int DetectAppLayerEventTest01(void)
{
AppLayerParserBackupParserTable();
AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_SMTP,
DetectAppLayerEventTestGetEventInfo);
AppLayerEventType event_type;
int result = 0;
uint8_t ipproto_bitarray[256 / 8];
memset(ipproto_bitarray, 0, sizeof(ipproto_bitarray));
ipproto_bitarray[IPPROTO_TCP / 8] |= 1 << (IPPROTO_TCP % 8);
DetectAppLayerEventData *aled = DetectAppLayerEventParse("smtp.event1",
&event_type);
if (aled == NULL)
goto end;
if (DetectAppLayerEventParseAppP2(aled, ipproto_bitarray, &event_type) < 0) {
printf("failure 1\n");
goto end;
}
if (aled->alproto != ALPROTO_SMTP ||
aled->event_id != APP_LAYER_EVENT_TEST_MAP_EVENT1) {
printf("test failure. Holding wrong state\n");
goto end;
}
result = 1;
end:
AppLayerParserRestoreParserTable();
if (aled != NULL)
DetectAppLayerEventFree(aled);
return result;
}
void RegisterNFSUDPParsers(void)
{
const char *proto_name = "nfs";
/* Check if NFS TCP detection is enabled. If it does not exist in
* the configuration file then it will be enabled by default. */
if (AppLayerProtoDetectConfProtoDetectionEnabled("udp", proto_name)) {
rs_nfs_init(&sfc);
SCLogDebug("NFS UDP protocol detection enabled.");
AppLayerProtoDetectRegisterProtocol(ALPROTO_NFS, proto_name);
if (RunmodeIsUnittests()) {
SCLogDebug("Unittest mode, registering default configuration.");
AppLayerProtoDetectPPRegister(IPPROTO_UDP, NFS_DEFAULT_PORT,
ALPROTO_NFS, 0, NFS_MIN_FRAME_LEN, STREAM_TOSERVER,
NFSProbingParserTS, NFSProbingParserTC);
}
else {
if (!AppLayerProtoDetectPPParseConfPorts("udp", IPPROTO_UDP,
proto_name, ALPROTO_NFS, 0, NFS_MIN_FRAME_LEN,
NFSProbingParserTS, NFSProbingParserTC)) {
SCLogDebug("No NFS app-layer configuration, enabling NFS"
" detection TCP detection on port %s.",
NFS_DEFAULT_PORT);
AppLayerProtoDetectPPRegister(IPPROTO_UDP,
NFS_DEFAULT_PORT, ALPROTO_NFS, 0,
NFS_MIN_FRAME_LEN, STREAM_TOSERVER,
NFSProbingParserTS, NFSProbingParserTC);
}
}
}
else {
SCLogDebug("Protocol detecter and parser disabled for NFS.");
return;
}
if (AppLayerParserConfParserEnabled("udp", proto_name))
{
SCLogDebug("Registering NFS protocol parser.");
/* Register functions for state allocation and freeing. A
* state is allocated for every new NFS flow. */
AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_NFS,
NFSStateAlloc, NFSStateFree);
/* Register request parser for parsing frame from server to client. */
AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_NFS,
STREAM_TOSERVER, NFSParseRequest);
/* Register response parser for parsing frames from server to client. */
AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_NFS,
STREAM_TOCLIENT, NFSParseResponse);
/* Register a function to be called by the application layer
* when a transaction is to be freed. */
AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_NFS,
NFSStateTxFree);
AppLayerParserRegisterLoggerFuncs(IPPROTO_UDP, ALPROTO_NFS,
NFSGetTxLogged, NFSSetTxLogged);
/* Register a function to return the current transaction count. */
AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_NFS,
NFSGetTxCnt);
/* Transaction handling. */
AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_NFS,
NFSGetAlstateProgressCompletionStatus);
AppLayerParserRegisterGetStateProgressFunc(IPPROTO_UDP,
ALPROTO_NFS, NFSGetStateProgress);
AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_NFS,
NFSGetTx);
AppLayerParserRegisterGetTxIterator(IPPROTO_UDP, ALPROTO_NFS,
RustNFSGetTxIterator);
AppLayerParserRegisterGetFilesFunc(IPPROTO_UDP, ALPROTO_NFS, NFSGetFiles);
/* What is this being registered for? */
AppLayerParserRegisterDetectStateFuncs(IPPROTO_UDP, ALPROTO_NFS,
NFSGetTxDetectState, NFSSetTxDetectState);
AppLayerParserRegisterGetEventInfo(IPPROTO_UDP, ALPROTO_NFS,
NFSStateGetEventInfo);
AppLayerParserRegisterGetEventsFunc(IPPROTO_UDP, ALPROTO_NFS,
NFSGetEvents);
AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_UDP, ALPROTO_NFS,
NFSGetDetectFlags, NFSSetDetectFlags);
}
else {
SCLogNotice("NFS protocol parsing disabled.");
}
#ifdef UNITTESTS
AppLayerParserRegisterProtocolUnittests(IPPROTO_UDP, ALPROTO_NFS,
NFSUDPParserRegisterTests);
#endif
}
void RegisterTFTPParsers(void)
{
const char *proto_name = "tftp";
/* Check if TFTP UDP detection is enabled. If it does not exist in
* the configuration file then it will be enabled by default. */
if (AppLayerProtoDetectConfProtoDetectionEnabled("udp", proto_name)) {
SCLogDebug("TFTP UDP protocol detection enabled.");
AppLayerProtoDetectRegisterProtocol(ALPROTO_TFTP, proto_name);
if (RunmodeIsUnittests()) {
SCLogDebug("Unittest mode, registeringd default configuration.");
AppLayerProtoDetectPPRegister(IPPROTO_UDP, TFTP_DEFAULT_PORT,
ALPROTO_TFTP, 0, TFTP_MIN_FRAME_LEN,
STREAM_TOSERVER, TFTPProbingParser,
NULL);
} else {
if (!AppLayerProtoDetectPPParseConfPorts("udp", IPPROTO_UDP,
proto_name, ALPROTO_TFTP,
0, TFTP_MIN_FRAME_LEN,
TFTPProbingParser, NULL)) {
SCLogDebug("No echo app-layer configuration, enabling echo"
" detection UDP detection on port %s.",
TFTP_DEFAULT_PORT);
AppLayerProtoDetectPPRegister(IPPROTO_UDP,
TFTP_DEFAULT_PORT, ALPROTO_TFTP,
0, TFTP_MIN_FRAME_LEN,
STREAM_TOSERVER,TFTPProbingParser,
NULL);
}
}
} else {
SCLogDebug("Protocol detecter and parser disabled for TFTP.");
return;
}
if (AppLayerParserConfParserEnabled("udp", proto_name)) {
SCLogDebug("Registering TFTP protocol parser.");
/* Register functions for state allocation and freeing. A
* state is allocated for every new TFTP flow. */
AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_TFTP,
TFTPStateAlloc, TFTPStateFree);
/* Register request parser for parsing frame from server to client. */
AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_TFTP,
STREAM_TOSERVER, TFTPParseRequest);
/* Register response parser for parsing frames from server to client. */
AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_TFTP,
STREAM_TOCLIENT, TFTPParseResponse);
/* Register a function to be called by the application layer
* when a transaction is to be freed. */
AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_TFTP,
TFTPStateTxFree);
AppLayerParserRegisterLoggerFuncs(IPPROTO_UDP, ALPROTO_TFTP,
TFTPGetTxLogged, TFTPSetTxLogged);
/* Register a function to return the current transaction count. */
AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_TFTP,
TFTPGetTxCnt);
/* Transaction handling. */
AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_TFTP,
TFTPGetAlstateProgressCompletionStatus);
AppLayerParserRegisterGetStateProgressFunc(IPPROTO_UDP,
ALPROTO_TFTP,
TFTPGetStateProgress);
AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_TFTP,
TFTPGetTx);
/* What is this being registered for? */
AppLayerParserRegisterDetectStateFuncs(IPPROTO_UDP, ALPROTO_TFTP,
TFTPGetTxDetectState,
TFTPSetTxDetectState);
AppLayerParserRegisterGetEventInfo(IPPROTO_UDP, ALPROTO_TFTP,
TFTPStateGetEventInfo);
AppLayerParserRegisterGetEventsFunc(IPPROTO_UDP, ALPROTO_TFTP,
TFTPGetEvents);
}
else {
SCLogDebug("TFTP protocol parsing disabled.");
}
#ifdef UNITTESTS
AppLayerParserRegisterProtocolUnittests(IPPROTO_UDP, ALPROTO_TFTP,
TFTPParserRegisterTests);
#endif
}
