mirror of
https://github.com/OISF/suricata.git
synced 2026-05-28 04:32:12 -04:00
rust: bindgen SCAppLayerParserRegisterLogger
Ticket: 7667
This commit is contained in:
Philippe Antoine
Victor Julien
parent
7bfef2e1e8
commit
49b2a2be5d
39 changed files with 134 additions and 97 deletions
|
|
@ -27,10 +27,10 @@ use std::collections::VecDeque;
|
|||
use std::ffi::CString;
|
||||
use std::os::raw::{c_char, c_int, c_void};
|
||||
use suricata::applayer::{
|
||||
state_get_tx_iterator, AppLayerEvent, AppLayerParserConfParserEnabled,
|
||||
AppLayerParserRegisterLogger, AppLayerRegisterParser, AppLayerRegisterProtocolDetection,
|
||||
AppLayerResult, AppLayerStateData, AppLayerTxData, RustParser, State, StreamSlice, Transaction,
|
||||
APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS, APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
|
||||
state_get_tx_iterator, AppLayerEvent, AppLayerParserConfParserEnabled, AppLayerRegisterParser,
|
||||
AppLayerRegisterProtocolDetection, AppLayerResult, AppLayerStateData, AppLayerTxData,
|
||||
RustParser, State, StreamSlice, Transaction, APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS,
|
||||
APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
|
||||
};
|
||||
use suricata::conf::conf_get;
|
||||
use suricata::core::{ALPROTO_UNKNOWN, IPPROTO_TCP};
|
||||
|
|
@ -38,8 +38,8 @@ use suricata::{
|
|||
build_slice, cast_pointer, export_state_data_get, export_tx_data_get, SCLogError, SCLogNotice,
|
||||
};
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, Flow, SCAppLayerParserStateIssetFlag,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
AppLayerParserState, AppProto, Flow, SCAppLayerParserRegisterLogger,
|
||||
SCAppLayerParserStateIssetFlag, SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
};
|
||||
|
||||
static mut TEMPLATE_MAX_TX: usize = 256;
|
||||
|
|
@ -423,7 +423,7 @@ pub(super) unsafe extern "C" fn template_register_parser() {
|
|||
SCLogError!("Invalid value for template.max-tx");
|
||||
}
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TEMPLATE);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TEMPLATE);
|
||||
SCLogNotice!("Rust template parser registered.");
|
||||
} else {
|
||||
SCLogNotice!("Protocol detector and parser disabled for TEMPLATE.");
|
||||
|
|
|
|||
|
|
@ -538,7 +538,6 @@ pub const APP_LAYER_TX_ACCEPT: u8 = BIT_U8!(4);
|
|||
/// cbindgen:ignore
|
||||
extern "C" {
|
||||
pub fn AppLayerParserConfParserEnabled(ipproto: *const c_char, proto: *const c_char) -> c_int;
|
||||
pub fn AppLayerParserRegisterLogger(pproto: u8, alproto: AppProto);
|
||||
}
|
||||
|
||||
#[repr(C)]
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ use std::collections::VecDeque;
|
|||
use std::ffi::CString;
|
||||
use std::os::raw::{c_char, c_int, c_void};
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
|
||||
AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserStateIssetFlag,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
};
|
||||
|
||||
|
|
@ -418,7 +418,7 @@ pub unsafe extern "C" fn SCRegisterTemplateParser() {
|
|||
SCLogError!("Invalid value for template.max-tx");
|
||||
}
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TEMPLATE);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TEMPLATE);
|
||||
SCLogNotice!("Rust template parser registered.");
|
||||
} else {
|
||||
SCLogNotice!("Protocol detector and parser disabled for TEMPLATE.");
|
||||
|
|
|
|||
|
|
@ -16,8 +16,8 @@
|
|||
*/
|
||||
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
SCAppLayerProtoDetectPMRegisterPatternCS,
|
||||
AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerProtoDetectPMRegisterPatternCS,
|
||||
};
|
||||
|
||||
use crate::applayer::{self, *};
|
||||
|
|
@ -321,7 +321,7 @@ pub unsafe extern "C" fn SCRegisterBittorrentDhtUdpParser() {
|
|||
{
|
||||
SCLogDebug!("Failed to register protocol detection pattern for direction TOCLIENT");
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_BITTORRENT_DHT);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_BITTORRENT_DHT);
|
||||
|
||||
SCLogDebug!("Parser registered for bittorrent-dht.");
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -30,8 +30,9 @@ use std::collections::VecDeque;
|
|||
use std::ffi::CString;
|
||||
use std::os::raw::{c_char, c_int, c_void};
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, SCAppLayerParserRegisterParserAcceptableDataDirection,
|
||||
SCAppLayerParserStateIssetFlag, SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger,
|
||||
SCAppLayerParserRegisterParserAcceptableDataDirection, SCAppLayerParserStateIssetFlag,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
};
|
||||
|
||||
pub(super) static mut ALPROTO_ENIP: AppProto = ALPROTO_UNKNOWN;
|
||||
|
|
@ -658,7 +659,7 @@ pub unsafe extern "C" fn SCEnipRegisterParsers() {
|
|||
ALPROTO_ENIP,
|
||||
STREAM_TOSERVER | STREAM_TOCLIENT,
|
||||
);
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_ENIP);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_ENIP);
|
||||
} else {
|
||||
SCLogDebug!("Protocol detector and parser disabled for ENIP on UDP.");
|
||||
}
|
||||
|
|
@ -683,7 +684,7 @@ pub unsafe extern "C" fn SCEnipRegisterParsers() {
|
|||
ALPROTO_ENIP,
|
||||
STREAM_TOSERVER | STREAM_TOCLIENT,
|
||||
);
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_ENIP);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_ENIP);
|
||||
} else {
|
||||
SCLogDebug!("Protocol detector and parser disabled for ENIP on TCP.");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ use std::ffi::CString;
|
|||
use std::fmt;
|
||||
use std::io;
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, SCAppLayerForceProtocolChange,
|
||||
AppLayerParserState, AppProto, SCAppLayerForceProtocolChange, SCAppLayerParserRegisterLogger,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
};
|
||||
|
||||
|
|
@ -1598,7 +1598,7 @@ pub unsafe extern "C" fn SCRegisterHttp2Parser() {
|
|||
SCLogError!("Invalid value for http2.max-reassembly-size");
|
||||
}
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP2);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP2);
|
||||
SCLogDebug!("Rust http2 parser registered.");
|
||||
} else {
|
||||
SCLogNotice!("Protocol detector and parser disabled for HTTP2.");
|
||||
|
|
@ -1616,7 +1616,7 @@ pub unsafe extern "C" fn SCRegisterHttp2Parser() {
|
|||
} else {
|
||||
SCLogWarning!("DOH2 is not meant to be detection-only.");
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DOH2);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DOH2);
|
||||
SCLogDebug!("Rust doh2 parser registered.");
|
||||
} else {
|
||||
SCLogNotice!("Protocol detector and parser disabled for DOH2.");
|
||||
|
|
|
|||
|
|
@ -33,7 +33,8 @@ use nom7::{Err, IResult};
|
|||
use std;
|
||||
use std::ffi::CString;
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
};
|
||||
|
||||
#[derive(AppLayerEvent)]
|
||||
|
|
@ -640,7 +641,7 @@ pub unsafe extern "C" fn SCRegisterKrb5Parser() {
|
|||
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
|
||||
let _ = AppLayerRegisterParser(&parser, alproto);
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_KRB5);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_KRB5);
|
||||
} else {
|
||||
SCLogDebug!("Protocol detector and parser disabled for KRB5/UDP.");
|
||||
}
|
||||
|
|
@ -658,7 +659,7 @@ pub unsafe extern "C" fn SCRegisterKrb5Parser() {
|
|||
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
|
||||
let _ = AppLayerRegisterParser(&parser, alproto);
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_KRB5);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_KRB5);
|
||||
} else {
|
||||
SCLogDebug!("Protocol detector and parser disabled for KRB5/TCP.");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ use std::collections::VecDeque;
|
|||
use std::ffi::CString;
|
||||
use std::os::raw::{c_char, c_int, c_void};
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
|
||||
AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserStateIssetFlag,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerRequestProtocolTLSUpgrade,
|
||||
};
|
||||
|
||||
|
|
@ -718,7 +718,7 @@ pub unsafe extern "C" fn SCRegisterLdapTcpParser() {
|
|||
SCLogError!("Invalid value for ldap.max-tx");
|
||||
}
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_LDAP);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_LDAP);
|
||||
} else {
|
||||
SCLogDebug!("Protocol detection and parser disabled for LDAP/TCP.");
|
||||
}
|
||||
|
|
@ -777,7 +777,7 @@ pub unsafe extern "C" fn SCRegisterLdapUdpParser() {
|
|||
SCLogError!("Invalid value for ldap.max-tx");
|
||||
}
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_LDAP);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_LDAP);
|
||||
} else {
|
||||
SCLogDebug!("Protocol detection and parser disabled for LDAP/UDP.");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ use sawp::parser::{Direction, Parse};
|
|||
use sawp::probe::{Probe, Status};
|
||||
use sawp_modbus::{self, AccessType, ErrorFlags, Flags, Message};
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
|
||||
AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserStateIssetFlag,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabledDefault,
|
||||
};
|
||||
|
||||
|
|
@ -453,7 +453,7 @@ pub unsafe extern "C" fn SCRegisterModbusParser() {
|
|||
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
|
||||
let _ = AppLayerRegisterParser(&parser, alproto);
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MODBUS);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MODBUS);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -29,8 +29,9 @@ use std::collections::VecDeque;
|
|||
use std::ffi::CString;
|
||||
use std::os::raw::{c_char, c_int, c_void};
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, SCAppLayerParserSetStreamDepth, SCAppLayerParserStateIssetFlag,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerRequestProtocolTLSUpgrade,
|
||||
AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserSetStreamDepth,
|
||||
SCAppLayerParserStateIssetFlag, SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
SCAppLayerRequestProtocolTLSUpgrade,
|
||||
};
|
||||
|
||||
use sawp::error::Error as SawpError;
|
||||
|
|
@ -539,7 +540,7 @@ pub unsafe extern "C" fn SCRegisterPop3Parser() {
|
|||
SCLogError!("Invalid value for pop3.max-tx");
|
||||
}
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_POP3);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_POP3);
|
||||
SCLogDebug!("Rust pop3 parser registered.");
|
||||
} else {
|
||||
SCLogDebug!("Protocol detector and parser disabled for POP3.");
|
||||
|
|
|
|||
|
|
@ -34,7 +34,8 @@ use crate::{
|
|||
use std::collections::VecDeque;
|
||||
use std::ffi::CString;
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
};
|
||||
use tls_parser::TlsExtensionType;
|
||||
|
||||
|
|
@ -588,7 +589,7 @@ pub unsafe extern "C" fn SCRegisterQuicParser() {
|
|||
let _ = AppLayerRegisterParser(&parser, alproto);
|
||||
}
|
||||
SCLogDebug!("Rust quic parser registered.");
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_QUIC);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_QUIC);
|
||||
} else {
|
||||
SCLogDebug!("Protocol detector and parser disabled for quic.");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,16 +20,19 @@
|
|||
//! RDP application layer
|
||||
|
||||
use crate::applayer::{self, *};
|
||||
use crate::core::{ALPROTO_UNKNOWN, IPPROTO_TCP, sc_app_layer_parser_trigger_raw_stream_inspection};
|
||||
use crate::core::{
|
||||
sc_app_layer_parser_trigger_raw_stream_inspection, ALPROTO_UNKNOWN, IPPROTO_TCP,
|
||||
};
|
||||
use crate::direction::Direction;
|
||||
use crate::flow::Flow;
|
||||
use crate::rdp::parser::*;
|
||||
use crate::direction::Direction;
|
||||
use nom7::Err;
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
};
|
||||
use std;
|
||||
use std::collections::VecDeque;
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
};
|
||||
use tls_parser::{parse_tls_plaintext, TlsMessage, TlsMessageHandshake, TlsRecordType};
|
||||
|
||||
static mut ALPROTO_RDP: AppProto = ALPROTO_UNKNOWN;
|
||||
|
|
@ -210,7 +213,10 @@ impl RdpState {
|
|||
self.new_tx(RdpTransactionItem::X224ConnectionRequest(x224));
|
||||
self.transactions.push_back(tx);
|
||||
if !flow.is_null() {
|
||||
sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToServer as i32);
|
||||
sc_app_layer_parser_trigger_raw_stream_inspection(
|
||||
flow,
|
||||
Direction::ToServer as i32,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -223,7 +229,10 @@ impl RdpState {
|
|||
self.new_tx(RdpTransactionItem::McsConnectRequest(mcs));
|
||||
self.transactions.push_back(tx);
|
||||
if !flow.is_null() {
|
||||
sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToServer as i32);
|
||||
sc_app_layer_parser_trigger_raw_stream_inspection(
|
||||
flow,
|
||||
Direction::ToServer as i32,
|
||||
);
|
||||
}
|
||||
}
|
||||
// unknown message in X.223, skip
|
||||
|
|
@ -297,7 +306,10 @@ impl RdpState {
|
|||
self.new_tx(RdpTransactionItem::TlsCertificateChain(chain));
|
||||
self.transactions.push_back(tx);
|
||||
if !flow.is_null() {
|
||||
sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32);
|
||||
sc_app_layer_parser_trigger_raw_stream_inspection(
|
||||
flow,
|
||||
Direction::ToClient as i32,
|
||||
);
|
||||
}
|
||||
self.bypass_parsing = true;
|
||||
}
|
||||
|
|
@ -333,7 +345,10 @@ impl RdpState {
|
|||
self.new_tx(RdpTransactionItem::X224ConnectionConfirm(x224));
|
||||
self.transactions.push_back(tx);
|
||||
if !flow.is_null() {
|
||||
sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32);
|
||||
sc_app_layer_parser_trigger_raw_stream_inspection(
|
||||
flow,
|
||||
Direction::ToClient as i32,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -346,7 +361,10 @@ impl RdpState {
|
|||
.new_tx(RdpTransactionItem::McsConnectResponse(mcs));
|
||||
self.transactions.push_back(tx);
|
||||
if !flow.is_null() {
|
||||
sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32);
|
||||
sc_app_layer_parser_trigger_raw_stream_inspection(
|
||||
flow,
|
||||
Direction::ToClient as i32,
|
||||
);
|
||||
}
|
||||
self.bypass_parsing = true;
|
||||
return AppLayerResult::ok();
|
||||
|
|
@ -391,7 +409,9 @@ impl RdpState {
|
|||
}
|
||||
}
|
||||
|
||||
extern "C" fn rdp_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
|
||||
extern "C" fn rdp_state_new(
|
||||
_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto,
|
||||
) -> *mut std::os::raw::c_void {
|
||||
let state = RdpState::new();
|
||||
let boxed = Box::new(state);
|
||||
return Box::into_raw(boxed) as *mut _;
|
||||
|
|
@ -444,8 +464,7 @@ fn probe_tls_handshake(input: &[u8]) -> bool {
|
|||
|
||||
unsafe extern "C" fn rdp_parse_ts(
|
||||
flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
|
||||
stream_slice: StreamSlice,
|
||||
_data: *const std::os::raw::c_void
|
||||
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
|
||||
) -> AppLayerResult {
|
||||
let state = cast_pointer!(state, RdpState);
|
||||
let buf = stream_slice.as_slice();
|
||||
|
|
@ -455,8 +474,7 @@ unsafe extern "C" fn rdp_parse_ts(
|
|||
|
||||
unsafe extern "C" fn rdp_parse_tc(
|
||||
flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
|
||||
stream_slice: StreamSlice,
|
||||
_data: *const std::os::raw::c_void
|
||||
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
|
||||
) -> AppLayerResult {
|
||||
let state = cast_pointer!(state, RdpState);
|
||||
let buf = stream_slice.as_slice();
|
||||
|
|
@ -518,7 +536,7 @@ pub unsafe extern "C" fn SCRegisterRdpParser() {
|
|||
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
|
||||
let _ = AppLayerRegisterParser(&parser, alproto);
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RDP);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RDP);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -561,10 +579,16 @@ mod tests {
|
|||
];
|
||||
let mut state = RdpState::new();
|
||||
// will consume 0, request length + 1
|
||||
assert_eq!(AppLayerResult::incomplete(0, 9), state.parse_ts(std::ptr::null(), buf_1));
|
||||
assert_eq!(
|
||||
AppLayerResult::incomplete(0, 9),
|
||||
state.parse_ts(std::ptr::null(), buf_1)
|
||||
);
|
||||
assert_eq!(0, state.transactions.len());
|
||||
// exactly aligns with transaction
|
||||
assert_eq!(AppLayerResult::ok(), state.parse_ts(std::ptr::null(), buf_2));
|
||||
assert_eq!(
|
||||
AppLayerResult::ok(),
|
||||
state.parse_ts(std::ptr::null(), buf_2)
|
||||
);
|
||||
assert_eq!(1, state.transactions.len());
|
||||
let item = RdpTransactionItem::X224ConnectionRequest(X224ConnectionRequest {
|
||||
cdt: 0,
|
||||
|
|
@ -594,10 +618,16 @@ mod tests {
|
|||
let buf_2: &[u8] = &[0x03, 0x00, 0x00, 0x09, 0x02, 0xf0, 0x80, 0x7f, 0x66];
|
||||
let mut state = RdpState::new();
|
||||
// will consume 0, request length + 1
|
||||
assert_eq!(AppLayerResult::incomplete(0, 6), state.parse_tc(std::ptr::null(), buf_1));
|
||||
assert_eq!(
|
||||
AppLayerResult::incomplete(0, 6),
|
||||
state.parse_tc(std::ptr::null(), buf_1)
|
||||
);
|
||||
assert_eq!(0, state.transactions.len());
|
||||
// exactly aligns with transaction
|
||||
assert_eq!(AppLayerResult::ok(), state.parse_tc(std::ptr::null(), buf_2));
|
||||
assert_eq!(
|
||||
AppLayerResult::ok(),
|
||||
state.parse_tc(std::ptr::null(), buf_2)
|
||||
);
|
||||
assert_eq!(1, state.transactions.len());
|
||||
let item = RdpTransactionItem::McsConnectResponse(McsConnectResponse {});
|
||||
assert_eq!(item, state.transactions[0].item);
|
||||
|
|
|
|||
|
|
@ -32,8 +32,8 @@ use std;
|
|||
use std::ffi::CString;
|
||||
use std::os::raw::c_char;
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
SCAppLayerProtoDetectPMRegisterPatternCI,
|
||||
AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerProtoDetectPMRegisterPatternCI,
|
||||
};
|
||||
|
||||
pub(super) static mut ALPROTO_RFB: AppProto = ALPROTO_UNKNOWN;
|
||||
|
|
@ -926,7 +926,7 @@ pub unsafe extern "C" fn SCRfbRegisterParser() {
|
|||
let _ = AppLayerRegisterParser(&parser, alproto);
|
||||
}
|
||||
SCLogDebug!("Rust rfb parser registered.");
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RFB);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RFB);
|
||||
if SCAppLayerProtoDetectPMRegisterPatternCI(
|
||||
IPPROTO_TCP,
|
||||
ALPROTO_RFB,
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ use std;
|
|||
use std::collections::VecDeque;
|
||||
use std::ffi::CString;
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
|
||||
AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserStateIssetFlag,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerProtoDetectPMRegisterPatternCS,
|
||||
};
|
||||
|
||||
|
|
@ -601,7 +601,7 @@ pub unsafe extern "C" fn SCRegisterSipParser() {
|
|||
if register_pattern_probe(core::IPPROTO_UDP) < 0 {
|
||||
return;
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SIP);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SIP);
|
||||
} else {
|
||||
SCLogDebug!("Protocol detection and parsing disabled for UDP SIP.");
|
||||
}
|
||||
|
|
@ -623,7 +623,7 @@ pub unsafe extern "C" fn SCRegisterSipParser() {
|
|||
if register_pattern_probe(core::IPPROTO_TCP) < 0 {
|
||||
return;
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SIP);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SIP);
|
||||
} else {
|
||||
SCLogDebug!("Protocol detection and parsing disabled for TCP SIP.");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,8 +34,8 @@ use nom7::{Err, IResult};
|
|||
use nom7::error::{ErrorKind, make_error};
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, AppProtoNewProtoFromString, EveJsonTxLoggerRegistrationData,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabled, SCOutputEvePreRegisterLogger,
|
||||
SCOutputJsonLogDirection, SCSigTablePreRegister,
|
||||
SCAppLayerParserRegisterLogger, SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
SCOutputEvePreRegisterLogger, SCOutputJsonLogDirection, SCSigTablePreRegister,
|
||||
};
|
||||
|
||||
#[derive(AppLayerEvent)]
|
||||
|
|
@ -435,7 +435,7 @@ pub unsafe extern "C" fn SCRegisterSnmpParser() {
|
|||
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
|
||||
let _ = AppLayerRegisterParser(&parser, ALPROTO_SNMP);
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SNMP);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SNMP);
|
||||
} else {
|
||||
SCLogDebug!("Protocol detector and parser disabled for SNMP.");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ use nom7::Err;
|
|||
use std::ffi::CString;
|
||||
use std::sync::atomic::{AtomicBool, Ordering};
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, SCAppLayerParserStateSetFlag,
|
||||
AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserStateSetFlag,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
};
|
||||
|
||||
|
|
@ -581,7 +581,7 @@ pub unsafe extern "C" fn SCRegisterSshParser() {
|
|||
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
|
||||
let _ = AppLayerRegisterParser(&parser, alproto);
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SSH);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SSH);
|
||||
SCLogDebug!("Rust ssh parser registered.");
|
||||
} else {
|
||||
SCLogNotice!("Protocol detector and parser disabled for SSH.");
|
||||
|
|
|
|||
|
|
@ -31,7 +31,8 @@ use nom7::Needed;
|
|||
use flate2::Decompress;
|
||||
use flate2::FlushDecompress;
|
||||
use suricata_sys::sys::{
|
||||
AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger,
|
||||
SCAppLayerProtoDetectConfProtoDetectionEnabled,
|
||||
};
|
||||
|
||||
use std;
|
||||
|
|
@ -442,7 +443,7 @@ pub unsafe extern "C" fn SCRegisterWebSocketParser() {
|
|||
SCLogError!("Invalid value for websocket.max-payload-size");
|
||||
}
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_WEBSOCKET);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_WEBSOCKET);
|
||||
} else {
|
||||
SCLogDebug!("Protocol detector and parser disabled for WEBSOCKET.");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -700,6 +700,9 @@ extern "C" {
|
|||
ipproto: u8, alproto: AppProto, direction: u8,
|
||||
);
|
||||
}
|
||||
extern "C" {
|
||||
pub fn SCAppLayerParserRegisterLogger(ipproto: u8, alproto: AppProto);
|
||||
}
|
||||
extern "C" {
|
||||
pub fn SCAppLayerParserSetStreamDepth(ipproto: u8, alproto: AppProto, stream_depth: u32);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1332,8 +1332,8 @@ void RegisterFTPParsers(void)
|
|||
AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_FTP, ftp_get_event_info);
|
||||
AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_FTP, ftp_get_event_info_by_id);
|
||||
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTP);
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTPDATA);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTP);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTPDATA);
|
||||
|
||||
sbcfg.buf_size = 4096;
|
||||
sbcfg.Calloc = FTPCalloc;
|
||||
|
|
|
|||
|
|
@ -489,7 +489,7 @@ void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerI
|
|||
SCReturn;
|
||||
}
|
||||
|
||||
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
|
||||
void SCAppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
|
||||
{
|
||||
SCEnter();
|
||||
|
||||
|
|
|
|||
|
|
@ -183,7 +183,7 @@ void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto proto,
|
|||
// AppLayerDecoderEvents *(*StateGetEvents)(void *) __attribute__((nonnull)));
|
||||
void AppLayerParserRegisterGetTxFilesFunc(
|
||||
uint8_t ipproto, AppProto alproto, AppLayerGetFileState (*GetTxFiles)(void *, uint8_t));
|
||||
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto);
|
||||
void SCAppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto);
|
||||
void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits);
|
||||
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto,
|
||||
int (*StateGetStateProgress)(void *alstate, uint8_t direction));
|
||||
|
|
|
|||
|
|
@ -178,7 +178,7 @@ void RegisterTFTPParsers(void)
|
|||
TFTP_MIN_FRAME_LEN, STREAM_TOSERVER, TFTPProbingParser, TFTPProbingParser);
|
||||
}
|
||||
}
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_TFTP);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_TFTP);
|
||||
} else {
|
||||
SCLogDebug("Protocol detector and parser disabled for TFTP.");
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -594,7 +594,7 @@ OutputInitResult LogHttpLogInitCtx(SCConfNode *conf)
|
|||
SCLogDebug("HTTP log output initialized");
|
||||
|
||||
/* enable the logger for the app layer */
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1);
|
||||
|
||||
result.ctx = output_ctx;
|
||||
result.ok = true;
|
||||
|
|
|
|||
|
|
@ -240,7 +240,7 @@ static OutputInitResult LogTlsLogInitCtx(SCConfNode *conf)
|
|||
SCLogDebug("TLS log output initialized");
|
||||
|
||||
/* Enable the logger for the app layer */
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
|
||||
|
||||
result.ctx = output_ctx;
|
||||
result.ok = true;
|
||||
|
|
|
|||
|
|
@ -427,7 +427,7 @@ static OutputInitResult LogTlsStoreLogInitCtx(SCConfNode *conf)
|
|||
SCLogInfo("storing certs in %s", tls_logfile_base_dir);
|
||||
|
||||
/* enable the logger for the app layer */
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
|
||||
|
||||
result.ctx = output_ctx;
|
||||
result.ok = true;
|
||||
|
|
|
|||
|
|
@ -59,8 +59,8 @@ error:
|
|||
|
||||
static OutputInitResult DCERPCLogInitSub(SCConfNode *conf, OutputCtx *parent_ctx)
|
||||
{
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DCERPC);
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DCERPC);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DCERPC);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DCERPC);
|
||||
return OutputJsonLogInitSub(conf, parent_ctx);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ static OutputInitResult OutputDHCPLogInitSub(SCConfNode *conf, OutputCtx *parent
|
|||
|
||||
dhcplog_ctx->rs_logger = SCDhcpLoggerNew(conf);
|
||||
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DHCP);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DHCP);
|
||||
|
||||
result.ctx = output_ctx;
|
||||
result.ok = true;
|
||||
|
|
|
|||
|
|
@ -317,7 +317,7 @@ static OutputInitResult OutputDNP3LogInitSub(SCConfNode *conf, OutputCtx *parent
|
|||
|
||||
SCLogInfo("DNP3 log sub-module initialized.");
|
||||
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNP3);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNP3);
|
||||
|
||||
result.ctx = output_ctx;
|
||||
result.ok = true;
|
||||
|
|
|
|||
|
|
@ -673,8 +673,8 @@ static OutputInitResult JsonDnsLogInitCtxSub(SCConfNode *conf, OutputCtx *parent
|
|||
|
||||
SCLogDebug("DNS log sub-module initialized");
|
||||
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS);
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS);
|
||||
|
||||
result.ctx = output_ctx;
|
||||
result.ok = true;
|
||||
|
|
|
|||
|
|
@ -590,7 +590,7 @@ static OutputInitResult OutputHttpLogInitSub(SCConfNode *conf, OutputCtx *parent
|
|||
output_ctx->DeInit = OutputHttpLogDeinitSub;
|
||||
|
||||
/* enable the logger for the app layer */
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1);
|
||||
|
||||
result.ctx = output_ctx;
|
||||
result.ok = true;
|
||||
|
|
|
|||
|
|
@ -135,7 +135,7 @@ static OutputInitResult OutputIKELogInitSub(SCConfNode *conf, OutputCtx *parent_
|
|||
output_ctx->data = ikelog_ctx;
|
||||
output_ctx->DeInit = OutputIKELogDeInitCtxSub;
|
||||
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_IKE);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_IKE);
|
||||
|
||||
result.ctx = output_ctx;
|
||||
result.ok = true;
|
||||
|
|
|
|||
|
|
@ -145,7 +145,7 @@ static OutputInitResult DnsLogInitCtxSub(SCConfNode *conf, OutputCtx *parent_ctx
|
|||
output_ctx->data = dnslog_ctx;
|
||||
output_ctx->DeInit = DnsLogDeInitCtxSub;
|
||||
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_MDNS);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_MDNS);
|
||||
|
||||
result.ctx = output_ctx;
|
||||
result.ok = true;
|
||||
|
|
|
|||
|
|
@ -146,7 +146,7 @@ static OutputInitResult OutputMQTTLogInitSub(SCConfNode *conf, OutputCtx *parent
|
|||
|
||||
JsonMQTTLogParseConfig(conf, mqttlog_ctx);
|
||||
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MQTT);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MQTT);
|
||||
|
||||
result.ctx = output_ctx;
|
||||
result.ok = true;
|
||||
|
|
|
|||
|
|
@ -101,8 +101,8 @@ static int JsonNFSLogger(ThreadVars *tv, void *thread_data,
|
|||
|
||||
static OutputInitResult NFSLogInitSub(SCConfNode *conf, OutputCtx *parent_ctx)
|
||||
{
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_NFS);
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_NFS);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_NFS);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_NFS);
|
||||
return OutputJsonLogInitSub(conf, parent_ctx);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -135,7 +135,7 @@ static OutputInitResult OutputPgsqlLogInitSub(SCConfNode *conf, OutputCtx *paren
|
|||
|
||||
JsonPgsqlLogParseConfig(conf, pgsql_ctx);
|
||||
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_PGSQL);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_PGSQL);
|
||||
|
||||
SCLogDebug("PostgreSQL log sub-module initialized.");
|
||||
|
||||
|
|
|
|||
|
|
@ -95,8 +95,8 @@ static void LogSmbLogDeInitCtxSub(OutputCtx *output_ctx)
|
|||
|
||||
static OutputInitResult SMBLogInitSub(SCConfNode *conf, OutputCtx *parent_ctx)
|
||||
{
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMB);
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SMB);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMB);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SMB);
|
||||
OutputInitResult r = OutputJsonLogInitSub(conf, parent_ctx);
|
||||
if (r.ok) {
|
||||
// generic init is ok, try smb-specific one
|
||||
|
|
|
|||
|
|
@ -140,7 +140,7 @@ static OutputInitResult OutputSmtpLogInitSub(SCConfNode *conf, OutputCtx *parent
|
|||
output_ctx->DeInit = OutputSmtpLogDeInitCtxSub;
|
||||
|
||||
/* enable the logger for the app layer */
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMTP);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMTP);
|
||||
|
||||
result.ctx = output_ctx;
|
||||
result.ok = true;
|
||||
|
|
|
|||
|
|
@ -697,7 +697,7 @@ static OutputInitResult OutputTlsLogInitSub(SCConfNode *conf, OutputCtx *parent_
|
|||
output_ctx->data = tls_ctx;
|
||||
output_ctx->DeInit = OutputTlsLogDeinitSub;
|
||||
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
|
||||
|
||||
result.ctx = output_ctx;
|
||||
result.ok = true;
|
||||
|
|
|
|||
|
|
@ -783,31 +783,31 @@ static OutputInitResult OutputLuaLogInit(SCConfNode *conf)
|
|||
om->alproto = ALPROTO_HTTP1;
|
||||
om->ts_log_progress = -1;
|
||||
om->tc_log_progress = -1;
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1);
|
||||
} else if (opts.alproto == ALPROTO_TLS) {
|
||||
om->TxLogFunc = LuaTxLogger;
|
||||
om->alproto = ALPROTO_TLS;
|
||||
om->tc_log_progress = TLS_STATE_SERVER_HANDSHAKE_DONE;
|
||||
om->ts_log_progress = TLS_STATE_CLIENT_HANDSHAKE_DONE;
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
|
||||
} else if (opts.alproto == ALPROTO_DNS) {
|
||||
om->TxLogFunc = LuaTxLogger;
|
||||
om->alproto = ALPROTO_DNS;
|
||||
om->ts_log_progress = -1;
|
||||
om->tc_log_progress = -1;
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS);
|
||||
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS);
|
||||
} else if (opts.alproto == ALPROTO_SSH) {
|
||||
om->TxLogFunc = LuaTxLogger;
|
||||
om->alproto = ALPROTO_SSH;
|
||||
om->TxLogCondition = SSHTxLogCondition;
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SSH);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SSH);
|
||||
} else if (opts.alproto == ALPROTO_SMTP) {
|
||||
om->TxLogFunc = LuaTxLogger;
|
||||
om->alproto = ALPROTO_SMTP;
|
||||
om->ts_log_progress = -1;
|
||||
om->tc_log_progress = -1;
|
||||
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMTP);
|
||||
SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMTP);
|
||||
} else if (opts.packet && opts.alerts) {
|
||||
om->PacketLogFunc = LuaPacketLoggerAlerts;
|
||||
om->PacketConditionFunc = LuaPacketConditionAlerts;
|
||||
|
|
|
|||
Loading…
Reference in a new issue