Also update existing parsers and app-layer-event Setup to use this.
*/
#include "suricata-common.h"
+#include "app-layer-parser.h"
#include "app-layer-dns-common.h"
#ifdef DEBUG
#include "util-print.h"
{ NULL, -1 },
};
-/** \brief register event map */
-void DNSAppLayerDecoderEventsRegister(int alproto) {
- AppLayerRegisterEventsTable(alproto, dns_decoder_event_table);
+int DNSStateGetEventInfo(const char *event_name,
+ int *event_id, AppLayerEventType *event_type)
+{
+ *event_id = SCMapEnumNameToValue(event_name, dns_decoder_event_table);
+ if (*event_id == -1) {
+ SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
+ "dns's enum map table.", event_name);
+ /* this should be treated as fatal */
+ return -1;
+ }
+
+ *event_type = APP_LAYER_EVENT_TYPE_GENERAL;
+
+ return 0;
+}
+
+void DNSAppLayerRegisterGetEventInfo(uint16_t alproto)
+{
+ return AppLayerRegisterGetEventInfo(alproto, DNSStateGetEventInfo);
}
AppLayerDecoderEvents *DNSGetEvents(void *state, uint64_t id) {
void DNSParserTests(void);
void DNSParserRegisterTests(void);
void DNSAppLayerDecoderEventsRegister(int alproto);
+int DNSStateGetEventInfo(const char *event_name,
+ int *event_id, AppLayerEventType *event_type);
+void DNSAppLayerRegisterGetEventInfo(uint16_t alproto);
void *DNSGetTx(void *alstate, uint64_t tx_id);
uint64_t DNSGetTxCnt(void *alstate);
DNSGetAlstateProgress);
AppLayerRegisterGetAlstateProgressCompletionStatus(ALPROTO_DNS_TCP,
DNSGetAlstateProgressCompletionStatus);
+ DNSAppLayerRegisterGetEventInfo(ALPROTO_DNS_TCP);
} else {
SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
"still on.", proto_name);
}
- DNSAppLayerDecoderEventsRegister(ALPROTO_DNS_TCP);
+ return;
}
/* UNITTESTS */
AppLayerRegisterGetAlstateProgressCompletionStatus(ALPROTO_DNS_UDP,
DNSGetAlstateProgressCompletionStatus);
- DNSAppLayerDecoderEventsRegister(ALPROTO_DNS_UDP);
+ DNSAppLayerRegisterGetEventInfo(ALPROTO_DNS_UDP);
} else {
SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
"still on.", proto_name);
* \author Gurvinder Singh <gurvindersinghdahiya@gmail.com>
* \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
* \author Brian Rectanus <brectanu@gmail.com>
+ * \author Anoop Saldanha <anoopsaldanha@gmail.com>
*
* This file provides a HTTP protocol support for the engine using HTP library.
*/
#include "detect-engine-state.h"
#include "detect-parse.h"
+#include "decode-events.h"
#include "conf.h"
#include "util-memcmp.h"
return (direction == 0) ? HTP_REQUEST_COMPLETE : HTP_RESPONSE_COMPLETE;
}
+int HTPStateGetEventInfo(const char *event_name,
+ int *event_id, AppLayerEventType *event_type)
+{
+ *event_id = SCMapEnumNameToValue(event_name, http_decoder_event_table);
+ if (*event_id == -1) {
+ SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
+ "http's enum map table.", event_name);
+ /* this should be treated as fatal */
+ return -1;
+ }
+
+ *event_type = APP_LAYER_EVENT_TYPE_GENERAL;
+
+ return 0;
+}
+
static void HTPStateTruncate(void *state, uint8_t flags) {
FileContainer *fc = HTPStateGetFiles(state, flags);
if (fc != NULL) {
AppLayerRegisterGetAlstateProgressCompletionStatus(ALPROTO_HTTP,
HTPStateGetAlstateProgressCompletionStatus);
- AppLayerRegisterEventsTable(ALPROTO_HTTP, http_decoder_event_table);
+ AppLayerRegisterGetEventInfo(ALPROTO_HTTP, HTPStateGetEventInfo);
AppLayerRegisterTruncateFunc(ALPROTO_HTTP, HTPStateTruncate);
al_proto_table[proto].logger = TRUE;
}
-void AppLayerRegisterEventsTable(uint16_t alproto,
- SCEnumCharMap *events_table)
+void AppLayerRegisterGetEventInfo(uint16_t alproto,
+ int (*StateGetEventInfo)(const char *event_name,
+ int *event_id,
+ AppLayerEventType *event_type))
{
- al_proto_table[alproto].events_table = events_table;
+ al_proto_table[alproto].StateGetEventInfo = StateGetEventInfo;
}
AppLayerParserStateStore *AppLayerParserStateStoreAlloc(void)
return enabled;
}
-int AppLayerGetAlprotoEventInfo(uint16_t alproto, const char *event_name,
- int *event_id)
+/**
+ * \brief Gets event info for this alproto.
+ *
+ * \param alproto The app layer protocol.
+ * \param event_name The event name.
+ * \param event_id The event id.
+ * \param The type of event, as represented by AppLayerEventType.
+ *
+ * \retval 0 On succesfully returning back info.
+ * \retval -1 On failure.
+ */
+int AppLayerGetEventInfo(uint16_t alproto, const char *event_name,
+ int *event_id, AppLayerEventType *event_type)
{
- *event_id = SCMapEnumNameToValue(event_name, al_proto_table[alproto].events_table);
- if (*event_id == -1) {
- SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
- "\"%s\"'s enum map table.", event_name,
- al_proto_table[alproto].name);
- /* yes this is fatal */
+ if (al_proto_table[alproto].StateGetEventInfo == NULL)
return -1;
- }
- return 0;
+ return al_proto_table[alproto].StateGetEventInfo(event_name,
+ event_id, event_type);
}
void AppLayerParseProbingParserPorts(const char *al_proto_name, uint16_t al_proto,
SCFree(s);
}
-/****Unittests*****/
-
static AppLayerProto al_proto_table_ut_backup[ALPROTO_MAX];
-/**
- * \brief Backup al_proto_table.
- *
- * Currently we backup only the event table. Feel free to backup
- * other stuff as and when required.
- */
void AppLayerParserBackupAlprotoTable(void)
{
int i;
for (i = ALPROTO_UNKNOWN; i < ALPROTO_MAX; i++)
- al_proto_table_ut_backup[i].events_table = al_proto_table[i].events_table;
+ al_proto_table_ut_backup[i].StateGetEventInfo = al_proto_table[i].StateGetEventInfo;
return;
}
{
int i;
for (i = ALPROTO_UNKNOWN; i < ALPROTO_MAX; i++)
- al_proto_table[i].events_table = al_proto_table_ut_backup[i].events_table;
+ al_proto_table[i].StateGetEventInfo = al_proto_table_ut_backup[i].StateGetEventInfo;
return;
}
AppLayerLocalMap **map;
- SCEnumCharMap *events_table;
-
void *(*StateAlloc)(void);
void (*StateFree)(void *);
void (*StateTransactionFree)(void *, uint64_t);
void *(*StateGetTx)(void *alstate, uint64_t tx_id);
int (*StateGetAlstateProgressCompletionStatus)(uint8_t direction);
+ int (*StateGetEventInfo)(const char *event_name,
+ int *event_id, AppLayerEventType *event_type);
+
ProbingParserFPtr pp_alproto_map[2];
/* The current values taken are STREAM_TOSERVER, STREAM_TOCLIENT */
uint8_t flags;
void *(*StateGetTx)(void *alstate, uint64_t tx_id));
void AppLayerRegisterGetAlstateProgressCompletionStatus(uint16_t alproto,
int (*StateProgressCompletionStatus)(uint8_t direction));
-void AppLayerRegisterEventsTable(uint16_t alproto,
- SCEnumCharMap *events_table);
+void AppLayerRegisterGetEventInfo(uint16_t alproto,
+ int (*StateGetEventInfo)(const char *event_name,
+ int *event_id,
+ AppLayerEventType *event_type));
int AppLayerParse(void *, Flow *, uint8_t,
uint8_t, uint8_t *, uint32_t);
* \param event_name Name of the event.
* \param event_id Pointer to an instance to send back event id.
*/
-int AppLayerGetAlprotoEventInfo(uint16_t alproto, const char *event_name,
- int *event_id);
+int AppLayerGetEventInfo(uint16_t alproto, const char *event_name,
+ int *event_id, AppLayerEventType *event_type);
/***** Utility *****/
/***** Unittests *****/
+/**
+ * \brief Backup al_proto_table.
+ *
+ * Currently we backup only the event table. Feel free to backup
+ * other stuff as and when required.
+ */
void AppLayerParserBackupAlprotoTable(void);
void AppLayerParserRestoreAlprotoTable(void);
#include "detect-engine-state.h"
#include "detect-parse.h"
-#include "conf.h"
#include "decode-events.h"
+#include "conf.h"
#define SMTP_MAX_REQUEST_AND_REPLY_LINE_LENGTH 510
mpm_table[SMTP_MPM].Prepare(smtp_mpm_ctx);
}
+int SMTPStateGetEventInfo(const char *event_name,
+ int *event_id, AppLayerEventType *event_type)
+{
+ *event_id = SCMapEnumNameToValue(event_name, smtp_decoder_event_table);
+ if (*event_id == -1) {
+ SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
+ "smtp's enum map table.", event_name);
+ /* yes this is fatal */
+ return -1;
+ }
+
+ *event_type = APP_LAYER_EVENT_TYPE_GENERAL;
+
+ return 0;
+}
+
/**
* \brief Register the SMPT Protocol parser.
*/
AppLayerRegisterProto(proto_name, ALPROTO_SMTP, STREAM_TOCLIENT,
SMTPParseServerRecord);
- AppLayerRegisterEventsTable(ALPROTO_SMTP, smtp_decoder_event_table);
+ AppLayerRegisterGetEventInfo(ALPROTO_SMTP, SMTPStateGetEventInfo);
AppLayerRegisterLocalStorageFunc(ALPROTO_SMTP, SMTPLocalStorageAlloc,
SMTPLocalStorageFree);
#include "app-layer-tls-handshake.h"
-#include "conf.h"
#include "decode-events.h"
+#include "conf.h"
#include "util-spm.h"
#include "util-unittest.h"
return ALPROTO_FAILED;
}
+int SSLStateGetEventInfo(const char *event_name,
+ int *event_id, AppLayerEventType *event_type)
+{
+ *event_id = SCMapEnumNameToValue(event_name, tls_decoder_event_table);
+ if (*event_id == -1) {
+ SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
+ "ssl's enum map table.", event_name);
+ /* yes this is fatal */
+ return -1;
+ }
+
+ *event_type = APP_LAYER_EVENT_TYPE_GENERAL;
+
+ return 0;
+}
+
/**
* \brief Function to register the SSL protocol parser and other functions
*/
AppLayerRegisterProto(proto_name, ALPROTO_TLS, STREAM_TOCLIENT,
SSLParseServerRecord);
- AppLayerRegisterEventsTable(ALPROTO_TLS, tls_decoder_event_table);
+ AppLayerRegisterGetEventInfo(ALPROTO_TLS, SSLStateGetEventInfo);
AppLayerRegisterStateFuncs(ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
#define DECODER_EVENTS_BUFFER_STEPS 5
+/* the event types for app events */
+typedef enum AppLayerEventType_ {
+ APP_LAYER_EVENT_TYPE_GENERAL = 1,
+ APP_LAYER_EVENT_TYPE_TRANSACTION,
+} AppLayerEventType;
+
/**
* \brief Data structure to store app layer decoder events.
*/
const char *p_idx;
int r = 0;
int event_id = 0;
+ AppLayerEventType event_type = 0;
uint16_t alproto;
if (arg == NULL) {
"with unknown protocol \"%s\"", buffer);
return NULL;
}
- r = AppLayerGetAlprotoEventInfo(alproto, p_idx + 1, &event_id);
+ r = AppLayerGetEventInfo(alproto, p_idx + 1, &event_id, &event_type);
if (r < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword protocol "
"\"%s\" don't have event \"%s\" registered", buffer, p_idx + 1);
{ "event6", APP_LAYER_EVENT_TEST_MAP_EVENT6 },
};
+static int DetectAppLayerEventTestGetEventInfo(const char *event_name,
+ int *event_id,
+ AppLayerEventType *event_type)
+{
+ *event_id = SCMapEnumNameToValue(event_name, app_layer_event_test_map);
+ if (*event_id == -1) {
+ SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
+ "app-layer-event's test enum map table.", event_name);
+ /* this should be treated as fatal */
+ return -1;
+ }
+
+ *event_type = APP_LAYER_EVENT_TYPE_GENERAL;
+
+ return 0;
+}
+
+
int DetectAppLayerEventTest01(void)
{
AppLayerParserBackupAlprotoTable();
- AppLayerRegisterEventsTable(ALPROTO_SMTP, app_layer_event_test_map);
+ AppLayerRegisterGetEventInfo(ALPROTO_SMTP,
+ DetectAppLayerEventTestGetEventInfo);
int result = 0;
{
AppLayerParserBackupAlprotoTable();
- AppLayerRegisterEventsTable(ALPROTO_SMTP, app_layer_event_test_map);
- AppLayerRegisterEventsTable(ALPROTO_HTTP, app_layer_event_test_map);
- AppLayerRegisterEventsTable(ALPROTO_SMB, app_layer_event_test_map);
- AppLayerRegisterEventsTable(ALPROTO_FTP, app_layer_event_test_map);
+ AppLayerRegisterGetEventInfo(ALPROTO_SMTP,
+ DetectAppLayerEventTestGetEventInfo);
+ AppLayerRegisterGetEventInfo(ALPROTO_HTTP,
+ DetectAppLayerEventTestGetEventInfo);
+ AppLayerRegisterGetEventInfo(ALPROTO_SMB,
+ DetectAppLayerEventTestGetEventInfo);
+ AppLayerRegisterGetEventInfo(ALPROTO_FTP,
+ DetectAppLayerEventTestGetEventInfo);
int result = 0;
projects / thirdparty / suricata.git / commitdiff
