From d68775d47d8aa51a9c928e227f343ec7559460ae Mon Sep 17 00:00:00 2001 From: Anoop Saldanha Date: Wed, 19 Oct 2011 16:44:28 +0530 Subject: [PATCH] introduce bitmasks instead of alproto_masks for use by the probing parser. Remove all alproto_masks we had previouslys for PP --- src/app-layer-detect-proto.c | 2 +- src/app-layer-parser.c | 121 ++++++++++++----------------------- src/app-layer-parser.h | 6 +- src/flow.h | 4 +- 4 files changed, 48 insertions(+), 85 deletions(-) diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c index 44d0a8859f..6a1f0a940b 100644 --- a/src/app-layer-detect-proto.c +++ b/src/app-layer-detect-proto.c @@ -521,7 +521,7 @@ uint16_t AppLayerDetectGetProtoProbingParser(AlpProtoDetectCtx *ctx, Flow *f, AppLayerProbingParserElement *pe = NULL; AppLayerProbingParser *probing_parsers = ctx->probing_parsers; AppLayerProbingParser *pp = NULL; - uint16_t *al_proto_masks; + uint32_t *al_proto_masks; if (flags & STREAM_TOSERVER) { pp = AppLayerGetProbingParsers(probing_parsers, ipproto, f->dp); diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 91d9910eb8..249fa42301 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -1344,48 +1344,11 @@ void AppLayerParsersInitPostProcess(void) /********************************Probing Parsers*******************************/ -#define ALPROTO_PROBING_PARSER_MASK_HTTP 0x0001 -#define ALPROTO_PROBING_PARSER_MASK_FTP 0x0002 -#define ALPROTO_PROBING_PARSER_MASK_SMTP 0x0004 -#define ALPROTO_PROBING_PARSER_MASK_TLS 0x0008 -#define ALPROTO_PROBING_PARSER_MASK_SSH 0x0010 -#define ALPROTO_PROBING_PARSER_MASK_IMAP 0x0020 -#define ALPROTO_PROBING_PARSER_MASK_MSN 0x0040 -#define ALPROTO_PROBING_PARSER_MASK_JABBER 0x0080 -#define ALPROTO_PROBING_PARSER_MASK_SMB 0x0100 -#define ALPROTO_PROBING_PARSER_MASK_SMB2 0x0200 -#define ALPROTO_PROBING_PARSER_MASK_DCERPC 0x0400 -#define ALPROTO_PROBING_PARSER_MASK_DCERPC_UDP 0x0800 -#define ALPROTO_PROBING_PARSER_MASK_IRC 0x1000 - -static uint16_t AppLayerProbingParserGetMask(uint16_t al_proto) +static uint32_t AppLayerProbingParserGetMask(uint16_t al_proto) { - if (al_proto == ALPROTO_HTTP) { - return ALPROTO_PROBING_PARSER_MASK_HTTP; - } else if (al_proto == ALPROTO_FTP) { - return ALPROTO_PROBING_PARSER_MASK_FTP; - } else if (al_proto == ALPROTO_SMTP) { - return ALPROTO_PROBING_PARSER_MASK_SMTP; - } else if (al_proto == ALPROTO_TLS) { - return ALPROTO_PROBING_PARSER_MASK_TLS; - } else if (al_proto == ALPROTO_SSH) { - return ALPROTO_PROBING_PARSER_MASK_SSH; - } else if (al_proto == ALPROTO_IMAP) { - return ALPROTO_PROBING_PARSER_MASK_IMAP; - } else if (al_proto == ALPROTO_MSN) { - return ALPROTO_PROBING_PARSER_MASK_MSN; - } else if (al_proto == ALPROTO_JABBER) { - return ALPROTO_PROBING_PARSER_MASK_JABBER; - } else if (al_proto == ALPROTO_SMB) { - return ALPROTO_PROBING_PARSER_MASK_SMB; - } else if (al_proto == ALPROTO_SMB2) { - return ALPROTO_PROBING_PARSER_MASK_SMB2; - } else if (al_proto == ALPROTO_DCERPC) { - return ALPROTO_PROBING_PARSER_MASK_DCERPC; - } else if (al_proto == ALPROTO_DCERPC_UDP) { - return ALPROTO_PROBING_PARSER_MASK_DCERPC_UDP; - } else if (al_proto == ALPROTO_IRC) { - return ALPROTO_PROBING_PARSER_MASK_IRC; + if (al_proto > ALPROTO_UNKNOWN && + al_proto < ALPROTO_FAILED) { + return (1 << al_proto); } else { SCLogError(SC_ERR_ALPARSER, "Unknown protocol detected - %"PRIu16, al_proto); @@ -1658,7 +1621,7 @@ void AppLayerPrintProbingParsers(AppLayerProbingParser *pp) while (pp != NULL) { printf("Port: %"PRIu16 "\n", pp->port); printf(" to_server: max-depth: %"PRIu16 ", " - "mask - %"PRIu16"\n", pp->toserver_max_depth, + "mask - %"PRIu32"\n", pp->toserver_max_depth, pp->toserver_al_proto_mask); pe = pp->toserver; while (pe != NULL) { @@ -1708,7 +1671,7 @@ void AppLayerPrintProbingParsers(AppLayerProbingParser *pp) printf(" min_depth: %"PRIu32 "\n", pe->min_depth); printf(" max_depth: %"PRIu32 "\n", pe->max_depth); - printf(" mask: %"PRIu16 "\n", pe->al_proto_mask); + printf(" mask: %"PRIu32 "\n", pe->al_proto_mask); printf("\n"); pe = pe->next; @@ -2112,7 +2075,7 @@ static int AppLayerProbingParserTest02(void) goto end; if (pp->toserver->next != NULL) goto end; - if (pp->toserver_al_proto_mask != ALPROTO_PROBING_PARSER_MASK_HTTP) + if (pp->toserver_al_proto_mask != 1 << ALPROTO_HTTP) goto end; /* first one */ pe = pp->toserver; @@ -2130,7 +2093,7 @@ static int AppLayerProbingParserTest02(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_HTTP) + if (pe->al_proto_mask != 1 << ALPROTO_HTTP) goto end; AppLayerRegisterProbingParser(&ctx, @@ -2162,8 +2125,8 @@ static int AppLayerProbingParserTest02(void) goto end; if (pp->toserver->next->next != NULL) goto end; - if (pp->toserver_al_proto_mask != (ALPROTO_PROBING_PARSER_MASK_HTTP | - ALPROTO_PROBING_PARSER_MASK_SMB)) { + if (pp->toserver_al_proto_mask != (1 << ALPROTO_HTTP | + 1 << ALPROTO_SMB)) { goto end; } /* first one */ @@ -2182,7 +2145,7 @@ static int AppLayerProbingParserTest02(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_SMB) { + if (pe->al_proto_mask != 1 << ALPROTO_SMB) { goto end; } /* second one */ @@ -2201,7 +2164,7 @@ static int AppLayerProbingParserTest02(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_HTTP) { + if (pe->al_proto_mask != 1 << ALPROTO_HTTP) { goto end; } @@ -2236,9 +2199,9 @@ static int AppLayerProbingParserTest02(void) goto end; if (pp->toserver->next->next->next != NULL) goto end; - if (pp->toserver_al_proto_mask != (ALPROTO_PROBING_PARSER_MASK_HTTP | - ALPROTO_PROBING_PARSER_MASK_SMB | - ALPROTO_PROBING_PARSER_MASK_DCERPC)) { + if (pp->toserver_al_proto_mask != (1 << ALPROTO_HTTP | + 1 << ALPROTO_SMB | + 1 << ALPROTO_DCERPC)) { goto end; } @@ -2258,7 +2221,7 @@ static int AppLayerProbingParserTest02(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_DCERPC) { + if (pe->al_proto_mask != 1 << ALPROTO_DCERPC) { goto end; } /* second one */ @@ -2277,7 +2240,7 @@ static int AppLayerProbingParserTest02(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_SMB) { + if (pe->al_proto_mask != 1 << ALPROTO_SMB) { goto end; } /* third one */ @@ -2296,7 +2259,7 @@ static int AppLayerProbingParserTest02(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_HTTP) { + if (pe->al_proto_mask != 1 << ALPROTO_HTTP) { goto end; } @@ -2343,7 +2306,7 @@ static int AppLayerProbingParserTest03(void) goto end; if (pp->toserver->next != NULL) goto end; - if (pp->toserver_al_proto_mask != (ALPROTO_PROBING_PARSER_MASK_HTTP)) { + if (pp->toserver_al_proto_mask != (1 << ALPROTO_HTTP)) { goto end; } /* first one */ @@ -2362,7 +2325,7 @@ static int AppLayerProbingParserTest03(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_HTTP) { + if (pe->al_proto_mask != 1 << ALPROTO_HTTP) { goto end; } @@ -2395,8 +2358,8 @@ static int AppLayerProbingParserTest03(void) goto end; if (pp->toserver->next->next != NULL) goto end; - if (pp->toserver_al_proto_mask != (ALPROTO_PROBING_PARSER_MASK_HTTP | - ALPROTO_PROBING_PARSER_MASK_SMB)) { + if (pp->toserver_al_proto_mask != (1 << ALPROTO_HTTP | + 1 << ALPROTO_SMB)) { goto end; } /* first one */ @@ -2415,7 +2378,7 @@ static int AppLayerProbingParserTest03(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_HTTP) { + if (pe->al_proto_mask != 1 << ALPROTO_HTTP) { goto end; } /* second one */ @@ -2434,7 +2397,7 @@ static int AppLayerProbingParserTest03(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_SMB) { + if (pe->al_proto_mask != 1 << ALPROTO_SMB) { goto end; } @@ -2469,9 +2432,9 @@ static int AppLayerProbingParserTest03(void) goto end; if (pp->toserver->next->next->next != NULL) goto end; - if (pp->toserver_al_proto_mask != (ALPROTO_PROBING_PARSER_MASK_HTTP | - ALPROTO_PROBING_PARSER_MASK_DCERPC | - ALPROTO_PROBING_PARSER_MASK_SMB)) { + if (pp->toserver_al_proto_mask != (1 << ALPROTO_HTTP | + 1 << ALPROTO_DCERPC | + 1 << ALPROTO_SMB)) { goto end; } /* first one */ @@ -2490,7 +2453,7 @@ static int AppLayerProbingParserTest03(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_HTTP) { + if (pe->al_proto_mask != 1 << ALPROTO_HTTP) { goto end; } /* second one */ @@ -2509,7 +2472,7 @@ static int AppLayerProbingParserTest03(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_SMB) { + if (pe->al_proto_mask != 1 << ALPROTO_SMB) { goto end; } /* third one */ @@ -2528,7 +2491,7 @@ static int AppLayerProbingParserTest03(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_DCERPC) { + if (pe->al_proto_mask != 1 << ALPROTO_DCERPC) { goto end; } @@ -2575,7 +2538,7 @@ static int AppLayerProbingParserTest04(void) goto end; if (pp->toserver->next != NULL) goto end; - if (pp->toserver_al_proto_mask != (ALPROTO_PROBING_PARSER_MASK_HTTP)) { + if (pp->toserver_al_proto_mask != (1 << ALPROTO_HTTP)) { goto end; } /* first one */ @@ -2594,7 +2557,7 @@ static int AppLayerProbingParserTest04(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_HTTP) { + if (pe->al_proto_mask != 1 << ALPROTO_HTTP) { goto end; } @@ -2627,8 +2590,8 @@ static int AppLayerProbingParserTest04(void) goto end; if (pp->toserver->next->next != NULL) goto end; - if (pp->toserver_al_proto_mask != (ALPROTO_PROBING_PARSER_MASK_HTTP | - ALPROTO_PROBING_PARSER_MASK_SMB)) { + if (pp->toserver_al_proto_mask != (1 << ALPROTO_HTTP | + 1 << ALPROTO_SMB)) { goto end; } /* first one */ @@ -2647,7 +2610,7 @@ static int AppLayerProbingParserTest04(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_SMB) { + if (pe->al_proto_mask != 1 << ALPROTO_SMB) { goto end; } /* second one */ @@ -2666,7 +2629,7 @@ static int AppLayerProbingParserTest04(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_HTTP) { + if (pe->al_proto_mask != 1 << ALPROTO_HTTP) { goto end; } @@ -2701,9 +2664,9 @@ static int AppLayerProbingParserTest04(void) goto end; if (pp->toserver->next->next->next != NULL) goto end; - if (pp->toserver_al_proto_mask != (ALPROTO_PROBING_PARSER_MASK_HTTP | - ALPROTO_PROBING_PARSER_MASK_DCERPC | - ALPROTO_PROBING_PARSER_MASK_SMB)) { + if (pp->toserver_al_proto_mask != (1 << ALPROTO_HTTP | + 1 << ALPROTO_DCERPC | + 1 << ALPROTO_SMB)) { goto end; } /* first one */ @@ -2722,7 +2685,7 @@ static int AppLayerProbingParserTest04(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_SMB) { + if (pe->al_proto_mask != 1 << ALPROTO_SMB) { goto end; } /* second one */ @@ -2741,7 +2704,7 @@ static int AppLayerProbingParserTest04(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_HTTP) { + if (pe->al_proto_mask != 1 << ALPROTO_HTTP) { goto end; } /* third one */ @@ -2760,7 +2723,7 @@ static int AppLayerProbingParserTest04(void) goto end; if (pe->ProbingParser != ProbingParserDummyForTesting) goto end; - if (pe->al_proto_mask != ALPROTO_PROBING_PARSER_MASK_DCERPC) { + if (pe->al_proto_mask != 1 << ALPROTO_DCERPC) { goto end; } diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index 78c5608257..5ec859ea84 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -142,7 +142,7 @@ typedef struct AppLayerProbingParserElement_ { uint16_t ip_proto; uint8_t priority; uint8_t top; - uint16_t al_proto_mask; + uint32_t al_proto_mask; /* the min length of data that has to be supplied to invoke the parser */ uint32_t min_depth; /* the max length of data after which this parser won't be invoked */ @@ -156,8 +156,8 @@ typedef struct AppLayerProbingParserElement_ { typedef struct AppLayerProbingParser_ { /* the port no for which probing parser(s) are invoked */ uint16_t port; - uint16_t toserver_al_proto_mask; - uint16_t toclient_al_proto_mask; + uint32_t toserver_al_proto_mask; + uint32_t toclient_al_proto_mask; /* the max depth for all the probing parsers registered for this port */ uint16_t toserver_max_depth; uint16_t toclient_max_depth; diff --git a/src/flow.h b/src/flow.h index 51d14dba55..8ee51a71f7 100644 --- a/src/flow.h +++ b/src/flow.h @@ -174,8 +174,8 @@ typedef struct Flow_ */ SC_ATOMIC_DECLARE(unsigned short, use_cnt); - uint16_t probing_parser_toserver_al_proto_masks; - uint16_t probing_parser_toclient_al_proto_masks; + uint32_t probing_parser_toserver_al_proto_masks; + uint32_t probing_parser_toclient_al_proto_masks; uint32_t flags;