#include "suricata-common.h"#include "app-layer-parser.h"#include "flow.h"#include "flow-private.h"#include "flow-util.h"#include "app-layer-frames.h"#include "app-layer-events.h"#include "stream-tcp.h"#include "util-validate.h"#include "util-config.h"#include "app-layer.h"#include "app-layer-detect-proto.h"#include "app-layer-ftp.h"#include "app-layer-smtp.h"#include "app-layer-smb.h"#include "app-layer-htp.h"#include "app-layer-ssl.h"#include "app-layer-ssh.h"#include "app-layer-modbus.h"#include "app-layer-dnp3.h"#include "app-layer-nfs-tcp.h"#include "app-layer-nfs-udp.h"#include "app-layer-tftp.h"#include "app-layer-ike.h"#include "app-layer-http2.h"#include "app-layer-imap.h"#include "util-unittest-helper.h"
Go to the source code of this file.
Data Structures | |
| struct | AppLayerParserThreadCtx_ |
| struct | AppLayerParserProtoCtx_ |
| App layer protocol parser context. More... | |
| struct | AppLayerParserCtx_ |
| struct | AppLayerParserState_ |
Macros | |
| #define | IS_DISRUPTED(flags) ((flags) & (STREAM_DEPTH | STREAM_GAP)) |
| #define | BOTH_SET(a, b) ((a) != NULL && (b) != NULL) |
| #define | BOTH_SET_OR_BOTH_UNSET(a, b) (((a) == NULL && (b) == NULL) || ((a) != NULL && (b) != NULL)) |
| #define | THREE_SET(a, b, c) ((a) != NULL && (b) != NULL && (c) != NULL) |
| #define | ARRAY_CAP_STEP 16 |
Typedefs | |
| typedef struct AppLayerParserProtoCtx_ | AppLayerParserProtoCtx |
| App layer protocol parser context. More... | |
| typedef struct AppLayerParserCtx_ | AppLayerParserCtx |
Functions | |
| enum ExceptionPolicy | AppLayerErrorGetExceptionPolicy (void) |
| void | AppLayerFramesFreeContainer (Flow *f) |
| FramesContainer * | AppLayerFramesGetContainer (Flow *f) |
| FramesContainer * | AppLayerFramesSetupContainer (Flow *f) |
| void | UTHAppLayerParserStateGetIds (void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min) |
| int | AppLayerParserProtoIsRegistered (uint8_t ipproto, AppProto alproto) |
| AppLayerParserState * | AppLayerParserStateAlloc (void) |
| void | AppLayerParserStateFree (AppLayerParserState *pstate) |
| int | AppLayerParserSetup (void) |
| void | AppLayerParserPostStreamSetup (void) |
| int | AppLayerParserDeSetup (void) |
| AppLayerParserThreadCtx * | AppLayerParserThreadCtxAlloc (void) |
| Gets a new app layer protocol's parser thread context. More... | |
| void | AppLayerParserThreadCtxFree (AppLayerParserThreadCtx *tctx) |
| Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc(). More... | |
| int | SCAppLayerParserConfParserEnabled (const char *ipproto, const char *alproto_name) |
| check if a parser is enabled in the config Returns enabled always if: were running unittests More... | |
| int | AppLayerParserRegisterParser (uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser) |
| Register app layer parser for the protocol. More... | |
| void | SCAppLayerParserRegisterParserAcceptableDataDirection (uint8_t ipproto, AppProto alproto, uint8_t direction) |
| void | AppLayerParserRegisterOptionFlags (uint8_t ipproto, AppProto alproto, uint32_t flags) |
| void | AppLayerParserRegisterStateFuncs (uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *)) |
| void | AppLayerParserRegisterLocalStorageFunc (uint8_t ipproto, AppProto alproto, void *(*LocalStorageAlloc)(void), void(*LocalStorageFree)(void *)) |
| void | AppLayerParserRegisterGetTxFilesFunc (uint8_t ipproto, AppProto alproto, AppLayerGetFileState(*GetTxFiles)(void *, uint8_t)) |
| void | AppLayerParserRegisterLoggerBits (uint8_t ipproto, AppProto alproto, LoggerId bits) |
| void | SCAppLayerParserRegisterLogger (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserRegisterGetStateProgressFunc (uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction)) |
| void | AppLayerParserRegisterTxFreeFunc (uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t)) |
| void | AppLayerParserRegisterGetTxCnt (uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate)) |
| void | AppLayerParserRegisterGetTx (uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id)) |
| void | AppLayerParserRegisterGetTxIterator (uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func) |
| void | AppLayerParserRegisterStateProgressCompletionStatus (AppProto alproto, const int ts, const int tc) |
| void | AppLayerParserRegisterGetEventInfoById (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(uint8_t event_id, const char **event_name, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterGetStateFuncs (uint8_t ipproto, AppProto alproto, AppLayerParserGetStateIdByNameFn GetIdByNameFunc, AppLayerParserGetStateNameByIdFn GetNameByIdFunc) |
| void | AppLayerParserRegisterGetFrameFuncs (uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetIdByNameFunc, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc) |
| void | AppLayerParserRegisterGetEventInfo (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterTxDataFunc (uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx)) |
| void | AppLayerParserRegisterStateDataFunc (uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state)) |
| void | AppLayerParserRegisterApplyTxConfigFunc (uint8_t ipproto, AppProto alproto, bool(*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig)) |
| void | AppLayerParserRegisterSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void(*SetStreamDepthFlag)(void *tx, uint8_t flags)) |
| void * | AppLayerParserGetProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserDestroyProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto, void *local_data) |
| AppLayerGetTxIteratorFunc | AppLayerGetTxIterator (const uint8_t ipproto, const AppProto alproto) |
| uint64_t | AppLayerParserGetTransactionLogId (AppLayerParserState *pstate) |
| void | AppLayerParserSetTransactionLogId (AppLayerParserState *pstate, uint64_t tx_id) |
| uint64_t | AppLayerParserGetTransactionInspectId (AppLayerParserState *pstate, uint8_t direction) |
| uint8_t | AppLayerParserGetTxDetectProgress (AppLayerTxData *txd, const uint8_t dir) |
| void | AppLayerParserSetTransactionInspectId (const Flow *f, AppLayerParserState *pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected) |
| AppLayerDecoderEvents * | AppLayerParserGetDecoderEvents (AppLayerParserState *pstate) |
| AppLayerDecoderEvents * | AppLayerParserGetEventsByTx (uint8_t ipproto, AppProto alproto, void *tx) |
| AppLayerGetFileState | AppLayerParserGetTxFiles (const Flow *f, void *tx, const uint8_t direction) |
| void | AppLayerParserTransactionsCleanup (Flow *f, const uint8_t pkt_dir) |
| remove obsolete (inspected and logged) transactions More... | |
| int | AppLayerParserGetStateProgress (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t flags) |
| get the progress value for a tx/protocol More... | |
| uint64_t | AppLayerParserGetTxCnt (const Flow *f, void *alstate) |
| void * | AppLayerParserGetTx (uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id) |
| int | AppLayerParserGetStateProgressCompletionStatus (AppProto alproto, uint8_t direction) |
| int | AppLayerParserGetEventInfo (uint8_t ipproto, AppProto alproto, const char *event_name, uint8_t *event_id, AppLayerEventType *event_type) |
| int | AppLayerParserGetEventInfoById (uint8_t ipproto, AppProto alproto, uint8_t event_id, const char **event_name, AppLayerEventType *event_type) |
| uint8_t | AppLayerParserGetFirstDataDir (uint8_t ipproto, AppProto alproto) |
| uint64_t | AppLayerParserGetTransactionActive (const Flow *f, AppLayerParserState *pstate, uint8_t direction) |
| bool | AppLayerParserSupportsFiles (uint8_t ipproto, AppProto alproto) |
| AppLayerTxData * | AppLayerParserGetTxData (uint8_t ipproto, AppProto alproto, void *tx) |
| AppLayerStateData * | AppLayerParserGetStateData (uint8_t ipproto, AppProto alproto, void *state) |
| void | AppLayerParserApplyTxConfig (uint8_t ipproto, AppProto alproto, void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig config) |
| int | AppLayerParserParse (ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len) |
| void | AppLayerParserSetEOF (AppLayerParserState *pstate) |
| bool | AppLayerParserHasDecoderEvents (AppLayerParserState *pstate) |
| int | AppLayerParserIsEnabled (AppProto alproto) |
| simple way to globally test if a alproto is registered and fully enabled in the configuration. More... | |
| int | AppLayerParserProtocolHasLogger (uint8_t ipproto, AppProto alproto) |
| LoggerId | AppLayerParserProtocolGetLoggerBits (uint8_t ipproto, AppProto alproto) |
| void | SCAppLayerParserTriggerRawStreamInspection (Flow *f, int direction) |
| void | SCAppLayerParserSetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t stream_depth) |
| uint32_t | AppLayerParserGetStreamDepth (const Flow *f) |
| void | AppLayerParserSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags) |
| int | AppLayerParserGetStateIdByName (uint8_t ipproto, AppProto alproto, const char *name, const uint8_t direction) |
| const char * | AppLayerParserGetStateNameById (uint8_t ipproto, AppProto alproto, const int id, const uint8_t direction) |
| int | AppLayerParserGetFrameIdByName (uint8_t ipproto, AppProto alproto, const char *name) |
| const char * | AppLayerParserGetFrameNameById (uint8_t ipproto, AppProto alproto, const uint8_t id) |
| void | AppLayerParserStateProtoCleanup (uint8_t protomap, AppProto alproto, void *alstate, AppLayerParserState *pstate) |
| void | AppLayerParserStateCleanup (const Flow *f, void *alstate, AppLayerParserState *pstate) |
| int | AppLayerParserPreRegister (void(*Register)(void)) |
| void | AppLayerParserRegisterProtocolParsers (void) |
| void | SCAppLayerParserStateSetFlag (AppLayerParserState *pstate, uint16_t flag) |
| uint16_t | SCAppLayerParserStateIssetFlag (AppLayerParserState *pstate, uint16_t flag) |
| void | AppLayerParserRegisterProtocolUnittests (uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void)) |
| void | AppLayerParserRegisterUnittests (void) |
Variables | |
| enum ExceptionPolicy | g_applayerparser_error_policy = EXCEPTION_POLICY_NOT_SET |
| int | g_detect_disabled |
| bool | g_file_logger_enabled |
| bool | g_filedata_logger_enabled |
Detailed Description
Generic App-layer parsing functions.
Definition in file app-layer-parser.c.
Macro Definition Documentation
◆ ARRAY_CAP_STEP
| #define ARRAY_CAP_STEP 16 |
Definition at line 1749 of file app-layer-parser.c.
◆ BOTH_SET
| #define BOTH_SET | ( | a, | |
| b | |||
| ) | ((a) != NULL && (b) != NULL) |
Definition at line 1692 of file app-layer-parser.c.
◆ BOTH_SET_OR_BOTH_UNSET
| #define BOTH_SET_OR_BOTH_UNSET | ( | a, | |
| b | |||
| ) | (((a) == NULL && (b) == NULL) || ((a) != NULL && (b) != NULL)) |
Definition at line 1693 of file app-layer-parser.c.
◆ IS_DISRUPTED
Definition at line 895 of file app-layer-parser.c.
◆ THREE_SET
| #define THREE_SET | ( | a, | |
| b, | |||
| c | |||
| ) | ((a) != NULL && (b) != NULL && (c) != NULL) |
Definition at line 1694 of file app-layer-parser.c.
Typedef Documentation
◆ AppLayerParserCtx
| typedef struct AppLayerParserCtx_ AppLayerParserCtx |
◆ AppLayerParserProtoCtx
| typedef struct AppLayerParserProtoCtx_ AppLayerParserProtoCtx |
App layer protocol parser context.
Function Documentation
◆ AppLayerErrorGetExceptionPolicy()
| enum ExceptionPolicy AppLayerErrorGetExceptionPolicy | ( | void | ) |
Definition at line 157 of file app-layer-parser.c.
◆ AppLayerFramesFreeContainer()
| void AppLayerFramesFreeContainer | ( | Flow * | f | ) |
Definition at line 176 of file app-layer-parser.c.
References Flow_::alparser, and AppLayerParserState_::frames.
◆ AppLayerFramesGetContainer()
| FramesContainer* AppLayerFramesGetContainer | ( | Flow * | f | ) |
Definition at line 184 of file app-layer-parser.c.
References Flow_::alparser, and AppLayerParserState_::frames.
Referenced by AppLayerFrameDump(), AppLayerFrameGetById(), AppLayerFramesSlide(), FlowNeedsReassembly(), and FramesPrune().
◆ AppLayerFramesSetupContainer()
| FramesContainer* AppLayerFramesSetupContainer | ( | Flow * | f | ) |
Definition at line 191 of file app-layer-parser.c.
References Flow_::alparser, Flow_::alproto, DEBUG_VALIDATE_BUG_ON, AppLayerParserState_::frames, Flow_::proto, Flow_::protoctx, SCCalloc, FramesContainer::toclient, and FramesContainer::toserver.
◆ AppLayerGetTxIterator()
| AppLayerGetTxIteratorFunc AppLayerGetTxIterator | ( | const uint8_t | ipproto, |
| const AppProto | alproto | ||
| ) |
Definition at line 707 of file app-layer-parser.c.
Referenced by AppLayerParserSetTransactionInspectId().
◆ AppLayerParserApplyTxConfig()
| void AppLayerParserApplyTxConfig | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | state, | ||
| void * | tx, | ||
| enum ConfigAction | mode, | ||
| AppLayerTxConfig | config | ||
| ) |
Definition at line 1201 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserDeSetup()
| int AppLayerParserDeSetup | ( | void | ) |
Definition at line 285 of file app-layer-parser.c.
References SCEnter, and SCFree.
Referenced by AppLayerDeSetup().
◆ AppLayerParserDestroyProtocolParserLocalStorage()
| void AppLayerParserDestroyProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | local_data | ||
| ) |
Definition at line 660 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserThreadCtxFree().
◆ AppLayerParserGetDecoderEvents()
| AppLayerDecoderEvents* AppLayerParserGetDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 849 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events, SCEnter, and SCReturnPtr.
Referenced by AppLayerParserHasDecoderEvents().
◆ AppLayerParserGetEventInfo()
| int AppLayerParserGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const char * | event_name, | ||
| uint8_t * | event_id, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1124 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserGetEventInfoById()
| int AppLayerParserGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | event_id, | ||
| const char ** | event_name, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1136 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserGetEventsByTx()
| AppLayerDecoderEvents* AppLayerParserGetEventsByTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 857 of file app-layer-parser.c.
References AppLayerParserGetTxData(), AppLayerDecoderEvents_::events, SCEnter, and SCReturnPtr.
◆ AppLayerParserGetFirstDataDir()
| uint8_t AppLayerParserGetFirstDataDir | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1149 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserGetFrameIdByName()
| int AppLayerParserGetFrameIdByName | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const char * | name | ||
| ) |
Definition at line 1627 of file app-layer-parser.c.
◆ AppLayerParserGetFrameNameById()
| const char* AppLayerParserGetFrameNameById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const uint8_t | id | ||
| ) |
Definition at line 1636 of file app-layer-parser.c.
Referenced by DetectRunFrameInspectRule(), and FrameJsonLogOneFrame().
◆ AppLayerParserGetProtocolParserLocalStorage()
| void* AppLayerParserGetProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 648 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserThreadCtxAlloc().
◆ AppLayerParserGetStateData()
| AppLayerStateData* AppLayerParserGetStateData | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | state | ||
| ) |
Definition at line 1190 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserGetStateIdByName()
| int AppLayerParserGetStateIdByName | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const char * | name, | ||
| const uint8_t | direction | ||
| ) |
- Parameters
-
id progress value id to get the name for direction STREAM_TOSERVER/STREAM_TOCLIENT
Definition at line 1602 of file app-layer-parser.c.
◆ AppLayerParserGetStateNameById()
| const char* AppLayerParserGetStateNameById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const int | id, | ||
| const uint8_t | direction | ||
| ) |
- Parameters
-
id progress value id to get the name for direction STREAM_TOSERVER/STREAM_TOCLIENT
Definition at line 1617 of file app-layer-parser.c.
Referenced by DetectRegisterAppLayerHookLists(), DetectRunPrefilterTx(), and ListAppLayerHooks().
◆ AppLayerParserGetStateProgress()
| int AppLayerParserGetStateProgress | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | flags | ||
| ) |
get the progress value for a tx/protocol
If the stream is disrupted, we return the 'completion' value.
Definition at line 1087 of file app-layer-parser.c.
References flags, IS_DISRUPTED, SCEnter, and unlikely.
Referenced by AppLayerParserSetTransactionInspectId(), DetectEngineInspectBufferGeneric(), DetectEngineInspectBufferSingle(), DetectEngineInspectFiledata(), and DetectEngineInspectMultiBufferGeneric().
◆ AppLayerParserGetStateProgressCompletionStatus()
| int AppLayerParserGetStateProgressCompletionStatus | ( | AppProto | alproto, |
| uint8_t | direction | ||
| ) |
Definition at line 1116 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetTransactionInspectId(), DetectRegisterAppLayerHookLists(), and ListAppLayerHooks().
◆ AppLayerParserGetStreamDepth()
| uint32_t AppLayerParserGetStreamDepth | ( | const Flow * | f | ) |
Definition at line 1579 of file app-layer-parser.c.
References SCReturnInt.
◆ AppLayerParserGetTransactionActive()
| uint64_t AppLayerParserGetTransactionActive | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1156 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and SCEnter.
Referenced by FlowNeedsReassembly().
◆ AppLayerParserGetTransactionInspectId()
| uint64_t AppLayerParserGetTransactionInspectId | ( | AppLayerParserState * | pstate, |
| uint8_t | direction | ||
| ) |
Definition at line 732 of file app-layer-parser.c.
References DEBUG_VALIDATE_BUG_ON, AppLayerParserState_::inspect_id, SCEnter, and SCReturnCT.
Referenced by AppLayerParserSetTransactionInspectId().
◆ AppLayerParserGetTransactionLogId()
| uint64_t AppLayerParserGetTransactionLogId | ( | AppLayerParserState * | pstate | ) |
Definition at line 715 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturnCT.
◆ AppLayerParserGetTx()
| void* AppLayerParserGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 1109 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetStreamDepthFlag(), and LuaExtensionsMatchSetup().
◆ AppLayerParserGetTxCnt()
| uint64_t AppLayerParserGetTxCnt | ( | const Flow * | f, |
| void * | alstate | ||
| ) |
Definition at line 1102 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetTransactionInspectId(), and FlowNeedsReassembly().
◆ AppLayerParserGetTxData()
| AppLayerTxData* AppLayerParserGetTxData | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 1183 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserGetEventsByTx(), AppLayerParserSetTransactionInspectId(), and DetectRunStoreStateTx().
◆ AppLayerParserGetTxDetectProgress()
|
inline |
Definition at line 743 of file app-layer-parser.c.
◆ AppLayerParserGetTxFiles()
| AppLayerGetFileState AppLayerParserGetTxFiles | ( | const Flow * | f, |
| void * | tx, | ||
| const uint8_t | direction | ||
| ) |
Definition at line 873 of file app-layer-parser.c.
References SCEnter.
Referenced by DetectEngineInspectFiledata(), and DetectFileInspectGeneric().
◆ AppLayerParserHasDecoderEvents()
| bool AppLayerParserHasDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 1513 of file app-layer-parser.c.
References AppLayerParserGetDecoderEvents(), AppLayerDecoderEvents_::cnt, AppLayerParserState_::decoder_events, and SCEnter.
◆ AppLayerParserIsEnabled()
| int AppLayerParserIsEnabled | ( | AppProto | alproto | ) |
simple way to globally test if a alproto is registered and fully enabled in the configuration.
Definition at line 1531 of file app-layer-parser.c.
References FLOW_PROTO_APPLAYER_MAX.
◆ AppLayerParserParse()
| int AppLayerParserParse | ( | ThreadVars * | tv, |
| AppLayerParserThreadCtx * | alp_tctx, | ||
| Flow * | f, | ||
| AppProto | alproto, | ||
| uint8_t | flags, | ||
| const uint8_t * | input, | ||
| uint32_t | input_len | ||
| ) |
- Return values
-
int -1 in case of unrecoverable error. App-layer tracking stops for this flow. int 0 ok: we did not update app_progress int 1 ok: we updated app_progress
Definition at line 1291 of file app-layer-parser.c.
References Flow_::alparser, BUG_ON, FlowGetProtoMapping(), Flow_::proto, Flow_::protomap, and SCEnter.
Referenced by LLVMFuzzerTestOneInput().
◆ AppLayerParserPostStreamSetup()
| void AppLayerParserPostStreamSetup | ( | void | ) |
Definition at line 272 of file app-layer-parser.c.
References FLOW_PROTO_DEFAULT, and g_alproto_max.
Referenced by PreRunInit().
◆ AppLayerParserPreRegister()
| int AppLayerParserPreRegister | ( | void(*)(void) | Register | ) |
Definition at line 1753 of file app-layer-parser.c.
◆ AppLayerParserProtocolGetLoggerBits()
Definition at line 1549 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserProtocolHasLogger()
| int AppLayerParserProtocolHasLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1541 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserProtoIsRegistered()
| int AppLayerParserProtoIsRegistered | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 228 of file app-layer-parser.c.
References FlowGetProtoMapping().
◆ AppLayerParserRegisterApplyTxConfigFunc()
| void AppLayerParserRegisterApplyTxConfigFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| bool(*)(void *state, void *tx, int mode, AppLayerTxConfig) | ApplyTxConfig | ||
| ) |
Definition at line 626 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetEventInfo()
| void AppLayerParserRegisterGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(const char *event_name, uint8_t *event_id, AppLayerEventType *event_type) | StateGetEventInfo | ||
| ) |
Definition at line 595 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetEventInfoById()
| void AppLayerParserRegisterGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(uint8_t event_id, const char **event_name, AppLayerEventType *event_type) | StateGetEventInfoById | ||
| ) |
Definition at line 563 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetFrameFuncs()
| void AppLayerParserRegisterGetFrameFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerParserGetFrameIdByNameFn | GetIdByNameFunc, | ||
| AppLayerParserGetFrameNameByIdFn | GetNameByIdFunc | ||
| ) |
Definition at line 585 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetStateFuncs()
| void AppLayerParserRegisterGetStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerParserGetStateIdByNameFn | GetIdByNameFunc, | ||
| AppLayerParserGetStateNameByIdFn | GetNameByIdFunc | ||
| ) |
Definition at line 575 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetStateProgressFunc()
| void AppLayerParserRegisterGetStateProgressFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(void *alstate, uint8_t direction) | StateGetProgress | ||
| ) |
Definition at line 500 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTx()
| void AppLayerParserRegisterGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | StateGetTx)(void *alstate, uint64_t tx_id | ||
| ) |
Definition at line 530 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTxCnt()
| void AppLayerParserRegisterGetTxCnt | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *alstate) | StateGetTxCnt | ||
| ) |
Definition at line 520 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTxFilesFunc()
| void AppLayerParserRegisterGetTxFilesFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerGetFileState(*)(void *, uint8_t) | GetTxFiles | ||
| ) |
Definition at line 472 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTxIterator()
| void AppLayerParserRegisterGetTxIterator | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerGetTxIteratorFunc | Func | ||
| ) |
Definition at line 540 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLocalStorageFunc()
| void AppLayerParserRegisterLocalStorageFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void *(*)(void) | LocalStorageAlloc, | ||
| void(*)(void *) | LocalStorageFree | ||
| ) |
Definition at line 460 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLoggerBits()
Definition at line 482 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterOptionFlags()
| void AppLayerParserRegisterOptionFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | flags | ||
| ) |
Definition at line 425 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterParser()
| int AppLayerParserRegisterParser | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction, | ||
| AppLayerParserFPtr | Parser | ||
| ) |
Register app layer parser for the protocol.
- Return values
-
0 On success. -1 On failure.
Definition at line 402 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterProtocolParsers()
| void AppLayerParserRegisterProtocolParsers | ( | void | ) |
Definition at line 1769 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterProtocolUnittests()
| void AppLayerParserRegisterProtocolUnittests | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void) | RegisterUnittests | ||
| ) |
Definition at line 1840 of file app-layer-parser.c.
Referenced by RegisterIKEParsers(), and RegisterModbusParsers().
◆ AppLayerParserRegisterSetStreamDepthFlag()
| void AppLayerParserRegisterSetStreamDepthFlag | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *tx, uint8_t flags) | SetStreamDepthFlag | ||
| ) |
Definition at line 636 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterStateDataFunc()
| void AppLayerParserRegisterStateDataFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerStateData *(*)(void *state) | GetStateData | ||
| ) |
Definition at line 616 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterStateFuncs()
| void AppLayerParserRegisterStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void *(*)(void *, AppProto) | StateAlloc, | ||
| void(*)(void *) | StateFree | ||
| ) |
Definition at line 435 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterStateProgressCompletionStatus()
| void AppLayerParserRegisterStateProgressCompletionStatus | ( | AppProto | alproto, |
| const int | ts, | ||
| const int | tc | ||
| ) |
Definition at line 548 of file app-layer-parser.c.
◆ AppLayerParserRegisterTxDataFunc()
| void AppLayerParserRegisterTxDataFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerTxData *(*)(void *tx) | GetTxData | ||
| ) |
Definition at line 606 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterTxFreeFunc()
| void AppLayerParserRegisterTxFreeFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint64_t) | StateTransactionFree | ||
| ) |
Definition at line 510 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterUnittests()
| void AppLayerParserRegisterUnittests | ( | void | ) |
Definition at line 1848 of file app-layer-parser.c.
References ctx, FLOW_PROTO_DEFAULT, g_alproto_max, and SCEnter.
◆ AppLayerParserSetEOF()
| void AppLayerParserSetEOF | ( | AppLayerParserState * | pstate | ) |
Definition at line 1497 of file app-layer-parser.c.
References APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS, SCAppLayerParserStateSetFlag(), SCEnter, SCLogDebug, and SCReturn.
◆ AppLayerParserSetStreamDepthFlag()
| void AppLayerParserSetStreamDepthFlag | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | state, | ||
| uint64_t | tx_id, | ||
| uint8_t | flags | ||
| ) |
Definition at line 1584 of file app-layer-parser.c.
References AppLayerParserGetTx(), and SCEnter.
◆ AppLayerParserSetTransactionInspectId()
| void AppLayerParserSetTransactionInspectId | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| void * | alstate, | ||
| const uint8_t | flags, | ||
| bool | tag_txs_as_inspected | ||
| ) |
Definition at line 754 of file app-layer-parser.c.
References Flow_::alproto, APP_LAYER_TX_INSPECTED_TC, APP_LAYER_TX_INSPECTED_TS, AppLayerGetTxIterator(), AppLayerParserGetStateProgress(), AppLayerParserGetStateProgressCompletionStatus(), AppLayerParserGetTransactionInspectId(), AppLayerParserGetTxCnt(), AppLayerParserGetTxData(), flags, AppLayerParserState_::inspect_id, Flow_::proto, SCEnter, SCLogDebug, and SCReturn.
◆ AppLayerParserSetTransactionLogId()
| void AppLayerParserSetTransactionLogId | ( | AppLayerParserState * | pstate, |
| uint64_t | tx_id | ||
| ) |
Definition at line 722 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturn.
◆ AppLayerParserSetup()
| int AppLayerParserSetup | ( | void | ) |
Definition at line 259 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserStateAlloc()
| AppLayerParserState* AppLayerParserStateAlloc | ( | void | ) |
Definition at line 235 of file app-layer-parser.c.
References SCCalloc, SCEnter, and SCReturnPtr.
◆ AppLayerParserStateCleanup()
| void AppLayerParserStateCleanup | ( | const Flow * | f, |
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1664 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserStateProtoCleanup(), and Flow_::protomap.
Referenced by FlowCleanupAppLayer().
◆ AppLayerParserStateFree()
| void AppLayerParserStateFree | ( | AppLayerParserState * | pstate | ) |
Definition at line 247 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events, SCAppLayerDecoderEventsFreeEvents(), and SCEnter.
◆ AppLayerParserStateProtoCleanup()
| void AppLayerParserStateProtoCleanup | ( | uint8_t | protomap, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1647 of file app-layer-parser.c.
Referenced by AppLayerParserStateCleanup().
◆ AppLayerParserSupportsFiles()
| bool AppLayerParserSupportsFiles | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1173 of file app-layer-parser.c.
References ALPROTO_HTTP, ALPROTO_HTTP1, ALPROTO_HTTP2, and AppLayerParserSupportsFiles().
Referenced by AppLayerParserSupportsFiles().
◆ AppLayerParserThreadCtxAlloc()
| AppLayerParserThreadCtx* AppLayerParserThreadCtxAlloc | ( | void | ) |
Gets a new app layer protocol's parser thread context.
- Return values
-
Non-NULL pointer on success. NULL pointer on failure.
Definition at line 297 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, AppLayerParserGetProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FLOW_PROTO_MAX, FlowGetReverseProtoMapping(), g_alproto_max, SCCalloc, SCEnter, SCFree, SCReturnPtr, and unlikely.
Referenced by AppLayerGetCtxThread(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserThreadCtxFree()
| void AppLayerParserThreadCtxFree | ( | AppLayerParserThreadCtx * | tctx | ) |
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
- Parameters
-
tctx Pointer to the thread context to be destroyed.
Definition at line 324 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, AppLayerParserDestroyProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), g_alproto_max, SCEnter, SCFree, and SCReturn.
Referenced by AppLayerDestroyCtxThread().
◆ AppLayerParserTransactionsCleanup()
| void AppLayerParserTransactionsCleanup | ( | Flow * | f, |
| const uint8_t | pkt_dir | ||
| ) |
remove obsolete (inspected and logged) transactions
Definition at line 903 of file app-layer-parser.c.
References DEBUG_ASSERT_FLOW_LOCKED, and SCEnter.
Referenced by LLVMFuzzerTestOneInput().
◆ SCAppLayerParserConfParserEnabled()
| int SCAppLayerParserConfParserEnabled | ( | const char * | ipproto, |
| const char * | alproto_name | ||
| ) |
check if a parser is enabled in the config Returns enabled always if: were running unittests
Given a protocol name, checks if the parser is enabled in the conf file.
Definition at line 345 of file app-layer-parser.c.
References FatalError, RunmodeIsUnittests(), SCConfGetNode(), SCConfValIsFalse(), SCConfValIsTrue(), SCEnter, SCLogDebug, SCLogError, SCReturnInt, and SCConfNode_::val.
Referenced by HTPFreeConfig().
◆ SCAppLayerParserRegisterLogger()
| void SCAppLayerParserRegisterLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 491 of file app-layer-parser.c.
References SCEnter.
◆ SCAppLayerParserRegisterParserAcceptableDataDirection()
| void SCAppLayerParserRegisterParserAcceptableDataDirection | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction | ||
| ) |
Definition at line 414 of file app-layer-parser.c.
References SCEnter.
◆ SCAppLayerParserSetStreamDepth()
| void SCAppLayerParserSetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | stream_depth | ||
| ) |
Definition at line 1568 of file app-layer-parser.c.
References SCEnter.
◆ SCAppLayerParserStateIssetFlag()
| uint16_t SCAppLayerParserStateIssetFlag | ( | AppLayerParserState * | pstate, |
| uint16_t | flag | ||
| ) |
Definition at line 1829 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturnUInt.
Referenced by LLVMFuzzerTestOneInput().
◆ SCAppLayerParserStateSetFlag()
| void SCAppLayerParserStateSetFlag | ( | AppLayerParserState * | pstate, |
| uint16_t | flag | ||
| ) |
Definition at line 1821 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturn.
Referenced by AppLayerParserSetEOF(), and StreamTcpDisableAppLayer().
◆ SCAppLayerParserTriggerRawStreamInspection()
| void SCAppLayerParserTriggerRawStreamInspection | ( | Flow * | f, |
| int | direction | ||
| ) |
Definition at line 1557 of file app-layer-parser.c.
References Flow_::protoctx, SCEnter, SCLogDebug, SCReturn, and StreamTcpReassembleTriggerRawInspection().
◆ UTHAppLayerParserStateGetIds()
| void UTHAppLayerParserStateGetIds | ( | void * | ptr, |
| uint64_t * | i1, | ||
| uint64_t * | i2, | ||
| uint64_t * | log, | ||
| uint64_t * | min | ||
| ) |
Definition at line 214 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and AppLayerParserState_::min_id.
Variable Documentation
◆ g_applayerparser_error_policy
| enum ExceptionPolicy g_applayerparser_error_policy = EXCEPTION_POLICY_NOT_SET |
Definition at line 1 of file app-layer-parser.c.
Referenced by AppLayerRegisterThreadCounters(), and AppLayerSetupCounters().
◆ g_detect_disabled
| int g_detect_disabled |
global indicating if detection is enabled
Definition at line 186 of file suricata.c.
◆ g_file_logger_enabled
| bool g_file_logger_enabled |
Definition at line 39 of file output-file.c.
◆ g_filedata_logger_enabled
| bool g_filedata_logger_enabled |
Definition at line 37 of file output-filedata.c.
