diff --git a/src/app-layer-dcerpc-udp.c b/src/app-layer-dcerpc-udp.c index 46d67bafd0..df6db890d0 100644 --- a/src/app-layer-dcerpc-udp.c +++ b/src/app-layer-dcerpc-udp.c @@ -706,6 +706,10 @@ static void DCERPCUDPStateFree(void *s) { } void RegisterDCERPCUDPParsers(void) { + /** DCERPC */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_UDP, ALPROTO_DCERPC_UDP, "|04 00|", 2, 0, STREAM_TOCLIENT); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_UDP, ALPROTO_DCERPC_UDP, "|04 00|", 2, 0, STREAM_TOSERVER); + AppLayerRegisterProto("dcerpcudp", ALPROTO_DCERPC_UDP, STREAM_TOSERVER, DCERPCUDPParse); AppLayerRegisterProto("dcerpcudp", ALPROTO_DCERPC_UDP, STREAM_TOCLIENT, diff --git a/src/app-layer-dcerpc.c b/src/app-layer-dcerpc.c index ec5493b606..45f33a5e21 100644 --- a/src/app-layer-dcerpc.c +++ b/src/app-layer-dcerpc.c @@ -1729,6 +1729,10 @@ void DCERPCUpdateTransactionId(void *state, uint16_t *id) { } void RegisterDCERPCParsers(void) { + /** DCERPC */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_DCERPC, "|05 00|", 2, 0, STREAM_TOCLIENT); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_DCERPC, "|05 00|", 2, 0, STREAM_TOSERVER); + AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOSERVER, DCERPCParse); AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOCLIENT, diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c index 2558c5daee..bae74b6ee6 100644 --- a/src/app-layer-detect-proto.c +++ b/src/app-layer-detect-proto.c @@ -337,97 +337,10 @@ void AlpProtoFinalizeGlobal(AlpProtoDetectCtx *ctx) { void AppLayerDetectProtoThreadInit(void) { AlpProtoInit(&alp_proto_ctx); - - /** \todo register these in the protocol parser api */ - - /** HTTP */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "GET|20|", 4, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "GET|09|", 4, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "PUT|20|", 4, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "PUT|09|", 4, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "POST|20|", 5, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "POST|09|", 5, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|20|", 5, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|09|", 5, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "TRACE|20|", 6, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "TRACE|09|", 6, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS|20|", 8, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS|09|", 8, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "CONNECT|20|", 8, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "CONNECT|09|", 8, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "HTTP/", 5, 0, STREAM_TOCLIENT); - - /** SSH */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SSH, "SSH-", 4, 0, STREAM_TOCLIENT); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SSH, "SSH-", 4, 0, STREAM_TOSERVER); - - /** SSLv2 and SSLv23*/ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2, STREAM_TOSERVER); - /* subsection - SSLv2 style record by client, but informing the server the max - * version it supports */ - /* Updated by Anoop Saldanha. Disabled it for now. We'll get back to it - * after some tests */ - //AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 5, 2, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|00 02|", 7, 5, STREAM_TOCLIENT); - - /** SSLv3 */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 3, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOSERVER); /* client hello */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOCLIENT); /* server hello */ - /** TLSv1 */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 01|", 3, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOSERVER); /* client hello */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOCLIENT); /* server hello */ - /** TLSv1.1 */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 02|", 3, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOSERVER); /* client hello */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOCLIENT); /* server hello */ - /** TLSv1.2 */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 03|", 3, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOSERVER); /* client hello */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOCLIENT); /* server hello */ - - /** IMAP */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_IMAP, "|2A 20|OK|20|", 5, 0, STREAM_TOCLIENT); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_IMAP, "1|20|capability", 12, 0, STREAM_TOSERVER); - - /** SMTP */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "EHLO ", 5, 0, STREAM_TOCLIENT); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "HELO ", 5, 0, STREAM_TOCLIENT); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "ESMTP ", 64, 4, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "SMTP ", 64, 4, STREAM_TOSERVER); - - /** FTP */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_FTP, "USER ", 5, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_FTP, "PASS ", 5, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_FTP, "PORT ", 5, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_FTP, "AUTH SSL", 8, 0, STREAM_TOCLIENT); - - /** MSN Messenger */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_MSN, "MSNP", 10, 6, STREAM_TOCLIENT); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_MSN, "MSNP", 10, 6, STREAM_TOSERVER); - - /** Jabber */ - //AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_JABBER, "xmlns='jabber|3A|client'", 74, 53, STREAM_TOCLIENT); - //AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_JABBER, "xmlns='jabber|3A|client'", 74, 53, STREAM_TOSERVER); - - /** SMB */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOCLIENT); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER); - - /** SMB2 */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOCLIENT); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER); - - /** DCERPC */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_UDP, ALPROTO_DCERPC_UDP, "|04 00|", 2, 0, STREAM_TOCLIENT); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_UDP, ALPROTO_DCERPC_UDP, "|04 00|", 2, 0, STREAM_TOSERVER); - - /** DCERPC */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_DCERPC, "|05 00|", 2, 0, STREAM_TOCLIENT); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_DCERPC, "|05 00|", 2, 0, STREAM_TOSERVER); - + RegisterAppLayerParsers(); AlpProtoFinalizeGlobal(&alp_proto_ctx); + + return; } /** diff --git a/src/app-layer-detect-proto.h b/src/app-layer-detect-proto.h index 6f51044c76..aaefb39547 100644 --- a/src/app-layer-detect-proto.h +++ b/src/app-layer-detect-proto.h @@ -76,11 +76,14 @@ typedef struct AlpProtoDetectCtx_ { uint16_t sigs; /**< number of sigs */ } AlpProtoDetectCtx; +extern AlpProtoDetectCtx alp_proto_ctx; + void *AppLayerDetectProtoThread(void *td); void AppLayerDetectProtoThreadInit(void); uint16_t AppLayerDetectGetProto(AlpProtoDetectCtx *, AlpProtoDetectThreadCtx *, uint8_t *, uint16_t, uint8_t, uint8_t); +void AlpProtoAdd(AlpProtoDetectCtx *, uint16_t, uint16_t, char *, uint16_t, uint16_t, uint8_t); void AppLayerDetectProtoThreadSpawn(void); void AlpDetectRegisterTests(void); diff --git a/src/app-layer-ftp.c b/src/app-layer-ftp.c index 968fe980d6..421c3a5f3a 100644 --- a/src/app-layer-ftp.c +++ b/src/app-layer-ftp.c @@ -261,6 +261,12 @@ static void FTPStateFree(void *s) { void RegisterFTPParsers(void) { + /** FTP */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_FTP, "USER ", 5, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_FTP, "PASS ", 5, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_FTP, "PORT ", 5, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_FTP, "AUTH SSL", 8, 0, STREAM_TOCLIENT); + AppLayerRegisterProto("ftp", ALPROTO_FTP, STREAM_TOSERVER, FTPParseRequest); AppLayerRegisterProto("ftp", ALPROTO_FTP, STREAM_TOCLIENT, diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index 8cb0556a1d..1caf52abe5 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -1106,6 +1106,24 @@ void AppLayerHtpPrintStats(void) { void RegisterHTPParsers(void) { SCEnter(); + + /** HTTP */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "GET|20|", 4, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "GET|09|", 4, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "PUT|20|", 4, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "PUT|09|", 4, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "POST|20|", 5, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "POST|09|", 5, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|20|", 5, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|09|", 5, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "TRACE|20|", 6, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "TRACE|09|", 6, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS|20|", 8, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS|09|", 8, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "CONNECT|20|", 8, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "CONNECT|09|", 8, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "HTTP/", 5, 0, STREAM_TOCLIENT); + AppLayerRegisterStateFuncs(ALPROTO_HTTP, HTPStateAlloc, HTPStateFree); AppLayerRegisterProto("http", ALPROTO_HTTP, STREAM_TOSERVER, diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 1440bee37d..b254a5c87c 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -43,6 +43,13 @@ #include "app-layer-protos.h" #include "app-layer-parser.h" +#include "app-layer-smb.h" +#include "app-layer-dcerpc.h" +#include "app-layer-dcerpc-udp.h" +#include "app-layer-htp.h" +#include "app-layer-ftp.h" +#include "app-layer-ssl.h" +#include "app-layer-ssh.h" #include "util-spm.h" @@ -1162,6 +1169,34 @@ void RegisterAppLayerParsers(void) /** setup result pool * \todo Per thread pool */ al_result_pool = PoolInit(1000,250,AlpResultElmtPoolAlloc,NULL,AlpResultElmtPoolFree); + + RegisterHTPParsers(); + RegisterSSLParsers(); + RegisterSMBParsers(); + RegisterDCERPCParsers(); + RegisterDCERPCUDPParsers(); + RegisterFTPParsers(); + RegisterSSHParsers(); + + /** IMAP */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_IMAP, "|2A 20|OK|20|", 5, 0, STREAM_TOCLIENT); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_IMAP, "1|20|capability", 12, 0, STREAM_TOSERVER); + + /** SMTP */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "EHLO ", 5, 0, STREAM_TOCLIENT); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "HELO ", 5, 0, STREAM_TOCLIENT); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "ESMTP ", 64, 4, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "SMTP ", 64, 4, STREAM_TOSERVER); + + /** MSN Messenger */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_MSN, "MSNP", 10, 6, STREAM_TOCLIENT); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_MSN, "MSNP", 10, 6, STREAM_TOSERVER); + + /** Jabber */ + //AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_JABBER, "xmlns='jabber|3A|client'", 74, 53, STREAM_TOCLIENT); + //AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_JABBER, "xmlns='jabber|3A|client'", 74, 53, STREAM_TOSERVER); + + return; } void AppLayerParserCleanupState(Flow *f) diff --git a/src/app-layer-smb.c b/src/app-layer-smb.c index 7c3378b70e..1ffdd351a1 100644 --- a/src/app-layer-smb.c +++ b/src/app-layer-smb.c @@ -1258,6 +1258,14 @@ void SMBUpdateTransactionId(void *state, uint16_t *id) { } void RegisterSMBParsers(void) { + /** SMB */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOCLIENT); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER); + + /** SMB2 */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOCLIENT); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER); + AppLayerRegisterProto("smb", ALPROTO_SMB, STREAM_TOSERVER, SMBParse); AppLayerRegisterProto("smb", ALPROTO_SMB, STREAM_TOCLIENT, SMBParse); AppLayerRegisterStateFuncs(ALPROTO_SMB, SMBStateAlloc, SMBStateFree); diff --git a/src/app-layer-ssh.c b/src/app-layer-ssh.c index efb0e2bfd9..555cfa1d6d 100644 --- a/src/app-layer-ssh.c +++ b/src/app-layer-ssh.c @@ -746,6 +746,10 @@ static void SSHStateFree(void *state) */ void RegisterSSHParsers(void) { + /** SSH */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SSH, "SSH-", 4, 0, STREAM_TOCLIENT); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SSH, "SSH-", 4, 0, STREAM_TOSERVER); + AppLayerRegisterProto("ssh", ALPROTO_SSH, STREAM_TOCLIENT, SSHParseServerRecord); AppLayerRegisterProto("ssh", ALPROTO_SSH, STREAM_TOSERVER, diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 5d44621b9a..abd38da771 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -855,6 +855,32 @@ void SSLStateFree(void *p) */ void RegisterSSLParsers(void) { + /** SSLv2 and SSLv23*/ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2, STREAM_TOSERVER); + /* subsection - SSLv2 style record by client, but informing the server the max + * version it supports */ + /* Updated by Anoop Saldanha. Disabled it for now. We'll get back to it + * after some tests */ + //AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 5, 2, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|00 02|", 7, 5, STREAM_TOCLIENT); + + /** SSLv3 */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 3, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOSERVER); /* client hello */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOCLIENT); /* server hello */ + /** TLSv1 */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 01|", 3, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOSERVER); /* client hello */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOCLIENT); /* server hello */ + /** TLSv1.1 */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 02|", 3, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOSERVER); /* client hello */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOCLIENT); /* server hello */ + /** TLSv1.2 */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 03|", 3, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOSERVER); /* client hello */ + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOCLIENT); /* server hello */ + AppLayerRegisterProto("tls", ALPROTO_TLS, STREAM_TOSERVER, SSLParseClientRecord); @@ -2583,7 +2609,7 @@ static int SSLParserTest22(void) 0x2f, 0x34, 0x84, 0x20, 0xc5}; uint32_t buf_len = sizeof(buf); TcpSession ssn; - AppLayerDetectProtoThreadInit(); + //AppLayerDetectProtoThreadInit(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); @@ -2882,7 +2908,7 @@ static int SSLParserTest23(void) uint32_t toserver_app_data_buf_len = sizeof(toserver_app_data_buf); TcpSession ssn; - AppLayerDetectProtoThreadInit(); + //AppLayerDetectProtoThreadInit(); memset(&f, 0, sizeof(f)); memset(&ssn, 0, sizeof(ssn)); diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c index ccce321961..8af1999d52 100644 --- a/src/stream-tcp-reassemble.c +++ b/src/stream-tcp-reassemble.c @@ -6072,7 +6072,7 @@ static int StreamTcpReassembleTest38 (void) { FLOW_INITIALIZE(&f); StreamTcpInitConfig(TRUE); TcpReassemblyThreadCtx *ra_ctx = StreamTcpReassembleInitThreadCtx(); - AppLayerDetectProtoThreadInit(); + //AppLayerDetectProtoThreadInit(); uint8_t httpbuf1[] = "POST / HTTP/1.0\r\nUser-Agent: Victor/1.0\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ @@ -6235,7 +6235,7 @@ static int StreamTcpReassembleTest39 (void) { FLOW_INITIALIZE(&f); StreamTcpInitConfig(TRUE); TcpReassemblyThreadCtx *ra_ctx = StreamTcpReassembleInitThreadCtx(); - AppLayerDetectProtoThreadInit(); + //AppLayerDetectProtoThreadInit(); StreamMsgQueueSetMinChunkLen(FLOW_PKT_TOSERVER, 7); StreamMsgQueueSetMinChunkLen(FLOW_PKT_TOCLIENT, 7); @@ -6464,7 +6464,7 @@ static int StreamTcpReassembleTest40 (void) { StreamMsgQueueSetMinChunkLen(FLOW_PKT_TOSERVER, 130); TcpReassemblyThreadCtx *ra_ctx = StreamTcpReassembleInitThreadCtx(); - AppLayerDetectProtoThreadInit(); + //AppLayerDetectProtoThreadInit(); uint8_t httpbuf1[] = "P"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ @@ -6722,7 +6722,7 @@ static int StreamTcpReassembleTest41 (void) { FLOW_INITIALIZE(&f); StreamTcpInitConfig(TRUE); TcpReassemblyThreadCtx *ra_ctx = StreamTcpReassembleInitThreadCtx(); - AppLayerDetectProtoThreadInit(); + //AppLayerDetectProtoThreadInit(); uint8_t httpbuf1[] = "GET / HTTP/1.0\r\nUser-Agent: Victor/1.0" "W2dyb3VwMV0NCnBob25lMT1wMDB3ODgyMTMxMzAyMTINCmxvZ2lu" @@ -6931,7 +6931,7 @@ static int StreamTcpReassembleTest42 (void) { FLOW_INITIALIZE(&f); StreamTcpInitConfig(TRUE); TcpReassemblyThreadCtx *ra_ctx = StreamTcpReassembleInitThreadCtx(); - AppLayerDetectProtoThreadInit(); + //AppLayerDetectProtoThreadInit(); uint8_t httpbuf1[] = "POST / HTTP/1.0\r\nUser-Agent: Victor/1.0\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ @@ -7105,7 +7105,7 @@ static int StreamTcpReassembleTest43 (void) { FLOW_INITIALIZE(&f); StreamTcpInitConfig(TRUE); TcpReassemblyThreadCtx *ra_ctx = StreamTcpReassembleInitThreadCtx(); - AppLayerDetectProtoThreadInit(); + //AppLayerDetectProtoThreadInit(); uint8_t httpbuf1[] = "/ HTTP/1.0\r\nUser-Agent: Victor/1.0"; @@ -7645,7 +7645,7 @@ static int StreamTcpReassembleTest47 (void) { FLOW_INITIALIZE(&f); StreamTcpInitConfig(TRUE); TcpReassemblyThreadCtx *ra_ctx = StreamTcpReassembleInitThreadCtx(); - AppLayerDetectProtoThreadInit(); + //AppLayerDetectProtoThreadInit(); uint8_t httpbuf1[] = "GET /EVILSUFF HTTP/1.1\r\n\r\n"; uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ diff --git a/src/suricata.c b/src/suricata.c index 209f3045bf..c273cc600c 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -1073,14 +1073,6 @@ int main(int argc, char **argv) /** \todo we need an api for these */ AppLayerDetectProtoThreadInit(); - RegisterAppLayerParsers(); - RegisterHTPParsers(); - RegisterSSLParsers(); - RegisterSMBParsers(); - RegisterDCERPCParsers(); - RegisterDCERPCUDPParsers(); - RegisterFTPParsers(); - RegisterSSHParsers(); AppLayerParsersInitPostProcess(); #ifdef UNITTESTS