app-layer: get sbconfg with files

Karaday6673 · Jan 23, 2023 · 71bc9e7 · 71bc9e7
1 parent a1a2210
commit 71bc9e7
Show file tree

Hide file tree

Showing 18 changed files with 148 additions and 97 deletions.
diff --git a/rust/src/applayer.rs b/rust/src/applayer.rs
@@ -24,6 +24,7 @@ use crate::applayer;
 use std::os::raw::{c_void,c_char,c_int};
 use crate::core::SC;
 use std::ffi::CStr;
+use crate::core::StreamingBufferConfig;
 
 // Make the AppLayerEvent derive macro available to users importing
 // AppLayerEvent from this module.
@@ -383,6 +384,20 @@ macro_rules! cast_pointer {
     ($ptr:ident, $ty:ty) => ( &mut *($ptr as *mut $ty) );
 }
 
+/// helper for the GetTxFilesFn. Not meant to be embedded as the config
+/// pointer is passed around in the API.
+#[allow(non_snake_case)]
+#[repr(C)]
+pub struct AppLayerGetFileState {
+    pub fc: *mut FileContainer,
+    pub cfg: *const StreamingBufferConfig,
+}
+impl AppLayerGetFileState {
+    pub fn err() -> AppLayerGetFileState {
+        AppLayerGetFileState { fc: std::ptr::null_mut(), cfg: std::ptr::null() }
+    }
+}
+
 pub type ParseFn      = unsafe extern "C" fn (flow: *const Flow,
                                        state: *mut c_void,
                                        pstate: *mut c_void,
@@ -399,7 +414,7 @@ pub type GetEventInfoFn     = unsafe extern "C" fn (*const c_char, *mut c_int, *
 pub type GetEventInfoByIdFn = unsafe extern "C" fn (c_int, *mut *const c_char, *mut AppLayerEventType) -> i8;
 pub type LocalStorageNewFn  = extern "C" fn () -> *mut c_void;
 pub type LocalStorageFreeFn = extern "C" fn (*mut c_void);
-pub type GetTxFilesFn       = unsafe extern "C" fn (*mut c_void, u8) -> *mut FileContainer;
+pub type GetTxFilesFn       = unsafe extern "C" fn (*mut c_void, *mut c_void, u8) -> AppLayerGetFileState;
 pub type GetTxIteratorFn    = unsafe extern "C" fn (ipproto: u8, alproto: AppProto,
                                              state: *mut c_void,
                                              min_tx_id: u64,

diff --git a/rust/src/http2/http2.rs b/rust/src/http2/http2.rs
@@ -1210,14 +1210,15 @@ pub unsafe extern "C" fn rs_http2_tx_get_alstate_progress(
 
 #[no_mangle]
 pub unsafe extern "C" fn rs_http2_getfiles(
+    _state: *mut std::os::raw::c_void,
     tx: *mut std::os::raw::c_void, direction: u8,
-) -> *mut FileContainer {
+) -> AppLayerGetFileState {
     let tx = cast_pointer!(tx, HTTP2Transaction);
-    if direction == Direction::ToClient.into() {
-        &mut tx.files.files_tc as *mut FileContainer
-    } else {
-        &mut tx.files.files_ts as *mut FileContainer
+    let (files, _flags) = tx.files.get(direction.into());
+    if let Some(sfcm) = { SURICATA_HTTP2_FILE_CONFIG } {
+        return AppLayerGetFileState { fc: files, cfg: sfcm.files_sbcfg }
     }
+    AppLayerGetFileState::err()
 }
 
 // Parser name as a C style string.

diff --git a/rust/src/nfs/nfs.rs b/rust/src/nfs/nfs.rs
@@ -158,14 +158,15 @@ impl NFSTransactionFile {
 }
 
 #[no_mangle]
-pub unsafe extern "C" fn rs_nfs_gettxfiles(tx_ptr: *mut std::ffi::c_void, direction: u8) -> * mut FileContainer {
-    let tx = cast_pointer!(tx_ptr, NFSTransaction);
+pub unsafe extern "C" fn rs_nfs_gettxfiles(_state: *mut std::ffi::c_void, tx: *mut std::ffi::c_void, direction: u8) -> AppLayerGetFileState {
+    let tx = cast_pointer!(tx, NFSTransaction);
     if let Some(NFSTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
         let (files, _flags) = tdf.files.get(direction.into());
-        files
-    } else {
-        std::ptr::null_mut()
+        if let Some(sfcm) = { SURICATA_NFS_FILE_CONFIG } {
+            return AppLayerGetFileState { fc: files, cfg: sfcm.files_sbcfg }
+        }
     }
+    AppLayerGetFileState::err()
 }
 
 #[derive(Debug)]

diff --git a/rust/src/smb/files.rs b/rust/src/smb/files.rs
@@ -225,13 +225,15 @@ impl SMBState {
     }
 }
 
+use crate::applayer::AppLayerGetFileState;
 #[no_mangle]
-pub unsafe extern "C" fn rs_smb_gettxfiles(tx_ptr: *mut std::ffi::c_void, direction: u8) -> * mut FileContainer {
-    let tx = cast_pointer!(tx_ptr, SMBTransaction);
+pub unsafe extern "C" fn rs_smb_gettxfiles(_state: *mut std::ffi::c_void, tx: *mut std::ffi::c_void, direction: u8) -> AppLayerGetFileState {
+    let tx = cast_pointer!(tx, SMBTransaction);
     if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
         let (files, _flags) = tdf.files.get(direction.into());
-        files
-    } else {
-        std::ptr::null_mut()
+        if let Some(sfcm) = { SURICATA_SMB_FILE_CONFIG } {
+            return AppLayerGetFileState { fc: files, cfg: sfcm.files_sbcfg }
+        }
     }
+    AppLayerGetFileState::err()
 }
diff --git a/src/app-layer-ftp.c b/src/app-layer-ftp.c
@@ -1284,14 +1284,15 @@ static int FTPDataGetAlstateProgress(void *tx, uint8_t direction)
         return FTPDATA_STATE_FINISHED;
 }
 
-static FileContainer *FTPDataStateGetTxFiles(void *tx, uint8_t direction)
+static AppLayerGetFileState FTPDataStateGetTxFiles(void *_state, void *tx, uint8_t direction)
 {
     FtpDataState *ftpdata_state = (FtpDataState *)tx;
+    AppLayerGetFileState files = { .fc = NULL, .cfg = &sbcfg };
 
-    if (direction != ftpdata_state->direction)
-        SCReturnPtr(NULL, "FileContainer");
+    if (direction == ftpdata_state->direction)
+        files.fc = ftpdata_state->files;
 
-    SCReturnPtr(ftpdata_state->files, "FileContainer");
+    return files;
 }
 
 static void FTPSetMpmState(void)

diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c
@@ -3021,18 +3021,22 @@ void AppLayerHtpPrintStats(void)
  *  \param direction flow direction
  *  \retval files files ptr
  */
-static FileContainer *HTPGetTxFiles(void *txv, uint8_t direction)
+static AppLayerGetFileState HTPGetTxFiles(void *state, void *txv, uint8_t direction)
 {
+    AppLayerGetFileState files = { .fc = NULL, .cfg = NULL };
+    HtpState *s = state;
     htp_tx_t *tx = (htp_tx_t *)txv;
     HtpTxUserData *tx_ud = htp_tx_get_user_data(tx);
     if (tx_ud) {
         if (direction & STREAM_TOCLIENT) {
-            SCReturnPtr(&tx_ud->files_tc, "FileContainer");
+            files.fc = &tx_ud->files_tc;
+            files.cfg = &s->cfg->response.sbcfg;
         } else {
-            SCReturnPtr(&tx_ud->files_ts, "FileContainer");
+            files.fc = &tx_ud->files_ts;
+            files.cfg = &s->cfg->request.sbcfg;
         }
     }
-    SCReturnPtr(NULL, "FileContainer");
+    return files;
 }
 
 static int HTPStateGetAlstateProgress(void *tx, uint8_t direction)
@@ -6962,7 +6966,8 @@ libhtp:\n\
     void *tx_ptr = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP1, http_state, 0);
     FAIL_IF_NULL(tx_ptr);
 
-    FileContainer *ffc = HTPGetTxFiles(tx_ptr, STREAM_TOCLIENT);
+    AppLayerGetFileState files = HTPGetTxFiles(http_state, tx_ptr, STREAM_TOCLIENT);
+    FileContainer *ffc = files.fc;
     FAIL_IF_NULL(ffc);
 
     File *ptr = ffc->head;

diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
@@ -95,7 +95,7 @@ typedef struct AppLayerParserProtoCtx_
 
     /** get FileContainer reference from the TX. MUST return a non-NULL reference if the TX
      *  has or may have files in the requested direction at some point. */
-    FileContainer *(*GetTxFiles)(void *, uint8_t);
+    AppLayerGetFileState (*GetTxFiles)(void *, void *, uint8_t);
 
     int (*StateGetProgress)(void *alstate, uint8_t direction);
     uint64_t (*StateGetTxCnt)(void *alstate);
@@ -455,8 +455,8 @@ void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto alproto,
     SCReturn;
 }
 
-void AppLayerParserRegisterGetTxFilesFunc(
-        uint8_t ipproto, AppProto alproto, FileContainer *(*GetTxFiles)(void *, uint8_t))
+void AppLayerParserRegisterGetTxFilesFunc(uint8_t ipproto, AppProto alproto,
+        AppLayerGetFileState (*GetTxFiles)(void *, void *, uint8_t))
 {
     SCEnter();
 
@@ -887,28 +887,28 @@ AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alp
     SCReturnPtr(ptr, "AppLayerDecoderEvents *");
 }
 
-FileContainer *AppLayerParserGetTxFiles(const Flow *f, void *tx, const uint8_t direction)
+AppLayerGetFileState AppLayerParserGetTxFiles(
+        const Flow *f, void *state, void *tx, const uint8_t direction)
 {
     SCEnter();
 
-    FileContainer *ptr = NULL;
-
     if (alp_ctx.ctxs[f->protomap][f->alproto].GetTxFiles != NULL) {
-        ptr = alp_ctx.ctxs[f->protomap][f->alproto].GetTxFiles(tx, direction);
+        return alp_ctx.ctxs[f->protomap][f->alproto].GetTxFiles(state, tx, direction);
     }
 
-    SCReturnPtr(ptr, "FileContainer *");
+    AppLayerGetFileState files = { .fc = NULL, .cfg = NULL };
+    return files;
 }
 
 static void AppLayerParserFileTxHousekeeping(
         const Flow *f, void *tx, const uint8_t pkt_dir, const bool trunc)
 {
-    FileContainer *fc = AppLayerParserGetTxFiles(f, tx, pkt_dir);
-    if (fc) {
+    AppLayerGetFileState files = AppLayerParserGetTxFiles(f, FlowGetAppState(f), tx, pkt_dir);
+    if (files.fc) {
         if (trunc) {
-            FileTruncateAllOpenFiles(fc);
+            FileTruncateAllOpenFiles(files.fc);
         }
-        FilePrune(fc);
+        FilePrune(files.fc);
     }
 }
 

diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h
@@ -177,8 +177,8 @@ void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto proto,
         void *(*LocalStorageAlloc)(void), void (*LocalStorageFree)(void *));
 // void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto proto,
 //     AppLayerDecoderEvents *(*StateGetEvents)(void *) __attribute__((nonnull)));
-void AppLayerParserRegisterGetTxFilesFunc(
-        uint8_t ipproto, AppProto alproto, FileContainer *(*GetTxFiles)(void *, uint8_t));
+void AppLayerParserRegisterGetTxFilesFunc(uint8_t ipproto, AppProto alproto,
+        AppLayerGetFileState (*GetTxFiles)(void *, void *, uint8_t));
 void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto,
                          LoggerId (*StateGetTxLogged)(void *, void *),
                          void (*StateSetTxLogged)(void *, void *, LoggerId));
@@ -241,7 +241,8 @@ void AppLayerParserSetTransactionInspectId(const Flow *f, AppLayerParserState *p
 AppLayerDecoderEvents *AppLayerParserGetDecoderEvents(AppLayerParserState *pstate);
 void AppLayerParserSetDecoderEvents(AppLayerParserState *pstate, AppLayerDecoderEvents *devents);
 AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto, void *tx);
-FileContainer *AppLayerParserGetTxFiles(const Flow *f, void *tx, const uint8_t direction);
+AppLayerGetFileState AppLayerParserGetTxFiles(
+        const Flow *f, void *state, void *tx, const uint8_t direction);
 int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto,
                         void *alstate, uint8_t direction);
 uint64_t AppLayerParserGetTxCnt(const Flow *, void *alstate);

diff --git a/src/app-layer-register.h b/src/app-layer-register.h
@@ -59,7 +59,7 @@ typedef struct AppLayerParser {
     void *(*LocalStorageAlloc)(void);
     void (*LocalStorageFree)(void *);
 
-    FileContainer *(*GetTxFiles)(void *, uint8_t);
+    AppLayerGetFileState (*GetTxFiles)(void *, void *, uint8_t);
 
     AppLayerGetTxIterTuple (*GetTxIterator)(const uint8_t ipproto,
             const AppProto alproto, void *alstate, uint64_t min_tx_id,

diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c
@@ -1691,16 +1691,15 @@ static int SMTPStateGetAlstateProgress(void *vtx, uint8_t direction)
     return tx->done;
 }
 
-static FileContainer *SMTPGetTxFiles(void *txv, uint8_t direction)
+static AppLayerGetFileState SMTPGetTxFiles(void *state, void *txv, uint8_t direction)
 {
+    AppLayerGetFileState files = { .fc = NULL, .cfg = &smtp_config.sbcfg };
     SMTPTransaction *tx = (SMTPTransaction *)txv;
 
-    if (direction & STREAM_TOCLIENT) {
-        SCReturnPtr(NULL, "FileContainer");
-    } else {
-        SCLogDebug("tx->files_ts %p", &tx->files_ts);
-        SCReturnPtr(&tx->files_ts, "FileContainer");
+    if (direction & STREAM_TOSERVER) {
+        files.fc = &tx->files_ts;
     }
+    return files;
 }
 
 static AppLayerTxData *SMTPGetTxData(void *vtx)

diff --git a/src/detect-engine-file.c b/src/detect-engine-file.c
@@ -182,13 +182,14 @@ static uint8_t DetectFileInspect(DetectEngineThreadCtx *det_ctx, Flow *f, const
  */
 uint8_t DetectFileInspectGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
         const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
-        uint8_t flags, void *_alstate, void *tx, uint64_t tx_id)
+        uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
 {
     SCEnter();
-    DEBUG_VALIDATE_BUG_ON(f->alstate != _alstate);
+    DEBUG_VALIDATE_BUG_ON(f->alstate != alstate);
 
     const uint8_t direction = flags & (STREAM_TOSERVER|STREAM_TOCLIENT);
-    FileContainer *ffc = AppLayerParserGetTxFiles(f, tx, direction);
+    AppLayerGetFileState files = AppLayerParserGetTxFiles(f, alstate, tx, direction);
+    FileContainer *ffc = files.fc;
     SCLogDebug("tx %p tx_id %" PRIu64 " ffc %p ffc->head %p sid %u", tx, tx_id, ffc,
             ffc ? ffc->head : NULL, s->id);
     if (ffc == NULL) {