OISF · liheng562653799 · Oct 16, 2025 · Oct 17, 2025 · Oct 17, 2025 · catenacyber
@@ -393,14 +393,6 @@ const PARSER_NAME : &[u8] = b"snmp\0";
 #[no_mangle]
 pub unsafe extern "C" fn SCRegisterSnmpParser() {
     let ip_proto_str = CString::new("udp").unwrap();
-    if SCAppLayerProtoDetectConfProtoDetectionEnabled(
-        ip_proto_str.as_ptr(),
-        PARSER_NAME.as_ptr() as *const std::os::raw::c_char,
-    ) == 0
-    {
-        SCLogDebug!("Protocol detector and parser disabled for SNMP.");
-        return;
-    }
     let default_port = CString::new("161").unwrap();
     let mut parser = RustParser {
         name: PARSER_NAME.as_ptr() as *const std::os::raw::c_char,
@@ -445,17 +437,21 @@ pub unsafe extern "C" fn SCRegisterSnmpParser() {
     };
     SCOutputEvePreRegisterLogger(reg_data);
     SCSigTablePreRegister(Some(detect_snmp_register));
-    // port 161
-    _ = AppLayerRegisterProtocolDetection(&parser, 1);
-    if SCAppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
-        let _ = AppLayerRegisterParser(&parser, ALPROTO_SNMP);
-    }
-    // port 162
-    let default_port_traps = CString::new("162").unwrap();
-    parser.default_port = default_port_traps.as_ptr();
-    let _ = AppLayerRegisterProtocolDetection(&parser, 1);
-    if SCAppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
-        let _ = AppLayerRegisterParser(&parser, ALPROTO_SNMP);
+   if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+        // port 161
+        _ = AppLayerRegisterProtocolDetection(&parser, 1);
+        if SCAppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+            let _ = AppLayerRegisterParser(&parser, ALPROTO_SNMP);
+        }
+        // port 162
+        let default_port_traps = CString::new("162").unwrap();
+        parser.default_port = default_port_traps.as_ptr();
+        let _ = AppLayerRegisterProtocolDetection(&parser, 1);
+        if SCAppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+            let _ = AppLayerRegisterParser(&parser, ALPROTO_SNMP);
+        }
+        SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SNMP);
+    } else {
+        SCLogDebug!("Protocol detector and parser disabled for SNMP.");
     }
-    SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SNMP);
 }
@@ -1657,6 +1657,33 @@ int SCAppLayerProtoDetectPMRegisterPatternCI(uint8_t ipproto, AppProto alproto,
 }
 
 /***** Setup/General Registration *****/
+
+#define ARRAY_CAP_STEP 16
+int SCAppLayerProtoDetectReallocCtx(AppProto alproto)
+{
+    if (alpd_ctx.alproto_names_len <= alproto && alproto < g_alproto_max) {
+        /* Realloc alpd_ctx.alproto_names, so that dynamic alproto can be treated as real/normal ones. 
+         * In case we need to turn off dynamic alproto. */
+        void *tmp = SCRealloc(alpd_ctx.alproto_names,  
+                sizeof(char *) * (alpd_ctx.alproto_names_len + ARRAY_CAP_STEP));
+        if (unlikely(tmp == NULL)) {
+            FatalError("Unable to realloc alproto_names.");
+        }
+        alpd_ctx.alproto_names = tmp;
+        memset(&alpd_ctx.alproto_names[alpd_ctx.alproto_names_len], 0, sizeof(char *) * ARRAY_CAP_STEP);
+        alpd_ctx.alproto_names_len += ARRAY_CAP_STEP;
+
+        uint8_t *tmp2 = SCRealloc(alpd_ctx.expectation_proto,  
+                sizeof(uint8_t) * (alpd_ctx.expectation_proto_len + ARRAY_CAP_STEP));
+        if (unlikely(tmp2 == NULL)) {
+            FatalError("Unable to realloc expectation_proto.");
+        }
+        alpd_ctx.expectation_proto = tmp2;
+        memset(&alpd_ctx.expectation_proto[alpd_ctx.expectation_proto_len], 0, sizeof(uint8_t) * ARRAY_CAP_STEP);
+        alpd_ctx.expectation_proto_len += ARRAY_CAP_STEP;
+    }
+    SCReturnInt(0);
+}
 
 int AppLayerProtoDetectSetup(void)
 {
@@ -1742,16 +1769,6 @@ void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_n
 {
     SCEnter();
 
-    if (alpd_ctx.alproto_names_len <= alproto && alproto < g_alproto_max) {
-        void *tmp = SCRealloc(alpd_ctx.alproto_names, sizeof(char *) * g_alproto_max);
-        if (unlikely(tmp == NULL)) {
-            FatalError("Unable to realloc alproto_names.");
-        }
-        alpd_ctx.alproto_names = tmp;
-        memset(&alpd_ctx.alproto_names[alpd_ctx.alproto_names_len], 0,
-                sizeof(char *) * (g_alproto_max - alpd_ctx.alproto_names_len));
-        alpd_ctx.alproto_names_len = g_alproto_max;
-    }
     if (alpd_ctx.alproto_names[alproto] == NULL)
         alpd_ctx.alproto_names[alproto] = alproto_name;
 

@@ -114,6 +114,7 @@ void SCAppLayerForceProtocolChange(Flow *f, AppProto new_proto);
 /**
  * \brief Cleans up the app layer protocol detection phase.
  */
+int SCAppLayerProtoDetectReallocCtx(AppProto alproto);
 int AppLayerProtoDetectDeSetup(void);
 
 /**

@@ -437,20 +437,6 @@ void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto,
 {
     SCEnter();
 
-    if (alp_ctx.ctxs_len <= alproto && alproto < g_alproto_max) {
-        // Realloc now as AppLayerParserRegisterStateFuncs is called first
-        void *tmp = SCRealloc(
-                alp_ctx.ctxs, sizeof(AppLayerParserProtoCtx[FLOW_PROTO_MAX]) * g_alproto_max);
-        if (unlikely(tmp == NULL)) {
-            FatalError("Unable to realloc alp_ctx.ctxs.");
-        }
-        alp_ctx.ctxs = tmp;
-        memset(&alp_ctx.ctxs[alp_ctx.ctxs_len], 0,
-                sizeof(AppLayerParserProtoCtx[FLOW_PROTO_MAX]) *
-                        (g_alproto_max - alp_ctx.ctxs_len));
-        alp_ctx.ctxs_len = g_alproto_max;
-    }
-
     alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateAlloc = StateAlloc;
     alp_ctx.ctxs[alproto][FlowGetProtoMapping(ipproto)].StateFree = StateFree;
 
@@ -1750,6 +1736,24 @@ static void (**PreRegisteredCallbacks)(void) = NULL;
 static size_t preregistered_callbacks_nb = 0;
 static size_t preregistered_callbacks_cap = 0;
 
+int SCAppLayerParserReallocCtx(AppProto alproto)
+{
+    if (alp_ctx.ctxs_len <= alproto && alproto < g_alproto_max) {
+        /* Realloc alp_ctx.ctxs, so that dynamic alproto can be treated as real/normal ones. 
+         * In case we need to turn off dynamic alproto. */
+        void *tmp = SCRealloc(alp_ctx.ctxs, 
+                sizeof(AppLayerParserProtoCtx[FLOW_PROTO_MAX]) * (alp_ctx.ctxs_len + ARRAY_CAP_STEP));
+        if (unlikely(tmp == NULL)) {
+            FatalError("Unable to realloc alp_ctx.ctxs.");
+        }
+        alp_ctx.ctxs = tmp;
+        memset(&alp_ctx.ctxs[alp_ctx.ctxs_len], 0, 
+                sizeof(AppLayerParserProtoCtx[FLOW_PROTO_MAX]) * ARRAY_CAP_STEP);
+        alp_ctx.ctxs_len += ARRAY_CAP_STEP;
+    }
+    return 0;
+}
+
 int AppLayerParserPreRegister(void (*Register)(void))
 {
     if (preregistered_callbacks_nb == preregistered_callbacks_cap) {

@@ -160,6 +160,7 @@ typedef const char *(*AppLayerParserGetStateNameByIdFn)(const int id, const uint
 typedef int (*AppLayerParserGetFrameIdByNameFn)(const char *frame_name);
 typedef const char *(*AppLayerParserGetFrameNameByIdFn)(const uint8_t id);
 
+int SCAppLayerParserReallocCtx(AppProto alproto);
 int AppLayerParserPreRegister(void (*Register)(void));
 /**
  * \brief Register app layer parser for the protocol.

@@ -24,6 +24,8 @@
 
 #include "suricata-common.h"
 #include "app-layer-protos.h"
+#include "app-layer-parser.h"
+#include "app-layer-detect-proto.h"
 #include "rust.h"
 
 AppProto g_alproto_max = ALPROTO_MAX_STATIC;
@@ -97,6 +99,8 @@ void AppProtoRegisterProtoString(AppProto alproto, const char *proto_name)
             g_alproto_strings = tmp;
         }
         g_alproto_max++;
+        SCAppLayerParserReallocCtx(alproto);
+        SCAppLayerProtoDetectReallocCtx(alproto);
     }
     g_alproto_strings[alproto].str = proto_name;
     g_alproto_strings[alproto].alproto = alproto;
-Original file line number
+Diff line change
@@ Expand Up @@
     /**
      * \brief Cleans up the app layer protocol detection phase.
      */
+    int SCAppLayerProtoDetectReallocCtx(AppProto alproto);
     int AppLayerProtoDetectDeSetup(void);
     /**
@@ Expand Down @@