Move app event module registration as a part of app layer proto table.

diff --git a/src/app-layer-dns-common.c b/src/app-layer-dns-common.c
index a391d4df7f84a1dac4ee30d53490d85d3d0ed5ef..d291d25b3a23c6717cfffd5ab7dc284cf959b9a0 100644 (file)
--- a/src/app-layer-dns-common.c
+++ b/src/app-layer-dns-common.c
@@ -39,7 +39,7 @@ SCEnumCharMap dns_decoder_event_table[ ] = {
 
 /** \brief register event map */
 void DNSAppLayerDecoderEventsRegister(int alproto) {
-    AppLayerDecoderEventsModuleRegister(alproto, dns_decoder_event_table);
+    AppLayerRegisterEventsTable(alproto, dns_decoder_event_table);
 }
 
 AppLayerDecoderEvents *DNSGetEvents(void *state, uint64_t id) {

diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c
index d556893dfdd5f59f82a8b28cc50de1aa1d7c6ecc..e875c4c7dc1aeeef2e57b64035260ce734f78fb2 100644 (file)
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@@ -2442,7 +2442,7 @@ void RegisterHTPParsers(void)
         AppLayerRegisterGetAlstateProgressCompletionStatus(ALPROTO_HTTP,
                                                            HTPStateGetAlstateProgressCompletionStatus);
 
-        AppLayerDecoderEventsModuleRegister(ALPROTO_HTTP, http_decoder_event_table);
+        AppLayerRegisterEventsTable(ALPROTO_HTTP, http_decoder_event_table);
 
         AppLayerRegisterTruncateFunc(ALPROTO_HTTP, HTPStateTruncate);
 

diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index fe9b3a40afdd6ed37820452c8c7ab55e29e48545..ab60d2966d350f521d8713c6da5e37dcd9dc4fe8 100644 (file)
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -857,6 +857,11 @@ void AppLayerRegisterLogger(uint16_t proto) {
     al_proto_table[proto].logger = TRUE;
 }
 
+void AppLayerRegisterEventsTable(uint16_t alproto,
+                                 SCEnumCharMap *events_table)
+{
+    al_proto_table[alproto].events_table = events_table;
+}
 
 AppLayerParserStateStore *AppLayerParserStateStoreAlloc(void)
 {
@@ -1630,6 +1635,21 @@ int AppLayerProtoDetectionEnabled(const char *al_proto)
     return enabled;
 }
 
+int AppLayerGetAlprotoEventInfo(uint16_t alproto, const char *event_name,
+                                int *event_id)
+{
+    *event_id = SCMapEnumNameToValue(event_name, al_proto_table[alproto].events_table);
+    if (*event_id == -1) {
+        SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
+                   "\"%s\"'s enum map table.",  event_name,
+                   al_proto_table[alproto].name);
+        /* yes this is fatal */
+        return -1;
+    }
+
+    return 0;
+}
+
 void AppLayerParseProbingParserPorts(const char *al_proto_name, uint16_t al_proto,
                                      uint16_t min_depth, uint16_t max_depth,
                                      ProbingParserFPtr ProbingParser)
@@ -2336,8 +2356,37 @@ static void TestProtocolStateFree(void *s)
     SCFree(s);
 }
 
-/** \test   Test the deallocation of app layer parser memory on occurance of
- *          error in the parsing process.
+/****Unittests*****/
+
+static AppLayerProto al_proto_table_ut_backup[ALPROTO_MAX];
+
+/**
+ * \brief Backup al_proto_table.
+ *
+ *        Currently we backup only the event table.  Feel free to backup
+ *        other stuff as and when required.
+ */
+void AppLayerParserBackupAlprotoTable(void)
+{
+    int i;
+    for (i = ALPROTO_UNKNOWN; i < ALPROTO_MAX; i++)
+        al_proto_table_ut_backup[i].events_table = al_proto_table[i].events_table;
+
+    return;
+}
+
+void AppLayerParserRestoreAlprotoTable(void)
+{
+    int i;
+    for (i = ALPROTO_UNKNOWN; i < ALPROTO_MAX; i++)
+        al_proto_table[i].events_table = al_proto_table_ut_backup[i].events_table;
+
+    return;
+}
+
+/**
+ * \test Test the deallocation of app layer parser memory on occurance of
+ *       error in the parsing process.
  */
 static int AppLayerParserTest01 (void)
 {
@@ -2389,8 +2438,9 @@ end:
     return result;
 }
 
-/** \test   Test the deallocation of app layer parser memory on occurance of
- *          error in the parsing process for UDP.
+/**
+ * \test Test the deallocation of app layer parser memory on occurance of
+ *       error in the parsing process for UDP.
  */
 static int AppLayerParserTest02 (void)
 {

diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h
index ba016e94987cb1b0928b970c22009f708a9fee0f..4155791747e9c1dc7d14e0502baface6f812d90d 100644 (file)
--- a/src/app-layer-parser.h
+++ b/src/app-layer-parser.h
@@ -51,6 +51,8 @@ typedef struct AppLayerProto_ {
 
     AppLayerLocalMap **map;
 
+    SCEnumCharMap *events_table;
+
     void *(*StateAlloc)(void);
     void (*StateFree)(void *);
     void (*StateTransactionFree)(void *, uint64_t);
@@ -288,6 +290,8 @@ void AppLayerRegisterGetTx(uint16_t alproto,
                            void *(*StateGetTx)(void *alstate, uint64_t tx_id));
 void AppLayerRegisterGetAlstateProgressCompletionStatus(uint16_t alproto,
     int (*StateProgressCompletionStatus)(uint8_t direction));
+void AppLayerRegisterEventsTable(uint16_t alproto,
+                                 SCEnumCharMap *events_table);
 
 int AppLayerParse(void *, Flow *, uint8_t,
                   uint8_t, uint8_t *, uint32_t);
@@ -426,12 +430,47 @@ int AppLayerGetAlstateProgressCompletionStatus(uint16_t alproto, uint8_t directi
  */
 int AppLayerAlprotoSupportsTxs(uint16_t alproto);
 
+/**
+ * \brief Triggers raw reassembly.
+ *
+ * \param f Flow pointer.
+ */
 void AppLayerTriggerRawStreamReassembly(Flow *);
 
+/**
+ * \brief Informs if the specified alproto's parser is enabled.
+ *
+ * \param alproto Character string holding the alproto name.
+ */
 int AppLayerParserEnabled(const char *alproto);
+
+/**
+ * \brief Informs if the specified alproto has detection enabled.
+ *
+ * \param alproto    Character string holding the alproto name.
+ */
 int AppLayerProtoDetectionEnabled(const char *alproto);
+
+/**
+ * \brief Gets event info for this alproto.
+ *
+ * \param alproto    Character string holding the alproto name.
+ * \param event_name Name of the event.
+ * \param event_id   Pointer to an instance to send back event id.
+ */
+int AppLayerGetAlprotoEventInfo(uint16_t alproto, const char *event_name,
+                                int *event_id);
+
+/***** Utility *****/
+
 void AppLayerParseProbingParserPorts(const char *al_proto_name, uint16_t al_proto,
                                      uint16_t min_depth, uint16_t max_depth,
                                      ProbingParserFPtr ProbingParser);
 
+
+/***** Unittests *****/
+
+void AppLayerParserBackupAlprotoTable(void);
+void AppLayerParserRestoreAlprotoTable(void);
+
 #endif /* __APP_LAYER_PARSER_H__ */

diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c
index 81ac8ee051070050b93f5e25acd2896021010bf3..4f45b13cf041fc15b1e66fdb0569d619ba86e58c 100644 (file)
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -862,7 +862,8 @@ void RegisterSMTPParsers(void)
                               SMTPParseClientRecord);
         AppLayerRegisterProto(proto_name, ALPROTO_SMTP, STREAM_TOCLIENT,
                               SMTPParseServerRecord);
-        AppLayerDecoderEventsModuleRegister(ALPROTO_SMTP, smtp_decoder_event_table);
+
+        AppLayerRegisterEventsTable(ALPROTO_SMTP, smtp_decoder_event_table);
 
         AppLayerRegisterLocalStorageFunc(ALPROTO_SMTP, SMTPLocalStorageAlloc,
                                          SMTPLocalStorageFree);

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index cd1a1bdfcdeed89cb033059e75c1879c513588ee..04ad8bd6cf9a17a30dd3c2e329756b935ac31500 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -1053,7 +1053,7 @@ void RegisterSSLParsers(void)
 
         AppLayerRegisterProto(proto_name, ALPROTO_TLS, STREAM_TOCLIENT,
                               SSLParseServerRecord);
-        AppLayerDecoderEventsModuleRegister(ALPROTO_TLS, tls_decoder_event_table);
+        AppLayerRegisterEventsTable(ALPROTO_TLS, tls_decoder_event_table);
 
         AppLayerRegisterStateFuncs(ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
 

diff --git a/src/decode-events.c b/src/decode-events.c
index 6b06df43ab12af267e498b78f1b4f38e609e2f2e..f050d7a9f757cec752863b543f5709802e76c081 100644 (file)
--- a/src/decode-events.c
+++ b/src/decode-events.c
@@ -26,105 +26,3 @@
 #include "decode-events.h"
 #include "flow.h"
 
-AppLayerDecoderEventsModule *decoder_events_module = NULL;
-
-void AppLayerDecoderEventsModuleRegister(uint16_t alproto, SCEnumCharMap *table)
-{
-    AppLayerDecoderEventsModule *dvm = decoder_events_module;
-
-    if (table == NULL) {
-        SCLogError(SC_ERR_INVALID_ARGUMENT, "argument \"table\" NULL");
-        return;
-    }
-
-    while (dvm != NULL) {
-        if (dvm->alproto == alproto) {
-            SCLogInfo("Decoder event module for alproto - %"PRIu16" already "
-                      "registered", alproto);
-            return;
-        }
-        dvm = dvm->next;
-    }
-
-    AppLayerDecoderEventsModule *new_dev =
-        SCMalloc(sizeof(AppLayerDecoderEventsModule));
-    if (unlikely(new_dev == NULL))
-        return;
-
-    new_dev->alproto = alproto;
-    new_dev->table = table;
-    new_dev->next = NULL;
-
-    if (decoder_events_module != NULL)
-        new_dev->next = decoder_events_module;
-    decoder_events_module = new_dev;
-
-    return;
-}
-
-uint16_t AppLayerDecoderEventsModuleGetAlproto(const char *alproto)
-{
-    return AppLayerGetProtoByName(alproto);
-}
-
-int AppLayerDecoderEventsModuleGetEventId(uint16_t alproto,
-                                          const char *event_name)
-{
-    AppLayerDecoderEventsModule *dvm = decoder_events_module;
-
-    while (dvm != NULL) {
-        if (dvm->alproto == alproto)
-            break;
-        dvm = dvm->next;
-    }
-    if (dvm == NULL) {
-        SCLogError(SC_ERR_FATAL, "decoder event module not found for "
-                   "alproto - %"PRIu16, alproto);
-        return -1;
-    }
-
-    int event_id = SCMapEnumNameToValue(event_name, dvm->table);
-    if (event_id == -1) {
-        SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
-                   "module enum map table.",  event_name);
-        /* yes this is fatal */
-        return -1;
-    }
-
-    return event_id;
-}
-
-void AppLayerDecoderEventsModuleDeRegister(void)
-{
-    AppLayerDecoderEventsModule *dvm = decoder_events_module;
-    AppLayerDecoderEventsModule *prev_dvm;
-
-    while (dvm != NULL) {
-        prev_dvm = dvm;
-        dvm = dvm->next;
-        SCFree(prev_dvm);
-    }
-
-    decoder_events_module = NULL;
-}
-
-/************************************Unittests*********************************/
-
-AppLayerDecoderEventsModule *decoder_events_module_backup = NULL;
-
-void AppLayerDecoderEventsModuleCreateBackup(void)
-{
-    decoder_events_module_backup = decoder_events_module;
-    decoder_events_module = NULL;
-
-    return;
-}
-
-void AppLayerDecoderEventsModuleRestoreBackup(void)
-{
-    AppLayerDecoderEventsModuleDeRegister();
-    decoder_events_module = decoder_events_module_backup;
-    decoder_events_module_backup = NULL;
-
-    return;
-}

diff --git a/src/decode-events.h b/src/decode-events.h
index 06c9291a613eb248461a72e3c1dfa1c36966f6a3..7bfc5b422357b777ea695b83feb9c1a6c7357d94 100644 (file)
--- a/src/decode-events.h
+++ b/src/decode-events.h
@@ -25,6 +25,8 @@
 #ifndef __DECODE_EVENTS_H__
 #define __DECODE_EVENTS_H__
 
+/***** packet decoder events *****/
+
 enum {
     /* IPV4 EVENTS */
     IPV4_PKT_TOO_SMALL = 1,         /**< ipv4 pkt smaller than minimum header size */
@@ -198,7 +200,7 @@ enum {
     STREAM_REASSEMBLY_OVERLAP_DIFFERENT_DATA,
 
     /* SCTP EVENTS */
-    SCTP_PKT_TOO_SMALL,              /**< sctp packet smaller than minimum size */
+    SCTP_PKT_TOO_SMALL, /**< sctp packet smaller than minimum size */
 
     /* Fragmentation reasembly events. */
     IPV4_FRAG_PKT_TOO_LARGE,
@@ -236,81 +238,6 @@ typedef struct AppLayerDecoderEvents_ {
     uint8_t events_buffer_size;
 } AppLayerDecoderEvents;
 
-/**
- * \brief Store decoder event module
- */
-typedef struct AppLayerDecoderEventsModule_ {
-    /* the alproto module for which we are storing the event table */
-    uint16_t alproto;
-    /* the event table map */
-    SCEnumCharMap *table;
-
-    struct AppLayerDecoderEventsModule_ *next;
-} AppLayerDecoderEventsModule;
-
-#if 0
-
-#define AppLayerDecoderEventsSetEvent(module_id, devents_head, event)   \
-    do {                                                                \
-        DecoderEvents devents = *devents_head;                          \
-        while (devents != NULL && devents->module_id != module_id) {    \
-            devents = devents->next;                                    \
-        }                                                               \
-        if (devents == NULL) {                                          \
-            DecoderEvents new_devents = SCMalloc(sizeof(DecoderEvents));\
-            if (new_devents == NULL)                                    \
-                return;                                                 \
-            memset(new_devents, 0, sizeof(DecoderEvents));              \
-            devents_head = new_devents;                                 \
-        }                                                               \
-        if ((devents)->cnt == events_buffer_size) {                     \
-            devents->events = SCRealloc(devents->events,                \
-                                        (devents->cnt +                 \
-                                         DECODER_EVENTS_BUFFER_STEPS) * \
-                                         sizeof(uint8_t));              \
-            if (devents->events == NULL) {                              \
-                devents->events_buffer_size = 0;                        \
-                devents->cnt = 0;                                       \
-                break;                                                  \
-            }                                                           \
-            devents->events_buffer_size += DECODER_EVENTS_BUFFER_STEPS; \
-        }                                                               \
-        devents->events[devents->cnt++] = event;                        \
-    } while (0)
-
-static inline int AppLayerDecoderEventsIsEventSet(int module_id,
-                                                  DecoderEvents *devents,
-                                                  uint8_t event)
-{
-    while (devents != NULL && devents->module_id != module_id) {
-        devents = devents->next;
-    }
-
-    if (devents == NULL)
-        return 0;
-
-    int i;
-    int cnt = devents->cnt;
-    for (i = 0; i < cnt; i++) {
-        if (devents->events[i] == event)
-            return 1;
-    }
-
-    return 0;
-}
-
-#define DecoderEventsFreeEvents(devents)                    \
-    do {                                                    \
-        while ((devents) != NULL) {                         \
-            if ((devents)->events != NULL)                  \
-                SCFree((devents)->events);                  \
-            (devents) = (devents)->next;                    \
-        }                                                   \
-    } while (0)
-
-
-#endif /* #if 0 */
-
 /**
  * \brief Set an app layer decoder event.
  *
@@ -419,13 +346,4 @@ static inline int AppLayerDecoderEventsIsEventSet(AppLayerDecoderEvents *devents
         SCFree((devents));                                  \
     } while (0)
 
-void AppLayerDecoderEventsModuleRegister(uint16_t, SCEnumCharMap *);
-uint16_t AppLayerDecoderEventsModuleGetAlproto(const char *);
-int AppLayerDecoderEventsModuleGetEventId(uint16_t, const char *);
-void AppLayerDecodeEventsModuleDeRegister(void);
-
-/***** Unittest helper functions *****/
-void AppLayerDecoderEventsModuleCreateBackup(void);
-void AppLayerDecoderEventsModuleRestoreBackup(void);
-
 #endif /* __DECODE_EVENTS_H__ */

diff --git a/src/detect-app-layer-event.c b/src/detect-app-layer-event.c
index 2b6290e97065f91408d16a2e2459be1278c1a97a..451faa9d0da44a5da9d9c00ab90d5e586265f4d8 100644 (file)
--- a/src/detect-app-layer-event.c
+++ b/src/detect-app-layer-event.c
@@ -113,6 +113,9 @@ static DetectAppLayerEventData *DetectAppLayerEventParse(const char *arg)
 {
     /* period index */
     const char *p_idx;
+    int r = 0;
+    int event_id = 0;
+    uint16_t alproto;
 
     if (arg == NULL) {
         SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword supplied "
@@ -139,14 +142,14 @@ static DetectAppLayerEventData *DetectAppLayerEventParse(const char *arg)
     if (strcasecmp(buffer, "dns") == 0)
         strlcpy(buffer, "dnsudp", sizeof(buffer));
 
-    uint16_t alproto = AppLayerDecoderEventsModuleGetAlproto(buffer);
+    alproto = AppLayerGetProtoByName(buffer);
     if (alproto == ALPROTO_UNKNOWN) {
         SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword supplied "
                    "with unknown protocol \"%s\"", buffer);
         return NULL;
     }
-    int event_id = AppLayerDecoderEventsModuleGetEventId(alproto, p_idx + 1);
-    if (event_id == -1) {
+    r = AppLayerGetAlprotoEventInfo(alproto, p_idx + 1, &event_id);
+    if (r < 0) {
         SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword protocol "
                    "\"%s\" don't have event \"%s\" registered", buffer, p_idx + 1);
         return NULL;
@@ -235,8 +238,8 @@ SCEnumCharMap app_layer_event_test_map[ ] = {
 
 int DetectAppLayerEventTest01(void)
 {
-    AppLayerDecoderEventsModuleCreateBackup();
-    AppLayerDecoderEventsModuleRegister(ALPROTO_SMTP, app_layer_event_test_map);
+    AppLayerParserBackupAlprotoTable();
+    AppLayerRegisterEventsTable(ALPROTO_SMTP, app_layer_event_test_map);
 
     int result = 0;
 
@@ -252,7 +255,7 @@ int DetectAppLayerEventTest01(void)
     result = 1;
 
  end:
-    AppLayerDecoderEventsModuleRestoreBackup();
+    AppLayerParserRestoreAlprotoTable();
     if (aled != NULL)
         DetectAppLayerEventFree(aled);
     return result;
@@ -260,11 +263,12 @@ int DetectAppLayerEventTest01(void)
 
 int DetectAppLayerEventTest02(void)
 {
-    AppLayerDecoderEventsModuleCreateBackup();
-    AppLayerDecoderEventsModuleRegister(ALPROTO_SMTP, app_layer_event_test_map);
-    AppLayerDecoderEventsModuleRegister(ALPROTO_HTTP, app_layer_event_test_map);
-    AppLayerDecoderEventsModuleRegister(ALPROTO_SMB, app_layer_event_test_map);
-    AppLayerDecoderEventsModuleRegister(ALPROTO_FTP, app_layer_event_test_map);
+    AppLayerParserBackupAlprotoTable();
+
+    AppLayerRegisterEventsTable(ALPROTO_SMTP, app_layer_event_test_map);
+    AppLayerRegisterEventsTable(ALPROTO_HTTP, app_layer_event_test_map);
+    AppLayerRegisterEventsTable(ALPROTO_SMB, app_layer_event_test_map);
+    AppLayerRegisterEventsTable(ALPROTO_FTP, app_layer_event_test_map);
 
     int result = 0;
 
@@ -316,7 +320,7 @@ int DetectAppLayerEventTest02(void)
     result = 1;
 
  end:
-    AppLayerDecoderEventsModuleRestoreBackup();
+    AppLayerParserRestoreAlprotoTable();
     if (aled != NULL)
         DetectAppLayerEventFree(aled);
     return result;