From: Anoop Saldanha Date: Mon, 5 Aug 2013 05:46:05 +0000 (+0530) Subject: Move app event module registration as a part of app layer proto table. X-Git-Tag: suricata-2.0beta2~296 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6cb0014287db8d7d21a7d0247545fc5a5d6778b8;p=thirdparty%2Fsuricata.git Move app event module registration as a part of app layer proto table. --- diff --git a/src/app-layer-dns-common.c b/src/app-layer-dns-common.c index a391d4df7f..d291d25b3a 100644 --- a/src/app-layer-dns-common.c +++ b/src/app-layer-dns-common.c @@ -39,7 +39,7 @@ SCEnumCharMap dns_decoder_event_table[ ] = { /** \brief register event map */ void DNSAppLayerDecoderEventsRegister(int alproto) { - AppLayerDecoderEventsModuleRegister(alproto, dns_decoder_event_table); + AppLayerRegisterEventsTable(alproto, dns_decoder_event_table); } AppLayerDecoderEvents *DNSGetEvents(void *state, uint64_t id) { diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index d556893dfd..e875c4c7dc 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -2442,7 +2442,7 @@ void RegisterHTPParsers(void) AppLayerRegisterGetAlstateProgressCompletionStatus(ALPROTO_HTTP, HTPStateGetAlstateProgressCompletionStatus); - AppLayerDecoderEventsModuleRegister(ALPROTO_HTTP, http_decoder_event_table); + AppLayerRegisterEventsTable(ALPROTO_HTTP, http_decoder_event_table); AppLayerRegisterTruncateFunc(ALPROTO_HTTP, HTPStateTruncate); diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index fe9b3a40af..ab60d2966d 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -857,6 +857,11 @@ void AppLayerRegisterLogger(uint16_t proto) { al_proto_table[proto].logger = TRUE; } +void AppLayerRegisterEventsTable(uint16_t alproto, + SCEnumCharMap *events_table) +{ + al_proto_table[alproto].events_table = events_table; +} AppLayerParserStateStore *AppLayerParserStateStoreAlloc(void) { @@ -1630,6 +1635,21 @@ int AppLayerProtoDetectionEnabled(const char *al_proto) return enabled; } +int AppLayerGetAlprotoEventInfo(uint16_t alproto, const char *event_name, + int *event_id) +{ + *event_id = SCMapEnumNameToValue(event_name, al_proto_table[alproto].events_table); + if (*event_id == -1) { + SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in " + "\"%s\"'s enum map table.", event_name, + al_proto_table[alproto].name); + /* yes this is fatal */ + return -1; + } + + return 0; +} + void AppLayerParseProbingParserPorts(const char *al_proto_name, uint16_t al_proto, uint16_t min_depth, uint16_t max_depth, ProbingParserFPtr ProbingParser) @@ -2336,8 +2356,37 @@ static void TestProtocolStateFree(void *s) SCFree(s); } -/** \test Test the deallocation of app layer parser memory on occurance of - * error in the parsing process. +/****Unittests*****/ + +static AppLayerProto al_proto_table_ut_backup[ALPROTO_MAX]; + +/** + * \brief Backup al_proto_table. + * + * Currently we backup only the event table. Feel free to backup + * other stuff as and when required. + */ +void AppLayerParserBackupAlprotoTable(void) +{ + int i; + for (i = ALPROTO_UNKNOWN; i < ALPROTO_MAX; i++) + al_proto_table_ut_backup[i].events_table = al_proto_table[i].events_table; + + return; +} + +void AppLayerParserRestoreAlprotoTable(void) +{ + int i; + for (i = ALPROTO_UNKNOWN; i < ALPROTO_MAX; i++) + al_proto_table[i].events_table = al_proto_table_ut_backup[i].events_table; + + return; +} + +/** + * \test Test the deallocation of app layer parser memory on occurance of + * error in the parsing process. */ static int AppLayerParserTest01 (void) { @@ -2389,8 +2438,9 @@ end: return result; } -/** \test Test the deallocation of app layer parser memory on occurance of - * error in the parsing process for UDP. +/** + * \test Test the deallocation of app layer parser memory on occurance of + * error in the parsing process for UDP. */ static int AppLayerParserTest02 (void) { diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index ba016e9498..4155791747 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -51,6 +51,8 @@ typedef struct AppLayerProto_ { AppLayerLocalMap **map; + SCEnumCharMap *events_table; + void *(*StateAlloc)(void); void (*StateFree)(void *); void (*StateTransactionFree)(void *, uint64_t); @@ -288,6 +290,8 @@ void AppLayerRegisterGetTx(uint16_t alproto, void *(*StateGetTx)(void *alstate, uint64_t tx_id)); void AppLayerRegisterGetAlstateProgressCompletionStatus(uint16_t alproto, int (*StateProgressCompletionStatus)(uint8_t direction)); +void AppLayerRegisterEventsTable(uint16_t alproto, + SCEnumCharMap *events_table); int AppLayerParse(void *, Flow *, uint8_t, uint8_t, uint8_t *, uint32_t); @@ -426,12 +430,47 @@ int AppLayerGetAlstateProgressCompletionStatus(uint16_t alproto, uint8_t directi */ int AppLayerAlprotoSupportsTxs(uint16_t alproto); +/** + * \brief Triggers raw reassembly. + * + * \param f Flow pointer. + */ void AppLayerTriggerRawStreamReassembly(Flow *); +/** + * \brief Informs if the specified alproto's parser is enabled. + * + * \param alproto Character string holding the alproto name. + */ int AppLayerParserEnabled(const char *alproto); + +/** + * \brief Informs if the specified alproto has detection enabled. + * + * \param alproto Character string holding the alproto name. + */ int AppLayerProtoDetectionEnabled(const char *alproto); + +/** + * \brief Gets event info for this alproto. + * + * \param alproto Character string holding the alproto name. + * \param event_name Name of the event. + * \param event_id Pointer to an instance to send back event id. + */ +int AppLayerGetAlprotoEventInfo(uint16_t alproto, const char *event_name, + int *event_id); + +/***** Utility *****/ + void AppLayerParseProbingParserPorts(const char *al_proto_name, uint16_t al_proto, uint16_t min_depth, uint16_t max_depth, ProbingParserFPtr ProbingParser); + +/***** Unittests *****/ + +void AppLayerParserBackupAlprotoTable(void); +void AppLayerParserRestoreAlprotoTable(void); + #endif /* __APP_LAYER_PARSER_H__ */ diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index 81ac8ee051..4f45b13cf0 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -862,7 +862,8 @@ void RegisterSMTPParsers(void) SMTPParseClientRecord); AppLayerRegisterProto(proto_name, ALPROTO_SMTP, STREAM_TOCLIENT, SMTPParseServerRecord); - AppLayerDecoderEventsModuleRegister(ALPROTO_SMTP, smtp_decoder_event_table); + + AppLayerRegisterEventsTable(ALPROTO_SMTP, smtp_decoder_event_table); AppLayerRegisterLocalStorageFunc(ALPROTO_SMTP, SMTPLocalStorageAlloc, SMTPLocalStorageFree); diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index cd1a1bdfcd..04ad8bd6cf 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -1053,7 +1053,7 @@ void RegisterSSLParsers(void) AppLayerRegisterProto(proto_name, ALPROTO_TLS, STREAM_TOCLIENT, SSLParseServerRecord); - AppLayerDecoderEventsModuleRegister(ALPROTO_TLS, tls_decoder_event_table); + AppLayerRegisterEventsTable(ALPROTO_TLS, tls_decoder_event_table); AppLayerRegisterStateFuncs(ALPROTO_TLS, SSLStateAlloc, SSLStateFree); diff --git a/src/decode-events.c b/src/decode-events.c index 6b06df43ab..f050d7a9f7 100644 --- a/src/decode-events.c +++ b/src/decode-events.c @@ -26,105 +26,3 @@ #include "decode-events.h" #include "flow.h" -AppLayerDecoderEventsModule *decoder_events_module = NULL; - -void AppLayerDecoderEventsModuleRegister(uint16_t alproto, SCEnumCharMap *table) -{ - AppLayerDecoderEventsModule *dvm = decoder_events_module; - - if (table == NULL) { - SCLogError(SC_ERR_INVALID_ARGUMENT, "argument \"table\" NULL"); - return; - } - - while (dvm != NULL) { - if (dvm->alproto == alproto) { - SCLogInfo("Decoder event module for alproto - %"PRIu16" already " - "registered", alproto); - return; - } - dvm = dvm->next; - } - - AppLayerDecoderEventsModule *new_dev = - SCMalloc(sizeof(AppLayerDecoderEventsModule)); - if (unlikely(new_dev == NULL)) - return; - - new_dev->alproto = alproto; - new_dev->table = table; - new_dev->next = NULL; - - if (decoder_events_module != NULL) - new_dev->next = decoder_events_module; - decoder_events_module = new_dev; - - return; -} - -uint16_t AppLayerDecoderEventsModuleGetAlproto(const char *alproto) -{ - return AppLayerGetProtoByName(alproto); -} - -int AppLayerDecoderEventsModuleGetEventId(uint16_t alproto, - const char *event_name) -{ - AppLayerDecoderEventsModule *dvm = decoder_events_module; - - while (dvm != NULL) { - if (dvm->alproto == alproto) - break; - dvm = dvm->next; - } - if (dvm == NULL) { - SCLogError(SC_ERR_FATAL, "decoder event module not found for " - "alproto - %"PRIu16, alproto); - return -1; - } - - int event_id = SCMapEnumNameToValue(event_name, dvm->table); - if (event_id == -1) { - SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in " - "module enum map table.", event_name); - /* yes this is fatal */ - return -1; - } - - return event_id; -} - -void AppLayerDecoderEventsModuleDeRegister(void) -{ - AppLayerDecoderEventsModule *dvm = decoder_events_module; - AppLayerDecoderEventsModule *prev_dvm; - - while (dvm != NULL) { - prev_dvm = dvm; - dvm = dvm->next; - SCFree(prev_dvm); - } - - decoder_events_module = NULL; -} - -/************************************Unittests*********************************/ - -AppLayerDecoderEventsModule *decoder_events_module_backup = NULL; - -void AppLayerDecoderEventsModuleCreateBackup(void) -{ - decoder_events_module_backup = decoder_events_module; - decoder_events_module = NULL; - - return; -} - -void AppLayerDecoderEventsModuleRestoreBackup(void) -{ - AppLayerDecoderEventsModuleDeRegister(); - decoder_events_module = decoder_events_module_backup; - decoder_events_module_backup = NULL; - - return; -} diff --git a/src/decode-events.h b/src/decode-events.h index 06c9291a61..7bfc5b4223 100644 --- a/src/decode-events.h +++ b/src/decode-events.h @@ -25,6 +25,8 @@ #ifndef __DECODE_EVENTS_H__ #define __DECODE_EVENTS_H__ +/***** packet decoder events *****/ + enum { /* IPV4 EVENTS */ IPV4_PKT_TOO_SMALL = 1, /**< ipv4 pkt smaller than minimum header size */ @@ -198,7 +200,7 @@ enum { STREAM_REASSEMBLY_OVERLAP_DIFFERENT_DATA, /* SCTP EVENTS */ - SCTP_PKT_TOO_SMALL, /**< sctp packet smaller than minimum size */ + SCTP_PKT_TOO_SMALL, /**< sctp packet smaller than minimum size */ /* Fragmentation reasembly events. */ IPV4_FRAG_PKT_TOO_LARGE, @@ -236,81 +238,6 @@ typedef struct AppLayerDecoderEvents_ { uint8_t events_buffer_size; } AppLayerDecoderEvents; -/** - * \brief Store decoder event module - */ -typedef struct AppLayerDecoderEventsModule_ { - /* the alproto module for which we are storing the event table */ - uint16_t alproto; - /* the event table map */ - SCEnumCharMap *table; - - struct AppLayerDecoderEventsModule_ *next; -} AppLayerDecoderEventsModule; - -#if 0 - -#define AppLayerDecoderEventsSetEvent(module_id, devents_head, event) \ - do { \ - DecoderEvents devents = *devents_head; \ - while (devents != NULL && devents->module_id != module_id) { \ - devents = devents->next; \ - } \ - if (devents == NULL) { \ - DecoderEvents new_devents = SCMalloc(sizeof(DecoderEvents));\ - if (new_devents == NULL) \ - return; \ - memset(new_devents, 0, sizeof(DecoderEvents)); \ - devents_head = new_devents; \ - } \ - if ((devents)->cnt == events_buffer_size) { \ - devents->events = SCRealloc(devents->events, \ - (devents->cnt + \ - DECODER_EVENTS_BUFFER_STEPS) * \ - sizeof(uint8_t)); \ - if (devents->events == NULL) { \ - devents->events_buffer_size = 0; \ - devents->cnt = 0; \ - break; \ - } \ - devents->events_buffer_size += DECODER_EVENTS_BUFFER_STEPS; \ - } \ - devents->events[devents->cnt++] = event; \ - } while (0) - -static inline int AppLayerDecoderEventsIsEventSet(int module_id, - DecoderEvents *devents, - uint8_t event) -{ - while (devents != NULL && devents->module_id != module_id) { - devents = devents->next; - } - - if (devents == NULL) - return 0; - - int i; - int cnt = devents->cnt; - for (i = 0; i < cnt; i++) { - if (devents->events[i] == event) - return 1; - } - - return 0; -} - -#define DecoderEventsFreeEvents(devents) \ - do { \ - while ((devents) != NULL) { \ - if ((devents)->events != NULL) \ - SCFree((devents)->events); \ - (devents) = (devents)->next; \ - } \ - } while (0) - - -#endif /* #if 0 */ - /** * \brief Set an app layer decoder event. * @@ -419,13 +346,4 @@ static inline int AppLayerDecoderEventsIsEventSet(AppLayerDecoderEvents *devents SCFree((devents)); \ } while (0) -void AppLayerDecoderEventsModuleRegister(uint16_t, SCEnumCharMap *); -uint16_t AppLayerDecoderEventsModuleGetAlproto(const char *); -int AppLayerDecoderEventsModuleGetEventId(uint16_t, const char *); -void AppLayerDecodeEventsModuleDeRegister(void); - -/***** Unittest helper functions *****/ -void AppLayerDecoderEventsModuleCreateBackup(void); -void AppLayerDecoderEventsModuleRestoreBackup(void); - #endif /* __DECODE_EVENTS_H__ */ diff --git a/src/detect-app-layer-event.c b/src/detect-app-layer-event.c index 2b6290e970..451faa9d0d 100644 --- a/src/detect-app-layer-event.c +++ b/src/detect-app-layer-event.c @@ -113,6 +113,9 @@ static DetectAppLayerEventData *DetectAppLayerEventParse(const char *arg) { /* period index */ const char *p_idx; + int r = 0; + int event_id = 0; + uint16_t alproto; if (arg == NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword supplied " @@ -139,14 +142,14 @@ static DetectAppLayerEventData *DetectAppLayerEventParse(const char *arg) if (strcasecmp(buffer, "dns") == 0) strlcpy(buffer, "dnsudp", sizeof(buffer)); - uint16_t alproto = AppLayerDecoderEventsModuleGetAlproto(buffer); + alproto = AppLayerGetProtoByName(buffer); if (alproto == ALPROTO_UNKNOWN) { SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword supplied " "with unknown protocol \"%s\"", buffer); return NULL; } - int event_id = AppLayerDecoderEventsModuleGetEventId(alproto, p_idx + 1); - if (event_id == -1) { + r = AppLayerGetAlprotoEventInfo(alproto, p_idx + 1, &event_id); + if (r < 0) { SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword protocol " "\"%s\" don't have event \"%s\" registered", buffer, p_idx + 1); return NULL; @@ -235,8 +238,8 @@ SCEnumCharMap app_layer_event_test_map[ ] = { int DetectAppLayerEventTest01(void) { - AppLayerDecoderEventsModuleCreateBackup(); - AppLayerDecoderEventsModuleRegister(ALPROTO_SMTP, app_layer_event_test_map); + AppLayerParserBackupAlprotoTable(); + AppLayerRegisterEventsTable(ALPROTO_SMTP, app_layer_event_test_map); int result = 0; @@ -252,7 +255,7 @@ int DetectAppLayerEventTest01(void) result = 1; end: - AppLayerDecoderEventsModuleRestoreBackup(); + AppLayerParserRestoreAlprotoTable(); if (aled != NULL) DetectAppLayerEventFree(aled); return result; @@ -260,11 +263,12 @@ int DetectAppLayerEventTest01(void) int DetectAppLayerEventTest02(void) { - AppLayerDecoderEventsModuleCreateBackup(); - AppLayerDecoderEventsModuleRegister(ALPROTO_SMTP, app_layer_event_test_map); - AppLayerDecoderEventsModuleRegister(ALPROTO_HTTP, app_layer_event_test_map); - AppLayerDecoderEventsModuleRegister(ALPROTO_SMB, app_layer_event_test_map); - AppLayerDecoderEventsModuleRegister(ALPROTO_FTP, app_layer_event_test_map); + AppLayerParserBackupAlprotoTable(); + + AppLayerRegisterEventsTable(ALPROTO_SMTP, app_layer_event_test_map); + AppLayerRegisterEventsTable(ALPROTO_HTTP, app_layer_event_test_map); + AppLayerRegisterEventsTable(ALPROTO_SMB, app_layer_event_test_map); + AppLayerRegisterEventsTable(ALPROTO_FTP, app_layer_event_test_map); int result = 0; @@ -316,7 +320,7 @@ int DetectAppLayerEventTest02(void) result = 1; end: - AppLayerDecoderEventsModuleRestoreBackup(); + AppLayerParserRestoreAlprotoTable(); if (aled != NULL) DetectAppLayerEventFree(aled); return result;