From: Victor Julien Date: Mon, 9 Dec 2013 16:41:22 +0000 (+0100) Subject: app-layer: configurable GetActiveTxId function X-Git-Tag: suricata-2.0rc1~210 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F762%2Fhead;p=thirdparty%2Fsuricata.git app-layer: configurable GetActiveTxId function In preparation of a patchset that will allow for disabling the detect module, this patch introduces a way to register a function for getting the lowest active tx id. This is used by the app layer for cleaning up transactions that already fully inspected, and by the flow timeout code to determine if a flow is fully inspected and logged at timeout. The registration function RegisterAppLayerGetActiveTxIdFunc allows for registration of a custom function of type: uint64_t (*GetActiveTxIdFunc)(Flow *f, uint8_t flags); If no function is called, AppLayerTransactionGetActiveDetectLog is used, which implements the existing behaviour of considering both the inspect_id's and the log_id. --- diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 1532fd6a73..a25acfaa81 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -68,6 +68,8 @@ #include "runmodes.h" +static GetActiveTxIdFunc AppLayerGetActiveTxIdFuncPtr = NULL; + struct AppLayerParserThreadCtx_ { void *alproto_local_storage[FLOW_PROTO_MAX][ALPROTO_MAX]; }; @@ -168,6 +170,11 @@ int AppLayerParserSetup(void) memset(&alp_ctx, 0, sizeof(alp_ctx)); + /* set the default tx handler if none was set explicitly */ + if (AppLayerGetActiveTxIdFuncPtr == NULL) { + RegisterAppLayerGetActiveTxIdFunc(AppLayerTransactionGetActiveDetectLog); + } + SCReturnInt(0); } @@ -592,12 +599,10 @@ FileContainer *AppLayerParserGetFiles(uint8_t ipproto, AppProto alproto, SCReturnPtr(ptr, "FileContainer *"); } -/** - * \brief Get 'active' tx id, meaning the lowest id that still need work. +/** \brief active TX retrieval for normal ops: so with detection and logging * - * \retval id tx id - */ -static uint64_t AppLayerTransactionGetActive(Flow *f, uint8_t flags) { + * \retval tx_id lowest tx_id that still needs work */ +uint64_t AppLayerTransactionGetActiveDetectLog(Flow *f, uint8_t flags) { AppLayerParserProtoCtx *p = &alp_ctx.ctxs[FlowGetProtoMapping(f->proto)][f->alproto]; uint64_t log_id = f->alparser->log_id; uint64_t inspect_id = f->alparser->inspect_id[flags & STREAM_TOSERVER ? 0 : 1]; @@ -608,6 +613,22 @@ static uint64_t AppLayerTransactionGetActive(Flow *f, uint8_t flags) { } } +void RegisterAppLayerGetActiveTxIdFunc(GetActiveTxIdFunc FuncPtr) { + BUG_ON(AppLayerGetActiveTxIdFuncPtr != NULL); + AppLayerGetActiveTxIdFuncPtr = FuncPtr; +} + +/** + * \brief Get 'active' tx id, meaning the lowest id that still need work. + * + * \retval id tx id + */ +static uint64_t AppLayerTransactionGetActive(Flow *f, uint8_t flags) { + BUG_ON(AppLayerGetActiveTxIdFuncPtr == NULL); + + return AppLayerGetActiveTxIdFuncPtr(f, flags); +} + #ifndef MIN #define MIN(a, b) (((a) < (b)) ? (a) : (b)) #endif @@ -661,7 +682,6 @@ int AppLayerParserGetStateProgressCompletionStatus(uint8_t ipproto, AppProto alp SCEnter(); SCReturnInt(alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. StateGetProgressCompletionStatus(direction)); - } int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name, diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index 99eb54f5bc..1028bcfe03 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -32,6 +32,28 @@ #define APP_LAYER_PARSER_NO_INSPECTION 0x02 #define APP_LAYER_PARSER_NO_REASSEMBLY 0x04 + + +/***** transaction handling *****/ + +/** \brief Function ptr type for getting active TxId from a flow + * Used by AppLayerTransactionGetActive. + */ +typedef uint64_t (*GetActiveTxIdFunc)(Flow *f, uint8_t flags); + +/** \brief Register GetActiveTxId Function + * + */ +void RegisterAppLayerGetActiveTxIdFunc(GetActiveTxIdFunc FuncPtr); + +/** \brief active TX retrieval for normal ops: so with detection and logging + * + * \retval tx_id lowest tx_id that still needs work + * + * This is the default function. + */ +uint64_t AppLayerTransactionGetActiveDetectLog(Flow *f, uint8_t flags); + int AppLayerParserSetup(void); int AppLayerParserDeSetup(void);