aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

app-layer/template: use a max number of txs

Browse Source 
Ticket: 6773
pull/10413/head
Philippe Antoine 1 year ago committed by Victor Julien
parent 2a1a70b308
commit c99d93c257
1 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File

20
rust/src/applayertemplate/template.rs
Unescape Escape View File

@ -17,6 +17,7 @@
use super::parser;
use crate::applayer::{self, *};
use crate::conf::conf_get;
use crate::core::{AppProto, Flow, ALPROTO_UNKNOWN, IPPROTO_TCP};
use nom7 as nom;
use std;
@ -24,10 +25,14 @@ use std::collections::VecDeque;
use std::ffi::CString;
use std::os::raw::{c_char, c_int, c_void};
static mut TEMPLATE_MAX_TX: usize = 256;
static mut ALPROTO_TEMPLATE: AppProto = ALPROTO_UNKNOWN;
#[derive(AppLayerEvent)]
enum TemplateEvent {}
enum TemplateEvent {
TooManyTransactions,
}
pub struct TemplateTransaction {
tx_id: u64,
@ -145,7 +150,13 @@ impl TemplateState {
SCLogNotice!("Request: {}", request);
let mut tx = self.new_tx();
tx.request = Some(request);
if self.transactions.len() >= unsafe {TEMPLATE_MAX_TX} {
tx.tx_data.set_event(TemplateEvent::TooManyTransactions as u8);
}
self.transactions.push_back(tx);
if self.transactions.len() >= unsafe {TEMPLATE_MAX_TX} {
return AppLayerResult::err();
}
}
Err(nom::Err::Incomplete(_)) => {
// Not enough data. This parser doesn't give us a good indication
@ -429,6 +440,13 @@ pub unsafe extern "C" fn rs_template_register_parser() {
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let _ = AppLayerRegisterParser(&parser, alproto);
}
if let Some(val) = conf_get("app-layer.protocols.template.max-tx") {
if let Ok(v) = val.parse::<usize>() {
TEMPLATE_MAX_TX = v;
} else {
SCLogError!("Invalid value for template.max-tx");
}
}
SCLogNotice!("Rust template parser registered.");
} else {
SCLogNotice!("Protocol detector and parser disabled for TEMPLATE.");

Write Preview
Loading…
Cancel
Save