\x00\x48\x00\x00\x00" - "\x00\x00\x00\x00\xd0\x16\xd0\x16\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00" - "\x01\x00\xb8\x4a\x9f\x4d\x1c\x7d\xcf\x11\x86\x1e\x00\x20\xaf\x6e\x7c\x57" - "\x00\x00\x00\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10" - "\x48\x60\x02\x00\x00\x00"; - char *buf = SCStrdup("|05 00|"); - int r = 1; - AlpProtoDetectCtx ctx; - AlpProtoDetectThreadCtx tctx; +int AppLayerProtoDetectTest10(void) +{ + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + + uint8_t l7data[] = { + 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, + 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, + 0xb8, 0x4a, 0x9f, 0x4d, 0x1c, 0x7d, 0xcf, 0x11, + 0x86, 0x1e, 0x00, 0x20, 0xaf, 0x6e, 0x7c, 0x57, + 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, + 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, + 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00 + }; + char *buf; + int r = 0; + Flow f; + uint16_t pm_results[ALPROTO_MAX]; + void *alpd_tctx; + + memset(pm_results, 0, sizeof(pm_results)); - AlpProtoInit(&ctx); + buf = "|05 00|"; + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_DCERPC, buf, 4, 0, STREAM_TOCLIENT); - AlpProtoAdd(&ctx, "dcerpc", IPPROTO_TCP, ALPROTO_DCERPC, buf, 4, 0, STREAM_TOCLIENT); - SCFree(buf); + AppLayerProtoDetectPrepareState(); + /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since + * it sets internal structures which depends on the above function. */ + alpd_tctx = AppLayerProtoDetectGetCtxThread(); - if (ctx.toclient.id != 1) { - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n"); + goto end; } - if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_DCERPC) { - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n"); + goto end; } - AlpProtoFinalizeGlobal(&ctx); - AlpProtoFinalizeThread(&ctx, &tctx); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_DCERPC) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_DCERPC\n"); + goto end; + } - uint16_t pm_results[ALPROTO_MAX]; - Flow f; - AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results); - if (pm_results[0] != ALPROTO_DCERPC) { - printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_DCERPC); - r = 0; + uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx, + &f, + l7data, sizeof(l7data), + STREAM_TOCLIENT, + IPPROTO_TCP, + pm_results); + if (cnt != 1 && pm_results[0] != ALPROTO_DCERPC) { + printf("cnt != 1 && pm_results[0] != AlPROTO_DCERPC\n"); + goto end; } - AlpProtoTestDestroy(&ctx); + r = 1; + end: + if (alpd_tctx != NULL) + AppLayerProtoDetectDestroyCtxThread(alpd_tctx); + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); return r; } -/** \test why we still get http for connect... obviously because we also match on the reply, duh */ -int AlpDetectTest11(void) { +/** + * \test Why we still get http for connect... obviously because + * we also match on the reply, duh + */ +int AppLayerProtoDetectTest11(void) +{ + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + uint8_t l7data[] = "CONNECT www.ssllabs.com:443 HTTP/1.0\r\n"; uint8_t l7data_resp[] = "HTTP/1.1 405 Method Not Allowed\r\n"; - int r = 1; - AlpProtoDetectCtx ctx; - AlpProtoDetectThreadCtx tctx; - - AlpProtoInit(&ctx); - - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT); - - if (ctx.toserver.id != 6) { - printf("ctx.toserver.id %u != 6: ", ctx.toserver.id); - r = 0; + int r = 0; + Flow f; + uint16_t pm_results[ALPROTO_MAX]; + void *alpd_tctx; + + memset(pm_results, 0, sizeof(pm_results)); + + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "CONNECT", 7, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT); + + AppLayerProtoDetectPrepareState(); + /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since + * it sets internal structures which depends on the above function. */ + alpd_tctx = AppLayerProtoDetectGetCtxThread(); + + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 7) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 7\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1\n"); + goto end; } - if (ctx.toserver.map[ctx.toserver.id - 1] != ALPROTO_HTTP) { - printf("ctx.toserver.id %u != %u: ", ctx.toserver.map[ctx.toserver.id - 1],ALPROTO_HTTP); - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map == NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n"); + goto end; } - AlpProtoFinalizeGlobal(&ctx); - AlpProtoFinalizeThread(&ctx, &tctx); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[0]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[1]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[2]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[3]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[4]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[5]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[6]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_HTTP) + { + printf("failure 1\n"); + goto end; + } - uint16_t pm_results[ALPROTO_MAX]; - Flow f; - AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data, sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results); - if (pm_results[0] == ALPROTO_HTTP) { - printf("proto %" PRIu8 " == %" PRIu8 ": ", pm_results[0], ALPROTO_HTTP); - r = 0; + memset(pm_results, 0, sizeof(pm_results)); + uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx, + &f, + l7data, sizeof(l7data), + STREAM_TOSERVER, + IPPROTO_TCP, + pm_results); + if (cnt != 1 && pm_results[0] != ALPROTO_HTTP) { + printf("l7data - cnt != 1 && pm_results[0] != AlPROTO_HTTP\n"); + goto end; } - AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data_resp, sizeof(l7data_resp), STREAM_TOSERVER, IPPROTO_TCP, pm_results); - if (pm_results[0] != ALPROTO_HTTP) { - printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_HTTP); - r = 0; + memset(pm_results, 0, sizeof(pm_results)); + cnt = AppLayerProtoDetectPMGetProto(alpd_tctx, + &f, + l7data_resp, sizeof(l7data_resp), + STREAM_TOCLIENT, + IPPROTO_TCP, + pm_results); + if (cnt != 1 && pm_results[0] != ALPROTO_HTTP) { + printf("l7data_resp - cnt != 1 && pm_results[0] != AlPROTO_HTTP\n"); + goto end; } - AlpProtoTestDestroy(&ctx); + r = 1; + + end: + if (alpd_tctx != NULL) + AppLayerProtoDetectDestroyCtxThread(alpd_tctx); + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); return r; } -/** \test AlpProtoSignature test */ -int AlpDetectTest12(void) { - AlpProtoDetectCtx ctx; - int r = 0; +/** + * \test AlpProtoSignature test + */ +int AppLayerProtoDetectTest12(void) +{ + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); - AlpProtoInit(&ctx); - AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER); - AlpProtoFinalizeGlobal(&ctx); + int r = 0; - if (ctx.head == NULL) { - printf("ctx.head == NULL: "); - goto end; - } + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].head == NULL || + alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) + { + printf("failure 1\n"); + goto end; + } - if (ctx.head->proto != ALPROTO_HTTP) { - printf("ctx.head->proto != ALPROTO_HTTP: "); + AppLayerProtoDetectPrepareState(); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 1) { + printf("failure 2\n"); goto end; } - - if (ctx.sigs != 1) { - printf("ctx.sigs %"PRIu16", expected 1: ", ctx.sigs); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].head != NULL || + alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map == NULL) + { + printf("failure 3\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[0]->alproto != ALPROTO_HTTP) { + printf("failure 4\n"); goto end; } - - if (ctx.map == NULL) { - printf("no mapping: "); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[0]->cd->id != 0) { + printf("failure 5\n"); goto end; } - - if (ctx.map[ctx.head->co->id] != ctx.head) { - printf("wrong sig: "); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[0]->next != NULL) { + printf("failure 6\n"); goto end; } r = 1; -end: + + end: + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); return r; } @@ -1154,51 +2495,86 @@ end: * \test What about if we add some sigs only for udp but call for tcp? * It should not detect any proto */ -int AlpDetectTest13(void) { +int AppLayerProtoDetectTest13(void) +{ + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + uint8_t l7data[] = "CONNECT www.ssllabs.com:443 HTTP/1.0\r\n"; uint8_t l7data_resp[] = "HTTP/1.1 405 Method Not Allowed\r\n"; - int r = 1; - AlpProtoDetectCtx ctx; - AlpProtoDetectThreadCtx tctx; - - AlpProtoInit(&ctx); - - AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT); - - if (ctx.toserver.id != 6) { - printf("ctx.toserver.id %u != 6: ", ctx.toserver.id); - r = 0; + int r = 0; + Flow f; + uint16_t pm_results[ALPROTO_MAX]; + void *alpd_tctx; + uint32_t cnt; + + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "CONNECT", 7, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT); + + AppLayerProtoDetectPrepareState(); + /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since + * it sets internal structures which depends on the above function. */ + alpd_tctx = AppLayerProtoDetectGetCtxThread(); + + if (alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].max_pat_id != 7) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].max_pat_id != 7\n"); + goto end; } - - if (ctx.toserver.map[ctx.toserver.id - 1] != ALPROTO_HTTP) { - printf("ctx.toserver.id %u != %u: ", ctx.toserver.map[ctx.toserver.id - 1],ALPROTO_HTTP); - r = 0; + if (alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[1].max_pat_id != 1) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[1].max_pat_id != 1\n"); + goto end; } - AlpProtoFinalizeGlobal(&ctx); - AlpProtoFinalizeThread(&ctx, &tctx); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[0]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[1]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[2]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[3]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[4]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[5]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[6]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[1].map[0]->alproto != ALPROTO_HTTP) + { + printf("failure 1\n"); + goto end; + } - uint16_t pm_results[ALPROTO_MAX]; - Flow f; - AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data, sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results); - if (pm_results[0] == ALPROTO_HTTP) { - printf("proto %" PRIu8 " == %" PRIu8 ": ", pm_results[0], ALPROTO_HTTP); - r = 0; + memset(pm_results, 0, sizeof(pm_results)); + cnt = AppLayerProtoDetectPMGetProto(alpd_tctx, + &f, + l7data, sizeof(l7data), + STREAM_TOSERVER, + IPPROTO_TCP, + pm_results); + if (cnt != 0) { + printf("l7data - cnt != 0\n"); + goto end; } - AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data_resp, sizeof(l7data_resp), STREAM_TOSERVER, IPPROTO_TCP, pm_results); - if (pm_results[0] == ALPROTO_HTTP) { - printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_HTTP); - r = 0; + memset(pm_results, 0, sizeof(pm_results)); + cnt = AppLayerProtoDetectPMGetProto(alpd_tctx, + &f, + l7data_resp, sizeof(l7data_resp), + STREAM_TOCLIENT, + IPPROTO_TCP, + pm_results); + if (cnt != 0) { + printf("l7data_resp - cnt != 0\n"); + goto end; } - AlpProtoTestDestroy(&ctx); + r = 1; + + end: + if (alpd_tctx != NULL) + AppLayerProtoDetectDestroyCtxThread(alpd_tctx); + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); return r; } @@ -1207,56 +2583,559 @@ int AlpDetectTest13(void) { * It should detect ALPROTO_HTTP (over udp). This is just a check * to ensure that TCP/UDP differences work correctly. */ -int AlpDetectTest14(void) { +int AppLayerProtoDetectTest14(void) +{ + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + uint8_t l7data[] = "CONNECT www.ssllabs.com:443 HTTP/1.0\r\n"; uint8_t l7data_resp[] = "HTTP/1.1 405 Method Not Allowed\r\n"; - int r = 1; - AlpProtoDetectCtx ctx; - AlpProtoDetectThreadCtx tctx; - - AlpProtoInit(&ctx); + int r = 0; + Flow f; + uint16_t pm_results[ALPROTO_MAX]; + void *alpd_tctx; + uint32_t cnt; + + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "CONNECT", 7, 0, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT); + + AppLayerProtoDetectPrepareState(); + /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since + * it sets internal structures which depends on the above function. */ + alpd_tctx = AppLayerProtoDetectGetCtxThread(); + + if (alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].max_pat_id != 7) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].max_pat_id != 7\n"); + goto end; + } + if (alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[1].max_pat_id != 1) { + printf("alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[1].max_pat_id != 1\n"); + goto end; + } - AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER); - AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT); + if (alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[0]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[1]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[2]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[3]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[4]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[5]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[6]->alproto != ALPROTO_HTTP || + alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[1].map[0]->alproto != ALPROTO_HTTP) + { + printf("failure 1\n"); + goto end; + } - if (ctx.toserver.id != 6) { - printf("ctx.toserver.id %u != 6: ", ctx.toserver.id); - r = 0; + memset(pm_results, 0, sizeof(pm_results)); + cnt = AppLayerProtoDetectPMGetProto(alpd_tctx, + &f, + l7data, sizeof(l7data), + STREAM_TOSERVER, + IPPROTO_UDP, + pm_results); + if (cnt != 1 && pm_results[0] != ALPROTO_HTTP) { + printf("l7data - cnt != 0\n"); + goto end; } - if (ctx.toserver.map[ctx.toserver.id - 1] != ALPROTO_HTTP) { - printf("ctx.toserver.id %u != %u: ", ctx.toserver.map[ctx.toserver.id - 1],ALPROTO_HTTP); - r = 0; + memset(pm_results, 0, sizeof(pm_results)); + cnt = AppLayerProtoDetectPMGetProto(alpd_tctx, + &f, + l7data_resp, sizeof(l7data_resp), + STREAM_TOCLIENT, + IPPROTO_UDP, + pm_results); + if (cnt != 1 && pm_results[0] != ALPROTO_HTTP) { + printf("l7data_resp - cnt != 0\n"); + goto end; } - AlpProtoFinalizeGlobal(&ctx); - AlpProtoFinalizeThread(&ctx, &tctx); + r = 1; - uint16_t pm_results[ALPROTO_MAX]; - Flow f; - AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data, sizeof(l7data), STREAM_TOCLIENT, IPPROTO_UDP, pm_results); - if (pm_results[0] == ALPROTO_HTTP) { - printf("proto %" PRIu8 " == %" PRIu8 ": ", pm_results[0], ALPROTO_HTTP); - r = 0; + end: + if (alpd_tctx != NULL) + AppLayerProtoDetectDestroyCtxThread(alpd_tctx); + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); + return r; +} + + + + + + + + + + + + + + + + + + + + + + +typedef struct AppLayerProtoDetectPPTestDataElement_ { + char *alproto_name; + uint16_t alproto; + uint16_t port; + uint32_t alproto_mask; + uint32_t min_depth; + uint32_t max_depth; +} AppLayerProtoDetectPPTestDataElement; + +typedef struct AppLayerProtoDetectPPTestDataPort_ { + uint16_t port; + uint32_t toserver_alproto_mask; + uint32_t toclient_alproto_mask; + uint16_t toserver_max_depth; + uint16_t toclient_max_depth; + + AppLayerProtoDetectPPTestDataElement *toserver_element; + AppLayerProtoDetectPPTestDataElement *toclient_element; + int ts_no_of_element; + int tc_no_of_element; +} AppLayerProtoDetectPPTestDataPort; + + +typedef struct AppLayerProtoDetectPPTestDataIPProto_ { + uint16_t ip_proto; + + AppLayerProtoDetectPPTestDataPort *port; + int no_of_port; +} AppLayerProtoDetectPPTestDataIPProto; + +static int AppLayerProtoDetectPPTestData(AppLayerProtoDetectProbingParser *pp, + AppLayerProtoDetectPPTestDataIPProto *ip_proto, + int no_of_ip_proto) +{ + int result = 0; + int i, j, k; +#ifdef DEBUG + int dir = 0; +#endif + for (i = 0; i < no_of_ip_proto; i++, pp = pp->next) { + if (pp->ip_proto != ip_proto[i].ip_proto) + goto end; + + AppLayerProtoDetectProbingParserPort *pp_port = pp->port; + for (k = 0; k < ip_proto[i].no_of_port; k++, pp_port = pp_port->next) { + if (pp_port->port != ip_proto[i].port[k].port) + goto end; + if (pp_port->toserver_alproto_mask != ip_proto[i].port[k].toserver_alproto_mask) + goto end; + if (pp_port->toclient_alproto_mask != ip_proto[i].port[k].toclient_alproto_mask) + goto end; + if (pp_port->toserver_max_depth != ip_proto[i].port[k].toserver_max_depth) + goto end; + if (pp_port->toclient_max_depth != ip_proto[i].port[k].toclient_max_depth) + goto end; + + AppLayerProtoDetectProbingParserElement *pp_element = pp_port->toserver; +#ifdef DEBUG + dir = 0; +#endif + for (j = 0 ; j < ip_proto[i].port[k].ts_no_of_element; + j++, pp_element = pp_element->next) { + + if (pp_element->alproto != ip_proto[i].port[k].toserver_element[j].alproto) { + goto end; + } + if (pp_element->port != ip_proto[i].port[k].toserver_element[j].port) { + goto end; + } + if (pp_element->alproto_mask != ip_proto[i].port[k].toserver_element[j].alproto_mask) { + goto end; + } + if (pp_element->min_depth != ip_proto[i].port[k].toserver_element[j].min_depth) { + goto end; + } + if (pp_element->max_depth != ip_proto[i].port[k].toserver_element[j].max_depth) { + goto end; + } + } /* for */ + if (pp_element != NULL) + goto end; + + pp_element = pp_port->toclient; +#ifdef DEBUG + dir = 1; +#endif + for (j = 0 ; j < ip_proto[i].port[k].tc_no_of_element; j++, pp_element = pp_element->next) { + if (pp_element->alproto != ip_proto[i].port[k].toclient_element[j].alproto) { + goto end; + } + if (pp_element->port != ip_proto[i].port[k].toclient_element[j].port) { + goto end; + } + if (pp_element->alproto_mask != ip_proto[i].port[k].toclient_element[j].alproto_mask) { + goto end; + } + if (pp_element->min_depth != ip_proto[i].port[k].toclient_element[j].min_depth) { + goto end; + } + if (pp_element->max_depth != ip_proto[i].port[k].toclient_element[j].max_depth) { + goto end; + } + } /* for */ + if (pp_element != NULL) + goto end; + } + if (pp_port != NULL) + goto end; } + if (pp != NULL) + goto end; + + result = 1; + end: +#ifdef DEBUG + printf("i = %d, k = %d, j = %d(%s)\n", i, k, j, (dir == 0) ? "ts" : "tc"); +#endif + return result; +} + +static uint16_t ProbingParserDummyForTesting(uint8_t *input, + uint32_t input_len, + uint32_t *offset) +{ + return 0; +} + +static int AppLayerProtoDetectTest15(void) +{ + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + + int result = 0; + + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "80", + ALPROTO_HTTP, + 5, 8, + STREAM_TOSERVER, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "80", + ALPROTO_SMB, + 5, 6, + STREAM_TOSERVER, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "80", + ALPROTO_FTP, + 7, 10, + STREAM_TOSERVER, + ProbingParserDummyForTesting); + + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "81", + ALPROTO_DCERPC, + 9, 10, + STREAM_TOSERVER, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "81", + ALPROTO_FTP, + 7, 15, + STREAM_TOSERVER, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "0", + ALPROTO_SMTP, + 12, 0, + STREAM_TOSERVER, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "0", + ALPROTO_TLS, + 12, 18, + STREAM_TOSERVER, + ProbingParserDummyForTesting); + + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "85", + ALPROTO_DCERPC, + 9, 10, + STREAM_TOSERVER, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "85", + ALPROTO_FTP, + 7, 15, + STREAM_TOSERVER, + ProbingParserDummyForTesting); + result = 1; - AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data_resp, sizeof(l7data_resp), STREAM_TOSERVER, IPPROTO_UDP, pm_results); - if (pm_results[0] != ALPROTO_HTTP) { - printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_HTTP); - r = 0; + AppLayerProtoDetectPPRegister(IPPROTO_UDP, + "85", + ALPROTO_IMAP, + 12, 23, + STREAM_TOSERVER, + ProbingParserDummyForTesting); + + /* toclient */ + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "0", + ALPROTO_JABBER, + 12, 23, + STREAM_TOCLIENT, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "0", + ALPROTO_IRC, + 12, 14, + STREAM_TOCLIENT, + ProbingParserDummyForTesting); + + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "85", + ALPROTO_DCERPC, + 9, 10, + STREAM_TOCLIENT, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "81", + ALPROTO_FTP, + 7, 15, + STREAM_TOCLIENT, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "0", + ALPROTO_TLS, + 12, 18, + STREAM_TOCLIENT, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "80", + ALPROTO_HTTP, + 5, 8, + STREAM_TOCLIENT, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "81", + ALPROTO_DCERPC, + 9, 10, + STREAM_TOCLIENT, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "90", + ALPROTO_FTP, + 7, 15, + STREAM_TOCLIENT, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "80", + ALPROTO_SMB, + 5, 6, + STREAM_TOCLIENT, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_UDP, + "85", + ALPROTO_IMAP, + 12, 23, + STREAM_TOCLIENT, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "0", + ALPROTO_SMTP, + 12, 17, + STREAM_TOCLIENT, + ProbingParserDummyForTesting); + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "80", + ALPROTO_FTP, + 7, 10, + STREAM_TOCLIENT, + ProbingParserDummyForTesting); + + AppLayerProtoDetectPPTestDataElement element_ts_80[] = { + { "http", ALPROTO_HTTP, 80, 1 << ALPROTO_HTTP, 5, 8 }, + { "smb", ALPROTO_SMB, 80, 1 << ALPROTO_SMB, 5, 6 }, + { "ftp", ALPROTO_FTP, 80, 1 << ALPROTO_FTP, 7, 10 }, + { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 }, + { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, + { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 }, + { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, + }; + AppLayerProtoDetectPPTestDataElement element_tc_80[] = { + { "http", ALPROTO_HTTP, 80, 1 << ALPROTO_HTTP, 5, 8 }, + { "smb", ALPROTO_SMB, 80, 1 << ALPROTO_SMB, 5, 6 }, + { "ftp", ALPROTO_FTP, 80, 1 << ALPROTO_FTP, 7, 10 }, + { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, + { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 }, + { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, + { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 } + }; + + AppLayerProtoDetectPPTestDataElement element_ts_81[] = { + { "dcerpc", ALPROTO_DCERPC, 81, 1 << ALPROTO_DCERPC, 9, 10 }, + { "ftp", ALPROTO_FTP, 81, 1 << ALPROTO_FTP, 7, 15 }, + { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 }, + { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, + { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 }, + { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, + }; + AppLayerProtoDetectPPTestDataElement element_tc_81[] = { + { "ftp", ALPROTO_FTP, 81, 1 << ALPROTO_FTP, 7, 15 }, + { "dcerpc", ALPROTO_DCERPC, 81, 1 << ALPROTO_DCERPC, 9, 10 }, + { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, + { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 }, + { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, + { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 } + }; + + AppLayerProtoDetectPPTestDataElement element_ts_85[] = { + { "dcerpc", ALPROTO_DCERPC, 85, 1 << ALPROTO_DCERPC, 9, 10 }, + { "ftp", ALPROTO_FTP, 85, 1 << ALPROTO_FTP, 7, 15 }, + { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 }, + { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, + { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 }, + { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, + }; + AppLayerProtoDetectPPTestDataElement element_tc_85[] = { + { "dcerpc", ALPROTO_DCERPC, 85, 1 << ALPROTO_DCERPC, 9, 10 }, + { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, + { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 }, + { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, + { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 } + }; + + AppLayerProtoDetectPPTestDataElement element_ts_90[] = { + { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 }, + { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, + { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 }, + { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, + }; + AppLayerProtoDetectPPTestDataElement element_tc_90[] = { + { "ftp", ALPROTO_FTP, 90, 1 << ALPROTO_FTP, 7, 15 }, + { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, + { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 }, + { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, + { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 } + }; + + AppLayerProtoDetectPPTestDataElement element_ts_0[] = { + { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 }, + { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, + { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 }, + { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, + }; + AppLayerProtoDetectPPTestDataElement element_tc_0[] = { + { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, + { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 }, + { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, + { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 } + }; + + + AppLayerProtoDetectPPTestDataElement element_ts_85_udp[] = { + { "imap", ALPROTO_IMAP, 85, 1 << ALPROTO_IMAP, 12, 23 }, + }; + AppLayerProtoDetectPPTestDataElement element_tc_85_udp[] = { + { "imap", ALPROTO_IMAP, 85, 1 << ALPROTO_IMAP, 12, 23 }, + }; + + AppLayerProtoDetectPPTestDataPort ports_tcp[] = { + { 80, + ((1 << ALPROTO_HTTP) | (1 << ALPROTO_SMB) | (1 << ALPROTO_FTP) | + (1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)), + ((1 << ALPROTO_HTTP) | (1 << ALPROTO_SMB) | (1 << ALPROTO_FTP) | + (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)), + 0, 23, + element_ts_80, element_tc_80, + sizeof(element_ts_80) / sizeof(AppLayerProtoDetectPPTestDataElement), + sizeof(element_tc_80) / sizeof(AppLayerProtoDetectPPTestDataElement), + }, + { 81, + ((1 << ALPROTO_DCERPC) | (1 << ALPROTO_FTP) | + (1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)), + ((1 << ALPROTO_FTP) | (1 << ALPROTO_DCERPC) | + (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)), + 0, 23, + element_ts_81, element_tc_81, + sizeof(element_ts_81) / sizeof(AppLayerProtoDetectPPTestDataElement), + sizeof(element_tc_81) / sizeof(AppLayerProtoDetectPPTestDataElement), + }, + { 85, + ((1 << ALPROTO_DCERPC) | (1 << ALPROTO_FTP) | + (1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)), + ((1 << ALPROTO_DCERPC) | + (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)), + 0, 23, + element_ts_85, element_tc_85, + sizeof(element_ts_85) / sizeof(AppLayerProtoDetectPPTestDataElement), + sizeof(element_tc_85) / sizeof(AppLayerProtoDetectPPTestDataElement) + }, + { 90, + ((1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)), + ((1 << ALPROTO_FTP) | + (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)), + 0, 23, + element_ts_90, element_tc_90, + sizeof(element_ts_90) / sizeof(AppLayerProtoDetectPPTestDataElement), + sizeof(element_tc_90) / sizeof(AppLayerProtoDetectPPTestDataElement) + }, + { 0, + ((1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)), + ((1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)), + 0, 23, + element_ts_0, element_tc_0, + sizeof(element_ts_0) / sizeof(AppLayerProtoDetectPPTestDataElement), + sizeof(element_tc_0) / sizeof(AppLayerProtoDetectPPTestDataElement) + } + }; + + AppLayerProtoDetectPPTestDataPort ports_udp[] = { + { 85, + (1 << ALPROTO_IMAP), + (1 << ALPROTO_IMAP), + 23, 23, + element_ts_85_udp, element_tc_85_udp, + sizeof(element_ts_85_udp) / sizeof(AppLayerProtoDetectPPTestDataElement), + sizeof(element_tc_85_udp) / sizeof(AppLayerProtoDetectPPTestDataElement), + }, + }; + + AppLayerProtoDetectPPTestDataIPProto ip_proto[] = { + { IPPROTO_TCP, + ports_tcp, + sizeof(ports_tcp) / sizeof(AppLayerProtoDetectPPTestDataPort), + }, + { IPPROTO_UDP, + ports_udp, + sizeof(ports_udp) / sizeof(AppLayerProtoDetectPPTestDataPort), + }, + }; + + + if (AppLayerProtoDetectPPTestData(alpd_ctx.ctx_pp, ip_proto, + sizeof(ip_proto) / sizeof(AppLayerProtoDetectPPTestDataIPProto)) == 0) { + goto end; } + result = 1; - AlpProtoTestDestroy(&ctx); - return r; + end: + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); + return result; } + /** \test test if the engine detect the proto and match with it */ -static int AlpDetectTestSig1(void) +static int AppLayerProtoDetectTest16(void) { int result = 0; Flow *f = NULL; @@ -1271,6 +3150,7 @@ static int AlpDetectTestSig1(void) ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; DetectEngineCtx *de_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&ssn, 0, sizeof(TcpSession)); @@ -1287,6 +3167,7 @@ static int AlpDetectTestSig1(void) goto end; } f->protoctx = &ssn; + f->proto = IPPROTO_TCP; p->flow = f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1314,8 +3195,8 @@ static int AlpDetectTestSig1(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + SCMutexLock(&f->m); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f->m); @@ -1337,7 +3218,9 @@ static int AlpDetectTestSig1(void) goto end; } result = 1; -end: + end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -1354,7 +3237,7 @@ end: /** \test test if the engine detect the proto on a non standar port * and match with it */ -static int AlpDetectTestSig2(void) +static int AppLayerProtoDetectTest17(void) { int result = 0; Flow *f = NULL; @@ -1369,6 +3252,7 @@ static int AlpDetectTestSig2(void) ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; DetectEngineCtx *de_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&ssn, 0, sizeof(TcpSession)); @@ -1379,6 +3263,7 @@ static int AlpDetectTestSig2(void) if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; p->flow = f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -1405,7 +3290,7 @@ static int AlpDetectTestSig2(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f->m); @@ -1429,7 +3314,9 @@ static int AlpDetectTestSig2(void) result = 1; -end: + end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -1446,7 +3333,7 @@ end: /** \test test if the engine detect the proto and doesn't match * because the sig expects another proto (ex ftp)*/ -static int AlpDetectTestSig3(void) +static int AppLayerProtoDetectTest18(void) { int result = 0; Flow *f = NULL; @@ -1461,6 +3348,7 @@ static int AlpDetectTestSig3(void) ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; DetectEngineCtx *de_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&ssn, 0, sizeof(TcpSession)); @@ -1471,6 +3359,7 @@ static int AlpDetectTestSig3(void) if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; p->flow = f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -1497,7 +3386,7 @@ static int AlpDetectTestSig3(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f->m); @@ -1520,7 +3409,9 @@ static int AlpDetectTestSig3(void) } result = 1; -end: + end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -1537,7 +3428,7 @@ end: /** \test test if the engine detect the proto and doesn't match * because the packet has another proto (ex ftp) */ -static int AlpDetectTestSig4(void) +static int AppLayerProtoDetectTest19(void) { int result = 0; Flow *f = NULL; @@ -1549,6 +3440,7 @@ static int AlpDetectTestSig4(void) ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; DetectEngineCtx *de_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&ssn, 0, sizeof(TcpSession)); @@ -1559,6 +3451,7 @@ static int AlpDetectTestSig4(void) if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; p->flow = f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -1585,7 +3478,7 @@ static int AlpDetectTestSig4(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_FTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_FTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f->m); @@ -1603,7 +3496,9 @@ static int AlpDetectTestSig4(void) result = 1; -end: + end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -1619,7 +3514,7 @@ end: /** \test test if the engine detect the proto and match with it * and also against a content option */ -static int AlpDetectTestSig5(void) +static int AppLayerProtoDetectTest20(void) { int result = 0; Flow *f = NULL; @@ -1633,6 +3528,7 @@ static int AlpDetectTestSig5(void) ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; DetectEngineCtx *de_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&ssn, 0, sizeof(TcpSession)); @@ -1685,7 +3581,7 @@ static int AlpDetectTestSig5(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f->m); @@ -1703,7 +3599,9 @@ static int AlpDetectTestSig5(void) result = 1; -end: + end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -1717,28 +3615,33 @@ end: return result; } -#endif /* UNITTESTS */ -void AlpDetectRegisterTests(void) { -#ifdef UNITTESTS - UtRegisterTest("AlpDetectTest01", AlpDetectTest01, 1); - UtRegisterTest("AlpDetectTest02", AlpDetectTest02, 1); - UtRegisterTest("AlpDetectTest03", AlpDetectTest03, 1); - UtRegisterTest("AlpDetectTest04", AlpDetectTest04, 1); - UtRegisterTest("AlpDetectTest05", AlpDetectTest05, 1); - UtRegisterTest("AlpDetectTest06", AlpDetectTest06, 1); - UtRegisterTest("AlpDetectTest07", AlpDetectTest07, 1); - UtRegisterTest("AlpDetectTest08", AlpDetectTest08, 1); - UtRegisterTest("AlpDetectTest09", AlpDetectTest09, 1); - UtRegisterTest("AlpDetectTest10", AlpDetectTest10, 1); - UtRegisterTest("AlpDetectTest11", AlpDetectTest11, 1); - UtRegisterTest("AlpDetectTest12", AlpDetectTest12, 1); - UtRegisterTest("AlpDetectTest13", AlpDetectTest13, 1); - UtRegisterTest("AlpDetectTest14", AlpDetectTest14, 1); - UtRegisterTest("AlpDetectTestSig1", AlpDetectTestSig1, 1); - UtRegisterTest("AlpDetectTestSig2", AlpDetectTestSig2, 1); - UtRegisterTest("AlpDetectTestSig3", AlpDetectTestSig3, 1); - UtRegisterTest("AlpDetectTestSig4", AlpDetectTestSig4, 1); - UtRegisterTest("AlpDetectTestSig5", AlpDetectTestSig5, 1); -#endif /* UNITTESTS */ +void AppLayerProtoDetectUnittestsRegister(void) +{ + SCEnter(); + + UtRegisterTest("AppLayerProtoDetectTest01", AppLayerProtoDetectTest01, 1); + UtRegisterTest("AppLayerProtoDetectTest02", AppLayerProtoDetectTest02, 1); + UtRegisterTest("AppLayerProtoDetectTest03", AppLayerProtoDetectTest03, 1); + UtRegisterTest("AppLayerProtoDetectTest04", AppLayerProtoDetectTest04, 1); + UtRegisterTest("AppLayerProtoDetectTest05", AppLayerProtoDetectTest05, 1); + UtRegisterTest("AppLayerProtoDetectTest06", AppLayerProtoDetectTest06, 1); + UtRegisterTest("AppLayerProtoDetectTest07", AppLayerProtoDetectTest07, 1); + UtRegisterTest("AppLayerProtoDetectTest08", AppLayerProtoDetectTest08, 1); + UtRegisterTest("AppLayerProtoDetectTest09", AppLayerProtoDetectTest09, 1); + UtRegisterTest("AppLayerProtoDetectTest10", AppLayerProtoDetectTest10, 1); + UtRegisterTest("AppLayerProtoDetectTest11", AppLayerProtoDetectTest11, 1); + UtRegisterTest("AppLayerProtoDetectTest12", AppLayerProtoDetectTest12, 1); + UtRegisterTest("AppLayerProtoDetectTest13", AppLayerProtoDetectTest13, 1); + UtRegisterTest("AppLayerProtoDetectTest14", AppLayerProtoDetectTest14, 1); + UtRegisterTest("AppLayerProtoDetectTest15", AppLayerProtoDetectTest15, 1); + UtRegisterTest("AppLayerProtoDetectTest16", AppLayerProtoDetectTest16, 1); + UtRegisterTest("AppLayerProtoDetectTest17", AppLayerProtoDetectTest17, 1); + UtRegisterTest("AppLayerProtoDetectTest18", AppLayerProtoDetectTest18, 1); + UtRegisterTest("AppLayerProtoDetectTest19", AppLayerProtoDetectTest19, 1); + UtRegisterTest("AppLayerProtoDetectTest20", AppLayerProtoDetectTest20, 1); + + SCReturn; } + +#endif /* UNITTESTS */ diff --git a/src/app-layer-detect-proto.h b/src/app-layer-detect-proto.h index 54e63bda26..c3e6351d8d 100644 --- a/src/app-layer-detect-proto.h +++ b/src/app-layer-detect-proto.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation +/* Copyright (C) 2007-2014 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -19,99 +19,174 @@ * \file * * \author Victor Julien + * \author Anoop Saldanha */ -#ifndef __APP_LAYER_DETECT_PROTO_H__ -#define __APP_LAYER_DETECT_PROTO_H__ +#ifndef __APP_LAYER_DETECT_PROTO__H__ +#define __APP_LAYER_DETECT_PROTO__H__ -#include "stream.h" -#include "detect-content.h" -#include "app-layer-parser.h" +typedef uint16_t (*ProbingParserFPtr)(uint8_t *input, uint32_t input_len, + uint32_t *offset); -/** \brief Signature for proto detection - * \todo we might just use SigMatch here +/***** Protocol Retrieval *****/ + +/** + * \brief Returns the app layer protocol given a buffer. + * + * \param tctx Pointer to the app layer protocol detection thread context. + * \param f Pointer to the flow. + * \param buf The buffer to be inspected. + * \param buflen The length of the above buffer. + * \param ipproto The ip protocol. + * \param direction The direction bitfield - STREAM_TOSERVER/STREAM_TOCLIENT. + * + * \retval The app layer protocol. + */ +AppProto AppLayerProtoDetectGetProto(void *tctx, + Flow *f, + uint8_t *buf, uint32_t buflen, + uint8_t ipproto, uint8_t direction); + +/***** State Preparation *****/ + +/** + * \brief Prepares the internal state for protocol detection. + * This needs to be called once all the patterns and probing parser + * ports have been registered. + */ +int AppLayerProtoDetectPrepareState(void); + +/***** PP registration *****/ + +void AppLayerProtoDetectPPRegister(uint16_t ipproto, + char *portstr, + AppProto alproto, + uint16_t min_depth, uint16_t max_depth, + uint8_t direction, + ProbingParserFPtr ProbingParser); +void AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, + uint16_t ipproto, + const char *alproto_name, + AppProto alproto, + uint16_t min_depth, uint16_t max_depth, + ProbingParserFPtr ProbingParser); + +/***** PM registration *****/ + +/** + * \brief Registers a case-sensitive pattern for protocol detection. + */ +int AppLayerProtoDetectPMRegisterPatternCS(uint16_t ipproto, AppProto alproto, + char *pattern, + uint16_t depth, uint16_t offset, + uint8_t direction); +/** + * \brief Registers a case-insensitive pattern for protocol detection. + */ +int AppLayerProtoDetectPMRegisterPatternCI(uint16_t ipproto, AppProto alproto, + char *pattern, + uint16_t depth, uint16_t offset, + uint8_t direction); + +/***** Setup/General Registration *****/ + +/** + * \brief The first function to be called. This initializes a global + * protocol detection context. + * + * \retval 0 On succcess; + * \retval -1 On failure. + */ +int AppLayerProtoDetectSetup(void); + +/** + * \brief Cleans up the app layer protocol detection phase. + */ +int AppLayerProtoDetectDeSetup(void); + +/** + * \brief Registers a protocol for protocol detection phase. + * + * This is the first function to be called after calling the + * setup function, AppLayerProtoDetectSetup(), before calling any other + * app layer functions, AppLayerParser or AppLayerProtoDetect, alike. + * With this function you are associating/registering a string + * that can be used by users to write rules, i.e. + * you register the http protocol for protocol detection using + * AppLayerProtoDetectRegisterProtocol(ctx, ALPROTO_HTTP, "http"), + * following which you can write rules like - + * alert http any any -> any any (sid:1;) + * which basically matches on the HTTP protocol. + * + * \param alproto The protocol. + * \param alproto_str The string to associate with the above "alproto". + * Please send a static string that won't be destroyed + * post making this call, since this function won't + * create a copy of the received argument. + * + * \retval 0 On success; + * -1 On failure. + */ +void AppLayerProtoDetectRegisterProtocol(AppProto alproto, char *alproto_name); + +/** + * \brief Given a protocol name, checks if proto detection is enabled in + * the conf file. + * + * \param alproto Name of the app layer protocol. + * + * \retval 1 If enabled. + * \retval 0 If disabled. + */ +int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, + const char *alproto); + +/** + * \brief Inits and returns an app layer protocol detection thread context. + + * \param ctx Pointer to the app layer protocol detection context. + * + * \retval Pointer to the thread context, on success; + * NULL, on failure. + */ +void *AppLayerProtoDetectGetCtxThread(void); + +/** + * \brief Destroys the app layer protocol detection thread context. + * + * \param tctx Pointer to the app layer protocol detection thread context. */ -typedef struct AlpProtoSignature_ { - uint16_t ip_proto; /**< protocol (TCP/UDP) */ - uint16_t proto; /**< protocol */ - DetectContentData *co; /**< content match that needs to match */ - struct AlpProtoSignature_ *next; /**< next signature */ - struct AlpProtoSignature_ *map_next; /**< next signature with same id */ -} AlpProtoSignature; - -#define ALP_DETECT_MAX 256 - -typedef struct AlpProtoDetectDirection_ { - MpmCtx mpm_ctx; - uint32_t id; - uint16_t map[ALP_DETECT_MAX]; /**< a mapping between condition id's and - protocol */ - uint16_t max_len; /**< max length of all patterns, so we can - limit the search */ - uint16_t min_len; /**< min length of all patterns, so we can - tell the stream engine to feed data - to app layer as soon as it has min - size data */ - uint32_t async_max; /**< max bytes in this direction while 0 in - the other, before we give up. */ -} AlpProtoDetectDirection; - -typedef struct AlpProtoDetectCtx_ { - AlpProtoDetectDirection toserver; - AlpProtoDetectDirection toclient; - - MpmPatternIdStore *mpm_pattern_id_store; /** pattern id store */ - - /** Mapping between pattern id and signature. As each signature has a - * unique pattern with a unique id, we can lookup the signature by - * the pattern id. */ - AlpProtoSignature **map; - - AlpProtoSignature *head; /**< list of sigs */ - AppLayerProbingParser *probing_parsers; - uint16_t sigs; /**< number of sigs */ -} AlpProtoDetectCtx; - -extern AlpProtoDetectCtx alp_proto_ctx; - -#define FLOW_IS_PM_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags & FLOW_TS_PM_ALPROTO_DETECT_DONE) : ((f)->flags & FLOW_TC_PM_ALPROTO_DETECT_DONE)) -#define FLOW_IS_PP_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags & FLOW_TS_PP_ALPROTO_DETECT_DONE) : ((f)->flags & FLOW_TC_PP_ALPROTO_DETECT_DONE)) - -#define FLOW_SET_PM_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags |= FLOW_TS_PM_ALPROTO_DETECT_DONE) : ((f)->flags |= FLOW_TC_PM_ALPROTO_DETECT_DONE)) -#define FLOW_SET_PP_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags |= FLOW_TS_PP_ALPROTO_DETECT_DONE) : ((f)->flags |= FLOW_TC_PP_ALPROTO_DETECT_DONE)) - -#define FLOW_RESET_PM_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags &= ~FLOW_TS_PM_ALPROTO_DETECT_DONE) : ((f)->flags &= ~FLOW_TC_PM_ALPROTO_DETECT_DONE)) -#define FLOW_RESET_PP_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags &= ~FLOW_TS_PP_ALPROTO_DETECT_DONE) : ((f)->flags &= ~FLOW_TC_PP_ALPROTO_DETECT_DONE)) - -void AlpProtoInit(AlpProtoDetectCtx *); -void *AppLayerDetectProtoThread(void *td); - -void AppLayerDetectProtoThreadInit(void); - -uint16_t AppLayerDetectGetProtoPMParser(AlpProtoDetectCtx *ctx, - AlpProtoDetectThreadCtx *tctx, - Flow *f, - uint8_t *buf, uint16_t buflen, - uint8_t flags, uint8_t ipproto, - uint16_t *pm_results); -uint16_t AppLayerDetectGetProtoProbingParser(AlpProtoDetectCtx *, Flow *, - uint8_t *, uint32_t, - uint8_t, uint8_t); -uint16_t AppLayerDetectGetProto(AlpProtoDetectCtx *, AlpProtoDetectThreadCtx *, - Flow *, uint8_t *, uint32_t, - uint8_t, uint8_t); -void AlpProtoAddCI(AlpProtoDetectCtx *, char *, uint16_t, uint16_t, char *, uint16_t, uint16_t, uint8_t); -void AlpProtoAdd(AlpProtoDetectCtx *, char *, uint16_t, uint16_t, char *, uint16_t, uint16_t, uint8_t); - -void AppLayerDetectProtoThreadSpawn(void); -void AlpDetectRegisterTests(void); - -void AlpProtoFinalizeGlobal(AlpProtoDetectCtx *); -void AlpProtoFinalizeThread(AlpProtoDetectCtx *, AlpProtoDetectThreadCtx *); -void AlpProtoFinalize2Thread(AlpProtoDetectThreadCtx *); -void AlpProtoDeFinalize2Thread (AlpProtoDetectThreadCtx *); -void AlpProtoTestDestroy(AlpProtoDetectCtx *); -void AlpProtoDestroy(void); - -#endif /* __APP_LAYER_DETECT_PROTO_H__ */ +void AppLayerProtoDetectDestroyCtxThread(void *tctx); + +/***** Utility *****/ + +void AppLayerProtoDetectSupportedIpprotos(AppProto alproto, uint8_t *ipprotos); +AppProto AppLayerProtoDetectGetProtoByName(char *alproto_name); +char *AppLayerProtoDetectGetProtoName(AppProto alproto); +void AppLayerProtoDetectSupportedAppProtocols(AppProto *alprotos); + +/***** Unittests *****/ + +#ifdef UNITTESTS + +/** + * \brief Backs up the internal context used by the app layer proto detection + * module. + */ +void AppLayerProtoDetectUnittestCtxBackup(void); + +/** + * \brief Restores back the internal context used by the app layer proto + * detection module, that was previously backed up by calling + * AppLayerProtoDetectUnittestCtxBackup(). + */ +void AppLayerProtoDetectUnittestCtxRestore(void); + +/** + * \brief Register unittests for app layer proto detection module. + */ +void AppLayerProtoDetectUnittestsRegister(void); + +#endif /* UNITTESTS */ +#endif /* __APP_LAYER_DETECT_PROTO__H__ */ diff --git a/src/app-layer-dns-common.c b/src/app-layer-dns-common.c index 4266930488..40d3c59a4d 100644 --- a/src/app-layer-dns-common.c +++ b/src/app-layer-dns-common.c @@ -22,6 +22,7 @@ */ #include "suricata-common.h" +#include "stream.h" #include "app-layer-parser.h" #include "app-layer-dns-common.h" #ifdef DEBUG @@ -68,9 +69,11 @@ int DNSStateGetEventInfo(const char *event_name, return 0; } -void DNSAppLayerRegisterGetEventInfo(uint16_t alproto) +void DNSAppLayerRegisterGetEventInfo(uint16_t ipproto, uint16_t alproto) { - return AppLayerRegisterGetEventInfo(alproto, DNSStateGetEventInfo); + AppLayerParserRegisterGetEventInfo(ipproto, alproto, DNSStateGetEventInfo); + + return; } AppLayerDecoderEvents *DNSGetEvents(void *state, uint64_t id) { @@ -124,7 +127,7 @@ int DNSGetAlstateProgress(void *tx, uint8_t direction) { /* value for tx->replied value */ int DNSGetAlstateProgressCompletionStatus(uint8_t direction) { - return (direction == 0) ? 0 : 1; + return (direction & STREAM_TOSERVER) ? 0 : 1; } void DNSSetEvent(DNSState *s, uint8_t e) { diff --git a/src/app-layer-dns-common.h b/src/app-layer-dns-common.h index e04986f347..3a5bbeb672 100644 --- a/src/app-layer-dns-common.h +++ b/src/app-layer-dns-common.h @@ -165,7 +165,7 @@ void DNSParserRegisterTests(void); void DNSAppLayerDecoderEventsRegister(int alproto); int DNSStateGetEventInfo(const char *event_name, int *event_id, AppLayerEventType *event_type); -void DNSAppLayerRegisterGetEventInfo(uint16_t alproto); +void DNSAppLayerRegisterGetEventInfo(uint16_t ipproto, uint16_t alproto); void *DNSGetTx(void *alstate, uint64_t tx_id); uint64_t DNSGetTxCnt(void *alstate); diff --git a/src/app-layer-dns-tcp.c b/src/app-layer-dns-tcp.c index 0e7626a65a..bae14bb2a5 100644 --- a/src/app-layer-dns-tcp.c +++ b/src/app-layer-dns-tcp.c @@ -266,9 +266,9 @@ insufficient_data: * \brief Parse DNS request packet */ static int DNSTCPRequestParse(Flow *f, void *dstate, - AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *pstate, + uint8_t *input, uint32_t input_len, + void *local_data) { DNSState *dns_state = (DNSState *)dstate; SCLogDebug("starting %u", input_len); @@ -455,9 +455,9 @@ insufficient_data: * */ static int DNSTCPResponseParse(Flow *f, void *dstate, - AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *pstate, + uint8_t *input, uint32_t input_len, + void *local_data) { DNSState *dns_state = (DNSState *)dstate; @@ -554,7 +554,7 @@ static uint16_t DNSTcpProbingParser(uint8_t *input, uint32_t ilen, uint32_t *off return ALPROTO_FAILED; } else if (ilen > 512) { SCLogDebug("all the parser told us was not enough data, which is expected. Lets assume it's DNS"); - return ALPROTO_DNS_TCP; + return ALPROTO_DNS; } SCLogDebug("not yet enough info %u > %u", ntohs(dns_header->len), ilen); @@ -565,28 +565,29 @@ static uint16_t DNSTcpProbingParser(uint8_t *input, uint32_t ilen, uint32_t *off if (r != 1) return ALPROTO_FAILED; - SCLogDebug("ALPROTO_DNS_TCP"); - return ALPROTO_DNS_TCP; + SCLogDebug("ALPROTO_DNS"); + return ALPROTO_DNS; } void RegisterDNSTCPParsers(void) { - char *proto_name = "dnstcp"; + char *proto_name = "dns"; /** DNS */ - if (AppLayerProtoDetectionEnabled(proto_name)) { + if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) { + AppLayerProtoDetectRegisterProtocol(ALPROTO_DNS, proto_name); + if (RunmodeIsUnittests()) { - AppLayerRegisterProbingParser(&alp_proto_ctx, - IPPROTO_TCP, + AppLayerProtoDetectPPRegister(IPPROTO_TCP, "53", - proto_name, ALPROTO_DNS, 0, sizeof(DNSTcpHeader), STREAM_TOSERVER, DNSTcpProbingParser); } else { - AppLayerParseProbingParserPorts(proto_name, ALPROTO_DNS, - 0, sizeof(DNSTcpHeader), - DNSTcpProbingParser); + AppLayerProtoDetectPPParseConfPorts("udp", IPPROTO_TCP, + proto_name, ALPROTO_DNS, + 0, sizeof(DNSTcpHeader), + DNSTcpProbingParser); } } else { SCLogInfo("Protocol detection and parser disabled for %s protocol.", @@ -594,28 +595,26 @@ void RegisterDNSTCPParsers(void) { return; } - if (AppLayerParserEnabled(proto_name)) { - AppLayerRegisterProto(proto_name, ALPROTO_DNS_TCP, STREAM_TOSERVER, - DNSTCPRequestParse); - AppLayerRegisterProto(proto_name, ALPROTO_DNS_TCP, STREAM_TOCLIENT, - DNSTCPResponseParse); - AppLayerRegisterStateFuncs(ALPROTO_DNS_TCP, DNSStateAlloc, - DNSStateFree); - AppLayerRegisterTxFreeFunc(ALPROTO_DNS_TCP, - DNSStateTransactionFree); - - AppLayerRegisterGetEventsFunc(ALPROTO_DNS_TCP, DNSGetEvents); - AppLayerRegisterHasEventsFunc(ALPROTO_DNS_TCP, DNSHasEvents); - - AppLayerRegisterGetTx(ALPROTO_DNS_TCP, - DNSGetTx); - AppLayerRegisterGetTxCnt(ALPROTO_DNS_TCP, - DNSGetTxCnt); - AppLayerRegisterGetAlstateProgressFunc(ALPROTO_DNS_TCP, - DNSGetAlstateProgress); - AppLayerRegisterGetAlstateProgressCompletionStatus(ALPROTO_DNS_TCP, - DNSGetAlstateProgressCompletionStatus); - DNSAppLayerRegisterGetEventInfo(ALPROTO_DNS_TCP); + if (AppLayerParserConfParserEnabled("tcp", proto_name)) { + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_DNS, STREAM_TOSERVER, + DNSTCPRequestParse); + AppLayerParserRegisterParser(IPPROTO_TCP , ALPROTO_DNS, STREAM_TOCLIENT, + DNSTCPResponseParse); + AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_DNS, DNSStateAlloc, + DNSStateFree); + AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_DNS, + DNSStateTransactionFree); + + AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_DNS, DNSGetEvents); + AppLayerParserRegisterHasEventsFunc(IPPROTO_TCP, ALPROTO_DNS, DNSHasEvents); + + AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_DNS, DNSGetTx); + AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_DNS, DNSGetTxCnt); + AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_DNS, + DNSGetAlstateProgress); + AppLayerParserRegisterGetStateProgressCompletionStatus(IPPROTO_TCP, ALPROTO_DNS, + DNSGetAlstateProgressCompletionStatus); + DNSAppLayerRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_DNS); } else { SCLogInfo("Parsed disabled for %s protocol. Protocol detection" "still on.", proto_name); diff --git a/src/app-layer-dns-udp.c b/src/app-layer-dns-udp.c index 6202bda46b..6d87980315 100644 --- a/src/app-layer-dns-udp.c +++ b/src/app-layer-dns-udp.c @@ -54,9 +54,9 @@ * \brief Parse DNS request packet */ static int DNSUDPRequestParse(Flow *f, void *dstate, - AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *pstate, + uint8_t *input, uint32_t input_len, + void *local_data) { DNSState *dns_state = (DNSState *)dstate; @@ -160,9 +160,9 @@ insufficient_data: * */ static int DNSUDPResponseParse(Flow *f, void *dstate, - AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *pstate, + uint8_t *input, uint32_t input_len, + void *local_data) { DNSState *dns_state = (DNSState *)dstate; @@ -293,10 +293,10 @@ static uint16_t DNSUdpProbingParser(uint8_t *input, uint32_t ilen, uint32_t *off return ALPROTO_UNKNOWN; } - if (DNSUDPRequestParse(NULL, NULL, NULL, input, ilen, NULL, NULL) == -1) + if (DNSUDPRequestParse(NULL, NULL, NULL, input, ilen, NULL) == -1) return ALPROTO_FAILED; - return ALPROTO_DNS_UDP; + return ALPROTO_DNS; } static void DNSUDPConfigure(void) { @@ -316,23 +316,24 @@ static void DNSUDPConfigure(void) { } void RegisterDNSUDPParsers(void) { - char *proto_name = "dnsudp"; + char *proto_name = "dns"; /** DNS */ - if (AppLayerProtoDetectionEnabled(proto_name)) { + if (AppLayerProtoDetectConfProtoDetectionEnabled("udp", proto_name)) { + AppLayerProtoDetectRegisterProtocol(ALPROTO_DNS, proto_name); + if (RunmodeIsUnittests()) { - AppLayerRegisterProbingParser(&alp_proto_ctx, - IPPROTO_UDP, + AppLayerProtoDetectPPRegister(IPPROTO_UDP, "53", - proto_name, ALPROTO_DNS, 0, sizeof(DNSHeader), STREAM_TOSERVER, DNSUdpProbingParser); } else { - AppLayerParseProbingParserPorts(proto_name, ALPROTO_DNS, - 0, sizeof(DNSHeader), - DNSUdpProbingParser); + AppLayerProtoDetectPPParseConfPorts("udp", IPPROTO_UDP, + proto_name, ALPROTO_DNS, + 0, sizeof(DNSHeader), + DNSUdpProbingParser); } } else { SCLogInfo("Protocol detection and parser disabled for %s protocol.", @@ -340,29 +341,29 @@ void RegisterDNSUDPParsers(void) { return; } - if (AppLayerParserEnabled(proto_name)) { - AppLayerRegisterProto(proto_name, ALPROTO_DNS_UDP, STREAM_TOSERVER, - DNSUDPRequestParse); - AppLayerRegisterProto(proto_name, ALPROTO_DNS_UDP, STREAM_TOCLIENT, - DNSUDPResponseParse); - AppLayerRegisterStateFuncs(ALPROTO_DNS_UDP, DNSStateAlloc, - DNSStateFree); - AppLayerRegisterTxFreeFunc(ALPROTO_DNS_UDP, - DNSStateTransactionFree); - - AppLayerRegisterGetEventsFunc(ALPROTO_DNS_UDP, DNSGetEvents); - AppLayerRegisterHasEventsFunc(ALPROTO_DNS_UDP, DNSHasEvents); - - AppLayerRegisterGetTx(ALPROTO_DNS_UDP, - DNSGetTx); - AppLayerRegisterGetTxCnt(ALPROTO_DNS_UDP, - DNSGetTxCnt); - AppLayerRegisterGetAlstateProgressFunc(ALPROTO_DNS_UDP, - DNSGetAlstateProgress); - AppLayerRegisterGetAlstateProgressCompletionStatus(ALPROTO_DNS_UDP, - DNSGetAlstateProgressCompletionStatus); - - DNSAppLayerRegisterGetEventInfo(ALPROTO_DNS_UDP); + if (AppLayerParserConfParserEnabled("tcp", proto_name)) { + AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_DNS, STREAM_TOSERVER, + DNSUDPRequestParse); + AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_DNS, STREAM_TOCLIENT, + DNSUDPResponseParse); + AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_DNS, DNSStateAlloc, + DNSStateFree); + AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_DNS, + DNSStateTransactionFree); + + AppLayerParserRegisterGetEventsFunc(IPPROTO_UDP, ALPROTO_DNS, DNSGetEvents); + AppLayerParserRegisterHasEventsFunc(IPPROTO_UDP, ALPROTO_DNS, DNSHasEvents); + + AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_DNS, + DNSGetTx); + AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_DNS, + DNSGetTxCnt); + AppLayerParserRegisterGetStateProgressFunc(IPPROTO_UDP, ALPROTO_DNS, + DNSGetAlstateProgress); + AppLayerParserRegisterGetStateProgressCompletionStatus(IPPROTO_UDP, ALPROTO_DNS, + DNSGetAlstateProgressCompletionStatus); + + DNSAppLayerRegisterGetEventInfo(IPPROTO_UDP, ALPROTO_DNS); DNSUDPConfigure(); } else { @@ -370,7 +371,7 @@ void RegisterDNSUDPParsers(void) { "still on.", proto_name); } #ifdef UNITTESTS - AppLayerParserRegisterUnittests(ALPROTO_DNS_UDP, DNSUDPParserRegisterTests); + AppLayerParserRegisterProtocolUnittests(IPPROTO_UDP, ALPROTO_DNS, DNSUDPParserRegisterTests); #endif } @@ -402,10 +403,10 @@ static int DNSUDPParserTest01 (void) { if (f == NULL) goto end; f->proto = IPPROTO_UDP; - f->alproto = ALPROTO_DNS_UDP; + f->alproto = ALPROTO_DNS; f->alstate = DNSStateAlloc(); - int r = DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL, NULL); + int r = DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL); if (r != 1) goto end; diff --git a/src/app-layer-ftp.c b/src/app-layer-ftp.c index 2b203867e4..eeca2a1d3d 100644 --- a/src/app-layer-ftp.c +++ b/src/app-layer-ftp.c @@ -40,6 +40,7 @@ #include "stream-tcp.h" #include "stream.h" +#include "app-layer.h" #include "app-layer-protos.h" #include "app-layer-parser.h" #include "app-layer-ftp.h" @@ -207,9 +208,9 @@ static int FTPParseRequestCommand(void *ftp_state, uint8_t *input, * \retval 1 when the command is parsed, 0 otherwise */ static int FTPParseRequest(Flow *f, void *ftp_state, - AppLayerParserState *pstate, + void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *local_data) { SCEnter(); /* PrintRawDataFp(stdout, input,input_len); */ @@ -256,9 +257,9 @@ static int FTPParseRequest(Flow *f, void *ftp_state, * * \retval 1 when the command is parsed, 0 otherwise */ -static int FTPParseResponse(Flow *f, void *ftp_state, AppLayerParserState *pstate, +static int FTPParseResponse(Flow *f, void *ftp_state, void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *local_data) { return 1; } @@ -298,29 +299,50 @@ static void FTPStateFree(void *s) { #endif } +static int FTPRegisterPatternsForProtocolDetection(void) +{ + if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_FTP, + "USER ", 5, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_FTP, + "PASS ", 5, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_FTP, + "PORT ", 5, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + + return 0; +} + void RegisterFTPParsers(void) { char *proto_name = "ftp"; /** FTP */ - if (AppLayerProtoDetectionEnabled(proto_name)) { - AlpProtoAddCI(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_FTP, "USER ", 5, 0, STREAM_TOSERVER); - AlpProtoAddCI(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_FTP, "PASS ", 5, 0, STREAM_TOSERVER); - AlpProtoAddCI(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_FTP, "PORT ", 5, 0, STREAM_TOSERVER); - AppLayerRegisterParserAcceptableDataDirection(ALPROTO_FTP, STREAM_TOSERVER | STREAM_TOCLIENT); + if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) { + AppLayerProtoDetectRegisterProtocol(ALPROTO_FTP, proto_name); + if (FTPRegisterPatternsForProtocolDetection() < 0 ) + return; } - if (AppLayerParserEnabled(proto_name)) { - AppLayerRegisterProto(proto_name, ALPROTO_FTP, STREAM_TOSERVER, - FTPParseRequest); - AppLayerRegisterProto(proto_name, ALPROTO_FTP, STREAM_TOCLIENT, - FTPParseResponse); - AppLayerRegisterStateFuncs(ALPROTO_FTP, FTPStateAlloc, FTPStateFree); + if (AppLayerParserConfParserEnabled("tcp", proto_name)) { + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_FTP, STREAM_TOSERVER, + FTPParseRequest); + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_FTP, STREAM_TOCLIENT, + FTPParseResponse); + AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_FTP, FTPStateAlloc, FTPStateFree); + AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_FTP, STREAM_TOSERVER | STREAM_TOCLIENT); } else { SCLogInfo("Parsed disabled for %s protocol. Protocol detection" "still on.", proto_name); } #ifdef UNITTESTS - AppLayerParserRegisterUnittests(ALPROTO_FTP, FTPParserRegisterTests); + AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_FTP, FTPParserRegisterTests); #endif } @@ -343,17 +365,19 @@ int FTPParserTest01(void) { uint8_t ftpbuf[] = "PORT 192,168,1,1,0,80\r\n"; uint32_t ftplen = sizeof(ftpbuf) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_EOF, ftpbuf, ftplen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_EOF, ftpbuf, ftplen); if (r != 0) { SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -376,6 +400,8 @@ int FTPParserTest01(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -392,15 +418,17 @@ int FTPParserTest03(void) { uint8_t ftpbuf3[] = "1,1,10,20\r\n"; uint32_t ftplen3 = sizeof(ftpbuf3) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_START, ftpbuf1, ftplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_START, ftpbuf1, ftplen1); if (r != 0) { SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -410,7 +438,7 @@ int FTPParserTest03(void) { SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER, ftpbuf2, ftplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER, ftpbuf2, ftplen2); if (r != 0) { SCLogDebug("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -420,7 +448,7 @@ int FTPParserTest03(void) { SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_EOF, ftpbuf3, ftplen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_EOF, ftpbuf3, ftplen3); if (r != 0) { SCLogDebug("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -443,6 +471,8 @@ int FTPParserTest03(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -454,17 +484,19 @@ int FTPParserTest06(void) { uint8_t ftpbuf1[] = "PORT"; uint32_t ftplen1 = sizeof(ftpbuf1) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, ftpbuf1, ftplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, ftpbuf1, ftplen1); if (r != 0) { SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -487,6 +519,8 @@ int FTPParserTest06(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -501,17 +535,19 @@ int FTPParserTest07(void) { uint8_t ftpbuf2[] = "RT\r\n"; uint32_t ftplen2 = sizeof(ftpbuf2) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_START, ftpbuf1, ftplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_START, ftpbuf1, ftplen1); if (r != 0) { SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -521,7 +557,7 @@ int FTPParserTest07(void) { SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_EOF, ftpbuf2, ftplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_EOF, ftpbuf2, ftplen2); if (r != 0) { SCLogDebug("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -545,6 +581,8 @@ int FTPParserTest07(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -558,12 +596,14 @@ int FTPParserTest10(void) { uint8_t ftpbuf1[] = "PORT 1,2,3,4,5,6\r\n"; uint32_t ftplen1 = sizeof(ftpbuf1) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); int r = 0; memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -576,7 +616,7 @@ int FTPParserTest10(void) { else flags = STREAM_TOSERVER; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_FTP, flags, &ftpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, flags, &ftpbuf1[u], 1); if (r != 0) { SCLogDebug("toserver chunk %" PRIu32 " returned %" PRId32 ", expected 0: ", u, r); result = 0; @@ -600,6 +640,8 @@ int FTPParserTest10(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; diff --git a/src/app-layer-htp-file.c b/src/app-layer-htp-file.c index 972566e206..c72197c313 100644 --- a/src/app-layer-htp-file.c +++ b/src/app-layer-htp-file.c @@ -39,6 +39,7 @@ #include "stream-tcp.h" #include "stream.h" +#include "app-layer.h" #include "app-layer-protos.h" #include "app-layer-parser.h" #include "app-layer-htp.h" @@ -310,6 +311,7 @@ static int HTPFileParserTest01(void) { uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); HtpState *http_state = NULL; memset(&ssn, 0, sizeof(ssn)); @@ -317,12 +319,13 @@ static int HTPFileParserTest01(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCLogDebug("\n>>>> processing chunk 1 <<<<\n"); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -333,7 +336,7 @@ static int HTPFileParserTest01(void) { SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -349,7 +352,7 @@ static int HTPFileParserTest01(void) { goto end; } - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0); if (tx == NULL) { goto end; } @@ -362,6 +365,8 @@ static int HTPFileParserTest01(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (http_state != NULL) HTPStateFree(http_state); @@ -397,6 +402,7 @@ static int HTPFileParserTest02(void) { TcpSession ssn; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -404,12 +410,13 @@ static int HTPFileParserTest02(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCLogDebug("\n>>>> processing chunk 1 <<<<\n"); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -420,7 +427,7 @@ static int HTPFileParserTest02(void) { SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -431,7 +438,7 @@ static int HTPFileParserTest02(void) { SCLogDebug("\n>>>> processing chunk 3 size %u <<<<\n", httplen3); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -442,7 +449,7 @@ static int HTPFileParserTest02(void) { SCLogDebug("\n>>>> processing chunk 4 size %u <<<<\n", httplen4); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -458,7 +465,7 @@ static int HTPFileParserTest02(void) { goto end; } - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0); if (tx == NULL) { goto end; } @@ -476,6 +483,8 @@ static int HTPFileParserTest02(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (http_state != NULL) HTPStateFree(http_state); @@ -516,6 +525,7 @@ static int HTPFileParserTest03(void) { TcpSession ssn; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -523,12 +533,13 @@ static int HTPFileParserTest03(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCLogDebug("\n>>>> processing chunk 1 <<<<\n"); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -539,7 +550,7 @@ static int HTPFileParserTest03(void) { SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -550,7 +561,7 @@ static int HTPFileParserTest03(void) { SCLogDebug("\n>>>> processing chunk 3 size %u <<<<\n", httplen3); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -561,7 +572,7 @@ static int HTPFileParserTest03(void) { SCLogDebug("\n>>>> processing chunk 4 size %u <<<<\n", httplen4); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -572,7 +583,7 @@ static int HTPFileParserTest03(void) { SCLogDebug("\n>>>> processing chunk 5 size %u <<<<\n", httplen5); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf5, httplen5); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf5, httplen5); if (r != 0) { printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -583,7 +594,7 @@ static int HTPFileParserTest03(void) { SCLogDebug("\n>>>> processing chunk 6 size %u <<<<\n", httplen6); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf6, httplen6); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf6, httplen6); if (r != 0) { printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -599,7 +610,7 @@ static int HTPFileParserTest03(void) { goto end; } - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0); if (tx == NULL) { goto end; } @@ -622,6 +633,8 @@ static int HTPFileParserTest03(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (http_state != NULL) HTPStateFree(http_state); @@ -662,6 +675,7 @@ static int HTPFileParserTest04(void) { TcpSession ssn; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -669,12 +683,13 @@ static int HTPFileParserTest04(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCLogDebug("\n>>>> processing chunk 1 <<<<\n"); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -685,7 +700,7 @@ static int HTPFileParserTest04(void) { SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -696,7 +711,7 @@ static int HTPFileParserTest04(void) { SCLogDebug("\n>>>> processing chunk 3 size %u <<<<\n", httplen3); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -707,7 +722,7 @@ static int HTPFileParserTest04(void) { SCLogDebug("\n>>>> processing chunk 4 size %u <<<<\n", httplen4); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -718,7 +733,7 @@ static int HTPFileParserTest04(void) { SCLogDebug("\n>>>> processing chunk 5 size %u <<<<\n", httplen5); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf5, httplen5); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf5, httplen5); if (r != 0) { printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -729,7 +744,7 @@ static int HTPFileParserTest04(void) { SCLogDebug("\n>>>> processing chunk 6 size %u <<<<\n", httplen6); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf6, httplen6); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf6, httplen6); if (r != 0) { printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -745,7 +760,7 @@ static int HTPFileParserTest04(void) { goto end; } - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0); if (tx == NULL) { goto end; } @@ -763,6 +778,8 @@ static int HTPFileParserTest04(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (http_state != NULL) HTPStateFree(http_state); @@ -794,6 +811,7 @@ static int HTPFileParserTest05(void) { TcpSession ssn; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -801,12 +819,13 @@ static int HTPFileParserTest05(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCLogDebug("\n>>>> processing chunk 1 size %u <<<<\n", httplen1); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -817,7 +836,7 @@ static int HTPFileParserTest05(void) { SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -833,7 +852,7 @@ static int HTPFileParserTest05(void) { goto end; } - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0); if (tx == NULL) { goto end; } @@ -882,6 +901,8 @@ static int HTPFileParserTest05(void) { } result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (http_state != NULL) HTPStateFree(http_state); @@ -914,6 +935,7 @@ static int HTPFileParserTest06(void) { TcpSession ssn; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -921,12 +943,13 @@ static int HTPFileParserTest06(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCLogDebug("\n>>>> processing chunk 1 size %u <<<<\n", httplen1); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -937,7 +960,7 @@ static int HTPFileParserTest06(void) { SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -953,7 +976,7 @@ static int HTPFileParserTest06(void) { goto end; } - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0); if (tx == NULL) { goto end; } @@ -1002,6 +1025,8 @@ static int HTPFileParserTest06(void) { } result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (http_state != NULL) HTPStateFree(http_state); @@ -1023,6 +1048,7 @@ static int HTPFileParserTest07(void) { TcpSession ssn; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -1030,12 +1056,13 @@ static int HTPFileParserTest07(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCLogDebug("\n>>>> processing chunk 1 size %u <<<<\n", httplen1); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1046,7 +1073,7 @@ static int HTPFileParserTest07(void) { SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1062,7 +1089,7 @@ static int HTPFileParserTest07(void) { goto end; } - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0); if (tx == NULL) { goto end; } @@ -1094,6 +1121,8 @@ static int HTPFileParserTest07(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (http_state != NULL) HTPStateFree(http_state); @@ -1119,6 +1148,7 @@ static int HTPFileParserTest08(void) { uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); HtpState *http_state = NULL; memset(&ssn, 0, sizeof(ssn)); @@ -1126,12 +1156,13 @@ static int HTPFileParserTest08(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCLogDebug("\n>>>> processing chunk 1 <<<<\n"); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1142,7 +1173,7 @@ static int HTPFileParserTest08(void) { SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1159,7 +1190,7 @@ static int HTPFileParserTest08(void) { } SCMutexLock(&f->m); - AppLayerDecoderEvents *decoder_events = AppLayerGetDecoderEventsForFlow(f); + AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(f->alparser); if (decoder_events == NULL) { printf("no app events: "); SCMutexUnlock(&f->m); @@ -1174,6 +1205,8 @@ static int HTPFileParserTest08(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (http_state != NULL) HTPStateFree(http_state); @@ -1210,6 +1243,7 @@ static int HTPFileParserTest09(void) { TcpSession ssn; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -1217,12 +1251,13 @@ static int HTPFileParserTest09(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCLogDebug("\n>>>> processing chunk 1 <<<<\n"); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1233,7 +1268,7 @@ static int HTPFileParserTest09(void) { SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1244,7 +1279,7 @@ static int HTPFileParserTest09(void) { SCLogDebug("\n>>>> processing chunk 3 size %u <<<<\n", httplen3); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1255,7 +1290,7 @@ static int HTPFileParserTest09(void) { SCLogDebug("\n>>>> processing chunk 4 size %u <<<<\n", httplen4); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1272,7 +1307,7 @@ static int HTPFileParserTest09(void) { } SCMutexLock(&f->m); - AppLayerDecoderEvents *decoder_events = AppLayerGetDecoderEventsForFlow(f); + AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(f->alparser); if (decoder_events == NULL) { printf("no app events: "); SCMutexUnlock(&f->m); @@ -1287,6 +1322,8 @@ static int HTPFileParserTest09(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (http_state != NULL) HTPStateFree(http_state); @@ -1321,6 +1358,7 @@ static int HTPFileParserTest10(void) { TcpSession ssn; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -1328,12 +1366,13 @@ static int HTPFileParserTest10(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCLogDebug("\n>>>> processing chunk 1 <<<<\n"); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1344,7 +1383,7 @@ static int HTPFileParserTest10(void) { SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1355,7 +1394,7 @@ static int HTPFileParserTest10(void) { SCLogDebug("\n>>>> processing chunk 3 size %u <<<<\n", httplen3); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1366,7 +1405,7 @@ static int HTPFileParserTest10(void) { SCLogDebug("\n>>>> processing chunk 4 size %u <<<<\n", httplen4); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1383,7 +1422,7 @@ static int HTPFileParserTest10(void) { } SCMutexLock(&f->m); - AppLayerDecoderEvents *decoder_events = AppLayerGetDecoderEventsForFlow(f); + AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(f->alparser); if (decoder_events != NULL) { printf("app events: "); SCMutexUnlock(&f->m); @@ -1393,6 +1432,8 @@ static int HTPFileParserTest10(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (http_state != NULL) HTPStateFree(http_state); @@ -1455,6 +1496,7 @@ static int HTPFileParserTest11(void) { TcpSession ssn; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -1462,12 +1504,13 @@ static int HTPFileParserTest11(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCLogDebug("\n>>>> processing chunk 1 <<<<\n"); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f->m); @@ -1477,7 +1520,7 @@ static int HTPFileParserTest11(void) { SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f->m); @@ -1487,7 +1530,7 @@ static int HTPFileParserTest11(void) { SCLogDebug("\n>>>> processing chunk 3 size %u <<<<\n", httplen3); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f->m); @@ -1497,7 +1540,7 @@ static int HTPFileParserTest11(void) { SCLogDebug("\n>>>> processing chunk 4 size %u <<<<\n", httplen4); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f->m); @@ -1512,7 +1555,7 @@ static int HTPFileParserTest11(void) { } SCMutexLock(&f->m); - AppLayerDecoderEvents *decoder_events = AppLayerGetDecoderEventsForFlow(f); + AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(f->alparser); if (decoder_events != NULL) { printf("app events: "); SCMutexUnlock(&f->m); @@ -1520,7 +1563,7 @@ static int HTPFileParserTest11(void) { } SCMutexUnlock(&f->m); - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0); if (tx == NULL) { goto end; } @@ -1552,6 +1595,8 @@ static int HTPFileParserTest11(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (http_state != NULL) HTPStateFree(http_state); diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index 183ce48e90..ca793007a1 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -52,6 +52,7 @@ #include "app-layer-protos.h" #include "app-layer-parser.h" +#include "app-layer.h" #include "app-layer-htp.h" #include "app-layer-htp-body.h" #include "app-layer-htp-file.h" @@ -612,10 +613,9 @@ static inline void HTPErrorCheckTxRequestFlags(HtpState *s, htp_tx_t *tx) * \retval On success returns 1 or on failure returns -1. */ static int HTPHandleRequestData(Flow *f, void *htp_state, - AppLayerParserState *pstate, + void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, - AppLayerParserResult *output) + void *local_data) { SCEnter(); int r = -1; @@ -720,8 +720,9 @@ static int HTPHandleRequestData(Flow *f, void *htp_state, HTPHandleError(hstate); /* if the TCP connection is closed, then close the HTTP connection */ - if ((pstate->flags & APP_LAYER_PARSER_EOF) && - !(hstate->flags & HTP_FLAG_STATE_CLOSED_TS)) { + if (AppLayerParserParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF) && + !(hstate->flags & HTP_FLAG_STATE_CLOSED_TS)) + { htp_connp_close(hstate->connp, &ts); hstate->flags |= HTP_FLAG_STATE_CLOSED_TS; SCLogDebug("stream eof encountered, closing htp handle for ts"); @@ -748,10 +749,9 @@ error: * \retval On success returns 1 or on failure returns -1 */ static int HTPHandleResponseData(Flow *f, void *htp_state, - AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, - void *local_data, - AppLayerParserResult *output) + void *pstate, + uint8_t *input, uint32_t input_len, + void *local_data) { SCEnter(); int r = -1; @@ -796,8 +796,9 @@ static int HTPHandleResponseData(Flow *f, void *htp_state, } /* if we the TCP connection is closed, then close the HTTP connection */ - if ((pstate->flags & APP_LAYER_PARSER_EOF) && - !(hstate->flags & HTP_FLAG_STATE_CLOSED_TC)) { + if (AppLayerParserParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF) && + !(hstate->flags & HTP_FLAG_STATE_CLOSED_TC)) + { htp_connp_close(hstate->connp, &ts); hstate->flags |= HTP_FLAG_STATE_CLOSED_TC; } @@ -1256,7 +1257,7 @@ int HtpRequestBodyHandleMultipart(HtpState *hstate, HtpTxUserData *htud, /* we currently only handle multipart for ts. When we support it for tc, * we will need to supply right direction */ - tx_progress = AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0); + tx_progress = AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER); /* if we're in the file storage process, deal with that now */ if (htud->tsflags & HTP_FILENAME_SET) { if (header_start != NULL || form_end != NULL || (tx_progress > HTP_REQUEST_BODY)) { @@ -1908,8 +1909,11 @@ void HTPFreeConfig(void) { SCEnter(); - if (!AppLayerProtoDetectionEnabled("http") || !AppLayerParserEnabled("http")) + if (!AppLayerProtoDetectConfProtoDetectionEnabled("tcp", "http") || + !AppLayerParserConfParserEnabled("tcp", "http")) + { SCReturn; + } HTPCfgRec *nextrec = cfglist.next; SCRadixReleaseRadixTree(cfgtree); @@ -1959,7 +1963,7 @@ static int HTPCallbackRequest(htp_tx_t *tx) { /* request done, do raw reassembly now to inspect state and stream * at the same time. */ - AppLayerTriggerRawStreamReassembly(hstate->f); + AppLayerParserTriggerRawStreamReassembly(hstate->f); SCReturnInt(HTP_OK); } @@ -1994,7 +1998,7 @@ static int HTPCallbackResponse(htp_tx_t *tx) { /* response done, do raw reassembly now to inspect state and stream * at the same time. */ - AppLayerTriggerRawStreamReassembly(hstate->f); + AppLayerParserTriggerRawStreamReassembly(hstate->f); SCReturnInt(HTP_OK); } @@ -2529,7 +2533,7 @@ static FileContainer *HTPStateGetFiles(void *state, uint8_t direction) { static int HTPStateGetAlstateProgress(void *tx, uint8_t direction) { - if (direction == 0) + if (direction & STREAM_TOSERVER) return ((htp_tx_t *)tx)->request_progress; else return ((htp_tx_t *)tx)->response_progress; @@ -2547,7 +2551,7 @@ static void *HTPStateGetTx(void *alstate, uint64_t tx_id) static int HTPStateGetAlstateProgressCompletionStatus(uint8_t direction) { - return (direction == 0) ? HTP_REQUEST_COMPLETE : HTP_RESPONSE_COMPLETE; + return (direction & STREAM_TOSERVER) ? HTP_REQUEST_COMPLETE : HTP_RESPONSE_COMPLETE; } int HTPStateGetEventInfo(const char *event_name, @@ -2566,13 +2570,108 @@ int HTPStateGetEventInfo(const char *event_name, return 0; } -static void HTPStateTruncate(void *state, uint8_t flags) { - FileContainer *fc = HTPStateGetFiles(state, flags); +static void HTPStateTruncate(void *state, uint8_t direction) +{ + FileContainer *fc = HTPStateGetFiles(state, direction); if (fc != NULL) { FileTruncateAllOpenFiles(fc); } } +static int HTPRegisterPatternsForProtocolDetection(void) +{ + /* toserver */ + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "GET|20|", 4, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "GET|09|", 4, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "PUT|20|", 4, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "PUT|09|", 4, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "POST|20|", 5, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "POST|09|", 5, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "HEAD|20|", 5, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "HEAD|09|", 5, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "TRACE|20|", 6, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "TRACE|09|", 6, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "OPTIONS|20|", 8, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "OPTIONS|09|", 8, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "CONNECT|20|", 8, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "CONNECT|09|", 8, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + + /* toclient */ + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "HTTP/0.9", 8, 0, STREAM_TOCLIENT) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "HTTP/1.0", 8, 0, STREAM_TOCLIENT) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, + "HTTP/1.1", 8, 0, STREAM_TOCLIENT) < 0) + { + return -1; + } + + return 0; +} + /** * \brief Register the HTTP protocol and state handling functions to APP layer * of the engine. @@ -2584,59 +2683,43 @@ void RegisterHTPParsers(void) char *proto_name = "http"; /** HTTP */ - if (AppLayerProtoDetectionEnabled(proto_name)) { - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "GET|20|", 4, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "GET|09|", 4, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "PUT|20|", 4, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "PUT|09|", 4, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "POST|20|", 5, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "POST|09|", 5, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|20|", 5, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|09|", 5, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "TRACE|20|", 6, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "TRACE|09|", 6, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS|20|", 8, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS|09|", 8, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "CONNECT|20|", 8, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "CONNECT|09|", 8, 0, STREAM_TOSERVER); - - /* toclient direction */ - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "HTTP/0.9", 8, 0, STREAM_TOCLIENT); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "HTTP/1.0", 8, 0, STREAM_TOCLIENT); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "HTTP/1.1", 8, 0, STREAM_TOCLIENT); - AppLayerRegisterParserAcceptableDataDirection(ALPROTO_HTTP, STREAM_TOSERVER); + if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) { + AppLayerProtoDetectRegisterProtocol(ALPROTO_HTTP, proto_name); + if (HTPRegisterPatternsForProtocolDetection() < 0) + return; } else { SCLogInfo("Protocol detection and parser disabled for %s protocol", proto_name); return; } - if (AppLayerParserEnabled(proto_name)) { - AppLayerRegisterStateFuncs(ALPROTO_HTTP, HTPStateAlloc, HTPStateFree); - AppLayerRegisterTxFreeFunc(ALPROTO_HTTP, HTPStateTransactionFree); - AppLayerRegisterGetFilesFunc(ALPROTO_HTTP, HTPStateGetFiles); - AppLayerRegisterGetAlstateProgressFunc(ALPROTO_HTTP, HTPStateGetAlstateProgress); - AppLayerRegisterGetTxCnt(ALPROTO_HTTP, HTPStateGetTxCnt); - AppLayerRegisterGetTx(ALPROTO_HTTP, HTPStateGetTx); - AppLayerRegisterGetAlstateProgressCompletionStatus(ALPROTO_HTTP, - HTPStateGetAlstateProgressCompletionStatus); + if (AppLayerParserConfParserEnabled("tcp", proto_name)) { + AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_HTTP, HTPStateAlloc, HTPStateFree); + AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_HTTP, HTPStateTransactionFree); + AppLayerParserRegisterGetFilesFunc(IPPROTO_TCP, ALPROTO_HTTP, HTPStateGetFiles); + AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_HTTP, HTPStateGetAlstateProgress); + AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, HTPStateGetTxCnt); + AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_HTTP, HTPStateGetTx); + AppLayerParserRegisterGetStateProgressCompletionStatus(IPPROTO_TCP, ALPROTO_HTTP, + HTPStateGetAlstateProgressCompletionStatus); - AppLayerRegisterGetEventInfo(ALPROTO_HTTP, HTPStateGetEventInfo); + AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_HTTP, HTPStateGetEventInfo); - AppLayerRegisterTruncateFunc(ALPROTO_HTTP, HTPStateTruncate); + AppLayerParserRegisterTruncateFunc(IPPROTO_TCP, ALPROTO_HTTP, HTPStateTruncate); - AppLayerRegisterProto(proto_name, ALPROTO_HTTP, STREAM_TOSERVER, - HTPHandleRequestData); - AppLayerRegisterProto(proto_name, ALPROTO_HTTP, STREAM_TOCLIENT, - HTPHandleResponseData); + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_HTTP, STREAM_TOSERVER, + HTPHandleRequestData); + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_HTTP, STREAM_TOCLIENT, + HTPHandleResponseData); SC_ATOMIC_INIT(htp_config_flags); + AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_HTTP, STREAM_TOSERVER); HTPConfigure(); } else { SCLogInfo("Parsed disabled for %s protocol. Protocol detection" "still on.", proto_name); } #ifdef UNITTESTS - AppLayerParserRegisterUnittests(ALPROTO_HTTP, HTPParserRegisterTests); + AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_HTTP, HTPParserRegisterTests); #endif SCReturn; @@ -2670,6 +2753,7 @@ int HTPParserTest01(void) { TcpSession ssn; HtpState *htp_state = NULL; int r = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -2677,6 +2761,7 @@ int HTPParserTest01(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -2692,7 +2777,7 @@ int HTPParserTest01(void) { flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -2726,6 +2811,8 @@ int HTPParserTest01(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (htp_state != NULL) HTPStateFree(htp_state); @@ -2741,6 +2828,7 @@ int HTPParserTest02(void) { uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -2748,12 +2836,13 @@ int HTPParserTest02(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START| - STREAM_EOF, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START| + STREAM_EOF, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2779,6 +2868,8 @@ int HTPParserTest02(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (http_state != NULL) HTPStateFree(http_state); @@ -2797,12 +2888,15 @@ int HTPParserTest03(void) { HtpState *htp_state = NULL; int r = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&ssn, 0, sizeof(ssn)); f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80); if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -2815,7 +2909,7 @@ int HTPParserTest03(void) { else flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -2846,6 +2940,8 @@ int HTPParserTest03(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (htp_state != NULL) HTPStateFree(htp_state); @@ -2863,6 +2959,7 @@ int HTPParserTest04(void) { uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; int r = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -2870,12 +2967,13 @@ int HTPParserTest04(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START| - STREAM_EOF, httpbuf1, httplen1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START| + STREAM_EOF, httpbuf1, httplen1); if (r != 0) { SCMutexUnlock(&f->m); goto end; @@ -2902,6 +3000,8 @@ int HTPParserTest04(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (htp_state != NULL) HTPStateFree(htp_state); @@ -2929,6 +3029,7 @@ int HTPParserTest05(void) { uint8_t httpbuf6[] = "esults are tha bomb!"; uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -2936,12 +3037,13 @@ int HTPParserTest05(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, - httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, + httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2949,8 +3051,8 @@ int HTPParserTest05(void) { goto end; } - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, httpbuf4, - httplen4); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, httpbuf4, + httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2958,7 +3060,7 @@ int HTPParserTest05(void) { goto end; } - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf5, httplen5); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf5, httplen5); if (r != 0) { printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2966,7 +3068,7 @@ int HTPParserTest05(void) { goto end; } - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2974,8 +3076,8 @@ int HTPParserTest05(void) { goto end; } - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, - httplen3); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, + httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2983,8 +3085,8 @@ int HTPParserTest05(void) { goto end; } - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf6, - httplen6); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf6, + httplen6); if (r != 0) { printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3021,6 +3123,8 @@ int HTPParserTest05(void) { goto end; } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (http_state != NULL) HTPStateFree(http_state); @@ -3077,6 +3181,7 @@ int HTPParserTest06(void) { uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */ TcpSession ssn; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -3084,12 +3189,13 @@ int HTPParserTest06(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, - httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, + httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3097,8 +3203,8 @@ int HTPParserTest06(void) { goto end; } - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, httpbuf2, - httplen2); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, httpbuf2, + httplen2); if (r != 0) { printf("toclient chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3137,6 +3243,8 @@ int HTPParserTest06(void) { goto end; } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (http_state != NULL) HTPStateFree(http_state); @@ -3154,6 +3262,7 @@ int HTPParserTest07(void) { TcpSession ssn; HtpState *htp_state = NULL; int r = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -3161,6 +3270,7 @@ int HTPParserTest07(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -3176,7 +3286,7 @@ int HTPParserTest07(void) { flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -3221,6 +3331,8 @@ int HTPParserTest07(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (htp_state != NULL) HTPStateFree(htp_state); @@ -3238,6 +3350,7 @@ int HTPParserTest08(void) { uint8_t httpbuf1[] = "GET /secondhouse/image/js/\%ce\%de\%ce\%fd_RentCity.js?v=2011.05.02 HTTP/1.0\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); char input[] = "\ %YAML 1.1\n\ @@ -3263,6 +3376,7 @@ libhtp:\n\ if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -3270,7 +3384,7 @@ libhtp:\n\ flags = STREAM_TOSERVER|STREAM_START|STREAM_EOF; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, httpbuf1, httplen1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk returned %" PRId32 ", expected" " 0: ", r); @@ -3299,6 +3413,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (htp_state != NULL) HTPStateFree(htp_state); @@ -3319,6 +3435,7 @@ int HTPParserTest09(void) { uint8_t httpbuf1[] = "GET /secondhouse/image/js/\%ce\%de\%ce\%fd_RentCity.js?v=2011.05.02 HTTP/1.0\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); char input[] = "\ %YAML 1.1\n\ @@ -3345,6 +3462,7 @@ libhtp:\n\ if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -3352,7 +3470,7 @@ libhtp:\n\ flags = STREAM_TOSERVER|STREAM_START|STREAM_EOF; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, httpbuf1, httplen1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk returned %" PRId32 ", expected" " 0: ", r); @@ -3381,6 +3499,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (htp_state != NULL) HTPStateFree(htp_state); @@ -3403,6 +3523,7 @@ int HTPParserTest10(void) { TcpSession ssn; HtpState *htp_state = NULL; int r = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -3410,6 +3531,7 @@ int HTPParserTest10(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -3425,7 +3547,7 @@ int HTPParserTest10(void) { flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -3473,6 +3595,8 @@ int HTPParserTest10(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (htp_state != NULL) HTPStateFree(htp_state); @@ -3490,6 +3614,7 @@ static int HTPParserTest11(void) { TcpSession ssn; HtpState *htp_state = NULL; int r = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -3497,6 +3622,7 @@ static int HTPParserTest11(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -3512,7 +3638,7 @@ static int HTPParserTest11(void) { flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -3553,6 +3679,8 @@ static int HTPParserTest11(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (htp_state != NULL) HTPStateFree(htp_state); @@ -3570,6 +3698,7 @@ static int HTPParserTest12(void) { TcpSession ssn; HtpState *htp_state = NULL; int r = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -3577,6 +3706,7 @@ static int HTPParserTest12(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -3592,7 +3722,7 @@ static int HTPParserTest12(void) { flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -3635,7 +3765,9 @@ static int HTPParserTest12(void) { } result = 1; -end: + end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (htp_state != NULL) HTPStateFree(htp_state); @@ -3653,6 +3785,7 @@ int HTPParserTest13(void) { TcpSession ssn; HtpState *htp_state = NULL; int r = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -3660,6 +3793,7 @@ int HTPParserTest13(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -3675,7 +3809,7 @@ int HTPParserTest13(void) { flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -3725,6 +3859,8 @@ int HTPParserTest13(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (htp_state != NULL) HTPStateFree(htp_state); @@ -4019,6 +4155,7 @@ int HTPParserConfigTest03(void) " Data is c0oL!"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); HtpState *htp_state = NULL; int r = 0; @@ -4059,6 +4196,7 @@ libhtp:\n\ if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; SCRadixNode *cfgnode = NULL; htp_cfg_t *htp = cfglist.cfg; @@ -4087,7 +4225,7 @@ libhtp:\n\ else flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -4128,6 +4266,8 @@ libhtp:\n\ } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); HTPFreeConfig(); ConfDeInit(); ConfRestoreContextBackup(); @@ -4230,6 +4370,7 @@ static int HTPParserDecodingTest01(void) "GET /abc/def?ghi%252fjkl HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); HtpState *htp_state = NULL; int r = 0; @@ -4254,6 +4395,7 @@ libhtp:\n\ if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -4266,7 +4408,7 @@ libhtp:\n\ else flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -4367,6 +4509,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); HTPFreeConfig(); ConfDeInit(); ConfRestoreContextBackup(); @@ -4395,6 +4539,7 @@ static int HTPParserDecodingTest02(void) "GET /abc/def?ghi%252fjkl HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); HtpState *htp_state = NULL; int r = 0; @@ -4421,6 +4566,7 @@ libhtp:\n\ if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -4433,7 +4579,7 @@ libhtp:\n\ else flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -4534,6 +4680,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); HTPFreeConfig(); ConfDeInit(); ConfRestoreContextBackup(); @@ -4560,6 +4708,7 @@ static int HTPParserDecodingTest03(void) "GET /abc/def?ghi%252fjkl HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); HtpState *htp_state = NULL; int r = 0; @@ -4586,6 +4735,7 @@ libhtp:\n\ if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -4598,7 +4748,7 @@ libhtp:\n\ else flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -4673,6 +4823,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); HTPFreeConfig(); ConfDeInit(); ConfRestoreContextBackup(); @@ -4695,6 +4847,7 @@ static int HTPParserDecodingTest04(void) "GET /abc/def?a=http://www.abc.com/ HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); HtpState *htp_state = NULL; int r = 0; @@ -4721,6 +4874,7 @@ libhtp:\n\ if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -4733,7 +4887,7 @@ libhtp:\n\ else flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -4781,6 +4935,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); HTPFreeConfig(); ConfDeInit(); ConfRestoreContextBackup(); @@ -4803,6 +4959,7 @@ static int HTPParserDecodingTest05(void) "GET /index?id=\\\" HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); HtpState *htp_state = NULL; int r = 0; @@ -4829,6 +4986,7 @@ libhtp:\n\ if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -4841,7 +4999,7 @@ libhtp:\n\ else flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -4889,6 +5047,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); HTPFreeConfig(); ConfDeInit(); ConfRestoreContextBackup(); @@ -4911,6 +5071,7 @@ static int HTPParserDecodingTest06(void) "GET /put.php?ip=1.2.3.4&port=+6000 HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); HtpState *htp_state = NULL; int r = 0; @@ -4937,6 +5098,7 @@ libhtp:\n\ if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -4949,7 +5111,7 @@ libhtp:\n\ else flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -4997,6 +5159,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); HTPFreeConfig(); ConfDeInit(); ConfRestoreContextBackup(); @@ -5019,6 +5183,7 @@ static int HTPParserDecodingTest07(void) "GET /put.php?ip=1.2.3.4&port=+6000 HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); HtpState *htp_state = NULL; int r = 0; @@ -5046,6 +5211,7 @@ libhtp:\n\ if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -5058,7 +5224,7 @@ libhtp:\n\ else flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -5106,6 +5272,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); HTPFreeConfig(); ConfDeInit(); ConfRestoreContextBackup(); @@ -5128,6 +5296,7 @@ static int HTPParserDecodingTest08(void) "GET http://suricata-ids.org/blah/ HTTP/1.1\r\nHost: suricata-ids.org\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); HtpState *htp_state = NULL; int r = 0; @@ -5152,6 +5321,7 @@ libhtp:\n\ if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -5164,7 +5334,7 @@ libhtp:\n\ else flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -5212,6 +5382,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); HTPFreeConfig(); ConfDeInit(); ConfRestoreContextBackup(); @@ -5234,6 +5406,7 @@ static int HTPParserDecodingTest09(void) "GET http://suricata-ids.org/blah/ HTTP/1.1\r\nHost: suricata-ids.org\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); HtpState *htp_state = NULL; int r = 0; @@ -5259,6 +5432,7 @@ libhtp:\n\ if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -5271,7 +5445,7 @@ libhtp:\n\ else flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -5319,6 +5493,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); HTPFreeConfig(); ConfDeInit(); ConfRestoreContextBackup(); @@ -5341,7 +5517,7 @@ static int HTPBodyReassemblyTest01(void) memset(&hstate, 0x00, sizeof(hstate)); Flow flow; memset(&flow, 0x00, sizeof(flow)); - AppLayerParserStateStore parser; + void *parser = AppLayerParserAllocAppLayerParserParserState(); memset(&parser, 0x00, sizeof(parser)); htp_tx_t tx; memset(&tx, 0, sizeof(tx)); @@ -5412,6 +5588,7 @@ libhtp:\n\ TcpSession ssn; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -5419,12 +5596,13 @@ libhtp:\n\ if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCLogDebug("\n>>>> processing chunk 1 <<<<\n"); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5434,7 +5612,7 @@ libhtp:\n\ SCMutexUnlock(&f->m); SCLogDebug("\n>>>> processing chunk 1 again <<<<\n"); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5451,7 +5629,7 @@ libhtp:\n\ } SCMutexLock(&f->m); - AppLayerDecoderEvents *decoder_events = AppLayerGetDecoderEventsForFlow(f); + AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(f->alparser); if (decoder_events != NULL) { printf("app events: "); SCMutexUnlock(&f->m); @@ -5460,6 +5638,8 @@ libhtp:\n\ SCMutexUnlock(&f->m); result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); HTPFreeConfig(); ConfDeInit(); ConfRestoreContextBackup(); @@ -5492,6 +5672,7 @@ libhtp:\n\ request-body-limit: 0\n\ response-body-limit: 0\n\ "; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -5528,6 +5709,7 @@ libhtp:\n\ if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -5540,7 +5722,7 @@ libhtp:\n\ else flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, (uint8_t *)&httpbuf[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, (uint8_t *)&httpbuf[u], 1); if (u < 18294) { /* first 18294 bytes should result in 0 */ if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" @@ -5580,7 +5762,7 @@ libhtp:\n\ } SCMutexLock(&f->m); - AppLayerDecoderEvents *decoder_events = AppLayerGetDecoderEventsForFlow(f); + AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(f->alparser); if (decoder_events == NULL) { printf("no app events: "); SCMutexUnlock(&f->m); @@ -5595,6 +5777,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (htp_state != NULL) HTPStateFree(htp_state); @@ -5631,6 +5815,7 @@ libhtp:\n\ response-body-limit: 0\n\ meta-field-limit: 20000\n\ "; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); @@ -5667,6 +5852,7 @@ libhtp:\n\ if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); @@ -5679,7 +5865,7 @@ libhtp:\n\ else flags = STREAM_TOSERVER; SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, (uint8_t *)&httpbuf[u], 1); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, (uint8_t *)&httpbuf[u], 1); if (r != 0) { printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" " 0: ", u, r); @@ -5705,7 +5891,7 @@ libhtp:\n\ } SCMutexLock(&f->m); - AppLayerDecoderEvents *decoder_events = AppLayerGetDecoderEventsForFlow(f); + AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(f->alparser); if (decoder_events != NULL) { printf("app events: "); SCMutexUnlock(&f->m); @@ -5715,6 +5901,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (htp_state != NULL) HTPStateFree(htp_state); diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index ed8f18db10..f6a3a78b74 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -33,6 +33,7 @@ #include "util-pool.h" #include "flow-util.h" +#include "flow-private.h" #include "detect-engine-state.h" #include "detect-engine-port.h" @@ -65,2384 +66,979 @@ #include "util-unittest-helper.h" #include "util-validate.h" -AppLayerProto al_proto_table[ALPROTO_MAX]; /**< Application layer protocol - table mapped to their - corresponding parsers */ +#include "runmodes.h" -#define MAX_PARSERS 100 -static AppLayerParserTableElement al_parser_table[MAX_PARSERS]; -static uint16_t al_max_parsers = 0; /* incremented for every registered parser */ +typedef struct AppLayerParserCtxThread_ { + void *alproto_local_storage[FLOW_PROTO_MAX][ALPROTO_MAX]; +} AppLayerParserCtxThread; -static Pool *al_result_pool = NULL; -static SCMutex al_result_pool_mutex = SCMUTEX_INITIALIZER; -#ifdef DEBUG -static uint32_t al_result_pool_elmts = 0; -#endif /* DEBUG */ - -/** \brief Get the file container flow - * \param f flow pointer to a LOCKED flow - * \retval files void pointer to the state - * \retval direction flow direction, either STREAM_TOCLIENT or STREAM_TOSERVER - * \retval NULL in case we have no state */ -FileContainer *AppLayerGetFilesFromFlow(Flow *f, uint8_t direction) { - SCEnter(); - DEBUG_ASSERT_FLOW_LOCKED(f); - - uint16_t alproto = f->alproto; +/** + * \brief App layer protocol parser context. + */ +typedef struct AppLayerParserpCtx_ +{ + /* 0 - to_server, 1 - to_client. */ + int (*Parser[2])(Flow *f, void *protocol_state, + void *pstate, + uint8_t *input, uint32_t input_len, + void *local_storage); + char logger; + + void *(*StateAlloc)(void); + void (*StateFree)(void *); + void (*StateTransactionFree)(void *, uint64_t); + void *(*LocalStorageAlloc)(void); + void (*LocalStorageFree)(void *); + + void (*Truncate)(void *, uint8_t); + FileContainer *(*StateGetFiles)(void *, uint8_t); + AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t); + int (*StateHasEvents)(void *); + + int (*StateGetProgress)(void *alstate, uint8_t direction); + uint64_t (*StateGetTxCnt)(void *alstate); + void *(*StateGetTx)(void *alstate, uint64_t tx_id); + int (*StateGetProgressCompletionStatus)(uint8_t direction); + int (*StateGetEventInfo)(const char *event_name, + int *event_id, AppLayerEventType *event_type); + + /* Indicates the direction the parser is ready to see the data + * the first time for a flow. Values accepted - + * STREAM_TOSERVER, STREAM_TOCLIENT */ + uint8_t first_data_dir; - if (alproto == ALPROTO_UNKNOWN) - SCReturnPtr(NULL, "FileContainer"); +#ifdef UNITTESTS + void (*RegisterUnittests)(void); +#endif +} AppLayerParserpCtx; + +typedef struct AppLayerParserCtx_ { + AppLayerParserpCtx ctxs[FLOW_PROTO_MAX][ALPROTO_MAX]; +} AppLayerParserCtx; + +typedef struct AppLayerParserParserState_ { + uint8_t flags; + + /* Indicates the current transaction that is being inspected. + * We have a var per direction. */ + uint64_t inspect_id[2]; + /* Indicates the current transaction being logged. Unlike inspect_id, + * we don't need a var per direction since we don't log a transaction + * unless we have the entire transaction. */ + uint64_t log_id; + /* State version, incremented for each update. Can wrap around. */ + uint16_t version; + + /* Used to store decoder events. */ + AppLayerDecoderEvents *decoder_events; +} AppLayerParserParserState; - if (al_proto_table[alproto].StateGetFiles != NULL) { - FileContainer *ptr = al_proto_table[alproto].StateGetFiles(AppLayerGetProtoStateFromFlow(f), direction); - SCReturnPtr(ptr, "FileContainer"); - } else { - SCReturnPtr(NULL, "FileContainer"); - } -} +/* Static global version of the parser context. + * Post 2.0 let's look at changing this to move it out to app-layer.c. */ +static AppLayerParserCtx alp_ctx; -/** \brief Get the decoder events from the flow - * \param f flow pointer to a LOCKED flow - * \param tx_id transaction id - * \retval files void pointer to the state - * \retval NULL in case we have no state */ -AppLayerDecoderEvents *AppLayerGetEventsFromFlowByTx(Flow *f, uint64_t tx_id) { +static void AppLayerParserTransactionsCleanup(uint16_t ipproto, AppProto alproto, + void *alstate, void *pstate) +{ SCEnter(); - DEBUG_ASSERT_FLOW_LOCKED(f); + AppLayerParserParserState *parser_state_store = pstate; + uint64_t inspect = 0, log = 0; + uint64_t min; + AppLayerParserpCtx *ctx = &alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]; + + if (ctx->StateTransactionFree == NULL) + goto end; - uint16_t alproto = f->alproto; - if (alproto == ALPROTO_UNKNOWN) - SCReturnPtr(NULL, "AppLayerDecoderEvents"); + if (parser_state_store->inspect_id[0] < parser_state_store->inspect_id[1]) + inspect = parser_state_store->inspect_id[0]; + else + inspect = parser_state_store->inspect_id[1]; + log = parser_state_store->log_id; - if (al_proto_table[alproto].StateGetEvents != NULL) { - AppLayerDecoderEvents *ptr = al_proto_table[alproto].StateGetEvents(AppLayerGetProtoStateFromFlow(f), tx_id); - SCReturnPtr(ptr, "AppLayerDecoderEvents"); + if (ctx->logger == TRUE) { + min = log < inspect ? log : inspect; + if (min > 0) + ctx->StateTransactionFree(alstate, min - 1); } else { - SCReturnPtr(NULL, "AppLayerDecoderEvents"); + if (inspect > 0) + ctx->StateTransactionFree(alstate, inspect - 1); } -} - -/** \brief check if we have decoder events - * \retval 1 yes - * \retval 0 no */ -int AppLayerFlowHasDecoderEvents(Flow *f, uint8_t flags) { - AppLayerDecoderEvents *decoder_events; - - DEBUG_ASSERT_FLOW_LOCKED(f); - if (f->alproto <= ALPROTO_UNKNOWN || f->alproto >= ALPROTO_MAX) - return 0; - - if (AppLayerProtoIsTxEventAware(f->alproto)) { - /* fast path if supported by proto */ - if (al_proto_table[f->alproto].StateHasEvents != NULL) { - if (al_proto_table[f->alproto].StateHasEvents(f->alstate) == 1) - return 1; - } else { - /* check each tx */ - uint64_t tx_id = AppLayerTransactionGetInspectId(f, flags); - uint64_t max_id = AppLayerGetTxCnt(f->alproto, f->alstate); + end: + SCReturn; +} - for ( ; tx_id < max_id; tx_id++) { - decoder_events = AppLayerGetEventsFromFlowByTx(f, tx_id); - if (decoder_events && decoder_events->cnt) - return 1; - } - } - } +void *AppLayerParserAllocAppLayerParserParserState(void) +{ + SCEnter(); - decoder_events = AppLayerGetDecoderEventsForFlow(f); - if (decoder_events && decoder_events->cnt) - return 1; + AppLayerParserParserState *pstate = (AppLayerParserParserState *)SCMalloc(sizeof(*pstate)); + if (pstate == NULL) + goto end; + memset(pstate, 0, sizeof(*pstate)); - return 0; + end: + SCReturnPtr(pstate, "pstate"); } -/** \brief Return true if alproto uses per TX events - * \param alproto proto to check - */ -int AppLayerProtoIsTxEventAware(uint16_t alproto) { - if (alproto > ALPROTO_UNKNOWN && alproto < ALPROTO_MAX && - al_proto_table[alproto].StateGetEvents != NULL) - return 1; +void AppLayerParserDeAllocAppLayerParserParserState(void *pstate) +{ + SCEnter(); + + if (((AppLayerParserParserState *)pstate)->decoder_events != NULL) + AppLayerDecoderEventsFreeEvents(((AppLayerParserParserState *)pstate)->decoder_events); + SCFree(pstate); - return 0; + SCReturn; } -/** \brief Alloc a AppLayerParserResultElmt func for the pool */ -static void *AlpResultElmtPoolAlloc() +int AppLayerParserSetup(void) { - AppLayerParserResultElmt *e = NULL; + SCEnter(); - e = (AppLayerParserResultElmt *)SCMalloc - (sizeof(AppLayerParserResultElmt)); - if (e == NULL) - return NULL; + memset(&alp_ctx, 0, sizeof(alp_ctx)); -#ifdef DEBUG - al_result_pool_elmts++; - SCLogDebug("al_result_pool_elmts %"PRIu32"", al_result_pool_elmts); -#endif /* DEBUG */ - return e; + SCReturnInt(0); } -int AppLayerGetAlstateProgress(uint16_t alproto, void *state, uint8_t direction) +int AppLayerParserDeSetup(void) { - return al_proto_table[alproto].StateGetAlstateProgress(state, direction); -} + SCEnter(); -uint64_t AppLayerGetTxCnt(uint16_t alproto, void *alstate) -{ - return al_proto_table[alproto].StateGetTxCnt(alstate); + SCReturnInt(0); } -void *AppLayerGetTx(uint16_t alproto, void *alstate, uint64_t tx_id) +void *AppLayerParserGetCtxThread(void) { - return al_proto_table[alproto].StateGetTx(alstate, tx_id); -} + SCEnter(); -int AppLayerGetAlstateProgressCompletionStatus(uint16_t alproto, uint8_t direction) -{ - return al_proto_table[alproto].StateGetAlstateProgressCompletionStatus(direction); -} + AppProto i = 0; + int j = 0; + AppLayerParserCtxThread *tctx; -int AppLayerAlprotoSupportsTxs(uint16_t alproto) -{ - return (al_proto_table[alproto].StateTransactionFree != NULL); + tctx = SCMalloc(sizeof(*tctx)); + if (tctx == NULL) + goto end; + memset(tctx, 0, sizeof(*tctx)); + + for (i = 0; i < FLOW_PROTO_DEFAULT; i++) { + for (j = 0; j < ALPROTO_MAX; j++) { + tctx->alproto_local_storage[i][j] = + AppLayerParserGetProtocolParserLocalStorage(FlowGetReverseProtoMapping(i), + j); + } + } + + end: + SCReturnPtr(tctx, "void *"); } -static void AlpResultElmtPoolCleanup(void *e) +void AppLayerParserDestroyCtxThread(void *alpd_tctx) { - AppLayerParserResultElmt *re = (AppLayerParserResultElmt *)e; + SCEnter(); - if (re->flags & ALP_RESULT_ELMT_ALLOC) { - if (re->data_ptr != NULL) - SCFree(re->data_ptr); + AppProto i = 0; + int j = 0; + AppLayerParserCtxThread *tctx = (AppLayerParserCtxThread *)alpd_tctx; + + for (i = 0; i < FLOW_PROTO_DEFAULT; i++) { + for (j = 0; j < ALPROTO_MAX; j++) { + AppLayerParserDestroyProtocolParserLocalStorage(FlowGetReverseProtoMapping(i), + j, + tctx->alproto_local_storage[i][j]); + } } -#ifdef DEBUG - al_result_pool_elmts--; - SCLogDebug("al_result_pool_elmts %"PRIu32"", al_result_pool_elmts); -#endif /* DEBUG */ + SCReturn; } -static AppLayerParserResultElmt *AlpGetResultElmt(void) +int AppLayerParserConfParserEnabled(const char *ipproto, + const char *alproto_name) { - SCMutexLock(&al_result_pool_mutex); - AppLayerParserResultElmt *e = (AppLayerParserResultElmt *)PoolGet(al_result_pool); - SCMutexUnlock(&al_result_pool_mutex); + SCEnter(); + + int enabled = 1; + char param[100]; + ConfNode *node; + int r; - if (e == NULL) { - return NULL; + if (RunmodeIsUnittests()) + goto enabled; + + r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.", + alproto_name, ".enabled"); + if (r < 0) { + SCLogError(SC_ERR_FATAL, "snprintf failure."); + exit(EXIT_FAILURE); + } else if (r > (int)sizeof(param)) { + SCLogError(SC_ERR_FATAL, "buffer not big enough to write param."); + exit(EXIT_FAILURE); } - e->next = NULL; - return e; -} -static void AlpReturnResultElmt(AppLayerParserResultElmt *e) -{ - if (e->flags & ALP_RESULT_ELMT_ALLOC) { - if (e->data_ptr != NULL) - SCFree(e->data_ptr); + node = ConfGetNode(param); + if (node == NULL) { + SCLogDebug("Entry for %s not found.", param); + r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.", + alproto_name, ".", ipproto, ".enabled"); + if (r < 0) { + SCLogError(SC_ERR_FATAL, "snprintf failure."); + exit(EXIT_FAILURE); + } else if (r > (int)sizeof(param)) { + SCLogError(SC_ERR_FATAL, "buffer not big enough to write param."); + exit(EXIT_FAILURE); + } + + node = ConfGetNode(param); + if (node == NULL) { + SCLogDebug("Entry for %s not found.", param); + goto enabled; + } } - e->flags = 0; - e->data_ptr = NULL; - e->data_len = 0; - e->next = NULL; - - SCMutexLock(&al_result_pool_mutex); - PoolReturn(al_result_pool, (void *)e); - SCMutexUnlock(&al_result_pool_mutex); -} -static void AlpAppendResultElmt(AppLayerParserResult *r, AppLayerParserResultElmt *e) -{ - if (r->head == NULL) { - r->head = e; - r->tail = e; - r->cnt = 1; + if (strcasecmp(node->val, "yes") == 0) { + goto enabled; + } else if (strcasecmp(node->val, "no") == 0) { + goto disabled; + } else if (strcasecmp(node->val, "detection-only") == 0) { + goto enabled; } else { - r->tail->next = e; - r->tail = e; - r->cnt++; + SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param); + exit(EXIT_FAILURE); } + + disabled: + enabled = 0; + enabled: + SCReturnInt(enabled); } -/** - * \param alloc Is ptr alloc'd (1) or a ptr to static mem (0). - * \retval -1 error - * \retval 0 ok - */ -static int AlpStoreField(AppLayerParserResult *output, uint16_t idx, - uint8_t *ptr, uint32_t len, uint8_t alloc) +/***** Parser related registration *****/ + +int AppLayerParserRegisterParser(uint16_t ipproto, AppProto alproto, + uint8_t direction, + int (*Parser)(Flow *f, void *protocol_state, + void *pstate, + uint8_t *buf, uint32_t buf_len, + void *local_storage)) { SCEnter(); - AppLayerParserResultElmt *e = AlpGetResultElmt(); - if (e == NULL) { - SCLogError(SC_ERR_POOL_EMPTY, "App layer \"al_result_pool\" is empty"); - SCReturnInt(-1); - } - - if (alloc == 1) - e->flags |= ALP_RESULT_ELMT_ALLOC; - - e->name_idx = idx; - e->data_ptr = ptr; - e->data_len = len; - AlpAppendResultElmt(output, e); + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + Parser[(direction & STREAM_TOSERVER) ? 0 : 1] = Parser; SCReturnInt(0); } -void AppLayerSetEOF(Flow *f) +void AppLayerParserRegisterParserAcceptableDataDirection(uint16_t ipproto, AppProto alproto, + uint8_t direction) { - if (f == NULL) - return; - - AppLayerParserStateStore *parser_state_store = - (AppLayerParserStateStore *)f->alparser; - if (parser_state_store != NULL) { - parser_state_store->id_flags |= APP_LAYER_TRANSACTION_EOF; - parser_state_store->to_client.flags |= APP_LAYER_PARSER_EOF; - parser_state_store->to_server.flags |= APP_LAYER_PARSER_EOF; - /* increase version so we will inspect it one more time - * with the EOF flags now set */ - parser_state_store->version++; - } + SCEnter(); + + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].first_data_dir |= + (direction & (STREAM_TOSERVER | STREAM_TOCLIENT)); + + SCReturn; } -/** \brief Parse a field up to we reach the size limit - * - * \retval 1 Field found and stored. - * \retval 0 Field parsing in progress. - * \retval -1 error - */ -int AlpParseFieldBySize(AppLayerParserResult *output, AppLayerParserState *pstate, - uint16_t field_idx, uint32_t size, uint8_t *input, - uint32_t input_len, uint32_t *offset) +void AppLayerParserRegisterStateFuncs(uint16_t ipproto, AppProto alproto, + void *(*StateAlloc)(void), + void (*StateFree)(void *)) { SCEnter(); - void *ptmp; - if ((pstate->store_len + input_len) < size) { - if (pstate->store_len == 0) { - pstate->store = SCMalloc(input_len); - if (pstate->store == NULL) - SCReturnInt(-1); + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateAlloc = + StateAlloc; + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateFree = + StateFree; - memcpy(pstate->store, input, input_len); - pstate->store_len = input_len; - } else { - ptmp = SCRealloc(pstate->store, (input_len + pstate->store_len)); - if (ptmp == NULL) { - SCFree(pstate->store); - pstate->store = NULL; - SCReturnInt(-1); - } - pstate->store = ptmp; + SCReturn; +} - memcpy(pstate->store+pstate->store_len, input, input_len); - pstate->store_len += input_len; - } - } else { - if (pstate->store_len == 0) { - int r = AlpStoreField(output, field_idx, input, size, /* static mem */0); - if (r == -1) { - SCLogError(SC_ERR_ALPARSER, "Failed to store field value"); - SCReturnInt(-1); - } - (*offset) += size; +void AppLayerParserRegisterLocalStorageFunc(uint16_t ipproto, AppProto alproto, + void *(*LocalStorageAlloc)(void), + void (*LocalStorageFree)(void *)) +{ + SCEnter(); - SCReturnInt(1); - } else { - uint32_t diff = size - pstate->store_len; + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageAlloc = + LocalStorageAlloc; + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageFree = + LocalStorageFree; - ptmp = SCRealloc(pstate->store, (diff + pstate->store_len)); - if (ptmp == NULL) { - SCFree(pstate->store); - pstate->store = NULL; - SCReturnInt(-1); - } - pstate->store = ptmp; + SCReturn; +} - memcpy(pstate->store+pstate->store_len, input, diff); - pstate->store_len += diff; +void AppLayerParserRegisterGetFilesFunc(uint16_t ipproto, AppProto alproto, + FileContainer *(*StateGetFiles)(void *, uint8_t)) +{ + SCEnter(); - int r = AlpStoreField(output, field_idx, pstate->store, - pstate->store_len, /* alloc mem */1); - if (r == -1) { - SCLogError(SC_ERR_ALPARSER, "Failed to store field value"); - SCReturnInt(-1); - } + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetFiles = + StateGetFiles; - (*offset) += diff; + SCReturn; +} - pstate->store = NULL; - pstate->store_len = 0; +void AppLayerParserRegisterGetEventsFunc(uint16_t ipproto, AppProto alproto, + AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t)) +{ + SCEnter(); - SCReturnInt(1); - } - } + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetEvents = + StateGetEvents; - SCReturnInt(0); + SCReturn; } -/** \brief Parse a field up to the EOF - * - * \retval 1 Field found and stored. - * \retval 0 Field parsing in progress. - * \retval -1 error - */ -int AlpParseFieldByEOF(AppLayerParserResult *output, AppLayerParserState *pstate, - uint16_t field_idx, uint8_t *input, uint32_t input_len) +void AppLayerParserRegisterHasEventsFunc(uint16_t ipproto, AppProto alproto, + int (*StateHasEvents)(void *)) { SCEnter(); - void *ptmp; - - if (pstate->store_len == 0) { - if (pstate->flags & APP_LAYER_PARSER_EOF) { - SCLogDebug("store_len 0 and EOF"); - int r = AlpStoreField(output, field_idx, input, input_len, 0); - if (r == -1) { - SCLogError(SC_ERR_ALPARSER, "Failed to store field value"); - SCReturnInt(-1); - } + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateHasEvents = + StateHasEvents; - SCReturnInt(1); - } else { - SCLogDebug("store_len 0 but no EOF"); + SCReturn; +} - /* delimiter field not found, so store the result for the next run */ - pstate->store = SCMalloc(input_len); - if (pstate->store == NULL) - SCReturnInt(-1); +void AppLayerParserRegisterLogger(uint16_t ipproto, AppProto alproto) +{ + SCEnter(); - memcpy(pstate->store, input, input_len); - pstate->store_len = input_len; - } - } else { - if (pstate->flags & APP_LAYER_PARSER_EOF) { - SCLogDebug("store_len %" PRIu32 " and EOF", pstate->store_len); - - ptmp = SCRealloc(pstate->store, (input_len + pstate->store_len)); - if (ptmp == NULL) { - SCFree(pstate->store); - pstate->store = NULL; - pstate->store_len = 0; - SCReturnInt(-1); - } - pstate->store = ptmp; + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger = TRUE; - memcpy(pstate->store+pstate->store_len, input, input_len); - pstate->store_len += input_len; + SCReturn; +} - int r = AlpStoreField(output, field_idx, pstate->store, pstate->store_len, 1); - if (r == -1) { - SCLogError(SC_ERR_ALPARSER, "Failed to store field value"); - SCReturnInt(-1); - } +void AppLayerParserRegisterTruncateFunc(uint16_t ipproto, AppProto alproto, + void (*Truncate)(void *, uint8_t)) +{ + SCEnter(); - pstate->store = NULL; - pstate->store_len = 0; + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate = Truncate; - SCReturnInt(1); - } else { - SCLogDebug("store_len %" PRIu32 " but no EOF", pstate->store_len); - - /* delimiter field not found, so store the result for the next run */ - ptmp = SCRealloc(pstate->store, (input_len + pstate->store_len)); - if (ptmp == NULL) { - SCFree(pstate->store); - pstate->store = NULL; - SCReturnInt(-1); - } - pstate->store = ptmp; + SCReturn; +} - memcpy(pstate->store+pstate->store_len, input, input_len); - pstate->store_len += input_len; - } +void AppLayerParserRegisterGetStateProgressFunc(uint16_t ipproto, AppProto alproto, + int (*StateGetProgress)(void *alstate, uint8_t direction)) +{ + SCEnter(); - } + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateGetProgress = StateGetProgress; - SCReturnInt(0); + SCReturn; } -/** \brief Parse a field up to a delimeter. - * - * \retval 1 Field found and stored. - * \retval 0 Field parsing in progress. - * \retval -1 error - */ -int AlpParseFieldByDelimiter(AppLayerParserResult *output, AppLayerParserState *pstate, - uint16_t field_idx, const uint8_t *delim, uint8_t delim_len, - uint8_t *input, uint32_t input_len, uint32_t *offset) +void AppLayerParserRegisterTxFreeFunc(uint16_t ipproto, AppProto alproto, + void (*StateTransactionFree)(void *, uint64_t)) { SCEnter(); - void *ptmp; - SCLogDebug("pstate->store_len %" PRIu32 ", delim_len %" PRIu32 "", - pstate->store_len, delim_len); - - if (pstate->store_len == 0) { - uint8_t *ptr = SpmSearch(input, input_len, (uint8_t*)delim, delim_len); - if (ptr != NULL) { - uint32_t len = ptr - input; - SCLogDebug(" len %" PRIu32 "", len); - - int r = AlpStoreField(output, field_idx, input, len, 0); - if (r == -1) { - SCLogError(SC_ERR_ALPARSER, "Failed to store field value"); - SCReturnInt(-1); - } - (*offset) += (len + delim_len); - SCReturnInt(1); - } else { - if (pstate->flags & APP_LAYER_PARSER_EOF) { - SCLogDebug("delim not found and EOF"); - SCReturnInt(0); - } - - SCLogDebug("delim not found, continue"); - /* delimiter field not found, so store the result for the next run */ - pstate->store = SCMalloc(input_len); - if (pstate->store == NULL) - SCReturnInt(-1); + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateTransactionFree = StateTransactionFree; - memcpy(pstate->store, input, input_len); - pstate->store_len = input_len; - } - } else { - uint8_t *ptr = SpmSearch(input, input_len, (uint8_t*)delim, delim_len); - if (ptr != NULL) { - uint32_t len = ptr - input; - SCLogDebug("len %" PRIu32 " + %" PRIu32 " = %" PRIu32 "", len, - pstate->store_len, len + pstate->store_len); - - ptmp = SCRealloc(pstate->store, (len + pstate->store_len)); - if (ptmp == NULL) { - SCFree(pstate->store); - pstate->store = NULL; - SCReturnInt(-1); - } - pstate->store = ptmp; + SCReturn; +} - memcpy(pstate->store+pstate->store_len, input, len); - pstate->store_len += len; +void AppLayerParserRegisterGetTxCnt(uint16_t ipproto, AppProto alproto, + uint64_t (*StateGetTxCnt)(void *alstate)) +{ + SCEnter(); - int r = AlpStoreField(output, field_idx, pstate->store, - pstate->store_len, 1); - if (r == -1) { - SCLogError(SC_ERR_ALPARSER, "Failed to store field value"); - SCReturnInt(-1); - } - pstate->store = NULL; - pstate->store_len = 0; + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateGetTxCnt = StateGetTxCnt; - (*offset) += (len + delim_len); - SCReturnInt(1); - } else { - if (pstate->flags & APP_LAYER_PARSER_EOF) { - /* if the input len is smaller than the delim len we search the - * pstate->store since we may match there. */ - if (delim_len > input_len) { - /* delimiter field not found, so store the result for the - * next run */ - ptmp = SCRealloc(pstate->store, - (input_len + pstate->store_len)); - if (ptmp == NULL) { - SCFree(pstate->store); - pstate->store = NULL; - SCReturnInt(-1); - } - pstate->store = ptmp; - - memcpy(pstate->store+pstate->store_len, input, input_len); - pstate->store_len += input_len; - SCLogDebug("input_len < delim_len, checking pstate->store"); - - if (pstate->store_len >= delim_len) { - ptr = SpmSearch(pstate->store, pstate->store_len, (uint8_t*)delim, - delim_len); - if (ptr != NULL) { - SCLogDebug("now we found the delim"); - - uint32_t len = ptr - pstate->store; - int r = AlpStoreField(output, field_idx, - pstate->store, len, 1); - if (r == -1) { - SCLogError(SC_ERR_ALPARSER, "Failed to store " - "field value"); - SCReturnInt(-1); - } - - pstate->store = NULL; - pstate->store_len = 0; - - (*offset) += (input_len); - - SCLogDebug("offset %" PRIu32 "", (*offset)); - SCReturnInt(1); - } - goto free_and_return; - } - goto free_and_return; - } - free_and_return: - SCLogDebug("not found and EOF, so free what we have so far."); - SCFree(pstate->store); - pstate->store = NULL; - pstate->store_len = 0; - SCReturnInt(0); - } + SCReturn; +} - /* delimiter field not found, so store the result for the next run */ - ptmp = SCRealloc(pstate->store, (input_len + pstate->store_len)); - if (ptmp == NULL) { - SCFree(pstate->store); - pstate->store = NULL; - SCReturnInt(-1); - } - pstate->store = ptmp; - - memcpy(pstate->store+pstate->store_len, input, input_len); - pstate->store_len += input_len; - - /* if the input len is smaller than the delim len we search the - * pstate->store since we may match there. */ - if (delim_len > input_len && delim_len <= pstate->store_len) { - SCLogDebug("input_len < delim_len, checking pstate->store"); - - ptr = SpmSearch(pstate->store, pstate->store_len, (uint8_t*)delim, delim_len); - if (ptr != NULL) { - SCLogDebug("now we found the delim"); - - uint32_t len = ptr - pstate->store; - int r = AlpStoreField(output, field_idx, pstate->store, len, 1); - if (r == -1) { - SCLogError(SC_ERR_ALPARSER, "Failed to store field value"); - SCReturnInt(-1); - } - pstate->store = NULL; - pstate->store_len = 0; - - (*offset) += (input_len); - - SCLogDebug("ffset %" PRIu32 "", (*offset)); - SCReturnInt(1); - } - } - } +void AppLayerParserRegisterGetTx(uint16_t ipproto, AppProto alproto, + void *(StateGetTx)(void *alstate, uint64_t tx_id)) +{ + SCEnter(); - } + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateGetTx = StateGetTx; - SCReturnInt(0); + SCReturn; } -uint16_t AppLayerGetProtoByName(const char *name) +void AppLayerParserRegisterGetStateProgressCompletionStatus(uint16_t ipproto, + uint16_t alproto, + int (*StateGetProgressCompletionStatus)(uint8_t direction)) { - uint8_t u = 1; - SCLogDebug("looking for name %s", name); + SCEnter(); - for ( ; u < ALPROTO_MAX; u++) { - if (al_proto_table[u].name == NULL) - continue; + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateGetProgressCompletionStatus = StateGetProgressCompletionStatus; - SCLogDebug("name %s proto %"PRIu16"", - al_proto_table[u].name, u); + SCReturn; +} - if (strcasecmp(name,al_proto_table[u].name) == 0) { - SCLogDebug("match, returning %"PRIu16"", u); - return u; - } - } +void AppLayerParserRegisterGetEventInfo(uint16_t ipproto, AppProto alproto, + int (*StateGetEventInfo)(const char *event_name, int *event_id, + AppLayerEventType *event_type)) +{ + SCEnter(); - AppLayerProbingParser *pp = alp_proto_ctx.probing_parsers; - while (pp != NULL) { - AppLayerProbingParserPort *pp_port = pp->port; - while (pp_port != NULL) { - AppLayerProbingParserElement *pp_pe = pp_port->toserver; - while (pp_pe != NULL) { - if (strcasecmp(pp_pe->al_proto_name, name) == 0) { - return pp_pe->al_proto; - } - - pp_pe = pp_pe->next; - } + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateGetEventInfo = StateGetEventInfo; - pp_pe = pp_port->toclient; - while (pp_pe != NULL) { - if (strcasecmp(pp_pe->al_proto_name, name) == 0) { - return pp_pe->al_proto; - } + SCReturn; +} - pp_pe = pp_pe->next; - } +/***** Get and transaction functions *****/ - pp_port = pp_port->next; - } - pp = pp->next; +void *AppLayerParserGetProtocolParserLocalStorage(uint16_t ipproto, AppProto alproto) +{ + SCEnter(); + + if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + LocalStorageAlloc != NULL) + { + SCReturnPtr(alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + LocalStorageAlloc(), "void *"); } - return ALPROTO_UNKNOWN; + SCReturnPtr(NULL, "void *"); } -const char *AppLayerGetProtoString(int proto) +void AppLayerParserDestroyProtocolParserLocalStorage(uint16_t ipproto, AppProto alproto, + void *local_data) { + SCEnter(); - if ((proto >= ALPROTO_MAX) || (proto < 0)) { - return "Undefined"; + if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + LocalStorageFree != NULL) + { + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + LocalStorageFree(local_data); } - if (al_proto_table[proto].name == NULL) { - return "Unset"; - } else { - return al_proto_table[proto].name; - } + SCReturn; } -/** \brief Description: register a parser. - * - * \param name full parser name, e.g. "http.request_line" - * \todo do we need recursive, so a "http" and a "request_line" where the engine - * knows it's actually "http.request_line"... same difference maybe. - * \param AppLayerParser pointer to the parser function - * - * \retval 0 on success - * \retval -1 on error - */ -int AppLayerRegisterParser(char *name, uint16_t proto, uint16_t parser_id, - int (*AppLayerParser)(Flow *f, void *protocol_state, - AppLayerParserState *parser_state, - uint8_t *input, uint32_t input_len, - void *local_data, - AppLayerParserResult *output), - char *dependency) +uint64_t AppLayerParserGetTransactionLogId(void *pstate) { + SCEnter(); - al_max_parsers++; + SCReturnCT(((AppLayerParserParserState *)pstate)->log_id, "uint64_t"); +} - if(al_max_parsers >= MAX_PARSERS){ - SCLogInfo("Failed to register %s al_parser_table array full",name); - exit(EXIT_FAILURE); - } +void AppLayerParserSetTransactionLogId(void *pstate) +{ + SCEnter(); - al_parser_table[al_max_parsers].name = name; - al_parser_table[al_max_parsers].proto = proto; - al_parser_table[al_max_parsers].parser_local_id = parser_id; - al_parser_table[al_max_parsers].AppLayerParser = AppLayerParser; + ((AppLayerParserParserState *)pstate)->log_id++; - SCLogDebug("registered %p at proto %" PRIu32 ", al_proto_table idx " - "%" PRIu32 ", parser_local_id %" PRIu32 "", - AppLayerParser, proto, al_max_parsers, - parser_id); - return 0; + SCReturn; } -/** \brief Description: register a protocol parser. - * - * \param name full parser name, e.g. "http.request_line" - * \todo do we need recursive, so a "http" and a "request_line" where the engine - * knows it's actually "http.request_line"... same difference maybe. - * \param AppLayerParser pointer to the parser function - * - * \retval 0 on success - * \retval -1 on error - */ -int AppLayerRegisterProto(char *name, uint8_t proto, uint8_t flags, - int (*AppLayerParser)(Flow *f, void *protocol_state, - AppLayerParserState *parser_state, - uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output)) +uint64_t AppLayerParserGetTransactionInspectId(void *pstate, uint8_t direction) { + SCEnter(); - al_max_parsers++; - - if(al_max_parsers >= MAX_PARSERS){ - SCLogInfo("Failed to register %s al_parser_table array full",name); - exit(EXIT_FAILURE); - } + SCReturnCT(((AppLayerParserParserState *)pstate)-> + inspect_id[direction & STREAM_TOSERVER ? 0 : 1], "uint64_t"); +} - /* register name here as well so pp only protocols will work */ - if (al_proto_table[proto].name != NULL) { - BUG_ON(strcmp(al_proto_table[proto].name, name) != 0); - } else { - al_proto_table[proto].name = name; - } +void AppLayerParserSetTransactionInspectId(void *pstate, + uint16_t ipproto, AppProto alproto, void *alstate, + uint8_t direction) +{ + SCEnter(); - al_parser_table[al_max_parsers].name = name; - al_parser_table[al_max_parsers].AppLayerParser = AppLayerParser; + uint8_t dir = (direction & STREAM_TOSERVER) ? 0 : 1; + uint64_t total_txs = AppLayerParserGetTxCnt(ipproto, alproto, alstate); + uint64_t idx = AppLayerParserGetTransactionInspectId(pstate, direction); + int state_done_progress = AppLayerParserGetStateProgressCompletionStatus(ipproto, alproto, direction); + void *tx; + int state_progress; - /* create proto, direction -- parser mapping */ - if (flags & STREAM_TOSERVER) { - al_proto_table[proto].to_server = al_max_parsers; - } else if (flags & STREAM_TOCLIENT) { - al_proto_table[proto].to_client = al_max_parsers; + for (; idx < total_txs; idx++) { + tx = AppLayerParserGetTx(ipproto, alproto, alstate, idx); + if (tx == NULL) + continue; + state_progress = AppLayerParserGetStateProgress(ipproto, alproto, tx, direction); + if (state_progress >= state_done_progress) + continue; + else + break; } + ((AppLayerParserParserState *)pstate)->inspect_id[dir] = idx; - SCLogDebug("registered %p at proto %" PRIu32 " flags %02X, al_proto_table " - "idx %" PRIu32 ", %s", AppLayerParser, proto, - flags, al_max_parsers, name); - return 0; -} - -#ifdef UNITTESTS -void AppLayerParserRegisterUnittests(uint16_t proto, void (*RegisterUnittests)(void)) { - al_proto_table[proto].RegisterUnittests = RegisterUnittests; + SCReturn; } -#endif -void AppLayerRegisterStateFuncs(uint16_t proto, void *(*StateAlloc)(void), - void (*StateFree)(void *)) +AppLayerDecoderEvents *AppLayerParserGetDecoderEvents(void *pstate) { - al_proto_table[proto].StateAlloc = StateAlloc; - al_proto_table[proto].StateFree = StateFree; -} + SCEnter(); -void AppLayerRegisterTxFreeFunc(uint16_t proto, - void (*StateTransactionFree)(void *, uint64_t)) -{ - al_proto_table[proto].StateTransactionFree = StateTransactionFree; + SCReturnPtr(((AppLayerParserParserState *)pstate)->decoder_events, + "AppLayerDecoderEvents *"); } -void AppLayerRegisterLocalStorageFunc(uint16_t proto, - void *(*LocalStorageAlloc)(void), - void (*LocalStorageFree)(void *)) +void AppLayerParserSetDecoderEvents(void *pstate, AppLayerDecoderEvents *devents) { - al_proto_table[proto].LocalStorageAlloc = LocalStorageAlloc; - al_proto_table[proto].LocalStorageFree = LocalStorageFree; - - return; + (((AppLayerParserParserState *)pstate)->decoder_events) = devents; } -void AppLayerRegisterTruncateFunc(uint16_t proto, void (*Truncate)(void *, uint8_t)) +AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint16_t ipproto, AppProto alproto, + void *alstate, uint64_t tx_id) { - al_proto_table[proto].Truncate = Truncate; + SCEnter(); - return; -} - -void AppLayerStreamTruncated(uint16_t proto, void *state, uint8_t flags) { - if (al_proto_table[proto].Truncate != NULL) { - al_proto_table[proto].Truncate(state, flags); - } -} + AppLayerDecoderEvents *ptr = NULL; -void *AppLayerGetProtocolParserLocalStorage(uint16_t proto) -{ - if (al_proto_table[proto].LocalStorageAlloc != NULL) { - return al_proto_table[proto].LocalStorageAlloc(); + if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateGetEvents != NULL) + { + ptr = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateGetEvents(alstate, tx_id); } - return NULL; -} - -void AppLayerRegisterGetFilesFunc(uint16_t proto, - FileContainer *(*StateGetFiles)(void *, uint8_t)) -{ - al_proto_table[proto].StateGetFiles = StateGetFiles; -} - -void AppLayerRegisterGetAlstateProgressFunc(uint16_t alproto, - int (*StateGetAlstateProgress)(void *alstate, uint8_t direction)) -{ - al_proto_table[alproto].StateGetAlstateProgress = StateGetAlstateProgress; -} - -void AppLayerRegisterGetTxCnt(uint16_t alproto, - uint64_t (*StateGetTxCnt)(void *alstate)) -{ - al_proto_table[alproto].StateGetTxCnt = StateGetTxCnt; -} - -void AppLayerRegisterGetTx(uint16_t alproto, - void *(StateGetTx)(void *alstate, uint64_t tx_id)) -{ - al_proto_table[alproto].StateGetTx = StateGetTx; -} - -void AppLayerRegisterGetAlstateProgressCompletionStatus(uint16_t alproto, - int (*StateGetAlstateProgressCompletionStatus)(uint8_t direction)) -{ - al_proto_table[alproto].StateGetAlstateProgressCompletionStatus = - StateGetAlstateProgressCompletionStatus; -} - -void AppLayerRegisterGetEventsFunc(uint16_t proto, - AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t)) -{ - al_proto_table[proto].StateGetEvents = StateGetEvents; -} - -void AppLayerRegisterHasEventsFunc(uint16_t proto, - int (*StateHasEvents)(void *)) { - al_proto_table[proto].StateHasEvents = StateHasEvents; -} - -/** \brief Indicate to the app layer parser that a logger is active - * for this protocol. - */ -void AppLayerRegisterLogger(uint16_t proto) { - al_proto_table[proto].logger = TRUE; -} - -void AppLayerRegisterGetEventInfo(uint16_t alproto, - int (*StateGetEventInfo)(const char *event_name, - int *event_id, - AppLayerEventType *event_type)) -{ - al_proto_table[alproto].StateGetEventInfo = StateGetEventInfo; + SCReturnPtr(ptr, "AppLayerDecoderEvents *"); } -AppLayerParserStateStore *AppLayerParserStateStoreAlloc(void) -{ - AppLayerParserStateStore *s = (AppLayerParserStateStore *)SCMalloc - (sizeof(AppLayerParserStateStore)); - if (s == NULL) - return NULL; - - memset(s, 0, sizeof(AppLayerParserStateStore)); - - return s; -} - -/** \brief free a AppLayerParserStateStore structure - * \param s AppLayerParserStateStore structure to free */ -void AppLayerParserStateStoreFree(AppLayerParserStateStore *s) -{ - if (s->to_server.store != NULL) - SCFree(s->to_server.store); - if (s->to_client.store != NULL) - SCFree(s->to_client.store); - if (s->decoder_events != NULL) - AppLayerDecoderEventsFreeEvents(s->decoder_events); - s->decoder_events = NULL; - - SCFree(s); -} - -static void AppLayerParserResultCleanup(AppLayerParserResult *result) -{ - AppLayerParserResultElmt *e = result->head; - while (e != NULL) { - AppLayerParserResultElmt *next_e = e->next; - - result->head = next_e; - if (next_e == NULL) - result->tail = NULL; - result->cnt--; - - AlpReturnResultElmt(e); - e = next_e; - } -} - -static int AppLayerDoParse(void *local_data, Flow *f, - void *app_layer_state, - AppLayerParserState *parser_state, - uint8_t *input, uint32_t input_len, - uint16_t parser_idx, - uint16_t proto) +uint16_t AppLayerParserGetStateVersion(void *pstate) { SCEnter(); - DEBUG_ASSERT_FLOW_LOCKED(f); - - int retval = 0; - AppLayerParserResult result = { NULL, NULL, 0 }; - - SCLogDebug("parser_idx %" PRIu32 "", parser_idx); - //printf("--- (%u)\n", input_len); - //PrintRawDataFp(stdout, input,input_len); - //printf("---\n"); - - /* invoke the parser */ - int r = al_parser_table[parser_idx]. - AppLayerParser(f, app_layer_state, - parser_state, input, input_len, - local_data, &result); - if (r < 0) { - if (r == -1) { - AppLayerParserResultCleanup(&result); - SCReturnInt(-1); -#ifdef DEBUG - } else { - BUG_ON(r); /* this is not supposed to happen!! */ -#else - SCReturnInt(-1); -#endif - } - } - - /* process the result elements */ - AppLayerParserResultElmt *e = result.head; - for (; e != NULL; e = e->next) { - SCLogDebug("e %p e->name_idx %" PRIu32 ", e->data_ptr %p, e->data_len " - "%" PRIu32 ", map_size %" PRIu32 "", e, e->name_idx, - e->data_ptr, e->data_len, al_proto_table[proto].map_size); - - /* no parser defined for this field. */ - if (e->name_idx >= al_proto_table[proto].map_size || - al_proto_table[proto].map[e->name_idx] == NULL) - { - SCLogDebug("no parser for proto %" PRIu32 ", parser_local_id " - "%" PRIu32 "", proto, e->name_idx); - continue; - } - - uint16_t idx = al_proto_table[proto].map[e->name_idx]->parser_id; - - /* prepare */ - uint16_t tmp = parser_state->parse_field; - parser_state->parse_field = 0; - parser_state->flags |= APP_LAYER_PARSER_EOF; - - r = AppLayerDoParse(local_data, f, app_layer_state, parser_state, e->data_ptr, - e->data_len, idx, proto); - - /* restore */ - parser_state->flags &= ~APP_LAYER_PARSER_EOF; - parser_state->parse_field = tmp; - - /* bail out on a serious error */ - if (r < 0) { - if (r == -1) { - retval = -1; - break; -#ifdef DEBUG - } else { - BUG_ON(r); /* this is not supposed to happen!! */ -#else - SCReturnInt(-1); -#endif - } - } - } - - AppLayerParserResultCleanup(&result); - SCReturnInt(retval); + SCReturnCT((pstate == NULL) ? 0 : ((AppLayerParserParserState *)pstate)->version, + "uint16_t"); } -/** - * \brief remove obsolete (inspected and logged) transactions - */ -static void AppLayerTransactionsCleanup(AppLayerProto *p, AppLayerParserStateStore *parser_state_store, void *app_layer_state) -{ - if (p->StateTransactionFree == NULL) - return; - - uint64_t inspect = 0, log = 0; - if (parser_state_store->inspect_id[0] < parser_state_store->inspect_id[1]) - inspect = parser_state_store->inspect_id[0]; - else - inspect = parser_state_store->inspect_id[1]; - log = parser_state_store->log_id; - - SCLogDebug("inspect %"PRIu64", log %"PRIu64", logger: %s", - inspect, log, p->logger ? "true" : "false"); - - if (p->logger == TRUE) { - uint64_t min = log < inspect ? log : inspect; - if (min > 0) { - SCLogDebug("freeing %"PRIu64" (with logger) %p", min - 1, p->StateTransactionFree); - p->StateTransactionFree(app_layer_state, min - 1); - } - } else { - if (inspect > 0) { - SCLogDebug("freeing %"PRIu64" (no logger) %p", inspect - 1, p->StateTransactionFree); - p->StateTransactionFree(app_layer_state, inspect - 1); - } - } -} - -#ifdef DEBUG -uint32_t applayererrors = 0; -uint32_t applayerhttperrors = 0; -#endif - -/** - * \brief Layer 7 Parsing main entry point. - * - * \param f Properly initialized and locked flow. - * \param proto L7 proto, e.g. ALPROTO_HTTP - * \param flags Stream flags - * \param input Input L7 data - * \param input_len Length of the input data. - * - * \retval -1 error - * \retval 0 ok - */ -int AppLayerParse(void *local_data, Flow *f, uint8_t proto, - uint8_t flags, uint8_t *input, uint32_t input_len) +FileContainer *AppLayerParserGetFiles(uint16_t ipproto, AppProto alproto, + void *alstate, uint8_t direction) { SCEnter(); - DEBUG_ASSERT_FLOW_LOCKED(f); - - uint16_t parser_idx = 0; - AppLayerProto *p = &al_proto_table[proto]; - TcpSession *ssn = NULL; - - /* Used only if it's TCP */ - ssn = f->protoctx; - - /* Do this check before calling AppLayerParse */ - if (flags & STREAM_GAP) { - SCLogDebug("stream gap detected (missing packets), this is not yet supported."); - - if (f->alstate != NULL) - AppLayerStreamTruncated(proto, f->alstate, flags); - goto error; - } - - /* Get the parser state (if any) */ - AppLayerParserStateStore *parser_state_store = f->alparser; - if (parser_state_store == NULL) { - parser_state_store = AppLayerParserStateStoreAlloc(); - if (parser_state_store == NULL) - goto error; - - f->alparser = (void *)parser_state_store; - } - - parser_state_store->version++; - SCLogDebug("app layer state version incremented to %"PRIu16, - parser_state_store->version); - - AppLayerParserState *parser_state = NULL; - if (flags & STREAM_TOSERVER) { - SCLogDebug("to_server msg (flow %p)", f); - - parser_state = &parser_state_store->to_server; - if (!(parser_state->flags & APP_LAYER_PARSER_USE)) { - parser_idx = p->to_server; - parser_state->cur_parser = parser_idx; - parser_state->flags |= APP_LAYER_PARSER_USE; - } else { - SCLogDebug("using parser %" PRIu32 " we stored before (to_server)", - parser_state->cur_parser); - parser_idx = parser_state->cur_parser; - } - } else { - SCLogDebug("to_client msg (flow %p)", f); - - parser_state = &parser_state_store->to_client; - if (!(parser_state->flags & APP_LAYER_PARSER_USE)) { - parser_idx = p->to_client; - parser_state->cur_parser = parser_idx; - parser_state->flags |= APP_LAYER_PARSER_USE; - } else { - SCLogDebug("using parser %" PRIu32 " we stored before (to_client)", - parser_state->cur_parser); - parser_idx = parser_state->cur_parser; - } - } - - if (parser_idx == 0 || (parser_state->flags & APP_LAYER_PARSER_DONE)) { - SCLogDebug("no parser for protocol %" PRIu32 "", proto); - SCReturnInt(0); - } - - if (flags & STREAM_EOF) - parser_state->flags |= APP_LAYER_PARSER_EOF; - - /* See if we already have a 'app layer' state */ - void *app_layer_state = f->alstate; - if (app_layer_state == NULL) { - /* lock the allocation of state as we may - * alloc more than one otherwise */ - app_layer_state = p->StateAlloc(); - if (app_layer_state == NULL) { - goto error; - } - - f->alstate = app_layer_state; - SCLogDebug("alloced new app layer state %p (name %s)", - app_layer_state, al_proto_table[f->alproto].name); - } else { - SCLogDebug("using existing app layer state %p (name %s))", - app_layer_state, al_proto_table[f->alproto].name); - } - - /* invoke the recursive parser, but only on data. We may get empty msgs on EOF */ - if (input_len > 0) { - int r = AppLayerDoParse(local_data, f, app_layer_state, parser_state, - input, input_len, parser_idx, proto); - if (r < 0) - goto error; - } - - /* set the packets to no inspection and reassembly if required */ - if (parser_state->flags & APP_LAYER_PARSER_NO_INSPECTION) { - AppLayerSetEOF(f); - FlowSetNoPayloadInspectionFlag(f); - FlowSetSessionNoApplayerInspectionFlag(f); - - /* Set the no reassembly flag for both the stream in this TcpSession */ - if (parser_state->flags & APP_LAYER_PARSER_NO_REASSEMBLY) { - if (ssn != NULL) { - StreamTcpSetSessionNoReassemblyFlag(ssn, - flags & STREAM_TOCLIENT ? 1 : 0); - StreamTcpSetSessionNoReassemblyFlag(ssn, - flags & STREAM_TOSERVER ? 1 : 0); - } - } - } - - /* next, see if we can get rid of transactions now */ - AppLayerTransactionsCleanup(p, parser_state_store, app_layer_state); - - if (parser_state->flags & APP_LAYER_PARSER_EOF) { - SCLogDebug("eof, flag Transaction id's"); - parser_state_store->id_flags |= APP_LAYER_TRANSACTION_EOF; - } - - /* stream truncated, inform app layer */ - if (flags & STREAM_DEPTH) { - AppLayerStreamTruncated(proto, app_layer_state, flags); - } - - SCReturnInt(0); - -error: - if (ssn != NULL) { -#ifdef DEBUG - if (FLOW_IS_IPV4(f)) { - char src[16]; - char dst[16]; - PrintInet(AF_INET, (const void*)&f->src.addr_data32[0], src, - sizeof (src)); - PrintInet(AF_INET, (const void*)&f->dst.addr_data32[0], dst, - sizeof (dst)); - - SCLogDebug("Error occured in parsing \"%s\" app layer " - "protocol, using network protocol %"PRIu8", source IP " - "address %s, destination IP address %s, src port %"PRIu16" and " - "dst port %"PRIu16"", al_proto_table[f->alproto].name, - f->proto, src, dst, f->sp, f->dp); - fflush(stdout); - } else if (FLOW_IS_IPV6(f)) { - char dst6[46]; - char src6[46]; - - PrintInet(AF_INET6, (const void*)&f->src.addr_data32, src6, - sizeof (src6)); - PrintInet(AF_INET6, (const void*)&f->dst.addr_data32, dst6, - sizeof (dst6)); - - SCLogDebug("Error occured in parsing \"%s\" app layer " - "protocol, using network protocol %"PRIu8", source IPv6 " - "address %s, destination IPv6 address %s, src port %"PRIu16" and " - "dst port %"PRIu16"", al_proto_table[f->alproto].name, - f->proto, src6, dst6, f->sp, f->dp); - fflush(stdout); - } - applayererrors++; - if (f->alproto == ALPROTO_HTTP) - applayerhttperrors++; -#endif - /* Set the no app layer inspection flag for both - * the stream in this Flow */ - FlowSetSessionNoApplayerInspectionFlag(f); - AppLayerSetEOF(f); - } + FileContainer *ptr = NULL; - SCReturnInt(-1); -} - -/** - * \brief Get 'active' tx id, meaning the lowest id that still need work. - * - * \retval id tx id - */ -uint64_t AppLayerTransactionGetActive(Flow *f, uint8_t flags) { - AppLayerProto *p = &al_proto_table[f->alproto]; - uint64_t log_id = ((AppLayerParserStateStore *)f->alparser)->log_id; - uint64_t inspect_id = ((AppLayerParserStateStore *)f->alparser)-> - inspect_id[flags & STREAM_TOSERVER ? 0 : 1]; - if (p->logger == TRUE) { - return (log_id < inspect_id) ? log_id : inspect_id; - } else { - return inspect_id; + if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateGetFiles != NULL) + { + ptr = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateGetFiles(alstate, direction); } -} - -void AppLayerTransactionUpdateLogId(Flow *f) -{ - DEBUG_ASSERT_FLOW_LOCKED(f); - ((AppLayerParserStateStore *)f->alparser)->log_id++; - return; + SCReturnPtr(ptr, "FileContainer *"); } -uint64_t AppLayerTransactionGetLogId(Flow *f) -{ - DEBUG_ASSERT_FLOW_LOCKED(f); - - return ((AppLayerParserStateStore *)f->alparser)->log_id; -} - -uint16_t AppLayerGetStateVersion(Flow *f) +int AppLayerParserGetStateProgress(uint16_t ipproto, AppProto alproto, + void *alstate, uint8_t direction) { SCEnter(); - - DEBUG_ASSERT_FLOW_LOCKED(f); - - uint16_t version = 0; - AppLayerParserStateStore *parser_state_store = NULL; - - parser_state_store = (AppLayerParserStateStore *)f->alparser; - if (parser_state_store != NULL) { - version = parser_state_store->version; - } - - SCReturnUInt(version); -} - -uint64_t AppLayerTransactionGetInspectId(Flow *f, uint8_t flags) -{ - DEBUG_ASSERT_FLOW_LOCKED(f); - - return ((AppLayerParserStateStore *)f->alparser)-> - inspect_id[flags & STREAM_TOSERVER ? 0 : 1]; + SCReturnInt(alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateGetProgress(alstate, direction)); } -void AppLayerTransactionUpdateInspectId(Flow *f, uint8_t flags) +uint64_t AppLayerParserGetTxCnt(uint16_t ipproto, AppProto alproto, void *alstate) { - uint8_t direction = (flags & STREAM_TOSERVER) ? 0 : 1; - - FLOWLOCK_WRLOCK(f); - uint64_t total_txs = AppLayerGetTxCnt(f->alproto, f->alstate); - uint64_t idx = AppLayerTransactionGetInspectId(f, flags); - int state_done_progress = AppLayerGetAlstateProgressCompletionStatus(f->alproto, direction); - void *tx; - int state_progress; - - for (; idx < total_txs; idx++) { - tx = AppLayerGetTx(f->alproto, f->alstate, idx); - if (tx == NULL) - continue; - state_progress = AppLayerGetAlstateProgress(f->alproto, tx, direction); - if (state_progress >= state_done_progress) - continue; - else - break; - } - ((AppLayerParserStateStore *)f->alparser)->inspect_id[direction] = idx; - FLOWLOCK_UNLOCK(f); - - return; -} - -void AppLayerListSupportedProtocols(void) -{ - uint32_t i; - uint32_t temp_alprotos_buf[ALPROTO_MAX]; - memset(temp_alprotos_buf, 0, sizeof(temp_alprotos_buf)); - - printf("=========Supported App Layer Protocols=========\n"); - - /* for each proto, alloc the map array */ - for (i = 0; i < ALPROTO_MAX; i++) { - if (al_proto_table[i].name == NULL) - continue; - - temp_alprotos_buf[i] = 1; - printf("%s\n", al_proto_table[i].name); - } - - AppLayerProbingParser *pp = alp_proto_ctx.probing_parsers; - while (pp != NULL) { - AppLayerProbingParserPort *pp_port = pp->port; - while (pp_port != NULL) { - AppLayerProbingParserElement *pp_pe = pp_port->toserver; - while (pp_pe != NULL) { - if (temp_alprotos_buf[pp_pe->al_proto] == 1) { - pp_pe = pp_pe->next; - continue; - } - - printf("%s\n", pp_pe->al_proto_name); - pp_pe = pp_pe->next; - } - - pp_pe = pp_port->toclient; - while (pp_pe != NULL) { - if (temp_alprotos_buf[pp_pe->al_proto] == 1) { - pp_pe = pp_pe->next;; - continue; - } - - printf("%s\n", pp_pe->al_proto_name); - pp_pe = pp_pe->next; - } - - pp_port = pp_port->next; - } - pp = pp->next; - } - - return; -} - -AppLayerDecoderEvents *AppLayerGetDecoderEventsForFlow(Flow *f) -{ - DEBUG_ASSERT_FLOW_LOCKED(f); - - /* Get the parser state (if any) */ - AppLayerParserStateStore *parser_state_store = NULL; - - if (f == NULL || f->alparser == NULL) { - return NULL; - } - - parser_state_store = (AppLayerParserStateStore *)f->alparser; - if (parser_state_store != NULL) { - return parser_state_store->decoder_events; - } - - return NULL; -} - -/** - * \brief Trigger "raw" stream reassembly from the app layer. - * - * This way HTTP for example, can trigger raw stream inspection right - * when the full request body is received. This is often smaller than - * our raw reassembly size limit. - * - * \param f flow, for access the stream state - */ -void AppLayerTriggerRawStreamReassembly(Flow *f) { SCEnter(); - - DEBUG_ASSERT_FLOW_LOCKED(f); - -#ifdef DEBUG - BUG_ON(f == NULL); -#endif - - if (f != NULL && f->protoctx != NULL) { - TcpSession *ssn = (TcpSession *)f->protoctx; - StreamTcpReassembleTriggerRawReassembly(ssn); - } - - SCReturn; + SCReturnCT(alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateGetTxCnt(alstate), "uint64_t"); } -void RegisterAppLayerParsers(void) -{ - /** \todo move to general init function */ - memset(&al_proto_table, 0, sizeof(al_proto_table)); - memset(&al_parser_table, 0, sizeof(al_parser_table)); - - /** setup result pool - * \todo Per thread pool */ - al_result_pool = PoolInit(1000, 250, - sizeof(AppLayerParserResultElmt), - AlpResultElmtPoolAlloc, NULL, NULL, - AlpResultElmtPoolCleanup, NULL); - - RegisterHTPParsers(); - RegisterSSLParsers(); - RegisterSMBParsers(); - /** \todo bug 719 */ - //RegisterSMB2Parsers(); - RegisterDCERPCParsers(); - RegisterDCERPCUDPParsers(); - RegisterFTPParsers(); - /* we are disabling the ssh parser temporarily, since we are moving away - * from some of the archaic features we use in the app layer. We will - * reintroduce this parser. Also do note that keywords that rely on - * the ssh parser would now be disabled */ -#if 0 - RegisterSSHParsers(); -#endif - RegisterSMTPParsers(); - RegisterDNSUDPParsers(); - RegisterDNSTCPParsers(); - - /** IMAP */ - if (AppLayerProtoDetectionEnabled("imap")) { - //AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_IMAP, "|2A 20|OK|20|", 5, 0, STREAM_TOCLIENT); - AlpProtoAdd(&alp_proto_ctx, "imap", IPPROTO_TCP, ALPROTO_IMAP, "1|20|capability", 12, 0, STREAM_TOSERVER); - } else { - SCLogInfo("Protocol detection and parser disabled for %s protocol.", - "imap"); - return; - } - - /** MSN Messenger */ - if (AppLayerProtoDetectionEnabled("msn")) { - //AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_MSN, "MSNP", 10, 6, STREAM_TOCLIENT); - AlpProtoAdd(&alp_proto_ctx, "msn", IPPROTO_TCP, ALPROTO_MSN, "MSNP", 10, 6, STREAM_TOSERVER); - } else { - SCLogInfo("Protocol detection and parser disabled for %s protocol.", - "msn"); - return; - } - -#if 0 - /** Jabber */ - if (AppLayerProtoDetectionEnabled("jabber")) { - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_JABBER, "xmlns='jabber|3A|client'", 74, 53, STREAM_TOCLIENT); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_JABBER, "xmlns='jabber|3A|client'", 74, 53, STREAM_TOSERVER); - } else { - SCLogInfo("Protocol detection disabled for %s protocol and as a " - "consequence the conf param \"app-layer.protocols.%s." - "parser-enabled\" will now be ignored.", "jabber", "jabber"); - return; - } -#endif - - return; -} - -void AppLayerParserCleanupState(Flow *f) -{ - if (f == NULL) { - SCLogDebug("no flow"); - return; - } - if (f->alproto >= ALPROTO_MAX) { - SCLogDebug("app layer proto unknown"); - return; - } - - /* free the parser protocol state */ - AppLayerProto *p = &al_proto_table[f->alproto]; - if (p->StateFree != NULL && f->alstate != NULL) { - SCLogDebug("calling StateFree"); - p->StateFree(f->alstate); - f->alstate = NULL; - } - - /* free the app layer parser api state */ - if (f->alparser != NULL) { - SCLogDebug("calling AppLayerParserStateStoreFree"); - AppLayerParserStateStoreFree(f->alparser); - f->alparser = NULL; - } -} - -/** \brief Create a mapping between the individual parsers local field id's - * and the global field parser id's. - * - */ -void AppLayerParsersInitPostProcess(void) -{ - uint16_t u16 = 0; - - /* build local->global mapping */ - for (u16 = 1; u16 <= al_max_parsers; u16++) { - /* no local parser */ - if (al_parser_table[u16].parser_local_id == 0) - continue; - - if (al_parser_table[u16].parser_local_id > - al_proto_table[al_parser_table[u16].proto].map_size) - { - al_proto_table[al_parser_table[u16].proto].map_size = - al_parser_table[u16].parser_local_id; - } - SCLogDebug("map_size %" PRIu32 "", al_proto_table - [al_parser_table[u16].proto].map_size); - } - - /* for each proto, alloc the map array */ - for (u16 = 0; u16 < ALPROTO_MAX; u16++) { - if (al_proto_table[u16].map_size == 0) - continue; - - al_proto_table[u16].map_size++; - al_proto_table[u16].map = (AppLayerLocalMap **)SCMalloc - (al_proto_table[u16].map_size * - sizeof(AppLayerLocalMap *)); - if (al_proto_table[u16].map == NULL) { - SCLogError(SC_ERR_FATAL, "Fatal error encountered in AppLayerParsersInitPostProcess. Exiting..."); - exit(EXIT_FAILURE); - } - memset(al_proto_table[u16].map, 0, al_proto_table[u16].map_size * - sizeof(AppLayerLocalMap *)); - - uint16_t u = 0; - for (u = 1; u <= al_max_parsers; u++) { - /* no local parser */ - if (al_parser_table[u].parser_local_id == 0) - continue; - - if (al_parser_table[u].proto != u16) - continue; - - uint16_t parser_local_id = al_parser_table[u].parser_local_id; - SCLogDebug("parser_local_id: %" PRIu32 "", parser_local_id); - - if (parser_local_id < al_proto_table[u16].map_size) { - al_proto_table[u16].map[parser_local_id] = SCMalloc(sizeof(AppLayerLocalMap)); - if (al_proto_table[u16].map[parser_local_id] == NULL) { - exit(EXIT_FAILURE); - } - - al_proto_table[u16].map[parser_local_id]->parser_id = u; - } - } - } - - for (u16 = 0; u16 < ALPROTO_MAX; u16++) { - if (al_proto_table[u16].map_size == 0) - continue; - - if (al_proto_table[u16].map == NULL) - continue; - - uint16_t x = 0; - for (x = 0; x < al_proto_table[u16].map_size; x++) { - if (al_proto_table[u16].map[x] == NULL) - continue; - - SCLogDebug("al_proto_table[%" PRIu32 "].map[%" PRIu32 "]->parser_id:" - " %" PRIu32 "", u16, x, al_proto_table[u16].map[x]->parser_id); - } - } -} - -/*************************App Layer Conf Options Parsing***********************/ -/** - * \brief Given a protocol name, checks if the parser is enabled in the - * conf file. - * - * \param al_proto Name of the app layer protocol. - * - * \retval 1 If enabled. - * \retval 0 If disabled. - */ -int AppLayerParserEnabled(const char *al_proto) +void *AppLayerParserGetTx(uint16_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id) { - int enabled = 1; - - char param[100]; - int r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.", - al_proto, ".enabled"); - if (r < 0) { - SCLogError(SC_ERR_FATAL, "snprintf failure."); - exit(EXIT_FAILURE); - } else if (r > (int)sizeof(param)) { - SCLogError(SC_ERR_FATAL, "buffer not big enough to write param."); - exit(EXIT_FAILURE); - } - - ConfNode *node = ConfGetNode(param); - if (node == NULL) { - SCLogInfo("Entry for %s not found.", param); - return enabled; - } else { - if (strcasecmp(node->val, "yes") == 0) { - enabled = 1; - } else if (strcasecmp(node->val, "no") == 0) { - enabled = 0; - } else if (strcasecmp(node->val, "detection-only") == 0) { - enabled = 0; - } else { - SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param); - exit(EXIT_FAILURE); - } - } - - return enabled; -} - -/** - * \brief Given a protocol name, checks if proto detection is enabled in the - * conf file. - * - * \param al_proto Name of the app layer protocol. - * - * \retval 1 If enabled. - * \retval 0 If disabled. - */ -int AppLayerProtoDetectionEnabled(const char *al_proto) -{ - int enabled = 1; - - char param[100]; - int r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.", - al_proto, ".enabled"); - if (r < 0) { - SCLogError(SC_ERR_FATAL, "snprintf failure."); - exit(EXIT_FAILURE); - } else if (r > (int)sizeof(param)) { - SCLogError(SC_ERR_FATAL, "buffer not big enough to write param."); - exit(EXIT_FAILURE); - } - - ConfNode *node = ConfGetNode(param); - if (node == NULL) { - SCLogInfo("Entry for %s not found.", param); - return enabled; - } else { - if (strcasecmp(node->val, "yes") == 0) { - enabled = 1; - } else if (strcasecmp(node->val, "no") == 0) { - enabled = 0; - } else if (strcasecmp(node->val, "detection-only") == 0) { - enabled = 1; - } else { - SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param); - exit(EXIT_FAILURE); - } - } - - return enabled; + SCEnter(); + SCReturnPtr(alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateGetTx(alstate, tx_id), "void *"); } -/** - * \brief Gets event info for this alproto. - * - * \param alproto The app layer protocol. - * \param event_name The event name. - * \param event_id The event id. - * \param The type of event, as represented by AppLayerEventType. - * - * \retval 0 On succesfully returning back info. - * \retval -1 On failure. - */ -int AppLayerGetEventInfo(uint16_t alproto, const char *event_name, - int *event_id, AppLayerEventType *event_type) +int AppLayerParserGetStateProgressCompletionStatus(uint16_t ipproto, AppProto alproto, + uint8_t direction) { - if (al_proto_table[alproto].StateGetEventInfo == NULL) - return -1; + SCEnter(); + SCReturnInt(alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateGetProgressCompletionStatus(direction)); - return al_proto_table[alproto].StateGetEventInfo(event_name, - event_id, event_type); } -void AppLayerParseProbingParserPorts(const char *al_proto_name, uint16_t al_proto, - uint16_t min_depth, uint16_t max_depth, - ProbingParserFPtr ProbingParser) +int AppLayerParserGetEventInfo(uint16_t ipproto, AppProto alproto, const char *event_name, + int *event_id, AppLayerEventType *event_type) { - char param[100]; - uint8_t ip_proto; - DetectProto dp; - int r; - ConfNode *node; - ConfNode *proto_node = NULL; - ConfNode *port_node = NULL; - - r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.", - al_proto_name, ".detection-ports"); - if (r < 0) { - SCLogError(SC_ERR_FATAL, "snprintf failure."); - exit(EXIT_FAILURE); - } else if (r > (int)sizeof(param)) { - SCLogError(SC_ERR_FATAL, "buffer not big enough to write param."); - exit(EXIT_FAILURE); - } - node = ConfGetNode(param); - if (node == NULL) { - SCLogDebug("Entry for %s not found.", param); - return; - } - - /* for each proto */ - TAILQ_FOREACH(proto_node, &node->head, next) { - memset(&dp, 0, sizeof(dp)); - r = DetectProtoParse(&dp, proto_node->name); - if (r < 0) { - SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for " - "%s.%s. Accepted values are tcp, udp and sctp", - param, proto_node->name); - exit(EXIT_FAILURE); - } - if (dp.proto[IPPROTO_TCP / 8] & (1 << (IPPROTO_TCP % 8))) { - ip_proto = IPPROTO_TCP; - } else if (dp.proto[IPPROTO_UDP / 8] & (1 << (IPPROTO_UDP % 8))) { - ip_proto = IPPROTO_UDP; - } else if (dp.proto[IPPROTO_SCTP / 8] & (1 << (IPPROTO_SCTP % 8))) { - ip_proto = IPPROTO_SCTP; - } else { - SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for " - "%s.%s. Accepted values are tcp, udp and sctp", - param, proto_node->name); - exit(EXIT_FAILURE); - } - - /* toserver */ - r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.", - al_proto_name, ".detection-ports.", proto_node->name, ".toserver"); - if (r < 0) { - SCLogError(SC_ERR_FATAL, "snprintf failure."); - exit(EXIT_FAILURE); - } else if (r > (int)sizeof(param)) { - SCLogError(SC_ERR_FATAL, "buffer not big enough to write param."); - exit(EXIT_FAILURE); - } - port_node = ConfGetNode(param); - if (port_node != NULL && port_node->val != NULL) { - AppLayerRegisterProbingParser(&alp_proto_ctx, - ip_proto, - port_node->val, - (char *)al_proto_name, - al_proto, - min_depth, max_depth, - STREAM_TOSERVER, - ProbingParser); - } - - /* toclient */ - r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.", - al_proto_name, ".detection-ports.", proto_node->name, ".toclient"); - if (r < 0) { - SCLogError(SC_ERR_FATAL, "snprintf failure."); - exit(EXIT_FAILURE); - } else if (r > (int)sizeof(param)) { - SCLogError(SC_ERR_FATAL, "buffer not big enough to write param."); - exit(EXIT_FAILURE); - } - port_node = ConfGetNode(param); - if (port_node != NULL && port_node->val != NULL) { - AppLayerRegisterProbingParser(&alp_proto_ctx, - ip_proto, - port_node->val, - (char *)al_proto_name, - al_proto, - min_depth, max_depth, - STREAM_TOCLIENT, - ProbingParser); - - } - } - - return; + SCEnter(); + int ipproto_map = FlowGetProtoMapping(ipproto); + SCReturnInt((alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo == NULL) ? + -1 : + alp_ctx.ctxs[ipproto_map][alproto]. + StateGetEventInfo(event_name, event_id, event_type)); } -/********************************Probing Parsers*******************************/ - - -static uint32_t AppLayerProbingParserGetMask(uint16_t al_proto) +uint8_t AppLayerParserGetFirstDataDir(uint16_t ipproto, uint16_t alproto) { - if (al_proto > ALPROTO_UNKNOWN && - al_proto < ALPROTO_FAILED) { - return (1 << al_proto); - } else { - SCLogError(SC_ERR_ALPARSER, "Unknown protocol detected - %"PRIu16, - al_proto); - exit(EXIT_FAILURE); - } + SCEnter(); + SCReturnCT(alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + first_data_dir, "uint8_t"); } -static inline AppLayerProbingParserElement *AllocAppLayerProbingParserElement(void) +uint64_t AppLayerParserGetTransactionActive(uint16_t ipproto, AppProto alproto, void *pstate, uint8_t direction) { - AppLayerProbingParserElement *p = SCMalloc(sizeof(AppLayerProbingParserElement)); - if (unlikely(p == NULL)) { - exit(EXIT_FAILURE); - } - memset(p, 0, sizeof(AppLayerProbingParserElement)); - - return p; -} + SCEnter(); + AppLayerParserParserState *pstate_1 = (AppLayerParserParserState *)pstate; + uint64_t active_id; -static inline void DeAllocAppLayerProbingParserElement(AppLayerProbingParserElement *p) -{ - SCFree(p->al_proto_name); - SCFree(p); - return; -} - -static inline AppLayerProbingParserPort *AllocAppLayerProbingParserPort(void) -{ - AppLayerProbingParserPort *p = SCMalloc(sizeof(AppLayerProbingParserPort)); - if (unlikely(p == NULL)) { - exit(EXIT_FAILURE); + uint64_t log_id = pstate_1->log_id; + uint64_t inspect_id = pstate_1->inspect_id[direction & STREAM_TOSERVER ? 0 : 1]; + if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger == TRUE) { + active_id = (log_id < inspect_id) ? log_id : inspect_id; + } else { + active_id = inspect_id; } - memset(p, 0, sizeof(AppLayerProbingParserPort)); - return p; + SCReturnCT(active_id, "uint64_t"); } -static inline void DeAllocAppLayerProbingParserPort(AppLayerProbingParserPort *p) +/***** General *****/ + +int AppLayerParserParse(void *tctx, Flow *f, AppProto alproto, + uint8_t flags, uint8_t *input, uint32_t input_len) { - AppLayerProbingParserElement *e; + SCEnter(); - e = p->toserver; - while (e != NULL) { - AppLayerProbingParserElement *e_next = e->next; - DeAllocAppLayerProbingParserElement(e); - e = e_next; - } + AppLayerParserParserState *pstate = NULL; + AppLayerParserpCtx *p = &alp_ctx.ctxs[FlowGetProtoMapping(f->proto)][alproto]; + TcpSession *ssn = NULL; + void *alstate = NULL; + AppLayerParserCtxThread *alp_tctx = (AppLayerParserCtxThread *)tctx; - e = p->toclient; - while (e != NULL) { - AppLayerProbingParserElement *e_next = e->next; - DeAllocAppLayerProbingParserElement(e); - e = e_next; - } + /* we don't have the parser registered for this protocol */ + if (p->StateAlloc == NULL) + goto end; - SCFree(p); + /* Used only if it's TCP */ + ssn = f->protoctx; - return; -} + /* Do this check before calling AppLayerParse */ + if (flags & STREAM_GAP) { + SCLogDebug("stream gap detected (missing packets), " + "this is not yet supported."); -static inline AppLayerProbingParser *AllocAppLayerProbingParser(void) -{ - AppLayerProbingParser *p = SCMalloc(sizeof(AppLayerProbingParser)); - if (unlikely(p == NULL)) { - exit(EXIT_FAILURE); + if (f->alstate != NULL) + AppLayerParserStreamTruncated(f->proto, alproto, f->alstate, flags); + goto error; } - memset(p, 0, sizeof(AppLayerProbingParser)); - - return p; -} -static inline void DeAllocAppLayerProbingParser(AppLayerProbingParser *p) -{ - AppLayerProbingParserPort *pt = p->port; - while (pt != NULL) { - AppLayerProbingParserPort *pt_next = pt->next; - DeAllocAppLayerProbingParserPort(pt); - pt = pt_next; + /* Get the parser state (if any) */ + pstate = f->alparser; + if (pstate == NULL) { + f->alparser = pstate = AppLayerParserAllocAppLayerParserParserState(); + if (pstate == NULL) + goto error; } + pstate->version++; + SCLogDebug("app layer parser state version incremented to %"PRIu16, + pstate->version); - SCFree(p); - - return; -} - -static AppLayerProbingParserElement * -AppLayerCreateAppLayerProbingParserElement(const char *al_proto_name, - uint16_t al_proto, - uint16_t port, - uint16_t min_depth, - uint16_t max_depth, - uint16_t (*AppLayerProbingParser) - (uint8_t *input, uint32_t input_len, uint32_t *offset)) -{ - AppLayerProbingParserElement *pe = AllocAppLayerProbingParserElement(); + if (flags & STREAM_EOF) + AppLayerParserParserStateSetFlag(pstate, APP_LAYER_PARSER_EOF); - pe->al_proto_name = SCStrdup(al_proto_name); - if (pe->al_proto_name == NULL) - exit(EXIT_FAILURE); - pe->al_proto = al_proto; - pe->port = port; - pe->al_proto_mask = AppLayerProbingParserGetMask(al_proto); - pe->min_depth = min_depth; - pe->max_depth = max_depth; - pe->ProbingParser = AppLayerProbingParser; - pe->next = NULL; - - if (max_depth != 0 && min_depth >= max_depth) { - SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to " - "register the probing parser. min_depth >= max_depth"); - goto error; + alstate = f->alstate; + if (alstate == NULL) { + f->alstate = alstate = p->StateAlloc(); + if (alstate == NULL) + goto error; + SCLogDebug("alloced new app layer state %p (name %s)", + alstate, AppLayerGetProtoName(f->alproto)); + } else { + SCLogDebug("using existing app layer state %p (name %s))", + alstate, AppLayerGetProtoName(f->alproto)); } - if (al_proto <= ALPROTO_UNKNOWN || al_proto >= ALPROTO_MAX) { - SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to register " - "the probing parser. Invalid alproto - %d", al_proto); - goto error; + + /* invoke the recursive parser, but only on data. We may get empty msgs on EOF */ + if (input_len > 0) { + /* invoke the parser */ + if (p->Parser[(flags & STREAM_TOSERVER) ? 0 : 1](f, alstate, pstate, + input, input_len, + alp_tctx->alproto_local_storage[FlowGetProtoMapping(f->proto)][alproto]) < 0) + { + goto error; + } } - if (AppLayerProbingParser == NULL) { - SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to " - "register the probing parser. Probing parser func NULL"); - goto error; + + /* set the packets to no inspection and reassembly if required */ + if (pstate->flags & APP_LAYER_PARSER_NO_INSPECTION) { + AppLayerParserSetEOF(pstate); + FlowSetNoPayloadInspectionFlag(f); + FlowSetSessionNoApplayerInspectionFlag(f); + + /* Set the no reassembly flag for both the stream in this TcpSession */ + if (pstate->flags & APP_LAYER_PARSER_NO_REASSEMBLY) { + if (ssn != NULL) { + StreamTcpSetSessionNoReassemblyFlag(ssn, + flags & STREAM_TOCLIENT ? 1 : 0); + StreamTcpSetSessionNoReassemblyFlag(ssn, + flags & STREAM_TOSERVER ? 1 : 0); + } + } } - return pe; + /* next, see if we can get rid of transactions now */ + AppLayerParserTransactionsCleanup(f->proto, alproto, alstate, pstate); + + /* stream truncated, inform app layer */ + if (flags & STREAM_DEPTH) + AppLayerParserStreamTruncated(f->proto, alproto, alstate, flags); + + end: + SCReturnInt(0); error: - DeAllocAppLayerProbingParserElement(pe); - return NULL; + if (ssn != NULL) { + /* Set the no app layer inspection flag for both + * the stream in this Flow */ + FlowSetSessionNoApplayerInspectionFlag(f); + AppLayerParserSetEOF(pstate); + } + SCReturnInt(-1); } -static AppLayerProbingParserElement * -DuplicateAppLayerProbingParserElement(AppLayerProbingParserElement *pe) +void AppLayerParserSetEOF(void *pstate) { - AppLayerProbingParserElement *new_pe = AllocAppLayerProbingParserElement(); - if (unlikely(new_pe == NULL)) { - return NULL; - } + SCEnter(); - new_pe->al_proto_name = SCStrdup(pe->al_proto_name); - if (new_pe->al_proto_name == NULL) - exit(EXIT_FAILURE); - new_pe->al_proto = pe->al_proto; - new_pe->port = pe->port; - new_pe->al_proto_mask = pe->al_proto_mask; - new_pe->min_depth = pe->min_depth; - new_pe->max_depth = pe->max_depth; - new_pe->ProbingParser = pe->ProbingParser; - new_pe->next = NULL; - - return new_pe; + if (pstate == NULL) + goto end; + + AppLayerParserParserStateSetFlag(pstate, APP_LAYER_PARSER_EOF); + /* increase version so we will inspect it one more time + * with the EOF flags now set */ + ((AppLayerParserParserState *)pstate)->version++; + + end: + SCReturn; } -void AppLayerPrintProbingParsers(AppLayerProbingParser *pp) +int AppLayerParserHasDecoderEvents(uint16_t ipproto, AppProto alproto, + void *alstate, void *pstate, + uint8_t flags) { - AppLayerProbingParserPort *pp_port = NULL; - AppLayerProbingParserElement *pp_pe = NULL; - - printf("\n"); + SCEnter(); - for ( ; pp != NULL; pp = pp->next) { - /* print ip protocol */ - if (pp->ip_proto == IPPROTO_TCP) - printf("IPProto: TCP\n"); - else if (pp->ip_proto == IPPROTO_UDP) - printf("IPProto: UDP\n"); - else - printf("IPProto: %"PRIu16"\n", pp->ip_proto); - - pp_port = pp->port; - for ( ; pp_port != NULL; pp_port = pp_port->next) { - if (pp_port->toserver == NULL) - goto AppLayerPrintProbingParsers_jump_toclient; - printf(" Port: %"PRIu16 "\n", pp_port->port); - - printf(" To_Server: (max-depth: %"PRIu16 ", " - "mask - %"PRIu32")\n", - pp_port->toserver_max_depth, - pp_port->toserver_al_proto_mask); - pp_pe = pp_port->toserver; - for ( ; pp_pe != NULL; pp_pe = pp_pe->next) { - printf(" name: %s\n", pp_pe->al_proto_name); - - if (pp_pe->al_proto == ALPROTO_HTTP) - printf(" alproto: ALPROTO_HTTP\n"); - else if (pp_pe->al_proto == ALPROTO_FTP) - printf(" alproto: ALPROTO_FTP\n"); - else if (pp_pe->al_proto == ALPROTO_SMTP) - printf(" alproto: ALPROTO_SMTP\n"); - else if (pp_pe->al_proto == ALPROTO_TLS) - printf(" alproto: ALPROTO_TLS\n"); - else if (pp_pe->al_proto == ALPROTO_SSH) - printf(" alproto: ALPROTO_SSH\n"); - else if (pp_pe->al_proto == ALPROTO_IMAP) - printf(" alproto: ALPROTO_IMAP\n"); - else if (pp_pe->al_proto == ALPROTO_MSN) - printf(" alproto: ALPROTO_MSN\n"); - else if (pp_pe->al_proto == ALPROTO_JABBER) - printf(" alproto: ALPROTO_JABBER\n"); - else if (pp_pe->al_proto == ALPROTO_SMB) - printf(" alproto: ALPROTO_SMB\n"); - else if (pp_pe->al_proto == ALPROTO_SMB2) - printf(" alproto: ALPROTO_SMB2\n"); - else if (pp_pe->al_proto == ALPROTO_DCERPC) - printf(" alproto: ALPROTO_DCERPC\n"); - else if (pp_pe->al_proto == ALPROTO_DCERPC_UDP) - printf(" alproto: ALPROTO_DCERPC_UDP\n"); - else if (pp_pe->al_proto == ALPROTO_IRC) - printf(" alproto: ALPROTO_IRC\n"); - else - printf("impossible\n"); - - printf(" port: %"PRIu16 "\n", pp_pe->port); - printf(" mask: %"PRIu32 "\n", pp_pe->al_proto_mask); - printf(" min_depth: %"PRIu32 "\n", pp_pe->min_depth); - printf(" max_depth: %"PRIu32 "\n", pp_pe->max_depth); - - printf("\n"); - } + if (alstate == NULL || pstate == NULL) + goto not_present; - AppLayerPrintProbingParsers_jump_toclient: - if (pp_port->toclient == NULL) { - continue; + AppLayerDecoderEvents *decoder_events; + uint64_t tx_id; + uint64_t max_id; + + if (AppLayerParserProtocolIsTxEventAware(ipproto, alproto)) { + /* fast path if supported by alproto */ + if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateHasEvents != NULL) { + if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + StateHasEvents(alstate) == 1) + { + goto present; } - - printf(" To_Client: (max-depth: %"PRIu16 ", " - "mask - %"PRIu32")\n", - pp_port->toclient_max_depth, - pp_port->toclient_al_proto_mask); - pp_pe = pp_port->toclient; - for ( ; pp_pe != NULL; pp_pe = pp_pe->next) { - printf(" name: %s\n", pp_pe->al_proto_name); - - if (pp_pe->al_proto == ALPROTO_HTTP) - printf(" alproto: ALPROTO_HTTP\n"); - else if (pp_pe->al_proto == ALPROTO_FTP) - printf(" alproto: ALPROTO_FTP\n"); - else if (pp_pe->al_proto == ALPROTO_SMTP) - printf(" alproto: ALPROTO_SMTP\n"); - else if (pp_pe->al_proto == ALPROTO_TLS) - printf(" alproto: ALPROTO_TLS\n"); - else if (pp_pe->al_proto == ALPROTO_SSH) - printf(" alproto: ALPROTO_SSH\n"); - else if (pp_pe->al_proto == ALPROTO_IMAP) - printf(" alproto: ALPROTO_IMAP\n"); - else if (pp_pe->al_proto == ALPROTO_MSN) - printf(" alproto: ALPROTO_MSN\n"); - else if (pp_pe->al_proto == ALPROTO_JABBER) - printf(" alproto: ALPROTO_JABBER\n"); - else if (pp_pe->al_proto == ALPROTO_SMB) - printf(" alproto: ALPROTO_SMB\n"); - else if (pp_pe->al_proto == ALPROTO_SMB2) - printf(" alproto: ALPROTO_SMB2\n"); - else if (pp_pe->al_proto == ALPROTO_DCERPC) - printf(" alproto: ALPROTO_DCERPC\n"); - else if (pp_pe->al_proto == ALPROTO_DCERPC_UDP) - printf(" alproto: ALPROTO_DCERPC_UDP\n"); - else if (pp_pe->al_proto == ALPROTO_IRC) - printf(" alproto: ALPROTO_IRC\n"); - else - printf("impossible\n"); - - printf(" port: %"PRIu16 "\n", pp_pe->port); - printf(" mask: %"PRIu32 "\n", pp_pe->al_proto_mask); - printf(" min_depth: %"PRIu32 "\n", pp_pe->min_depth); - printf(" max_depth: %"PRIu32 "\n", pp_pe->max_depth); - - printf("\n"); + } else { + /* check each tx */ + tx_id = AppLayerParserGetTransactionInspectId(pstate, flags); + max_id = AppLayerParserGetTxCnt(ipproto, alproto, alstate); + for ( ; tx_id < max_id; tx_id++) { + decoder_events = AppLayerParserGetEventsByTx(ipproto, alproto, alstate, tx_id); + if (decoder_events && decoder_events->cnt) + goto present; } } } - return; + decoder_events = AppLayerParserGetDecoderEvents(pstate); + if (decoder_events && decoder_events->cnt) + goto present; + + /* if we have reached here, we don't have events */ + not_present: + SCReturnInt(0); + present: + SCReturnInt(1); } -static inline void AppendAppLayerProbingParserElement(AppLayerProbingParserElement **head_pe, - AppLayerProbingParserElement *new_pe) +int AppLayerParserProtocolIsTxEventAware(uint16_t ipproto, AppProto alproto) { - if (*head_pe == NULL) { - *head_pe = new_pe; - return; - } - - if ((*head_pe)->port == 0) { - if (new_pe->port != 0) { - new_pe->next = *head_pe; - *head_pe = new_pe; - } else { - AppLayerProbingParserElement *temp_pe = *head_pe; - while (temp_pe->next != NULL) - temp_pe = temp_pe->next; - temp_pe->next = new_pe; - } - } else { - AppLayerProbingParserElement *temp_pe = *head_pe; - if (new_pe->port == 0) { - while (temp_pe->next != NULL) - temp_pe = temp_pe->next; - temp_pe->next = new_pe; - } else { - while (temp_pe->next != NULL && temp_pe->next->port != 0) - temp_pe = temp_pe->next; - new_pe->next = temp_pe->next; - temp_pe->next = new_pe; - - } - } + SCEnter(); + int ipproto_map = FlowGetProtoMapping(ipproto); + SCReturnInt((alp_ctx.ctxs[ipproto_map][alproto].StateHasEvents == NULL) ? + 0 : 1); +} - return; +int AppLayerParserProtocolSupportsTxs(uint16_t ipproto, AppProto alproto) +{ + SCEnter(); + int ipproto_map = FlowGetProtoMapping(ipproto); + SCReturnInt((alp_ctx.ctxs[ipproto_map][alproto].StateTransactionFree == NULL) ? + 0 : 1); } -static inline void AppendAppLayerProbingParser(AppLayerProbingParser **head_pp, - AppLayerProbingParser *new_pp) +void AppLayerParserTriggerRawStreamReassembly(Flow *f) { - if (*head_pp == NULL) { - *head_pp = new_pp; - return; - } + SCEnter(); - AppLayerProbingParser *temp_pp = *head_pp; - while (temp_pp->next != NULL) - temp_pp = temp_pp->next; - temp_pp->next = new_pp; + if (f != NULL && f->protoctx != NULL) + StreamTcpReassembleTriggerRawReassembly(f->protoctx); - return; + SCReturn; } -static inline void AppendAppLayerProbingParserPort(AppLayerProbingParserPort **head_port, - AppLayerProbingParserPort *new_port) +/***** Cleanup *****/ + +void AppLayerParserCleanupParserState(uint16_t ipproto, AppProto alproto, void *alstate, void *pstate) { - if (*head_port == NULL) { - *head_port = new_port; - return; - } + SCEnter(); - if ((*head_port)->port == 0) { - new_port->next = *head_port; - *head_port = new_port; - } else { - AppLayerProbingParserPort *temp_port = *head_port; - while (temp_port->next != NULL && temp_port->next->port != 0) { - temp_port = temp_port->next; - } - new_port->next = temp_port->next; - temp_port->next = new_port; - } + AppLayerParserpCtx *ctx = &alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]; - return; -} + if (ctx->StateFree != NULL && alstate != NULL) + ctx->StateFree(alstate); -static inline void AppLayerInsertNewProbingParser(AppLayerProbingParser **pp, - uint16_t ip_proto, - uint16_t port, - char *al_proto_name, uint16_t al_proto, - uint16_t min_depth, uint16_t max_depth, - uint8_t flags, - ProbingParserFPtr ProbingParser) -{ - /* get the top level ipproto pp */ - AppLayerProbingParser *curr_pp = *pp; - while (curr_pp != NULL) { - if (curr_pp->ip_proto == ip_proto) - break; - curr_pp = curr_pp->next; - } - if (curr_pp == NULL) { - AppLayerProbingParser *new_pp = AllocAppLayerProbingParser(); - new_pp->ip_proto = ip_proto; - AppendAppLayerProbingParser(pp, new_pp); - curr_pp = new_pp; - } + /* free the app layer parser api state */ + if (pstate != NULL) + AppLayerParserDeAllocAppLayerParserParserState(pstate); - /* get the top level port pp */ - AppLayerProbingParserPort *curr_port = curr_pp->port; - while (curr_port != NULL) { - if (curr_port->port == port) - break; - curr_port = curr_port->next; - } - if (curr_port == NULL) { - AppLayerProbingParserPort *new_port = AllocAppLayerProbingParserPort(); - new_port->port = port; - AppendAppLayerProbingParserPort(&curr_pp->port, new_port); - curr_port = new_port; - if (flags & STREAM_TOSERVER) { - curr_port->toserver_max_depth = max_depth; - } else { - curr_port->toclient_max_depth = max_depth; - } /* else - if (flags & STREAM_TOSERVER) */ + SCReturn; +} - AppLayerProbingParserPort *zero_port; - zero_port = curr_pp->port; - while (zero_port != NULL && zero_port->port != 0) { - zero_port = zero_port->next; - } - if (zero_port != NULL) { - AppLayerProbingParserElement *zero_pe; - - zero_pe = zero_port->toserver; - for ( ; zero_pe != NULL; zero_pe = zero_pe->next) { - if (curr_port->toserver == NULL) - curr_port->toserver_max_depth = zero_pe->max_depth; - if (zero_pe->max_depth == 0) - curr_port->toserver_max_depth = zero_pe->max_depth; - if (curr_port->toserver_max_depth != 0 && - curr_port->toserver_max_depth < zero_pe->max_depth) { - curr_port->toserver_max_depth = zero_pe->max_depth; - } - - AppLayerProbingParserElement *dup_pe = - DuplicateAppLayerProbingParserElement(zero_pe); - AppendAppLayerProbingParserElement(&curr_port->toserver, dup_pe); - curr_port->toserver_al_proto_mask |= dup_pe->al_proto_mask; - } +void AppLayerParserRegisterProtocolParsers(void) +{ + SCEnter(); - zero_pe = zero_port->toclient; - for ( ; zero_pe != NULL; zero_pe = zero_pe->next) { - if (curr_port->toclient == NULL) - curr_port->toclient_max_depth = zero_pe->max_depth; - if (zero_pe->max_depth == 0) - curr_port->toclient_max_depth = zero_pe->max_depth; - if (curr_port->toclient_max_depth != 0 && - curr_port->toclient_max_depth < zero_pe->max_depth) { - curr_port->toclient_max_depth = zero_pe->max_depth; - } - - AppLayerProbingParserElement *dup_pe = - DuplicateAppLayerProbingParserElement(zero_pe); - AppendAppLayerProbingParserElement(&curr_port->toclient, dup_pe); - curr_port->toclient_al_proto_mask |= dup_pe->al_proto_mask; - } - } /* if (zero_port != NULL) */ - } /* if (curr_port == NULL) */ + RegisterHTPParsers(); + RegisterSSLParsers(); + RegisterSMBParsers(); + /** \todo bug 719 */ + //RegisterSMB2Parsers(); + RegisterDCERPCParsers(); + RegisterDCERPCUDPParsers(); + RegisterFTPParsers(); + /* we are disabling the ssh parser temporarily, since we are moving away + * from some of the archaic features we use in the app layer. We will + * reintroduce this parser. Also do note that keywords that rely on + * the ssh parser would now be disabled */ +#if 0 + RegisterSSHParsers(); +#endif + RegisterSMTPParsers(); + RegisterDNSUDPParsers(); + RegisterDNSTCPParsers(); - /* insert the pe_pp */ - AppLayerProbingParserElement *curr_pe; - if (flags & STREAM_TOSERVER) - curr_pe = curr_port->toserver; - else - curr_pe = curr_port->toclient; - while (curr_pe != NULL) { - if (curr_pe->al_proto == al_proto) { - SCLogError(SC_ERR_ALPARSER, "Duplicate pp registered - " - "ip_proto - %"PRIu16" Port - %"PRIu16" " - "App Protocol - %s, App Protocol(ID) - " - "%"PRIu16" min_depth - %"PRIu16" " - "max_dept - %"PRIu16".", - ip_proto, port, al_proto_name, al_proto, - min_depth, max_depth); - goto error; + /** IMAP */ + AppLayerProtoDetectRegisterProtocol(ALPROTO_IMAP, "imap"); + if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", "imap")) { + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_IMAP, + "1|20|capability", 12, 0, STREAM_TOSERVER) < 0) + { + SCLogInfo("imap proto registration failure\n"); + exit(EXIT_FAILURE); } - curr_pe = curr_pe->next; + } else { + SCLogInfo("Protocol detection and parser disabled for %s protocol.", + "imap"); } - /* Get a new parser element */ - AppLayerProbingParserElement *new_pe = - AppLayerCreateAppLayerProbingParserElement(al_proto_name, - al_proto, - curr_port->port, - min_depth, max_depth, - ProbingParser); - if (new_pe == NULL) - goto error; - curr_pe = new_pe; - AppLayerProbingParserElement **head_pe; - if (flags & STREAM_TOSERVER) { - if (curr_port->toserver == NULL) - curr_port->toserver_max_depth = new_pe->max_depth; - if (new_pe->max_depth == 0) - curr_port->toserver_max_depth = new_pe->max_depth; - if (curr_port->toserver_max_depth != 0 && - curr_port->toserver_max_depth < new_pe->max_depth) { - curr_port->toserver_max_depth = new_pe->max_depth; + + /** MSN Messenger */ + AppLayerProtoDetectRegisterProtocol(ALPROTO_MSN, "msn"); + if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", "msn")) { + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_MSN, + "msn", 10, 6, STREAM_TOSERVER) < 0) + { + SCLogInfo("msn proto registration failure\n"); + exit(EXIT_FAILURE); } - curr_port->toserver_al_proto_mask |= new_pe->al_proto_mask; - head_pe = &curr_port->toserver; } else { - if (curr_port->toclient == NULL) - curr_port->toclient_max_depth = new_pe->max_depth; - if (new_pe->max_depth == 0) - curr_port->toclient_max_depth = new_pe->max_depth; - if (curr_port->toclient_max_depth != 0 && - curr_port->toclient_max_depth < new_pe->max_depth) { - curr_port->toclient_max_depth = new_pe->max_depth; - } - curr_port->toclient_al_proto_mask |= new_pe->al_proto_mask; - head_pe = &curr_port->toclient; + SCLogInfo("Protocol detection and parser disabled for %s protocol.", + "msn"); } - AppendAppLayerProbingParserElement(head_pe, new_pe); - - if (curr_port->port == 0) { - AppLayerProbingParserPort *temp_port = curr_pp->port; - while (temp_port != NULL && temp_port->port != 0) { - if (flags & STREAM_TOSERVER) { - if (temp_port->toserver == NULL) - temp_port->toserver_max_depth = curr_pe->max_depth; - if (curr_pe->max_depth == 0) - temp_port->toserver_max_depth = curr_pe->max_depth; - if (temp_port->toserver_max_depth != 0 && - temp_port->toserver_max_depth < curr_pe->max_depth) { - temp_port->toserver_max_depth = curr_pe->max_depth; - } - AppendAppLayerProbingParserElement(&temp_port->toserver, - DuplicateAppLayerProbingParserElement(curr_pe)); - temp_port->toserver_al_proto_mask |= curr_pe->al_proto_mask; - } else { - if (temp_port->toclient == NULL) - temp_port->toclient_max_depth = curr_pe->max_depth; - if (curr_pe->max_depth == 0) - temp_port->toclient_max_depth = curr_pe->max_depth; - if (temp_port->toclient_max_depth != 0 && - temp_port->toclient_max_depth < curr_pe->max_depth) { - temp_port->toclient_max_depth = curr_pe->max_depth; - } - AppendAppLayerProbingParserElement(&temp_port->toclient, - DuplicateAppLayerProbingParserElement(curr_pe)); - temp_port->toclient_al_proto_mask |= curr_pe->al_proto_mask; - } - temp_port = temp_port->next; - } /* while */ - } /* if */ - error: return; } -void AppLayerRegisterParserAcceptableDataDirection(uint16_t al_proto, - uint8_t flags) -{ - al_proto_table[al_proto].first_data_dir |= - (flags & (STREAM_TOSERVER | STREAM_TOCLIENT)); - return; +void AppLayerParserParserStateSetFlag(void *pstate, uint8_t flag) +{ + SCEnter(); + ((AppLayerParserParserState *)pstate)->flags |= flag; + SCReturn; } -void AppLayerMapProbingParserAgainstAlproto(uint16_t al_proto, - uint8_t flags, - ProbingParserFPtr ProbingParser) +int AppLayerParserParserStateIssetFlag(void *pstate, uint8_t flag) { - al_proto_table[al_proto].PPAlprotoMap[(flags & STREAM_TOSERVER) ? 0 : 1] = ProbingParser; - - return; + SCEnter(); + SCReturnInt(((AppLayerParserParserState *)pstate)->flags & flag); } -void AppLayerRegisterProbingParser(AlpProtoDetectCtx *ctx, - uint16_t ip_proto, - char *portstr, - char *al_proto_name, uint16_t al_proto, - uint16_t min_depth, uint16_t max_depth, - uint8_t flags, - ProbingParserFPtr ProbingParser) + +void AppLayerParserStreamTruncated(uint16_t ipproto, AppProto alproto, void *alstate, + uint8_t direction) { - DetectPort *head = NULL; - DetectPortParse(&head, portstr); - DetectPort *temp_dp = head; - while (temp_dp != NULL) { - uint32_t port = temp_dp->port; - if (port == 0 && temp_dp->port2 != 0) - port++; - for ( ; port <= temp_dp->port2; port++) { - AppLayerInsertNewProbingParser(&ctx->probing_parsers, - ip_proto, - port, - al_proto_name, al_proto, - min_depth, max_depth, - flags, - ProbingParser); - } - temp_dp = temp_dp->next; - } - DetectPortCleanupList(head); + SCEnter(); - return; + + if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate != NULL) + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate(alstate, direction); + + SCReturn; } -void AppLayerFreeProbingParsers(AppLayerProbingParser *pp) +#ifdef DEBUG +void AppLayerParserPrintDetailsParserState(void *pstate) { - AppLayerProbingParser *tmp_pp = NULL; + SCEnter(); - if (pp == NULL) - return; + if (pstate == NULL) + SCReturn; - while (pp != NULL) { - tmp_pp = pp->next; - DeAllocAppLayerProbingParser(pp); - pp = tmp_pp; - } + AppLayerParserParserState *p = (AppLayerParserParserState *)pstate; + SCLogDebug("AppLayerParser parser state information for parser state p(%p). " + "p->inspect_id[0](%"PRIu64"), " + "p->inspect_id[1](%"PRIu64"), " + "p->log_id(%"PRIu64"), " + "p->version(%"PRIu16"), " + "p->decoder_events(%p).", + pstate, p->inspect_id[0], p->inspect_id[1], p->log_id, + p->version, p->decoder_events); - return; + SCReturn; } +#endif + -/**************************************Unittests*******************************/ +/***** Unittests *****/ #ifdef UNITTESTS +static AppLayerParserCtx alp_ctx_backup_unittest; + typedef struct TestState_ { uint8_t test; -}TestState; +} TestState; /** * \brief Test parser function to test the memory deallocation of app layer * parser of occurence of an error. */ -static int TestProtocolParser(Flow *f, void *test_state, AppLayerParserState *pstate, +static int TestProtocolParser(Flow *f, void *test_state, void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *local_data) { - return -1; + SCEnter(); + SCReturnInt(-1); } /** \brief Function to allocates the Test protocol state memory */ static void *TestProtocolStateAlloc(void) { + SCEnter(); void *s = SCMalloc(sizeof(TestState)); if (unlikely(s == NULL)) - return NULL; - + goto end; memset(s, 0, sizeof(TestState)); - return s; + end: + SCReturnPtr(s, "TestState"); } /** \brief Function to free the Test Protocol state memory @@ -2452,59 +1048,66 @@ static void TestProtocolStateFree(void *s) SCFree(s); } -static AppLayerProto al_proto_table_ut_backup[ALPROTO_MAX]; - -void AppLayerParserBackupAlprotoTable(void) +void AppLayerParserRegisterProtocolUnittests(uint16_t ipproto, AppProto alproto, + void (*RegisterUnittests)(void)) { - int i; - for (i = ALPROTO_UNKNOWN; i < ALPROTO_MAX; i++) - al_proto_table_ut_backup[i].StateGetEventInfo = al_proto_table[i].StateGetEventInfo; - - return; + SCEnter(); + alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. + RegisterUnittests = RegisterUnittests; + SCReturn; } -void AppLayerParserRestoreAlprotoTable(void) +void AppLayerParserBackupParserTable(void) { - int i; - for (i = ALPROTO_UNKNOWN; i < ALPROTO_MAX; i++) - al_proto_table[i].StateGetEventInfo = al_proto_table_ut_backup[i].StateGetEventInfo; + SCEnter(); + alp_ctx_backup_unittest = alp_ctx; + memset(&alp_ctx, 0, sizeof(alp_ctx)); + SCReturn; +} - return; +void AppLayerParserRestoreParserTable(void) +{ + SCEnter(); + alp_ctx = alp_ctx_backup_unittest; + memset(&alp_ctx_backup_unittest, 0, sizeof(alp_ctx_backup_unittest)); + SCReturn; } /** * \test Test the deallocation of app layer parser memory on occurance of * error in the parsing process. */ -static int AppLayerParserTest01 (void) +static int AppLayerParserTest01(void) { + AppLayerParserBackupParserTable(); + int result = 0; Flow *f = NULL; uint8_t testbuf[] = { 0x11 }; uint32_t testlen = sizeof(testbuf); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&ssn, 0, sizeof(ssn)); /* Register the Test protocol state and parser functions */ - AppLayerRegisterProto("test", ALPROTO_TEST, STREAM_TOSERVER, - TestProtocolParser); - AppLayerRegisterStateFuncs(ALPROTO_TEST, TestProtocolStateAlloc, - TestProtocolStateFree); + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TEST, STREAM_TOSERVER, + TestProtocolParser); + AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TEST, + TestProtocolStateAlloc, TestProtocolStateFree); f = UTHBuildFlow(AF_INET, "1.2.3.4", "4.3.2.1", 20, 40); if (f == NULL) goto end; f->protoctx = &ssn; - f->alproto = ALPROTO_TEST; f->proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_TEST, STREAM_TOSERVER|STREAM_EOF, testbuf, - testlen); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_TEST, STREAM_TOSERVER|STREAM_EOF, + testbuf, testlen); if (r != -1) { printf("returned %" PRId32 ", expected -1: ", r); SCMutexUnlock(&f->m); @@ -2512,14 +1115,14 @@ static int AppLayerParserTest01 (void) } SCMutexUnlock(&f->m); - if (!(f->flags & FLOW_NO_APPLAYER_INSPECTION)) - { + if (!(f->flags & FLOW_NO_APPLAYER_INSPECTION)) { printf("flag should have been set, but is not: "); goto end; } result = 1; -end: + end: + AppLayerParserRestoreParserTable(); StreamTcpFreeConfig(TRUE); UTHFreeFlow(f); @@ -2530,18 +1133,21 @@ end: * \test Test the deallocation of app layer parser memory on occurance of * error in the parsing process for UDP. */ -static int AppLayerParserTest02 (void) +static int AppLayerParserTest02(void) { + AppLayerParserBackupParserTable(); + int result = 1; Flow *f = NULL; uint8_t testbuf[] = { 0x11 }; uint32_t testlen = sizeof(testbuf); + void *alp_tctx = AppLayerParserGetCtxThread(); /* Register the Test protocol state and parser functions */ - AppLayerRegisterProto("test", ALPROTO_TEST, STREAM_TOSERVER, - TestProtocolParser); - AppLayerRegisterStateFuncs(ALPROTO_TEST, TestProtocolStateAlloc, - TestProtocolStateFree); + AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_TEST, STREAM_TOSERVER, + TestProtocolParser); + AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_TEST, + TestProtocolStateAlloc, TestProtocolStateFree); f = UTHBuildFlow(AF_INET, "1.2.3.4", "4.3.2.1", 20, 40); if (f == NULL) @@ -2552,7 +1158,7 @@ static int AppLayerParserTest02 (void) StreamTcpInitConfig(TRUE); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_TEST, STREAM_TOSERVER|STREAM_EOF, testbuf, + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_TEST, STREAM_TOSERVER|STREAM_EOF, testbuf, testlen); if (r != -1) { printf("returned %" PRId32 ", expected -1: \n", r); @@ -2562,541 +1168,35 @@ static int AppLayerParserTest02 (void) } SCMutexUnlock(&f->m); -end: + end: + AppLayerParserRestoreParserTable(); StreamTcpFreeConfig(TRUE); UTHFreeFlow(f); return result; } -typedef struct AppLayerPPTestDataElement_ { - char *al_proto_name; - uint16_t al_proto; - uint16_t port; - uint32_t al_proto_mask; - uint32_t min_depth; - uint32_t max_depth; -} AppLayerPPTestDataElement; - -typedef struct AppLayerPPTestDataPort_ { - uint16_t port; - uint32_t toserver_al_proto_mask; - uint32_t toclient_al_proto_mask; - uint16_t toserver_max_depth; - uint16_t toclient_max_depth; - - AppLayerPPTestDataElement *toserver_element; - AppLayerPPTestDataElement *toclient_element; - int ts_no_of_element; - int tc_no_of_element; -} AppLayerPPTestDataPort; - - -typedef struct AppLayerPPTestDataIPProto_ { - uint16_t ip_proto; - - AppLayerPPTestDataPort *port; - int no_of_port; -} AppLayerPPTestDataIPProto; - -int AppLayerPPTestData(AppLayerProbingParser *pp, - AppLayerPPTestDataIPProto *ip_proto, int no_of_ip_proto) -{ - int result = 0; - int i, j, k; -#ifdef DEBUG - int dir = 0; -#endif - for (i = 0; i < no_of_ip_proto; i++, pp = pp->next) { - if (pp->ip_proto != ip_proto[i].ip_proto) - goto end; - - AppLayerProbingParserPort *pp_port = pp->port; - for (k = 0; k < ip_proto[i].no_of_port; k++, pp_port = pp_port->next) { - if (pp_port->port != ip_proto[i].port[k].port) - goto end; - if (pp_port->toserver_al_proto_mask != ip_proto[i].port[k].toserver_al_proto_mask) - goto end; - if (pp_port->toclient_al_proto_mask != ip_proto[i].port[k].toclient_al_proto_mask) - goto end; - if (pp_port->toserver_max_depth != ip_proto[i].port[k].toserver_max_depth) - goto end; - if (pp_port->toclient_max_depth != ip_proto[i].port[k].toclient_max_depth) - goto end; - - AppLayerProbingParserElement *pp_element = pp_port->toserver; -#ifdef DEBUG - dir = 0; -#endif - for (j = 0 ; j < ip_proto[i].port[k].ts_no_of_element; - j++, pp_element = pp_element->next) { - - if ((strlen(pp_element->al_proto_name) != - strlen(ip_proto[i].port[k].toserver_element[j].al_proto_name)) || - strcasecmp(pp_element->al_proto_name, - ip_proto[i].port[k].toserver_element[j].al_proto_name) != 0) { - goto end; - } - if (pp_element->al_proto != ip_proto[i].port[k].toserver_element[j].al_proto) { - goto end; - } - if (pp_element->port != ip_proto[i].port[k].toserver_element[j].port) { - goto end; - } - if (pp_element->al_proto_mask != ip_proto[i].port[k].toserver_element[j].al_proto_mask) { - goto end; - } - if (pp_element->min_depth != ip_proto[i].port[k].toserver_element[j].min_depth) { - goto end; - } - if (pp_element->max_depth != ip_proto[i].port[k].toserver_element[j].max_depth) { - goto end; - } - } /* for */ - if (pp_element != NULL) - goto end; - - pp_element = pp_port->toclient; -#ifdef DEBUG - dir = 1; -#endif - for (j = 0 ; j < ip_proto[i].port[k].tc_no_of_element; j++, pp_element = pp_element->next) { - if ((strlen(pp_element->al_proto_name) != - strlen(ip_proto[i].port[k].toclient_element[j].al_proto_name)) || - strcasecmp(pp_element->al_proto_name, - ip_proto[i].port[k].toclient_element[j].al_proto_name) != 0) { - goto end; - } - if (pp_element->al_proto != ip_proto[i].port[k].toclient_element[j].al_proto) { - goto end; - } - if (pp_element->port != ip_proto[i].port[k].toclient_element[j].port) { - goto end; - } - if (pp_element->al_proto_mask != ip_proto[i].port[k].toclient_element[j].al_proto_mask) { - goto end; - } - if (pp_element->min_depth != ip_proto[i].port[k].toclient_element[j].min_depth) { - goto end; - } - if (pp_element->max_depth != ip_proto[i].port[k].toclient_element[j].max_depth) { - goto end; - } - } /* for */ - if (pp_element != NULL) - goto end; - } - if (pp_port != NULL) - goto end; - } - if (pp != NULL) - goto end; - - result = 1; - end: -#ifdef DEBUG - printf("i = %d, k = %d, j = %d(%s)\n", i, k, j, (dir == 0) ? "ts" : "tc"); -#endif - return result; -} - -uint16_t ProbingParserDummyForTesting(uint8_t *input, uint32_t input_len, uint32_t *offset) -{ - return 0; -} - -static int AppLayerProbingParserTest01(void) -{ - int result = 0; - - AlpProtoDetectCtx ctx; - AlpProtoInit(&ctx); - - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "80", - "http", - ALPROTO_HTTP, - 5, 8, - STREAM_TOSERVER, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "80", - "smb", - ALPROTO_SMB, - 5, 6, - STREAM_TOSERVER, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "80", - "ftp", - ALPROTO_FTP, - 7, 10, - STREAM_TOSERVER, - ProbingParserDummyForTesting); - - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "81", - "dcerpc", - ALPROTO_DCERPC, - 9, 10, - STREAM_TOSERVER, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "81", - "ftp", - ALPROTO_FTP, - 7, 15, - STREAM_TOSERVER, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "0", - "smtp", - ALPROTO_SMTP, - 12, 0, - STREAM_TOSERVER, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "0", - "tls", - ALPROTO_TLS, - 12, 18, - STREAM_TOSERVER, - ProbingParserDummyForTesting); - - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "85", - "dcerpc", - ALPROTO_DCERPC, - 9, 10, - STREAM_TOSERVER, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "85", - "ftp", - ALPROTO_FTP, - 7, 15, - STREAM_TOSERVER, - ProbingParserDummyForTesting); - result = 1; - - AppLayerRegisterProbingParser(&ctx, - IPPROTO_UDP, - "85", - "imap", - ALPROTO_IMAP, - 12, 23, - STREAM_TOSERVER, - ProbingParserDummyForTesting); - - /* toclient */ - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "0", - "jabber", - ALPROTO_JABBER, - 12, 23, - STREAM_TOCLIENT, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "0", - "irc", - ALPROTO_IRC, - 12, 14, - STREAM_TOCLIENT, - ProbingParserDummyForTesting); - - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "85", - "dcerpc", - ALPROTO_DCERPC, - 9, 10, - STREAM_TOCLIENT, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "81", - "ftp", - ALPROTO_FTP, - 7, 15, - STREAM_TOCLIENT, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "0", - "tls", - ALPROTO_TLS, - 12, 18, - STREAM_TOCLIENT, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "80", - "http", - ALPROTO_HTTP, - 5, 8, - STREAM_TOCLIENT, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "81", - "dcerpc", - ALPROTO_DCERPC, - 9, 10, - STREAM_TOCLIENT, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "90", - "ftp", - ALPROTO_FTP, - 7, 15, - STREAM_TOCLIENT, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "80", - "smb", - ALPROTO_SMB, - 5, 6, - STREAM_TOCLIENT, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_UDP, - "85", - "imap", - ALPROTO_IMAP, - 12, 23, - STREAM_TOCLIENT, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "0", - "smtp", - ALPROTO_SMTP, - 12, 17, - STREAM_TOCLIENT, - ProbingParserDummyForTesting); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "80", - "ftp", - ALPROTO_FTP, - 7, 10, - STREAM_TOCLIENT, - ProbingParserDummyForTesting); - - //AppLayerPrintProbingParsers(ctx.probing_parsers); - - AppLayerPPTestDataElement element_ts_80[] = - { { "http", ALPROTO_HTTP, 80, 1 << ALPROTO_HTTP, 5, 8 }, - { "smb", ALPROTO_SMB, 80, 1 << ALPROTO_SMB, 5, 6 }, - { "ftp", ALPROTO_FTP, 80, 1 << ALPROTO_FTP, 7, 10 }, - { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 }, - { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, - { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 }, - { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, - }; - AppLayerPPTestDataElement element_tc_80[] = - { { "http", ALPROTO_HTTP, 80, 1 << ALPROTO_HTTP, 5, 8 }, - { "smb", ALPROTO_SMB, 80, 1 << ALPROTO_SMB, 5, 6 }, - { "ftp", ALPROTO_FTP, 80, 1 << ALPROTO_FTP, 7, 10 }, - { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, - { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 }, - { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, - { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 } - }; - - AppLayerPPTestDataElement element_ts_81[] = - { { "dcerpc", ALPROTO_DCERPC, 81, 1 << ALPROTO_DCERPC, 9, 10 }, - { "ftp", ALPROTO_FTP, 81, 1 << ALPROTO_FTP, 7, 15 }, - { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 }, - { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, - { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 }, - { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, - }; - AppLayerPPTestDataElement element_tc_81[] = - { { "ftp", ALPROTO_FTP, 81, 1 << ALPROTO_FTP, 7, 15 }, - { "dcerpc", ALPROTO_DCERPC, 81, 1 << ALPROTO_DCERPC, 9, 10 }, - { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, - { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 }, - { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, - { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 } - }; - - AppLayerPPTestDataElement element_ts_85[] = - { { "dcerpc", ALPROTO_DCERPC, 85, 1 << ALPROTO_DCERPC, 9, 10 }, - { "ftp", ALPROTO_FTP, 85, 1 << ALPROTO_FTP, 7, 15 }, - { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 }, - { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, - { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 }, - { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, - }; - AppLayerPPTestDataElement element_tc_85[] = - { { "dcerpc", ALPROTO_DCERPC, 85, 1 << ALPROTO_DCERPC, 9, 10 }, - { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, - { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 }, - { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, - { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 } - }; - - AppLayerPPTestDataElement element_ts_90[] = - { { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 }, - { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, - { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 }, - { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, - }; - AppLayerPPTestDataElement element_tc_90[] = - { { "ftp", ALPROTO_FTP, 90, 1 << ALPROTO_FTP, 7, 15 }, - { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, - { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 }, - { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, - { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 } - }; - - AppLayerPPTestDataElement element_ts_0[] = - { { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 }, - { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, - { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 }, - { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, - }; - AppLayerPPTestDataElement element_tc_0[] = - { { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 }, - { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 }, - { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 }, - { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 } - }; - - - AppLayerPPTestDataElement element_ts_85_udp[] = - { { "imap", ALPROTO_IMAP, 85, 1 << ALPROTO_IMAP, 12, 23 }, - }; - AppLayerPPTestDataElement element_tc_85_udp[] = - { { "imap", ALPROTO_IMAP, 85, 1 << ALPROTO_IMAP, 12, 23 }, - }; - - AppLayerPPTestDataPort ports_tcp[] = - { { 80, - ((1 << ALPROTO_HTTP) | (1 << ALPROTO_SMB) | (1 << ALPROTO_FTP) | - (1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)), - ((1 << ALPROTO_HTTP) | (1 << ALPROTO_SMB) | (1 << ALPROTO_FTP) | - (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)), - 0, 23, - element_ts_80, element_tc_80, - sizeof(element_ts_80) / sizeof(AppLayerPPTestDataElement), - sizeof(element_tc_80) / sizeof(AppLayerPPTestDataElement), - }, - { 81, - ((1 << ALPROTO_DCERPC) | (1 << ALPROTO_FTP) | - (1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)), - ((1 << ALPROTO_FTP) | (1 << ALPROTO_DCERPC) | - (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)), - 0, 23, - element_ts_81, element_tc_81, - sizeof(element_ts_81) / sizeof(AppLayerPPTestDataElement), - sizeof(element_tc_81) / sizeof(AppLayerPPTestDataElement), - }, - { 85, - ((1 << ALPROTO_DCERPC) | (1 << ALPROTO_FTP) | - (1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)), - ((1 << ALPROTO_DCERPC) | - (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)), - 0, 23, - element_ts_85, element_tc_85, - sizeof(element_ts_85) / sizeof(AppLayerPPTestDataElement), - sizeof(element_tc_85) / sizeof(AppLayerPPTestDataElement) - }, - { 90, - ((1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)), - ((1 << ALPROTO_FTP) | - (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)), - 0, 23, - element_ts_90, element_tc_90, - sizeof(element_ts_90) / sizeof(AppLayerPPTestDataElement), - sizeof(element_tc_90) / sizeof(AppLayerPPTestDataElement) - }, - { 0, - ((1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)), - ((1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)), - 0, 23, - element_ts_0, element_tc_0, - sizeof(element_ts_0) / sizeof(AppLayerPPTestDataElement), - sizeof(element_tc_0) / sizeof(AppLayerPPTestDataElement) - } - }; - - AppLayerPPTestDataPort ports_udp[] = - { { 85, - (1 << ALPROTO_IMAP), - (1 << ALPROTO_IMAP), - 23, 23, - element_ts_85_udp, element_tc_85_udp, - sizeof(element_ts_85_udp) / sizeof(AppLayerPPTestDataElement), - sizeof(element_tc_85_udp) / sizeof(AppLayerPPTestDataElement), - }, - }; - - AppLayerPPTestDataIPProto ip_proto[] = - { { IPPROTO_TCP, - ports_tcp, - sizeof(ports_tcp) / sizeof(AppLayerPPTestDataPort), - }, - { IPPROTO_UDP, - ports_udp, - sizeof(ports_udp) / sizeof(AppLayerPPTestDataPort), - }, - }; - - - if (AppLayerPPTestData(ctx.probing_parsers, ip_proto, - sizeof(ip_proto) / sizeof(AppLayerPPTestDataIPProto)) == 0) { - goto end; - } - result = 1; - - end: - AlpProtoTestDestroy(&ctx); - return result; -} - -#endif /* UNITESTS */ -void AppLayerParserRegisterTests(void) +void AppLayerParserRegisterUnittests(void) { -#ifdef UNITTESTS - int i; - for (i = 0; i < ALPROTO_MAX; i++) { - AppLayerProto *p = &al_proto_table[i]; - - if (p->name == NULL) - continue; + SCEnter(); - g_ut_modules++; + int ip; + uint16_t alproto; + AppLayerParserpCtx *ctx; - if (p->RegisterUnittests != NULL) { - p->RegisterUnittests(); - g_ut_covered++; - } else { - if (coverage_unittests) - SCLogWarning(SC_WARN_NO_UNITTESTS, "app layer module %s has no " - "unittests", p->name); + for (ip = 0; ip < FLOW_PROTO_DEFAULT; ip++) { + for (alproto = 0; alproto < ALPROTO_MAX; alproto++) { + ctx = &alp_ctx.ctxs[ip][alproto]; + if (ctx->RegisterUnittests == NULL) + continue; + ctx->RegisterUnittests(); } } UtRegisterTest("AppLayerParserTest01", AppLayerParserTest01, 1); UtRegisterTest("AppLayerParserTest02", AppLayerParserTest02, 1); - UtRegisterTest("AppLayerProbingParserTest01", - AppLayerProbingParserTest01, 1); -#endif /* UNITTESTS */ - return; + SCReturn; } + +#endif diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index 1b0a032194..84ab9a6a24 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation +/* Copyright (C) 2007-2013 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -19,470 +19,174 @@ * \file * * \author Victor Julien + * \author Anoop Saldanha */ -#ifndef __APP_LAYER_PARSER_H__ -#define __APP_LAYER_PARSER_H__ +#ifndef __APP_LAYER_PARSER__H__ +#define __APP_LAYER_PARSER__H__ #include "decode-events.h" - #include "util-file.h" -/** Mapping between local parser id's (e.g. HTTP_FIELD_REQUEST_URI) and - * the dynamically assigned (at registration) global parser id. */ -typedef struct AppLayerLocalMap_ { - uint16_t parser_id; -} AppLayerLocalMap; - -typedef uint16_t (*ProbingParserFPtr)(uint8_t *input, uint32_t input_len, - uint32_t *offset); - -/** \brief Mapping between ALPROTO_* and L7Parsers - * - * Map the proto to the parsers for the to_client and to_server directions. - */ -typedef struct AppLayerProto_ { - char *name; /**< name of the registered proto */ - - uint16_t to_server; - uint16_t to_client; - uint16_t map_size; - char logger; /**< does this proto have a logger enabled? */ - - AppLayerLocalMap **map; - - void *(*StateAlloc)(void); - void (*StateFree)(void *); - void (*StateTransactionFree)(void *, uint64_t); - void *(*LocalStorageAlloc)(void); - void (*LocalStorageFree)(void *); - - /** truncate state after a gap/depth event */ - void (*Truncate)(void *, uint8_t); - FileContainer *(*StateGetFiles)(void *, uint8_t); - AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t); - /* bool indicating a state has decoder/parser events */ - int (*StateHasEvents)(void *); - - int (*StateGetAlstateProgress)(void *alstate, uint8_t direction); - uint64_t (*StateGetTxCnt)(void *alstate); - void *(*StateGetTx)(void *alstate, uint64_t tx_id); - int (*StateGetAlstateProgressCompletionStatus)(uint8_t direction); - - int (*StateGetEventInfo)(const char *event_name, - int *event_id, AppLayerEventType *event_type); - - ProbingParserFPtr PPAlprotoMap[2]; - /* Indicates the direction the parser is ready to see the data - * the first time for a flow. Values accepted - - * STREAM_TOSERVER, STREAM_TOCLIENT */ - uint8_t first_data_dir; - -#ifdef UNITTESTS - void (*RegisterUnittests)(void); -#endif -} AppLayerProto; - -/** flags for the result elmts */ -#define ALP_RESULT_ELMT_ALLOC 0x01 - -/** \brief Result elements for the parser */ -typedef struct AppLayerParserResultElmt_ { - uint16_t flags; /* flags. E.g. local alloc */ - uint16_t name_idx; /* idx for names like "http.request_line.uri" */ - - uint32_t data_len; /* length of the data from the ptr */ - uint8_t *data_ptr; /* point to the position in the "input" data - * or ptr to new mem if local alloc flag set */ - struct AppLayerParserResultElmt_ *next; -} AppLayerParserResultElmt; - -/** \brief List head for parser result elmts */ -typedef struct AppLayerParserResult_ { - AppLayerParserResultElmt *head; - AppLayerParserResultElmt *tail; - uint32_t cnt; -} AppLayerParserResult; - -#define APP_LAYER_PARSER_USE 0x01 -#define APP_LAYER_PARSER_EOF 0x02 -#define APP_LAYER_PARSER_DONE 0x04 /**< parser is done, ignore more - msgs */ -#define APP_LAYER_PARSER_NO_INSPECTION 0x08 /**< Flag to indicate no more - packets payload inspection */ -#define APP_LAYER_PARSER_NO_REASSEMBLY 0x10 /**< Flag to indicate no more - packets reassembly for this - session */ - -#define APP_LAYER_TRANSACTION_EOF 0x01 /**< Session done, last transaction - as well */ -#define APP_LAYER_TRANSACTION_TOSERVER 0x02 /**< transaction has been inspected - in to server direction. */ -#define APP_LAYER_TRANSACTION_TOCLIENT 0x04 /**< transaction has been inspected - in to server direction. */ - -typedef struct AppLayerParserState_ { - uint8_t flags; - uint16_t cur_parser; /**< idx of currently active parser */ - uint8_t *store; - uint32_t store_len; - uint16_t parse_field; -} AppLayerParserState; - -typedef struct AppLayerParserStateStore_ { - AppLayerParserState to_client; - AppLayerParserState to_server; - - /** flags related to the id's */ - uint8_t id_flags; - - /* Indicates the current transaction that is being indicated. We have - * a var per direction. */ - uint64_t inspect_id[2]; - /* Indicates the current transaction being logged. Unlike inspect_id, - * we don't need a var per direction since we don't log a transaction - * unless we have the entire transaction. */ - uint64_t log_id; - uint16_t version; /**< state version, incremented for each update, - * can wrap around */ - - /* Used to store decoder events */ - AppLayerDecoderEvents *decoder_events; -} AppLayerParserStateStore; - -typedef struct AppLayerParserTableElement_ { - int (*AppLayerParser)(Flow *f, void *protocol_state, AppLayerParserState - *parser_state, uint8_t *input, uint32_t input_len, - void *local_storage, AppLayerParserResult *output); - - char *name; - - uint16_t proto; - uint16_t parser_local_id; /**< local id of the parser in the parser itself. */ -} AppLayerParserTableElement; - -typedef struct AppLayerProbingParserElement_ { - char *al_proto_name; - uint16_t al_proto; - /* \todo don't really need it. See if you can get rid of it */ - uint16_t port; - /* \todo calculate at runtime and get rid of this var */ - uint32_t al_proto_mask; - /* \todo check if we can reduce the bottom 2 vars to uint16_t */ - /* the min length of data that has to be supplied to invoke the parser */ - uint32_t min_depth; - /* the max length of data after which this parser won't be invoked */ - uint32_t max_depth; - /* the probing parser function */ - ProbingParserFPtr ProbingParser; - - struct AppLayerProbingParserElement_ *next; -} AppLayerProbingParserElement; - -typedef struct AppLayerProbingParserPort_ { - /* the port no for which probing parser(s) are invoked */ - uint16_t port; - - uint32_t toserver_al_proto_mask; - uint32_t toclient_al_proto_mask; - /* the max depth for all the probing parsers registered for this port */ - uint16_t toserver_max_depth; - uint16_t toclient_max_depth; - - AppLayerProbingParserElement *toserver; - AppLayerProbingParserElement *toclient; - - struct AppLayerProbingParserPort_ *next; -} AppLayerProbingParserPort; - -typedef struct AppLayerProbingParser_ { - uint16_t ip_proto; - AppLayerProbingParserPort *port; - - struct AppLayerProbingParser_ *next; -} AppLayerProbingParser; - -extern AppLayerProto al_proto_table[]; - -static inline -AppLayerProbingParserPort *AppLayerGetProbingParsers(AppLayerProbingParser *pp, - uint16_t ip_proto, - uint16_t port) -{ - while (pp != NULL) { - if (pp->ip_proto == ip_proto) - break; - - pp = pp->next; - } - - if (pp == NULL) - return NULL; - - AppLayerProbingParserPort *pp_port = pp->port; - while (pp_port != NULL) { - if (pp_port->port == port || pp_port->port == 0) { - break; - } - pp_port = pp_port->next; - } - - return pp_port; -} - -struct AlpProtoDetectCtx_; - -/* prototypes */ -void AppLayerParsersInitPostProcess(void); -void RegisterAppLayerParsers(void); -void AppLayerParserRegisterTests(void); - -/* registration */ -int AppLayerRegisterProto(char *name, uint8_t proto, uint8_t flags, - int (*AppLayerParser)(Flow *f, void *protocol_state, - AppLayerParserState *parser_state, - uint8_t *input, uint32_t input_len, - void *local_data, - AppLayerParserResult *output)); -int AppLayerRegisterParser(char *name, uint16_t proto, uint16_t parser_id, - int (*AppLayerParser)(Flow *f, void *protocol_state, - AppLayerParserState *parser_state, - uint8_t *input, uint32_t input_len, - void *local_data, - AppLayerParserResult *output), - char *dependency); -void AppLayerRegisterParserAcceptableDataDirection(uint16_t al_proto, - uint8_t flags); -void AppLayerMapProbingParserAgainstAlproto(uint16_t al_proto, - uint8_t flags, - ProbingParserFPtr ProbingParser); -void AppLayerRegisterProbingParser(struct AlpProtoDetectCtx_ *, - uint16_t ip_proto, - char *portstr, - char *al_proto_name, uint16_t al_proto, - uint16_t min_depth, uint16_t max_depth, - uint8_t flags, - ProbingParserFPtr ProbingParser); -#ifdef UNITTESTS -void AppLayerParserRegisterUnittests(uint16_t proto, void (*RegisterUnittests)(void)); -#endif -void AppLayerRegisterStateFuncs(uint16_t proto, void *(*StateAlloc)(void), - void (*StateFree)(void *)); -void AppLayerRegisterLocalStorageFunc(uint16_t proto, - void *(*LocalStorageAlloc)(void), - void (*LocalStorageFree)(void *)); -void *AppLayerGetProtocolParserLocalStorage(uint16_t); -void AppLayerRegisterGetFilesFunc(uint16_t proto, - FileContainer *(*StateGetFile)(void *, uint8_t)); -void AppLayerRegisterGetEventsFunc(uint16_t proto, - AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t)); -void AppLayerRegisterHasEventsFunc(uint16_t proto, - int (*StateHasEvents)(void *)); - -void AppLayerRegisterLogger(uint16_t proto); -uint16_t AppLayerGetProtoByName(const char *); -const char *AppLayerGetProtoString(int proto); -void AppLayerRegisterTruncateFunc(uint16_t proto, void (*Truncate)(void *, uint8_t)); -void AppLayerRegisterGetAlstateProgressFunc(uint16_t alproto, - int (*StateGetAlstateProgress)(void *alstate, uint8_t direction)); -void AppLayerRegisterTxFreeFunc(uint16_t proto, - void (*StateTransactionFree)(void *, uint64_t)); -void AppLayerRegisterGetTxCnt(uint16_t alproto, - uint64_t (*StateGetTxCnt)(void *alstate)); -void AppLayerRegisterGetTx(uint16_t alproto, - void *(*StateGetTx)(void *alstate, uint64_t tx_id)); -void AppLayerRegisterGetAlstateProgressCompletionStatus(uint16_t alproto, - int (*StateProgressCompletionStatus)(uint8_t direction)); -void AppLayerRegisterGetEventInfo(uint16_t alproto, - int (*StateGetEventInfo)(const char *event_name, - int *event_id, - AppLayerEventType *event_type)); - -int AppLayerParse(void *, Flow *, uint8_t, - uint8_t, uint8_t *, uint32_t); - -int AlpParseFieldBySize(AppLayerParserResult *, AppLayerParserState *, uint16_t, - uint32_t, uint8_t *, uint32_t, uint32_t *); -int AlpParseFieldByEOF(AppLayerParserResult *, AppLayerParserState *, uint16_t, - uint8_t *, uint32_t); -int AlpParseFieldByDelimiter(AppLayerParserResult *, AppLayerParserState *, - uint16_t, const uint8_t *, uint8_t, uint8_t *, - uint32_t, uint32_t *); - - -/***** transaction handling *****/ - -/** - * \brief Update the current log id. Does one step increments currently. - * - * \param f Flow. - */ -void AppLayerTransactionUpdateLogId(Flow *f); - -/** - * \brief Get the current log id. - * - * \param f Flow. - */ -uint64_t AppLayerTransactionGetLogId(Flow *f); - -/** - * \brief Updates the inspection id for the alstate. - * - * \param f Pointer to the flow(LOCKED). - * \param direction Direction. 0 - toserver, 1 - toclient. - */ -void AppLayerTransactionUpdateInspectId(Flow *f, uint8_t direction); - -/** - * \brief Get the current tx id to be inspected. - * - * \param f Flow. - * \param flags Flags. - * - * \retval A positive integer value. - */ -uint64_t AppLayerTransactionGetInspectId(Flow *f, uint8_t flags); - -uint64_t AppLayerTransactionGetActive(Flow *f, uint8_t flags); - - -void AppLayerSetEOF(Flow *); - - - -/***** cleanup *****/ - -void AppLayerParserCleanupState(Flow *); -void AppLayerFreeProbingParsers(AppLayerProbingParser *); -void AppLayerPrintProbingParsers(AppLayerProbingParser *); - -void AppLayerListSupportedProtocols(void); -AppLayerDecoderEvents *AppLayerGetDecoderEventsForFlow(Flow *); -AppLayerDecoderEvents *AppLayerGetEventsFromFlowByTx(Flow *f, uint64_t tx_id); -int AppLayerProtoIsTxEventAware(uint16_t alproto); -int AppLayerFlowHasDecoderEvents(Flow *f, uint8_t flags); - -/***** Alproto param retrieval ******/ - -/** - * \brief get the version of the state in a direction - * - * \param f Flow(LOCKED). - * \param direction STREAM_TOSERVER or STREAM_TOCLIENT - */ -uint16_t AppLayerGetStateVersion(Flow *f); - -FileContainer *AppLayerGetFilesFromFlow(Flow *, uint8_t); - -/** - * \brief Get the state progress. - * - * This is a generic wrapper to each ALPROTO. The value returned - * needs to be interpreted by the caller, based on the ALPROTO_* - * the caller supplies. - * - * The state can be anything based on what the ALPROTO handler - * expects. We have given a return value of int, although a range - * of -128 to 127 (int8_t) should be more than sufficient. - * - * \param alproto The app protocol. - * \param state App state. - * \param dir Directin. 0 - ts, 1 - tc. - * - * \retval An integer value indicating the current progress of "state". - */ -int AppLayerGetAlstateProgress(uint16_t alproto, void *state, uint8_t direction); - -/** - * \brief Get the no of txs. - * - * \param alproto The app protocol. - * \param alstate App state. - * - * \retval A positive integer value indicating the no of txs. - */ -uint64_t AppLayerGetTxCnt(uint16_t alproto, void *alstate); - -/** - * \brief Get a tx referenced by the id. - * - * \param alproto The app protocol - * \param alstate App state. - * \param tx_id The transaction id. - * - * \retval Tx instance. +#define APP_LAYER_PARSER_EOF 0x01 +#define APP_LAYER_PARSER_NO_INSPECTION 0x02 +#define APP_LAYER_PARSER_NO_REASSEMBLY 0x04 + +int AppLayerParserSetup(void); + +int AppLayerParserDeSetup(void); + +/** + * \brief Gets a new app layer protocol's parser thread context. + * + * \retval Non-NULL pointer on success. + * NULL pointer on failure. + */ +void *AppLayerParserGetCtxThread(void); + +/** + * \brief Destroys the app layer parser thread context obtained + * using AppLayerParserGetCtxThread(). + * + * \param tctx Pointer to the thread context to be destroyed. + */ +void AppLayerParserDestroyCtxThread(void *tctx); + +/** + * \brief Given a protocol name, checks if the parser is enabled in + * the conf file. + * + * \param alproto_name Name of the app layer protocol. + * + * \retval 1 If enabled. + * \retval 0 If disabled. */ -void *AppLayerGetTx(uint16_t alproto, void *alstate, uint64_t tx_id); +int AppLayerParserConfParserEnabled(const char *ipproto, + const char *alproto_name); -/** - * \brief Get the state value for the following alproto, that corresponds to - * COMPLETE or DONE. - * - * \param alproto The app protocol. - * \param direction The direction. 0 - ts, 1 - tc. - * - * \retval An integer value indicating the state value. - */ -int AppLayerGetAlstateProgressCompletionStatus(uint16_t alproto, uint8_t direction); +/***** Parser related registration *****/ /** - * \brief Informs if the alproto supports transactions or not. - * - * \param alproto The app protocol. - * \param direction The direction. 0 - ts, 1 - tc. + * \brief Register app layer parser for the protocol. * - * \retval 1 If true; 0 If false. + * \retval 0 On success. + * \retval -1 On failure. */ -int AppLayerAlprotoSupportsTxs(uint16_t alproto); +int AppLayerParserRegisterParser(uint16_t ip_proto, AppProto alproto, + uint8_t direction, + int (*Parser)(Flow *f, void *protocol_state, + void *pstate, + uint8_t *buf, uint32_t buf_len, + void *local_storage)); +void AppLayerParserRegisterParserAcceptableDataDirection(uint16_t ipproto, + AppProto alproto, + uint8_t direction); +void AppLayerParserRegisterStateFuncs(uint16_t ipproto, AppProto alproto, + void *(*StateAlloc)(void), + void (*StateFree)(void *)); +void AppLayerParserRegisterLocalStorageFunc(uint16_t ipproto, AppProto proto, + void *(*LocalStorageAlloc)(void), + void (*LocalStorageFree)(void *)); +void AppLayerParserRegisterGetFilesFunc(uint16_t ipproto, AppProto alproto, + FileContainer *(*StateGetFiles)(void *, uint8_t)); +void AppLayerParserRegisterGetEventsFunc(uint16_t ipproto, AppProto proto, + AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t)); +void AppLayerParserRegisterHasEventsFunc(uint16_t ipproto, AppProto alproto, + int (*StateHasEvents)(void *)); +void AppLayerParserRegisterLogger(uint16_t ipproto, AppProto alproto); +void AppLayerParserRegisterTruncateFunc(uint16_t ipproto, AppProto alproto, + void (*Truncate)(void *, uint8_t)); +void AppLayerParserRegisterGetStateProgressFunc(uint16_t ipproto, AppProto alproto, + int (*StateGetStateProgress)(void *alstate, uint8_t direction)); +void AppLayerParserRegisterTxFreeFunc(uint16_t ipproto, AppProto alproto, + void (*StateTransactionFree)(void *, uint64_t)); +void AppLayerParserRegisterGetTxCnt(uint16_t ipproto, AppProto alproto, + uint64_t (*StateGetTxCnt)(void *alstate)); +void AppLayerParserRegisterGetTx(uint16_t ipproto, AppProto alproto, + void *(StateGetTx)(void *alstate, uint64_t tx_id)); +void AppLayerParserRegisterGetStateProgressCompletionStatus(uint16_t ipproto, + uint16_t alproto, + int (*StateGetStateProgressCompletionStatus)(uint8_t direction)); +void AppLayerParserRegisterGetEventInfo(uint16_t ipproto, AppProto alproto, + int (*StateGetEventInfo)(const char *event_name, int *event_id, + AppLayerEventType *event_type)); -/** - * \brief Triggers raw reassembly. - * - * \param f Flow pointer. - */ -void AppLayerTriggerRawStreamReassembly(Flow *); +/***** Get and transaction functions *****/ -/** - * \brief Informs if the specified alproto's parser is enabled. - * - * \param alproto Character string holding the alproto name. - */ -int AppLayerParserEnabled(const char *alproto); +void *AppLayerParserGetProtocolParserLocalStorage(uint16_t ipproto, AppProto alproto); +void AppLayerParserDestroyProtocolParserLocalStorage(uint16_t ipproto, AppProto alproto, + void *local_data); -/** - * \brief Informs if the specified alproto has detection enabled. - * - * \param alproto Character string holding the alproto name. - */ -int AppLayerProtoDetectionEnabled(const char *alproto); -/** - * \brief Gets event info for this alproto. - * - * \param alproto Character string holding the alproto name. - * \param event_name Name of the event. - * \param event_id Pointer to an instance to send back event id. - */ -int AppLayerGetEventInfo(uint16_t alproto, const char *event_name, - int *event_id, AppLayerEventType *event_type); +uint64_t AppLayerParserGetTransactionLogId(void *pstate); +void AppLayerParserSetTransactionLogId(void *pstate); +uint64_t AppLayerParserGetTransactionInspectId(void *pstate, uint8_t direction); +void AppLayerParserSetTransactionInspectId(void *pstate, + uint16_t ipproto, AppProto alproto, void *alstate, + uint8_t direction); +AppLayerDecoderEvents *AppLayerParserGetDecoderEvents(void *pstate); +void AppLayerParserSetDecoderEvents(void *pstate, AppLayerDecoderEvents *devents); +AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint16_t ipproto, AppProto alproto, void *alstate, + uint64_t tx_id); +uint16_t AppLayerParserGetStateVersion(void *pstate); +FileContainer *AppLayerParserGetFiles(uint16_t ipproto, AppProto alproto, + void *alstate, uint8_t direction); +int AppLayerParserGetStateProgress(uint16_t ipproto, AppProto alproto, + void *alstate, uint8_t direction); +uint64_t AppLayerParserGetTxCnt(uint16_t ipproto, AppProto alproto, void *alstate); +void *AppLayerParserGetTx(uint16_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id); +int AppLayerParserGetStateProgressCompletionStatus(uint16_t ipproto, AppProto alproto, + uint8_t direction); +int AppLayerParserGetEventInfo(uint16_t ipproto, AppProto alproto, const char *event_name, + int *event_id, AppLayerEventType *event_type); -/***** Utility *****/ +uint64_t AppLayerParserGetTransactionActive(uint16_t ipproto, AppProto alproto, void *pstate, uint8_t direction); -void AppLayerParseProbingParserPorts(const char *al_proto_name, uint16_t al_proto, - uint16_t min_depth, uint16_t max_depth, - ProbingParserFPtr ProbingParser); +uint8_t AppLayerParserGetFirstDataDir(uint16_t ipproto, uint16_t alproto); +/***** General *****/ + +int AppLayerParserParse(void *tctx, Flow *f, AppProto alproto, + uint8_t flags, uint8_t *input, uint32_t input_len); +void AppLayerParserSetEOF(void *pstate); +int AppLayerParserHasDecoderEvents(uint16_t ipproto, AppProto alproto, void *alstate, void *pstate, + uint8_t flags); +int AppLayerParserProtocolIsTxEventAware(uint16_t ipproto, AppProto alproto); +int AppLayerParserProtocolSupportsTxs(uint16_t ipproto, AppProto alproto); +void AppLayerParserTriggerRawStreamReassembly(Flow *f); + +/***** Cleanup *****/ + +void AppLayerParserCleanupParserState(uint16_t ipproto, AppProto alproto, void *alstate, void *pstate); + +void AppLayerParserRegisterProtocolParsers(void); + + +void AppLayerParserParserStateSetFlag(void *pstate, uint8_t flag); +int AppLayerParserParserStateIssetFlag(void *pstate, uint8_t flag); + +void AppLayerParserStreamTruncated(uint16_t ipproto, AppProto alproto, void *alstate, + uint8_t direction); + + + +void *AppLayerParserAllocAppLayerParserParserState(void); +void AppLayerParserDeAllocAppLayerParserParserState(void *pstate); + + + +#ifdef DEBUG +void AppLayerParserPrintDetailsParserState(void *pstate); +#endif /***** Unittests *****/ -/** - * \brief Backup al_proto_table. - * - * Currently we backup only the event table. Feel free to backup - * other stuff as and when required. - */ -void AppLayerParserBackupAlprotoTable(void); -void AppLayerParserRestoreAlprotoTable(void); +#ifdef UNITTESTS +void AppLayerParserRegisterProtocolUnittests(uint16_t ipproto, AppProto alproto, + void (*RegisterUnittests)(void)); +void AppLayerParserRegisterUnittests(void); +void AppLayerParserBackupParserTable(void); +void AppLayerParserRestoreParserTable(void); +#endif -#endif /* __APP_LAYER_PARSER_H__ */ +#endif /* __APP_LAYER_PARSER__H__ */ diff --git a/src/app-layer-protos.c b/src/app-layer-protos.c index 5d62875c07..fd87412571 100644 --- a/src/app-layer-protos.c +++ b/src/app-layer-protos.c @@ -27,13 +27,6 @@ #define CASE_CODE(E) case E: return #E -/** - * \brief Maps the ALPROTO_*, to its string equivalent. - * - * \param alproto App layer protocol id. - * - * \retval String equivalent for the alproto. - */ const char *AppProtoToString(AppProto alproto) { const char *proto_name = NULL; @@ -72,18 +65,9 @@ const char *AppProtoToString(AppProto alproto) case ALPROTO_DCERPC: proto_name = "dcerpc"; break; - case ALPROTO_DCERPC_UDP: - proto_name = "dcerpcudp"; - break; case ALPROTO_IRC: proto_name = "irc"; break; - case ALPROTO_DNS_TCP: - proto_name = "dnstcp"; - break; - case ALPROTO_DNS_UDP: - proto_name = "dnsudp"; - break; case ALPROTO_DNS: proto_name = "dns"; break; diff --git a/src/app-layer-protos.h b/src/app-layer-protos.h index 1d5f45161c..c48ff49c25 100644 --- a/src/app-layer-protos.h +++ b/src/app-layer-protos.h @@ -38,12 +38,9 @@ enum { ALPROTO_SMB, ALPROTO_SMB2, ALPROTO_DCERPC, - ALPROTO_DCERPC_UDP, ALPROTO_IRC, ALPROTO_DNS, - ALPROTO_DNS_UDP, - ALPROTO_DNS_TCP, /* used by the probing parser when alproto detection fails * permanently for that particular stream */ @@ -57,7 +54,13 @@ enum { typedef uint16_t AppProto; +/** + * \brief Maps the ALPROTO_*, to its string equivalent. + * + * \param alproto App layer protocol id. + * + * \retval String equivalent for the alproto. + */ const char *AppProtoToString(AppProto alproto); #endif /* __APP_LAYER_PROTOS__H__ */ - diff --git a/src/app-layer-smb.c b/src/app-layer-smb.c index 4d64117312..d22d4f44c5 100644 --- a/src/app-layer-smb.c +++ b/src/app-layer-smb.c @@ -38,6 +38,7 @@ #include "stream-tcp.h" #include "stream.h" +#include "app-layer.h" #include "app-layer-detect-proto.h" #include "app-layer-protos.h" #include "app-layer-parser.h" @@ -65,8 +66,8 @@ enum { */ /* For WriteAndX we need to get writeandxdataoffset */ static uint32_t SMBParseWriteAndX(Flow *f, void *smb_state, - AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - AppLayerParserResult *output) { + void *pstate, uint8_t *input, uint32_t input_len) +{ SCEnter(); SMBState *sstate = (SMBState *) smb_state; @@ -263,8 +264,8 @@ static uint32_t SMBParseWriteAndX(Flow *f, void *smb_state, * \brief SMB Read AndX Response Parsing */ static uint32_t SMBParseReadAndX(Flow *f, void *smb_state, - AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - AppLayerParserResult *output) { + void *pstate, uint8_t *input, uint32_t input_len) +{ SCEnter(); SMBState *sstate = (SMBState *) smb_state; @@ -402,8 +403,8 @@ static uint32_t SMBParseReadAndX(Flow *f, void *smb_state, } static uint32_t SMBParseTransact(Flow *f, void *smb_state, - AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - AppLayerParserResult *output) { + void *pstate, uint8_t *input, uint32_t input_len) +{ SCEnter(); SMBState *sstate = (SMBState *) smb_state; @@ -627,8 +628,9 @@ static uint32_t SMBParseTransact(Flow *f, void *smb_state, /** * Handle variable length padding for WriteAndX and ReadAndX */ -static uint32_t PaddingParser(void *smb_state, AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { +static uint32_t PaddingParser(void *smb_state, void *pstate, + uint8_t *input, uint32_t input_len) +{ SCEnter(); SMBState *sstate = (SMBState *) smb_state; @@ -658,8 +660,9 @@ static uint32_t PaddingParser(void *smb_state, AppLayerParserState *pstate, * \retval -1 f DCERPCParser does not validate * \retval Number of bytes processed */ -static int32_t DataParser(void *smb_state, AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { +static int32_t DataParser(void *smb_state, void *pstate, + uint8_t *input, uint32_t input_len) +{ SCEnter(); SMBState *sstate = (SMBState *) smb_state; @@ -685,8 +688,8 @@ static int32_t DataParser(void *smb_state, AppLayerParserState *pstate, * Determine if this is an SMB AndX Command */ static uint32_t SMBGetWordCount(Flow *f, void *smb_state, - AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - AppLayerParserResult *output) { + void *pstate, uint8_t *input, uint32_t input_len) +{ SCEnter(); if (input_len > 0) { @@ -709,8 +712,8 @@ static uint32_t SMBGetWordCount(Flow *f, void *smb_state, */ static uint32_t SMBGetByteCount(Flow *f, void *smb_state, - AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - AppLayerParserResult *output) { + void *pstate, uint8_t *input, uint32_t input_len) +{ SCEnter(); SMBState *sstate = (SMBState *) smb_state; @@ -740,8 +743,8 @@ static uint32_t SMBGetByteCount(Flow *f, void *smb_state, * until sstate->wordcount.wordcount bytes are parsed. */ static uint32_t SMBParseWordCount(Flow *f, void *smb_state, - AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - AppLayerParserResult *output) { + void *pstate, uint8_t *input, uint32_t input_len) +{ SCEnter(); SMBState *sstate = (SMBState *) smb_state; @@ -750,8 +753,7 @@ static uint32_t SMBParseWordCount(Flow *f, void *smb_state, if ((sstate->smb.flags & SMB_FLAGS_SERVER_TO_REDIR) && sstate->smb.command == SMB_COM_READ_ANDX) { - retval = SMBParseReadAndX(f, sstate, pstate, input, input_len, - output); + retval = SMBParseReadAndX(f, sstate, pstate, input, input_len); if (retval <= sstate->wordcount.wordcountleft) { sstate->wordcount.wordcountleft -= retval; SCLogDebug("SMB_COM_READ_ANDX returned %d - %u bytes at offset %"PRIu64"", retval, sstate->andx.datalength, sstate->andx.dataoffset); @@ -762,8 +764,7 @@ static uint32_t SMBParseWordCount(Flow *f, void *smb_state, } else if (((sstate->smb.flags & SMB_FLAGS_SERVER_TO_REDIR) == 0) && sstate->smb.command == SMB_COM_WRITE_ANDX) { - retval = SMBParseWriteAndX(f, sstate, pstate, input, - input_len, output); + retval = SMBParseWriteAndX(f, sstate, pstate, input, input_len); if (retval <= sstate->wordcount.wordcountleft) { sstate->wordcount.wordcountleft -= retval; SCLogDebug("SMB_COM_WRITE_ANDX returned %d - %u bytes at offset %"PRIu64"", retval, sstate->andx.datalength, sstate->andx.dataoffset); @@ -773,8 +774,7 @@ static uint32_t SMBParseWordCount(Flow *f, void *smb_state, } } else if (sstate->smb.command == SMB_COM_TRANSACTION) { - retval = SMBParseTransact(f, sstate, pstate, input, input_len, - output); + retval = SMBParseTransact(f, sstate, pstate, input, input_len); if (retval <= sstate->wordcount.wordcountleft) { sstate->wordcount.wordcountleft -= retval; SCLogDebug("SMB_COM_TRANSACTION returned %d - %u bytes at offset %"PRIu64"", retval, sstate->andx.datalength, sstate->andx.dataoffset); @@ -800,8 +800,7 @@ static uint32_t SMBParseWordCount(Flow *f, void *smb_state, * until sstate->bytecount.bytecount bytes are parsed. */ static uint32_t SMBParseByteCount(Flow *f, void *smb_state, - AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - AppLayerParserResult *output) + void *pstate, uint8_t *input, uint32_t input_len) { SCEnter(); @@ -818,7 +817,7 @@ static uint32_t SMBParseByteCount(Flow *f, void *smb_state, (sstate->smb.command == SMB_COM_TRANSACTION)) { if (sstate->andx.paddingparsed == 0) { - ures = PaddingParser(sstate, pstate, input + parsed, input_len, output); + ures = PaddingParser(sstate, pstate, input + parsed, input_len); if (ures <= input_len) { parsed += ures; input_len -= ures; @@ -830,7 +829,7 @@ static uint32_t SMBParseByteCount(Flow *f, void *smb_state, if (sstate->andx.datalength && input_len) { /* Uncomment the next line to help debug DCERPC over SMB */ //hexdump(f, input + parsed, input_len); - sres = DataParser(sstate, pstate, input + parsed, input_len, output); + sres = DataParser(sstate, pstate, input + parsed, input_len); if (sres != -1 && sres <= (int32_t)input_len) { parsed += (uint32_t)sres; input_len -= (uint32_t)sres; @@ -869,8 +868,8 @@ static uint32_t SMBParseByteCount(Flow *f, void *smb_state, * \retval 0 no input or already done */ static uint32_t NBSSParseHeader(Flow *f, void *smb_state, - AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - AppLayerParserResult *output) { + void *pstate, uint8_t *input, uint32_t input_len) +{ SCEnter(); SMBState *sstate = (SMBState *) smb_state; @@ -927,8 +926,8 @@ static uint32_t NBSSParseHeader(Flow *f, void *smb_state, * \retval -1 error */ static int SMBParseHeader(Flow *f, void *smb_state, - AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - AppLayerParserResult *output) { + void *pstate, uint8_t *input, uint32_t input_len) +{ SCEnter(); SMBState *sstate = (SMBState *) smb_state; @@ -1156,9 +1155,9 @@ static int SMBParseHeader(Flow *f, void *smb_state, SCReturnInt((p - input)); } -static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, +static int SMBParse(Flow *f, void *smb_state, void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output, uint8_t dir) + void *local_data, uint8_t dir) { SCEnter(); @@ -1188,7 +1187,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, while (input_len && sstate->bytesprocessed < NBSS_HDR_LEN) { retval = NBSSParseHeader(f, smb_state, pstate, input + parsed, - input_len, output); + input_len); if (retval && retval <= input_len) { parsed += retval; input_len -= retval; @@ -1210,7 +1209,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, sstate->bytesprocessed < NBSS_HDR_LEN + SMB_HDR_LEN)) { /* inside while */ hdrretval = SMBParseHeader(f, smb_state, pstate, input + parsed, - input_len, output); + input_len); if (hdrretval == -1 || hdrretval > (int32_t)input_len) { SCLogDebug("Error parsing SMB Header"); sstate->bytesprocessed = 0; @@ -1230,7 +1229,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, (sstate->bytesprocessed == NBSS_HDR_LEN + SMB_HDR_LEN)) { /* inside if */ retval = SMBGetWordCount(f, smb_state, pstate, input + parsed, - input_len, output); + input_len); if (retval && retval <= input_len) { parsed += retval; input_len -= retval; @@ -1253,7 +1252,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, sstate->wordcount.wordcount))) { /* inside while */ retval = SMBParseWordCount(f, smb_state, pstate, - input + parsed, input_len, output); + input + parsed, input_len); if (retval && retval <= input_len) { parsed += retval; input_len -= retval; @@ -1279,7 +1278,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, + sstate->wordcount.wordcount))) { /* inside while */ retval = SMBGetByteCount(f, smb_state, pstate, input + parsed, - input_len, output); + input_len); if (retval && retval <= input_len) { parsed += retval; input_len -= retval; @@ -1309,7 +1308,7 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, + sstate->bytecount.bytecount))) { /* inside while */ retval = SMBParseByteCount(f, smb_state, pstate, - input + parsed, input_len, output); + input + parsed, input_len); if (retval && retval <= input_len) { parsed += retval; input_len -= retval; @@ -1369,24 +1368,22 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, } /* while (input_len) */ - pstate->parse_field = 0; - sstate->data_needed_for_dir = dir; SCReturnInt(1); } -static int SMBParseRequest(Flow *f, void *smb_state, AppLayerParserState *pstate, +static int SMBParseRequest(Flow *f, void *smb_state, void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *local_data) { - return SMBParse(f, smb_state, pstate, input, input_len, local_data, output, 0); + return SMBParse(f, smb_state, pstate, input, input_len, local_data, 0); } -static int SMBParseResponse(Flow *f, void *smb_state, AppLayerParserState *pstate, +static int SMBParseResponse(Flow *f, void *smb_state, void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *local_data) { - return SMBParse(f, smb_state, pstate, input, input_len, local_data, output, 1); + return SMBParse(f, smb_state, pstate, input, input_len, local_data, 1); } @@ -1510,48 +1507,62 @@ static uint16_t SMBProbingParser(uint8_t *input, uint32_t ilen, uint32_t *offset return ALPROTO_UNKNOWN; } +static int SMBRegisterPatternsForProtocolDetection(void) +{ + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB, + "|ff|SMB", 8, 4, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB2, + "|fe|SMB", 8, 4, STREAM_TOSERVER) < 0) + { + return -1; + } + + return 0; +} + void RegisterSMBParsers(void) { char *proto_name = "smb"; - if (AppLayerProtoDetectionEnabled(proto_name)) { - /** SMB */ - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER); - /** SMB2 */ - AlpProtoAdd(&alp_proto_ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER); + if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) { + AppLayerProtoDetectRegisterProtocol(ALPROTO_SMB, proto_name); + if (SMBRegisterPatternsForProtocolDetection() < 0) + return; if (RunmodeIsUnittests()) { - AppLayerRegisterProbingParser(&alp_proto_ctx, - IPPROTO_TCP, + AppLayerProtoDetectPPRegister(IPPROTO_TCP, "139", - "smb", ALPROTO_SMB, SMB_PROBING_PARSER_MIN_DEPTH, 0, STREAM_TOSERVER, SMBProbingParser); } else { - AppLayerParseProbingParserPorts(proto_name, ALPROTO_SMB, - SMB_PROBING_PARSER_MIN_DEPTH, 0, - SMBProbingParser); + AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP, + proto_name, ALPROTO_SMB, + SMB_PROBING_PARSER_MIN_DEPTH, 0, + SMBProbingParser); } - AppLayerRegisterParserAcceptableDataDirection(ALPROTO_SMB, STREAM_TOSERVER); + AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_SMB, STREAM_TOSERVER); } else { SCLogInfo("Protocol detection and parser disabled for %s protocol.", proto_name); return; } - if (AppLayerParserEnabled(proto_name)) { - AppLayerRegisterProto(proto_name, ALPROTO_SMB, STREAM_TOSERVER, SMBParseRequest); - AppLayerRegisterProto(proto_name, ALPROTO_SMB, STREAM_TOCLIENT, SMBParseResponse); - AppLayerRegisterStateFuncs(ALPROTO_SMB, SMBStateAlloc, SMBStateFree); + if (AppLayerParserConfParserEnabled("tcp", proto_name)) { + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_SMB, STREAM_TOSERVER, SMBParseRequest); + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_SMB, STREAM_TOCLIENT, SMBParseResponse); + AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_SMB, SMBStateAlloc, SMBStateFree); } else { SCLogInfo("Parsed disabled for %s protocol. Protocol detection" "still on.", proto_name); } #ifdef UNITTESTS - AppLayerParserRegisterUnittests(ALPROTO_SMB, SMBParserRegisterTests); + AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_SMB, SMBParserRegisterTests); #endif return; } @@ -1580,15 +1591,17 @@ int SMBParserTest01(void) { uint32_t smblen = sizeof(smbbuf) - 1; TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_EOF, smbbuf, smblen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_EOF, smbbuf, smblen); if (r != 0) { printf("smb header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1619,6 +1632,8 @@ int SMBParserTest01(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -1652,15 +1667,17 @@ int SMBParserTest02(void) { uint32_t smblen = sizeof(smbbuf); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_EOF, smbbuf, smblen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_EOF, smbbuf, smblen); if (r != 0) { printf("smb header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1692,6 +1709,8 @@ int SMBParserTest02(void) { printUUID("BIND", smb_state->dcerpc.dcerpcbindbindack.uuid_entry); result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -1943,15 +1962,17 @@ int SMBParserTest03(void) { uint32_t smblen2 = sizeof(smbbuf2); uint32_t smblen3 = sizeof(smbbuf3); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); int r = 0; memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_START, smbbuf1, smblen1); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_START, smbbuf1, smblen1); if (r != 0) { printf("smb header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1971,7 +1992,7 @@ int SMBParserTest03(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf2, smblen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf2, smblen2); if (r != 0) { printf("smb header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1979,7 +2000,7 @@ int SMBParserTest03(void) { } SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf3, smblen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf3, smblen3); if (r != 0) { printf("smb header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1989,6 +2010,8 @@ int SMBParserTest03(void) { printUUID("BIND", smb_state->dcerpc.dcerpcbindbindack.uuid_entry); result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2055,15 +2078,17 @@ int SMBParserTest04(void) { uint32_t smblen3 = sizeof(smbbuf3); uint32_t smblen4 = sizeof(smbbuf4); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); int r = 0; memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_START, smbbuf1, smblen1); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_START, smbbuf1, smblen1); if (r != 0) { printf("smb header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2083,7 +2108,7 @@ int SMBParserTest04(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf2, smblen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf2, smblen2); if (r != 0) { printf("smb header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2091,7 +2116,7 @@ int SMBParserTest04(void) { } SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf3, smblen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf3, smblen3); if (r != 0) { printf("smb header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2099,7 +2124,7 @@ int SMBParserTest04(void) { } SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf4, smblen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf4, smblen4); if (r != 0) { printf("smb header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2109,12 +2134,17 @@ int SMBParserTest04(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } int SMBParserTest05(void) { + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + uint8_t smbbuf1[] = { /* session request */ 0x81, 0x00, 0x00, 0x44, 0x20, 0x43, 0x4b, 0x46, @@ -2157,48 +2187,44 @@ int SMBParserTest05(void) uint32_t smblen2 = sizeof(smbbuf2); int result = 0; - AlpProtoDetectCtx ctx; - AlpProtoDetectThreadCtx tctx; uint16_t alproto; Flow f; + void *alpd_tctx; memset(&f, 0, sizeof(f)); f.dp = 139; - AlpProtoInit(&ctx); - /** SMB */ - AlpProtoAdd(&ctx, "smb", IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOCLIENT); - AlpProtoAdd(&ctx, "smb", IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOCLIENT); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER); /** SMB2 */ - AlpProtoAdd(&ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOCLIENT); - AlpProtoAdd(&ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOCLIENT); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER); - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, + AppLayerProtoDetectPPRegister(IPPROTO_TCP, "139", - "smb", ALPROTO_SMB, SMB_PROBING_PARSER_MIN_DEPTH, 0, STREAM_TOSERVER, SMBProbingParser); + AppLayerProtoDetectPrepareState(); + alpd_tctx = AppLayerProtoDetectGetCtxThread(); - AlpProtoFinalizeGlobal(&ctx); - AlpProtoFinalizeThread(&ctx, &tctx); - - alproto = AppLayerDetectGetProto(&ctx, &tctx, &f, - smbbuf1, smblen1, - STREAM_TOSERVER, IPPROTO_TCP); + alproto = AppLayerProtoDetectGetProto(alpd_tctx, + &f, + smbbuf1, smblen1, + IPPROTO_TCP, STREAM_TOSERVER); if (alproto != ALPROTO_UNKNOWN) { printf("alproto is %"PRIu16 ". Should be ALPROTO_UNKNOWN\n", alproto); goto end; } - alproto = AppLayerDetectGetProto(&ctx, &tctx, &f, - smbbuf2, smblen2, - STREAM_TOSERVER, IPPROTO_TCP); + alproto = AppLayerProtoDetectGetProto(alpd_tctx, + &f, + smbbuf2, smblen2, + IPPROTO_TCP, STREAM_TOSERVER); if (alproto != ALPROTO_SMB) { printf("alproto is %"PRIu16 ". Should be ALPROTO_SMB\n", alproto); @@ -2207,14 +2233,18 @@ int SMBParserTest05(void) result = 1; end: - AlpProtoTestDestroy(&ctx); - PmqFree(&tctx.toclient.pmq); - PmqFree(&tctx.toserver.pmq); + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); + if (alpd_tctx != NULL) + AppLayerProtoDetectDestroyCtxThread(alpd_tctx); return result; } int SMBParserTest06(void) { + AppLayerProtoDetectUnittestCtxBackup(); + AppLayerProtoDetectSetup(); + uint8_t smbbuf1[] = { /* session request */ 0x83, 0x00, 0x00, 0x01, 0x82 @@ -2240,47 +2270,44 @@ int SMBParserTest06(void) uint32_t smblen2 = sizeof(smbbuf2); int result = 0; - AlpProtoDetectCtx ctx; - AlpProtoDetectThreadCtx tctx; uint16_t alproto; Flow f; + void *alpd_tctx; memset(&f, 0, sizeof(f)); f.dp = 139; - AlpProtoInit(&ctx); - /** SMB */ - AlpProtoAdd(&ctx, "smb", IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOCLIENT); - AlpProtoAdd(&ctx, "smb", IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOCLIENT); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER); /** SMB2 */ - AlpProtoAdd(&ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOCLIENT); - AlpProtoAdd(&ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER); - - AppLayerRegisterProbingParser(&ctx, - IPPROTO_TCP, - "139", - "smb", - ALPROTO_SMB, - SMB_PROBING_PARSER_MIN_DEPTH, 0, - STREAM_TOSERVER, - SMBProbingParser); - - AlpProtoFinalizeGlobal(&ctx); - AlpProtoFinalizeThread(&ctx, &tctx); - - alproto = AppLayerDetectGetProto(&ctx, &tctx, &f, - smbbuf1, smblen1, - STREAM_TOSERVER, IPPROTO_TCP); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOCLIENT); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER); + + AppLayerProtoDetectPPRegister(IPPROTO_TCP, + "139", + ALPROTO_SMB, + SMB_PROBING_PARSER_MIN_DEPTH, 0, + STREAM_TOSERVER, + SMBProbingParser); + + AppLayerProtoDetectPrepareState(); + alpd_tctx = AppLayerProtoDetectGetCtxThread(); + + alproto = AppLayerProtoDetectGetProto(alpd_tctx, + &f, + smbbuf1, smblen1, + IPPROTO_TCP, STREAM_TOSERVER); if (alproto != ALPROTO_UNKNOWN) { printf("alproto is %"PRIu16 ". Should be ALPROTO_UNKNOWN\n", alproto); goto end; } - alproto = AppLayerDetectGetProto(&ctx, &tctx, &f, - smbbuf2, smblen2, - STREAM_TOSERVER, IPPROTO_TCP); + alproto = AppLayerProtoDetectGetProto(alpd_tctx, + &f, + smbbuf2, smblen2, + IPPROTO_TCP, STREAM_TOSERVER); if (alproto != ALPROTO_SMB) { printf("alproto is %"PRIu16 ". Should be ALPROTO_SMB\n", alproto); @@ -2289,9 +2316,10 @@ int SMBParserTest06(void) result = 1; end: - AlpProtoTestDestroy(&ctx); - PmqFree(&tctx.toclient.pmq); - PmqFree(&tctx.toserver.pmq); + AppLayerProtoDetectDeSetup(); + AppLayerProtoDetectUnittestCtxRestore(); + if (alpd_tctx != NULL) + AppLayerProtoDetectDestroyCtxThread(alpd_tctx); return result; } @@ -2304,15 +2332,17 @@ int SMBParserTest07(void) { }; uint32_t smblen1 = sizeof(smbbuf1); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); int r = 0; memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOCLIENT | STREAM_START, smbbuf1, smblen1); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOCLIENT | STREAM_START, smbbuf1, smblen1); if (r != 0) { printf("smb header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2344,6 +2374,8 @@ int SMBParserTest07(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2373,15 +2405,17 @@ int SMBParserTest08(void) { uint32_t smblen1 = sizeof(smbbuf1); uint32_t smblen2 = sizeof(smbbuf2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); int r = 0; memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOCLIENT | STREAM_START, smbbuf1, smblen1); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOCLIENT | STREAM_START, smbbuf1, smblen1); if (r != 0) { printf("smb header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2412,7 +2446,7 @@ int SMBParserTest08(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOCLIENT, smbbuf2, smblen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOCLIENT, smbbuf2, smblen2); if (r != 0) { printf("smb header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2439,6 +2473,8 @@ int SMBParserTest08(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2482,15 +2518,17 @@ int SMBParserTest09(void) { uint32_t smblen1 = sizeof(smbbuf1); uint32_t smblen2 = sizeof(smbbuf2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); int r = 0; memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER | STREAM_START, smbbuf1, smblen1); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER | STREAM_START, smbbuf1, smblen1); if (r != 0) { printf("smb header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2521,7 +2559,7 @@ int SMBParserTest09(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf2, smblen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf2, smblen2); if (r != 0) { printf("smb header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2548,6 +2586,8 @@ int SMBParserTest09(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2600,15 +2640,17 @@ int SMBParserTest10(void) uint32_t smblen1 = sizeof(smbbuf1); uint32_t smblen2 = sizeof(smbbuf2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); int r = 0; memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER | STREAM_START, smbbuf1, smblen1); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER | STREAM_START, smbbuf1, smblen1); if (r != 0) { printf("smb header check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2628,7 +2670,7 @@ int SMBParserTest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOCLIENT, smbbuf2, smblen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOCLIENT, smbbuf2, smblen2); if (r == 0) { printf("smb parser didn't return fail\n"); SCMutexUnlock(&f.m); @@ -2638,6 +2680,8 @@ int SMBParserTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } diff --git a/src/app-layer-smb2.c b/src/app-layer-smb2.c index f896d1751a..5ac6ab2ce0 100644 --- a/src/app-layer-smb2.c +++ b/src/app-layer-smb2.c @@ -37,6 +37,7 @@ #include "stream-tcp.h" #include "stream.h" +#include "app-layer.h" #include "app-layer-protos.h" #include "app-layer-parser.h" @@ -56,8 +57,9 @@ enum { SMB_FIELD_MAX, }; -static uint32_t NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { +static uint32_t NBSSParseHeader(void *smb2_state, void *pstate, + uint8_t *input, uint32_t input_len) +{ SCEnter(); SMB2State *sstate = (SMB2State *) smb2_state; uint8_t *p = input; @@ -99,8 +101,9 @@ static uint32_t NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate, SCReturnUInt((uint32_t)(p - input)); } -static uint32_t SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, AppLayerParserResult *output) { +static uint32_t SMB2ParseHeader(void *smb2_state, void *pstate, + uint8_t *input, uint32_t input_len) +{ SCEnter(); SMB2State *sstate = (SMB2State *) smb2_state; @@ -517,9 +520,10 @@ static uint32_t SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate, SCReturnUInt((uint32_t)(p - input)); } -static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate, +static int SMB2Parse(Flow *f, void *smb2_state, void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) { + void *local_data) +{ SCEnter(); SMB2State *sstate = (SMB2State *) smb2_state; uint32_t retval = 0; @@ -529,7 +533,7 @@ static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate, return -1; while (sstate->bytesprocessed < NBSS_HDR_LEN && input_len) { - retval = NBSSParseHeader(smb2_state, pstate, input, input_len, output); + retval = NBSSParseHeader(smb2_state, pstate, input, input_len); if (retval <= input_len) { parsed += retval; input_len -= retval; @@ -546,7 +550,7 @@ static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate, case NBSS_SESSION_MESSAGE: while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN && sstate->bytesprocessed < NBSS_HDR_LEN + SMB2_HDR_LEN)) { - retval = SMB2ParseHeader(smb2_state, pstate, input + parsed, input_len, output); + retval = SMB2ParseHeader(smb2_state, pstate, input + parsed, input_len); if (retval <= input_len) { parsed += retval; input_len -= retval; @@ -562,8 +566,6 @@ static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate, default: break; } - pstate->parse_field = 0; - pstate->flags |= APP_LAYER_PARSER_DONE; SCReturnInt(1); } @@ -588,17 +590,17 @@ void RegisterSMB2Parsers(void) { /** SMB2 */ char *proto_name = "smb2"; - if (AppLayerProtoDetectionEnabled(proto_name)) { - AppLayerRegisterProto(proto_name, ALPROTO_SMB2, STREAM_TOSERVER, SMB2Parse); - AppLayerRegisterProto(proto_name, ALPROTO_SMB2, STREAM_TOCLIENT, SMB2Parse); - AppLayerRegisterStateFuncs(ALPROTO_SMB2, SMB2StateAlloc, SMB2StateFree); + if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) { + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_SMB2, STREAM_TOSERVER, SMB2Parse); + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_SMB2, STREAM_TOCLIENT, SMB2Parse); + AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_SMB2, SMB2StateAlloc, SMB2StateFree); } else { SCLogInfo("Parsed disabled for %s protocol. Protocol detection" "still on.", proto_name); } #ifdef UNITTESTS - AppLayerParserRegisterUnittests(ALPROTO_SMB2, SMB2ParserRegisterTests); + AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_SMB2, SMB2ParserRegisterTests); #endif return; } @@ -620,6 +622,7 @@ int SMB2ParserTest01(void) { uint32_t smb2len = sizeof(smb2buf) - 1; TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); @@ -628,7 +631,7 @@ int SMB2ParserTest01(void) { StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_SMB2, STREAM_TOSERVER|STREAM_EOF, smb2buf, smb2len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB2, STREAM_TOSERVER|STREAM_EOF, smb2buf, smb2len); if (r != 0) { printf("smb2 header check returned %" PRId32 ", expected 0: ", r); result = 0; @@ -663,6 +666,8 @@ int SMB2ParserTest01(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index 358ed8573a..6b0956c78a 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -32,6 +32,8 @@ #include "stream-tcp.h" #include "stream.h" +#include "app-layer.h" +#include "app-layer-detect-proto.h" #include "app-layer-protos.h" #include "app-layer-parser.h" #include "app-layer-smtp.h" @@ -458,7 +460,7 @@ static int SMTPInsertCommandIntoCommandBuffer(uint8_t command, SMTPState *state, } static int SMTPProcessCommandBDAT(SMTPState *state, Flow *f, - AppLayerParserState *pstate) + void *pstate) { SCEnter(); @@ -478,7 +480,7 @@ static int SMTPProcessCommandBDAT(SMTPState *state, Flow *f, } static int SMTPProcessCommandDATA(SMTPState *state, Flow *f, - AppLayerParserState *pstate) + void *pstate) { SCEnter(); @@ -500,13 +502,13 @@ static int SMTPProcessCommandDATA(SMTPState *state, Flow *f, } static int SMTPProcessCommandSTARTTLS(SMTPState *state, Flow *f, - AppLayerParserState *pstate) + void *pstate) { return 0; } static int SMTPProcessReply(SMTPState *state, Flow *f, - AppLayerParserState *pstate) + void *pstate) { SCEnter(); @@ -572,9 +574,9 @@ static int SMTPProcessReply(SMTPState *state, Flow *f, if (reply_code == SMTP_REPLY_220) { /* we are entering STARRTTLS data mode */ state->parser_state |= SMTP_PARSER_STATE_COMMAND_DATA_MODE; - pstate->flags |= APP_LAYER_PARSER_DONE; - pstate->flags |= APP_LAYER_PARSER_NO_INSPECTION; - pstate->flags |= APP_LAYER_PARSER_NO_REASSEMBLY; + AppLayerParserParserStateSetFlag(pstate, + APP_LAYER_PARSER_NO_INSPECTION | + APP_LAYER_PARSER_NO_REASSEMBLY); } else { /* decoder event */ AppLayerDecoderEventsSetEvent(f, @@ -642,7 +644,7 @@ static int SMTPParseCommandBDAT(SMTPState *state) } static int SMTPProcessRequest(SMTPState *state, Flow *f, - AppLayerParserState *pstate) + void *pstate) { SCEnter(); @@ -701,9 +703,9 @@ static int SMTPProcessRequest(SMTPState *state, Flow *f, } static int SMTPParse(int direction, Flow *f, SMTPState *state, - AppLayerParserState *pstate, uint8_t *input, + void *pstate, uint8_t *input, uint32_t input_len, - PatternMatcherQueue *local_data, AppLayerParserResult *output) + PatternMatcherQueue *local_data) { SCEnter(); @@ -731,27 +733,25 @@ static int SMTPParse(int direction, Flow *f, SMTPState *state, } static int SMTPParseClientRecord(Flow *f, void *alstate, - AppLayerParserState *pstate, + void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *local_data) { SCEnter(); /* first arg 0 is toserver */ - return SMTPParse(0, f, alstate, pstate, input, input_len, local_data, - output); + return SMTPParse(0, f, alstate, pstate, input, input_len, local_data); } static int SMTPParseServerRecord(Flow *f, void *alstate, - AppLayerParserState *pstate, + void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *local_data) { SCEnter(); /* first arg 1 is toclient */ - return SMTPParse(1, f, alstate, pstate, input, input_len, local_data, - output); + return SMTPParse(1, f, alstate, pstate, input, input_len, local_data); return 0; } @@ -785,7 +785,7 @@ static void *SMTPLocalStorageAlloc(void) if (unlikely(pmq == NULL)) { exit(EXIT_FAILURE); } - PmqSetup(pmq, 0, + PmqSetup(pmq, sizeof(smtp_reply_map)/sizeof(SCEnumCharMap) - 2); return pmq; @@ -868,6 +868,27 @@ int SMTPStateGetEventInfo(const char *event_name, return 0; } +static int SMTPRegisterPatternsForProtocolDetection(void) +{ + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMTP, + "EHLO", 4, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMTP, + "HELO", 4, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMTP, + "QUIT", 4, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + + return 0; +} + /** * \brief Register the SMPT Protocol parser. */ @@ -875,31 +896,28 @@ void RegisterSMTPParsers(void) { char *proto_name = "smtp"; - if (AppLayerProtoDetectionEnabled(proto_name)) { - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_SMTP, "EHLO", 4, 0, - STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_SMTP, "HELO", 4, 0, - STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_SMTP, "QUIT", 4, 0, - STREAM_TOSERVER); + if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) { + AppLayerProtoDetectRegisterProtocol(ALPROTO_SMTP, proto_name); + if (SMTPRegisterPatternsForProtocolDetection() < 0 ) + return; } else { SCLogInfo("Protocol detection and parser disabled for %s protocol.", proto_name); return; } - if (AppLayerParserEnabled(proto_name)) { - AppLayerRegisterStateFuncs(ALPROTO_SMTP, SMTPStateAlloc, SMTPStateFree); + if (AppLayerParserConfParserEnabled("tcp", proto_name)) { + AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateAlloc, SMTPStateFree); - AppLayerRegisterProto(proto_name, ALPROTO_SMTP, STREAM_TOSERVER, - SMTPParseClientRecord); - AppLayerRegisterProto(proto_name, ALPROTO_SMTP, STREAM_TOCLIENT, - SMTPParseServerRecord); + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_SMTP, STREAM_TOSERVER, + SMTPParseClientRecord); + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_SMTP, STREAM_TOCLIENT, + SMTPParseServerRecord); - AppLayerRegisterGetEventInfo(ALPROTO_SMTP, SMTPStateGetEventInfo); + AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateGetEventInfo); - AppLayerRegisterLocalStorageFunc(ALPROTO_SMTP, SMTPLocalStorageAlloc, - SMTPLocalStorageFree); + AppLayerParserRegisterLocalStorageFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPLocalStorageAlloc, + SMTPLocalStorageFree); } else { SCLogInfo("Parsed disabled for %s protocol. Protocol detection" "still on.", proto_name); @@ -908,7 +926,7 @@ void RegisterSMTPParsers(void) SMTPSetMpmState(); #ifdef UNITTESTS - AppLayerParserRegisterUnittests(ALPROTO_SMTP, SMTPParserRegisterTests); + AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_SMTP, SMTPParserRegisterTests); #endif return; } @@ -986,19 +1004,20 @@ int SMTPParserTest01(void) uint32_t reply2_len = sizeof(reply2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); - void *thread_local_data = SMTPLocalStorageAlloc(); SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - welcome_reply, welcome_reply_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + welcome_reply, welcome_reply_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1019,8 +1038,8 @@ int SMTPParserTest01(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request1, request1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1037,8 +1056,8 @@ int SMTPParserTest01(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply1, reply1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply1, reply1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1054,8 +1073,8 @@ int SMTPParserTest01(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1072,8 +1091,8 @@ int SMTPParserTest01(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply2, reply2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply2, reply2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1098,9 +1117,10 @@ int SMTPParserTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); - SMTPLocalStorageFree(thread_local_data); return result; } @@ -1342,19 +1362,20 @@ int SMTPParserTest02(void) uint32_t reply10_len = sizeof(reply10); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); - void *thread_local_data = SMTPLocalStorageAlloc(); SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - welcome_reply, welcome_reply_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + welcome_reply, welcome_reply_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1375,8 +1396,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request1, request1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1393,8 +1414,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply1, reply1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply1, reply1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1410,8 +1431,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1428,8 +1449,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply2, reply2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply2, reply2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1445,8 +1466,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request3, request3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request3, request3_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1463,8 +1484,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply3, reply3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply3, reply3_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1480,8 +1501,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request4, request4_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request4, request4_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1498,8 +1519,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply4, reply4_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply4, reply4_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1516,8 +1537,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request5_1, request5_1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request5_1, request5_1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1535,8 +1556,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request5_2, request5_2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request5_2, request5_2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1554,8 +1575,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request5_3, request5_3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request5_3, request5_3_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1573,8 +1594,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request5_4, request5_4_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request5_4, request5_4_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1592,8 +1613,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request5_5, request5_5_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request5_5, request5_5_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1610,8 +1631,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply5, reply5_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply5, reply5_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1627,8 +1648,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request6, request6_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request6, request6_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1645,8 +1666,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply6, reply6_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply6, reply6_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1662,8 +1683,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request7, request7_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request7, request7_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1680,8 +1701,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply7, reply7_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply7, reply7_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1697,8 +1718,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request8, request8_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request8, request8_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1715,8 +1736,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply8, reply8_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply8, reply8_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1733,8 +1754,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request9_1, request9_1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request9_1, request9_1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1752,8 +1773,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request9_2, request9_2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request9_2, request9_2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1771,8 +1792,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request9_3, request9_3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request9_3, request9_3_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1790,8 +1811,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request9_4, request9_4_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request9_4, request9_4_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1809,8 +1830,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request9_5, request9_5_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request9_5, request9_5_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1827,8 +1848,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply9, reply9_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply9, reply9_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1844,8 +1865,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request10, request10_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request10, request10_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1862,8 +1883,8 @@ int SMTPParserTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply10, reply10_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply10, reply10_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1880,9 +1901,10 @@ int SMTPParserTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); - SMTPLocalStorageFree(thread_local_data); return result; } @@ -1974,19 +1996,20 @@ int SMTPParserTest03(void) uint32_t reply2_len = sizeof(reply2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); - void *thread_local_data = SMTPLocalStorageAlloc(); SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - welcome_reply, welcome_reply_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + welcome_reply, welcome_reply_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2007,8 +2030,8 @@ int SMTPParserTest03(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request1, request1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2025,8 +2048,8 @@ int SMTPParserTest03(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply1, reply1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply1, reply1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2042,8 +2065,8 @@ int SMTPParserTest03(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2062,8 +2085,8 @@ int SMTPParserTest03(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply2, reply2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply2, reply2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2081,9 +2104,10 @@ int SMTPParserTest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); - SMTPLocalStorageFree(thread_local_data); return result; } @@ -2119,19 +2143,20 @@ int SMTPParserTest04(void) uint32_t request1_len = sizeof(request1); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); - void *thread_local_data = SMTPLocalStorageAlloc(); SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - welcome_reply, welcome_reply_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + welcome_reply, welcome_reply_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2152,8 +2177,8 @@ int SMTPParserTest04(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request1, request1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2171,9 +2196,10 @@ int SMTPParserTest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); - SMTPLocalStorageFree(thread_local_data); return result; } @@ -2264,19 +2290,20 @@ int SMTPParserTest05(void) uint32_t reply3_len = sizeof(reply3); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); - void *thread_local_data = SMTPLocalStorageAlloc(); SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - welcome_reply, welcome_reply_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + welcome_reply, welcome_reply_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2297,8 +2324,8 @@ int SMTPParserTest05(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request1, request1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2315,8 +2342,8 @@ int SMTPParserTest05(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply1, reply1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply1, reply1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2332,8 +2359,8 @@ int SMTPParserTest05(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2350,8 +2377,8 @@ int SMTPParserTest05(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply2, reply2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply2, reply2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2374,8 +2401,8 @@ int SMTPParserTest05(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request3, request3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request3, request3_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2392,8 +2419,8 @@ int SMTPParserTest05(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply3, reply3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply3, reply3_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2410,9 +2437,10 @@ int SMTPParserTest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); - SMTPLocalStorageFree(thread_local_data); return result; } @@ -2558,19 +2586,20 @@ int SMTPParserTest06(void) uint32_t request6_len = sizeof(request6); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); - void *thread_local_data = SMTPLocalStorageAlloc(); SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - welcome_reply, welcome_reply_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + welcome_reply, welcome_reply_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2591,8 +2620,8 @@ int SMTPParserTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request1, request1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2609,8 +2638,8 @@ int SMTPParserTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply1, reply1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply1, reply1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2626,8 +2655,8 @@ int SMTPParserTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2644,8 +2673,8 @@ int SMTPParserTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply2, reply2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply2, reply2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2661,8 +2690,8 @@ int SMTPParserTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request3, request3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request3, request3_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2679,8 +2708,8 @@ int SMTPParserTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply3, reply3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply3, reply3_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2696,8 +2725,8 @@ int SMTPParserTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request4, request4_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request4, request4_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2717,8 +2746,8 @@ int SMTPParserTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request5, request5_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request5, request5_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2737,8 +2766,8 @@ int SMTPParserTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request6, request6_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request6, request6_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2757,9 +2786,10 @@ int SMTPParserTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); - SMTPLocalStorageFree(thread_local_data); return result; } @@ -2794,19 +2824,20 @@ int SMTPParserTest07(void) int32_t request2_len = sizeof(request2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); - void *thread_local_data = SMTPLocalStorageAlloc(); SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request1_1, request1_1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request1_1, request1_1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2829,8 +2860,8 @@ int SMTPParserTest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request1_2, request1_2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request1_2, request1_2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2848,8 +2879,8 @@ int SMTPParserTest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2868,9 +2899,10 @@ int SMTPParserTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); - SMTPLocalStorageFree(thread_local_data); return result; } @@ -2905,19 +2937,20 @@ int SMTPParserTest08(void) int32_t request2_len = sizeof(request2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); - void *thread_local_data = SMTPLocalStorageAlloc(); SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request1_1, request1_1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request1_1, request1_1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2940,8 +2973,8 @@ int SMTPParserTest08(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request1_2, request1_2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request1_2, request1_2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2959,8 +2992,8 @@ int SMTPParserTest08(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2979,9 +3012,10 @@ int SMTPParserTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); - SMTPLocalStorageFree(thread_local_data); return result; } @@ -3016,19 +3050,20 @@ int SMTPParserTest09(void) int32_t request2_len = sizeof(request2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); - void *thread_local_data = SMTPLocalStorageAlloc(); SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request1_1, request1_1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request1_1, request1_1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3051,8 +3086,8 @@ int SMTPParserTest09(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request1_2, request1_2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request1_2, request1_2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3070,8 +3105,8 @@ int SMTPParserTest09(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3090,9 +3125,10 @@ int SMTPParserTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); - SMTPLocalStorageFree(thread_local_data); return result; } @@ -3127,19 +3163,20 @@ int SMTPParserTest10(void) int32_t request2_len = sizeof(request2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); - void *thread_local_data = SMTPLocalStorageAlloc(); SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request1_1, request1_1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request1_1, request1_1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3162,8 +3199,8 @@ int SMTPParserTest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request1_2, request1_2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request1_2, request1_2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3181,8 +3218,8 @@ int SMTPParserTest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3201,9 +3238,10 @@ int SMTPParserTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); - SMTPLocalStorageFree(thread_local_data); return result; } @@ -3232,19 +3270,20 @@ int SMTPParserTest11(void) int32_t request2_len = sizeof(request2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); - void *thread_local_data = SMTPLocalStorageAlloc(); SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request1, request1_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3267,8 +3306,8 @@ int SMTPParserTest11(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("smtp check returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3287,9 +3326,10 @@ int SMTPParserTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); - SMTPLocalStorageFree(thread_local_data); return result; } @@ -3320,6 +3360,8 @@ int SMTPParserTest12(void) }; uint32_t reply1_len = sizeof(reply1); + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); @@ -3328,6 +3370,7 @@ int SMTPParserTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -3335,7 +3378,6 @@ int SMTPParserTest12(void) f.alproto = ALPROTO_SMTP; StreamTcpInitConfig(TRUE); - void *thread_local_data = SMTPLocalStorageAlloc(); de_ctx = DetectEngineCtxInit(); if (de_ctx == NULL) @@ -3354,8 +3396,8 @@ int SMTPParserTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER | STREAM_START, - request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER | STREAM_START, + request1, request1_len); if (r != 0) { printf("AppLayerParse for smtp failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -3378,8 +3420,8 @@ int SMTPParserTest12(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT | STREAM_TOCLIENT, - reply1, reply1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT | STREAM_TOCLIENT, + reply1, reply1_len); if (r == 0) { printf("AppLayerParse for smtp failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -3404,8 +3446,9 @@ end: DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); DetectEngineCtxFree(de_ctx); + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); - SMTPLocalStorageFree(thread_local_data); FLOW_DESTROY(&f); UTHFreePackets(&p, 1); return result; @@ -3456,6 +3499,8 @@ int SMTPParserTest13(void) }; uint32_t request2_len = sizeof(request2); + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); @@ -3464,6 +3509,7 @@ int SMTPParserTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -3471,7 +3517,6 @@ int SMTPParserTest13(void) f.alproto = ALPROTO_SMTP; StreamTcpInitConfig(TRUE); - void *thread_local_data = SMTPLocalStorageAlloc(); de_ctx = DetectEngineCtxInit(); if (de_ctx == NULL) @@ -3491,8 +3536,8 @@ int SMTPParserTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER | STREAM_START, - request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER | STREAM_START, + request1, request1_len); if (r != 0) { printf("AppLayerParse for smtp failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -3515,8 +3560,8 @@ int SMTPParserTest13(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT, - reply1, reply1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT, + reply1, reply1_len); if (r != 0) { printf("AppLayerParse for smtp failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -3533,8 +3578,8 @@ int SMTPParserTest13(void) } SCMutexLock(&f.m); - r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER, - request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, + request2, request2_len); if (r != 0) { printf("AppLayerParse for smtp failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -3559,8 +3604,9 @@ end: DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); DetectEngineCtxFree(de_ctx); + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); - SMTPLocalStorageFree(thread_local_data); FLOW_DESTROY(&f); UTHFreePackets(&p, 1); return result; diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 06d89874ba..19dbf22c5f 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -36,6 +36,7 @@ #include "stream-tcp.h" #include "stream.h" +#include "app-layer.h" #include "app-layer-protos.h" #include "app-layer-parser.h" #include "app-layer-ssl.h" @@ -450,7 +451,7 @@ static int SSLv2ParseRecord(uint8_t direction, SSLState *ssl_state, } static int SSLv2Decode(uint8_t direction, SSLState *ssl_state, - AppLayerParserState *pstate, uint8_t *input, + void *pstate, uint8_t *input, uint32_t input_len) { int retval = 0; @@ -642,10 +643,10 @@ static int SSLv2Decode(uint8_t direction, SSLState *ssl_state, if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED) && (ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED)) { - pstate->flags |= APP_LAYER_PARSER_DONE; - pstate->flags |= APP_LAYER_PARSER_NO_INSPECTION; + AppLayerParserParserStateSetFlag(pstate, + APP_LAYER_PARSER_NO_INSPECTION); if (ssl_config.no_reassemble == 1) - pstate->flags |= APP_LAYER_PARSER_NO_REASSEMBLY; + AppLayerParserParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY); SCLogDebug("SSLv2 No reassembly & inspection has been set"); } } @@ -678,7 +679,7 @@ static int SSLv2Decode(uint8_t direction, SSLState *ssl_state, } static int SSLv3Decode(uint8_t direction, SSLState *ssl_state, - AppLayerParserState *pstate, uint8_t *input, + void *pstate, uint8_t *input, uint32_t input_len) { int retval = 0; @@ -717,10 +718,9 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state, if ((ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC) && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) { /* set flags */ - pstate->flags |= APP_LAYER_PARSER_DONE; - pstate->flags |= APP_LAYER_PARSER_NO_INSPECTION; + AppLayerParserParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_INSPECTION); if (ssl_config.no_reassemble == 1) - pstate->flags |= APP_LAYER_PARSER_NO_REASSEMBLY; + AppLayerParserParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY); } break; @@ -807,7 +807,7 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state, * * \retval >=0 On success. */ -static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserState *pstate, +static int SSLDecode(Flow *f, uint8_t direction, void *alstate, void *pstate, uint8_t *input, uint32_t ilen) { SSLState *ssl_state = (SSLState *)alstate; @@ -931,16 +931,16 @@ static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserSt return 1; } -int SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate, +int SSLParseClientRecord(Flow *f, void *alstate, void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *local_data) { return SSLDecode(f, 0 /* toserver */, alstate, pstate, input, input_len); } -int SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate, +int SSLParseServerRecord(Flow *f, void *alstate, void *pstate, uint8_t *input, uint32_t input_len, - void *local_data, AppLayerParserResult *output) + void *local_data) { return SSLDecode(f, 1 /* toclient */, alstate, pstate, input, input_len); } @@ -1032,6 +1032,131 @@ int SSLStateGetEventInfo(const char *event_name, return 0; } +static int SSLRegisterPatternsForProtocolDetection(void) +{ + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|01 00 02|", 5, 2, STREAM_TOSERVER) < 0) + { + return -1; + } + + /** SSLv3 */ + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|01 03 00|", 3, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|16 03 00|", 3, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + + /** TLSv1 */ + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|01 03 01|", 3, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|16 03 01|", 3, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + + /** TLSv1.1 */ + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|01 03 02|", 3, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|16 03 02|", 3, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + + /** TLSv1.2 */ + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|01 03 03|", 3, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|16 03 03|", 3, 0, STREAM_TOSERVER) < 0) + { + return -1; + } + + /***** toclient direction *****/ + + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|17 03 00|", 3, 0, STREAM_TOCLIENT) < 0) + { + return -1; + } + + /** TLSv1 */ + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|17 03 01|", 3, 0, STREAM_TOCLIENT) < 0) + { + return -1; + } + + /** TLSv1.1 */ + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|17 03 02|", 3, 0, STREAM_TOCLIENT) < 0) + { + return -1; + } + + /** TLSv1.2 */ + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|17 03 03|", 3, 0, STREAM_TOCLIENT) < 0) + { + return -1; + } + + /* Subsection - SSLv2 style record by client, but informing the server + * the max version it supports. + * Updated by Anoop Saldanha. Disabled it for now. We'll get back to + * it after some tests */ +#if 0 + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|01 03 00|", 5, 2, STREAM_TOSERVER) < 0) + { + return -1; + } + if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS, + "|00 02|", 7, 5, STREAM_TOCLIENT) < 0) + { + return -1; + } +#endif + + return 0; +} + /** * \brief Function to register the SSL protocol parser and other functions */ @@ -1040,75 +1165,41 @@ void RegisterSSLParsers(void) char *proto_name = "tls"; /** SSLv2 and SSLv23*/ - if (AppLayerProtoDetectionEnabled(proto_name)) { - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2, STREAM_TOSERVER); - /* subsection - SSLv2 style record by client, but informing the server the max - * version it supports */ - /* Updated by Anoop Saldanha. Disabled it for now. We'll get back to it - * after some tests */ - //AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 5, 2, STREAM_TOSERVER); - //AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|00 02|", 7, 5, STREAM_TOCLIENT); - - /** SSLv3 */ - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 3, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOSERVER); /* client hello */ - /** TLSv1 */ - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 01|", 3, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOSERVER); /* client hello */ - /** TLSv1.1 */ - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 02|", 3, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOSERVER); /* client hello */ - /** TLSv1.2 */ - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 03|", 3, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOSERVER); /* client hello */ - - /* toclient direction */ - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOCLIENT); /* server hello */ - /** TLSv1 */ - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOCLIENT); /* server hello */ - /** TLSv1.1 */ - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOCLIENT); /* server hello */ - /** TLSv1.2 */ - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOCLIENT); /* server hello */ - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|17 03 00|", 3, 0, STREAM_TOCLIENT); /* server hello */ - /** TLSv1 */ - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|17 03 01|", 3, 0, STREAM_TOCLIENT); /* server hello */ - /** TLSv1.1 */ - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|17 03 02|", 3, 0, STREAM_TOCLIENT); /* server hello */ - /** TLSv1.2 */ - AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|17 03 03|", 3, 0, STREAM_TOCLIENT); /* server hello */ + if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) { + AppLayerProtoDetectRegisterProtocol(ALPROTO_TLS, proto_name); + + if (SSLRegisterPatternsForProtocolDetection() < 0) + return; if (RunmodeIsUnittests()) { - AppLayerRegisterProbingParser(&alp_proto_ctx, - IPPROTO_TCP, + AppLayerProtoDetectPPRegister(IPPROTO_TCP, "443", - proto_name, ALPROTO_TLS, 0, 3, STREAM_TOSERVER, SSLProbingParser); } else { - AppLayerParseProbingParserPorts(proto_name, ALPROTO_TLS, - 0, 3, - SSLProbingParser); + AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP, + proto_name, ALPROTO_TLS, + 0, 3, + SSLProbingParser); } - - AppLayerRegisterParserAcceptableDataDirection(ALPROTO_TLS, STREAM_TOSERVER); } else { SCLogInfo("Protocol detection and parser disabled for %s protocol", proto_name); return; } - if (AppLayerParserEnabled(proto_name)) { - AppLayerRegisterProto(proto_name, ALPROTO_TLS, STREAM_TOSERVER, - SSLParseClientRecord); + if (AppLayerParserConfParserEnabled("tcp", proto_name)) { + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER, + SSLParseClientRecord); - AppLayerRegisterProto(proto_name, ALPROTO_TLS, STREAM_TOCLIENT, - SSLParseServerRecord); - AppLayerRegisterGetEventInfo(ALPROTO_TLS, SSLStateGetEventInfo); + AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOCLIENT, + SSLParseServerRecord); + AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfo); - AppLayerRegisterStateFuncs(ALPROTO_TLS, SSLStateAlloc, SSLStateFree); + AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TLS, SSLStateAlloc, SSLStateFree); + AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER); /* Get the value of no reassembly option from the config file */ if (ConfGetNode("app-layer.protocols.tls.no-reassemble") == NULL) { @@ -1124,7 +1215,7 @@ void RegisterSSLParsers(void) } #ifdef UNITTESTS - AppLayerParserRegisterUnittests(ALPROTO_TLS, SSLParserRegisterTests); + AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_TLS, SSLParserRegisterTests); #endif /* Get the value of no reassembly option from the config file */ @@ -1148,15 +1239,17 @@ static int SSLParserTest01(void) uint8_t tlsbuf[] = { 0x16, 0x03, 0x01 }; uint32_t tlslen = sizeof(tlsbuf); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_EOF, tlsbuf, tlslen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_EOF, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1186,6 +1279,8 @@ static int SSLParserTest01(void) goto end; } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -1200,15 +1295,17 @@ static int SSLParserTest02(void) uint8_t tlsbuf2[] = { 0x03, 0x01 }; uint32_t tlslen2 = sizeof(tlsbuf2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1218,7 +1315,7 @@ static int SSLParserTest02(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1248,6 +1345,8 @@ static int SSLParserTest02(void) goto end; } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -1264,15 +1363,17 @@ static int SSLParserTest03(void) uint8_t tlsbuf3[] = { 0x01 }; uint32_t tlslen3 = sizeof(tlsbuf3); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1282,7 +1383,7 @@ static int SSLParserTest03(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1292,7 +1393,7 @@ static int SSLParserTest03(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1322,6 +1423,8 @@ static int SSLParserTest03(void) goto end; } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -1340,15 +1443,17 @@ static int SSLParserTest04(void) uint8_t tlsbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x01 }; uint32_t tlslen4 = sizeof(tlsbuf4); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1358,7 +1463,7 @@ static int SSLParserTest04(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1368,7 +1473,7 @@ static int SSLParserTest04(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1378,7 +1483,7 @@ static int SSLParserTest04(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1408,6 +1513,8 @@ static int SSLParserTest04(void) goto end; } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -1422,21 +1529,23 @@ static int SSLParserTest05(void) uint8_t tlsbuf[] = { 0x16, 0x03, 0x01, 0x00, 0x01 }; uint32_t tlslen = sizeof(tlsbuf); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1445,7 +1554,7 @@ static int SSLParserTest05(void) tlsbuf[0] = 0x14; - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1454,7 +1563,7 @@ static int SSLParserTest05(void) tlsbuf[0] = 0x14; - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1463,7 +1572,7 @@ static int SSLParserTest05(void) tlsbuf[0] = 0x17; - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1511,6 +1620,8 @@ static int SSLParserTest05(void) } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -1527,21 +1638,23 @@ static int SSLParserTest06(void) uint8_t tlsbuf[] = { 0x16, 0x03, 0x01, 0x00, 0x01 }; uint32_t tlslen = sizeof(tlsbuf); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1550,7 +1663,7 @@ static int SSLParserTest06(void) tlsbuf[0] = 0x14; - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1559,7 +1672,7 @@ static int SSLParserTest06(void) tlsbuf[0] = 0x17; - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1601,7 +1714,7 @@ static int SSLParserTest06(void) tlsbuf[0] = 0x14; - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1610,7 +1723,7 @@ static int SSLParserTest06(void) tlsbuf[0] = 0x17; - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1632,6 +1745,8 @@ static int SSLParserTest06(void) } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -1672,15 +1787,17 @@ static int SSLParserMultimsgTest01(void) }; uint32_t tlslen1 = sizeof(tlsbuf1); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1710,6 +1827,8 @@ static int SSLParserMultimsgTest01(void) goto end; } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -1749,15 +1868,17 @@ static int SSLParserMultimsgTest02(void) }; uint32_t tlslen1 = sizeof(tlsbuf1); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf1, tlslen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf1, tlslen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1787,6 +1908,8 @@ static int SSLParserMultimsgTest02(void) goto end; } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -1815,15 +1938,17 @@ static int SSLParserTest07(void) 0x00, 0x0a, 0x00, 0x02, 0x01, 0x00 }; uint32_t tlslen = sizeof(tlsbuf); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1854,6 +1979,8 @@ static int SSLParserTest07(void) } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -1868,21 +1995,23 @@ static int SSLParserTest08(void) uint8_t tlsbuf[] = { 0x16, 0x03, 0x00, 0x00, 0x01 }; uint32_t tlslen = sizeof(tlsbuf); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1891,7 +2020,7 @@ static int SSLParserTest08(void) tlsbuf[0] = 0x14; - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1900,7 +2029,7 @@ static int SSLParserTest08(void) tlsbuf[0] = 0x14; - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1909,7 +2038,7 @@ static int SSLParserTest08(void) tlsbuf[0] = 0x17; - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1956,6 +2085,8 @@ static int SSLParserTest08(void) } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -1993,15 +2124,17 @@ static int SSLParserTest09(void) }; uint32_t buf2_len = sizeof(buf2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2011,7 +2144,7 @@ static int SSLParserTest09(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2042,6 +2175,8 @@ static int SSLParserTest09(void) } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2077,15 +2212,17 @@ static int SSLParserTest10(void) }; uint32_t buf2_len = sizeof(buf2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2095,7 +2232,7 @@ static int SSLParserTest10(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2126,6 +2263,8 @@ static int SSLParserTest10(void) } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2160,15 +2299,17 @@ static int SSLParserTest11(void) }; uint32_t buf2_len = sizeof(buf2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2178,7 +2319,7 @@ static int SSLParserTest11(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2209,6 +2350,8 @@ static int SSLParserTest11(void) } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2248,15 +2391,17 @@ static int SSLParserTest12(void) }; uint32_t buf3_len = sizeof(buf2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2266,7 +2411,7 @@ static int SSLParserTest12(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2276,7 +2421,7 @@ static int SSLParserTest12(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf3, buf3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf3, buf3_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2307,6 +2452,8 @@ static int SSLParserTest12(void) } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2351,15 +2498,17 @@ static int SSLParserTest13(void) }; uint32_t buf4_len = sizeof(buf4); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2369,7 +2518,7 @@ static int SSLParserTest13(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2379,7 +2528,7 @@ static int SSLParserTest13(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf3, buf3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf3, buf3_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2389,7 +2538,7 @@ static int SSLParserTest13(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf4, buf4_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf4, buf4_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2420,6 +2569,8 @@ static int SSLParserTest13(void) } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2443,15 +2594,17 @@ static int SSLParserTest14(void) uint32_t buf2_len = sizeof(buf2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2461,7 +2614,7 @@ static int SSLParserTest14(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2478,6 +2631,8 @@ static int SSLParserTest14(void) } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2496,15 +2651,17 @@ static int SSLParserTest15(void) uint32_t buf1_len = sizeof(buf1); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); if (r == 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2514,6 +2671,8 @@ static int SSLParserTest15(void) SCMutexUnlock(&f.m); end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2532,15 +2691,17 @@ static int SSLParserTest16(void) uint32_t buf1_len = sizeof(buf1); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); if (r == 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2550,6 +2711,8 @@ static int SSLParserTest16(void) SCMutexUnlock(&f.m); end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2568,15 +2731,17 @@ static int SSLParserTest17(void) uint32_t buf1_len = sizeof(buf1); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); if (r == 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2586,6 +2751,8 @@ static int SSLParserTest17(void) SCMutexUnlock(&f.m); end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2610,15 +2777,17 @@ static int SSLParserTest18(void) uint32_t buf2_len = sizeof(buf2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2628,7 +2797,7 @@ static int SSLParserTest18(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2645,6 +2814,8 @@ static int SSLParserTest18(void) } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2664,15 +2835,17 @@ static int SSLParserTest19(void) uint32_t buf1_len = sizeof(buf1); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2689,6 +2862,8 @@ static int SSLParserTest19(void) } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2708,15 +2883,17 @@ static int SSLParserTest20(void) uint32_t buf1_len = sizeof(buf1); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); if (r == 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2726,6 +2903,8 @@ static int SSLParserTest20(void) SCMutexUnlock(&f.m); end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -2744,18 +2923,20 @@ static int SSLParserTest21(void) uint32_t buf_len = sizeof(buf); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_EOF, buf, - buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_EOF, buf, + buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2783,6 +2964,8 @@ static int SSLParserTest21(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -2805,6 +2988,8 @@ static int SSLParserTest22(void) 0x2f, 0x34, 0x84, 0x20, 0xc5}; uint32_t buf_len = sizeof(buf); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); + //AppLayerDetectProtoThreadInit(); memset(&f, 0, sizeof(f)); @@ -2812,12 +2997,13 @@ static int SSLParserTest22(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT | STREAM_EOF, buf, - buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT | STREAM_EOF, buf, + buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2847,6 +3033,8 @@ static int SSLParserTest22(void) goto end; } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -3105,6 +3293,8 @@ static int SSLParserTest23(void) uint32_t toserver_app_data_buf_len = sizeof(toserver_app_data_buf); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); + //AppLayerDetectProtoThreadInit(); memset(&f, 0, sizeof(f)); @@ -3112,12 +3302,13 @@ static int SSLParserTest23(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_START, chello_buf, - chello_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_START, chello_buf, + chello_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3157,8 +3348,8 @@ static int SSLParserTest23(void) SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, shello_buf, - shello_buf_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, shello_buf, + shello_buf_len); if (r != 0) { printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3190,8 +3381,8 @@ static int SSLParserTest23(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, client_change_cipher_spec_buf, - client_change_cipher_spec_buf_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, client_change_cipher_spec_buf, + client_change_cipher_spec_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3227,8 +3418,8 @@ static int SSLParserTest23(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, server_change_cipher_spec_buf, - server_change_cipher_spec_buf_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, server_change_cipher_spec_buf, + server_change_cipher_spec_buf_len); if (r != 0) { printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3265,8 +3456,8 @@ static int SSLParserTest23(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, toserver_app_data_buf, - toserver_app_data_buf_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, toserver_app_data_buf, + toserver_app_data_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3300,10 +3491,7 @@ static int SSLParserTest23(void) goto end; } - AppLayerParserStateStore *parser_state_store = - (AppLayerParserStateStore *)f.alparser; - AppLayerParserState *parser_state = &parser_state_store->to_server; - if (!(parser_state->flags & APP_LAYER_PARSER_NO_INSPECTION) && + if (!AppLayerParserParserStateIssetFlag(f.alparser, APP_LAYER_PARSER_NO_INSPECTION) && !(ssn.client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) && !(ssn.server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) { printf("The flags should be set\n"); @@ -3318,6 +3506,8 @@ static int SSLParserTest23(void) } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); return result; @@ -3354,15 +3544,17 @@ static int SSLParserTest24(void) }; uint32_t buf2_len = sizeof(buf2); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3372,7 +3564,7 @@ static int SSLParserTest24(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3403,6 +3595,8 @@ static int SSLParserTest24(void) } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } @@ -3729,15 +3923,17 @@ static int SSLParserTest25(void) uint32_t client_key_exchange_cipher_enc_hs_len = sizeof(client_key_exchange_cipher_enc_hs); TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, client_hello, client_hello_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, client_hello, client_hello_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3759,9 +3955,9 @@ static int SSLParserTest25(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, - server_hello_certificate_done, - server_hello_certificate_done_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, + server_hello_certificate_done, + server_hello_certificate_done_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3777,9 +3973,9 @@ static int SSLParserTest25(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, - client_key_exchange_cipher_enc_hs, - client_key_exchange_cipher_enc_hs_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, + client_key_exchange_cipher_enc_hs, + client_key_exchange_cipher_enc_hs_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3803,6 +3999,8 @@ static int SSLParserTest25(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); return result; } diff --git a/src/app-layer.c b/src/app-layer.c index 820e8296e5..a7b5c675b3 100644 --- a/src/app-layer.c +++ b/src/app-layer.c @@ -19,6 +19,7 @@ * \file * * \author Victor Julien + * \author Anoop Saldanha * * Generic App-layer functions */ @@ -26,6 +27,8 @@ #include "suricata-common.h" #include "app-layer.h" +#include "app-layer-parser.h" +#include "app-layer-protos.h" #include "app-layer-detect-proto.h" #include "stream-tcp-reassemble.h" #include "stream-tcp-private.h" @@ -39,114 +42,53 @@ #include "util-validate.h" #include "decode-events.h" -//#define PRINT -extern uint8_t engine_mode; - -/** \brief Get the active app layer proto from the packet - * \param p packet pointer with a LOCKED flow - * \retval alstate void pointer to the state - * \retval proto (ALPROTO_UNKNOWN if no proto yet) */ -uint16_t AppLayerGetProtoFromPacket(Packet *p) { - SCEnter(); - - if (p == NULL || p->flow == NULL) { - SCReturnUInt(ALPROTO_UNKNOWN); - } - - DEBUG_ASSERT_FLOW_LOCKED(p->flow); - - SCLogDebug("p->flow->alproto %"PRIu16"", p->flow->alproto); - - SCReturnUInt(p->flow->alproto); -} - -/** \brief Get the active app layer state from the packet - * \param p packet pointer with a LOCKED flow - * \retval alstate void pointer to the state - * \retval NULL in case we have no state */ -void *AppLayerGetProtoStateFromPacket(Packet *p) { - SCEnter(); - - if (p == NULL || p->flow == NULL) { - SCReturnPtr(NULL, "void"); - } - - DEBUG_ASSERT_FLOW_LOCKED(p->flow); - - SCLogDebug("p->flow->alproto %"PRIu16"", p->flow->alproto); - - SCLogDebug("p->flow %p", p->flow); - SCReturnPtr(p->flow->alstate, "void"); -} - -/** \brief Get the active app layer state from the flow - * \param f flow pointer to a LOCKED flow - * \retval alstate void pointer to the state - * \retval NULL in case we have no state */ -void *AppLayerGetProtoStateFromFlow(Flow *f) { - SCEnter(); - - DEBUG_ASSERT_FLOW_LOCKED(f); - - if (f == NULL) { - SCReturnPtr(NULL, "void"); - } - - SCLogDebug("f->alproto %"PRIu16"", f->alproto); - - SCReturnPtr(f->alstate, "void"); -} - -/** global app layer detection context */ -extern AlpProtoDetectCtx alp_proto_ctx; - /** - * \brief Handle a chunk of TCP data - * - * If the protocol is yet unknown, the proto detection code is run first. - * - * \param dp_ctx Thread app layer detect context - * \param f Flow - * \param ssn TCP Session - * \param data ptr to reassembled data - * \param data_len length of the data chunk - * \param flags control flags - * - * During detection this function can call the stream reassembly, - * inline or non-inline for the opposing direction, while already - * being called by the same stream reassembly for a particular - * direction. This should cause any issues, since processing of - * each stream is independent of the other stream. - * - * \retval 0 ok - * \retval -1 error + * \brief This is for the app layer in general and it contains per thread + * context relevant to both the alpd and alp. */ +typedef struct AppLayerCtxThread_ { + /* App layer protocol detection thread context, from AppLayerProtoDetectGetCtxThread(). */ + void *alpd_tctx; + /* App layer parser thread context, from AppLayerParserGetCtxThread(). */ + void *alp_tctx; + +#ifdef PROFILING + uint64_t ticks_start; + uint64_t ticks_end; + uint64_t ticks_spent; + uint16_t alproto; + uint64_t proto_detect_ticks_start; + uint64_t proto_detect_ticks_end; + uint64_t proto_detect_ticks_spent; +#endif +} AppLayerCtxThread; + +/***** L7 layer dispatchers *****/ + int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, - Flow *f, TcpSession *ssn, TcpStream *stream, - uint8_t *data, uint32_t data_len, Packet *p, + Packet *p, Flow *f, + TcpSession *ssn, TcpStream *stream, + uint8_t *data, uint32_t data_len, uint8_t flags) { SCEnter(); - AlpProtoDetectThreadCtx *dp_ctx = &ra_ctx->dp_ctx; DEBUG_ASSERT_FLOW_LOCKED(f); + AppLayerCtxThread *app_tctx = ra_ctx->app_tctx; + uint16_t *alproto; + uint16_t *alproto_otherdir; + uint8_t dir; + uint32_t data_al_so_far; int r = 0; - -#if DEBUG - BUG_ON(f == NULL); - BUG_ON(ssn == NULL); -#endif + uint8_t first_data_dir; SCLogDebug("data_len %u flags %02X", data_len, flags); if (f->flags & FLOW_NO_APPLAYER_INSPECTION) { SCLogDebug("FLOW_AL_NO_APPLAYER_INSPECTION is set"); - SCReturnInt(r); + goto end; } - uint16_t *alproto; - uint16_t *alproto_otherdir; - uint8_t dir; if (flags & STREAM_TOSERVER) { alproto = &f->alproto_ts; alproto_otherdir = &f->alproto_tc; @@ -156,9 +98,6 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, alproto_otherdir = &f->alproto_ts; dir = 1; } - SCLogDebug("dir %u alproto %u alproto_other_dir %u", - dir, *alproto, *alproto_otherdir); - //PrintRawDataFp(stdout, data, data_len); /* if we don't know the proto yet and we have received a stream * initializer message, we run proto detection. @@ -166,10 +105,9 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, * only run the proto detection once. */ if (*alproto == ALPROTO_UNKNOWN && (flags & STREAM_GAP)) { StreamTcpSetStreamFlagAppProtoDetectionCompleted(stream); - SCLogDebug("ALPROTO_UNKNOWN flow %p, due to GAP in stream start", f); StreamTcpSetSessionNoReassemblyFlag(ssn, dir); + SCLogDebug("ALPROTO_UNKNOWN flow %p, due to GAP in stream start", f); } else if (*alproto == ALPROTO_UNKNOWN && (flags & STREAM_START)) { - uint32_t data_al_so_far; if (data_len == 0) data_al_so_far = 0; else @@ -186,11 +124,12 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, } #endif - PACKET_PROFILING_APP_PD_START(dp_ctx); - *alproto = AppLayerDetectGetProto(&alp_proto_ctx, dp_ctx, f, - data, data_len, flags, IPPROTO_TCP); - PACKET_PROFILING_APP_PD_END(dp_ctx); - SCLogDebug("alproto %u", *alproto); + PACKET_PROFILING_APP_PD_START(app_tctx); + *alproto = AppLayerProtoDetectGetProto(app_tctx->alpd_tctx, + f, + data, data_len, + IPPROTO_TCP, flags); + PACKET_PROFILING_APP_PD_END(app_tctx); if (*alproto != ALPROTO_UNKNOWN) { if (*alproto_otherdir != ALPROTO_UNKNOWN && *alproto_otherdir != *alproto) { @@ -208,9 +147,6 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, } f->alproto = *alproto; - SCLogDebug("calling StreamTcpSetStreamFlagAppProtoDetectionCompleted " - "on stream %p (%s)", stream, (stream == &ssn->client) ? - "ssn->client" : "ssn->server"); StreamTcpSetStreamFlagAppProtoDetectionCompleted(stream); /* if we have seen data from the other direction first, send @@ -222,7 +158,6 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, * will now call shortly for the opposing direction. */ if ((ssn->data_first_seen_dir & (STREAM_TOSERVER | STREAM_TOCLIENT)) && !(flags & ssn->data_first_seen_dir)) { - SCLogDebug("entering opposing dir hack"); TcpStream *opposing_stream = NULL; if (stream == &ssn->client) { opposing_stream = &ssn->server; @@ -268,15 +203,11 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, p->flowflags |= FLOW_PKT_TOSERVER; } } - SCLogDebug("ret %d", ret); if (ret < 0) { FlowSetSessionNoApplayerInspectionFlag(f); - SCLogDebug("calling StreamTcpSetStreamFlagAppProtoDetectionCompleted " - "on both streams"); StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->client); StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->server); - r = -1; - goto end; + goto failure; } } @@ -297,20 +228,17 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, * flow, it shows something's fishy. */ if (ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) { - if (al_proto_table[*alproto].first_data_dir && - !(al_proto_table[*alproto].first_data_dir & ssn->data_first_seen_dir)) - { + first_data_dir = AppLayerParserGetFirstDataDir(f->proto, *alproto); + + if (first_data_dir && !(first_data_dir & ssn->data_first_seen_dir)) { AppLayerDecoderEventsSetEventRaw(p->app_layer_events, APPLAYER_WRONG_DIRECTION_FIRST_DATA); FlowSetSessionNoApplayerInspectionFlag(f); - SCLogDebug("calling StreamTcpSetStreamFlagAppProtoDetectionCompleted " - "on both streams"); StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->server); StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->client); /* Set a value that is neither STREAM_TOSERVER, nor STREAM_TOCLIENT */ ssn->data_first_seen_dir = APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER; - r = -1; - goto end; + goto failure; } /* This can happen if the current direction is not the * right direction, and the data from the other(also @@ -319,30 +247,28 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, * the forced call to STreamTcpAppLayerReassemble still * hasn't managed to send data from the other direction * to the app layer. */ - if (al_proto_table[*alproto].first_data_dir && - !(al_proto_table[*alproto].first_data_dir & flags)) - { + if (first_data_dir && !(first_data_dir & flags)) { BUG_ON(*alproto_otherdir != ALPROTO_UNKNOWN); - AppLayerParserCleanupState(f); + FlowCleanupAppLayer(f); f->alproto = *alproto = ALPROTO_UNKNOWN; StreamTcpResetStreamFlagAppProtoDetectionCompleted(stream); - FLOW_RESET_PM_DONE(f, flags); FLOW_RESET_PP_DONE(f, flags); - r = 0; - goto end; + FLOW_RESET_PM_DONE(f, flags); + goto failure; } } /* Set a value that is neither STREAM_TOSERVER, nor STREAM_TOCLIENT */ ssn->data_first_seen_dir = APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER; - PACKET_PROFILING_APP_START(dp_ctx, *alproto); - r = AppLayerParse(dp_ctx->alproto_local_storage[*alproto], f, *alproto, flags, data + data_al_so_far, data_len - data_al_so_far); - PACKET_PROFILING_APP_END(dp_ctx, *alproto); + PACKET_PROFILING_APP_START(app_tctx, *alproto); + r = AppLayerParserParse(app_tctx->alp_tctx, f, *alproto, flags, data + data_al_so_far, data_len - data_al_so_far); + PACKET_PROFILING_APP_END(app_tctx, *alproto); f->data_al_so_far[dir] = 0; } else { - SCLogDebug("alproto == ALPROTO_UNKNOWN (%u)", *alproto); if (*alproto_otherdir != ALPROTO_UNKNOWN) { + first_data_dir = AppLayerParserGetFirstDataDir(f->proto, *alproto_otherdir); + /* this would handle this test case - * http parser which says it wants to see toserver data first only. * tcp handshake @@ -359,72 +285,32 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, * acceptable direction we error out. */ if ((ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) && - (al_proto_table[*alproto_otherdir].first_data_dir) && - !(al_proto_table[*alproto_otherdir].first_data_dir & flags)) - { - r = -1; - FlowSetSessionNoApplayerInspectionFlag(f); - SCLogDebug("calling StreamTcpSetStreamFlagAppProtoDetectionCompleted " - "on both streams"); - StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->server); - StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->client); - goto end; - } + (first_data_dir) && !(first_data_dir & flags)) + { + FlowSetSessionNoApplayerInspectionFlag(f); + StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->server); + StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->client); + goto failure; + } if (data_len > 0) ssn->data_first_seen_dir = APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER; - PACKET_PROFILING_APP_START(dp_ctx, *alproto_otherdir); - r = AppLayerParse(dp_ctx->alproto_local_storage[*alproto_otherdir], f, *alproto_otherdir, flags, + PACKET_PROFILING_APP_START(app_tctx, *alproto_otherdir); + r = AppLayerParserParse(app_tctx->alp_tctx, f, *alproto_otherdir, flags, data + data_al_so_far, data_len - data_al_so_far); - PACKET_PROFILING_APP_END(dp_ctx, *alproto_otherdir); + PACKET_PROFILING_APP_END(app_tctx, *alproto_otherdir); if (FLOW_IS_PM_DONE(f, flags) && FLOW_IS_PP_DONE(f, flags)) { AppLayerDecoderEventsSetEventRaw(p->app_layer_events, APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION); - SCLogDebug("calling StreamTcpSetStreamFlagAppProtoDetectionCompleted " - "on stream %p (%s)", stream, (stream == &ssn->client) ? - "ssn->client" : "ssn->server"); StreamTcpSetStreamFlagAppProtoDetectionCompleted(stream); f->data_al_so_far[dir] = 0; } else { f->data_al_so_far[dir] = data_len; - SCLogDebug("data_len %u stored in flow for dir %u", data_len, dir); } } else { - - SCLogDebug("both unknown FLOW_IS_PM_DONE(f, STREAM_TOSERVER) %s " - "FLOW_IS_PP_DONE(f, STREAM_TOSERVER) %s " - "FLOW_IS_PM_DONE(f, STREAM_TOCLIENT) %s " - "FLOW_IS_PP_DONE(f, STREAM_TOCLIENT) %s," - " stream ts %u stream tc %u", - FLOW_IS_PM_DONE(f, STREAM_TOSERVER)?"true":"false", - FLOW_IS_PP_DONE(f, STREAM_TOSERVER)?"true":"false", - FLOW_IS_PM_DONE(f, STREAM_TOCLIENT)?"true":"false", - FLOW_IS_PP_DONE(f, STREAM_TOCLIENT)?"true":"false", - StreamTcpGetStreamSize(&ssn->client), StreamTcpGetStreamSize(&ssn->server)); - - int flow_done = 0; if (FLOW_IS_PM_DONE(f, STREAM_TOSERVER) && FLOW_IS_PP_DONE(f, STREAM_TOSERVER) && FLOW_IS_PM_DONE(f, STREAM_TOCLIENT) && FLOW_IS_PP_DONE(f, STREAM_TOCLIENT)) { - SCLogDebug("proto detection failed for both streams"); - flow_done = 1; - } else if (FLOW_IS_PM_DONE(f, STREAM_TOSERVER) && FLOW_IS_PP_DONE(f, STREAM_TOSERVER) && - StreamTcpGetStreamSize(&ssn->server) == 0 && - StreamTcpGetStreamSize(&ssn->client) > alp_proto_ctx.toserver.async_max) { - SCLogDebug("%u bytes toserver and no proto, no data to " - "client, giving up", alp_proto_ctx.toserver.async_max); - ssn->server.flags |= STREAMTCP_STREAM_FLAG_APPPROTO_DETECTION_SKIPPED; - flow_done = 1; - } else if (FLOW_IS_PM_DONE(f, STREAM_TOCLIENT) && FLOW_IS_PP_DONE(f, STREAM_TOCLIENT) && - StreamTcpGetStreamSize(&ssn->client) == 0 && - StreamTcpGetStreamSize(&ssn->server) > alp_proto_ctx.toclient.async_max) { - SCLogDebug("%u bytes toclient and no proto, no data to " - "server, giving up", alp_proto_ctx.toclient.async_max); - ssn->client.flags |= STREAMTCP_STREAM_FLAG_APPPROTO_DETECTION_SKIPPED; - flow_done = 1; - } - - if (flow_done) { FlowSetSessionNoApplayerInspectionFlag(f); StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->server); StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->client); @@ -447,43 +333,39 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, /* if we don't have a data object here we are not getting it * a start msg should have gotten us one */ if (f->alproto != ALPROTO_UNKNOWN) { - PACKET_PROFILING_APP_START(dp_ctx, f->alproto); - r = AppLayerParse(dp_ctx->alproto_local_storage[f->alproto], f, f->alproto, flags, data, data_len); - PACKET_PROFILING_APP_END(dp_ctx, f->alproto); + PACKET_PROFILING_APP_START(app_tctx, f->alproto); + r = AppLayerParserParse(app_tctx->alp_tctx, f, f->alproto, flags, data, data_len); + PACKET_PROFILING_APP_END(app_tctx, f->alproto); } else { SCLogDebug(" smsg not start, but no l7 data? Weird"); } } + goto end; + failure: + r = -1; end: SCReturnInt(r); } -/** - * \brief Attach a stream message to the TCP session for inspection - * in the detection engine. - * - * \param dp_ctx Thread app layer detect context - * \param smsg Stream message - * - * \retval 0 ok - * \retval -1 error - */ -int AppLayerHandleTCPMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg) +int AppLayerHandleTCPMsg(StreamMsg *smsg) { SCEnter(); + TcpSession *ssn; + StreamMsg *cur; + #ifdef PRINT printf("=> Stream Data (raw reassembly) -- start %s%s\n", - smsg->flags & STREAM_TOCLIENT ? "toclient" : "", - smsg->flags & STREAM_TOSERVER ? "toserver" : ""); + smsg->flags & STREAM_TOCLIENT ? "toclient" : "", + smsg->flags & STREAM_TOSERVER ? "toserver" : ""); PrintRawDataFp(stdout, smsg->data.data, smsg->data.data_len); printf("=> Stream Data -- end\n"); #endif SCLogDebug("smsg %p", smsg); BUG_ON(smsg->flow == NULL); - TcpSession *ssn = smsg->flow->protoctx; + ssn = smsg->flow->protoctx; if (ssn != NULL) { SCLogDebug("storing smsg %p in the tcp session", smsg); @@ -498,7 +380,7 @@ int AppLayerHandleTCPMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg) smsg->next = NULL; smsg->prev = NULL; } else { - StreamMsg *cur = ssn->toserver_smsg_tail; + cur = ssn->toserver_smsg_tail; cur->next = smsg; smsg->prev = cur; smsg->next = NULL; @@ -514,7 +396,7 @@ int AppLayerHandleTCPMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg) smsg->next = NULL; smsg->prev = NULL; } else { - StreamMsg *cur = ssn->toclient_smsg_tail; + cur = ssn->toclient_smsg_tail; cur->next = smsg; smsg->prev = cur; smsg->next = NULL; @@ -537,27 +419,13 @@ int AppLayerHandleTCPMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg) SCReturnInt(0); } -/** - * \brief Handle a app layer UDP message - * - * If the protocol is yet unknown, the proto detection code is run first. - * - * \param dp_ctx Thread app layer detect context - * \param f unlocked flow - * \param p UDP packet - * - * \retval 0 ok - * \retval -1 error - */ -int AppLayerHandleUdp(AlpProtoDetectThreadCtx *dp_ctx, Flow *f, Packet *p) +int AppLayerHandleUdp(void *app_tctx, Packet *p, Flow *f) { SCEnter(); - int r = 0; + AppLayerCtxThread *tctx = (AppLayerCtxThread *)app_tctx; - if (f == NULL) { - SCReturnInt(r); - } + int r = 0; FLOWLOCK_WRLOCK(f); @@ -574,33 +442,37 @@ int AppLayerHandleUdp(AlpProtoDetectThreadCtx *dp_ctx, Flow *f, Packet *p) * only run the proto detection once. */ if (f->alproto == ALPROTO_UNKNOWN && !(f->flags & FLOW_ALPROTO_DETECT_DONE)) { SCLogDebug("Detecting AL proto on udp mesg (len %" PRIu32 ")", - p->payload_len); + p->payload_len); - PACKET_PROFILING_APP_PD_START(dp_ctx); - f->alproto = AppLayerDetectGetProto(&alp_proto_ctx, dp_ctx, f, - p->payload, p->payload_len, flags, IPPROTO_UDP); - PACKET_PROFILING_APP_PD_END(dp_ctx); + PACKET_PROFILING_APP_PD_START(tctx); + f->alproto = AppLayerProtoDetectGetProto(tctx->alpd_tctx, + f, + p->payload, p->payload_len, + IPPROTO_UDP, flags); + PACKET_PROFILING_APP_PD_END(tctx); if (f->alproto != ALPROTO_UNKNOWN) { f->flags |= FLOW_ALPROTO_DETECT_DONE; - PACKET_PROFILING_APP_START(dp_ctx, f->alproto); - r = AppLayerParse(dp_ctx->alproto_local_storage[f->alproto], f, f->alproto, flags, + PACKET_PROFILING_APP_START(tctx, f->alproto); + r = AppLayerParserParse(tctx->alp_tctx, + f, f->alproto, flags, p->payload, p->payload_len); - PACKET_PROFILING_APP_END(dp_ctx, f->alproto); + PACKET_PROFILING_APP_END(tctx, f->alproto); } else { f->flags |= FLOW_ALPROTO_DETECT_DONE; SCLogDebug("ALPROTO_UNKNOWN flow %p", f); } } else { SCLogDebug("stream data (len %" PRIu32 " ), alproto " - "%"PRIu16" (flow %p)", p->payload_len, f->alproto, f); + "%"PRIu16" (flow %p)", p->payload_len, f->alproto, f); /* if we don't have a data object here we are not getting it * a start msg should have gotten us one */ if (f->alproto != ALPROTO_UNKNOWN) { PACKET_PROFILING_APP_START(dp_ctx, f->alproto); - r = AppLayerParse(dp_ctx->alproto_local_storage[f->alproto], f, f->alproto, flags, + r = AppLayerParserParse(tctx->alp_tctx, + f, f->alproto, flags, p->payload, p->payload_len); PACKET_PROFILING_APP_END(dp_ctx, f->alproto); } else { @@ -610,11 +482,105 @@ int AppLayerHandleUdp(AlpProtoDetectThreadCtx *dp_ctx, Flow *f, Packet *p) } FLOWLOCK_UNLOCK(f); - PACKET_PROFILING_APP_STORE(dp_ctx, p); + PACKET_PROFILING_APP_STORE(tctx, p); SCReturnInt(r); } -/************Unittests*************/ +/***** Utility *****/ + +AppProto AppLayerGetProtoByName(char *alproto_name) +{ + SCEnter(); + SCReturnCT(AppLayerProtoDetectGetProtoByName(alproto_name), "AppProto"); +} + +char *AppLayerGetProtoName(AppProto alproto) +{ + SCEnter(); + SCReturnCT(AppLayerProtoDetectGetProtoName(alproto), "char *"); +} + +void AppLayerListSupportedProtocols(void) +{ + SCEnter(); + + AppProto alproto; + AppProto alprotos[ALPROTO_MAX]; + + AppLayerProtoDetectSupportedAppProtocols(alprotos); + + printf("=========Supported App Layer Protocols=========\n"); + for (alproto = 0; alproto < ALPROTO_MAX; alproto++) { + if (alprotos[alproto] == 1) + printf("%s\n", AppLayerGetProtoName(alproto)); + } + + SCReturn; +} + +/***** Setup/General Registration *****/ + +int AppLayerSetup(void) +{ + SCEnter(); + + AppLayerProtoDetectSetup(); + AppLayerParserSetup(); + + AppLayerParserRegisterProtocolParsers(); + AppLayerProtoDetectPrepareState(); + + SCReturnInt(0); +} + +int AppLayerDeSetup(void) +{ + SCEnter(); + + AppLayerProtoDetectDeSetup(); + AppLayerParserDeSetup(); + + SCReturnInt(0); +} + +void *AppLayerGetCtxThread(void) +{ + SCEnter(); + + AppLayerCtxThread *app_tctx = SCMalloc(sizeof(*app_tctx)); + if (app_tctx == NULL) + goto error; + memset(app_tctx, 0, sizeof(*app_tctx)); + + if ((app_tctx->alpd_tctx = AppLayerProtoDetectGetCtxThread()) == NULL) + goto error; + if ((app_tctx->alp_tctx = AppLayerParserGetCtxThread()) == NULL) + goto error; + + goto done; + error: + AppLayerDestroyCtxThread(app_tctx); + app_tctx = NULL; + done: + SCReturnPtr(app_tctx, "void *"); +} + +void AppLayerDestroyCtxThread(void *tctx) +{ + SCEnter(); + + AppLayerCtxThread *app_tctx = (AppLayerCtxThread *)tctx; + + if (app_tctx->alpd_tctx != NULL) + AppLayerProtoDetectDestroyCtxThread(app_tctx->alpd_tctx); + if (app_tctx->alp_tctx != NULL) + AppLayerParserDestroyCtxThread(app_tctx->alp_tctx); + SCFree(app_tctx); + + SCReturn; +} + +/***** Unittests *****/ #ifdef UNITTESTS @@ -647,6 +613,7 @@ static int AppLayerTest01(void) memset(&tcph, 0, sizeof (TCPHdr)); f.flags = FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->tcph = &tcph; @@ -667,12 +634,12 @@ static int AppLayerTest01(void) /* handshake */ if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -691,12 +658,12 @@ static int AppLayerTest01(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -715,12 +682,12 @@ static int AppLayerTest01(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -751,12 +718,12 @@ static int AppLayerTest01(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -817,12 +784,12 @@ static int AppLayerTest01(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_HTTP || - f.alproto_ts != ALPROTO_HTTP || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_HTTP || + f.alproto_ts != ALPROTO_HTTP || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) { @@ -841,12 +808,12 @@ static int AppLayerTest01(void) goto end; if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_HTTP || - f.alproto_ts != ALPROTO_HTTP || - f.alproto_tc != ALPROTO_HTTP || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_HTTP || + f.alproto_ts != ALPROTO_HTTP || + f.alproto_tc != ALPROTO_HTTP || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) { @@ -857,7 +824,7 @@ static int AppLayerTest01(void) StreamTcpSessionClear(p->flow->protoctx); ret = 1; -end: + end: StreamTcpFreeConfig(TRUE); SCFree(p); return ret; @@ -884,6 +851,7 @@ static int AppLayerTest02(void) memset(&tcph, 0, sizeof (TCPHdr)); f.flags = FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->tcph = &tcph; @@ -904,12 +872,12 @@ static int AppLayerTest02(void) if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -928,12 +896,12 @@ static int AppLayerTest02(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -952,12 +920,12 @@ static int AppLayerTest02(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -977,12 +945,12 @@ static int AppLayerTest02(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -1001,12 +969,12 @@ static int AppLayerTest02(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -1037,12 +1005,12 @@ static int AppLayerTest02(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -1103,12 +1071,12 @@ static int AppLayerTest02(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_HTTP || - f.alproto_ts != ALPROTO_HTTP || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_HTTP || + f.alproto_ts != ALPROTO_HTTP || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) { @@ -1127,12 +1095,12 @@ static int AppLayerTest02(void) goto end; if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_HTTP || - f.alproto_ts != ALPROTO_HTTP || - f.alproto_tc != ALPROTO_HTTP || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_HTTP || + f.alproto_ts != ALPROTO_HTTP || + f.alproto_tc != ALPROTO_HTTP || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) { @@ -1143,7 +1111,7 @@ static int AppLayerTest02(void) StreamTcpSessionClear(p->flow->protoctx); ret = 1; -end: + end: StreamTcpFreeConfig(TRUE); SCFree(p); return ret; @@ -1152,7 +1120,7 @@ end: /** * \test GET -> RUBBISH(PM AND PP DONE IN ONE GO) */ - static int AppLayerTest03(void) +static int AppLayerTest03(void) { Packet *p = SCMalloc(SIZE_OF_PACKET); if (unlikely(p == NULL)) @@ -1170,6 +1138,7 @@ end: memset(&tcph, 0, sizeof (TCPHdr)); f.flags = FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->tcph = &tcph; @@ -1190,12 +1159,12 @@ end: /* handshake */ if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -1213,12 +1182,12 @@ end: goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -1237,12 +1206,12 @@ end: goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -1273,12 +1242,12 @@ end: goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -1339,12 +1308,12 @@ end: goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_HTTP || - f.alproto_ts != ALPROTO_HTTP || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_HTTP || + f.alproto_ts != ALPROTO_HTTP || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) { @@ -1363,12 +1332,12 @@ end: goto end; if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_HTTP || - f.alproto_ts != ALPROTO_HTTP || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_HTTP || + f.alproto_ts != ALPROTO_HTTP || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) { @@ -1379,7 +1348,7 @@ end: StreamTcpSessionClear(p->flow->protoctx); ret = 1; -end: + end: StreamTcpFreeConfig(TRUE); SCFree(p); return ret; @@ -1406,6 +1375,7 @@ static int AppLayerTest04(void) memset(&tcph, 0, sizeof (TCPHdr)); f.flags = FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->tcph = &tcph; @@ -1426,12 +1396,12 @@ static int AppLayerTest04(void) if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -1449,12 +1419,12 @@ static int AppLayerTest04(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -1473,12 +1443,12 @@ static int AppLayerTest04(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -1509,12 +1479,12 @@ static int AppLayerTest04(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -1534,12 +1504,12 @@ static int AppLayerTest04(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_HTTP || - f.alproto_ts != ALPROTO_HTTP || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_HTTP || + f.alproto_ts != ALPROTO_HTTP || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) { @@ -1558,12 +1528,12 @@ static int AppLayerTest04(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_HTTP || - f.alproto_ts != ALPROTO_HTTP || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 4 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_HTTP || + f.alproto_ts != ALPROTO_HTTP || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 4 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) { @@ -1624,12 +1594,12 @@ static int AppLayerTest04(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_HTTP || - f.alproto_ts != ALPROTO_HTTP || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 4 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_HTTP || + f.alproto_ts != ALPROTO_HTTP || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 4 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) { @@ -1648,12 +1618,12 @@ static int AppLayerTest04(void) goto end; if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_HTTP || - f.alproto_ts != ALPROTO_HTTP || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_HTTP || + f.alproto_ts != ALPROTO_HTTP || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) { @@ -1664,7 +1634,7 @@ static int AppLayerTest04(void) StreamTcpSessionClear(p->flow->protoctx); ret = 1; -end: + end: StreamTcpFreeConfig(TRUE); SCFree(p); return ret; @@ -1691,6 +1661,7 @@ static int AppLayerTest05(void) memset(&tcph, 0, sizeof (TCPHdr)); f.flags = FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->tcph = &tcph; @@ -1711,12 +1682,12 @@ static int AppLayerTest05(void) /* handshake */ if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -1735,12 +1706,12 @@ static int AppLayerTest05(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -1759,12 +1730,12 @@ static int AppLayerTest05(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -1795,12 +1766,12 @@ static int AppLayerTest05(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -1861,12 +1832,12 @@ static int AppLayerTest05(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -1885,12 +1856,12 @@ static int AppLayerTest05(void) goto end; if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_HTTP || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_HTTP || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_HTTP || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_HTTP || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) { @@ -1901,7 +1872,7 @@ static int AppLayerTest05(void) StreamTcpSessionClear(p->flow->protoctx); ret = 1; -end: + end: StreamTcpFreeConfig(TRUE); SCFree(p); return ret; @@ -1928,6 +1899,7 @@ static int AppLayerTest06(void) memset(&tcph, 0, sizeof (TCPHdr)); f.flags = FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->tcph = &tcph; @@ -1948,12 +1920,12 @@ static int AppLayerTest06(void) /* handshake */ if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -1972,12 +1944,12 @@ static int AppLayerTest06(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -1996,12 +1968,12 @@ static int AppLayerTest06(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -2062,12 +2034,12 @@ static int AppLayerTest06(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOCLIENT) { @@ -2098,11 +2070,11 @@ static int AppLayerTest06(void) goto end; if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_HTTP || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_HTTP || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || + f.alproto != ALPROTO_HTTP || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_HTTP || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || !(f.flags & FLOW_NO_APPLAYER_INSPECTION) || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || @@ -2114,7 +2086,7 @@ static int AppLayerTest06(void) StreamTcpSessionClear(p->flow->protoctx); ret = 1; -end: + end: StreamTcpFreeConfig(TRUE); SCFree(p); return ret; @@ -2141,6 +2113,7 @@ static int AppLayerTest07(void) memset(&tcph, 0, sizeof (TCPHdr)); f.flags = FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->tcph = &tcph; @@ -2161,12 +2134,12 @@ static int AppLayerTest07(void) /* handshake */ if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -2185,12 +2158,12 @@ static int AppLayerTest07(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -2209,12 +2182,12 @@ static int AppLayerTest07(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -2245,12 +2218,12 @@ static int AppLayerTest07(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -2311,12 +2284,12 @@ static int AppLayerTest07(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_HTTP || - f.alproto_ts != ALPROTO_HTTP || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_HTTP || + f.alproto_ts != ALPROTO_HTTP || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) { @@ -2335,11 +2308,11 @@ static int AppLayerTest07(void) goto end; if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_HTTP || - f.alproto_ts != ALPROTO_HTTP || - f.alproto_tc != ALPROTO_HTTP || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || + f.alproto != ALPROTO_HTTP || + f.alproto_ts != ALPROTO_HTTP || + f.alproto_tc != ALPROTO_HTTP || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || (f.flags & FLOW_NO_APPLAYER_INSPECTION) || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || @@ -2351,7 +2324,7 @@ static int AppLayerTest07(void) StreamTcpSessionClear(p->flow->protoctx); ret = 1; -end: + end: StreamTcpFreeConfig(TRUE); SCFree(p); return ret; @@ -2378,6 +2351,7 @@ static int AppLayerTest08(void) memset(&tcph, 0, sizeof (TCPHdr)); f.flags = FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->tcph = &tcph; @@ -2398,12 +2372,12 @@ static int AppLayerTest08(void) /* handshake */ if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -2422,12 +2396,12 @@ static int AppLayerTest08(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -2446,12 +2420,12 @@ static int AppLayerTest08(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -2482,12 +2456,12 @@ static int AppLayerTest08(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -2548,12 +2522,12 @@ static int AppLayerTest08(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_DCERPC || - f.alproto_ts != ALPROTO_DCERPC || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_DCERPC || + f.alproto_ts != ALPROTO_DCERPC || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) { @@ -2572,11 +2546,11 @@ static int AppLayerTest08(void) goto end; if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_DCERPC || - f.alproto_ts != ALPROTO_DCERPC || - f.alproto_tc != ALPROTO_DCERPC || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || + f.alproto != ALPROTO_DCERPC || + f.alproto_ts != ALPROTO_DCERPC || + f.alproto_tc != ALPROTO_DCERPC || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || !(f.flags & FLOW_NO_APPLAYER_INSPECTION) || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || @@ -2588,7 +2562,7 @@ static int AppLayerTest08(void) StreamTcpSessionClear(p->flow->protoctx); ret = 1; -end: + end: StreamTcpFreeConfig(TRUE); SCFree(p); return ret; @@ -2617,6 +2591,7 @@ static int AppLayerTest09(void) memset(&tcph, 0, sizeof (TCPHdr)); f.flags = FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->tcph = &tcph; @@ -2637,12 +2612,12 @@ static int AppLayerTest09(void) /* handshake */ if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -2661,12 +2636,12 @@ static int AppLayerTest09(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -2685,12 +2660,12 @@ static int AppLayerTest09(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -2711,12 +2686,12 @@ static int AppLayerTest09(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -2735,12 +2710,12 @@ static int AppLayerTest09(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -2761,12 +2736,12 @@ static int AppLayerTest09(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -2827,12 +2802,12 @@ static int AppLayerTest09(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -2851,11 +2826,11 @@ static int AppLayerTest09(void) goto end; if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || !(f.flags & FLOW_NO_APPLAYER_INSPECTION) || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || @@ -2867,7 +2842,7 @@ static int AppLayerTest09(void) StreamTcpSessionClear(p->flow->protoctx); ret = 1; -end: + end: StreamTcpFreeConfig(TRUE); SCFree(p); return ret; @@ -2895,6 +2870,7 @@ static int AppLayerTest10(void) memset(&tcph, 0, sizeof (TCPHdr)); f.flags = FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->tcph = &tcph; @@ -2915,12 +2891,12 @@ static int AppLayerTest10(void) /* handshake */ if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -2939,12 +2915,12 @@ static int AppLayerTest10(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -2963,12 +2939,12 @@ static int AppLayerTest10(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -2990,12 +2966,12 @@ static int AppLayerTest10(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -3014,12 +2990,12 @@ static int AppLayerTest10(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -3080,12 +3056,12 @@ static int AppLayerTest10(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -3104,11 +3080,11 @@ static int AppLayerTest10(void) goto end; if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || !(f.flags & FLOW_NO_APPLAYER_INSPECTION) || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || @@ -3120,7 +3096,7 @@ static int AppLayerTest10(void) StreamTcpSessionClear(p->flow->protoctx); ret = 1; -end: + end: StreamTcpFreeConfig(TRUE); SCFree(p); return ret; @@ -3149,6 +3125,7 @@ static int AppLayerTest11(void) memset(&tcph, 0, sizeof (TCPHdr)); f.flags = FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->tcph = &tcph; @@ -3169,12 +3146,12 @@ static int AppLayerTest11(void) /* handshake */ if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -3193,12 +3170,12 @@ static int AppLayerTest11(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -3217,12 +3194,12 @@ static int AppLayerTest11(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != 0) { @@ -3244,12 +3221,12 @@ static int AppLayerTest11(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -3268,12 +3245,12 @@ static int AppLayerTest11(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -3294,12 +3271,12 @@ static int AppLayerTest11(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -3318,12 +3295,12 @@ static int AppLayerTest11(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -3383,12 +3360,12 @@ static int AppLayerTest11(void) goto end; if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || - f.flags & FLOW_NO_APPLAYER_INSPECTION || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || + f.flags & FLOW_NO_APPLAYER_INSPECTION || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || ssn->data_first_seen_dir != STREAM_TOSERVER) { @@ -3407,11 +3384,11 @@ static int AppLayerTest11(void) goto end; if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) || !StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) || - f.alproto != ALPROTO_UNKNOWN || - f.alproto_ts != ALPROTO_UNKNOWN || - f.alproto_tc != ALPROTO_UNKNOWN || - f.data_al_so_far[0] != 0 || - f.data_al_so_far[1] != 0 || + f.alproto != ALPROTO_UNKNOWN || + f.alproto_ts != ALPROTO_UNKNOWN || + f.alproto_tc != ALPROTO_UNKNOWN || + f.data_al_so_far[0] != 0 || + f.data_al_so_far[1] != 0 || !(f.flags & FLOW_NO_APPLAYER_INSPECTION) || !FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) || @@ -3423,17 +3400,16 @@ static int AppLayerTest11(void) StreamTcpSessionClear(p->flow->protoctx); ret = 1; -end: + end: StreamTcpFreeConfig(TRUE); SCFree(p); return ret; } -#endif - -void AppLayerRegisterUnittests(void) +void AppLayerUnittestsRegister(void) { -#ifdef UNITTESTS + SCEnter(); + UtRegisterTest("AppLayerTest01", AppLayerTest01, 1); UtRegisterTest("AppLayerTest02", AppLayerTest02, 1); UtRegisterTest("AppLayerTest03", AppLayerTest03, 1); @@ -3445,7 +3421,8 @@ void AppLayerRegisterUnittests(void) UtRegisterTest("AppLayerTest09", AppLayerTest09, 1); UtRegisterTest("AppLayerTest10", AppLayerTest10, 1); UtRegisterTest("AppLayerTest11", AppLayerTest11, 1); -#endif - return; + SCReturn; } + +#endif /* UNITTESTS */ diff --git a/src/app-layer.h b/src/app-layer.h index 142835ae6a..ed37f76577 100644 --- a/src/app-layer.h +++ b/src/app-layer.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation +/* Copyright (C) 2007-2014 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -16,37 +16,112 @@ */ /** - * \file - * * \author Victor Julien + * \author Anoop Saldanha */ -#ifndef __APP_LAYER_H__ -#define __APP_LAYER_H__ +#ifndef __APP_LAYER__H__ +#define __APP_LAYER__H__ -#include "flow.h" +#include "threadvars.h" #include "decode.h" +#include "flow.h" -#include "stream-tcp.h" +#include "stream-tcp-private.h" +#include "stream-tcp-reassemble.h" +#include "stream.h" -#include "app-layer-protos.h" -#include "app-layer-parser.h" -#include "app-layer-detect-proto.h" +#define APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER \ + (~STREAM_TOSERVER & ~STREAM_TOCLIENT) -#include "stream.h" +/***** L7 layer dispatchers *****/ + +/** + * \brief Handles reassembled tcp stream. + */ +int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, + Packet *p, Flow *f, + TcpSession *ssn, TcpStream *stream, + uint8_t *data, uint32_t data_len, + uint8_t flags); + +/** + * \brief Attach a stream message to the TCP session for inspection + * in the detection engine. + * + * \param app_layer_tctx Pointer to the app layer thread context. + * \param smsg Stream message. + * + * \retval 0 On success. + * \retval -1 On failure. + */ +int AppLayerHandleTCPMsg(StreamMsg *smsg); + +/** + * \brief Handles an udp chunk. + */ +int AppLayerHandleUdp(void *app_tctx, Packet *p, Flow *f); -#define APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER (~STREAM_TOSERVER & ~STREAM_TOCLIENT) +/***** Utility *****/ -uint16_t AppLayerGetProtoFromPacket(Packet *); -void *AppLayerGetProtoStateFromPacket(Packet *); -void *AppLayerGetProtoStateFromFlow(Flow *); -int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, Flow *f, - TcpSession *ssn, TcpStream *stream, uint8_t *data, uint32_t data_len, Packet *p, uint8_t flags); -int AppLayerHandleTCPMsg(AlpProtoDetectThreadCtx *, StreamMsg *); -//int AppLayerHandleMsg(AlpProtoDetectThreadCtx *, StreamMsg *); -int AppLayerHandleUdp(AlpProtoDetectThreadCtx *, Flow *, Packet *p); +/** + * \brief Given a protocol string, returns the corresponding internal + * protocol id. + * + * \param The internal protocol id. + */ +AppProto AppLayerGetProtoByName(char *alproto_name); + +/** + * \brief Given the internal protocol id, returns a string representation + * of the protocol. + * + * \param alproto The internal protocol id. + * + * \retval String representation of the protocol. + */ +char *AppLayerGetProtoName(AppProto alproto); + +void AppLayerListSupportedProtocols(void); + +/***** Setup/General Registration *****/ + +/** + * \brief Setup the app layer. + * + * Includes protocol detection setup and the protocol parser setup. + * + * \retval 0 On success. + * \retval -1 On failure. + */ +int AppLayerSetup(void); + +/** + * \brief De initializes the app layer. + * + * Includes de initializing protocol detection and the protocol parser. + */ +int AppLayerDeSetup(void); + +/** + * \brief Creates a new app layer thread context. + * + * \retval Pointer to the newly create thread context, on success; + * NULL, on failure. + */ +void *AppLayerGetCtxThread(void); + +/** + * \brief Destroys the context created by AppLayeGetCtxThread(). + * + * \param tctx Pointer to the thread context to destroy. + */ +void AppLayerDestroyCtxThread(void *tctx); -void AppLayerRegisterUnittests(void); +/***** Unittests *****/ -#endif /* __APP_LAYER_H__ */ +#ifdef UNITTESTS +void AppLayerUnittestsRegister(void); +#endif +#endif diff --git a/src/decode-events.h b/src/decode-events.h index b1dd84d8fe..51aa99b46e 100644 --- a/src/decode-events.h +++ b/src/decode-events.h @@ -300,17 +300,15 @@ typedef struct AppLayerDecoderEvents_ { */ #define AppLayerDecoderEventsSetEvent(f, event) \ do { \ - AppLayerParserStateStore *parser_state_store = \ - (AppLayerParserStateStore *)(f)->alparser; \ AppLayerDecoderEvents *devents = \ - parser_state_store->decoder_events; \ + AppLayerParserGetDecoderEvents((f)->alparser); \ if (devents == NULL) { \ AppLayerDecoderEvents *new_devents = \ SCMalloc(sizeof(AppLayerDecoderEvents)); \ if (new_devents == NULL) \ break; \ memset(new_devents, 0, sizeof(AppLayerDecoderEvents)); \ - parser_state_store->decoder_events = new_devents; \ + AppLayerParserSetDecoderEvents((f)->alparser, new_devents); \ devents = new_devents; \ } \ if (devents->cnt == devents->events_buffer_size) { \ diff --git a/src/decode-udp.c b/src/decode-udp.c index 4dca5f1baf..e5ba28aea2 100644 --- a/src/decode-udp.c +++ b/src/decode-udp.c @@ -94,7 +94,7 @@ int DecodeUDP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui /* handle the app layer part of the UDP packet payload */ if (unlikely(p->flow != NULL)) { - AppLayerHandleUdp(&dtv->udp_dp_ctx, p->flow, p); + AppLayerHandleUdp(dtv->app_tctx, p, p->flow); } return TM_ECODE_OK; diff --git a/src/decode.c b/src/decode.c index d75aa256f2..e20f69870f 100644 --- a/src/decode.c +++ b/src/decode.c @@ -54,6 +54,7 @@ #include "util-debug.h" #include "util-mem.h" #include "app-layer-detect-proto.h" +#include "app-layer.h" #include "tm-threads.h" #include "util-error.h" #include "util-print.h" @@ -455,11 +456,9 @@ DecodeThreadVars *DecodeThreadVarsAlloc() if ( (dtv = SCMalloc(sizeof(DecodeThreadVars))) == NULL) return NULL; - memset(dtv, 0, sizeof(DecodeThreadVars)); - /* initialize UDP app layer code */ - AlpProtoFinalize2Thread(&dtv->udp_dp_ctx); + dtv->app_tctx = AppLayerGetCtxThread(); /** set config defaults */ int vlanbool = 0; diff --git a/src/decode.h b/src/decode.h index 5c339dd39f..8d7ecf39b0 100644 --- a/src/decode.h +++ b/src/decode.h @@ -548,35 +548,11 @@ typedef struct PacketQueue_ { SCCondT cond_q; } PacketQueue; -/** \brief Specific ctx for AL proto detection */ -typedef struct AlpProtoDetectDirectionThread_ { - MpmThreadCtx mpm_ctx; - PatternMatcherQueue pmq; -} AlpProtoDetectDirectionThread; - -/** \brief Specific ctx for AL proto detection */ -typedef struct AlpProtoDetectThreadCtx_ { - AlpProtoDetectDirectionThread toserver; - AlpProtoDetectDirectionThread toclient; - - void *alproto_local_storage[ALPROTO_MAX]; - -#ifdef PROFILING - uint64_t ticks_start; - uint64_t ticks_end; - uint64_t ticks_spent; - uint16_t alproto; - uint64_t proto_detect_ticks_start; - uint64_t proto_detect_ticks_end; - uint64_t proto_detect_ticks_spent; -#endif -} AlpProtoDetectThreadCtx; - /** \brief Structure to hold thread specific data for all decode modules */ typedef struct DecodeThreadVars_ { /** Specific context for udp protocol detection (here atm) */ - AlpProtoDetectThreadCtx udp_dp_ctx; + void *app_tctx; int vlan_disabled; diff --git a/src/detect-app-layer-event.c b/src/detect-app-layer-event.c index c744b789df..e21a206b87 100644 --- a/src/detect-app-layer-event.c +++ b/src/detect-app-layer-event.c @@ -25,6 +25,7 @@ #include "threads.h" #include "decode.h" +#include "app-layer.h" #include "app-layer-protos.h" #include "app-layer-parser.h" #include "app-layer-smtp.h" @@ -45,13 +46,13 @@ #include "util-unittest-helper.h" -int DetectAppLayerEventPktMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, - Packet *p, Signature *s, SigMatch *m); -int DetectAppLayerEventAppMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, +static int DetectAppLayerEventPktMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, + Packet *p, Signature *s, SigMatch *m); +static int DetectAppLayerEventAppMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, Signature *, SigMatch *); -int DetectAppLayerEventSetup(DetectEngineCtx *, Signature *, char *); -void DetectAppLayerEventRegisterTests(void); -void DetectAppLayerEventFree(void *); +static int DetectAppLayerEventSetupP1(DetectEngineCtx *, Signature *, char *); +static void DetectAppLayerEventRegisterTests(void); +static void DetectAppLayerEventFree(void *); /** * \brief Registers the keyword handlers for the "app-layer-event" keyword. @@ -63,7 +64,7 @@ void DetectAppLayerEventRegister(void) DetectAppLayerEventPktMatch; sigmatch_table[DETECT_AL_APP_LAYER_EVENT].AppLayerMatch = DetectAppLayerEventAppMatch; - sigmatch_table[DETECT_AL_APP_LAYER_EVENT].Setup = DetectAppLayerEventSetup; + sigmatch_table[DETECT_AL_APP_LAYER_EVENT].Setup = DetectAppLayerEventSetupP1; sigmatch_table[DETECT_AL_APP_LAYER_EVENT].Free = DetectAppLayerEventFree; sigmatch_table[DETECT_AL_APP_LAYER_EVENT].RegisterTests = DetectAppLayerEventRegisterTests; @@ -72,7 +73,7 @@ void DetectAppLayerEventRegister(void) } -int DetectAppLayerEventPktMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, +static int DetectAppLayerEventPktMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m) { DetectAppLayerEventData *aled = (DetectAppLayerEventData *)m->ctx; @@ -81,7 +82,7 @@ int DetectAppLayerEventPktMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, aled->event_id); } -int DetectAppLayerEventAppMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, +static int DetectAppLayerEventAppMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, void *state, Signature *s, SigMatch *m) { @@ -93,7 +94,7 @@ int DetectAppLayerEventAppMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, FLOWLOCK_RDLOCK(f); if (r == 0) { - decoder_events = AppLayerGetDecoderEventsForFlow(f); + decoder_events = AppLayerParserGetDecoderEvents(f->alparser); if (decoder_events != NULL && AppLayerDecoderEventsIsEventSet(decoder_events, aled->event_id)) { r = 1; @@ -130,27 +131,52 @@ static DetectAppLayerEventData *DetectAppLayerEventParsePkt(const char *arg, return aled; } -static DetectAppLayerEventData *DetectAppLayerEventParseApp(const char *arg, - AppLayerEventType *event_type) +static int DetectAppLayerEventParseAppP2(DetectAppLayerEventData *data, + uint8_t *ipproto_bitarray, + AppLayerEventType *event_type) +{ + int event_id = 0; + const char *p_idx; + uint8_t ipproto; + char alproto_name[50]; + int r = 0; + + p_idx = strchr(data->arg, '.'); + strlcpy(alproto_name, data->arg, p_idx - data->arg + 1); + + if (ipproto_bitarray[IPPROTO_TCP / 8] & 1 << (IPPROTO_TCP % 8)) { + ipproto = IPPROTO_TCP; + } else if (ipproto_bitarray[IPPROTO_UDP / 8] & 1 << (IPPROTO_UDP % 8)) { + ipproto = IPPROTO_UDP; + } else { + BUG_ON(1); + } + + r = AppLayerParserGetEventInfo(ipproto, data->alproto, + p_idx + 1, &event_id, event_type); + if (r < 0) { + SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword's " + "protocol \"%s\" doesn't have event \"%s\" registered", + alproto_name, p_idx + 1); + return -1; + } + data->event_id = event_id; + + return 0; +} + +static DetectAppLayerEventData *DetectAppLayerEventParseAppP1(const char *arg) { /* period index */ DetectAppLayerEventData *aled; - uint16_t alproto; - int event_id = 0; - const char *p_idx; char alproto_name[50]; - int r = 0; p_idx = strchr(arg, '.'); /* + 1 for trailing \0 */ strlcpy(alproto_name, arg, p_idx - arg + 1); - /* XXX HACK to support "dns" we use this trick */ - if (strcasecmp(alproto_name, "dns") == 0) - strlcpy(alproto_name, "dnsudp", sizeof(alproto_name)); - alproto = AppLayerGetProtoByName(alproto_name); if (alproto == ALPROTO_UNKNOWN) { SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword " @@ -158,20 +184,17 @@ static DetectAppLayerEventData *DetectAppLayerEventParseApp(const char *arg, alproto_name); return NULL; } - r = AppLayerGetEventInfo(alproto, p_idx + 1, &event_id, event_type); - if (r < 0) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword's " - "protocol \"%s\" doesn't have event \"%s\" registered", - alproto_name, p_idx + 1); - return NULL; - } - aled = SCMalloc(sizeof(DetectAppLayerEventData)); + aled = SCMalloc(sizeof(*aled)); if (unlikely(aled == NULL)) return NULL; - memset(aled,0x00,sizeof(*aled)); + memset(aled, 0x00, sizeof(*aled)); aled->alproto = alproto; - aled->event_id = event_id; + aled->arg = SCStrdup(arg); + if (aled->arg == NULL) { + SCFree(aled); + return NULL; + } return aled; } @@ -179,6 +202,8 @@ static DetectAppLayerEventData *DetectAppLayerEventParseApp(const char *arg, static DetectAppLayerEventData *DetectAppLayerEventParse(const char *arg, AppLayerEventType *event_type) { + *event_type = 0; + if (arg == NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword supplied " "with no arguments. This keyword needs an argument."); @@ -191,11 +216,33 @@ static DetectAppLayerEventData *DetectAppLayerEventParse(const char *arg, if (strchr(arg, '.') == NULL) { return DetectAppLayerEventParsePkt(arg, event_type); } else { - return DetectAppLayerEventParseApp(arg, event_type); + return DetectAppLayerEventParseAppP1(arg); + } +} + +static int DetectAppLayerEventSetupP2(Signature *s, + SigMatch *sm) +{ + AppLayerEventType event_type = 0; + + if (DetectAppLayerEventParseAppP2(sm->ctx, s->proto.proto, + &event_type) < 0) + { + SCLogError(SC_ERR_INVALID_SIGNATURE, "App layer event setup " + "phase2 failure."); + return -1; } + if (event_type == APP_LAYER_EVENT_TYPE_GENERAL) + SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); + else + SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_APP_EVENT); + /* We should have set this flag already in SetupP1 */ + s->flags |= SIG_FLAG_APPLAYER; + + return 0; } -int DetectAppLayerEventSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) +static int DetectAppLayerEventSetupP1(DetectEngineCtx *de_ctx, Signature *s, char *arg) { DetectAppLayerEventData *data = NULL; SigMatch *sm = NULL; @@ -213,11 +260,7 @@ int DetectAppLayerEventSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) sm->ctx = (void *)data; if (s->alproto != ALPROTO_UNKNOWN) { - if (s->alproto == ALPROTO_DNS && - (data->alproto == ALPROTO_DNS_UDP || data->alproto == ALPROTO_DNS_TCP)) - { - SCLogDebug("DNS app layer event"); - } else if (s->alproto != data->alproto) { + if (s->alproto != data->alproto) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains " "conflicting keywords needing different alprotos"); goto error; @@ -228,11 +271,9 @@ int DetectAppLayerEventSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) if (event_type == APP_LAYER_EVENT_TYPE_PACKET) { SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH); - } else if (event_type == APP_LAYER_EVENT_TYPE_GENERAL) { - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); - s->flags |= SIG_FLAG_APPLAYER; } else { - /* implied APP_LAYER_EVENT_TYPE_TRANSACTION */ + /* We push it to this list temporarily. We deal with + * these in DetectAppLayerEventPrepare(). */ SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_APP_EVENT); s->flags |= SIG_FLAG_APPLAYER; } @@ -249,13 +290,33 @@ error: return -1; } -void DetectAppLayerEventFree(void *ptr) +static void DetectAppLayerEventFree(void *ptr) { + DetectAppLayerEventData *data = (DetectAppLayerEventData *)ptr; + if (data->arg != NULL) + SCFree(data->arg); + SCFree(ptr); return; } +int DetectAppLayerEventPrepare(Signature *s) +{ + SigMatch *sm = s->sm_lists[DETECT_SM_LIST_APP_EVENT]; + s->sm_lists[DETECT_SM_LIST_APP_EVENT] = NULL; + s->sm_lists_tail[DETECT_SM_LIST_APP_EVENT] = NULL; + + while (sm != NULL) { + sm->next = sm->prev = NULL; + if (DetectAppLayerEventSetupP2(s, sm) < 0) + return -1; + sm = sm->next; + } + + return 0; +} + /**********************************Unittests***********************************/ #ifdef UNITTESTS /* UNITTESTS */ @@ -301,17 +362,24 @@ static int DetectAppLayerEventTestGetEventInfo(const char *event_name, int DetectAppLayerEventTest01(void) { - AppLayerParserBackupAlprotoTable(); - AppLayerRegisterGetEventInfo(ALPROTO_SMTP, - DetectAppLayerEventTestGetEventInfo); + AppLayerParserBackupParserTable(); + AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_SMTP, + DetectAppLayerEventTestGetEventInfo); AppLayerEventType event_type; int result = 0; + uint8_t ipproto_bitarray[256 / 8]; + memset(ipproto_bitarray, 0, sizeof(ipproto_bitarray)); + ipproto_bitarray[IPPROTO_TCP / 8] |= 1 << (IPPROTO_TCP % 8); DetectAppLayerEventData *aled = DetectAppLayerEventParse("smtp.event1", &event_type); if (aled == NULL) goto end; + if (DetectAppLayerEventParseAppP2(aled, ipproto_bitarray, &event_type) < 0) { + printf("failure 1\n"); + goto end; + } if (aled->alproto != ALPROTO_SMTP || aled->event_id != APP_LAYER_EVENT_TEST_MAP_EVENT1) { printf("test failure. Holding wrong state\n"); @@ -321,7 +389,7 @@ int DetectAppLayerEventTest01(void) result = 1; end: - AppLayerParserRestoreAlprotoTable(); + AppLayerParserRestoreParserTable(); if (aled != NULL) DetectAppLayerEventFree(aled); return result; @@ -329,24 +397,31 @@ int DetectAppLayerEventTest01(void) int DetectAppLayerEventTest02(void) { - AppLayerParserBackupAlprotoTable(); + AppLayerParserBackupParserTable(); - AppLayerRegisterGetEventInfo(ALPROTO_SMTP, - DetectAppLayerEventTestGetEventInfo); - AppLayerRegisterGetEventInfo(ALPROTO_HTTP, - DetectAppLayerEventTestGetEventInfo); - AppLayerRegisterGetEventInfo(ALPROTO_SMB, - DetectAppLayerEventTestGetEventInfo); - AppLayerRegisterGetEventInfo(ALPROTO_FTP, - DetectAppLayerEventTestGetEventInfo); + AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_SMTP, + DetectAppLayerEventTestGetEventInfo); + AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_HTTP, + DetectAppLayerEventTestGetEventInfo); + AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_SMB, + DetectAppLayerEventTestGetEventInfo); + AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_FTP, + DetectAppLayerEventTestGetEventInfo); AppLayerEventType event_type; int result = 0; + uint8_t ipproto_bitarray[256 / 8]; + memset(ipproto_bitarray, 0, sizeof(ipproto_bitarray)); + ipproto_bitarray[IPPROTO_TCP / 8] |= 1 << (IPPROTO_TCP % 8); DetectAppLayerEventData *aled = DetectAppLayerEventParse("smtp.event1", &event_type); if (aled == NULL) goto end; + if (DetectAppLayerEventParseAppP2(aled, ipproto_bitarray, &event_type) < 0) { + printf("failure 1\n"); + goto end; + } if (aled->alproto != ALPROTO_SMTP || aled->event_id != APP_LAYER_EVENT_TEST_MAP_EVENT1) { printf("test failure. Holding wrong state\n"); @@ -357,6 +432,10 @@ int DetectAppLayerEventTest02(void) &event_type); if (aled == NULL) goto end; + if (DetectAppLayerEventParseAppP2(aled, ipproto_bitarray, &event_type) < 0) { + printf("failure 1\n"); + goto end; + } if (aled->alproto != ALPROTO_SMTP || aled->event_id != APP_LAYER_EVENT_TEST_MAP_EVENT4) { printf("test failure. Holding wrong state\n"); @@ -367,6 +446,10 @@ int DetectAppLayerEventTest02(void) &event_type); if (aled == NULL) goto end; + if (DetectAppLayerEventParseAppP2(aled, ipproto_bitarray, &event_type) < 0) { + printf("failure 1\n"); + goto end; + } if (aled->alproto != ALPROTO_HTTP || aled->event_id != APP_LAYER_EVENT_TEST_MAP_EVENT2) { printf("test failure. Holding wrong state\n"); @@ -377,6 +460,10 @@ int DetectAppLayerEventTest02(void) &event_type); if (aled == NULL) goto end; + if (DetectAppLayerEventParseAppP2(aled, ipproto_bitarray, &event_type) < 0) { + printf("failure 1\n"); + goto end; + } if (aled->alproto != ALPROTO_SMB || aled->event_id != APP_LAYER_EVENT_TEST_MAP_EVENT3) { printf("test failure. Holding wrong state\n"); @@ -387,6 +474,10 @@ int DetectAppLayerEventTest02(void) &event_type); if (aled == NULL) goto end; + if (DetectAppLayerEventParseAppP2(aled, ipproto_bitarray, &event_type) < 0) { + printf("failure 1\n"); + goto end; + } if (aled->alproto != ALPROTO_FTP || aled->event_id != APP_LAYER_EVENT_TEST_MAP_EVENT5) { printf("test failure. Holding wrong state\n"); @@ -396,7 +487,7 @@ int DetectAppLayerEventTest02(void) result = 1; end: - AppLayerParserRestoreAlprotoTable(); + AppLayerParserRestoreParserTable(); if (aled != NULL) DetectAppLayerEventFree(aled); return result; @@ -461,6 +552,7 @@ int DetectAppLayerEventTest03(void) goto end; FLOW_INITIALIZE(f); f->protoctx = &ssn; + f->proto = IPPROTO_TCP; f->flags |= FLOW_IPV4; p = PacketGetFromAlloc(); @@ -477,8 +569,8 @@ int DetectAppLayerEventTest03(void) StreamTcpInitConfig(TRUE); p->flowflags = FLOW_PKT_TOSERVER; - if (AppLayerHandleTCPData(&tv, ra_ctx, f, &ssn, &stream_ts, buf_ts, - sizeof(buf_ts), p, STREAM_TOSERVER | STREAM_START) < 0) { + if (AppLayerHandleTCPData(&tv, ra_ctx, p, f, &ssn, &stream_ts, buf_ts, + sizeof(buf_ts), STREAM_TOSERVER | STREAM_START) < 0) { printf("AppLayerHandleTCPData failure\n"); goto end; } @@ -489,8 +581,8 @@ int DetectAppLayerEventTest03(void) } p->flowflags = FLOW_PKT_TOCLIENT; - if (AppLayerHandleTCPData(&tv, ra_ctx, f, &ssn, &stream_tc, buf_tc, - sizeof(buf_tc), p, STREAM_TOCLIENT | STREAM_START) < 0) { + if (AppLayerHandleTCPData(&tv, ra_ctx, p, f, &ssn, &stream_tc, buf_tc, + sizeof(buf_tc), STREAM_TOCLIENT | STREAM_START) < 0) { printf("AppLayerHandleTCPData failure\n"); goto end; } @@ -564,6 +656,7 @@ int DetectAppLayerEventTest04(void) goto end; FLOW_INITIALIZE(f); f->protoctx = &ssn; + f->proto = IPPROTO_TCP; f->flags |= FLOW_IPV4; p = PacketGetFromAlloc(); @@ -580,8 +673,8 @@ int DetectAppLayerEventTest04(void) StreamTcpInitConfig(TRUE); p->flowflags = FLOW_PKT_TOSERVER; - if (AppLayerHandleTCPData(&tv, ra_ctx, f, &ssn, &stream_ts, buf_ts, - sizeof(buf_ts), p, STREAM_TOSERVER | STREAM_START) < 0) { + if (AppLayerHandleTCPData(&tv, ra_ctx, p, f, &ssn, &stream_ts, buf_ts, + sizeof(buf_ts), STREAM_TOSERVER | STREAM_START) < 0) { printf("AppLayerHandleTCPData failure\n"); goto end; } @@ -592,8 +685,8 @@ int DetectAppLayerEventTest04(void) } p->flowflags = FLOW_PKT_TOCLIENT; - if (AppLayerHandleTCPData(&tv, ra_ctx, f, &ssn, &stream_tc, buf_tc, - sizeof(buf_tc), p, STREAM_TOCLIENT | STREAM_START) < 0) { + if (AppLayerHandleTCPData(&tv, ra_ctx, p, f, &ssn, &stream_tc, buf_tc, + sizeof(buf_tc), STREAM_TOCLIENT | STREAM_START) < 0) { printf("AppLayerHandleTCPData failure\n"); goto end; } @@ -683,6 +776,7 @@ int DetectAppLayerEventTest05(void) goto end; FLOW_INITIALIZE(f); f->protoctx = &ssn; + f->proto = IPPROTO_TCP; f->flags |= FLOW_IPV4; p = PacketGetFromAlloc(); @@ -699,8 +793,8 @@ int DetectAppLayerEventTest05(void) StreamTcpInitConfig(TRUE); p->flowflags = FLOW_PKT_TOSERVER; - if (AppLayerHandleTCPData(&tv, ra_ctx, f, &ssn, &stream_ts, buf_ts, - sizeof(buf_ts), p, STREAM_TOSERVER | STREAM_START) < 0) { + if (AppLayerHandleTCPData(&tv, ra_ctx, p, f, &ssn, &stream_ts, buf_ts, + sizeof(buf_ts), STREAM_TOSERVER | STREAM_START) < 0) { printf("AppLayerHandleTCPData failure\n"); goto end; } @@ -711,8 +805,8 @@ int DetectAppLayerEventTest05(void) } p->flowflags = FLOW_PKT_TOCLIENT; - if (AppLayerHandleTCPData(&tv, ra_ctx, f, &ssn, &stream_tc, buf_tc, - sizeof(buf_tc), p, STREAM_TOCLIENT | STREAM_START) < 0) { + if (AppLayerHandleTCPData(&tv, ra_ctx, p, f, &ssn, &stream_tc, buf_tc, + sizeof(buf_tc), STREAM_TOCLIENT | STREAM_START) < 0) { printf("AppLayerHandleTCPData failure\n"); goto end; } diff --git a/src/detect-app-layer-event.h b/src/detect-app-layer-event.h index a5ce95a2cf..6a5ac42d97 100644 --- a/src/detect-app-layer-event.h +++ b/src/detect-app-layer-event.h @@ -27,8 +27,11 @@ typedef struct DetectAppLayerEventData_ { uint16_t alproto; int event_id; + + char *arg; } DetectAppLayerEventData; +int DetectAppLayerEventPrepare(Signature *s); void DetectAppLayerEventRegister(void); #endif /* __DETECT_APP_LAYER_EVENT_H__ */ diff --git a/src/detect-app-layer-protocol.c b/src/detect-app-layer-protocol.c index a2229c967d..cb07fbf0fa 100644 --- a/src/detect-app-layer-protocol.c +++ b/src/detect-app-layer-protocol.c @@ -25,6 +25,7 @@ #include "detect-engine.h" #include "detect-parse.h" #include "detect-app-layer-protocol.h" +#include "app-layer.h" #include "app-layer-parser.h" #include "util-debug.h" #include "util-unittest.h" @@ -71,15 +72,11 @@ static DetectAppLayerProtocolData *DetectAppLayerProtocolParse(const char *arg) while (*arg != '\0' && isspace((unsigned char)*arg)) arg++; - if (strcasecmp(arg, "dns") == 0) { - alproto = ALPROTO_DNS; - } else { - alproto = AppLayerGetProtoByName(arg); - if (alproto == ALPROTO_UNKNOWN) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-protocol " - "keyword supplied with unknown protocol \"%s\"", arg); - return NULL; - } + alproto = AppLayerGetProtoByName((char *)arg); + if (alproto == ALPROTO_UNKNOWN) { + SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-protocol " + "keyword supplied with unknown protocol \"%s\"", arg); + return NULL; } data = SCMalloc(sizeof(DetectAppLayerProtocolData)); diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c index 85d3ba2000..14841f4275 100644 --- a/src/detect-dce-iface.c +++ b/src/detect-dce-iface.c @@ -889,6 +889,8 @@ static int DetectDceIfaceTestParse12(void) uint32_t dcerpc_bindack_len = sizeof(dcerpc_bindack); uint32_t dcerpc_request_len = sizeof(dcerpc_request); + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); @@ -897,6 +899,7 @@ static int DetectDceIfaceTestParse12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -924,8 +927,8 @@ static int DetectDceIfaceTestParse12(void) SCLogDebug("handling to_server chunk"); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - dcerpc_bind, dcerpc_bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + dcerpc_bind, dcerpc_bind_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -950,8 +953,8 @@ static int DetectDceIfaceTestParse12(void) SCLogDebug("handling to_client chunk"); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack, - dcerpc_bindack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack, + dcerpc_bindack_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -968,8 +971,8 @@ static int DetectDceIfaceTestParse12(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_request, - dcerpc_request_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_request, + dcerpc_request_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -988,6 +991,8 @@ static int DetectDceIfaceTestParse12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -1130,6 +1135,8 @@ static int DetectDceIfaceTestParse13(void) uint32_t dcerpc_request3_len = sizeof(dcerpc_request3); uint32_t dcerpc_response3_len = sizeof(dcerpc_response3); + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); memset(&f, 0, sizeof(f)); @@ -1164,8 +1171,8 @@ static int DetectDceIfaceTestParse13(void) SCLogDebug("chunk 1, bind"); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - dcerpc_bind, dcerpc_bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + dcerpc_bind, dcerpc_bind_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -1189,8 +1196,8 @@ static int DetectDceIfaceTestParse13(void) SCLogDebug("chunk 2, bind_ack"); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack, - dcerpc_bindack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack, + dcerpc_bindack_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -1209,8 +1216,8 @@ static int DetectDceIfaceTestParse13(void) SCLogDebug("chunk 3, request 1"); /* request1 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1, - dcerpc_request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1, + dcerpc_request1_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -1229,8 +1236,8 @@ static int DetectDceIfaceTestParse13(void) SCLogDebug("sending response1"); /* response1 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1, - dcerpc_response1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1, + dcerpc_response1_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -1249,8 +1256,8 @@ static int DetectDceIfaceTestParse13(void) SCLogDebug("sending request2"); /* request2 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2, - dcerpc_request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2, + dcerpc_request2_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -1267,8 +1274,8 @@ static int DetectDceIfaceTestParse13(void) } /* response2 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response2, - dcerpc_response2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response2, + dcerpc_response2_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -1285,8 +1292,8 @@ static int DetectDceIfaceTestParse13(void) } /* request3 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request3, - dcerpc_request3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request3, + dcerpc_request3_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -1303,8 +1310,8 @@ static int DetectDceIfaceTestParse13(void) } /* response3 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, - dcerpc_response3, dcerpc_response3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, + dcerpc_response3, dcerpc_response3_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -1323,6 +1330,8 @@ static int DetectDceIfaceTestParse13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -1387,6 +1396,8 @@ static int DetectDceIfaceTestParse14(void) uint32_t dcerpc_bindack_len = sizeof(dcerpc_bindack); uint32_t dcerpc_request_len = sizeof(dcerpc_request); + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); memset(&f, 0, sizeof(f)); @@ -1396,6 +1407,7 @@ static int DetectDceIfaceTestParse14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -1421,8 +1433,8 @@ static int DetectDceIfaceTestParse14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - dcerpc_bind, dcerpc_bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + dcerpc_bind, dcerpc_bind_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1443,8 +1455,8 @@ static int DetectDceIfaceTestParse14(void) goto end; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack, - dcerpc_bindack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack, + dcerpc_bindack_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1461,8 +1473,8 @@ static int DetectDceIfaceTestParse14(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_request, - dcerpc_request_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_request, + dcerpc_request_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1481,6 +1493,8 @@ static int DetectDceIfaceTestParse14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -1585,6 +1599,8 @@ static int DetectDceIfaceTestParse15(void) }; uint32_t dcerpc_request2_len = sizeof(dcerpc_request2); + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); memset(&f, 0, sizeof(f)); @@ -1594,6 +1610,7 @@ static int DetectDceIfaceTestParse15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1626,8 +1643,8 @@ static int DetectDceIfaceTestParse15(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - dcerpc_bind, dcerpc_bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + dcerpc_bind, dcerpc_bind_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1650,8 +1667,8 @@ static int DetectDceIfaceTestParse15(void) goto end; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack, - dcerpc_bindack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack, + dcerpc_bindack_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1672,8 +1689,8 @@ static int DetectDceIfaceTestParse15(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_alter_context, - dcerpc_alter_context_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_alter_context, + dcerpc_alter_context_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1694,8 +1711,8 @@ static int DetectDceIfaceTestParse15(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_alter_context_resp, - dcerpc_alter_context_resp_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_alter_context_resp, + dcerpc_alter_context_resp_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1716,8 +1733,8 @@ static int DetectDceIfaceTestParse15(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1, - dcerpc_request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1, + dcerpc_request1_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1738,8 +1755,8 @@ static int DetectDceIfaceTestParse15(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1, - dcerpc_response1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1, + dcerpc_response1_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1760,8 +1777,8 @@ static int DetectDceIfaceTestParse15(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2, - dcerpc_request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2, + dcerpc_request2_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1784,6 +1801,8 @@ static int DetectDceIfaceTestParse15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); diff --git a/src/detect-dce-opnum.c b/src/detect-dce-opnum.c index 7530a0f682..cbf48735e9 100644 --- a/src/detect-dce-opnum.c +++ b/src/detect-dce-opnum.c @@ -1139,6 +1139,8 @@ static int DetectDceOpnumTestParse08(void) uint32_t dcerpc_bindack_len = sizeof(dcerpc_bindack); uint32_t dcerpc_request_len = sizeof(dcerpc_request); + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); @@ -1147,6 +1149,7 @@ static int DetectDceOpnumTestParse08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -1173,8 +1176,8 @@ static int DetectDceOpnumTestParse08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - dcerpc_bind, dcerpc_bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + dcerpc_bind, dcerpc_bind_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1189,8 +1192,8 @@ static int DetectDceOpnumTestParse08(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - dcerpc_bindack, dcerpc_bindack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + dcerpc_bindack, dcerpc_bindack_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1199,8 +1202,8 @@ static int DetectDceOpnumTestParse08(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_EOF, - dcerpc_request, dcerpc_request_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_EOF, + dcerpc_request, dcerpc_request_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1223,6 +1226,8 @@ static int DetectDceOpnumTestParse08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -1673,6 +1678,8 @@ static int DetectDceOpnumTestParse09(void) uint32_t dcerpc_request_len = sizeof(dcerpc_request); + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); @@ -1681,6 +1688,7 @@ static int DetectDceOpnumTestParse09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -1707,8 +1715,8 @@ static int DetectDceOpnumTestParse09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - dcerpc_request, dcerpc_request_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + dcerpc_request, dcerpc_request_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1731,6 +1739,8 @@ static int DetectDceOpnumTestParse09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -1875,6 +1885,8 @@ static int DetectDceOpnumTestParse10(void) uint32_t dcerpc_request3_len = sizeof(dcerpc_request3); uint32_t dcerpc_response3_len = sizeof(dcerpc_response3); + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); @@ -1910,8 +1922,8 @@ static int DetectDceOpnumTestParse10(void) SCLogDebug("sending bind"); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - dcerpc_bind, dcerpc_bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + dcerpc_bind, dcerpc_bind_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc bind failed. Returned %" PRId32, r); goto end; @@ -1928,8 +1940,8 @@ static int DetectDceOpnumTestParse10(void) SCLogDebug("sending bind_ack"); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - dcerpc_bindack, dcerpc_bindack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + dcerpc_bindack, dcerpc_bindack_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -1941,8 +1953,8 @@ static int DetectDceOpnumTestParse10(void) SCLogDebug("sending request1"); /* request1 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - dcerpc_request1, dcerpc_request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + dcerpc_request1, dcerpc_request1_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -1961,8 +1973,8 @@ static int DetectDceOpnumTestParse10(void) SCLogDebug("sending response1"); /* response1 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - dcerpc_response1, dcerpc_response1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + dcerpc_response1, dcerpc_response1_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -1979,8 +1991,8 @@ static int DetectDceOpnumTestParse10(void) } /* request2 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - dcerpc_request2, dcerpc_request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + dcerpc_request2, dcerpc_request2_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -1997,8 +2009,8 @@ static int DetectDceOpnumTestParse10(void) } /* response2 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - dcerpc_response2, dcerpc_response2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + dcerpc_response2, dcerpc_response2_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -2015,8 +2027,8 @@ static int DetectDceOpnumTestParse10(void) } /* request3 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - dcerpc_request3, dcerpc_request3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + dcerpc_request3, dcerpc_request3_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -2033,8 +2045,8 @@ static int DetectDceOpnumTestParse10(void) } /* response3 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, - dcerpc_response3, dcerpc_response3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, + dcerpc_response3, dcerpc_response3_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -2053,6 +2065,8 @@ static int DetectDceOpnumTestParse10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -2166,6 +2180,8 @@ static int DetectDceOpnumTestParse11(void) uint32_t dcerpc_request3_len = sizeof(dcerpc_request3); uint32_t dcerpc_response3_len = sizeof(dcerpc_response3); + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); @@ -2201,8 +2217,8 @@ static int DetectDceOpnumTestParse11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); /* request1 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - dcerpc_request1, dcerpc_request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + dcerpc_request1, dcerpc_request1_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); printf("AppLayerParse for dcerpcrequest1 failed. Returned %" PRId32, r); @@ -2225,8 +2241,8 @@ static int DetectDceOpnumTestParse11(void) goto end; /* response1 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - dcerpc_response1, dcerpc_response1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + dcerpc_response1, dcerpc_response1_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); printf("AppLayerParse for dcerpcresponse1 failed. Returned %" PRId32, r); @@ -2242,8 +2258,8 @@ static int DetectDceOpnumTestParse11(void) goto end; /* request2 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - dcerpc_request2, dcerpc_request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + dcerpc_request2, dcerpc_request2_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); printf("AppLayerParse for dcerpcrequest2 failed. Returned %" PRId32, r); @@ -2259,8 +2275,8 @@ static int DetectDceOpnumTestParse11(void) goto end; /* response2 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - dcerpc_response2, dcerpc_response2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + dcerpc_response2, dcerpc_response2_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); printf("AppLayerParse for dcerpcresponse2 failed. Returned %" PRId32, r); @@ -2276,8 +2292,8 @@ static int DetectDceOpnumTestParse11(void) goto end; /* request3 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - dcerpc_request3, dcerpc_request3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + dcerpc_request3, dcerpc_request3_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); printf("AppLayerParse for dcerpc request3 failed. Returned %" PRId32, r); @@ -2293,8 +2309,8 @@ static int DetectDceOpnumTestParse11(void) goto end; /* response3 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, - dcerpc_response3, dcerpc_response3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, + dcerpc_response3, dcerpc_response3_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); printf("AppLayerParse for dcerpc response3 failed. Returned %" PRId32, r); @@ -2312,6 +2328,8 @@ static int DetectDceOpnumTestParse11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -2440,6 +2458,8 @@ static int DetectDceOpnumTestParse12(void) uint32_t dcerpc_request2_len = sizeof(dcerpc_request2); uint32_t dcerpc_response2_len = sizeof(dcerpc_response2); + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); @@ -2471,8 +2491,8 @@ static int DetectDceOpnumTestParse12(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - dcerpc_bind, dcerpc_bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + dcerpc_bind, dcerpc_bind_len); if (r != 0) { printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -2487,8 +2507,8 @@ static int DetectDceOpnumTestParse12(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack, - dcerpc_bindack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack, + dcerpc_bindack_len); if (r != 0) { printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -2500,8 +2520,8 @@ static int DetectDceOpnumTestParse12(void) /* request1 */ SCLogDebug("Sending request1"); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1, - dcerpc_request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1, + dcerpc_request1_len); if (r != 0) { printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -2530,8 +2550,8 @@ static int DetectDceOpnumTestParse12(void) } /* response1 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1, - dcerpc_response1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1, + dcerpc_response1_len); if (r != 0) { printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -2560,8 +2580,8 @@ static int DetectDceOpnumTestParse12(void) } /* request2 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2, - dcerpc_request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2, + dcerpc_request2_len); if (r != 0) { printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -2590,8 +2610,8 @@ static int DetectDceOpnumTestParse12(void) } /* response2 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, dcerpc_response2, - dcerpc_response2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, dcerpc_response2, + dcerpc_response2_len); if (r != 0) { printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -2622,6 +2642,8 @@ static int DetectDceOpnumTestParse12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -2723,6 +2745,8 @@ static int DetectDceOpnumTestParse13(void) uint32_t dcerpc_request2_len = sizeof(dcerpc_request2); uint32_t dcerpc_response2_len = sizeof(dcerpc_response2); + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); @@ -2758,8 +2782,8 @@ static int DetectDceOpnumTestParse13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); /* request1 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1, - dcerpc_request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1, + dcerpc_request1_len); if (r != 0) { printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -2786,8 +2810,8 @@ static int DetectDceOpnumTestParse13(void) goto end; /* response1 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1, - dcerpc_response1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1, + dcerpc_response1_len); if (r != 0) { printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -2815,8 +2839,8 @@ static int DetectDceOpnumTestParse13(void) /* request2 */ printf("Sending Request2\n"); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2, - dcerpc_request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2, + dcerpc_request2_len); if (r != 0) { printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -2843,8 +2867,8 @@ static int DetectDceOpnumTestParse13(void) goto end; /* response2 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, dcerpc_response2, - dcerpc_response2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, dcerpc_response2, + dcerpc_response2_len); if (r != 0) { printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; @@ -2873,6 +2897,8 @@ static int DetectDceOpnumTestParse13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c index 599b3f1f39..82f4f4061c 100644 --- a/src/detect-dce-stub-data.c +++ b/src/detect-dce-stub-data.c @@ -584,6 +584,7 @@ static int DetectDceStubDataTestParse02(void) uint32_t dcerpc_bind_len = sizeof(dcerpc_bind); uint32_t dcerpc_bindack_len = sizeof(dcerpc_bindack); uint32_t dcerpc_request_len = sizeof(dcerpc_request); + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -593,6 +594,7 @@ static int DetectDceStubDataTestParse02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -619,8 +621,8 @@ static int DetectDceStubDataTestParse02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - dcerpc_bind, dcerpc_bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + dcerpc_bind, dcerpc_bind_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -645,8 +647,8 @@ static int DetectDceStubDataTestParse02(void) /* do detect */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack, - dcerpc_bindack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack, + dcerpc_bindack_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -664,8 +666,8 @@ static int DetectDceStubDataTestParse02(void) goto end; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_EOF, - dcerpc_request, dcerpc_request_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_EOF, + dcerpc_request, dcerpc_request_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -685,6 +687,8 @@ static int DetectDceStubDataTestParse02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -1135,6 +1139,8 @@ static int DetectDceStubDataTestParse03(void) uint32_t dcerpc_request_len = sizeof(dcerpc_request); + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); @@ -1143,6 +1149,7 @@ static int DetectDceStubDataTestParse03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -1169,8 +1176,8 @@ static int DetectDceStubDataTestParse03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - dcerpc_request, dcerpc_request_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + dcerpc_request, dcerpc_request_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1195,6 +1202,8 @@ static int DetectDceStubDataTestParse03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -1331,6 +1340,8 @@ static int DetectDceStubDataTestParse04(void) uint32_t dcerpc_request3_len = sizeof(dcerpc_request3); uint32_t dcerpc_response3_len = sizeof(dcerpc_response3); + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); @@ -1371,8 +1382,8 @@ static int DetectDceStubDataTestParse04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - dcerpc_bind, dcerpc_bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + dcerpc_bind, dcerpc_bind_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1390,8 +1401,8 @@ static int DetectDceStubDataTestParse04(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack, - dcerpc_bindack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack, + dcerpc_bindack_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1404,8 +1415,8 @@ static int DetectDceStubDataTestParse04(void) /* request1 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1, - dcerpc_request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1, + dcerpc_request1_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1423,8 +1434,8 @@ static int DetectDceStubDataTestParse04(void) /* response1 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1, - dcerpc_response1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1, + dcerpc_response1_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1442,8 +1453,8 @@ static int DetectDceStubDataTestParse04(void) /* request2 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2, - dcerpc_request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2, + dcerpc_request2_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1461,8 +1472,8 @@ static int DetectDceStubDataTestParse04(void) /* response2 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response2, - dcerpc_response2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response2, + dcerpc_response2_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1480,8 +1491,8 @@ static int DetectDceStubDataTestParse04(void) /* request3 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request3, - dcerpc_request3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request3, + dcerpc_request3_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1499,8 +1510,8 @@ static int DetectDceStubDataTestParse04(void) /* response3 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, - dcerpc_response3, dcerpc_response3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, + dcerpc_response3, dcerpc_response3_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1519,6 +1530,8 @@ static int DetectDceStubDataTestParse04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -1628,6 +1641,8 @@ static int DetectDceStubDataTestParse05(void) uint32_t dcerpc_request3_len = sizeof(dcerpc_request3); uint32_t dcerpc_response3_len = sizeof(dcerpc_response3); + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); @@ -1678,8 +1693,8 @@ static int DetectDceStubDataTestParse05(void) /* request1 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, - dcerpc_request1, dcerpc_request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, + dcerpc_request1, dcerpc_request1_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1703,8 +1718,8 @@ static int DetectDceStubDataTestParse05(void) /* response1 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - dcerpc_response1, dcerpc_response1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + dcerpc_response1, dcerpc_response1_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1722,8 +1737,8 @@ static int DetectDceStubDataTestParse05(void) /* request2 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - dcerpc_request2, dcerpc_request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + dcerpc_request2, dcerpc_request2_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1741,8 +1756,8 @@ static int DetectDceStubDataTestParse05(void) /* response2 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, - dcerpc_response2, dcerpc_response2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, + dcerpc_response2, dcerpc_response2_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1760,8 +1775,8 @@ static int DetectDceStubDataTestParse05(void) /* request3 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, - dcerpc_request3, dcerpc_request3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, + dcerpc_request3, dcerpc_request3_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1779,8 +1794,8 @@ static int DetectDceStubDataTestParse05(void) /* response3 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, - dcerpc_response3, dcerpc_response3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, + dcerpc_response3, dcerpc_response3_len); if (r != 0) { SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); SCMutexUnlock(&f.m); @@ -1799,6 +1814,9 @@ static int DetectDceStubDataTestParse05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); + SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index 4275fa68ac..540c47fad8 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -49,6 +49,8 @@ #include "util-spm.h" #include "util-print.h" +#include "stream-tcp.h" + #include "app-layer.h" #include "app-layer-dns-common.h" #include "detect-dns-query.h" @@ -145,6 +147,7 @@ static int DetectDnsQueryTest01(void) { Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -160,7 +163,7 @@ static int DetectDnsQueryTest01(void) { p->flow = &f; p->flags |= PKT_HAS_FLOW; p->flowflags |= FLOW_PKT_TOSERVER; - f.alproto = ALPROTO_DNS_UDP; + f.alproto = ALPROTO_DNS; DetectEngineCtx *de_ctx = DetectEngineCtxInit(); if (de_ctx == NULL) { @@ -180,7 +183,7 @@ static int DetectDnsQueryTest01(void) { DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOSERVER, buf, sizeof(buf)); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf, sizeof(buf)); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -205,6 +208,8 @@ static int DetectDnsQueryTest01(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -255,6 +260,7 @@ static int DetectDnsQueryTest02(void) { Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -272,7 +278,7 @@ static int DetectDnsQueryTest02(void) { FLOW_INITIALIZE(&f); f.flags |= FLOW_IPV4; f.proto = IPPROTO_UDP; - f.alproto = ALPROTO_DNS_UDP; + f.alproto = ALPROTO_DNS; p1->flow = &f; p1->flags |= PKT_HAS_FLOW; @@ -297,14 +303,14 @@ static int DetectDnsQueryTest02(void) { de_ctx->flags |= DE_QUIET; s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " - "(msg:\"Test dns_query option\"; " - "dns_query; content:\"google.com\"; nocase; sid:1;)"); + "(msg:\"Test dns_query option\"; " + "dns_query; content:\"google.com\"; nocase; sid:1;)"); if (s == NULL) { goto end; } s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " - "(msg:\"Test dns_query option\"; " - "dns_query; content:\"google.net\"; nocase; sid:2;)"); + "(msg:\"Test dns_query option\"; " + "dns_query; content:\"google.net\"; nocase; sid:2;)"); if (s == NULL) { goto end; } @@ -313,7 +319,7 @@ static int DetectDnsQueryTest02(void) { DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOSERVER, buf1, sizeof(buf1)); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf1, sizeof(buf1)); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -340,7 +346,7 @@ static int DetectDnsQueryTest02(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOCLIENT, buf2, sizeof(buf2)); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOCLIENT, buf2, sizeof(buf2)); if (r != 0) { printf("toserver client 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -361,7 +367,7 @@ static int DetectDnsQueryTest02(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOSERVER, buf3, sizeof(buf3)); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf3, sizeof(buf3)); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -384,6 +390,8 @@ static int DetectDnsQueryTest02(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -415,6 +423,7 @@ static int DetectDnsQueryTest03(void) { ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -432,7 +441,7 @@ static int DetectDnsQueryTest03(void) { p->flow = &f; p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; p->flowflags |= FLOW_PKT_TOSERVER|FLOW_PKT_ESTABLISHED; - f.alproto = ALPROTO_DNS_TCP; + f.alproto = ALPROTO_DNS; StreamTcpInitConfig(TRUE); @@ -443,9 +452,9 @@ static int DetectDnsQueryTest03(void) { de_ctx->mpm_matcher = DEFAULT_MPM; de_ctx->flags |= DE_QUIET; - s = DetectEngineAppendSig(de_ctx, "alert dnstcp any any -> any any " - "(msg:\"Test dns_query option\"; " - "content:\"google\"; nocase; dns_query; sid:1;)"); + s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " + "(msg:\"Test dns_query option\"; " + "content:\"google\"; nocase; dns_query; sid:1;)"); if (s == NULL) { goto end; } @@ -454,7 +463,7 @@ static int DetectDnsQueryTest03(void) { DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_DNS_TCP, STREAM_TOSERVER, buf, sizeof(buf)); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf, sizeof(buf)); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -479,6 +488,8 @@ static int DetectDnsQueryTest03(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -509,6 +520,7 @@ static int DetectDnsQueryTest04(void) { ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -525,7 +537,7 @@ static int DetectDnsQueryTest04(void) { f.protoctx = (void *)&ssn; f.flags |= FLOW_IPV4; f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_DNS_TCP; + f.alproto = ALPROTO_DNS; p1->flow = &f; p1->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; @@ -544,9 +556,9 @@ static int DetectDnsQueryTest04(void) { de_ctx->mpm_matcher = DEFAULT_MPM; de_ctx->flags |= DE_QUIET; - s = DetectEngineAppendSig(de_ctx, "alert dnstcp any any -> any any " - "(msg:\"Test dns_query option\"; " - "dns_query; content:\"google\"; nocase; sid:1;)"); + s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " + "(msg:\"Test dns_query option\"; " + "dns_query; content:\"google\"; nocase; sid:1;)"); if (s == NULL) { goto end; } @@ -555,7 +567,7 @@ static int DetectDnsQueryTest04(void) { DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_DNS_TCP, STREAM_TOSERVER, buf1, sizeof(buf1)); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf1, sizeof(buf1)); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -578,7 +590,7 @@ static int DetectDnsQueryTest04(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DNS_TCP, STREAM_TOSERVER, buf2, sizeof(buf2)); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf2, sizeof(buf2)); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -597,6 +609,8 @@ static int DetectDnsQueryTest04(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -654,6 +668,7 @@ static int DetectDnsQueryTest05(void) { ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -676,7 +691,7 @@ static int DetectDnsQueryTest05(void) { f.protoctx = (void *)&ssn; f.flags |= FLOW_IPV4; f.proto = IPPROTO_TCP; - f.alproto = ALPROTO_DNS_TCP; + f.alproto = ALPROTO_DNS; p1->flow = &f; p1->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; @@ -703,15 +718,15 @@ static int DetectDnsQueryTest05(void) { de_ctx->mpm_matcher = DEFAULT_MPM; de_ctx->flags |= DE_QUIET; - s = DetectEngineAppendSig(de_ctx, "alert dnstcp any any -> any any " - "(msg:\"Test dns_query option\"; " - "dns_query; content:\"google.com\"; nocase; sid:1;)"); + s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " + "(msg:\"Test dns_query option\"; " + "dns_query; content:\"google.com\"; nocase; sid:1;)"); if (s == NULL) { goto end; } - s = DetectEngineAppendSig(de_ctx, "alert dnstcp any any -> any any " - "(msg:\"Test dns_query option\"; " - "dns_query; content:\"google.net\"; nocase; sid:2;)"); + s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " + "(msg:\"Test dns_query option\"; " + "dns_query; content:\"google.net\"; nocase; sid:2;)"); if (s == NULL) { goto end; } @@ -720,7 +735,7 @@ static int DetectDnsQueryTest05(void) { DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_DNS_TCP, STREAM_TOSERVER, buf1, sizeof(buf1)); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf1, sizeof(buf1)); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -747,7 +762,7 @@ static int DetectDnsQueryTest05(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DNS_TCP, STREAM_TOSERVER, buf2, sizeof(buf2)); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf2, sizeof(buf2)); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -768,7 +783,7 @@ static int DetectDnsQueryTest05(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DNS_TCP, STREAM_TOCLIENT, buf3, sizeof(buf3)); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOCLIENT, buf3, sizeof(buf3)); if (r != 0) { printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -789,7 +804,7 @@ static int DetectDnsQueryTest05(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DNS_TCP, STREAM_TOSERVER, buf4, sizeof(buf4)); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf4, sizeof(buf4)); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -812,6 +827,8 @@ static int DetectDnsQueryTest05(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -843,6 +860,7 @@ static int DetectDnsQueryTest06(void) { Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -858,7 +876,7 @@ static int DetectDnsQueryTest06(void) { p->flow = &f; p->flags |= PKT_HAS_FLOW; p->flowflags |= FLOW_PKT_TOSERVER; - f.alproto = ALPROTO_DNS_UDP; + f.alproto = ALPROTO_DNS; DetectEngineCtx *de_ctx = DetectEngineCtxInit(); if (de_ctx == NULL) { @@ -868,9 +886,9 @@ static int DetectDnsQueryTest06(void) { de_ctx->flags |= DE_QUIET; s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " - "(msg:\"Test dns_query option\"; " - "dns_query; content:\"google\"; nocase; " - "pcre:\"/google\\.com$/i\"; sid:1;)"); + "(msg:\"Test dns_query option\"; " + "dns_query; content:\"google\"; nocase; " + "pcre:\"/google\\.com$/i\"; sid:1;)"); if (s == NULL) { goto end; } @@ -887,7 +905,7 @@ static int DetectDnsQueryTest06(void) { DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOSERVER, buf, sizeof(buf)); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf, sizeof(buf)); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -916,6 +934,8 @@ static int DetectDnsQueryTest06(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -967,6 +987,7 @@ static int DetectDnsQueryTest07(void) { Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -984,7 +1005,7 @@ static int DetectDnsQueryTest07(void) { FLOW_INITIALIZE(&f); f.flags |= FLOW_IPV4; f.proto = IPPROTO_UDP; - f.alproto = ALPROTO_DNS_UDP; + f.alproto = ALPROTO_DNS; p1->flow = &f; p1->flags |= PKT_HAS_FLOW; @@ -1031,7 +1052,7 @@ static int DetectDnsQueryTest07(void) { DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOSERVER, buf1, sizeof(buf1)); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf1, sizeof(buf1)); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1058,7 +1079,7 @@ static int DetectDnsQueryTest07(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOCLIENT, buf2, sizeof(buf2)); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOCLIENT, buf2, sizeof(buf2)); if (r != -1) { printf("toserver client 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1083,7 +1104,7 @@ static int DetectDnsQueryTest07(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOSERVER, buf3, sizeof(buf3)); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf3, sizeof(buf3)); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1111,6 +1132,8 @@ static int DetectDnsQueryTest07(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) diff --git a/src/detect-engine-apt-event.c b/src/detect-engine-apt-event.c index 746d3025ff..9488491f21 100644 --- a/src/detect-engine-apt-event.c +++ b/src/detect-engine-apt-event.c @@ -40,13 +40,12 @@ int DetectEngineAptEventInspect(ThreadVars *tv, { AppLayerDecoderEvents *decoder_events = NULL; int r = 0; - int direction = 0; uint16_t alproto; SigMatch *sm; DetectAppLayerEventData *aled = NULL; alproto = f->alproto; - decoder_events = AppLayerGetEventsFromFlowByTx(f, tx_id); + decoder_events = AppLayerParserGetEventsByTx(f->proto, alproto, alstate, tx_id); if (decoder_events == NULL) goto end; @@ -68,9 +67,8 @@ int DetectEngineAptEventInspect(ThreadVars *tv, if (r == 1) { return DETECT_ENGINE_INSPECT_SIG_MATCH; } else { - direction = (flags & STREAM_TOSERVER) ? 0 : 1; - if (AppLayerGetAlstateProgress(alproto, tx, direction) == - AppLayerGetAlstateProgressCompletionStatus(alproto, direction)) + if (AppLayerParserGetStateProgress(f->proto, alproto, tx, flags) == + AppLayerParserGetStateProgressCompletionStatus(f->proto, alproto, flags)) { return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; } else { diff --git a/src/detect-engine-dcepayload.c b/src/detect-engine-dcepayload.c index 8b482f786b..5a3a19ee62 100644 --- a/src/detect-engine-dcepayload.c +++ b/src/detect-engine-dcepayload.c @@ -34,8 +34,11 @@ #include "detect-bytetest.h" #include "detect-bytejump.h" #include "detect-byte-extract.h" +#include "detect-content.h" #include "detect-engine-content-inspection.h" +#include "stream-tcp.h" + #include "app-layer.h" #include "app-layer-dcerpc.h" #include "flow-util.h" @@ -1274,6 +1277,7 @@ int DcePayloadTest01(void) "content:\"|79 26 46 f7 bf a1|\"; distance:0; sid:8;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -1344,7 +1348,7 @@ int DcePayloadTest01(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1385,7 +1389,7 @@ int DcePayloadTest01(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1426,7 +1430,7 @@ int DcePayloadTest01(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1468,7 +1472,7 @@ int DcePayloadTest01(void) } SCLogDebug("sending request 2"); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1510,7 +1514,7 @@ int DcePayloadTest01(void) } SCLogDebug("sending request 3"); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request3, request3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request3, request3_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1553,7 +1557,7 @@ int DcePayloadTest01(void) } SCLogDebug("sending request 4"); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request4, request4_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request4, request4_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1594,7 +1598,7 @@ int DcePayloadTest01(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request5, request5_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request5, request5_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1635,7 +1639,7 @@ int DcePayloadTest01(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request6, request6_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request6, request6_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1676,7 +1680,7 @@ int DcePayloadTest01(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request7, request7_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request7, request7_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1717,7 +1721,7 @@ int DcePayloadTest01(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request8, request8_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request8, request8_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1758,7 +1762,7 @@ int DcePayloadTest01(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request9, request9_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request9, request9_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1802,6 +1806,8 @@ int DcePayloadTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -2139,6 +2145,7 @@ int DcePayloadTest02(void) "dce_stub_data; content:\"|2d 5e 63 2a 4c|\"; distance:0; sid:2;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -2156,6 +2163,7 @@ int DcePayloadTest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -2179,7 +2187,7 @@ int DcePayloadTest02(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2196,7 +2204,7 @@ int DcePayloadTest02(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2213,7 +2221,7 @@ int DcePayloadTest02(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2230,7 +2238,7 @@ int DcePayloadTest02(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2250,6 +2258,8 @@ int DcePayloadTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -2587,6 +2597,7 @@ int DcePayloadTest03(void) "content:\"|2d 5e 63 2a 4c|\"; distance:0; sid:2;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -2603,6 +2614,7 @@ int DcePayloadTest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -2626,7 +2638,7 @@ int DcePayloadTest03(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2643,7 +2655,7 @@ int DcePayloadTest03(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2660,7 +2672,7 @@ int DcePayloadTest03(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2677,7 +2689,7 @@ int DcePayloadTest03(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2697,6 +2709,8 @@ int DcePayloadTest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -3034,6 +3048,7 @@ int DcePayloadTest04(void) "content:\"|2d 5e 63 2a 4c|\"; distance:0; sid:2;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3050,6 +3065,7 @@ int DcePayloadTest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -3073,7 +3089,7 @@ int DcePayloadTest04(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3090,7 +3106,7 @@ int DcePayloadTest04(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3107,7 +3123,7 @@ int DcePayloadTest04(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3124,7 +3140,7 @@ int DcePayloadTest04(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3144,6 +3160,8 @@ int DcePayloadTest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -3480,6 +3498,7 @@ int DcePayloadTest05(void) "dce_stub_data; content:\"|2d 5e 63 2a 4c|\"; distance:0; sid:2;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3496,6 +3515,7 @@ int DcePayloadTest05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -3519,7 +3539,7 @@ int DcePayloadTest05(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3536,7 +3556,7 @@ int DcePayloadTest05(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3553,7 +3573,7 @@ int DcePayloadTest05(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3570,7 +3590,7 @@ int DcePayloadTest05(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3590,6 +3610,8 @@ int DcePayloadTest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -3927,6 +3949,7 @@ int DcePayloadTest06(void) "content:\"|2d 5e 63 2a 4c|\"; distance:0; sid:2;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3943,6 +3966,7 @@ int DcePayloadTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -3966,7 +3990,7 @@ int DcePayloadTest06(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3983,7 +4007,7 @@ int DcePayloadTest06(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4000,7 +4024,7 @@ int DcePayloadTest06(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4017,7 +4041,7 @@ int DcePayloadTest06(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4037,6 +4061,8 @@ int DcePayloadTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -4373,6 +4399,7 @@ int DcePayloadTest07(void) "content:\"|2d 5e 63 35 25|\"; distance:0; sid:2;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -4389,6 +4416,7 @@ int DcePayloadTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -4412,7 +4440,7 @@ int DcePayloadTest07(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4429,7 +4457,7 @@ int DcePayloadTest07(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4446,7 +4474,7 @@ int DcePayloadTest07(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4463,7 +4491,7 @@ int DcePayloadTest07(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4483,6 +4511,8 @@ int DcePayloadTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -4657,6 +4687,7 @@ int DcePayloadTest08(void) "distance:0; within:2; sid:1;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -4672,6 +4703,7 @@ int DcePayloadTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -4690,7 +4722,7 @@ int DcePayloadTest08(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4706,6 +4738,8 @@ int DcePayloadTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -4880,6 +4914,7 @@ int DcePayloadTest09(void) "distance:0; within:2; sid:1;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -4895,6 +4930,7 @@ int DcePayloadTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -4913,7 +4949,7 @@ int DcePayloadTest09(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -4929,6 +4965,8 @@ int DcePayloadTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -5103,6 +5141,7 @@ int DcePayloadTest10(void) "distance:-10; within:3; sid:1;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -5118,6 +5157,7 @@ int DcePayloadTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -5136,7 +5176,7 @@ int DcePayloadTest10(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5152,6 +5192,8 @@ int DcePayloadTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -5461,6 +5503,7 @@ int DcePayloadTest11(void) "distance:1; within:3; sid:1;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -5476,6 +5519,7 @@ int DcePayloadTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -5494,7 +5538,7 @@ int DcePayloadTest11(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5507,7 +5551,7 @@ int DcePayloadTest11(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5523,6 +5567,8 @@ int DcePayloadTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -5833,6 +5879,7 @@ int DcePayloadTest12(void) "distance:2; within:3; sid:1;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -5848,6 +5895,7 @@ int DcePayloadTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -5866,7 +5914,7 @@ int DcePayloadTest12(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5879,7 +5927,7 @@ int DcePayloadTest12(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5895,6 +5943,8 @@ int DcePayloadTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -6019,6 +6069,7 @@ int DcePayloadTest13(void) "(dce_stub_data; content:\"|00 18|\"; sid:3;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -6041,6 +6092,7 @@ int DcePayloadTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -6064,7 +6116,7 @@ int DcePayloadTest13(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6084,7 +6136,7 @@ int DcePayloadTest13(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response1, response1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response1, response1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6097,7 +6149,7 @@ int DcePayloadTest13(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6120,7 +6172,7 @@ int DcePayloadTest13(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response2, response2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response2, response2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6133,7 +6185,7 @@ int DcePayloadTest13(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request3, request3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request3, request3_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6149,7 +6201,7 @@ int DcePayloadTest13(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response3, response3_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response3, response3_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6165,6 +6217,8 @@ int DcePayloadTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -6266,6 +6320,7 @@ int DcePayloadTest14(void) "(dce_stub_data; content:\"|3f 00|\"; sid:2;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -6285,6 +6340,7 @@ int DcePayloadTest14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -6306,7 +6362,7 @@ int DcePayloadTest14(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); /* request 1 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6327,7 +6383,7 @@ int DcePayloadTest14(void) } /* bind */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6341,7 +6397,7 @@ int DcePayloadTest14(void) } /* bind_ack. A new transaction initiation */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6357,7 +6413,7 @@ int DcePayloadTest14(void) /* we should have a match for the sig once again for the same flow, since * the detection engine state for the flow has been reset because of a * fresh transaction */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6371,7 +6427,7 @@ int DcePayloadTest14(void) } /* response */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response2, response2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response2, response2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6387,6 +6443,8 @@ int DcePayloadTest14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -6443,6 +6501,7 @@ int DcePayloadTest15(void) "byte_test:2,=,46,5,relative,dce; sid:2;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -6456,6 +6515,7 @@ int DcePayloadTest15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -6479,7 +6539,7 @@ int DcePayloadTest15(void) /* request 1 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6501,6 +6561,8 @@ int DcePayloadTest15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -6555,6 +6617,7 @@ int DcePayloadTest16(void) "byte_test:2,=,11776,5,relative; sid:2;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -6568,6 +6631,7 @@ int DcePayloadTest16(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -6591,7 +6655,7 @@ int DcePayloadTest16(void) /* request 1 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6613,6 +6677,8 @@ int DcePayloadTest16(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -6667,6 +6733,7 @@ int DcePayloadTest17(void) "byte_test:2,=,46,5,relative,little; sid:2;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -6680,6 +6747,7 @@ int DcePayloadTest17(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -6703,7 +6771,7 @@ int DcePayloadTest17(void) /* request 1 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6725,6 +6793,8 @@ int DcePayloadTest17(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -6779,6 +6849,7 @@ int DcePayloadTest18(void) "byte_jump:2,2,relative,dce; byte_test:2,=,14080,0,relative; sid:2;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -6792,6 +6863,7 @@ int DcePayloadTest18(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -6815,7 +6887,7 @@ int DcePayloadTest18(void) /* request 1 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6837,6 +6909,8 @@ int DcePayloadTest18(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -6891,6 +6965,7 @@ int DcePayloadTest19(void) "byte_jump:2,2,relative; byte_test:2,=,14080,0,relative; sid:2;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -6904,6 +6979,7 @@ int DcePayloadTest19(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -6927,7 +7003,7 @@ int DcePayloadTest19(void) /* request 1 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -6949,6 +7025,8 @@ int DcePayloadTest19(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -7003,6 +7081,7 @@ int DcePayloadTest20(void) "byte_jump:2,2,little,relative; byte_test:2,=,14080,0,relative; sid:2;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -7016,6 +7095,7 @@ int DcePayloadTest20(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -7039,7 +7119,7 @@ int DcePayloadTest20(void) /* request 1 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -7061,6 +7141,8 @@ int DcePayloadTest20(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -7107,6 +7189,7 @@ int DcePayloadTest21(void) "content:\"string\"; within:8; sid:1;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -7120,6 +7203,7 @@ int DcePayloadTest21(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -7140,7 +7224,7 @@ int DcePayloadTest21(void) /* request 1 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -7158,6 +7242,8 @@ int DcePayloadTest21(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -7204,6 +7290,7 @@ int DcePayloadTest22(void) "content:\"string\"; within:8; sid:1;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -7217,6 +7304,7 @@ int DcePayloadTest22(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -7237,7 +7325,7 @@ int DcePayloadTest22(void) /* request 1 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -7255,6 +7343,8 @@ int DcePayloadTest22(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -7302,6 +7392,7 @@ int DcePayloadTest23(void) "content:\"string\"; within:8; sid:1;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -7315,6 +7406,7 @@ int DcePayloadTest23(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -7335,7 +7427,7 @@ int DcePayloadTest23(void) /* request 1 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -7353,6 +7445,8 @@ int DcePayloadTest23(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -9514,6 +9608,7 @@ int DcePayloadTest42(void) "content:!\"and\"; distance:0; sid:1;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -9527,6 +9622,7 @@ int DcePayloadTest42(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -9547,7 +9643,7 @@ int DcePayloadTest42(void) /* request 1 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -9565,6 +9661,8 @@ int DcePayloadTest42(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -9612,6 +9710,7 @@ int DcePayloadTest43(void) "pcre:/super/R; content:\"nova\"; within:7; sid:1;)"; Signature *s; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -9625,6 +9724,7 @@ int DcePayloadTest43(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_DCERPC; @@ -9645,7 +9745,7 @@ int DcePayloadTest43(void) /* request 1 */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -9663,6 +9763,8 @@ int DcePayloadTest43(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); diff --git a/src/detect-engine-hcbd.c b/src/detect-engine-hcbd.c index 4f95f4b01c..373a4d9615 100644 --- a/src/detect-engine-hcbd.c +++ b/src/detect-engine-hcbd.c @@ -49,6 +49,8 @@ #include "app-layer-parser.h" +#include "stream-tcp.h" + #include "util-unittest.h" #include "util-unittest-helper.h" #include "app-layer.h" @@ -153,7 +155,7 @@ static uint8_t *DetectEngineHCBDGetBufferForTX(htp_tx_t *tx, uint64_t tx_id, if ((htp_state->cfg->request_body_limit == 0 || htud->request_body.content_len_so_far < htp_state->cfg->request_body_limit) && htud->request_body.content_len_so_far < htp_state->cfg->request_inspect_min_size && - !(AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_BODY) && + !(AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_BODY) && !(flags & STREAM_EOF)) { SCLogDebug("we still haven't seen the entire request body. " "Let's defer body inspection till we see the " @@ -267,7 +269,7 @@ int DetectEngineInspectHttpClientBody(ThreadVars *tv, end: - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_BODY) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_BODY) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; else return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; @@ -314,6 +316,7 @@ static int DetectEngineHttpClientBodyTest01(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -324,6 +327,7 @@ static int DetectEngineHttpClientBodyTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -355,7 +359,7 @@ static int DetectEngineHttpClientBodyTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -380,7 +384,7 @@ static int DetectEngineHttpClientBodyTest01(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -400,6 +404,8 @@ static int DetectEngineHttpClientBodyTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -434,6 +440,7 @@ static int DetectEngineHttpClientBodyTest02(void) "This is dummy body1"; uint32_t http1_len = sizeof(http1_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -444,6 +451,7 @@ static int DetectEngineHttpClientBodyTest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -475,7 +483,7 @@ static int DetectEngineHttpClientBodyTest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -502,6 +510,8 @@ static int DetectEngineHttpClientBodyTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -539,6 +549,7 @@ static int DetectEngineHttpClientBodyTest03(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -549,6 +560,7 @@ static int DetectEngineHttpClientBodyTest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -580,7 +592,7 @@ static int DetectEngineHttpClientBodyTest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -605,7 +617,7 @@ static int DetectEngineHttpClientBodyTest03(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -625,6 +637,8 @@ static int DetectEngineHttpClientBodyTest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -662,6 +676,7 @@ static int DetectEngineHttpClientBodyTest04(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -672,6 +687,7 @@ static int DetectEngineHttpClientBodyTest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -703,7 +719,7 @@ static int DetectEngineHttpClientBodyTest04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -728,7 +744,7 @@ static int DetectEngineHttpClientBodyTest04(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -748,6 +764,8 @@ static int DetectEngineHttpClientBodyTest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -784,6 +802,7 @@ static int DetectEngineHttpClientBodyTest05(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -794,6 +813,7 @@ static int DetectEngineHttpClientBodyTest05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -825,7 +845,7 @@ static int DetectEngineHttpClientBodyTest05(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -850,7 +870,7 @@ static int DetectEngineHttpClientBodyTest05(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -870,6 +890,8 @@ static int DetectEngineHttpClientBodyTest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -906,6 +928,7 @@ static int DetectEngineHttpClientBodyTest06(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -916,6 +939,7 @@ static int DetectEngineHttpClientBodyTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -947,7 +971,7 @@ static int DetectEngineHttpClientBodyTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -972,7 +996,7 @@ static int DetectEngineHttpClientBodyTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -992,6 +1016,8 @@ static int DetectEngineHttpClientBodyTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1028,6 +1054,7 @@ static int DetectEngineHttpClientBodyTest07(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1038,6 +1065,7 @@ static int DetectEngineHttpClientBodyTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1069,7 +1097,7 @@ static int DetectEngineHttpClientBodyTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1092,7 +1120,7 @@ static int DetectEngineHttpClientBodyTest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); SCMutexUnlock(&f.m); @@ -1111,6 +1139,8 @@ static int DetectEngineHttpClientBodyTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1147,6 +1177,7 @@ static int DetectEngineHttpClientBodyTest08(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1157,6 +1188,7 @@ static int DetectEngineHttpClientBodyTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1188,7 +1220,7 @@ static int DetectEngineHttpClientBodyTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1213,7 +1245,7 @@ static int DetectEngineHttpClientBodyTest08(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1233,6 +1265,8 @@ static int DetectEngineHttpClientBodyTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1269,6 +1303,7 @@ static int DetectEngineHttpClientBodyTest09(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1279,6 +1314,7 @@ static int DetectEngineHttpClientBodyTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1311,7 +1347,7 @@ static int DetectEngineHttpClientBodyTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1336,7 +1372,7 @@ static int DetectEngineHttpClientBodyTest09(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1356,6 +1392,8 @@ static int DetectEngineHttpClientBodyTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1392,6 +1430,7 @@ static int DetectEngineHttpClientBodyTest10(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1402,6 +1441,7 @@ static int DetectEngineHttpClientBodyTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1434,7 +1474,7 @@ static int DetectEngineHttpClientBodyTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1459,7 +1499,7 @@ static int DetectEngineHttpClientBodyTest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1479,6 +1519,8 @@ static int DetectEngineHttpClientBodyTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1515,6 +1557,7 @@ static int DetectEngineHttpClientBodyTest11(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1525,6 +1568,7 @@ static int DetectEngineHttpClientBodyTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1557,7 +1601,7 @@ static int DetectEngineHttpClientBodyTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1582,7 +1626,7 @@ static int DetectEngineHttpClientBodyTest11(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1602,6 +1646,8 @@ static int DetectEngineHttpClientBodyTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1638,6 +1684,7 @@ static int DetectEngineHttpClientBodyTest12(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1648,6 +1695,7 @@ static int DetectEngineHttpClientBodyTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1680,7 +1728,7 @@ static int DetectEngineHttpClientBodyTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1705,7 +1753,7 @@ static int DetectEngineHttpClientBodyTest12(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1725,6 +1773,8 @@ static int DetectEngineHttpClientBodyTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1761,6 +1811,7 @@ static int DetectEngineHttpClientBodyTest13(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1771,6 +1822,7 @@ static int DetectEngineHttpClientBodyTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1803,7 +1855,7 @@ static int DetectEngineHttpClientBodyTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1828,7 +1880,7 @@ static int DetectEngineHttpClientBodyTest13(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1848,6 +1900,8 @@ static int DetectEngineHttpClientBodyTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1884,6 +1938,7 @@ static int DetectEngineHttpClientBodyTest14(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1894,6 +1949,7 @@ static int DetectEngineHttpClientBodyTest14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1926,7 +1982,7 @@ static int DetectEngineHttpClientBodyTest14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1951,7 +2007,7 @@ static int DetectEngineHttpClientBodyTest14(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1971,6 +2027,8 @@ static int DetectEngineHttpClientBodyTest14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2007,6 +2065,7 @@ static int DetectEngineHttpClientBodyTest15(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2017,6 +2076,7 @@ static int DetectEngineHttpClientBodyTest15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2049,7 +2109,7 @@ static int DetectEngineHttpClientBodyTest15(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2074,7 +2134,7 @@ static int DetectEngineHttpClientBodyTest15(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2094,6 +2154,8 @@ static int DetectEngineHttpClientBodyTest15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2130,6 +2192,7 @@ static int DetectEngineHttpClientBodyTest16(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2140,6 +2203,7 @@ static int DetectEngineHttpClientBodyTest16(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2172,7 +2236,7 @@ static int DetectEngineHttpClientBodyTest16(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2197,7 +2261,7 @@ static int DetectEngineHttpClientBodyTest16(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2217,6 +2281,8 @@ static int DetectEngineHttpClientBodyTest16(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2251,6 +2317,7 @@ static int DetectEngineHttpClientBodyTest17(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2322,6 +2389,7 @@ static int DetectEngineHttpClientBodyTest18(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2393,6 +2461,7 @@ static int DetectEngineHttpClientBodyTest19(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2464,6 +2533,7 @@ static int DetectEngineHttpClientBodyTest20(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2537,6 +2607,7 @@ static int DetectEngineHttpClientBodyTest21(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2547,6 +2618,7 @@ static int DetectEngineHttpClientBodyTest21(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2579,7 +2651,7 @@ static int DetectEngineHttpClientBodyTest21(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2604,7 +2676,7 @@ static int DetectEngineHttpClientBodyTest21(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2624,6 +2696,8 @@ static int DetectEngineHttpClientBodyTest21(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2660,6 +2734,7 @@ static int DetectEngineHttpClientBodyTest22(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2670,6 +2745,7 @@ static int DetectEngineHttpClientBodyTest22(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2702,7 +2778,7 @@ static int DetectEngineHttpClientBodyTest22(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2727,7 +2803,7 @@ static int DetectEngineHttpClientBodyTest22(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2747,6 +2823,8 @@ static int DetectEngineHttpClientBodyTest22(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2783,6 +2861,7 @@ static int DetectEngineHttpClientBodyTest23(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2793,6 +2872,7 @@ static int DetectEngineHttpClientBodyTest23(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2825,7 +2905,7 @@ static int DetectEngineHttpClientBodyTest23(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2850,7 +2930,7 @@ static int DetectEngineHttpClientBodyTest23(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2870,6 +2950,8 @@ static int DetectEngineHttpClientBodyTest23(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2906,6 +2988,7 @@ static int DetectEngineHttpClientBodyTest24(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2916,6 +2999,7 @@ static int DetectEngineHttpClientBodyTest24(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2948,7 +3032,7 @@ static int DetectEngineHttpClientBodyTest24(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2973,7 +3057,7 @@ static int DetectEngineHttpClientBodyTest24(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2993,6 +3077,8 @@ static int DetectEngineHttpClientBodyTest24(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3029,6 +3115,7 @@ static int DetectEngineHttpClientBodyTest25(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3039,6 +3126,7 @@ static int DetectEngineHttpClientBodyTest25(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3071,7 +3159,7 @@ static int DetectEngineHttpClientBodyTest25(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3096,7 +3184,7 @@ static int DetectEngineHttpClientBodyTest25(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3116,6 +3204,8 @@ static int DetectEngineHttpClientBodyTest25(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3152,6 +3242,7 @@ static int DetectEngineHttpClientBodyTest26(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3162,6 +3253,7 @@ static int DetectEngineHttpClientBodyTest26(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3194,7 +3286,7 @@ static int DetectEngineHttpClientBodyTest26(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3219,7 +3311,7 @@ static int DetectEngineHttpClientBodyTest26(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3239,6 +3331,8 @@ static int DetectEngineHttpClientBodyTest26(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3275,6 +3369,7 @@ static int DetectEngineHttpClientBodyTest27(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3285,6 +3380,7 @@ static int DetectEngineHttpClientBodyTest27(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3317,7 +3413,7 @@ static int DetectEngineHttpClientBodyTest27(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3342,7 +3438,7 @@ static int DetectEngineHttpClientBodyTest27(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3362,6 +3458,8 @@ static int DetectEngineHttpClientBodyTest27(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3398,6 +3496,7 @@ static int DetectEngineHttpClientBodyTest28(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3408,6 +3507,7 @@ static int DetectEngineHttpClientBodyTest28(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3440,7 +3540,7 @@ static int DetectEngineHttpClientBodyTest28(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3465,7 +3565,7 @@ static int DetectEngineHttpClientBodyTest28(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3485,6 +3585,8 @@ static int DetectEngineHttpClientBodyTest28(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3521,6 +3623,7 @@ static int DetectEngineHttpClientBodyTest29(void) strlen(request_buffer)); } uint32_t http_buf_len = TOTAL_REQUESTS * strlen(request_buffer); + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3528,6 +3631,7 @@ static int DetectEngineHttpClientBodyTest29(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_HTTP; @@ -3549,7 +3653,7 @@ static int DetectEngineHttpClientBodyTest29(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3564,7 +3668,7 @@ static int DetectEngineHttpClientBodyTest29(void) "dummy"; uint32_t response_buf_len = strlen((char *)response_buf); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, response_buf, response_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); @@ -3586,6 +3690,8 @@ static int DetectEngineHttpClientBodyTest29(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3644,6 +3750,7 @@ libhtp:\n\ uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3654,6 +3761,7 @@ libhtp:\n\ FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3685,7 +3793,7 @@ libhtp:\n\ DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3710,7 +3818,7 @@ libhtp:\n\ } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3730,6 +3838,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); HtpConfigRestoreBackup(); ConfRestoreContextBackup(); @@ -3792,6 +3902,7 @@ libhtp:\n\ uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3802,6 +3913,7 @@ libhtp:\n\ FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3833,7 +3945,7 @@ libhtp:\n\ DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3858,7 +3970,7 @@ libhtp:\n\ } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3878,6 +3990,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); HtpConfigRestoreBackup(); ConfRestoreContextBackup(); diff --git a/src/detect-engine-hcd.c b/src/detect-engine-hcd.c index d1308a06ff..be7f76ca9e 100644 --- a/src/detect-engine-hcd.c +++ b/src/detect-engine-hcd.c @@ -47,6 +47,8 @@ #include "util-print.h" #include "flow.h" +#include "stream-tcp.h" + #include "app-layer-parser.h" #include "util-unittest.h" @@ -140,10 +142,10 @@ int DetectEngineInspectHttpCookie(ThreadVars *tv, end: if (flags & STREAM_TOSERVER) { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_HEADERS) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_HEADERS) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; } else { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1) > HTP_RESPONSE_HEADERS) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOCLIENT) > HTP_RESPONSE_HEADERS) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; } return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; @@ -172,6 +174,7 @@ static int DetectEngineHttpCookieTest01(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -181,6 +184,7 @@ static int DetectEngineHttpCookieTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -207,7 +211,7 @@ static int DetectEngineHttpCookieTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -234,6 +238,8 @@ static int DetectEngineHttpCookieTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -266,6 +272,7 @@ static int DetectEngineHttpCookieTest02(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -275,6 +282,7 @@ static int DetectEngineHttpCookieTest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -301,7 +309,7 @@ static int DetectEngineHttpCookieTest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -328,6 +336,8 @@ static int DetectEngineHttpCookieTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -360,6 +370,7 @@ static int DetectEngineHttpCookieTest03(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -369,6 +380,7 @@ static int DetectEngineHttpCookieTest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -395,7 +407,7 @@ static int DetectEngineHttpCookieTest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -422,6 +434,8 @@ static int DetectEngineHttpCookieTest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -454,6 +468,7 @@ static int DetectEngineHttpCookieTest04(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -463,6 +478,7 @@ static int DetectEngineHttpCookieTest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -489,7 +505,7 @@ static int DetectEngineHttpCookieTest04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -516,6 +532,8 @@ static int DetectEngineHttpCookieTest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -548,6 +566,7 @@ static int DetectEngineHttpCookieTest05(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -557,6 +576,7 @@ static int DetectEngineHttpCookieTest05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -583,7 +603,7 @@ static int DetectEngineHttpCookieTest05(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -610,6 +630,8 @@ static int DetectEngineHttpCookieTest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -642,6 +664,7 @@ static int DetectEngineHttpCookieTest06(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -651,6 +674,7 @@ static int DetectEngineHttpCookieTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -677,7 +701,7 @@ static int DetectEngineHttpCookieTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -704,6 +728,8 @@ static int DetectEngineHttpCookieTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -736,6 +762,7 @@ static int DetectEngineHttpCookieTest07(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -745,6 +772,7 @@ static int DetectEngineHttpCookieTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -771,7 +799,7 @@ static int DetectEngineHttpCookieTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -798,6 +826,8 @@ static int DetectEngineHttpCookieTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -830,6 +860,7 @@ static int DetectEngineHttpCookieTest08(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -839,6 +870,7 @@ static int DetectEngineHttpCookieTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -865,7 +897,7 @@ static int DetectEngineHttpCookieTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -892,6 +924,8 @@ static int DetectEngineHttpCookieTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -924,6 +958,7 @@ static int DetectEngineHttpCookieTest09(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -933,6 +968,7 @@ static int DetectEngineHttpCookieTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -959,7 +995,7 @@ static int DetectEngineHttpCookieTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -986,6 +1022,8 @@ static int DetectEngineHttpCookieTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1018,6 +1056,7 @@ static int DetectEngineHttpCookieTest10(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1027,6 +1066,7 @@ static int DetectEngineHttpCookieTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1054,7 +1094,7 @@ static int DetectEngineHttpCookieTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1081,6 +1121,8 @@ static int DetectEngineHttpCookieTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1113,6 +1155,7 @@ static int DetectEngineHttpCookieTest11(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1122,6 +1165,7 @@ static int DetectEngineHttpCookieTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1149,7 +1193,7 @@ static int DetectEngineHttpCookieTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1176,6 +1220,8 @@ static int DetectEngineHttpCookieTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1208,6 +1254,7 @@ static int DetectEngineHttpCookieTest12(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1217,6 +1264,7 @@ static int DetectEngineHttpCookieTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1244,7 +1292,7 @@ static int DetectEngineHttpCookieTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1271,6 +1319,8 @@ static int DetectEngineHttpCookieTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1303,6 +1353,7 @@ static int DetectEngineHttpCookieTest13(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1312,6 +1363,7 @@ static int DetectEngineHttpCookieTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1339,7 +1391,7 @@ static int DetectEngineHttpCookieTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1366,6 +1418,8 @@ static int DetectEngineHttpCookieTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1398,6 +1452,7 @@ static int DetectEngineHttpCookieTest14(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1407,6 +1462,7 @@ static int DetectEngineHttpCookieTest14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1434,7 +1490,7 @@ static int DetectEngineHttpCookieTest14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1461,6 +1517,8 @@ static int DetectEngineHttpCookieTest14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1493,6 +1551,7 @@ static int DetectEngineHttpCookieTest15(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1502,6 +1561,7 @@ static int DetectEngineHttpCookieTest15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1529,7 +1589,7 @@ static int DetectEngineHttpCookieTest15(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1556,6 +1616,8 @@ static int DetectEngineHttpCookieTest15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1588,6 +1650,7 @@ static int DetectEngineHttpCookieTest16(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1597,6 +1660,7 @@ static int DetectEngineHttpCookieTest16(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1624,7 +1688,7 @@ static int DetectEngineHttpCookieTest16(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1651,6 +1715,8 @@ static int DetectEngineHttpCookieTest16(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1683,6 +1749,7 @@ static int DetectEngineHttpCookieTest17(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1692,6 +1759,7 @@ static int DetectEngineHttpCookieTest17(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1719,7 +1787,7 @@ static int DetectEngineHttpCookieTest17(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1746,6 +1814,8 @@ static int DetectEngineHttpCookieTest17(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) diff --git a/src/detect-engine-hhd.c b/src/detect-engine-hhd.c index db0d937267..6b7d79e418 100644 --- a/src/detect-engine-hhd.c +++ b/src/detect-engine-hhd.c @@ -48,6 +48,8 @@ #include "util-memcmp.h" #include "flow.h" +#include "stream-tcp.h" + #include "app-layer-parser.h" #include "util-unittest.h" @@ -132,11 +134,11 @@ static uint8_t *DetectEngineHHDGetBufferForTX(htp_tx_t *tx, uint64_t tx_id, htp_table_t *headers; if (flags & STREAM_TOSERVER) { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) <= HTP_REQUEST_HEADERS) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) <= HTP_REQUEST_HEADERS) goto end; headers = tx->request_headers; } else { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1) <= HTP_RESPONSE_HEADERS) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOCLIENT) <= HTP_RESPONSE_HEADERS) goto end; headers = tx->response_headers; } @@ -252,10 +254,10 @@ int DetectEngineInspectHttpHeader(ThreadVars *tv, end: if (flags & STREAM_TOSERVER) { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_HEADERS) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_HEADERS) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; } else { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1) > HTP_RESPONSE_HEADERS) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOCLIENT) > HTP_RESPONSE_HEADERS) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; } return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; @@ -297,6 +299,7 @@ static int DetectEngineHttpHeaderTest01(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -306,6 +309,7 @@ static int DetectEngineHttpHeaderTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -332,7 +336,7 @@ static int DetectEngineHttpHeaderTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -358,6 +362,8 @@ static int DetectEngineHttpHeaderTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -389,6 +395,7 @@ static int DetectEngineHttpHeaderTest02(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -398,6 +405,7 @@ static int DetectEngineHttpHeaderTest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -424,7 +432,7 @@ static int DetectEngineHttpHeaderTest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -450,6 +458,8 @@ static int DetectEngineHttpHeaderTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -481,6 +491,7 @@ static int DetectEngineHttpHeaderTest03(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -490,6 +501,7 @@ static int DetectEngineHttpHeaderTest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -516,7 +528,7 @@ static int DetectEngineHttpHeaderTest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -542,6 +554,8 @@ static int DetectEngineHttpHeaderTest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -573,6 +587,7 @@ static int DetectEngineHttpHeaderTest04(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -582,6 +597,7 @@ static int DetectEngineHttpHeaderTest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -608,7 +624,7 @@ static int DetectEngineHttpHeaderTest04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -634,6 +650,8 @@ static int DetectEngineHttpHeaderTest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -665,6 +683,7 @@ static int DetectEngineHttpHeaderTest05(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -674,6 +693,7 @@ static int DetectEngineHttpHeaderTest05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -700,7 +720,7 @@ static int DetectEngineHttpHeaderTest05(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -726,6 +746,8 @@ static int DetectEngineHttpHeaderTest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -757,6 +779,7 @@ static int DetectEngineHttpHeaderTest06(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -766,6 +789,7 @@ static int DetectEngineHttpHeaderTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -792,7 +816,7 @@ static int DetectEngineHttpHeaderTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -818,6 +842,8 @@ static int DetectEngineHttpHeaderTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -849,6 +875,7 @@ static int DetectEngineHttpHeaderTest07(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -858,6 +885,7 @@ static int DetectEngineHttpHeaderTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -884,7 +912,7 @@ static int DetectEngineHttpHeaderTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -910,6 +938,8 @@ static int DetectEngineHttpHeaderTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -941,6 +971,7 @@ static int DetectEngineHttpHeaderTest08(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -950,6 +981,7 @@ static int DetectEngineHttpHeaderTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -976,7 +1008,7 @@ static int DetectEngineHttpHeaderTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1002,6 +1034,8 @@ static int DetectEngineHttpHeaderTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1033,6 +1067,7 @@ static int DetectEngineHttpHeaderTest09(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1042,6 +1077,7 @@ static int DetectEngineHttpHeaderTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1068,7 +1104,7 @@ static int DetectEngineHttpHeaderTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1094,6 +1130,8 @@ static int DetectEngineHttpHeaderTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1125,6 +1163,7 @@ static int DetectEngineHttpHeaderTest10(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1134,6 +1173,7 @@ static int DetectEngineHttpHeaderTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1160,7 +1200,7 @@ static int DetectEngineHttpHeaderTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1186,6 +1226,8 @@ static int DetectEngineHttpHeaderTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1217,6 +1259,7 @@ static int DetectEngineHttpHeaderTest11(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1226,6 +1269,7 @@ static int DetectEngineHttpHeaderTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1252,7 +1296,7 @@ static int DetectEngineHttpHeaderTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1278,6 +1322,8 @@ static int DetectEngineHttpHeaderTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1309,6 +1355,7 @@ static int DetectEngineHttpHeaderTest12(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1318,6 +1365,7 @@ static int DetectEngineHttpHeaderTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1344,7 +1392,7 @@ static int DetectEngineHttpHeaderTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1370,6 +1418,8 @@ static int DetectEngineHttpHeaderTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1401,6 +1451,7 @@ static int DetectEngineHttpHeaderTest13(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1410,6 +1461,7 @@ static int DetectEngineHttpHeaderTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1436,7 +1488,7 @@ static int DetectEngineHttpHeaderTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1462,6 +1514,8 @@ static int DetectEngineHttpHeaderTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1493,6 +1547,7 @@ static int DetectEngineHttpHeaderTest14(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1502,6 +1557,7 @@ static int DetectEngineHttpHeaderTest14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1528,7 +1584,7 @@ static int DetectEngineHttpHeaderTest14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1554,6 +1610,8 @@ static int DetectEngineHttpHeaderTest14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1585,6 +1643,7 @@ static int DetectEngineHttpHeaderTest15(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1594,6 +1653,7 @@ static int DetectEngineHttpHeaderTest15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1620,7 +1680,7 @@ static int DetectEngineHttpHeaderTest15(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1646,6 +1706,8 @@ static int DetectEngineHttpHeaderTest15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1677,6 +1739,7 @@ static int DetectEngineHttpHeaderTest16(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1686,6 +1749,7 @@ static int DetectEngineHttpHeaderTest16(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1712,7 +1776,7 @@ static int DetectEngineHttpHeaderTest16(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1738,6 +1802,8 @@ static int DetectEngineHttpHeaderTest16(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1769,6 +1835,7 @@ static int DetectEngineHttpHeaderTest17(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1778,6 +1845,7 @@ static int DetectEngineHttpHeaderTest17(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1804,7 +1872,7 @@ static int DetectEngineHttpHeaderTest17(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1830,6 +1898,8 @@ static int DetectEngineHttpHeaderTest17(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1868,6 +1938,7 @@ static int DetectEngineHttpHeaderTest18(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1942,6 +2013,7 @@ static int DetectEngineHttpHeaderTest19(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -2010,6 +2082,7 @@ static int DetectEngineHttpHeaderTest20(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2020,6 +2093,7 @@ static int DetectEngineHttpHeaderTest20(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2052,7 +2126,7 @@ static int DetectEngineHttpHeaderTest20(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2077,7 +2151,7 @@ static int DetectEngineHttpHeaderTest20(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2097,6 +2171,8 @@ static int DetectEngineHttpHeaderTest20(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2130,6 +2206,7 @@ static int DetectEngineHttpHeaderTest21(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2140,6 +2217,7 @@ static int DetectEngineHttpHeaderTest21(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2172,7 +2250,7 @@ static int DetectEngineHttpHeaderTest21(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2197,7 +2275,7 @@ static int DetectEngineHttpHeaderTest21(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2217,6 +2295,8 @@ static int DetectEngineHttpHeaderTest21(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2250,6 +2330,7 @@ static int DetectEngineHttpHeaderTest22(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2260,6 +2341,7 @@ static int DetectEngineHttpHeaderTest22(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2292,7 +2374,7 @@ static int DetectEngineHttpHeaderTest22(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2317,7 +2399,7 @@ static int DetectEngineHttpHeaderTest22(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2337,6 +2419,8 @@ static int DetectEngineHttpHeaderTest22(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2370,6 +2454,7 @@ static int DetectEngineHttpHeaderTest23(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2380,6 +2465,7 @@ static int DetectEngineHttpHeaderTest23(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2412,7 +2498,7 @@ static int DetectEngineHttpHeaderTest23(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2437,7 +2523,7 @@ static int DetectEngineHttpHeaderTest23(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2457,6 +2543,8 @@ static int DetectEngineHttpHeaderTest23(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2490,6 +2578,7 @@ static int DetectEngineHttpHeaderTest24(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2500,6 +2589,7 @@ static int DetectEngineHttpHeaderTest24(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2532,7 +2622,7 @@ static int DetectEngineHttpHeaderTest24(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2557,7 +2647,7 @@ static int DetectEngineHttpHeaderTest24(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2577,6 +2667,8 @@ static int DetectEngineHttpHeaderTest24(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2610,6 +2702,7 @@ static int DetectEngineHttpHeaderTest25(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2620,6 +2713,7 @@ static int DetectEngineHttpHeaderTest25(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2652,7 +2746,7 @@ static int DetectEngineHttpHeaderTest25(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2677,7 +2771,7 @@ static int DetectEngineHttpHeaderTest25(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2697,6 +2791,8 @@ static int DetectEngineHttpHeaderTest25(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2730,6 +2826,7 @@ static int DetectEngineHttpHeaderTest26(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2740,6 +2837,7 @@ static int DetectEngineHttpHeaderTest26(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2772,7 +2870,7 @@ static int DetectEngineHttpHeaderTest26(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2797,7 +2895,7 @@ static int DetectEngineHttpHeaderTest26(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2817,6 +2915,8 @@ static int DetectEngineHttpHeaderTest26(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2850,6 +2950,7 @@ static int DetectEngineHttpHeaderTest27(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2860,6 +2961,7 @@ static int DetectEngineHttpHeaderTest27(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2892,7 +2994,7 @@ static int DetectEngineHttpHeaderTest27(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2917,7 +3019,7 @@ static int DetectEngineHttpHeaderTest27(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2937,6 +3039,8 @@ static int DetectEngineHttpHeaderTest27(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2975,6 +3079,7 @@ static int DetectEngineHttpHeaderTest28(void) "abcdef"; uint32_t http_buf2_len = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2985,6 +3090,7 @@ static int DetectEngineHttpHeaderTest28(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3016,7 +3122,7 @@ static int DetectEngineHttpHeaderTest28(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); @@ -3042,7 +3148,7 @@ static int DetectEngineHttpHeaderTest28(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3062,6 +3168,8 @@ static int DetectEngineHttpHeaderTest28(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3100,6 +3208,7 @@ static int DetectEngineHttpHeaderTest29(void) "abcdef"; uint32_t http_buf2_len = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3110,6 +3219,7 @@ static int DetectEngineHttpHeaderTest29(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3141,7 +3251,7 @@ static int DetectEngineHttpHeaderTest29(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); @@ -3167,7 +3277,7 @@ static int DetectEngineHttpHeaderTest29(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3187,6 +3297,8 @@ static int DetectEngineHttpHeaderTest29(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3258,6 +3370,7 @@ static int DetectEngineHttpHeaderTest30(void) "abcdef"; uint32_t http_buf2_len = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3268,6 +3381,7 @@ static int DetectEngineHttpHeaderTest30(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3299,7 +3413,7 @@ static int DetectEngineHttpHeaderTest30(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); @@ -3325,7 +3439,7 @@ static int DetectEngineHttpHeaderTest30(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3345,6 +3459,8 @@ static int DetectEngineHttpHeaderTest30(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3379,6 +3495,7 @@ static int DetectEngineHttpHeaderTest31(void) "SixZix: blah\r\n\r\n"; uint32_t http1_len = sizeof(http1_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3388,6 +3505,7 @@ static int DetectEngineHttpHeaderTest31(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3417,7 +3535,7 @@ static int DetectEngineHttpHeaderTest31(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3444,6 +3562,8 @@ static int DetectEngineHttpHeaderTest31(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3481,6 +3601,7 @@ static int DetectEngineHttpHeaderTest32(void) "\r\n"; uint32_t http1_len = sizeof(http1_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3490,6 +3611,7 @@ static int DetectEngineHttpHeaderTest32(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3516,7 +3638,7 @@ static int DetectEngineHttpHeaderTest32(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3543,6 +3665,8 @@ static int DetectEngineHttpHeaderTest32(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3583,6 +3707,7 @@ static int DetectEngineHttpHeaderTest33(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3593,6 +3718,7 @@ static int DetectEngineHttpHeaderTest33(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3623,7 +3749,7 @@ static int DetectEngineHttpHeaderTest33(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3648,7 +3774,7 @@ static int DetectEngineHttpHeaderTest33(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3668,6 +3794,8 @@ static int DetectEngineHttpHeaderTest33(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) diff --git a/src/detect-engine-hhhd.c b/src/detect-engine-hhhd.c index 17c28b808e..57c22a84ad 100644 --- a/src/detect-engine-hhhd.c +++ b/src/detect-engine-hhhd.c @@ -47,6 +47,8 @@ #include "util-print.h" #include "flow.h" +#include "stream-tcp.h" + #include "app-layer-parser.h" #include "util-unittest.h" @@ -116,7 +118,7 @@ int DetectEngineInspectHttpHH(ThreadVars *tv, return DETECT_ENGINE_INSPECT_SIG_MATCH; end: - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_HEADERS) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_HEADERS) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; else return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; @@ -145,6 +147,7 @@ static int DetectEngineHttpHHTest01(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -154,6 +157,7 @@ static int DetectEngineHttpHHTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -180,7 +184,7 @@ static int DetectEngineHttpHHTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -207,6 +211,8 @@ static int DetectEngineHttpHHTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -239,6 +245,7 @@ static int DetectEngineHttpHHTest02(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -248,6 +255,7 @@ static int DetectEngineHttpHHTest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -274,7 +282,7 @@ static int DetectEngineHttpHHTest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -301,6 +309,8 @@ static int DetectEngineHttpHHTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -333,6 +343,7 @@ static int DetectEngineHttpHHTest03(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -342,6 +353,7 @@ static int DetectEngineHttpHHTest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -368,7 +380,7 @@ static int DetectEngineHttpHHTest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -395,6 +407,8 @@ static int DetectEngineHttpHHTest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -427,6 +441,7 @@ static int DetectEngineHttpHHTest04(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -436,6 +451,7 @@ static int DetectEngineHttpHHTest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -462,7 +478,7 @@ static int DetectEngineHttpHHTest04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -489,6 +505,8 @@ static int DetectEngineHttpHHTest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -521,6 +539,7 @@ static int DetectEngineHttpHHTest05(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -530,6 +549,7 @@ static int DetectEngineHttpHHTest05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -556,7 +576,7 @@ static int DetectEngineHttpHHTest05(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -583,6 +603,8 @@ static int DetectEngineHttpHHTest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -615,6 +637,7 @@ static int DetectEngineHttpHHTest06(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -624,6 +647,7 @@ static int DetectEngineHttpHHTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -650,7 +674,7 @@ static int DetectEngineHttpHHTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -677,6 +701,8 @@ static int DetectEngineHttpHHTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -709,6 +735,7 @@ static int DetectEngineHttpHHTest07(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -718,6 +745,7 @@ static int DetectEngineHttpHHTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -744,7 +772,7 @@ static int DetectEngineHttpHHTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -771,6 +799,8 @@ static int DetectEngineHttpHHTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -803,6 +833,7 @@ static int DetectEngineHttpHHTest08(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -812,6 +843,7 @@ static int DetectEngineHttpHHTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -838,7 +870,7 @@ static int DetectEngineHttpHHTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -865,6 +897,8 @@ static int DetectEngineHttpHHTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -897,6 +931,7 @@ static int DetectEngineHttpHHTest09(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -906,6 +941,7 @@ static int DetectEngineHttpHHTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -932,7 +968,7 @@ static int DetectEngineHttpHHTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -959,6 +995,8 @@ static int DetectEngineHttpHHTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -991,6 +1029,7 @@ static int DetectEngineHttpHHTest10(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1000,6 +1039,7 @@ static int DetectEngineHttpHHTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1027,7 +1067,7 @@ static int DetectEngineHttpHHTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1054,6 +1094,8 @@ static int DetectEngineHttpHHTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1086,6 +1128,7 @@ static int DetectEngineHttpHHTest11(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1095,6 +1138,7 @@ static int DetectEngineHttpHHTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1122,7 +1166,7 @@ static int DetectEngineHttpHHTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1149,6 +1193,8 @@ static int DetectEngineHttpHHTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1181,6 +1227,7 @@ static int DetectEngineHttpHHTest12(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1190,6 +1237,7 @@ static int DetectEngineHttpHHTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1217,7 +1265,7 @@ static int DetectEngineHttpHHTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1244,6 +1292,8 @@ static int DetectEngineHttpHHTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1276,6 +1326,7 @@ static int DetectEngineHttpHHTest13(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1285,6 +1336,7 @@ static int DetectEngineHttpHHTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1312,7 +1364,7 @@ static int DetectEngineHttpHHTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1339,6 +1391,8 @@ static int DetectEngineHttpHHTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1371,6 +1425,7 @@ static int DetectEngineHttpHHTest14(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1380,6 +1435,7 @@ static int DetectEngineHttpHHTest14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1407,7 +1463,7 @@ static int DetectEngineHttpHHTest14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1434,6 +1490,8 @@ static int DetectEngineHttpHHTest14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1466,6 +1524,7 @@ static int DetectEngineHttpHHTest15(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1475,6 +1534,7 @@ static int DetectEngineHttpHHTest15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1502,7 +1562,7 @@ static int DetectEngineHttpHHTest15(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1529,6 +1589,8 @@ static int DetectEngineHttpHHTest15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1561,6 +1623,7 @@ static int DetectEngineHttpHHTest16(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1570,6 +1633,7 @@ static int DetectEngineHttpHHTest16(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1597,7 +1661,7 @@ static int DetectEngineHttpHHTest16(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1624,6 +1688,8 @@ static int DetectEngineHttpHHTest16(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1656,6 +1722,7 @@ static int DetectEngineHttpHHTest17(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1665,6 +1732,7 @@ static int DetectEngineHttpHHTest17(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1692,7 +1760,7 @@ static int DetectEngineHttpHHTest17(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1719,6 +1787,8 @@ static int DetectEngineHttpHHTest17(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1747,6 +1817,7 @@ static int DetectEngineHttpHHTest18(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1756,6 +1827,7 @@ static int DetectEngineHttpHHTest18(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1782,7 +1854,7 @@ static int DetectEngineHttpHHTest18(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1809,6 +1881,8 @@ static int DetectEngineHttpHHTest18(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1837,6 +1911,7 @@ static int DetectEngineHttpHHTest19(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1846,6 +1921,7 @@ static int DetectEngineHttpHHTest19(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1872,7 +1948,7 @@ static int DetectEngineHttpHHTest19(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1899,6 +1975,8 @@ static int DetectEngineHttpHHTest19(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1927,6 +2005,7 @@ static int DetectEngineHttpHHTest20(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1936,6 +2015,7 @@ static int DetectEngineHttpHHTest20(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1962,7 +2042,7 @@ static int DetectEngineHttpHHTest20(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1989,6 +2069,8 @@ static int DetectEngineHttpHHTest20(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2016,6 +2098,7 @@ static int DetectEngineHttpHHTest21(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2025,6 +2108,7 @@ static int DetectEngineHttpHHTest21(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -2051,7 +2135,7 @@ static int DetectEngineHttpHHTest21(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2078,6 +2162,8 @@ static int DetectEngineHttpHHTest21(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2105,6 +2191,7 @@ static int DetectEngineHttpHHTest22(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2114,6 +2201,7 @@ static int DetectEngineHttpHHTest22(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -2140,7 +2228,7 @@ static int DetectEngineHttpHHTest22(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2167,6 +2255,8 @@ static int DetectEngineHttpHHTest22(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2194,6 +2284,7 @@ static int DetectEngineHttpHHTest23(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2203,6 +2294,7 @@ static int DetectEngineHttpHHTest23(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -2229,7 +2321,7 @@ static int DetectEngineHttpHHTest23(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2256,6 +2348,8 @@ static int DetectEngineHttpHHTest23(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2284,6 +2378,7 @@ static int DetectEngineHttpHHTest24(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2293,6 +2388,7 @@ static int DetectEngineHttpHHTest24(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -2319,7 +2415,7 @@ static int DetectEngineHttpHHTest24(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2346,6 +2442,8 @@ static int DetectEngineHttpHHTest24(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2374,6 +2472,7 @@ static int DetectEngineHttpHHTest25(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2383,6 +2482,7 @@ static int DetectEngineHttpHHTest25(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -2409,7 +2509,7 @@ static int DetectEngineHttpHHTest25(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2436,6 +2536,8 @@ static int DetectEngineHttpHHTest25(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) diff --git a/src/detect-engine-hmd.c b/src/detect-engine-hmd.c index 1647436317..ab121f2eb8 100644 --- a/src/detect-engine-hmd.c +++ b/src/detect-engine-hmd.c @@ -47,6 +47,8 @@ #include "util-print.h" #include "flow.h" +#include "stream-tcp.h" + #include "app-layer-parser.h" #include "util-unittest.h" @@ -94,7 +96,7 @@ int DetectEngineInspectHttpMethod(ThreadVars *tv, { htp_tx_t *tx = (htp_tx_t *)txv; if (tx->request_method == NULL) { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_LINE) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_LINE) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; else return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; @@ -137,6 +139,7 @@ static int DetectEngineHttpMethodTest01(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -146,6 +149,7 @@ static int DetectEngineHttpMethodTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -172,7 +176,7 @@ static int DetectEngineHttpMethodTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -199,6 +203,8 @@ static int DetectEngineHttpMethodTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -230,6 +236,7 @@ static int DetectEngineHttpMethodTest02(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -239,6 +246,7 @@ static int DetectEngineHttpMethodTest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -265,7 +273,7 @@ static int DetectEngineHttpMethodTest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -292,6 +300,8 @@ static int DetectEngineHttpMethodTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -323,6 +333,7 @@ static int DetectEngineHttpMethodTest03(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -332,6 +343,7 @@ static int DetectEngineHttpMethodTest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -358,7 +370,7 @@ static int DetectEngineHttpMethodTest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -385,6 +397,8 @@ static int DetectEngineHttpMethodTest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -416,6 +430,7 @@ static int DetectEngineHttpMethodTest04(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -425,6 +440,7 @@ static int DetectEngineHttpMethodTest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -451,7 +467,7 @@ static int DetectEngineHttpMethodTest04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -478,6 +494,8 @@ static int DetectEngineHttpMethodTest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -509,6 +527,7 @@ static int DetectEngineHttpMethodTest05(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -518,6 +537,7 @@ static int DetectEngineHttpMethodTest05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -544,7 +564,7 @@ static int DetectEngineHttpMethodTest05(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -571,6 +591,8 @@ static int DetectEngineHttpMethodTest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -602,6 +624,7 @@ static int DetectEngineHttpMethodTest06(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -611,6 +634,7 @@ static int DetectEngineHttpMethodTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -637,7 +661,7 @@ static int DetectEngineHttpMethodTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -664,6 +688,8 @@ static int DetectEngineHttpMethodTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -695,6 +721,7 @@ static int DetectEngineHttpMethodTest07(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -704,6 +731,7 @@ static int DetectEngineHttpMethodTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -730,7 +758,7 @@ static int DetectEngineHttpMethodTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -757,6 +785,8 @@ static int DetectEngineHttpMethodTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -788,6 +818,7 @@ static int DetectEngineHttpMethodTest08(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -797,6 +828,7 @@ static int DetectEngineHttpMethodTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -823,7 +855,7 @@ static int DetectEngineHttpMethodTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -850,6 +882,8 @@ static int DetectEngineHttpMethodTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -881,6 +915,7 @@ static int DetectEngineHttpMethodTest09(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -890,6 +925,7 @@ static int DetectEngineHttpMethodTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -916,7 +952,7 @@ static int DetectEngineHttpMethodTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -943,6 +979,8 @@ static int DetectEngineHttpMethodTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -974,6 +1012,7 @@ static int DetectEngineHttpMethodTest10(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -983,6 +1022,7 @@ static int DetectEngineHttpMethodTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1010,7 +1050,7 @@ static int DetectEngineHttpMethodTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1037,6 +1077,8 @@ static int DetectEngineHttpMethodTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1068,6 +1110,7 @@ static int DetectEngineHttpMethodTest11(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1077,6 +1120,7 @@ static int DetectEngineHttpMethodTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1104,7 +1148,7 @@ static int DetectEngineHttpMethodTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1131,6 +1175,8 @@ static int DetectEngineHttpMethodTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1162,6 +1208,7 @@ static int DetectEngineHttpMethodTest12(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1171,6 +1218,7 @@ static int DetectEngineHttpMethodTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1198,7 +1246,7 @@ static int DetectEngineHttpMethodTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1225,6 +1273,8 @@ static int DetectEngineHttpMethodTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1256,6 +1306,7 @@ static int DetectEngineHttpMethodTest13(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1265,6 +1316,7 @@ static int DetectEngineHttpMethodTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1292,7 +1344,7 @@ static int DetectEngineHttpMethodTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1319,6 +1371,8 @@ static int DetectEngineHttpMethodTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1350,6 +1404,7 @@ static int DetectEngineHttpMethodTest14(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1359,6 +1414,7 @@ static int DetectEngineHttpMethodTest14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1386,7 +1442,7 @@ static int DetectEngineHttpMethodTest14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1413,6 +1469,8 @@ static int DetectEngineHttpMethodTest14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1444,6 +1502,7 @@ static int DetectEngineHttpMethodTest15(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1453,6 +1512,7 @@ static int DetectEngineHttpMethodTest15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1480,7 +1540,7 @@ static int DetectEngineHttpMethodTest15(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1507,6 +1567,8 @@ static int DetectEngineHttpMethodTest15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1538,6 +1600,7 @@ static int DetectEngineHttpMethodTest16(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1547,6 +1610,7 @@ static int DetectEngineHttpMethodTest16(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1574,7 +1638,7 @@ static int DetectEngineHttpMethodTest16(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1601,6 +1665,8 @@ static int DetectEngineHttpMethodTest16(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1632,6 +1698,7 @@ static int DetectEngineHttpMethodTest17(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1641,6 +1708,7 @@ static int DetectEngineHttpMethodTest17(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1668,7 +1736,7 @@ static int DetectEngineHttpMethodTest17(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1695,6 +1763,8 @@ static int DetectEngineHttpMethodTest17(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) diff --git a/src/detect-engine-hrhd.c b/src/detect-engine-hrhd.c index 477c85757e..64a26a34ff 100644 --- a/src/detect-engine-hrhd.c +++ b/src/detect-engine-hrhd.c @@ -47,6 +47,8 @@ #include "util-print.h" #include "flow.h" +#include "stream-tcp.h" + #include "app-layer-parser.h" #include "util-unittest.h" @@ -69,7 +71,7 @@ int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f, SCReturnInt(cnt); if (flags & STREAM_TOSERVER) { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, txv, 0) <= HTP_REQUEST_HEADERS) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, STREAM_TOSERVER) <= HTP_REQUEST_HEADERS) SCReturnInt(cnt); if (tx_ud->request_headers_raw != NULL) { @@ -79,7 +81,7 @@ int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f, flags); } } else { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, txv, 1) <= HTP_RESPONSE_HEADERS) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, STREAM_TOCLIENT) <= HTP_RESPONSE_HEADERS) SCReturnInt(cnt); if (tx_ud->response_headers_raw != NULL) { @@ -118,10 +120,10 @@ int DetectEngineInspectHttpRawHeader(ThreadVars *tv, uint32_t headers_raw_len = 0; if (flags & STREAM_TOSERVER) { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, txv, 0) <= HTP_REQUEST_HEADERS) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, STREAM_TOSERVER) <= HTP_REQUEST_HEADERS) return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; } else { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, txv, 1) <= HTP_RESPONSE_HEADERS) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, STREAM_TOCLIENT) <= HTP_RESPONSE_HEADERS) return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; } @@ -152,10 +154,10 @@ int DetectEngineInspectHttpRawHeader(ThreadVars *tv, end: if (flags & STREAM_TOSERVER) { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, txv, 0) > HTP_REQUEST_HEADERS) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, STREAM_TOSERVER) > HTP_REQUEST_HEADERS) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; } else { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, txv, 1) > HTP_RESPONSE_HEADERS) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, STREAM_TOCLIENT) > HTP_RESPONSE_HEADERS) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; } return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; @@ -183,6 +185,7 @@ static int DetectEngineHttpRawHeaderTest01(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -192,6 +195,7 @@ static int DetectEngineHttpRawHeaderTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -218,7 +222,7 @@ static int DetectEngineHttpRawHeaderTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -244,6 +248,8 @@ static int DetectEngineHttpRawHeaderTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -275,6 +281,7 @@ static int DetectEngineHttpRawHeaderTest02(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -284,6 +291,7 @@ static int DetectEngineHttpRawHeaderTest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -310,7 +318,7 @@ static int DetectEngineHttpRawHeaderTest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -336,6 +344,8 @@ static int DetectEngineHttpRawHeaderTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -367,6 +377,7 @@ static int DetectEngineHttpRawHeaderTest03(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -376,6 +387,7 @@ static int DetectEngineHttpRawHeaderTest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -402,7 +414,7 @@ static int DetectEngineHttpRawHeaderTest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -428,6 +440,8 @@ static int DetectEngineHttpRawHeaderTest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -459,6 +473,7 @@ static int DetectEngineHttpRawHeaderTest04(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -468,6 +483,7 @@ static int DetectEngineHttpRawHeaderTest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -494,7 +510,7 @@ static int DetectEngineHttpRawHeaderTest04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -520,6 +536,8 @@ static int DetectEngineHttpRawHeaderTest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -551,6 +569,7 @@ static int DetectEngineHttpRawHeaderTest05(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -560,6 +579,7 @@ static int DetectEngineHttpRawHeaderTest05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -586,7 +606,7 @@ static int DetectEngineHttpRawHeaderTest05(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -612,6 +632,8 @@ static int DetectEngineHttpRawHeaderTest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -643,6 +665,7 @@ static int DetectEngineHttpRawHeaderTest06(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -652,6 +675,7 @@ static int DetectEngineHttpRawHeaderTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -678,7 +702,7 @@ static int DetectEngineHttpRawHeaderTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -704,6 +728,8 @@ static int DetectEngineHttpRawHeaderTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -735,6 +761,7 @@ static int DetectEngineHttpRawHeaderTest07(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -744,6 +771,7 @@ static int DetectEngineHttpRawHeaderTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -770,7 +798,7 @@ static int DetectEngineHttpRawHeaderTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -796,6 +824,8 @@ static int DetectEngineHttpRawHeaderTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -827,6 +857,7 @@ static int DetectEngineHttpRawHeaderTest08(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -836,6 +867,7 @@ static int DetectEngineHttpRawHeaderTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -862,7 +894,7 @@ static int DetectEngineHttpRawHeaderTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -888,6 +920,8 @@ static int DetectEngineHttpRawHeaderTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -919,6 +953,7 @@ static int DetectEngineHttpRawHeaderTest09(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -928,6 +963,7 @@ static int DetectEngineHttpRawHeaderTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -954,7 +990,7 @@ static int DetectEngineHttpRawHeaderTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -980,6 +1016,8 @@ static int DetectEngineHttpRawHeaderTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1011,6 +1049,7 @@ static int DetectEngineHttpRawHeaderTest10(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1020,6 +1059,7 @@ static int DetectEngineHttpRawHeaderTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1046,7 +1086,7 @@ static int DetectEngineHttpRawHeaderTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1072,6 +1112,8 @@ static int DetectEngineHttpRawHeaderTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1103,6 +1145,7 @@ static int DetectEngineHttpRawHeaderTest11(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1112,6 +1155,7 @@ static int DetectEngineHttpRawHeaderTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1138,7 +1182,7 @@ static int DetectEngineHttpRawHeaderTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1164,6 +1208,8 @@ static int DetectEngineHttpRawHeaderTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1195,6 +1241,7 @@ static int DetectEngineHttpRawHeaderTest12(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1204,6 +1251,7 @@ static int DetectEngineHttpRawHeaderTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1230,7 +1278,7 @@ static int DetectEngineHttpRawHeaderTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1256,6 +1304,8 @@ static int DetectEngineHttpRawHeaderTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1287,6 +1337,7 @@ static int DetectEngineHttpRawHeaderTest13(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1296,6 +1347,7 @@ static int DetectEngineHttpRawHeaderTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1322,7 +1374,7 @@ static int DetectEngineHttpRawHeaderTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1348,6 +1400,8 @@ static int DetectEngineHttpRawHeaderTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1379,6 +1433,7 @@ static int DetectEngineHttpRawHeaderTest14(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1388,6 +1443,7 @@ static int DetectEngineHttpRawHeaderTest14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1414,7 +1470,7 @@ static int DetectEngineHttpRawHeaderTest14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1440,6 +1496,8 @@ static int DetectEngineHttpRawHeaderTest14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1471,6 +1529,7 @@ static int DetectEngineHttpRawHeaderTest15(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1480,6 +1539,7 @@ static int DetectEngineHttpRawHeaderTest15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1506,7 +1566,7 @@ static int DetectEngineHttpRawHeaderTest15(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1532,6 +1592,8 @@ static int DetectEngineHttpRawHeaderTest15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1563,6 +1625,7 @@ static int DetectEngineHttpRawHeaderTest16(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1572,6 +1635,7 @@ static int DetectEngineHttpRawHeaderTest16(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1598,7 +1662,7 @@ static int DetectEngineHttpRawHeaderTest16(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1624,6 +1688,8 @@ static int DetectEngineHttpRawHeaderTest16(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1655,6 +1721,7 @@ static int DetectEngineHttpRawHeaderTest17(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1664,6 +1731,7 @@ static int DetectEngineHttpRawHeaderTest17(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1690,7 +1758,7 @@ static int DetectEngineHttpRawHeaderTest17(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1716,6 +1784,8 @@ static int DetectEngineHttpRawHeaderTest17(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1754,6 +1824,7 @@ static int DetectEngineHttpRawHeaderTest18(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1828,6 +1899,7 @@ static int DetectEngineHttpRawHeaderTest19(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1896,6 +1968,7 @@ static int DetectEngineHttpRawHeaderTest20(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1906,6 +1979,7 @@ static int DetectEngineHttpRawHeaderTest20(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1938,7 +2012,7 @@ static int DetectEngineHttpRawHeaderTest20(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1963,7 +2037,7 @@ static int DetectEngineHttpRawHeaderTest20(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1983,6 +2057,8 @@ static int DetectEngineHttpRawHeaderTest20(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2016,6 +2092,7 @@ static int DetectEngineHttpRawHeaderTest21(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2026,6 +2103,7 @@ static int DetectEngineHttpRawHeaderTest21(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2058,7 +2136,7 @@ static int DetectEngineHttpRawHeaderTest21(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2083,7 +2161,7 @@ static int DetectEngineHttpRawHeaderTest21(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2103,6 +2181,8 @@ static int DetectEngineHttpRawHeaderTest21(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2136,6 +2216,7 @@ static int DetectEngineHttpRawHeaderTest22(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2146,6 +2227,7 @@ static int DetectEngineHttpRawHeaderTest22(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2178,7 +2260,7 @@ static int DetectEngineHttpRawHeaderTest22(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2203,7 +2285,7 @@ static int DetectEngineHttpRawHeaderTest22(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2223,6 +2305,8 @@ static int DetectEngineHttpRawHeaderTest22(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2256,6 +2340,7 @@ static int DetectEngineHttpRawHeaderTest23(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2266,6 +2351,7 @@ static int DetectEngineHttpRawHeaderTest23(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2298,7 +2384,7 @@ static int DetectEngineHttpRawHeaderTest23(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2323,7 +2409,7 @@ static int DetectEngineHttpRawHeaderTest23(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2343,6 +2429,8 @@ static int DetectEngineHttpRawHeaderTest23(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2376,6 +2464,7 @@ static int DetectEngineHttpRawHeaderTest24(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2386,6 +2475,7 @@ static int DetectEngineHttpRawHeaderTest24(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2418,7 +2508,7 @@ static int DetectEngineHttpRawHeaderTest24(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2443,7 +2533,7 @@ static int DetectEngineHttpRawHeaderTest24(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2463,6 +2553,8 @@ static int DetectEngineHttpRawHeaderTest24(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2496,6 +2588,7 @@ static int DetectEngineHttpRawHeaderTest25(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2506,6 +2599,7 @@ static int DetectEngineHttpRawHeaderTest25(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2538,7 +2632,7 @@ static int DetectEngineHttpRawHeaderTest25(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2563,7 +2657,7 @@ static int DetectEngineHttpRawHeaderTest25(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2583,6 +2677,8 @@ static int DetectEngineHttpRawHeaderTest25(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2616,6 +2712,7 @@ static int DetectEngineHttpRawHeaderTest26(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2626,6 +2723,7 @@ static int DetectEngineHttpRawHeaderTest26(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2658,7 +2756,7 @@ static int DetectEngineHttpRawHeaderTest26(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2683,7 +2781,7 @@ static int DetectEngineHttpRawHeaderTest26(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2736,6 +2834,7 @@ static int DetectEngineHttpRawHeaderTest27(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2746,6 +2845,7 @@ static int DetectEngineHttpRawHeaderTest27(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2778,7 +2878,7 @@ static int DetectEngineHttpRawHeaderTest27(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2803,7 +2903,7 @@ static int DetectEngineHttpRawHeaderTest27(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2823,6 +2923,8 @@ static int DetectEngineHttpRawHeaderTest27(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2861,6 +2963,7 @@ static int DetectEngineHttpRawHeaderTest28(void) "abcdef"; uint32_t http_buf2_len = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2871,6 +2974,7 @@ static int DetectEngineHttpRawHeaderTest28(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2902,7 +3006,7 @@ static int DetectEngineHttpRawHeaderTest28(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); @@ -2928,7 +3032,7 @@ static int DetectEngineHttpRawHeaderTest28(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2948,6 +3052,8 @@ static int DetectEngineHttpRawHeaderTest28(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2986,6 +3092,7 @@ static int DetectEngineHttpRawHeaderTest29(void) "abcdef"; uint32_t http_buf2_len = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2996,6 +3103,7 @@ static int DetectEngineHttpRawHeaderTest29(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3027,7 +3135,7 @@ static int DetectEngineHttpRawHeaderTest29(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); @@ -3053,7 +3161,7 @@ static int DetectEngineHttpRawHeaderTest29(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3073,6 +3181,8 @@ static int DetectEngineHttpRawHeaderTest29(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3143,6 +3253,7 @@ static int DetectEngineHttpRawHeaderTest31(void) "\r\n"; uint32_t http1_len = sizeof(http1_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3152,6 +3263,7 @@ static int DetectEngineHttpRawHeaderTest31(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3179,7 +3291,7 @@ static int DetectEngineHttpRawHeaderTest31(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3206,6 +3318,8 @@ static int DetectEngineHttpRawHeaderTest31(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3246,6 +3360,7 @@ static int DetectEngineHttpRawHeaderTest32(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3256,6 +3371,7 @@ static int DetectEngineHttpRawHeaderTest32(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3287,7 +3403,7 @@ static int DetectEngineHttpRawHeaderTest32(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3312,7 +3428,7 @@ static int DetectEngineHttpRawHeaderTest32(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3332,6 +3448,8 @@ static int DetectEngineHttpRawHeaderTest32(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) diff --git a/src/detect-engine-hrhhd.c b/src/detect-engine-hrhhd.c index 31fb1306b4..94d255f701 100644 --- a/src/detect-engine-hrhhd.c +++ b/src/detect-engine-hrhhd.c @@ -47,6 +47,8 @@ #include "util-print.h" #include "flow.h" +#include "stream-tcp.h" + #include "app-layer-parser.h" #include "util-unittest.h" @@ -143,7 +145,7 @@ int DetectEngineInspectHttpHRH(ThreadVars *tv, return DETECT_ENGINE_INSPECT_SIG_MATCH; end: - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_HEADERS) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_HEADERS) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; else return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; @@ -172,6 +174,7 @@ static int DetectEngineHttpHRHTest01(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -181,6 +184,7 @@ static int DetectEngineHttpHRHTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -207,7 +211,7 @@ static int DetectEngineHttpHRHTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -234,6 +238,8 @@ static int DetectEngineHttpHRHTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -266,6 +272,7 @@ static int DetectEngineHttpHRHTest02(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -275,6 +282,7 @@ static int DetectEngineHttpHRHTest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -301,7 +309,7 @@ static int DetectEngineHttpHRHTest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -328,6 +336,8 @@ static int DetectEngineHttpHRHTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -360,6 +370,7 @@ static int DetectEngineHttpHRHTest03(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -369,6 +380,7 @@ static int DetectEngineHttpHRHTest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -395,7 +407,7 @@ static int DetectEngineHttpHRHTest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -422,6 +434,8 @@ static int DetectEngineHttpHRHTest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -454,6 +468,7 @@ static int DetectEngineHttpHRHTest04(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -463,6 +478,7 @@ static int DetectEngineHttpHRHTest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -489,7 +505,7 @@ static int DetectEngineHttpHRHTest04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -516,6 +532,8 @@ static int DetectEngineHttpHRHTest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -548,6 +566,7 @@ static int DetectEngineHttpHRHTest05(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -557,6 +576,7 @@ static int DetectEngineHttpHRHTest05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -583,7 +603,7 @@ static int DetectEngineHttpHRHTest05(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -610,6 +630,8 @@ static int DetectEngineHttpHRHTest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -642,6 +664,7 @@ static int DetectEngineHttpHRHTest06(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -651,6 +674,7 @@ static int DetectEngineHttpHRHTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -677,7 +701,7 @@ static int DetectEngineHttpHRHTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -704,6 +728,8 @@ static int DetectEngineHttpHRHTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -736,6 +762,7 @@ static int DetectEngineHttpHRHTest07(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -745,6 +772,7 @@ static int DetectEngineHttpHRHTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -771,7 +799,7 @@ static int DetectEngineHttpHRHTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -798,6 +826,8 @@ static int DetectEngineHttpHRHTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -830,6 +860,7 @@ static int DetectEngineHttpHRHTest08(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -839,6 +870,7 @@ static int DetectEngineHttpHRHTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -865,7 +897,7 @@ static int DetectEngineHttpHRHTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -892,6 +924,8 @@ static int DetectEngineHttpHRHTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -924,6 +958,7 @@ static int DetectEngineHttpHRHTest09(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -933,6 +968,7 @@ static int DetectEngineHttpHRHTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -959,7 +995,7 @@ static int DetectEngineHttpHRHTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -986,6 +1022,8 @@ static int DetectEngineHttpHRHTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1018,6 +1056,7 @@ static int DetectEngineHttpHRHTest10(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1027,6 +1066,7 @@ static int DetectEngineHttpHRHTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1054,7 +1094,7 @@ static int DetectEngineHttpHRHTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1081,6 +1121,8 @@ static int DetectEngineHttpHRHTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1113,6 +1155,7 @@ static int DetectEngineHttpHRHTest11(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1122,6 +1165,7 @@ static int DetectEngineHttpHRHTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1149,7 +1193,7 @@ static int DetectEngineHttpHRHTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1176,6 +1220,8 @@ static int DetectEngineHttpHRHTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1208,6 +1254,7 @@ static int DetectEngineHttpHRHTest12(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1217,6 +1264,7 @@ static int DetectEngineHttpHRHTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1244,7 +1292,7 @@ static int DetectEngineHttpHRHTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1271,6 +1319,8 @@ static int DetectEngineHttpHRHTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1303,6 +1353,7 @@ static int DetectEngineHttpHRHTest13(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1312,6 +1363,7 @@ static int DetectEngineHttpHRHTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1339,7 +1391,7 @@ static int DetectEngineHttpHRHTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1366,6 +1418,8 @@ static int DetectEngineHttpHRHTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1398,6 +1452,7 @@ static int DetectEngineHttpHRHTest14(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1407,6 +1462,7 @@ static int DetectEngineHttpHRHTest14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1434,7 +1490,7 @@ static int DetectEngineHttpHRHTest14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1461,6 +1517,8 @@ static int DetectEngineHttpHRHTest14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1493,6 +1551,7 @@ static int DetectEngineHttpHRHTest15(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1502,6 +1561,7 @@ static int DetectEngineHttpHRHTest15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1529,7 +1589,7 @@ static int DetectEngineHttpHRHTest15(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1556,6 +1616,8 @@ static int DetectEngineHttpHRHTest15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1588,6 +1650,7 @@ static int DetectEngineHttpHRHTest16(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1597,6 +1660,7 @@ static int DetectEngineHttpHRHTest16(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1624,7 +1688,7 @@ static int DetectEngineHttpHRHTest16(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1651,6 +1715,8 @@ static int DetectEngineHttpHRHTest16(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1683,6 +1749,7 @@ static int DetectEngineHttpHRHTest17(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1692,6 +1759,7 @@ static int DetectEngineHttpHRHTest17(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1719,7 +1787,7 @@ static int DetectEngineHttpHRHTest17(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1746,6 +1814,8 @@ static int DetectEngineHttpHRHTest17(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1774,6 +1844,7 @@ static int DetectEngineHttpHRHTest18(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1783,6 +1854,7 @@ static int DetectEngineHttpHRHTest18(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1809,7 +1881,7 @@ static int DetectEngineHttpHRHTest18(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1836,6 +1908,8 @@ static int DetectEngineHttpHRHTest18(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1864,6 +1938,7 @@ static int DetectEngineHttpHRHTest19(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1873,6 +1948,7 @@ static int DetectEngineHttpHRHTest19(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1899,7 +1975,7 @@ static int DetectEngineHttpHRHTest19(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1926,6 +2002,8 @@ static int DetectEngineHttpHRHTest19(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1954,6 +2032,7 @@ static int DetectEngineHttpHRHTest20(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1963,6 +2042,7 @@ static int DetectEngineHttpHRHTest20(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1989,7 +2069,7 @@ static int DetectEngineHttpHRHTest20(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2016,6 +2096,8 @@ static int DetectEngineHttpHRHTest20(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2043,6 +2125,7 @@ static int DetectEngineHttpHRHTest21(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2052,6 +2135,7 @@ static int DetectEngineHttpHRHTest21(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -2078,7 +2162,7 @@ static int DetectEngineHttpHRHTest21(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2105,6 +2189,8 @@ static int DetectEngineHttpHRHTest21(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2132,6 +2218,7 @@ static int DetectEngineHttpHRHTest22(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2141,6 +2228,7 @@ static int DetectEngineHttpHRHTest22(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -2167,7 +2255,7 @@ static int DetectEngineHttpHRHTest22(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2194,6 +2282,8 @@ static int DetectEngineHttpHRHTest22(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2221,6 +2311,7 @@ static int DetectEngineHttpHRHTest23(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2230,6 +2321,7 @@ static int DetectEngineHttpHRHTest23(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -2256,7 +2348,7 @@ static int DetectEngineHttpHRHTest23(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2283,6 +2375,8 @@ static int DetectEngineHttpHRHTest23(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2311,6 +2405,7 @@ static int DetectEngineHttpHRHTest24(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2320,6 +2415,7 @@ static int DetectEngineHttpHRHTest24(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -2346,7 +2442,7 @@ static int DetectEngineHttpHRHTest24(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2373,6 +2469,8 @@ static int DetectEngineHttpHRHTest24(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2401,6 +2499,7 @@ static int DetectEngineHttpHRHTest25(void) "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2410,6 +2509,7 @@ static int DetectEngineHttpHRHTest25(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -2436,7 +2536,7 @@ static int DetectEngineHttpHRHTest25(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2463,6 +2563,8 @@ static int DetectEngineHttpHRHTest25(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) diff --git a/src/detect-engine-hrud.c b/src/detect-engine-hrud.c index 1733fb4ea0..8045094f18 100644 --- a/src/detect-engine-hrud.c +++ b/src/detect-engine-hrud.c @@ -46,6 +46,8 @@ #include "util-print.h" #include "flow.h" +#include "stream-tcp.h" + #include "app-layer-parser.h" #include "util-unittest.h" @@ -100,7 +102,7 @@ int DetectEngineInspectHttpRawUri(ThreadVars *tv, { htp_tx_t *tx = (htp_tx_t *)txv; if (tx->request_uri == NULL) { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_LINE) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_LINE) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; else return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; @@ -151,6 +153,7 @@ static int DetectEngineHttpRawUriTest01(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -161,6 +164,7 @@ static int DetectEngineHttpRawUriTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -192,7 +196,7 @@ static int DetectEngineHttpRawUriTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -217,7 +221,7 @@ static int DetectEngineHttpRawUriTest01(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -237,6 +241,8 @@ static int DetectEngineHttpRawUriTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -271,6 +277,7 @@ static int DetectEngineHttpRawUriTest02(void) "This is dummy body1"; uint32_t http1_len = sizeof(http1_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -281,6 +288,7 @@ static int DetectEngineHttpRawUriTest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -312,7 +320,7 @@ static int DetectEngineHttpRawUriTest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -339,6 +347,8 @@ static int DetectEngineHttpRawUriTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -377,6 +387,7 @@ static int DetectEngineHttpRawUriTest03(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -387,6 +398,7 @@ static int DetectEngineHttpRawUriTest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -418,7 +430,7 @@ static int DetectEngineHttpRawUriTest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -443,7 +455,7 @@ static int DetectEngineHttpRawUriTest03(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -463,6 +475,8 @@ static int DetectEngineHttpRawUriTest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -501,6 +515,7 @@ static int DetectEngineHttpRawUriTest04(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -511,6 +526,7 @@ static int DetectEngineHttpRawUriTest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -542,7 +558,7 @@ static int DetectEngineHttpRawUriTest04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -567,7 +583,7 @@ static int DetectEngineHttpRawUriTest04(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -587,6 +603,8 @@ static int DetectEngineHttpRawUriTest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -624,6 +642,7 @@ static int DetectEngineHttpRawUriTest05(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -634,6 +653,7 @@ static int DetectEngineHttpRawUriTest05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -665,7 +685,7 @@ static int DetectEngineHttpRawUriTest05(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -690,7 +710,7 @@ static int DetectEngineHttpRawUriTest05(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -710,6 +730,8 @@ static int DetectEngineHttpRawUriTest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -747,6 +769,7 @@ static int DetectEngineHttpRawUriTest06(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -757,6 +780,7 @@ static int DetectEngineHttpRawUriTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -788,7 +812,7 @@ static int DetectEngineHttpRawUriTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -813,7 +837,7 @@ static int DetectEngineHttpRawUriTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -833,6 +857,8 @@ static int DetectEngineHttpRawUriTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -870,6 +896,7 @@ static int DetectEngineHttpRawUriTest07(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -880,6 +907,7 @@ static int DetectEngineHttpRawUriTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -911,7 +939,7 @@ static int DetectEngineHttpRawUriTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -936,7 +964,7 @@ static int DetectEngineHttpRawUriTest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -956,6 +984,8 @@ static int DetectEngineHttpRawUriTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -993,6 +1023,7 @@ static int DetectEngineHttpRawUriTest08(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1003,6 +1034,7 @@ static int DetectEngineHttpRawUriTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1034,7 +1066,7 @@ static int DetectEngineHttpRawUriTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1059,7 +1091,7 @@ static int DetectEngineHttpRawUriTest08(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1079,6 +1111,8 @@ static int DetectEngineHttpRawUriTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1116,6 +1150,7 @@ static int DetectEngineHttpRawUriTest09(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1126,6 +1161,7 @@ static int DetectEngineHttpRawUriTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1158,7 +1194,7 @@ static int DetectEngineHttpRawUriTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1183,7 +1219,7 @@ static int DetectEngineHttpRawUriTest09(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1203,6 +1239,8 @@ static int DetectEngineHttpRawUriTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1240,6 +1278,7 @@ static int DetectEngineHttpRawUriTest10(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1250,6 +1289,7 @@ static int DetectEngineHttpRawUriTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1282,7 +1322,7 @@ static int DetectEngineHttpRawUriTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1307,7 +1347,7 @@ static int DetectEngineHttpRawUriTest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1327,6 +1367,8 @@ static int DetectEngineHttpRawUriTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1364,6 +1406,7 @@ static int DetectEngineHttpRawUriTest11(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1374,6 +1417,7 @@ static int DetectEngineHttpRawUriTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1406,7 +1450,7 @@ static int DetectEngineHttpRawUriTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1431,7 +1475,7 @@ static int DetectEngineHttpRawUriTest11(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1451,6 +1495,8 @@ static int DetectEngineHttpRawUriTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1488,6 +1534,7 @@ static int DetectEngineHttpRawUriTest12(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1498,6 +1545,7 @@ static int DetectEngineHttpRawUriTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1530,7 +1578,7 @@ static int DetectEngineHttpRawUriTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1555,7 +1603,7 @@ static int DetectEngineHttpRawUriTest12(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1575,6 +1623,8 @@ static int DetectEngineHttpRawUriTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1612,6 +1662,7 @@ static int DetectEngineHttpRawUriTest13(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1622,6 +1673,7 @@ static int DetectEngineHttpRawUriTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1654,7 +1706,7 @@ static int DetectEngineHttpRawUriTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1679,7 +1731,7 @@ static int DetectEngineHttpRawUriTest13(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1699,6 +1751,8 @@ static int DetectEngineHttpRawUriTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1736,6 +1790,7 @@ static int DetectEngineHttpRawUriTest14(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1746,6 +1801,7 @@ static int DetectEngineHttpRawUriTest14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1778,7 +1834,7 @@ static int DetectEngineHttpRawUriTest14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1803,7 +1859,7 @@ static int DetectEngineHttpRawUriTest14(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1823,6 +1879,8 @@ static int DetectEngineHttpRawUriTest14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1860,6 +1918,7 @@ static int DetectEngineHttpRawUriTest15(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1870,6 +1929,7 @@ static int DetectEngineHttpRawUriTest15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1902,7 +1962,7 @@ static int DetectEngineHttpRawUriTest15(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1927,7 +1987,7 @@ static int DetectEngineHttpRawUriTest15(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1947,6 +2007,8 @@ static int DetectEngineHttpRawUriTest15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1984,6 +2046,7 @@ static int DetectEngineHttpRawUriTest16(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1994,6 +2057,7 @@ static int DetectEngineHttpRawUriTest16(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2026,7 +2090,7 @@ static int DetectEngineHttpRawUriTest16(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2051,7 +2115,7 @@ static int DetectEngineHttpRawUriTest16(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2071,6 +2135,8 @@ static int DetectEngineHttpRawUriTest16(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2105,6 +2171,7 @@ static int DetectEngineHttpRawUriTest17(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2176,6 +2243,7 @@ static int DetectEngineHttpRawUriTest18(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2247,6 +2315,7 @@ static int DetectEngineHttpRawUriTest19(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2318,6 +2387,7 @@ static int DetectEngineHttpRawUriTest20(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2392,6 +2462,7 @@ static int DetectEngineHttpRawUriTest21(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2402,6 +2473,7 @@ static int DetectEngineHttpRawUriTest21(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2434,7 +2506,7 @@ static int DetectEngineHttpRawUriTest21(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2459,7 +2531,7 @@ static int DetectEngineHttpRawUriTest21(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2479,6 +2551,8 @@ static int DetectEngineHttpRawUriTest21(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2516,6 +2590,7 @@ static int DetectEngineHttpRawUriTest22(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2526,6 +2601,7 @@ static int DetectEngineHttpRawUriTest22(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2558,7 +2634,7 @@ static int DetectEngineHttpRawUriTest22(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2583,7 +2659,7 @@ static int DetectEngineHttpRawUriTest22(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2603,6 +2679,8 @@ static int DetectEngineHttpRawUriTest22(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2640,6 +2718,7 @@ static int DetectEngineHttpRawUriTest23(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2650,6 +2729,7 @@ static int DetectEngineHttpRawUriTest23(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2682,7 +2762,7 @@ static int DetectEngineHttpRawUriTest23(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2707,7 +2787,7 @@ static int DetectEngineHttpRawUriTest23(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2727,6 +2807,8 @@ static int DetectEngineHttpRawUriTest23(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2764,6 +2846,7 @@ static int DetectEngineHttpRawUriTest24(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2774,6 +2857,7 @@ static int DetectEngineHttpRawUriTest24(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2806,7 +2890,7 @@ static int DetectEngineHttpRawUriTest24(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2831,7 +2915,7 @@ static int DetectEngineHttpRawUriTest24(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2851,6 +2935,8 @@ static int DetectEngineHttpRawUriTest24(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2888,6 +2974,7 @@ static int DetectEngineHttpRawUriTest25(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2898,6 +2985,7 @@ static int DetectEngineHttpRawUriTest25(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2930,7 +3018,7 @@ static int DetectEngineHttpRawUriTest25(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2955,7 +3043,7 @@ static int DetectEngineHttpRawUriTest25(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2975,6 +3063,8 @@ static int DetectEngineHttpRawUriTest25(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3012,6 +3102,7 @@ static int DetectEngineHttpRawUriTest26(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3022,6 +3113,7 @@ static int DetectEngineHttpRawUriTest26(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3054,7 +3146,7 @@ static int DetectEngineHttpRawUriTest26(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3079,7 +3171,7 @@ static int DetectEngineHttpRawUriTest26(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3099,6 +3191,8 @@ static int DetectEngineHttpRawUriTest26(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3136,6 +3230,7 @@ static int DetectEngineHttpRawUriTest27(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3146,6 +3241,7 @@ static int DetectEngineHttpRawUriTest27(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3178,7 +3274,7 @@ static int DetectEngineHttpRawUriTest27(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3203,7 +3299,7 @@ static int DetectEngineHttpRawUriTest27(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3223,6 +3319,8 @@ static int DetectEngineHttpRawUriTest27(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3260,6 +3358,7 @@ static int DetectEngineHttpRawUriTest28(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3270,6 +3369,7 @@ static int DetectEngineHttpRawUriTest28(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3302,7 +3402,7 @@ static int DetectEngineHttpRawUriTest28(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3327,7 +3427,7 @@ static int DetectEngineHttpRawUriTest28(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3347,6 +3447,8 @@ static int DetectEngineHttpRawUriTest28(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3376,6 +3478,7 @@ static int DetectEngineHttpRawUriTest29(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3385,6 +3488,7 @@ static int DetectEngineHttpRawUriTest29(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -3414,7 +3518,7 @@ static int DetectEngineHttpRawUriTest29(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3439,6 +3543,8 @@ static int DetectEngineHttpRawUriTest29(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -3467,6 +3573,7 @@ static int DetectEngineHttpRawUriTest30(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3476,6 +3583,7 @@ static int DetectEngineHttpRawUriTest30(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -3504,7 +3612,7 @@ static int DetectEngineHttpRawUriTest30(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3529,6 +3637,8 @@ static int DetectEngineHttpRawUriTest30(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) diff --git a/src/detect-engine-hsbd.c b/src/detect-engine-hsbd.c index 8b6f62d284..b8108178af 100644 --- a/src/detect-engine-hsbd.c +++ b/src/detect-engine-hsbd.c @@ -48,6 +48,8 @@ #include "util-print.h" #include "flow.h" +#include "stream-tcp.h" + #include "app-layer-parser.h" #include "util-unittest.h" @@ -153,14 +155,14 @@ static uint8_t *DetectEngineHSBDGetBufferForTX(htp_tx_t *tx, uint64_t tx_id, htud->response_body.content_len_so_far, htp_state->cfg->response_inspect_min_size, flags & STREAM_EOF ? "true" : "false", - (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1) > HTP_RESPONSE_BODY) ? "true" : "false"); + (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOCLIENT) > HTP_RESPONSE_BODY) ? "true" : "false"); /* inspect the body if the transfer is complete or we have hit * our body size limit */ if ((htp_state->cfg->response_body_limit == 0 || htud->response_body.content_len_so_far < htp_state->cfg->response_body_limit) && htud->response_body.content_len_so_far < htp_state->cfg->response_inspect_min_size && - !(AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1) > HTP_RESPONSE_BODY) && + !(AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOCLIENT) > HTP_RESPONSE_BODY) && !(flags & STREAM_EOF)) { SCLogDebug("we still haven't seen the entire response body. " "Let's defer body inspection till we see the " @@ -274,7 +276,7 @@ int DetectEngineInspectHttpServerBody(ThreadVars *tv, return DETECT_ENGINE_INSPECT_SIG_MATCH; end: - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1) > HTP_RESPONSE_BODY) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOCLIENT) > HTP_RESPONSE_BODY) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; else return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; @@ -322,6 +324,7 @@ static int DetectEngineHttpServerBodyTest01(void) "message"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -332,6 +335,7 @@ static int DetectEngineHttpServerBodyTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -363,7 +367,7 @@ static int DetectEngineHttpServerBodyTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -388,7 +392,7 @@ static int DetectEngineHttpServerBodyTest01(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -408,6 +412,8 @@ static int DetectEngineHttpServerBodyTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -445,6 +451,7 @@ static int DetectEngineHttpServerBodyTest02(void) "xxxxABC"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -454,6 +461,7 @@ static int DetectEngineHttpServerBodyTest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -481,7 +489,7 @@ static int DetectEngineHttpServerBodyTest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -491,7 +499,7 @@ static int DetectEngineHttpServerBodyTest02(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -518,6 +526,8 @@ static int DetectEngineHttpServerBodyTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -558,6 +568,7 @@ static int DetectEngineHttpServerBodyTest03(void) uint8_t http_buf3[] = "8901234ABC"; uint32_t http_len3 = sizeof(http_buf3) - 1; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -568,6 +579,7 @@ static int DetectEngineHttpServerBodyTest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -599,7 +611,7 @@ static int DetectEngineHttpServerBodyTest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -624,7 +636,7 @@ static int DetectEngineHttpServerBodyTest03(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -634,7 +646,7 @@ static int DetectEngineHttpServerBodyTest03(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -654,6 +666,8 @@ static int DetectEngineHttpServerBodyTest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -692,6 +706,7 @@ static int DetectEngineHttpServerBodyTest04(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -702,6 +717,7 @@ static int DetectEngineHttpServerBodyTest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -733,7 +749,7 @@ static int DetectEngineHttpServerBodyTest04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -758,7 +774,7 @@ static int DetectEngineHttpServerBodyTest04(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -778,6 +794,8 @@ static int DetectEngineHttpServerBodyTest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -816,6 +834,7 @@ static int DetectEngineHttpServerBodyTest05(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -826,6 +845,7 @@ static int DetectEngineHttpServerBodyTest05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -857,7 +877,7 @@ static int DetectEngineHttpServerBodyTest05(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -882,7 +902,7 @@ static int DetectEngineHttpServerBodyTest05(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -902,6 +922,8 @@ static int DetectEngineHttpServerBodyTest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -940,6 +962,7 @@ static int DetectEngineHttpServerBodyTest06(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -950,6 +973,7 @@ static int DetectEngineHttpServerBodyTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -981,7 +1005,7 @@ static int DetectEngineHttpServerBodyTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1006,7 +1030,7 @@ static int DetectEngineHttpServerBodyTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1026,6 +1050,8 @@ static int DetectEngineHttpServerBodyTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1064,6 +1090,7 @@ static int DetectEngineHttpServerBodyTest07(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1074,6 +1101,7 @@ static int DetectEngineHttpServerBodyTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1105,7 +1133,7 @@ static int DetectEngineHttpServerBodyTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1130,7 +1158,7 @@ static int DetectEngineHttpServerBodyTest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1150,6 +1178,8 @@ static int DetectEngineHttpServerBodyTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1188,6 +1218,7 @@ static int DetectEngineHttpServerBodyTest08(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1198,6 +1229,7 @@ static int DetectEngineHttpServerBodyTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1229,7 +1261,7 @@ static int DetectEngineHttpServerBodyTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1254,7 +1286,7 @@ static int DetectEngineHttpServerBodyTest08(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1274,6 +1306,8 @@ static int DetectEngineHttpServerBodyTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1312,6 +1346,7 @@ static int DetectEngineHttpServerBodyTest09(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1322,6 +1357,7 @@ static int DetectEngineHttpServerBodyTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1354,7 +1390,7 @@ static int DetectEngineHttpServerBodyTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1379,7 +1415,7 @@ static int DetectEngineHttpServerBodyTest09(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1399,6 +1435,8 @@ static int DetectEngineHttpServerBodyTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1437,6 +1475,7 @@ static int DetectEngineHttpServerBodyTest10(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1447,6 +1486,7 @@ static int DetectEngineHttpServerBodyTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1479,7 +1519,7 @@ static int DetectEngineHttpServerBodyTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1504,7 +1544,7 @@ static int DetectEngineHttpServerBodyTest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1524,6 +1564,8 @@ static int DetectEngineHttpServerBodyTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1562,6 +1604,7 @@ static int DetectEngineHttpServerBodyTest11(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1572,6 +1615,7 @@ static int DetectEngineHttpServerBodyTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1604,7 +1648,7 @@ static int DetectEngineHttpServerBodyTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1629,7 +1673,7 @@ static int DetectEngineHttpServerBodyTest11(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1649,6 +1693,8 @@ static int DetectEngineHttpServerBodyTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1687,6 +1733,7 @@ static int DetectEngineHttpServerBodyTest12(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1697,6 +1744,7 @@ static int DetectEngineHttpServerBodyTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1729,7 +1777,7 @@ static int DetectEngineHttpServerBodyTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1754,7 +1802,7 @@ static int DetectEngineHttpServerBodyTest12(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1774,6 +1822,8 @@ static int DetectEngineHttpServerBodyTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1812,6 +1862,7 @@ static int DetectEngineHttpServerBodyTest13(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1822,6 +1873,7 @@ static int DetectEngineHttpServerBodyTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1854,7 +1906,7 @@ static int DetectEngineHttpServerBodyTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1879,7 +1931,7 @@ static int DetectEngineHttpServerBodyTest13(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1899,6 +1951,8 @@ static int DetectEngineHttpServerBodyTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1937,6 +1991,7 @@ static int DetectEngineHttpServerBodyTest14(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1947,6 +2002,7 @@ static int DetectEngineHttpServerBodyTest14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1979,7 +2035,7 @@ static int DetectEngineHttpServerBodyTest14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2004,7 +2060,7 @@ static int DetectEngineHttpServerBodyTest14(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2024,6 +2080,8 @@ static int DetectEngineHttpServerBodyTest14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2062,6 +2120,7 @@ static int DetectEngineHttpServerBodyTest15(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2072,6 +2131,7 @@ static int DetectEngineHttpServerBodyTest15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2104,7 +2164,7 @@ static int DetectEngineHttpServerBodyTest15(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2129,7 +2189,7 @@ static int DetectEngineHttpServerBodyTest15(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2149,6 +2209,8 @@ static int DetectEngineHttpServerBodyTest15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2213,6 +2275,7 @@ libhtp:\n\ uint8_t http_buf3[] = "8901234ABC"; uint32_t http_len3 = sizeof(http_buf3) - 1; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2223,6 +2286,7 @@ libhtp:\n\ FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2254,7 +2318,7 @@ libhtp:\n\ DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2279,7 +2343,7 @@ libhtp:\n\ } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2297,7 +2361,7 @@ libhtp:\n\ } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2317,6 +2381,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); HTPFreeConfig(); HtpConfigRestoreBackup(); ConfRestoreContextBackup(); @@ -2385,6 +2451,7 @@ libhtp:\n\ uint8_t http_buf3[] = "8901234ABC"; uint32_t http_len3 = sizeof(http_buf3) - 1; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2395,6 +2462,7 @@ libhtp:\n\ FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2426,7 +2494,7 @@ libhtp:\n\ DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2451,7 +2519,7 @@ libhtp:\n\ } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2469,7 +2537,7 @@ libhtp:\n\ } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2489,6 +2557,8 @@ libhtp:\n\ result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); HTPFreeConfig(); HtpConfigRestoreBackup(); ConfRestoreContextBackup(); @@ -2541,6 +2611,7 @@ static int DetectEngineHttpServerBodyTest18(void) }; uint32_t http_len2 = sizeof(http_buf2); int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2551,6 +2622,7 @@ static int DetectEngineHttpServerBodyTest18(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2581,7 +2653,7 @@ static int DetectEngineHttpServerBodyTest18(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2603,7 +2675,7 @@ static int DetectEngineHttpServerBodyTest18(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2621,6 +2693,8 @@ static int DetectEngineHttpServerBodyTest18(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2667,6 +2741,7 @@ static int DetectEngineHttpServerBodyTest19(void) // 0xb2, 0x7d, 0xac, 0x9b, 0x19, 0x00, 0x00, 0x00, uint32_t http_len2 = sizeof(http_buf2); int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2677,6 +2752,7 @@ static int DetectEngineHttpServerBodyTest19(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2707,7 +2783,7 @@ static int DetectEngineHttpServerBodyTest19(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2729,7 +2805,7 @@ static int DetectEngineHttpServerBodyTest19(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2747,6 +2823,8 @@ static int DetectEngineHttpServerBodyTest19(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2793,6 +2871,7 @@ static int DetectEngineHttpServerBodyTest20(void) // 0xb2, 0x7d, 0xac, 0x9b, 0x19, 0x00, 0x00, 0x00, uint32_t http_len2 = sizeof(http_buf2); int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2803,6 +2882,7 @@ static int DetectEngineHttpServerBodyTest20(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2833,7 +2913,7 @@ static int DetectEngineHttpServerBodyTest20(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2855,7 +2935,7 @@ static int DetectEngineHttpServerBodyTest20(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2873,6 +2953,8 @@ static int DetectEngineHttpServerBodyTest20(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2921,6 +3003,7 @@ static int DetectEngineHttpServerBodyTest21(void) }; uint32_t http_len2 = sizeof(http_buf2); int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2931,6 +3014,7 @@ static int DetectEngineHttpServerBodyTest21(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2961,7 +3045,7 @@ static int DetectEngineHttpServerBodyTest21(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2983,7 +3067,7 @@ static int DetectEngineHttpServerBodyTest21(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3001,6 +3085,8 @@ static int DetectEngineHttpServerBodyTest21(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3051,6 +3137,7 @@ static int DetectEngineHttpServerBodyTest22(void) }; uint32_t http_len2 = sizeof(http_buf2); int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3061,6 +3148,7 @@ static int DetectEngineHttpServerBodyTest22(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3091,7 +3179,7 @@ static int DetectEngineHttpServerBodyTest22(void) SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3113,7 +3201,7 @@ static int DetectEngineHttpServerBodyTest22(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3131,6 +3219,8 @@ static int DetectEngineHttpServerBodyTest22(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3169,6 +3259,7 @@ static int DetectEngineHttpServerBodyFileDataTest01(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3179,6 +3270,7 @@ static int DetectEngineHttpServerBodyFileDataTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3211,7 +3303,7 @@ static int DetectEngineHttpServerBodyFileDataTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3236,7 +3328,7 @@ static int DetectEngineHttpServerBodyFileDataTest01(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3256,6 +3348,8 @@ static int DetectEngineHttpServerBodyFileDataTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3294,6 +3388,7 @@ static int DetectEngineHttpServerBodyFileDataTest02(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3304,6 +3399,7 @@ static int DetectEngineHttpServerBodyFileDataTest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3336,7 +3432,7 @@ static int DetectEngineHttpServerBodyFileDataTest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3361,7 +3457,7 @@ static int DetectEngineHttpServerBodyFileDataTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3381,6 +3477,8 @@ static int DetectEngineHttpServerBodyFileDataTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3420,6 +3518,7 @@ static int DetectEngineHttpServerBodyFileDataTest03(void) "XYZ_klm_1234abcd_XYZ_klm_5678abcd"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3430,6 +3529,7 @@ static int DetectEngineHttpServerBodyFileDataTest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3465,7 +3565,7 @@ static int DetectEngineHttpServerBodyFileDataTest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3490,7 +3590,7 @@ static int DetectEngineHttpServerBodyFileDataTest03(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -3514,6 +3614,8 @@ static int DetectEngineHttpServerBodyFileDataTest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) diff --git a/src/detect-engine-hscd.c b/src/detect-engine-hscd.c index 80df25423e..b4362469fa 100644 --- a/src/detect-engine-hscd.c +++ b/src/detect-engine-hscd.c @@ -44,6 +44,8 @@ #include "util-print.h" #include "flow.h" +#include "stream-tcp.h" + #include "app-layer-parser.h" #include "util-unittest.h" @@ -98,7 +100,7 @@ int DetectEngineInspectHttpStatCode(ThreadVars *tv, { htp_tx_t *tx = (htp_tx_t *)txv; if (tx->response_status == NULL) { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_RESPONSE_LINE) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_RESPONSE_LINE) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; else return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; @@ -148,6 +150,7 @@ static int DetectEngineHttpStatCodeTest01(void) "message"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -158,6 +161,7 @@ static int DetectEngineHttpStatCodeTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -189,7 +193,7 @@ static int DetectEngineHttpStatCodeTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -214,7 +218,7 @@ static int DetectEngineHttpStatCodeTest01(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -234,6 +238,8 @@ static int DetectEngineHttpStatCodeTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -271,6 +277,7 @@ static int DetectEngineHttpStatCodeTest02(void) "xxxxABC"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -280,6 +287,7 @@ static int DetectEngineHttpStatCodeTest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -307,7 +315,7 @@ static int DetectEngineHttpStatCodeTest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -317,7 +325,7 @@ static int DetectEngineHttpStatCodeTest02(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -344,6 +352,8 @@ static int DetectEngineHttpStatCodeTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -384,6 +394,7 @@ static int DetectEngineHttpStatCodeTest03(void) "\r\n" "12345678901234ABC"; uint32_t http_len3 = sizeof(http_buf3) - 1; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -394,6 +405,7 @@ static int DetectEngineHttpStatCodeTest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -425,7 +437,7 @@ static int DetectEngineHttpStatCodeTest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -450,7 +462,7 @@ static int DetectEngineHttpStatCodeTest03(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -460,7 +472,7 @@ static int DetectEngineHttpStatCodeTest03(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -480,6 +492,8 @@ static int DetectEngineHttpStatCodeTest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -518,6 +532,7 @@ static int DetectEngineHttpStatCodeTest04(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -528,6 +543,7 @@ static int DetectEngineHttpStatCodeTest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -559,7 +575,7 @@ static int DetectEngineHttpStatCodeTest04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -584,7 +600,7 @@ static int DetectEngineHttpStatCodeTest04(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -604,6 +620,8 @@ static int DetectEngineHttpStatCodeTest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -642,6 +660,7 @@ static int DetectEngineHttpStatCodeTest05(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -652,6 +671,7 @@ static int DetectEngineHttpStatCodeTest05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -683,7 +703,7 @@ static int DetectEngineHttpStatCodeTest05(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -708,7 +728,7 @@ static int DetectEngineHttpStatCodeTest05(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -728,6 +748,8 @@ static int DetectEngineHttpStatCodeTest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -766,6 +788,7 @@ static int DetectEngineHttpStatCodeTest06(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -776,6 +799,7 @@ static int DetectEngineHttpStatCodeTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -807,7 +831,7 @@ static int DetectEngineHttpStatCodeTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -832,7 +856,7 @@ static int DetectEngineHttpStatCodeTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -852,6 +876,8 @@ static int DetectEngineHttpStatCodeTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -890,6 +916,7 @@ static int DetectEngineHttpStatCodeTest07(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -900,6 +927,7 @@ static int DetectEngineHttpStatCodeTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -931,7 +959,7 @@ static int DetectEngineHttpStatCodeTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -956,7 +984,7 @@ static int DetectEngineHttpStatCodeTest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -976,6 +1004,8 @@ static int DetectEngineHttpStatCodeTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1014,6 +1044,7 @@ static int DetectEngineHttpStatCodeTest08(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1024,6 +1055,7 @@ static int DetectEngineHttpStatCodeTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1055,7 +1087,7 @@ static int DetectEngineHttpStatCodeTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1080,7 +1112,7 @@ static int DetectEngineHttpStatCodeTest08(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1100,6 +1132,8 @@ static int DetectEngineHttpStatCodeTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1138,6 +1172,7 @@ static int DetectEngineHttpStatCodeTest09(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1148,6 +1183,7 @@ static int DetectEngineHttpStatCodeTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1180,7 +1216,7 @@ static int DetectEngineHttpStatCodeTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1205,7 +1241,7 @@ static int DetectEngineHttpStatCodeTest09(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1225,6 +1261,8 @@ static int DetectEngineHttpStatCodeTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1263,6 +1301,7 @@ static int DetectEngineHttpStatCodeTest10(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1273,6 +1312,7 @@ static int DetectEngineHttpStatCodeTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1305,7 +1345,7 @@ static int DetectEngineHttpStatCodeTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1330,7 +1370,7 @@ static int DetectEngineHttpStatCodeTest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1350,6 +1390,8 @@ static int DetectEngineHttpStatCodeTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1388,6 +1430,7 @@ static int DetectEngineHttpStatCodeTest11(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1398,6 +1441,7 @@ static int DetectEngineHttpStatCodeTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1430,7 +1474,7 @@ static int DetectEngineHttpStatCodeTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1455,7 +1499,7 @@ static int DetectEngineHttpStatCodeTest11(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1475,6 +1519,8 @@ static int DetectEngineHttpStatCodeTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1513,6 +1559,7 @@ static int DetectEngineHttpStatCodeTest12(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1523,6 +1570,7 @@ static int DetectEngineHttpStatCodeTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1555,7 +1603,7 @@ static int DetectEngineHttpStatCodeTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1580,7 +1628,7 @@ static int DetectEngineHttpStatCodeTest12(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1600,6 +1648,8 @@ static int DetectEngineHttpStatCodeTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1638,6 +1688,7 @@ static int DetectEngineHttpStatCodeTest13(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1648,6 +1699,7 @@ static int DetectEngineHttpStatCodeTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1680,7 +1732,7 @@ static int DetectEngineHttpStatCodeTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1705,7 +1757,7 @@ static int DetectEngineHttpStatCodeTest13(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1725,6 +1777,8 @@ static int DetectEngineHttpStatCodeTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1763,6 +1817,7 @@ static int DetectEngineHttpStatCodeTest14(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1773,6 +1828,7 @@ static int DetectEngineHttpStatCodeTest14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1805,7 +1861,7 @@ static int DetectEngineHttpStatCodeTest14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1830,7 +1886,7 @@ static int DetectEngineHttpStatCodeTest14(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1850,6 +1906,8 @@ static int DetectEngineHttpStatCodeTest14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1888,6 +1946,7 @@ static int DetectEngineHttpStatCodeTest15(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1898,6 +1957,7 @@ static int DetectEngineHttpStatCodeTest15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1930,7 +1990,7 @@ static int DetectEngineHttpStatCodeTest15(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1955,7 +2015,7 @@ static int DetectEngineHttpStatCodeTest15(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1975,6 +2035,8 @@ static int DetectEngineHttpStatCodeTest15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) diff --git a/src/detect-engine-hsmd.c b/src/detect-engine-hsmd.c index 46af28a99e..797505c22e 100644 --- a/src/detect-engine-hsmd.c +++ b/src/detect-engine-hsmd.c @@ -44,6 +44,8 @@ #include "util-print.h" #include "flow.h" +#include "stream-tcp.h" + #include "app-layer-parser.h" #include "util-unittest.h" @@ -98,7 +100,7 @@ int DetectEngineInspectHttpStatMsg(ThreadVars *tv, { htp_tx_t *tx = (htp_tx_t *)txv; if (tx->response_message == NULL) { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_RESPONSE_LINE) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_RESPONSE_LINE) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; else return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; @@ -148,6 +150,7 @@ static int DetectEngineHttpStatMsgTest01(void) "message"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -158,6 +161,7 @@ static int DetectEngineHttpStatMsgTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -189,7 +193,7 @@ static int DetectEngineHttpStatMsgTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -214,7 +218,7 @@ static int DetectEngineHttpStatMsgTest01(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -234,6 +238,8 @@ static int DetectEngineHttpStatMsgTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -271,6 +277,7 @@ static int DetectEngineHttpStatMsgTest02(void) "xxxxABC"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -280,6 +287,7 @@ static int DetectEngineHttpStatMsgTest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -307,7 +315,7 @@ static int DetectEngineHttpStatMsgTest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -317,7 +325,7 @@ static int DetectEngineHttpStatMsgTest02(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -344,6 +352,8 @@ static int DetectEngineHttpStatMsgTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -384,6 +394,7 @@ static int DetectEngineHttpStatMsgTest03(void) "\r\n" "12345678901234ABC"; uint32_t http_len3 = sizeof(http_buf3) - 1; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -394,6 +405,7 @@ static int DetectEngineHttpStatMsgTest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -425,7 +437,7 @@ static int DetectEngineHttpStatMsgTest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -450,7 +462,7 @@ static int DetectEngineHttpStatMsgTest03(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -460,7 +472,7 @@ static int DetectEngineHttpStatMsgTest03(void) SCMutexUnlock(&f.m); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -480,6 +492,8 @@ static int DetectEngineHttpStatMsgTest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -518,6 +532,7 @@ static int DetectEngineHttpStatMsgTest04(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -528,6 +543,7 @@ static int DetectEngineHttpStatMsgTest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -559,7 +575,7 @@ static int DetectEngineHttpStatMsgTest04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -584,7 +600,7 @@ static int DetectEngineHttpStatMsgTest04(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -604,6 +620,8 @@ static int DetectEngineHttpStatMsgTest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -642,6 +660,7 @@ static int DetectEngineHttpStatMsgTest05(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -652,6 +671,7 @@ static int DetectEngineHttpStatMsgTest05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -683,7 +703,7 @@ static int DetectEngineHttpStatMsgTest05(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -708,7 +728,7 @@ static int DetectEngineHttpStatMsgTest05(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -728,6 +748,8 @@ static int DetectEngineHttpStatMsgTest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -766,6 +788,7 @@ static int DetectEngineHttpStatMsgTest06(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -776,6 +799,7 @@ static int DetectEngineHttpStatMsgTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -807,7 +831,7 @@ static int DetectEngineHttpStatMsgTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -832,7 +856,7 @@ static int DetectEngineHttpStatMsgTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -852,6 +876,8 @@ static int DetectEngineHttpStatMsgTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -890,6 +916,7 @@ static int DetectEngineHttpStatMsgTest07(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -900,6 +927,7 @@ static int DetectEngineHttpStatMsgTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -931,7 +959,7 @@ static int DetectEngineHttpStatMsgTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -956,7 +984,7 @@ static int DetectEngineHttpStatMsgTest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -976,6 +1004,8 @@ static int DetectEngineHttpStatMsgTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1014,6 +1044,7 @@ static int DetectEngineHttpStatMsgTest08(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1024,6 +1055,7 @@ static int DetectEngineHttpStatMsgTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1055,7 +1087,7 @@ static int DetectEngineHttpStatMsgTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1080,7 +1112,7 @@ static int DetectEngineHttpStatMsgTest08(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1100,6 +1132,8 @@ static int DetectEngineHttpStatMsgTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1138,6 +1172,7 @@ static int DetectEngineHttpStatMsgTest09(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1148,6 +1183,7 @@ static int DetectEngineHttpStatMsgTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1180,7 +1216,7 @@ static int DetectEngineHttpStatMsgTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1205,7 +1241,7 @@ static int DetectEngineHttpStatMsgTest09(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1225,6 +1261,8 @@ static int DetectEngineHttpStatMsgTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1263,6 +1301,7 @@ static int DetectEngineHttpStatMsgTest10(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1273,6 +1312,7 @@ static int DetectEngineHttpStatMsgTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1305,7 +1345,7 @@ static int DetectEngineHttpStatMsgTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1330,7 +1370,7 @@ static int DetectEngineHttpStatMsgTest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1350,6 +1390,8 @@ static int DetectEngineHttpStatMsgTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1388,6 +1430,7 @@ static int DetectEngineHttpStatMsgTest11(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1398,6 +1441,7 @@ static int DetectEngineHttpStatMsgTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1430,7 +1474,7 @@ static int DetectEngineHttpStatMsgTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1455,7 +1499,7 @@ static int DetectEngineHttpStatMsgTest11(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1475,6 +1519,8 @@ static int DetectEngineHttpStatMsgTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1513,6 +1559,7 @@ static int DetectEngineHttpStatMsgTest12(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1523,6 +1570,7 @@ static int DetectEngineHttpStatMsgTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1555,7 +1603,7 @@ static int DetectEngineHttpStatMsgTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1580,7 +1628,7 @@ static int DetectEngineHttpStatMsgTest12(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1600,6 +1648,8 @@ static int DetectEngineHttpStatMsgTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1638,6 +1688,7 @@ static int DetectEngineHttpStatMsgTest13(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1648,6 +1699,7 @@ static int DetectEngineHttpStatMsgTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1680,7 +1732,7 @@ static int DetectEngineHttpStatMsgTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1705,7 +1757,7 @@ static int DetectEngineHttpStatMsgTest13(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1725,6 +1777,8 @@ static int DetectEngineHttpStatMsgTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1763,6 +1817,7 @@ static int DetectEngineHttpStatMsgTest14(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1773,6 +1828,7 @@ static int DetectEngineHttpStatMsgTest14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1805,7 +1861,7 @@ static int DetectEngineHttpStatMsgTest14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1830,7 +1886,7 @@ static int DetectEngineHttpStatMsgTest14(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1850,6 +1906,8 @@ static int DetectEngineHttpStatMsgTest14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1888,6 +1946,7 @@ static int DetectEngineHttpStatMsgTest15(void) "abcdef"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1898,6 +1957,7 @@ static int DetectEngineHttpStatMsgTest15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1930,7 +1990,7 @@ static int DetectEngineHttpStatMsgTest15(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1955,7 +2015,7 @@ static int DetectEngineHttpStatMsgTest15(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -1975,6 +2035,8 @@ static int DetectEngineHttpStatMsgTest15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) diff --git a/src/detect-engine-hua.c b/src/detect-engine-hua.c index de7ff95abf..42b9384af3 100644 --- a/src/detect-engine-hua.c +++ b/src/detect-engine-hua.c @@ -46,6 +46,8 @@ #include "util-print.h" #include "flow.h" +#include "stream-tcp.h" + #include "app-layer-parser.h" #include "util-unittest.h" @@ -120,7 +122,7 @@ int DetectEngineInspectHttpUA(ThreadVars *tv, return DETECT_ENGINE_INSPECT_SIG_MATCH; end: - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_HEADERS) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_HEADERS) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; else return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; @@ -149,6 +151,7 @@ static int DetectEngineHttpUATest01(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -158,6 +161,7 @@ static int DetectEngineHttpUATest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -184,7 +188,7 @@ static int DetectEngineHttpUATest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -211,6 +215,8 @@ static int DetectEngineHttpUATest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -243,6 +249,7 @@ static int DetectEngineHttpUATest02(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -252,6 +259,7 @@ static int DetectEngineHttpUATest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -278,7 +286,7 @@ static int DetectEngineHttpUATest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -305,6 +313,8 @@ static int DetectEngineHttpUATest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -337,6 +347,7 @@ static int DetectEngineHttpUATest03(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -346,6 +357,7 @@ static int DetectEngineHttpUATest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -372,7 +384,7 @@ static int DetectEngineHttpUATest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -399,6 +411,8 @@ static int DetectEngineHttpUATest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -431,6 +445,7 @@ static int DetectEngineHttpUATest04(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -440,6 +455,7 @@ static int DetectEngineHttpUATest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -466,7 +482,7 @@ static int DetectEngineHttpUATest04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -493,6 +509,8 @@ static int DetectEngineHttpUATest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -525,6 +543,7 @@ static int DetectEngineHttpUATest05(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -534,6 +553,7 @@ static int DetectEngineHttpUATest05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -560,7 +580,7 @@ static int DetectEngineHttpUATest05(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -587,6 +607,8 @@ static int DetectEngineHttpUATest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -619,6 +641,7 @@ static int DetectEngineHttpUATest06(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -628,6 +651,7 @@ static int DetectEngineHttpUATest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -654,7 +678,7 @@ static int DetectEngineHttpUATest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -681,6 +705,8 @@ static int DetectEngineHttpUATest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -713,6 +739,7 @@ static int DetectEngineHttpUATest07(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -722,6 +749,7 @@ static int DetectEngineHttpUATest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -748,7 +776,7 @@ static int DetectEngineHttpUATest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -775,6 +803,8 @@ static int DetectEngineHttpUATest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -807,6 +837,7 @@ static int DetectEngineHttpUATest08(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -816,6 +847,7 @@ static int DetectEngineHttpUATest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -842,7 +874,7 @@ static int DetectEngineHttpUATest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -869,6 +901,8 @@ static int DetectEngineHttpUATest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -901,6 +935,7 @@ static int DetectEngineHttpUATest09(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -910,6 +945,7 @@ static int DetectEngineHttpUATest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -936,7 +972,7 @@ static int DetectEngineHttpUATest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -963,6 +999,8 @@ static int DetectEngineHttpUATest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -995,6 +1033,7 @@ static int DetectEngineHttpUATest10(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1004,6 +1043,7 @@ static int DetectEngineHttpUATest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1031,7 +1071,7 @@ static int DetectEngineHttpUATest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1058,6 +1098,8 @@ static int DetectEngineHttpUATest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1090,6 +1132,7 @@ static int DetectEngineHttpUATest11(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1099,6 +1142,7 @@ static int DetectEngineHttpUATest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1126,7 +1170,7 @@ static int DetectEngineHttpUATest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1153,6 +1197,8 @@ static int DetectEngineHttpUATest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1185,6 +1231,7 @@ static int DetectEngineHttpUATest12(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1194,6 +1241,7 @@ static int DetectEngineHttpUATest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1221,7 +1269,7 @@ static int DetectEngineHttpUATest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1248,6 +1296,8 @@ static int DetectEngineHttpUATest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1280,6 +1330,7 @@ static int DetectEngineHttpUATest13(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1289,6 +1340,7 @@ static int DetectEngineHttpUATest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1316,7 +1368,7 @@ static int DetectEngineHttpUATest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1343,6 +1395,8 @@ static int DetectEngineHttpUATest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1375,6 +1429,7 @@ static int DetectEngineHttpUATest14(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1384,6 +1439,7 @@ static int DetectEngineHttpUATest14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1411,7 +1467,7 @@ static int DetectEngineHttpUATest14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1438,6 +1494,8 @@ static int DetectEngineHttpUATest14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1470,6 +1528,7 @@ static int DetectEngineHttpUATest15(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1479,6 +1538,7 @@ static int DetectEngineHttpUATest15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1506,7 +1566,7 @@ static int DetectEngineHttpUATest15(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1533,6 +1593,8 @@ static int DetectEngineHttpUATest15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1565,6 +1627,7 @@ static int DetectEngineHttpUATest16(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1574,6 +1637,7 @@ static int DetectEngineHttpUATest16(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1601,7 +1665,7 @@ static int DetectEngineHttpUATest16(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1628,6 +1692,8 @@ static int DetectEngineHttpUATest16(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1660,6 +1726,7 @@ static int DetectEngineHttpUATest17(void) "Host: www.onetwothreefourfivesixseven.org\r\n\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1669,6 +1736,7 @@ static int DetectEngineHttpUATest17(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1696,7 +1764,7 @@ static int DetectEngineHttpUATest17(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1723,6 +1791,8 @@ static int DetectEngineHttpUATest17(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c index 75c3d09610..7e310359b4 100644 --- a/src/detect-engine-state.c +++ b/src/detect-engine-state.c @@ -63,6 +63,7 @@ #include "stream-tcp-private.h" #include "stream-tcp-reassemble.h" +#include "app-layer.h" #include "app-layer-parser.h" #include "app-layer-protos.h" #include "app-layer-htp.h" @@ -75,6 +76,8 @@ #include "util-unittest-helper.h" #include "util-profiling.h" +#include "flow-util.h" + /** convert enum to string */ #define CASE_CODE(E) case E: return #E @@ -215,9 +218,9 @@ int DeStateFlowHasInspectableState(Flow *f, uint16_t alproto, uint16_t alversion SCMutexLock(&f->de_state_m); if (f->de_state == NULL || f->de_state->dir_state[flags & STREAM_TOSERVER ? 0 : 1].cnt == 0) { - if (AppLayerAlprotoSupportsTxs(alproto)) { + if (AppLayerParserProtocolSupportsTxs(f->proto, alproto)) { FLOWLOCK_RDLOCK(f); - if (AppLayerTransactionGetInspectId(f, flags) >= AppLayerGetTxCnt(alproto, f->alstate)) + if (AppLayerParserGetTransactionInspectId(f->alparser, flags) >= AppLayerParserGetTxCnt(f->proto, alproto, f->alstate)) r = 2; else r = 0; @@ -263,7 +266,7 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, if (alstate == NULL) goto end; - if (AppLayerAlprotoSupportsTxs(alproto)) { + if (AppLayerParserProtocolSupportsTxs(f->proto, alproto)) { FLOWLOCK_WRLOCK(f); if (alproto == ALPROTO_HTTP) { @@ -273,17 +276,17 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, goto end; } } - tx_id = AppLayerTransactionGetInspectId(f, flags); + tx_id = AppLayerParserGetTransactionInspectId(f->alparser, flags); SCLogDebug("tx_id %"PRIu64, tx_id); - total_txs = AppLayerGetTxCnt(alproto, alstate); + total_txs = AppLayerParserGetTxCnt(f->proto, alproto, alstate); SCLogDebug("total_txs %"PRIu64, total_txs); for (; tx_id < total_txs; tx_id++) { total_matches = 0; - tx = AppLayerGetTx(alproto, alstate, tx_id); + tx = AppLayerParserGetTx(f->proto, alproto, alstate, tx_id); if (tx == NULL) continue; - engine = app_inspection_engine[alproto][direction]; + engine = app_inspection_engine[FlowGetProtoMapping(f->proto)][alproto][direction]; inspect_flags = 0; while (engine != NULL) { if (s->sm_lists[engine->sm_list] != NULL) { @@ -324,11 +327,11 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, } if (tx_id == (total_txs - 1)) { - void *tx = AppLayerGetTx(alproto, alstate, tx_id); + void *tx = AppLayerParserGetTx(f->proto, alproto, alstate, tx_id); if (tx == NULL) continue; - if (AppLayerGetAlstateProgress(alproto, tx, direction) < - AppLayerGetAlstateProgressCompletionStatus(alproto, direction)) { + if (AppLayerParserGetStateProgress(f->proto, alproto, tx, flags) < + AppLayerParserGetStateProgressCompletionStatus(f->proto, alproto, flags)) { store_de_state = 1; if (engine == NULL || inspect_flags & DE_STATE_FLAG_SIG_CANT_MATCH) inspect_flags |= DE_STATE_FLAG_FULL_INSPECT; @@ -477,22 +480,21 @@ void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, * keywords with transaction keywords. Without this we would * assume that we have an alert if engine == NULL */ uint8_t total_matches = 0; - uint8_t direction = (flags & STREAM_TOSERVER) ? 0 : 1; DeStateResetFileInspection(f, alproto, alstate, flags); - if (AppLayerAlprotoSupportsTxs(alproto)) { + if (AppLayerParserProtocolSupportsTxs(f->proto, alproto)) { FLOWLOCK_RDLOCK(f); - inspect_tx_id = AppLayerTransactionGetInspectId(f, flags); - total_txs = AppLayerGetTxCnt(alproto, alstate); - inspect_tx = AppLayerGetTx(alproto, alstate, inspect_tx_id); + inspect_tx_id = AppLayerParserGetTransactionInspectId(f->alparser, flags); + total_txs = AppLayerParserGetTxCnt(f->proto, alproto, alstate); + inspect_tx = AppLayerParserGetTx(f->proto, alproto, alstate, inspect_tx_id); if (inspect_tx == NULL) { FLOWLOCK_UNLOCK(f); SCMutexUnlock(&f->de_state_m); return; } - if (AppLayerGetAlstateProgress(alproto, inspect_tx, direction) >= - AppLayerGetAlstateProgressCompletionStatus(alproto, direction)) { + if (AppLayerParserGetStateProgress(f->proto, alproto, inspect_tx, flags) >= + AppLayerParserGetStateProgressCompletionStatus(f->proto, alproto, flags)) { reset_de_state = 1; } FLOWLOCK_UNLOCK(f); @@ -579,8 +581,8 @@ void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, } } - engine = app_inspection_engine[alproto][(flags & STREAM_TOSERVER) ? 0 : 1]; - inspect_tx = AppLayerGetTx(alproto, alstate, inspect_tx_id); + engine = app_inspection_engine[FlowGetProtoMapping(f->proto)][alproto][(flags & STREAM_TOSERVER) ? 0 : 1]; + inspect_tx = AppLayerParserGetTx(f->proto, alproto, alstate, inspect_tx_id); if (inspect_tx == NULL) { FLOWLOCK_UNLOCK(f); RULE_PROFILING_END(det_ctx, s, match); @@ -709,7 +711,9 @@ end: void DeStateUpdateInspectTransactionId(Flow *f, uint8_t direction) { - AppLayerTransactionUpdateInspectId(f, direction); + FLOWLOCK_WRLOCK(f); + AppLayerParserSetTransactionInspectId(f->alparser, f->proto, f->alproto, f->alstate, direction); + FLOWLOCK_UNLOCK(f); return; } @@ -909,6 +913,7 @@ static int DeStateSigTest01(void) uint32_t httplen3 = sizeof(httpbuf3) - 1; /* minus the \0 */ uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */ HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -918,6 +923,7 @@ static int DeStateSigTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -945,7 +951,7 @@ static int DeStateSigTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -961,7 +967,7 @@ static int DeStateSigTest01(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -977,7 +983,7 @@ static int DeStateSigTest01(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -993,7 +999,7 @@ static int DeStateSigTest01(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1011,6 +1017,8 @@ static int DeStateSigTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (http_state != NULL) { HTPStateFree(http_state); } @@ -1051,6 +1059,7 @@ static int DeStateSigTest02(void) { uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */ uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */ uint32_t httplen7 = sizeof(httpbuf7) - 1; /* minus the \0 */ + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1093,7 +1102,7 @@ static int DeStateSigTest02(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1109,7 +1118,7 @@ static int DeStateSigTest02(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1125,7 +1134,7 @@ static int DeStateSigTest02(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1141,7 +1150,7 @@ static int DeStateSigTest02(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1158,7 +1167,7 @@ static int DeStateSigTest02(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); if (r != 0) { printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1174,7 +1183,7 @@ static int DeStateSigTest02(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); if (r != 0) { printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1192,7 +1201,7 @@ static int DeStateSigTest02(void) { SCLogDebug("sending data chunk 7"); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7); if (r != 0) { printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1209,6 +1218,8 @@ static int DeStateSigTest02(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -1242,6 +1253,7 @@ static int DeStateSigTest03(void) { Flow *f = NULL; Packet *p = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&ssn, 0, sizeof(ssn)); @@ -1267,6 +1279,7 @@ static int DeStateSigTest03(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; f->alproto = ALPROTO_HTTP; p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); @@ -1281,7 +1294,7 @@ static int DeStateSigTest03(void) { StreamTcpInitConfig(TRUE); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1310,7 +1323,8 @@ static int DeStateSigTest03(void) { } SCMutexLock(&f->m); - FileContainer *files = AppLayerGetFilesFromFlow(p->flow, STREAM_TOSERVER); + FileContainer *files = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto, + p->flow->alstate, STREAM_TOSERVER); if (files == NULL) { printf("no stored files: "); SCMutexUnlock(&f->m); @@ -1331,6 +1345,8 @@ static int DeStateSigTest03(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); UTHFreeFlow(f); if (det_ctx != NULL) { @@ -1363,6 +1379,7 @@ static int DeStateSigTest04(void) { Flow *f = NULL; Packet *p = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&ssn, 0, sizeof(ssn)); @@ -1388,6 +1405,7 @@ static int DeStateSigTest04(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; f->alproto = ALPROTO_HTTP; p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); @@ -1402,7 +1420,7 @@ static int DeStateSigTest04(void) { StreamTcpInitConfig(TRUE); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1431,7 +1449,8 @@ static int DeStateSigTest04(void) { } SCMutexLock(&f->m); - FileContainer *files = AppLayerGetFilesFromFlow(p->flow, STREAM_TOSERVER); + FileContainer *files = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto, + p->flow->alstate, STREAM_TOSERVER); if (files == NULL) { printf("no stored files: "); SCMutexUnlock(&f->m); @@ -1452,6 +1471,8 @@ static int DeStateSigTest04(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); UTHFreeFlow(f); if (det_ctx != NULL) { @@ -1484,6 +1505,7 @@ static int DeStateSigTest05(void) { Flow *f = NULL; Packet *p = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&ssn, 0, sizeof(ssn)); @@ -1509,6 +1531,7 @@ static int DeStateSigTest05(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; f->alproto = ALPROTO_HTTP; p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); @@ -1523,7 +1546,7 @@ static int DeStateSigTest05(void) { StreamTcpInitConfig(TRUE); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1552,7 +1575,8 @@ static int DeStateSigTest05(void) { } SCMutexLock(&f->m); - FileContainer *files = AppLayerGetFilesFromFlow(p->flow, STREAM_TOSERVER); + FileContainer *files = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto, + p->flow->alstate, STREAM_TOSERVER); if (files == NULL) { printf("no stored files: "); SCMutexUnlock(&f->m); @@ -1573,6 +1597,8 @@ static int DeStateSigTest05(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); UTHFreeFlow(f); if (det_ctx != NULL) { @@ -1605,6 +1631,7 @@ static int DeStateSigTest06(void) { Flow *f = NULL; Packet *p = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&ssn, 0, sizeof(ssn)); @@ -1630,6 +1657,7 @@ static int DeStateSigTest06(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; f->alproto = ALPROTO_HTTP; p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); @@ -1644,7 +1672,7 @@ static int DeStateSigTest06(void) { StreamTcpInitConfig(TRUE); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1673,7 +1701,8 @@ static int DeStateSigTest06(void) { } SCMutexLock(&f->m); - FileContainer *files = AppLayerGetFilesFromFlow(p->flow, STREAM_TOSERVER); + FileContainer *files = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto, + p->flow->alstate, STREAM_TOSERVER); if (files == NULL) { printf("no stored files: "); SCMutexUnlock(&f->m); @@ -1694,6 +1723,8 @@ static int DeStateSigTest06(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); UTHFreeFlow(f); if (det_ctx != NULL) { @@ -1728,6 +1759,7 @@ static int DeStateSigTest07(void) { Flow *f = NULL; Packet *p = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&ssn, 0, sizeof(ssn)); @@ -1753,6 +1785,7 @@ static int DeStateSigTest07(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; f->alproto = ALPROTO_HTTP; p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); @@ -1768,7 +1801,7 @@ static int DeStateSigTest07(void) { SCLogDebug("\n>>>> processing chunk 1 <<<<\n"); SCMutexLock(&f->m); - int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1786,7 +1819,7 @@ static int DeStateSigTest07(void) { SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2); SCMutexLock(&f->m); - r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1814,7 +1847,8 @@ static int DeStateSigTest07(void) { } SCMutexLock(&f->m); - FileContainer *files = AppLayerGetFilesFromFlow(p->flow, STREAM_TOSERVER); + FileContainer *files = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto, + p->flow->alstate, STREAM_TOSERVER); if (files == NULL) { printf("no stored files: "); SCMutexUnlock(&f->m); @@ -1835,6 +1869,8 @@ static int DeStateSigTest07(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); UTHFreeFlow(f); if (det_ctx != NULL) { diff --git a/src/detect-engine-uri.c b/src/detect-engine-uri.c index 9a1d79002a..da3b734fa7 100644 --- a/src/detect-engine-uri.c +++ b/src/detect-engine-uri.c @@ -38,6 +38,8 @@ #include "util-print.h" #include "flow.h" +#include "stream-tcp.h" + #include "app-layer-parser.h" #include "util-unittest.h" @@ -71,7 +73,7 @@ int DetectEngineInspectPacketUris(ThreadVars *tv, HtpTxUserData *tx_ud = htp_tx_get_user_data(txv); if (tx_ud == NULL || tx_ud->request_uri_normalized == NULL) { - if (AppLayerGetAlstateProgress(ALPROTO_HTTP, txv, 0) > HTP_REQUEST_LINE) + if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, STREAM_TOSERVER) > HTP_REQUEST_LINE) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; else return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; @@ -123,6 +125,7 @@ static int UriTestSig01(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -132,6 +135,7 @@ static int UriTestSig01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -160,7 +164,7 @@ static int UriTestSig01(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -185,7 +189,7 @@ static int UriTestSig01(void) DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -210,6 +214,8 @@ static int UriTestSig01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -242,6 +248,7 @@ static int UriTestSig02(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -251,6 +258,7 @@ static int UriTestSig02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -279,7 +287,7 @@ static int UriTestSig02(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -304,7 +312,7 @@ static int UriTestSig02(void) DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -329,6 +337,8 @@ static int UriTestSig02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -361,6 +371,7 @@ static int UriTestSig03(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -370,6 +381,7 @@ static int UriTestSig03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -398,7 +410,7 @@ static int UriTestSig03(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -423,7 +435,7 @@ static int UriTestSig03(void) DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -448,6 +460,8 @@ static int UriTestSig03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -480,6 +494,7 @@ static int UriTestSig04(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -489,6 +504,7 @@ static int UriTestSig04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -517,7 +533,7 @@ static int UriTestSig04(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -542,7 +558,7 @@ static int UriTestSig04(void) DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -567,6 +583,8 @@ static int UriTestSig04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -599,6 +617,7 @@ static int UriTestSig05(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -608,6 +627,7 @@ static int UriTestSig05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -636,7 +656,7 @@ static int UriTestSig05(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -661,7 +681,7 @@ static int UriTestSig05(void) DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -686,6 +706,8 @@ static int UriTestSig05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -718,6 +740,7 @@ static int UriTestSig06(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -727,6 +750,7 @@ static int UriTestSig06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -755,7 +779,7 @@ static int UriTestSig06(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -780,7 +804,7 @@ static int UriTestSig06(void) DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -805,6 +829,8 @@ static int UriTestSig06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -837,6 +863,7 @@ static int UriTestSig07(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -846,6 +873,7 @@ static int UriTestSig07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -874,7 +902,7 @@ static int UriTestSig07(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -899,7 +927,7 @@ static int UriTestSig07(void) DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -924,6 +952,8 @@ static int UriTestSig07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -956,6 +986,7 @@ static int UriTestSig08(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -965,6 +996,7 @@ static int UriTestSig08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -993,7 +1025,7 @@ static int UriTestSig08(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1018,7 +1050,7 @@ static int UriTestSig08(void) DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1043,6 +1075,8 @@ static int UriTestSig08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -1075,6 +1109,7 @@ static int UriTestSig09(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -1084,6 +1119,7 @@ static int UriTestSig09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1112,7 +1148,7 @@ static int UriTestSig09(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1137,7 +1173,7 @@ static int UriTestSig09(void) DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1162,6 +1198,8 @@ static int UriTestSig09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -1194,6 +1232,7 @@ static int UriTestSig10(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -1203,6 +1242,7 @@ static int UriTestSig10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1231,7 +1271,7 @@ static int UriTestSig10(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1256,7 +1296,7 @@ static int UriTestSig10(void) DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1281,6 +1321,8 @@ static int UriTestSig10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -1313,6 +1355,7 @@ static int UriTestSig11(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -1322,6 +1365,7 @@ static int UriTestSig11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1351,7 +1395,7 @@ static int UriTestSig11(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1376,7 +1420,7 @@ static int UriTestSig11(void) DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1401,6 +1445,8 @@ static int UriTestSig11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -1433,6 +1479,7 @@ static int UriTestSig12(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -1442,6 +1489,7 @@ static int UriTestSig12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1471,7 +1519,7 @@ static int UriTestSig12(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1496,7 +1544,7 @@ static int UriTestSig12(void) DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1521,6 +1569,8 @@ static int UriTestSig12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -1553,6 +1603,7 @@ static int UriTestSig13(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -1562,6 +1613,7 @@ static int UriTestSig13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1590,7 +1642,7 @@ static int UriTestSig13(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1615,7 +1667,7 @@ static int UriTestSig13(void) DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1641,6 +1693,8 @@ static int UriTestSig13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -1673,6 +1727,7 @@ static int UriTestSig14(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -1682,6 +1737,7 @@ static int UriTestSig14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1710,7 +1766,7 @@ static int UriTestSig14(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1735,7 +1791,7 @@ static int UriTestSig14(void) DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1761,6 +1817,8 @@ static int UriTestSig14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -1793,6 +1851,7 @@ static int UriTestSig15(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -1802,6 +1861,7 @@ static int UriTestSig15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1830,7 +1890,7 @@ static int UriTestSig15(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1855,7 +1915,7 @@ static int UriTestSig15(void) DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1881,6 +1941,8 @@ static int UriTestSig15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -1913,6 +1975,7 @@ static int UriTestSig16(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -1922,6 +1985,7 @@ static int UriTestSig16(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1948,7 +2012,7 @@ static int UriTestSig16(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1976,7 +2040,7 @@ static int UriTestSig16(void) p->payload_len = http_buf2_len; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2001,6 +2065,8 @@ static int UriTestSig16(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -2029,6 +2095,7 @@ static int UriTestSig17(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -2038,6 +2105,7 @@ static int UriTestSig17(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2068,7 +2136,7 @@ static int UriTestSig17(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2093,6 +2161,8 @@ static int UriTestSig17(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -2121,6 +2191,7 @@ static int UriTestSig18(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -2130,6 +2201,7 @@ static int UriTestSig18(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2160,7 +2232,7 @@ static int UriTestSig18(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2185,6 +2257,8 @@ static int UriTestSig18(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -2213,6 +2287,7 @@ static int UriTestSig19(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -2222,6 +2297,7 @@ static int UriTestSig19(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2253,7 +2329,7 @@ static int UriTestSig19(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2278,6 +2354,8 @@ static int UriTestSig19(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -2306,6 +2384,7 @@ static int UriTestSig20(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -2315,6 +2394,7 @@ static int UriTestSig20(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2345,7 +2425,7 @@ static int UriTestSig20(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2370,6 +2450,8 @@ static int UriTestSig20(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -2398,6 +2480,7 @@ static int UriTestSig21(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -2407,6 +2490,7 @@ static int UriTestSig21(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2436,7 +2520,7 @@ static int UriTestSig21(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2461,6 +2545,8 @@ static int UriTestSig21(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -2490,6 +2576,7 @@ static int UriTestSig22(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -2499,6 +2586,7 @@ static int UriTestSig22(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2527,7 +2615,7 @@ static int UriTestSig22(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2552,6 +2640,8 @@ static int UriTestSig22(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -2580,6 +2670,7 @@ static int UriTestSig23(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -2589,6 +2680,7 @@ static int UriTestSig23(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2617,7 +2709,7 @@ static int UriTestSig23(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2642,6 +2734,8 @@ static int UriTestSig23(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -2670,6 +2764,7 @@ static int UriTestSig24(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -2679,6 +2774,7 @@ static int UriTestSig24(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2707,7 +2803,7 @@ static int UriTestSig24(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2732,6 +2828,8 @@ static int UriTestSig24(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -2760,6 +2858,7 @@ static int UriTestSig25(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -2769,6 +2868,7 @@ static int UriTestSig25(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2797,7 +2897,7 @@ static int UriTestSig25(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2822,6 +2922,8 @@ static int UriTestSig25(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -2850,6 +2952,7 @@ static int UriTestSig26(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -2859,6 +2962,7 @@ static int UriTestSig26(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2887,7 +2991,7 @@ static int UriTestSig26(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2912,6 +3016,8 @@ static int UriTestSig26(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -2940,6 +3046,7 @@ static int UriTestSig27(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -2949,6 +3056,7 @@ static int UriTestSig27(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2977,7 +3085,7 @@ static int UriTestSig27(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3002,6 +3110,8 @@ static int UriTestSig27(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -3062,6 +3172,7 @@ static int UriTestSig28(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3071,6 +3182,7 @@ static int UriTestSig28(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -3101,7 +3213,7 @@ static int UriTestSig28(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3126,6 +3238,8 @@ static int UriTestSig28(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -3151,6 +3265,7 @@ static int UriTestSig29(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3160,6 +3275,7 @@ static int UriTestSig29(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -3190,7 +3306,7 @@ static int UriTestSig29(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3215,6 +3331,8 @@ static int UriTestSig29(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -3240,6 +3358,7 @@ static int UriTestSig30(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3249,6 +3368,7 @@ static int UriTestSig30(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -3279,7 +3399,7 @@ static int UriTestSig30(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3304,6 +3424,8 @@ static int UriTestSig30(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -3329,6 +3451,7 @@ static int UriTestSig31(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3338,6 +3461,7 @@ static int UriTestSig31(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -3368,7 +3492,7 @@ static int UriTestSig31(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3393,6 +3517,8 @@ static int UriTestSig31(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -3418,6 +3544,7 @@ static int UriTestSig32(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3427,6 +3554,7 @@ static int UriTestSig32(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -3457,7 +3585,7 @@ static int UriTestSig32(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3482,6 +3610,8 @@ static int UriTestSig32(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -3507,6 +3637,7 @@ static int UriTestSig33(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3516,6 +3647,7 @@ static int UriTestSig33(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -3544,7 +3676,7 @@ static int UriTestSig33(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3569,6 +3701,8 @@ static int UriTestSig33(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -3594,6 +3728,7 @@ static int UriTestSig34(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3603,6 +3738,7 @@ static int UriTestSig34(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -3631,7 +3767,7 @@ static int UriTestSig34(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3656,6 +3792,8 @@ static int UriTestSig34(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -3681,6 +3819,7 @@ static int UriTestSig35(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3690,6 +3829,7 @@ static int UriTestSig35(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -3718,7 +3858,7 @@ static int UriTestSig35(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3743,6 +3883,8 @@ static int UriTestSig35(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -3768,6 +3910,7 @@ static int UriTestSig36(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3777,6 +3920,7 @@ static int UriTestSig36(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -3805,7 +3949,7 @@ static int UriTestSig36(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3830,6 +3974,8 @@ static int UriTestSig36(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -3855,6 +4001,7 @@ static int UriTestSig37(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3864,6 +4011,7 @@ static int UriTestSig37(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -3892,7 +4040,7 @@ static int UriTestSig37(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3917,6 +4065,8 @@ static int UriTestSig37(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -3942,6 +4092,7 @@ static int UriTestSig38(void) Packet *p = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -3951,6 +4102,7 @@ static int UriTestSig38(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -3979,7 +4131,7 @@ static int UriTestSig38(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -4004,6 +4156,8 @@ static int UriTestSig38(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) diff --git a/src/detect-engine.c b/src/detect-engine.c index 1c278e6df7..afbca5f547 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -26,6 +26,8 @@ #include "debug.h" #include "detect.h" #include "flow.h" +#include "flow-private.h" +#include "flow-util.h" #include "conf.h" #include "conf-yaml-loader.h" @@ -98,11 +100,11 @@ static TmEcode DetectEngineThreadCtxInitForLiveRuleSwap(ThreadVars *, void *, vo static uint8_t DetectEngineCtxLoadConf(DetectEngineCtx *); /* 2 - for each direction */ -DetectEngineAppInspectionEngine *app_inspection_engine[ALPROTO_MAX][2]; +DetectEngineAppInspectionEngine *app_inspection_engine[FLOW_PROTO_DEFAULT][ALPROTO_MAX][2]; #if 0 -static void DetectEnginePrintAppInspectionEngines(DetectEngineAppInspectionEngine *list[][2]) +static void DetectEnginePrintAppInspectionEngines(DetectEngineAppInspectionEngine *list[][ALPROTO_MAX][2]) { printf("\n"); @@ -134,6 +136,7 @@ static void DetectEnginePrintAppInspectionEngines(DetectEngineAppInspectionEngin void DetectEngineRegisterAppInspectionEngines(void) { struct tmp_t { + uint16_t ipproto; uint16_t alproto; int32_t sm_list; uint32_t inspect_flags; @@ -149,74 +152,86 @@ void DetectEngineRegisterAppInspectionEngines(void) }; struct tmp_t data_toserver[] = { - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_UMATCH, DE_STATE_FLAG_URI_INSPECT, DE_STATE_FLAG_URI_INSPECT, 0, DetectEngineInspectPacketUris }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_HCBDMATCH, DE_STATE_FLAG_HCBD_INSPECT, DE_STATE_FLAG_HCBD_INSPECT, 0, DetectEngineInspectHttpClientBody }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_HHDMATCH, DE_STATE_FLAG_HHD_INSPECT, DE_STATE_FLAG_HHD_INSPECT, 0, DetectEngineInspectHttpHeader }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_HRHDMATCH, DE_STATE_FLAG_HRHD_INSPECT, DE_STATE_FLAG_HRHD_INSPECT, 0, DetectEngineInspectHttpRawHeader }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_HMDMATCH, DE_STATE_FLAG_HMD_INSPECT, DE_STATE_FLAG_HMD_INSPECT, 0, DetectEngineInspectHttpMethod }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_HCDMATCH, DE_STATE_FLAG_HCD_INSPECT, DE_STATE_FLAG_HCD_INSPECT, 0, DetectEngineInspectHttpCookie }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_HRUDMATCH, DE_STATE_FLAG_HRUD_INSPECT, DE_STATE_FLAG_HRUD_INSPECT, 0, DetectEngineInspectHttpRawUri }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_FILEMATCH, DE_STATE_FLAG_FILE_TS_INSPECT, DE_STATE_FLAG_FILE_TS_INSPECT, 0, DetectFileInspectHttp }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_HUADMATCH, DE_STATE_FLAG_HUAD_INSPECT, DE_STATE_FLAG_HUAD_INSPECT, 0, DetectEngineInspectHttpUA }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_HHHDMATCH, DE_STATE_FLAG_HHHD_INSPECT, DE_STATE_FLAG_HHHD_INSPECT, 0, DetectEngineInspectHttpHH }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_HRHHDMATCH, DE_STATE_FLAG_HRHHD_INSPECT, DE_STATE_FLAG_HRHHD_INSPECT, 0, DetectEngineInspectHttpHRH }, /* DNS */ - { ALPROTO_DNS, + { IPPROTO_TCP, + ALPROTO_DNS, DETECT_SM_LIST_DNSQUERY_MATCH, DE_STATE_FLAG_DNSQUERY_INSPECT, DE_STATE_FLAG_DNSQUERY_INSPECT, @@ -225,14 +240,8 @@ void DetectEngineRegisterAppInspectionEngines(void) /* specifically for UDP, register again * allows us to use the alproto w/o translation * in the detection engine */ - { ALPROTO_DNS_UDP, - DETECT_SM_LIST_DNSQUERY_MATCH, - DE_STATE_FLAG_DNSQUERY_INSPECT, - DE_STATE_FLAG_DNSQUERY_INSPECT, - 0, - DetectEngineInspectDnsQueryName }, - /* dito for TCP */ - { ALPROTO_DNS_TCP, + { IPPROTO_UDP, + ALPROTO_DNS, DETECT_SM_LIST_DNSQUERY_MATCH, DE_STATE_FLAG_DNSQUERY_INSPECT, DE_STATE_FLAG_DNSQUERY_INSPECT, @@ -241,43 +250,50 @@ void DetectEngineRegisterAppInspectionEngines(void) }; struct tmp_t data_toclient[] = { - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_HSBDMATCH, DE_STATE_FLAG_HSBD_INSPECT, DE_STATE_FLAG_HSBD_INSPECT, 1, DetectEngineInspectHttpServerBody }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_HHDMATCH, DE_STATE_FLAG_HHD_INSPECT, DE_STATE_FLAG_HHD_INSPECT, 1, DetectEngineInspectHttpHeader }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_HRHDMATCH, DE_STATE_FLAG_HRHD_INSPECT, DE_STATE_FLAG_HRHD_INSPECT, 1, DetectEngineInspectHttpRawHeader }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_HCDMATCH, DE_STATE_FLAG_HCD_INSPECT, DE_STATE_FLAG_HCD_INSPECT, 1, DetectEngineInspectHttpCookie }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_FILEMATCH, DE_STATE_FLAG_FILE_TC_INSPECT, DE_STATE_FLAG_FILE_TC_INSPECT, 1, DetectFileInspectHttp }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_HSMDMATCH, DE_STATE_FLAG_HSMD_INSPECT, DE_STATE_FLAG_HSMD_INSPECT, 1, DetectEngineInspectHttpStatMsg }, - { ALPROTO_HTTP, + { IPPROTO_TCP, + ALPROTO_HTTP, DETECT_SM_LIST_HSCDMATCH, DE_STATE_FLAG_HSCD_INSPECT, DE_STATE_FLAG_HSCD_INSPECT, @@ -287,7 +303,8 @@ void DetectEngineRegisterAppInspectionEngines(void) size_t i; for (i = 0 ; i < sizeof(data_toserver) / sizeof(struct tmp_t); i++) { - DetectEngineRegisterAppInspectionEngine(data_toserver[i].alproto, + DetectEngineRegisterAppInspectionEngine(data_toserver[i].ipproto, + data_toserver[i].alproto, data_toserver[i].dir, data_toserver[i].sm_list, data_toserver[i].inspect_flags, @@ -297,7 +314,8 @@ void DetectEngineRegisterAppInspectionEngines(void) } for (i = 0 ; i < sizeof(data_toclient) / sizeof(struct tmp_t); i++) { - DetectEngineRegisterAppInspectionEngine(data_toclient[i].alproto, + DetectEngineRegisterAppInspectionEngine(data_toclient[i].ipproto, + data_toclient[i].alproto, data_toclient[i].dir, data_toclient[i].sm_list, data_toclient[i].inspect_flags, @@ -314,10 +332,10 @@ void DetectEngineRegisterAppInspectionEngines(void) } static void AppendAppInspectionEngine(DetectEngineAppInspectionEngine *engine, - DetectEngineAppInspectionEngine *list[][2]) + DetectEngineAppInspectionEngine *list[][ALPROTO_MAX][2]) { /* append to the list */ - DetectEngineAppInspectionEngine *tmp = list[engine->alproto][engine->dir]; + DetectEngineAppInspectionEngine *tmp = list[FlowGetProtoMapping(engine->ipproto)][engine->alproto][engine->dir]; DetectEngineAppInspectionEngine *insert = NULL; while (tmp != NULL) { if (tmp->dir == engine->dir && @@ -336,14 +354,15 @@ static void AppendAppInspectionEngine(DetectEngineAppInspectionEngine *engine, tmp = tmp->next; } if (insert == NULL) - list[engine->alproto][engine->dir] = engine; + list[FlowGetProtoMapping(engine->ipproto)][engine->alproto][engine->dir] = engine; else insert->next = engine; return; } -void DetectEngineRegisterAppInspectionEngine(uint16_t alproto, +void DetectEngineRegisterAppInspectionEngine(uint16_t ipproto, + uint16_t alproto, uint16_t dir, int32_t sm_list, uint32_t inspect_flags, @@ -354,18 +373,19 @@ void DetectEngineRegisterAppInspectionEngine(uint16_t alproto, Signature *sig, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id), - DetectEngineAppInspectionEngine *list[][2]) + DetectEngineAppInspectionEngine *list[][ALPROTO_MAX][2]) { if ((list == NULL) || (alproto <= ALPROTO_UNKNOWN || alproto >= ALPROTO_FAILED) || (dir > 1) || (sm_list < DETECT_SM_LIST_MATCH || sm_list >= DETECT_SM_LIST_MAX) || - (Callback == NULL)) { + (Callback == NULL)) + { SCLogError(SC_ERR_INVALID_ARGUMENTS, "Invalid arguments"); exit(EXIT_FAILURE); } - DetectEngineAppInspectionEngine *tmp = list[alproto][dir]; + DetectEngineAppInspectionEngine *tmp = list[FlowGetProtoMapping(ipproto)][alproto][dir]; while (tmp != NULL) { if (tmp->sm_list == sm_list && tmp->Callback == Callback) { return; @@ -378,6 +398,7 @@ void DetectEngineRegisterAppInspectionEngine(uint16_t alproto, exit(EXIT_FAILURE); } memset(new_engine, 0, sizeof(*new_engine)); + new_engine->ipproto = ipproto; new_engine->alproto = alproto; new_engine->dir = dir; new_engine->sm_list = sm_list; @@ -1215,9 +1236,9 @@ static TmEcode ThreadCtxDoInit (DetectEngineCtx *de_ctx, DetectEngineThreadCtx * PatternMatchThreadPrepare(&det_ctx->mtcs, de_ctx->mpm_matcher, DetectContentMaxId(de_ctx)); PatternMatchThreadPrepare(&det_ctx->mtcu, de_ctx->mpm_matcher, DetectUricontentMaxId(de_ctx)); - PmqSetup(&det_ctx->pmq, 0, de_ctx->max_fp_id); + PmqSetup(&det_ctx->pmq, de_ctx->max_fp_id); for (i = 0; i < DETECT_SMSG_PMQ_NUM; i++) { - PmqSetup(&det_ctx->smsg_pmq[i], 0, de_ctx->max_fp_id); + PmqSetup(&det_ctx->smsg_pmq[i], de_ctx->max_fp_id); } /* IP-ONLY */ @@ -1739,11 +1760,13 @@ int DummyTestAppInspectionEngine02(ThreadVars *tv, int DetectEngineTest05(void) { int result = 0; + int ip = 0; - DetectEngineAppInspectionEngine *engine_list[ALPROTO_MAX][2]; + DetectEngineAppInspectionEngine *engine_list[FLOW_PROTO_DEFAULT][ALPROTO_MAX][2]; memset(engine_list, 0, sizeof(engine_list)); - DetectEngineRegisterAppInspectionEngine(ALPROTO_HTTP, + DetectEngineRegisterAppInspectionEngine(IPPROTO_TCP, + ALPROTO_HTTP, 0 /* STREAM_TOSERVER */, DETECT_SM_LIST_UMATCH, DE_STATE_FLAG_URI_INSPECT, @@ -1752,16 +1775,17 @@ int DetectEngineTest05(void) engine_list); int alproto = ALPROTO_UNKNOWN + 1; + for (ip = 0; ip < FLOW_PROTO_DEFAULT; ip++) { for ( ; alproto < ALPROTO_FAILED; alproto++) { int dir = 0; for ( ; dir < 2; dir++) { if (alproto == ALPROTO_HTTP && dir == 0) { - if (engine_list[alproto][dir]->next != NULL) { + if (engine_list[ip][alproto][dir]->next != NULL) { printf("more than one entry found\n"); goto end; } - DetectEngineAppInspectionEngine *engine = engine_list[alproto][dir]; + DetectEngineAppInspectionEngine *engine = engine_list[ip][alproto][dir]; if (engine->alproto != alproto || engine->dir != dir || @@ -1775,20 +1799,21 @@ int DetectEngineTest05(void) } /* if (alproto == ALPROTO_HTTP && dir == 0) */ if (alproto == ALPROTO_HTTP && dir == 1) { - if (engine_list[alproto][dir] != NULL) { + if (engine_list[ip][alproto][dir] != NULL) { printf("failed for http and dir(1-toclient)\n"); goto end; } } if (alproto != ALPROTO_HTTP && - engine_list[alproto][0] != NULL && - engine_list[alproto][1] != NULL) { + engine_list[ip][alproto][0] != NULL && + engine_list[ip][alproto][1] != NULL) { printf("failed for protocol %d\n", alproto); goto end; } } /* for ( ; dir < 2 ..)*/ } /* for ( ; alproto < ALPROTO_FAILED; ..) */ + } result = 1; end: @@ -1798,18 +1823,21 @@ int DetectEngineTest05(void) int DetectEngineTest06(void) { int result = 0; + int ip = 0; - DetectEngineAppInspectionEngine *engine_list[ALPROTO_MAX][2]; + DetectEngineAppInspectionEngine *engine_list[FLOW_PROTO_DEFAULT][ALPROTO_MAX][2]; memset(engine_list, 0, sizeof(engine_list)); - DetectEngineRegisterAppInspectionEngine(ALPROTO_HTTP, + DetectEngineRegisterAppInspectionEngine(IPPROTO_TCP, + ALPROTO_HTTP, 0 /* STREAM_TOSERVER */, DETECT_SM_LIST_UMATCH, DE_STATE_FLAG_URI_INSPECT, DE_STATE_FLAG_URI_INSPECT, DummyTestAppInspectionEngine01, engine_list); - DetectEngineRegisterAppInspectionEngine(ALPROTO_HTTP, + DetectEngineRegisterAppInspectionEngine(IPPROTO_TCP, + ALPROTO_HTTP, 1 /* STREAM_TOCLIENT */, DETECT_SM_LIST_UMATCH, DE_STATE_FLAG_URI_INSPECT, @@ -1818,16 +1846,17 @@ int DetectEngineTest06(void) engine_list); int alproto = ALPROTO_UNKNOWN + 1; + for (ip = 0; ip < FLOW_PROTO_DEFAULT; ip++) { for ( ; alproto < ALPROTO_FAILED; alproto++) { int dir = 0; for ( ; dir < 2; dir++) { if (alproto == ALPROTO_HTTP && dir == 0) { - if (engine_list[alproto][dir]->next != NULL) { + if (engine_list[ip][alproto][dir]->next != NULL) { printf("more than one entry found\n"); goto end; } - DetectEngineAppInspectionEngine *engine = engine_list[alproto][dir]; + DetectEngineAppInspectionEngine *engine = engine_list[ip][alproto][dir]; if (engine->alproto != alproto || engine->dir != dir || @@ -1841,12 +1870,12 @@ int DetectEngineTest06(void) } /* if (alproto == ALPROTO_HTTP && dir == 0) */ if (alproto == ALPROTO_HTTP && dir == 1) { - if (engine_list[alproto][dir]->next != NULL) { + if (engine_list[ip][alproto][dir]->next != NULL) { printf("more than one entry found\n"); goto end; } - DetectEngineAppInspectionEngine *engine = engine_list[alproto][dir]; + DetectEngineAppInspectionEngine *engine = engine_list[ip][alproto][dir]; if (engine->alproto != alproto || engine->dir != dir || @@ -1860,13 +1889,14 @@ int DetectEngineTest06(void) } /* if (alproto == ALPROTO_HTTP && dir == 1) */ if (alproto != ALPROTO_HTTP && - engine_list[alproto][0] != NULL && - engine_list[alproto][1] != NULL) { + engine_list[ip][alproto][0] != NULL && + engine_list[ip][alproto][1] != NULL) { printf("failed for protocol %d\n", alproto); goto end; } } /* for ( ; dir < 2 ..)*/ } /* for ( ; alproto < ALPROTO_FAILED; ..) */ + } result = 1; end: @@ -1876,8 +1906,9 @@ int DetectEngineTest06(void) int DetectEngineTest07(void) { int result = 0; + int ip = 0; - DetectEngineAppInspectionEngine *engine_list[ALPROTO_MAX][2]; + DetectEngineAppInspectionEngine *engine_list[FLOW_PROTO_DEFAULT][ALPROTO_MAX][2]; memset(engine_list, 0, sizeof(engine_list)); struct test_data_t { @@ -1964,7 +1995,8 @@ int DetectEngineTest07(void) size_t i = 0; for ( ; i < sizeof(data) / sizeof(struct test_data_t); i++) { - DetectEngineRegisterAppInspectionEngine(ALPROTO_HTTP, + DetectEngineRegisterAppInspectionEngine(IPPROTO_TCP, + ALPROTO_HTTP, data[i].dir /* STREAM_TOCLIENT */, data[i].sm_list, data[i].inspect_flags, @@ -1978,11 +2010,12 @@ int DetectEngineTest07(void) #endif int alproto = ALPROTO_UNKNOWN + 1; + for (ip = 0; ip < FLOW_PROTO_DEFAULT; ip++) { for ( ; alproto < ALPROTO_FAILED; alproto++) { int dir = 0; for ( ; dir < 2; dir++) { if (alproto == ALPROTO_HTTP) { - DetectEngineAppInspectionEngine *engine = engine_list[alproto][dir]; + DetectEngineAppInspectionEngine *engine = engine_list[ip][alproto][dir]; size_t i = 0; for ( ; i < (sizeof(data) / sizeof(struct test_data_t)); i++) { @@ -2001,14 +2034,15 @@ int DetectEngineTest07(void) engine = engine->next; } } else { - if (engine_list[alproto][0] != NULL && - engine_list[alproto][1] != NULL) { + if (engine_list[ip][alproto][0] != NULL && + engine_list[ip][alproto][1] != NULL) { printf("failed for protocol %d\n", alproto); goto end; } } /* else */ } /* for ( ; dir < 2; dir++) */ } /* for ( ; alproto < ALPROTO_FAILED; ..) */ + } result = 1; end: diff --git a/src/detect-engine.h b/src/detect-engine.h index 4e3d1c2686..e92dab56bd 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -26,8 +26,10 @@ #include "detect.h" #include "tm-threads.h" +#include "flow-private.h" typedef struct DetectEngineAppInspectionEngine_ { + uint16_t ipproto; uint16_t alproto; uint16_t dir; @@ -49,7 +51,7 @@ typedef struct DetectEngineAppInspectionEngine_ { struct DetectEngineAppInspectionEngine_ *next; } DetectEngineAppInspectionEngine; -extern DetectEngineAppInspectionEngine *app_inspection_engine[ALPROTO_MAX][2]; +extern DetectEngineAppInspectionEngine *app_inspection_engine[FLOW_PROTO_DEFAULT][ALPROTO_MAX][2]; /* prototypes */ void DetectEngineRegisterAppInspectionEngines(void); @@ -79,7 +81,8 @@ const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type); * the inpsect_flags. * \param Callback The engine callback. */ -void DetectEngineRegisterAppInspectionEngine(uint16_t alproto, +void DetectEngineRegisterAppInspectionEngine(uint16_t ipproto, + uint16_t alproto, uint16_t direction, int32_t sm_list, uint32_t inspect_flags, @@ -90,5 +93,5 @@ void DetectEngineRegisterAppInspectionEngine(uint16_t alproto, Signature *sig, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id), - DetectEngineAppInspectionEngine *list[][2]); + DetectEngineAppInspectionEngine *list[][ALPROTO_MAX][2]); #endif /* __DETECT_ENGINE_H__ */ diff --git a/src/detect-filestore.c b/src/detect-filestore.c index 2dbba4b333..f4b046ce95 100644 --- a/src/detect-filestore.c +++ b/src/detect-filestore.c @@ -45,6 +45,7 @@ #include "util-unittest-helper.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "stream-tcp.h" @@ -222,7 +223,8 @@ int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack FLOWLOCK_WRLOCK(p->flow); - FileContainer *ffc = AppLayerGetFilesFromFlow(p->flow, flags); + FileContainer *ffc = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto, + p->flow->alstate, flags); /* filestore for single files only */ if (s->filestore_sm->ctx == NULL) { diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c index 9e0b96b83b..681ade8b74 100644 --- a/src/detect-fragbits.c +++ b/src/detect-fragbits.c @@ -32,6 +32,7 @@ #include "flow-var.h" #include "decode-events.h" +#include "app-layer.h" #include "app-layer-detect-proto.h" #include "detect-fragbits.h" @@ -422,7 +423,7 @@ static int FragBitsTestParse03 (void) { memset(p, 0, SIZE_OF_PACKET); memset(&dtv, 0, sizeof(DecodeThreadVars)); memset(&ipv4h, 0, sizeof(IPV4Hdr)); - AlpProtoFinalize2Thread(&dtv.udp_dp_ctx); + dtv.app_tctx = AppLayerGetCtxThread(); p->ip4h = &ipv4h; @@ -518,7 +519,7 @@ static int FragBitsTestParse04 (void) { memset(p, 0, SIZE_OF_PACKET); memset(&dtv, 0, sizeof(DecodeThreadVars)); memset(&ipv4h, 0, sizeof(IPV4Hdr)); - AlpProtoFinalize2Thread(&dtv.udp_dp_ctx); + dtv.app_tctx = AppLayerGetCtxThread(); p->ip4h = &ipv4h; diff --git a/src/detect-ftpbounce.c b/src/detect-ftpbounce.c index 7de268752f..cedbdd6219 100644 --- a/src/detect-ftpbounce.c +++ b/src/detect-ftpbounce.c @@ -34,6 +34,7 @@ #include "detect-content.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "app-layer-ftp.h" #include "util-unittest.h" #include "util-unittest-helper.h" @@ -292,6 +293,7 @@ static int DetectFtpbounceTestALMatch02(void) { Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -302,6 +304,7 @@ static int DetectFtpbounceTestALMatch02(void) { FLOW_INITIALIZE(&f); f.src.address.address_un_data32[0]=0x01020304; f.protoctx =(void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -328,7 +331,7 @@ static int DetectFtpbounceTestALMatch02(void) { DetectEngineThreadCtxInit(&th_v,(void *)de_ctx,(void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER, ftpbuf1, ftplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER, ftpbuf1, ftplen1); if (r != 0) { SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -336,7 +339,7 @@ static int DetectFtpbounceTestALMatch02(void) { goto end; } - r = AppLayerParse(NULL, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf2, ftplen2); + r = AppLayerParserParse(alp_tctx, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf2, ftplen2); if (r != 0) { SCLogDebug("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -344,7 +347,7 @@ static int DetectFtpbounceTestALMatch02(void) { goto end; } - r = AppLayerParse(NULL, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf3, ftplen3); + r = AppLayerParserParse(alp_tctx, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf3, ftplen3); if (r != 0) { SCLogDebug("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -352,7 +355,7 @@ static int DetectFtpbounceTestALMatch02(void) { goto end; } - r = AppLayerParse(NULL, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf4, ftplen4); + r = AppLayerParserParse(alp_tctx, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf4, ftplen4); if (r != 0) { SCLogDebug("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -384,6 +387,8 @@ static int DetectFtpbounceTestALMatch02(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -422,6 +427,7 @@ static int DetectFtpbounceTestALMatch03(void) { Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(p, 0, SIZE_OF_PACKET); @@ -438,6 +444,7 @@ static int DetectFtpbounceTestALMatch03(void) { FLOW_INITIALIZE(&f); f.src.address.address_un_data32[0]=0x04030201; f.protoctx =(void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -464,7 +471,7 @@ static int DetectFtpbounceTestALMatch03(void) { DetectEngineThreadCtxInit(&th_v,(void *)de_ctx,(void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER, ftpbuf1, ftplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER, ftpbuf1, ftplen1); if (r != 0) { SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -472,7 +479,7 @@ static int DetectFtpbounceTestALMatch03(void) { goto end; } - r = AppLayerParse(NULL, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf2, ftplen2); + r = AppLayerParserParse(alp_tctx, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf2, ftplen2); if (r != 0) { SCLogDebug("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -480,7 +487,7 @@ static int DetectFtpbounceTestALMatch03(void) { goto end; } - r = AppLayerParse(NULL, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf3, ftplen3); + r = AppLayerParserParse(alp_tctx, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf3, ftplen3); if (r != 0) { SCLogDebug("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -488,7 +495,7 @@ static int DetectFtpbounceTestALMatch03(void) { goto end; } - r = AppLayerParse(NULL, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf4, ftplen4); + r = AppLayerParserParse(alp_tctx, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf4, ftplen4); if (r != 0) { SCLogDebug("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -521,6 +528,8 @@ static int DetectFtpbounceTestALMatch03(void) { } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c index b1a7cc7503..ff31d2e29f 100644 --- a/src/detect-http-client-body.c +++ b/src/detect-http-client-body.c @@ -52,7 +52,7 @@ #include "util-spm.h" #include "app-layer.h" - +#include "app-layer-parser.h" #include "app-layer-htp.h" #include "detect-http-client-body.h" #include "stream-tcp.h" @@ -307,6 +307,7 @@ static int DetectHttpClientBodyTest06(void) "This is dummy message body"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -316,6 +317,7 @@ static int DetectHttpClientBodyTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -343,7 +345,7 @@ static int DetectHttpClientBodyTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -369,6 +371,8 @@ static int DetectHttpClientBodyTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -409,6 +413,7 @@ static int DetectHttpClientBodyTest07(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -419,6 +424,7 @@ static int DetectHttpClientBodyTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -450,7 +456,7 @@ static int DetectHttpClientBodyTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -474,7 +480,7 @@ static int DetectHttpClientBodyTest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -491,6 +497,8 @@ static int DetectHttpClientBodyTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -532,7 +540,7 @@ static int DetectHttpClientBodyTest08(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; - + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -543,6 +551,7 @@ static int DetectHttpClientBodyTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -574,7 +583,7 @@ static int DetectHttpClientBodyTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -599,7 +608,7 @@ static int DetectHttpClientBodyTest08(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -618,6 +627,8 @@ static int DetectHttpClientBodyTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -659,7 +670,7 @@ static int DetectHttpClientBodyTest09(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; - + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -670,6 +681,7 @@ static int DetectHttpClientBodyTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -701,7 +713,7 @@ static int DetectHttpClientBodyTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -726,7 +738,7 @@ static int DetectHttpClientBodyTest09(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -745,6 +757,8 @@ static int DetectHttpClientBodyTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -786,6 +800,7 @@ static int DetectHttpClientBodyTest10(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -796,6 +811,7 @@ static int DetectHttpClientBodyTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -827,7 +843,7 @@ static int DetectHttpClientBodyTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -852,7 +868,7 @@ static int DetectHttpClientBodyTest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -871,6 +887,8 @@ static int DetectHttpClientBodyTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -908,6 +926,7 @@ static int DetectHttpClientBodyTest11(void) "This is dummy message body"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -917,6 +936,7 @@ static int DetectHttpClientBodyTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -944,7 +964,7 @@ static int DetectHttpClientBodyTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -970,6 +990,8 @@ static int DetectHttpClientBodyTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1006,6 +1028,7 @@ static int DetectHttpClientBodyTest12(void) "This is dummy message body"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1015,6 +1038,7 @@ static int DetectHttpClientBodyTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1042,7 +1066,7 @@ static int DetectHttpClientBodyTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1068,6 +1092,8 @@ static int DetectHttpClientBodyTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1104,7 +1130,7 @@ static int DetectHttpClientBodyTest13(void) "longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; - + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1114,6 +1140,7 @@ static int DetectHttpClientBodyTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1141,7 +1168,7 @@ static int DetectHttpClientBodyTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1167,6 +1194,8 @@ static int DetectHttpClientBodyTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1203,6 +1232,7 @@ static int DetectHttpClientBodyTest14(void) { uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */ uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */ uint32_t httplen7 = sizeof(httpbuf7) - 1; /* minus the \0 */ + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1245,7 +1275,7 @@ static int DetectHttpClientBodyTest14(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1262,7 +1292,7 @@ static int DetectHttpClientBodyTest14(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1280,7 +1310,7 @@ static int DetectHttpClientBodyTest14(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1297,7 +1327,7 @@ static int DetectHttpClientBodyTest14(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1315,7 +1345,7 @@ static int DetectHttpClientBodyTest14(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); if (r != 0) { printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1332,7 +1362,7 @@ static int DetectHttpClientBodyTest14(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); if (r != 0) { printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1351,7 +1381,7 @@ static int DetectHttpClientBodyTest14(void) { SCLogDebug("sending data chunk 7"); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7); if (r != 0) { printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1374,13 +1404,15 @@ static int DetectHttpClientBodyTest14(void) { goto end; } - if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) { + if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) { printf("The http app layer doesn't have 2 transactions, but it should: "); goto end; } result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -1418,6 +1450,7 @@ static int DetectHttpClientBodyTest15(void) { uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */ uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */ uint32_t httplen7 = sizeof(httpbuf7) - 1; /* minus the \0 */ + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1460,7 +1493,7 @@ static int DetectHttpClientBodyTest15(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1477,7 +1510,7 @@ static int DetectHttpClientBodyTest15(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1494,7 +1527,7 @@ static int DetectHttpClientBodyTest15(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1511,7 +1544,7 @@ static int DetectHttpClientBodyTest15(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1529,7 +1562,7 @@ static int DetectHttpClientBodyTest15(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); if (r != 0) { printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1546,7 +1579,7 @@ static int DetectHttpClientBodyTest15(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); if (r != 0) { printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1565,7 +1598,7 @@ static int DetectHttpClientBodyTest15(void) { SCLogDebug("sending data chunk 7"); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7); if (r != 0) { printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1589,13 +1622,13 @@ static int DetectHttpClientBodyTest15(void) { } /* hardcoded check of the transactions and it's client body chunks */ - if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) { + if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) { printf("The http app layer doesn't have 2 transactions, but it should: "); goto end; } - htp_tx_t *t1 = AppLayerGetTx(ALPROTO_HTTP, htp_state, 0); - htp_tx_t *t2 = AppLayerGetTx(ALPROTO_HTTP, htp_state, 1); + htp_tx_t *t1 = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 0); + htp_tx_t *t2 = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 1); HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(t1); @@ -1625,6 +1658,8 @@ static int DetectHttpClientBodyTest15(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c index 3563fbf692..076fcca84c 100644 --- a/src/detect-http-cookie.c +++ b/src/detect-http-cookie.c @@ -54,6 +54,7 @@ #include "util-print.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "app-layer-htp.h" #include "detect-http-cookie.h" @@ -323,6 +324,7 @@ static int DetectHttpCookieSigTest01(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -332,6 +334,7 @@ static int DetectHttpCookieSigTest01(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -367,7 +370,7 @@ static int DetectHttpCookieSigTest01(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -397,6 +400,8 @@ static int DetectHttpCookieSigTest01(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -423,6 +428,7 @@ static int DetectHttpCookieSigTest02(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); @@ -433,6 +439,7 @@ static int DetectHttpCookieSigTest02(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -461,7 +468,7 @@ static int DetectHttpCookieSigTest02(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -487,6 +494,8 @@ static int DetectHttpCookieSigTest02(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -512,6 +521,7 @@ static int DetectHttpCookieSigTest03(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -521,6 +531,7 @@ static int DetectHttpCookieSigTest03(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -549,7 +560,7 @@ static int DetectHttpCookieSigTest03(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -574,6 +585,8 @@ static int DetectHttpCookieSigTest03(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -600,6 +613,7 @@ static int DetectHttpCookieSigTest04(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); @@ -610,6 +624,7 @@ static int DetectHttpCookieSigTest04(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -638,7 +653,7 @@ static int DetectHttpCookieSigTest04(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -663,6 +678,8 @@ static int DetectHttpCookieSigTest04(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -689,6 +706,7 @@ static int DetectHttpCookieSigTest05(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); @@ -699,6 +717,7 @@ static int DetectHttpCookieSigTest05(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -727,7 +746,7 @@ static int DetectHttpCookieSigTest05(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -752,6 +771,8 @@ static int DetectHttpCookieSigTest05(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -778,6 +799,7 @@ static int DetectHttpCookieSigTest06(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); @@ -788,6 +810,7 @@ static int DetectHttpCookieSigTest06(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -817,7 +840,7 @@ static int DetectHttpCookieSigTest06(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -841,6 +864,8 @@ static int DetectHttpCookieSigTest06(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -867,6 +892,7 @@ static int DetectHttpCookieSigTest07(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -876,6 +902,7 @@ static int DetectHttpCookieSigTest07(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -904,7 +931,7 @@ static int DetectHttpCookieSigTest07(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -929,6 +956,8 @@ static int DetectHttpCookieSigTest07(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -968,6 +997,7 @@ static int DetectHttpCookieSigTest08(void) ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -975,6 +1005,7 @@ static int DetectHttpCookieSigTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_HTTP; @@ -1011,8 +1042,8 @@ static int DetectHttpCookieSigTest08(void) /* request */ SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, - httpbuf_request, httpbuf_request_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, + httpbuf_request, httpbuf_request_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1035,8 +1066,8 @@ static int DetectHttpCookieSigTest08(void) /* response */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, - httpbuf_response, httpbuf_response_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, + httpbuf_response, httpbuf_response_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1054,6 +1085,8 @@ static int DetectHttpCookieSigTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -1095,6 +1128,7 @@ static int DetectHttpCookieSigTest09(void) ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1102,6 +1136,7 @@ static int DetectHttpCookieSigTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_HTTP; @@ -1144,8 +1179,8 @@ static int DetectHttpCookieSigTest09(void) /* request */ SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, - httpbuf_request, httpbuf_request_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, + httpbuf_request, httpbuf_request_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1168,8 +1203,8 @@ static int DetectHttpCookieSigTest09(void) /* response */ SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, - httpbuf_response, httpbuf_response_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, + httpbuf_response, httpbuf_response_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1187,6 +1222,8 @@ static int DetectHttpCookieSigTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } diff --git a/src/detect-http-header.c b/src/detect-http-header.c index 9686b7ded4..a8a46b6d4f 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -53,6 +53,7 @@ #include "util-print.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "app-layer-htp.h" #include "detect-http-header.h" @@ -314,6 +315,7 @@ static int DetectHttpHeaderTest06(void) "This is dummy message body\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -323,6 +325,7 @@ static int DetectHttpHeaderTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -349,7 +352,7 @@ static int DetectHttpHeaderTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -375,6 +378,8 @@ static int DetectHttpHeaderTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -414,7 +419,7 @@ static int DetectHttpHeaderTest07(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; - + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -425,6 +430,7 @@ static int DetectHttpHeaderTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; p1->flowflags |= FLOW_PKT_TOSERVER; @@ -455,7 +461,7 @@ static int DetectHttpHeaderTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -480,7 +486,7 @@ static int DetectHttpHeaderTest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -499,6 +505,8 @@ static int DetectHttpHeaderTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -538,6 +546,7 @@ static int DetectHttpHeaderTest08(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -548,6 +557,7 @@ static int DetectHttpHeaderTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; p1->flowflags |= FLOW_PKT_TOSERVER; @@ -578,7 +588,7 @@ static int DetectHttpHeaderTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -603,7 +613,7 @@ static int DetectHttpHeaderTest08(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -622,6 +632,8 @@ static int DetectHttpHeaderTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -662,6 +674,7 @@ static int DetectHttpHeaderTest09(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -672,6 +685,7 @@ static int DetectHttpHeaderTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; p1->flowflags |= FLOW_PKT_TOSERVER; @@ -703,7 +717,7 @@ static int DetectHttpHeaderTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -728,7 +742,7 @@ static int DetectHttpHeaderTest09(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -747,6 +761,8 @@ static int DetectHttpHeaderTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -787,6 +803,7 @@ static int DetectHttpHeaderTest10(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -797,6 +814,7 @@ static int DetectHttpHeaderTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; p1->flowflags |= FLOW_PKT_TOSERVER; @@ -827,7 +845,7 @@ static int DetectHttpHeaderTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -852,7 +870,7 @@ static int DetectHttpHeaderTest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -871,6 +889,8 @@ static int DetectHttpHeaderTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -908,6 +928,7 @@ static int DetectHttpHeaderTest11(void) "This is dummy message body\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -917,6 +938,7 @@ static int DetectHttpHeaderTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -943,7 +965,7 @@ static int DetectHttpHeaderTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -969,6 +991,8 @@ static int DetectHttpHeaderTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1005,6 +1029,7 @@ static int DetectHttpHeaderTest12(void) "This is dummy message body\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1014,6 +1039,7 @@ static int DetectHttpHeaderTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1040,7 +1066,7 @@ static int DetectHttpHeaderTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1066,6 +1092,8 @@ static int DetectHttpHeaderTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1102,6 +1130,7 @@ static int DetectHttpHeaderTest13(void) "longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1111,6 +1140,7 @@ static int DetectHttpHeaderTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1138,7 +1168,7 @@ static int DetectHttpHeaderTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1164,6 +1194,8 @@ static int DetectHttpHeaderTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1507,6 +1539,7 @@ static int DetectHttpHeaderTest28(void) "\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1516,6 +1549,7 @@ static int DetectHttpHeaderTest28(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1541,7 +1575,7 @@ static int DetectHttpHeaderTest28(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1560,6 +1594,8 @@ static int DetectHttpHeaderTest28(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1590,6 +1626,7 @@ static int DetectHttpHeaderTest29(void) "\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1599,6 +1636,7 @@ static int DetectHttpHeaderTest29(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1624,7 +1662,7 @@ static int DetectHttpHeaderTest29(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1643,6 +1681,8 @@ static int DetectHttpHeaderTest29(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1673,6 +1713,7 @@ static int DetectHttpHeaderTest30(void) "\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1682,6 +1723,7 @@ static int DetectHttpHeaderTest30(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1707,7 +1749,7 @@ static int DetectHttpHeaderTest30(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1726,6 +1768,8 @@ static int DetectHttpHeaderTest30(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) diff --git a/src/detect-http-hh.c b/src/detect-http-hh.c index 3783bb9000..179aaf91a9 100644 --- a/src/detect-http-hh.c +++ b/src/detect-http-hh.c @@ -52,6 +52,7 @@ #include "util-spm.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "app-layer-htp.h" #include "stream-tcp.h" @@ -291,6 +292,7 @@ static int DetectHttpHHTest06(void) "\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -300,6 +302,7 @@ static int DetectHttpHHTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -327,7 +330,7 @@ static int DetectHttpHHTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -353,6 +356,8 @@ static int DetectHttpHHTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -389,6 +394,7 @@ static int DetectHttpHHTest07(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -399,6 +405,7 @@ static int DetectHttpHHTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -430,7 +437,7 @@ static int DetectHttpHHTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -454,7 +461,7 @@ static int DetectHttpHHTest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -471,6 +478,8 @@ static int DetectHttpHHTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -508,7 +517,7 @@ static int DetectHttpHHTest08(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; - + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -519,6 +528,7 @@ static int DetectHttpHHTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -550,7 +560,7 @@ static int DetectHttpHHTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -575,7 +585,7 @@ static int DetectHttpHHTest08(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -594,6 +604,8 @@ static int DetectHttpHHTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -635,7 +647,7 @@ static int DetectHttpHHTest09(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; - + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -646,6 +658,7 @@ static int DetectHttpHHTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -677,7 +690,7 @@ static int DetectHttpHHTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -702,7 +715,7 @@ static int DetectHttpHHTest09(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -721,6 +734,8 @@ static int DetectHttpHHTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -762,6 +777,7 @@ static int DetectHttpHHTest10(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -772,6 +788,7 @@ static int DetectHttpHHTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -803,7 +820,7 @@ static int DetectHttpHHTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -828,7 +845,7 @@ static int DetectHttpHHTest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -848,6 +865,8 @@ static int DetectHttpHHTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -883,6 +902,7 @@ static int DetectHttpHHTest11(void) "\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -892,6 +912,7 @@ static int DetectHttpHHTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -919,7 +940,7 @@ static int DetectHttpHHTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -945,6 +966,8 @@ static int DetectHttpHHTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -978,6 +1001,7 @@ static int DetectHttpHHTest12(void) "\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -987,6 +1011,7 @@ static int DetectHttpHHTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1014,7 +1039,7 @@ static int DetectHttpHHTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1040,6 +1065,8 @@ static int DetectHttpHHTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1074,7 +1101,7 @@ static int DetectHttpHHTest13(void) "\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; - + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1084,6 +1111,7 @@ static int DetectHttpHHTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1111,7 +1139,7 @@ static int DetectHttpHHTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1137,6 +1165,8 @@ static int DetectHttpHHTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1174,6 +1204,7 @@ static int DetectHttpHHTest14(void) uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */ uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */ uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */ + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1216,7 +1247,7 @@ static int DetectHttpHHTest14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1233,7 +1264,7 @@ static int DetectHttpHHTest14(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1250,7 +1281,7 @@ static int DetectHttpHHTest14(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1267,7 +1298,7 @@ static int DetectHttpHHTest14(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1284,7 +1315,7 @@ static int DetectHttpHHTest14(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); if (r != 0) { printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1303,7 +1334,7 @@ static int DetectHttpHHTest14(void) SCLogDebug("sending data chunk 7"); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); if (r != 0) { printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1326,13 +1357,15 @@ static int DetectHttpHHTest14(void) goto end; } - if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) { + if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) { printf("The http app layer doesn't have 2 transactions, but it should: "); goto end; } result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } diff --git a/src/detect-http-hrh.c b/src/detect-http-hrh.c index a0b79c699f..297fab0e8d 100644 --- a/src/detect-http-hrh.c +++ b/src/detect-http-hrh.c @@ -52,6 +52,7 @@ #include "util-spm.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "app-layer-htp.h" #include "stream-tcp.h" @@ -291,6 +292,7 @@ static int DetectHttpHRHTest06(void) "\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -300,6 +302,7 @@ static int DetectHttpHRHTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -327,7 +330,7 @@ static int DetectHttpHRHTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -353,6 +356,8 @@ static int DetectHttpHRHTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -389,6 +394,7 @@ static int DetectHttpHRHTest07(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -399,6 +405,7 @@ static int DetectHttpHRHTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -430,7 +437,7 @@ static int DetectHttpHRHTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -454,7 +461,7 @@ static int DetectHttpHRHTest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -471,6 +478,8 @@ static int DetectHttpHRHTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -508,7 +517,7 @@ static int DetectHttpHRHTest08(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; - + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -519,6 +528,7 @@ static int DetectHttpHRHTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -550,7 +560,7 @@ static int DetectHttpHRHTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -575,7 +585,7 @@ static int DetectHttpHRHTest08(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -594,6 +604,8 @@ static int DetectHttpHRHTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -635,7 +647,7 @@ static int DetectHttpHRHTest09(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; - + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -646,6 +658,7 @@ static int DetectHttpHRHTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -677,7 +690,7 @@ static int DetectHttpHRHTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -702,7 +715,7 @@ static int DetectHttpHRHTest09(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -721,6 +734,8 @@ static int DetectHttpHRHTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -762,6 +777,7 @@ static int DetectHttpHRHTest10(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -772,6 +788,7 @@ static int DetectHttpHRHTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -803,7 +820,7 @@ static int DetectHttpHRHTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -828,7 +845,7 @@ static int DetectHttpHRHTest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -847,6 +864,8 @@ static int DetectHttpHRHTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -882,6 +901,7 @@ static int DetectHttpHRHTest11(void) "\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -891,6 +911,7 @@ static int DetectHttpHRHTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -918,7 +939,7 @@ static int DetectHttpHRHTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -944,6 +965,8 @@ static int DetectHttpHRHTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -977,6 +1000,7 @@ static int DetectHttpHRHTest12(void) "\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -986,6 +1010,7 @@ static int DetectHttpHRHTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1013,7 +1038,7 @@ static int DetectHttpHRHTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1039,6 +1064,8 @@ static int DetectHttpHRHTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1073,7 +1100,7 @@ static int DetectHttpHRHTest13(void) "\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; - + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1083,6 +1110,7 @@ static int DetectHttpHRHTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1110,7 +1138,7 @@ static int DetectHttpHRHTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1136,6 +1164,8 @@ static int DetectHttpHRHTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1173,6 +1203,7 @@ static int DetectHttpHRHTest14(void) uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */ uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */ uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */ + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1215,7 +1246,7 @@ static int DetectHttpHRHTest14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1232,7 +1263,7 @@ static int DetectHttpHRHTest14(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1249,7 +1280,7 @@ static int DetectHttpHRHTest14(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1266,7 +1297,7 @@ static int DetectHttpHRHTest14(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1283,7 +1314,7 @@ static int DetectHttpHRHTest14(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); if (r != 0) { printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1302,7 +1333,7 @@ static int DetectHttpHRHTest14(void) SCLogDebug("sending data chunk 7"); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); if (r != 0) { printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1325,13 +1356,15 @@ static int DetectHttpHRHTest14(void) goto end; } - if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) { + if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) { printf("The http app layer doesn't have 2 transactions, but it should: "); goto end; } result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -2051,6 +2084,7 @@ static int DetectHttpHRHTest37(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2061,6 +2095,7 @@ static int DetectHttpHRHTest37(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2092,7 +2127,7 @@ static int DetectHttpHRHTest37(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2117,7 +2152,7 @@ static int DetectHttpHRHTest37(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -2136,6 +2171,8 @@ static int DetectHttpHRHTest37(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) diff --git a/src/detect-http-method.c b/src/detect-http-method.c index 42844618d8..3941e6695a 100644 --- a/src/detect-http-method.c +++ b/src/detect-http-method.c @@ -53,6 +53,7 @@ #include "util-spm.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "app-layer-htp.h" #include "detect-http-method.h" @@ -409,6 +410,7 @@ static int DetectHttpMethodSigTest01(void) ThreadVars th_v; DetectEngineThreadCtx *det_ctx; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -418,6 +420,7 @@ static int DetectHttpMethodSigTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -457,7 +460,7 @@ static int DetectHttpMethodSigTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -483,7 +486,8 @@ static int DetectHttpMethodSigTest01(void) result = 1; end: - + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) SigCleanSignatures(de_ctx); if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); @@ -509,6 +513,7 @@ static int DetectHttpMethodSigTest02(void) ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -518,6 +523,7 @@ static int DetectHttpMethodSigTest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -557,7 +563,7 @@ static int DetectHttpMethodSigTest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -583,7 +589,8 @@ static int DetectHttpMethodSigTest02(void) result = 1; end: - + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) SigCleanSignatures(de_ctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, (void *) det_ctx); @@ -608,6 +615,7 @@ static int DetectHttpMethodSigTest03(void) ThreadVars th_v; DetectEngineThreadCtx *det_ctx; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -617,6 +625,7 @@ static int DetectHttpMethodSigTest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -648,7 +657,7 @@ static int DetectHttpMethodSigTest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -671,7 +680,8 @@ static int DetectHttpMethodSigTest03(void) result = 1; end: - + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) SigCleanSignatures(de_ctx); if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); @@ -697,6 +707,7 @@ static int DetectHttpMethodSigTest04(void) ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -706,6 +717,7 @@ static int DetectHttpMethodSigTest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -741,7 +753,7 @@ static int DetectHttpMethodSigTest04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -769,7 +781,8 @@ static int DetectHttpMethodSigTest04(void) result = 1; end: - + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); diff --git a/src/detect-http-raw-header.c b/src/detect-http-raw-header.c index f82ff11511..1d695b362d 100644 --- a/src/detect-http-raw-header.c +++ b/src/detect-http-raw-header.c @@ -53,6 +53,7 @@ #include "util-print.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "app-layer-htp.h" #include "detect-http-raw-header.h" @@ -313,6 +314,7 @@ static int DetectHttpRawHeaderTest06(void) "This is dummy message body\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -322,6 +324,7 @@ static int DetectHttpRawHeaderTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -348,7 +351,7 @@ static int DetectHttpRawHeaderTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -374,6 +377,8 @@ static int DetectHttpRawHeaderTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -413,7 +418,7 @@ static int DetectHttpRawHeaderTest07(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; - + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -424,6 +429,7 @@ static int DetectHttpRawHeaderTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; p1->flowflags |= FLOW_PKT_TOSERVER; @@ -454,7 +460,7 @@ static int DetectHttpRawHeaderTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -479,7 +485,7 @@ static int DetectHttpRawHeaderTest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -498,6 +504,8 @@ static int DetectHttpRawHeaderTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -537,6 +545,7 @@ static int DetectHttpRawHeaderTest08(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -547,6 +556,7 @@ static int DetectHttpRawHeaderTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; p1->flowflags |= FLOW_PKT_TOSERVER; @@ -577,7 +587,7 @@ static int DetectHttpRawHeaderTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -602,7 +612,7 @@ static int DetectHttpRawHeaderTest08(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -621,6 +631,8 @@ static int DetectHttpRawHeaderTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -661,6 +673,7 @@ static int DetectHttpRawHeaderTest09(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -671,6 +684,7 @@ static int DetectHttpRawHeaderTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; p1->flowflags |= FLOW_PKT_TOSERVER; @@ -701,7 +715,7 @@ static int DetectHttpRawHeaderTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -726,7 +740,7 @@ static int DetectHttpRawHeaderTest09(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -745,6 +759,8 @@ static int DetectHttpRawHeaderTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -785,6 +801,7 @@ static int DetectHttpRawHeaderTest10(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -795,6 +812,7 @@ static int DetectHttpRawHeaderTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; p1->flowflags |= FLOW_PKT_TOSERVER; @@ -825,7 +843,7 @@ static int DetectHttpRawHeaderTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -850,7 +868,7 @@ static int DetectHttpRawHeaderTest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -869,6 +887,8 @@ static int DetectHttpRawHeaderTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -906,6 +926,7 @@ static int DetectHttpRawHeaderTest11(void) "This is dummy message body\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -915,6 +936,7 @@ static int DetectHttpRawHeaderTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -941,7 +963,7 @@ static int DetectHttpRawHeaderTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -967,6 +989,8 @@ static int DetectHttpRawHeaderTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1003,6 +1027,7 @@ static int DetectHttpRawHeaderTest12(void) "This is dummy message body\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1012,6 +1037,7 @@ static int DetectHttpRawHeaderTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -1038,7 +1064,7 @@ static int DetectHttpRawHeaderTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1064,6 +1090,8 @@ static int DetectHttpRawHeaderTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1100,6 +1128,7 @@ static int DetectHttpRawHeaderTest13(void) "longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1109,6 +1138,7 @@ static int DetectHttpRawHeaderTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1136,7 +1166,7 @@ static int DetectHttpRawHeaderTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1162,6 +1192,9 @@ static int DetectHttpRawHeaderTest13(void) result = 1; end: + + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) diff --git a/src/detect-http-server-body.c b/src/detect-http-server-body.c index 072eb4102e..67e6a4f9ae 100644 --- a/src/detect-http-server-body.c +++ b/src/detect-http-server-body.c @@ -53,6 +53,7 @@ #include "util-spm.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "app-layer-htp.h" #include "detect-http-server-body.h" @@ -327,6 +328,7 @@ static int DetectHttpServerBodyTest06(void) "message"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -336,6 +338,7 @@ static int DetectHttpServerBodyTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -363,14 +366,14 @@ static int DetectHttpServerBodyTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -396,6 +399,8 @@ static int DetectHttpServerBodyTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -440,6 +445,7 @@ static int DetectHttpServerBodyTest07(void) "message"; uint32_t http_len3 = sizeof(http_buf3) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -450,6 +456,7 @@ static int DetectHttpServerBodyTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -482,14 +489,14 @@ static int DetectHttpServerBodyTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -512,7 +519,7 @@ static int DetectHttpServerBodyTest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -529,6 +536,8 @@ static int DetectHttpServerBodyTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -574,6 +583,7 @@ static int DetectHttpServerBodyTest08(void) "sage4u!!"; uint32_t http_len3 = sizeof(http_buf3) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -584,6 +594,7 @@ static int DetectHttpServerBodyTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -615,7 +626,7 @@ static int DetectHttpServerBodyTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -632,7 +643,7 @@ static int DetectHttpServerBodyTest08(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -650,7 +661,7 @@ static int DetectHttpServerBodyTest08(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -669,6 +680,8 @@ static int DetectHttpServerBodyTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -717,6 +730,7 @@ static int DetectHttpServerBodyTest09(void) "e4u!!"; uint32_t http_len4 = sizeof(http_buf4) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -727,6 +741,7 @@ static int DetectHttpServerBodyTest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -758,7 +773,7 @@ static int DetectHttpServerBodyTest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -775,7 +790,7 @@ static int DetectHttpServerBodyTest09(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -793,7 +808,7 @@ static int DetectHttpServerBodyTest09(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -801,7 +816,7 @@ static int DetectHttpServerBodyTest09(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -820,6 +835,8 @@ static int DetectHttpServerBodyTest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -868,6 +885,7 @@ static int DetectHttpServerBodyTest10(void) "e4u!!"; uint32_t http_len4 = sizeof(http_buf4) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -878,6 +896,7 @@ static int DetectHttpServerBodyTest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -909,7 +928,7 @@ static int DetectHttpServerBodyTest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -926,7 +945,7 @@ static int DetectHttpServerBodyTest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -944,7 +963,7 @@ static int DetectHttpServerBodyTest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -952,7 +971,7 @@ static int DetectHttpServerBodyTest10(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -971,6 +990,8 @@ static int DetectHttpServerBodyTest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1015,6 +1036,7 @@ static int DetectHttpServerBodyTest11(void) "bigmessage4u!!"; uint32_t http_len3 = sizeof(http_buf3) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1025,6 +1047,7 @@ static int DetectHttpServerBodyTest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1056,7 +1079,7 @@ static int DetectHttpServerBodyTest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1073,7 +1096,7 @@ static int DetectHttpServerBodyTest11(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1091,7 +1114,7 @@ static int DetectHttpServerBodyTest11(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1110,6 +1133,8 @@ static int DetectHttpServerBodyTest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1154,6 +1179,7 @@ static int DetectHttpServerBodyTest12(void) "bigmessage4u!!"; uint32_t http_len3 = sizeof(http_buf3) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1164,6 +1190,7 @@ static int DetectHttpServerBodyTest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -1195,7 +1222,7 @@ static int DetectHttpServerBodyTest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1212,7 +1239,7 @@ static int DetectHttpServerBodyTest12(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1230,7 +1257,7 @@ static int DetectHttpServerBodyTest12(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1249,6 +1276,8 @@ static int DetectHttpServerBodyTest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1286,6 +1315,7 @@ static int DetectHttpServerBodyTest13(void) "longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1295,6 +1325,7 @@ static int DetectHttpServerBodyTest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1322,14 +1353,14 @@ static int DetectHttpServerBodyTest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1355,6 +1386,8 @@ static int DetectHttpServerBodyTest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1401,6 +1434,7 @@ static int DetectHttpServerBodyTest14(void) { "\r\n" "two"; uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */ + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1445,7 +1479,7 @@ static int DetectHttpServerBodyTest14(void) { SCLogDebug("add chunk 1"); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1454,7 +1488,7 @@ static int DetectHttpServerBodyTest14(void) { SCLogDebug("add chunk 2"); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1475,7 +1509,7 @@ static int DetectHttpServerBodyTest14(void) { SCLogDebug("add chunk 3"); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1484,7 +1518,7 @@ static int DetectHttpServerBodyTest14(void) { SCLogDebug("add chunk 4"); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1512,13 +1546,15 @@ static int DetectHttpServerBodyTest14(void) { goto end; } - if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) { + if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) { printf("The http app layer doesn't have 2 transactions, but it should: "); goto end; } result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -1565,6 +1601,7 @@ static int DetectHttpServerBodyTest15(void) { "\r\n" "two"; uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */ + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1607,14 +1644,14 @@ static int DetectHttpServerBodyTest15(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1635,14 +1672,14 @@ static int DetectHttpServerBodyTest15(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1668,13 +1705,15 @@ static int DetectHttpServerBodyTest15(void) { goto end; } - if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) { + if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) { printf("The http app layer doesn't have 2 transactions, but it should: "); goto end; } result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -2387,6 +2426,7 @@ static int DetectHttpServerBodyFileDataTest01(void) "message"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2396,6 +2436,7 @@ static int DetectHttpServerBodyFileDataTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2423,14 +2464,14 @@ static int DetectHttpServerBodyFileDataTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2456,6 +2497,8 @@ static int DetectHttpServerBodyFileDataTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2500,6 +2543,7 @@ static int DetectHttpServerBodyFileDataTest02(void) "message"; uint32_t http_len3 = sizeof(http_buf3) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2510,6 +2554,7 @@ static int DetectHttpServerBodyFileDataTest02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2542,7 +2587,7 @@ static int DetectHttpServerBodyFileDataTest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2550,7 +2595,7 @@ static int DetectHttpServerBodyFileDataTest02(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2574,7 +2619,7 @@ static int DetectHttpServerBodyFileDataTest02(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2591,6 +2636,8 @@ static int DetectHttpServerBodyFileDataTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2636,6 +2683,7 @@ static int DetectHttpServerBodyFileDataTest03(void) "sage4u!!"; uint32_t http_len3 = sizeof(http_buf3) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2646,6 +2694,7 @@ static int DetectHttpServerBodyFileDataTest03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2677,7 +2726,7 @@ static int DetectHttpServerBodyFileDataTest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2694,7 +2743,7 @@ static int DetectHttpServerBodyFileDataTest03(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2712,7 +2761,7 @@ static int DetectHttpServerBodyFileDataTest03(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2732,6 +2781,8 @@ static int DetectHttpServerBodyFileDataTest03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2780,6 +2831,7 @@ static int DetectHttpServerBodyFileDataTest04(void) "e4u!!"; uint32_t http_len4 = sizeof(http_buf4) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2790,6 +2842,7 @@ static int DetectHttpServerBodyFileDataTest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2821,7 +2874,7 @@ static int DetectHttpServerBodyFileDataTest04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2838,7 +2891,7 @@ static int DetectHttpServerBodyFileDataTest04(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2856,7 +2909,7 @@ static int DetectHttpServerBodyFileDataTest04(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2864,7 +2917,7 @@ static int DetectHttpServerBodyFileDataTest04(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2883,6 +2936,8 @@ static int DetectHttpServerBodyFileDataTest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -2931,6 +2986,7 @@ static int DetectHttpServerBodyFileDataTest05(void) "e4u!!"; uint32_t http_len4 = sizeof(http_buf4) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2941,6 +2997,7 @@ static int DetectHttpServerBodyFileDataTest05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2972,7 +3029,7 @@ static int DetectHttpServerBodyFileDataTest05(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2989,7 +3046,7 @@ static int DetectHttpServerBodyFileDataTest05(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3007,7 +3064,7 @@ static int DetectHttpServerBodyFileDataTest05(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3015,7 +3072,7 @@ static int DetectHttpServerBodyFileDataTest05(void) goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3034,6 +3091,8 @@ static int DetectHttpServerBodyFileDataTest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3078,6 +3137,7 @@ static int DetectHttpServerBodyFileDataTest06(void) "bigmessage4u!!"; uint32_t http_len3 = sizeof(http_buf3) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3088,6 +3148,7 @@ static int DetectHttpServerBodyFileDataTest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3119,7 +3180,7 @@ static int DetectHttpServerBodyFileDataTest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3136,7 +3197,7 @@ static int DetectHttpServerBodyFileDataTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3154,7 +3215,7 @@ static int DetectHttpServerBodyFileDataTest06(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3173,6 +3234,8 @@ static int DetectHttpServerBodyFileDataTest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3217,6 +3280,7 @@ static int DetectHttpServerBodyFileDataTest07(void) "bigmessage4u!!"; uint32_t http_len3 = sizeof(http_buf3) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3227,6 +3291,7 @@ static int DetectHttpServerBodyFileDataTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -3258,7 +3323,7 @@ static int DetectHttpServerBodyFileDataTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3275,7 +3340,7 @@ static int DetectHttpServerBodyFileDataTest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3293,7 +3358,7 @@ static int DetectHttpServerBodyFileDataTest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3312,6 +3377,8 @@ static int DetectHttpServerBodyFileDataTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3349,6 +3416,7 @@ static int DetectHttpServerBodyFileDataTest08(void) "longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend"; uint32_t http_len2 = sizeof(http_buf2) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3358,6 +3426,7 @@ static int DetectHttpServerBodyFileDataTest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -3385,14 +3454,14 @@ static int DetectHttpServerBodyFileDataTest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3418,6 +3487,8 @@ static int DetectHttpServerBodyFileDataTest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -3464,6 +3535,7 @@ static int DetectHttpServerBodyFileDataTest09(void) { "\r\n" "two"; uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */ + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3506,14 +3578,14 @@ static int DetectHttpServerBodyFileDataTest09(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3530,14 +3602,14 @@ static int DetectHttpServerBodyFileDataTest09(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3563,13 +3635,15 @@ static int DetectHttpServerBodyFileDataTest09(void) { goto end; } - if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) { + if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) { printf("The http app layer doesn't have 2 transactions, but it should: "); goto end; } result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -3616,6 +3690,7 @@ static int DetectHttpServerBodyFileDataTest10(void) { "\r\n" "two"; uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */ + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3658,14 +3733,14 @@ static int DetectHttpServerBodyFileDataTest10(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3682,14 +3757,14 @@ static int DetectHttpServerBodyFileDataTest10(void) { p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3715,13 +3790,15 @@ static int DetectHttpServerBodyFileDataTest10(void) { goto end; } - if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) { + if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) { printf("The http app layer doesn't have 2 transactions, but it should: "); goto end; } result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } diff --git a/src/detect-http-stat-code.c b/src/detect-http-stat-code.c index 00ddc947ad..3ad2682c35 100644 --- a/src/detect-http-stat-code.c +++ b/src/detect-http-stat-code.c @@ -55,6 +55,7 @@ #include "util-print.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "app-layer-htp.h" #include "detect-http-stat-code.h" @@ -226,6 +227,7 @@ static int DetectHttpStatCodeSigTest01(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -235,6 +237,7 @@ static int DetectHttpStatCodeSigTest01(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -264,14 +267,14 @@ static int DetectHttpStatCodeSigTest01(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); if (r != 0) { printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -295,6 +298,8 @@ static int DetectHttpStatCodeSigTest01(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -323,6 +328,7 @@ static int DetectHttpStatCodeSigTest02(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -332,6 +338,7 @@ static int DetectHttpStatCodeSigTest02(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -367,7 +374,7 @@ static int DetectHttpStatCodeSigTest02(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -375,7 +382,7 @@ static int DetectHttpStatCodeSigTest02(void) { goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); if (r != 0) { printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -405,6 +412,8 @@ static int DetectHttpStatCodeSigTest02(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -434,6 +443,7 @@ static int DetectHttpStatCodeSigTest03(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -443,6 +453,7 @@ static int DetectHttpStatCodeSigTest03(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -478,7 +489,7 @@ static int DetectHttpStatCodeSigTest03(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -486,7 +497,7 @@ static int DetectHttpStatCodeSigTest03(void) { goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); if (r != 0) { printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -516,6 +527,8 @@ static int DetectHttpStatCodeSigTest03(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -545,6 +558,7 @@ static int DetectHttpStatCodeSigTest04(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -554,6 +568,7 @@ static int DetectHttpStatCodeSigTest04(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -589,7 +604,7 @@ static int DetectHttpStatCodeSigTest04(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -597,7 +612,7 @@ static int DetectHttpStatCodeSigTest04(void) { goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); if (r != 0) { printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -627,6 +642,8 @@ static int DetectHttpStatCodeSigTest04(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } diff --git a/src/detect-http-stat-msg.c b/src/detect-http-stat-msg.c index 89afab8eff..c503878180 100644 --- a/src/detect-http-stat-msg.c +++ b/src/detect-http-stat-msg.c @@ -55,6 +55,7 @@ #include "util-print.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "app-layer-htp.h" #include "detect-http-stat-msg.h" @@ -218,6 +219,7 @@ static int DetectHttpStatMsgSigTest01(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -227,6 +229,7 @@ static int DetectHttpStatMsgSigTest01(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -262,7 +265,7 @@ static int DetectHttpStatMsgSigTest01(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -270,7 +273,7 @@ static int DetectHttpStatMsgSigTest01(void) { goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); if (r != 0) { printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -300,6 +303,8 @@ static int DetectHttpStatMsgSigTest01(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -328,6 +333,7 @@ static int DetectHttpStatMsgSigTest02(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -337,6 +343,7 @@ static int DetectHttpStatMsgSigTest02(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -365,7 +372,7 @@ static int DetectHttpStatMsgSigTest02(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -373,7 +380,7 @@ static int DetectHttpStatMsgSigTest02(void) { goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); if (r != 0) { printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -399,6 +406,8 @@ static int DetectHttpStatMsgSigTest02(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -428,6 +437,7 @@ static int DetectHttpStatMsgSigTest03(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -437,6 +447,7 @@ static int DetectHttpStatMsgSigTest03(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -472,7 +483,7 @@ static int DetectHttpStatMsgSigTest03(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -480,7 +491,7 @@ static int DetectHttpStatMsgSigTest03(void) { goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2); if (r != 0) { printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -510,6 +521,8 @@ static int DetectHttpStatMsgSigTest03(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } diff --git a/src/detect-http-ua.c b/src/detect-http-ua.c index ee619b4230..8124474408 100644 --- a/src/detect-http-ua.c +++ b/src/detect-http-ua.c @@ -52,6 +52,7 @@ #include "util-spm.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "app-layer-htp.h" #include "stream-tcp.h" @@ -292,6 +293,7 @@ static int DetectHttpUATest06(void) "\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -301,6 +303,7 @@ static int DetectHttpUATest06(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -328,7 +331,7 @@ static int DetectHttpUATest06(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -354,6 +357,8 @@ static int DetectHttpUATest06(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -390,6 +395,7 @@ static int DetectHttpUATest07(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -400,6 +406,7 @@ static int DetectHttpUATest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -431,7 +438,7 @@ static int DetectHttpUATest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -455,7 +462,7 @@ static int DetectHttpUATest07(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -472,6 +479,8 @@ static int DetectHttpUATest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -509,7 +518,7 @@ static int DetectHttpUATest08(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; - + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -520,6 +529,7 @@ static int DetectHttpUATest08(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -551,7 +561,7 @@ static int DetectHttpUATest08(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -576,7 +586,7 @@ static int DetectHttpUATest08(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -595,6 +605,8 @@ static int DetectHttpUATest08(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -636,7 +648,7 @@ static int DetectHttpUATest09(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; - + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -647,6 +659,7 @@ static int DetectHttpUATest09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -678,7 +691,7 @@ static int DetectHttpUATest09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -703,7 +716,7 @@ static int DetectHttpUATest09(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -722,6 +735,8 @@ static int DetectHttpUATest09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -763,6 +778,7 @@ static int DetectHttpUATest10(void) uint32_t http1_len = sizeof(http1_buf) - 1; uint32_t http2_len = sizeof(http2_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -773,6 +789,7 @@ static int DetectHttpUATest10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -804,7 +821,7 @@ static int DetectHttpUATest10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -829,7 +846,7 @@ static int DetectHttpUATest10(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r); result = 0; @@ -848,6 +865,8 @@ static int DetectHttpUATest10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -883,6 +902,7 @@ static int DetectHttpUATest11(void) "\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -892,6 +912,7 @@ static int DetectHttpUATest11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -919,7 +940,7 @@ static int DetectHttpUATest11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -945,6 +966,8 @@ static int DetectHttpUATest11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -978,6 +1001,7 @@ static int DetectHttpUATest12(void) "\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -987,6 +1011,7 @@ static int DetectHttpUATest12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1014,7 +1039,7 @@ static int DetectHttpUATest12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1040,6 +1065,8 @@ static int DetectHttpUATest12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1074,7 +1101,7 @@ static int DetectHttpUATest13(void) "\r\n"; uint32_t http_len = sizeof(http_buf) - 1; int result = 0; - + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1084,6 +1111,7 @@ static int DetectHttpUATest13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1111,7 +1139,7 @@ static int DetectHttpUATest13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1137,6 +1165,8 @@ static int DetectHttpUATest13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) @@ -1174,6 +1204,7 @@ static int DetectHttpUATest14(void) uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */ uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */ uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */ + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1216,7 +1247,7 @@ static int DetectHttpUATest14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1233,7 +1264,7 @@ static int DetectHttpUATest14(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1250,7 +1281,7 @@ static int DetectHttpUATest14(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1267,7 +1298,7 @@ static int DetectHttpUATest14(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1284,7 +1315,7 @@ static int DetectHttpUATest14(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); if (r != 0) { printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1303,7 +1334,7 @@ static int DetectHttpUATest14(void) SCLogDebug("sending data chunk 7"); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); if (r != 0) { printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1326,13 +1357,15 @@ static int DetectHttpUATest14(void) goto end; } - if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) { + if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) { printf("The http app layer doesn't have 2 transactions, but it should: "); goto end; } result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } diff --git a/src/detect-luajit.c b/src/detect-luajit.c index f9ad452bcd..13aaf824dd 100644 --- a/src/detect-luajit.c +++ b/src/detect-luajit.c @@ -408,10 +408,11 @@ static int DetectLuajitMatch (ThreadVars *tv, DetectEngineThreadCtx *det_ctx, HtpState *htp_state = p->flow->alstate; if (htp_state != NULL && htp_state->connp != NULL) { htp_tx_t *tx = NULL; - uint64_t idx = AppLayerTransactionGetInspectId(p->flow, 0); - uint64_t total_txs= AppLayerGetTxCnt(ALPROTO_HTTP, htp_state); + uint64_t idx = AppLayerParserGetTransactionInspectId(p->flow->alparser, + STREAM_TOSERVER); + uint64_t total_txs= AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state); for ( ; idx < total_txs; idx++) { - tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, idx); + tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, idx); if (tx == NULL) continue; @@ -878,7 +879,7 @@ static int DetectLuajitSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); } else { SCLogError(SC_ERR_LUAJIT_ERROR, "luajit can't be used with protocol %s", - AppLayerGetProtoString(luajit->alproto)); + AppLayerGetProtoName(luajit->alproto)); goto error; } @@ -978,6 +979,8 @@ static int LuajitMatchTest01(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx; + void *alp_tctx = AppLayerParserGetCtxThread(); + ut_script = script; memset(&th_v, 0, sizeof(th_v)); @@ -989,6 +992,7 @@ static int LuajitMatchTest01(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_HTTP; @@ -1019,7 +1023,7 @@ static int LuajitMatchTest01(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1042,7 +1046,7 @@ static int LuajitMatchTest01(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1078,6 +1082,8 @@ static int LuajitMatchTest01(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); @@ -1147,6 +1153,7 @@ static int LuajitMatchTest02(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_HTTP; @@ -1281,6 +1288,7 @@ static int LuajitMatchTest03(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_HTTP; @@ -1401,6 +1409,8 @@ static int LuajitMatchTest04(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx; + void *alp_tctx = AppLayerParserGetCtxThread(); + ut_script = script; memset(&th_v, 0, sizeof(th_v)); @@ -1412,6 +1422,7 @@ static int LuajitMatchTest04(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_HTTP; @@ -1443,7 +1454,7 @@ static int LuajitMatchTest04(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1466,7 +1477,7 @@ static int LuajitMatchTest04(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1495,6 +1506,8 @@ static int LuajitMatchTest04(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); @@ -1543,6 +1556,8 @@ static int LuajitMatchTest05(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx; + void *alp_tctx = AppLayerParserGetCtxThread(); + ut_script = script; memset(&th_v, 0, sizeof(th_v)); @@ -1554,6 +1569,7 @@ static int LuajitMatchTest05(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_HTTP; @@ -1585,7 +1601,7 @@ static int LuajitMatchTest05(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1608,7 +1624,7 @@ static int LuajitMatchTest05(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1637,6 +1653,8 @@ static int LuajitMatchTest05(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); @@ -1690,6 +1708,8 @@ static int LuajitMatchTest06(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx; + void *alp_tctx = AppLayerParserGetCtxThread(); + ut_script = script; memset(&th_v, 0, sizeof(th_v)); @@ -1701,6 +1721,7 @@ static int LuajitMatchTest06(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_HTTP; @@ -1732,7 +1753,7 @@ static int LuajitMatchTest06(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1755,7 +1776,7 @@ static int LuajitMatchTest06(void) { } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1784,6 +1805,8 @@ static int LuajitMatchTest06(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); diff --git a/src/detect-parse.c b/src/detect-parse.c index 78e1bd5e0a..e12bedbaa6 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -42,6 +42,7 @@ #include "detect-app-layer-protocol.h" #include "detect-engine-apt-event.h" #include "detect-luajit.h" +#include "detect-app-layer-event.h" #include "pkt-var.h" #include "host.h" @@ -54,6 +55,7 @@ #include "conf.h" #include "conf-yaml-loader.h" +#include "app-layer.h" #include "app-layer-protos.h" #include "app-layer-parser.h" @@ -65,6 +67,7 @@ #include "detect-parse.h" #include "detect-engine-iponly.h" #include "app-layer-detect-proto.h" +#include "app-layer.h" extern int sc_set_caps; @@ -76,9 +79,6 @@ static pcre_extra *option_pcre_extra = NULL; static uint32_t dbg_srcportany_cnt = 0; static uint32_t dbg_dstportany_cnt = 0; -/* Context of the app layer proto detection */ -extern AlpProtoDetectCtx alp_proto_ctx; - /** * \brief We use this as data to the hash table DetectEngineCtx->dup_sig_hash_table. */ @@ -602,36 +602,13 @@ error: int SigParseProto(Signature *s, const char *protostr) { SCEnter(); - AppLayerProbingParser *pp; - AppLayerProbingParserPort *pp_port; - AppLayerProbingParserElement *pp_pe; - int r = DetectProtoParse(&s->proto, (char *)protostr); if (r < 0) { - s->alproto = AppLayerGetProtoByName(protostr); + s->alproto = AppLayerGetProtoByName((char *)protostr); /* indicate that the signature is app-layer */ if (s->alproto != ALPROTO_UNKNOWN) s->flags |= SIG_FLAG_APPLAYER; - - for (pp = alp_proto_ctx.probing_parsers; pp != NULL; pp = pp->next) { - for (pp_port = pp->port; pp_port != NULL; pp_port = pp_port->next) { - for (pp_pe = pp_port->toserver; pp_pe != NULL; pp_pe = pp_pe->next) { - if (strcasecmp(pp_pe->al_proto_name, protostr) != 0) - continue; - s->flags |= SIG_FLAG_APPLAYER; - s->alproto = pp_pe->al_proto; - } - - for (pp_pe = pp_port->toclient; pp_pe != NULL; pp_pe = pp_pe->next) { - if (strcasecmp(pp_pe->al_proto_name, protostr) != 0) - continue; - s->flags |= SIG_FLAG_APPLAYER; - s->alproto = pp_pe->al_proto; - } - } - } - - if (s->alproto == ALPROTO_UNKNOWN) { + else { SCLogError(SC_ERR_UNKNOWN_PROTOCOL, "protocol \"%s\" cannot be used " "in a signature. Either detection for this protocol " "supported yet OR detection has been disabled for " @@ -798,18 +775,8 @@ static int SigParseBasics(Signature *s, char *sigstr, SignatureParser *parser, u if (SigParseAction(s, parser->action) < 0) goto error; - /* Parse Proto */ - if (strcasecmp(parser->protocol, "dns") == 0) { - /** XXX HACK */ - if (SigParseProto(s, "dnstcp") < 0) - goto error; - if (SigParseProto(s, "dnsudp") < 0) - goto error; - s->alproto = ALPROTO_DNS; - } else { - if (SigParseProto(s, parser->protocol) < 0) - goto error; - } + if (SigParseProto(s, parser->protocol) < 0) + goto error; if (strcmp(parser->direction, "<-") == 0) { SCLogError(SC_ERR_INVALID_DIRECTION, "\"<-\" is not a valid direction modifier, \"->\" and \"<>\" are supported."); @@ -1219,43 +1186,43 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s) { } } - if (s->alproto != ALPROTO_UNKNOWN) { - if (s->flags & SIG_FLAG_STATE_MATCH) { - if (s->alproto == ALPROTO_DNS) { - if (al_proto_table[ALPROTO_DNS_UDP].to_server == 0 || - al_proto_table[ALPROTO_DNS_UDP].to_client == 0 || - al_proto_table[ALPROTO_DNS_TCP].to_server == 0 || - al_proto_table[ALPROTO_DNS_TCP].to_client == 0) { - SCLogInfo("Signature uses options that need the app layer " - "parser for dns, but the parser's disabled " - "for the protocol. Please check if you have " - "disabled it through the option " - "\"app-layer.protocols.dcerpc[udp|tcp].enabled\"" - "or internally the parser has been disabled in " - "the code. Invalidating signature."); - SCReturnInt(0); - } - } else { - if (al_proto_table[s->alproto].to_server == 0 || - al_proto_table[s->alproto].to_client == 0) { - const char *proto_name = AppProtoToString(s->alproto); - SCLogInfo("Signature uses options that need the app layer " - "parser for \"%s\", but the parser's disabled " - "for the protocol. Please check if you have " - "disabled it through the option " - "\"app-layer.protocols.%s.enabled\" or internally " - "there the parser has been disabled in the code. " - "Invalidating signature.", proto_name, proto_name); - SCReturnInt(0); - } - } - } - - - - - - } + //if (s->alproto != ALPROTO_UNKNOWN) { + // if (s->flags & SIG_FLAG_STATE_MATCH) { + // if (s->alproto == ALPROTO_DNS) { + // if (al_proto_table[ALPROTO_DNS_UDP].to_server == 0 || + // al_proto_table[ALPROTO_DNS_UDP].to_client == 0 || + // al_proto_table[ALPROTO_DNS_TCP].to_server == 0 || + // al_proto_table[ALPROTO_DNS_TCP].to_client == 0) { + // SCLogInfo("Signature uses options that need the app layer " + // "parser for dns, but the parser's disabled " + // "for the protocol. Please check if you have " + // "disabled it through the option " + // "\"app-layer.protocols.dcerpc[udp|tcp].enabled\"" + // "or internally the parser has been disabled in " + // "the code. Invalidating signature."); + // SCReturnInt(0); + // } + // } else { + // if (al_proto_table[s->alproto].to_server == 0 || + // al_proto_table[s->alproto].to_client == 0) { + // const char *proto_name = AppProtoToString(s->alproto); + // SCLogInfo("Signature uses options that need the app layer " + // "parser for \"%s\", but the parser's disabled " + // "for the protocol. Please check if you have " + // "disabled it through the option " + // "\"app-layer.protocols.%s.enabled\" or internally " + // "there the parser has been disabled in the code. " + // "Invalidating signature.", proto_name, proto_name); + // SCReturnInt(0); + // } + // } + // } + // + // + // + // + // + //} if (s->flags & SIG_FLAG_REQUIRE_PACKET) { pm = SigMatchGetLastSMFromLists(s, 24, @@ -1358,10 +1325,6 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s) { static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr, uint8_t dir) { - AlpProtoSignature *als; - AppLayerProbingParser *pp; - AppLayerProbingParserPort *pp_port; - AppLayerProbingParserElement *pp_pe; SigMatch *sm; Signature *sig = SigAlloc(); if (sig == NULL) @@ -1400,27 +1363,11 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr, /* at this point if we had alert ip and the ip proto was not * overridden, we use the ip proto that has been configured * against the app proto in use. */ - if (override_needed) { - - for (als = alp_proto_ctx.head; als != NULL; als = als->next) { - if (sig->alproto == als->proto) - sig->proto.proto[als->ip_proto / 8] |= 1 << (als->ip_proto % 8); - } + if (override_needed) + AppLayerProtoDetectSupportedIpprotos(sig->alproto, sig->proto.proto); + } - for (pp = alp_proto_ctx.probing_parsers; pp != NULL; pp = pp->next) { - for (pp_port = pp->port; pp_port != NULL; pp_port = pp_port->next) { - for (pp_pe = pp_port->toserver; pp_pe != NULL; pp_pe = pp_pe->next) { - if (sig->alproto == pp_pe->al_proto) - sig->proto.proto[pp->ip_proto / 8] |= 1 << (pp->ip_proto % 8); - } - for (pp_pe = pp_port->toclient; pp_pe != NULL; pp_pe = pp_pe->next) { - if (sig->alproto == pp_pe->al_proto) - sig->proto.proto[pp->ip_proto / 8] |= 1 << (pp->ip_proto % 8); - } - } - } - } /* if */ - } /* if */ + DetectAppLayerEventPrepare(sig); /* set mpm_content_len */ @@ -1524,45 +1471,50 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr, SigBuildAddressMatchArray(sig); - if (sig->sm_lists[DETECT_SM_LIST_APP_EVENT] != NULL && - (AppLayerProtoIsTxEventAware(sig->alproto) || sig->alproto == ALPROTO_DNS)) { - if (sig->alproto == ALPROTO_DNS) { - DetectEngineRegisterAppInspectionEngine(ALPROTO_DNS_TCP, - 0, - DETECT_SM_LIST_APP_EVENT, - DE_STATE_FLAG_APP_EVENT_INSPECT, - DE_STATE_FLAG_APP_EVENT_INSPECT, - DetectEngineAptEventInspect, - app_inspection_engine); - DetectEngineRegisterAppInspectionEngine(ALPROTO_DNS_UDP, - 0, - DETECT_SM_LIST_APP_EVENT, - DE_STATE_FLAG_APP_EVENT_INSPECT, - DE_STATE_FLAG_APP_EVENT_INSPECT, - DetectEngineAptEventInspect, - app_inspection_engine); - DetectEngineRegisterAppInspectionEngine(ALPROTO_DNS_TCP, - 1, - DETECT_SM_LIST_APP_EVENT, - DE_STATE_FLAG_APP_EVENT_INSPECT, - DE_STATE_FLAG_APP_EVENT_INSPECT, - DetectEngineAptEventInspect, - app_inspection_engine); - DetectEngineRegisterAppInspectionEngine(ALPROTO_DNS_UDP, - 1, - DETECT_SM_LIST_APP_EVENT, - DE_STATE_FLAG_APP_EVENT_INSPECT, - DE_STATE_FLAG_APP_EVENT_INSPECT, - DetectEngineAptEventInspect, - app_inspection_engine); - } else { - DetectEngineRegisterAppInspectionEngine(sig->alproto, - (sig->flags & SIG_FLAG_TOSERVER) ? 0 : 1, - DETECT_SM_LIST_APP_EVENT, - DE_STATE_FLAG_APP_EVENT_INSPECT, - DE_STATE_FLAG_APP_EVENT_INSPECT, - DetectEngineAptEventInspect, - app_inspection_engine); + if (sig->sm_lists[DETECT_SM_LIST_APP_EVENT] != NULL) { + if (AppLayerParserProtocolIsTxEventAware(IPPROTO_TCP, sig->alproto)) { + if (sig->flags & SIG_FLAG_TOSERVER) { + DetectEngineRegisterAppInspectionEngine(IPPROTO_TCP, + sig->alproto, + 0, + DETECT_SM_LIST_APP_EVENT, + DE_STATE_FLAG_APP_EVENT_INSPECT, + DE_STATE_FLAG_APP_EVENT_INSPECT, + DetectEngineAptEventInspect, + app_inspection_engine); + } + if (sig->flags & SIG_FLAG_TOCLIENT) { + DetectEngineRegisterAppInspectionEngine(IPPROTO_TCP, + sig->alproto, + 1, + DETECT_SM_LIST_APP_EVENT, + DE_STATE_FLAG_APP_EVENT_INSPECT, + DE_STATE_FLAG_APP_EVENT_INSPECT, + DetectEngineAptEventInspect, + app_inspection_engine); + } + } + if (AppLayerParserProtocolIsTxEventAware(IPPROTO_UDP, sig->alproto)) { + if (sig->flags & SIG_FLAG_TOSERVER) { + DetectEngineRegisterAppInspectionEngine(IPPROTO_UDP, + sig->alproto, + 0, + DETECT_SM_LIST_APP_EVENT, + DE_STATE_FLAG_APP_EVENT_INSPECT, + DE_STATE_FLAG_APP_EVENT_INSPECT, + DetectEngineAptEventInspect, + app_inspection_engine); + } + if (sig->flags & SIG_FLAG_TOCLIENT) { + DetectEngineRegisterAppInspectionEngine(IPPROTO_UDP, + sig->alproto, + 1, + DETECT_SM_LIST_APP_EVENT, + DE_STATE_FLAG_APP_EVENT_INSPECT, + DE_STATE_FLAG_APP_EVENT_INSPECT, + DetectEngineAptEventInspect, + app_inspection_engine); + } } } diff --git a/src/detect-pcre.c b/src/detect-pcre.c index 1539022a28..9a77c0e70e 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -49,6 +49,7 @@ #include "util-pool.h" #include "conf.h" +#include "app-layer.h" #include "app-layer-htp.h" #include "stream.h" #include "stream-tcp.h" @@ -1655,6 +1656,7 @@ static int DetectPcreTestSig01Real(int mpm_type) DetectEngineThreadCtx *det_ctx = NULL; int result = 0; Flow f; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&th_v, 0, sizeof(th_v)); @@ -1662,6 +1664,7 @@ static int DetectPcreTestSig01Real(int mpm_type) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_HTTP; @@ -1691,7 +1694,7 @@ static int DetectPcreTestSig01Real(int mpm_type) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, buf, buflen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, buf, buflen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1705,6 +1708,8 @@ static int DetectPcreTestSig01Real(int mpm_type) } end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -1911,6 +1916,7 @@ static int DetectPcreModifPTest04(void) Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1920,6 +1926,7 @@ static int DetectPcreModifPTest04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1954,7 +1961,7 @@ static int DetectPcreModifPTest04(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -1984,6 +1991,8 @@ static int DetectPcreModifPTest04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) SigCleanSignatures(de_ctx); if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); @@ -2037,6 +2046,7 @@ static int DetectPcreModifPTest05(void) Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -2047,6 +2057,7 @@ static int DetectPcreModifPTest05(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -2085,7 +2096,7 @@ static int DetectPcreModifPTest05(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2116,7 +2127,7 @@ static int DetectPcreModifPTest05(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -2141,6 +2152,8 @@ static int DetectPcreModifPTest05(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) SigCleanSignatures(de_ctx); if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); @@ -2231,6 +2244,7 @@ static int DetectPcreTestSig09(void) ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); @@ -2241,6 +2255,7 @@ static int DetectPcreTestSig09(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2270,7 +2285,7 @@ static int DetectPcreTestSig09(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2294,6 +2309,8 @@ static int DetectPcreTestSig09(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -2323,6 +2340,7 @@ static int DetectPcreTestSig10(void) ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); @@ -2333,6 +2351,7 @@ static int DetectPcreTestSig10(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2362,7 +2381,7 @@ static int DetectPcreTestSig10(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2386,6 +2405,8 @@ static int DetectPcreTestSig10(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -2415,6 +2436,7 @@ static int DetectPcreTestSig11(void) ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); @@ -2425,6 +2447,7 @@ static int DetectPcreTestSig11(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2454,7 +2477,7 @@ static int DetectPcreTestSig11(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2478,6 +2501,8 @@ static int DetectPcreTestSig11(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -2507,6 +2532,7 @@ static int DetectPcreTestSig12(void) ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); @@ -2517,6 +2543,7 @@ static int DetectPcreTestSig12(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2546,7 +2573,7 @@ static int DetectPcreTestSig12(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2570,6 +2597,8 @@ static int DetectPcreTestSig12(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -2599,6 +2628,7 @@ static int DetectPcreTestSig13(void) ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); @@ -2609,6 +2639,7 @@ static int DetectPcreTestSig13(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2638,7 +2669,7 @@ static int DetectPcreTestSig13(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2662,6 +2693,8 @@ static int DetectPcreTestSig13(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -2691,6 +2724,7 @@ static int DetectPcreTestSig14(void) ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); @@ -2701,6 +2735,7 @@ static int DetectPcreTestSig14(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2730,7 +2765,7 @@ static int DetectPcreTestSig14(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2754,6 +2789,8 @@ static int DetectPcreTestSig14(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -2783,6 +2820,7 @@ static int DetectPcreTestSig15(void) ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); @@ -2793,6 +2831,7 @@ static int DetectPcreTestSig15(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2823,7 +2862,7 @@ static int DetectPcreTestSig15(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2847,6 +2886,8 @@ static int DetectPcreTestSig15(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -2876,6 +2917,7 @@ static int DetectPcreTestSig16(void) ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); @@ -2886,6 +2928,7 @@ static int DetectPcreTestSig16(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -2916,7 +2959,7 @@ static int DetectPcreTestSig16(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -2940,6 +2983,8 @@ static int DetectPcreTestSig16(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -2975,6 +3020,7 @@ static int DetectPcreTxBodyChunksTest01(void) uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */ uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */ uint32_t httplen7 = sizeof(httpbuf7) - 1; /* minus the \0 */ + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); @@ -2997,44 +3043,44 @@ static int DetectPcreTxBodyChunksTest01(void) AppLayerHtpEnableRequestBodyCallback(); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); if (r != 0) { printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); if (r != 0) { printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7); if (r != 0) { printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r); goto end; @@ -3051,13 +3097,13 @@ static int DetectPcreTxBodyChunksTest01(void) } /* hardcoded check of the transactions and it's client body chunks */ - if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) { + if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) { printf("The http app layer doesn't have 2 transactions, but it should: "); goto end; } - htp_tx_t *t1 = AppLayerGetTx(ALPROTO_HTTP, htp_state, 0); - htp_tx_t *t2 = AppLayerGetTx(ALPROTO_HTTP, htp_state, 1); + htp_tx_t *t1 = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 0); + htp_tx_t *t2 = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 1); HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(t1); if (htud == NULL) { @@ -3092,7 +3138,8 @@ static int DetectPcreTxBodyChunksTest01(void) result = 1; end: - + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SCMutexUnlock(&f.m); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); @@ -3124,6 +3171,7 @@ static int DetectPcreTxBodyChunksTest02(void) uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */ uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */ uint32_t httplen7 = sizeof(httpbuf7) - 1; /* minus the \0 */ + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3166,7 +3214,7 @@ static int DetectPcreTxBodyChunksTest02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3183,7 +3231,7 @@ static int DetectPcreTxBodyChunksTest02(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3200,7 +3248,7 @@ static int DetectPcreTxBodyChunksTest02(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3217,7 +3265,7 @@ static int DetectPcreTxBodyChunksTest02(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3235,7 +3283,7 @@ static int DetectPcreTxBodyChunksTest02(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); if (r != 0) { printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3252,7 +3300,7 @@ static int DetectPcreTxBodyChunksTest02(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); if (r != 0) { printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3271,7 +3319,7 @@ static int DetectPcreTxBodyChunksTest02(void) SCLogDebug("sending data chunk 7"); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7); if (r != 0) { printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3295,13 +3343,13 @@ static int DetectPcreTxBodyChunksTest02(void) } /* hardcoded check of the transactions and it's client body chunks */ - if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) { + if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) { printf("The http app layer doesn't have 2 transactions, but it should: "); goto end; } - htp_tx_t *t1 = AppLayerGetTx(ALPROTO_HTTP, htp_state, 0); - htp_tx_t *t2 = AppLayerGetTx(ALPROTO_HTTP, htp_state, 1); + htp_tx_t *t1 = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 0); + htp_tx_t *t2 = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 1); HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(t1); @@ -3331,6 +3379,8 @@ static int DetectPcreTxBodyChunksTest02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -3369,6 +3419,7 @@ static int DetectPcreTxBodyChunksTest03(void) uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */ uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */ uint32_t httplen7 = sizeof(httpbuf7) - 1; /* minus the \0 */ + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3411,7 +3462,7 @@ static int DetectPcreTxBodyChunksTest03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3428,7 +3479,7 @@ static int DetectPcreTxBodyChunksTest03(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3445,7 +3496,7 @@ static int DetectPcreTxBodyChunksTest03(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3462,7 +3513,7 @@ static int DetectPcreTxBodyChunksTest03(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -3480,7 +3531,7 @@ static int DetectPcreTxBodyChunksTest03(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5); if (r != 0) { printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3497,7 +3548,7 @@ static int DetectPcreTxBodyChunksTest03(void) p->alerts.cnt = 0; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6); if (r != 0) { printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3516,7 +3567,7 @@ static int DetectPcreTxBodyChunksTest03(void) SCLogDebug("sending data chunk 7"); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7); if (r != 0) { printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3539,13 +3590,15 @@ static int DetectPcreTxBodyChunksTest03(void) goto end; } - if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) { + if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) { printf("The http app layer doesn't have 2 transactions, but it should: "); goto end; } result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); } @@ -3588,6 +3641,7 @@ static int DetectPcreFlowvarCapture01(void) Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3597,6 +3651,7 @@ static int DetectPcreFlowvarCapture01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_HTTP; @@ -3630,7 +3685,7 @@ static int DetectPcreFlowvarCapture01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3673,6 +3728,8 @@ static int DetectPcreFlowvarCapture01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); @@ -3710,6 +3767,7 @@ static int DetectPcreFlowvarCapture02(void) Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3719,6 +3777,7 @@ static int DetectPcreFlowvarCapture02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_HTTP; @@ -3773,7 +3832,7 @@ static int DetectPcreFlowvarCapture02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3818,6 +3877,8 @@ static int DetectPcreFlowvarCapture02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); @@ -3852,6 +3913,7 @@ static int DetectPcreFlowvarCapture03(void) Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -3861,6 +3923,7 @@ static int DetectPcreFlowvarCapture03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; f.alproto = ALPROTO_HTTP; @@ -3912,7 +3975,7 @@ static int DetectPcreFlowvarCapture03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -3942,6 +4005,8 @@ static int DetectPcreFlowvarCapture03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); diff --git a/src/detect-replace.c b/src/detect-replace.c index a94339f1ca..7bfdbec51b 100644 --- a/src/detect-replace.c +++ b/src/detect-replace.c @@ -237,7 +237,7 @@ int DetectReplaceLongPatternMatchTest(uint8_t *raw_eth_pkt, uint16_t pktsize, ch PacketCopyData(p, raw_eth_pkt, pktsize); memset(&dtv, 0, sizeof(DecodeThreadVars)); memset(&th_v, 0, sizeof(th_v)); - + dtv.app_tctx = AppLayerGetCtxThread(); FlowInitConfig(FLOW_QUIET); DecodeEthernet(&th_v, &dtv, p, GET_PKT_DATA(p), pktsize, NULL); @@ -281,6 +281,8 @@ int DetectReplaceLongPatternMatchTest(uint8_t *raw_eth_pkt, uint16_t pktsize, ch result = 1; end: + if (dtv.app_tctx != NULL) + AppLayerDestroyCtxThread(dtv.app_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); diff --git a/src/detect-ssl-state.c b/src/detect-ssl-state.c index 1b9e100bea..da2ffab6c0 100644 --- a/src/detect-ssl-state.c +++ b/src/detect-ssl-state.c @@ -44,6 +44,7 @@ #include "util-unittest-helper.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "detect-ssl-state.h" @@ -699,6 +700,7 @@ static int DetectSslStateTest07(void) DetectEngineCtx *de_ctx = NULL; SSLState *ssl_state = NULL; int r = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&p, 0, sizeof(p)); @@ -709,6 +711,7 @@ static int DetectSslStateTest07(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; p->flowflags |= FLOW_PKT_TOSERVER; @@ -754,8 +757,8 @@ static int DetectSslStateTest07(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_START, chello_buf, - chello_buf_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_START, chello_buf, + chello_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -783,8 +786,8 @@ static int DetectSslStateTest07(void) goto end; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, shello_buf, - shello_buf_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, shello_buf, + shello_buf_len); if (r != 0) { printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -806,8 +809,8 @@ static int DetectSslStateTest07(void) goto end; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, client_change_cipher_spec_buf, - client_change_cipher_spec_buf_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, client_change_cipher_spec_buf, + client_change_cipher_spec_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -830,8 +833,8 @@ static int DetectSslStateTest07(void) goto end; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, server_change_cipher_spec_buf, - server_change_cipher_spec_buf_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, server_change_cipher_spec_buf, + server_change_cipher_spec_buf_len); if (r != 0) { printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -854,8 +857,8 @@ static int DetectSslStateTest07(void) goto end; SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, toserver_app_data_buf, - toserver_app_data_buf_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, toserver_app_data_buf, + toserver_app_data_buf_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -880,6 +883,8 @@ static int DetectSslStateTest07(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); diff --git a/src/detect-ssl-version.c b/src/detect-ssl-version.c index 1711a5cb25..012e73bbb9 100644 --- a/src/detect-ssl-version.c +++ b/src/detect-ssl-version.c @@ -44,6 +44,7 @@ #include "util-unittest-helper.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "detect-ssl-version.h" @@ -419,6 +420,7 @@ static int DetectSslVersionTestDetect01(void) Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -428,6 +430,7 @@ static int DetectSslVersionTestDetect01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -452,28 +455,28 @@ static int DetectSslVersionTestDetect01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf1, ssllen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf1, ssllen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf2, ssllen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf2, ssllen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf3, ssllen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf3, ssllen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf4, ssllen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf4, ssllen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -510,6 +513,8 @@ static int DetectSslVersionTestDetect01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -540,6 +545,7 @@ static int DetectSslVersionTestDetect02(void) Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -549,6 +555,7 @@ static int DetectSslVersionTestDetect02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -573,28 +580,28 @@ static int DetectSslVersionTestDetect02(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf1, ssllen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf1, ssllen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf2, ssllen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf2, ssllen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf3, ssllen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf3, ssllen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf4, ssllen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf4, ssllen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -629,6 +636,8 @@ static int DetectSslVersionTestDetect02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); @@ -657,6 +666,7 @@ static int DetectSslVersionTestDetect03(void) Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -704,28 +714,28 @@ static int DetectSslVersionTestDetect03(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf1, ssllen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf1, ssllen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf2, ssllen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf2, ssllen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf3, ssllen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf3, ssllen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf4, ssllen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf4, ssllen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -760,6 +770,8 @@ static int DetectSslVersionTestDetect03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c index 04bc339784..16db5463d8 100644 --- a/src/detect-tls-version.c +++ b/src/detect-tls-version.c @@ -44,6 +44,7 @@ #include "util-unittest-helper.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "app-layer-ssl.h" #include "detect-tls-version.h" @@ -327,6 +328,7 @@ static int DetectTlsVersionTestDetect01(void) { Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -336,6 +338,7 @@ static int DetectTlsVersionTestDetect01(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -360,28 +363,28 @@ static int DetectTlsVersionTestDetect01(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -421,6 +424,8 @@ static int DetectTlsVersionTestDetect01(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -450,6 +455,7 @@ static int DetectTlsVersionTestDetect02(void) { Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -459,6 +465,7 @@ static int DetectTlsVersionTestDetect02(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -483,28 +490,28 @@ static int DetectTlsVersionTestDetect02(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -540,6 +547,8 @@ static int DetectTlsVersionTestDetect02(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -570,6 +579,7 @@ static int DetectTlsVersionTestDetect03(void) { Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -617,28 +627,28 @@ static int DetectTlsVersionTestDetect03(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3); if (r != 0) { printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); goto end; } - r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4); if (r != 0) { printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -674,6 +684,8 @@ static int DetectTlsVersionTestDetect03(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); diff --git a/src/detect-uricontent.c b/src/detect-uricontent.c index 5b5c886d9f..627389b891 100644 --- a/src/detect-uricontent.c +++ b/src/detect-uricontent.c @@ -42,6 +42,7 @@ #include "stream-tcp.h" #include "stream.h" +#include "app-layer.h" #include "app-layer-parser.h" #include "app-layer-protos.h" #include "app-layer-htp.h" @@ -281,18 +282,20 @@ static int HTTPUriTest01(void) { uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; int r = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START| - STREAM_EOF, httpbuf1, httplen1); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START| + STREAM_EOF, httpbuf1, httplen1); if (r != 0) { printf("AppLayerParse failed: r(%d) != 0: ", r); goto end; @@ -304,7 +307,7 @@ static int HTTPUriTest01(void) { goto end; } - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, 0); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 0); if (tx->request_method_number != HTP_M_GET || tx->request_protocol_number != HTP_PROTOCOL_1_1) @@ -326,6 +329,8 @@ static int HTTPUriTest01(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); SCMutexUnlock(&f.m); FLOW_DESTROY(&f); @@ -343,18 +348,21 @@ static int HTTPUriTest02(void) { uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; int r = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START| - STREAM_EOF, httpbuf1, httplen1); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START| + STREAM_EOF, httpbuf1, httplen1); if (r != 0) { printf("AppLayerParse failed: r(%d) != 0: ", r); goto end; @@ -366,7 +374,7 @@ static int HTTPUriTest02(void) { goto end; } - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, 0); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 0); if (tx->request_method_number != HTP_M_GET || tx->request_protocol_number != HTP_PROTOCOL_1_1) @@ -388,6 +396,8 @@ static int HTTPUriTest02(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (htp_state != NULL) HTPStateFree(htp_state); @@ -407,18 +417,21 @@ static int HTTPUriTest03(void) { uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; int r = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START| - STREAM_EOF, httpbuf1, httplen1); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START| + STREAM_EOF, httpbuf1, httplen1); if (r != 0) { printf("AppLayerParse failed: r(%d) != 0: ", r); goto end; @@ -430,7 +443,7 @@ static int HTTPUriTest03(void) { goto end; } - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, 0); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 0); if (tx->request_method_number != HTP_M_UNKNOWN || tx->request_protocol_number != HTP_PROTOCOL_1_1) @@ -452,6 +465,8 @@ static int HTTPUriTest03(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (htp_state != NULL) HTPStateFree(htp_state); @@ -472,18 +487,21 @@ static int HTTPUriTest04(void) { uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ TcpSession ssn; int r = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); + memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; StreamTcpInitConfig(TRUE); SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START| - STREAM_EOF, httpbuf1, httplen1); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START| + STREAM_EOF, httpbuf1, httplen1); if (r != 0) { printf("AppLayerParse failed: r(%d) != 0: ", r); goto end; @@ -495,7 +513,7 @@ static int HTTPUriTest04(void) { goto end; } - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, 0); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 0); if (tx->request_method_number != HTP_M_GET || tx->request_protocol_number != HTP_PROTOCOL_1_1) @@ -517,6 +535,8 @@ static int HTTPUriTest04(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); StreamTcpFreeConfig(TRUE); if (htp_state != NULL) HTPStateFree(htp_state); @@ -584,6 +604,7 @@ static int DetectUriSigTest02(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; HtpState *http_state = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -593,6 +614,7 @@ static int DetectUriSigTest02(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -636,7 +658,7 @@ static int DetectUriSigTest02(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -666,6 +688,8 @@ static int DetectUriSigTest02(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); //if (http_state != NULL) HTPStateFree(http_state); if (de_ctx != NULL) SigCleanSignatures(de_ctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); @@ -695,6 +719,7 @@ static int DetectUriSigTest03(void) { Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -704,6 +729,7 @@ static int DetectUriSigTest03(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -747,7 +773,7 @@ static int DetectUriSigTest03(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -771,7 +797,7 @@ static int DetectUriSigTest03(void) { SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -802,6 +828,8 @@ static int DetectUriSigTest03(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) SigCleanSignatures(de_ctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx); @@ -1030,6 +1058,7 @@ static int DetectUriSigTest05(void) { Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1095,7 +1124,7 @@ static int DetectUriSigTest05(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1125,6 +1154,8 @@ static int DetectUriSigTest05(void) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) SigCleanSignatures(de_ctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx); @@ -1154,6 +1185,7 @@ static int DetectUriSigTest06(void) { ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; TCPHdr tcp_hdr; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1232,7 +1264,7 @@ static int DetectUriSigTest06(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1262,7 +1294,8 @@ static int DetectUriSigTest06(void) { result = 1; end: - + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) SigCleanSignatures(de_ctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx); @@ -1289,6 +1322,7 @@ static int DetectUriSigTest07(void) { Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -1298,6 +1332,7 @@ static int DetectUriSigTest07(void) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -1351,7 +1386,7 @@ static int DetectUriSigTest07(void) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -1381,7 +1416,8 @@ static int DetectUriSigTest07(void) { result = 1; end: - + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) SigCleanSignatures(de_ctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx); diff --git a/src/detect-urilen.c b/src/detect-urilen.c index 817fa90ce7..c6c315ee63 100644 --- a/src/detect-urilen.c +++ b/src/detect-urilen.c @@ -24,6 +24,7 @@ */ #include "suricata-common.h" +#include "app-layer.h" #include "app-layer-protos.h" #include "app-layer-htp.h" #include "util-unittest.h" @@ -586,6 +587,7 @@ static int DetectUrilenSigTest01(void) Signature *s = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -595,6 +597,7 @@ static int DetectUrilenSigTest01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -632,7 +635,7 @@ static int DetectUrilenSigTest01(void) DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1); if (r != 0) { SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -660,6 +663,8 @@ static int DetectUrilenSigTest01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) SigCleanSignatures(de_ctx); if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); diff --git a/src/detect.c b/src/detect.c index e19d85ddb9..fe963e9732 100644 --- a/src/detect.c +++ b/src/detect.c @@ -506,11 +506,6 @@ int SigMatchSignaturesBuildMatchArrayAddSignature(DetectEngineThreadCtx *det_ctx SCLogDebug("DCERPC sig, alproto not SMB or SMB2"); return 0; } - } else if (s->alproto == ALPROTO_DNS) { - if (alproto != ALPROTO_DNS_UDP && alproto != ALPROTO_DNS_TCP) { - SCLogDebug("DNS sig, alproto not DNS/TCP or DNS/UDP"); - return 0; - } } else { SCLogDebug("alproto mismatch"); return 0; @@ -813,13 +808,13 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx, } int tx_progress = 0; - uint64_t idx = AppLayerTransactionGetInspectId(p->flow, flags); - uint64_t total_txs = AppLayerGetTxCnt(ALPROTO_HTTP, alstate); + uint64_t idx = AppLayerParserGetTransactionInspectId(p->flow->alparser, flags); + uint64_t total_txs = AppLayerParserGetTxCnt(p->flow->proto, ALPROTO_HTTP, alstate); for (; idx < total_txs; idx++) { - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, idx); + htp_tx_t *tx = AppLayerParserGetTx(p->flow->proto, ALPROTO_HTTP, htp_state, idx); if (tx == NULL) continue; - tx_progress = AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0); + tx_progress = AppLayerParserGetStateProgress(p->flow->proto, ALPROTO_HTTP, tx, STREAM_TOSERVER); if (p->flowflags & FLOW_PKT_TOSERVER) { if (tx_progress > HTP_REQUEST_LINE) { @@ -881,7 +876,7 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx, } } } else { /* implied FLOW_PKT_TOCLIENT */ - tx_progress = AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1); + tx_progress = AppLayerParserGetStateProgress(p->flow->proto, ALPROTO_HTTP, tx, STREAM_TOCLIENT); if (tx_progress > HTP_RESPONSE_LINE) { if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HSMD) { @@ -927,15 +922,15 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx, FLOWLOCK_UNLOCK(p->flow); } /* all dns based mpms */ - else if (alproto == ALPROTO_DNS_TCP && alstate != NULL) { + else if (alproto == ALPROTO_DNS && alstate != NULL) { if (p->flowflags & FLOW_PKT_TOSERVER) { if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_DNSQUERY) { FLOWLOCK_RDLOCK(p->flow); - uint64_t idx = AppLayerTransactionGetInspectId(p->flow, flags); - uint64_t total_txs = AppLayerGetTxCnt(alproto, alstate); + uint64_t idx = AppLayerParserGetTransactionInspectId(p->flow->alparser, flags); + uint64_t total_txs = AppLayerParserGetTxCnt(p->flow->proto, alproto, alstate); for (; idx < total_txs; idx++) { - void *tx = AppLayerGetTx(alproto, alstate, idx); + void *tx = AppLayerParserGetTx(p->flow->proto, alproto, alstate, idx); if (tx == NULL) continue; @@ -982,15 +977,15 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx, } /* UDP DNS inspection is independent of est or not */ - if (alproto == ALPROTO_DNS_UDP && alstate != NULL) { + if (alproto == ALPROTO_DNS && alstate != NULL) { if (p->flowflags & FLOW_PKT_TOSERVER) { SCLogDebug("mpm inspection"); if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_DNSQUERY) { FLOWLOCK_RDLOCK(p->flow); - uint64_t idx = AppLayerTransactionGetInspectId(p->flow, flags); - uint64_t total_txs = AppLayerGetTxCnt(alproto, alstate); + uint64_t idx = AppLayerParserGetTransactionInspectId(p->flow->alparser, flags); + uint64_t total_txs = AppLayerParserGetTxCnt(p->flow->proto, alproto, alstate); for (; idx < total_txs; idx++) { - void *tx = AppLayerGetTx(alproto, alstate, idx); + void *tx = AppLayerParserGetTx(p->flow->proto, alproto, alstate, idx); if (tx == NULL) continue; SCLogDebug("tx %p",tx); @@ -1007,18 +1002,11 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx, #ifdef DEBUG static void DebugInspectIds(Packet *p, Flow *f, StreamMsg *smsg) { - AppLayerParserStateStore *parser_state_store = f->alparser; - if (parser_state_store != NULL) { - SCLogDebug("pcap_cnt %02"PRIu64", %s, %12s, inspect_id(ts) %"PRIu64 - ", inspect_id(tc) %"PRIu64", smsg %s", - p->pcap_cnt, p->flowflags & FLOW_PKT_TOSERVER ? "toserver" : "toclient", - p->flags & PKT_STREAM_EST ? "established" : "stateless", - parser_state_store->inspect_id[0], parser_state_store->inspect_id[1], - smsg?"yes":"no"); - - //if (smsg) - // PrintRawDataFp(stdout,smsg->data.data, smsg->data.data_len); - } + SCLogDebug("pcap_cnt %02"PRIu64", %s, %12s, smsg %s", + p->pcap_cnt, p->flowflags & FLOW_PKT_TOSERVER ? "toserver" : "toclient", + p->flags & PKT_STREAM_EST ? "established" : "stateless", + smsg ? "yes" : "no"); + AppLayerParserPrintDetailsParserState(f->alparser); } #endif @@ -1194,15 +1182,19 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh (p->proto == IPPROTO_UDP) || (p->proto == IPPROTO_SCTP && (p->flowflags & FLOW_PKT_ESTABLISHED))) { - alstate = AppLayerGetProtoStateFromPacket(p); - alproto = AppLayerGetProtoFromPacket(p); - alversion = AppLayerGetStateVersion(pflow); + alstate = FlowGetAppState(p->flow); + alproto = FlowGetAppProtocol(p->flow); + alversion = AppLayerParserGetStateVersion(p->flow->alparser); SCLogDebug("alstate %p, alproto %u", alstate, alproto); } else { SCLogDebug("packet doesn't have established flag set (proto %d)", p->proto); } - app_decoder_events = AppLayerFlowHasDecoderEvents(pflow, flags); + app_decoder_events = AppLayerParserHasDecoderEvents(p->flow->proto, + p->flow->alproto, + p->flow->alstate, + p->flow->alparser, + flags); } FLOWLOCK_UNLOCK(pflow); @@ -1556,7 +1548,7 @@ next: end: /* see if we need to increment the inspect_id and reset the de_state */ - if (alstate != NULL && AppLayerAlprotoSupportsTxs(alproto)) { + if (alstate != NULL && AppLayerParserProtocolSupportsTxs(p->flow->proto, alproto)) { PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL); DeStateUpdateInspectTransactionId(pflow, flags); PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL); @@ -4589,7 +4581,7 @@ static inline void SigMultilinePrint(int i, char *prefix) printf("%sDescription: %s\n", prefix, sigmatch_table[i].desc); } printf("%sProtocol: %s\n", prefix, - AppLayerGetProtoString(sigmatch_table[i].alproto)); + AppLayerGetProtoName(sigmatch_table[i].alproto)); printf("%sFeatures: ", prefix); PrintFeatureList(sigmatch_table[i].flags, ','); if (sigmatch_table[i].url) { @@ -4628,7 +4620,7 @@ void SigTableList(const char *keyword) } /* Build feature */ printf(";%s;", - AppLayerGetProtoString(sigmatch_table[i].alproto)); + AppLayerGetProtoName(sigmatch_table[i].alproto)); PrintFeatureList(sigmatch_table[i].flags, ':'); printf(";"); if (sigmatch_table[i].url) { @@ -5132,6 +5124,7 @@ static int SigTest06Real (int mpm_type) { Flow f; TcpSession ssn; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -5142,6 +5135,7 @@ static int SigTest06Real (int mpm_type) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.flags |= FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -5174,7 +5168,7 @@ static int SigTest06Real (int mpm_type) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5197,6 +5191,8 @@ static int SigTest06Real (int mpm_type) { DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); DetectEngineCtxFree(de_ctx); end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); UTHFreePackets(&p, 1); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); @@ -5228,6 +5224,7 @@ static int SigTest07Real (int mpm_type) { Flow f; TcpSession ssn; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -5238,6 +5235,7 @@ static int SigTest07Real (int mpm_type) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.flags |= FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -5269,7 +5267,7 @@ static int SigTest07Real (int mpm_type) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5285,10 +5283,12 @@ static int SigTest07Real (int mpm_type) { result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); SCMutexUnlock(&f.m); UTHFreePackets(&p, 1); StreamTcpFreeConfig(TRUE); - AppLayerParserCleanupState(&f); + FlowCleanupAppLayer(&f); FLOW_DESTROY(&f); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); @@ -5325,6 +5325,7 @@ static int SigTest08Real (int mpm_type) { Flow f; TcpSession ssn; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&f, 0, sizeof(Flow)); memset(&th_v, 0, sizeof(th_v)); @@ -5335,6 +5336,7 @@ static int SigTest08Real (int mpm_type) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.flags |= FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -5366,7 +5368,7 @@ static int SigTest08Real (int mpm_type) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5383,13 +5385,15 @@ static int SigTest08Real (int mpm_type) { PacketAlertCheck(p, 1) ? "OK" : "FAIL", PacketAlertCheck(p, 2) ? "OK" : "FAIL"); - AppLayerParserCleanupState(&f); +end: + FlowCleanupAppLayer(&f); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); DetectEngineCtxFree(de_ctx); -end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); UTHFreePackets(&p, 1); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); @@ -5420,6 +5424,7 @@ static int SigTest09Real (int mpm_type) { DetectEngineThreadCtx *det_ctx; Flow f; TcpSession ssn; + void *alp_tctx = AppLayerParserGetCtxThread(); int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -5431,6 +5436,7 @@ static int SigTest09Real (int mpm_type) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.flags |= FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; p->flowflags |= FLOW_PKT_ESTABLISHED; @@ -5462,7 +5468,7 @@ static int SigTest09Real (int mpm_type) { DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5477,12 +5483,14 @@ static int SigTest09Real (int mpm_type) { else result = 0; - AppLayerParserCleanupState(&f); +end: + FlowCleanupAppLayer(&f); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); DetectEngineCtxFree(de_ctx); -end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); UTHFreePackets(&p, 1); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); @@ -5509,6 +5517,7 @@ static int SigTest10Real (int mpm_type) { Flow f; TcpSession ssn; int result = 0; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&th_v, 0, sizeof(th_v)); memset(&f, 0, sizeof(f)); @@ -5518,6 +5527,7 @@ static int SigTest10Real (int mpm_type) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -5551,7 +5561,7 @@ static int SigTest10Real (int mpm_type) { SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); result = 0; @@ -5566,12 +5576,14 @@ static int SigTest10Real (int mpm_type) { else result = 1; - AppLayerParserCleanupState(&f); + end: + FlowCleanupAppLayer(&f); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); DetectEngineCtxFree(de_ctx); -end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); UTHFreePackets(&p, 1); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); @@ -5607,6 +5619,7 @@ static int SigTest11Real (int mpm_type) { FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -5639,11 +5652,11 @@ static int SigTest11Real (int mpm_type) { if (PacketAlertCheck(p, 1) && PacketAlertCheck(p, 2)) result = 1; - AppLayerParserCleanupState(&f); + end: + FlowCleanupAppLayer(&f); SigGroupCleanup(de_ctx); DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); DetectEngineCtxFree(de_ctx); -end: UTHFreePackets(&p, 1); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); @@ -10737,6 +10750,7 @@ static int SigTestDropFlow01(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -10746,6 +10760,7 @@ static int SigTestDropFlow01(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -10774,7 +10789,7 @@ static int SigTestDropFlow01(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -10806,6 +10821,8 @@ static int SigTestDropFlow01(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -10836,6 +10853,7 @@ static int SigTestDropFlow02(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -10845,6 +10863,7 @@ static int SigTestDropFlow02(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p->flow = &f; @@ -10873,7 +10892,7 @@ static int SigTestDropFlow02(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -10906,6 +10925,8 @@ static int SigTestDropFlow02(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -10947,6 +10968,7 @@ static int SigTestDropFlow03(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -10957,6 +10979,7 @@ static int SigTestDropFlow03(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -11000,7 +11023,7 @@ static int SigTestDropFlow03(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -11045,7 +11068,7 @@ static int SigTestDropFlow03(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -11074,6 +11097,8 @@ static int SigTestDropFlow03(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) @@ -11116,6 +11141,7 @@ static int SigTestDropFlow04(void) Signature *s = NULL; ThreadVars tv; DetectEngineThreadCtx *det_ctx = NULL; + void *alp_tctx = AppLayerParserGetCtxThread(); memset(&tv, 0, sizeof(ThreadVars)); memset(&f, 0, sizeof(Flow)); @@ -11126,6 +11152,7 @@ static int SigTestDropFlow04(void) FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; f.flags |= FLOW_IPV4; p1->flow = &f; @@ -11168,7 +11195,7 @@ static int SigTestDropFlow04(void) DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); SCMutexLock(&f.m); - int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); + int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len); if (r != 0) { printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -11223,7 +11250,7 @@ static int SigTestDropFlow04(void) } SCMutexLock(&f.m); - r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); + r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len); if (r != 0) { printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r); SCMutexUnlock(&f.m); @@ -11254,6 +11281,8 @@ static int SigTestDropFlow04(void) result = 1; end: + if (alp_tctx != NULL) + AppLayerParserDestroyCtxThread(alp_tctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&tv, det_ctx); if (de_ctx != NULL) diff --git a/src/flow-timeout.c b/src/flow-timeout.c index 6f139eb9f9..ae815126b3 100644 --- a/src/flow-timeout.c +++ b/src/flow-timeout.c @@ -58,6 +58,7 @@ #include "stream.h" #include "app-layer-parser.h" +#include "app-layer.h" #include "util-profiling.h" @@ -260,7 +261,7 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p, memset(&p->ts, 0, sizeof(struct timeval)); TimeGet(&p->ts); - AppLayerSetEOF(f); + AppLayerParserSetEOF(f->alparser); return p; } @@ -320,15 +321,19 @@ int FlowForceReassemblyNeedReassembly(Flow *f, int *server, int *client) { /* if app layer still needs some love, push through */ if (f->alproto != ALPROTO_UNKNOWN && f->alstate != NULL && - AppLayerAlprotoSupportsTxs(f->alproto)) + AppLayerParserProtocolSupportsTxs(f->proto, f->alproto)) { - uint64_t total_txs = AppLayerGetTxCnt(f->alproto, f->alstate); + uint64_t total_txs = AppLayerParserGetTxCnt(f->proto, f->alproto, f->alstate); - if (AppLayerTransactionGetActive(f, STREAM_TOCLIENT) < total_txs) { + if (AppLayerParserGetTransactionActive(f->proto, f->alproto, + f->alparser, STREAM_TOCLIENT) < total_txs) + { if (*server != STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) *server = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION; } - if (AppLayerTransactionGetActive(f, STREAM_TOSERVER) < total_txs) { + if (AppLayerParserGetTransactionActive(f->proto, f->alproto, + f->alparser, STREAM_TOSERVER) < total_txs) + { if (*client != STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) *client = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION; } diff --git a/src/flow-util.c b/src/flow-util.c index f677464fdd..7bd685743a 100644 --- a/src/flow-util.c +++ b/src/flow-util.c @@ -104,6 +104,22 @@ uint8_t FlowGetProtoMapping(uint8_t proto) } } +uint8_t FlowGetReverseProtoMapping(uint8_t rproto) +{ + switch (rproto) { + case FLOW_PROTO_TCP: + return IPPROTO_TCP; + case FLOW_PROTO_UDP: + return IPPROTO_UDP; + case FLOW_PROTO_ICMP: + return IPPROTO_ICMP; + case FLOW_PROTO_SCTP: + return IPPROTO_SCTP; + default: + exit(EXIT_FAILURE); + } +} + /* initialize the flow from the first packet * we see from it. */ void FlowInit(Flow *f, const Packet *p) diff --git a/src/flow-util.h b/src/flow-util.h index 40ae8117f8..d3c162fb03 100644 --- a/src/flow-util.h +++ b/src/flow-util.h @@ -42,9 +42,10 @@ #define FLOW_INITIALIZE(f) do { \ (f)->sp = 0; \ (f)->dp = 0; \ + (f)->proto = 0; \ SC_ATOMIC_INIT((f)->use_cnt); \ - (f)->probing_parser_toserver_al_proto_masks = 0; \ - (f)->probing_parser_toclient_al_proto_masks = 0; \ + (f)->probing_parser_toserver_alproto_masks = 0; \ + (f)->probing_parser_toclient_alproto_masks = 0; \ (f)->flags = 0; \ (f)->lastts_sec = 0; \ FLOWLOCK_INIT((f)); \ @@ -79,9 +80,10 @@ #define FLOW_RECYCLE(f) do { \ (f)->sp = 0; \ (f)->dp = 0; \ + (f)->proto = 0; \ SC_ATOMIC_RESET((f)->use_cnt); \ - (f)->probing_parser_toserver_al_proto_masks = 0; \ - (f)->probing_parser_toclient_al_proto_masks = 0; \ + (f)->probing_parser_toserver_alproto_masks = 0; \ + (f)->probing_parser_toclient_alproto_masks = 0; \ (f)->flags = 0; \ (f)->lastts_sec = 0; \ (f)->protoctx = NULL; \ @@ -135,6 +137,7 @@ Flow *FlowAllocDirect(void); void FlowFree(Flow *); uint8_t FlowGetProtoMapping(uint8_t); void FlowInit(Flow *, const Packet *); +uint8_t FlowGetReverseProtoMapping(uint8_t rproto); #endif /* __FLOW_UTIL_H__ */ diff --git a/src/flow.c b/src/flow.c index 89b34d8ed2..533b980244 100644 --- a/src/flow.c +++ b/src/flow.c @@ -94,10 +94,12 @@ extern int run_mode; void FlowCleanupAppLayer(Flow *f) { - if (f == NULL) + if (f == NULL || f->proto == 0) return; - AppLayerParserCleanupState(f); + AppLayerParserCleanupParserState(f->proto, f->alproto, f->alstate, f->alparser); + f->alstate = NULL; + f->alparser = NULL; return; } @@ -824,6 +826,16 @@ int FlowSetProtoEmergencyTimeout(uint8_t proto, uint32_t emerg_new_timeout, return 1; } +AppProto FlowGetAppProtocol(Flow *f) +{ + return f->alproto; +} + +void *FlowGetAppState(Flow *f) +{ + return f->alstate; +} + /************************************Unittests*******************************/ #ifdef UNITTESTS diff --git a/src/flow.h b/src/flow.h index 4b71316e01..b4ec666689 100644 --- a/src/flow.h +++ b/src/flow.h @@ -204,6 +204,15 @@ #error Enable FLOWLOCK_RWLOCK or FLOWLOCK_MUTEX #endif +#define FLOW_IS_PM_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags & FLOW_TS_PM_ALPROTO_DETECT_DONE) : ((f)->flags & FLOW_TC_PM_ALPROTO_DETECT_DONE)) +#define FLOW_IS_PP_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags & FLOW_TS_PP_ALPROTO_DETECT_DONE) : ((f)->flags & FLOW_TC_PP_ALPROTO_DETECT_DONE)) + +#define FLOW_SET_PM_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags |= FLOW_TS_PM_ALPROTO_DETECT_DONE) : ((f)->flags |= FLOW_TC_PM_ALPROTO_DETECT_DONE)) +#define FLOW_SET_PP_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags |= FLOW_TS_PP_ALPROTO_DETECT_DONE) : ((f)->flags |= FLOW_TC_PP_ALPROTO_DETECT_DONE)) + +#define FLOW_RESET_PM_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags &= ~FLOW_TS_PM_ALPROTO_DETECT_DONE) : ((f)->flags &= ~FLOW_TC_PM_ALPROTO_DETECT_DONE)) +#define FLOW_RESET_PP_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags &= ~FLOW_TS_PP_ALPROTO_DETECT_DONE) : ((f)->flags &= ~FLOW_TC_PP_ALPROTO_DETECT_DONE)) + /* global flow config */ typedef struct FlowCnf_ { @@ -299,8 +308,8 @@ typedef struct Flow_ /** flow queue id, used with autofp */ SC_ATOMIC_DECLARE(int, autofp_tmqh_flow_qid); - uint32_t probing_parser_toserver_al_proto_masks; - uint32_t probing_parser_toclient_al_proto_masks; + uint32_t probing_parser_toserver_alproto_masks; + uint32_t probing_parser_toclient_alproto_masks; uint32_t flags; @@ -524,5 +533,10 @@ static inline void FlowDeReference(Flow **d) { int FlowClearMemory(Flow *,uint8_t ); +AppProto FlowGetAppProtocol(Flow *f); +void *FlowGetAppState(Flow *f); + + + #endif /* __FLOW_H__ */ diff --git a/src/log-dnslog.c b/src/log-dnslog.c index 43a1ab3d49..87a5c493f5 100644 --- a/src/log-dnslog.c +++ b/src/log-dnslog.c @@ -229,22 +229,19 @@ static TmEcode LogDnsLogIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQ /* check if we have DNS state or not */ FLOWLOCK_WRLOCK(p->flow); /* WRITE lock before we updated flow logged id */ - uint16_t proto = AppLayerGetProtoFromPacket(p); - if (proto != ALPROTO_DNS_UDP && proto != ALPROTO_DNS_TCP) { - SCLogDebug("proto not ALPROTO_DNS_UDP: %u", proto); + if (FlowGetAppProtocol(p->flow) != ALPROTO_DNS) { + SCLogDebug("proto not ALPROTO_DNS_UDP: %u", FlowGetAppProtocol(p->flow)); goto end; } - DNSState *dns_state = (DNSState *)AppLayerGetProtoStateFromPacket(p); + DNSState *dns_state = (DNSState *)FlowGetAppState(p->flow); if (dns_state == NULL) { SCLogDebug("no dns state, so no request logging"); goto end; } - uint64_t total_txs = AppLayerGetTxCnt(proto, dns_state); - uint64_t tx_id = AppLayerTransactionGetLogId(p->flow); - //int tx_progress_done_value_ts = AppLayerGetAlstateProgressCompletionStatus(proto, 0); - //int tx_progress_done_value_tc = AppLayerGetAlstateProgressCompletionStatus(proto, 1); + uint64_t total_txs = AppLayerParserGetTxCnt(p->flow->proto, ALPROTO_DNS, dns_state); + uint64_t tx_id = AppLayerParserGetTransactionLogId(p->flow->alparser); SCLogDebug("pcap_cnt %"PRIu64, p->pcap_cnt); CreateTimeString(&p->ts, timebuf, sizeof(timebuf)); @@ -297,7 +294,7 @@ static TmEcode LogDnsLogIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQ DNSTransaction *tx = NULL; for (; tx_id < total_txs; tx_id++) { - tx = AppLayerGetTx(proto, dns_state, tx_id); + tx = AppLayerParserGetTx(p->flow->proto, ALPROTO_DNS, dns_state, tx_id); if (tx == NULL) continue; @@ -325,7 +322,7 @@ static TmEcode LogDnsLogIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQ } SCLogDebug("calling AppLayerTransactionUpdateLoggedId"); - AppLayerTransactionUpdateLogId(p->flow); + AppLayerParserSetTransactionLogId(p->flow->alparser); } end: @@ -458,8 +455,8 @@ OutputCtx *LogDnsLogInitCtx(ConfNode *conf) SCLogDebug("DNS log output initialized"); - AppLayerRegisterLogger(ALPROTO_DNS_UDP); - AppLayerRegisterLogger(ALPROTO_DNS_TCP); + AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS); + AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS); return output_ctx; } diff --git a/src/log-file.c b/src/log-file.c index 90acac047c..30b7f27eb7 100644 --- a/src/log-file.c +++ b/src/log-file.c @@ -95,7 +95,7 @@ typedef struct LogFileLogThread_ { static void LogFileMetaGetUri(FILE *fp, Packet *p, File *ff) { HtpState *htp_state = (HtpState *)p->flow->alstate; if (htp_state != NULL) { - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid); if (tx != NULL) { HtpTxUserData *tx_ud = htp_tx_get_user_data(tx); if (tx_ud->request_uri_normalized != NULL) { @@ -113,7 +113,7 @@ static void LogFileMetaGetUri(FILE *fp, Packet *p, File *ff) { static void LogFileMetaGetHost(FILE *fp, Packet *p, File *ff) { HtpState *htp_state = (HtpState *)p->flow->alstate; if (htp_state != NULL) { - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid); if (tx != NULL && tx->request_hostname != NULL) { PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(tx->request_hostname), bstr_len(tx->request_hostname)); @@ -127,7 +127,7 @@ static void LogFileMetaGetHost(FILE *fp, Packet *p, File *ff) { static void LogFileMetaGetReferer(FILE *fp, Packet *p, File *ff) { HtpState *htp_state = (HtpState *)p->flow->alstate; if (htp_state != NULL) { - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid); if (tx != NULL) { htp_header_t *h = NULL; h = (htp_header_t *)htp_table_get_c(tx->request_headers, @@ -146,7 +146,7 @@ static void LogFileMetaGetReferer(FILE *fp, Packet *p, File *ff) { static void LogFileMetaGetUserAgent(FILE *fp, Packet *p, File *ff) { HtpState *htp_state = (HtpState *)p->flow->alstate; if (htp_state != NULL) { - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid); if (tx != NULL) { htp_header_t *h = NULL; h = (htp_header_t *)htp_table_get_c(tx->request_headers, @@ -295,7 +295,8 @@ static TmEcode LogFileLogWrap(ThreadVars *tv, Packet *p, void *data, PacketQueue FLOWLOCK_WRLOCK(p->flow); file_trunc = StreamTcpReassembleDepthReached(p); - FileContainer *ffc = AppLayerGetFilesFromFlow(p->flow, flags); + FileContainer *ffc = AppLayerParserGetFiles(IPPROTO_TCP, p->flow->alproto, + p->flow->alstate, flags); SCLogDebug("ffc %p", ffc); if (ffc != NULL) { File *ff; diff --git a/src/log-filestore.c b/src/log-filestore.c index 933101e1a7..12e56143ca 100644 --- a/src/log-filestore.c +++ b/src/log-filestore.c @@ -98,7 +98,7 @@ typedef struct LogFilestoreLogThread_ { static void LogFilestoreMetaGetUri(FILE *fp, Packet *p, File *ff) { HtpState *htp_state = (HtpState *)p->flow->alstate; if (htp_state != NULL) { - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid); if (tx != NULL) { HtpTxUserData *tx_ud = htp_tx_get_user_data(tx); if (tx_ud->request_uri_normalized != NULL) { @@ -115,7 +115,7 @@ static void LogFilestoreMetaGetUri(FILE *fp, Packet *p, File *ff) { static void LogFilestoreMetaGetHost(FILE *fp, Packet *p, File *ff) { HtpState *htp_state = (HtpState *)p->flow->alstate; if (htp_state != NULL) { - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid); if (tx != NULL && tx->request_hostname != NULL) { PrintRawUriFp(fp, (uint8_t *)bstr_ptr(tx->request_hostname), bstr_len(tx->request_hostname)); @@ -129,7 +129,7 @@ static void LogFilestoreMetaGetHost(FILE *fp, Packet *p, File *ff) { static void LogFilestoreMetaGetReferer(FILE *fp, Packet *p, File *ff) { HtpState *htp_state = (HtpState *)p->flow->alstate; if (htp_state != NULL) { - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid); if (tx != NULL) { htp_header_t *h = NULL; h = (htp_header_t *)htp_table_get_c(tx->request_headers, @@ -148,7 +148,7 @@ static void LogFilestoreMetaGetReferer(FILE *fp, Packet *p, File *ff) { static void LogFilestoreMetaGetUserAgent(FILE *fp, Packet *p, File *ff) { HtpState *htp_state = (HtpState *)p->flow->alstate; if (htp_state != NULL) { - htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid); + htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid); if (tx != NULL) { htp_header_t *h = NULL; h = (htp_header_t *)htp_table_get_c(tx->request_headers, @@ -289,7 +289,7 @@ static TmEcode LogFilestoreLogWrap(ThreadVars *tv, Packet *p, void *data, Packet FLOWLOCK_WRLOCK(p->flow); file_trunc = StreamTcpReassembleDepthReached(p); - FileContainer *ffc = AppLayerGetFilesFromFlow(p->flow, flags); + FileContainer *ffc = AppLayerParserGetFiles(IPPROTO_TCP, p->flow->alproto, p->flow->alstate, flags); SCLogDebug("ffc %p", ffc); if (ffc != NULL) { File *ff; diff --git a/src/log-httplog.c b/src/log-httplog.c index 5b836fe0f1..e8de1bdf14 100644 --- a/src/log-httplog.c +++ b/src/log-httplog.c @@ -43,6 +43,7 @@ #include "log-httplog.h" #include "app-layer-htp.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "util-privs.h" #include "util-buffer.h" @@ -445,20 +446,20 @@ static TmEcode LogHttpLogIPWrapper(ThreadVars *tv, Packet *p, void *data, Packet /* check if we have HTTP state or not */ FLOWLOCK_WRLOCK(p->flow); /* WRITE lock before we updated flow logged id */ - uint16_t proto = AppLayerGetProtoFromPacket(p); + uint16_t proto = FlowGetAppProtocol(p->flow); if (proto != ALPROTO_HTTP) goto end; - htp_state = (HtpState *)AppLayerGetProtoStateFromPacket(p); + htp_state = (HtpState *)FlowGetAppState(p->flow); if (htp_state == NULL) { SCLogDebug("no http state, so no request logging"); goto end; } - total_txs = AppLayerGetTxCnt(ALPROTO_HTTP, htp_state); - tx_id = AppLayerTransactionGetLogId(p->flow); - tx_progress_done_value_ts = AppLayerGetAlstateProgressCompletionStatus(ALPROTO_HTTP, 0); - tx_progress_done_value_tc = AppLayerGetAlstateProgressCompletionStatus(ALPROTO_HTTP, 1); + total_txs = AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state); + tx_id = AppLayerParserGetTransactionLogId(p->flow->alparser); + tx_progress_done_value_ts = AppLayerParserGetStateProgressCompletionStatus(IPPROTO_TCP, ALPROTO_HTTP, STREAM_TOSERVER); + tx_progress_done_value_tc = AppLayerParserGetStateProgressCompletionStatus(IPPROTO_TCP, ALPROTO_HTTP, STREAM_TOCLIENT); CreateTimeString(&p->ts, timebuf, sizeof(timebuf)); @@ -498,18 +499,18 @@ static TmEcode LogHttpLogIPWrapper(ThreadVars *tv, Packet *p, void *data, Packet for (; tx_id < total_txs; tx_id++) { - tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, tx_id); + tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, tx_id); if (tx == NULL) { SCLogDebug("tx is NULL not logging !!"); continue; } - if (!(((AppLayerParserStateStore *)p->flow->alparser)->id_flags & APP_LAYER_TRANSACTION_EOF)) { - tx_progress = AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0); + if (!AppLayerParserParserStateIssetFlag(p->flow->alparser, APP_LAYER_PARSER_EOF)) { + tx_progress = AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER); if (tx_progress < tx_progress_done_value_ts) break; - tx_progress = AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1); + tx_progress = AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOCLIENT); if (tx_progress < tx_progress_done_value_tc) break; } @@ -572,7 +573,7 @@ static TmEcode LogHttpLogIPWrapper(ThreadVars *tv, Packet *p, void *data, Packet fflush(hlog->file_ctx->fp); SCMutexUnlock(&hlog->file_ctx->fp_mutex); - AppLayerTransactionUpdateLogId(p->flow); + AppLayerParserSetTransactionLogId(p->flow->alparser); } end: @@ -789,7 +790,7 @@ OutputCtx *LogHttpLogInitCtx(ConfNode *conf) SCLogDebug("HTTP log output initialized"); /* enable the logger for the app layer */ - AppLayerRegisterLogger(ALPROTO_HTTP); + AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP); return output_ctx; diff --git a/src/log-tlslog.c b/src/log-tlslog.c index ab09fddec2..58f303e3b8 100644 --- a/src/log-tlslog.c +++ b/src/log-tlslog.c @@ -43,6 +43,7 @@ #include "log-tlslog.h" #include "app-layer-ssl.h" #include "app-layer.h" +#include "app-layer-parser.h" #include "util-privs.h" #include "util-buffer.h" @@ -367,11 +368,11 @@ static TmEcode LogTlsLogIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQ /* check if we have TLS state or not */ FLOWLOCK_WRLOCK(p->flow); - uint16_t proto = AppLayerGetProtoFromPacket(p); + uint16_t proto = FlowGetAppProtocol(p->flow); if (proto != ALPROTO_TLS) goto end; - SSLState *ssl_state = (SSLState *) AppLayerGetProtoStateFromPacket(p); + SSLState *ssl_state = (SSLState *)FlowGetAppState(p->flow); if (ssl_state == NULL) { SCLogDebug("no tls state, so no request logging"); goto end; @@ -384,7 +385,7 @@ static TmEcode LogTlsLogIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQ LogTlsLogPem(aft, p, ssl_state, hlog, ipproto); } - if (AppLayerTransactionGetLogId(p->flow) != 0) { + if (AppLayerParserGetTransactionLogId(p->flow->alparser) != 0) { goto end; } @@ -405,7 +406,7 @@ static TmEcode LogTlsLogIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQ timebuf, srcip, sp, dstip, dp, ssl_state->server_connp.cert0_subject, ssl_state->server_connp.cert0_issuerdn); - AppLayerTransactionUpdateLogId(p->flow); + AppLayerParserSetTransactionLogId(p->flow->alparser); if (hlog->flags & LOG_TLS_EXTENDED) { LogTlsLogExtended(aft, ssl_state); @@ -595,7 +596,7 @@ OutputCtx *LogTlsLogInitCtx(ConfNode *conf) SCLogDebug("TLS log output initialized"); /* enable the logger for the app layer */ - AppLayerRegisterLogger(ALPROTO_TLS); + AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS); return output_ctx; diff --git a/src/runmode-unittests.c b/src/runmode-unittests.c index 60b93d5cce..83481388b9 100644 --- a/src/runmode-unittests.c +++ b/src/runmode-unittests.c @@ -138,8 +138,7 @@ int RunUnittests(int list_unittests, char *regex_arg) MpmCudaEnvironmentSetup(); #endif - AppLayerDetectProtoThreadInit(); - AppLayerParsersInitPostProcess(); + AppLayerSetup(); /* hardcoded initialization code */ SigTableSetup(); /* load the rule keywords */ @@ -196,8 +195,6 @@ int RunUnittests(int list_unittests, char *regex_arg) SSHParserRegisterTests(); #endif SMBParserRegisterTests(); - DCERPCParserRegisterTests(); - DCERPCUDPParserRegisterTests(); FTPParserRegisterTests(); DecodeRawRegisterTests(); DecodePPPOERegisterTests(); @@ -209,7 +206,7 @@ int RunUnittests(int list_unittests, char *regex_arg) DecodeUDPV4RegisterTests(); DecodeGRERegisterTests(); DecodeAsn1RegisterTests(); - AlpDetectRegisterTests(); + AppLayerProtoDetectUnittestsRegister(); ConfRegisterTests(); ConfYamlRegisterTests(); TmqhFlowRegisterTests(); @@ -220,7 +217,7 @@ int RunUnittests(int list_unittests, char *regex_arg) SigGroupHeadRegisterTests(); SCHInfoRegisterTests(); SCRuleVarsRegisterTests(); - AppLayerParserRegisterTests(); + AppLayerParserRegisterUnittests(); ThreadMacrosRegisterTests(); UtilSpmSearchRegistertests(); UtilActionRegisterTests(); @@ -264,7 +261,7 @@ int RunUnittests(int list_unittests, char *regex_arg) #ifdef __SC_CUDA_SUPPORT__ CudaBufferRegisterUnittests(); #endif - AppLayerRegisterUnittests(); + AppLayerUnittestsRegister(); if (list_unittests) { UtListTests(regex_arg); } else { diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c index 66082c0580..a05391ba34 100644 --- a/src/stream-tcp-reassemble.c +++ b/src/stream-tcp-reassemble.c @@ -318,8 +318,6 @@ int StreamTcpReassembleInit(char quiet) } #ifdef DEBUG -extern uint32_t applayererrors; -extern uint32_t applayerhttperrors; static uint32_t dbg_app_layer_gap; static uint32_t dbg_app_layer_gap_candidate; #endif @@ -352,8 +350,6 @@ void StreamTcpReassembleFree(char quiet) SCLogDebug("segment_pool_memcnt %"PRIu64"", segment_pool_memcnt); SCMutexDestroy(&segment_pool_memuse_mutex); SCMutexDestroy(&segment_pool_cnt_mutex); - SCLogInfo("applayererrors %u", applayererrors); - SCLogInfo("applayerhttperrors %u", applayerhttperrors); SCLogInfo("dbg_app_layer_gap %u", dbg_app_layer_gap); SCLogInfo("dbg_app_layer_gap_candidate %u", dbg_app_layer_gap_candidate); #endif @@ -369,7 +365,8 @@ TcpReassemblyThreadCtx *StreamTcpReassembleInitThreadCtx(void) memset(ra_ctx, 0x00, sizeof(TcpReassemblyThreadCtx)); ra_ctx->stream_q = StreamMsgQueueGetNew(); - AlpProtoFinalize2Thread(&ra_ctx->dp_ctx); + ra_ctx->app_tctx = AppLayerGetCtxThread(); + SCReturnPtr(ra_ctx, "TcpReassemblyThreadCtx"); } @@ -386,7 +383,7 @@ void StreamTcpReassembleFreeThreadCtx(TcpReassemblyThreadCtx *ra_ctx) } ra_ctx->stream_q = NULL; - AlpProtoDeFinalize2Thread(&ra_ctx->dp_ctx); + AppLayerDestroyCtxThread(ra_ctx->app_tctx); SCFree(ra_ctx); SCReturn; } @@ -1892,8 +1889,8 @@ int StreamTcpReassembleInlineAppLayer(ThreadVars *tv, SCLogDebug("sending empty eof message"); /* send EOF to app layer */ STREAM_SET_INLINE_FLAGS(ssn, stream, p, flags); - AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream, - NULL, 0, p, flags); + AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, + NULL, 0, flags); PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p); } else { @@ -1971,8 +1968,8 @@ int StreamTcpReassembleInlineAppLayer(ThreadVars *tv, STREAM_SET_INLINE_FLAGS(ssn, stream, p, flags); /* process what we have so far */ - AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream, - data, data_len, p, flags); + AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, + data, data_len, flags); PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p); data_sent += data_len; @@ -2000,8 +1997,8 @@ int StreamTcpReassembleInlineAppLayer(ThreadVars *tv, /* send gap signal */ STREAM_SET_INLINE_FLAGS(ssn, stream, p, flags); - AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream, - NULL, 0, p, flags|STREAM_GAP); + AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, + NULL, 0, flags|STREAM_GAP); PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p); data_len = 0; @@ -2072,8 +2069,8 @@ int StreamTcpReassembleInlineAppLayer(ThreadVars *tv, /* process what we have so far */ STREAM_SET_INLINE_FLAGS(ssn, stream, p, flags); BUG_ON(data_len > sizeof(data)); - AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream, - data, data_len, p, flags); + AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, + data, data_len, flags); PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p); data_sent += data_len; data_len = 0; @@ -2126,8 +2123,8 @@ int StreamTcpReassembleInlineAppLayer(ThreadVars *tv, /* process what we have so far */ STREAM_SET_INLINE_FLAGS(ssn, stream, p, flags); BUG_ON(data_len > sizeof(data)); - AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream, - data, data_len, p, flags); + AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, + data, data_len, flags); PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p); data_sent += data_len; data_len = 0; @@ -2162,8 +2159,8 @@ int StreamTcpReassembleInlineAppLayer(ThreadVars *tv, /* process what we have so far */ STREAM_SET_INLINE_FLAGS(ssn, stream, p, flags); BUG_ON(data_len > sizeof(data)); - AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream, - data, data_len, p, flags); + AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, + data, data_len, flags); PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p); data_sent += data_len; } @@ -2172,8 +2169,8 @@ int StreamTcpReassembleInlineAppLayer(ThreadVars *tv, SCLogDebug("sending empty eof message"); /* send EOF to app layer */ STREAM_SET_INLINE_FLAGS(ssn, stream, p, flags); - AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream, - NULL, 0, p, flags); + AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, + NULL, 0, flags); PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p); } @@ -2679,8 +2676,8 @@ int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, SCLogDebug("sending empty eof message"); /* send EOF to app layer */ STREAM_SET_FLAGS(ssn, stream, p, flags); - AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream, - NULL, 0, p, flags); + AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, + NULL, 0, flags); PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p); SCReturnInt(0); @@ -2783,8 +2780,8 @@ int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, STREAM_SET_FLAGS(ssn, stream, p, flags); /* process what we have so far */ - AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream, - data, data_len, p, flags); + AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, + data, data_len, flags); PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p); data_len = 0; } @@ -2810,8 +2807,8 @@ int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, /* send gap signal */ STREAM_SET_FLAGS(ssn, stream, p, flags); - AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream, - NULL, 0, p, flags|STREAM_GAP); + AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, + NULL, 0, flags|STREAM_GAP); PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p); data_len = 0; @@ -2907,8 +2904,8 @@ int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, /* process what we have so far */ STREAM_SET_FLAGS(ssn, stream, p, flags); BUG_ON(data_len > sizeof(data)); - AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream, - data, data_len, p, flags); + AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, + data, data_len, flags); PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p); data_len = 0; @@ -2967,8 +2964,8 @@ int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, /* process what we have so far */ STREAM_SET_FLAGS(ssn, stream, p, flags); BUG_ON(data_len > sizeof(data)); - AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream, - data, data_len, p, flags); + AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, + data, data_len, flags); PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p); data_len = 0; @@ -3014,8 +3011,8 @@ int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, /* process what we have so far */ STREAM_SET_FLAGS(ssn, stream, p, flags); BUG_ON(data_len > sizeof(data)); - AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream, - data, data_len, p, flags); + AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, + data, data_len, flags); PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p); } @@ -3436,7 +3433,7 @@ int StreamTcpReassembleProcessAppLayer(TcpReassemblyThreadCtx *ra_ctx) /* Handle the stream msg. No need to use locking, flow is * already locked at this point. Don't break out of the * loop if we encounter an error. */ - if (AppLayerHandleTCPMsg(&ra_ctx->dp_ctx, smsg) != 0) + if (AppLayerHandleTCPMsg(smsg) != 0) r = -1; } @@ -3748,6 +3745,7 @@ static int StreamTcpReassembleStreamTest(TcpStream *stream) { memset(&tv, 0, sizeof (ThreadVars)); FLOW_INITIALIZE(&f); f.protoctx = &ssn; + f.proto = IPPROTO_TCP; p->src.family = AF_INET; p->dst.family = AF_INET; p->proto = IPPROTO_TCP; @@ -4107,6 +4105,7 @@ static int StreamTcpTestStartsBeforeListSegment(TcpStream *stream) { memset(&tv, 0, sizeof (ThreadVars)); FLOW_INITIALIZE(&f); f.protoctx = &ssn; + f.proto = IPPROTO_TCP; p->src.family = AF_INET; p->dst.family = AF_INET; p->proto = IPPROTO_TCP; @@ -4221,6 +4220,7 @@ static int StreamTcpTestStartsAtSameListSegment(TcpStream *stream) { memset(&tv, 0, sizeof (ThreadVars)); FLOW_INITIALIZE(&f); f.protoctx = &ssn; + f.proto = IPPROTO_TCP; p->src.family = AF_INET; p->dst.family = AF_INET; p->proto = IPPROTO_TCP; @@ -4335,6 +4335,7 @@ static int StreamTcpTestStartsAfterListSegment(TcpStream *stream) { memset(&tv, 0, sizeof (ThreadVars)); FLOW_INITIALIZE(&f); f.protoctx = &ssn; + f.proto = IPPROTO_TCP; p->src.family = AF_INET; p->dst.family = AF_INET; p->proto = IPPROTO_TCP; @@ -5065,6 +5066,7 @@ static int StreamTcpTestMissedPacket (TcpReassemblyThreadCtx *ra_ctx, f.sp = sp; f.dp = dp; f.protoctx = ssn; + f.proto = IPPROTO_TCP; p->flow = &f; tcph.th_win = htons(5480); @@ -5662,6 +5664,7 @@ static int StreamTcpReassembleTest32(void) { memset(&tv, 0, sizeof (ThreadVars)); FLOW_INITIALIZE(&f); f.protoctx = &ssn; + f.proto = IPPROTO_TCP; p->src.family = AF_INET; p->dst.family = AF_INET; p->proto = IPPROTO_TCP; @@ -5744,6 +5747,7 @@ static int StreamTcpReassembleTest33(void) { memset(&tv, 0, sizeof (ThreadVars)); FLOW_INITIALIZE(&f); f.protoctx = &ssn; + f.proto = IPPROTO_TCP; p->src.family = AF_INET; p->dst.family = AF_INET; p->proto = IPPROTO_TCP; @@ -5823,6 +5827,7 @@ static int StreamTcpReassembleTest34(void) { memset(&tv, 0, sizeof (ThreadVars)); FLOW_INITIALIZE(&f); f.protoctx = &ssn; + f.proto = IPPROTO_TCP; p->src.family = AF_INET; p->dst.family = AF_INET; p->proto = IPPROTO_TCP; @@ -5903,6 +5908,7 @@ static int StreamTcpReassembleTest35(void) { memset(&tv, 0, sizeof (ThreadVars)); FLOW_INITIALIZE(&f); f.protoctx = &ssn; + f.proto = IPPROTO_TCP; p->src.family = AF_INET; p->dst.family = AF_INET; p->proto = IPPROTO_TCP; @@ -5970,6 +5976,7 @@ static int StreamTcpReassembleTest36(void) { memset(&tv, 0, sizeof (ThreadVars)); FLOW_INITIALIZE(&f); f.protoctx = &ssn; + f.proto = IPPROTO_TCP; p->src.family = AF_INET; p->dst.family = AF_INET; p->proto = IPPROTO_TCP; @@ -6037,6 +6044,7 @@ static int StreamTcpReassembleTest37(void) { FLOW_INITIALIZE(&f); f.protoctx = &ssn; + f.proto = IPPROTO_TCP; p->src.family = AF_INET; p->dst.family = AF_INET; p->proto = IPPROTO_TCP; @@ -6155,6 +6163,7 @@ static int StreamTcpReassembleTest38 (void) { f.sp = sp; f.dp = dp; f.protoctx = &ssn; + f.proto = IPPROTO_TCP; p->flow = &f; tcph.th_win = htons(5480); @@ -6234,6 +6243,7 @@ static int StreamTcpReassembleTest39 (void) { memset(&tcph, 0, sizeof (TCPHdr)); f.flags = FLOW_IPV4; + f.proto = IPPROTO_TCP; p->flow = &f; p->tcph = &tcph; @@ -6855,6 +6865,7 @@ static int StreamTcpReassembleTest40 (void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; p->flow = f; tcph.th_win = htons(5480); @@ -7096,6 +7107,7 @@ static int StreamTcpReassembleTest43 (void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; p->flow = f; tcph.th_win = htons(5480); @@ -7318,6 +7330,7 @@ static int StreamTcpReassembleTest45 (void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; p->flow = f; tcph.th_win = htons(5480); @@ -7436,6 +7449,7 @@ static int StreamTcpReassembleTest46 (void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; p->flow = f; tcph.th_win = htons(5480); @@ -7559,6 +7573,7 @@ static int StreamTcpReassembleTest47 (void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; p->flow = f; tcph.th_win = htons(5480); @@ -8685,6 +8700,7 @@ static int StreamTcpReassembleInlineTest10(void) { if (f == NULL) goto end; f->protoctx = &ssn; + f->proto = IPPROTO_TCP; uint8_t stream_payload1[] = "GE"; uint8_t stream_payload2[] = "T /"; diff --git a/src/stream-tcp-reassemble.h b/src/stream-tcp-reassemble.h index 2fdb5be734..281a50d5f2 100644 --- a/src/stream-tcp-reassemble.h +++ b/src/stream-tcp-reassemble.h @@ -53,7 +53,7 @@ enum typedef struct TcpReassemblyThreadCtx_ { StreamMsgQueue *stream_q; - AlpProtoDetectThreadCtx dp_ctx; /**< proto detection thread data */ + void *app_tctx; /** TCP segments which are not being reassembled due to memcap was reached */ uint16_t counter_tcp_segment_memcap; /** number of streams that stop reassembly because their depth is reached */ diff --git a/src/stream-tcp.c b/src/stream-tcp.c index d0ca665437..d9ba118380 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -4299,7 +4299,7 @@ int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt, StreamTcpSackFreeList(&ssn->client); StreamTcpSackFreeList(&ssn->server); /* reset the app layer state */ - AppLayerParserCleanupState(p->flow); + FlowCleanupAppLayer(p->flow); ssn->state = 0; ssn->flags = 0; diff --git a/src/suricata.c b/src/suricata.c index 2e16169df0..b031160459 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -118,6 +118,7 @@ #include "host.h" #include "unix-manager.h" +#include "app-layer.h" #include "app-layer-htp.h" #include "util-radix-tree.h" @@ -1852,8 +1853,7 @@ static int PostConfLoadedSetup(SCInstance *suri) break; } - AppLayerDetectProtoThreadInit(); - AppLayerParsersInitPostProcess(); + AppLayerSetup(); /* Check for the existance of the default logging directory which we pick * from suricata.yaml. If not found, shut the engine down */ @@ -1974,7 +1974,6 @@ static int PostConfLoadedSetup(SCInstance *suri) SCReturnInt(TM_ECODE_OK); } - int main(int argc, char **argv) { SCInstance suri; @@ -2292,7 +2291,7 @@ int main(int argc, char **argv) if (global_de_ctx) { DetectEngineCtxFree(global_de_ctx); } - AlpProtoDestroy(); + AppLayerDeSetup(); TagDestroyCtx(); diff --git a/src/util-error.c b/src/util-error.c index 86575dc827..3b15f30c19 100644 --- a/src/util-error.c +++ b/src/util-error.c @@ -282,6 +282,7 @@ const char * SCErrorToString(SCError err) CASE_CODE (SC_ERR_DNS_CONFIG); CASE_CODE (SC_ERR_CONF_YAML_ERROR); CASE_CODE (SC_ERR_CONF_NAME_TOO_LONG); + CASE_CODE (SC_ERR_APP_LAYER_PROTOCOL_DETECTION); } return "UNKNOWN_ERROR"; diff --git a/src/util-error.h b/src/util-error.h index 1f5ac34fd0..852bccf091 100644 --- a/src/util-error.h +++ b/src/util-error.h @@ -271,6 +271,7 @@ typedef enum { SC_ERR_DNS_CONFIG, SC_ERR_CONF_YAML_ERROR, SC_ERR_CONF_NAME_TOO_LONG, + SC_ERR_APP_LAYER_PROTOCOL_DETECTION, } SCError; const char *SCErrorToString(SCError); diff --git a/src/util-file.c b/src/util-file.c index ecf1547cd9..82de4f456e 100644 --- a/src/util-file.c +++ b/src/util-file.c @@ -643,7 +643,7 @@ void FileDisableStoring(Flow *f, uint8_t direction) { else f->flags |= FLOW_FILE_NO_STORE_TC; - FileContainer *ffc = AppLayerGetFilesFromFlow(f, direction); + FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction); if (ffc != NULL) { for (ptr = ffc->head; ptr != NULL; ptr = ptr->next) { /* if we're already storing, we'll continue */ @@ -674,7 +674,7 @@ void FileDisableMagic(Flow *f, uint8_t direction) { else f->flags |= FLOW_FILE_NO_MAGIC_TC; - FileContainer *ffc = AppLayerGetFilesFromFlow(f, direction); + FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction); if (ffc != NULL) { for (ptr = ffc->head; ptr != NULL; ptr = ptr->next) { SCLogDebug("disabling magic for file %p from direction %s", @@ -704,7 +704,7 @@ void FileDisableMd5(Flow *f, uint8_t direction) { else f->flags |= FLOW_FILE_NO_MD5_TC; - FileContainer *ffc = AppLayerGetFilesFromFlow(f, direction); + FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction); if (ffc != NULL) { for (ptr = ffc->head; ptr != NULL; ptr = ptr->next) { SCLogDebug("disabling md5 for file %p from direction %s", @@ -742,7 +742,7 @@ void FileDisableFilesize(Flow *f, uint8_t direction) { else f->flags |= FLOW_FILE_NO_SIZE_TC; - FileContainer *ffc = AppLayerGetFilesFromFlow(f, direction); + FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction); if (ffc != NULL) { for (ptr = ffc->head; ptr != NULL; ptr = ptr->next) { SCLogDebug("disabling size tracking for file %p from direction %s", @@ -790,7 +790,7 @@ void FileDisableStoringForTransaction(Flow *f, uint8_t direction, uint64_t tx_id SCEnter(); - FileContainer *ffc = AppLayerGetFilesFromFlow(f, direction); + FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction); if (ffc != NULL) { for (ptr = ffc->head; ptr != NULL; ptr = ptr->next) { if (ptr->txid == tx_id) { diff --git a/src/util-memcmp.h b/src/util-memcmp.h index 1585f7a923..b5dc449845 100644 --- a/src/util-memcmp.h +++ b/src/util-memcmp.h @@ -57,6 +57,8 @@ MemcmpLowercase(void *s1, void *s2, size_t n) { #include +/* No SIMD support, fall back to plain memcmp and a home grown lowercase one */ + static inline int SCMemcmp(void *s1, void *s2, size_t n) { __m128i b1, b2; diff --git a/src/util-mpm-ac-bs.c b/src/util-mpm-ac-bs.c index 759e22a6f0..471e850c16 100644 --- a/src/util-mpm-ac-bs.c +++ b/src/util-mpm-ac-bs.c @@ -1737,7 +1737,7 @@ static int SCACBSTest01(void) /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -1771,7 +1771,7 @@ static int SCACBSTest02(void) /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abce", 4, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -1808,7 +1808,7 @@ static int SCACBSTest03(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"bcde", 4, 0, 0, 1, 0, 0); /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghj", 4, 0, 0, 2, 0, 0); - PmqSetup(&pmq, 0, 3); + PmqSetup(&pmq, 3); SCACBSPreparePatterns(&mpm_ctx); @@ -1842,7 +1842,7 @@ static int SCACBSTest04(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); MpmAddPatternCS(&mpm_ctx, (uint8_t *)"bcdegh", 6, 0, 0, 1, 0, 0); MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghjxyz", 7, 0, 0, 2, 0, 0); - PmqSetup(&pmq, 0, 3); + PmqSetup(&pmq, 3); SCACBSPreparePatterns(&mpm_ctx); @@ -1876,7 +1876,7 @@ static int SCACBSTest05(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"ABCD", 4, 0, 0, 0, 0, 0); MpmAddPatternCI(&mpm_ctx, (uint8_t *)"bCdEfG", 6, 0, 0, 1, 0, 0); MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghJikl", 7, 0, 0, 2, 0, 0); - PmqSetup(&pmq, 0, 3); + PmqSetup(&pmq, 3); SCACBSPreparePatterns(&mpm_ctx); @@ -1908,7 +1908,7 @@ static int SCACBSTest06(void) SCACBSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx, 0); MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -1952,7 +1952,7 @@ static int SCACBSTest07(void) /* 1 */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", 30, 0, 0, 5, 0, 0); - PmqSetup(&pmq, 0, 6); + PmqSetup(&pmq, 6); /* total matches: 135 */ SCACBSPreparePatterns(&mpm_ctx); @@ -1986,7 +1986,7 @@ static int SCACBSTest08(void) /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2018,7 +2018,7 @@ static int SCACBSTest09(void) /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ab", 2, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2050,7 +2050,7 @@ static int SCACBSTest10(void) /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcdefgh", 8, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2093,7 +2093,7 @@ static int SCACBSTest11(void) goto end; if (MpmAddPatternCS(&mpm_ctx, (uint8_t *)"hers", 4, 0, 0, 4, 0, 0) == -1) goto end; - PmqSetup(&pmq, 0, 5); + PmqSetup(&pmq, 5); if (SCACBSPreparePatterns(&mpm_ctx) == -1) goto end; @@ -2136,7 +2136,7 @@ static int SCACBSTest12(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"wxyz", 4, 0, 0, 0, 0, 0); /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"vwxyz", 5, 0, 0, 1, 0, 0); - PmqSetup(&pmq, 0, 2); + PmqSetup(&pmq, 2); SCACBSPreparePatterns(&mpm_ctx); @@ -2170,7 +2170,7 @@ static int SCACBSTest13(void) /* 1 match */ char *pat = "abcdefghijklmnopqrstuvwxyzABCD"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2204,7 +2204,7 @@ static int SCACBSTest14(void) /* 1 match */ char *pat = "abcdefghijklmnopqrstuvwxyzABCDE"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2238,7 +2238,7 @@ static int SCACBSTest15(void) /* 1 match */ char *pat = "abcdefghijklmnopqrstuvwxyzABCDEF"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2272,7 +2272,7 @@ static int SCACBSTest16(void) /* 1 match */ char *pat = "abcdefghijklmnopqrstuvwxyzABC"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2306,7 +2306,7 @@ static int SCACBSTest17(void) /* 1 match */ char *pat = "abcdefghijklmnopqrstuvwxyzAB"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2340,7 +2340,7 @@ static int SCACBSTest18(void) /* 1 match */ char *pat = "abcde""fghij""klmno""pqrst""uvwxy""z"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2374,7 +2374,7 @@ static int SCACBSTest19(void) /* 1 */ char *pat = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2407,7 +2407,7 @@ static int SCACBSTest20(void) /* 1 */ char *pat = "AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AA"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2440,7 +2440,7 @@ static int SCACBSTest21(void) /* 1 */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2474,7 +2474,7 @@ static int SCACBSTest22(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcde", 5, 0, 0, 1, 0, 0); - PmqSetup(&pmq, 0, 2); + PmqSetup(&pmq, 2); SCACBSPreparePatterns(&mpm_ctx); @@ -2507,7 +2507,7 @@ static int SCACBSTest23(void) /* 1 */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2539,7 +2539,7 @@ static int SCACBSTest24(void) /* 1 */ MpmAddPatternCI(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2572,7 +2572,7 @@ static int SCACBSTest25(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"ABCD", 4, 0, 0, 0, 0, 0); MpmAddPatternCI(&mpm_ctx, (uint8_t *)"bCdEfG", 6, 0, 0, 1, 0, 0); MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghiJkl", 7, 0, 0, 2, 0, 0); - PmqSetup(&pmq, 0, 3); + PmqSetup(&pmq, 3); SCACBSPreparePatterns(&mpm_ctx); @@ -2605,7 +2605,7 @@ static int SCACBSTest26(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"Works", 5, 0, 0, 0, 0, 0); MpmAddPatternCS(&mpm_ctx, (uint8_t *)"Works", 5, 0, 0, 1, 0, 0); - PmqSetup(&pmq, 0, 2); + PmqSetup(&pmq, 2); SCACBSPreparePatterns(&mpm_ctx); @@ -2638,7 +2638,7 @@ static int SCACBSTest27(void) /* 0 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ONE", 3, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2671,7 +2671,7 @@ static int SCACBSTest28(void) /* 0 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"one", 3, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACBSPreparePatterns(&mpm_ctx); @@ -2706,7 +2706,7 @@ static int SCACBSTest29(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"bcdef", 5, 0, 0, 1, 0, 0); MpmAddPatternCS(&mpm_ctx, (uint8_t *)"cdefg", 5, 0, 0, 3, 0, 0); MpmAddPatternCS(&mpm_ctx, (uint8_t *)"defgh", 5, 0, 0, 4, 0, 0); - PmqSetup(&pmq, 0, 4); + PmqSetup(&pmq, 4); SCACBSPreparePatterns(&mpm_ctx); diff --git a/src/util-mpm-ac-gfbs.c b/src/util-mpm-ac-gfbs.c index 12982ffbb2..a070710921 100644 --- a/src/util-mpm-ac-gfbs.c +++ b/src/util-mpm-ac-gfbs.c @@ -1693,7 +1693,7 @@ static int SCACGfbsTest01(void) /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -1726,7 +1726,7 @@ static int SCACGfbsTest02(void) /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abce", 4, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -1763,7 +1763,7 @@ static int SCACGfbsTest03(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"bcde", 4, 0, 0, 1, 0, 0); /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghj", 4, 0, 0, 2, 0, 0); - PmqSetup(&pmq, 0, 3); + PmqSetup(&pmq, 3); SCACGfbsPreparePatterns(&mpm_ctx); @@ -1797,7 +1797,7 @@ static int SCACGfbsTest04(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); MpmAddPatternCS(&mpm_ctx, (uint8_t *)"bcdegh", 6, 0, 0, 1, 0, 0); MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghjxyz", 7, 0, 0, 2, 0, 0); - PmqSetup(&pmq, 0, 3); + PmqSetup(&pmq, 3); SCACGfbsPreparePatterns(&mpm_ctx); @@ -1831,7 +1831,7 @@ static int SCACGfbsTest05(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"ABCD", 4, 0, 0, 0, 0, 0); MpmAddPatternCI(&mpm_ctx, (uint8_t *)"bCdEfG", 6, 0, 0, 1, 0, 0); MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghJikl", 7, 0, 0, 2, 0, 0); - PmqSetup(&pmq, 0, 3); + PmqSetup(&pmq, 3); SCACGfbsPreparePatterns(&mpm_ctx); @@ -1863,7 +1863,7 @@ static int SCACGfbsTest06(void) SCACGfbsInitThreadCtx(&mpm_ctx, &mpm_thread_ctx, 0); MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -1908,7 +1908,7 @@ static int SCACGfbsTest07(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", 30, 0, 0, 5, 0, 0); /* total matches: 135 */ - PmqSetup(&pmq, 0, 6); + PmqSetup(&pmq, 6); SCACGfbsPreparePatterns(&mpm_ctx); @@ -1941,7 +1941,7 @@ static int SCACGfbsTest08(void) /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -1973,7 +1973,7 @@ static int SCACGfbsTest09(void) /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ab", 2, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2005,7 +2005,7 @@ static int SCACGfbsTest10(void) /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcdefgh", 8, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2048,7 +2048,7 @@ static int SCACGfbsTest11(void) goto end; if (MpmAddPatternCS(&mpm_ctx, (uint8_t *)"hers", 4, 0, 0, 4, 0, 0) == -1) goto end; - PmqSetup(&pmq, 0, 4); + PmqSetup(&pmq, 4); if (SCACGfbsPreparePatterns(&mpm_ctx) == -1) goto end; @@ -2091,7 +2091,7 @@ static int SCACGfbsTest12(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"wxyz", 4, 0, 0, 0, 0, 0); /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"vwxyz", 5, 0, 0, 1, 0, 0); - PmqSetup(&pmq, 0, 2); + PmqSetup(&pmq, 2); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2125,7 +2125,7 @@ static int SCACGfbsTest13(void) /* 1 match */ char *pat = "abcdefghijklmnopqrstuvwxyzABCD"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2159,7 +2159,7 @@ static int SCACGfbsTest14(void) /* 1 match */ char *pat = "abcdefghijklmnopqrstuvwxyzABCDE"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2193,7 +2193,7 @@ static int SCACGfbsTest15(void) /* 1 match */ char *pat = "abcdefghijklmnopqrstuvwxyzABCDEF"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2227,7 +2227,7 @@ static int SCACGfbsTest16(void) /* 1 match */ char *pat = "abcdefghijklmnopqrstuvwxyzABC"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2261,7 +2261,7 @@ static int SCACGfbsTest17(void) /* 1 match */ char *pat = "abcdefghijklmnopqrstuvwxyzAB"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2295,7 +2295,7 @@ static int SCACGfbsTest18(void) /* 1 match */ char *pat = "abcde""fghij""klmno""pqrst""uvwxy""z"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2329,7 +2329,7 @@ static int SCACGfbsTest19(void) /* 1 */ char *pat = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2363,7 +2363,7 @@ static int SCACGfbsTest20(void) /* 1 */ char *pat = "AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AA"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2396,7 +2396,7 @@ static int SCACGfbsTest21(void) /* 1 */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2430,7 +2430,7 @@ static int SCACGfbsTest22(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcde", 5, 0, 0, 1, 0, 0); - PmqSetup(&pmq, 0, 2); + PmqSetup(&pmq, 2); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2463,7 +2463,7 @@ static int SCACGfbsTest23(void) /* 1 */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2495,7 +2495,7 @@ static int SCACGfbsTest24(void) /* 1 */ MpmAddPatternCI(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2528,7 +2528,7 @@ static int SCACGfbsTest25(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"ABCD", 4, 0, 0, 0, 0, 0); MpmAddPatternCI(&mpm_ctx, (uint8_t *)"bCdEfG", 6, 0, 0, 1, 0, 0); MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghiJkl", 7, 0, 0, 2, 0, 0); - PmqSetup(&pmq, 0, 3); + PmqSetup(&pmq, 3); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2561,7 +2561,7 @@ static int SCACGfbsTest26(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"Works", 5, 0, 0, 0, 0, 0); MpmAddPatternCS(&mpm_ctx, (uint8_t *)"Works", 5, 0, 0, 1, 0, 0); - PmqSetup(&pmq, 0, 2); + PmqSetup(&pmq, 2); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2593,7 +2593,7 @@ static int SCACGfbsTest27(void) /* 0 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ONE", 3, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); @@ -2625,7 +2625,7 @@ static int SCACGfbsTest28(void) /* 0 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"one", 3, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACGfbsPreparePatterns(&mpm_ctx); diff --git a/src/util-mpm-ac.c b/src/util-mpm-ac.c index 5447aae62c..f45970dc0b 100644 --- a/src/util-mpm-ac.c +++ b/src/util-mpm-ac.c @@ -2229,7 +2229,7 @@ static int SCACTest01(void) /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -2263,7 +2263,7 @@ static int SCACTest02(void) /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abce", 4, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -2300,7 +2300,7 @@ static int SCACTest03(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"bcde", 4, 0, 0, 1, 0, 0); /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghj", 4, 0, 0, 2, 0, 0); - PmqSetup(&pmq, 0, 3); + PmqSetup(&pmq, 3); SCACPreparePatterns(&mpm_ctx); @@ -2334,7 +2334,7 @@ static int SCACTest04(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); MpmAddPatternCS(&mpm_ctx, (uint8_t *)"bcdegh", 6, 0, 0, 1, 0, 0); MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghjxyz", 7, 0, 0, 2, 0, 0); - PmqSetup(&pmq, 0, 3); + PmqSetup(&pmq, 3); SCACPreparePatterns(&mpm_ctx); @@ -2368,7 +2368,7 @@ static int SCACTest05(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"ABCD", 4, 0, 0, 0, 0, 0); MpmAddPatternCI(&mpm_ctx, (uint8_t *)"bCdEfG", 6, 0, 0, 1, 0, 0); MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghJikl", 7, 0, 0, 2, 0, 0); - PmqSetup(&pmq, 0, 3); + PmqSetup(&pmq, 3); SCACPreparePatterns(&mpm_ctx); @@ -2400,7 +2400,7 @@ static int SCACTest06(void) SCACInitThreadCtx(&mpm_ctx, &mpm_thread_ctx, 0); MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -2444,7 +2444,7 @@ static int SCACTest07(void) /* 1 */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", 30, 0, 0, 5, 0, 0); - PmqSetup(&pmq, 0, 6); + PmqSetup(&pmq, 6); /* total matches: 135 */ SCACPreparePatterns(&mpm_ctx); @@ -2478,7 +2478,7 @@ static int SCACTest08(void) /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -2510,7 +2510,7 @@ static int SCACTest09(void) /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ab", 2, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -2542,7 +2542,7 @@ static int SCACTest10(void) /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcdefgh", 8, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -2585,7 +2585,7 @@ static int SCACTest11(void) goto end; if (MpmAddPatternCS(&mpm_ctx, (uint8_t *)"hers", 4, 0, 0, 4, 0, 0) == -1) goto end; - PmqSetup(&pmq, 0, 5); + PmqSetup(&pmq, 5); if (SCACPreparePatterns(&mpm_ctx) == -1) goto end; @@ -2628,7 +2628,7 @@ static int SCACTest12(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"wxyz", 4, 0, 0, 0, 0, 0); /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"vwxyz", 5, 0, 0, 1, 0, 0); - PmqSetup(&pmq, 0, 2); + PmqSetup(&pmq, 2); SCACPreparePatterns(&mpm_ctx); @@ -2662,7 +2662,7 @@ static int SCACTest13(void) /* 1 match */ char *pat = "abcdefghijklmnopqrstuvwxyzABCD"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -2696,7 +2696,7 @@ static int SCACTest14(void) /* 1 match */ char *pat = "abcdefghijklmnopqrstuvwxyzABCDE"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -2730,7 +2730,7 @@ static int SCACTest15(void) /* 1 match */ char *pat = "abcdefghijklmnopqrstuvwxyzABCDEF"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -2764,7 +2764,7 @@ static int SCACTest16(void) /* 1 match */ char *pat = "abcdefghijklmnopqrstuvwxyzABC"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -2798,7 +2798,7 @@ static int SCACTest17(void) /* 1 match */ char *pat = "abcdefghijklmnopqrstuvwxyzAB"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -2832,7 +2832,7 @@ static int SCACTest18(void) /* 1 match */ char *pat = "abcde""fghij""klmno""pqrst""uvwxy""z"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -2866,7 +2866,7 @@ static int SCACTest19(void) /* 1 */ char *pat = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -2900,7 +2900,7 @@ static int SCACTest20(void) /* 1 */ char *pat = "AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AA"; MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -2933,7 +2933,7 @@ static int SCACTest21(void) /* 1 */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -2967,7 +2967,7 @@ static int SCACTest22(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); /* 1 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcde", 5, 0, 0, 1, 0, 0); - PmqSetup(&pmq, 0, 2); + PmqSetup(&pmq, 2); SCACPreparePatterns(&mpm_ctx); @@ -3000,7 +3000,7 @@ static int SCACTest23(void) /* 1 */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -3032,7 +3032,7 @@ static int SCACTest24(void) /* 1 */ MpmAddPatternCI(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -3065,7 +3065,7 @@ static int SCACTest25(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"ABCD", 4, 0, 0, 0, 0, 0); MpmAddPatternCI(&mpm_ctx, (uint8_t *)"bCdEfG", 6, 0, 0, 1, 0, 0); MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghiJkl", 7, 0, 0, 2, 0, 0); - PmqSetup(&pmq, 0, 3); + PmqSetup(&pmq, 3); SCACPreparePatterns(&mpm_ctx); @@ -3098,7 +3098,7 @@ static int SCACTest26(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"Works", 5, 0, 0, 0, 0, 0); MpmAddPatternCS(&mpm_ctx, (uint8_t *)"Works", 5, 0, 0, 1, 0, 0); - PmqSetup(&pmq, 0, 2); + PmqSetup(&pmq, 2); SCACPreparePatterns(&mpm_ctx); @@ -3131,7 +3131,7 @@ static int SCACTest27(void) /* 0 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ONE", 3, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); @@ -3164,7 +3164,7 @@ static int SCACTest28(void) /* 0 match */ MpmAddPatternCS(&mpm_ctx, (uint8_t *)"one", 3, 0, 0, 0, 0, 0); - PmqSetup(&pmq, 0, 1); + PmqSetup(&pmq, 1); SCACPreparePatterns(&mpm_ctx); diff --git a/src/util-mpm.c b/src/util-mpm.c index 184d6054f1..7e711ba715 100644 --- a/src/util-mpm.c +++ b/src/util-mpm.c @@ -420,9 +420,9 @@ void MpmCudaEnvironmentSetup() * \retval -1 error * \retval 0 ok */ -int PmqSetup(PatternMatcherQueue *pmq, uint32_t sig_maxid, uint32_t patmaxid) { +int PmqSetup(PatternMatcherQueue *pmq, uint32_t patmaxid) { SCEnter(); - SCLogDebug("sig_maxid %u, patmaxid %u", sig_maxid, patmaxid); + SCLogDebug("patmaxid %u", patmaxid); if (pmq == NULL) { SCReturnInt(-1); diff --git a/src/util-mpm.h b/src/util-mpm.h index 0f42fa8ad9..f45ecfa4cb 100644 --- a/src/util-mpm.h +++ b/src/util-mpm.h @@ -234,7 +234,7 @@ MpmCtx *MpmFactoryGetMpmCtxForProfile(struct DetectEngineCtx_ *, int32_t, int); void MpmFactoryDeRegisterAllMpmCtxProfiles(struct DetectEngineCtx_ *); int32_t MpmFactoryIsMpmCtxAvailable(struct DetectEngineCtx_ *, MpmCtx *); -int PmqSetup(PatternMatcherQueue *, uint32_t, uint32_t); +int PmqSetup(PatternMatcherQueue *, uint32_t); void PmqMerge(PatternMatcherQueue *src, PatternMatcherQueue *dst); void PmqReset(PatternMatcherQueue *); void PmqCleanup(PatternMatcherQueue *); diff --git a/src/util-running-modes.c b/src/util-running-modes.c index 6a03dbd7ed..8f30044dc7 100644 --- a/src/util-running-modes.c +++ b/src/util-running-modes.c @@ -23,6 +23,7 @@ #include "suricata-common.h" #include "config.h" #include "app-layer-detect-proto.h" +#include "app-layer.h" #include "util-cuda.h" #include "util-unittest.h" @@ -36,8 +37,9 @@ int ListKeywords(const char *keyword_info) int ListAppLayerProtocols() { MpmTableSetup(); - AppLayerDetectProtoThreadInit(); + AppLayerSetup(); AppLayerListSupportedProtocols(); + exit(EXIT_SUCCESS); } diff --git a/suricata.yaml.in b/suricata.yaml.in index d18ceb77b6..7c4747821e 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -1022,8 +1022,7 @@ app-layer: tls: enabled: yes detection-ports: - tcp: - toserver: 443 + toserver: 443 #no-reassemble: yes dcerpc: @@ -1041,21 +1040,19 @@ app-layer: smb: enabled: yes detection-ports: - tcp: - toserver: 139 + toserver: 139 # smb2 detection is disabled internally inside the engine. #smb2: # enabled: yes - dnstcp: - enabled: yes - detection-ports: - tcp: - toserver: 53 - dnsudp: - enabled: yes - detection-ports: - udp: - toserver: 53 + dns: + tcp: + enabled: yes + detection-ports: + toserver: 53 + udp: + enabled: yes + detection-ports: + toserver: 53 http: enabled: yes