suricata
app-layer-parser.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Generic App-layer parsing functions.
24  */
25 
26 #include "suricata-common.h"
27 #include "debug.h"
28 #include "util-unittest.h"
29 #include "decode.h"
30 #include "threads.h"
31 
32 #include "util-print.h"
33 #include "util-pool.h"
34 
35 #include "flow-util.h"
36 #include "flow-private.h"
37 
38 #include "detect-engine-state.h"
39 #include "detect-engine-port.h"
40 
41 #include "stream-tcp.h"
42 #include "stream-tcp-private.h"
43 #include "stream.h"
44 #include "stream-tcp-reassemble.h"
45 
46 #include "app-layer.h"
47 #include "app-layer-protos.h"
48 #include "app-layer-parser.h"
49 #include "app-layer-smb.h"
50 #include "app-layer-htp.h"
51 #include "app-layer-ftp.h"
52 #include "app-layer-ssl.h"
53 #include "app-layer-ssh.h"
54 #include "app-layer-smtp.h"
55 #include "app-layer-modbus.h"
56 #include "app-layer-enip.h"
57 #include "app-layer-dnp3.h"
58 #include "app-layer-nfs-tcp.h"
59 #include "app-layer-nfs-udp.h"
60 #include "app-layer-ntp.h"
61 #include "app-layer-tftp.h"
62 #include "app-layer-ike.h"
63 #include "app-layer-krb5.h"
64 #include "app-layer-snmp.h"
65 #include "app-layer-sip.h"
66 #include "app-layer-rfb.h"
67 #include "app-layer-mqtt.h"
68 #include "app-layer-quic.h"
69 #include "app-layer-template.h"
70 #include "app-layer-template-rust.h"
71 #include "app-layer-rdp.h"
72 #include "app-layer-http2.h"
73 
74 #include "conf.h"
75 #include "util-spm.h"
76 
77 #include "util-debug.h"
78 #include "decode-events.h"
79 #include "util-unittest-helper.h"
80 #include "util-validate.h"
81 
82 #include "runmodes.h"
83 
84 #include "rust.h"
85 
86 struct AppLayerParserThreadCtx_ {
87  void *alproto_local_storage[FLOW_PROTO_MAX][ALPROTO_MAX];
88 };
89 
90 
91 /**
92  * \brief App layer protocol parser context.
93  */
94 typedef struct AppLayerParserProtoCtx_
95 {
96  /* 0 - to_server, 1 - to_client. */
97  AppLayerParserFPtr Parser[2];
98 
99  bool logger;
100 
101  /* Indicates the direction the parser is ready to see the data
102  * the first time for a flow. Values accepted -
103  * STREAM_TOSERVER, STREAM_TOCLIENT */
104  uint8_t first_data_dir;
105 
106  uint32_t logger_bits; /**< registered loggers for this proto */
107 
108  void *(*StateAlloc)(void *, AppProto);
109  void (*StateFree)(void *);
110  void (*StateTransactionFree)(void *, uint64_t);
111  void *(*LocalStorageAlloc)(void);
112  void (*LocalStorageFree)(void *);
113 
114  void (*Truncate)(void *, uint8_t);
115  FileContainer *(*StateGetFiles)(void *, uint8_t);
116 
117  int (*StateGetProgress)(void *alstate, uint8_t direction);
118  uint64_t (*StateGetTxCnt)(void *alstate);
119  void *(*StateGetTx)(void *alstate, uint64_t tx_id);
120  AppLayerGetTxIteratorFunc StateGetTxIterator;
121  int complete_ts;
122  int complete_tc;
123  int (*StateGetEventInfoById)(int event_id, const char **event_name,
124  AppLayerEventType *event_type);
125  int (*StateGetEventInfo)(const char *event_name,
126  int *event_id, AppLayerEventType *event_type);
127 
128  AppLayerTxData *(*GetTxData)(void *tx);
129  bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig);
130 
131  void (*SetStreamDepthFlag)(void *tx, uint8_t flags);
132 
133  AppLayerParserGetFrameIdByNameFn GetFrameIdByName;
134  AppLayerParserGetFrameNameByIdFn GetFrameNameById;
135 
136  /* each app-layer has its own value */
137  uint32_t stream_depth;
138 
139  /* Option flags such as supporting gaps or not. */
140  uint32_t option_flags;
141  /* coccinelle: AppLayerParserProtoCtx:option_flags:APP_LAYER_PARSER_OPT_ */
142 
143  uint32_t internal_flags;
144  /* coccinelle: AppLayerParserProtoCtx:internal_flags:APP_LAYER_PARSER_INT_ */
145 
146 #ifdef UNITTESTS
147  void (*RegisterUnittests)(void);
148 #endif
149 } AppLayerParserProtoCtx;
150 
151 typedef struct AppLayerParserCtx_ {
152  AppLayerParserProtoCtx ctxs[FLOW_PROTO_MAX][ALPROTO_MAX];
153 } AppLayerParserCtx;
154 
155 struct AppLayerParserState_ {
156  /* coccinelle: AppLayerParserState:flags:APP_LAYER_PARSER_ */
157  uint8_t flags;
158 
159  /* Indicates the current transaction that is being inspected.
160  * We have a var per direction. */
161  uint64_t inspect_id[2];
162  /* Indicates the current transaction being logged. Unlike inspect_id,
163  * we don't need a var per direction since we don't log a transaction
164  * unless we have the entire transaction. */
165  uint64_t log_id;
166 
167  uint64_t min_id;
168 
169  /* Used to store decoder events. */
170  AppLayerDecoderEvents *decoder_events;
171 
172  FramesContainer *frames;
173 };
174 
175 enum ExceptionPolicy g_applayerparser_error_policy = EXCEPTION_POLICY_IGNORE;
176 
177 static void AppLayerConfg(void)
178 {
179  g_applayerparser_error_policy = ExceptionPolicyParse("app-layer.error-policy", true);
180 }
181 
182 static void AppLayerParserFramesFreeContainer(FramesContainer *frames)
183 {
184  if (frames != NULL) {
185  FramesFree(&frames->toserver);
186  FramesFree(&frames->toclient);
187  SCFree(frames);
188  }
189 }
190 
191 void AppLayerFramesFreeContainer(Flow *f)
192 {
193  if (f == NULL || f->alparser == NULL || f->alparser->frames == NULL)
194  return;
195  AppLayerParserFramesFreeContainer(f->alparser->frames);
196  f->alparser->frames = NULL;
197 }
198 
199 FramesContainer *AppLayerFramesGetContainer(Flow *f)
200 {
201  if (f == NULL || f->alparser == NULL)
202  return NULL;
203  return f->alparser->frames;
204 }
205 
206 FramesContainer *AppLayerFramesSetupContainer(Flow *f)
207 {
208 #ifdef UNITTESTS
209  if (f == NULL || f->alparser == NULL || (f->proto == IPPROTO_TCP && f->protoctx == NULL))
210  return NULL;
211 #endif
212  DEBUG_VALIDATE_BUG_ON(f == NULL || f->alparser == NULL);
213  if (f->alparser->frames == NULL) {
214  f->alparser->frames = SCCalloc(1, sizeof(FramesContainer));
215  if (f->alparser->frames == NULL) {
216  return NULL;
217  }
218 #ifdef DEBUG
219  f->alparser->frames->toserver.ipproto = f->proto;
220  f->alparser->frames->toserver.alproto = f->alproto;
221  f->alparser->frames->toclient.ipproto = f->proto;
222  f->alparser->frames->toclient.alproto = f->alproto;
223 #endif
224  }
225  return f->alparser->frames;
226 }
227 
228 #ifdef UNITTESTS
229 void UTHAppLayerParserStateGetIds(void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min)
230 {
231  struct AppLayerParserState_ *s = ptr;
232  *i1 = s->inspect_id[0];
233  *i2 = s->inspect_id[1];
234  *log = s->log_id;
235  *min = s->min_id;
236 }
237 #endif
238 
239 /* Static global version of the parser context.
240  * Post 2.0 let's look at changing this to move it out to app-layer.c. */
241 static AppLayerParserCtx alp_ctx;
242 
243 int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto)
244 {
245  uint8_t ipproto_map = FlowGetProtoMapping(ipproto);
246 
247  return (alp_ctx.ctxs[ipproto_map][alproto].StateAlloc != NULL) ? 1 : 0;
248 }
249 
250 AppLayerParserState *AppLayerParserStateAlloc(void)
251 {
252  SCEnter();
253 
254  AppLayerParserState *pstate = (AppLayerParserState *)SCMalloc(sizeof(*pstate));
255  if (pstate == NULL)
256  goto end;
257  memset(pstate, 0, sizeof(*pstate));
258 
259  end:
260  SCReturnPtr(pstate, "AppLayerParserState");
261 }
262 
263 void AppLayerParserStateFree(AppLayerParserState *pstate)
264 {
265  SCEnter();
266 
267  if (pstate->decoder_events != NULL)
268  AppLayerDecoderEventsFreeEvents(&pstate->decoder_events);
269  AppLayerParserFramesFreeContainer(pstate->frames);
270  SCFree(pstate);
271 
272  SCReturn;
273 }
274 
275 int AppLayerParserSetup(void)
276 {
277  SCEnter();
278  memset(&alp_ctx, 0, sizeof(alp_ctx));
279  SCReturnInt(0);
280 }
281 
282 void AppLayerParserPostStreamSetup(void)
283 {
284  /* lets set a default value for stream_depth */
285  for (int flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) {
286  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
287  if (!(alp_ctx.ctxs[flow_proto][alproto].internal_flags &
288  APP_LAYER_PARSER_INT_STREAM_DEPTH_SET)) {
289  alp_ctx.ctxs[flow_proto][alproto].stream_depth =
290  stream_config.reassembly_depth;
291  }
292  }
293  }
294 }
295 
296 int AppLayerParserDeSetup(void)
297 {
298  SCEnter();
299 
300  FTPParserCleanup();
301  SMTPParserCleanup();
302 
303  SCReturnInt(0);
304 }
305 
306 AppLayerParserThreadCtx *AppLayerParserThreadCtxAlloc(void)
307 {
308  SCEnter();
309 
310  AppLayerParserThreadCtx *tctx = SCCalloc(1, sizeof(*tctx));
311  if (tctx == NULL)
312  goto end;
313 
314  for (uint8_t flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) {
315  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
316  uint8_t ipproto = FlowGetReverseProtoMapping(flow_proto);
317 
318  tctx->alproto_local_storage[flow_proto][alproto] =
319  AppLayerParserGetProtocolParserLocalStorage(ipproto, alproto);
320  }
321  }
322 
323  end:
324  SCReturnPtr(tctx, "void *");
325 }
326 
327 void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
328 {
329  SCEnter();
330 
331  for (uint8_t flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) {
332  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
333  uint8_t ipproto = FlowGetReverseProtoMapping(flow_proto);
334 
335  AppLayerParserDestroyProtocolParserLocalStorage(ipproto, alproto,
336  tctx->alproto_local_storage[flow_proto][alproto]);
337  }
338  }
339 
340  SCFree(tctx);
341  SCReturn;
342 }
343 
344 /** \brief check if a parser is enabled in the config
345  * Returns enabled always if: were running unittests
346  */
347 int AppLayerParserConfParserEnabled(const char *ipproto,
348  const char *alproto_name)
349 {
350  SCEnter();
351 
352  int enabled = 1;
353  char param[100];
354  ConfNode *node;
355  int r;
356 
357  if (RunmodeIsUnittests())
358  goto enabled;
359 
360  r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
361  alproto_name, ".enabled");
362  if (r < 0) {
363  FatalError(SC_ERR_FATAL, "snprintf failure.");
364  } else if (r > (int)sizeof(param)) {
365  FatalError(SC_ERR_FATAL, "buffer not big enough to write param.");
366  }
367 
368  node = ConfGetNode(param);
369  if (node == NULL) {
370  SCLogDebug("Entry for %s not found.", param);
371  r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
372  alproto_name, ".", ipproto, ".enabled");
373  if (r < 0) {
374  FatalError(SC_ERR_FATAL, "snprintf failure.");
375  } else if (r > (int)sizeof(param)) {
376  FatalError(SC_ERR_FATAL, "buffer not big enough to write param.");
377  }
378 
379  node = ConfGetNode(param);
380  if (node == NULL) {
381  SCLogDebug("Entry for %s not found.", param);
382  goto enabled;
383  }
384  }
385 
386  if (ConfValIsTrue(node->val)) {
387  goto enabled;
388  } else if (ConfValIsFalse(node->val)) {
389  goto disabled;
390  } else if (strcasecmp(node->val, "detection-only") == 0) {
391  goto disabled;
392  } else {
393  SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param);
394  exit(EXIT_FAILURE);
395  }
396 
397  disabled:
398  enabled = 0;
399  enabled:
400  SCReturnInt(enabled);
401 }
402 
403 /***** Parser related registration *****/
404 
405 int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto,
406  uint8_t direction,
407  AppLayerParserFPtr Parser)
408 {
409  SCEnter();
410 
411  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
412  Parser[(direction & STREAM_TOSERVER) ? 0 : 1] = Parser;
413 
414  SCReturnInt(0);
415 }
416 
417 void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto,
418  uint8_t direction)
419 {
420  SCEnter();
421 
422  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].first_data_dir |=
423  (direction & (STREAM_TOSERVER | STREAM_TOCLIENT));
424 
425  SCReturn;
426 }
427 
428 void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto,
429  uint32_t flags)
430 {
431  SCEnter();
432 
433  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].option_flags |= flags;
434 
435  SCReturn;
436 }
437 
438 uint32_t AppLayerParserGetOptionFlags(uint8_t protomap, AppProto alproto)
439 {
440  SCEnter();
441  SCReturnUInt(alp_ctx.ctxs[protomap][alproto].option_flags);
442 }
443 
444 void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto,
445  void *(*StateAlloc)(void *, AppProto), void (*StateFree)(void *))
446 {
447  SCEnter();
448 
449  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateAlloc =
450  StateAlloc;
451  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateFree =
452  StateFree;
453 
454  SCReturn;
455 }
456 
457 void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto alproto,
458  void *(*LocalStorageAlloc)(void),
459  void (*LocalStorageFree)(void *))
460 {
461  SCEnter();
462 
463  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageAlloc =
464  LocalStorageAlloc;
465  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageFree =
466  LocalStorageFree;
467 
468  SCReturn;
469 }
470 
471 void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto,
472  FileContainer *(*StateGetFiles)(void *, uint8_t))
473 {
474  SCEnter();
475 
476  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetFiles =
477  StateGetFiles;
478 
479  SCReturn;
480 }
481 
482 void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits)
483 {
484  SCEnter();
485 
486  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger_bits = bits;
487 
488  SCReturn;
489 }
490 
491 void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
492 {
493  SCEnter();
494 
495  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger = true;
496 
497  SCReturn;
498 }
499 
500 void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto,
501  void (*Truncate)(void *, uint8_t))
502 {
503  SCEnter();
504 
505  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate = Truncate;
506 
507  SCReturn;
508 }
509 
510 void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto,
511  int (*StateGetProgress)(void *alstate, uint8_t direction))
512 {
513  SCEnter();
514 
515  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
516  StateGetProgress = StateGetProgress;
517 
518  SCReturn;
519 }
520 
521 void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto,
522  void (*StateTransactionFree)(void *, uint64_t))
523 {
524  SCEnter();
525 
526  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
527  StateTransactionFree = StateTransactionFree;
528 
529  SCReturn;
530 }
531 
532 void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto,
533  uint64_t (*StateGetTxCnt)(void *alstate))
534 {
535  SCEnter();
536 
537  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
538  StateGetTxCnt = StateGetTxCnt;
539 
540  SCReturn;
541 }
542 
543 void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto,
544  void *(StateGetTx)(void *alstate, uint64_t tx_id))
545 {
546  SCEnter();
547 
548  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
549  StateGetTx = StateGetTx;
550 
551  SCReturn;
552 }
553 
554 void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto,
555  AppLayerGetTxIteratorFunc Func)
556 {
557  SCEnter();
558  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTxIterator = Func;
559  SCReturn;
560 }
561 
562 void AppLayerParserRegisterStateProgressCompletionStatus(
563  AppProto alproto, const int ts, const int tc)
564 {
565  BUG_ON(ts == 0);
566  BUG_ON(tc == 0);
567  BUG_ON(!AppProtoIsValid(alproto));
568  BUG_ON(alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts != 0 &&
569  alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts != ts);
570  BUG_ON(alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc != 0 &&
571  alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc != tc);
572 
573  alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts = ts;
574  alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc = tc;
575 }
576 
577 void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto,
578  int (*StateGetEventInfoById)(int event_id, const char **event_name,
579  AppLayerEventType *event_type))
580 {
581  SCEnter();
582 
583  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
584  StateGetEventInfoById = StateGetEventInfoById;
585 
586  SCReturn;
587 }
588 
589 void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto,
590  AppLayerParserGetFrameIdByNameFn GetIdByNameFunc,
591  AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
592 {
593  SCEnter();
594  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameIdByName = GetIdByNameFunc;
595  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameNameById = GetNameByIdFunc;
596  SCReturn;
597 }
598 
599 void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto,
600  int (*StateGetEventInfo)(const char *event_name, int *event_id,
601  AppLayerEventType *event_type))
602 {
603  SCEnter();
604 
605  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
606  StateGetEventInfo = StateGetEventInfo;
607 
608  SCReturn;
609 }
610 
611 void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto,
612  AppLayerTxData *(*GetTxData)(void *tx))
613 {
614  SCEnter();
615 
616  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxData = GetTxData;
617 
618  SCReturn;
619 }
620 
621 void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto,
622  bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig))
623 {
624  SCEnter();
625 
626  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].ApplyTxConfig = ApplyTxConfig;
627 
628  SCReturn;
629 }
630 
631 void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto,
632  void (*SetStreamDepthFlag)(void *tx, uint8_t flags))
633 {
634  SCEnter();
635 
636  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag = SetStreamDepthFlag;
637 
638  SCReturn;
639 }
640 
641 /***** Get and transaction functions *****/
642 
643 void *AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto)
644 {
645  SCEnter();
646  void * r = NULL;
647 
648  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
649  LocalStorageAlloc != NULL)
650  {
651  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
652  LocalStorageAlloc();
653  }
654 
655  SCReturnPtr(r, "void *");
656 }
657 
658 void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto,
659  void *local_data)
660 {
661  SCEnter();
662 
663  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
664  LocalStorageFree != NULL)
665  {
666  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
667  LocalStorageFree(local_data);
668  }
669 
670  SCReturn;
671 }
672 
673 /** \brief default tx iterator
674  *
675  * Used if the app layer parser doesn't register its own iterator.
676  * Simply walks the tx_id space until it finds a tx. Uses 'state' to
677  * keep track of where it left off.
678  *
679  * \retval txptr or NULL if no more txs in list
680  */
681 static AppLayerGetTxIterTuple AppLayerDefaultGetTxIterator(
682  const uint8_t ipproto, const AppProto alproto,
683  void *alstate, uint64_t min_tx_id, uint64_t max_tx_id,
684  AppLayerGetTxIterState *state)
685 {
686  uint64_t ustate = *(uint64_t *)state;
687  uint64_t tx_id = MAX(min_tx_id, ustate);
688  for ( ; tx_id < max_tx_id; tx_id++) {
689  void *tx_ptr = AppLayerParserGetTx(ipproto, alproto, alstate, tx_id);
690  if (tx_ptr != NULL) {
691  ustate = tx_id + 1;
692  *state = *(AppLayerGetTxIterState *)&ustate;
693  AppLayerGetTxIterTuple tuple = {
694  .tx_ptr = tx_ptr,
695  .tx_id = tx_id,
696  .has_next = (tx_id + 1 < max_tx_id),
697  };
698  SCLogDebug("tuple: %p/%"PRIu64"/%s", tuple.tx_ptr, tuple.tx_id,
699  tuple.has_next ? "true" : "false");
700  return tuple;
701  }
702  }
703 
704  AppLayerGetTxIterTuple no_tuple = { NULL, 0, false };
705  return no_tuple;
706 }
707 
708 AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto,
709  const AppProto alproto)
710 {
711  AppLayerGetTxIteratorFunc Func =
712  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTxIterator;
713  return Func ? Func : AppLayerDefaultGetTxIterator;
714 }
715 
716 uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate)
717 {
718  SCEnter();
719 
720  SCReturnCT((pstate == NULL) ? 0 : pstate->log_id, "uint64_t");
721 }
722 
723 void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id)
724 {
725  SCEnter();
726 
727  if (pstate != NULL)
728  pstate->log_id = tx_id;
729 
730  SCReturn;
731 }
732 
733 uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction)
734 {
735  SCEnter();
736 
737  if (pstate == NULL)
738  SCReturnCT(0ULL, "uint64_t");
739 
740  SCReturnCT(pstate->inspect_id[(direction & STREAM_TOSERVER) ? 0 : 1], "uint64_t");
741 }
742 
743 static inline uint64_t GetTxDetectFlags(AppLayerTxData *txd, const uint8_t dir)
744 {
745  uint64_t detect_flags =
746  (dir & STREAM_TOSERVER) ? txd->detect_flags_ts : txd->detect_flags_tc;
747  return detect_flags;
748 }
749 
750 static inline void SetTxDetectFlags(AppLayerTxData *txd, const uint8_t dir, const uint64_t detect_flags)
751 {
752  if (dir & STREAM_TOSERVER) {
753  txd->detect_flags_ts = detect_flags;
754  } else {
755  txd->detect_flags_tc = detect_flags;
756  }
757 }
758 
759 static inline uint32_t GetTxLogged(AppLayerTxData *txd)
760 {
761  return txd->logged.flags;
762 }
763 
764 void AppLayerParserSetTransactionInspectId(const Flow *f, AppLayerParserState *pstate,
765  void *alstate, const uint8_t flags,
766  bool tag_txs_as_inspected)
767 {
768  SCEnter();
769 
770  const int direction = (flags & STREAM_TOSERVER) ? 0 : 1;
771  const uint64_t total_txs = AppLayerParserGetTxCnt(f, alstate);
772  uint64_t idx = AppLayerParserGetTransactionInspectId(pstate, flags);
773  const int state_done_progress = AppLayerParserGetStateProgressCompletionStatus(f->alproto, flags);
774  const uint8_t ipproto = f->proto;
775  const AppProto alproto = f->alproto;
776 
777  AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(ipproto, alproto);
778  AppLayerGetTxIterState state;
779  memset(&state, 0, sizeof(state));
780 
781  SCLogDebug("called: %s, tag_txs_as_inspected %s",direction==0?"toserver":"toclient",
782  tag_txs_as_inspected?"true":"false");
783 
784  /* mark all txs as inspected if the applayer progress is
785  * at the 'end state'. */
786  while (1) {
787  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, idx, total_txs, &state);
788  if (ires.tx_ptr == NULL)
789  break;
790 
791  void *tx = ires.tx_ptr;
792  idx = ires.tx_id;
793 
794  int state_progress = AppLayerParserGetStateProgress(ipproto, alproto, tx, flags);
795  if (state_progress < state_done_progress)
796  break;
797 
798  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
799  if (txd && tag_txs_as_inspected) {
800  uint64_t detect_flags = GetTxDetectFlags(txd, flags);
801  if ((detect_flags & APP_LAYER_TX_INSPECTED_FLAG) == 0) {
802  detect_flags |= APP_LAYER_TX_INSPECTED_FLAG;
803  SetTxDetectFlags(txd, flags, detect_flags);
804  SCLogDebug("%p/%"PRIu64" in-order tx is done for direction %s. Flag %016"PRIx64,
805  tx, idx, flags & STREAM_TOSERVER ? "toserver" : "toclient", detect_flags);
806  }
807  }
808  idx++;
809  if (!ires.has_next)
810  break;
811  }
812  pstate->inspect_id[direction] = idx;
813  SCLogDebug("inspect_id now %"PRIu64, pstate->inspect_id[direction]);
814 
815  /* if necessary we flag all txs that are complete as 'inspected'
816  * also move inspect_id forward. */
817  if (tag_txs_as_inspected) {
818  /* continue at idx */
819  while (1) {
820  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, idx, total_txs, &state);
821  if (ires.tx_ptr == NULL)
822  break;
823 
824  void *tx = ires.tx_ptr;
825  /* if we got a higher id than the minimum we requested, we
826  * skipped a bunch of 'null-txs'. Lets see if we can up the
827  * inspect tracker */
828  if (ires.tx_id > idx && pstate->inspect_id[direction] == idx) {
829  pstate->inspect_id[direction] = ires.tx_id;
830  }
831  idx = ires.tx_id;
832 
833  const int state_progress = AppLayerParserGetStateProgress(ipproto, alproto, tx, flags);
834  if (state_progress < state_done_progress)
835  break;
836 
837  /* txd can be NULL for HTTP sessions where the user data alloc failed */
838  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
839  if (likely(txd)) {
840  uint64_t detect_flags = GetTxDetectFlags(txd, flags);
841  if ((detect_flags & APP_LAYER_TX_INSPECTED_FLAG) == 0) {
842  detect_flags |= APP_LAYER_TX_INSPECTED_FLAG;
843  SetTxDetectFlags(txd, flags, detect_flags);
844  SCLogDebug("%p/%"PRIu64" out of order tx is done for direction %s. Flag %016"PRIx64,
845  tx, idx, flags & STREAM_TOSERVER ? "toserver" : "toclient", detect_flags);
846 
847  SCLogDebug("%p/%"PRIu64" out of order tx. Update inspect_id? %"PRIu64,
848  tx, idx, pstate->inspect_id[direction]);
849  if (pstate->inspect_id[direction]+1 == idx)
850  pstate->inspect_id[direction] = idx;
851  }
852  } else {
853  if (pstate->inspect_id[direction]+1 == idx)
854  pstate->inspect_id[direction] = idx;
855  }
856  if (!ires.has_next)
857  break;
858  idx++;
859  }
860  }
861 
862  SCReturn;
863 }
864 
865 AppLayerDecoderEvents *AppLayerParserGetDecoderEvents(AppLayerParserState *pstate)
866 {
867  SCEnter();
868 
869  SCReturnPtr(pstate->decoder_events,
870  "AppLayerDecoderEvents *");
871 }
872 
873 void AppLayerParserSetDecoderEvents(AppLayerParserState *pstate, AppLayerDecoderEvents *devents)
874 {
875  pstate->decoder_events = devents;
876 }
877 
878 AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto,
879  void *tx)
880 {
881  SCEnter();
882 
883  AppLayerDecoderEvents *ptr = NULL;
884 
885  /* Access events via the tx_data. */
886  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
887  if (txd != NULL && txd->events != NULL) {
888  ptr = txd->events;
889  }
890 
891  SCReturnPtr(ptr, "AppLayerDecoderEvents *");
892 }
893 
894 FileContainer *AppLayerParserGetFiles(const Flow *f, const uint8_t direction)
895 {
896  SCEnter();
897 
898  FileContainer *ptr = NULL;
899 
900  if (alp_ctx.ctxs[f->protomap][f->alproto].StateGetFiles != NULL)
901  {
902  ptr = alp_ctx.ctxs[f->protomap][f->alproto].
903  StateGetFiles(f->alstate, direction);
904  }
905 
906  SCReturnPtr(ptr, "FileContainer *");
907 }
908 
909 #define IS_DISRUPTED(flags) ((flags) & (STREAM_DEPTH | STREAM_GAP))
910 
911 extern int g_detect_disabled;
912 extern bool g_file_logger_enabled;
913 extern bool g_filedata_logger_enabled;
914 
915 /**
916  * \brief remove obsolete (inspected and logged) transactions
917  */
918 void AppLayerParserTransactionsCleanup(Flow *f)
919 {
920  SCEnter();
921  DEBUG_ASSERT_FLOW_LOCKED(f);
922 
923  AppLayerParserProtoCtx *p = &alp_ctx.ctxs[f->protomap][f->alproto];
924  if (unlikely(p->StateTransactionFree == NULL))
925  SCReturn;
926 
927  const bool has_tx_detect_flags = !g_detect_disabled;
928  const uint8_t ipproto = f->proto;
929  const AppProto alproto = f->alproto;
930  void * const alstate = f->alstate;
931  AppLayerParserState * const alparser = f->alparser;
932 
933  if (alstate == NULL || alparser == NULL)
934  SCReturn;
935 
936  const uint64_t min = alparser->min_id;
937  const uint64_t total_txs = AppLayerParserGetTxCnt(f, alstate);
938  const LoggerId logger_expectation = AppLayerParserProtocolGetLoggerBits(ipproto, alproto);
939  const int tx_end_state_ts = AppLayerParserGetStateProgressCompletionStatus(alproto, STREAM_TOSERVER);
940  const int tx_end_state_tc = AppLayerParserGetStateProgressCompletionStatus(alproto, STREAM_TOCLIENT);
941  const uint8_t ts_disrupt_flags = FlowGetDisruptionFlags(f, STREAM_TOSERVER);
942  const uint8_t tc_disrupt_flags = FlowGetDisruptionFlags(f, STREAM_TOCLIENT);
943 
944  AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(ipproto, alproto);
945  AppLayerGetTxIterState state;
946  memset(&state, 0, sizeof(state));
947  uint64_t i = min;
948  uint64_t new_min = min;
949  SCLogDebug("start min %"PRIu64, min);
950  bool skipped = false;
951  const bool is_unidir =
952  AppLayerParserGetOptionFlags(f->protomap, f->alproto) & APP_LAYER_PARSER_OPT_UNIDIR_TXS;
953 
954  while (1) {
955  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, i, total_txs, &state);
956  if (ires.tx_ptr == NULL)
957  break;
958 
959  bool tx_skipped = false;
960  void *tx = ires.tx_ptr;
961  i = ires.tx_id; // actual tx id for the tx the IterFunc returned
962 
963  SCLogDebug("%p/%"PRIu64" checking", tx, i);
964 
965  const int tx_progress_tc =
966  AppLayerParserGetStateProgress(ipproto, alproto, tx, tc_disrupt_flags);
967  if (tx_progress_tc < tx_end_state_tc) {
968  SCLogDebug("%p/%"PRIu64" skipping: tc parser not done", tx, i);
969  skipped = true;
970  goto next;
971  }
972  const int tx_progress_ts =
973  AppLayerParserGetStateProgress(ipproto, alproto, tx, ts_disrupt_flags);
974  if (tx_progress_ts < tx_end_state_ts) {
975  SCLogDebug("%p/%"PRIu64" skipping: ts parser not done", tx, i);
976  skipped = true;
977  goto next;
978  }
979 
980  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
981  bool inspected = false;
982  if (txd && has_tx_detect_flags) {
983  if (!IS_DISRUPTED(ts_disrupt_flags) && f->sgh_toserver != NULL) {
984  uint64_t detect_flags_ts = GetTxDetectFlags(txd, STREAM_TOSERVER);
985  if (!(detect_flags_ts & APP_LAYER_TX_INSPECTED_FLAG)) {
986  SCLogDebug("%p/%"PRIu64" skipping: TS inspect not done: ts:%"PRIx64,
987  tx, i, detect_flags_ts);
988  tx_skipped = true;
989  } else {
990  inspected = true;
991  }
992  }
993  if (!IS_DISRUPTED(tc_disrupt_flags) && f->sgh_toclient != NULL) {
994  uint64_t detect_flags_tc = GetTxDetectFlags(txd, STREAM_TOCLIENT);
995  if (!(detect_flags_tc & APP_LAYER_TX_INSPECTED_FLAG)) {
996  SCLogDebug("%p/%"PRIu64" skipping: TC inspect not done: tc:%"PRIx64,
997  tx, i, detect_flags_tc);
998  tx_skipped = true;
999  } else {
1000  inspected = true;
1001  }
1002  }
1003  }
1004 
1005  // If not a unidirectional transaction both sides are required to have
1006  // been inspected.
1007  if (!is_unidir && tx_skipped) {
1008  SCLogDebug("%p/%" PRIu64 " !is_unidir && tx_skipped", tx, i);
1009  skipped = true;
1010  goto next;
1011  }
1012 
1013  // If this is a unidirectional transaction require only one side to be
1014  // inspected, which the inspected flag tells us. This is also guarded
1015  // with skip to limit this check to transactions that actually had the
1016  // tx inspected flag checked.
1017  if (is_unidir && tx_skipped && !inspected) {
1018  SCLogDebug("%p/%" PRIu64 " is_unidir && tx_skipped && !inspected", tx, i);
1019  skipped = true;
1020  goto next;
1021  }
1022 
1023  if (txd && logger_expectation != 0) {
1024  LoggerId tx_logged = GetTxLogged(txd);
1025  if (tx_logged != logger_expectation) {
1026  SCLogDebug("%p/%"PRIu64" skipping: logging not done: want:%"PRIx32", have:%"PRIx32,
1027  tx, i, logger_expectation, tx_logged);
1028  skipped = true;
1029  goto next;
1030  }
1031  }
1032 
1033  /* if file logging is enabled, we keep a tx active while some of the files aren't
1034  * logged yet. */
1035  if (txd && txd->files_opened) {
1036  if (g_file_logger_enabled && txd->files_opened != txd->files_logged) {
1037  skipped = true;
1038  goto next;
1039  }
1040  if (g_filedata_logger_enabled && txd->files_opened != txd->files_stored) {
1041  skipped = true;
1042  goto next;
1043  }
1044  }
1045 
1046  /* if we are here, the tx can be freed. */
1047  p->StateTransactionFree(alstate, i);
1048  SCLogDebug("%p/%"PRIu64" freed", tx, i);
1049 
1050  /* if we didn't skip any tx so far, up the minimum */
1051  SCLogDebug("skipped? %s i %"PRIu64", new_min %"PRIu64, skipped ? "true" : "false", i, new_min);
1052  if (!skipped)
1053  new_min = i + 1;
1054  SCLogDebug("final i %"PRIu64", new_min %"PRIu64, i, new_min);
1055 
1056 next:
1057  if (!ires.has_next) {
1058  /* this was the last tx. See if we skipped any. If not
1059  * we removed all and can update the minimum to the max
1060  * id. */
1061  SCLogDebug("no next: cur tx i %"PRIu64", total %"PRIu64, i, total_txs);
1062  if (!skipped) {
1063  new_min = total_txs;
1064  SCLogDebug("no next: cur tx i %"PRIu64", total %"PRIu64": "
1065  "new_min updated to %"PRIu64, i, total_txs, new_min);
1066  }
1067  break;
1068  }
1069  i++;
1070  }
1071 
1072  /* see if we need to bring all trackers up to date. */
1073  SCLogDebug("update f->alparser->min_id? %"PRIu64" vs %"PRIu64, new_min, alparser->min_id);
1074  if (new_min > alparser->min_id) {
1075  const uint64_t next_id = new_min;
1076  alparser->min_id = next_id;
1077  alparser->inspect_id[0] = MAX(alparser->inspect_id[0], next_id);
1078  alparser->inspect_id[1] = MAX(alparser->inspect_id[1], next_id);
1079  alparser->log_id = MAX(alparser->log_id, next_id);
1080  SCLogDebug("updated f->alparser->min_id %"PRIu64, alparser->min_id);
1081  }
1082  SCReturn;
1083 }
1084 
1085 static inline int StateGetProgressCompletionStatus(const AppProto alproto, const uint8_t flags)
1086 {
1087  if (flags & STREAM_TOSERVER) {
1088  return alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts;
1089  } else if (flags & STREAM_TOCLIENT) {
1090  return alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc;
1091  } else {
1092  DEBUG_VALIDATE_BUG_ON(1);
1093  return 0;
1094  }
1095 }
1096 
1097 /**
1098  * \brief get the progress value for a tx/protocol
1099  *
1100  * If the stream is disrupted, we return the 'completion' value.
1101  */
1102 int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto,
1103  void *alstate, uint8_t flags)
1104 {
1105  SCEnter();
1106  int r;
1107  if (unlikely(IS_DISRUPTED(flags))) {
1108  r = StateGetProgressCompletionStatus(alproto, flags);
1109  } else {
1110  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
1111  StateGetProgress(alstate, flags);
1112  }
1113  SCReturnInt(r);
1114 }
1115 
1116 uint64_t AppLayerParserGetTxCnt(const Flow *f, void *alstate)
1117 {
1118  SCEnter();
1119  uint64_t r = alp_ctx.ctxs[f->protomap][f->alproto].StateGetTxCnt(alstate);
1120  SCReturnCT(r, "uint64_t");
1121 }
1122 
1123 void *AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)
1124 {
1125  SCEnter();
1126  void *r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTx(alstate, tx_id);
1127  SCReturnPtr(r, "void *");
1128 }
1129 
1130 int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto,
1131  uint8_t direction)
1132 {
1133  SCEnter();
1134  int r = StateGetProgressCompletionStatus(alproto, direction);
1135  SCReturnInt(r);
1136 }
1137 
1138 int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name,
1139  int *event_id, AppLayerEventType *event_type)
1140 {
1141  SCEnter();
1142  const int ipproto_map = FlowGetProtoMapping(ipproto);
1143  int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo == NULL) ?
1144  -1 : alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo(event_name, event_id, event_type);
1145  SCReturnInt(r);
1146 }
1147 
1148 int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, int event_id,
1149  const char **event_name, AppLayerEventType *event_type)
1150 {
1151  SCEnter();
1152  const int ipproto_map = FlowGetProtoMapping(ipproto);
1153  *event_name = (const char *)NULL;
1154  int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfoById == NULL) ?
1155  -1 : alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfoById(event_id, event_name, event_type);
1156  SCReturnInt(r);
1157 }
1158 
1159 uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto)
1160 {
1161  SCEnter();
1162  uint8_t r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].first_data_dir;
1163  SCReturnCT(r, "uint8_t");
1164 }
1165 
1166 uint64_t AppLayerParserGetTransactionActive(const Flow *f,
1167  AppLayerParserState *pstate, uint8_t direction)
1168 {
1169  SCEnter();
1170 
1171  uint64_t active_id;
1172  uint64_t log_id = pstate->log_id;
1173  uint64_t inspect_id = pstate->inspect_id[(direction & STREAM_TOSERVER) ? 0 : 1];
1174  if (alp_ctx.ctxs[f->protomap][f->alproto].logger == true) {
1175  active_id = MIN(log_id, inspect_id);
1176  } else {
1177  active_id = inspect_id;
1178  }
1179 
1180  SCReturnCT(active_id, "uint64_t");
1181 }
1182 
1183 int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto)
1184 {
1185  // Custom case for only signature-only protocol so far
1186  if (alproto == ALPROTO_HTTP) {
1187  return AppLayerParserSupportsFiles(ipproto, ALPROTO_HTTP1) ||
1188  AppLayerParserSupportsFiles(ipproto, ALPROTO_HTTP2);
1189  }
1190  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetFiles != NULL)
1191  return TRUE;
1192  return FALSE;
1193 }
1194 
1195 AppLayerTxData *AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx)
1196 {
1197  SCEnter();
1198  AppLayerTxData *d = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxData(tx);
1199  SCReturnPtr(d, "AppLayerTxData");
1200 }
1201 
1202 void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto,
1203  void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig config)
1204 {
1205  SCEnter();
1206  const int ipproto_map = FlowGetProtoMapping(ipproto);
1207  if (alp_ctx.ctxs[ipproto_map][alproto].ApplyTxConfig) {
1208  alp_ctx.ctxs[ipproto_map][alproto].ApplyTxConfig(state, tx, mode, config);
1209  }
1210  SCReturn;
1211 }
1212 
1213 /***** General *****/
1214 
1215 static inline void SetEOFFlags(AppLayerParserState *pstate, const uint8_t flags)
1216 {
1217  if ((flags & (STREAM_EOF|STREAM_TOSERVER)) == (STREAM_EOF|STREAM_TOSERVER)) {
1218  SCLogDebug("setting APP_LAYER_PARSER_EOF_TS");
1219  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_EOF_TS);
1220  } else if ((flags & (STREAM_EOF|STREAM_TOCLIENT)) == (STREAM_EOF|STREAM_TOCLIENT)) {
1221  SCLogDebug("setting APP_LAYER_PARSER_EOF_TC");
1222  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_EOF_TC);
1223  }
1224 }
1225 
1226 static void Setup(Flow *f, const uint8_t direction, const uint8_t *input, uint32_t input_len,
1227  const uint8_t flags, StreamSlice *as)
1228 {
1229  memset(as, 0, sizeof(*as));
1230  as->input = input;
1231  as->input_len = input_len;
1232  as->flags = flags;
1233 
1234  if (f->proto == IPPROTO_TCP && f->protoctx != NULL) {
1235  TcpSession *ssn = f->protoctx;
1236  TcpStream *stream = (direction & STREAM_TOSERVER) ? &ssn->client : &ssn->server;
1237  as->offset = STREAM_APP_PROGRESS(stream);
1238  }
1239 }
1240 
1241 /** \retval int -1 in case of unrecoverable error. App-layer tracking stops for this flow.
1242  * \retval int 0 ok: we did not update app_progress
1243  * \retval int 1 ok: we updated app_progress */
1244 int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto,
1245  uint8_t flags, const uint8_t *input, uint32_t input_len)
1246 {
1247  SCEnter();
1248 #ifdef DEBUG_VALIDATION
1249  BUG_ON(f->protomap != FlowGetProtoMapping(f->proto));
1250 #endif
1251  AppLayerParserState *pstate = f->alparser;
1252  AppLayerParserProtoCtx *p = &alp_ctx.ctxs[f->protomap][alproto];
1253  StreamSlice stream_slice;
1254  void *alstate = NULL;
1255  uint64_t p_tx_cnt = 0;
1256  uint32_t consumed = input_len;
1257  const uint8_t direction = (flags & STREAM_TOSERVER) ? 0 : 1;
1258 
1259  /* we don't have the parser registered for this protocol */
1260  if (p->StateAlloc == NULL) {
1261  if (f->proto == IPPROTO_TCP) {
1262  StreamTcpDisableAppLayer(f);
1263  }
1264  goto end;
1265  }
1266 
1267  if (flags & STREAM_GAP) {
1268  if (!(p->option_flags & APP_LAYER_PARSER_OPT_ACCEPT_GAPS)) {
1269  SCLogDebug("app-layer parser does not accept gaps");
1270  if (f->alstate != NULL && !FlowChangeProto(f)) {
1271  AppLayerParserStreamTruncated(f->proto, alproto, f->alstate,
1272  flags);
1273  }
1274  AppLayerIncGapErrorCounter(tv, f);
1275  goto error;
1276  }
1277  }
1278 
1279  /* Get the parser state (if any) */
1280  if (pstate == NULL) {
1281  f->alparser = pstate = AppLayerParserStateAlloc();
1282  if (pstate == NULL) {
1283  AppLayerIncAllocErrorCounter(tv, f);
1284  goto error;
1285  }
1286  }
1287 
1288  SetEOFFlags(pstate, flags);
1289 
1290  alstate = f->alstate;
1291  if (alstate == NULL || FlowChangeProto(f)) {
1292  f->alstate = alstate = p->StateAlloc(alstate, f->alproto_orig);
1293  if (alstate == NULL) {
1294  AppLayerIncAllocErrorCounter(tv, f);
1295  goto error;
1296  }
1297  SCLogDebug("alloced new app layer state %p (name %s)",
1298  alstate, AppLayerGetProtoName(f->alproto));
1299  } else {
1300  SCLogDebug("using existing app layer state %p (name %s))",
1301  alstate, AppLayerGetProtoName(f->alproto));
1302  }
1303 
1304  p_tx_cnt = AppLayerParserGetTxCnt(f, f->alstate);
1305 
1306  /* invoke the recursive parser, but only on data. We may get empty msgs on EOF */
1307  if (input_len > 0 || (flags & STREAM_EOF)) {
1308  Setup(f, flags & (STREAM_TOSERVER | STREAM_TOCLIENT), input, input_len, flags,
1309  &stream_slice);
1310 #ifdef DEBUG
1311  if (((stream_slice.flags & STREAM_TOSERVER) &&
1312  stream_slice.offset >= g_eps_applayer_error_offset_ts)) {
1313  SCLogNotice("putting parser %s into an error state from toserver offset %" PRIu64,
1314  AppProtoToString(alproto), g_eps_applayer_error_offset_ts);
1315  AppLayerIncParserErrorCounter(tv, f);
1316  goto error;
1317  }
1318  if (((stream_slice.flags & STREAM_TOCLIENT) &&
1319  stream_slice.offset >= g_eps_applayer_error_offset_tc)) {
1320  SCLogNotice("putting parser %s into an error state from toclient offset %" PRIu64,
1321  AppProtoToString(alproto), g_eps_applayer_error_offset_tc);
1322  AppLayerIncParserErrorCounter(tv, f);
1323  goto error;
1324  }
1325 #endif
1326  /* invoke the parser */
1327  AppLayerResult res = p->Parser[direction](f, alstate, pstate, stream_slice,
1328  alp_tctx->alproto_local_storage[f->protomap][alproto]);
1329  if (res.status < 0) {
1330  AppLayerIncParserErrorCounter(tv, f);
1331  goto error;
1332  } else if (res.status > 0) {
1333  DEBUG_VALIDATE_BUG_ON(res.consumed > input_len);
1334  DEBUG_VALIDATE_BUG_ON(res.needed + res.consumed < input_len);
1335  DEBUG_VALIDATE_BUG_ON(res.needed == 0);
1336  /* incomplete is only supported for TCP */
1337  DEBUG_VALIDATE_BUG_ON(f->proto != IPPROTO_TCP);
1338 
1339  /* put protocol in error state on improper use of the
1340  * return codes. */
1341  if (res.consumed > input_len || res.needed + res.consumed < input_len) {
1342  AppLayerIncInternalErrorCounter(tv, f);
1343  goto error;
1344  }
1345 
1346  if (f->proto == IPPROTO_TCP && f->protoctx != NULL) {
1347  TcpSession *ssn = f->protoctx;
1348  SCLogDebug("direction %d/%s", direction,
1349  (flags & STREAM_TOSERVER) ? "toserver" : "toclient");
1350  if (direction == 0) {
1351  /* parser told us how much data it needs on top of what it
1352  * consumed. So we need tell stream engine how much we need
1353  * before the next call */
1354  ssn->client.data_required = res.needed;
1355  SCLogDebug("setting data_required %u", ssn->client.data_required);
1356  } else {
1357  /* parser told us how much data it needs on top of what it
1358  * consumed. So we need tell stream engine how much we need
1359  * before the next call */
1360  ssn->server.data_required = res.needed;
1361  SCLogDebug("setting data_required %u", ssn->server.data_required);
1362  }
1363  }
1364  consumed = res.consumed;
1365  }
1366  }
1367 
1368  /* set the packets to no inspection and reassembly if required */
1369  if (pstate->flags & APP_LAYER_PARSER_NO_INSPECTION) {
1370  AppLayerParserSetEOF(pstate);
1371  FlowSetNoPayloadInspectionFlag(f);
1372 
1373  if (f->proto == IPPROTO_TCP) {
1374  StreamTcpDisableAppLayer(f);
1375 
1376  /* Set the no reassembly flag for both the stream in this TcpSession */
1377  if (pstate->flags & APP_LAYER_PARSER_NO_REASSEMBLY) {
1378  /* Used only if it's TCP */
1379  TcpSession *ssn = f->protoctx;
1380  if (ssn != NULL) {
1381  StreamTcpSetSessionNoReassemblyFlag(ssn, 0);
1382  StreamTcpSetSessionNoReassemblyFlag(ssn, 1);
1383  }
1384  }
1385  /* Set the bypass flag for both the stream in this TcpSession */
1386  if (pstate->flags & APP_LAYER_PARSER_BYPASS_READY) {
1387  /* Used only if it's TCP */
1388  TcpSession *ssn = f->protoctx;
1389  if (ssn != NULL) {
1390  StreamTcpSetSessionBypassFlag(ssn);
1391  }
1392  }
1393  }
1394  }
1395 
1396  /* In cases like HeartBleed for TLS we need to inspect AppLayer but not Payload */
1397  if (!(f->flags & FLOW_NOPAYLOAD_INSPECTION) && pstate->flags & APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD) {
1398  FlowSetNoPayloadInspectionFlag(f);
1399  /* Set the no reassembly flag for both the stream in this TcpSession */
1400  if (f->proto == IPPROTO_TCP) {
1401  /* Used only if it's TCP */
1402  TcpSession *ssn = f->protoctx;
1403  if (ssn != NULL) {
1404  StreamTcpSetDisableRawReassemblyFlag(ssn, 0);
1405  StreamTcpSetDisableRawReassemblyFlag(ssn, 1);
1406  }
1407  }
1408  }
1409 
1410  /* get the diff in tx cnt for stats keeping */
1411  uint64_t cur_tx_cnt = AppLayerParserGetTxCnt(f, f->alstate);
1412  if (cur_tx_cnt > p_tx_cnt && tv) {
1413  AppLayerIncTxCounter(tv, f, cur_tx_cnt - p_tx_cnt);
1414  }
1415 
1416  /* stream truncated, inform app layer */
1417  if (flags & STREAM_DEPTH)
1418  AppLayerParserStreamTruncated(f->proto, alproto, alstate, flags);
1419 
1420  end:
1421  /* update app progress */
1422  if (consumed != input_len && f->proto == IPPROTO_TCP && f->protoctx != NULL) {
1423  TcpSession *ssn = f->protoctx;
1424  StreamTcpUpdateAppLayerProgress(ssn, direction, consumed);
1425  SCReturnInt(1);
1426  }
1427 
1428  SCReturnInt(0);
1429  error:
1430  /* Set the no app layer inspection flag for both
1431  * the stream in this Flow */
1432  if (f->proto == IPPROTO_TCP) {
1433  StreamTcpDisableAppLayer(f);
1434  }
1435  AppLayerParserSetEOF(pstate);
1436  SCReturnInt(-1);
1437 }
1438 
1439 void AppLayerParserSetEOF(AppLayerParserState *pstate)
1440 {
1441  SCEnter();
1442 
1443  if (pstate == NULL)
1444  goto end;
1445 
1446  SCLogDebug("setting APP_LAYER_PARSER_EOF_TC and APP_LAYER_PARSER_EOF_TS");
1447  AppLayerParserStateSetFlag(pstate, (APP_LAYER_PARSER_EOF_TS|APP_LAYER_PARSER_EOF_TC));
1448 
1449  end:
1450  SCReturn;
1451 }
1452 
1453 /* return true if there are app parser decoder events. These are
1454  * only the ones that are set during protocol detection. */
1455 bool AppLayerParserHasDecoderEvents(AppLayerParserState *pstate)
1456 {
1457  SCEnter();
1458 
1459  if (pstate == NULL)
1460  return false;
1461 
1462  const AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(pstate);
1463  if (decoder_events && decoder_events->cnt)
1464  return true;
1465 
1466  /* if we have reached here, we don't have events */
1467  return false;
1468 }
1469 
1470 /** \brief simple way to globally test if a alproto is registered
1471  * and fully enabled in the configuration.
1472  */
1473 int AppLayerParserIsEnabled(AppProto alproto)
1474 {
1475  for (int i = 0; i < FLOW_PROTO_APPLAYER_MAX; i++) {
1476  if (alp_ctx.ctxs[i][alproto].StateGetProgress != NULL) {
1477  return 1;
1478  }
1479  }
1480  return 0;
1481 }
1482 
1483 int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto)
1484 {
1485  SCEnter();
1486  int ipproto_map = FlowGetProtoMapping(ipproto);
1487  int r = (alp_ctx.ctxs[ipproto_map][alproto].logger == false) ? 0 : 1;
1488  SCReturnInt(r);
1489 }
1490 
1491 LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto)
1492 {
1493  SCEnter();
1494  const int ipproto_map = FlowGetProtoMapping(ipproto);
1495  LoggerId r = alp_ctx.ctxs[ipproto_map][alproto].logger_bits;
1496  SCReturnUInt(r);
1497 }
1498 
1499 void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
1500 {
1501  SCEnter();
1502 
1503  SCLogDebug("f %p tcp %p direction %d", f, f ? f->protoctx : NULL, direction);
1504  if (f != NULL && f->protoctx != NULL)
1505  StreamTcpReassembleTriggerRawReassembly(f->protoctx, direction);
1506 
1507  SCReturn;
1508 }
1509 
1510 void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth)
1511 {
1512  SCEnter();
1513 
1514  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].stream_depth = stream_depth;
1515  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].internal_flags |=
1516  APP_LAYER_PARSER_INT_STREAM_DEPTH_SET;
1517 
1518  SCReturn;
1519 }
1520 
1521 uint32_t AppLayerParserGetStreamDepth(const Flow *f)
1522 {
1523  SCReturnInt(alp_ctx.ctxs[f->protomap][f->alproto].stream_depth);
1524 }
1525 
1526 void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags)
1527 {
1528  SCEnter();
1529  void *tx = NULL;
1530  if (state != NULL) {
1531  if ((tx = AppLayerParserGetTx(ipproto, alproto, state, tx_id)) != NULL) {
1532  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag != NULL) {
1533  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag(tx, flags);
1534  }
1535  }
1536  }
1537  SCReturn;
1538 }
1539 
1540 int AppLayerParserGetFrameIdByName(uint8_t ipproto, AppProto alproto, const char *name)
1541 {
1542  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameIdByName != NULL) {
1543  return alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameIdByName(name);
1544  } else {
1545  return -1;
1546  }
1547 }
1548 
1549 const char *AppLayerParserGetFrameNameById(uint8_t ipproto, AppProto alproto, const uint8_t id)
1550 {
1551  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameNameById != NULL) {
1552  return alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameNameById(id);
1553  } else {
1554  return NULL;
1555  }
1556 }
1557 
1558 /***** Cleanup *****/
1559 
1560 void AppLayerParserStateProtoCleanup(
1561  uint8_t protomap, AppProto alproto, void *alstate, AppLayerParserState *pstate)
1562 {
1563  SCEnter();
1564 
1565  AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[protomap][alproto];
1566 
1567  if (ctx->StateFree != NULL && alstate != NULL)
1568  ctx->StateFree(alstate);
1569 
1570  /* free the app layer parser api state */
1571  if (pstate != NULL)
1572  AppLayerParserStateFree(pstate);
1573 
1574  SCReturn;
1575 }
1576 
1577 void AppLayerParserStateCleanup(const Flow *f, void *alstate, AppLayerParserState *pstate)
1578 {
1579  AppLayerParserStateProtoCleanup(f->protomap, f->alproto, alstate, pstate);
1580 }
1581 
1582 static void ValidateParserProtoDump(AppProto alproto, uint8_t ipproto)
1583 {
1584  uint8_t map = FlowGetProtoMapping(ipproto);
1585  const AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[map][alproto];
1586  printf("ERROR: incomplete app-layer registration\n");
1587  printf("AppLayer protocol %s ipproto %u\n", AppProtoToString(alproto), ipproto);
1588  printf("- option flags %"PRIx32"\n", ctx->option_flags);
1589  printf("- first_data_dir %"PRIx8"\n", ctx->first_data_dir);
1590  printf("Mandatory:\n");
1591  printf("- Parser[0] %p Parser[1] %p\n", ctx->Parser[0], ctx->Parser[1]);
1592  printf("- StateAlloc %p StateFree %p\n", ctx->StateAlloc, ctx->StateFree);
1593  printf("- StateGetTx %p StateGetTxCnt %p StateTransactionFree %p\n",
1594  ctx->StateGetTx, ctx->StateGetTxCnt, ctx->StateTransactionFree);
1595  printf("- GetTxData %p\n", ctx->GetTxData);
1596  printf("- StateGetProgress %p\n", ctx->StateGetProgress);
1597  printf("Optional:\n");
1598  printf("- LocalStorageAlloc %p LocalStorageFree %p\n", ctx->LocalStorageAlloc, ctx->LocalStorageFree);
1599  printf("- StateGetEventInfo %p StateGetEventInfoById %p\n", ctx->StateGetEventInfo,
1600  ctx->StateGetEventInfoById);
1601 }
1602 
1603 #define BOTH_SET(a, b) ((a) != NULL && (b) != NULL)
1604 #define BOTH_SET_OR_BOTH_UNSET(a, b) (((a) == NULL && (b) == NULL) || ((a) != NULL && (b) != NULL))
1605 #define THREE_SET_OR_THREE_UNSET(a, b, c) (((a) == NULL && (b) == NULL && (c) == NULL) || ((a) != NULL && (b) != NULL && (c) != NULL))
1606 #define THREE_SET(a, b, c) ((a) != NULL && (b) != NULL && (c) != NULL)
1607 
1608 static void ValidateParserProto(AppProto alproto, uint8_t ipproto)
1609 {
1610  uint8_t map = FlowGetProtoMapping(ipproto);
1611  const AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[map][alproto];
1612 
1613  if (ctx->Parser[0] == NULL && ctx->Parser[1] == NULL)
1614  return;
1615 
1616  if (!(BOTH_SET(ctx->Parser[0], ctx->Parser[1]))) {
1617  goto bad;
1618  }
1619  if (!(BOTH_SET(ctx->StateFree, ctx->StateAlloc))) {
1620  goto bad;
1621  }
1622  if (!(THREE_SET(ctx->StateGetTx, ctx->StateGetTxCnt, ctx->StateTransactionFree))) {
1623  goto bad;
1624  }
1625  if (ctx->StateGetProgress == NULL) {
1626  goto bad;
1627  }
1628  /* local storage is optional, but needs both set if used */
1629  if (!(BOTH_SET_OR_BOTH_UNSET(ctx->LocalStorageAlloc, ctx->LocalStorageFree))) {
1630  goto bad;
1631  }
1632  if (ctx->GetTxData == NULL) {
1633  goto bad;
1634  }
1635  return;
1636 bad:
1637  ValidateParserProtoDump(alproto, ipproto);
1638  exit(EXIT_FAILURE);
1639 }
1640 #undef BOTH_SET
1641 #undef BOTH_SET_OR_BOTH_UNSET
1642 #undef THREE_SET_OR_THREE_UNSET
1643 #undef THREE_SET
1644 
1645 static void ValidateParser(AppProto alproto)
1646 {
1647  ValidateParserProto(alproto, IPPROTO_TCP);
1648  ValidateParserProto(alproto, IPPROTO_UDP);
1649 }
1650 
1651 static void ValidateParsers(void)
1652 {
1653  AppProto p = 0;
1654  for ( ; p < ALPROTO_MAX; p++) {
1655  ValidateParser(p);
1656  }
1657 }
1658 
1659 void AppLayerParserRegisterProtocolParsers(void)
1660 {
1661  SCEnter();
1662 
1663  AppLayerConfg();
1664 
1665  RegisterHTPParsers();
1666  RegisterSSLParsers();
1667  rs_dcerpc_register_parser();
1668  rs_dcerpc_udp_register_parser();
1669  RegisterSMBParsers();
1670  RegisterFTPParsers();
1671  RegisterSSHParsers();
1672  RegisterSMTPParsers();
1673  rs_dns_udp_register_parser();
1674  rs_dns_tcp_register_parser();
1675  RegisterModbusParsers();
1676  RegisterENIPUDPParsers();
1677  RegisterENIPTCPParsers();
1678  RegisterDNP3Parsers();
1679  RegisterNFSTCPParsers();
1680  RegisterNFSUDPParsers();
1681  RegisterNTPParsers();
1682  RegisterTFTPParsers();
1683  RegisterIKEParsers();
1684  RegisterKRB5Parsers();
1685  rs_dhcp_register_parser();
1686  RegisterSNMPParsers();
1687  RegisterSIPParsers();
1688  RegisterQuicParsers();
1689  RegisterTemplateRustParsers();
1690  RegisterRFBParsers();
1691  RegisterMQTTParsers();
1692  rs_pgsql_register_parser();
1693  RegisterTemplateParsers();
1694  RegisterRdpParsers();
1695  RegisterHTTP2Parsers();
1696  rs_telnet_register_parser();
1697 
1698  /** IMAP */
1699  AppLayerProtoDetectRegisterProtocol(ALPROTO_IMAP, "imap");
1700  if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", "imap")) {
1701  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_IMAP,
1702  "1|20|capability", 12, 0, STREAM_TOSERVER) < 0)
1703  {
1704  SCLogInfo("imap proto registration failure");
1705  exit(EXIT_FAILURE);
1706  }
1707  } else {
1708  SCLogInfo("Protocol detection and parser disabled for %s protocol.",
1709  "imap");
1710  }
1711 
1712  ValidateParsers();
1713  return;
1714 }
1715 
1716 
1717 /* coccinelle: AppLayerParserStateSetFlag():2,2:APP_LAYER_PARSER_ */
1718 void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint8_t flag)
1719 {
1720  SCEnter();
1721  pstate->flags |= flag;
1722  SCReturn;
1723 }
1724 
1725 /* coccinelle: AppLayerParserStateIssetFlag():2,2:APP_LAYER_PARSER_ */
1726 int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag)
1727 {
1728  SCEnter();
1729  SCReturnInt(pstate->flags & flag);
1730 }
1731 
1732 
1733 void AppLayerParserStreamTruncated(uint8_t ipproto, AppProto alproto, void *alstate,
1734  uint8_t direction)
1735 {
1736  SCEnter();
1737 
1738  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate != NULL)
1739  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate(alstate, direction);
1740 
1741  SCReturn;
1742 }
1743 
1744 #ifdef DEBUG
1745 void AppLayerParserStatePrintDetails(AppLayerParserState *pstate)
1746 {
1747  SCEnter();
1748 
1749  if (pstate == NULL)
1750  SCReturn;
1751 
1752  AppLayerParserState *p = pstate;
1753  SCLogDebug("AppLayerParser parser state information for parser state p(%p). "
1754  "p->inspect_id[0](%"PRIu64"), "
1755  "p->inspect_id[1](%"PRIu64"), "
1756  "p->log_id(%"PRIu64"), "
1757  "p->decoder_events(%p).",
1758  pstate, p->inspect_id[0], p->inspect_id[1], p->log_id,
1759  p->decoder_events);
1760 
1761  SCReturn;
1762 }
1763 #endif
1764 
1765 /***** Unittests *****/
1766 
1767 #ifdef UNITTESTS
1768 
1769 static AppLayerParserCtx alp_ctx_backup_unittest;
1770 
1771 typedef struct TestState_ {
1772  uint8_t test;
1773 } TestState;
1774 
1775 /**
1776  * \brief Test parser function to test the memory deallocation of app layer
1777  * parser of occurence of an error.
1778  */
1779 static AppLayerResult TestProtocolParser(Flow *f, void *test_state, AppLayerParserState *pstate,
1780  StreamSlice stream_slice, void *local_data)
1781 {
1782  SCEnter();
1783  SCReturnStruct(APP_LAYER_ERROR);
1784 }
1785 
1786 /** \brief Function to allocates the Test protocol state memory
1787  */
1788 static void *TestProtocolStateAlloc(void *orig_state, AppProto proto_orig)
1789 {
1790  SCEnter();
1791  void *s = SCMalloc(sizeof(TestState));
1792  if (unlikely(s == NULL))
1793  goto end;
1794  memset(s, 0, sizeof(TestState));
1795  end:
1796  SCReturnPtr(s, "TestState");
1797 }
1798 
1799 /** \brief Function to free the Test Protocol state memory
1800  */
1801 static void TestProtocolStateFree(void *s)
1802 {
1803  SCFree(s);
1804 }
1805 
1806 static uint64_t TestGetTxCnt(void *state)
1807 {
1808  /* single tx */
1809  return 1;
1810 }
1811 
1812 static void TestStateTransactionFree(void *state, uint64_t tx_id)
1813 {
1814  /* do nothing */
1815 }
1816 
1817 static void *TestGetTx(void *state, uint64_t tx_id)
1818 {
1819  TestState *test_state = (TestState *)state;
1820  return test_state;
1821 }
1822 
1823 void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto,
1824  void (*RegisterUnittests)(void))
1825 {
1826  SCEnter();
1827  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
1828  RegisterUnittests = RegisterUnittests;
1829  SCReturn;
1830 }
1831 
1832 void AppLayerParserBackupParserTable(void)
1833 {
1834  SCEnter();
1835  alp_ctx_backup_unittest = alp_ctx;
1836  memset(&alp_ctx, 0, sizeof(alp_ctx));
1837  SCReturn;
1838 }
1839 
1840 void AppLayerParserRestoreParserTable(void)
1841 {
1842  SCEnter();
1843  alp_ctx = alp_ctx_backup_unittest;
1844  memset(&alp_ctx_backup_unittest, 0, sizeof(alp_ctx_backup_unittest));
1845  SCReturn;
1846 }
1847 
1848 /**
1849  * \test Test the deallocation of app layer parser memory on occurance of
1850  * error in the parsing process.
1851  */
1852 static int AppLayerParserTest01(void)
1853 {
1854  AppLayerParserBackupParserTable();
1855 
1856  Flow *f = NULL;
1857  uint8_t testbuf[] = { 0x11 };
1858  uint32_t testlen = sizeof(testbuf);
1859  TcpSession ssn;
1860  AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
1861 
1862  memset(&ssn, 0, sizeof(ssn));
1863 
1864  /* Register the Test protocol state and parser functions */
1865  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TEST, STREAM_TOSERVER, TestProtocolParser);
1866  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TEST,
1867  TestProtocolStateAlloc, TestProtocolStateFree);
1868  AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TEST, TestStateTransactionFree);
1869  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TEST, TestGetTx);
1870  AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TEST, TestGetTxCnt);
1871 
1872  f = UTHBuildFlow(AF_INET, "1.2.3.4", "4.3.2.1", 20, 40);
1873  FAIL_IF_NULL(f);
1874  f->protoctx = &ssn;
1875  f->alproto = ALPROTO_TEST;
1876  f->proto = IPPROTO_TCP;
1877 
1878  StreamTcpInitConfig(true);
1879 
1880  int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_TEST,
1881  STREAM_TOSERVER | STREAM_EOF, testbuf,
1882  testlen);
1883  FAIL_IF(r != -1);
1884 
1885  FAIL_IF(!(ssn.flags & STREAMTCP_FLAG_APP_LAYER_DISABLED));
1886 
1887  AppLayerParserRestoreParserTable();
1888  StreamTcpFreeConfig(true);
1889  UTHFreeFlow(f);
1890  PASS;
1891 }
1892 
1893 /**
1894  * \test Test the deallocation of app layer parser memory on occurance of
1895  * error in the parsing process for UDP.
1896  */
1897 static int AppLayerParserTest02(void)
1898 {
1899  AppLayerParserBackupParserTable();
1900 
1901  Flow *f = NULL;
1902  uint8_t testbuf[] = { 0x11 };
1903  uint32_t testlen = sizeof(testbuf);
1904  AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
1905 
1906  /* Register the Test protocol state and parser functions */
1907  AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_TEST, STREAM_TOSERVER,
1908  TestProtocolParser);
1909  AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_TEST,
1910  TestProtocolStateAlloc, TestProtocolStateFree);
1911  AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_TEST, TestStateTransactionFree);
1912  AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_TEST, TestGetTx);
1913  AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_TEST, TestGetTxCnt);
1914 
1915  f = UTHBuildFlow(AF_INET, "1.2.3.4", "4.3.2.1", 20, 40);
1916  FAIL_IF_NULL(f);
1917  f->alproto = ALPROTO_TEST;
1918  f->proto = IPPROTO_UDP;
1919  f->protomap = FlowGetProtoMapping(f->proto);
1920 
1921  StreamTcpInitConfig(true);
1922 
1923  int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_TEST,
1924  STREAM_TOSERVER | STREAM_EOF, testbuf,
1925  testlen);
1926  FAIL_IF(r != -1);
1927 
1928  AppLayerParserRestoreParserTable();
1929  StreamTcpFreeConfig(true);
1930  UTHFreeFlow(f);
1931  PASS;
1932 }
1933 
1934 
1935 void AppLayerParserRegisterUnittests(void)
1936 {
1937  SCEnter();
1938 
1939  int ip;
1940  AppProto alproto;
1941  AppLayerParserProtoCtx *ctx;
1942 
1943  for (ip = 0; ip < FLOW_PROTO_DEFAULT; ip++) {
1944  for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
1945  ctx = &alp_ctx.ctxs[ip][alproto];
1946  if (ctx->RegisterUnittests == NULL)
1947  continue;
1948  ctx->RegisterUnittests();
1949  }
1950  }
1951 
1952  UtRegisterTest("AppLayerParserTest01", AppLayerParserTest01);
1953  UtRegisterTest("AppLayerParserTest02", AppLayerParserTest02);
1954 
1955  SCReturn;
1956 }
1957 
1958 #endif
AppLayerParserProtoCtx_::Truncate
void(* Truncate)(void *, uint8_t)
Definition: app-layer-parser.c:114
app-layer-nfs-udp.h
ALPROTO_TEST
@ ALPROTO_TEST
Definition: app-layer-protos.h:72
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:510
AppLayerParserDeSetup
int AppLayerParserDeSetup(void)
Definition: app-layer-parser.c:296
TcpStream_
Definition: stream-tcp-private.h:109
FileContainer_
Definition: util-file.h:110
ts
uint64_t ts
Definition: source-erf-file.c:55
RegisterNTPParsers
void RegisterNTPParsers(void)
Definition: app-layer-ntp.c:38
AppLayerParserProtoCtx_::StateGetTxCnt
uint64_t(* StateGetTxCnt)(void *alstate)
Definition: app-layer-parser.c:118
g_applayerparser_error_policy
enum ExceptionPolicy g_applayerparser_error_policy
Definition: app-layer-parser.c:175
AppLayerParserProtoCtx_::logger_bits
uint32_t logger_bits
Definition: app-layer-parser.c:106
AppLayerParserProtoCtx_::complete_tc
int complete_tc
Definition: app-layer-parser.c:122
AppLayerParserProtoCtx_::GetTxData
AppLayerTxData *(* GetTxData)(void *tx)
Definition: app-layer-parser.c:128
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
RegisterTemplateRustParsers
void RegisterTemplateRustParsers(void)
Definition: app-layer-template-rust.c:48
app-layer-tftp.h
AppLayerParserCtx_::ctxs
AppLayerParserProtoCtx ctxs[FLOW_PROTO_MAX][ALPROTO_MAX]
Definition: app-layer-parser.c:152
app-layer-quic.h
AppLayerParserState_::log_id
uint64_t log_id
Definition: app-layer-parser.c:165
RegisterSMBParsers
void RegisterSMBParsers(void)
Definition: app-layer-smb.c:39
app-layer-ssh.h
RegisterIKEParsers
void RegisterIKEParsers(void)
Definition: app-layer-ike.c:40
AppLayerParserIsEnabled
int AppLayerParserIsEnabled(AppProto alproto)
simple way to globally test if a alproto is registered and fully enabled in the configuration.
Definition: app-layer-parser.c:1473
AppLayerParserRegisterLocalStorageFunc
void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto alproto, void *(*LocalStorageAlloc)(void), void(*LocalStorageFree)(void *))
Definition: app-layer-parser.c:457
BOTH_SET
#define BOTH_SET(a, b)
Definition: app-layer-parser.c:1603
AppLayerParserProtocolHasLogger
int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1483
AppLayerParserRegisterOptionFlags
void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto, uint32_t flags)
Definition: app-layer-parser.c:428
flow-util.h
FramesFree
void FramesFree(Frames *frames)
Definition: app-layer-frames.c:373
AppLayerParserSetStreamDepthFlag
void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags)
Definition: app-layer-parser.c:1526
RegisterQuicParsers
void RegisterQuicParsers(void)
Definition: app-layer-quic.c:37
AppLayerParserSetTransactionLogId
void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id)
Definition: app-layer-parser.c:723
g_filedata_logger_enabled
bool g_filedata_logger_enabled
Definition: output-filedata.c:38
AppLayerParserSetStreamDepth
void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth)
Definition: app-layer-parser.c:1510
ConfNode_::val
char * val
Definition: conf.h:34
stream-tcp.h
AppLayerParserApplyTxConfig
void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto, void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig config)
Definition: app-layer-parser.c:1202
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
AppLayerParserGetProtocolParserLocalStorage
void * AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:643
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
AppLayerParserProtoCtx_::LocalStorageFree
void(* LocalStorageFree)(void *)
Definition: app-layer-parser.c:112
AppLayerParserProtoCtx_
App layer protocol parser context.
Definition: app-layer-parser.c:95
RegisterSSHParsers
void RegisterSSHParsers(void)
Function to register the SSH protocol parsers and other functions.
Definition: app-layer-ssh.c:81
AppLayerParserProtoCtx_::StateGetTx
void *(* StateGetTx)(void *alstate, uint64_t tx_id)
Definition: app-layer-parser.c:119
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
AppLayerParserSetTransactionInspectId
void AppLayerParserSetTransactionInspectId(const Flow *f, AppLayerParserState *pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected)
Definition: app-layer-parser.c:764
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:41
AppLayerParserGetEventsByTx
AppLayerDecoderEvents * AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto, void *tx)
Definition: app-layer-parser.c:878
AppLayerGetTxIterator
AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto, const AppProto alproto)
Definition: app-layer-parser.c:708
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
RegisterModbusParsers
void RegisterModbusParsers(void)
Function to register the Modbus protocol parser.
Definition: app-layer-modbus.c:49
Flow_::proto
uint8_t proto
Definition: flow.h:378
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:80
StreamTcpSetDisableRawReassemblyFlag
void StreamTcpSetDisableRawReassemblyFlag(TcpSession *, char)
Set the No reassembly flag for the given direction in given TCP session.
Definition: stream-tcp.c:6060
AppLayerFramesSetupContainer
FramesContainer * AppLayerFramesSetupContainer(Flow *f)
Definition: app-layer-parser.c:206
AppLayerParserConfParserEnabled
int AppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:347
AppLayerParserGetStateProgress
int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto, void *alstate, uint8_t flags)
get the progress value for a tx/protocol
Definition: app-layer-parser.c:1102
AppLayerParserTriggerRawStreamReassembly
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
Definition: app-layer-parser.c:1499
FramesContainer::toserver
Frames toserver
Definition: app-layer-frames.h:76
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:175
threads.h
TcpStreamCnf_::reassembly_depth
uint32_t reassembly_depth
Definition: stream-tcp.h:60
flow-private.h
Flow_
Flow data structure.
Definition: flow.h:356
AppLayerIncGapErrorCounter
void AppLayerIncGapErrorCounter(ThreadVars *tv, Flow *f)
Definition: app-layer.c:130
APP_LAYER_PARSER_INT_STREAM_DEPTH_SET
#define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET
Definition: app-layer-parser.h:49
AppLayerEventType
enum AppLayerEventType_ AppLayerEventType
StreamTcpReassembleTriggerRawReassembly
void StreamTcpReassembleTriggerRawReassembly(TcpSession *ssn, int direction)
Trigger RAW stream reassembly.
Definition: stream-tcp-reassemble.c:2064
LoggerId
LoggerId
Definition: suricata-common.h:437
Flow_::protomap
uint8_t protomap
Definition: flow.h:458
AppLayerParserGetTransactionLogId
uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate)
Definition: app-layer-parser.c:716
AppProtoToString
const char * AppProtoToString(AppProto alproto)
Maps the ALPROTO_*, to its string equivalent.
Definition: app-layer-protos.c:30
AppLayerParserRegisterTruncateFunc
void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto, void(*Truncate)(void *, uint8_t))
Definition: app-layer-parser.c:500
AppLayerParserRegisterStateProgressCompletionStatus
void AppLayerParserRegisterStateProgressCompletionStatus(AppProto alproto, const int ts, const int tc)
Definition: app-layer-parser.c:562
AppLayerParserRegisterParserAcceptableDataDirection
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:417
AppLayerParserGetStateProgressCompletionStatus
int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:1130
AppLayerParserGetFirstDataDir
uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1159
AppLayerParserProtoIsRegistered
int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:243
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:521
FLOW_NOPAYLOAD_INSPECTION
#define FLOW_NOPAYLOAD_INSPECTION
Definition: flow.h:66
AppLayerParserSupportsFiles
int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1183
Flow_::alproto_orig
AppProto alproto_orig
Definition: flow.h:469
AppLayerParserStateProtoCleanup
void AppLayerParserStateProtoCleanup(uint8_t protomap, AppProto alproto, void *alstate, AppLayerParserState *pstate)
Definition: app-layer-parser.c:1560
AppLayerParserProtoCtx_::StateGetTxIterator
AppLayerGetTxIteratorFunc StateGetTxIterator
Definition: app-layer-parser.c:120
AppLayerParserThreadCtxFree
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
Definition: app-layer-parser.c:327
rust.h
MIN
#define MIN(x, y)
Definition: suricata-common.h:372
AppLayerDecoderEventsFreeEvents
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events)
Definition: app-layer-events.c:132
StreamTcpUpdateAppLayerProgress
void StreamTcpUpdateAppLayerProgress(TcpSession *ssn, char direction, const uint32_t progress)
update reassembly progress
Definition: stream-tcp.c:6026
FramesContainer
Definition: app-layer-frames.h:75
AppLayerParserGetFiles
FileContainer * AppLayerParserGetFiles(const Flow *f, const uint8_t direction)
Definition: app-layer-parser.c:894
APP_LAYER_TX_INSPECTED_FLAG
#define APP_LAYER_TX_INSPECTED_FLAG
Definition: app-layer-parser.h:80
stream-tcp-reassemble.h
AppLayerParserGetOptionFlags
uint32_t AppLayerParserGetOptionFlags(uint8_t protomap, AppProto alproto)
Definition: app-layer-parser.c:438
TestState
struct TestState_ TestState
app-layer-http2.h
RegisterSIPParsers
void RegisterSIPParsers(void)
Definition: app-layer-sip.c:30
app-layer-ftp.h
stream_config
TcpStreamCnf stream_config
Definition: stream-tcp.c:113
MAX
#define MAX(x, y)
Definition: suricata-common.h:376
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:42
ALPROTO_MAX
@ ALPROTO_MAX
Definition: app-layer-protos.h:75
Flow_::protoctx
void * protoctx
Definition: flow.h:454
TcpStream_::data_required
uint32_t data_required
Definition: stream-tcp-private.h:135
AppLayerIncAllocErrorCounter
void AppLayerIncAllocErrorCounter(ThreadVars *tv, Flow *f)
Definition: app-layer.c:138
AppLayerParserRegisterUnittests
void AppLayerParserRegisterUnittests(void)
Definition: app-layer-parser.c:1935
AppLayerParserGetTransactionInspectId
uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction)
Definition: app-layer-parser.c:733
RegisterKRB5Parsers
void RegisterKRB5Parsers(void)
Definition: app-layer-krb5.c:38
AppLayerDecoderEvents_
Data structure to store app layer decoder events.
Definition: app-layer-events.h:34
util-unittest.h
AppLayerParserProtoCtx_::ApplyTxConfig
bool(* ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig)
Definition: app-layer-parser.c:129
FlowGetReverseProtoMapping
uint8_t FlowGetReverseProtoMapping(uint8_t rproto)
Definition: flow-util.c:109
RegisterDNP3Parsers
void RegisterDNP3Parsers(void)
Register the DNP3 application protocol parser.
Definition: app-layer-dnp3.c:1564
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:521
util-unittest-helper.h
FTPParserCleanup
void FTPParserCleanup(void)
Free memory allocated for global FTP parser state.
Definition: app-layer-ftp.c:1473
TcpSession_::flags
uint16_t flags
Definition: stream-tcp-private.h:283
AppLayerParserGetEventInfoById
int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, int event_id, const char **event_name, AppLayerEventType *event_type)
Definition: app-layer-parser.c:1148
Flow_::sgh_toserver
const struct SigGroupHead_ * sgh_toserver
Definition: flow.h:496
AppLayerParserRestoreParserTable
void AppLayerParserRestoreParserTable(void)
Definition: app-layer-parser.c:1840
AppLayerParserState_::inspect_id
uint64_t inspect_id[2]
Definition: app-layer-parser.c:161
AppLayerParserFPtr
AppLayerResult(* AppLayerParserFPtr)(Flow *f, void *protocol_state, AppLayerParserState *pstate, StreamSlice stream_slice, void *local_storage)
Prototype for parsing functions.
Definition: app-layer-parser.h:140
AppLayerParserCtx
struct AppLayerParserCtx_ AppLayerParserCtx
Flow_::alparser
AppLayerParserState * alparser
Definition: flow.h:488
AppLayerParserRegisterProtocolParsers
void AppLayerParserRegisterProtocolParsers(void)
Definition: app-layer-parser.c:1659
app-layer-krb5.h
RegisterRFBParsers
void RegisterRFBParsers(void)
Definition: app-layer-rfb.c:54
StreamTcpInitConfig
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
Definition: stream-tcp.c:359
UTHBuildFlow
Flow * UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
Definition: util-unittest-helper.c:521
app-layer-htp.h
AppLayerParserStateIssetFlag
int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag)
Definition: app-layer-parser.c:1726
FramesContainer::toclient
Frames toclient
Definition: app-layer-frames.h:77
AppLayerParserProtoCtx_::stream_depth
uint32_t stream_depth
Definition: app-layer-parser.c:137
decode.h
util-debug.h
AppLayerParserState_
Definition: app-layer-parser.c:155
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
AppLayerParserProtoCtx_::GetFrameIdByName
AppLayerParserGetFrameIdByNameFn GetFrameIdByName
Definition: app-layer-parser.c:133
AppLayerParserGetFrameNameById
const char * AppLayerParserGetFrameNameById(uint8_t ipproto, AppProto alproto, const uint8_t id)
Definition: app-layer-parser.c:1549
AppLayerParserGetTransactionActive
uint64_t AppLayerParserGetTransactionActive(const Flow *f, AppLayerParserState *pstate, uint8_t direction)
Definition: app-layer-parser.c:1166
AppLayerParserProtoCtx_::logger
bool logger
Definition: app-layer-parser.c:99
app-layer-ike.h
AppLayerFramesFreeContainer
void AppLayerFramesFreeContainer(Flow *f)
Definition: app-layer-parser.c:191
FLOW_PROTO_DEFAULT
@ FLOW_PROTO_DEFAULT
Definition: flow-private.h:73
app-layer-dnp3.h
AppLayerParserStreamTruncated
void AppLayerParserStreamTruncated(uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction)
Definition: app-layer-parser.c:1733
res
PoolThreadReserved res
Definition: stream-tcp-private.h:0
alp_tctx
AppLayerParserThreadCtx * alp_tctx
Definition: fuzz_applayerparserparse.c:20
AppLayerParserRegisterLogger
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:491
app-layer-rfb.h
AppLayerParserRegisterGetFilesFunc
void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto, FileContainer *(*StateGetFiles)(void *, uint8_t))
Definition: app-layer-parser.c:471
util-print.h
AppLayerParserRegisterGetFrameFuncs
void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetIdByNameFunc, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:589
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
AppLayerParserProtoCtx_::SetStreamDepthFlag
void(* SetStreamDepthFlag)(void *tx, uint8_t flags)
Definition: app-layer-parser.c:131
AppLayerParserState_::min_id
uint64_t min_id
Definition: app-layer-parser.c:167
RegisterENIPTCPParsers
void RegisterENIPTCPParsers(void)
Function to register the ENIP protocol parsers and other functions.
Definition: app-layer-enip.c:526
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
AppLayerParserRegisterLoggerBits
void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits)
Definition: app-layer-parser.c:482
AppLayerParserProtoCtx_::StateGetEventInfo
int(* StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type)
Definition: app-layer-parser.c:125
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *))
Definition: app-layer-parser.c:444
detect-engine-port.h
APP_LAYER_PARSER_OPT_UNIDIR_TXS
#define APP_LAYER_PARSER_OPT_UNIDIR_TXS
Definition: app-layer-parser.h:47
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:39
IS_DISRUPTED
#define IS_DISRUPTED(flags)
Definition: app-layer-parser.c:909
AppLayerParserSetEOF
void AppLayerParserSetEOF(AppLayerParserState *pstate)
Definition: app-layer-parser.c:1439
EXCEPTION_POLICY_IGNORE
@ EXCEPTION_POLICY_IGNORE
Definition: util-exception-policy.h:26
AppLayerParserProtoCtx_::RegisterUnittests
void(* RegisterUnittests)(void)
Definition: app-layer-parser.c:147
AppLayerParserStateFree
void AppLayerParserStateFree(AppLayerParserState *pstate)
Definition: app-layer-parser.c:263
app-layer-parser.h
AppLayerParserStateCleanup
void AppLayerParserStateCleanup(const Flow *f, void *alstate, AppLayerParserState *pstate)
Definition: app-layer-parser.c:1577
TRUE
#define TRUE
Definition: suricata-common.h:33
AppLayerParserBackupParserTable
void AppLayerParserBackupParserTable(void)
Definition: app-layer-parser.c:1832
AppLayerParserProtoCtx_::StateGetEventInfoById
int(* StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type)
Definition: app-layer-parser.c:123
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:281
AppLayerDecoderEvents_::cnt
uint8_t cnt
Definition: app-layer-events.h:38
Flow_::sgh_toclient
const struct SigGroupHead_ * sgh_toclient
Definition: flow.h:493
RegisterNFSTCPParsers
void RegisterNFSTCPParsers(void)
Definition: app-layer-nfs-tcp.c:46
AppLayerParserProtoCtx_::GetFrameNameById
AppLayerParserGetFrameNameByIdFn GetFrameNameById
Definition: app-layer-parser.c:134
AppLayerParserProtoCtx
struct AppLayerParserProtoCtx_ AppLayerParserProtoCtx
App layer protocol parser context.
ExceptionPolicy
ExceptionPolicy
Definition: util-exception-policy.h:25
FALSE
#define FALSE
Definition: suricata-common.h:34
AppLayerParserSetup
int AppLayerParserSetup(void)
Definition: app-layer-parser.c:275
SCReturn
#define SCReturn
Definition: util-debug.h:302
RegisterFTPParsers
void RegisterFTPParsers(void)
Definition: app-layer-ftp.c:1335
stream.h
AppLayerParserRegisterProtocolUnittests
void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void))
Definition: app-layer-parser.c:1823
AppLayerGetTxIterState
Definition: app-layer-parser.h:143
AppLayerParserProtoCtx_::StateAlloc
void *(* StateAlloc)(void *, AppProto)
Definition: app-layer-parser.c:108
FlowGetProtoMapping
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition: flow-util.c:95
RegisterTFTPParsers
void RegisterTFTPParsers(void)
Definition: app-layer-tftp.c:159
ALPROTO_IMAP
@ ALPROTO_IMAP
Definition: app-layer-protos.h:35
stream-tcp-private.h
FLOW_PROTO_APPLAYER_MAX
#define FLOW_PROTO_APPLAYER_MAX
Definition: flow-private.h:79
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:43
SCReturnUInt
#define SCReturnUInt(x)
Definition: util-debug.h:306
conf.h
DEBUG_ASSERT_FLOW_LOCKED
#define DEBUG_ASSERT_FLOW_LOCKED(f)
Definition: util-validate.h:108
BOTH_SET_OR_BOTH_UNSET
#define BOTH_SET_OR_BOTH_UNSET(a, b)
Definition: app-layer-parser.c:1604
AppLayerParserThreadCtx_::alproto_local_storage
void * alproto_local_storage[FLOW_PROTO_MAX][ALPROTO_MAX]
Definition: app-layer-parser.c:87
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:599
AppLayerParserSetDecoderEvents
void AppLayerParserSetDecoderEvents(AppLayerParserState *pstate, AppLayerDecoderEvents *devents)
Definition: app-layer-parser.c:873
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:316
AppLayerParserProtoCtx_::StateFree
void(* StateFree)(void *)
Definition: app-layer-parser.c:109
detect-engine-state.h
Data structures and function prototypes for keeping state for the detection engine.
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1905
AppLayerParserRegisterSetStreamDepthFlag
void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void(*SetStreamDepthFlag)(void *tx, uint8_t flags))
Definition: app-layer-parser.c:631
app-layer-sip.h
AppLayerIncParserErrorCounter
void AppLayerIncParserErrorCounter(ThreadVars *tv, Flow *f)
Definition: app-layer.c:146
ALPROTO_HTTP2
@ ALPROTO_HTTP2
Definition: app-layer-protos.h:62
runmodes.h
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:273
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:217
RegisterRdpParsers
void RegisterRdpParsers(void)
Definition: app-layer-rdp.c:35
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:38
AppLayerParserGetTx
void * AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)
Definition: app-layer-parser.c:1123
g_detect_disabled
int g_detect_disabled
Definition: suricata.c:219
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:405
decode-events.h
UTHFreeFlow
void UTHFreeFlow(Flow *flow)
Definition: util-unittest-helper.c:526
AppLayerParserThreadCtxAlloc
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Definition: app-layer-parser.c:306
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:543
ConfigAction
ConfigAction
Definition: util-config.h:27
AppLayerParserProtoCtx_::Parser
AppLayerParserFPtr Parser[2]
Definition: app-layer-parser.c:97
app-layer-modbus.h
AppLayerParserProtoCtx_::StateTransactionFree
void(* StateTransactionFree)(void *, uint64_t)
Definition: app-layer-parser.c:110
app-layer-enip.h
SCReturnStruct
#define SCReturnStruct(x)
Definition: util-debug.h:320
app-layer-template-rust.h
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:2969
AppLayerParserProtoCtx_::option_flags
uint32_t option_flags
Definition: app-layer-parser.c:140
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
StreamTcpSetSessionNoReassemblyFlag
void StreamTcpSetSessionNoReassemblyFlag(TcpSession *, char)
disable reassembly
Definition: stream-tcp.c:6044
AppLayerParserTransactionsCleanup
void AppLayerParserTransactionsCleanup(Flow *f)
remove obsolete (inspected and logged) transactions
Definition: app-layer-parser.c:918
StreamTcpFreeConfig
void StreamTcpFreeConfig(bool quiet)
Definition: stream-tcp.c:666
ExceptionPolicyParse
enum ExceptionPolicy ExceptionPolicyParse(const char *option, const bool support_flow)
Definition: util-exception-policy.c:66
flags
uint8_t flags
Definition: decode-gre.h:0
AppLayerParserParse
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
Definition: app-layer-parser.c:1244
AppLayerParserGetFrameNameByIdFn
const char *(* AppLayerParserGetFrameNameByIdFn)(const uint8_t id)
Definition: app-layer-parser.h:159
StreamTcpDisableAppLayer
void StreamTcpDisableAppLayer(Flow *f)
Definition: stream-tcp-reassemble.c:431
suricata-common.h
AppLayerParserGetFrameIdByName
int AppLayerParserGetFrameIdByName(uint8_t ipproto, AppProto alproto, const char *name)
Definition: app-layer-parser.c:1540
ALPROTO_HTTP1
@ ALPROTO_HTTP1
Definition: app-layer-protos.h:30
AppLayerParserProtoCtx_::internal_flags
uint32_t internal_flags
Definition: app-layer-parser.c:143
util-spm.h
AppLayerParserRegisterApplyTxConfigFunc
void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto, bool(*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig))
Definition: app-layer-parser.c:621
AppLayerParserProtoCtx_::StateGetFiles
FileContainer *(* StateGetFiles)(void *, uint8_t)
Definition: app-layer-parser.c:115
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
RegisterENIPUDPParsers
void RegisterENIPUDPParsers(void)
Function to register the ENIP protocol parsers and other functions.
Definition: app-layer-enip.c:443
AppLayerIncInternalErrorCounter
void AppLayerIncInternalErrorCounter(ThreadVars *tv, Flow *f)
Definition: app-layer.c:154
AppLayerParserGetTxData
AppLayerTxData * AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx)
Definition: app-layer-parser.c:1195
FatalError
#define FatalError(x,...)
Definition: util-debug.h:532
AppLayerParserRegisterTxDataFunc
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx))
Definition: app-layer-parser.c:611
TcpSession_::client
TcpStream client
Definition: stream-tcp-private.h:287
AppLayerParserGetStreamDepth
uint32_t AppLayerParserGetStreamDepth(const Flow *f)
Definition: app-layer-parser.c:1521
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:29
util-validate.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
RegisterSNMPParsers
void RegisterSNMPParsers(void)
Definition: app-layer-snmp.c:39
APP_LAYER_PARSER_OPT_ACCEPT_GAPS
#define APP_LAYER_PARSER_OPT_ACCEPT_GAPS
Definition: app-layer-parser.h:46
TcpSession_::server
TcpStream server
Definition: stream-tcp-private.h:286
AppLayerParserRegisterGetTxIterator
void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func)
Definition: app-layer-parser.c:554
AppLayerFramesGetContainer
FramesContainer * AppLayerFramesGetContainer(Flow *f)
Definition: app-layer-parser.c:199
AppLayerParserProtoCtx_::complete_ts
int complete_ts
Definition: app-layer-parser.c:121
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
Flow_::alstate
void * alstate
Definition: flow.h:489
SC_ERR_FATAL
@ SC_ERR_FATAL
Definition: util-error.h:203
AppLayerParserPostStreamSetup
void AppLayerParserPostStreamSetup(void)
Definition: app-layer-parser.c:282
app-layer-template.h
Flow_::flags
uint32_t flags
Definition: flow.h:434
AppLayerParserGetDecoderEvents
AppLayerDecoderEvents * AppLayerParserGetDecoderEvents(AppLayerParserState *pstate)
Definition: app-layer-parser.c:865
THREE_SET
#define THREE_SET(a, b, c)
Definition: app-layer-parser.c:1606
TestState_::test
uint8_t test
Definition: app-layer-parser.c:1772
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:577
AppLayerGetProtoName
const char * AppLayerGetProtoName(AppProto alproto)
Given the internal protocol id, returns a string representation of the protocol.
Definition: app-layer.c:928
UTHAppLayerParserStateGetIds
void UTHAppLayerParserStateGetIds(void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min)
Definition: app-layer-parser.c:229
ConfValIsFalse
int ConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:546
RegisterHTPParsers
void RegisterHTPParsers(void)
Register the HTTP protocol and state handling functions to APP layer of the engine.
Definition: app-layer-htp.c:3160
ALPROTO_HTTP
@ ALPROTO_HTTP
Definition: app-layer-protos.h:66
AppLayerIncTxCounter
void AppLayerIncTxCounter(ThreadVars *tv, Flow *f, uint64_t step)
Definition: app-layer.c:122
app-layer-snmp.h
RegisterSMTPParsers
void RegisterSMTPParsers(void)
Register the SMTP Protocol parser.
Definition: app-layer-smtp.c:1740
AppLayerParserStateAlloc
AppLayerParserState * AppLayerParserStateAlloc(void)
Definition: app-layer-parser.c:250
SCReturnCT
#define SCReturnCT(x, type)
Definition: util-debug.h:314
app-layer-protos.h
RegisterTemplateParsers
void RegisterTemplateParsers(void)
Definition: app-layer-template.c:447
STREAMTCP_FLAG_APP_LAYER_DISABLED
#define STREAMTCP_FLAG_APP_LAYER_DISABLED
Definition: stream-tcp-private.h:202
AppLayerParserState_::decoder_events
AppLayerDecoderEvents * decoder_events
Definition: app-layer-parser.c:170
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:532
APP_LAYER_ERROR
#define APP_LAYER_ERROR
Definition: app-layer-parser.h:91
app-layer-smb.h
FLOW_PROTO_MAX
@ FLOW_PROTO_MAX
Definition: flow-private.h:76
app-layer-mqtt.h
AppLayerParserProtoCtx_::StateGetProgress
int(* StateGetProgress)(void *alstate, uint8_t direction)
Definition: app-layer-parser.c:117
AppLayerParserProtocolGetLoggerBits
LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1491
AppLayerParserStateSetFlag
void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint8_t flag)
Definition: app-layer-parser.c:1718
AppLayerParserCtx_
Definition: app-layer-parser.c:151
AppLayerGetTxIteratorFunc
AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc)(const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state)
tx iterator prototype
Definition: app-layer-parser.h:152
g_file_logger_enabled
bool g_file_logger_enabled
Definition: output-file.c:37
likely
#define likely(expr)
Definition: util-optimize.h:32
RegisterHTTP2Parsers
void RegisterHTTP2Parsers(void)
Definition: app-layer-http2.c:56
STREAM_APP_PROGRESS
#define STREAM_APP_PROGRESS(stream)
Definition: stream-tcp-private.h:147
AppLayerParserThreadCtx_
Definition: app-layer-parser.c:86
AppLayerProtoDetectPMRegisterPatternCS
int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1801
app-layer-smtp.h
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:40
FlowChangeProto
int FlowChangeProto(Flow *f)
Check if change proto flag is set for flow.
Definition: flow.c:212
FlowGetDisruptionFlags
uint8_t FlowGetDisruptionFlags(const Flow *f, uint8_t flags)
get 'disruption' flags: GAP/DEPTH/PASS
Definition: flow.c:1140
TcpSession_
Definition: stream-tcp-private.h:274
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:232
RegisterNFSUDPParsers
void RegisterNFSUDPParsers(void)
Definition: app-layer-nfs-udp.c:62
Flow_::alproto
AppProto alproto
application level protocol
Definition: flow.h:463
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
AppLayerParserDestroyProtocolParserLocalStorage
void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto, void *local_data)
Definition: app-layer-parser.c:658
util-pool.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
AppLayerParserGetTxCnt
uint64_t AppLayerParserGetTxCnt(const Flow *f, void *alstate)
Definition: app-layer-parser.c:1116
AppLayerProtoDetectConfProtoDetectionEnabled
int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:2074
SMTPParserCleanup
void SMTPParserCleanup(void)
Free memory allocated for global SMTP parser state.
Definition: app-layer-smtp.c:1794
AppLayerParserHasDecoderEvents
bool AppLayerParserHasDecoderEvents(AppLayerParserState *pstate)
Definition: app-layer-parser.c:1455
RegisterMQTTParsers
void RegisterMQTTParsers(void)
Definition: app-layer-mqtt.c:37
AppLayerParserGetFrameIdByNameFn
int(* AppLayerParserGetFrameIdByNameFn)(const char *frame_name)
Definition: app-layer-parser.h:158
AppLayerDecoderEvents_::events
uint8_t * events
Definition: app-layer-events.h:36
AppLayerParserState_::frames
FramesContainer * frames
Definition: app-layer-parser.c:172
StreamTcpSetSessionBypassFlag
void StreamTcpSetSessionBypassFlag(TcpSession *)
enable bypass
Definition: stream-tcp.c:6071
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:111
app-layer-ssl.h
TestState_
Definition: app-layer-parser.c:1771
app-layer-ntp.h
debug.h
AppLayerParserState_::flags
uint8_t flags
Definition: app-layer-parser.c:157
AppLayerParserProtoCtx_::LocalStorageAlloc
void *(* LocalStorageAlloc)(void)
Definition: app-layer-parser.c:111
app-layer-nfs-tcp.h
app-layer-rdp.h
app-layer.h
AppLayerParserGetEventInfo
int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name, int *event_id, AppLayerEventType *event_type)
Definition: app-layer-parser.c:1138
AppLayerParserProtoCtx_::first_data_dir
uint8_t first_data_dir
Definition: app-layer-parser.c:104