suricata
app-layer-parser.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2021 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Generic App-layer parsing functions.
24  */
25 
26 #include "suricata-common.h"
27 #include "app-layer-parser.h"
28 
29 #include "flow.h"
30 #include "flow-private.h"
31 #include "flow-util.h"
32 
33 #include "app-layer-frames.h"
34 
35 #include "stream-tcp.h"
36 
37 #include "util-validate.h"
38 
39 #include "app-layer.h"
40 #include "app-layer-detect-proto.h"
41 
42 #include "app-layer-ftp.h"
43 #include "app-layer-smtp.h"
44 
45 #include "app-layer-smb.h"
46 #include "app-layer-htp.h"
47 #include "app-layer-ssl.h"
48 #include "app-layer-ssh.h"
49 #include "app-layer-modbus.h"
50 #include "app-layer-dnp3.h"
51 #include "app-layer-nfs-tcp.h"
52 #include "app-layer-nfs-udp.h"
53 #include "app-layer-tftp.h"
54 #include "app-layer-ike.h"
55 #include "app-layer-http2.h"
56 #include "app-layer-imap.h"
57 
58 struct AppLayerParserThreadCtx_ {
59  void *alproto_local_storage[FLOW_PROTO_MAX][ALPROTO_MAX];
60 };
61 
62 
63 /**
64  * \brief App layer protocol parser context.
65  */
66 typedef struct AppLayerParserProtoCtx_
67 {
68  /* 0 - to_server, 1 - to_client. */
69  AppLayerParserFPtr Parser[2];
70 
71  bool logger;
72 
73  /* Indicates the direction the parser is ready to see the data
74  * the first time for a flow. Values accepted -
75  * STREAM_TOSERVER, STREAM_TOCLIENT */
76  uint8_t first_data_dir;
77 
78  uint32_t logger_bits; /**< registered loggers for this proto */
79 
80  void *(*StateAlloc)(void *, AppProto);
81  void (*StateFree)(void *);
82  void (*StateTransactionFree)(void *, uint64_t);
83  void *(*LocalStorageAlloc)(void);
84  void (*LocalStorageFree)(void *);
85 
86  /** get FileContainer reference from the TX. MUST return a non-NULL reference if the TX
87  * has or may have files in the requested direction at some point. */
88  AppLayerGetFileState (*GetTxFiles)(void *, uint8_t);
89 
90  int (*StateGetProgress)(void *alstate, uint8_t direction);
91  uint64_t (*StateGetTxCnt)(void *alstate);
92  void *(*StateGetTx)(void *alstate, uint64_t tx_id);
93  AppLayerGetTxIteratorFunc StateGetTxIterator;
94  int complete_ts;
95  int complete_tc;
96  int (*StateGetEventInfoById)(
97  uint8_t event_id, const char **event_name, AppLayerEventType *event_type);
98  int (*StateGetEventInfo)(
99  const char *event_name, uint8_t *event_id, AppLayerEventType *event_type);
100 
101  AppLayerStateData *(*GetStateData)(void *state);
102  AppLayerTxData *(*GetTxData)(void *tx);
103  bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig);
104 
105  void (*SetStreamDepthFlag)(void *tx, uint8_t flags);
106 
107  AppLayerParserGetFrameIdByNameFn GetFrameIdByName;
108  AppLayerParserGetFrameNameByIdFn GetFrameNameById;
109 
110  /* each app-layer has its own value */
111  uint32_t stream_depth;
112 
113  /* Option flags such as supporting gaps or not. */
114  uint32_t option_flags;
115  /* coccinelle: AppLayerParserProtoCtx:option_flags:APP_LAYER_PARSER_OPT_ */
116 
117  uint32_t internal_flags;
118  /* coccinelle: AppLayerParserProtoCtx:internal_flags:APP_LAYER_PARSER_INT_ */
119 
120 #ifdef UNITTESTS
121  void (*RegisterUnittests)(void);
122 #endif
123 } AppLayerParserProtoCtx;
124 
125 typedef struct AppLayerParserCtx_ {
126  AppLayerParserProtoCtx ctxs[FLOW_PROTO_MAX][ALPROTO_MAX];
127 } AppLayerParserCtx;
128 
129 struct AppLayerParserState_ {
130  /* coccinelle: AppLayerParserState:flags:APP_LAYER_PARSER_ */
131  uint16_t flags;
132 
133  /* Indicates the current transaction that is being inspected.
134  * We have a var per direction. */
135  uint64_t inspect_id[2];
136  /* Indicates the current transaction being logged. Unlike inspect_id,
137  * we don't need a var per direction since we don't log a transaction
138  * unless we have the entire transaction. */
139  uint64_t log_id;
140 
141  uint64_t min_id;
142 
143  /* Used to store decoder events. */
144  AppLayerDecoderEvents *decoder_events;
145 
146  FramesContainer *frames;
147 };
148 
149 enum ExceptionPolicy g_applayerparser_error_policy = EXCEPTION_POLICY_NOT_SET;
150 
151 static void AppLayerConfig(void)
152 {
153  g_applayerparser_error_policy = ExceptionPolicyParse("app-layer.error-policy", true);
154 }
155 
156 static void AppLayerParserFramesFreeContainer(FramesContainer *frames)
157 {
158  if (frames != NULL) {
159  FramesFree(&frames->toserver);
160  FramesFree(&frames->toclient);
161  SCFree(frames);
162  }
163 }
164 
165 void AppLayerFramesFreeContainer(Flow *f)
166 {
167  if (f == NULL || f->alparser == NULL || f->alparser->frames == NULL)
168  return;
169  AppLayerParserFramesFreeContainer(f->alparser->frames);
170  f->alparser->frames = NULL;
171 }
172 
173 FramesContainer *AppLayerFramesGetContainer(Flow *f)
174 {
175  if (f == NULL || f->alparser == NULL)
176  return NULL;
177  return f->alparser->frames;
178 }
179 
180 FramesContainer *AppLayerFramesSetupContainer(Flow *f)
181 {
182 #ifdef UNITTESTS
183  if (f == NULL || f->alparser == NULL || (f->proto == IPPROTO_TCP && f->protoctx == NULL))
184  return NULL;
185 #endif
186  DEBUG_VALIDATE_BUG_ON(f == NULL || f->alparser == NULL);
187  if (f->alparser->frames == NULL) {
188  f->alparser->frames = SCCalloc(1, sizeof(FramesContainer));
189  if (f->alparser->frames == NULL) {
190  return NULL;
191  }
192 #ifdef DEBUG
193  f->alparser->frames->toserver.ipproto = f->proto;
194  f->alparser->frames->toserver.alproto = f->alproto;
195  f->alparser->frames->toclient.ipproto = f->proto;
196  f->alparser->frames->toclient.alproto = f->alproto;
197 #endif
198  }
199  return f->alparser->frames;
200 }
201 
202 #ifdef UNITTESTS
203 void UTHAppLayerParserStateGetIds(void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min)
204 {
205  struct AppLayerParserState_ *s = ptr;
206  *i1 = s->inspect_id[0];
207  *i2 = s->inspect_id[1];
208  *log = s->log_id;
209  *min = s->min_id;
210 }
211 #endif
212 
213 /* Static global version of the parser context.
214  * Post 2.0 let's look at changing this to move it out to app-layer.c. */
215 static AppLayerParserCtx alp_ctx;
216 
217 int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto)
218 {
219  uint8_t ipproto_map = FlowGetProtoMapping(ipproto);
220 
221  return (alp_ctx.ctxs[ipproto_map][alproto].StateAlloc != NULL) ? 1 : 0;
222 }
223 
224 AppLayerParserState *AppLayerParserStateAlloc(void)
225 {
226  SCEnter();
227 
228  AppLayerParserState *pstate = (AppLayerParserState *)SCCalloc(1, sizeof(*pstate));
229  if (pstate == NULL)
230  goto end;
231 
232  end:
233  SCReturnPtr(pstate, "AppLayerParserState");
234 }
235 
236 void AppLayerParserStateFree(AppLayerParserState *pstate)
237 {
238  SCEnter();
239 
240  if (pstate->decoder_events != NULL)
241  AppLayerDecoderEventsFreeEvents(&pstate->decoder_events);
242  AppLayerParserFramesFreeContainer(pstate->frames);
243  SCFree(pstate);
244 
245  SCReturn;
246 }
247 
248 int AppLayerParserSetup(void)
249 {
250  SCEnter();
251  memset(&alp_ctx, 0, sizeof(alp_ctx));
252  SCReturnInt(0);
253 }
254 
255 void AppLayerParserPostStreamSetup(void)
256 {
257  /* lets set a default value for stream_depth */
258  for (int flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) {
259  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
260  if (!(alp_ctx.ctxs[flow_proto][alproto].internal_flags &
261  APP_LAYER_PARSER_INT_STREAM_DEPTH_SET)) {
262  alp_ctx.ctxs[flow_proto][alproto].stream_depth =
263  stream_config.reassembly_depth;
264  }
265  }
266  }
267 }
268 
269 int AppLayerParserDeSetup(void)
270 {
271  SCEnter();
272 
273  FTPParserCleanup();
274  SMTPParserCleanup();
275 
276  SCReturnInt(0);
277 }
278 
279 AppLayerParserThreadCtx *AppLayerParserThreadCtxAlloc(void)
280 {
281  SCEnter();
282 
283  AppLayerParserThreadCtx *tctx = SCCalloc(1, sizeof(*tctx));
284  if (tctx == NULL)
285  goto end;
286 
287  for (uint8_t flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) {
288  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
289  uint8_t ipproto = FlowGetReverseProtoMapping(flow_proto);
290 
291  tctx->alproto_local_storage[flow_proto][alproto] =
292  AppLayerParserGetProtocolParserLocalStorage(ipproto, alproto);
293  }
294  }
295 
296  end:
297  SCReturnPtr(tctx, "void *");
298 }
299 
300 void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
301 {
302  SCEnter();
303 
304  for (uint8_t flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) {
305  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
306  uint8_t ipproto = FlowGetReverseProtoMapping(flow_proto);
307 
308  AppLayerParserDestroyProtocolParserLocalStorage(ipproto, alproto,
309  tctx->alproto_local_storage[flow_proto][alproto]);
310  }
311  }
312 
313  SCFree(tctx);
314  SCReturn;
315 }
316 
317 /** \brief check if a parser is enabled in the config
318  * Returns enabled always if: were running unittests
319  */
320 int AppLayerParserConfParserEnabled(const char *ipproto,
321  const char *alproto_name)
322 {
323  SCEnter();
324 
325  int enabled = 1;
326  char param[100];
327  ConfNode *node;
328  int r;
329 
330  if (RunmodeIsUnittests())
331  goto enabled;
332 
333  r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
334  alproto_name, ".enabled");
335  if (r < 0) {
336  FatalError("snprintf failure.");
337  } else if (r > (int)sizeof(param)) {
338  FatalError("buffer not big enough to write param.");
339  }
340 
341  node = ConfGetNode(param);
342  if (node == NULL) {
343  SCLogDebug("Entry for %s not found.", param);
344  r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
345  alproto_name, ".", ipproto, ".enabled");
346  if (r < 0) {
347  FatalError("snprintf failure.");
348  } else if (r > (int)sizeof(param)) {
349  FatalError("buffer not big enough to write param.");
350  }
351 
352  node = ConfGetNode(param);
353  if (node == NULL) {
354  SCLogDebug("Entry for %s not found.", param);
355  goto enabled;
356  }
357  }
358 
359  if (ConfValIsTrue(node->val)) {
360  goto enabled;
361  } else if (ConfValIsFalse(node->val)) {
362  goto disabled;
363  } else if (strcasecmp(node->val, "detection-only") == 0) {
364  goto disabled;
365  } else {
366  SCLogError("Invalid value found for %s.", param);
367  exit(EXIT_FAILURE);
368  }
369 
370  disabled:
371  enabled = 0;
372  enabled:
373  SCReturnInt(enabled);
374 }
375 
376 /***** Parser related registration *****/
377 
378 int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto,
379  uint8_t direction,
380  AppLayerParserFPtr Parser)
381 {
382  SCEnter();
383 
384  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
385  Parser[(direction & STREAM_TOSERVER) ? 0 : 1] = Parser;
386 
387  SCReturnInt(0);
388 }
389 
390 void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto,
391  uint8_t direction)
392 {
393  SCEnter();
394 
395  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].first_data_dir |=
396  (direction & (STREAM_TOSERVER | STREAM_TOCLIENT));
397 
398  SCReturn;
399 }
400 
401 void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto,
402  uint32_t flags)
403 {
404  SCEnter();
405 
406  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].option_flags |= flags;
407 
408  SCReturn;
409 }
410 
411 void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto,
412  void *(*StateAlloc)(void *, AppProto), void (*StateFree)(void *))
413 {
414  SCEnter();
415 
416  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateAlloc =
417  StateAlloc;
418  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateFree =
419  StateFree;
420 
421  SCReturn;
422 }
423 
424 void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto alproto,
425  void *(*LocalStorageAlloc)(void),
426  void (*LocalStorageFree)(void *))
427 {
428  SCEnter();
429 
430  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageAlloc =
431  LocalStorageAlloc;
432  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageFree =
433  LocalStorageFree;
434 
435  SCReturn;
436 }
437 
438 void AppLayerParserRegisterGetTxFilesFunc(
439  uint8_t ipproto, AppProto alproto, AppLayerGetFileState (*GetTxFiles)(void *, uint8_t))
440 {
441  SCEnter();
442 
443  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxFiles = GetTxFiles;
444 
445  SCReturn;
446 }
447 
448 void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits)
449 {
450  SCEnter();
451 
452  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger_bits = bits;
453 
454  SCReturn;
455 }
456 
457 void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
458 {
459  SCEnter();
460 
461  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger = true;
462 
463  SCReturn;
464 }
465 
466 void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto,
467  int (*StateGetProgress)(void *alstate, uint8_t direction))
468 {
469  SCEnter();
470 
471  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
472  StateGetProgress = StateGetProgress;
473 
474  SCReturn;
475 }
476 
477 void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto,
478  void (*StateTransactionFree)(void *, uint64_t))
479 {
480  SCEnter();
481 
482  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
483  StateTransactionFree = StateTransactionFree;
484 
485  SCReturn;
486 }
487 
488 void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto,
489  uint64_t (*StateGetTxCnt)(void *alstate))
490 {
491  SCEnter();
492 
493  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
494  StateGetTxCnt = StateGetTxCnt;
495 
496  SCReturn;
497 }
498 
499 void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto,
500  void *(StateGetTx)(void *alstate, uint64_t tx_id))
501 {
502  SCEnter();
503 
504  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
505  StateGetTx = StateGetTx;
506 
507  SCReturn;
508 }
509 
510 void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto,
511  AppLayerGetTxIteratorFunc Func)
512 {
513  SCEnter();
514  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTxIterator = Func;
515  SCReturn;
516 }
517 
518 void AppLayerParserRegisterStateProgressCompletionStatus(
519  AppProto alproto, const int ts, const int tc)
520 {
521  BUG_ON(ts == 0);
522  BUG_ON(tc == 0);
523  BUG_ON(!AppProtoIsValid(alproto));
524  BUG_ON(alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts != 0 &&
525  alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts != ts);
526  BUG_ON(alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc != 0 &&
527  alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc != tc);
528 
529  alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts = ts;
530  alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc = tc;
531 }
532 
533 void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto,
534  int (*StateGetEventInfoById)(
535  uint8_t event_id, const char **event_name, AppLayerEventType *event_type))
536 {
537  SCEnter();
538 
539  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
540  StateGetEventInfoById = StateGetEventInfoById;
541 
542  SCReturn;
543 }
544 
545 void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto,
546  AppLayerParserGetFrameIdByNameFn GetIdByNameFunc,
547  AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
548 {
549  SCEnter();
550  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameIdByName = GetIdByNameFunc;
551  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameNameById = GetNameByIdFunc;
552  SCReturn;
553 }
554 
555 void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto,
556  int (*StateGetEventInfo)(
557  const char *event_name, uint8_t *event_id, AppLayerEventType *event_type))
558 {
559  SCEnter();
560 
561  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
562  StateGetEventInfo = StateGetEventInfo;
563 
564  SCReturn;
565 }
566 
567 void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto,
568  AppLayerTxData *(*GetTxData)(void *tx))
569 {
570  SCEnter();
571 
572  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxData = GetTxData;
573 
574  SCReturn;
575 }
576 
577 void AppLayerParserRegisterStateDataFunc(
578  uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state))
579 {
580  SCEnter();
581 
582  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetStateData = GetStateData;
583 
584  SCReturn;
585 }
586 
587 void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto,
588  bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig))
589 {
590  SCEnter();
591 
592  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].ApplyTxConfig = ApplyTxConfig;
593 
594  SCReturn;
595 }
596 
597 void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto,
598  void (*SetStreamDepthFlag)(void *tx, uint8_t flags))
599 {
600  SCEnter();
601 
602  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag = SetStreamDepthFlag;
603 
604  SCReturn;
605 }
606 
607 /***** Get and transaction functions *****/
608 
609 void *AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto)
610 {
611  SCEnter();
612  void * r = NULL;
613 
614  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
615  LocalStorageAlloc != NULL)
616  {
617  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
618  LocalStorageAlloc();
619  }
620 
621  SCReturnPtr(r, "void *");
622 }
623 
624 void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto,
625  void *local_data)
626 {
627  SCEnter();
628 
629  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
630  LocalStorageFree != NULL)
631  {
632  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
633  LocalStorageFree(local_data);
634  }
635 
636  SCReturn;
637 }
638 
639 /** \brief default tx iterator
640  *
641  * Used if the app layer parser doesn't register its own iterator.
642  * Simply walks the tx_id space until it finds a tx. Uses 'state' to
643  * keep track of where it left off.
644  *
645  * \retval txptr or NULL if no more txs in list
646  */
647 static AppLayerGetTxIterTuple AppLayerDefaultGetTxIterator(
648  const uint8_t ipproto, const AppProto alproto,
649  void *alstate, uint64_t min_tx_id, uint64_t max_tx_id,
650  AppLayerGetTxIterState *state)
651 {
652  uint64_t ustate = *(uint64_t *)state;
653  uint64_t tx_id = MAX(min_tx_id, ustate);
654  for ( ; tx_id < max_tx_id; tx_id++) {
655  void *tx_ptr = AppLayerParserGetTx(ipproto, alproto, alstate, tx_id);
656  if (tx_ptr != NULL) {
657  ustate = tx_id + 1;
658  *state = *(AppLayerGetTxIterState *)&ustate;
659  AppLayerGetTxIterTuple tuple = {
660  .tx_ptr = tx_ptr,
661  .tx_id = tx_id,
662  .has_next = (tx_id + 1 < max_tx_id),
663  };
664  SCLogDebug("tuple: %p/%"PRIu64"/%s", tuple.tx_ptr, tuple.tx_id,
665  tuple.has_next ? "true" : "false");
666  return tuple;
667  }
668  }
669 
670  AppLayerGetTxIterTuple no_tuple = { NULL, 0, false };
671  return no_tuple;
672 }
673 
674 AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto,
675  const AppProto alproto)
676 {
677  AppLayerGetTxIteratorFunc Func =
678  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTxIterator;
679  return Func ? Func : AppLayerDefaultGetTxIterator;
680 }
681 
682 uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate)
683 {
684  SCEnter();
685 
686  SCReturnCT((pstate == NULL) ? 0 : pstate->log_id, "uint64_t");
687 }
688 
689 void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id)
690 {
691  SCEnter();
692 
693  if (pstate != NULL)
694  pstate->log_id = tx_id;
695 
696  SCReturn;
697 }
698 
699 uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction)
700 {
701  SCEnter();
702 
703  if (pstate == NULL)
704  SCReturnCT(0ULL, "uint64_t");
705 
706  SCReturnCT(pstate->inspect_id[(direction & STREAM_TOSERVER) ? 0 : 1], "uint64_t");
707 }
708 
709 inline uint64_t AppLayerParserGetTxDetectFlags(AppLayerTxData *txd, const uint8_t dir)
710 {
711  uint64_t detect_flags =
712  (dir & STREAM_TOSERVER) ? txd->detect_flags_ts : txd->detect_flags_tc;
713  return detect_flags;
714 }
715 
716 static inline void SetTxDetectFlags(AppLayerTxData *txd, const uint8_t dir, const uint64_t detect_flags)
717 {
718  if (dir & STREAM_TOSERVER) {
719  txd->detect_flags_ts = detect_flags;
720  } else {
721  txd->detect_flags_tc = detect_flags;
722  }
723 }
724 
725 static inline uint32_t GetTxLogged(AppLayerTxData *txd)
726 {
727  return txd->logged.flags;
728 }
729 
730 void AppLayerParserSetTransactionInspectId(const Flow *f, AppLayerParserState *pstate,
731  void *alstate, const uint8_t flags,
732  bool tag_txs_as_inspected)
733 {
734  SCEnter();
735 
736  const int direction = (flags & STREAM_TOSERVER) ? 0 : 1;
737  const uint64_t total_txs = AppLayerParserGetTxCnt(f, alstate);
738  uint64_t idx = AppLayerParserGetTransactionInspectId(pstate, flags);
739  const int state_done_progress = AppLayerParserGetStateProgressCompletionStatus(f->alproto, flags);
740  const uint8_t ipproto = f->proto;
741  const AppProto alproto = f->alproto;
742 
743  AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(ipproto, alproto);
744  AppLayerGetTxIterState state = { 0 };
745 
746  SCLogDebug("called: %s, tag_txs_as_inspected %s",direction==0?"toserver":"toclient",
747  tag_txs_as_inspected?"true":"false");
748 
749  /* mark all txs as inspected if the applayer progress is
750  * at the 'end state'. */
751  while (1) {
752  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, idx, total_txs, &state);
753  if (ires.tx_ptr == NULL)
754  break;
755 
756  void *tx = ires.tx_ptr;
757  idx = ires.tx_id;
758 
759  int state_progress = AppLayerParserGetStateProgress(ipproto, alproto, tx, flags);
760  if (state_progress < state_done_progress)
761  break;
762 
763  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
764  if (txd && tag_txs_as_inspected) {
765  uint64_t detect_flags = AppLayerParserGetTxDetectFlags(txd, flags);
766  if ((detect_flags & APP_LAYER_TX_INSPECTED_FLAG) == 0) {
767  detect_flags |= APP_LAYER_TX_INSPECTED_FLAG;
768  SetTxDetectFlags(txd, flags, detect_flags);
769  SCLogDebug("%p/%"PRIu64" in-order tx is done for direction %s. Flag %016"PRIx64,
770  tx, idx, flags & STREAM_TOSERVER ? "toserver" : "toclient", detect_flags);
771  }
772  }
773  idx++;
774  if (!ires.has_next)
775  break;
776  }
777  pstate->inspect_id[direction] = idx;
778  SCLogDebug("inspect_id now %"PRIu64, pstate->inspect_id[direction]);
779 
780  /* if necessary we flag all txs that are complete as 'inspected'
781  * also move inspect_id forward. */
782  if (tag_txs_as_inspected) {
783  /* continue at idx */
784  while (1) {
785  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, idx, total_txs, &state);
786  if (ires.tx_ptr == NULL)
787  break;
788 
789  void *tx = ires.tx_ptr;
790  /* if we got a higher id than the minimum we requested, we
791  * skipped a bunch of 'null-txs'. Lets see if we can up the
792  * inspect tracker */
793  if (ires.tx_id > idx && pstate->inspect_id[direction] == idx) {
794  pstate->inspect_id[direction] = ires.tx_id;
795  }
796  idx = ires.tx_id;
797 
798  const int state_progress = AppLayerParserGetStateProgress(ipproto, alproto, tx, flags);
799  if (state_progress < state_done_progress)
800  break;
801 
802  /* txd can be NULL for HTTP sessions where the user data alloc failed */
803  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
804  if (likely(txd)) {
805  uint64_t detect_flags = AppLayerParserGetTxDetectFlags(txd, flags);
806  if ((detect_flags & APP_LAYER_TX_INSPECTED_FLAG) == 0) {
807  detect_flags |= APP_LAYER_TX_INSPECTED_FLAG;
808  SetTxDetectFlags(txd, flags, detect_flags);
809  SCLogDebug("%p/%"PRIu64" out of order tx is done for direction %s. Flag %016"PRIx64,
810  tx, idx, flags & STREAM_TOSERVER ? "toserver" : "toclient", detect_flags);
811 
812  SCLogDebug("%p/%"PRIu64" out of order tx. Update inspect_id? %"PRIu64,
813  tx, idx, pstate->inspect_id[direction]);
814  if (pstate->inspect_id[direction]+1 == idx)
815  pstate->inspect_id[direction] = idx;
816  }
817  } else {
818  if (pstate->inspect_id[direction]+1 == idx)
819  pstate->inspect_id[direction] = idx;
820  }
821  if (!ires.has_next)
822  break;
823  idx++;
824  }
825  }
826 
827  SCReturn;
828 }
829 
830 AppLayerDecoderEvents *AppLayerParserGetDecoderEvents(AppLayerParserState *pstate)
831 {
832  SCEnter();
833 
834  SCReturnPtr(pstate->decoder_events,
835  "AppLayerDecoderEvents *");
836 }
837 
838 AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto,
839  void *tx)
840 {
841  SCEnter();
842 
843  AppLayerDecoderEvents *ptr = NULL;
844 
845  /* Access events via the tx_data. */
846  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
847  if (txd != NULL && txd->events != NULL) {
848  ptr = txd->events;
849  }
850 
851  SCReturnPtr(ptr, "AppLayerDecoderEvents *");
852 }
853 
854 AppLayerGetFileState AppLayerParserGetTxFiles(const Flow *f, void *tx, const uint8_t direction)
855 {
856  SCEnter();
857 
858  if (alp_ctx.ctxs[f->protomap][f->alproto].GetTxFiles != NULL) {
859  return alp_ctx.ctxs[f->protomap][f->alproto].GetTxFiles(tx, direction);
860  }
861 
862  AppLayerGetFileState files = { .fc = NULL, .cfg = NULL };
863  return files;
864 }
865 
866 static void AppLayerParserFileTxHousekeeping(
867  const Flow *f, void *tx, const uint8_t pkt_dir, const bool trunc)
868 {
869  AppLayerGetFileState files = AppLayerParserGetTxFiles(f, tx, pkt_dir);
870  if (files.fc) {
871  FilesPrune(files.fc, files.cfg, trunc);
872  }
873 }
874 
875 #define IS_DISRUPTED(flags) ((flags) & (STREAM_DEPTH | STREAM_GAP))
876 
877 extern int g_detect_disabled;
878 extern bool g_file_logger_enabled;
879 extern bool g_filedata_logger_enabled;
880 
881 /**
882  * \brief remove obsolete (inspected and logged) transactions
883  */
884 void AppLayerParserTransactionsCleanup(Flow *f, const uint8_t pkt_dir)
885 {
886  SCEnter();
887  DEBUG_ASSERT_FLOW_LOCKED(f);
888 
889  AppLayerParserProtoCtx *p = &alp_ctx.ctxs[f->protomap][f->alproto];
890  if (unlikely(p->StateTransactionFree == NULL))
891  SCReturn;
892 
893  const bool has_tx_detect_flags = !g_detect_disabled;
894  const uint8_t ipproto = f->proto;
895  const AppProto alproto = f->alproto;
896  void * const alstate = f->alstate;
897  AppLayerParserState * const alparser = f->alparser;
898 
899  if (alstate == NULL || alparser == NULL)
900  SCReturn;
901 
902  const uint64_t min = alparser->min_id;
903  const uint64_t total_txs = AppLayerParserGetTxCnt(f, alstate);
904  const LoggerId logger_expectation = AppLayerParserProtocolGetLoggerBits(ipproto, alproto);
905  const int tx_end_state_ts = AppLayerParserGetStateProgressCompletionStatus(alproto, STREAM_TOSERVER);
906  const int tx_end_state_tc = AppLayerParserGetStateProgressCompletionStatus(alproto, STREAM_TOCLIENT);
907  const uint8_t ts_disrupt_flags = FlowGetDisruptionFlags(f, STREAM_TOSERVER);
908  const uint8_t tc_disrupt_flags = FlowGetDisruptionFlags(f, STREAM_TOCLIENT);
909 
910  int pkt_dir_trunc = -1;
911 
912  AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(ipproto, alproto);
913  AppLayerGetTxIterState state;
914  memset(&state, 0, sizeof(state));
915  uint64_t i = min;
916  uint64_t new_min = min;
917  SCLogDebug("start min %"PRIu64, min);
918  bool skipped = false;
919  // const bool support_files = AppLayerParserSupportsFiles(f->proto, f->alproto);
920 
921  while (1) {
922  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, i, total_txs, &state);
923  if (ires.tx_ptr == NULL)
924  break;
925 
926  bool tx_skipped = false;
927  void *tx = ires.tx_ptr;
928  i = ires.tx_id; // actual tx id for the tx the IterFunc returned
929 
930  SCLogDebug("%p/%"PRIu64" checking", tx, i);
931  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
932  if (txd != NULL && AppLayerParserHasFilesInDir(txd, pkt_dir)) {
933  if (pkt_dir_trunc == -1)
934  pkt_dir_trunc = IS_DISRUPTED(
935  (pkt_dir == STREAM_TOSERVER) ? ts_disrupt_flags : tc_disrupt_flags);
936  AppLayerParserFileTxHousekeeping(f, tx, pkt_dir, (bool)pkt_dir_trunc);
937  }
938  if (txd) {
939  // should be reset by parser next time it updates the tx
940  if (pkt_dir & STREAM_TOSERVER) {
941  txd->updated_ts = false;
942  } else {
943  txd->updated_tc = false;
944  }
945  }
946  const int tx_progress_tc =
947  AppLayerParserGetStateProgress(ipproto, alproto, tx, tc_disrupt_flags);
948  if (tx_progress_tc < tx_end_state_tc) {
949  SCLogDebug("%p/%"PRIu64" skipping: tc parser not done", tx, i);
950  skipped = true;
951  goto next;
952  }
953  const int tx_progress_ts =
954  AppLayerParserGetStateProgress(ipproto, alproto, tx, ts_disrupt_flags);
955  if (tx_progress_ts < tx_end_state_ts) {
956  SCLogDebug("%p/%"PRIu64" skipping: ts parser not done", tx, i);
957  skipped = true;
958  goto next;
959  }
960 
961  if (txd && has_tx_detect_flags) {
962  if (!IS_DISRUPTED(ts_disrupt_flags) && f->sgh_toserver != NULL) {
963  uint64_t detect_flags_ts = AppLayerParserGetTxDetectFlags(txd, STREAM_TOSERVER);
964  if (!(detect_flags_ts &
965  (APP_LAYER_TX_INSPECTED_FLAG | APP_LAYER_TX_SKIP_INSPECT_FLAG))) {
966  SCLogDebug("%p/%" PRIu64 " skipping: TS inspect not done: ts:%" PRIx64, tx, i,
967  detect_flags_ts);
968  tx_skipped = true;
969  }
970  }
971  if (!IS_DISRUPTED(tc_disrupt_flags) && f->sgh_toclient != NULL) {
972  uint64_t detect_flags_tc = AppLayerParserGetTxDetectFlags(txd, STREAM_TOCLIENT);
973  if (!(detect_flags_tc &
974  (APP_LAYER_TX_INSPECTED_FLAG | APP_LAYER_TX_SKIP_INSPECT_FLAG))) {
975  SCLogDebug("%p/%" PRIu64 " skipping: TC inspect not done: ts:%" PRIx64, tx, i,
976  detect_flags_tc);
977  tx_skipped = true;
978  }
979  }
980  }
981 
982  if (tx_skipped) {
983  SCLogDebug("%p/%" PRIu64 " tx_skipped", tx, i);
984  skipped = true;
985  goto next;
986  }
987 
988  if (txd && logger_expectation != 0) {
989  LoggerId tx_logged = GetTxLogged(txd);
990  if (tx_logged != logger_expectation) {
991  SCLogDebug("%p/%"PRIu64" skipping: logging not done: want:%"PRIx32", have:%"PRIx32,
992  tx, i, logger_expectation, tx_logged);
993  skipped = true;
994  goto next;
995  }
996  }
997 
998  /* if file logging is enabled, we keep a tx active while some of the files aren't
999  * logged yet. */
1000  if (txd) {
1001  SCLogDebug("files_opened %u files_logged %u files_stored %u", txd->files_opened,
1002  txd->files_logged, txd->files_stored);
1003 
1004  if (txd->files_opened) {
1005  if (g_file_logger_enabled && txd->files_opened != txd->files_logged) {
1006  skipped = true;
1007  goto next;
1008  }
1009  if (g_filedata_logger_enabled && txd->files_opened != txd->files_stored) {
1010  skipped = true;
1011  goto next;
1012  }
1013  }
1014  }
1015 
1016  /* if we are here, the tx can be freed. */
1017  p->StateTransactionFree(alstate, i);
1018  SCLogDebug("%p/%"PRIu64" freed", tx, i);
1019 
1020  /* if we didn't skip any tx so far, up the minimum */
1021  SCLogDebug("skipped? %s i %"PRIu64", new_min %"PRIu64, skipped ? "true" : "false", i, new_min);
1022  if (!skipped)
1023  new_min = i + 1;
1024  SCLogDebug("final i %"PRIu64", new_min %"PRIu64, i, new_min);
1025 
1026 next:
1027  if (!ires.has_next) {
1028  /* this was the last tx. See if we skipped any. If not
1029  * we removed all and can update the minimum to the max
1030  * id. */
1031  SCLogDebug("no next: cur tx i %"PRIu64", total %"PRIu64, i, total_txs);
1032  if (!skipped) {
1033  new_min = total_txs;
1034  SCLogDebug("no next: cur tx i %"PRIu64", total %"PRIu64": "
1035  "new_min updated to %"PRIu64, i, total_txs, new_min);
1036  }
1037  break;
1038  }
1039  i++;
1040  }
1041 
1042  /* see if we need to bring all trackers up to date. */
1043  SCLogDebug("update f->alparser->min_id? %"PRIu64" vs %"PRIu64, new_min, alparser->min_id);
1044  if (new_min > alparser->min_id) {
1045  const uint64_t next_id = new_min;
1046  alparser->min_id = next_id;
1047  alparser->inspect_id[0] = MAX(alparser->inspect_id[0], next_id);
1048  alparser->inspect_id[1] = MAX(alparser->inspect_id[1], next_id);
1049  alparser->log_id = MAX(alparser->log_id, next_id);
1050  SCLogDebug("updated f->alparser->min_id %"PRIu64, alparser->min_id);
1051  }
1052  SCReturn;
1053 }
1054 
1055 static inline int StateGetProgressCompletionStatus(const AppProto alproto, const uint8_t flags)
1056 {
1057  if (flags & STREAM_TOSERVER) {
1058  return alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts;
1059  } else if (flags & STREAM_TOCLIENT) {
1060  return alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc;
1061  } else {
1062  DEBUG_VALIDATE_BUG_ON(1);
1063  return 0;
1064  }
1065 }
1066 
1067 /**
1068  * \brief get the progress value for a tx/protocol
1069  *
1070  * If the stream is disrupted, we return the 'completion' value.
1071  */
1072 int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto,
1073  void *alstate, uint8_t flags)
1074 {
1075  SCEnter();
1076  int r;
1077  if (unlikely(IS_DISRUPTED(flags))) {
1078  r = StateGetProgressCompletionStatus(alproto, flags);
1079  } else {
1080  uint8_t direction = flags & (STREAM_TOCLIENT | STREAM_TOSERVER);
1081  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetProgress(
1082  alstate, direction);
1083  }
1084  SCReturnInt(r);
1085 }
1086 
1087 uint64_t AppLayerParserGetTxCnt(const Flow *f, void *alstate)
1088 {
1089  SCEnter();
1090  uint64_t r = alp_ctx.ctxs[f->protomap][f->alproto].StateGetTxCnt(alstate);
1091  SCReturnCT(r, "uint64_t");
1092 }
1093 
1094 void *AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)
1095 {
1096  SCEnter();
1097  void *r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTx(alstate, tx_id);
1098  SCReturnPtr(r, "void *");
1099 }
1100 
1101 int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto,
1102  uint8_t direction)
1103 {
1104  SCEnter();
1105  int r = StateGetProgressCompletionStatus(alproto, direction);
1106  SCReturnInt(r);
1107 }
1108 
1109 int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name,
1110  uint8_t *event_id, AppLayerEventType *event_type)
1111 {
1112  SCEnter();
1113  const int ipproto_map = FlowGetProtoMapping(ipproto);
1114  int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo == NULL) ?
1115  -1 : alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo(event_name, event_id, event_type);
1116  SCReturnInt(r);
1117 }
1118 
1119 int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, uint8_t event_id,
1120  const char **event_name, AppLayerEventType *event_type)
1121 {
1122  SCEnter();
1123  const int ipproto_map = FlowGetProtoMapping(ipproto);
1124  *event_name = (const char *)NULL;
1125  int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfoById == NULL) ?
1126  -1 : alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfoById(event_id, event_name, event_type);
1127  SCReturnInt(r);
1128 }
1129 
1130 uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto)
1131 {
1132  SCEnter();
1133  uint8_t r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].first_data_dir;
1134  SCReturnCT(r, "uint8_t");
1135 }
1136 
1137 uint64_t AppLayerParserGetTransactionActive(const Flow *f,
1138  AppLayerParserState *pstate, uint8_t direction)
1139 {
1140  SCEnter();
1141 
1142  uint64_t active_id;
1143  uint64_t log_id = pstate->log_id;
1144  uint64_t inspect_id = pstate->inspect_id[(direction & STREAM_TOSERVER) ? 0 : 1];
1145  if (alp_ctx.ctxs[f->protomap][f->alproto].logger == true) {
1146  active_id = MIN(log_id, inspect_id);
1147  } else {
1148  active_id = inspect_id;
1149  }
1150 
1151  SCReturnCT(active_id, "uint64_t");
1152 }
1153 
1154 bool AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto)
1155 {
1156  // Custom case for only signature-only protocol so far
1157  if (alproto == ALPROTO_HTTP) {
1158  return AppLayerParserSupportsFiles(ipproto, ALPROTO_HTTP1) ||
1159  AppLayerParserSupportsFiles(ipproto, ALPROTO_HTTP2);
1160  }
1161  return alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxFiles != NULL;
1162 }
1163 
1164 AppLayerTxData *AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx)
1165 {
1166  SCEnter();
1167  AppLayerTxData *d = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxData(tx);
1168  SCReturnPtr(d, "AppLayerTxData");
1169 }
1170 
1171 AppLayerStateData *AppLayerParserGetStateData(uint8_t ipproto, AppProto alproto, void *state)
1172 {
1173  SCEnter();
1174  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetStateData) {
1175  AppLayerStateData *d =
1176  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetStateData(state);
1177  SCReturnPtr(d, "AppLayerStateData");
1178  }
1179  SCReturnPtr(NULL, "AppLayerStateData");
1180 }
1181 
1182 void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto,
1183  void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig config)
1184 {
1185  SCEnter();
1186  const int ipproto_map = FlowGetProtoMapping(ipproto);
1187  if (alp_ctx.ctxs[ipproto_map][alproto].ApplyTxConfig) {
1188  alp_ctx.ctxs[ipproto_map][alproto].ApplyTxConfig(state, tx, mode, config);
1189  }
1190  SCReturn;
1191 }
1192 
1193 /***** General *****/
1194 
1195 static inline void SetEOFFlags(AppLayerParserState *pstate, const uint8_t flags)
1196 {
1197  if ((flags & (STREAM_EOF|STREAM_TOSERVER)) == (STREAM_EOF|STREAM_TOSERVER)) {
1198  SCLogDebug("setting APP_LAYER_PARSER_EOF_TS");
1199  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_EOF_TS);
1200  } else if ((flags & (STREAM_EOF|STREAM_TOCLIENT)) == (STREAM_EOF|STREAM_TOCLIENT)) {
1201  SCLogDebug("setting APP_LAYER_PARSER_EOF_TC");
1202  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_EOF_TC);
1203  }
1204 }
1205 
1206 /** \internal
1207  * \brief create/close stream frames
1208  * On first invocation of TCP parser in a direction, create a <alproto>.stream frame.
1209  * On STREAM_EOF, set the final length. */
1210 static void HandleStreamFrames(Flow *f, StreamSlice stream_slice, const uint8_t *input,
1211  const uint32_t input_len, const uint8_t flags)
1212 {
1213  const uint8_t direction = (flags & STREAM_TOSERVER) ? 0 : 1;
1214  AppLayerParserState *pstate = f->alparser;
1215 
1216  /* setup the generic stream frame */
1217  if (((direction == 0 && (pstate->flags & APP_LAYER_PARSER_SFRAME_TS) == 0) ||
1218  (direction == 1 && (pstate->flags & APP_LAYER_PARSER_SFRAME_TC) == 0)) &&
1219  input != NULL && f->proto == IPPROTO_TCP) {
1220  Frame *frame = AppLayerFrameGetLastOpenByType(f, direction, FRAME_STREAM_TYPE);
1221  if (frame == NULL) {
1222  int64_t frame_len = -1;
1223  if (flags & STREAM_EOF)
1224  frame_len = input_len;
1225 
1226  frame = AppLayerFrameNewByAbsoluteOffset(
1227  f, &stream_slice, stream_slice.offset, frame_len, direction, FRAME_STREAM_TYPE);
1228  if (frame) {
1229  SCLogDebug("opened: frame %p id %" PRIi64, frame, frame->id);
1230  frame->flags = FRAME_FLAG_ENDS_AT_EOF; // TODO logic is not yet implemented
1231  DEBUG_VALIDATE_BUG_ON(
1232  frame->id != 1); // should always be the first frame that is created
1233  }
1234  if (direction == 0) {
1235  pstate->flags |= APP_LAYER_PARSER_SFRAME_TS;
1236  } else {
1237  pstate->flags |= APP_LAYER_PARSER_SFRAME_TC;
1238  }
1239  }
1240  } else if (flags & STREAM_EOF) {
1241  Frame *frame = AppLayerFrameGetLastOpenByType(f, direction, FRAME_STREAM_TYPE);
1242  SCLogDebug("EOF closing: frame %p", frame);
1243  if (frame) {
1244  /* calculate final frame length */
1245  int64_t slice_o = (int64_t)stream_slice.offset - (int64_t)frame->offset;
1246  int64_t frame_len = slice_o + (int64_t)input_len;
1247  SCLogDebug("%s: EOF frame->offset %" PRIu64 " -> %" PRIi64 ": o %" PRIi64,
1248  AppProtoToString(f->alproto), frame->offset, frame_len, slice_o);
1249  frame->len = frame_len;
1250  }
1251  }
1252 }
1253 
1254 static void Setup(Flow *f, const uint8_t direction, const uint8_t *input, uint32_t input_len,
1255  const uint8_t flags, StreamSlice *as)
1256 {
1257  memset(as, 0, sizeof(*as));
1258  as->input = input;
1259  as->input_len = input_len;
1260  as->flags = flags;
1261 
1262  if (f->proto == IPPROTO_TCP && f->protoctx != NULL) {
1263  TcpSession *ssn = f->protoctx;
1264  TcpStream *stream = (direction & STREAM_TOSERVER) ? &ssn->client : &ssn->server;
1265  as->offset = STREAM_APP_PROGRESS(stream);
1266  }
1267 }
1268 
1269 /** \retval int -1 in case of unrecoverable error. App-layer tracking stops for this flow.
1270  * \retval int 0 ok: we did not update app_progress
1271  * \retval int 1 ok: we updated app_progress */
1272 int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto,
1273  uint8_t flags, const uint8_t *input, uint32_t input_len)
1274 {
1275  SCEnter();
1276 #ifdef DEBUG_VALIDATION
1277  BUG_ON(f->protomap != FlowGetProtoMapping(f->proto));
1278 #endif
1279  AppLayerParserState *pstate = f->alparser;
1280  AppLayerParserProtoCtx *p = &alp_ctx.ctxs[f->protomap][alproto];
1281  StreamSlice stream_slice;
1282  void *alstate = NULL;
1283  uint64_t p_tx_cnt = 0;
1284  uint32_t consumed = input_len;
1285  const uint8_t direction = (flags & STREAM_TOSERVER) ? 0 : 1;
1286 
1287  /* we don't have the parser registered for this protocol */
1288  if (p->StateAlloc == NULL) {
1289  if (f->proto == IPPROTO_TCP) {
1290  StreamTcpDisableAppLayer(f);
1291  }
1292  goto end;
1293  }
1294 
1295  if (flags & STREAM_GAP) {
1296  if (!(p->option_flags & APP_LAYER_PARSER_OPT_ACCEPT_GAPS)) {
1297  SCLogDebug("app-layer parser does not accept gaps");
1298  if (f->alstate != NULL && !FlowChangeProto(f)) {
1299  AppLayerParserTriggerRawStreamReassembly(f, direction);
1300  }
1301  AppLayerIncGapErrorCounter(tv, f);
1302  goto error;
1303  }
1304  }
1305 
1306  /* Get the parser state (if any) */
1307  if (pstate == NULL) {
1308  f->alparser = pstate = AppLayerParserStateAlloc();
1309  if (pstate == NULL) {
1310  AppLayerIncAllocErrorCounter(tv, f);
1311  goto error;
1312  }
1313  }
1314 
1315  SetEOFFlags(pstate, flags);
1316 
1317  alstate = f->alstate;
1318  if (alstate == NULL || FlowChangeProto(f)) {
1319  f->alstate = alstate = p->StateAlloc(alstate, f->alproto_orig);
1320  if (alstate == NULL) {
1321  AppLayerIncAllocErrorCounter(tv, f);
1322  goto error;
1323  }
1324  SCLogDebug("alloced new app layer state %p (name %s)",
1325  alstate, AppLayerGetProtoName(f->alproto));
1326 
1327  /* set flow flags to state */
1328  if (f->file_flags != 0) {
1329  AppLayerStateData *sd = AppLayerParserGetStateData(f->proto, f->alproto, f->alstate);
1330  if (sd != NULL) {
1331  if ((sd->file_flags & f->file_flags) != f->file_flags) {
1332  SCLogDebug("state data: updating file_flags %04x with flow file_flags %04x",
1333  sd->file_flags, f->file_flags);
1334  sd->file_flags |= f->file_flags;
1335  }
1336  }
1337  }
1338  } else {
1339  SCLogDebug("using existing app layer state %p (name %s))",
1340  alstate, AppLayerGetProtoName(f->alproto));
1341  }
1342 
1343  p_tx_cnt = AppLayerParserGetTxCnt(f, f->alstate);
1344 
1345  /* invoke the recursive parser, but only on data. We may get empty msgs on EOF */
1346  if (input_len > 0 || (flags & STREAM_EOF)) {
1347  Setup(f, flags & (STREAM_TOSERVER | STREAM_TOCLIENT), input, input_len, flags,
1348  &stream_slice);
1349  HandleStreamFrames(f, stream_slice, input, input_len, flags);
1350 
1351 #ifdef DEBUG
1352  if (((stream_slice.flags & STREAM_TOSERVER) &&
1353  stream_slice.offset >= g_eps_applayer_error_offset_ts)) {
1354  SCLogNotice("putting parser %s into an error state from toserver offset %" PRIu64,
1355  AppProtoToString(alproto), g_eps_applayer_error_offset_ts);
1356  AppLayerIncParserErrorCounter(tv, f);
1357  goto error;
1358  }
1359  if (((stream_slice.flags & STREAM_TOCLIENT) &&
1360  stream_slice.offset >= g_eps_applayer_error_offset_tc)) {
1361  SCLogNotice("putting parser %s into an error state from toclient offset %" PRIu64,
1362  AppProtoToString(alproto), g_eps_applayer_error_offset_tc);
1363  AppLayerIncParserErrorCounter(tv, f);
1364  goto error;
1365  }
1366 #endif
1367  /* invoke the parser */
1368  AppLayerResult res = p->Parser[direction](f, alstate, pstate, stream_slice,
1369  alp_tctx->alproto_local_storage[f->protomap][alproto]);
1370  if (res.status < 0) {
1371  AppLayerIncParserErrorCounter(tv, f);
1372  goto error;
1373  } else if (res.status > 0) {
1374  DEBUG_VALIDATE_BUG_ON(res.consumed > input_len);
1375  DEBUG_VALIDATE_BUG_ON(res.needed + res.consumed < input_len);
1376  DEBUG_VALIDATE_BUG_ON(res.needed == 0);
1377  /* incomplete is only supported for TCP */
1378  DEBUG_VALIDATE_BUG_ON(f->proto != IPPROTO_TCP);
1379 
1380  /* put protocol in error state on improper use of the
1381  * return codes. */
1382  if (res.consumed > input_len || res.needed + res.consumed < input_len) {
1383  AppLayerIncInternalErrorCounter(tv, f);
1384  goto error;
1385  }
1386 
1387  if (f->proto == IPPROTO_TCP && f->protoctx != NULL) {
1388  TcpSession *ssn = f->protoctx;
1389  SCLogDebug("direction %d/%s", direction,
1390  (flags & STREAM_TOSERVER) ? "toserver" : "toclient");
1391  if (direction == 0) {
1392  /* parser told us how much data it needs on top of what it
1393  * consumed. So we need tell stream engine how much we need
1394  * before the next call */
1395  ssn->client.data_required = res.needed;
1396  SCLogDebug("setting data_required %u", ssn->client.data_required);
1397  } else {
1398  /* parser told us how much data it needs on top of what it
1399  * consumed. So we need tell stream engine how much we need
1400  * before the next call */
1401  ssn->server.data_required = res.needed;
1402  SCLogDebug("setting data_required %u", ssn->server.data_required);
1403  }
1404  }
1405  consumed = res.consumed;
1406  }
1407  }
1408 
1409  /* set the packets to no inspection and reassembly if required */
1410  if (pstate->flags & APP_LAYER_PARSER_NO_INSPECTION) {
1411  AppLayerParserSetEOF(pstate);
1412 
1413  if (f->proto == IPPROTO_TCP) {
1414  StreamTcpDisableAppLayer(f);
1415 
1416  /* Set the no reassembly flag for both the stream in this TcpSession */
1417  if (pstate->flags & APP_LAYER_PARSER_NO_REASSEMBLY) {
1418  /* Used only if it's TCP */
1419  TcpSession *ssn = f->protoctx;
1420  if (ssn != NULL) {
1421  StreamTcpSetSessionNoReassemblyFlag(ssn, 0);
1422  StreamTcpSetSessionNoReassemblyFlag(ssn, 1);
1423  }
1424  }
1425  /* Set the bypass flag for both the stream in this TcpSession */
1426  if (pstate->flags & APP_LAYER_PARSER_BYPASS_READY) {
1427  /* Used only if it's TCP */
1428  TcpSession *ssn = f->protoctx;
1429  if (ssn != NULL) {
1430  StreamTcpSetSessionBypassFlag(ssn);
1431  }
1432  }
1433  } else {
1434  // for TCP, this is set after flushing
1435  FlowSetNoPayloadInspectionFlag(f);
1436  }
1437  }
1438 
1439  /* In cases like HeartBleed for TLS we need to inspect AppLayer but not Payload */
1440  if (!(f->flags & FLOW_NOPAYLOAD_INSPECTION) && pstate->flags & APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD) {
1441  FlowSetNoPayloadInspectionFlag(f);
1442  /* Set the no reassembly flag for both the stream in this TcpSession */
1443  if (f->proto == IPPROTO_TCP) {
1444  /* Used only if it's TCP */
1445  TcpSession *ssn = f->protoctx;
1446  if (ssn != NULL) {
1447  StreamTcpSetDisableRawReassemblyFlag(ssn, 0);
1448  StreamTcpSetDisableRawReassemblyFlag(ssn, 1);
1449  }
1450  }
1451  }
1452 
1453  /* get the diff in tx cnt for stats keeping */
1454  uint64_t cur_tx_cnt = AppLayerParserGetTxCnt(f, f->alstate);
1455  if (cur_tx_cnt > p_tx_cnt && tv) {
1456  AppLayerIncTxCounter(tv, f, cur_tx_cnt - p_tx_cnt);
1457  }
1458 
1459  end:
1460  /* update app progress */
1461  if (consumed != input_len && f->proto == IPPROTO_TCP && f->protoctx != NULL) {
1462  TcpSession *ssn = f->protoctx;
1463  StreamTcpUpdateAppLayerProgress(ssn, direction, consumed);
1464  SCReturnInt(1);
1465  }
1466 
1467  SCReturnInt(0);
1468  error:
1469  /* Set the no app layer inspection flag for both
1470  * the stream in this Flow */
1471  if (f->proto == IPPROTO_TCP) {
1472  StreamTcpDisableAppLayer(f);
1473  }
1474  AppLayerParserSetEOF(pstate);
1475  SCReturnInt(-1);
1476 }
1477 
1478 void AppLayerParserSetEOF(AppLayerParserState *pstate)
1479 {
1480  SCEnter();
1481 
1482  if (pstate == NULL)
1483  goto end;
1484 
1485  SCLogDebug("setting APP_LAYER_PARSER_EOF_TC and APP_LAYER_PARSER_EOF_TS");
1486  AppLayerParserStateSetFlag(pstate, (APP_LAYER_PARSER_EOF_TS|APP_LAYER_PARSER_EOF_TC));
1487 
1488  end:
1489  SCReturn;
1490 }
1491 
1492 /* return true if there are app parser decoder events. These are
1493  * only the ones that are set during protocol detection. */
1494 bool AppLayerParserHasDecoderEvents(AppLayerParserState *pstate)
1495 {
1496  SCEnter();
1497 
1498  if (pstate == NULL)
1499  return false;
1500 
1501  const AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(pstate);
1502  if (decoder_events && decoder_events->cnt)
1503  return true;
1504 
1505  /* if we have reached here, we don't have events */
1506  return false;
1507 }
1508 
1509 /** \brief simple way to globally test if a alproto is registered
1510  * and fully enabled in the configuration.
1511  */
1512 int AppLayerParserIsEnabled(AppProto alproto)
1513 {
1514  for (int i = 0; i < FLOW_PROTO_APPLAYER_MAX; i++) {
1515  if (alp_ctx.ctxs[i][alproto].StateGetProgress != NULL) {
1516  return 1;
1517  }
1518  }
1519  return 0;
1520 }
1521 
1522 int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto)
1523 {
1524  SCEnter();
1525  int ipproto_map = FlowGetProtoMapping(ipproto);
1526  int r = (alp_ctx.ctxs[ipproto_map][alproto].logger == false) ? 0 : 1;
1527  SCReturnInt(r);
1528 }
1529 
1530 LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto)
1531 {
1532  SCEnter();
1533  const int ipproto_map = FlowGetProtoMapping(ipproto);
1534  LoggerId r = alp_ctx.ctxs[ipproto_map][alproto].logger_bits;
1535  SCReturnUInt(r);
1536 }
1537 
1538 void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
1539 {
1540  SCEnter();
1541 
1542  SCLogDebug("f %p tcp %p direction %d", f, f ? f->protoctx : NULL, direction);
1543  if (f != NULL && f->protoctx != NULL)
1544  StreamTcpReassembleTriggerRawReassembly(f->protoctx, direction);
1545 
1546  SCReturn;
1547 }
1548 
1549 void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth)
1550 {
1551  SCEnter();
1552 
1553  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].stream_depth = stream_depth;
1554  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].internal_flags |=
1555  APP_LAYER_PARSER_INT_STREAM_DEPTH_SET;
1556 
1557  SCReturn;
1558 }
1559 
1560 uint32_t AppLayerParserGetStreamDepth(const Flow *f)
1561 {
1562  SCReturnInt(alp_ctx.ctxs[f->protomap][f->alproto].stream_depth);
1563 }
1564 
1565 void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags)
1566 {
1567  SCEnter();
1568  void *tx = NULL;
1569  if (state != NULL) {
1570  if ((tx = AppLayerParserGetTx(ipproto, alproto, state, tx_id)) != NULL) {
1571  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag != NULL) {
1572  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag(tx, flags);
1573  }
1574  }
1575  }
1576  SCReturn;
1577 }
1578 
1579 int AppLayerParserGetFrameIdByName(uint8_t ipproto, AppProto alproto, const char *name)
1580 {
1581  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameIdByName != NULL) {
1582  return alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameIdByName(name);
1583  } else {
1584  return -1;
1585  }
1586 }
1587 
1588 const char *AppLayerParserGetFrameNameById(uint8_t ipproto, AppProto alproto, const uint8_t id)
1589 {
1590  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameNameById != NULL) {
1591  return alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameNameById(id);
1592  } else {
1593  return NULL;
1594  }
1595 }
1596 
1597 /***** Cleanup *****/
1598 
1599 void AppLayerParserStateProtoCleanup(
1600  uint8_t protomap, AppProto alproto, void *alstate, AppLayerParserState *pstate)
1601 {
1602  SCEnter();
1603 
1604  AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[protomap][alproto];
1605 
1606  if (ctx->StateFree != NULL && alstate != NULL)
1607  ctx->StateFree(alstate);
1608 
1609  /* free the app layer parser api state */
1610  if (pstate != NULL)
1611  AppLayerParserStateFree(pstate);
1612 
1613  SCReturn;
1614 }
1615 
1616 void AppLayerParserStateCleanup(const Flow *f, void *alstate, AppLayerParserState *pstate)
1617 {
1618  AppLayerParserStateProtoCleanup(f->protomap, f->alproto, alstate, pstate);
1619 }
1620 
1621 static void ValidateParserProtoDump(AppProto alproto, uint8_t ipproto)
1622 {
1623  uint8_t map = FlowGetProtoMapping(ipproto);
1624  const AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[map][alproto];
1625  printf("ERROR: incomplete app-layer registration\n");
1626  printf("AppLayer protocol %s ipproto %u\n", AppProtoToString(alproto), ipproto);
1627  printf("- option flags %"PRIx32"\n", ctx->option_flags);
1628  printf("- first_data_dir %"PRIx8"\n", ctx->first_data_dir);
1629  printf("Mandatory:\n");
1630  printf("- Parser[0] %p Parser[1] %p\n", ctx->Parser[0], ctx->Parser[1]);
1631  printf("- StateAlloc %p StateFree %p\n", ctx->StateAlloc, ctx->StateFree);
1632  printf("- StateGetTx %p StateGetTxCnt %p StateTransactionFree %p\n",
1633  ctx->StateGetTx, ctx->StateGetTxCnt, ctx->StateTransactionFree);
1634  printf("- GetTxData %p\n", ctx->GetTxData);
1635  printf("- GetStateData %p\n", ctx->GetStateData);
1636  printf("- StateGetProgress %p\n", ctx->StateGetProgress);
1637  printf("Optional:\n");
1638  printf("- LocalStorageAlloc %p LocalStorageFree %p\n", ctx->LocalStorageAlloc, ctx->LocalStorageFree);
1639  printf("- StateGetEventInfo %p StateGetEventInfoById %p\n", ctx->StateGetEventInfo,
1640  ctx->StateGetEventInfoById);
1641 }
1642 
1643 #define BOTH_SET(a, b) ((a) != NULL && (b) != NULL)
1644 #define BOTH_SET_OR_BOTH_UNSET(a, b) (((a) == NULL && (b) == NULL) || ((a) != NULL && (b) != NULL))
1645 #define THREE_SET(a, b, c) ((a) != NULL && (b) != NULL && (c) != NULL)
1646 
1647 static void ValidateParserProto(AppProto alproto, uint8_t ipproto)
1648 {
1649  uint8_t map = FlowGetProtoMapping(ipproto);
1650  const AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[map][alproto];
1651 
1652  if (ctx->Parser[0] == NULL && ctx->Parser[1] == NULL)
1653  return;
1654 
1655  if (!(BOTH_SET(ctx->Parser[0], ctx->Parser[1]))) {
1656  goto bad;
1657  }
1658  if (!(BOTH_SET(ctx->StateFree, ctx->StateAlloc))) {
1659  goto bad;
1660  }
1661  if (!(THREE_SET(ctx->StateGetTx, ctx->StateGetTxCnt, ctx->StateTransactionFree))) {
1662  goto bad;
1663  }
1664  if (ctx->StateGetProgress == NULL) {
1665  goto bad;
1666  }
1667  /* local storage is optional, but needs both set if used */
1668  if (!(BOTH_SET_OR_BOTH_UNSET(ctx->LocalStorageAlloc, ctx->LocalStorageFree))) {
1669  goto bad;
1670  }
1671  if (ctx->GetTxData == NULL) {
1672  goto bad;
1673  }
1674  if (ctx->GetStateData == NULL) {
1675  goto bad;
1676  }
1677  return;
1678 bad:
1679  ValidateParserProtoDump(alproto, ipproto);
1680  exit(EXIT_FAILURE);
1681 }
1682 #undef BOTH_SET
1683 #undef BOTH_SET_OR_BOTH_UNSET
1684 #undef THREE_SET_OR_THREE_UNSET
1685 #undef THREE_SET
1686 
1687 static void ValidateParser(AppProto alproto)
1688 {
1689  ValidateParserProto(alproto, IPPROTO_TCP);
1690  ValidateParserProto(alproto, IPPROTO_UDP);
1691 }
1692 
1693 static void ValidateParsers(void)
1694 {
1695  AppProto p = 0;
1696  for ( ; p < ALPROTO_MAX; p++) {
1697  ValidateParser(p);
1698  }
1699 }
1700 
1701 void AppLayerParserRegisterProtocolParsers(void)
1702 {
1703  SCEnter();
1704 
1705  AppLayerConfig();
1706 
1707  RegisterHTPParsers();
1708  RegisterSSLParsers();
1709  rs_dcerpc_register_parser();
1710  rs_dcerpc_udp_register_parser();
1711  RegisterSMBParsers();
1712  RegisterFTPParsers();
1713  RegisterSSHParsers();
1714  RegisterSMTPParsers();
1715  SCRegisterDnsUdpParser();
1716  SCRegisterDnsTcpParser();
1717  rs_bittorrent_dht_udp_register_parser();
1718  RegisterModbusParsers();
1719  SCEnipRegisterParsers();
1720  RegisterDNP3Parsers();
1721  RegisterNFSTCPParsers();
1722  RegisterNFSUDPParsers();
1723  rs_register_ntp_parser();
1724  RegisterTFTPParsers();
1725  RegisterIKEParsers();
1726  rs_register_krb5_parser();
1727  rs_dhcp_register_parser();
1728  rs_register_snmp_parser();
1729  rs_sip_register_parser();
1730  rs_quic_register_parser();
1731  rs_websocket_register_parser();
1732  SCRegisterLdapTcpParser();
1733  SCRegisterLdapUdpParser();
1734  rs_template_register_parser();
1735  SCRfbRegisterParser();
1736  SCMqttRegisterParser();
1737  SCRegisterPgsqlParser();
1738  rs_rdp_register_parser();
1739  RegisterHTTP2Parsers();
1740  rs_telnet_register_parser();
1741  RegisterIMAPParsers();
1742 
1743  /** POP3 */
1744  AppLayerProtoDetectRegisterProtocol(ALPROTO_POP3, "pop3");
1745  if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", "pop3")) {
1746  if (AppLayerProtoDetectPMRegisterPatternCS(
1747  IPPROTO_TCP, ALPROTO_POP3, "+OK ", 4, 0, STREAM_TOCLIENT) < 0) {
1748  FatalError("pop3 proto registration failure");
1749  }
1750  } else {
1751  SCLogInfo("Protocol detection and parser disabled for pop3 protocol.");
1752  }
1753 
1754  ValidateParsers();
1755 }
1756 
1757 
1758 /* coccinelle: AppLayerParserStateSetFlag():2,2:APP_LAYER_PARSER_ */
1759 void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint16_t flag)
1760 {
1761  SCEnter();
1762  pstate->flags |= flag;
1763  SCReturn;
1764 }
1765 
1766 /* coccinelle: AppLayerParserStateIssetFlag():2,2:APP_LAYER_PARSER_ */
1767 uint16_t AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag)
1768 {
1769  SCEnter();
1770  SCReturnUInt(pstate->flags & flag);
1771 }
1772 
1773 /***** Unittests *****/
1774 
1775 #ifdef UNITTESTS
1776 #include "util-unittest-helper.h"
1777 
1778 void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto,
1779  void (*RegisterUnittests)(void))
1780 {
1781  SCEnter();
1782  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
1783  RegisterUnittests = RegisterUnittests;
1784  SCReturn;
1785 }
1786 
1787 void AppLayerParserRegisterUnittests(void)
1788 {
1789  SCEnter();
1790 
1791  int ip;
1792  AppProto alproto;
1793  AppLayerParserProtoCtx *ctx;
1794 
1795  for (ip = 0; ip < FLOW_PROTO_DEFAULT; ip++) {
1796  for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
1797  ctx = &alp_ctx.ctxs[ip][alproto];
1798  if (ctx->RegisterUnittests == NULL)
1799  continue;
1800  ctx->RegisterUnittests();
1801  }
1802  }
1803 
1804  SCReturn;
1805 }
1806 
1807 #endif
app-layer-nfs-udp.h
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:466
AppLayerParserDeSetup
int AppLayerParserDeSetup(void)
Definition: app-layer-parser.c:269
TcpStream_
Definition: stream-tcp-private.h:106
AppLayerParserProtoCtx_::GetStateData
AppLayerStateData *(* GetStateData)(void *state)
Definition: app-layer-parser.c:101
ts
uint64_t ts
Definition: source-erf-file.c:55
AppLayerParserProtoCtx_::StateGetTxCnt
uint64_t(* StateGetTxCnt)(void *alstate)
Definition: app-layer-parser.c:91
g_applayerparser_error_policy
enum ExceptionPolicy g_applayerparser_error_policy
Definition: app-layer-parser.c:149
AppLayerParserProtoCtx_::logger_bits
uint32_t logger_bits
Definition: app-layer-parser.c:78
AppLayerParserProtoCtx_::complete_tc
int complete_tc
Definition: app-layer-parser.c:95
AppLayerParserProtoCtx_::GetTxData
AppLayerTxData *(* GetTxData)(void *tx)
Definition: app-layer-parser.c:102
app-layer-tftp.h
AppLayerParserCtx_::ctxs
AppLayerParserProtoCtx ctxs[FLOW_PROTO_MAX][ALPROTO_MAX]
Definition: app-layer-parser.c:126
AppLayerParserState_::log_id
uint64_t log_id
Definition: app-layer-parser.c:139
RegisterSMBParsers
void RegisterSMBParsers(void)
Definition: app-layer-smb.c:45
app-layer-ssh.h
RegisterIKEParsers
void RegisterIKEParsers(void)
Definition: app-layer-ike.c:40
AppLayerParserIsEnabled
int AppLayerParserIsEnabled(AppProto alproto)
simple way to globally test if a alproto is registered and fully enabled in the configuration.
Definition: app-layer-parser.c:1512
AppLayerParserRegisterLocalStorageFunc
void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto alproto, void *(*LocalStorageAlloc)(void), void(*LocalStorageFree)(void *))
Definition: app-layer-parser.c:424
BOTH_SET
#define BOTH_SET(a, b)
Definition: app-layer-parser.c:1643
AppLayerParserProtocolHasLogger
int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1522
AppLayerParserRegisterOptionFlags
void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto, uint32_t flags)
Definition: app-layer-parser.c:401
flow-util.h
FramesFree
void FramesFree(Frames *frames)
Definition: app-layer-frames.c:437
AppLayerParserSetStreamDepthFlag
void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags)
Definition: app-layer-parser.c:1565
AppLayerParserSetTransactionLogId
void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id)
Definition: app-layer-parser.c:689
g_filedata_logger_enabled
bool g_filedata_logger_enabled
Definition: output-filedata.c:37
AppLayerParserSetStreamDepth
void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth)
Definition: app-layer-parser.c:1549
ConfNode_::val
char * val
Definition: conf.h:34
stream-tcp.h
AppLayerParserApplyTxConfig
void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto, void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig config)
Definition: app-layer-parser.c:1182
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
AppLayerParserTransactionsCleanup
void AppLayerParserTransactionsCleanup(Flow *f, const uint8_t pkt_dir)
remove obsolete (inspected and logged) transactions
Definition: app-layer-parser.c:884
AppLayerParserGetProtocolParserLocalStorage
void * AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:609
AppLayerParserProtoCtx_::LocalStorageFree
void(* LocalStorageFree)(void *)
Definition: app-layer-parser.c:84
AppLayerParserProtoCtx_
App layer protocol parser context.
Definition: app-layer-parser.c:67
RegisterSSHParsers
void RegisterSSHParsers(void)
Function to register the SSH protocol parsers and other functions.
Definition: app-layer-ssh.c:81
AppLayerParserProtoCtx_::StateGetTx
void *(* StateGetTx)(void *alstate, uint64_t tx_id)
Definition: app-layer-parser.c:92
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
AppLayerParserSetTransactionInspectId
void AppLayerParserSetTransactionInspectId(const Flow *f, AppLayerParserState *pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected)
Definition: app-layer-parser.c:730
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:38
AppLayerParserGetEventsByTx
AppLayerDecoderEvents * AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto, void *tx)
Definition: app-layer-parser.c:838
AppLayerGetTxIterator
AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto, const AppProto alproto)
Definition: app-layer-parser.c:674
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
RegisterModbusParsers
void RegisterModbusParsers(void)
Function to register the Modbus protocol parser.
Definition: app-layer-modbus.c:49
Flow_::proto
uint8_t proto
Definition: flow.h:378
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:81
StreamTcpSetDisableRawReassemblyFlag
void StreamTcpSetDisableRawReassemblyFlag(TcpSession *, char)
Set the No reassembly flag for the given direction in given TCP session.
Definition: stream-tcp.c:6744
AppLayerFramesSetupContainer
FramesContainer * AppLayerFramesSetupContainer(Flow *f)
Definition: app-layer-parser.c:180
AppLayerParserConfParserEnabled
int AppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:320
AppLayerParserGetStateProgress
int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto, void *alstate, uint8_t flags)
get the progress value for a tx/protocol
Definition: app-layer-parser.c:1072
AppLayerParserTriggerRawStreamReassembly
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
Definition: app-layer-parser.c:1538
ALPROTO_POP3
@ ALPROTO_POP3
Definition: app-layer-protos.h:66
FramesContainer::toserver
Frames toserver
Definition: app-layer-frames.h:72
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
Frame::offset
uint64_t offset
Definition: app-layer-frames.h:49
TcpStreamCnf_::reassembly_depth
uint32_t reassembly_depth
Definition: stream-tcp.h:75
Frame
Definition: app-layer-frames.h:43
flow-private.h
Flow_
Flow data structure.
Definition: flow.h:356
AppLayerIncGapErrorCounter
void AppLayerIncGapErrorCounter(ThreadVars *tv, Flow *f)
Definition: app-layer.c:162
APP_LAYER_PARSER_INT_STREAM_DEPTH_SET
#define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET
Definition: app-layer-parser.h:48
StreamTcpReassembleTriggerRawReassembly
void StreamTcpReassembleTriggerRawReassembly(TcpSession *ssn, int direction)
Trigger RAW stream reassembly.
Definition: stream-tcp-reassemble.c:2156
LoggerId
LoggerId
Definition: suricata-common.h:460
Flow_::protomap
uint8_t protomap
Definition: flow.h:450
AppLayerParserGetTransactionLogId
uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate)
Definition: app-layer-parser.c:682
AppProtoToString
const char * AppProtoToString(AppProto alproto)
Maps the ALPROTO_*, to its string equivalent.
Definition: app-layer-protos.c:75
ctx
struct Thresholds ctx
AppLayerParserSupportsFiles
bool AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1154
AppLayerParserRegisterStateProgressCompletionStatus
void AppLayerParserRegisterStateProgressCompletionStatus(AppProto alproto, const int ts, const int tc)
Definition: app-layer-parser.c:518
AppLayerParserRegisterParserAcceptableDataDirection
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:390
AppLayerParserGetStateProgressCompletionStatus
int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:1101
AppLayerParserGetFirstDataDir
uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1130
AppLayerParserProtoIsRegistered
int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:217
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:477
FLOW_NOPAYLOAD_INSPECTION
#define FLOW_NOPAYLOAD_INSPECTION
Definition: flow.h:66
Frame::id
int64_t id
Definition: app-layer-frames.h:51
APP_LAYER_TX_SKIP_INSPECT_FLAG
#define APP_LAYER_TX_SKIP_INSPECT_FLAG
Definition: app-layer-parser.h:78
Flow_::alproto_orig
AppProto alproto_orig
Definition: flow.h:461
AppLayerParserStateProtoCleanup
void AppLayerParserStateProtoCleanup(uint8_t protomap, AppProto alproto, void *alstate, AppLayerParserState *pstate)
Definition: app-layer-parser.c:1599
AppLayerParserProtoCtx_::StateGetTxIterator
AppLayerGetTxIteratorFunc StateGetTxIterator
Definition: app-layer-parser.c:93
AppLayerParserThreadCtxFree
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
Definition: app-layer-parser.c:300
MIN
#define MIN(x, y)
Definition: suricata-common.h:391
AppLayerDecoderEventsFreeEvents
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events)
Definition: app-layer-events.c:136
StreamTcpUpdateAppLayerProgress
void StreamTcpUpdateAppLayerProgress(TcpSession *ssn, char direction, const uint32_t progress)
update reassembly progress
Definition: stream-tcp.c:6708
FramesContainer
Definition: app-layer-frames.h:71
APP_LAYER_TX_INSPECTED_FLAG
#define APP_LAYER_TX_INSPECTED_FLAG
Definition: app-layer-parser.h:80
FLOW_PROTO_MAX
@ FLOW_PROTO_MAX
Definition: flow-private.h:74
AppLayerParserGetStateData
AppLayerStateData * AppLayerParserGetStateData(uint8_t ipproto, AppProto alproto, void *state)
Definition: app-layer-parser.c:1171
app-layer-http2.h
app-layer-ftp.h
AppLayerFrameNewByAbsoluteOffset
Frame * AppLayerFrameNewByAbsoluteOffset(Flow *f, const StreamSlice *stream_slice, const uint64_t frame_start, const int64_t len, int dir, uint8_t frame_type)
create new frame using the absolute offset from the start of the stream
Definition: app-layer-frames.c:588
AppLayerFrameGetLastOpenByType
Frame * AppLayerFrameGetLastOpenByType(Flow *f, const int dir, const uint8_t frame_type)
Definition: app-layer-frames.c:702
stream_config
TcpStreamCnf stream_config
Definition: stream-tcp.c:219
MAX
#define MAX(x, y)
Definition: suricata-common.h:395
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:39
ALPROTO_MAX
@ ALPROTO_MAX
Definition: app-layer-protos.h:76
Flow_::protoctx
void * protoctx
Definition: flow.h:446
TcpStream_::data_required
uint32_t data_required
Definition: stream-tcp-private.h:133
AppLayerIncAllocErrorCounter
void AppLayerIncAllocErrorCounter(ThreadVars *tv, Flow *f)
Definition: app-layer.c:170
EXCEPTION_POLICY_NOT_SET
@ EXCEPTION_POLICY_NOT_SET
Definition: util-exception-policy-types.h:26
ExceptionPolicyParse
enum ExceptionPolicy ExceptionPolicyParse(const char *option, bool support_flow)
Definition: util-exception-policy.c:232
AppLayerParserRegisterUnittests
void AppLayerParserRegisterUnittests(void)
Definition: app-layer-parser.c:1787
AppLayerParserGetTransactionInspectId
uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction)
Definition: app-layer-parser.c:699
AppLayerDecoderEvents_
Data structure to store app layer decoder events.
Definition: app-layer-events.h:36
AppLayerParserProtoCtx_::ApplyTxConfig
bool(* ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig)
Definition: app-layer-parser.c:103
FlowGetReverseProtoMapping
uint8_t FlowGetReverseProtoMapping(uint8_t rproto)
Definition: flow-util.c:112
RegisterDNP3Parsers
void RegisterDNP3Parsers(void)
Register the DNP3 application protocol parser.
Definition: app-layer-dnp3.c:1532
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:536
util-unittest-helper.h
AppLayerParserProtoCtx_::StateGetEventInfoById
int(* StateGetEventInfoById)(uint8_t event_id, const char **event_name, AppLayerEventType *event_type)
Definition: app-layer-parser.c:96
FTPParserCleanup
void FTPParserCleanup(void)
Free memory allocated for global FTP parser state.
Definition: app-layer-ftp.c:1484
AppLayerParserGetTxFiles
AppLayerGetFileState AppLayerParserGetTxFiles(const Flow *f, void *tx, const uint8_t direction)
Definition: app-layer-parser.c:854
AppLayerParserState_::flags
uint16_t flags
Definition: app-layer-parser.c:131
Flow_::sgh_toserver
const struct SigGroupHead_ * sgh_toserver
Definition: flow.h:488
AppLayerParserState_::inspect_id
uint64_t inspect_id[2]
Definition: app-layer-parser.c:135
AppLayerParserFPtr
AppLayerResult(* AppLayerParserFPtr)(Flow *f, void *protocol_state, AppLayerParserState *pstate, StreamSlice stream_slice, void *local_storage)
Prototype for parsing functions.
Definition: app-layer-parser.h:140
AppLayerParserCtx
struct AppLayerParserCtx_ AppLayerParserCtx
Flow_::alparser
AppLayerParserState * alparser
Definition: flow.h:480
AppLayerParserRegisterProtocolParsers
void AppLayerParserRegisterProtocolParsers(void)
Definition: app-layer-parser.c:1701
app-layer-detect-proto.h
APP_LAYER_PARSER_SFRAME_TS
#define APP_LAYER_PARSER_SFRAME_TS
Definition: app-layer-parser.h:42
app-layer-htp.h
FramesContainer::toclient
Frames toclient
Definition: app-layer-frames.h:73
AppLayerParserProtoCtx_::stream_depth
uint32_t stream_depth
Definition: app-layer-parser.c:111
AppLayerParserState_
Definition: app-layer-parser.c:129
AppLayerParserGetEventInfoById
int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, uint8_t event_id, const char **event_name, AppLayerEventType *event_type)
Definition: app-layer-parser.c:1119
AppLayerParserProtoCtx_::GetFrameIdByName
AppLayerParserGetFrameIdByNameFn GetFrameIdByName
Definition: app-layer-parser.c:107
AppLayerParserGetFrameNameById
const char * AppLayerParserGetFrameNameById(uint8_t ipproto, AppProto alproto, const uint8_t id)
Definition: app-layer-parser.c:1588
AppLayerParserGetTransactionActive
uint64_t AppLayerParserGetTransactionActive(const Flow *f, AppLayerParserState *pstate, uint8_t direction)
Definition: app-layer-parser.c:1137
AppLayerParserProtoCtx_::logger
bool logger
Definition: app-layer-parser.c:71
app-layer-ike.h
AppLayerFramesFreeContainer
void AppLayerFramesFreeContainer(Flow *f)
Definition: app-layer-parser.c:165
app-layer-dnp3.h
AppLayerParserGetTxDetectFlags
uint64_t AppLayerParserGetTxDetectFlags(AppLayerTxData *txd, const uint8_t dir)
Definition: app-layer-parser.c:709
AppLayerParserProtoCtx_::StateGetEventInfo
int(* StateGetEventInfo)(const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)
Definition: app-layer-parser.c:98
alp_tctx
AppLayerParserThreadCtx * alp_tctx
Definition: fuzz_applayerparserparse.c:22
AppLayerParserRegisterLogger
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:457
AppLayerParserRegisterGetFrameFuncs
void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetIdByNameFunc, AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
Definition: app-layer-parser.c:545
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
AppLayerParserProtoCtx_::SetStreamDepthFlag
void(* SetStreamDepthFlag)(void *tx, uint8_t flags)
Definition: app-layer-parser.c:105
AppLayerParserState_::min_id
uint64_t min_id
Definition: app-layer-parser.c:141
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
AppLayerParserRegisterLoggerBits
void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits)
Definition: app-layer-parser.c:448
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *))
Definition: app-layer-parser.c:411
FLOW_PROTO_DEFAULT
@ FLOW_PROTO_DEFAULT
Definition: flow-private.h:71
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:36
IS_DISRUPTED
#define IS_DISRUPTED(flags)
Definition: app-layer-parser.c:875
AppLayerParserSetEOF
void AppLayerParserSetEOF(AppLayerParserState *pstate)
Definition: app-layer-parser.c:1478
AppLayerParserProtoCtx_::RegisterUnittests
void(* RegisterUnittests)(void)
Definition: app-layer-parser.c:121
AppLayerParserStateFree
void AppLayerParserStateFree(AppLayerParserState *pstate)
Definition: app-layer-parser.c:236
app-layer-parser.h
AppLayerParserStateCleanup
void AppLayerParserStateCleanup(const Flow *f, void *alstate, AppLayerParserState *pstate)
Definition: app-layer-parser.c:1616
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:300
AppLayerDecoderEvents_::cnt
uint8_t cnt
Definition: app-layer-events.h:40
Flow_::sgh_toclient
const struct SigGroupHead_ * sgh_toclient
Definition: flow.h:485
RegisterNFSTCPParsers
void RegisterNFSTCPParsers(void)
Definition: app-layer-nfs-tcp.c:46
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, uint8_t *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:555
AppLayerParserProtoCtx_::GetFrameNameById
AppLayerParserGetFrameNameByIdFn GetFrameNameById
Definition: app-layer-parser.c:108
AppLayerParserProtoCtx
struct AppLayerParserProtoCtx_ AppLayerParserProtoCtx
App layer protocol parser context.
AppLayerParserSetup
int AppLayerParserSetup(void)
Definition: app-layer-parser.c:248
SCReturn
#define SCReturn
Definition: util-debug.h:273
RegisterFTPParsers
void RegisterFTPParsers(void)
Definition: app-layer-ftp.c:1350
AppLayerParserRegisterProtocolUnittests
void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void))
Definition: app-layer-parser.c:1778
AppLayerGetTxIterState
Definition: app-layer-parser.h:143
AppLayerParserProtoCtx_::StateAlloc
void *(* StateAlloc)(void *, AppProto)
Definition: app-layer-parser.c:80
FlowGetProtoMapping
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition: flow-util.c:98
RegisterTFTPParsers
void RegisterTFTPParsers(void)
Definition: app-layer-tftp.c:155
FLOW_PROTO_APPLAYER_MAX
#define FLOW_PROTO_APPLAYER_MAX
Definition: flow-private.h:77
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:40
SCReturnUInt
#define SCReturnUInt(x)
Definition: util-debug.h:277
DEBUG_ASSERT_FLOW_LOCKED
#define DEBUG_ASSERT_FLOW_LOCKED(f)
Definition: util-validate.h:99
BOTH_SET_OR_BOTH_UNSET
#define BOTH_SET_OR_BOTH_UNSET(a, b)
Definition: app-layer-parser.c:1644
AppLayerParserThreadCtx_::alproto_local_storage
void * alproto_local_storage[FLOW_PROTO_MAX][ALPROTO_MAX]
Definition: app-layer-parser.c:59
Frame::len
int64_t len
Definition: app-layer-frames.h:50
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:287
AppLayerParserProtoCtx_::StateFree
void(* StateFree)(void *)
Definition: app-layer-parser.c:81
AppLayerParserRegisterGetTxFilesFunc
void AppLayerParserRegisterGetTxFilesFunc(uint8_t ipproto, AppProto alproto, AppLayerGetFileState(*GetTxFiles)(void *, uint8_t))
Definition: app-layer-parser.c:438
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1761
AppLayerParserRegisterSetStreamDepthFlag
void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void(*SetStreamDepthFlag)(void *tx, uint8_t flags))
Definition: app-layer-parser.c:597
APP_LAYER_PARSER_SFRAME_TC
#define APP_LAYER_PARSER_SFRAME_TC
Definition: app-layer-parser.h:43
AppLayerIncParserErrorCounter
void AppLayerIncParserErrorCounter(ThreadVars *tv, Flow *f)
Definition: app-layer.c:178
ALPROTO_HTTP2
@ ALPROTO_HTTP2
Definition: app-layer-protos.h:64
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:251
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:35
AppLayerParserGetTx
void * AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)
Definition: app-layer-parser.c:1094
g_detect_disabled
int g_detect_disabled
Definition: suricata.c:183
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:378
app-layer-imap.h
Frame::flags
uint8_t flags
Definition: app-layer-frames.h:45
AppLayerParserThreadCtxAlloc
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Definition: app-layer-parser.c:279
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:499
ConfigAction
ConfigAction
Definition: util-config.h:27
AppLayerParserStateSetFlag
void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1759
AppLayerParserProtoCtx_::Parser
AppLayerParserFPtr Parser[2]
Definition: app-layer-parser.c:69
app-layer-modbus.h
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: detect.h:1372
AppLayerParserProtoCtx_::StateTransactionFree
void(* StateTransactionFree)(void *, uint64_t)
Definition: app-layer-parser.c:82
app-layer-frames.h
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:3209
AppLayerParserProtoCtx_::option_flags
uint32_t option_flags
Definition: app-layer-parser.c:114
StreamTcpSetSessionNoReassemblyFlag
void StreamTcpSetSessionNoReassemblyFlag(TcpSession *, char)
disable reassembly
Definition: stream-tcp.c:6728
flags
uint8_t flags
Definition: decode-gre.h:0
AppLayerParserParse
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
Definition: app-layer-parser.c:1272
AppLayerParserGetFrameNameByIdFn
const char *(* AppLayerParserGetFrameNameByIdFn)(const uint8_t id)
Definition: app-layer-parser.h:159
StreamTcpDisableAppLayer
void StreamTcpDisableAppLayer(Flow *f)
Definition: stream-tcp-reassemble.c:448
suricata-common.h
AppLayerParserGetFrameIdByName
int AppLayerParserGetFrameIdByName(uint8_t ipproto, AppProto alproto, const char *name)
Definition: app-layer-parser.c:1579
ALPROTO_HTTP1
@ ALPROTO_HTTP1
Definition: app-layer-protos.h:30
AppLayerParserProtoCtx_::internal_flags
uint32_t internal_flags
Definition: app-layer-parser.c:117
AppLayerParserRegisterApplyTxConfigFunc
void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto, bool(*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig))
Definition: app-layer-parser.c:587
AppLayerParserRegisterStateDataFunc
void AppLayerParserRegisterStateDataFunc(uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state))
Definition: app-layer-parser.c:577
FilesPrune
void FilesPrune(FileContainer *fc, const StreamingBufferConfig *sbcfg, const bool trunc)
Definition: util-file.c:1207
AppLayerIncInternalErrorCounter
void AppLayerIncInternalErrorCounter(ThreadVars *tv, Flow *f)
Definition: app-layer.c:186
AppLayerParserGetTxData
AppLayerTxData * AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx)
Definition: app-layer-parser.c:1164
FatalError
#define FatalError(...)
Definition: util-debug.h:502
AppLayerParserRegisterTxDataFunc
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx))
Definition: app-layer-parser.c:567
TcpSession_::client
TcpStream client
Definition: stream-tcp-private.h:297
AppLayerParserGetStreamDepth
uint32_t AppLayerParserGetStreamDepth(const Flow *f)
Definition: app-layer-parser.c:1560
RegisterIMAPParsers
void RegisterIMAPParsers(void)
Definition: app-layer-imap.c:84
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
AppLayerParserProtoCtx_::GetTxFiles
AppLayerGetFileState(* GetTxFiles)(void *, uint8_t)
Definition: app-layer-parser.c:88
util-validate.h
FRAME_STREAM_TYPE
#define FRAME_STREAM_TYPE
Definition: app-layer-frames.h:30
APP_LAYER_PARSER_OPT_ACCEPT_GAPS
#define APP_LAYER_PARSER_OPT_ACCEPT_GAPS
Definition: app-layer-parser.h:46
TcpSession_::server
TcpStream server
Definition: stream-tcp-private.h:296
AppLayerParserRegisterGetTxIterator
void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func)
Definition: app-layer-parser.c:510
AppLayerFramesGetContainer
FramesContainer * AppLayerFramesGetContainer(Flow *f)
Definition: app-layer-parser.c:173
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
AppLayerParserProtoCtx_::complete_ts
int complete_ts
Definition: app-layer-parser.c:94
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
Flow_::alstate
void * alstate
Definition: flow.h:481
AppLayerParserPostStreamSetup
void AppLayerParserPostStreamSetup(void)
Definition: app-layer-parser.c:255
Flow_::flags
uint32_t flags
Definition: flow.h:426
AppLayerParserGetDecoderEvents
AppLayerDecoderEvents * AppLayerParserGetDecoderEvents(AppLayerParserState *pstate)
Definition: app-layer-parser.c:830
THREE_SET
#define THREE_SET(a, b, c)
Definition: app-layer-parser.c:1645
AppLayerGetProtoName
const char * AppLayerGetProtoName(AppProto alproto)
Given the internal protocol id, returns a string representation of the protocol.
Definition: app-layer.c:1006
UTHAppLayerParserStateGetIds
void UTHAppLayerParserStateGetIds(void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min)
Definition: app-layer-parser.c:203
ConfValIsFalse
int ConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:561
RegisterHTPParsers
void RegisterHTPParsers(void)
Register the HTTP protocol and state handling functions to APP layer of the engine.
Definition: app-layer-htp.c:2814
ALPROTO_HTTP
@ ALPROTO_HTTP
Definition: app-layer-protos.h:70
AppLayerIncTxCounter
void AppLayerIncTxCounter(ThreadVars *tv, Flow *f, uint64_t step)
Definition: app-layer.c:154
FRAME_FLAG_ENDS_AT_EOF
#define FRAME_FLAG_ENDS_AT_EOF
Definition: app-layer-frames.h:38
RegisterSMTPParsers
void RegisterSMTPParsers(void)
Register the SMTP Protocol parser.
Definition: app-layer-smtp.c:1866
AppLayerParserStateAlloc
AppLayerParserState * AppLayerParserStateAlloc(void)
Definition: app-layer-parser.c:224
SCReturnCT
#define SCReturnCT(x, type)
Definition: util-debug.h:285
AppLayerParserState_::decoder_events
AppLayerDecoderEvents * decoder_events
Definition: app-layer-parser.c:144
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:488
app-layer-smb.h
AppLayerParserProtoCtx_::StateGetProgress
int(* StateGetProgress)(void *alstate, uint8_t direction)
Definition: app-layer-parser.c:90
AppLayerParserProtocolGetLoggerBits
LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1530
AppLayerParserCtx_
Definition: app-layer-parser.c:125
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(uint8_t event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:533
AppLayerGetTxIteratorFunc
AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc)(const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state)
tx iterator prototype
Definition: app-layer-parser.h:152
g_file_logger_enabled
bool g_file_logger_enabled
Definition: output-file.c:39
likely
#define likely(expr)
Definition: util-optimize.h:32
RegisterHTTP2Parsers
void RegisterHTTP2Parsers(void)
Definition: app-layer-http2.c:56
STREAM_APP_PROGRESS
#define STREAM_APP_PROGRESS(stream)
Definition: stream-tcp-private.h:145
AppLayerParserThreadCtx_
Definition: app-layer-parser.c:58
AppLayerProtoDetectPMRegisterPatternCS
int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1657
app-layer-smtp.h
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:37
FlowChangeProto
int FlowChangeProto(Flow *f)
Check if change proto flag is set for flow.
Definition: flow.c:204
FlowGetDisruptionFlags
uint8_t FlowGetDisruptionFlags(const Flow *f, uint8_t flags)
get 'disruption' flags: GAP/DEPTH/PASS
Definition: flow.c:1140
TcpSession_
Definition: stream-tcp-private.h:283
flow.h
AppLayerParserStateIssetFlag
uint16_t AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag)
Definition: app-layer-parser.c:1767
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:237
RegisterNFSUDPParsers
void RegisterNFSUDPParsers(void)
Definition: app-layer-nfs-udp.c:63
Flow_::file_flags
uint16_t file_flags
Definition: flow.h:428
Flow_::alproto
AppProto alproto
application level protocol
Definition: flow.h:455
ExceptionPolicy
ExceptionPolicy
Definition: util-exception-policy-types.h:25
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
AppLayerParserDestroyProtocolParserLocalStorage
void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto, void *local_data)
Definition: app-layer-parser.c:624
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
AppLayerParserGetTxCnt
uint64_t AppLayerParserGetTxCnt(const Flow *f, void *alstate)
Definition: app-layer-parser.c:1087
AppLayerProtoDetectConfProtoDetectionEnabled
int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:1952
SMTPParserCleanup
void SMTPParserCleanup(void)
Free memory allocated for global SMTP parser state.
Definition: app-layer-smtp.c:1921
AppLayerParserHasDecoderEvents
bool AppLayerParserHasDecoderEvents(AppLayerParserState *pstate)
Definition: app-layer-parser.c:1494
AppLayerParserGetFrameIdByNameFn
int(* AppLayerParserGetFrameIdByNameFn)(const char *frame_name)
Definition: app-layer-parser.h:158
AppLayerDecoderEvents_::events
uint8_t * events
Definition: app-layer-events.h:38
AppLayerParserState_::frames
FramesContainer * frames
Definition: app-layer-parser.c:146
StreamTcpSetSessionBypassFlag
void StreamTcpSetSessionBypassFlag(TcpSession *)
enable bypass
Definition: stream-tcp.c:6755
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102
app-layer-ssl.h
AppLayerParserProtoCtx_::LocalStorageAlloc
void *(* LocalStorageAlloc)(void)
Definition: app-layer-parser.c:83
AppLayerParserGetEventInfo
int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name, uint8_t *event_id, AppLayerEventType *event_type)
Definition: app-layer-parser.c:1109
app-layer-nfs-tcp.h
app-layer.h
AppLayerParserProtoCtx_::first_data_dir
uint8_t first_data_dir
Definition: app-layer-parser.c:76