Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

applayer: remove truncation logic #11393

Closed
wants to merge 1 commit into from
Closed

applayer: remove truncation logic #11393

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions rust/src/applayer.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -502,8 +502,6 @@ pub const APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD : u16 = BIT_U16!(3);
pub const APP_LAYER_PARSER_BYPASS_READY : u16 = BIT_U16!(4);
pub const APP_LAYER_PARSER_EOF_TS : u16 = BIT_U16!(5);
pub const APP_LAYER_PARSER_EOF_TC : u16 = BIT_U16!(6);
pub const APP_LAYER_PARSER_TRUNC_TS : u16 = BIT_U16!(7);
pub const APP_LAYER_PARSER_TRUNC_TC : u16 = BIT_U16!(8);

pub const APP_LAYER_PARSER_OPT_ACCEPT_GAPS: u32 = BIT_U32!(0);

Expand Down
34 changes: 5 additions & 29 deletions src/app-layer-parser.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,9 +201,6 @@ FramesContainer *AppLayerFramesSetupContainer(Flow *f)
return f->alparser->frames;
}

static inline void AppLayerParserStreamTruncated(AppLayerParserState *pstate, const uint8_t ipproto,
const AppProto alproto, void *alstate, const uint8_t direction);

#ifdef UNITTESTS
void UTHAppLayerParserStateGetIds(void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min)
{
Expand Down Expand Up @@ -947,11 +944,8 @@ void AppLayerParserTransactionsCleanup(Flow *f, const uint8_t pkt_dir)
AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
if (txd != NULL && AppLayerParserHasFilesInDir(txd, pkt_dir)) {
if (pkt_dir_trunc == -1)
pkt_dir_trunc =
AppLayerParserStateIssetFlag(f->alparser,
(pkt_dir == STREAM_TOSERVER) ? APP_LAYER_PARSER_TRUNC_TS
: APP_LAYER_PARSER_TRUNC_TC) != 0;

pkt_dir_trunc = IS_DISRUPTED(
(pkt_dir == STREAM_TOSERVER) ? ts_disrupt_flags : tc_disrupt_flags);
AppLayerParserFileTxHousekeeping(f, tx, pkt_dir, (bool)pkt_dir_trunc);
}

Expand Down Expand Up @@ -1308,7 +1302,7 @@ int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow
if (!(p->option_flags & APP_LAYER_PARSER_OPT_ACCEPT_GAPS)) {
SCLogDebug("app-layer parser does not accept gaps");
if (f->alstate != NULL && !FlowChangeProto(f)) {
AppLayerParserStreamTruncated(pstate, f->proto, alproto, f->alstate, flags);
AppLayerParserTriggerRawStreamReassembly(f, direction);
}
AppLayerIncGapErrorCounter(tv, f);
goto error;
Expand Down Expand Up @@ -1468,9 +1462,9 @@ int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow
AppLayerIncTxCounter(tv, f, cur_tx_cnt - p_tx_cnt);
}

/* stream truncated, inform app layer */
/* stream truncated, trigger raw stream reassembly */
if (flags & STREAM_DEPTH)
AppLayerParserStreamTruncated(pstate, f->proto, alproto, f->alstate, flags);
AppLayerParserTriggerRawStreamReassembly(f, direction);

end:
/* update app progress */
Expand Down Expand Up @@ -1796,24 +1790,6 @@ uint16_t AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag
SCReturnUInt(pstate->flags & flag);
}

static inline void AppLayerParserStreamTruncated(AppLayerParserState *pstate, const uint8_t ipproto,
const AppProto alproto, void *alstate, const uint8_t direction)
{
SCEnter();

if (direction & STREAM_TOSERVER) {
AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_TRUNC_TS);
} else {
AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_TRUNC_TC);
}

if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate != NULL) {
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate(alstate, direction);
}

SCReturn;
}

/***** Unittests *****/

#ifdef UNITTESTS
Expand Down
3 changes: 1 addition & 2 deletions src/app-layer-parser.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,7 @@
#define APP_LAYER_PARSER_BYPASS_READY BIT_U16(4)
#define APP_LAYER_PARSER_EOF_TS BIT_U16(5)
#define APP_LAYER_PARSER_EOF_TC BIT_U16(6)
#define APP_LAYER_PARSER_TRUNC_TS BIT_U16(7)
#define APP_LAYER_PARSER_TRUNC_TC BIT_U16(8)
/* 2x vacancy */
#define APP_LAYER_PARSER_SFRAME_TS BIT_U16(9)
#define APP_LAYER_PARSER_SFRAME_TC BIT_U16(10)

Expand Down
6 changes: 2 additions & 4 deletions src/output-tx.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -378,10 +378,8 @@ static TmEcode OutputTxLog(ThreadVars *tv, Packet *p, void *thread_data)
SCLogDebug("pcap_cnt %" PRIu64, p->pcap_cnt);

const bool last_pseudo = (p->flowflags & FLOW_PKT_LAST_PSEUDO) != 0;
const bool ts_eof = AppLayerParserStateIssetFlag(f->alparser,
(APP_LAYER_PARSER_EOF_TS | APP_LAYER_PARSER_TRUNC_TS)) != 0;
const bool tc_eof = AppLayerParserStateIssetFlag(f->alparser,
(APP_LAYER_PARSER_EOF_TC | APP_LAYER_PARSER_TRUNC_TC)) != 0;
const bool ts_eof = AppLayerParserStateIssetFlag(f->alparser, APP_LAYER_PARSER_EOF_TS) != 0;
const bool tc_eof = AppLayerParserStateIssetFlag(f->alparser, APP_LAYER_PARSER_EOF_TC) != 0;

const bool eof = last_pseudo || (ts_eof && tc_eof);
SCLogDebug("eof %d last_pseudo %d ts_eof %d tc_eof %d", eof, last_pseudo, ts_eof, tc_eof);
Expand Down
Loading