|
|
|
|
@ -294,7 +294,10 @@ static int TCPProtoDetectTriggerOpposingSide(ThreadVars *tv,
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** \todo data const */
|
|
|
|
|
/** \todo data const
|
|
|
|
|
* \retval int -1 error
|
|
|
|
|
* \retval int 0 ok
|
|
|
|
|
*/
|
|
|
|
|
static int TCPProtoDetect(ThreadVars *tv,
|
|
|
|
|
TcpReassemblyThreadCtx *ra_ctx, AppLayerThreadCtx *app_tctx,
|
|
|
|
|
Packet *p, Flow *f, TcpSession *ssn, TcpStream **stream,
|
|
|
|
|
@ -393,7 +396,7 @@ static int TCPProtoDetect(ThreadVars *tv,
|
|
|
|
|
p, ssn, *stream) != 0)
|
|
|
|
|
{
|
|
|
|
|
DisableAppLayer(tv, f, p);
|
|
|
|
|
goto failure;
|
|
|
|
|
SCReturnInt(-1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -421,7 +424,7 @@ static int TCPProtoDetect(ThreadVars *tv,
|
|
|
|
|
AppLayerDecoderEventsSetEventRaw(&p->app_layer_events,
|
|
|
|
|
APPLAYER_WRONG_DIRECTION_FIRST_DATA);
|
|
|
|
|
DisableAppLayer(tv, f, p);
|
|
|
|
|
goto failure;
|
|
|
|
|
SCReturnInt(-1);
|
|
|
|
|
}
|
|
|
|
|
/* This can happen if the current direction is not the
|
|
|
|
|
* right direction, and the data from the other(also
|
|
|
|
|
@ -436,7 +439,7 @@ static int TCPProtoDetect(ThreadVars *tv,
|
|
|
|
|
FLOW_RESET_PP_DONE(f, flags);
|
|
|
|
|
FLOW_RESET_PM_DONE(f, flags);
|
|
|
|
|
FLOW_RESET_PE_DONE(f, flags);
|
|
|
|
|
goto failure;
|
|
|
|
|
SCReturnInt(-1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -449,7 +452,7 @@ static int TCPProtoDetect(ThreadVars *tv,
|
|
|
|
|
flags, data, data_len);
|
|
|
|
|
PACKET_PROFILING_APP_END(app_tctx, f->alproto);
|
|
|
|
|
if (r < 0) {
|
|
|
|
|
goto failure;
|
|
|
|
|
SCReturnInt(-1);
|
|
|
|
|
} else if (r == 0) {
|
|
|
|
|
StreamTcpUpdateAppLayerProgress(ssn, direction, data_len);
|
|
|
|
|
}
|
|
|
|
|
@ -475,7 +478,7 @@ static int TCPProtoDetect(ThreadVars *tv,
|
|
|
|
|
SCLogDebug("midstream end pd %p", ssn);
|
|
|
|
|
/* midstream and toserver detection failed: give up */
|
|
|
|
|
DisableAppLayer(tv, f, p);
|
|
|
|
|
goto end;
|
|
|
|
|
SCReturnInt(0);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -502,7 +505,7 @@ static int TCPProtoDetect(ThreadVars *tv,
|
|
|
|
|
(first_data_dir) && !(first_data_dir & flags))
|
|
|
|
|
{
|
|
|
|
|
DisableAppLayer(tv, f, p);
|
|
|
|
|
goto failure;
|
|
|
|
|
SCReturnInt(-1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* if protocol detection is marked done for our direction we
|
|
|
|
|
@ -533,8 +536,9 @@ static int TCPProtoDetect(ThreadVars *tv,
|
|
|
|
|
*alproto = *alproto_otherdir;
|
|
|
|
|
SCLogDebug("packet %"PRIu64": pd done(us %u them %u), parser called (r==%d), APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION set",
|
|
|
|
|
p->pcap_cnt, *alproto, *alproto_otherdir, r);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
goto failure;
|
|
|
|
|
if (r < 0) {
|
|
|
|
|
SCReturnInt(-1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
*alproto = ALPROTO_FAILED;
|
|
|
|
|
StreamTcpSetStreamFlagAppProtoDetectionCompleted(*stream);
|
|
|
|
|
@ -547,11 +551,7 @@ static int TCPProtoDetect(ThreadVars *tv,
|
|
|
|
|
TCPProtoDetectCheckBailConditions(tv, f, ssn, p);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
end:
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
failure:
|
|
|
|
|
return -1;
|
|
|
|
|
SCReturnInt(0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** \brief handle TCP data for the app-layer.
|
|
|
|
|
|
Victor Julien
6 years ago