++

Zainullin Damir · Zainullin Damir · commit ba535e5fc3bf · 2025-10-04T12:19:11.000+02:00
diff --git a/src/plugins/process/http/src/http.cpp b/src/plugins/process/http/src/http.cpp
@@ -165,48 +165,6 @@ void HTTPPlugin::saveParsedValues(
 	}
 }
 
-/*bool HTTPPlugin::parseHTTP(
-	std::span<const std::byte> payload, FlowRecord& flowRecord, HTTPData& httpData) noexcept
-{
-	HTTPParser parser;
-	parser.parse(payload);
-
-	if (!parser.method.has_value()) {
-		return {
-			.updateRequirement = UpdateRequirement::NoUpdateNeeded,
-			.flowAction = FlowAction::RemovePlugin,
-		};
-	}
-
-	if (parser.requestParsed && httpData.requestParsed) {
-		// Must be flush and reinsert ????
-		return {
-			.updateRequirement = UpdateRequirement::RequiresUpdate,
-			.flowAction = FlowAction::Flush,
-		};
-	}
-
-	if (parser.responseParsed && httpData.responseParsed) {
-		// Must be flush and reinsert ????
-		return {
-			.updateRequirement = UpdateRequirement::RequiresUpdate,
-			.flowAction = FlowAction::Flush,
-		};
-	}
-
-	if (httpData.requestParsed && httpData.responseParsed) {
-		return {
-			.updateRequirement = UpdateRequirement::NoUpdateNeeded,
-			.flowAction = FlowAction::NoAction,
-		};
-	}
-
-	return {
-		.updateRequirement = UpdateRequirement::RequiresUpdate,
-		.flowAction = FlowAction::NoAction,
-	};
-}*/
-
 PluginInitResult HTTPPlugin::onInit(const FlowContext& flowContext, void* pluginContext)
 {
 	HTTPParser parser;
@@ -222,9 +180,7 @@ PluginInitResult HTTPPlugin::onInit(const FlowContext& flowContext, void* plugin
 
 	auto* pluginData = std::construct_at(reinterpret_cast<HTTPData*>(pluginContext));
 	saveParsedValues(parser, flowContext.flowRecord, *pluginData);
-	/*auto [updateRequirement, flowAction] = parseHTTP(
-		toSpan<const std::byte>(flowContext.packet.payload, flowContext.packet.payload_len),
-	   flowContext.flowRecord, *pluginData);*/
+
 	return {
 		.constructionState = ConstructionState::Constructed,
 		.updateRequirement = UpdateRequirement::RequiresUpdate,
@@ -242,6 +198,23 @@ PluginUpdateResult HTTPPlugin::beforeUpdate(const FlowContext& flowContext, void
 		};
 	}
 
+	HTTPParser parser;
+	parser.parse(
+		toSpan<const std::byte>(flowContext.packet.payload, flowContext.packet.payload_len));
+	if (parser.requestParsed && pluginData->requestParsed) {
+		return {
+			.updateRequirement = UpdateRequirement::NoUpdateNeeded,
+			.flowAction = FlowAction::Flush,
+		};
+	}
+
+	if (parser.responseParsed && pluginData->responseParsed) {
+		return {
+			.updateRequirement = UpdateRequirement::NoUpdateNeeded,
+			.flowAction = FlowAction::Flush,
+		};
+	}
+
 	return {
 		.updateRequirement = UpdateRequirement::RequiresUpdate,
 		.flowAction = FlowAction::NoAction,
@@ -254,12 +227,7 @@ PluginUpdateResult HTTPPlugin::onUpdate(const FlowContext& flowContext, void* pl
 	HTTPParser parser;
 	parser.parse(
 		toSpan<const std::byte>(flowContext.packet.payload, flowContext.packet.payload_len));
-	if (pluginData->requestParsed && pluginData->responseParsed) {
-		return {
-			.updateRequirement = UpdateRequirement::NoUpdateNeeded,
-			.flowAction = FlowAction::NoAction,
-		};
-	}
+	saveParsedValues(parser, flowContext.flowRecord, *pluginData);
 
 	return {
 		.updateRequirement = UpdateRequirement::RequiresUpdate,
diff --git a/src/plugins/process/http/src/http.hpp b/src/plugins/process/http/src/http.hpp
@@ -52,20 +52,27 @@ class HTTPPlugin : public ProcessPlugin {
 	 */
 	PluginInitResult onInit(const FlowContext& flowContext, void* pluginContext) override;
 
+	/**
+	 * @brief Called before the main per-packet update.
+	 *
+	 * If both request and response are already parsed, no further updates are needed.
+	 * If a new request or response is parsed and the respective one was already seen,
+	 * the flow is flushed and then reinserted.
+	 *
+	 * @param flowContext Contextual information about the flow to be updated.
+	 * @param pluginContext Pointer to `HTTPData`.
+	 * @return Result of the pre-update check.
+	 */
 	PluginUpdateResult beforeUpdate(const FlowContext& flowContext, void* pluginContext) override;
 
 	/**
 	 * @brief Updates plugin data with values from new packet.
 	 *
 	 * Inserts parsed HTTP data into `HTTPData`.
-	 * If packet is an HTTP request and request was already seen, the flow is flushed with reinsert.
-	 * If packet is an HTTP response and response was already seen, the flow is flushed with
-	 * reinsert.
 	 *
 	 * @param flowContext Contextual information about the flow to be updated.
 	 * @param pluginContext Pointer to `HTTPData`.
-	 * @return Result of the update, does not require new packets if request and response are
-	 * already parsed.
+	 * @return Result of the update..
 	 */
 	PluginUpdateResult onUpdate(const FlowContext& flowContext, void* pluginContext) override;
 
@@ -82,8 +89,6 @@ class HTTPPlugin : public ProcessPlugin {
 	PluginDataMemoryLayout getDataMemoryLayout() const noexcept override;
 
 private:
-	// PluginUpdateResult parseHTTP(std::span<const std::byte> payload, FlowRecord& flowRecord,
-	// HTTPData& httpData) noexcept;
 	void
 	saveParsedValues(const HTTPParser& parser, FlowRecord& flowRecord, HTTPData& httpData) noexcept;
 
diff --git a/src/plugins/process/mpls/src/mpls.cpp b/src/plugins/process/mpls/src/mpls.cpp
@@ -45,13 +45,14 @@ createMPLSSchema(FieldManager& fieldManager, FieldHandlers<MPLSFields>& handlers
 {
 	FieldGroup schema = fieldManager.createFieldGroup("mpls");
 
-	// TODO FIX
-	/*handlers.insert(MPLSFields::MPLS_TOP_LABEL_STACK_SECTION, schema.addVectorField(
-		"MPLS_TOP_LABEL_STACK_SECTION",
-		[](const void* context) { return toSpan<const std::byte>(reinterpret_cast<const uint8_t*>(
-				&reinterpret_cast<const MPLSData*>(context)->topLabel),
-				sizeof(uint32_t)); }
-	));*/
+	handlers.insert(
+		MPLSFields::MPLS_TOP_LABEL_STACK_SECTION,
+		schema.addVectorField("MPLS_TOP_LABEL_STACK_SECTION", [](const void* context) {
+			return toSpan<const std::byte>(
+				reinterpret_cast<const std::byte*>(
+					&reinterpret_cast<const MPLSData*>(context)->topLabel),
+				sizeof(uint32_t));
+		}));
 
 	return schema;
 }
diff --git a/src/plugins/process/rtsp/src/rtsp.cpp b/src/plugins/process/rtsp/src/rtsp.cpp
@@ -245,35 +245,18 @@ constexpr bool RTSPPlugin::parseResponse(std::string_view payload, RTSPData& plu
 }
 
 constexpr PluginUpdateResult
-RTSPPlugin::updateExportData(std::span<const std::byte> payload, RTSPData& pluginData) noexcept
+RTSPPlugin::updateExportData(std::string_view payload, RTSPData& pluginData) noexcept
 {
-	std::string_view payloadView = {reinterpret_cast<const char*>(payload.data()), payload.size()};
-	if (isRequest(payloadView)) {
-		if (pluginData.processingState.requestParsed) {
-			// TODO Flush and reinsert
-			return {
-				.updateRequirement = UpdateRequirement::NoUpdateNeeded,
-				.flowAction = FlowAction::NoAction};
-		}
-		if (!parseRequest(payloadView, pluginData)) {
-			return {
-				.updateRequirement = UpdateRequirement::NoUpdateNeeded,
-				.flowAction = FlowAction::NoAction};
-		}
+	if (isRequest(payload) && !parseRequest(payload, pluginData)) {
+		return {
+			.updateRequirement = UpdateRequirement::NoUpdateNeeded,
+			.flowAction = FlowAction::NoAction};
 	}
 
-	if (isResponse(payloadView)) {
-		if (pluginData.processingState.responseParsed) {
-			// TODO Flush and reinsert
-			return {
-				.updateRequirement = UpdateRequirement::NoUpdateNeeded,
-				.flowAction = FlowAction::NoAction};
-		}
-		if (!parseResponse(payloadView, pluginData)) {
-			return {
-				.updateRequirement = UpdateRequirement::NoUpdateNeeded,
-				.flowAction = FlowAction::NoAction};
-		}
+	if (isResponse(payload) && !parseResponse(payload, pluginData)) {
+		return {
+			.updateRequirement = UpdateRequirement::NoUpdateNeeded,
+			.flowAction = FlowAction::NoAction};
 	}
 
 	return {
@@ -283,10 +266,19 @@ RTSPPlugin::updateExportData(std::span<const std::byte> payload, RTSPData& plugi
 
 PluginInitResult RTSPPlugin::onInit(const FlowContext& flowContext, void* pluginContext)
 {
+	std::string_view payloadView
+		= {reinterpret_cast<const char*>(flowContext.packet.payload),
+		   flowContext.packet.payload_len};
+	if (!isRequest(payloadView) && !isResponse(payloadView)) {
+		return {
+			.constructionState = ConstructionState::NotConstructed,
+			.updateRequirement = UpdateRequirement::NoUpdateNeeded,
+			.flowAction = FlowAction::NoAction,
+		};
+	}
+
 	auto* pluginData = std::construct_at(reinterpret_cast<RTSPData*>(pluginContext));
-	auto [updateRequirement, flowAction] = updateExportData(
-		toSpan<const std::byte>(flowContext.packet.payload, flowContext.packet.payload_len),
-		*pluginData);
+	auto [updateRequirement, flowAction] = updateExportData(payloadView, *pluginData);
 
 	return {
 		.constructionState = ConstructionState::Constructed,
@@ -295,11 +287,36 @@ PluginInitResult RTSPPlugin::onInit(const FlowContext& flowContext, void* plugin
 	};
 }
 
+PluginUpdateResult RTSPPlugin::beforeUpdate(const FlowContext& flowContext, void* pluginContext)
+{
+	auto pluginData = *reinterpret_cast<RTSPData*>(pluginContext);
+	std::string_view payload
+		= {reinterpret_cast<const char*>(flowContext.packet.payload),
+		   flowContext.packet.payload_len};
+
+	if (isRequest(payload) && pluginData.processingState.requestParsed) {
+		return {
+			.updateRequirement = UpdateRequirement::RequiresUpdate,
+			.flowAction = FlowAction::Flush};
+	}
+
+	if (isResponse(payload) && pluginData.processingState.responseParsed) {
+		return {
+			.updateRequirement = UpdateRequirement::RequiresUpdate,
+			.flowAction = FlowAction::Flush};
+	}
+
+	return {
+		.updateRequirement = UpdateRequirement::RequiresUpdate,
+		.flowAction = FlowAction::NoAction,
+	};
+}
+
 PluginUpdateResult RTSPPlugin::onUpdate(const FlowContext& flowContext, void* pluginContext)
 {
 	auto* pluginData = reinterpret_cast<RTSPData*>(pluginContext);
 	return updateExportData(
-		toSpan<const std::byte>(flowContext.packet.payload, flowContext.packet.payload_len),
+		toStringView(flowContext.packet.payload, flowContext.packet.payload_len),
 		*pluginData);
 }
 
diff --git a/src/plugins/process/rtsp/src/rtsp.hpp b/src/plugins/process/rtsp/src/rtsp.hpp
@@ -55,14 +55,24 @@ class RTSPPlugin : public ProcessPlugin {
 	 */
 	PluginInitResult onInit(const FlowContext& flowContext, void* pluginContext) override;
 
+	/**
+	 * @brief Called before the main per-packet update.
+	 *
+	 * If a new request or response is parsed and the respective one was already seen,
+	 * the flow is flushed and then reinserted.
+	 *
+	 * @param flowContext Contextual information about the flow to be updated.
+	 * @param pluginContext Pointer to `RTSPData`.
+	 * @return Result of the pre-update.
+	 */
+	PluginUpdateResult beforeUpdate(const FlowContext& flowContext, void* pluginContext) override;
+
 	/**
 	 * @brief Updates plugin data with values from new packet.
 	 *
 	 * Updates `RTSPData` with parsed RTSP values.
 	 * Skip consequent packets if RTSP parsing fails or both request and response are already
-	 * parsed. Flushes with reinsert if request has been parsed and incoming packet is request.
-	 * Flushes with reinsert if response has been parsed and incoming packet is response.
-	 *
+	 * parsed.
 	 * @param flowContext Contextual information about the flow to be updated.
 	 * @param pluginContext Pointer to `RTSPData`.
 	 * @return Result of the update.
@@ -85,7 +95,7 @@ class RTSPPlugin : public ProcessPlugin {
 	constexpr bool parseRequest(std::string_view payload, RTSPData& pluginData) noexcept;
 	constexpr bool parseResponse(std::string_view payload, RTSPData& pluginData) noexcept;
 	constexpr PluginUpdateResult
-	updateExportData(std::span<const std::byte> payload, RTSPData& pluginData) noexcept;
+	updateExportData(std::string_view payload, RTSPData& pluginData) noexcept;
 
 	FieldHandlers<RTSPFields> m_fieldHandlers;
 };
diff --git a/src/plugins/process/smtp/src/smtp.cpp b/src/plugins/process/smtp/src/smtp.cpp
@@ -377,14 +377,19 @@ constexpr PluginUpdateResult SMTPPlugin::updateSMTPData(
 		};
 	}
 
-	return {
-		.updateRequirement = UpdateRequirement::NoUpdateNeeded,
-		.flowAction = FlowAction::NoAction,
-	};
+	std::unreachable();
 }
 
 PluginInitResult SMTPPlugin::onInit(const FlowContext& flowContext, void* pluginContext)
 {
+	constexpr uint16_t SMTP_PORT = 25;
+	if (flowContext.packet.src_port != SMTP_PORT && flowContext.packet.dst_port != SMTP_PORT) {
+		return {
+			.constructionState = ConstructionState::NotConstructed,
+			.updateRequirement = UpdateRequirement::NoUpdateNeeded,
+			.flowAction = FlowAction::NoAction,
+		};
+	}
 	auto* pluginData = std::construct_at(reinterpret_cast<SMTPData*>(pluginContext));
 	auto [updateRequirement, flowAction] = updateSMTPData(
 		toSpan<const std::byte>(flowContext.packet.payload, flowContext.packet.payload_len),
diff --git a/src/plugins/process/tls/src/tls.cpp b/src/plugins/process/tls/src/tls.cpp
@@ -93,12 +93,19 @@ TLSPlugin::TLSPlugin([[maybe_unused]] const std::string& params, FieldManager& m
 
 PluginInitResult TLSPlugin::onInit(const FlowContext& flowContext, void* pluginContext)
 {
+	auto payload
+		= toSpan<const std::byte>(flowContext.packet.payload, flowContext.packet.payload_len);
+	TLSParser parser;
+	if (!parser.parseHello(payload)) {
+		return {
+			.constructionState = ConstructionState::NotConstructed,
+			.updateRequirement = UpdateRequirement::RequiresUpdate,
+			.flowAction = FlowAction::NoAction,
+		};
+	}
+
 	auto* pluginData = std::construct_at(reinterpret_cast<TLSData*>(pluginContext));
-	parseTLS(
-		toSpan<const std::byte>(flowContext.packet.payload, flowContext.packet.payload_len),
-		flowContext.packet.ip_proto,
-		*pluginData,
-		flowContext.flowRecord);
+	parseTLS(payload, flowContext.packet.ip_proto, *pluginData, flowContext.flowRecord);
 
 	return {
 		.constructionState = ConstructionState::Constructed,
