app-layer: move ALPROTO_FAILED definition

Because some alprotos will remain static and defined as a constant, such as ALPROTO_UNKNOWN=0, or ALPROTO_FAILED. The regular already used protocols keep for now their static identifier such as ALPROTO_SNMP, but this could be made more dynamic in a later commit. ALPROTO_FAILED was used in comparison and these needed to change to use either ALPROTO_MAX or use standard function AppProtoIsValid
9 months ago · e6be049c5d
parent 05853fb8d5
commit e6be049c5d
13 changed files with 20 additions and 19 deletions
--- a/rust/src/core.rs
+++ b/rust/src/core.rs
@ -109,7 +109,7 @@ impl From<Direction> for u8 {
 pub type AppProto = u16;

 pub const ALPROTO_UNKNOWN : AppProto = 0;
-pub static mut ALPROTO_FAILED : AppProto = 0; // updated during init
+pub const ALPROTO_FAILED : AppProto = 1;

 pub const IPPROTO_TCP : u8 = 6;
 pub const IPPROTO_UDP : u8 = 17;
@ -252,7 +252,6 @@ pub fn init_ffi(context: &'static SuricataContext)
 {
    unsafe {
        SC = Some(context);
-        ALPROTO_FAILED = StringToAppProto("failed\0".as_ptr());
    }
 }

--- a/rust/src/ldap/ldap.rs
+++ b/rust/src/ldap/ldap.rs
@ -519,7 +519,7 @@ fn probe(input: &[u8], direction: Direction, rdir: *mut u8) -> AppProto {
        Ok((_, msg)) => {
            let ldap_msg = LdapMessage::from(msg);
            if ldap_msg.is_unknown() {
-                return unsafe { ALPROTO_FAILED };
+                return ALPROTO_FAILED;
            }
            if direction == Direction::ToServer && !ldap_msg.is_request() {
                unsafe {
@ -537,7 +537,7 @@ fn probe(input: &[u8], direction: Direction, rdir: *mut u8) -> AppProto {
            return ALPROTO_UNKNOWN;
        }
        Err(_e) => {
-            return unsafe { ALPROTO_FAILED };
+            return ALPROTO_FAILED;
        }
    }
 }
--- a/rust/src/modbus/modbus.rs
+++ b/rust/src/modbus/modbus.rs
@ -289,7 +289,7 @@ pub extern "C" fn rs_modbus_probe(
    match MODBUS_PARSER.probe(slice, Direction::Unknown) {
        Status::Recognized => unsafe { ALPROTO_MODBUS },
        Status::Incomplete => ALPROTO_UNKNOWN,
-        Status::Unrecognized => unsafe { ALPROTO_FAILED },
+        Status::Unrecognized => ALPROTO_FAILED,
    }
 }

--- a/rust/src/ntp/ntp.rs
+++ b/rust/src/ntp/ntp.rs
@ -259,7 +259,7 @@ pub extern "C" fn ntp_probing_parser(_flow: *const Flow,
            return ALPROTO_UNKNOWN;
        },
        Err(_) => {
-            return unsafe{ALPROTO_FAILED};
+            return ALPROTO_FAILED;
        },
    }
 }
--- a/rust/src/smb/smb.rs
+++ b/rust/src/smb/smb.rs
@ -2165,7 +2165,7 @@ fn smb_probe_tcp(flags: u8, slice: &[u8], rdir: *mut u8, begins: bool) -> AppPro
            }
    }
    SCLogDebug!("no smb");
-    unsafe { return ALPROTO_FAILED; }
+    return ALPROTO_FAILED;
 }

 // probing confirmation parser
--- a/src/app-layer-detect-proto.c
+++ b/src/app-layer-detect-proto.c
@ -694,7 +694,7 @@ static uint32_t AppLayerProtoDetectProbingParserGetMask(AppProto alproto)
 {
    SCEnter();

-    if (!(alproto > ALPROTO_UNKNOWN && alproto < ALPROTO_FAILED)) {
+    if (!AppProtoIsValid(alproto)) {
        FatalError("Unknown protocol detected - %u", alproto);
    }

--- a/src/app-layer-protos.c
+++ b/src/app-layer-protos.c
@ -32,6 +32,7 @@ typedef struct AppProtoStringTuple {

 const AppProtoStringTuple AppProtoStrings[ALPROTO_MAX] = {
    { ALPROTO_UNKNOWN, "unknown" },
+    { ALPROTO_FAILED, "failed" },
    { ALPROTO_HTTP1, "http1" },
    { ALPROTO_FTP, "ftp" },
    { ALPROTO_SMTP, "smtp" },
@ -69,7 +70,6 @@ const AppProtoStringTuple AppProtoStrings[ALPROTO_MAX] = {
    { ALPROTO_BITTORRENT_DHT, "bittorrent-dht" },
    { ALPROTO_POP3, "pop3" },
    { ALPROTO_HTTP, "http" },
-    { ALPROTO_FAILED, "failed" },
 };

 const char *AppProtoToString(AppProto alproto)
--- a/src/app-layer-protos.h
+++ b/src/app-layer-protos.h
@ -27,6 +27,12 @@

 enum AppProtoEnum {
    ALPROTO_UNKNOWN = 0,
+    /* used by the probing parser when alproto detection fails
+     * permanently for that particular stream */
+    // Update of this value should be reflected in rust, where we also define it
+    ALPROTO_FAILED = 1,
+
+    // Beginning of real/normal protocols
    ALPROTO_HTTP1,
    ALPROTO_FTP,
    ALPROTO_SMTP,
@ -69,9 +75,6 @@ enum AppProtoEnum {
    // HTTP for any version (ALPROTO_HTTP1 (version 1) or ALPROTO_HTTP2)
    ALPROTO_HTTP,

-    /* used by the probing parser when alproto detection fails
-     * permanently for that particular stream */
-    ALPROTO_FAILED,
    /* keep last */
    ALPROTO_MAX,
 };
@ -82,7 +85,7 @@ typedef uint16_t AppProto;

 static inline bool AppProtoIsValid(AppProto a)
 {
-    return ((a > ALPROTO_UNKNOWN && a < ALPROTO_FAILED));
+    return ((a > ALPROTO_FAILED && a < ALPROTO_MAX));
 }

 // whether a signature AppProto matches a flow (or signature) AppProto
--- a/src/app-layer-register.c
+++ b/src/app-layer-register.c
@ -101,7 +101,7 @@ int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto)
    if (p == NULL)
        FatalError("Call to %s with NULL pointer.", __FUNCTION__);

-    if (alproto == ALPROTO_UNKNOWN || alproto >= ALPROTO_FAILED)
+    if (!AppProtoIsValid(alproto))
        FatalError("Unknown or invalid AppProto '%s'.", p->name);

    BUG_ON(strcmp(p->name, AppProtoToString(alproto)) != 0);
--- a/src/detect-engine-prefilter.c
+++ b/src/detect-engine-prefilter.c
@ -521,7 +521,7 @@ void PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh)

        /* per alproto to set is_last_for_progress per alproto because the inspect
         * loop skips over engines that are not the correct alproto */
-        for (AppProto a = 1; a < ALPROTO_FAILED; a++) {
+        for (AppProto a = ALPROTO_FAILED + 1; a < ALPROTO_MAX; a++) {
            int last_tx_progress = 0;
            bool last_tx_progress_set = false;
            PrefilterEngine *prev_engine = NULL;
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@ -181,7 +181,7 @@ static void AppLayerInspectEngineRegisterInternal(const char *name, AppProto alp
    }
    SCLogDebug("name %s id %d", name, sm_list);

-    if ((alproto >= ALPROTO_FAILED) || (!(dir == SIG_FLAG_TOSERVER || dir == SIG_FLAG_TOCLIENT)) ||
+    if ((alproto == ALPROTO_FAILED) || (!(dir == SIG_FLAG_TOSERVER || dir == SIG_FLAG_TOCLIENT)) ||
            (sm_list < DETECT_SM_LIST_MATCH) || (sm_list >= SHRT_MAX) ||
            (progress < 0 || progress >= SHRT_MAX) || (Callback == NULL)) {
        SCLogError("Invalid arguments");
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@ -1737,8 +1737,7 @@ int DetectSignatureAddTransform(Signature *s, int transform, void *options)

 int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
 {
-    if (alproto == ALPROTO_UNKNOWN ||
-        alproto >= ALPROTO_FAILED) {
+    if (!AppProtoIsValid(alproto)) {
        SCLogError("invalid alproto %u", alproto);
        return -1;
    }
--- a/src/util-profiling.c
+++ b/src/util-profiling.c
@ -820,7 +820,7 @@ void SCProfilingPrintPacketProfile(Packet *p)

    /* count ticks for app layer */
    uint64_t app_total = 0;
-    for (AppProto i = 1; i < ALPROTO_FAILED; i++) {
+    for (AppProto i = 0; i < ALPROTO_MAX; i++) {
        const PktProfilingAppData *pdt = &p->profile->app[i];

        if (p->proto == IPPROTO_TCP) {