From: Victor Julien <victor@inliniac.net>
Date: Mon, 27 Jan 2014 13:36:15 +0000 (+0100)
Subject: no-detect: handle protocols that have no logger
X-Git-Tag: suricata-2.0rc1~149
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F796%2Fhead;p=thirdparty%2Fsuricata.git

no-detect: handle protocols that have no logger

If a protocol parser is active without a logger when detection is
disabled, the transaction handling logic would fail. Now it will
return the proper tx id so we can clean up the complete transactions.
---

diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index 221a003920..441ca33f11 100644
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -615,14 +615,41 @@ uint64_t AppLayerTransactionGetActiveDetectLog(Flow *f, uint8_t flags) {
 
 /** \brief active TX retrieval for logging only: so NO detection
  *
- *  We simply return the log_id here.
+ *  If the logger is enabled, we simply return the log_id here.
  *
- *  \todo what if a logger is disabled?
+ *  Otherwise, we go look for the tx id. There probably is no point
+ *  in running this function in that case though. With no detection
+ *  and no logging, why run a parser in the first place?
  **/
 uint64_t AppLayerTransactionGetActiveLogOnly(Flow *f, uint8_t flags) {
-    uint64_t log_id = f->alparser->log_id;
-    SCLogDebug("returning %"PRIu64, log_id);
-    return log_id;
+    AppLayerParserProtoCtx *p = &alp_ctx.ctxs[f->protomap][f->alproto];
+
+    if (p->logger == TRUE) {
+        uint64_t log_id = f->alparser->log_id;
+        SCLogDebug("returning %"PRIu64, log_id);
+        return log_id;
+    }
+
+    /* logger is disabled, return highest 'complete' tx id */
+    uint8_t direction = flags & (STREAM_TOSERVER|STREAM_TOCLIENT);
+    uint64_t total_txs = AppLayerParserGetTxCnt(f->proto, f->alproto, f->alstate);
+    uint64_t idx = AppLayerParserGetTransactionInspectId(f->alparser, direction);
+    int state_done_progress = AppLayerParserGetStateProgressCompletionStatus(f->proto, f->alproto, direction);
+    void *tx;
+    int state_progress;
+
+    for (; idx < total_txs; idx++) {
+        tx = AppLayerParserGetTx(f->proto, f->alproto, f->alstate, idx);
+        if (tx == NULL)
+            continue;
+        state_progress = AppLayerParserGetStateProgress(f->proto, f->alproto, tx, direction);
+        if (state_progress >= state_done_progress)
+            continue;
+        else
+            break;
+    }
+    SCLogDebug("returning %"PRIu64, idx);
+    return idx;
 }
 
 void RegisterAppLayerGetActiveTxIdFunc(GetActiveTxIdFunc FuncPtr) {