dcerpc: support AppLayerTxData

5 years ago · 3202d29325
parent 8cd55124a3
commit 3202d29325
2 changed files with 10 additions and 37 deletions
--- a/rust/src/dcerpc/dcerpc.rs
+++ b/rust/src/dcerpc/dcerpc.rs
@ -17,7 +17,7 @@

 use std::mem::transmute;

-use crate::applayer::AppLayerResult;
+use crate::applayer::{AppLayerResult, AppLayerTxData};
 use crate::core;
 use crate::dcerpc::parser;
 use crate::log::*;
@ -248,9 +248,8 @@ pub struct DCERPCState {
    pub query_completed: bool,
    pub data_needed_for_dir: u8,
    pub prev_dir: u8,
-    pub detect_flags_ts: u64,
-    pub detect_flags_tc: u64,
    pub de_state: Option<*mut core::DetectEngineState>,
+    pub tx_data: AppLayerTxData,
 }

 impl DCERPCState {
@ -270,9 +269,8 @@ impl DCERPCState {
            query_completed: false,
            data_needed_for_dir: core::STREAM_TOSERVER,
            prev_dir: core::STREAM_TOSERVER,
-            detect_flags_ts: 0,
-            detect_flags_tc: 0,
            de_state: None,
+            tx_data: AppLayerTxData::new(),
        };
    }

@ -937,26 +935,12 @@ pub extern "C" fn rs_dcerpc_get_alstate_progress_completion_status(_direction: u
 }

 #[no_mangle]
-pub extern "C" fn rs_dcerpc_get_tx_detect_flags(vtx: *mut std::os::raw::c_void, dir: u8) -> u64 {
-    let state = cast_pointer!(vtx, DCERPCState);
-    if dir & core::STREAM_TOSERVER != 0 {
-        return state.detect_flags_ts;
-    }
-    state.detect_flags_tc
-}
-
-#[no_mangle]
-pub extern "C" fn rs_dcerpc_set_tx_detect_flags(
-    vtx: *mut std::os::raw::c_void,
-    dir: u8,
-    flags: u64,
-) {
-    let state = cast_pointer!(vtx, DCERPCState);
-    if dir & core::STREAM_TOSERVER != 0 {
-        state.detect_flags_ts = flags;
-    } else {
-        state.detect_flags_tc = flags;
-    }
+pub extern "C" fn rs_dcerpc_get_tx_data(
+    tx: *mut std::os::raw::c_void)
+    -> *mut AppLayerTxData
+{
+    let tx = cast_pointer!(tx, DCERPCState);
+    return &mut tx.tx_data;
 }

 #[no_mangle]
--- a/src/app-layer-dcerpc.c
+++ b/src/app-layer-dcerpc.c
@ -126,16 +126,6 @@ static int DCERPCGetAlstateProgress(void *tx, uint8_t direction)
    return rs_dcerpc_get_alstate_progress(tx, direction);
 }

-static void DCERPCSetTxDetectFlags(void *vtx, uint8_t dir, uint64_t flags)
-{
-    return rs_dcerpc_set_tx_detect_flags(vtx, dir, flags);
-}
-
-static uint64_t DCERPCGetTxDetectFlags(void *vtx, uint8_t dir)
-{
-    return rs_dcerpc_get_tx_detect_flags(vtx, dir);
-}
-
 static int DCERPCRegisterPatternsForProtocolDetection(void)
 {
    if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_DCERPC,
@ -182,6 +172,7 @@ void RegisterDCERPCParsers(void)
                                               DCERPCGetTxDetectState, DCERPCSetTxDetectState);

        AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_DCERPC, DCERPCGetTx);
+        AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_DCERPC, rs_dcerpc_get_tx_data);

        AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_DCERPC, DCERPCGetTxCnt);

@ -189,8 +180,6 @@ void RegisterDCERPCParsers(void)

        AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_DCERPC,
                                                               DCERPCGetAlstateProgressCompletionStatus);
-        AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_TCP, ALPROTO_DCERPC,
-                DCERPCGetTxDetectFlags, DCERPCSetTxDetectFlags);
    } else {
        SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
                  "still on.", proto_name);