From cb62c8dacffd787795c2f30b12b05342ab70d37c Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Tue, 26 Nov 2019 16:18:51 -0600 Subject: [PATCH] dcerpc: add tx detect flags --- src/app-layer-dcerpc.c | 22 ++++++++++++++++++++++ src/app-layer-dcerpc.h | 2 ++ 2 files changed, 24 insertions(+) diff --git a/src/app-layer-dcerpc.c b/src/app-layer-dcerpc.c index 7bae7f470d..c78ad6c05e 100644 --- a/src/app-layer-dcerpc.c +++ b/src/app-layer-dcerpc.c @@ -2039,6 +2039,26 @@ static int DCERPCGetAlstateProgress(void *tx, uint8_t direction) return 0; } +static void DCERPCSetTxDetectFlags(void *vtx, uint8_t dir, uint64_t flags) +{ + DCERPCState *dcerpc_state = (DCERPCState *)vtx; + if (dir & STREAM_TOSERVER) { + dcerpc_state->detect_flags_ts = flags; + } else { + dcerpc_state->detect_flags_tc = flags; + } +} + +static uint64_t DCERPCGetTxDetectFlags(void *vtx, uint8_t dir) +{ + DCERPCState *dcerpc_state = (DCERPCState *)vtx; + if (dir & STREAM_TOSERVER) { + return dcerpc_state->detect_flags_ts; + } else { + return dcerpc_state->detect_flags_tc; + } +} + static int DCERPCRegisterPatternsForProtocolDetection(void) { if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_DCERPC, @@ -2092,6 +2112,8 @@ void RegisterDCERPCParsers(void) AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_DCERPC, DCERPCGetAlstateProgressCompletionStatus); + AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_TCP, ALPROTO_DCERPC, + DCERPCGetTxDetectFlags, DCERPCSetTxDetectFlags); } else { SCLogInfo("Parsed disabled for %s protocol. Protocol detection" "still on.", proto_name); diff --git a/src/app-layer-dcerpc.h b/src/app-layer-dcerpc.h index 5a8410c761..b52bf4b72d 100644 --- a/src/app-layer-dcerpc.h +++ b/src/app-layer-dcerpc.h @@ -35,6 +35,8 @@ typedef struct DCERPCState_ { DCERPC dcerpc; uint8_t data_needed_for_dir; DetectEngineState *de_state; + uint64_t detect_flags_ts; + uint64_t detect_flags_tc; } DCERPCState; void DCERPCInit(DCERPC *dcerpc); -- 2.47.2