From ab6171c42992b8a103eda71067f4e68b8aaa43e9 Mon Sep 17 00:00:00 2001
From: frank honza <frank.honza@dcso.de>
Date: Sun, 18 Oct 2020 22:00:48 +0200
Subject: [PATCH] detect: added support for protocol-aliases

---
 rust/src/applayer.rs         |  1 +
 src/app-layer-detect-proto.c | 65 ++++++++++++++++++++++++++++++++++++
 src/app-layer-detect-proto.h |  2 ++
 src/app-layer-register.c     |  7 ++++
 src/app-layer-register.h     |  2 ++
 5 files changed, 77 insertions(+)

diff --git a/rust/src/applayer.rs b/rust/src/applayer.rs
index 35bb186508..31c18c77af 100644
--- a/rust/src/applayer.rs
+++ b/rust/src/applayer.rs
@@ -290,6 +290,7 @@ pub type TruncateFn = unsafe extern "C" fn (*mut c_void, u8);
 // Defined in app-layer-register.h
 extern {
     pub fn AppLayerRegisterProtocolDetection(parser: *const RustParser, enable_default: c_int) -> AppProto;
+    pub fn AppLayerRegisterParserAlias(parser_name: *const c_char, alias_name: *const c_char);
 }
 
 #[allow(non_snake_case)]
diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c
index 91080a15d4..41ff5673d5 100644
--- a/src/app-layer-detect-proto.c
+++ b/src/app-layer-detect-proto.c
@@ -163,6 +163,12 @@ typedef struct AppLayerProtoDetectCtx_ {
     const char *alproto_names[ALPROTO_MAX];
 } AppLayerProtoDetectCtx;
 
+typedef struct AppLayerProtoDetectAliases_ {
+    const char *proto_name;
+    const char *proto_alias;
+    struct AppLayerProtoDetectAliases_ *next;
+} AppLayerProtoDetectAliases;
+
 /**
  * \brief The app layer protocol detection thread context.
  */
@@ -175,6 +181,7 @@ struct AppLayerProtoDetectThreadCtx_ {
 
 /* The global app layer proto detection context. */
 static AppLayerProtoDetectCtx alpd_ctx;
+static AppLayerProtoDetectAliases *alpda_ctx = NULL;
 
 static void AppLayerProtoDetectPEGetIpprotos(AppProto alproto,
                                              uint8_t *ipprotos);
@@ -1600,6 +1607,27 @@ static void AppLayerProtoDetectFreeProbingParsers(AppLayerProtoDetectProbingPars
     SCReturn;
 }
 
+static void AppLayerProtoDetectFreeAliases(void)
+{
+    SCEnter();
+
+    AppLayerProtoDetectAliases *cur_alias = alpda_ctx;
+    if (cur_alias == NULL)
+        goto end;
+
+    AppLayerProtoDetectAliases *next_alias = NULL;
+    while (cur_alias != NULL) {
+        next_alias = cur_alias->next;
+        SCFree(cur_alias);
+        cur_alias = next_alias;
+    }
+
+    alpda_ctx = NULL;
+
+end:
+    SCReturn;
+}
+
 /***** State Preparation *****/
 
 int AppLayerProtoDetectPrepareState(void)
@@ -1851,6 +1879,8 @@ int AppLayerProtoDetectDeSetup(void)
 
     SpmDestroyGlobalThreadCtx(alpd_ctx.spm_global_thread_ctx);
 
+    AppLayerProtoDetectFreeAliases();
+
     AppLayerProtoDetectFreeProbingParsers(alpd_ctx.ctx_pp);
 
     SCReturnInt(0);
@@ -1866,6 +1896,32 @@ void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_n
     SCReturn;
 }
 
+void AppLayerProtoDetectRegisterAlias(const char *proto_name, const char *proto_alias)
+{
+    SCEnter();
+
+    AppLayerProtoDetectAliases *new_alias = SCMalloc(sizeof(AppLayerProtoDetectAliases));
+    if (unlikely(new_alias == NULL)) {
+        exit(EXIT_FAILURE);
+    }
+
+    new_alias->proto_name = proto_name;
+    new_alias->proto_alias = proto_alias;
+    new_alias->next = NULL;
+
+    if (alpda_ctx == NULL) {
+        alpda_ctx = new_alias;
+    } else {
+        AppLayerProtoDetectAliases *cur_alias = alpda_ctx;
+        while (cur_alias->next != NULL) {
+            cur_alias = cur_alias->next;
+        }
+        cur_alias->next = new_alias;
+    }
+
+    SCReturn;
+}
+
 /** \brief request applayer to wrap up this protocol and rerun protocol
  *         detection.
  *
@@ -2090,6 +2146,15 @@ AppProto AppLayerProtoDetectGetProtoByName(const char *alproto_name)
 {
     SCEnter();
 
+    AppLayerProtoDetectAliases *cur_alias = alpda_ctx;
+    while (cur_alias != NULL) {
+        if (strcasecmp(alproto_name, cur_alias->proto_alias) == 0) {
+            alproto_name = cur_alias->proto_name;
+        }
+
+        cur_alias = cur_alias->next;
+    }
+
     AppProto a;
     AppProto b = StringToAppProto(alproto_name);
     for (a = 0; a < ALPROTO_MAX; a++) {
diff --git a/src/app-layer-detect-proto.h b/src/app-layer-detect-proto.h
index 4a29919739..7f3fef0bd6 100644
--- a/src/app-layer-detect-proto.h
+++ b/src/app-layer-detect-proto.h
@@ -148,6 +148,8 @@ int AppLayerProtoDetectDeSetup(void);
  */
 void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name);
 
+void AppLayerProtoDetectRegisterAlias(const char *proto_name, const char *proto_alias);
+
 /**
  * \brief Given a protocol name, checks if proto detection is enabled in
  *        the conf file.
diff --git a/src/app-layer-register.c b/src/app-layer-register.c
index 5cef99e7d2..dcf82aa8b7 100644
--- a/src/app-layer-register.c
+++ b/src/app-layer-register.c
@@ -189,6 +189,13 @@ int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto)
     return 0;
 }
 
+int AppLayerRegisterParserAlias(const char *proto_name, const char *proto_alias)
+{
+    AppLayerProtoDetectRegisterAlias(proto_name, proto_alias);
+
+    return 0;
+}
+
 static const char * IpProtoToString(int ip_proto)
 {
     switch (ip_proto) {
diff --git a/src/app-layer-register.h b/src/app-layer-register.h
index 6f317cca65..ee58dc3b97 100644
--- a/src/app-layer-register.h
+++ b/src/app-layer-register.h
@@ -96,4 +96,6 @@ AppProto AppLayerRegisterProtocolDetection(const struct AppLayerParser *parser,
  */
 int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto);
 
+int AppLayerRegisterParserAlias(const char *proto_name, const char *proto_alias);
+
 #endif /* __APP_LAYER_REGISTER_H__ */
-- 
2.47.2