app-layer-parser: flag a tx to use stream depth

This adds a new API that permit to set the stream-depth file for file-storing when a rule with filestore keyword is matched.
7 years ago · ed5a439b8e
parent b5b429c288
commit ed5a439b8e
3 changed files with 36 additions and 0 deletions
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@ -125,6 +125,8 @@ typedef struct AppLayerParserProtoCtx_
    uint64_t (*GetTxDetectFlags)(void *tx, uint8_t dir);
    void (*SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t);

+    void (*SetStreamDepthFlag)(void *tx, uint8_t flags);
+
    /* each app-layer has its own value */
    uint32_t stream_depth;

@ -609,6 +611,16 @@ void AppLayerParserRegisterMpmIDsFuncs(uint8_t ipproto, AppProto alproto,
    SCReturn;
 }

+void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto,
+        void (*SetStreamDepthFlag)(void *tx, uint8_t flags))
+{
+    SCEnter();
+
+    alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag = SetStreamDepthFlag;
+
+    SCReturn;
+}
+
 /***** Get and transaction functions *****/

 void *AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto)
@ -1374,6 +1386,20 @@ uint32_t AppLayerParserGetStreamDepth(const Flow *f)
    SCReturnInt(alp_ctx.ctxs[f->protomap][f->alproto].stream_depth);
 }

+void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags)
+{
+    SCEnter();
+    void *tx = NULL;
+    if (state != NULL) {
+        if ((tx = AppLayerParserGetTx(ipproto, alproto, state, tx_id)) != NULL) {
+            if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag != NULL) {
+                alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag(tx, flags);
+            }
+        }
+    }
+    SCReturn;
+}
+
 /***** Cleanup *****/

 void AppLayerParserStateCleanup(const Flow *f, void *alstate,
--- a/src/app-layer-parser.h
+++ b/src/app-layer-parser.h
@ -176,6 +176,8 @@ void AppLayerParserRegisterMpmIDsFuncs(uint8_t ipproto, AppProto alproto,
 void AppLayerParserRegisterDetectFlagsFuncs(uint8_t ipproto, AppProto alproto,
        uint64_t(*GetTxDetectFlags)(void *tx, uint8_t dir),
        void (*SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t));
+void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto,
+        void (*SetStreamDepthFlag)(void *tx, uint8_t flags));

 /***** Get and transaction functions *****/

@ -239,6 +241,7 @@ LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto);
 void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction);
 void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth);
 uint32_t AppLayerParserGetStreamDepth(const Flow *f);
+void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags);

 /***** Cleanup *****/

--- a/src/detect-filestore.c
+++ b/src/detect-filestore.c
@ -218,6 +218,13 @@ static int DetectFilestorePostMatch(DetectEngineThreadCtx *det_ctx,
    else
        flags |= STREAM_TOSERVER;

+    for (uint16_t u = 0; u < det_ctx->filestore_cnt; u++) {
+        AppLayerParserSetStreamDepthFlag(p->flow->proto, p->flow->alproto,
+                                         FlowGetAppState(p->flow),
+                                         det_ctx->filestore[u].tx_id,
+                                         flags);
+    }
+
    FileContainer *ffc = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto,
                                                p->flow->alstate, flags);