From 1d00583a843a2cf42c532b05e3db23bbe219af31 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 20 Nov 2023 14:54:45 +0100 Subject: [PATCH] stats: always use tcp/udp prefix Even when on detection-only mode. So that we always have enip_tcp and enip_udp in stats and never just `enip`. Suricata needs to know beyond suricata.yaml configuration which protocols can be enabled on both tcp and udp... Ticket: 6304 --- src/app-layer.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/app-layer.c b/src/app-layer.c index b031afce8ac8..8b2b18bc9db1 100644 --- a/src/app-layer.c +++ b/src/app-layer.c @@ -1049,6 +1049,22 @@ void AppLayerRegisterGlobalCounters(void) StatsRegisterGlobalCounter("app_layer.expectations", ExpectationGetCounter); } +static bool AppLayerParserBothTcpUdp(AppProto alproto) { + switch (alproto) { + case ALPROTO_DCERPC: + //fallthrough + case ALPROTO_DNS: + //fallthrough + case ALPROTO_ENIP: + //fallthrough + case ALPROTO_KRB5: + //fallthrough + case ALPROTO_NFS: + return true; + } + return false; +} + #define IPPROTOS_MAX 2 void AppLayerSetupCounters(void) { @@ -1062,7 +1078,6 @@ void AppLayerSetupCounters(void) for (uint8_t p = 0; p < IPPROTOS_MAX; p++) { const uint8_t ipproto = ipprotos[p]; const uint8_t ipproto_map = FlowGetProtoMapping(ipproto); - const uint8_t other_ipproto = ipproto == IPPROTO_TCP ? IPPROTO_UDP : IPPROTO_TCP; const char *ipproto_suffix = (ipproto == IPPROTO_TCP) ? "_tcp" : "_udp"; for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) { @@ -1070,8 +1085,7 @@ void AppLayerSetupCounters(void) const char *tx_str = "app_layer.tx."; const char *alproto_str = AppLayerGetProtoName(alproto); - if (AppLayerParserProtoIsRegistered(ipproto, alproto) && - AppLayerParserProtoIsRegistered(other_ipproto, alproto)) { + if (AppLayerParserBothTcpUdp(alproto)) { snprintf(applayer_counter_names[ipproto_map][alproto].name, sizeof(applayer_counter_names[ipproto_map][alproto].name), "%s%s%s", str, alproto_str, ipproto_suffix);