From 7eb73f4f7cdda3521576f5a2d0821fb02156c043 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 2 Sep 2024 10:28:04 +0200 Subject: [PATCH 1/8] protodetect: make expectation_proto part of AppLayerProtoDetectCtx instead of a global variable. For easier initialization with dynamic number of protocols --- src/app-layer-detect-proto.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c index a65a98c88a41..dd17b560c5fb 100644 --- a/src/app-layer-detect-proto.c +++ b/src/app-layer-detect-proto.c @@ -160,6 +160,9 @@ typedef struct AppLayerProtoDetectCtx_ { * for protocol detection. This table is independent of the * ipproto. */ const char *alproto_names[ALPROTO_MAX]; + + /* Protocol expectations, like ftp-data on tcp */ + uint8_t expectation_proto[ALPROTO_MAX]; } AppLayerProtoDetectCtx; typedef struct AppLayerProtoDetectAliases_ { @@ -2111,27 +2114,25 @@ void AppLayerProtoDetectSupportedAppProtocols(AppProto *alprotos) SCReturn; } -uint8_t expectation_proto[ALPROTO_MAX]; - static void AppLayerProtoDetectPEGetIpprotos(AppProto alproto, uint8_t *ipprotos) { - if (expectation_proto[alproto] == IPPROTO_TCP) { + if (alpd_ctx.expectation_proto[alproto] == IPPROTO_TCP) { ipprotos[IPPROTO_TCP / 8] |= 1 << (IPPROTO_TCP % 8); } - if (expectation_proto[alproto] == IPPROTO_UDP) { + if (alpd_ctx.expectation_proto[alproto] == IPPROTO_UDP) { ipprotos[IPPROTO_UDP / 8] |= 1 << (IPPROTO_UDP % 8); } } void AppLayerRegisterExpectationProto(uint8_t proto, AppProto alproto) { - if (expectation_proto[alproto]) { - if (proto != expectation_proto[alproto]) { + if (alpd_ctx.expectation_proto[alproto]) { + if (proto != alpd_ctx.expectation_proto[alproto]) { SCLogError("Expectation on 2 IP protocols are not supported"); } } - expectation_proto[alproto] = proto; + alpd_ctx.expectation_proto[alproto] = proto; } /***** Unittests *****/ From 7aa2d48ff44fec8d6942115740fbccf31ced9a4d Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 2 Sep 2024 10:35:11 +0200 Subject: [PATCH 2/8] protodetect: use dynamic number of app-layer protos for expectation_proto Ticket: 5053 --- src/app-layer-detect-proto.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c index dd17b560c5fb..01d5536ece06 100644 --- a/src/app-layer-detect-proto.c +++ b/src/app-layer-detect-proto.c @@ -161,8 +161,11 @@ typedef struct AppLayerProtoDetectCtx_ { * ipproto. */ const char *alproto_names[ALPROTO_MAX]; - /* Protocol expectations, like ftp-data on tcp */ - uint8_t expectation_proto[ALPROTO_MAX]; + /* Protocol expectations, like ftp-data on tcp. + * It should be allocated to contain ALPROTO_MAX + * app-layer protocols. For each protocol, an iptype + * is referenced (or 0 if there is no expectation). */ + uint8_t *expectation_proto; } AppLayerProtoDetectCtx; typedef struct AppLayerProtoDetectAliases_ { @@ -1721,6 +1724,11 @@ int AppLayerProtoDetectSetup(void) } } + // to realloc when dynamic protos are added + alpd_ctx.expectation_proto = SCCalloc(ALPROTO_MAX, sizeof(uint8_t)); + if (unlikely(alpd_ctx.expectation_proto == NULL)) { + FatalError("Unable to alloc expectation_proto."); + } AppLayerExpectationSetup(); SCReturnInt(0); @@ -1752,6 +1760,9 @@ int AppLayerProtoDetectDeSetup(void) } } + SCFree(alpd_ctx.expectation_proto); + alpd_ctx.expectation_proto = NULL; + SpmDestroyGlobalThreadCtx(alpd_ctx.spm_global_thread_ctx); AppLayerProtoDetectFreeAliases(); From b985a1f0856c1edbc4933aa3fe2e57c103488bda Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 2 Sep 2024 10:40:19 +0200 Subject: [PATCH 3/8] protodetect: use dynamic number of app-layer protos for alproto_names Ticket: 5053 --- src/app-layer-detect-proto.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c index 01d5536ece06..52e1f2922c02 100644 --- a/src/app-layer-detect-proto.c +++ b/src/app-layer-detect-proto.c @@ -158,8 +158,9 @@ typedef struct AppLayerProtoDetectCtx_ { /* Indicates the protocols that have registered themselves * for protocol detection. This table is independent of the - * ipproto. */ - const char *alproto_names[ALPROTO_MAX]; + * ipproto. It should be allocated to contain ALPROTO_MAX + * protocols. */ + const char **alproto_names; /* Protocol expectations, like ftp-data on tcp. * It should be allocated to contain ALPROTO_MAX @@ -1724,6 +1725,10 @@ int AppLayerProtoDetectSetup(void) } } + alpd_ctx.alproto_names = SCCalloc(ALPROTO_MAX, sizeof(char *)); + if (unlikely(alpd_ctx.alproto_names == NULL)) { + FatalError("Unable to alloc alproto_names."); + } // to realloc when dynamic protos are added alpd_ctx.expectation_proto = SCCalloc(ALPROTO_MAX, sizeof(uint8_t)); if (unlikely(alpd_ctx.expectation_proto == NULL)) { @@ -1760,6 +1765,8 @@ int AppLayerProtoDetectDeSetup(void) } } + SCFree(alpd_ctx.alproto_names); + alpd_ctx.alproto_names = NULL; SCFree(alpd_ctx.expectation_proto); alpd_ctx.expectation_proto = NULL; @@ -1776,6 +1783,7 @@ void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_n { SCEnter(); + // should have just been realloced when dynamic protos is added if (alpd_ctx.alproto_names[alproto] == NULL) alpd_ctx.alproto_names[alproto] = alproto_name; From c1f3e14120f91bb88e019e16c329c6992f7a22a5 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 2 Sep 2024 10:47:07 +0200 Subject: [PATCH 4/8] frames: use dynamic number of app-layer protos Ticket: 5053 --- src/app-layer-frames.c | 12 +++++++++++- src/app-layer-frames.h | 1 + src/app-layer.c | 2 ++ src/suricata.c | 1 - 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/app-layer-frames.c b/src/app-layer-frames.c index 432bd020d230..3fa4c345474a 100644 --- a/src/app-layer-frames.c +++ b/src/app-layer-frames.c @@ -33,15 +33,25 @@ struct FrameConfig { SC_ATOMIC_DECLARE(uint64_t, types); }; -static struct FrameConfig frame_config[ALPROTO_MAX]; +/* This array should be allocated to contain ALPROTO_MAX protocols. */ +static struct FrameConfig *frame_config; void FrameConfigInit(void) { + frame_config = SCCalloc(ALPROTO_MAX, sizeof(struct FrameConfig)); + if (unlikely(frame_config == NULL)) { + FatalError("Unable to alloc frame_config."); + } for (AppProto p = 0; p < ALPROTO_MAX; p++) { SC_ATOMIC_INIT(frame_config[p].types); } } +void FrameConfigDeInit(void) +{ + SCFree(frame_config); +} + void FrameConfigEnableAll(void) { const uint64_t bits = UINT64_MAX; diff --git a/src/app-layer-frames.h b/src/app-layer-frames.h index f49bead57b41..f1d5135d8953 100644 --- a/src/app-layer-frames.h +++ b/src/app-layer-frames.h @@ -106,6 +106,7 @@ FramesContainer *AppLayerFramesGetContainer(Flow *f); FramesContainer *AppLayerFramesSetupContainer(Flow *f); void FrameConfigInit(void); +void FrameConfigDeInit(void); void FrameConfigEnableAll(void); void FrameConfigEnable(const AppProto p, const uint8_t type); diff --git a/src/app-layer.c b/src/app-layer.c index 94f99f44f83e..d17ec45ec5f8 100644 --- a/src/app-layer.c +++ b/src/app-layer.c @@ -1039,6 +1039,7 @@ int AppLayerSetup(void) AppLayerProtoDetectPrepareState(); AppLayerSetupCounters(); + FrameConfigInit(); SCReturnInt(0); } @@ -1051,6 +1052,7 @@ int AppLayerDeSetup(void) AppLayerParserDeSetup(); AppLayerDeSetupCounters(); + FrameConfigDeInit(); SCReturnInt(0); } diff --git a/src/suricata.c b/src/suricata.c index 293df00b23c1..9164ed3d28b4 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -362,7 +362,6 @@ void GlobalsInitPreConfig(void) SupportFastPatternForSigMatchTypes(); SCThresholdConfGlobalInit(); SCProtoNameInit(); - FrameConfigInit(); } void GlobalsDestroy(void) From 906994dc99723cc037a75b63ddb0495c030f4ffe Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 2 Sep 2024 13:16:00 +0200 Subject: [PATCH 5/8] util: parenthesis for macro so that we can use safely EXCEPTION_POLICY_MAX*sizeof(x) --- src/flow-private.h | 2 +- src/util-exception-policy-types.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/flow-private.h b/src/flow-private.h index bd7aac73644e..ebd4e11961b4 100644 --- a/src/flow-private.h +++ b/src/flow-private.h @@ -74,7 +74,7 @@ enum { FLOW_PROTO_MAX, }; /* max used in app-layer (counters) */ -#define FLOW_PROTO_APPLAYER_MAX FLOW_PROTO_UDP + 1 +#define FLOW_PROTO_APPLAYER_MAX (FLOW_PROTO_UDP + 1) /* * Variables diff --git a/src/util-exception-policy-types.h b/src/util-exception-policy-types.h index b5295d19305b..a6139acc8934 100644 --- a/src/util-exception-policy-types.h +++ b/src/util-exception-policy-types.h @@ -33,7 +33,7 @@ enum ExceptionPolicy { EXCEPTION_POLICY_REJECT, }; -#define EXCEPTION_POLICY_MAX EXCEPTION_POLICY_REJECT + 1 +#define EXCEPTION_POLICY_MAX (EXCEPTION_POLICY_REJECT + 1) /* Max length = possible exception policy scenarios + counter names * + exception policy type. E.g.: From 941d3dc6a9fbe68236d44e0fbf0c433992da340a Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 2 Sep 2024 10:52:04 +0200 Subject: [PATCH 6/8] app-layer/stats: use dynamic number of app-layer protos Ticket: 5053 --- src/app-layer.c | 137 ++++++++++++++++++++++++++---------------------- 1 file changed, 73 insertions(+), 64 deletions(-) diff --git a/src/app-layer.c b/src/app-layer.c index d17ec45ec5f8..bd5920ab5c52 100644 --- a/src/app-layer.c +++ b/src/app-layer.c @@ -95,9 +95,9 @@ typedef struct AppLayerCounters_ { } AppLayerCounters; /* counter names. Only used at init. */ -AppLayerCounterNames applayer_counter_names[FLOW_PROTO_APPLAYER_MAX][ALPROTO_MAX]; +AppLayerCounterNames (*applayer_counter_names)[FLOW_PROTO_APPLAYER_MAX]; /* counter id's. Used that runtime. */ -AppLayerCounters applayer_counters[FLOW_PROTO_APPLAYER_MAX][ALPROTO_MAX]; +AppLayerCounters (*applayer_counters)[FLOW_PROTO_APPLAYER_MAX]; /* Exception policy global counters ids */ ExceptionPolicyCounters eps_error_summary; @@ -144,7 +144,7 @@ static inline int ProtoDetectDone(const Flow *f, const TcpSession *ssn, uint8_t */ static void AppLayerIncFlowCounter(ThreadVars *tv, Flow *f) { - const uint16_t id = applayer_counters[f->protomap][f->alproto].counter_id; + const uint16_t id = applayer_counters[f->alproto][f->protomap].counter_id; if (likely(tv && id > 0)) { StatsIncr(tv, id); } @@ -152,7 +152,7 @@ static void AppLayerIncFlowCounter(ThreadVars *tv, Flow *f) void AppLayerIncTxCounter(ThreadVars *tv, Flow *f, uint64_t step) { - const uint16_t id = applayer_counters[f->protomap][f->alproto].counter_tx_id; + const uint16_t id = applayer_counters[f->alproto][f->protomap].counter_tx_id; if (likely(tv && id > 0)) { StatsAddUI64(tv, id, step); } @@ -160,7 +160,7 @@ void AppLayerIncTxCounter(ThreadVars *tv, Flow *f, uint64_t step) void AppLayerIncGapErrorCounter(ThreadVars *tv, Flow *f) { - const uint16_t id = applayer_counters[f->protomap][f->alproto].gap_error_id; + const uint16_t id = applayer_counters[f->alproto][f->protomap].gap_error_id; if (likely(tv && id > 0)) { StatsIncr(tv, id); } @@ -168,7 +168,7 @@ void AppLayerIncGapErrorCounter(ThreadVars *tv, Flow *f) void AppLayerIncAllocErrorCounter(ThreadVars *tv, Flow *f) { - const uint16_t id = applayer_counters[f->protomap][f->alproto].alloc_error_id; + const uint16_t id = applayer_counters[f->alproto][f->protomap].alloc_error_id; if (likely(tv && id > 0)) { StatsIncr(tv, id); } @@ -176,7 +176,7 @@ void AppLayerIncAllocErrorCounter(ThreadVars *tv, Flow *f) void AppLayerIncParserErrorCounter(ThreadVars *tv, Flow *f) { - const uint16_t id = applayer_counters[f->protomap][f->alproto].parser_error_id; + const uint16_t id = applayer_counters[f->alproto][f->protomap].parser_error_id; if (likely(tv && id > 0)) { StatsIncr(tv, id); } @@ -184,7 +184,7 @@ void AppLayerIncParserErrorCounter(ThreadVars *tv, Flow *f) void AppLayerIncInternalErrorCounter(ThreadVars *tv, Flow *f) { - const uint16_t id = applayer_counters[f->protomap][f->alproto].internal_error_id; + const uint16_t id = applayer_counters[f->alproto][f->protomap].internal_error_id; if (likely(tv && id > 0)) { StatsIncr(tv, id); } @@ -197,7 +197,7 @@ static void AppLayerIncrErrorExcPolicyCounter(ThreadVars *tv, Flow *f, enum Exce return; } #endif - uint16_t id = applayer_counters[f->protomap][f->alproto].eps_error.eps_id[policy]; + uint16_t id = applayer_counters[f->alproto][f->protomap].eps_error.eps_id[policy]; /* for the summary values */ uint16_t g_id = eps_error_summary.eps_id[policy]; @@ -1132,8 +1132,8 @@ static void AppLayerSetupExceptionPolicyPerProtoCounters( g_applayerparser_error_policy != EXCEPTION_POLICY_NOT_SET) { for (enum ExceptionPolicy i = EXCEPTION_POLICY_NOT_SET + 1; i < EXCEPTION_POLICY_MAX; i++) { if (IsAppLayerErrorExceptionPolicyStatsValid(i)) { - snprintf(applayer_counter_names[ipproto_map][alproto].eps_name[i], - sizeof(applayer_counter_names[ipproto_map][alproto].eps_name[i]), + snprintf(applayer_counter_names[alproto][ipproto_map].eps_name[i], + sizeof(applayer_counter_names[alproto][ipproto_map].eps_name[i]), "app_layer.error.%s%s.exception_policy.%s", alproto_str, ipproto_suffix, ExceptionPolicyEnumToString(i, true)); } @@ -1148,6 +1148,15 @@ void AppLayerSetupCounters(void) const char *str = "app_layer.flow."; const char *estr = "app_layer.error."; + applayer_counter_names = + SCCalloc(ALPROTO_MAX, sizeof(AppLayerCounterNames[FLOW_PROTO_APPLAYER_MAX])); + if (unlikely(applayer_counter_names == NULL)) { + FatalError("Unable to alloc applayer_counter_names."); + } + applayer_counters = SCCalloc(ALPROTO_MAX, sizeof(AppLayerCounters[FLOW_PROTO_APPLAYER_MAX])); + if (unlikely(applayer_counters == NULL)) { + FatalError("Unable to alloc applayer_counters."); + } /* We don't log stats counters if exception policy is `ignore`/`not set` */ if (g_applayerparser_error_policy != EXCEPTION_POLICY_NOT_SET) { /* Register global counters for app layer error exception policy summary */ @@ -1178,62 +1187,62 @@ void AppLayerSetupCounters(void) AppLayerProtoDetectSupportedIpprotos(alproto, ipprotos_all); if ((ipprotos_all[IPPROTO_TCP / 8] & (1 << (IPPROTO_TCP % 8))) && (ipprotos_all[IPPROTO_UDP / 8] & (1 << (IPPROTO_UDP % 8)))) { - snprintf(applayer_counter_names[ipproto_map][alproto].name, - sizeof(applayer_counter_names[ipproto_map][alproto].name), - "%s%s%s", str, alproto_str, ipproto_suffix); - snprintf(applayer_counter_names[ipproto_map][alproto].tx_name, - sizeof(applayer_counter_names[ipproto_map][alproto].tx_name), - "%s%s%s", tx_str, alproto_str, ipproto_suffix); + snprintf(applayer_counter_names[alproto][ipproto_map].name, + sizeof(applayer_counter_names[alproto][ipproto_map].name), "%s%s%s", + str, alproto_str, ipproto_suffix); + snprintf(applayer_counter_names[alproto][ipproto_map].tx_name, + sizeof(applayer_counter_names[alproto][ipproto_map].tx_name), "%s%s%s", + tx_str, alproto_str, ipproto_suffix); if (ipproto == IPPROTO_TCP) { - snprintf(applayer_counter_names[ipproto_map][alproto].gap_error, - sizeof(applayer_counter_names[ipproto_map][alproto].gap_error), + snprintf(applayer_counter_names[alproto][ipproto_map].gap_error, + sizeof(applayer_counter_names[alproto][ipproto_map].gap_error), "%s%s%s.gap", estr, alproto_str, ipproto_suffix); } - snprintf(applayer_counter_names[ipproto_map][alproto].alloc_error, - sizeof(applayer_counter_names[ipproto_map][alproto].alloc_error), + snprintf(applayer_counter_names[alproto][ipproto_map].alloc_error, + sizeof(applayer_counter_names[alproto][ipproto_map].alloc_error), "%s%s%s.alloc", estr, alproto_str, ipproto_suffix); - snprintf(applayer_counter_names[ipproto_map][alproto].parser_error, - sizeof(applayer_counter_names[ipproto_map][alproto].parser_error), + snprintf(applayer_counter_names[alproto][ipproto_map].parser_error, + sizeof(applayer_counter_names[alproto][ipproto_map].parser_error), "%s%s%s.parser", estr, alproto_str, ipproto_suffix); - snprintf(applayer_counter_names[ipproto_map][alproto].internal_error, - sizeof(applayer_counter_names[ipproto_map][alproto].internal_error), + snprintf(applayer_counter_names[alproto][ipproto_map].internal_error, + sizeof(applayer_counter_names[alproto][ipproto_map].internal_error), "%s%s%s.internal", estr, alproto_str, ipproto_suffix); AppLayerSetupExceptionPolicyPerProtoCounters( ipproto_map, alproto, alproto_str, ipproto_suffix); } else { - snprintf(applayer_counter_names[ipproto_map][alproto].name, - sizeof(applayer_counter_names[ipproto_map][alproto].name), - "%s%s", str, alproto_str); - snprintf(applayer_counter_names[ipproto_map][alproto].tx_name, - sizeof(applayer_counter_names[ipproto_map][alproto].tx_name), - "%s%s", tx_str, alproto_str); + snprintf(applayer_counter_names[alproto][ipproto_map].name, + sizeof(applayer_counter_names[alproto][ipproto_map].name), "%s%s", str, + alproto_str); + snprintf(applayer_counter_names[alproto][ipproto_map].tx_name, + sizeof(applayer_counter_names[alproto][ipproto_map].tx_name), "%s%s", + tx_str, alproto_str); if (ipproto == IPPROTO_TCP) { - snprintf(applayer_counter_names[ipproto_map][alproto].gap_error, - sizeof(applayer_counter_names[ipproto_map][alproto].gap_error), + snprintf(applayer_counter_names[alproto][ipproto_map].gap_error, + sizeof(applayer_counter_names[alproto][ipproto_map].gap_error), "%s%s.gap", estr, alproto_str); } - snprintf(applayer_counter_names[ipproto_map][alproto].alloc_error, - sizeof(applayer_counter_names[ipproto_map][alproto].alloc_error), + snprintf(applayer_counter_names[alproto][ipproto_map].alloc_error, + sizeof(applayer_counter_names[alproto][ipproto_map].alloc_error), "%s%s.alloc", estr, alproto_str); - snprintf(applayer_counter_names[ipproto_map][alproto].parser_error, - sizeof(applayer_counter_names[ipproto_map][alproto].parser_error), + snprintf(applayer_counter_names[alproto][ipproto_map].parser_error, + sizeof(applayer_counter_names[alproto][ipproto_map].parser_error), "%s%s.parser", estr, alproto_str); - snprintf(applayer_counter_names[ipproto_map][alproto].internal_error, - sizeof(applayer_counter_names[ipproto_map][alproto].internal_error), + snprintf(applayer_counter_names[alproto][ipproto_map].internal_error, + sizeof(applayer_counter_names[alproto][ipproto_map].internal_error), "%s%s.internal", estr, alproto_str); AppLayerSetupExceptionPolicyPerProtoCounters( ipproto_map, alproto, alproto_str, ""); } } else if (alproto == ALPROTO_FAILED) { - snprintf(applayer_counter_names[ipproto_map][alproto].name, - sizeof(applayer_counter_names[ipproto_map][alproto].name), - "%s%s%s", str, "failed", ipproto_suffix); + snprintf(applayer_counter_names[alproto][ipproto_map].name, + sizeof(applayer_counter_names[alproto][ipproto_map].name), "%s%s%s", str, + "failed", ipproto_suffix); if (ipproto == IPPROTO_TCP) { - snprintf(applayer_counter_names[ipproto_map][alproto].gap_error, - sizeof(applayer_counter_names[ipproto_map][alproto].gap_error), + snprintf(applayer_counter_names[alproto][ipproto_map].gap_error, + sizeof(applayer_counter_names[alproto][ipproto_map].gap_error), "%sfailed%s.gap", estr, ipproto_suffix); } } @@ -1264,41 +1273,41 @@ void AppLayerRegisterThreadCounters(ThreadVars *tv) for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) { if (alprotos[alproto] == 1) { - applayer_counters[ipproto_map][alproto].counter_id = - StatsRegisterCounter(applayer_counter_names[ipproto_map][alproto].name, tv); + applayer_counters[alproto][ipproto_map].counter_id = + StatsRegisterCounter(applayer_counter_names[alproto][ipproto_map].name, tv); - applayer_counters[ipproto_map][alproto].counter_tx_id = - StatsRegisterCounter(applayer_counter_names[ipproto_map][alproto].tx_name, tv); + applayer_counters[alproto][ipproto_map].counter_tx_id = StatsRegisterCounter( + applayer_counter_names[alproto][ipproto_map].tx_name, tv); if (ipproto == IPPROTO_TCP) { - applayer_counters[ipproto_map][alproto].gap_error_id = StatsRegisterCounter( - applayer_counter_names[ipproto_map][alproto].gap_error, tv); + applayer_counters[alproto][ipproto_map].gap_error_id = StatsRegisterCounter( + applayer_counter_names[alproto][ipproto_map].gap_error, tv); } - applayer_counters[ipproto_map][alproto].alloc_error_id = StatsRegisterCounter( - applayer_counter_names[ipproto_map][alproto].alloc_error, tv); - applayer_counters[ipproto_map][alproto].parser_error_id = StatsRegisterCounter( - applayer_counter_names[ipproto_map][alproto].parser_error, tv); - applayer_counters[ipproto_map][alproto].internal_error_id = StatsRegisterCounter( - applayer_counter_names[ipproto_map][alproto].internal_error, tv); + applayer_counters[alproto][ipproto_map].alloc_error_id = StatsRegisterCounter( + applayer_counter_names[alproto][ipproto_map].alloc_error, tv); + applayer_counters[alproto][ipproto_map].parser_error_id = StatsRegisterCounter( + applayer_counter_names[alproto][ipproto_map].parser_error, tv); + applayer_counters[alproto][ipproto_map].internal_error_id = StatsRegisterCounter( + applayer_counter_names[alproto][ipproto_map].internal_error, tv); /* We don't log stats counters if exception policy is `ignore`/`not set` */ if (g_stats_eps_per_app_proto_errors && g_applayerparser_error_policy != EXCEPTION_POLICY_NOT_SET) { for (enum ExceptionPolicy i = EXCEPTION_POLICY_NOT_SET + 1; i < EXCEPTION_POLICY_MAX; i++) { if (IsAppLayerErrorExceptionPolicyStatsValid(i)) { - applayer_counters[ipproto_map][alproto] + applayer_counters[alproto][ipproto_map] .eps_error.eps_id[i] = StatsRegisterCounter( - applayer_counter_names[ipproto_map][alproto].eps_name[i], tv); + applayer_counter_names[alproto][ipproto_map].eps_name[i], tv); } } } } else if (alproto == ALPROTO_FAILED) { - applayer_counters[ipproto_map][alproto].counter_id = - StatsRegisterCounter(applayer_counter_names[ipproto_map][alproto].name, tv); + applayer_counters[alproto][ipproto_map].counter_id = + StatsRegisterCounter(applayer_counter_names[alproto][ipproto_map].name, tv); if (ipproto == IPPROTO_TCP) { - applayer_counters[ipproto_map][alproto].gap_error_id = StatsRegisterCounter( - applayer_counter_names[ipproto_map][alproto].gap_error, tv); + applayer_counters[alproto][ipproto_map].gap_error_id = StatsRegisterCounter( + applayer_counter_names[alproto][ipproto_map].gap_error, tv); } } } @@ -1307,8 +1316,8 @@ void AppLayerRegisterThreadCounters(ThreadVars *tv) void AppLayerDeSetupCounters(void) { - memset(applayer_counter_names, 0, sizeof(applayer_counter_names)); - memset(applayer_counters, 0, sizeof(applayer_counters)); + SCFree(applayer_counter_names); + SCFree(applayer_counters); } /***** Unittests *****/ From 46a32e4b57325cd8a38a4d340341ff0227e40bfc Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 2 Sep 2024 11:13:21 +0200 Subject: [PATCH 7/8] fuzz: use dynamic number of app-layer protos Ticket: 5053 delay after initialization so that StringToAppProto works --- src/tests/fuzz/fuzz_applayerparserparse.c | 36 ++++++++++------------- 1 file changed, 15 insertions(+), 21 deletions(-) diff --git a/src/tests/fuzz/fuzz_applayerparserparse.c b/src/tests/fuzz/fuzz_applayerparserparse.c index f20c566e399a..5e71243e047f 100644 --- a/src/tests/fuzz/fuzz_applayerparserparse.c +++ b/src/tests/fuzz/fuzz_applayerparserparse.c @@ -36,32 +36,15 @@ extern const char *configNoChecksum; const uint8_t separator[] = {0x01, 0xD5, 0xCA, 0x7A}; SCInstance surifuzz; AppProto forceLayer = 0; +char *target_suffix = NULL; SC_ATOMIC_EXTERN(unsigned int, engine_stage); int LLVMFuzzerInitialize(int *argc, char ***argv) { - char *target_suffix = strrchr((*argv)[0], '_'); - if (target_suffix != NULL) { - AppProto applayer = StringToAppProto(target_suffix + 1); - if (applayer != ALPROTO_UNKNOWN) { - forceLayer = applayer; - printf("Forcing %s=%" PRIu16 "\n", AppProtoToString(forceLayer), forceLayer); - return 0; - } - } + target_suffix = strrchr((*argv)[0], '_'); // else - const char *forceLayerStr = getenv("FUZZ_APPLAYER"); - if (forceLayerStr) { - if (ByteExtractStringUint16(&forceLayer, 10, 0, forceLayerStr) < 0) { - forceLayer = 0; - printf("Invalid numeric value for FUZZ_APPLAYER environment variable"); - } else { - printf("Forcing %s\n", AppProtoToString(forceLayer)); - } - } - // http is the output name, but we want to fuzz HTTP1 - if (forceLayer == ALPROTO_HTTP) { - forceLayer = ALPROTO_HTTP1; + if (!target_suffix) { + target_suffix = getenv("FUZZ_APPLAYER"); } return 0; } @@ -96,6 +79,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) PostConfLoadedSetup(&surifuzz); alp_tctx = AppLayerParserThreadCtxAlloc(); SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME); + if (target_suffix != NULL) { + AppProto applayer = StringToAppProto(target_suffix + 1); + if (applayer != ALPROTO_UNKNOWN) { + forceLayer = applayer; + printf("Forcing %s=%" PRIu16 "\n", AppProtoToString(forceLayer), forceLayer); + } + } + // http is the output name, but we want to fuzz HTTP1 + if (forceLayer == ALPROTO_HTTP) { + forceLayer = ALPROTO_HTTP1; + } } if (size < HEADER_LEN) { From b03265b40ef880c0aacbcc12e57d60edbc742161 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 2 Sep 2024 11:00:37 +0200 Subject: [PATCH 8/8] app-layer/parser: use dynamic number of app-layer protos Ticket: 5053 --- src/app-layer-parser.c | 234 ++++++++++++++++++----------------------- 1 file changed, 105 insertions(+), 129 deletions(-) diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index c8410d41e4a8..ddcc0436bb60 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -56,7 +56,7 @@ #include "app-layer-imap.h" struct AppLayerParserThreadCtx_ { - void *alproto_local_storage[FLOW_PROTO_MAX][ALPROTO_MAX]; + void *(*alproto_local_storage)[FLOW_PROTO_MAX]; }; @@ -123,7 +123,7 @@ typedef struct AppLayerParserProtoCtx_ } AppLayerParserProtoCtx; typedef struct AppLayerParserCtx_ { - AppLayerParserProtoCtx ctxs[FLOW_PROTO_MAX][ALPROTO_MAX]; + AppLayerParserProtoCtx (*ctxs)[FLOW_PROTO_MAX]; } AppLayerParserCtx; struct AppLayerParserState_ { @@ -218,7 +218,7 @@ int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto) { uint8_t ipproto_map = FlowGetProtoMapping(ipproto); - return (alp_ctx.ctxs[ipproto_map][alproto].StateAlloc != NULL) ? 1 : 0; + return (alp_ctx.ctxs[alproto][ipproto_map].StateAlloc != NULL) ? 1 : 0; } AppLayerParserState *AppLayerParserStateAlloc(void) @@ -248,7 +248,12 @@ void AppLayerParserStateFree(AppLayerParserState *pstate) int AppLayerParserSetup(void) { SCEnter(); - memset(&alp_ctx, 0, sizeof(alp_ctx)); + // initial allocation that will later be grown using realloc, + // when new protocols register themselves and make ALPROTO_MAX grow + alp_ctx.ctxs = SCCalloc(ALPROTO_MAX, sizeof(AppLayerParserProtoCtx[FLOW_PROTO_MAX])); + if (unlikely(alp_ctx.ctxs == NULL)) { + FatalError("Unable to alloc alp_ctx.ctxs."); + } SCReturnInt(0); } @@ -257,10 +262,9 @@ void AppLayerParserPostStreamSetup(void) /* lets set a default value for stream_depth */ for (int flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) { for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) { - if (!(alp_ctx.ctxs[flow_proto][alproto].internal_flags & + if (!(alp_ctx.ctxs[alproto][flow_proto].internal_flags & APP_LAYER_PARSER_INT_STREAM_DEPTH_SET)) { - alp_ctx.ctxs[flow_proto][alproto].stream_depth = - stream_config.reassembly_depth; + alp_ctx.ctxs[alproto][flow_proto].stream_depth = stream_config.reassembly_depth; } } } @@ -270,6 +274,8 @@ int AppLayerParserDeSetup(void) { SCEnter(); + SCFree(alp_ctx.ctxs); + FTPParserCleanup(); SMTPParserCleanup(); @@ -284,12 +290,18 @@ AppLayerParserThreadCtx *AppLayerParserThreadCtxAlloc(void) if (tctx == NULL) goto end; + tctx->alproto_local_storage = SCCalloc(ALPROTO_MAX, sizeof(void *[FLOW_PROTO_MAX])); + if (unlikely(tctx->alproto_local_storage == NULL)) { + SCFree(tctx); + tctx = NULL; + goto end; + } for (uint8_t flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) { for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) { uint8_t ipproto = FlowGetReverseProtoMapping(flow_proto); - tctx->alproto_local_storage[flow_proto][alproto] = - AppLayerParserGetProtocolParserLocalStorage(ipproto, alproto); + tctx->alproto_local_storage[alproto][flow_proto] = + AppLayerParserGetProtocolParserLocalStorage(ipproto, alproto); } } @@ -305,11 +317,12 @@ void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx) for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) { uint8_t ipproto = FlowGetReverseProtoMapping(flow_proto); - AppLayerParserDestroyProtocolParserLocalStorage(ipproto, alproto, - tctx->alproto_local_storage[flow_proto][alproto]); + AppLayerParserDestroyProtocolParserLocalStorage( + ipproto, alproto, tctx->alproto_local_storage[alproto][flow_proto]); } } + SCFree(tctx->alproto_local_storage); SCFree(tctx); SCReturn; } @@ -381,8 +394,8 @@ int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. - Parser[(direction & STREAM_TOSERVER) ? 0 : 1] = Parser; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)] + .Parser[(direction & STREAM_TOSERVER) ? 0 : 1] = Parser; SCReturnInt(0); } @@ -392,8 +405,8 @@ void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppPro { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].first_data_dir |= - (direction & (STREAM_TOSERVER | STREAM_TOCLIENT)); + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].first_data_dir |= + (direction & (STREAM_TOSERVER | STREAM_TOCLIENT)); SCReturn; } @@ -403,7 +416,7 @@ void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto, { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].option_flags |= flags; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].option_flags |= flags; SCReturn; } @@ -413,10 +426,8 @@ void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateAlloc = - StateAlloc; - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateFree = - StateFree; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateAlloc = StateAlloc; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateFree = StateFree; SCReturn; } @@ -427,10 +438,8 @@ void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto alproto, { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageAlloc = - LocalStorageAlloc; - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageFree = - LocalStorageFree; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].LocalStorageAlloc = LocalStorageAlloc; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].LocalStorageFree = LocalStorageFree; SCReturn; } @@ -440,7 +449,7 @@ void AppLayerParserRegisterGetTxFilesFunc( { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxFiles = GetTxFiles; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetTxFiles = GetTxFiles; SCReturn; } @@ -449,7 +458,7 @@ void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerI { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger_bits = bits; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].logger_bits = bits; SCReturn; } @@ -458,7 +467,7 @@ void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto) { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger = true; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].logger = true; SCReturn; } @@ -468,8 +477,7 @@ void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alprot { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. - StateGetProgress = StateGetProgress; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateGetProgress = StateGetProgress; SCReturn; } @@ -479,8 +487,7 @@ void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. - StateTransactionFree = StateTransactionFree; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateTransactionFree = StateTransactionFree; SCReturn; } @@ -490,8 +497,7 @@ void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. - StateGetTxCnt = StateGetTxCnt; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateGetTxCnt = StateGetTxCnt; SCReturn; } @@ -501,8 +507,7 @@ void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. - StateGetTx = StateGetTx; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateGetTx = StateGetTx; SCReturn; } @@ -511,7 +516,7 @@ void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func) { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTxIterator = Func; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateGetTxIterator = Func; SCReturn; } @@ -521,13 +526,13 @@ void AppLayerParserRegisterStateProgressCompletionStatus( BUG_ON(ts == 0); BUG_ON(tc == 0); BUG_ON(!AppProtoIsValid(alproto)); - BUG_ON(alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts != 0 && - alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts != ts); - BUG_ON(alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc != 0 && - alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc != tc); + BUG_ON(alp_ctx.ctxs[alproto][FLOW_PROTO_DEFAULT].complete_ts != 0 && + alp_ctx.ctxs[alproto][FLOW_PROTO_DEFAULT].complete_ts != ts); + BUG_ON(alp_ctx.ctxs[alproto][FLOW_PROTO_DEFAULT].complete_tc != 0 && + alp_ctx.ctxs[alproto][FLOW_PROTO_DEFAULT].complete_tc != tc); - alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts = ts; - alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc = tc; + alp_ctx.ctxs[alproto][FLOW_PROTO_DEFAULT].complete_ts = ts; + alp_ctx.ctxs[alproto][FLOW_PROTO_DEFAULT].complete_tc = tc; } void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, @@ -536,8 +541,8 @@ void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. - StateGetEventInfoById = StateGetEventInfoById; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateGetEventInfoById = + StateGetEventInfoById; SCReturn; } @@ -547,8 +552,8 @@ void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc) { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameIdByName = GetIdByNameFunc; - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameNameById = GetNameByIdFunc; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetFrameIdByName = GetIdByNameFunc; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetFrameNameById = GetNameByIdFunc; SCReturn; } @@ -558,8 +563,7 @@ void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. - StateGetEventInfo = StateGetEventInfo; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateGetEventInfo = StateGetEventInfo; SCReturn; } @@ -569,7 +573,7 @@ void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxData = GetTxData; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetTxData = GetTxData; SCReturn; } @@ -579,7 +583,7 @@ void AppLayerParserRegisterStateDataFunc( { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetStateData = GetStateData; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetStateData = GetStateData; SCReturn; } @@ -589,7 +593,7 @@ void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto, { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].ApplyTxConfig = ApplyTxConfig; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].ApplyTxConfig = ApplyTxConfig; SCReturn; } @@ -599,7 +603,7 @@ void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag = SetStreamDepthFlag; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].SetStreamDepthFlag = SetStreamDepthFlag; SCReturn; } @@ -611,11 +615,8 @@ void *AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alpr SCEnter(); void * r = NULL; - if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. - LocalStorageAlloc != NULL) - { - r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. - LocalStorageAlloc(); + if (alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].LocalStorageAlloc != NULL) { + r = alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].LocalStorageAlloc(); } SCReturnPtr(r, "void *"); @@ -626,11 +627,8 @@ void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto a { SCEnter(); - if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. - LocalStorageFree != NULL) - { - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. - LocalStorageFree(local_data); + if (alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].LocalStorageFree != NULL) { + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].LocalStorageFree(local_data); } SCReturn; @@ -675,7 +673,7 @@ AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto, const AppProto alproto) { AppLayerGetTxIteratorFunc Func = - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTxIterator; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateGetTxIterator; return Func ? Func : AppLayerDefaultGetTxIterator; } @@ -855,8 +853,8 @@ AppLayerGetFileState AppLayerParserGetTxFiles(const Flow *f, void *tx, const uin { SCEnter(); - if (alp_ctx.ctxs[f->protomap][f->alproto].GetTxFiles != NULL) { - return alp_ctx.ctxs[f->protomap][f->alproto].GetTxFiles(tx, direction); + if (alp_ctx.ctxs[f->alproto][f->protomap].GetTxFiles != NULL) { + return alp_ctx.ctxs[f->alproto][f->protomap].GetTxFiles(tx, direction); } AppLayerGetFileState files = { .fc = NULL, .cfg = NULL }; @@ -886,7 +884,7 @@ void AppLayerParserTransactionsCleanup(Flow *f, const uint8_t pkt_dir) SCEnter(); DEBUG_ASSERT_FLOW_LOCKED(f); - AppLayerParserProtoCtx *p = &alp_ctx.ctxs[f->protomap][f->alproto]; + AppLayerParserProtoCtx *p = &alp_ctx.ctxs[f->alproto][f->protomap]; if (unlikely(p->StateTransactionFree == NULL)) SCReturn; @@ -1048,9 +1046,9 @@ void AppLayerParserTransactionsCleanup(Flow *f, const uint8_t pkt_dir) static inline int StateGetProgressCompletionStatus(const AppProto alproto, const uint8_t flags) { if (flags & STREAM_TOSERVER) { - return alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts; + return alp_ctx.ctxs[alproto][FLOW_PROTO_DEFAULT].complete_ts; } else if (flags & STREAM_TOCLIENT) { - return alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc; + return alp_ctx.ctxs[alproto][FLOW_PROTO_DEFAULT].complete_tc; } else { DEBUG_VALIDATE_BUG_ON(1); return 0; @@ -1071,7 +1069,7 @@ int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto, r = StateGetProgressCompletionStatus(alproto, flags); } else { uint8_t direction = flags & (STREAM_TOCLIENT | STREAM_TOSERVER); - r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetProgress( + r = alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateGetProgress( alstate, direction); } SCReturnInt(r); @@ -1080,14 +1078,14 @@ int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto, uint64_t AppLayerParserGetTxCnt(const Flow *f, void *alstate) { SCEnter(); - uint64_t r = alp_ctx.ctxs[f->protomap][f->alproto].StateGetTxCnt(alstate); + uint64_t r = alp_ctx.ctxs[f->alproto][f->protomap].StateGetTxCnt(alstate); SCReturnCT(r, "uint64_t"); } void *AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id) { SCEnter(); - void *r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTx(alstate, tx_id); + void *r = alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateGetTx(alstate, tx_id); SCReturnPtr(r, "void *"); } @@ -1104,8 +1102,10 @@ int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *ev { SCEnter(); const int ipproto_map = FlowGetProtoMapping(ipproto); - int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo == NULL) ? - -1 : alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo(event_name, event_id, event_type); + int r = (alp_ctx.ctxs[alproto][ipproto_map].StateGetEventInfo == NULL) + ? -1 + : alp_ctx.ctxs[alproto][ipproto_map].StateGetEventInfo( + event_name, event_id, event_type); SCReturnInt(r); } @@ -1115,15 +1115,17 @@ int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, int event_ SCEnter(); const int ipproto_map = FlowGetProtoMapping(ipproto); *event_name = (const char *)NULL; - int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfoById == NULL) ? - -1 : alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfoById(event_id, event_name, event_type); + int r = (alp_ctx.ctxs[alproto][ipproto_map].StateGetEventInfoById == NULL) + ? -1 + : alp_ctx.ctxs[alproto][ipproto_map].StateGetEventInfoById( + event_id, event_name, event_type); SCReturnInt(r); } uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto) { SCEnter(); - uint8_t r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].first_data_dir; + uint8_t r = alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].first_data_dir; SCReturnCT(r, "uint8_t"); } @@ -1135,7 +1137,7 @@ uint64_t AppLayerParserGetTransactionActive(const Flow *f, uint64_t active_id; uint64_t log_id = pstate->log_id; uint64_t inspect_id = pstate->inspect_id[(direction & STREAM_TOSERVER) ? 0 : 1]; - if (alp_ctx.ctxs[f->protomap][f->alproto].logger == true) { + if (alp_ctx.ctxs[f->alproto][f->protomap].logger == true) { active_id = MIN(log_id, inspect_id); } else { active_id = inspect_id; @@ -1151,22 +1153,22 @@ bool AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto) return AppLayerParserSupportsFiles(ipproto, ALPROTO_HTTP1) || AppLayerParserSupportsFiles(ipproto, ALPROTO_HTTP2); } - return alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxFiles != NULL; + return alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetTxFiles != NULL; } AppLayerTxData *AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx) { SCEnter(); - AppLayerTxData *d = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxData(tx); + AppLayerTxData *d = alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetTxData(tx); SCReturnPtr(d, "AppLayerTxData"); } AppLayerStateData *AppLayerParserGetStateData(uint8_t ipproto, AppProto alproto, void *state) { SCEnter(); - if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetStateData) { + if (alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetStateData) { AppLayerStateData *d = - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetStateData(state); + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetStateData(state); SCReturnPtr(d, "AppLayerStateData"); } SCReturnPtr(NULL, "AppLayerStateData"); @@ -1177,8 +1179,8 @@ void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto, { SCEnter(); const int ipproto_map = FlowGetProtoMapping(ipproto); - if (alp_ctx.ctxs[ipproto_map][alproto].ApplyTxConfig) { - alp_ctx.ctxs[ipproto_map][alproto].ApplyTxConfig(state, tx, mode, config); + if (alp_ctx.ctxs[alproto][ipproto_map].ApplyTxConfig) { + alp_ctx.ctxs[alproto][ipproto_map].ApplyTxConfig(state, tx, mode, config); } SCReturn; } @@ -1270,7 +1272,7 @@ int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow BUG_ON(f->protomap != FlowGetProtoMapping(f->proto)); #endif AppLayerParserState *pstate = f->alparser; - AppLayerParserProtoCtx *p = &alp_ctx.ctxs[f->protomap][alproto]; + AppLayerParserProtoCtx *p = &alp_ctx.ctxs[alproto][f->protomap]; StreamSlice stream_slice; void *alstate = NULL; uint64_t p_tx_cnt = 0; @@ -1359,7 +1361,7 @@ int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow #endif /* invoke the parser */ AppLayerResult res = p->Parser[direction](f, alstate, pstate, stream_slice, - alp_tctx->alproto_local_storage[f->protomap][alproto]); + alp_tctx->alproto_local_storage[alproto][f->protomap]); if (res.status < 0) { AppLayerIncParserErrorCounter(tv, f); goto error; @@ -1505,7 +1507,7 @@ bool AppLayerParserHasDecoderEvents(AppLayerParserState *pstate) int AppLayerParserIsEnabled(AppProto alproto) { for (int i = 0; i < FLOW_PROTO_APPLAYER_MAX; i++) { - if (alp_ctx.ctxs[i][alproto].StateGetProgress != NULL) { + if (alp_ctx.ctxs[alproto][i].StateGetProgress != NULL) { return 1; } } @@ -1516,7 +1518,7 @@ int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto) { SCEnter(); int ipproto_map = FlowGetProtoMapping(ipproto); - int r = (alp_ctx.ctxs[ipproto_map][alproto].logger == false) ? 0 : 1; + int r = (alp_ctx.ctxs[alproto][ipproto_map].logger == false) ? 0 : 1; SCReturnInt(r); } @@ -1524,7 +1526,7 @@ LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto) { SCEnter(); const int ipproto_map = FlowGetProtoMapping(ipproto); - LoggerId r = alp_ctx.ctxs[ipproto_map][alproto].logger_bits; + LoggerId r = alp_ctx.ctxs[alproto][ipproto_map].logger_bits; SCReturnUInt(r); } @@ -1543,16 +1545,16 @@ void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t st { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].stream_depth = stream_depth; - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].internal_flags |= - APP_LAYER_PARSER_INT_STREAM_DEPTH_SET; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].stream_depth = stream_depth; + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].internal_flags |= + APP_LAYER_PARSER_INT_STREAM_DEPTH_SET; SCReturn; } uint32_t AppLayerParserGetStreamDepth(const Flow *f) { - SCReturnInt(alp_ctx.ctxs[f->protomap][f->alproto].stream_depth); + SCReturnInt(alp_ctx.ctxs[f->alproto][f->protomap].stream_depth); } void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags) @@ -1561,8 +1563,8 @@ void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *s void *tx = NULL; if (state != NULL) { if ((tx = AppLayerParserGetTx(ipproto, alproto, state, tx_id)) != NULL) { - if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag != NULL) { - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag(tx, flags); + if (alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].SetStreamDepthFlag != NULL) { + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].SetStreamDepthFlag(tx, flags); } } } @@ -1571,8 +1573,8 @@ void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *s int AppLayerParserGetFrameIdByName(uint8_t ipproto, AppProto alproto, const char *name) { - if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameIdByName != NULL) { - return alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameIdByName(name); + if (alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetFrameIdByName != NULL) { + return alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetFrameIdByName(name); } else { return -1; } @@ -1580,8 +1582,8 @@ int AppLayerParserGetFrameIdByName(uint8_t ipproto, AppProto alproto, const char const char *AppLayerParserGetFrameNameById(uint8_t ipproto, AppProto alproto, const uint8_t id) { - if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameNameById != NULL) { - return alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameNameById(id); + if (alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetFrameNameById != NULL) { + return alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].GetFrameNameById(id); } else { return NULL; } @@ -1594,7 +1596,7 @@ void AppLayerParserStateProtoCleanup( { SCEnter(); - AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[protomap][alproto]; + AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[alproto][protomap]; if (ctx->StateFree != NULL && alstate != NULL) ctx->StateFree(alstate); @@ -1614,7 +1616,7 @@ void AppLayerParserStateCleanup(const Flow *f, void *alstate, AppLayerParserStat static void ValidateParserProtoDump(AppProto alproto, uint8_t ipproto) { uint8_t map = FlowGetProtoMapping(ipproto); - const AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[map][alproto]; + const AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[alproto][map]; printf("ERROR: incomplete app-layer registration\n"); printf("AppLayer protocol %s ipproto %u\n", AppProtoToString(alproto), ipproto); printf("- option flags %"PRIx32"\n", ctx->option_flags); @@ -1640,7 +1642,7 @@ static void ValidateParserProtoDump(AppProto alproto, uint8_t ipproto) static void ValidateParserProto(AppProto alproto, uint8_t ipproto) { uint8_t map = FlowGetProtoMapping(ipproto); - const AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[map][alproto]; + const AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[alproto][map]; if (ctx->Parser[0] == NULL && ctx->Parser[1] == NULL) return; @@ -1768,8 +1770,6 @@ uint16_t AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag #ifdef UNITTESTS #include "util-unittest-helper.h" -static AppLayerParserCtx alp_ctx_backup_unittest; - typedef struct TestState_ { uint8_t test; } TestState; @@ -1826,24 +1826,7 @@ void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto, void (*RegisterUnittests)(void)) { SCEnter(); - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. - RegisterUnittests = RegisterUnittests; - SCReturn; -} - -void AppLayerParserBackupParserTable(void) -{ - SCEnter(); - alp_ctx_backup_unittest = alp_ctx; - memset(&alp_ctx, 0, sizeof(alp_ctx)); - SCReturn; -} - -void AppLayerParserRestoreParserTable(void) -{ - SCEnter(); - alp_ctx = alp_ctx_backup_unittest; - memset(&alp_ctx_backup_unittest, 0, sizeof(alp_ctx_backup_unittest)); + alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].RegisterUnittests = RegisterUnittests; SCReturn; } @@ -1853,8 +1836,6 @@ void AppLayerParserRestoreParserTable(void) */ static int AppLayerParserTest01(void) { - AppLayerParserBackupParserTable(); - Flow *f = NULL; uint8_t testbuf[] = { 0x11 }; uint32_t testlen = sizeof(testbuf); @@ -1886,7 +1867,6 @@ static int AppLayerParserTest01(void) FAIL_IF(!(ssn.flags & STREAMTCP_FLAG_APP_LAYER_DISABLED)); - AppLayerParserRestoreParserTable(); StreamTcpFreeConfig(true); UTHFreeFlow(f); PASS; @@ -1898,8 +1878,6 @@ static int AppLayerParserTest01(void) */ static int AppLayerParserTest02(void) { - AppLayerParserBackupParserTable(); - Flow *f = NULL; uint8_t testbuf[] = { 0x11 }; uint32_t testlen = sizeof(testbuf); @@ -1927,13 +1905,11 @@ static int AppLayerParserTest02(void) testlen); FAIL_IF(r != -1); - AppLayerParserRestoreParserTable(); StreamTcpFreeConfig(true); UTHFreeFlow(f); PASS; } - void AppLayerParserRegisterUnittests(void) { SCEnter(); @@ -1944,7 +1920,7 @@ void AppLayerParserRegisterUnittests(void) for (ip = 0; ip < FLOW_PROTO_DEFAULT; ip++) { for (alproto = 0; alproto < ALPROTO_MAX; alproto++) { - ctx = &alp_ctx.ctxs[ip][alproto]; + ctx = &alp_ctx.ctxs[alproto][ip]; if (ctx->RegisterUnittests == NULL) continue; ctx->RegisterUnittests();