suricata
app-layer-parser.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Generic App-layer parsing functions.
24  */
25 
26 #include "suricata-common.h"
27 #include "debug.h"
28 #include "util-unittest.h"
29 #include "decode.h"
30 #include "threads.h"
31 
32 #include "util-print.h"
33 #include "util-pool.h"
34 
35 #include "flow-util.h"
36 #include "flow-private.h"
37 
38 #include "detect-engine-state.h"
39 #include "detect-engine-port.h"
40 
41 #include "stream-tcp.h"
42 #include "stream-tcp-private.h"
43 #include "stream.h"
44 #include "stream-tcp-reassemble.h"
45 
46 #include "app-layer.h"
47 #include "app-layer-protos.h"
48 #include "app-layer-parser.h"
49 #include "app-layer-dcerpc.h"
50 #include "app-layer-dcerpc-udp.h"
51 #include "app-layer-smb.h"
52 #include "app-layer-htp.h"
53 #include "app-layer-ftp.h"
54 #include "app-layer-ssl.h"
55 #include "app-layer-ssh.h"
56 #include "app-layer-smtp.h"
57 #include "app-layer-modbus.h"
58 #include "app-layer-enip.h"
59 #include "app-layer-dnp3.h"
60 #include "app-layer-nfs-tcp.h"
61 #include "app-layer-nfs-udp.h"
62 #include "app-layer-ntp.h"
63 #include "app-layer-tftp.h"
64 #include "app-layer-ikev2.h"
65 #include "app-layer-krb5.h"
66 #include "app-layer-snmp.h"
67 #include "app-layer-sip.h"
68 #include "app-layer-rfb.h"
69 #include "app-layer-template.h"
70 #include "app-layer-template-rust.h"
71 #include "app-layer-rdp.h"
72 
73 #include "conf.h"
74 #include "util-spm.h"
75 
76 #include "util-debug.h"
77 #include "decode-events.h"
78 #include "util-unittest-helper.h"
79 #include "util-validate.h"
80 
81 #include "runmodes.h"
82 
83 #include "rust.h"
84 
85 struct AppLayerParserThreadCtx_ {
86  void *alproto_local_storage[FLOW_PROTO_MAX][ALPROTO_MAX];
87 };
88 
89 
90 /**
91  * \brief App layer protocol parser context.
92  */
93 typedef struct AppLayerParserProtoCtx_
94 {
95  /* 0 - to_server, 1 - to_client. */
96  AppLayerParserFPtr Parser[2];
97  bool logger;
98  uint32_t logger_bits; /**< registered loggers for this proto */
99 
100  void *(*StateAlloc)(void);
101  void (*StateFree)(void *);
102  void (*StateTransactionFree)(void *, uint64_t);
103  void *(*LocalStorageAlloc)(void);
104  void (*LocalStorageFree)(void *);
105 
106  void (*Truncate)(void *, uint8_t);
107  FileContainer *(*StateGetFiles)(void *, uint8_t);
108  AppLayerDecoderEvents *(*StateGetEvents)(void *);
109 
110  int (*StateGetProgress)(void *alstate, uint8_t direction);
111  uint64_t (*StateGetTxCnt)(void *alstate);
112  void *(*StateGetTx)(void *alstate, uint64_t tx_id);
113  AppLayerGetTxIteratorFunc StateGetTxIterator;
114  int (*StateGetProgressCompletionStatus)(uint8_t direction);
115  int (*StateGetEventInfoById)(int event_id, const char **event_name,
116  AppLayerEventType *event_type);
117  int (*StateGetEventInfo)(const char *event_name,
118  int *event_id, AppLayerEventType *event_type);
119 
120  LoggerId (*StateGetTxLogged)(void *alstate, void *tx);
121  void (*StateSetTxLogged)(void *alstate, void *tx, LoggerId logger);
122 
123  DetectEngineState *(*GetTxDetectState)(void *tx);
124  int (*SetTxDetectState)(void *tx, DetectEngineState *);
125 
126  uint64_t (*GetTxDetectFlags)(void *tx, uint8_t dir);
127  void (*SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t);
128 
129  void (*SetStreamDepthFlag)(void *tx, uint8_t flags);
130 
131  /* each app-layer has its own value */
132  uint32_t stream_depth;
133 
134  /* Indicates the direction the parser is ready to see the data
135  * the first time for a flow. Values accepted -
136  * STREAM_TOSERVER, STREAM_TOCLIENT */
137  uint8_t first_data_dir;
138 
139  /* Option flags such as supporting gaps or not. */
140  uint32_t option_flags;
141  /* coccinelle: AppLayerParserProtoCtx:option_flags:APP_LAYER_PARSER_OPT_ */
142 
143  uint32_t internal_flags;
144  /* coccinelle: AppLayerParserProtoCtx:internal_flags:APP_LAYER_PARSER_INT_ */
145 
146 #ifdef UNITTESTS
147  void (*RegisterUnittests)(void);
148 #endif
149 } AppLayerParserProtoCtx;
150 
151 typedef struct AppLayerParserCtx_ {
152  AppLayerParserProtoCtx ctxs[FLOW_PROTO_MAX][ALPROTO_MAX];
153 } AppLayerParserCtx;
154 
155 struct AppLayerParserState_ {
156  /* coccinelle: AppLayerParserState:flags:APP_LAYER_PARSER_ */
157  uint8_t flags;
158 
159  /* Indicates the current transaction that is being inspected.
160  * We have a var per direction. */
161  uint64_t inspect_id[2];
162  /* Indicates the current transaction being logged. Unlike inspect_id,
163  * we don't need a var per direction since we don't log a transaction
164  * unless we have the entire transaction. */
165  uint64_t log_id;
166 
167  uint64_t min_id;
168 
169  /* Used to store decoder events. */
170  AppLayerDecoderEvents *decoder_events;
171 };
172 
173 #ifdef UNITTESTS
174 void UTHAppLayerParserStateGetIds(void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min)
175 {
176  struct AppLayerParserState_ *s = ptr;
177  *i1 = s->inspect_id[0];
178  *i2 = s->inspect_id[1];
179  *log = s->log_id;
180  *min = s->min_id;
181 }
182 #endif
183 
184 /* Static global version of the parser context.
185  * Post 2.0 let's look at changing this to move it out to app-layer.c. */
186 static AppLayerParserCtx alp_ctx;
187 
188 int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto)
189 {
190  uint8_t ipproto_map = FlowGetProtoMapping(ipproto);
191 
192  return (alp_ctx.ctxs[ipproto_map][alproto].StateAlloc != NULL) ? 1 : 0;
193 }
194 
195 AppLayerParserState *AppLayerParserStateAlloc(void)
196 {
197  SCEnter();
198 
199  AppLayerParserState *pstate = (AppLayerParserState *)SCMalloc(sizeof(*pstate));
200  if (pstate == NULL)
201  goto end;
202  memset(pstate, 0, sizeof(*pstate));
203 
204  end:
205  SCReturnPtr(pstate, "AppLayerParserState");
206 }
207 
208 void AppLayerParserStateFree(AppLayerParserState *pstate)
209 {
210  SCEnter();
211 
212  if (pstate->decoder_events != NULL)
213  AppLayerDecoderEventsFreeEvents(&pstate->decoder_events);
214  SCFree(pstate);
215 
216  SCReturn;
217 }
218 
219 int AppLayerParserSetup(void)
220 {
221  SCEnter();
222  memset(&alp_ctx, 0, sizeof(alp_ctx));
223  SCReturnInt(0);
224 }
225 
226 void AppLayerParserPostStreamSetup(void)
227 {
228  AppProto alproto = 0;
229  int flow_proto = 0;
230 
231  /* lets set a default value for stream_depth */
232  for (flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) {
233  for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
234  if (!(alp_ctx.ctxs[flow_proto][alproto].internal_flags &
235  APP_LAYER_PARSER_INT_STREAM_DEPTH_SET)) {
236  alp_ctx.ctxs[flow_proto][alproto].stream_depth =
237  stream_config.reassembly_depth;
238  }
239  }
240  }
241 }
242 
243 int AppLayerParserDeSetup(void)
244 {
245  SCEnter();
246 
247  FTPParserCleanup();
248  SMTPParserCleanup();
249 
250  SCReturnInt(0);
251 }
252 
253 AppLayerParserThreadCtx *AppLayerParserThreadCtxAlloc(void)
254 {
255  SCEnter();
256 
257  AppProto alproto = 0;
258  int flow_proto = 0;
259  AppLayerParserThreadCtx *tctx;
260 
261  tctx = SCMalloc(sizeof(*tctx));
262  if (tctx == NULL)
263  goto end;
264  memset(tctx, 0, sizeof(*tctx));
265 
266  for (flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) {
267  for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
268  uint8_t ipproto = FlowGetReverseProtoMapping(flow_proto);
269 
270  tctx->alproto_local_storage[flow_proto][alproto] =
271  AppLayerParserGetProtocolParserLocalStorage(ipproto, alproto);
272  }
273  }
274 
275  end:
276  SCReturnPtr(tctx, "void *");
277 }
278 
279 void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
280 {
281  SCEnter();
282 
283  AppProto alproto = 0;
284  int flow_proto = 0;
285 
286  for (flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) {
287  for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
288  uint8_t ipproto = FlowGetReverseProtoMapping(flow_proto);
289 
290  AppLayerParserDestroyProtocolParserLocalStorage(ipproto, alproto,
291  tctx->alproto_local_storage[flow_proto][alproto]);
292  }
293  }
294 
295  SCFree(tctx);
296  SCReturn;
297 }
298 
299 /** \brief check if a parser is enabled in the config
300  * Returns enabled always if: were running unittests
301  */
302 int AppLayerParserConfParserEnabled(const char *ipproto,
303  const char *alproto_name)
304 {
305  SCEnter();
306 
307  int enabled = 1;
308  char param[100];
309  ConfNode *node;
310  int r;
311 
312  if (RunmodeIsUnittests())
313  goto enabled;
314 
315  r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
316  alproto_name, ".enabled");
317  if (r < 0) {
318  SCLogError(SC_ERR_FATAL, "snprintf failure.");
319  exit(EXIT_FAILURE);
320  } else if (r > (int)sizeof(param)) {
321  SCLogError(SC_ERR_FATAL, "buffer not big enough to write param.");
322  exit(EXIT_FAILURE);
323  }
324 
325  node = ConfGetNode(param);
326  if (node == NULL) {
327  SCLogDebug("Entry for %s not found.", param);
328  r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
329  alproto_name, ".", ipproto, ".enabled");
330  if (r < 0) {
331  SCLogError(SC_ERR_FATAL, "snprintf failure.");
332  exit(EXIT_FAILURE);
333  } else if (r > (int)sizeof(param)) {
334  SCLogError(SC_ERR_FATAL, "buffer not big enough to write param.");
335  exit(EXIT_FAILURE);
336  }
337 
338  node = ConfGetNode(param);
339  if (node == NULL) {
340  SCLogDebug("Entry for %s not found.", param);
341  goto enabled;
342  }
343  }
344 
345  if (ConfValIsTrue(node->val)) {
346  goto enabled;
347  } else if (ConfValIsFalse(node->val)) {
348  goto disabled;
349  } else if (strcasecmp(node->val, "detection-only") == 0) {
350  goto disabled;
351  } else {
352  SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param);
353  exit(EXIT_FAILURE);
354  }
355 
356  disabled:
357  enabled = 0;
358  enabled:
359  SCReturnInt(enabled);
360 }
361 
362 /***** Parser related registration *****/
363 
364 int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto,
365  uint8_t direction,
366  AppLayerParserFPtr Parser)
367 {
368  SCEnter();
369 
370  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
371  Parser[(direction & STREAM_TOSERVER) ? 0 : 1] = Parser;
372 
373  SCReturnInt(0);
374 }
375 
376 void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto,
377  uint8_t direction)
378 {
379  SCEnter();
380 
381  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].first_data_dir |=
382  (direction & (STREAM_TOSERVER | STREAM_TOCLIENT));
383 
384  SCReturn;
385 }
386 
387 void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto,
388  uint32_t flags)
389 {
390  SCEnter();
391 
392  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].option_flags |= flags;
393 
394  SCReturn;
395 }
396 
397 void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto,
398  void *(*StateAlloc)(void),
399  void (*StateFree)(void *))
400 {
401  SCEnter();
402 
403  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateAlloc =
404  StateAlloc;
405  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateFree =
406  StateFree;
407 
408  SCReturn;
409 }
410 
411 void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto alproto,
412  void *(*LocalStorageAlloc)(void),
413  void (*LocalStorageFree)(void *))
414 {
415  SCEnter();
416 
417  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageAlloc =
418  LocalStorageAlloc;
419  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageFree =
420  LocalStorageFree;
421 
422  SCReturn;
423 }
424 
425 void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto,
426  FileContainer *(*StateGetFiles)(void *, uint8_t))
427 {
428  SCEnter();
429 
430  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetFiles =
431  StateGetFiles;
432 
433  SCReturn;
434 }
435 
436 void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto alproto,
437  AppLayerDecoderEvents *(*StateGetEvents)(void *))
438 {
439  SCEnter();
440 
441  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetEvents =
442  StateGetEvents;
443 
444  SCReturn;
445 }
446 
447 void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto,
448  LoggerId (*StateGetTxLogged)(void *, void *),
449  void (*StateSetTxLogged)(void *, void *, LoggerId))
450 {
451  SCEnter();
452 
453  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTxLogged =
454  StateGetTxLogged;
455 
456  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateSetTxLogged =
457  StateSetTxLogged;
458 
459  SCReturn;
460 }
461 
462 void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits)
463 {
464  SCEnter();
465 
466  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger_bits = bits;
467 
468  SCReturn;
469 }
470 
471 void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
472 {
473  SCEnter();
474 
475  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger = true;
476 
477  SCReturn;
478 }
479 
480 void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto,
481  void (*Truncate)(void *, uint8_t))
482 {
483  SCEnter();
484 
485  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate = Truncate;
486 
487  SCReturn;
488 }
489 
490 void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto,
491  int (*StateGetProgress)(void *alstate, uint8_t direction))
492 {
493  SCEnter();
494 
495  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
496  StateGetProgress = StateGetProgress;
497 
498  SCReturn;
499 }
500 
501 void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto,
502  void (*StateTransactionFree)(void *, uint64_t))
503 {
504  SCEnter();
505 
506  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
507  StateTransactionFree = StateTransactionFree;
508 
509  SCReturn;
510 }
511 
512 void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto,
513  uint64_t (*StateGetTxCnt)(void *alstate))
514 {
515  SCEnter();
516 
517  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
518  StateGetTxCnt = StateGetTxCnt;
519 
520  SCReturn;
521 }
522 
523 void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto,
524  void *(StateGetTx)(void *alstate, uint64_t tx_id))
525 {
526  SCEnter();
527 
528  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
529  StateGetTx = StateGetTx;
530 
531  SCReturn;
532 }
533 
534 void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto,
535  AppLayerGetTxIteratorFunc Func)
536 {
537  SCEnter();
538  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTxIterator = Func;
539  SCReturn;
540 }
541 
542 void AppLayerParserRegisterGetStateProgressCompletionStatus(AppProto alproto,
543  int (*StateGetProgressCompletionStatus)(uint8_t direction))
544 {
545  SCEnter();
546 
547  alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].
548  StateGetProgressCompletionStatus = StateGetProgressCompletionStatus;
549 
550  SCReturn;
551 }
552 
553 void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto,
554  int (*StateGetEventInfoById)(int event_id, const char **event_name,
555  AppLayerEventType *event_type))
556 {
557  SCEnter();
558 
559  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
560  StateGetEventInfoById = StateGetEventInfoById;
561 
562  SCReturn;
563 }
564 
565 void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto,
566  int (*StateGetEventInfo)(const char *event_name, int *event_id,
567  AppLayerEventType *event_type))
568 {
569  SCEnter();
570 
571  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
572  StateGetEventInfo = StateGetEventInfo;
573 
574  SCReturn;
575 }
576 
577 void AppLayerParserRegisterDetectStateFuncs(uint8_t ipproto, AppProto alproto,
578  DetectEngineState *(*GetTxDetectState)(void *tx),
579  int (*SetTxDetectState)(void *tx, DetectEngineState *))
580 {
581  SCEnter();
582 
583  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectState = GetTxDetectState;
584  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetTxDetectState = SetTxDetectState;
585 
586  SCReturn;
587 }
588 
589 void AppLayerParserRegisterDetectFlagsFuncs(uint8_t ipproto, AppProto alproto,
590  uint64_t(*GetTxDetectFlags)(void *tx, uint8_t dir),
591  void (*SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t))
592 {
593  SCEnter();
594 
595  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectFlags = GetTxDetectFlags;
596  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetTxDetectFlags = SetTxDetectFlags;
597 
598  SCReturn;
599 }
600 
601 void AppLayerParserRegisterMpmIDsFuncs(uint8_t ipproto, AppProto alproto,
602  uint64_t(*GetTxMpmIDs)(void *tx),
603  int (*SetTxMpmIDs)(void *tx, uint64_t))
604 {
605  SCEnter();
606  SCLogWarning(SC_WARN_DEPRECATED, "%u/%s: GetTxMpmIDs/SetTxMpmIDs is no longer used",
607  ipproto, AppProtoToString(alproto));
608  SCReturn;
609 }
610 
611 void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto,
612  void (*SetStreamDepthFlag)(void *tx, uint8_t flags))
613 {
614  SCEnter();
615 
616  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag = SetStreamDepthFlag;
617 
618  SCReturn;
619 }
620 
621 /***** Get and transaction functions *****/
622 
623 void *AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto)
624 {
625  SCEnter();
626  void * r = NULL;
627 
628  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
629  LocalStorageAlloc != NULL)
630  {
631  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
632  LocalStorageAlloc();
633  }
634 
635  SCReturnPtr(r, "void *");
636 }
637 
638 void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto,
639  void *local_data)
640 {
641  SCEnter();
642 
643  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
644  LocalStorageFree != NULL)
645  {
646  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
647  LocalStorageFree(local_data);
648  }
649 
650  SCReturn;
651 }
652 
653 /** \brief default tx iterator
654  *
655  * Used if the app layer parser doesn't register its own iterator.
656  * Simply walks the tx_id space until it finds a tx. Uses 'state' to
657  * keep track of where it left off.
658  *
659  * \retval txptr or NULL if no more txs in list
660  */
661 static AppLayerGetTxIterTuple AppLayerDefaultGetTxIterator(
662  const uint8_t ipproto, const AppProto alproto,
663  void *alstate, uint64_t min_tx_id, uint64_t max_tx_id,
664  AppLayerGetTxIterState *state)
665 {
666  uint64_t ustate = *(uint64_t *)state;
667  uint64_t tx_id = MAX(min_tx_id, ustate);
668  for ( ; tx_id < max_tx_id; tx_id++) {
669  void *tx_ptr = AppLayerParserGetTx(ipproto, alproto, alstate, tx_id);
670  if (tx_ptr != NULL) {
671  ustate = tx_id + 1;
672  *state = *(AppLayerGetTxIterState *)&ustate;
673  AppLayerGetTxIterTuple tuple = {
674  .tx_ptr = tx_ptr,
675  .tx_id = tx_id,
676  .has_next = (tx_id + 1 < max_tx_id),
677  };
678  SCLogDebug("tuple: %p/%"PRIu64"/%s", tuple.tx_ptr, tuple.tx_id,
679  tuple.has_next ? "true" : "false");
680  return tuple;
681  }
682  }
683 
684  AppLayerGetTxIterTuple no_tuple = { NULL, 0, false };
685  return no_tuple;
686 }
687 
688 AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto,
689  const AppProto alproto)
690 {
691  AppLayerGetTxIteratorFunc Func =
692  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTxIterator;
693  return Func ? Func : AppLayerDefaultGetTxIterator;
694 }
695 
696 void AppLayerParserSetTxLogged(uint8_t ipproto, AppProto alproto,
697  void *alstate, void *tx, LoggerId logger)
698 {
699  SCEnter();
700 
701  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
702  StateSetTxLogged != NULL) {
703  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
704  StateSetTxLogged(alstate, tx, logger);
705  }
706 
707  SCReturn;
708 }
709 
710 LoggerId AppLayerParserGetTxLogged(const Flow *f,
711  void *alstate, void *tx)
712 {
713  SCEnter();
714 
715  LoggerId r = 0;
716  if (alp_ctx.ctxs[f->protomap][f->alproto].StateGetTxLogged != NULL) {
717  r = alp_ctx.ctxs[f->protomap][f->alproto].
718  StateGetTxLogged(alstate, tx);
719  }
720 
721  SCReturnUInt(r);
722 }
723 
724 uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate)
725 {
726  SCEnter();
727 
728  SCReturnCT((pstate == NULL) ? 0 : pstate->log_id, "uint64_t");
729 }
730 
731 void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id)
732 {
733  SCEnter();
734 
735  if (pstate != NULL)
736  pstate->log_id = tx_id;
737 
738  SCReturn;
739 }
740 
741 uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction)
742 {
743  SCEnter();
744 
745  if (pstate == NULL)
746  SCReturnCT(0ULL, "uint64_t");
747 
748  SCReturnCT(pstate->inspect_id[direction & STREAM_TOSERVER ? 0 : 1], "uint64_t");
749 }
750 
751 void AppLayerParserSetTransactionInspectId(const Flow *f, AppLayerParserState *pstate,
752  void *alstate, const uint8_t flags,
753  bool tag_txs_as_inspected)
754 {
755  SCEnter();
756 
757  const int direction = (flags & STREAM_TOSERVER) ? 0 : 1;
758  const uint64_t total_txs = AppLayerParserGetTxCnt(f, alstate);
759  uint64_t idx = AppLayerParserGetTransactionInspectId(pstate, flags);
760  const int state_done_progress = AppLayerParserGetStateProgressCompletionStatus(f->alproto, flags);
761  const uint8_t ipproto = f->proto;
762  const AppProto alproto = f->alproto;
763 
764  AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(ipproto, alproto);
765  AppLayerGetTxIterState state;
766  memset(&state, 0, sizeof(state));
767 
768  SCLogDebug("called: %s, tag_txs_as_inspected %s",direction==0?"toserver":"toclient",
769  tag_txs_as_inspected?"true":"false");
770 
771  /* mark all txs as inspected if the applayer progress is
772  * at the 'end state'. */
773  while (1) {
774  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, idx, total_txs, &state);
775  if (ires.tx_ptr == NULL)
776  break;
777 
778  void *tx = ires.tx_ptr;
779  idx = ires.tx_id;
780 
781  int state_progress = AppLayerParserGetStateProgress(ipproto, alproto, tx, flags);
782  if (state_progress < state_done_progress)
783  break;
784 
785  if (tag_txs_as_inspected) {
786  uint64_t detect_flags = AppLayerParserGetTxDetectFlags(ipproto, alproto, tx, flags);
787  if ((detect_flags & APP_LAYER_TX_INSPECTED_FLAG) == 0) {
788  detect_flags |= APP_LAYER_TX_INSPECTED_FLAG;
789  AppLayerParserSetTxDetectFlags(ipproto, alproto, tx, flags, detect_flags);
790  SCLogDebug("%p/%"PRIu64" in-order tx is done for direction %s. Flag %016"PRIx64,
791  tx, idx, flags & STREAM_TOSERVER ? "toserver" : "toclient", detect_flags);
792  }
793  }
794  idx++;
795  if (!ires.has_next)
796  break;
797  }
798  pstate->inspect_id[direction] = idx;
799  SCLogDebug("inspect_id now %"PRIu64, pstate->inspect_id[direction]);
800 
801  /* if necessary we flag all txs that are complete as 'inspected'
802  * also move inspect_id forward. */
803  if (tag_txs_as_inspected) {
804  /* continue at idx */
805  while (1) {
806  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, idx, total_txs, &state);
807  if (ires.tx_ptr == NULL)
808  break;
809 
810  void *tx = ires.tx_ptr;
811  /* if we got a higher id than the minimum we requested, we
812  * skipped a bunch of 'null-txs'. Lets see if we can up the
813  * inspect tracker */
814  if (ires.tx_id > idx && pstate->inspect_id[direction] == idx) {
815  pstate->inspect_id[direction] = ires.tx_id;
816  }
817  idx = ires.tx_id;
818 
819  const int state_progress = AppLayerParserGetStateProgress(ipproto, alproto, tx, flags);
820  if (state_progress < state_done_progress)
821  break;
822 
823  uint64_t detect_flags = AppLayerParserGetTxDetectFlags(ipproto, alproto, tx, flags);
824  if ((detect_flags & APP_LAYER_TX_INSPECTED_FLAG) == 0) {
825  detect_flags |= APP_LAYER_TX_INSPECTED_FLAG;
826  AppLayerParserSetTxDetectFlags(ipproto, alproto, tx, flags, detect_flags);
827  SCLogDebug("%p/%"PRIu64" out of order tx is done for direction %s. Flag %016"PRIx64,
828  tx, idx, flags & STREAM_TOSERVER ? "toserver" : "toclient", detect_flags);
829 
830  SCLogDebug("%p/%"PRIu64" out of order tx. Update inspect_id? %"PRIu64,
831  tx, idx, pstate->inspect_id[direction]);
832  if (pstate->inspect_id[direction]+1 == idx)
833  pstate->inspect_id[direction] = idx;
834  }
835  if (!ires.has_next)
836  break;
837  idx++;
838  }
839  }
840 
841  SCReturn;
842 }
843 
844 AppLayerDecoderEvents *AppLayerParserGetDecoderEvents(AppLayerParserState *pstate)
845 {
846  SCEnter();
847 
848  SCReturnPtr(pstate->decoder_events,
849  "AppLayerDecoderEvents *");
850 }
851 
852 void AppLayerParserSetDecoderEvents(AppLayerParserState *pstate, AppLayerDecoderEvents *devents)
853 {
854  pstate->decoder_events = devents;
855 }
856 
857 AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto,
858  void *tx)
859 {
860  SCEnter();
861 
862  AppLayerDecoderEvents *ptr = NULL;
863 
864  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
865  StateGetEvents != NULL)
866  {
867  ptr = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
868  StateGetEvents(tx);
869  }
870 
871  SCReturnPtr(ptr, "AppLayerDecoderEvents *");
872 }
873 
874 FileContainer *AppLayerParserGetFiles(const Flow *f, const uint8_t direction)
875 {
876  SCEnter();
877 
878  FileContainer *ptr = NULL;
879 
880  if (alp_ctx.ctxs[f->protomap][f->alproto].StateGetFiles != NULL)
881  {
882  ptr = alp_ctx.ctxs[f->protomap][f->alproto].
883  StateGetFiles(f->alstate, direction);
884  }
885 
886  SCReturnPtr(ptr, "FileContainer *");
887 }
888 
889 /**
890  * \brief remove obsolete (inspected and logged) transactions
891  */
892 void AppLayerParserTransactionsCleanup(Flow *f)
893 {
894  SCEnter();
895  DEBUG_ASSERT_FLOW_LOCKED(f);
896 
897  AppLayerParserProtoCtx *p = &alp_ctx.ctxs[f->protomap][f->alproto];
898  if (unlikely(p->StateTransactionFree == NULL))
899  SCReturn;
900 
901  const bool has_tx_detect_flags = (p->GetTxDetectFlags != NULL);
902  const uint8_t ipproto = f->proto;
903  const AppProto alproto = f->alproto;
904  void * const alstate = f->alstate;
905  AppLayerParserState * const alparser = f->alparser;
906 
907  if (alstate == NULL || alparser == NULL)
908  SCReturn;
909 
910  const uint64_t min = alparser->min_id;
911  const uint64_t total_txs = AppLayerParserGetTxCnt(f, alstate);
912  const LoggerId logger_expectation = AppLayerParserProtocolGetLoggerBits(ipproto, alproto);
913  const int tx_end_state_ts = AppLayerParserGetStateProgressCompletionStatus(alproto, STREAM_TOSERVER);
914  const int tx_end_state_tc = AppLayerParserGetStateProgressCompletionStatus(alproto, STREAM_TOCLIENT);
915 
916  AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(ipproto, alproto);
917  AppLayerGetTxIterState state;
918  memset(&state, 0, sizeof(state));
919  uint64_t i = min;
920  uint64_t new_min = min;
921  SCLogDebug("start min %"PRIu64, min);
922  bool skipped = false;
923 
924  while (1) {
925  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, i, total_txs, &state);
926  if (ires.tx_ptr == NULL)
927  break;
928 
929  void *tx = ires.tx_ptr;
930  i = ires.tx_id; // actual tx id for the tx the IterFunc returned
931 
932  SCLogDebug("%p/%"PRIu64" checking", tx, i);
933 
934  const int tx_progress_tc = AppLayerParserGetStateProgress(ipproto, alproto, tx, STREAM_TOCLIENT);
935  if (tx_progress_tc < tx_end_state_tc) {
936  SCLogDebug("%p/%"PRIu64" skipping: tc parser not done", tx, i);
937  skipped = true;
938  goto next;
939  }
940  const int tx_progress_ts = AppLayerParserGetStateProgress(ipproto, alproto, tx, STREAM_TOSERVER);
941  if (tx_progress_ts < tx_end_state_ts) {
942  SCLogDebug("%p/%"PRIu64" skipping: ts parser not done", tx, i);
943  skipped = true;
944  goto next;
945  }
946  if (has_tx_detect_flags) {
947  if (f->sgh_toserver != NULL) {
948  uint64_t detect_flags_ts = AppLayerParserGetTxDetectFlags(ipproto, alproto, tx, STREAM_TOSERVER);
949  if (!(detect_flags_ts & APP_LAYER_TX_INSPECTED_FLAG)) {
950  SCLogDebug("%p/%"PRIu64" skipping: TS inspect not done: ts:%"PRIx64,
951  tx, i, detect_flags_ts);
952  skipped = true;
953  goto next;
954  }
955  }
956  if (f->sgh_toclient != NULL) {
957  uint64_t detect_flags_tc = AppLayerParserGetTxDetectFlags(ipproto, alproto, tx, STREAM_TOCLIENT);
958  if (!(detect_flags_tc & APP_LAYER_TX_INSPECTED_FLAG)) {
959  SCLogDebug("%p/%"PRIu64" skipping: TC inspect not done: tc:%"PRIx64,
960  tx, i, detect_flags_tc);
961  skipped = true;
962  goto next;
963  }
964  }
965  }
966  if (logger_expectation != 0) {
967  LoggerId tx_logged = AppLayerParserGetTxLogged(f, alstate, tx);
968  if (tx_logged != logger_expectation) {
969  SCLogDebug("%p/%"PRIu64" skipping: logging not done: want:%"PRIx32", have:%"PRIx32,
970  tx, i, logger_expectation, tx_logged);
971  skipped = true;
972  goto next;
973  }
974  }
975 
976  /* if we are here, the tx can be freed. */
977  p->StateTransactionFree(alstate, i);
978  SCLogDebug("%p/%"PRIu64" freed", tx, i);
979 
980  /* if we didn't skip any tx so far, up the minimum */
981  SCLogDebug("skipped? %s i %"PRIu64", new_min %"PRIu64, skipped ? "true" : "false", i, new_min);
982  if (!skipped)
983  new_min = i + 1;
984  SCLogDebug("final i %"PRIu64", new_min %"PRIu64, i, new_min);
985 
986 next:
987  if (!ires.has_next) {
988  /* this was the last tx. See if we skipped any. If not
989  * we removed all and can update the minimum to the max
990  * id. */
991  SCLogDebug("no next: cur tx i %"PRIu64", total %"PRIu64, i, total_txs);
992  if (!skipped) {
993  new_min = total_txs;
994  SCLogDebug("no next: cur tx i %"PRIu64", total %"PRIu64": "
995  "new_min updated to %"PRIu64, i, total_txs, new_min);
996  }
997  break;
998  }
999  i++;
1000  }
1001 
1002  /* see if we need to bring all trackers up to date. */
1003  SCLogDebug("update f->alparser->min_id? %"PRIu64" vs %"PRIu64, new_min, alparser->min_id);
1004  if (new_min > alparser->min_id) {
1005  const uint64_t next_id = new_min;
1006  alparser->min_id = next_id;
1007  alparser->inspect_id[0] = MAX(alparser->inspect_id[0], next_id);
1008  alparser->inspect_id[1] = MAX(alparser->inspect_id[1], next_id);
1009  alparser->log_id = MAX(alparser->log_id, next_id);
1010  SCLogDebug("updated f->alparser->min_id %"PRIu64, alparser->min_id);
1011  }
1012  SCReturn;
1013 }
1014 
1015 #define IS_DISRUPTED(flags) \
1016  ((flags) & (STREAM_DEPTH|STREAM_GAP))
1017 
1018 /**
1019  * \brief get the progress value for a tx/protocol
1020  *
1021  * If the stream is disrupted, we return the 'completion' value.
1022  */
1023 int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto,
1024  void *alstate, uint8_t flags)
1025 {
1026  SCEnter();
1027  int r = 0;
1028  if (unlikely(IS_DISRUPTED(flags))) {
1029  r = alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].
1030  StateGetProgressCompletionStatus(flags);
1031  } else {
1032  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
1033  StateGetProgress(alstate, flags);
1034  }
1035  SCReturnInt(r);
1036 }
1037 
1038 uint64_t AppLayerParserGetTxCnt(const Flow *f, void *alstate)
1039 {
1040  SCEnter();
1041  uint64_t r = 0;
1042  r = alp_ctx.ctxs[f->protomap][f->alproto].
1043  StateGetTxCnt(alstate);
1044  SCReturnCT(r, "uint64_t");
1045 }
1046 
1047 void *AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)
1048 {
1049  SCEnter();
1050  void * r = NULL;
1051  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
1052  StateGetTx(alstate, tx_id);
1053  SCReturnPtr(r, "void *");
1054 }
1055 
1056 int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto,
1057  uint8_t direction)
1058 {
1059  SCEnter();
1060  int r = alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].
1061  StateGetProgressCompletionStatus(direction);
1062  SCReturnInt(r);
1063 }
1064 
1065 int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name,
1066  int *event_id, AppLayerEventType *event_type)
1067 {
1068  SCEnter();
1069  int ipproto_map = FlowGetProtoMapping(ipproto);
1070  int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo == NULL) ?
1071  -1 : alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo(event_name, event_id, event_type);
1072  SCReturnInt(r);
1073 }
1074 
1075 int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, int event_id,
1076  const char **event_name, AppLayerEventType *event_type)
1077 {
1078  SCEnter();
1079  int ipproto_map = FlowGetProtoMapping(ipproto);
1080  *event_name = (const char *)NULL;
1081  int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfoById == NULL) ?
1082  -1 : alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfoById(event_id, event_name, event_type);
1083  SCReturnInt(r);
1084 }
1085 
1086 uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto)
1087 {
1088  SCEnter();
1089  uint8_t r = 0;
1090  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
1091  first_data_dir;
1092  SCReturnCT(r, "uint8_t");
1093 }
1094 
1095 uint64_t AppLayerParserGetTransactionActive(const Flow *f,
1096  AppLayerParserState *pstate, uint8_t direction)
1097 {
1098  SCEnter();
1099 
1100  uint64_t active_id;
1101 
1102  uint64_t log_id = pstate->log_id;
1103  uint64_t inspect_id = pstate->inspect_id[direction & STREAM_TOSERVER ? 0 : 1];
1104  if (alp_ctx.ctxs[f->protomap][f->alproto].logger == true) {
1105  active_id = (log_id < inspect_id) ? log_id : inspect_id;
1106  } else {
1107  active_id = inspect_id;
1108  }
1109 
1110  SCReturnCT(active_id, "uint64_t");
1111 }
1112 
1113 int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto)
1114 {
1115  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetFiles != NULL)
1116  return TRUE;
1117  return FALSE;
1118 }
1119 
1120 int AppLayerParserSupportsTxDetectState(uint8_t ipproto, AppProto alproto)
1121 {
1122  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectState != NULL)
1123  return TRUE;
1124  return FALSE;
1125 }
1126 
1127 DetectEngineState *AppLayerParserGetTxDetectState(uint8_t ipproto, AppProto alproto, void *tx)
1128 {
1129  SCEnter();
1130  DetectEngineState *s;
1131  s = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectState(tx);
1132  SCReturnPtr(s, "DetectEngineState");
1133 }
1134 
1135 int AppLayerParserSetTxDetectState(const Flow *f,
1136  void *tx, DetectEngineState *s)
1137 {
1138  int r;
1139  SCEnter();
1140  if ((alp_ctx.ctxs[f->protomap][f->alproto].GetTxDetectState(tx) != NULL))
1141  SCReturnInt(-EBUSY);
1142  r = alp_ctx.ctxs[f->protomap][f->alproto].SetTxDetectState(tx, s);
1143  SCReturnInt(r);
1144 }
1145 
1146 bool AppLayerParserSupportsTxDetectFlags(AppProto alproto)
1147 {
1148  SCEnter();
1149  for (uint8_t p = 0; p < FLOW_PROTO_APPLAYER_MAX; p++) {
1150  if (alp_ctx.ctxs[p][alproto].GetTxDetectFlags != NULL) {
1151  SCReturnBool(true);
1152  }
1153  }
1154  SCReturnBool(false);
1155 }
1156 
1157 uint64_t AppLayerParserGetTxDetectFlags(uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir)
1158 {
1159  SCEnter();
1160  uint64_t flags = 0;
1161  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectFlags != NULL) {
1162  flags = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectFlags(tx, dir);
1163  }
1164  SCReturnUInt(flags);
1165 }
1166 
1167 void AppLayerParserSetTxDetectFlags(uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir, uint64_t flags)
1168 {
1169  SCEnter();
1170  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetTxDetectFlags != NULL) {
1171  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetTxDetectFlags(tx, dir, flags);
1172  }
1173  SCReturn;
1174 }
1175 
1176 /***** General *****/
1177 
1178 /** \retval int -1 in case of unrecoverable error. App-layer tracking stops for this flow.
1179  * \retval int 0 ok: we did not update app_progress
1180  * \retval int 1 ok: we updated app_progress */
1181 int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto,
1182  uint8_t flags, const uint8_t *input, uint32_t input_len)
1183 {
1184  SCEnter();
1185 #ifdef DEBUG_VALIDATION
1186  BUG_ON(f->protomap != FlowGetProtoMapping(f->proto));
1187 #endif
1188  AppLayerParserState *pstate = NULL;
1189  AppLayerParserProtoCtx *p = &alp_ctx.ctxs[f->protomap][alproto];
1190  void *alstate = NULL;
1191  uint64_t p_tx_cnt = 0;
1192  uint32_t consumed = input_len;
1193  const int direction = (flags & STREAM_TOSERVER) ? 0 : 1;
1194 
1195  /* we don't have the parser registered for this protocol */
1196  if (p->StateAlloc == NULL)
1197  goto end;
1198 
1199  if (flags & STREAM_GAP) {
1200  if (!(p->option_flags & APP_LAYER_PARSER_OPT_ACCEPT_GAPS)) {
1201  SCLogDebug("app-layer parser does not accept gaps");
1202  if (f->alstate != NULL) {
1203  AppLayerParserStreamTruncated(f->proto, alproto, f->alstate,
1204  flags);
1205  }
1206  goto error;
1207  }
1208  }
1209 
1210  /* Get the parser state (if any) */
1211  pstate = f->alparser;
1212  if (pstate == NULL) {
1213  f->alparser = pstate = AppLayerParserStateAlloc();
1214  if (pstate == NULL)
1215  goto error;
1216  }
1217 
1218  if (flags & STREAM_EOF)
1219  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_EOF);
1220 
1221  alstate = f->alstate;
1222  if (alstate == NULL) {
1223  f->alstate = alstate = p->StateAlloc();
1224  if (alstate == NULL)
1225  goto error;
1226  SCLogDebug("alloced new app layer state %p (name %s)",
1227  alstate, AppLayerGetProtoName(f->alproto));
1228  } else {
1229  SCLogDebug("using existing app layer state %p (name %s))",
1230  alstate, AppLayerGetProtoName(f->alproto));
1231  }
1232 
1233  p_tx_cnt = AppLayerParserGetTxCnt(f, f->alstate);
1234 
1235  /* invoke the recursive parser, but only on data. We may get empty msgs on EOF */
1236  if (input_len > 0 || (flags & STREAM_EOF)) {
1237  /* invoke the parser */
1238  AppLayerResult res = p->Parser[direction](f, alstate, pstate,
1239  input, input_len,
1240  alp_tctx->alproto_local_storage[f->protomap][alproto],
1241  flags);
1242  if (res.status < 0)
1243  {
1244  goto error;
1245  } else if (res.status > 0) {
1246  if (f->proto == IPPROTO_TCP && f->protoctx != NULL) {
1247  TcpSession *ssn = f->protoctx;
1248  SCLogDebug("direction %d/%s", direction,
1249  (flags & STREAM_TOSERVER) ? "toserver" : "toclient");
1250  BUG_ON(res.consumed > input_len);
1251  if (direction == 0) {
1252  /* parser told us how much data it needs on top of what it
1253  * consumed. So we need tell stream engine how much we need
1254  * before the next call */
1255  ssn->client.data_required = res.needed;
1256  SCLogDebug("setting data_required %u", ssn->client.data_required);
1257  } else {
1258  /* parser told us how much data it needs on top of what it
1259  * consumed. So we need tell stream engine how much we need
1260  * before the next call */
1261  ssn->server.data_required = res.needed;
1262  SCLogDebug("setting data_required %u", ssn->server.data_required);
1263  }
1264  } else {
1265  /* incomplete is only supported for TCP */
1266  BUG_ON(f->proto != IPPROTO_TCP);
1267  }
1268  BUG_ON(res.needed + res.consumed < input_len);
1269  BUG_ON(res.needed == 0);
1270  consumed = res.consumed;
1271  }
1272  }
1273 
1274  /* set the packets to no inspection and reassembly if required */
1275  if (pstate->flags & APP_LAYER_PARSER_NO_INSPECTION) {
1276  AppLayerParserSetEOF(pstate);
1277  FlowSetNoPayloadInspectionFlag(f);
1278 
1279  if (f->proto == IPPROTO_TCP) {
1280  StreamTcpDisableAppLayer(f);
1281 
1282  /* Set the no reassembly flag for both the stream in this TcpSession */
1283  if (pstate->flags & APP_LAYER_PARSER_NO_REASSEMBLY) {
1284  /* Used only if it's TCP */
1285  TcpSession *ssn = f->protoctx;
1286  if (ssn != NULL) {
1287  StreamTcpSetSessionNoReassemblyFlag(ssn, 0);
1288  StreamTcpSetSessionNoReassemblyFlag(ssn, 1);
1289  }
1290  }
1291  /* Set the bypass flag for both the stream in this TcpSession */
1292  if (pstate->flags & APP_LAYER_PARSER_BYPASS_READY) {
1293  /* Used only if it's TCP */
1294  TcpSession *ssn = f->protoctx;
1295  if (ssn != NULL) {
1296  StreamTcpSetSessionBypassFlag(ssn);
1297  }
1298  }
1299  }
1300  }
1301 
1302  /* In cases like HeartBleed for TLS we need to inspect AppLayer but not Payload */
1303  if (!(f->flags & FLOW_NOPAYLOAD_INSPECTION) && pstate->flags & APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD) {
1304  FlowSetNoPayloadInspectionFlag(f);
1305  /* Set the no reassembly flag for both the stream in this TcpSession */
1306  if (f->proto == IPPROTO_TCP) {
1307  /* Used only if it's TCP */
1308  TcpSession *ssn = f->protoctx;
1309  if (ssn != NULL) {
1310  StreamTcpSetDisableRawReassemblyFlag(ssn, 0);
1311  StreamTcpSetDisableRawReassemblyFlag(ssn, 1);
1312  }
1313  }
1314  }
1315 
1316  /* get the diff in tx cnt for stats keeping */
1317  uint64_t cur_tx_cnt = AppLayerParserGetTxCnt(f, f->alstate);
1318  if (cur_tx_cnt > p_tx_cnt && tv) {
1319  AppLayerIncTxCounter(tv, f, cur_tx_cnt - p_tx_cnt);
1320  }
1321 
1322  /* stream truncated, inform app layer */
1323  if (flags & STREAM_DEPTH)
1324  AppLayerParserStreamTruncated(f->proto, alproto, alstate, flags);
1325 
1326  end:
1327  /* update app progress */
1328  if (consumed != input_len && f->proto == IPPROTO_TCP && f->protoctx != NULL) {
1329  TcpSession *ssn = f->protoctx;
1330  StreamTcpUpdateAppLayerProgress(ssn, direction, consumed);
1331  SCReturnInt(1);
1332  }
1333 
1334  SCReturnInt(0);
1335  error:
1336  /* Set the no app layer inspection flag for both
1337  * the stream in this Flow */
1338  if (f->proto == IPPROTO_TCP) {
1339  StreamTcpDisableAppLayer(f);
1340  }
1341  AppLayerParserSetEOF(pstate);
1342  SCReturnInt(-1);
1343 }
1344 
1345 void AppLayerParserSetEOF(AppLayerParserState *pstate)
1346 {
1347  SCEnter();
1348 
1349  if (pstate == NULL)
1350  goto end;
1351 
1352  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_EOF);
1353 
1354  end:
1355  SCReturn;
1356 }
1357 
1358 /* return true if there are app parser decoder events. These are
1359  * only the ones that are set during protocol detection. */
1360 bool AppLayerParserHasDecoderEvents(AppLayerParserState *pstate)
1361 {
1362  SCEnter();
1363 
1364  if (pstate == NULL)
1365  return false;
1366 
1367  const AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(pstate);
1368  if (decoder_events && decoder_events->cnt)
1369  return true;
1370 
1371  /* if we have reached here, we don't have events */
1372  return false;
1373 }
1374 
1375 /** \brief simple way to globally test if a alproto is registered
1376  * and fully enabled in the configuration.
1377  */
1378 int AppLayerParserIsEnabled(AppProto alproto)
1379 {
1380  return (alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto]
1381  .StateGetProgressCompletionStatus != NULL);
1382 }
1383 
1384 int AppLayerParserProtocolIsTxEventAware(uint8_t ipproto, AppProto alproto)
1385 {
1386  SCEnter();
1387  int ipproto_map = FlowGetProtoMapping(ipproto);
1388  int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEvents == NULL) ? 0 : 1;
1389  SCReturnInt(r);
1390 }
1391 
1392 int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto)
1393 {
1394  SCEnter();
1395  int ipproto_map = FlowGetProtoMapping(ipproto);
1396  int r = (alp_ctx.ctxs[ipproto_map][alproto].logger == false) ? 0 : 1;
1397  SCReturnInt(r);
1398 }
1399 
1400 LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto)
1401 {
1402  SCEnter();
1403  const int ipproto_map = FlowGetProtoMapping(ipproto);
1404  LoggerId r = alp_ctx.ctxs[ipproto_map][alproto].logger_bits;
1405  SCReturnUInt(r);
1406 }
1407 
1408 void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
1409 {
1410  SCEnter();
1411 
1412  SCLogDebug("f %p tcp %p direction %d", f, f ? f->protoctx : NULL, direction);
1413  if (f != NULL && f->protoctx != NULL)
1414  StreamTcpReassembleTriggerRawReassembly(f->protoctx, direction);
1415 
1416  SCReturn;
1417 }
1418 
1419 void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth)
1420 {
1421  SCEnter();
1422 
1423  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].stream_depth = stream_depth;
1424  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].internal_flags |=
1425  APP_LAYER_PARSER_INT_STREAM_DEPTH_SET;
1426 
1427  SCReturn;
1428 }
1429 
1430 uint32_t AppLayerParserGetStreamDepth(const Flow *f)
1431 {
1432  SCReturnInt(alp_ctx.ctxs[f->protomap][f->alproto].stream_depth);
1433 }
1434 
1435 void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags)
1436 {
1437  SCEnter();
1438  void *tx = NULL;
1439  if (state != NULL) {
1440  if ((tx = AppLayerParserGetTx(ipproto, alproto, state, tx_id)) != NULL) {
1441  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag != NULL) {
1442  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag(tx, flags);
1443  }
1444  }
1445  }
1446  SCReturn;
1447 }
1448 
1449 /***** Cleanup *****/
1450 
1451 void AppLayerParserStateCleanup(const Flow *f, void *alstate,
1452  AppLayerParserState *pstate)
1453 {
1454  SCEnter();
1455 
1456  AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[f->protomap][f->alproto];
1457 
1458  if (ctx->StateFree != NULL && alstate != NULL)
1459  ctx->StateFree(alstate);
1460 
1461  /* free the app layer parser api state */
1462  if (pstate != NULL)
1463  AppLayerParserStateFree(pstate);
1464 
1465  SCReturn;
1466 }
1467 
1468 static void ValidateParserProtoDump(AppProto alproto, uint8_t ipproto)
1469 {
1470  uint8_t map = FlowGetProtoMapping(ipproto);
1471  const AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[map][alproto];
1472  const AppLayerParserProtoCtx *ctx_def = &alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto];
1473  printf("ERROR: incomplete app-layer registration\n");
1474  printf("AppLayer protocol %s ipproto %u\n", AppProtoToString(alproto), ipproto);
1475  printf("- option flags %"PRIx32"\n", ctx->option_flags);
1476  printf("- first_data_dir %"PRIx8"\n", ctx->first_data_dir);
1477  printf("Mandatory:\n");
1478  printf("- Parser[0] %p Parser[1] %p\n", ctx->Parser[0], ctx->Parser[1]);
1479  printf("- StateAlloc %p StateFree %p\n", ctx->StateAlloc, ctx->StateFree);
1480  printf("- StateGetTx %p StateGetTxCnt %p StateTransactionFree %p\n",
1481  ctx->StateGetTx, ctx->StateGetTxCnt, ctx->StateTransactionFree);
1482  printf("- StateGetProgress %p StateGetProgressCompletionStatus %p\n", ctx->StateGetProgress, ctx_def->StateGetProgressCompletionStatus);
1483  printf("- GetTxDetectState %p SetTxDetectState %p\n", ctx->GetTxDetectState, ctx->SetTxDetectState);
1484  printf("Optional:\n");
1485  printf("- LocalStorageAlloc %p LocalStorageFree %p\n", ctx->LocalStorageAlloc, ctx->LocalStorageFree);
1486  printf("- StateGetTxLogged %p StateSetTxLogged %p\n", ctx->StateGetTxLogged, ctx->StateSetTxLogged);
1487  printf("- StateGetEvents %p StateGetEventInfo %p StateGetEventInfoById %p\n", ctx->StateGetEvents, ctx->StateGetEventInfo,
1488  ctx->StateGetEventInfoById);
1489 }
1490 
1491 #define BOTH_SET(a, b) ((a) != NULL && (b) != NULL)
1492 #define BOTH_SET_OR_BOTH_UNSET(a, b) (((a) == NULL && (b) == NULL) || ((a) != NULL && (b) != NULL))
1493 #define THREE_SET_OR_THREE_UNSET(a, b, c) (((a) == NULL && (b) == NULL && (c) == NULL) || ((a) != NULL && (b) != NULL && (c) != NULL))
1494 #define THREE_SET(a, b, c) ((a) != NULL && (b) != NULL && (c) != NULL)
1495 
1496 static void ValidateParserProto(AppProto alproto, uint8_t ipproto)
1497 {
1498  uint8_t map = FlowGetProtoMapping(ipproto);
1499  const AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[map][alproto];
1500  const AppLayerParserProtoCtx *ctx_def = &alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto];
1501 
1502  if (ctx->Parser[0] == NULL && ctx->Parser[1] == NULL)
1503  return;
1504 
1505  if (!(BOTH_SET(ctx->Parser[0], ctx->Parser[1]))) {
1506  goto bad;
1507  }
1508  if (!(BOTH_SET(ctx->StateFree, ctx->StateAlloc))) {
1509  goto bad;
1510  }
1511  if (!(THREE_SET(ctx->StateGetTx, ctx->StateGetTxCnt, ctx->StateTransactionFree))) {
1512  goto bad;
1513  }
1514  /* special case: StateGetProgressCompletionStatus is used from 'default'. */
1515  if (!(BOTH_SET(ctx->StateGetProgress, ctx_def->StateGetProgressCompletionStatus))) {
1516  goto bad;
1517  }
1518  /* local storage is optional, but needs both set if used */
1519  if (!(BOTH_SET_OR_BOTH_UNSET(ctx->LocalStorageAlloc, ctx->LocalStorageFree))) {
1520  goto bad;
1521  }
1522  if (!(BOTH_SET_OR_BOTH_UNSET(ctx->StateGetTxLogged, ctx->StateSetTxLogged))) {
1523  goto bad;
1524  }
1525  if (!(BOTH_SET(ctx->GetTxDetectState, ctx->SetTxDetectState))) {
1526  goto bad;
1527  }
1528  if (!(BOTH_SET_OR_BOTH_UNSET(ctx->GetTxDetectState, ctx->SetTxDetectState))) {
1529  goto bad;
1530  }
1531  if (!(BOTH_SET_OR_BOTH_UNSET(ctx->GetTxDetectFlags, ctx->SetTxDetectFlags))) {
1532  goto bad;
1533  }
1534 
1535  return;
1536 bad:
1537  ValidateParserProtoDump(alproto, ipproto);
1538  exit(EXIT_FAILURE);
1539 }
1540 #undef BOTH_SET
1541 #undef BOTH_SET_OR_BOTH_UNSET
1542 #undef THREE_SET_OR_THREE_UNSET
1543 #undef THREE_SET
1544 
1545 static void ValidateParser(AppProto alproto)
1546 {
1547  ValidateParserProto(alproto, IPPROTO_TCP);
1548  ValidateParserProto(alproto, IPPROTO_UDP);
1549 }
1550 
1551 static void ValidateParsers(void)
1552 {
1553  AppProto p = 0;
1554  for ( ; p < ALPROTO_MAX; p++) {
1555  ValidateParser(p);
1556  }
1557 }
1558 
1559 void AppLayerParserRegisterProtocolParsers(void)
1560 {
1561  SCEnter();
1562 
1563  RegisterHTPParsers();
1564  RegisterSSLParsers();
1565  RegisterDCERPCParsers();
1566  RegisterDCERPCUDPParsers();
1567  RegisterSMBParsers();
1568  RegisterFTPParsers();
1569  RegisterSSHParsers();
1570  RegisterSMTPParsers();
1571  rs_dns_udp_register_parser();
1572  rs_dns_tcp_register_parser();
1573  RegisterModbusParsers();
1574  RegisterENIPUDPParsers();
1575  RegisterENIPTCPParsers();
1576  RegisterDNP3Parsers();
1577  RegisterNFSTCPParsers();
1578  RegisterNFSUDPParsers();
1579  RegisterNTPParsers();
1580  RegisterTFTPParsers();
1581  RegisterIKEV2Parsers();
1582  RegisterKRB5Parsers();
1583  rs_dhcp_register_parser();
1584  RegisterSNMPParsers();
1585  RegisterSIPParsers();
1586  RegisterTemplateRustParsers();
1587  RegisterRFBParsers();
1588  RegisterTemplateParsers();
1589  RegisterRdpParsers();
1590 
1591  /** IMAP */
1592  AppLayerProtoDetectRegisterProtocol(ALPROTO_IMAP, "imap");
1593  if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", "imap")) {
1594  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_IMAP,
1595  "1|20|capability", 12, 0, STREAM_TOSERVER) < 0)
1596  {
1597  SCLogInfo("imap proto registration failure");
1598  exit(EXIT_FAILURE);
1599  }
1600  } else {
1601  SCLogInfo("Protocol detection and parser disabled for %s protocol.",
1602  "imap");
1603  }
1604 
1605  ValidateParsers();
1606  return;
1607 }
1608 
1609 
1610 /* coccinelle: AppLayerParserStateSetFlag():2,2:APP_LAYER_PARSER_ */
1611 void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint8_t flag)
1612 {
1613  SCEnter();
1614  pstate->flags |= flag;
1615  SCReturn;
1616 }
1617 
1618 /* coccinelle: AppLayerParserStateIssetFlag():2,2:APP_LAYER_PARSER_ */
1619 int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag)
1620 {
1621  SCEnter();
1622  SCReturnInt(pstate->flags & flag);
1623 }
1624 
1625 
1626 void AppLayerParserStreamTruncated(uint8_t ipproto, AppProto alproto, void *alstate,
1627  uint8_t direction)
1628 {
1629  SCEnter();
1630 
1631  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate != NULL)
1632  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate(alstate, direction);
1633 
1634  SCReturn;
1635 }
1636 
1637 #ifdef DEBUG
1638 void AppLayerParserStatePrintDetails(AppLayerParserState *pstate)
1639 {
1640  SCEnter();
1641 
1642  if (pstate == NULL)
1643  SCReturn;
1644 
1645  AppLayerParserState *p = pstate;
1646  SCLogDebug("AppLayerParser parser state information for parser state p(%p). "
1647  "p->inspect_id[0](%"PRIu64"), "
1648  "p->inspect_id[1](%"PRIu64"), "
1649  "p->log_id(%"PRIu64"), "
1650  "p->decoder_events(%p).",
1651  pstate, p->inspect_id[0], p->inspect_id[1], p->log_id,
1652  p->decoder_events);
1653 
1654  SCReturn;
1655 }
1656 #endif
1657 
1658 /***** Unittests *****/
1659 
1660 #ifdef UNITTESTS
1661 
1662 static AppLayerParserCtx alp_ctx_backup_unittest;
1663 
1664 typedef struct TestState_ {
1665  uint8_t test;
1666 } TestState;
1667 
1668 /**
1669  * \brief Test parser function to test the memory deallocation of app layer
1670  * parser of occurence of an error.
1671  */
1672 static AppLayerResult TestProtocolParser(Flow *f, void *test_state, AppLayerParserState *pstate,
1673  const uint8_t *input, uint32_t input_len,
1674  void *local_data, const uint8_t flags)
1675 {
1676  SCEnter();
1677  SCReturnStruct(APP_LAYER_ERROR);
1678 }
1679 
1680 /** \brief Function to allocates the Test protocol state memory
1681  */
1682 static void *TestProtocolStateAlloc(void)
1683 {
1684  SCEnter();
1685  void *s = SCMalloc(sizeof(TestState));
1686  if (unlikely(s == NULL))
1687  goto end;
1688  memset(s, 0, sizeof(TestState));
1689  end:
1690  SCReturnPtr(s, "TestState");
1691 }
1692 
1693 /** \brief Function to free the Test Protocol state memory
1694  */
1695 static void TestProtocolStateFree(void *s)
1696 {
1697  SCFree(s);
1698 }
1699 
1700 static uint64_t TestGetTxCnt(void *state)
1701 {
1702  /* single tx */
1703  return 1;
1704 }
1705 
1706 static void TestStateTransactionFree(void *state, uint64_t tx_id)
1707 {
1708  /* do nothing */
1709 }
1710 
1711 static void *TestGetTx(void *state, uint64_t tx_id)
1712 {
1713  TestState *test_state = (TestState *)state;
1714  return test_state;
1715 }
1716 
1717 void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto,
1718  void (*RegisterUnittests)(void))
1719 {
1720  SCEnter();
1721  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
1722  RegisterUnittests = RegisterUnittests;
1723  SCReturn;
1724 }
1725 
1726 void AppLayerParserBackupParserTable(void)
1727 {
1728  SCEnter();
1729  alp_ctx_backup_unittest = alp_ctx;
1730  memset(&alp_ctx, 0, sizeof(alp_ctx));
1731  SCReturn;
1732 }
1733 
1734 void AppLayerParserRestoreParserTable(void)
1735 {
1736  SCEnter();
1737  alp_ctx = alp_ctx_backup_unittest;
1738  memset(&alp_ctx_backup_unittest, 0, sizeof(alp_ctx_backup_unittest));
1739  SCReturn;
1740 }
1741 
1742 /**
1743  * \test Test the deallocation of app layer parser memory on occurance of
1744  * error in the parsing process.
1745  */
1746 static int AppLayerParserTest01(void)
1747 {
1748  AppLayerParserBackupParserTable();
1749 
1750  int result = 0;
1751  Flow *f = NULL;
1752  uint8_t testbuf[] = { 0x11 };
1753  uint32_t testlen = sizeof(testbuf);
1754  TcpSession ssn;
1755  AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
1756 
1757  memset(&ssn, 0, sizeof(ssn));
1758 
1759  /* Register the Test protocol state and parser functions */
1760  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TEST, STREAM_TOSERVER,
1761  TestProtocolParser);
1762  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TEST,
1763  TestProtocolStateAlloc, TestProtocolStateFree);
1764  AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TEST, TestStateTransactionFree);
1765  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TEST, TestGetTx);
1766  AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TEST, TestGetTxCnt);
1767 
1768  f = UTHBuildFlow(AF_INET, "1.2.3.4", "4.3.2.1", 20, 40);
1769  if (f == NULL)
1770  goto end;
1771  f->protoctx = &ssn;
1772  f->alproto = ALPROTO_TEST;
1773  f->proto = IPPROTO_TCP;
1774 
1775  StreamTcpInitConfig(TRUE);
1776 
1777  FLOWLOCK_WRLOCK(f);
1778  int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_TEST,
1779  STREAM_TOSERVER | STREAM_EOF, testbuf,
1780  testlen);
1781  if (r != -1) {
1782  printf("returned %" PRId32 ", expected -1: ", r);
1783  FLOWLOCK_UNLOCK(f);
1784  goto end;
1785  }
1786  FLOWLOCK_UNLOCK(f);
1787 
1788  if (!(ssn.flags & STREAMTCP_FLAG_APP_LAYER_DISABLED)) {
1789  printf("flag should have been set, but is not: ");
1790  goto end;
1791  }
1792 
1793  result = 1;
1794  end:
1795  AppLayerParserRestoreParserTable();
1796  StreamTcpFreeConfig(TRUE);
1797 
1798  UTHFreeFlow(f);
1799  return result;
1800 }
1801 
1802 /**
1803  * \test Test the deallocation of app layer parser memory on occurance of
1804  * error in the parsing process for UDP.
1805  */
1806 static int AppLayerParserTest02(void)
1807 {
1808  AppLayerParserBackupParserTable();
1809 
1810  int result = 1;
1811  Flow *f = NULL;
1812  uint8_t testbuf[] = { 0x11 };
1813  uint32_t testlen = sizeof(testbuf);
1814  AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
1815 
1816  /* Register the Test protocol state and parser functions */
1817  AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_TEST, STREAM_TOSERVER,
1818  TestProtocolParser);
1819  AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_TEST,
1820  TestProtocolStateAlloc, TestProtocolStateFree);
1821  AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_TEST, TestStateTransactionFree);
1822  AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_TEST, TestGetTx);
1823  AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_TEST, TestGetTxCnt);
1824 
1825  f = UTHBuildFlow(AF_INET, "1.2.3.4", "4.3.2.1", 20, 40);
1826  if (f == NULL)
1827  goto end;
1828  f->alproto = ALPROTO_TEST;
1829  f->proto = IPPROTO_UDP;
1830  f->protomap = FlowGetProtoMapping(f->proto);
1831 
1832  StreamTcpInitConfig(TRUE);
1833 
1834  FLOWLOCK_WRLOCK(f);
1835  int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_TEST,
1836  STREAM_TOSERVER | STREAM_EOF, testbuf,
1837  testlen);
1838  if (r != -1) {
1839  printf("returned %" PRId32 ", expected -1: \n", r);
1840  result = 0;
1841  FLOWLOCK_UNLOCK(f);
1842  goto end;
1843  }
1844  FLOWLOCK_UNLOCK(f);
1845 
1846  end:
1847  AppLayerParserRestoreParserTable();
1848  StreamTcpFreeConfig(TRUE);
1849  UTHFreeFlow(f);
1850  return result;
1851 }
1852 
1853 
1854 void AppLayerParserRegisterUnittests(void)
1855 {
1856  SCEnter();
1857 
1858  int ip;
1859  AppProto alproto;
1860  AppLayerParserProtoCtx *ctx;
1861 
1862  for (ip = 0; ip < FLOW_PROTO_DEFAULT; ip++) {
1863  for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
1864  ctx = &alp_ctx.ctxs[ip][alproto];
1865  if (ctx->RegisterUnittests == NULL)
1866  continue;
1867  ctx->RegisterUnittests();
1868  }
1869  }
1870 
1871  UtRegisterTest("AppLayerParserTest01", AppLayerParserTest01);
1872  UtRegisterTest("AppLayerParserTest02", AppLayerParserTest02);
1873 
1874  SCReturn;
1875 }
1876 
1877 #endif
AppLayerParserProtoCtx_::Truncate
void(* Truncate)(void *, uint8_t)
Definition: app-layer-parser.c:106
AppLayerParserSetTxLogged
void AppLayerParserSetTxLogged(uint8_t ipproto, AppProto alproto, void *alstate, void *tx, LoggerId logger)
Definition: app-layer-parser.c:696
app-layer-nfs-udp.h
app-layer-dcerpc.h
ALPROTO_TEST
@ ALPROTO_TEST
Definition: app-layer-protos.h:63
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:490
AppLayerParserDeSetup
int AppLayerParserDeSetup(void)
Definition: app-layer-parser.c:243
FileContainer_
Definition: util-file.h:100
app-layer-dcerpc-udp.h
FLOW_PROTO_MAX
@ FLOW_PROTO_MAX
Definition: flow-private.h:75
RegisterNTPParsers
void RegisterNTPParsers(void)
Definition: app-layer-ntp.c:38
AppLayerParserProtoCtx_::StateGetTxCnt
uint64_t(* StateGetTxCnt)(void *alstate)
Definition: app-layer-parser.c:111
AppLayerParserProtoCtx_::logger_bits
uint32_t logger_bits
Definition: app-layer-parser.c:98
RegisterTemplateRustParsers
void RegisterTemplateRustParsers(void)
Definition: app-layer-template-rust.c:48
app-layer-tftp.h
AppLayerParserCtx_::ctxs
AppLayerParserProtoCtx ctxs[FLOW_PROTO_MAX][ALPROTO_MAX]
Definition: app-layer-parser.c:152
AppLayerParserGetTxLogged
LoggerId AppLayerParserGetTxLogged(const Flow *f, void *alstate, void *tx)
Definition: app-layer-parser.c:710
AppLayerParserState_::log_id
uint64_t log_id
Definition: app-layer-parser.c:165
RegisterSMBParsers
void RegisterSMBParsers(void)
Definition: app-layer-smb.c:255
app-layer-ssh.h
AppLayerParserIsEnabled
int AppLayerParserIsEnabled(AppProto alproto)
simple way to globally test if a alproto is registered and fully enabled in the configuration.
Definition: app-layer-parser.c:1378
AppLayerParserRegisterLocalStorageFunc
void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto alproto, void *(*LocalStorageAlloc)(void), void(*LocalStorageFree)(void *))
Definition: app-layer-parser.c:411
BOTH_SET
#define BOTH_SET(a, b)
Definition: app-layer-parser.c:1491
AppLayerParserProtocolHasLogger
int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1392
AppLayerParserRegisterOptionFlags
void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto, uint32_t flags)
Definition: app-layer-parser.c:387
flow-util.h
AppLayerParserSetStreamDepthFlag
void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags)
Definition: app-layer-parser.c:1435
AppLayerParserSetTransactionLogId
void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id)
Definition: app-layer-parser.c:731
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void), void(*StateFree)(void *))
Definition: app-layer-parser.c:397
AppLayerParserSetStreamDepth
void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth)
Definition: app-layer-parser.c:1419
DetectEngineState_
Definition: detect-engine-state.h:92
ConfNode_::val
char * val
Definition: conf.h:34
stream-tcp.h
SCFree
#define SCFree(a)
Definition: util-mem.h:322
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
AppLayerParserGetProtocolParserLocalStorage
void * AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:623
AppLayerParserRegisterMpmIDsFuncs
void AppLayerParserRegisterMpmIDsFuncs(uint8_t ipproto, AppProto alproto, uint64_t(*GetTxMpmIDs)(void *tx), int(*SetTxMpmIDs)(void *tx, uint64_t))
Definition: app-layer-parser.c:601
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
AppLayerParserProtoCtx_::LocalStorageFree
void(* LocalStorageFree)(void *)
Definition: app-layer-parser.c:104
AppLayerParserSetTxDetectFlags
void AppLayerParserSetTxDetectFlags(uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir, uint64_t flags)
Definition: app-layer-parser.c:1167
app-layer-ikev2.h
AppLayerParserProtoCtx_
App layer protocol parser context.
Definition: app-layer-parser.c:93
RegisterSSHParsers
void RegisterSSHParsers(void)
Function to register the SSH protocol parsers and other functions.
Definition: app-layer-ssh.c:629
AppLayerParserProtoCtx_::StateGetTx
void *(* StateGetTx)(void *alstate, uint64_t tx_id)
Definition: app-layer-parser.c:112
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:335
AppLayerParserSetTransactionInspectId
void AppLayerParserSetTransactionInspectId(const Flow *f, AppLayerParserState *pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected)
Definition: app-layer-parser.c:751
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:39
AppLayerParserGetEventsByTx
AppLayerDecoderEvents * AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto, void *tx)
Definition: app-layer-parser.c:857
AppLayerGetTxIterator
AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto, const AppProto alproto)
Definition: app-layer-parser.c:688
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:2
AppLayerParserRegisterDetectFlagsFuncs
void AppLayerParserRegisterDetectFlagsFuncs(uint8_t ipproto, AppProto alproto, uint64_t(*GetTxDetectFlags)(void *tx, uint8_t dir), void(*SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t))
Definition: app-layer-parser.c:589
RegisterModbusParsers
void RegisterModbusParsers(void)
Function to register the Modbus protocol parsers and other functions.
Definition: app-layer-modbus.c:1490
AppLayerParserRegisterLoggerFuncs
void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto, LoggerId(*StateGetTxLogged)(void *, void *), void(*StateSetTxLogged)(void *, void *, LoggerId))
Definition: app-layer-parser.c:447
Flow_::proto
uint8_t proto
Definition: flow.h:361
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:71
AppLayerParserFPtr
AppLayerResult(* AppLayerParserFPtr)(Flow *f, void *protocol_state, AppLayerParserState *pstate, const uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags)
Prototype for parsing functions.
Definition: app-layer-parser.h:109
StreamTcpSetDisableRawReassemblyFlag
void StreamTcpSetDisableRawReassemblyFlag(TcpSession *, char)
Set the No reassembly flag for the given direction in given TCP session.
Definition: stream-tcp.c:5891
AppLayerParserConfParserEnabled
int AppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:302
AppLayerParserGetStateProgress
int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto, void *alstate, uint8_t flags)
get the progress value for a tx/protocol
Definition: app-layer-parser.c:1023
AppLayerParserTriggerRawStreamReassembly
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
Definition: app-layer-parser.c:1408
AppLayerParserProtoCtx_::SetTxDetectFlags
void(* SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t)
Definition: app-layer-parser.c:127
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:176
threads.h
TcpStreamCnf_::reassembly_depth
uint32_t reassembly_depth
Definition: stream-tcp.h:60
flow-private.h
Flow_
Flow data structure.
Definition: flow.h:342
APP_LAYER_PARSER_INT_STREAM_DEPTH_SET
#define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET
Definition: app-layer-parser.h:44
AppLayerEventType
enum AppLayerEventType_ AppLayerEventType
AppLayerParserRegisterGetEventsFunc
void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto alproto, AppLayerDecoderEvents *(*StateGetEvents)(void *))
Definition: app-layer-parser.c:436
StreamTcpReassembleTriggerRawReassembly
void StreamTcpReassembleTriggerRawReassembly(TcpSession *ssn, int direction)
Trigger RAW stream reassembly.
Definition: stream-tcp-reassemble.c:1860
LoggerId
LoggerId
Definition: suricata-common.h:416
Flow_::protomap
uint8_t protomap
Definition: flow.h:420
AppLayerParserGetTransactionLogId
uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate)
Definition: app-layer-parser.c:724
AppProtoToString
const char * AppProtoToString(AppProto alproto)
Maps the ALPROTO_*, to its string equivalent.
Definition: app-layer-protos.c:30
AppLayerParserRegisterTruncateFunc
void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto, void(*Truncate)(void *, uint8_t))
Definition: app-layer-parser.c:480
AppLayerParserRegisterParserAcceptableDataDirection
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:376
AppLayerParserGetStateProgressCompletionStatus
int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:1056
AppLayerParserGetFirstDataDir
uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1086
AppLayerParserProtoIsRegistered
int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:188
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:501
FLOW_NOPAYLOAD_INSPECTION
#define FLOW_NOPAYLOAD_INSPECTION
Definition: flow.h:61
AppLayerParserSupportsFiles
int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1113
AppLayerParserProtoCtx_::StateGetTxIterator
AppLayerGetTxIteratorFunc StateGetTxIterator
Definition: app-layer-parser.c:113
AppLayerParserThreadCtxFree
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
Definition: app-layer-parser.c:279
rust.h
AppLayerDecoderEventsFreeEvents
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events)
Definition: app-layer-events.c:148
StreamTcpUpdateAppLayerProgress
void StreamTcpUpdateAppLayerProgress(TcpSession *ssn, char direction, const uint32_t progress)
update reassembly progress
Definition: stream-tcp.c:5857
AppLayerParserGetFiles
FileContainer * AppLayerParserGetFiles(const Flow *f, const uint8_t direction)
Definition: app-layer-parser.c:874
APP_LAYER_TX_INSPECTED_FLAG
#define APP_LAYER_TX_INSPECTED_FLAG
Definition: app-layer-parser.h:49
stream-tcp-reassemble.h
AppLayerParserRegisterDetectStateFuncs
void AppLayerParserRegisterDetectStateFuncs(uint8_t ipproto, AppProto alproto, DetectEngineState *(*GetTxDetectState)(void *tx), int(*SetTxDetectState)(void *tx, DetectEngineState *))
Definition: app-layer-parser.c:577
TestState
struct TestState_ TestState
AppLayerParserProtoCtx_::StateAlloc
void *(* StateAlloc)(void)
Definition: app-layer-parser.c:100
RegisterSIPParsers
void RegisterSIPParsers(void)
Definition: app-layer-sip.c:38
app-layer-ftp.h
MAX
#define MAX(x, y)
Definition: suricata-common.h:364
ALPROTO_MAX
@ ALPROTO_MAX
Definition: app-layer-protos.h:66
Flow_::protoctx
void * protoctx
Definition: flow.h:416
TcpStream_::data_required
uint32_t data_required
Definition: stream-tcp-private.h:120
AppLayerParserRegisterUnittests
void AppLayerParserRegisterUnittests(void)
Definition: app-layer-parser.c:1854
AppLayerParserGetTransactionInspectId
uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction)
Definition: app-layer-parser.c:741
RegisterKRB5Parsers
void RegisterKRB5Parsers(void)
Definition: app-layer-krb5.c:38
AppLayerDecoderEvents_
Data structure to store app layer decoder events.
Definition: app-layer-events.h:34
util-unittest.h
FlowGetReverseProtoMapping
uint8_t FlowGetReverseProtoMapping(uint8_t rproto)
Definition: flow-util.c:111
AppLayerParserProtocolIsTxEventAware
int AppLayerParserProtocolIsTxEventAware(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1384
RegisterDNP3Parsers
void RegisterDNP3Parsers(void)
Register the DNP3 application protocol parser.
Definition: app-layer-dnp3.c:1599
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:566
util-unittest-helper.h
FTPParserCleanup
void FTPParserCleanup(void)
Free memory allocated for global SMTP parser state.
Definition: app-layer-ftp.c:1464
TcpSession_::flags
uint16_t flags
Definition: stream-tcp-private.h:269
FLOWLOCK_UNLOCK
#define FLOWLOCK_UNLOCK(fb)
Definition: flow.h:260
AppLayerParserGetEventInfoById
int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, int event_id, const char **event_name, AppLayerEventType *event_type)
Definition: app-layer-parser.c:1075
Flow_::sgh_toserver
const struct SigGroupHead_ * sgh_toserver
Definition: flow.h:461
SCReturnBool
#define SCReturnBool(x)
Definition: util-debug.h:355
AppLayerParserRestoreParserTable
void AppLayerParserRestoreParserTable(void)
Definition: app-layer-parser.c:1734
AppLayerParserState_::inspect_id
uint64_t inspect_id[2]
Definition: app-layer-parser.c:161
AppLayerParserCtx
struct AppLayerParserCtx_ AppLayerParserCtx
Flow_::alparser
AppLayerParserState * alparser
Definition: flow.h:453
AppLayerParserRegisterProtocolParsers
void AppLayerParserRegisterProtocolParsers(void)
Definition: app-layer-parser.c:1559
app-layer-krb5.h
RegisterRFBParsers
void RegisterRFBParsers(void)
Definition: app-layer-rfb.c:54
RegisterDCERPCParsers
void RegisterDCERPCParsers(void)
Definition: app-layer-dcerpc.c:2078
UTHBuildFlow
Flow * UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
Definition: util-unittest-helper.c:446
app-layer-htp.h
AppLayerParserStateIssetFlag
int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag)
Definition: app-layer-parser.c:1619
AppLayerParserProtoCtx_::stream_depth
uint32_t stream_depth
Definition: app-layer-parser.c:132
decode.h
util-debug.h
AppLayerParserState_
Definition: app-layer-parser.c:155
AppLayerParserGetTransactionActive
uint64_t AppLayerParserGetTransactionActive(const Flow *f, AppLayerParserState *pstate, uint8_t direction)
Definition: app-layer-parser.c:1095
AppLayerParserProtoCtx_::logger
bool logger
Definition: app-layer-parser.c:97
app-layer-dnp3.h
AppLayerParserStreamTruncated
void AppLayerParserStreamTruncated(uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction)
Definition: app-layer-parser.c:1626
STREAM_TOSERVER
#define STREAM_TOSERVER
Definition: stream.h:31
res
PoolThreadReserved res
Definition: stream-tcp-private.h:60
alp_tctx
AppLayerParserThreadCtx * alp_tctx
Definition: fuzz_applayerparserparse.c:19
AppLayerParserRegisterLogger
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:471
FLOWLOCK_WRLOCK
#define FLOWLOCK_WRLOCK(fb)
Definition: flow.h:257
app-layer-rfb.h
AppLayerParserRegisterGetFilesFunc
void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto, FileContainer *(*StateGetFiles)(void *, uint8_t))
Definition: app-layer-parser.c:425
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:337
AppLayerParserProtoCtx_::SetStreamDepthFlag
void(* SetStreamDepthFlag)(void *tx, uint8_t flags)
Definition: app-layer-parser.c:129
AppLayerParserState_::min_id
uint64_t min_id
Definition: app-layer-parser.c:167
RegisterENIPTCPParsers
void RegisterENIPTCPParsers(void)
Function to register the ENIP protocol parsers and other functions.
Definition: app-layer-enip.c:493
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
AppLayerParserRegisterLoggerBits
void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits)
Definition: app-layer-parser.c:462
AppLayerParserProtoCtx_::StateGetEventInfo
int(* StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type)
Definition: app-layer-parser.c:117
AppLayerParserProtoCtx_::GetTxDetectState
DetectEngineState *(* GetTxDetectState)(void *tx)
Definition: app-layer-parser.c:123
detect-engine-port.h
AppLayerParserSupportsTxDetectState
int AppLayerParserSupportsTxDetectState(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1120
AppLayerParserProtoCtx_::SetTxDetectState
int(* SetTxDetectState)(void *tx, DetectEngineState *)
Definition: app-layer-parser.c:124
AppLayerParserSupportsTxDetectFlags
bool AppLayerParserSupportsTxDetectFlags(AppProto alproto)
Definition: app-layer-parser.c:1146
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:37
IS_DISRUPTED
#define IS_DISRUPTED(flags)
Definition: app-layer-parser.c:1015
AppLayerParserSetEOF
void AppLayerParserSetEOF(AppLayerParserState *pstate)
Definition: app-layer-parser.c:1345
AppLayerParserProtoCtx_::RegisterUnittests
void(* RegisterUnittests)(void)
Definition: app-layer-parser.c:147
AppLayerParserStateFree
void AppLayerParserStateFree(AppLayerParserState *pstate)
Definition: app-layer-parser.c:208
app-layer-parser.h
AppLayerParserStateCleanup
void AppLayerParserStateCleanup(const Flow *f, void *alstate, AppLayerParserState *pstate)
Definition: app-layer-parser.c:1451
TRUE
#define TRUE
Definition: suricata-common.h:33
AppLayerParserBackupParserTable
void AppLayerParserBackupParserTable(void)
Definition: app-layer-parser.c:1726
SCMalloc
#define SCMalloc(a)
Definition: util-mem.h:222
AppLayerParserProtoCtx_::StateGetEventInfoById
int(* StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type)
Definition: app-layer-parser.c:115
stream_config
TcpStreamCnf stream_config
Definition: stream-tcp.c:119
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:265
AppLayerDecoderEvents_::cnt
uint8_t cnt
Definition: app-layer-events.h:38
SC_WARN_DEPRECATED
@ SC_WARN_DEPRECATED
Definition: util-error.h:235
Flow_::sgh_toclient
const struct SigGroupHead_ * sgh_toclient
Definition: flow.h:458
RegisterNFSTCPParsers
void RegisterNFSTCPParsers(void)
Definition: app-layer-nfs-tcp.c:283
AppLayerParserProtoCtx
struct AppLayerParserProtoCtx_ AppLayerParserProtoCtx
App layer protocol parser context.
FALSE
#define FALSE
Definition: suricata-common.h:34
AppLayerParserSetup
int AppLayerParserSetup(void)
Definition: app-layer-parser.c:219
SCReturn
#define SCReturn
Definition: util-debug.h:339
RegisterFTPParsers
void RegisterFTPParsers(void)
Definition: app-layer-ftp.c:1309
stream.h
AppLayerParserRegisterProtocolUnittests
void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void))
Definition: app-layer-parser.c:1717
AppLayerGetTxIterState
Definition: app-layer-parser.h:114
FlowGetProtoMapping
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition: flow-util.c:95
STREAM_DEPTH
#define STREAM_DEPTH
Definition: stream.h:34
RegisterTFTPParsers
void RegisterTFTPParsers(void)
Definition: app-layer-tftp.c:192
StreamTcpFreeConfig
void StreamTcpFreeConfig(char quiet)
Definition: stream-tcp.c:669
ALPROTO_IMAP
@ ALPROTO_IMAP
Definition: app-layer-protos.h:35
stream-tcp-private.h
FLOW_PROTO_APPLAYER_MAX
#define FLOW_PROTO_APPLAYER_MAX
Definition: flow-private.h:78
SCReturnUInt
#define SCReturnUInt(x)
Definition: util-debug.h:343
conf.h
DEBUG_ASSERT_FLOW_LOCKED
#define DEBUG_ASSERT_FLOW_LOCKED(f)
Definition: util-validate.h:108
BOTH_SET_OR_BOTH_UNSET
#define BOTH_SET_OR_BOTH_UNSET(a, b)
Definition: app-layer-parser.c:1492
AppLayerParserThreadCtx_::alproto_local_storage
void * alproto_local_storage[FLOW_PROTO_MAX][ALPROTO_MAX]
Definition: app-layer-parser.c:86
FLOW_PROTO_DEFAULT
@ FLOW_PROTO_DEFAULT
Definition: flow-private.h:72
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:565
AppLayerParserSetDecoderEvents
void AppLayerParserSetDecoderEvents(AppLayerParserState *pstate, AppLayerDecoderEvents *devents)
Definition: app-layer-parser.c:852
RegisterDCERPCUDPParsers
void RegisterDCERPCUDPParsers(void)
Definition: app-layer-dcerpc-udp.c:877
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:353
AppLayerParserProtoCtx_::StateFree
void(* StateFree)(void *)
Definition: app-layer-parser.c:101
detect-engine-state.h
Data structures and function prototypes for keeping state for the detection engine.
STREAM_GAP
#define STREAM_GAP
Definition: stream.h:33
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1826
AppLayerParserRegisterSetStreamDepthFlag
void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void(*SetStreamDepthFlag)(void *tx, uint8_t flags))
Definition: app-layer-parser.c:611
app-layer-sip.h
APP_LAYER_PARSER_EOF
#define APP_LAYER_PARSER_EOF
Definition: app-layer-parser.h:35
runmodes.h
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:264
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:254
RegisterRdpParsers
void RegisterRdpParsers(void)
Definition: app-layer-rdp.c:35
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:36
AppLayerParserGetTx
void * AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)
Definition: app-layer-parser.c:1047
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:364
RegisterIKEV2Parsers
void RegisterIKEV2Parsers(void)
Definition: app-layer-ikev2.c:38
decode-events.h
AppLayerParserRegisterGetStateProgressCompletionStatus
void AppLayerParserRegisterGetStateProgressCompletionStatus(AppProto alproto, int(*StateGetProgressCompletionStatus)(uint8_t direction))
Definition: app-layer-parser.c:542
UTHFreeFlow
void UTHFreeFlow(Flow *flow)
Definition: util-unittest-helper.c:497
AppLayerParserThreadCtxAlloc
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Definition: app-layer-parser.c:253
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:523
AppLayerParserProtoCtx_::Parser
AppLayerParserFPtr Parser[2]
Definition: app-layer-parser.c:96
app-layer-modbus.h
AppLayerParserProtoCtx_::StateTransactionFree
void(* StateTransactionFree)(void *, uint64_t)
Definition: app-layer-parser.c:102
app-layer-enip.h
SCReturnStruct
#define SCReturnStruct(x)
Definition: util-debug.h:357
app-layer-template-rust.h
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:2817
AppLayerParserProtoCtx_::option_flags
uint32_t option_flags
Definition: app-layer-parser.c:140
StreamTcpSetSessionNoReassemblyFlag
void StreamTcpSetSessionNoReassemblyFlag(TcpSession *, char)
disable reassembly
Definition: stream-tcp.c:5875
AppLayerParserTransactionsCleanup
void AppLayerParserTransactionsCleanup(Flow *f)
remove obsolete (inspected and logged) transactions
Definition: app-layer-parser.c:892
flags
uint8_t flags
Definition: decode-gre.h:2
AppLayerParserParse
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
Definition: app-layer-parser.c:1181
StreamTcpDisableAppLayer
void StreamTcpDisableAppLayer(Flow *f)
Definition: stream-tcp-reassemble.c:336
suricata-common.h
AppLayerParserProtoCtx_::StateSetTxLogged
void(* StateSetTxLogged)(void *alstate, void *tx, LoggerId logger)
Definition: app-layer-parser.c:121
AppLayerParserProtoCtx_::internal_flags
uint32_t internal_flags
Definition: app-layer-parser.c:143
util-spm.h
STREAM_TOCLIENT
#define STREAM_TOCLIENT
Definition: stream.h:32
AppLayerParserProtoCtx_::StateGetFiles
FileContainer *(* StateGetFiles)(void *, uint8_t)
Definition: app-layer-parser.c:107
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
RegisterENIPUDPParsers
void RegisterENIPUDPParsers(void)
Function to register the ENIP protocol parsers and other functions.
Definition: app-layer-enip.c:403
TcpSession_::client
TcpStream client
Definition: stream-tcp-private.h:272
AppLayerParserGetStreamDepth
uint32_t AppLayerParserGetStreamDepth(const Flow *f)
Definition: app-layer-parser.c:1430
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
util-validate.h
RegisterSNMPParsers
void RegisterSNMPParsers(void)
Definition: app-layer-snmp.c:39
APP_LAYER_PARSER_OPT_ACCEPT_GAPS
#define APP_LAYER_PARSER_OPT_ACCEPT_GAPS
Definition: app-layer-parser.h:42
TcpSession_::server
TcpStream server
Definition: stream-tcp-private.h:271
AppLayerParserRegisterGetTxIterator
void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func)
Definition: app-layer-parser.c:534
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:281
ConfNode_
Definition: conf.h:32
Flow_::alstate
void * alstate
Definition: flow.h:454
SC_ERR_FATAL
@ SC_ERR_FATAL
Definition: util-error.h:203
AppLayerParserPostStreamSetup
void AppLayerParserPostStreamSetup(void)
Definition: app-layer-parser.c:226
app-layer-template.h
Flow_::flags
uint32_t flags
Definition: flow.h:396
AppLayerParserGetDecoderEvents
AppLayerDecoderEvents * AppLayerParserGetDecoderEvents(AppLayerParserState *pstate)
Definition: app-layer-parser.c:844
THREE_SET
#define THREE_SET(a, b, c)
Definition: app-layer-parser.c:1494
TestState_::test
uint8_t test
Definition: app-layer-parser.c:1665
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:553
AppLayerGetProtoName
const char * AppLayerGetProtoName(AppProto alproto)
Given the internal protocol id, returns a string representation of the protocol.
Definition: app-layer.c:771
UTHAppLayerParserStateGetIds
void UTHAppLayerParserStateGetIds(void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min)
Definition: app-layer-parser.c:174
ConfValIsFalse
int ConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:591
RegisterHTPParsers
void RegisterHTPParsers(void)
Register the HTTP protocol and state handling functions to APP layer of the engine.
Definition: app-layer-htp.c:3166
AppLayerIncTxCounter
void AppLayerIncTxCounter(ThreadVars *tv, Flow *f, uint64_t step)
Definition: app-layer.c:112
StreamTcpInitConfig
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
Definition: stream-tcp.c:365
AppLayerParserGetTxDetectState
DetectEngineState * AppLayerParserGetTxDetectState(uint8_t ipproto, AppProto alproto, void *tx)
Definition: app-layer-parser.c:1127
app-layer-snmp.h
STREAM_EOF
#define STREAM_EOF
Definition: stream.h:30
RegisterSMTPParsers
void RegisterSMTPParsers(void)
Register the SMTP Protocol parser.
Definition: app-layer-smtp.c:1790
AppLayerParserProtoCtx_::GetTxDetectFlags
uint64_t(* GetTxDetectFlags)(void *tx, uint8_t dir)
Definition: app-layer-parser.c:126
AppLayerParserSetTxDetectState
int AppLayerParserSetTxDetectState(const Flow *f, void *tx, DetectEngineState *s)
Definition: app-layer-parser.c:1135
AppLayerParserStateAlloc
AppLayerParserState * AppLayerParserStateAlloc(void)
Definition: app-layer-parser.c:195
SCReturnCT
#define SCReturnCT(x, type)
Definition: util-debug.h:351
app-layer-protos.h
RegisterTemplateParsers
void RegisterTemplateParsers(void)
Definition: app-layer-template.c:476
STREAMTCP_FLAG_APP_LAYER_DISABLED
#define STREAMTCP_FLAG_APP_LAYER_DISABLED
Definition: stream-tcp-private.h:187
AppLayerParserState_::decoder_events
AppLayerDecoderEvents * decoder_events
Definition: app-layer-parser.c:170
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:512
APP_LAYER_ERROR
#define APP_LAYER_ERROR
Definition: app-layer-parser.h:60
app-layer-smb.h
AppLayerParserProtoCtx_::StateGetProgress
int(* StateGetProgress)(void *alstate, uint8_t direction)
Definition: app-layer-parser.c:110
AppLayerParserProtocolGetLoggerBits
LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1400
AppLayerParserStateSetFlag
void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint8_t flag)
Definition: app-layer-parser.c:1611
AppLayerParserCtx_
Definition: app-layer-parser.c:151
AppLayerGetTxIteratorFunc
AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc)(const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state)
tx iterator prototype
Definition: app-layer-parser.h:123
AppLayerParserThreadCtx_
Definition: app-layer-parser.c:85
AppLayerProtoDetectPMRegisterPatternCS
int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1723
app-layer-smtp.h
AppLayerParserProtoCtx_::StateGetProgressCompletionStatus
int(* StateGetProgressCompletionStatus)(uint8_t direction)
Definition: app-layer-parser.c:114
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:38
TcpSession_
Definition: stream-tcp-private.h:260
AppLayerParserProtoCtx_::StateGetTxLogged
LoggerId(* StateGetTxLogged)(void *alstate, void *tx)
Definition: app-layer-parser.c:120
RegisterNFSUDPParsers
void RegisterNFSUDPParsers(void)
Definition: app-layer-nfs-udp.c:253
Flow_::alproto
AppProto alproto
application level protocol
Definition: flow.h:425
AppLayerParserDestroyProtocolParserLocalStorage
void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto, void *local_data)
Definition: app-layer-parser.c:638
util-pool.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:341
AppLayerParserGetTxCnt
uint64_t AppLayerParserGetTxCnt(const Flow *f, void *alstate)
Definition: app-layer-parser.c:1038
AppLayerProtoDetectConfProtoDetectionEnabled
int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:1890
SMTPParserCleanup
void SMTPParserCleanup(void)
Free memory allocated for global SMTP parser state.
Definition: app-layer-smtp.c:1852
AppLayerParserHasDecoderEvents
bool AppLayerParserHasDecoderEvents(AppLayerParserState *pstate)
Definition: app-layer-parser.c:1360
StreamTcpSetSessionBypassFlag
void StreamTcpSetSessionBypassFlag(TcpSession *)
enable bypass
Definition: stream-tcp.c:5902
app-layer-ssl.h
AppLayerParserProtoCtx_::StateGetEvents
AppLayerDecoderEvents *(* StateGetEvents)(void *)
Definition: app-layer-parser.c:108
TestState_
Definition: app-layer-parser.c:1664
AppLayerParserGetTxDetectFlags
uint64_t AppLayerParserGetTxDetectFlags(uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir)
Definition: app-layer-parser.c:1157
app-layer-ntp.h
debug.h
AppLayerParserState_::flags
uint8_t flags
Definition: app-layer-parser.c:157
AppLayerParserProtoCtx_::LocalStorageAlloc
void *(* LocalStorageAlloc)(void)
Definition: app-layer-parser.c:103
app-layer-nfs-tcp.h
app-layer-rdp.h
app-layer.h
AppLayerParserGetEventInfo
int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name, int *event_id, AppLayerEventType *event_type)
Definition: app-layer-parser.c:1065
AppLayerParserProtoCtx_::first_data_dir
uint8_t first_data_dir
Definition: app-layer-parser.c:137