#include "suricata-common.h"
#include "decode.h"
#include "flow.h"
#include "app-layer-events.h"
#include "app-layer-parser.h"
#include "util-enum.h"

Include dependency graph for app-layer-events.c:

Macros
#define	DECODER_EVENTS_BUFFER_STEPS 8

Functions
int	AppLayerGetEventInfoById (int event_id, const char *event_name, AppLayerEventType event_type)

int	AppLayerGetPktEventInfo (const char event_name, int event_id)

void	AppLayerDecoderEventsSetEventRaw (AppLayerDecoderEvents **sevents, uint8_t event)
	Set an app layer decoder event. More...

void	AppLayerDecoderEventsResetEvents (AppLayerDecoderEvents *events)

void	AppLayerDecoderEventsFreeEvents (AppLayerDecoderEvents **events)

int	DetectEngineGetEventInfo (const char event_name, int event_id, AppLayerEventType *event_type)

Variables
SCEnumCharMap	app_layer_event_pkt_table []

SCEnumCharMap	det_ctx_event_table []

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t; Anoop Saldanha anoop.nosp@m.sald.nosp@m.anha@.nosp@m.gmai.nosp@m.l.com

Definition in file app-layer-events.c.

Macro Definition Documentation

◆ DECODER_EVENTS_BUFFER_STEPS

#define DECODER_EVENTS_BUFFER_STEPS 8

Definition at line 83 of file app-layer-events.c.

Function Documentation

◆ AppLayerDecoderEventsFreeEvents()

void AppLayerDecoderEventsFreeEvents ( AppLayerDecoderEvents ** events )

Definition at line 134 of file app-layer-events.c.

References SCFree.

Referenced by AppLayerParserStateFree(), and PacketDestructor().

Here is the caller graph for this function:

◆ AppLayerDecoderEventsResetEvents()

void AppLayerDecoderEventsResetEvents ( AppLayerDecoderEvents * events )

Definition at line 125 of file app-layer-events.c.

References AppLayerDecoderEvents_::cnt, and AppLayerDecoderEvents_::event_last_logged.

Referenced by PacketReinit().

Here is the caller graph for this function:

◆ AppLayerDecoderEventsSetEventRaw()

void AppLayerDecoderEventsSetEventRaw	(	AppLayerDecoderEvents **	sevents,
		uint8_t	event
	)

Set an app layer decoder event.

Parameters

sevents	Pointer to a AppLayerDecoderEvents pointer. If *sevents is NULL memory will be allocated.
event	The event to be stored.

Definition at line 91 of file app-layer-events.c.

References DECODER_EVENTS_BUFFER_STEPS, SCMalloc, and SCRealloc.

Referenced by DetectEngineSetEvent().

Here is the caller graph for this function:

◆ AppLayerGetEventInfoById()

int AppLayerGetEventInfoById	(	int	event_id,
		const char **	event_name,
		AppLayerEventType *	event_type
	)

Definition at line 51 of file app-layer-events.c.

References app_layer_event_pkt_table, SCLogError, and SCMapEnumValueToName().

Here is the call graph for this function:

◆ AppLayerGetPktEventInfo()

int AppLayerGetPktEventInfo	(	const char *	event_name,
		int *	event_id
	)

Definition at line 68 of file app-layer-events.c.

References app_layer_event_pkt_table, SCLogError, and SCMapEnumNameToValue().

Here is the call graph for this function:

◆ DetectEngineGetEventInfo()

int DetectEngineGetEventInfo	(	const char *	event_name,
		int *	event_id,
		AppLayerEventType *	event_type
	)

Definition at line 165 of file app-layer-events.c.

References det_ctx_event_table, SCLogError, and SCMapEnumNameToValue().

Here is the call graph for this function:

Variable Documentation

◆ app_layer_event_pkt_table

SCEnumCharMap app_layer_event_pkt_table[]

Initial value:

= {
    { "APPLAYER_MISMATCH_PROTOCOL_BOTH_DIRECTIONS",
      APPLAYER_MISMATCH_PROTOCOL_BOTH_DIRECTIONS },
    { "APPLAYER_WRONG_DIRECTION_FIRST_DATA",
      APPLAYER_WRONG_DIRECTION_FIRST_DATA },
    { "APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION",
      APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION },
    { "APPLAYER_PROTO_DETECTION_SKIPPED",
      APPLAYER_PROTO_DETECTION_SKIPPED },
    { "APPLAYER_NO_TLS_AFTER_STARTTLS",
      APPLAYER_NO_TLS_AFTER_STARTTLS },
    { "APPLAYER_UNEXPECTED_PROTOCOL",
      APPLAYER_UNEXPECTED_PROTOCOL },
    { NULL,
      -1 },
}

Definition at line 34 of file app-layer-events.c.

Referenced by AppLayerGetEventInfoById(), and AppLayerGetPktEventInfo().

◆ det_ctx_event_table

SCEnumCharMap det_ctx_event_table[]

Initial value:

= {
    { "NO_MEMORY", FILE_DECODER_EVENT_NO_MEM },
    { "INVALID_SWF_LENGTH", FILE_DECODER_EVENT_INVALID_SWF_LENGTH },
    { "INVALID_SWF_VERSION", FILE_DECODER_EVENT_INVALID_SWF_VERSION },
    { "Z_DATA_ERROR", FILE_DECODER_EVENT_Z_DATA_ERROR },
    { "Z_STREAM_ERROR", FILE_DECODER_EVENT_Z_STREAM_ERROR },
    { "Z_BUF_ERROR", FILE_DECODER_EVENT_Z_BUF_ERROR },
    { "Z_UNKNOWN_ERROR", FILE_DECODER_EVENT_Z_UNKNOWN_ERROR },
    { "LZMA_IO_ERROR", FILE_DECODER_EVENT_LZMA_IO_ERROR },
    { "LZMA_HEADER_TOO_SHORT_ERROR", FILE_DECODER_EVENT_LZMA_HEADER_TOO_SHORT_ERROR },
    { "LZMA_DECODER_ERROR", FILE_DECODER_EVENT_LZMA_DECODER_ERROR },
    { "LZMA_MEMLIMIT_ERROR", FILE_DECODER_EVENT_LZMA_MEMLIMIT_ERROR },
    { "LZMA_XZ_ERROR", FILE_DECODER_EVENT_LZMA_XZ_ERROR },
    { "LZMA_UNKNOWN_ERROR", FILE_DECODER_EVENT_LZMA_UNKNOWN_ERROR },
    {
            "TOO_MANY_BUFFERS",
            DETECT_EVENT_TOO_MANY_BUFFERS,
    },
    { NULL, -1 },
}

Definition at line 144 of file app-layer-events.c.

Referenced by DetectEngineGetEventInfo().

Macros

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ DECODER_EVENTS_BUFFER_STEPS

Function Documentation

◆ AppLayerDecoderEventsFreeEvents()

◆ AppLayerDecoderEventsResetEvents()

◆ AppLayerDecoderEventsSetEventRaw()

◆ AppLayerGetEventInfoById()

◆ AppLayerGetPktEventInfo()

◆ DetectEngineGetEventInfo()

Variable Documentation

◆ app_layer_event_pkt_table

◆ det_ctx_event_table