aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

app-layer: API for mapping progress name vs id

Browse Source
pull/12979/head
Victor Julien 6 months ago committed by Victor Julien
parent 780aeee55c
commit add7d3fcf5
30 changed files with 136 additions and 0 deletions
Show Stats Download Patch File Download Diff File

5
rust/src/applayer.rs
Unescape Escape View File

@ -438,6 +438,9 @@ pub struct RustParser {
pub get_frame_id_by_name: Option<GetFrameIdByName>,
pub get_frame_name_by_id: Option<GetFrameNameById>,
pub get_state_id_by_name: Option<GetStateIdByName>,
pub get_state_name_by_id: Option<GetStateNameById>,
}
/// Create a slice, given a buffer and a length
@ -490,6 +493,8 @@ pub type GetStateDataFn = unsafe extern "C" fn(*mut c_void) -> *mut AppLayerStat
pub type ApplyTxConfigFn = unsafe extern "C" fn (*mut c_void, *mut c_void, c_int, AppLayerTxConfig);
pub type GetFrameIdByName = unsafe extern "C" fn(*const c_char) -> c_int;
pub type GetFrameNameById = unsafe extern "C" fn(u8) -> *const c_char;
pub type GetStateIdByName = unsafe extern "C" fn(*const c_char, u8) -> c_int;
pub type GetStateNameById = unsafe extern "C" fn(c_int, u8) -> *const c_char;
// Defined in app-layer-register.h
/// cbindgen:ignore

2
rust/src/applayertemplate/template.rs
Unescape Escape View File

@ -398,6 +398,8 @@ pub unsafe extern "C" fn rs_template_register_parser() {
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("tcp").unwrap();

2
rust/src/bittorrent_dht/bittorrent_dht.rs
Unescape Escape View File

@ -278,6 +278,8 @@ pub unsafe extern "C" fn SCRegisterBittorrentDhtUdpParser() {
flags: 0,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("udp").unwrap();

2
rust/src/dcerpc/dcerpc.rs
Unescape Escape View File

@ -1233,6 +1233,8 @@ pub unsafe extern "C" fn SCRegisterDcerpcParser() {
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
get_frame_id_by_name: Some(DCERPCFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(DCERPCFrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("tcp").unwrap();

2
rust/src/dcerpc/dcerpc_udp.rs
Unescape Escape View File

@ -377,6 +377,8 @@ pub unsafe extern "C" fn SCRegisterDcerpcUdpParser() {
flags: 0,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("udp").unwrap();

2
rust/src/dhcp/dhcp.rs
Unescape Escape View File

@ -290,6 +290,8 @@ pub unsafe extern "C" fn SCRegisterDhcpParser() {
flags: 0,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("udp").unwrap();

4
rust/src/dns/dns.rs
Unescape Escape View File

@ -1244,6 +1244,8 @@ pub unsafe extern "C" fn SCRegisterDnsUdpParser() {
flags: 0,
get_frame_id_by_name: Some(DnsFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(DnsFrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("udp").unwrap();
@ -1289,6 +1291,8 @@ pub unsafe extern "C" fn SCRegisterDnsTcpParser() {
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
get_frame_id_by_name: Some(DnsFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(DnsFrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("tcp").unwrap();

2
rust/src/enip/enip.rs
Unescape Escape View File

@ -620,6 +620,8 @@ pub unsafe extern "C" fn SCEnipRegisterParsers() {
flags: 0,
get_frame_id_by_name: Some(EnipFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(EnipFrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("udp").unwrap();

2
rust/src/http2/http2.rs
Unescape Escape View File

@ -1571,6 +1571,8 @@ pub unsafe extern "C" fn rs_http2_register_parser() {
flags: 0,
get_frame_id_by_name: Some(Http2FrameType::ffi_id_from_name),
get_frame_name_by_id: Some(Http2FrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("tcp").unwrap();

2
rust/src/ike/ike.rs
Unescape Escape View File

@ -429,6 +429,8 @@ pub unsafe extern "C" fn rs_ike_register_parser() {
flags: 0,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("udp").unwrap();

2
rust/src/krb/krb5.rs
Unescape Escape View File

@ -614,6 +614,8 @@ pub unsafe extern "C" fn rs_register_krb5_parser() {
flags : 0,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_state_id_by_name: None,
get_state_name_by_id: None,
};
// register UDP parser
let ip_proto_str = CString::new("udp").unwrap();

4
rust/src/ldap/ldap.rs
Unescape Escape View File

@ -679,6 +679,8 @@ pub unsafe extern "C" fn SCRegisterLdapTcpParser() {
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
get_frame_id_by_name: Some(LdapFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(LdapFrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("tcp").unwrap();
@ -736,6 +738,8 @@ pub unsafe extern "C" fn SCRegisterLdapUdpParser() {
flags: 0,
get_frame_id_by_name: Some(LdapFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(LdapFrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("udp").unwrap();

2
rust/src/modbus/modbus.rs
Unescape Escape View File

@ -419,6 +419,8 @@ pub unsafe extern "C" fn rs_modbus_register_parser() {
flags: 0,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("tcp").unwrap();

2
rust/src/mqtt/mqtt.rs
Unescape Escape View File

@ -771,6 +771,8 @@ pub unsafe extern "C" fn SCMqttRegisterParser() {
flags: 0,
get_frame_id_by_name: Some(MQTTFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(MQTTFrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("tcp").unwrap();

4
rust/src/nfs/nfs.rs
Unescape Escape View File

@ -2001,6 +2001,8 @@ pub unsafe extern "C" fn rs_nfs_register_parser() {
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
get_frame_id_by_name: Some(NFSFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(NFSFrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("tcp").unwrap();
@ -2078,6 +2080,8 @@ pub unsafe extern "C" fn rs_nfs_udp_register_parser() {
flags: 0,
get_frame_id_by_name: Some(NFSFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(NFSFrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("udp").unwrap();

2
rust/src/ntp/ntp.rs
Unescape Escape View File

@ -286,6 +286,8 @@ pub unsafe extern "C" fn rs_register_ntp_parser() {
flags: 0,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("udp").unwrap();

2
rust/src/pgsql/pgsql.rs
Unescape Escape View File

@ -896,6 +896,8 @@ pub unsafe extern "C" fn SCRegisterPgsqlParser() {
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("tcp").unwrap();

2
rust/src/quic/quic.rs
Unescape Escape View File

@ -585,6 +585,8 @@ pub unsafe extern "C" fn rs_quic_register_parser() {
flags: 0,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("udp").unwrap();

2
rust/src/rdp/rdp.rs
Unescape Escape View File

@ -488,6 +488,8 @@ pub unsafe extern "C" fn SCRegisterRdpParser() {
flags: 0,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = std::ffi::CString::new("tcp").unwrap();

2
rust/src/rfb/rfb.rs
Unescape Escape View File

@ -872,6 +872,8 @@ pub unsafe extern "C" fn SCRfbRegisterParser() {
flags: 0,
get_frame_id_by_name: Some(RFBFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(RFBFrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("tcp").unwrap();

2
rust/src/sip/sip.rs
Unescape Escape View File

@ -584,6 +584,8 @@ pub unsafe extern "C" fn rs_sip_register_parser() {
flags: 0,
get_frame_id_by_name: Some(SIPFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(SIPFrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("udp").unwrap();

2
rust/src/smb/smb.rs
Unescape Escape View File

@ -2360,6 +2360,8 @@ pub unsafe extern "C" fn SCRegisterSmbParser() {
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
get_frame_id_by_name: Some(SMBFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(SMBFrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("tcp").unwrap();

2
rust/src/snmp/snmp.rs
Unescape Escape View File

@ -407,6 +407,8 @@ pub unsafe extern "C" fn SCRegisterSnmpParser() {
flags : 0,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("udp").unwrap();
ALPROTO_SNMP = AppProtoNewProtoFromString(PARSER_NAME.as_ptr() as *const std::os::raw::c_char);

2
rust/src/ssh/ssh.rs
Unescape Escape View File

@ -552,6 +552,8 @@ pub unsafe extern "C" fn SCRegisterSshParser() {
flags: 0,
get_frame_id_by_name: Some(SshFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(SshFrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("tcp").unwrap();

2
rust/src/telnet/telnet.rs
Unescape Escape View File

@ -541,6 +541,8 @@ pub unsafe extern "C" fn rs_telnet_register_parser() {
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
get_frame_id_by_name: Some(TelnetFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(TelnetFrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};

2
rust/src/websocket/websocket.rs
Unescape Escape View File

@ -370,6 +370,8 @@ pub unsafe extern "C" fn rs_websocket_register_parser() {
flags: 0, // do not accept gaps as there is no good way to resync
get_frame_id_by_name: Some(WebSocketFrameType::ffi_id_from_name),
get_frame_name_by_id: Some(WebSocketFrameType::ffi_name_from_id),
get_state_id_by_name: None,
get_state_name_by_id: None,
};
let ip_proto_str = CString::new("tcp").unwrap();

42
src/app-layer-parser.c
Unescape Escape View File

@ -107,6 +107,9 @@ typedef struct AppLayerParserProtoCtx_
AppLayerParserGetFrameIdByNameFn GetFrameIdByName;
AppLayerParserGetFrameNameByIdFn GetFrameNameById;
AppLayerParserGetStateIdByNameFn GetStateIdByName;
AppLayerParserGetStateNameByIdFn GetStateNameById;
/* each app-layer has its own value */
uint32_t stream_depth;
@ -568,6 +571,16 @@ void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto,
SCReturn;
}
void AppLayerParserRegisterGetStateFuncs(uint8_t ipproto, AppProto alproto,
AppLayerParserGetStateIdByNameFn GetIdByNameFunc,
AppLayerParserGetStateNameByIdFn GetNameByIdFunc)
{
SCEnter();
alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetStateIdByName = GetIdByNameFunc;
alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetStateNameById = GetNameByIdFunc;
SCReturn;
}
void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto,
AppLayerParserGetFrameIdByNameFn GetIdByNameFunc,
AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
@ -1591,6 +1604,35 @@ void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *s
SCReturn;
}
/**
* \param id progress value id to get the name for
* \param direction STREAM_TOSERVER/STREAM_TOCLIENT
*/
int AppLayerParserGetStateIdByName(
uint8_t ipproto, AppProto alproto, const char *name, const uint8_t direction)
{
if (alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetStateIdByName != NULL) {
return alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetStateIdByName(
name, direction);
} else {
return -1;
}
}
/**
* \param id progress value id to get the name for
* \param direction STREAM_TOSERVER/STREAM_TOCLIENT
*/
const char *AppLayerParserGetStateNameById(
uint8_t ipproto, AppProto alproto, const int id, const uint8_t direction)
{
if (alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetStateNameById != NULL) {
return alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetStateNameById(id, direction);
} else {
return NULL;
}
}
int AppLayerParserGetFrameIdByName(uint8_t ipproto, AppProto alproto, const char *name)
{
if (alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetFrameIdByName != NULL) {

26
src/app-layer-parser.h
Unescape Escape View File

@ -131,6 +131,17 @@ typedef AppLayerGetTxIterTuple (*AppLayerGetTxIteratorFunc)
/***** Parser related registration *****/
/**
* \param name progress name to get the id for
* \param direction STREAM_TOSERVER/STREAM_TOCLIENT
*/
typedef int (*AppLayerParserGetStateIdByNameFn)(const char *name, const uint8_t direction);
/**
* \param id progress value id to get the name for
* \param direction STREAM_TOSERVER/STREAM_TOCLIENT
*/
typedef const char *(*AppLayerParserGetStateNameByIdFn)(const int id, const uint8_t direction);
typedef int (*AppLayerParserGetFrameIdByNameFn)(const char *frame_name);
typedef const char *(*AppLayerParserGetFrameNameByIdFn)(const uint8_t id);
@ -182,6 +193,9 @@ void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto,
AppLayerParserGetFrameNameByIdFn GetFrameNameById);
void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto,
void (*SetStreamDepthFlag)(void *tx, uint8_t flags));
void AppLayerParserRegisterGetStateFuncs(uint8_t ipproto, AppProto alproto,
AppLayerParserGetStateIdByNameFn GetStateIdByName,
AppLayerParserGetStateNameByIdFn GetStateNameById);
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto,
AppLayerTxData *(*GetTxData)(void *tx));
@ -269,6 +283,18 @@ void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *s
int AppLayerParserIsEnabled(AppProto alproto);
int AppLayerParserGetFrameIdByName(uint8_t ipproto, AppProto alproto, const char *name);
const char *AppLayerParserGetFrameNameById(uint8_t ipproto, AppProto alproto, const uint8_t id);
/**
* \param name progress name to get the id for
* \param direction STREAM_TOSERVER/STREAM_TOCLIENT
*/
int AppLayerParserGetStateIdByName(
uint8_t ipproto, AppProto alproto, const char *name, uint8_t direction);
/**
* \param id progress value id to get the name for
* \param direction STREAM_TOSERVER/STREAM_TOCLIENT
*/
const char *AppLayerParserGetStateNameById(
uint8_t ipproto, AppProto alproto, const int id, uint8_t direction);
/***** Cleanup *****/

5
src/app-layer-register.c
Unescape Escape View File

@ -188,6 +188,11 @@ int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto)
p->ip_proto, alproto, p->GetFrameIdByName, p->GetFrameNameById);
}
if (p->GetStateIdByName && p->GetStateNameById) {
AppLayerParserRegisterGetStateFuncs(
p->ip_proto, alproto, p->GetStateIdByName, p->GetStateNameById);
}
return 0;
}

2
src/app-layer-register.h
Unescape Escape View File

@ -74,6 +74,8 @@ typedef struct AppLayerParser {
AppLayerParserGetFrameIdByNameFn GetFrameIdByName;
AppLayerParserGetFrameNameByIdFn GetFrameNameById;
AppLayerParserGetStateIdByNameFn GetStateIdByName;
AppLayerParserGetStateNameByIdFn GetStateNameById;
} AppLayerParser;
/**

Write Preview
Loading…
Cancel
Save