From: Li Heng <562653799@qq.com> Date: Fri, 31 Oct 2025 02:01:17 +0000 (+0800) Subject: snmp: can be set to detection-only X-Git-Tag: suricata-8.0.2~6 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F14276%2Fhead;p=thirdparty%2Fsuricata.git snmp: can be set to detection-only Realloc alp_ctx.ctxs when a dynamic alproto is registered and g_alproto_max increases. So dynamic alproto can be treated as real/normal ones. And app-layer switch can be set to any value of no/deteciton-only/yes. Ticket: 8000 (cherry picked from commit c141c55bc63e24c58b1001177890b092edaca8fe) --- diff --git a/rust/sys/src/sys.rs b/rust/sys/src/sys.rs index b45f1137a0..5c809709db 100644 --- a/rust/sys/src/sys.rs +++ b/rust/sys/src/sys.rs @@ -701,6 +701,9 @@ extern "C" { ipproto: *const ::std::os::raw::c_char, alproto_name: *const ::std::os::raw::c_char, ) -> ::std::os::raw::c_int; } +extern "C" { + pub fn SCAppLayerParserReallocCtx(alproto: AppProto) -> ::std::os::raw::c_int; +} extern "C" { pub fn SCAppLayerParserRegisterParserAcceptableDataDirection( ipproto: u8, alproto: AppProto, direction: u8, diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index d8f58b1a83..a1aa767aa1 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -437,20 +437,6 @@ void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, { SCEnter(); - if (alp_ctx.ctxs_len <= alproto && alproto < g_alproto_max) { - // Realloc now as AppLayerParserRegisterStateFuncs is called first - void *tmp = SCRealloc( - alp_ctx.ctxs, sizeof(AppLayerParserProtoCtx[FLOW_PROTO_MAX]) * g_alproto_max); - if (unlikely(tmp == NULL)) { - FatalError("Unable to realloc alp_ctx.ctxs."); - } - alp_ctx.ctxs = tmp; - memset(&alp_ctx.ctxs[alp_ctx.ctxs_len], 0, - sizeof(AppLayerParserProtoCtx[FLOW_PROTO_MAX]) * - (g_alproto_max - alp_ctx.ctxs_len)); - alp_ctx.ctxs_len = g_alproto_max; - } - alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateAlloc = StateAlloc; alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateFree = StateFree; @@ -1750,6 +1736,24 @@ static void (**PreRegisteredCallbacks)(void) = NULL; static size_t preregistered_callbacks_nb = 0; static size_t preregistered_callbacks_cap = 0; +int SCAppLayerParserReallocCtx(AppProto alproto) +{ + if (alp_ctx.ctxs_len <= alproto && alproto < g_alproto_max) { + /* Realloc alp_ctx.ctxs, so that dynamic alproto can be treated as real/normal ones. + * In case we need to turn off dynamic alproto. */ + void *tmp = SCRealloc(alp_ctx.ctxs, sizeof(AppLayerParserProtoCtx[FLOW_PROTO_MAX]) * + (alp_ctx.ctxs_len + ARRAY_CAP_STEP)); + if (unlikely(tmp == NULL)) { + FatalError("Unable to realloc alp_ctx.ctxs."); + } + alp_ctx.ctxs = tmp; + memset(&alp_ctx.ctxs[alp_ctx.ctxs_len], 0, + sizeof(AppLayerParserProtoCtx[FLOW_PROTO_MAX]) * ARRAY_CAP_STEP); + alp_ctx.ctxs_len += ARRAY_CAP_STEP; + } + return 0; +} + int AppLayerParserPreRegister(void (*Register)(void)) { if (preregistered_callbacks_nb == preregistered_callbacks_cap) { diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index d1a6bbdcbf..5b90cf2adc 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -160,6 +160,7 @@ typedef const char *(*AppLayerParserGetStateNameByIdFn)(const int id, const uint typedef int (*AppLayerParserGetFrameIdByNameFn)(const char *frame_name); typedef const char *(*AppLayerParserGetFrameNameByIdFn)(const uint8_t id); +int SCAppLayerParserReallocCtx(AppProto alproto); int AppLayerParserPreRegister(void (*Register)(void)); /** * \brief Register app layer parser for the protocol. diff --git a/src/app-layer-protos.c b/src/app-layer-protos.c index 7c48847be5..13fe402949 100644 --- a/src/app-layer-protos.c +++ b/src/app-layer-protos.c @@ -24,6 +24,7 @@ #include "suricata-common.h" #include "app-layer-protos.h" +#include "app-layer-parser.h" #include "rust.h" AppProto g_alproto_max = ALPROTO_MAX_STATIC; @@ -97,6 +98,7 @@ void AppProtoRegisterProtoString(AppProto alproto, const char *proto_name) g_alproto_strings = tmp; } g_alproto_max++; + SCAppLayerParserReallocCtx(alproto); } g_alproto_strings[alproto].str = proto_name; g_alproto_strings[alproto].alproto = alproto;