#include "suricata-common.h"#include "app-layer-parser.h"#include "flow.h"#include "flow-private.h"#include "flow-util.h"#include "app-layer-frames.h"#include "stream-tcp.h"#include "util-validate.h"#include "app-layer.h"#include "app-layer-detect-proto.h"#include "app-layer-ftp.h"#include "app-layer-smtp.h"#include "app-layer-smb.h"#include "app-layer-htp.h"#include "app-layer-ssl.h"#include "app-layer-ssh.h"#include "app-layer-modbus.h"#include "app-layer-dnp3.h"#include "app-layer-nfs-tcp.h"#include "app-layer-nfs-udp.h"#include "app-layer-tftp.h"#include "app-layer-ike.h"#include "app-layer-http2.h"#include "app-layer-imap.h"#include "util-unittest-helper.h"
Go to the source code of this file.
Data Structures | |
| struct | AppLayerParserThreadCtx_ |
| struct | AppLayerParserProtoCtx_ |
| App layer protocol parser context. More... | |
| struct | AppLayerParserCtx_ |
| struct | AppLayerParserState_ |
Macros | |
| #define | IS_DISRUPTED(flags) ((flags) & (STREAM_DEPTH | STREAM_GAP)) |
| #define | BOTH_SET(a, b) ((a) != NULL && (b) != NULL) |
| #define | BOTH_SET_OR_BOTH_UNSET(a, b) (((a) == NULL && (b) == NULL) || ((a) != NULL && (b) != NULL)) |
| #define | THREE_SET(a, b, c) ((a) != NULL && (b) != NULL && (c) != NULL) |
Typedefs | |
| typedef struct AppLayerParserProtoCtx_ | AppLayerParserProtoCtx |
| App layer protocol parser context. More... | |
| typedef struct AppLayerParserCtx_ | AppLayerParserCtx |
Functions | |
| void | AppLayerFramesFreeContainer (Flow *f) |
| FramesContainer * | AppLayerFramesGetContainer (Flow *f) |
| FramesContainer * | AppLayerFramesSetupContainer (Flow *f) |
| void | UTHAppLayerParserStateGetIds (void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min) |
| int | AppLayerParserProtoIsRegistered (uint8_t ipproto, AppProto alproto) |
| AppLayerParserState * | AppLayerParserStateAlloc (void) |
| void | AppLayerParserStateFree (AppLayerParserState *pstate) |
| int | AppLayerParserSetup (void) |
| void | AppLayerParserPostStreamSetup (void) |
| int | AppLayerParserDeSetup (void) |
| AppLayerParserThreadCtx * | AppLayerParserThreadCtxAlloc (void) |
| Gets a new app layer protocol's parser thread context. More... | |
| void | AppLayerParserThreadCtxFree (AppLayerParserThreadCtx *tctx) |
| Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc(). More... | |
| int | AppLayerParserConfParserEnabled (const char *ipproto, const char *alproto_name) |
| check if a parser is enabled in the config Returns enabled always if: were running unittests More... | |
| int | AppLayerParserRegisterParser (uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser) |
| Register app layer parser for the protocol. More... | |
| void | AppLayerParserRegisterParserAcceptableDataDirection (uint8_t ipproto, AppProto alproto, uint8_t direction) |
| void | AppLayerParserRegisterOptionFlags (uint8_t ipproto, AppProto alproto, uint32_t flags) |
| void | AppLayerParserRegisterStateFuncs (uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *)) |
| void | AppLayerParserRegisterLocalStorageFunc (uint8_t ipproto, AppProto alproto, void *(*LocalStorageAlloc)(void), void(*LocalStorageFree)(void *)) |
| void | AppLayerParserRegisterGetTxFilesFunc (uint8_t ipproto, AppProto alproto, AppLayerGetFileState(*GetTxFiles)(void *, uint8_t)) |
| void | AppLayerParserRegisterLoggerBits (uint8_t ipproto, AppProto alproto, LoggerId bits) |
| void | AppLayerParserRegisterLogger (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserRegisterGetStateProgressFunc (uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction)) |
| void | AppLayerParserRegisterTxFreeFunc (uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t)) |
| void | AppLayerParserRegisterGetTxCnt (uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate)) |
| void | AppLayerParserRegisterGetTx (uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id)) |
| void | AppLayerParserRegisterGetTxIterator (uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func) |
| void | AppLayerParserRegisterStateProgressCompletionStatus (AppProto alproto, const int ts, const int tc) |
| void | AppLayerParserRegisterGetEventInfoById (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(uint8_t event_id, const char **event_name, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterGetFrameFuncs (uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetIdByNameFunc, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc) |
| void | AppLayerParserRegisterGetEventInfo (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterTxDataFunc (uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx)) |
| void | AppLayerParserRegisterStateDataFunc (uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state)) |
| void | AppLayerParserRegisterApplyTxConfigFunc (uint8_t ipproto, AppProto alproto, bool(*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig)) |
| void | AppLayerParserRegisterSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void(*SetStreamDepthFlag)(void *tx, uint8_t flags)) |
| void * | AppLayerParserGetProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserDestroyProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto, void *local_data) |
| AppLayerGetTxIteratorFunc | AppLayerGetTxIterator (const uint8_t ipproto, const AppProto alproto) |
| uint64_t | AppLayerParserGetTransactionLogId (AppLayerParserState *pstate) |
| void | AppLayerParserSetTransactionLogId (AppLayerParserState *pstate, uint64_t tx_id) |
| uint64_t | AppLayerParserGetTransactionInspectId (AppLayerParserState *pstate, uint8_t direction) |
| uint64_t | AppLayerParserGetTxDetectFlags (AppLayerTxData *txd, const uint8_t dir) |
| void | AppLayerParserSetTransactionInspectId (const Flow *f, AppLayerParserState *pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected) |
| AppLayerDecoderEvents * | AppLayerParserGetDecoderEvents (AppLayerParserState *pstate) |
| AppLayerDecoderEvents * | AppLayerParserGetEventsByTx (uint8_t ipproto, AppProto alproto, void *tx) |
| AppLayerGetFileState | AppLayerParserGetTxFiles (const Flow *f, void *tx, const uint8_t direction) |
| void | AppLayerParserTransactionsCleanup (Flow *f, const uint8_t pkt_dir) |
| remove obsolete (inspected and logged) transactions More... | |
| int | AppLayerParserGetStateProgress (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t flags) |
| get the progress value for a tx/protocol More... | |
| uint64_t | AppLayerParserGetTxCnt (const Flow *f, void *alstate) |
| void * | AppLayerParserGetTx (uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id) |
| int | AppLayerParserGetStateProgressCompletionStatus (AppProto alproto, uint8_t direction) |
| int | AppLayerParserGetEventInfo (uint8_t ipproto, AppProto alproto, const char *event_name, uint8_t *event_id, AppLayerEventType *event_type) |
| int | AppLayerParserGetEventInfoById (uint8_t ipproto, AppProto alproto, uint8_t event_id, const char **event_name, AppLayerEventType *event_type) |
| uint8_t | AppLayerParserGetFirstDataDir (uint8_t ipproto, AppProto alproto) |
| uint64_t | AppLayerParserGetTransactionActive (const Flow *f, AppLayerParserState *pstate, uint8_t direction) |
| bool | AppLayerParserSupportsFiles (uint8_t ipproto, AppProto alproto) |
| AppLayerTxData * | AppLayerParserGetTxData (uint8_t ipproto, AppProto alproto, void *tx) |
| AppLayerStateData * | AppLayerParserGetStateData (uint8_t ipproto, AppProto alproto, void *state) |
| void | AppLayerParserApplyTxConfig (uint8_t ipproto, AppProto alproto, void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig config) |
| int | AppLayerParserParse (ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len) |
| void | AppLayerParserSetEOF (AppLayerParserState *pstate) |
| bool | AppLayerParserHasDecoderEvents (AppLayerParserState *pstate) |
| int | AppLayerParserIsEnabled (AppProto alproto) |
| simple way to globally test if a alproto is registered and fully enabled in the configuration. More... | |
| int | AppLayerParserProtocolHasLogger (uint8_t ipproto, AppProto alproto) |
| LoggerId | AppLayerParserProtocolGetLoggerBits (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserTriggerRawStreamReassembly (Flow *f, int direction) |
| void | AppLayerParserSetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t stream_depth) |
| uint32_t | AppLayerParserGetStreamDepth (const Flow *f) |
| void | AppLayerParserSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags) |
| int | AppLayerParserGetFrameIdByName (uint8_t ipproto, AppProto alproto, const char *name) |
| const char * | AppLayerParserGetFrameNameById (uint8_t ipproto, AppProto alproto, const uint8_t id) |
| void | AppLayerParserStateProtoCleanup (uint8_t protomap, AppProto alproto, void *alstate, AppLayerParserState *pstate) |
| void | AppLayerParserStateCleanup (const Flow *f, void *alstate, AppLayerParserState *pstate) |
| void | AppLayerParserRegisterProtocolParsers (void) |
| void | AppLayerParserStateSetFlag (AppLayerParserState *pstate, uint16_t flag) |
| uint16_t | AppLayerParserStateIssetFlag (AppLayerParserState *pstate, uint16_t flag) |
| void | AppLayerParserRegisterProtocolUnittests (uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void)) |
| void | AppLayerParserRegisterUnittests (void) |
Variables | |
| enum ExceptionPolicy | g_applayerparser_error_policy = EXCEPTION_POLICY_NOT_SET |
| int | g_detect_disabled |
| bool | g_file_logger_enabled |
| bool | g_filedata_logger_enabled |
Detailed Description
Generic App-layer parsing functions.
Definition in file app-layer-parser.c.
Macro Definition Documentation
◆ BOTH_SET
| #define BOTH_SET | ( | a, | |
| b | |||
| ) | ((a) != NULL && (b) != NULL) |
Definition at line 1637 of file app-layer-parser.c.
◆ BOTH_SET_OR_BOTH_UNSET
| #define BOTH_SET_OR_BOTH_UNSET | ( | a, | |
| b | |||
| ) | (((a) == NULL && (b) == NULL) || ((a) != NULL && (b) != NULL)) |
Definition at line 1638 of file app-layer-parser.c.
◆ IS_DISRUPTED
Definition at line 876 of file app-layer-parser.c.
◆ THREE_SET
| #define THREE_SET | ( | a, | |
| b, | |||
| c | |||
| ) | ((a) != NULL && (b) != NULL && (c) != NULL) |
Definition at line 1639 of file app-layer-parser.c.
Typedef Documentation
◆ AppLayerParserCtx
| typedef struct AppLayerParserCtx_ AppLayerParserCtx |
◆ AppLayerParserProtoCtx
| typedef struct AppLayerParserProtoCtx_ AppLayerParserProtoCtx |
App layer protocol parser context.
Function Documentation
◆ AppLayerFramesFreeContainer()
| void AppLayerFramesFreeContainer | ( | Flow * | f | ) |
Definition at line 165 of file app-layer-parser.c.
References Flow_::alparser, and AppLayerParserState_::frames.
◆ AppLayerFramesGetContainer()
| FramesContainer* AppLayerFramesGetContainer | ( | Flow * | f | ) |
Definition at line 173 of file app-layer-parser.c.
References Flow_::alparser, and AppLayerParserState_::frames.
Referenced by AppLayerFrameDump(), AppLayerFrameGetById(), AppLayerFramesSlide(), and FramesPrune().
◆ AppLayerFramesSetupContainer()
| FramesContainer* AppLayerFramesSetupContainer | ( | Flow * | f | ) |
Definition at line 180 of file app-layer-parser.c.
References Flow_::alparser, Flow_::alproto, DEBUG_VALIDATE_BUG_ON, AppLayerParserState_::frames, Flow_::proto, Flow_::protoctx, SCCalloc, FramesContainer::toclient, and FramesContainer::toserver.
◆ AppLayerGetTxIterator()
| AppLayerGetTxIteratorFunc AppLayerGetTxIterator | ( | const uint8_t | ipproto, |
| const AppProto | alproto | ||
| ) |
Definition at line 674 of file app-layer-parser.c.
Referenced by AppLayerParserSetTransactionInspectId().
◆ AppLayerParserApplyTxConfig()
| void AppLayerParserApplyTxConfig | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | state, | ||
| void * | tx, | ||
| enum ConfigAction | mode, | ||
| AppLayerTxConfig | config | ||
| ) |
Definition at line 1175 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserConfParserEnabled()
| int AppLayerParserConfParserEnabled | ( | const char * | ipproto, |
| const char * | alproto_name | ||
| ) |
check if a parser is enabled in the config Returns enabled always if: were running unittests
Given a protocol name, checks if the parser is enabled in the conf file.
Definition at line 320 of file app-layer-parser.c.
References ConfGetNode(), ConfValIsFalse(), ConfValIsTrue(), FatalError, RunmodeIsUnittests(), SCEnter, SCLogDebug, SCLogError, SCReturnInt, and ConfNode_::val.
Referenced by HTPFreeConfig().
◆ AppLayerParserDeSetup()
| int AppLayerParserDeSetup | ( | void | ) |
Definition at line 269 of file app-layer-parser.c.
References FTPParserCleanup(), SCEnter, SCReturnInt, and SMTPParserCleanup().
Referenced by AppLayerDeSetup().
◆ AppLayerParserDestroyProtocolParserLocalStorage()
| void AppLayerParserDestroyProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | local_data | ||
| ) |
Definition at line 624 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserThreadCtxFree().
◆ AppLayerParserGetDecoderEvents()
| AppLayerDecoderEvents* AppLayerParserGetDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 830 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events, SCEnter, and SCReturnPtr.
Referenced by AppLayerParserHasDecoderEvents().
◆ AppLayerParserGetEventInfo()
| int AppLayerParserGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const char * | event_name, | ||
| uint8_t * | event_id, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1102 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserGetEventInfoById()
| int AppLayerParserGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | event_id, | ||
| const char ** | event_name, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1112 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserGetEventsByTx()
| AppLayerDecoderEvents* AppLayerParserGetEventsByTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 838 of file app-layer-parser.c.
References AppLayerParserGetTxData(), AppLayerDecoderEvents_::events, SCEnter, and SCReturnPtr.
◆ AppLayerParserGetFirstDataDir()
| uint8_t AppLayerParserGetFirstDataDir | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1123 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserGetFrameIdByName()
| int AppLayerParserGetFrameIdByName | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const char * | name | ||
| ) |
Definition at line 1572 of file app-layer-parser.c.
◆ AppLayerParserGetFrameNameById()
| const char* AppLayerParserGetFrameNameById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const uint8_t | id | ||
| ) |
Definition at line 1581 of file app-layer-parser.c.
Referenced by DetectRunFrameInspectRule(), and FrameJsonLogOneFrame().
◆ AppLayerParserGetProtocolParserLocalStorage()
| void* AppLayerParserGetProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 609 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserThreadCtxAlloc().
◆ AppLayerParserGetStateData()
| AppLayerStateData* AppLayerParserGetStateData | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | state | ||
| ) |
Definition at line 1164 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserGetStateProgress()
| int AppLayerParserGetStateProgress | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | flags | ||
| ) |
get the progress value for a tx/protocol
If the stream is disrupted, we return the 'completion' value.
Definition at line 1065 of file app-layer-parser.c.
References flags, IS_DISRUPTED, SCEnter, and unlikely.
Referenced by AppLayerParserSetTransactionInspectId(), and DetectEngineInspectBufferGeneric().
◆ AppLayerParserGetStateProgressCompletionStatus()
| int AppLayerParserGetStateProgressCompletionStatus | ( | AppProto | alproto, |
| uint8_t | direction | ||
| ) |
Definition at line 1094 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetTransactionInspectId().
◆ AppLayerParserGetStreamDepth()
| uint32_t AppLayerParserGetStreamDepth | ( | const Flow * | f | ) |
Definition at line 1553 of file app-layer-parser.c.
References SCReturnInt.
◆ AppLayerParserGetTransactionActive()
| uint64_t AppLayerParserGetTransactionActive | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1130 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and SCEnter.
Referenced by FlowNeedsReassembly().
◆ AppLayerParserGetTransactionInspectId()
| uint64_t AppLayerParserGetTransactionInspectId | ( | AppLayerParserState * | pstate, |
| uint8_t | direction | ||
| ) |
Definition at line 699 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, SCEnter, and SCReturnCT.
Referenced by AppLayerParserSetTransactionInspectId().
◆ AppLayerParserGetTransactionLogId()
| uint64_t AppLayerParserGetTransactionLogId | ( | AppLayerParserState * | pstate | ) |
Definition at line 682 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturnCT.
◆ AppLayerParserGetTx()
| void* AppLayerParserGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 1087 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetStreamDepthFlag().
◆ AppLayerParserGetTxCnt()
| uint64_t AppLayerParserGetTxCnt | ( | const Flow * | f, |
| void * | alstate | ||
| ) |
Definition at line 1080 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetTransactionInspectId(), and FlowNeedsReassembly().
◆ AppLayerParserGetTxData()
| AppLayerTxData* AppLayerParserGetTxData | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 1157 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserGetEventsByTx(), AppLayerParserSetTransactionInspectId(), and DetectRunStoreStateTx().
◆ AppLayerParserGetTxDetectFlags()
|
inline |
Definition at line 709 of file app-layer-parser.c.
Referenced by AppLayerParserSetTransactionInspectId().
◆ AppLayerParserGetTxFiles()
| AppLayerGetFileState AppLayerParserGetTxFiles | ( | const Flow * | f, |
| void * | tx, | ||
| const uint8_t | direction | ||
| ) |
Definition at line 854 of file app-layer-parser.c.
References SCEnter.
Referenced by DetectEngineInspectFiledata(), and DetectFileInspectGeneric().
◆ AppLayerParserHasDecoderEvents()
| bool AppLayerParserHasDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 1487 of file app-layer-parser.c.
References AppLayerParserGetDecoderEvents(), AppLayerDecoderEvents_::cnt, AppLayerParserState_::decoder_events, and SCEnter.
◆ AppLayerParserIsEnabled()
| int AppLayerParserIsEnabled | ( | AppProto | alproto | ) |
simple way to globally test if a alproto is registered and fully enabled in the configuration.
Definition at line 1505 of file app-layer-parser.c.
References FLOW_PROTO_APPLAYER_MAX.
◆ AppLayerParserParse()
| int AppLayerParserParse | ( | ThreadVars * | tv, |
| AppLayerParserThreadCtx * | alp_tctx, | ||
| Flow * | f, | ||
| AppProto | alproto, | ||
| uint8_t | flags, | ||
| const uint8_t * | input, | ||
| uint32_t | input_len | ||
| ) |
- Return values
-
int -1 in case of unrecoverable error. App-layer tracking stops for this flow. int 0 ok: we did not update app_progress int 1 ok: we updated app_progress
Definition at line 1265 of file app-layer-parser.c.
References Flow_::alparser, BUG_ON, FlowGetProtoMapping(), Flow_::proto, Flow_::protomap, and SCEnter.
Referenced by LLVMFuzzerTestOneInput().
◆ AppLayerParserPostStreamSetup()
| void AppLayerParserPostStreamSetup | ( | void | ) |
Definition at line 255 of file app-layer-parser.c.
References ALPROTO_MAX, and FLOW_PROTO_DEFAULT.
Referenced by PreRunInit().
◆ AppLayerParserProtocolGetLoggerBits()
Definition at line 1523 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserProtocolHasLogger()
| int AppLayerParserProtocolHasLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1515 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserProtoIsRegistered()
| int AppLayerParserProtoIsRegistered | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 217 of file app-layer-parser.c.
References FlowGetProtoMapping().
◆ AppLayerParserRegisterApplyTxConfigFunc()
| void AppLayerParserRegisterApplyTxConfigFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| bool(*)(void *state, void *tx, int mode, AppLayerTxConfig) | ApplyTxConfig | ||
| ) |
Definition at line 587 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetEventInfo()
| void AppLayerParserRegisterGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(const char *event_name, uint8_t *event_id, AppLayerEventType *event_type) | StateGetEventInfo | ||
| ) |
Definition at line 555 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetEventInfoById()
| void AppLayerParserRegisterGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(uint8_t event_id, const char **event_name, AppLayerEventType *event_type) | StateGetEventInfoById | ||
| ) |
Definition at line 533 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetFrameFuncs()
| void AppLayerParserRegisterGetFrameFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerParserGetFrameIdByNameFn | GetIdByNameFunc, | ||
| AppLayerParserGetFrameNameByIdFn | GetNameByIdFunc | ||
| ) |
Definition at line 545 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetStateProgressFunc()
| void AppLayerParserRegisterGetStateProgressFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(void *alstate, uint8_t direction) | StateGetProgress | ||
| ) |
Definition at line 466 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTx()
| void AppLayerParserRegisterGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | StateGetTx)(void *alstate, uint64_t tx_id | ||
| ) |
Definition at line 499 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTxCnt()
| void AppLayerParserRegisterGetTxCnt | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *alstate) | StateGetTxCnt | ||
| ) |
Definition at line 488 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTxFilesFunc()
| void AppLayerParserRegisterGetTxFilesFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerGetFileState(*)(void *, uint8_t) | GetTxFiles | ||
| ) |
Definition at line 438 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTxIterator()
| void AppLayerParserRegisterGetTxIterator | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerGetTxIteratorFunc | Func | ||
| ) |
Definition at line 510 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLocalStorageFunc()
| void AppLayerParserRegisterLocalStorageFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void *(*)(void) | LocalStorageAlloc, | ||
| void(*)(void *) | LocalStorageFree | ||
| ) |
Definition at line 424 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLogger()
| void AppLayerParserRegisterLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 457 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLoggerBits()
Definition at line 448 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterOptionFlags()
| void AppLayerParserRegisterOptionFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | flags | ||
| ) |
Definition at line 401 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterParser()
| int AppLayerParserRegisterParser | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction, | ||
| AppLayerParserFPtr | Parser | ||
| ) |
Register app layer parser for the protocol.
- Return values
-
0 On success. -1 On failure.
Definition at line 378 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterParserAcceptableDataDirection()
| void AppLayerParserRegisterParserAcceptableDataDirection | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction | ||
| ) |
Definition at line 390 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterProtocolParsers()
| void AppLayerParserRegisterProtocolParsers | ( | void | ) |
POP3
Definition at line 1694 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerSetup(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserRegisterProtocolUnittests()
| void AppLayerParserRegisterProtocolUnittests | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void) | RegisterUnittests | ||
| ) |
Definition at line 1771 of file app-layer-parser.c.
Referenced by RegisterIKEParsers(), and RegisterModbusParsers().
◆ AppLayerParserRegisterSetStreamDepthFlag()
| void AppLayerParserRegisterSetStreamDepthFlag | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *tx, uint8_t flags) | SetStreamDepthFlag | ||
| ) |
Definition at line 597 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterStateDataFunc()
| void AppLayerParserRegisterStateDataFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerStateData *(*)(void *state) | GetStateData | ||
| ) |
Definition at line 577 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterStateFuncs()
| void AppLayerParserRegisterStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void *(*)(void *, AppProto) | StateAlloc, | ||
| void(*)(void *) | StateFree | ||
| ) |
Definition at line 411 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterStateProgressCompletionStatus()
| void AppLayerParserRegisterStateProgressCompletionStatus | ( | AppProto | alproto, |
| const int | ts, | ||
| const int | tc | ||
| ) |
Definition at line 518 of file app-layer-parser.c.
◆ AppLayerParserRegisterTxDataFunc()
| void AppLayerParserRegisterTxDataFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerTxData *(*)(void *tx) | GetTxData | ||
| ) |
Definition at line 567 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterTxFreeFunc()
| void AppLayerParserRegisterTxFreeFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint64_t) | StateTransactionFree | ||
| ) |
Definition at line 477 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterUnittests()
| void AppLayerParserRegisterUnittests | ( | void | ) |
Definition at line 1780 of file app-layer-parser.c.
References ALPROTO_MAX, ctx, FLOW_PROTO_DEFAULT, and SCEnter.
◆ AppLayerParserSetEOF()
| void AppLayerParserSetEOF | ( | AppLayerParserState * | pstate | ) |
Definition at line 1471 of file app-layer-parser.c.
References APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS, AppLayerParserStateSetFlag(), SCEnter, SCLogDebug, and SCReturn.
◆ AppLayerParserSetStreamDepth()
| void AppLayerParserSetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | stream_depth | ||
| ) |
Definition at line 1542 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserSetStreamDepthFlag()
| void AppLayerParserSetStreamDepthFlag | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | state, | ||
| uint64_t | tx_id, | ||
| uint8_t | flags | ||
| ) |
Definition at line 1558 of file app-layer-parser.c.
References AppLayerParserGetTx(), and SCEnter.
◆ AppLayerParserSetTransactionInspectId()
| void AppLayerParserSetTransactionInspectId | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| void * | alstate, | ||
| const uint8_t | flags, | ||
| bool | tag_txs_as_inspected | ||
| ) |
Definition at line 730 of file app-layer-parser.c.
References Flow_::alproto, APP_LAYER_TX_INSPECTED_FLAG, AppLayerGetTxIterator(), AppLayerParserGetStateProgress(), AppLayerParserGetStateProgressCompletionStatus(), AppLayerParserGetTransactionInspectId(), AppLayerParserGetTxCnt(), AppLayerParserGetTxData(), AppLayerParserGetTxDetectFlags(), flags, Flow_::proto, SCEnter, and SCLogDebug.
◆ AppLayerParserSetTransactionLogId()
| void AppLayerParserSetTransactionLogId | ( | AppLayerParserState * | pstate, |
| uint64_t | tx_id | ||
| ) |
Definition at line 689 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturn.
◆ AppLayerParserSetup()
| int AppLayerParserSetup | ( | void | ) |
Definition at line 248 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerSetup(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserStateAlloc()
| AppLayerParserState* AppLayerParserStateAlloc | ( | void | ) |
Definition at line 224 of file app-layer-parser.c.
References SCCalloc, SCEnter, and SCReturnPtr.
◆ AppLayerParserStateCleanup()
| void AppLayerParserStateCleanup | ( | const Flow * | f, |
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1609 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserStateProtoCleanup(), and Flow_::protomap.
Referenced by FlowCleanupAppLayer().
◆ AppLayerParserStateFree()
| void AppLayerParserStateFree | ( | AppLayerParserState * | pstate | ) |
Definition at line 236 of file app-layer-parser.c.
References AppLayerDecoderEventsFreeEvents(), AppLayerParserState_::decoder_events, and SCEnter.
◆ AppLayerParserStateIssetFlag()
| uint16_t AppLayerParserStateIssetFlag | ( | AppLayerParserState * | pstate, |
| uint16_t | flag | ||
| ) |
Definition at line 1760 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturnUInt.
Referenced by LLVMFuzzerTestOneInput().
◆ AppLayerParserStateProtoCleanup()
| void AppLayerParserStateProtoCleanup | ( | uint8_t | protomap, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1592 of file app-layer-parser.c.
Referenced by AppLayerParserStateCleanup().
◆ AppLayerParserStateSetFlag()
| void AppLayerParserStateSetFlag | ( | AppLayerParserState * | pstate, |
| uint16_t | flag | ||
| ) |
Definition at line 1752 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturn.
Referenced by AppLayerParserSetEOF(), and StreamTcpDisableAppLayer().
◆ AppLayerParserSupportsFiles()
| bool AppLayerParserSupportsFiles | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1147 of file app-layer-parser.c.
References ALPROTO_HTTP, ALPROTO_HTTP1, ALPROTO_HTTP2, and AppLayerParserSupportsFiles().
Referenced by AppLayerParserSupportsFiles().
◆ AppLayerParserThreadCtxAlloc()
| AppLayerParserThreadCtx* AppLayerParserThreadCtxAlloc | ( | void | ) |
Gets a new app layer protocol's parser thread context.
- Return values
-
Non-NULL pointer on success. NULL pointer on failure.
Definition at line 279 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserGetProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCCalloc, SCEnter, and SCReturnPtr.
Referenced by AppLayerGetCtxThread(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserThreadCtxFree()
| void AppLayerParserThreadCtxFree | ( | AppLayerParserThreadCtx * | tctx | ) |
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
- Parameters
-
tctx Pointer to the thread context to be destroyed.
Definition at line 300 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserDestroyProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCFree, and SCReturn.
Referenced by AppLayerDestroyCtxThread().
◆ AppLayerParserTransactionsCleanup()
| void AppLayerParserTransactionsCleanup | ( | Flow * | f, |
| const uint8_t | pkt_dir | ||
| ) |
remove obsolete (inspected and logged) transactions
Definition at line 884 of file app-layer-parser.c.
References DEBUG_ASSERT_FLOW_LOCKED, and SCEnter.
Referenced by LLVMFuzzerTestOneInput().
◆ AppLayerParserTriggerRawStreamReassembly()
| void AppLayerParserTriggerRawStreamReassembly | ( | Flow * | f, |
| int | direction | ||
| ) |
Definition at line 1531 of file app-layer-parser.c.
References Flow_::protoctx, SCEnter, SCLogDebug, SCReturn, and StreamTcpReassembleTriggerRawReassembly().
◆ UTHAppLayerParserStateGetIds()
| void UTHAppLayerParserStateGetIds | ( | void * | ptr, |
| uint64_t * | i1, | ||
| uint64_t * | i2, | ||
| uint64_t * | log, | ||
| uint64_t * | min | ||
| ) |
Definition at line 203 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and AppLayerParserState_::min_id.
Variable Documentation
◆ g_applayerparser_error_policy
| enum ExceptionPolicy g_applayerparser_error_policy = EXCEPTION_POLICY_NOT_SET |
Definition at line 1 of file app-layer-parser.c.
Referenced by AppLayerRegisterThreadCounters(), and AppLayerSetupCounters().
◆ g_detect_disabled
| int g_detect_disabled |
global indicating if detection is enabled
Definition at line 183 of file suricata.c.
◆ g_file_logger_enabled
| bool g_file_logger_enabled |
Definition at line 39 of file output-file.c.
◆ g_filedata_logger_enabled
| bool g_filedata_logger_enabled |
Definition at line 37 of file output-filedata.c.
