diff options
Diffstat (limited to 'framework/src/suricata/scripts/setup-app-layer.sh')
-rwxr-xr-x | framework/src/suricata/scripts/setup-app-layer.sh | 166 |
1 files changed, 166 insertions, 0 deletions
diff --git a/framework/src/suricata/scripts/setup-app-layer.sh b/framework/src/suricata/scripts/setup-app-layer.sh new file mode 100755 index 00000000..b24b5e61 --- /dev/null +++ b/framework/src/suricata/scripts/setup-app-layer.sh @@ -0,0 +1,166 @@ +#! /bin/sh +# +# Script to provision a new application layer detector and parser. + +set -e +#set -x + +function usage() { + cat <<EOF + +usage: $0 <protocol name> + +This script will provision a new app-layer parser for the protocol +name specified on the command line. This is done by copying and +patching src/app-layer-template.[ch] then linking the new files into +the build system. + +Examples: + + $0 DNP3 + $0 Gopher + +EOF +} + +fail_if_exists() { + path="$1" + if test -e "${path}"; then + echo "error: ${path} already exists." + exit 1 + fi +} + +function copy_template_file() { + src="$1" + dst="$2" + + echo "Creating ${dst}." + + sed -e "s/TEMPLATE/${protoname_upper}/g" \ + -e "s/template/${protoname_lower}/g" \ + -e "s/Template/${protoname}/g" > ${dst} < ${src} +} + +function copy_app_layer_templates { + src_h="src/app-layer-template.h" + dst_h="src/app-layer-${protoname_lower}.h" + src_c="src/app-layer-template.c" + dst_c="src/app-layer-${protoname_lower}.c" + + fail_if_exists ${dst_h} + fail_if_exists ${dst_c} + + copy_template_file ${src_h} ${dst_h} + copy_template_file ${src_c} ${dst_c} +} + +function patch_makefile_am { + filename="src/Makefile.am" + echo "Patching ${filename}." + ed -s ${filename} > /dev/null <<EOF +/app-layer-template +t- +s/template/${protoname_lower}/g +w +EOF +} + +function patch_app_layer_protos_h { + filename="src/app-layer-protos.h" + echo "Patching ${filename}." + ed -s ${filename} > /dev/null <<EOF +/ALPROTO_TEMPLATE +t- +s/TEMPLATE/${protoname_upper}/ +w +EOF +} + +function patch_app_layer_protos_c { + filename="src/app-layer-protos.c" + echo "Patching ${filename}." + ed -s ${filename} > /dev/null <<EOF +/case ALPROTO_TEMPLATE +.,+2t- +-2 +s/TEMPLATE/${protoname_upper}/ ++ +s/template/${protoname_lower}/ +w +EOF +} + +function patch_app_layer_detect_proto_c() { + filename="src/app-layer-detect-proto.c" + echo "Patching ${filename}." + ed -s ${filename} > /dev/null <<EOF +/== ALPROTO_TEMPLATE +.,+t- +-,.s/TEMPLATE/${protoname_upper}/ ++3 +/== ALPROTO_TEMPLATE +.,+t- +-,.s/TEMPLATE/${protoname_upper}/ ++3 +w +EOF +} + +function patch_app_layer_parser_c() { + filename="src/app-layer-parser.c" + echo "Patching ${filename}." + ed -s ${filename} > /dev/null <<EOF +/#include "app-layer-template.h" +t- +s/template/${protoname_lower}/ +/RegisterTemplateParsers +t- +s/Template/${protoname}/ +w +EOF +} + +function patch_suricata_yaml_in() { + filename="suricata.yaml.in" + echo "Patching ${filename}." + ed -s ${filename} > /dev/null <<EOF +/^app-layer: +/protocols: +a + ${protoname_lower}: + enabled: yes +. +w +EOF +} + +protoname="$1" + +if [ "${protoname}" = "" ]; then + usage + exit 1 +fi + +protoname_lower=$(printf ${protoname} | tr '[:upper:]' '[:lower:]') +protoname_upper=$(printf ${protoname} | tr '[:lower:]' '[:upper:]') + +copy_app_layer_templates +patch_makefile_am +patch_app_layer_protos_h +patch_app_layer_protos_c +patch_app_layer_detect_proto_c +patch_app_layer_parser_c +patch_suricata_yaml_in + +cat <<EOF + +An application detector and parser for the protocol ${protoname} has +now been setup in the files: + + src/app-layer-${protoname_lower}.h + src/app-layer-${protoname_lower}.c + +and should now build cleanly. Try running 'make'. + +EOF |