suricata
app-layer-parser.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Generic App-layer parsing functions.
24  */
25 
26 #include "suricata-common.h"
27 #include "debug.h"
28 #include "util-unittest.h"
29 #include "decode.h"
30 #include "threads.h"
31 
32 #include "util-print.h"
33 #include "util-pool.h"
34 
35 #include "flow-util.h"
36 #include "flow-private.h"
37 
38 #include "detect-engine-state.h"
39 #include "detect-engine-port.h"
40 
41 #include "stream-tcp.h"
42 #include "stream-tcp-private.h"
43 #include "stream.h"
44 #include "stream-tcp-reassemble.h"
45 
46 #include "app-layer.h"
47 #include "app-layer-protos.h"
48 #include "app-layer-parser.h"
49 #include "app-layer-dcerpc.h"
50 #include "app-layer-dcerpc-udp.h"
51 #include "app-layer-smb.h"
52 #include "app-layer-htp.h"
53 #include "app-layer-ftp.h"
54 #include "app-layer-ssl.h"
55 #include "app-layer-ssh.h"
56 #include "app-layer-smtp.h"
57 #include "app-layer-modbus.h"
58 #include "app-layer-enip.h"
59 #include "app-layer-dnp3.h"
60 #include "app-layer-nfs-tcp.h"
61 #include "app-layer-nfs-udp.h"
62 #include "app-layer-ntp.h"
63 #include "app-layer-tftp.h"
64 #include "app-layer-ikev2.h"
65 #include "app-layer-krb5.h"
66 #include "app-layer-snmp.h"
67 #include "app-layer-sip.h"
68 #include "app-layer-rfb.h"
69 #include "app-layer-mqtt.h"
70 #include "app-layer-template.h"
71 #include "app-layer-template-rust.h"
72 #include "app-layer-rdp.h"
73 #include "app-layer-http2.h"
74 
75 #include "conf.h"
76 #include "util-spm.h"
77 
78 #include "util-debug.h"
79 #include "decode-events.h"
80 #include "util-unittest-helper.h"
81 #include "util-validate.h"
82 
83 #include "runmodes.h"
84 
85 #include "rust.h"
86 
87 struct AppLayerParserThreadCtx_ {
88  void *alproto_local_storage[FLOW_PROTO_MAX][ALPROTO_MAX];
89 };
90 
91 
92 /**
93  * \brief App layer protocol parser context.
94  */
95 typedef struct AppLayerParserProtoCtx_
96 {
97  /* 0 - to_server, 1 - to_client. */
98  AppLayerParserFPtr Parser[2];
99  bool logger;
100  uint32_t logger_bits; /**< registered loggers for this proto */
101 
102  void *(*StateAlloc)(void *, AppProto);
103  void (*StateFree)(void *);
104  void (*StateTransactionFree)(void *, uint64_t);
105  void *(*LocalStorageAlloc)(void);
106  void (*LocalStorageFree)(void *);
107 
108  void (*Truncate)(void *, uint8_t);
109  FileContainer *(*StateGetFiles)(void *, uint8_t);
110  AppLayerDecoderEvents *(*StateGetEvents)(void *);
111 
112  int (*StateGetProgress)(void *alstate, uint8_t direction);
113  uint64_t (*StateGetTxCnt)(void *alstate);
114  void *(*StateGetTx)(void *alstate, uint64_t tx_id);
115  AppLayerGetTxIteratorFunc StateGetTxIterator;
116  int complete_ts;
117  int complete_tc;
118  int (*StateGetEventInfoById)(int event_id, const char **event_name,
119  AppLayerEventType *event_type);
120  int (*StateGetEventInfo)(const char *event_name,
121  int *event_id, AppLayerEventType *event_type);
122 
123  DetectEngineState *(*GetTxDetectState)(void *tx);
124  int (*SetTxDetectState)(void *tx, DetectEngineState *);
125 
126  AppLayerTxData *(*GetTxData)(void *tx);
127  bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig);
128 
129  void (*SetStreamDepthFlag)(void *tx, uint8_t flags);
130 
131  /* each app-layer has its own value */
132  uint32_t stream_depth;
133 
134  /* Indicates the direction the parser is ready to see the data
135  * the first time for a flow. Values accepted -
136  * STREAM_TOSERVER, STREAM_TOCLIENT */
137  uint8_t first_data_dir;
138 
139  /* Option flags such as supporting gaps or not. */
140  uint32_t option_flags;
141  /* coccinelle: AppLayerParserProtoCtx:option_flags:APP_LAYER_PARSER_OPT_ */
142 
143  uint32_t internal_flags;
144  /* coccinelle: AppLayerParserProtoCtx:internal_flags:APP_LAYER_PARSER_INT_ */
145 
146 #ifdef UNITTESTS
147  void (*RegisterUnittests)(void);
148 #endif
149 } AppLayerParserProtoCtx;
150 
151 typedef struct AppLayerParserCtx_ {
152  AppLayerParserProtoCtx ctxs[FLOW_PROTO_MAX][ALPROTO_MAX];
153 } AppLayerParserCtx;
154 
155 struct AppLayerParserState_ {
156  /* coccinelle: AppLayerParserState:flags:APP_LAYER_PARSER_ */
157  uint8_t flags;
158 
159  /* Indicates the current transaction that is being inspected.
160  * We have a var per direction. */
161  uint64_t inspect_id[2];
162  /* Indicates the current transaction being logged. Unlike inspect_id,
163  * we don't need a var per direction since we don't log a transaction
164  * unless we have the entire transaction. */
165  uint64_t log_id;
166 
167  uint64_t min_id;
168 
169  /* Used to store decoder events. */
170  AppLayerDecoderEvents *decoder_events;
171 };
172 
173 #ifdef UNITTESTS
174 void UTHAppLayerParserStateGetIds(void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min)
175 {
176  struct AppLayerParserState_ *s = ptr;
177  *i1 = s->inspect_id[0];
178  *i2 = s->inspect_id[1];
179  *log = s->log_id;
180  *min = s->min_id;
181 }
182 #endif
183 
184 /* Static global version of the parser context.
185  * Post 2.0 let's look at changing this to move it out to app-layer.c. */
186 static AppLayerParserCtx alp_ctx;
187 
188 int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto)
189 {
190  uint8_t ipproto_map = FlowGetProtoMapping(ipproto);
191 
192  return (alp_ctx.ctxs[ipproto_map][alproto].StateAlloc != NULL) ? 1 : 0;
193 }
194 
195 AppLayerParserState *AppLayerParserStateAlloc(void)
196 {
197  SCEnter();
198 
199  AppLayerParserState *pstate = (AppLayerParserState *)SCMalloc(sizeof(*pstate));
200  if (pstate == NULL)
201  goto end;
202  memset(pstate, 0, sizeof(*pstate));
203 
204  end:
205  SCReturnPtr(pstate, "AppLayerParserState");
206 }
207 
208 void AppLayerParserStateFree(AppLayerParserState *pstate)
209 {
210  SCEnter();
211 
212  if (pstate->decoder_events != NULL)
213  AppLayerDecoderEventsFreeEvents(&pstate->decoder_events);
214  SCFree(pstate);
215 
216  SCReturn;
217 }
218 
219 int AppLayerParserSetup(void)
220 {
221  SCEnter();
222  memset(&alp_ctx, 0, sizeof(alp_ctx));
223  SCReturnInt(0);
224 }
225 
226 void AppLayerParserPostStreamSetup(void)
227 {
228  AppProto alproto = 0;
229  int flow_proto = 0;
230 
231  /* lets set a default value for stream_depth */
232  for (flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) {
233  for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
234  if (!(alp_ctx.ctxs[flow_proto][alproto].internal_flags &
235  APP_LAYER_PARSER_INT_STREAM_DEPTH_SET)) {
236  alp_ctx.ctxs[flow_proto][alproto].stream_depth =
237  stream_config.reassembly_depth;
238  }
239  }
240  }
241 }
242 
243 int AppLayerParserDeSetup(void)
244 {
245  SCEnter();
246 
247  FTPParserCleanup();
248  SMTPParserCleanup();
249 
250  SCReturnInt(0);
251 }
252 
253 AppLayerParserThreadCtx *AppLayerParserThreadCtxAlloc(void)
254 {
255  SCEnter();
256 
257  AppProto alproto = 0;
258  int flow_proto = 0;
259  AppLayerParserThreadCtx *tctx;
260 
261  tctx = SCMalloc(sizeof(*tctx));
262  if (tctx == NULL)
263  goto end;
264  memset(tctx, 0, sizeof(*tctx));
265 
266  for (flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) {
267  for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
268  uint8_t ipproto = FlowGetReverseProtoMapping(flow_proto);
269 
270  tctx->alproto_local_storage[flow_proto][alproto] =
271  AppLayerParserGetProtocolParserLocalStorage(ipproto, alproto);
272  }
273  }
274 
275  end:
276  SCReturnPtr(tctx, "void *");
277 }
278 
279 void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
280 {
281  SCEnter();
282 
283  AppProto alproto = 0;
284  int flow_proto = 0;
285 
286  for (flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) {
287  for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
288  uint8_t ipproto = FlowGetReverseProtoMapping(flow_proto);
289 
290  AppLayerParserDestroyProtocolParserLocalStorage(ipproto, alproto,
291  tctx->alproto_local_storage[flow_proto][alproto]);
292  }
293  }
294 
295  SCFree(tctx);
296  SCReturn;
297 }
298 
299 /** \brief check if a parser is enabled in the config
300  * Returns enabled always if: were running unittests
301  */
302 int AppLayerParserConfParserEnabled(const char *ipproto,
303  const char *alproto_name)
304 {
305  SCEnter();
306 
307  int enabled = 1;
308  char param[100];
309  ConfNode *node;
310  int r;
311 
312  if (RunmodeIsUnittests())
313  goto enabled;
314 
315  r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
316  alproto_name, ".enabled");
317  if (r < 0) {
318  FatalError(SC_ERR_FATAL, "snprintf failure.");
319  } else if (r > (int)sizeof(param)) {
320  FatalError(SC_ERR_FATAL, "buffer not big enough to write param.");
321  }
322 
323  node = ConfGetNode(param);
324  if (node == NULL) {
325  SCLogDebug("Entry for %s not found.", param);
326  r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
327  alproto_name, ".", ipproto, ".enabled");
328  if (r < 0) {
329  FatalError(SC_ERR_FATAL, "snprintf failure.");
330  } else if (r > (int)sizeof(param)) {
331  FatalError(SC_ERR_FATAL, "buffer not big enough to write param.");
332  }
333 
334  node = ConfGetNode(param);
335  if (node == NULL) {
336  SCLogDebug("Entry for %s not found.", param);
337  goto enabled;
338  }
339  }
340 
341  if (ConfValIsTrue(node->val)) {
342  goto enabled;
343  } else if (ConfValIsFalse(node->val)) {
344  goto disabled;
345  } else if (strcasecmp(node->val, "detection-only") == 0) {
346  goto disabled;
347  } else {
348  SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param);
349  exit(EXIT_FAILURE);
350  }
351 
352  disabled:
353  enabled = 0;
354  enabled:
355  SCReturnInt(enabled);
356 }
357 
358 /***** Parser related registration *****/
359 
360 int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto,
361  uint8_t direction,
362  AppLayerParserFPtr Parser)
363 {
364  SCEnter();
365 
366  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
367  Parser[(direction & STREAM_TOSERVER) ? 0 : 1] = Parser;
368 
369  SCReturnInt(0);
370 }
371 
372 void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto,
373  uint8_t direction)
374 {
375  SCEnter();
376 
377  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].first_data_dir |=
378  (direction & (STREAM_TOSERVER | STREAM_TOCLIENT));
379 
380  SCReturn;
381 }
382 
383 void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto,
384  uint32_t flags)
385 {
386  SCEnter();
387 
388  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].option_flags |= flags;
389 
390  SCReturn;
391 }
392 
393 uint32_t AppLayerParserGetOptionFlags(uint8_t protomap, AppProto alproto)
394 {
395  SCEnter();
396  SCReturnUInt(alp_ctx.ctxs[protomap][alproto].option_flags);
397 }
398 
399 void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto,
400  void *(*StateAlloc)(void *, AppProto), void (*StateFree)(void *))
401 {
402  SCEnter();
403 
404  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateAlloc =
405  StateAlloc;
406  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateFree =
407  StateFree;
408 
409  SCReturn;
410 }
411 
412 void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto alproto,
413  void *(*LocalStorageAlloc)(void),
414  void (*LocalStorageFree)(void *))
415 {
416  SCEnter();
417 
418  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageAlloc =
419  LocalStorageAlloc;
420  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageFree =
421  LocalStorageFree;
422 
423  SCReturn;
424 }
425 
426 void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto,
427  FileContainer *(*StateGetFiles)(void *, uint8_t))
428 {
429  SCEnter();
430 
431  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetFiles =
432  StateGetFiles;
433 
434  SCReturn;
435 }
436 
437 void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto alproto,
438  AppLayerDecoderEvents *(*StateGetEvents)(void *))
439 {
440  SCEnter();
441 
442  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetEvents =
443  StateGetEvents;
444 
445  SCReturn;
446 }
447 
448 void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits)
449 {
450  SCEnter();
451 
452  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger_bits = bits;
453 
454  SCReturn;
455 }
456 
457 void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
458 {
459  SCEnter();
460 
461  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger = true;
462 
463  SCReturn;
464 }
465 
466 void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto,
467  void (*Truncate)(void *, uint8_t))
468 {
469  SCEnter();
470 
471  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate = Truncate;
472 
473  SCReturn;
474 }
475 
476 void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto,
477  int (*StateGetProgress)(void *alstate, uint8_t direction))
478 {
479  SCEnter();
480 
481  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
482  StateGetProgress = StateGetProgress;
483 
484  SCReturn;
485 }
486 
487 void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto,
488  void (*StateTransactionFree)(void *, uint64_t))
489 {
490  SCEnter();
491 
492  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
493  StateTransactionFree = StateTransactionFree;
494 
495  SCReturn;
496 }
497 
498 void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto,
499  uint64_t (*StateGetTxCnt)(void *alstate))
500 {
501  SCEnter();
502 
503  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
504  StateGetTxCnt = StateGetTxCnt;
505 
506  SCReturn;
507 }
508 
509 void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto,
510  void *(StateGetTx)(void *alstate, uint64_t tx_id))
511 {
512  SCEnter();
513 
514  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
515  StateGetTx = StateGetTx;
516 
517  SCReturn;
518 }
519 
520 void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto,
521  AppLayerGetTxIteratorFunc Func)
522 {
523  SCEnter();
524  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTxIterator = Func;
525  SCReturn;
526 }
527 
528 void AppLayerParserRegisterStateProgressCompletionStatus(
529  AppProto alproto, const int ts, const int tc)
530 {
531  BUG_ON(ts == 0);
532  BUG_ON(tc == 0);
533  BUG_ON(!AppProtoIsValid(alproto));
534  BUG_ON(alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts != 0 &&
535  alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts != ts);
536  BUG_ON(alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc != 0 &&
537  alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc != tc);
538 
539  alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts = ts;
540  alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc = tc;
541 }
542 
543 void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto,
544  int (*StateGetEventInfoById)(int event_id, const char **event_name,
545  AppLayerEventType *event_type))
546 {
547  SCEnter();
548 
549  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
550  StateGetEventInfoById = StateGetEventInfoById;
551 
552  SCReturn;
553 }
554 
555 void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto,
556  int (*StateGetEventInfo)(const char *event_name, int *event_id,
557  AppLayerEventType *event_type))
558 {
559  SCEnter();
560 
561  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
562  StateGetEventInfo = StateGetEventInfo;
563 
564  SCReturn;
565 }
566 
567 void AppLayerParserRegisterDetectStateFuncs(uint8_t ipproto, AppProto alproto,
568  DetectEngineState *(*GetTxDetectState)(void *tx),
569  int (*SetTxDetectState)(void *tx, DetectEngineState *))
570 {
571  SCEnter();
572 
573  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectState = GetTxDetectState;
574  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetTxDetectState = SetTxDetectState;
575 
576  SCReturn;
577 }
578 
579 void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto,
580  AppLayerTxData *(*GetTxData)(void *tx))
581 {
582  SCEnter();
583 
584  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxData = GetTxData;
585 
586  SCReturn;
587 }
588 
589 void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto,
590  bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig))
591 {
592  SCEnter();
593 
594  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].ApplyTxConfig = ApplyTxConfig;
595 
596  SCReturn;
597 }
598 
599 void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto,
600  void (*SetStreamDepthFlag)(void *tx, uint8_t flags))
601 {
602  SCEnter();
603 
604  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag = SetStreamDepthFlag;
605 
606  SCReturn;
607 }
608 
609 /***** Get and transaction functions *****/
610 
611 void *AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto)
612 {
613  SCEnter();
614  void * r = NULL;
615 
616  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
617  LocalStorageAlloc != NULL)
618  {
619  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
620  LocalStorageAlloc();
621  }
622 
623  SCReturnPtr(r, "void *");
624 }
625 
626 void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto,
627  void *local_data)
628 {
629  SCEnter();
630 
631  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
632  LocalStorageFree != NULL)
633  {
634  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
635  LocalStorageFree(local_data);
636  }
637 
638  SCReturn;
639 }
640 
641 /** \brief default tx iterator
642  *
643  * Used if the app layer parser doesn't register its own iterator.
644  * Simply walks the tx_id space until it finds a tx. Uses 'state' to
645  * keep track of where it left off.
646  *
647  * \retval txptr or NULL if no more txs in list
648  */
649 static AppLayerGetTxIterTuple AppLayerDefaultGetTxIterator(
650  const uint8_t ipproto, const AppProto alproto,
651  void *alstate, uint64_t min_tx_id, uint64_t max_tx_id,
652  AppLayerGetTxIterState *state)
653 {
654  uint64_t ustate = *(uint64_t *)state;
655  uint64_t tx_id = MAX(min_tx_id, ustate);
656  for ( ; tx_id < max_tx_id; tx_id++) {
657  void *tx_ptr = AppLayerParserGetTx(ipproto, alproto, alstate, tx_id);
658  if (tx_ptr != NULL) {
659  ustate = tx_id + 1;
660  *state = *(AppLayerGetTxIterState *)&ustate;
661  AppLayerGetTxIterTuple tuple = {
662  .tx_ptr = tx_ptr,
663  .tx_id = tx_id,
664  .has_next = (tx_id + 1 < max_tx_id),
665  };
666  SCLogDebug("tuple: %p/%"PRIu64"/%s", tuple.tx_ptr, tuple.tx_id,
667  tuple.has_next ? "true" : "false");
668  return tuple;
669  }
670  }
671 
672  AppLayerGetTxIterTuple no_tuple = { NULL, 0, false };
673  return no_tuple;
674 }
675 
676 AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto,
677  const AppProto alproto)
678 {
679  AppLayerGetTxIteratorFunc Func =
680  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTxIterator;
681  return Func ? Func : AppLayerDefaultGetTxIterator;
682 }
683 
684 uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate)
685 {
686  SCEnter();
687 
688  SCReturnCT((pstate == NULL) ? 0 : pstate->log_id, "uint64_t");
689 }
690 
691 void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id)
692 {
693  SCEnter();
694 
695  if (pstate != NULL)
696  pstate->log_id = tx_id;
697 
698  SCReturn;
699 }
700 
701 uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction)
702 {
703  SCEnter();
704 
705  if (pstate == NULL)
706  SCReturnCT(0ULL, "uint64_t");
707 
708  SCReturnCT(pstate->inspect_id[direction & STREAM_TOSERVER ? 0 : 1], "uint64_t");
709 }
710 
711 static inline uint64_t GetTxDetectFlags(AppLayerTxData *txd, const uint8_t dir)
712 {
713  uint64_t detect_flags =
714  (dir & STREAM_TOSERVER) ? txd->detect_flags_ts : txd->detect_flags_tc;
715  return detect_flags;
716 }
717 
718 static inline void SetTxDetectFlags(AppLayerTxData *txd, const uint8_t dir, const uint64_t detect_flags)
719 {
720  if (dir & STREAM_TOSERVER) {
721  txd->detect_flags_ts = detect_flags;
722  } else {
723  txd->detect_flags_tc = detect_flags;
724  }
725 }
726 
727 static inline uint32_t GetTxLogged(AppLayerTxData *txd)
728 {
729  return txd->logged.flags;
730 }
731 
732 void AppLayerParserSetTransactionInspectId(const Flow *f, AppLayerParserState *pstate,
733  void *alstate, const uint8_t flags,
734  bool tag_txs_as_inspected)
735 {
736  SCEnter();
737 
738  const int direction = (flags & STREAM_TOSERVER) ? 0 : 1;
739  const uint64_t total_txs = AppLayerParserGetTxCnt(f, alstate);
740  uint64_t idx = AppLayerParserGetTransactionInspectId(pstate, flags);
741  const int state_done_progress = AppLayerParserGetStateProgressCompletionStatus(f->alproto, flags);
742  const uint8_t ipproto = f->proto;
743  const AppProto alproto = f->alproto;
744 
745  AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(ipproto, alproto);
746  AppLayerGetTxIterState state;
747  memset(&state, 0, sizeof(state));
748 
749  SCLogDebug("called: %s, tag_txs_as_inspected %s",direction==0?"toserver":"toclient",
750  tag_txs_as_inspected?"true":"false");
751 
752  /* mark all txs as inspected if the applayer progress is
753  * at the 'end state'. */
754  while (1) {
755  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, idx, total_txs, &state);
756  if (ires.tx_ptr == NULL)
757  break;
758 
759  void *tx = ires.tx_ptr;
760  idx = ires.tx_id;
761 
762  int state_progress = AppLayerParserGetStateProgress(ipproto, alproto, tx, flags);
763  if (state_progress < state_done_progress)
764  break;
765 
766  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
767  if (txd && tag_txs_as_inspected) {
768  uint64_t detect_flags = GetTxDetectFlags(txd, flags);
769  if ((detect_flags & APP_LAYER_TX_INSPECTED_FLAG) == 0) {
770  detect_flags |= APP_LAYER_TX_INSPECTED_FLAG;
771  SetTxDetectFlags(txd, flags, detect_flags);
772  SCLogDebug("%p/%"PRIu64" in-order tx is done for direction %s. Flag %016"PRIx64,
773  tx, idx, flags & STREAM_TOSERVER ? "toserver" : "toclient", detect_flags);
774  }
775  }
776  idx++;
777  if (!ires.has_next)
778  break;
779  }
780  pstate->inspect_id[direction] = idx;
781  SCLogDebug("inspect_id now %"PRIu64, pstate->inspect_id[direction]);
782 
783  /* if necessary we flag all txs that are complete as 'inspected'
784  * also move inspect_id forward. */
785  if (tag_txs_as_inspected) {
786  /* continue at idx */
787  while (1) {
788  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, idx, total_txs, &state);
789  if (ires.tx_ptr == NULL)
790  break;
791 
792  void *tx = ires.tx_ptr;
793  /* if we got a higher id than the minimum we requested, we
794  * skipped a bunch of 'null-txs'. Lets see if we can up the
795  * inspect tracker */
796  if (ires.tx_id > idx && pstate->inspect_id[direction] == idx) {
797  pstate->inspect_id[direction] = ires.tx_id;
798  }
799  idx = ires.tx_id;
800 
801  const int state_progress = AppLayerParserGetStateProgress(ipproto, alproto, tx, flags);
802  if (state_progress < state_done_progress)
803  break;
804 
805  /* txd can be NULL for HTTP sessions where the user data alloc failed */
806  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
807  if (likely(txd)) {
808  uint64_t detect_flags = GetTxDetectFlags(txd, flags);
809  if ((detect_flags & APP_LAYER_TX_INSPECTED_FLAG) == 0) {
810  detect_flags |= APP_LAYER_TX_INSPECTED_FLAG;
811  SetTxDetectFlags(txd, flags, detect_flags);
812  SCLogDebug("%p/%"PRIu64" out of order tx is done for direction %s. Flag %016"PRIx64,
813  tx, idx, flags & STREAM_TOSERVER ? "toserver" : "toclient", detect_flags);
814 
815  SCLogDebug("%p/%"PRIu64" out of order tx. Update inspect_id? %"PRIu64,
816  tx, idx, pstate->inspect_id[direction]);
817  if (pstate->inspect_id[direction]+1 == idx)
818  pstate->inspect_id[direction] = idx;
819  }
820  } else {
821  if (pstate->inspect_id[direction]+1 == idx)
822  pstate->inspect_id[direction] = idx;
823  }
824  if (!ires.has_next)
825  break;
826  idx++;
827  }
828  }
829 
830  SCReturn;
831 }
832 
833 AppLayerDecoderEvents *AppLayerParserGetDecoderEvents(AppLayerParserState *pstate)
834 {
835  SCEnter();
836 
837  SCReturnPtr(pstate->decoder_events,
838  "AppLayerDecoderEvents *");
839 }
840 
841 void AppLayerParserSetDecoderEvents(AppLayerParserState *pstate, AppLayerDecoderEvents *devents)
842 {
843  pstate->decoder_events = devents;
844 }
845 
846 AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto,
847  void *tx)
848 {
849  SCEnter();
850 
851  AppLayerDecoderEvents *ptr = NULL;
852 
853  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
854  StateGetEvents != NULL)
855  {
856  ptr = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
857  StateGetEvents(tx);
858  }
859 
860  SCReturnPtr(ptr, "AppLayerDecoderEvents *");
861 }
862 
863 FileContainer *AppLayerParserGetFiles(const Flow *f, const uint8_t direction)
864 {
865  SCEnter();
866 
867  FileContainer *ptr = NULL;
868 
869  if (alp_ctx.ctxs[f->protomap][f->alproto].StateGetFiles != NULL)
870  {
871  ptr = alp_ctx.ctxs[f->protomap][f->alproto].
872  StateGetFiles(f->alstate, direction);
873  }
874 
875  SCReturnPtr(ptr, "FileContainer *");
876 }
877 
878 #define IS_DISRUPTED(flags) ((flags) & (STREAM_DEPTH | STREAM_GAP))
879 
880 extern int g_detect_disabled;
881 /**
882  * \brief remove obsolete (inspected and logged) transactions
883  */
884 void AppLayerParserTransactionsCleanup(Flow *f)
885 {
886  SCEnter();
887  DEBUG_ASSERT_FLOW_LOCKED(f);
888 
889  AppLayerParserProtoCtx *p = &alp_ctx.ctxs[f->protomap][f->alproto];
890  if (unlikely(p->StateTransactionFree == NULL))
891  SCReturn;
892 
893  const bool has_tx_detect_flags = (p->GetTxData != NULL && !g_detect_disabled);
894  const uint8_t ipproto = f->proto;
895  const AppProto alproto = f->alproto;
896  void * const alstate = f->alstate;
897  AppLayerParserState * const alparser = f->alparser;
898 
899  if (alstate == NULL || alparser == NULL)
900  SCReturn;
901 
902  const uint64_t min = alparser->min_id;
903  const uint64_t total_txs = AppLayerParserGetTxCnt(f, alstate);
904  const LoggerId logger_expectation = AppLayerParserProtocolGetLoggerBits(ipproto, alproto);
905  const int tx_end_state_ts = AppLayerParserGetStateProgressCompletionStatus(alproto, STREAM_TOSERVER);
906  const int tx_end_state_tc = AppLayerParserGetStateProgressCompletionStatus(alproto, STREAM_TOCLIENT);
907  const uint8_t ts_disrupt_flags = FlowGetDisruptionFlags(f, STREAM_TOSERVER);
908  const uint8_t tc_disrupt_flags = FlowGetDisruptionFlags(f, STREAM_TOCLIENT);
909 
910  AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(ipproto, alproto);
911  AppLayerGetTxIterState state;
912  memset(&state, 0, sizeof(state));
913  uint64_t i = min;
914  uint64_t new_min = min;
915  SCLogDebug("start min %"PRIu64, min);
916  bool skipped = false;
917  const bool is_unidir =
918  AppLayerParserGetOptionFlags(f->protomap, f->alproto) & APP_LAYER_PARSER_OPT_UNIDIR_TXS;
919 
920  while (1) {
921  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, i, total_txs, &state);
922  if (ires.tx_ptr == NULL)
923  break;
924 
925  bool tx_skipped = false;
926  void *tx = ires.tx_ptr;
927  i = ires.tx_id; // actual tx id for the tx the IterFunc returned
928 
929  SCLogDebug("%p/%"PRIu64" checking", tx, i);
930 
931  const int tx_progress_tc =
932  AppLayerParserGetStateProgress(ipproto, alproto, tx, tc_disrupt_flags);
933  if (tx_progress_tc < tx_end_state_tc) {
934  SCLogDebug("%p/%"PRIu64" skipping: tc parser not done", tx, i);
935  skipped = true;
936  goto next;
937  }
938  const int tx_progress_ts =
939  AppLayerParserGetStateProgress(ipproto, alproto, tx, ts_disrupt_flags);
940  if (tx_progress_ts < tx_end_state_ts) {
941  SCLogDebug("%p/%"PRIu64" skipping: ts parser not done", tx, i);
942  skipped = true;
943  goto next;
944  }
945 
946  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
947  bool inspected = false;
948  if (txd && has_tx_detect_flags) {
949  if (!IS_DISRUPTED(ts_disrupt_flags) && f->sgh_toserver != NULL) {
950  uint64_t detect_flags_ts = GetTxDetectFlags(txd, STREAM_TOSERVER);
951  if (!(detect_flags_ts & APP_LAYER_TX_INSPECTED_FLAG)) {
952  SCLogDebug("%p/%"PRIu64" skipping: TS inspect not done: ts:%"PRIx64,
953  tx, i, detect_flags_ts);
954  tx_skipped = skipped = true;
955  } else {
956  inspected = true;
957  }
958  }
959  if (!IS_DISRUPTED(tc_disrupt_flags) && f->sgh_toclient != NULL) {
960  uint64_t detect_flags_tc = GetTxDetectFlags(txd, STREAM_TOCLIENT);
961  if (!(detect_flags_tc & APP_LAYER_TX_INSPECTED_FLAG)) {
962  SCLogDebug("%p/%"PRIu64" skipping: TC inspect not done: tc:%"PRIx64,
963  tx, i, detect_flags_tc);
964  tx_skipped = skipped = true;
965  } else {
966  inspected = true;
967  }
968  }
969  }
970 
971  // If not a unidirectional transaction both sides are required to have
972  // been inspected.
973  if (!is_unidir && tx_skipped) {
974  SCLogDebug("%p/%" PRIu64 " !is_unidir && tx_skipped", tx, i);
975  goto next;
976  }
977 
978  // If this is a unidirectional transaction require only one side to be
979  // inspected, which the inspected flag tells us. This is also guarded
980  // with skip to limit this check to transactions that actually had the
981  // tx inspected flag checked.
982  if (is_unidir && tx_skipped && !inspected) {
983  SCLogDebug("%p/%" PRIu64 " is_unidir && tx_skipped && !inspected", tx, i);
984  goto next;
985  }
986 
987  if (txd && logger_expectation != 0) {
988  LoggerId tx_logged = GetTxLogged(txd);
989  if (tx_logged != logger_expectation) {
990  SCLogDebug("%p/%"PRIu64" skipping: logging not done: want:%"PRIx32", have:%"PRIx32,
991  tx, i, logger_expectation, tx_logged);
992  skipped = true;
993  goto next;
994  }
995  }
996 
997  /* if we are here, the tx can be freed. */
998  p->StateTransactionFree(alstate, i);
999  SCLogDebug("%p/%"PRIu64" freed", tx, i);
1000 
1001  /* if we didn't skip any tx so far, up the minimum */
1002  SCLogDebug("skipped? %s i %"PRIu64", new_min %"PRIu64, skipped ? "true" : "false", i, new_min);
1003  if (!skipped)
1004  new_min = i + 1;
1005  SCLogDebug("final i %"PRIu64", new_min %"PRIu64, i, new_min);
1006 
1007 next:
1008  if (!ires.has_next) {
1009  /* this was the last tx. See if we skipped any. If not
1010  * we removed all and can update the minimum to the max
1011  * id. */
1012  SCLogDebug("no next: cur tx i %"PRIu64", total %"PRIu64, i, total_txs);
1013  if (!skipped) {
1014  new_min = total_txs;
1015  SCLogDebug("no next: cur tx i %"PRIu64", total %"PRIu64": "
1016  "new_min updated to %"PRIu64, i, total_txs, new_min);
1017  }
1018  break;
1019  }
1020  i++;
1021  }
1022 
1023  /* see if we need to bring all trackers up to date. */
1024  SCLogDebug("update f->alparser->min_id? %"PRIu64" vs %"PRIu64, new_min, alparser->min_id);
1025  if (new_min > alparser->min_id) {
1026  const uint64_t next_id = new_min;
1027  alparser->min_id = next_id;
1028  alparser->inspect_id[0] = MAX(alparser->inspect_id[0], next_id);
1029  alparser->inspect_id[1] = MAX(alparser->inspect_id[1], next_id);
1030  alparser->log_id = MAX(alparser->log_id, next_id);
1031  SCLogDebug("updated f->alparser->min_id %"PRIu64, alparser->min_id);
1032  }
1033  SCReturn;
1034 }
1035 
1036 static inline int StateGetProgressCompletionStatus(const AppProto alproto, const uint8_t flags)
1037 {
1038  if (flags & STREAM_TOSERVER) {
1039  return alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_ts;
1040  } else if (flags & STREAM_TOCLIENT) {
1041  return alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].complete_tc;
1042  } else {
1043  DEBUG_VALIDATE_BUG_ON(1);
1044  return 0;
1045  }
1046 }
1047 
1048 /**
1049  * \brief get the progress value for a tx/protocol
1050  *
1051  * If the stream is disrupted, we return the 'completion' value.
1052  */
1053 int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto,
1054  void *alstate, uint8_t flags)
1055 {
1056  SCEnter();
1057  int r = 0;
1058  if (unlikely(IS_DISRUPTED(flags))) {
1059  r = StateGetProgressCompletionStatus(alproto, flags);
1060  } else {
1061  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
1062  StateGetProgress(alstate, flags);
1063  }
1064  SCReturnInt(r);
1065 }
1066 
1067 uint64_t AppLayerParserGetTxCnt(const Flow *f, void *alstate)
1068 {
1069  SCEnter();
1070  uint64_t r = 0;
1071  r = alp_ctx.ctxs[f->protomap][f->alproto].
1072  StateGetTxCnt(alstate);
1073  SCReturnCT(r, "uint64_t");
1074 }
1075 
1076 void *AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)
1077 {
1078  SCEnter();
1079  void * r = NULL;
1080  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
1081  StateGetTx(alstate, tx_id);
1082  SCReturnPtr(r, "void *");
1083 }
1084 
1085 int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto,
1086  uint8_t direction)
1087 {
1088  SCEnter();
1089  int r = StateGetProgressCompletionStatus(alproto, direction);
1090  SCReturnInt(r);
1091 }
1092 
1093 int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name,
1094  int *event_id, AppLayerEventType *event_type)
1095 {
1096  SCEnter();
1097  int ipproto_map = FlowGetProtoMapping(ipproto);
1098  int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo == NULL) ?
1099  -1 : alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo(event_name, event_id, event_type);
1100  SCReturnInt(r);
1101 }
1102 
1103 int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, int event_id,
1104  const char **event_name, AppLayerEventType *event_type)
1105 {
1106  SCEnter();
1107  int ipproto_map = FlowGetProtoMapping(ipproto);
1108  *event_name = (const char *)NULL;
1109  int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfoById == NULL) ?
1110  -1 : alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfoById(event_id, event_name, event_type);
1111  SCReturnInt(r);
1112 }
1113 
1114 uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto)
1115 {
1116  SCEnter();
1117  uint8_t r = 0;
1118  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
1119  first_data_dir;
1120  SCReturnCT(r, "uint8_t");
1121 }
1122 
1123 uint64_t AppLayerParserGetTransactionActive(const Flow *f,
1124  AppLayerParserState *pstate, uint8_t direction)
1125 {
1126  SCEnter();
1127 
1128  uint64_t active_id;
1129 
1130  uint64_t log_id = pstate->log_id;
1131  uint64_t inspect_id = pstate->inspect_id[direction & STREAM_TOSERVER ? 0 : 1];
1132  if (alp_ctx.ctxs[f->protomap][f->alproto].logger == true) {
1133  active_id = (log_id < inspect_id) ? log_id : inspect_id;
1134  } else {
1135  active_id = inspect_id;
1136  }
1137 
1138  SCReturnCT(active_id, "uint64_t");
1139 }
1140 
1141 int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto)
1142 {
1143  // Custom case for only signature-only protocol so far
1144  if (alproto == ALPROTO_HTTP) {
1145  return AppLayerParserSupportsFiles(ipproto, ALPROTO_HTTP1) ||
1146  AppLayerParserSupportsFiles(ipproto, ALPROTO_HTTP2);
1147  }
1148  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetFiles != NULL)
1149  return TRUE;
1150  return FALSE;
1151 }
1152 
1153 int AppLayerParserSupportsTxDetectState(uint8_t ipproto, AppProto alproto)
1154 {
1155  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectState != NULL)
1156  return TRUE;
1157  return FALSE;
1158 }
1159 
1160 DetectEngineState *AppLayerParserGetTxDetectState(uint8_t ipproto, AppProto alproto, void *tx)
1161 {
1162  SCEnter();
1163  DetectEngineState *s;
1164  s = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectState(tx);
1165  SCReturnPtr(s, "DetectEngineState");
1166 }
1167 
1168 int AppLayerParserSetTxDetectState(const Flow *f,
1169  void *tx, DetectEngineState *s)
1170 {
1171  int r;
1172  SCEnter();
1173  if ((alp_ctx.ctxs[f->protomap][f->alproto].GetTxDetectState(tx) != NULL))
1174  SCReturnInt(-EBUSY);
1175  r = alp_ctx.ctxs[f->protomap][f->alproto].SetTxDetectState(tx, s);
1176  SCReturnInt(r);
1177 }
1178 
1179 bool AppLayerParserSupportsTxDetectFlags(AppProto alproto)
1180 {
1181  SCEnter();
1182  for (uint8_t p = 0; p < FLOW_PROTO_APPLAYER_MAX; p++) {
1183  if (alp_ctx.ctxs[p][alproto].GetTxData != NULL) {
1184  SCReturnBool(true);
1185  }
1186  }
1187  SCReturnBool(false);
1188 }
1189 
1190 AppLayerTxData *AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx)
1191 {
1192  SCEnter();
1193  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxData) {
1194  AppLayerTxData *d = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxData(tx);
1195  SCReturnPtr(d, "AppLayerTxData");
1196  }
1197  SCReturnPtr(NULL, "AppLayerTxData");
1198 }
1199 
1200 void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto,
1201  void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig config)
1202 {
1203  SCEnter();
1204  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].ApplyTxConfig) {
1205  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].ApplyTxConfig(state, tx, mode, config);
1206  }
1207  SCReturn;
1208 }
1209 
1210 /***** General *****/
1211 
1212 static inline void SetEOFFlags(AppLayerParserState *pstate, const uint8_t flags)
1213 {
1214  if ((flags & (STREAM_EOF|STREAM_TOSERVER)) == (STREAM_EOF|STREAM_TOSERVER)) {
1215  SCLogDebug("setting APP_LAYER_PARSER_EOF_TS");
1216  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_EOF_TS);
1217  } else if ((flags & (STREAM_EOF|STREAM_TOCLIENT)) == (STREAM_EOF|STREAM_TOCLIENT)) {
1218  SCLogDebug("setting APP_LAYER_PARSER_EOF_TC");
1219  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_EOF_TC);
1220  }
1221 }
1222 
1223 /** \retval int -1 in case of unrecoverable error. App-layer tracking stops for this flow.
1224  * \retval int 0 ok: we did not update app_progress
1225  * \retval int 1 ok: we updated app_progress */
1226 int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto,
1227  uint8_t flags, const uint8_t *input, uint32_t input_len)
1228 {
1229  SCEnter();
1230 #ifdef DEBUG_VALIDATION
1231  BUG_ON(f->protomap != FlowGetProtoMapping(f->proto));
1232 #endif
1233  AppLayerParserState *pstate = f->alparser;
1234  AppLayerParserProtoCtx *p = &alp_ctx.ctxs[f->protomap][alproto];
1235  void *alstate = NULL;
1236  uint64_t p_tx_cnt = 0;
1237  uint32_t consumed = input_len;
1238  const int direction = (flags & STREAM_TOSERVER) ? 0 : 1;
1239 
1240  /* we don't have the parser registered for this protocol */
1241  if (p->StateAlloc == NULL)
1242  goto end;
1243 
1244  if (flags & STREAM_GAP) {
1245  if (!(p->option_flags & APP_LAYER_PARSER_OPT_ACCEPT_GAPS)) {
1246  SCLogDebug("app-layer parser does not accept gaps");
1247  if (f->alstate != NULL && !FlowChangeProto(f)) {
1248  AppLayerParserStreamTruncated(f->proto, alproto, f->alstate,
1249  flags);
1250  }
1251  goto error;
1252  }
1253  }
1254 
1255  /* Get the parser state (if any) */
1256  if (pstate == NULL) {
1257  f->alparser = pstate = AppLayerParserStateAlloc();
1258  if (pstate == NULL)
1259  goto error;
1260  }
1261 
1262  SetEOFFlags(pstate, flags);
1263 
1264  alstate = f->alstate;
1265  if (alstate == NULL || FlowChangeProto(f)) {
1266  f->alstate = alstate = p->StateAlloc(alstate, f->alproto_orig);
1267  if (alstate == NULL)
1268  goto error;
1269  SCLogDebug("alloced new app layer state %p (name %s)",
1270  alstate, AppLayerGetProtoName(f->alproto));
1271  } else {
1272  SCLogDebug("using existing app layer state %p (name %s))",
1273  alstate, AppLayerGetProtoName(f->alproto));
1274  }
1275 
1276  p_tx_cnt = AppLayerParserGetTxCnt(f, f->alstate);
1277 
1278  /* invoke the recursive parser, but only on data. We may get empty msgs on EOF */
1279  if (input_len > 0 || (flags & STREAM_EOF)) {
1280  /* invoke the parser */
1281  AppLayerResult res = p->Parser[direction](f, alstate, pstate,
1282  input, input_len,
1283  alp_tctx->alproto_local_storage[f->protomap][alproto],
1284  flags);
1285  if (res.status < 0) {
1286  goto error;
1287  } else if (res.status > 0) {
1288  DEBUG_VALIDATE_BUG_ON(res.consumed > input_len);
1289  DEBUG_VALIDATE_BUG_ON(res.needed + res.consumed < input_len);
1290  DEBUG_VALIDATE_BUG_ON(res.needed == 0);
1291  /* incomplete is only supported for TCP */
1292  DEBUG_VALIDATE_BUG_ON(f->proto != IPPROTO_TCP);
1293 
1294  /* put protocol in error state on improper use of the
1295  * return codes. */
1296  if (res.consumed > input_len || res.needed + res.consumed < input_len) {
1297  goto error;
1298  }
1299 
1300  if (f->proto == IPPROTO_TCP && f->protoctx != NULL) {
1301  TcpSession *ssn = f->protoctx;
1302  SCLogDebug("direction %d/%s", direction,
1303  (flags & STREAM_TOSERVER) ? "toserver" : "toclient");
1304  if (direction == 0) {
1305  /* parser told us how much data it needs on top of what it
1306  * consumed. So we need tell stream engine how much we need
1307  * before the next call */
1308  ssn->client.data_required = res.needed;
1309  SCLogDebug("setting data_required %u", ssn->client.data_required);
1310  } else {
1311  /* parser told us how much data it needs on top of what it
1312  * consumed. So we need tell stream engine how much we need
1313  * before the next call */
1314  ssn->server.data_required = res.needed;
1315  SCLogDebug("setting data_required %u", ssn->server.data_required);
1316  }
1317  }
1318  consumed = res.consumed;
1319  }
1320  }
1321 
1322  /* set the packets to no inspection and reassembly if required */
1323  if (pstate->flags & APP_LAYER_PARSER_NO_INSPECTION) {
1324  AppLayerParserSetEOF(pstate);
1325  FlowSetNoPayloadInspectionFlag(f);
1326 
1327  if (f->proto == IPPROTO_TCP) {
1328  StreamTcpDisableAppLayer(f);
1329 
1330  /* Set the no reassembly flag for both the stream in this TcpSession */
1331  if (pstate->flags & APP_LAYER_PARSER_NO_REASSEMBLY) {
1332  /* Used only if it's TCP */
1333  TcpSession *ssn = f->protoctx;
1334  if (ssn != NULL) {
1335  StreamTcpSetSessionNoReassemblyFlag(ssn, 0);
1336  StreamTcpSetSessionNoReassemblyFlag(ssn, 1);
1337  }
1338  }
1339  /* Set the bypass flag for both the stream in this TcpSession */
1340  if (pstate->flags & APP_LAYER_PARSER_BYPASS_READY) {
1341  /* Used only if it's TCP */
1342  TcpSession *ssn = f->protoctx;
1343  if (ssn != NULL) {
1344  StreamTcpSetSessionBypassFlag(ssn);
1345  }
1346  }
1347  }
1348  }
1349 
1350  /* In cases like HeartBleed for TLS we need to inspect AppLayer but not Payload */
1351  if (!(f->flags & FLOW_NOPAYLOAD_INSPECTION) && pstate->flags & APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD) {
1352  FlowSetNoPayloadInspectionFlag(f);
1353  /* Set the no reassembly flag for both the stream in this TcpSession */
1354  if (f->proto == IPPROTO_TCP) {
1355  /* Used only if it's TCP */
1356  TcpSession *ssn = f->protoctx;
1357  if (ssn != NULL) {
1358  StreamTcpSetDisableRawReassemblyFlag(ssn, 0);
1359  StreamTcpSetDisableRawReassemblyFlag(ssn, 1);
1360  }
1361  }
1362  }
1363 
1364  /* get the diff in tx cnt for stats keeping */
1365  uint64_t cur_tx_cnt = AppLayerParserGetTxCnt(f, f->alstate);
1366  if (cur_tx_cnt > p_tx_cnt && tv) {
1367  AppLayerIncTxCounter(tv, f, cur_tx_cnt - p_tx_cnt);
1368  }
1369 
1370  /* stream truncated, inform app layer */
1371  if (flags & STREAM_DEPTH)
1372  AppLayerParserStreamTruncated(f->proto, alproto, alstate, flags);
1373 
1374  end:
1375  /* update app progress */
1376  if (consumed != input_len && f->proto == IPPROTO_TCP && f->protoctx != NULL) {
1377  TcpSession *ssn = f->protoctx;
1378  StreamTcpUpdateAppLayerProgress(ssn, direction, consumed);
1379  SCReturnInt(1);
1380  }
1381 
1382  SCReturnInt(0);
1383  error:
1384  /* Set the no app layer inspection flag for both
1385  * the stream in this Flow */
1386  if (f->proto == IPPROTO_TCP) {
1387  StreamTcpDisableAppLayer(f);
1388  }
1389  AppLayerParserSetEOF(pstate);
1390  SCReturnInt(-1);
1391 }
1392 
1393 void AppLayerParserSetEOF(AppLayerParserState *pstate)
1394 {
1395  SCEnter();
1396 
1397  if (pstate == NULL)
1398  goto end;
1399 
1400  SCLogDebug("setting APP_LAYER_PARSER_EOF_TC and APP_LAYER_PARSER_EOF_TS");
1401  AppLayerParserStateSetFlag(pstate, (APP_LAYER_PARSER_EOF_TS|APP_LAYER_PARSER_EOF_TC));
1402 
1403  end:
1404  SCReturn;
1405 }
1406 
1407 /* return true if there are app parser decoder events. These are
1408  * only the ones that are set during protocol detection. */
1409 bool AppLayerParserHasDecoderEvents(AppLayerParserState *pstate)
1410 {
1411  SCEnter();
1412 
1413  if (pstate == NULL)
1414  return false;
1415 
1416  const AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(pstate);
1417  if (decoder_events && decoder_events->cnt)
1418  return true;
1419 
1420  /* if we have reached here, we don't have events */
1421  return false;
1422 }
1423 
1424 /** \brief simple way to globally test if a alproto is registered
1425  * and fully enabled in the configuration.
1426  */
1427 int AppLayerParserIsEnabled(AppProto alproto)
1428 {
1429  for (int i = 0; i < FLOW_PROTO_APPLAYER_MAX; i++) {
1430  if (alp_ctx.ctxs[i][alproto].StateGetProgress != NULL) {
1431  return 1;
1432  }
1433  }
1434  return 0;
1435 }
1436 
1437 int AppLayerParserProtocolIsTxEventAware(uint8_t ipproto, AppProto alproto)
1438 {
1439  SCEnter();
1440  int ipproto_map = FlowGetProtoMapping(ipproto);
1441  int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEvents == NULL) ? 0 : 1;
1442  SCReturnInt(r);
1443 }
1444 
1445 int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto)
1446 {
1447  SCEnter();
1448  int ipproto_map = FlowGetProtoMapping(ipproto);
1449  int r = (alp_ctx.ctxs[ipproto_map][alproto].logger == false) ? 0 : 1;
1450  SCReturnInt(r);
1451 }
1452 
1453 LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto)
1454 {
1455  SCEnter();
1456  const int ipproto_map = FlowGetProtoMapping(ipproto);
1457  LoggerId r = alp_ctx.ctxs[ipproto_map][alproto].logger_bits;
1458  SCReturnUInt(r);
1459 }
1460 
1461 void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
1462 {
1463  SCEnter();
1464 
1465  SCLogDebug("f %p tcp %p direction %d", f, f ? f->protoctx : NULL, direction);
1466  if (f != NULL && f->protoctx != NULL)
1467  StreamTcpReassembleTriggerRawReassembly(f->protoctx, direction);
1468 
1469  SCReturn;
1470 }
1471 
1472 void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth)
1473 {
1474  SCEnter();
1475 
1476  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].stream_depth = stream_depth;
1477  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].internal_flags |=
1478  APP_LAYER_PARSER_INT_STREAM_DEPTH_SET;
1479 
1480  SCReturn;
1481 }
1482 
1483 uint32_t AppLayerParserGetStreamDepth(const Flow *f)
1484 {
1485  SCReturnInt(alp_ctx.ctxs[f->protomap][f->alproto].stream_depth);
1486 }
1487 
1488 void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags)
1489 {
1490  SCEnter();
1491  void *tx = NULL;
1492  if (state != NULL) {
1493  if ((tx = AppLayerParserGetTx(ipproto, alproto, state, tx_id)) != NULL) {
1494  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag != NULL) {
1495  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag(tx, flags);
1496  }
1497  }
1498  }
1499  SCReturn;
1500 }
1501 
1502 /***** Cleanup *****/
1503 
1504 void AppLayerParserStateProtoCleanup(
1505  uint8_t protomap, AppProto alproto, void *alstate, AppLayerParserState *pstate)
1506 {
1507  SCEnter();
1508 
1509  AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[protomap][alproto];
1510 
1511  if (ctx->StateFree != NULL && alstate != NULL)
1512  ctx->StateFree(alstate);
1513 
1514  /* free the app layer parser api state */
1515  if (pstate != NULL)
1516  AppLayerParserStateFree(pstate);
1517 
1518  SCReturn;
1519 }
1520 
1521 void AppLayerParserStateCleanup(const Flow *f, void *alstate, AppLayerParserState *pstate)
1522 {
1523  AppLayerParserStateProtoCleanup(f->protomap, f->alproto, alstate, pstate);
1524 }
1525 
1526 static void ValidateParserProtoDump(AppProto alproto, uint8_t ipproto)
1527 {
1528  uint8_t map = FlowGetProtoMapping(ipproto);
1529  const AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[map][alproto];
1530  printf("ERROR: incomplete app-layer registration\n");
1531  printf("AppLayer protocol %s ipproto %u\n", AppProtoToString(alproto), ipproto);
1532  printf("- option flags %"PRIx32"\n", ctx->option_flags);
1533  printf("- first_data_dir %"PRIx8"\n", ctx->first_data_dir);
1534  printf("Mandatory:\n");
1535  printf("- Parser[0] %p Parser[1] %p\n", ctx->Parser[0], ctx->Parser[1]);
1536  printf("- StateAlloc %p StateFree %p\n", ctx->StateAlloc, ctx->StateFree);
1537  printf("- StateGetTx %p StateGetTxCnt %p StateTransactionFree %p\n",
1538  ctx->StateGetTx, ctx->StateGetTxCnt, ctx->StateTransactionFree);
1539  printf("- GetTxData %p\n", ctx->GetTxData);
1540  printf("- StateGetProgress %p\n", ctx->StateGetProgress);
1541  printf("- GetTxDetectState %p SetTxDetectState %p\n", ctx->GetTxDetectState, ctx->SetTxDetectState);
1542  printf("Optional:\n");
1543  printf("- LocalStorageAlloc %p LocalStorageFree %p\n", ctx->LocalStorageAlloc, ctx->LocalStorageFree);
1544  printf("- StateGetEvents %p StateGetEventInfo %p StateGetEventInfoById %p\n", ctx->StateGetEvents, ctx->StateGetEventInfo,
1545  ctx->StateGetEventInfoById);
1546 }
1547 
1548 #define BOTH_SET(a, b) ((a) != NULL && (b) != NULL)
1549 #define BOTH_SET_OR_BOTH_UNSET(a, b) (((a) == NULL && (b) == NULL) || ((a) != NULL && (b) != NULL))
1550 #define THREE_SET_OR_THREE_UNSET(a, b, c) (((a) == NULL && (b) == NULL && (c) == NULL) || ((a) != NULL && (b) != NULL && (c) != NULL))
1551 #define THREE_SET(a, b, c) ((a) != NULL && (b) != NULL && (c) != NULL)
1552 
1553 static void ValidateParserProto(AppProto alproto, uint8_t ipproto)
1554 {
1555  uint8_t map = FlowGetProtoMapping(ipproto);
1556  const AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[map][alproto];
1557 
1558  if (ctx->Parser[0] == NULL && ctx->Parser[1] == NULL)
1559  return;
1560 
1561  if (!(BOTH_SET(ctx->Parser[0], ctx->Parser[1]))) {
1562  goto bad;
1563  }
1564  if (!(BOTH_SET(ctx->StateFree, ctx->StateAlloc))) {
1565  goto bad;
1566  }
1567  if (!(THREE_SET(ctx->StateGetTx, ctx->StateGetTxCnt, ctx->StateTransactionFree))) {
1568  goto bad;
1569  }
1570  if (ctx->StateGetProgress == NULL) {
1571  goto bad;
1572  }
1573  /* local storage is optional, but needs both set if used */
1574  if (!(BOTH_SET_OR_BOTH_UNSET(ctx->LocalStorageAlloc, ctx->LocalStorageFree))) {
1575  goto bad;
1576  }
1577  if (!(BOTH_SET(ctx->GetTxDetectState, ctx->SetTxDetectState))) {
1578  goto bad;
1579  }
1580  if (!(BOTH_SET_OR_BOTH_UNSET(ctx->GetTxDetectState, ctx->SetTxDetectState))) {
1581  goto bad;
1582  }
1583  if (ctx->GetTxData == NULL) {
1584  goto bad;
1585  }
1586  return;
1587 bad:
1588  ValidateParserProtoDump(alproto, ipproto);
1589  exit(EXIT_FAILURE);
1590 }
1591 #undef BOTH_SET
1592 #undef BOTH_SET_OR_BOTH_UNSET
1593 #undef THREE_SET_OR_THREE_UNSET
1594 #undef THREE_SET
1595 
1596 static void ValidateParser(AppProto alproto)
1597 {
1598  ValidateParserProto(alproto, IPPROTO_TCP);
1599  ValidateParserProto(alproto, IPPROTO_UDP);
1600 }
1601 
1602 static void ValidateParsers(void)
1603 {
1604  AppProto p = 0;
1605  for ( ; p < ALPROTO_MAX; p++) {
1606  ValidateParser(p);
1607  }
1608 }
1609 
1610 void AppLayerParserRegisterProtocolParsers(void)
1611 {
1612  SCEnter();
1613 
1614  RegisterHTPParsers();
1615  RegisterSSLParsers();
1616  RegisterDCERPCParsers();
1617  RegisterDCERPCUDPParsers();
1618  RegisterSMBParsers();
1619  RegisterFTPParsers();
1620  RegisterSSHParsers();
1621  RegisterSMTPParsers();
1622  rs_dns_udp_register_parser();
1623  rs_dns_tcp_register_parser();
1624  RegisterModbusParsers();
1625  RegisterENIPUDPParsers();
1626  RegisterENIPTCPParsers();
1627  RegisterDNP3Parsers();
1628  RegisterNFSTCPParsers();
1629  RegisterNFSUDPParsers();
1630  RegisterNTPParsers();
1631  RegisterTFTPParsers();
1632  RegisterIKEV2Parsers();
1633  RegisterKRB5Parsers();
1634  rs_dhcp_register_parser();
1635  RegisterSNMPParsers();
1636  RegisterSIPParsers();
1637  RegisterTemplateRustParsers();
1638  RegisterRFBParsers();
1639  RegisterMQTTParsers();
1640  RegisterTemplateParsers();
1641  RegisterRdpParsers();
1642  RegisterHTTP2Parsers();
1643 
1644  /** IMAP */
1645  AppLayerProtoDetectRegisterProtocol(ALPROTO_IMAP, "imap");
1646  if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", "imap")) {
1647  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_IMAP,
1648  "1|20|capability", 12, 0, STREAM_TOSERVER) < 0)
1649  {
1650  SCLogInfo("imap proto registration failure");
1651  exit(EXIT_FAILURE);
1652  }
1653  } else {
1654  SCLogInfo("Protocol detection and parser disabled for %s protocol.",
1655  "imap");
1656  }
1657 
1658  ValidateParsers();
1659  return;
1660 }
1661 
1662 
1663 /* coccinelle: AppLayerParserStateSetFlag():2,2:APP_LAYER_PARSER_ */
1664 void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint8_t flag)
1665 {
1666  SCEnter();
1667  pstate->flags |= flag;
1668  SCReturn;
1669 }
1670 
1671 /* coccinelle: AppLayerParserStateIssetFlag():2,2:APP_LAYER_PARSER_ */
1672 int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag)
1673 {
1674  SCEnter();
1675  SCReturnInt(pstate->flags & flag);
1676 }
1677 
1678 
1679 void AppLayerParserStreamTruncated(uint8_t ipproto, AppProto alproto, void *alstate,
1680  uint8_t direction)
1681 {
1682  SCEnter();
1683 
1684  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate != NULL)
1685  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate(alstate, direction);
1686 
1687  SCReturn;
1688 }
1689 
1690 #ifdef DEBUG
1691 void AppLayerParserStatePrintDetails(AppLayerParserState *pstate)
1692 {
1693  SCEnter();
1694 
1695  if (pstate == NULL)
1696  SCReturn;
1697 
1698  AppLayerParserState *p = pstate;
1699  SCLogDebug("AppLayerParser parser state information for parser state p(%p). "
1700  "p->inspect_id[0](%"PRIu64"), "
1701  "p->inspect_id[1](%"PRIu64"), "
1702  "p->log_id(%"PRIu64"), "
1703  "p->decoder_events(%p).",
1704  pstate, p->inspect_id[0], p->inspect_id[1], p->log_id,
1705  p->decoder_events);
1706 
1707  SCReturn;
1708 }
1709 #endif
1710 
1711 /***** Unittests *****/
1712 
1713 #ifdef UNITTESTS
1714 
1715 static AppLayerParserCtx alp_ctx_backup_unittest;
1716 
1717 typedef struct TestState_ {
1718  uint8_t test;
1719 } TestState;
1720 
1721 /**
1722  * \brief Test parser function to test the memory deallocation of app layer
1723  * parser of occurence of an error.
1724  */
1725 static AppLayerResult TestProtocolParser(Flow *f, void *test_state, AppLayerParserState *pstate,
1726  const uint8_t *input, uint32_t input_len,
1727  void *local_data, const uint8_t flags)
1728 {
1729  SCEnter();
1730  SCReturnStruct(APP_LAYER_ERROR);
1731 }
1732 
1733 /** \brief Function to allocates the Test protocol state memory
1734  */
1735 static void *TestProtocolStateAlloc(void *orig_state, AppProto proto_orig)
1736 {
1737  SCEnter();
1738  void *s = SCMalloc(sizeof(TestState));
1739  if (unlikely(s == NULL))
1740  goto end;
1741  memset(s, 0, sizeof(TestState));
1742  end:
1743  SCReturnPtr(s, "TestState");
1744 }
1745 
1746 /** \brief Function to free the Test Protocol state memory
1747  */
1748 static void TestProtocolStateFree(void *s)
1749 {
1750  SCFree(s);
1751 }
1752 
1753 static uint64_t TestGetTxCnt(void *state)
1754 {
1755  /* single tx */
1756  return 1;
1757 }
1758 
1759 static void TestStateTransactionFree(void *state, uint64_t tx_id)
1760 {
1761  /* do nothing */
1762 }
1763 
1764 static void *TestGetTx(void *state, uint64_t tx_id)
1765 {
1766  TestState *test_state = (TestState *)state;
1767  return test_state;
1768 }
1769 
1770 void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto,
1771  void (*RegisterUnittests)(void))
1772 {
1773  SCEnter();
1774  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
1775  RegisterUnittests = RegisterUnittests;
1776  SCReturn;
1777 }
1778 
1779 void AppLayerParserBackupParserTable(void)
1780 {
1781  SCEnter();
1782  alp_ctx_backup_unittest = alp_ctx;
1783  memset(&alp_ctx, 0, sizeof(alp_ctx));
1784  SCReturn;
1785 }
1786 
1787 void AppLayerParserRestoreParserTable(void)
1788 {
1789  SCEnter();
1790  alp_ctx = alp_ctx_backup_unittest;
1791  memset(&alp_ctx_backup_unittest, 0, sizeof(alp_ctx_backup_unittest));
1792  SCReturn;
1793 }
1794 
1795 /**
1796  * \test Test the deallocation of app layer parser memory on occurance of
1797  * error in the parsing process.
1798  */
1799 static int AppLayerParserTest01(void)
1800 {
1801  AppLayerParserBackupParserTable();
1802 
1803  Flow *f = NULL;
1804  uint8_t testbuf[] = { 0x11 };
1805  uint32_t testlen = sizeof(testbuf);
1806  TcpSession ssn;
1807  AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
1808 
1809  memset(&ssn, 0, sizeof(ssn));
1810 
1811  /* Register the Test protocol state and parser functions */
1812  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TEST, STREAM_TOSERVER,
1813  TestProtocolParser);
1814  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TEST,
1815  TestProtocolStateAlloc, TestProtocolStateFree);
1816  AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TEST, TestStateTransactionFree);
1817  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TEST, TestGetTx);
1818  AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TEST, TestGetTxCnt);
1819 
1820  f = UTHBuildFlow(AF_INET, "1.2.3.4", "4.3.2.1", 20, 40);
1821  FAIL_IF_NULL(f);
1822  f->protoctx = &ssn;
1823  f->alproto = ALPROTO_TEST;
1824  f->proto = IPPROTO_TCP;
1825 
1826  StreamTcpInitConfig(TRUE);
1827 
1828  int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_TEST,
1829  STREAM_TOSERVER | STREAM_EOF, testbuf,
1830  testlen);
1831  FAIL_IF(r != -1);
1832 
1833  FAIL_IF(!(ssn.flags & STREAMTCP_FLAG_APP_LAYER_DISABLED));
1834 
1835  AppLayerParserRestoreParserTable();
1836  StreamTcpFreeConfig(TRUE);
1837  UTHFreeFlow(f);
1838  PASS;
1839 }
1840 
1841 /**
1842  * \test Test the deallocation of app layer parser memory on occurance of
1843  * error in the parsing process for UDP.
1844  */
1845 static int AppLayerParserTest02(void)
1846 {
1847  AppLayerParserBackupParserTable();
1848 
1849  Flow *f = NULL;
1850  uint8_t testbuf[] = { 0x11 };
1851  uint32_t testlen = sizeof(testbuf);
1852  AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
1853 
1854  /* Register the Test protocol state and parser functions */
1855  AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_TEST, STREAM_TOSERVER,
1856  TestProtocolParser);
1857  AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_TEST,
1858  TestProtocolStateAlloc, TestProtocolStateFree);
1859  AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_TEST, TestStateTransactionFree);
1860  AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_TEST, TestGetTx);
1861  AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_TEST, TestGetTxCnt);
1862 
1863  f = UTHBuildFlow(AF_INET, "1.2.3.4", "4.3.2.1", 20, 40);
1864  FAIL_IF_NULL(f);
1865  f->alproto = ALPROTO_TEST;
1866  f->proto = IPPROTO_UDP;
1867  f->protomap = FlowGetProtoMapping(f->proto);
1868 
1869  StreamTcpInitConfig(TRUE);
1870 
1871  int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_TEST,
1872  STREAM_TOSERVER | STREAM_EOF, testbuf,
1873  testlen);
1874  FAIL_IF(r != -1);
1875 
1876  AppLayerParserRestoreParserTable();
1877  StreamTcpFreeConfig(TRUE);
1878  UTHFreeFlow(f);
1879  PASS;
1880 }
1881 
1882 
1883 void AppLayerParserRegisterUnittests(void)
1884 {
1885  SCEnter();
1886 
1887  int ip;
1888  AppProto alproto;
1889  AppLayerParserProtoCtx *ctx;
1890 
1891  for (ip = 0; ip < FLOW_PROTO_DEFAULT; ip++) {
1892  for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
1893  ctx = &alp_ctx.ctxs[ip][alproto];
1894  if (ctx->RegisterUnittests == NULL)
1895  continue;
1896  ctx->RegisterUnittests();
1897  }
1898  }
1899 
1900  UtRegisterTest("AppLayerParserTest01", AppLayerParserTest01);
1901  UtRegisterTest("AppLayerParserTest02", AppLayerParserTest02);
1902 
1903  SCReturn;
1904 }
1905 
1906 #endif
AppLayerParserProtoCtx_::Truncate
void(* Truncate)(void *, uint8_t)
Definition: app-layer-parser.c:108
app-layer-nfs-udp.h
app-layer-dcerpc.h
ALPROTO_TEST
@ ALPROTO_TEST
Definition: app-layer-protos.h:69
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:476
AppLayerParserDeSetup
int AppLayerParserDeSetup(void)
Definition: app-layer-parser.c:243
FileContainer_
Definition: util-file.h:107
app-layer-dcerpc-udp.h
ts
uint64_t ts
Definition: source-erf-file.c:54
RegisterNTPParsers
void RegisterNTPParsers(void)
Definition: app-layer-ntp.c:38
AppLayerParserProtoCtx_::StateGetTxCnt
uint64_t(* StateGetTxCnt)(void *alstate)
Definition: app-layer-parser.c:113
AppLayerParserProtoCtx_::logger_bits
uint32_t logger_bits
Definition: app-layer-parser.c:100
AppLayerParserProtoCtx_::complete_tc
int complete_tc
Definition: app-layer-parser.c:117
AppLayerParserProtoCtx_::GetTxData
AppLayerTxData *(* GetTxData)(void *tx)
Definition: app-layer-parser.c:126
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
RegisterTemplateRustParsers
void RegisterTemplateRustParsers(void)
Definition: app-layer-template-rust.c:48
app-layer-tftp.h
AppLayerParserCtx_::ctxs
AppLayerParserProtoCtx ctxs[FLOW_PROTO_MAX][ALPROTO_MAX]
Definition: app-layer-parser.c:152
AppLayerParserState_::log_id
uint64_t log_id
Definition: app-layer-parser.c:165
RegisterSMBParsers
void RegisterSMBParsers(void)
Definition: app-layer-smb.c:235
app-layer-ssh.h
AppLayerParserIsEnabled
int AppLayerParserIsEnabled(AppProto alproto)
simple way to globally test if a alproto is registered and fully enabled in the configuration.
Definition: app-layer-parser.c:1427
AppLayerParserRegisterLocalStorageFunc
void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto alproto, void *(*LocalStorageAlloc)(void), void(*LocalStorageFree)(void *))
Definition: app-layer-parser.c:412
BOTH_SET
#define BOTH_SET(a, b)
Definition: app-layer-parser.c:1548
AppLayerParserProtocolHasLogger
int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1445
AppLayerParserRegisterOptionFlags
void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto, uint32_t flags)
Definition: app-layer-parser.c:383
flow-util.h
AppLayerParserSetStreamDepthFlag
void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags)
Definition: app-layer-parser.c:1488
AppLayerParserSetTransactionLogId
void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id)
Definition: app-layer-parser.c:691
AppLayerParserSetStreamDepth
void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth)
Definition: app-layer-parser.c:1472
DetectEngineState_
Definition: detect-engine-state.h:92
ConfNode_::val
char * val
Definition: conf.h:34
stream-tcp.h
AppLayerParserApplyTxConfig
void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto, void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig config)
Definition: app-layer-parser.c:1200
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
AppLayerParserGetProtocolParserLocalStorage
void * AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:611
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
AppLayerParserProtoCtx_::LocalStorageFree
void(* LocalStorageFree)(void *)
Definition: app-layer-parser.c:106
app-layer-ikev2.h
AppLayerParserProtoCtx_
App layer protocol parser context.
Definition: app-layer-parser.c:96
RegisterSSHParsers
void RegisterSSHParsers(void)
Function to register the SSH protocol parsers and other functions.
Definition: app-layer-ssh.c:81
AppLayerParserProtoCtx_::StateGetTx
void *(* StateGetTx)(void *alstate, uint64_t tx_id)
Definition: app-layer-parser.c:114
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
AppLayerParserSetTransactionInspectId
void AppLayerParserSetTransactionInspectId(const Flow *f, AppLayerParserState *pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected)
Definition: app-layer-parser.c:732
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:40
AppLayerParserGetEventsByTx
AppLayerDecoderEvents * AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto, void *tx)
Definition: app-layer-parser.c:846
AppLayerGetTxIterator
AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto, const AppProto alproto)
Definition: app-layer-parser.c:676
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
RegisterModbusParsers
void RegisterModbusParsers(void)
Function to register the Modbus protocol parsers and other functions.
Definition: app-layer-modbus.c:1457
Flow_::proto
uint8_t proto
Definition: flow.h:369
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:77
AppLayerParserFPtr
AppLayerResult(* AppLayerParserFPtr)(Flow *f, void *protocol_state, AppLayerParserState *pstate, const uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags)
Prototype for parsing functions.
Definition: app-layer-parser.h:113
StreamTcpSetDisableRawReassemblyFlag
void StreamTcpSetDisableRawReassemblyFlag(TcpSession *, char)
Set the No reassembly flag for the given direction in given TCP session.
Definition: stream-tcp.c:5907
AppLayerParserConfParserEnabled
int AppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:302
AppLayerParserGetStateProgress
int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto, void *alstate, uint8_t flags)
get the progress value for a tx/protocol
Definition: app-layer-parser.c:1053
AppLayerParserTriggerRawStreamReassembly
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
Definition: app-layer-parser.c:1461
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:175
threads.h
TcpStreamCnf_::reassembly_depth
uint32_t reassembly_depth
Definition: stream-tcp.h:60
flow-private.h
Flow_
Flow data structure.
Definition: flow.h:347
APP_LAYER_PARSER_INT_STREAM_DEPTH_SET
#define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET
Definition: app-layer-parser.h:48
AppLayerEventType
enum AppLayerEventType_ AppLayerEventType
AppLayerParserRegisterGetEventsFunc
void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto alproto, AppLayerDecoderEvents *(*StateGetEvents)(void *))
Definition: app-layer-parser.c:437
StreamTcpReassembleTriggerRawReassembly
void StreamTcpReassembleTriggerRawReassembly(TcpSession *ssn, int direction)
Trigger RAW stream reassembly.
Definition: stream-tcp-reassemble.c:1946
LoggerId
LoggerId
Definition: suricata-common.h:436
Flow_::protomap
uint8_t protomap
Definition: flow.h:449
AppLayerParserGetTransactionLogId
uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate)
Definition: app-layer-parser.c:684
AppProtoToString
const char * AppProtoToString(AppProto alproto)
Maps the ALPROTO_*, to its string equivalent.
Definition: app-layer-protos.c:30
AppLayerParserRegisterTruncateFunc
void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto, void(*Truncate)(void *, uint8_t))
Definition: app-layer-parser.c:466
AppLayerParserRegisterStateProgressCompletionStatus
void AppLayerParserRegisterStateProgressCompletionStatus(AppProto alproto, const int ts, const int tc)
Definition: app-layer-parser.c:528
AppLayerParserRegisterParserAcceptableDataDirection
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:372
AppLayerParserGetStateProgressCompletionStatus
int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:1085
AppLayerParserGetFirstDataDir
uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1114
AppLayerParserProtoIsRegistered
int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:188
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:487
FLOW_NOPAYLOAD_INSPECTION
#define FLOW_NOPAYLOAD_INSPECTION
Definition: flow.h:62
AppLayerParserSupportsFiles
int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1141
Flow_::alproto_orig
AppProto alproto_orig
Definition: flow.h:460
AppLayerParserStateProtoCleanup
void AppLayerParserStateProtoCleanup(uint8_t protomap, AppProto alproto, void *alstate, AppLayerParserState *pstate)
Definition: app-layer-parser.c:1504
AppLayerParserProtoCtx_::StateGetTxIterator
AppLayerGetTxIteratorFunc StateGetTxIterator
Definition: app-layer-parser.c:115
AppLayerParserThreadCtxFree
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
Definition: app-layer-parser.c:279
rust.h
AppLayerDecoderEventsFreeEvents
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events)
Definition: app-layer-events.c:148
StreamTcpUpdateAppLayerProgress
void StreamTcpUpdateAppLayerProgress(TcpSession *ssn, char direction, const uint32_t progress)
update reassembly progress
Definition: stream-tcp.c:5873
AppLayerParserGetFiles
FileContainer * AppLayerParserGetFiles(const Flow *f, const uint8_t direction)
Definition: app-layer-parser.c:863
APP_LAYER_TX_INSPECTED_FLAG
#define APP_LAYER_TX_INSPECTED_FLAG
Definition: app-layer-parser.h:53
stream-tcp-reassemble.h
AppLayerParserRegisterDetectStateFuncs
void AppLayerParserRegisterDetectStateFuncs(uint8_t ipproto, AppProto alproto, DetectEngineState *(*GetTxDetectState)(void *tx), int(*SetTxDetectState)(void *tx, DetectEngineState *))
Definition: app-layer-parser.c:567
AppLayerParserGetOptionFlags
uint32_t AppLayerParserGetOptionFlags(uint8_t protomap, AppProto alproto)
Definition: app-layer-parser.c:393
TestState
struct TestState_ TestState
app-layer-http2.h
RegisterSIPParsers
void RegisterSIPParsers(void)
Definition: app-layer-sip.c:30
app-layer-ftp.h
stream_config
TcpStreamCnf stream_config
Definition: stream-tcp.c:119
MAX
#define MAX(x, y)
Definition: suricata-common.h:376
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:41
ALPROTO_MAX
@ ALPROTO_MAX
Definition: app-layer-protos.h:72
Flow_::protoctx
void * protoctx
Definition: flow.h:445
TcpStream_::data_required
uint32_t data_required
Definition: stream-tcp-private.h:120
AppLayerParserRegisterUnittests
void AppLayerParserRegisterUnittests(void)
Definition: app-layer-parser.c:1883
AppLayerParserGetTransactionInspectId
uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction)
Definition: app-layer-parser.c:701
RegisterKRB5Parsers
void RegisterKRB5Parsers(void)
Definition: app-layer-krb5.c:38
AppLayerDecoderEvents_
Data structure to store app layer decoder events.
Definition: app-layer-events.h:34
util-unittest.h
AppLayerParserProtoCtx_::ApplyTxConfig
bool(* ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig)
Definition: app-layer-parser.c:127
FlowGetReverseProtoMapping
uint8_t FlowGetReverseProtoMapping(uint8_t rproto)
Definition: flow-util.c:109
AppLayerParserProtocolIsTxEventAware
int AppLayerParserProtocolIsTxEventAware(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1437
RegisterDNP3Parsers
void RegisterDNP3Parsers(void)
Register the DNP3 application protocol parser.
Definition: app-layer-dnp3.c:1584
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:565
util-unittest-helper.h
FTPParserCleanup
void FTPParserCleanup(void)
Free memory allocated for global FTP parser state.
Definition: app-layer-ftp.c:1425
TcpSession_::flags
uint16_t flags
Definition: stream-tcp-private.h:269
AppLayerParserGetEventInfoById
int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, int event_id, const char **event_name, AppLayerEventType *event_type)
Definition: app-layer-parser.c:1103
FLOW_PROTO_MAX
@ FLOW_PROTO_MAX
Definition: flow-private.h:76
Flow_::sgh_toserver
const struct SigGroupHead_ * sgh_toserver
Definition: flow.h:487
SCReturnBool
#define SCReturnBool(x)
Definition: util-debug.h:318
AppLayerParserRestoreParserTable
void AppLayerParserRestoreParserTable(void)
Definition: app-layer-parser.c:1787
AppLayerParserState_::inspect_id
uint64_t inspect_id[2]
Definition: app-layer-parser.c:161
AppLayerParserCtx
struct AppLayerParserCtx_ AppLayerParserCtx
Flow_::alparser
AppLayerParserState * alparser
Definition: flow.h:479
AppLayerParserRegisterProtocolParsers
void AppLayerParserRegisterProtocolParsers(void)
Definition: app-layer-parser.c:1610
app-layer-krb5.h
RegisterRFBParsers
void RegisterRFBParsers(void)
Definition: app-layer-rfb.c:54
RegisterDCERPCParsers
void RegisterDCERPCParsers(void)
Definition: app-layer-dcerpc.c:155
UTHBuildFlow
Flow * UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
Definition: util-unittest-helper.c:521
app-layer-htp.h
AppLayerParserStateIssetFlag
int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag)
Definition: app-layer-parser.c:1672
AppLayerParserProtoCtx_::stream_depth
uint32_t stream_depth
Definition: app-layer-parser.c:132
decode.h
util-debug.h
AppLayerParserState_
Definition: app-layer-parser.c:155
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
AppLayerParserGetTransactionActive
uint64_t AppLayerParserGetTransactionActive(const Flow *f, AppLayerParserState *pstate, uint8_t direction)
Definition: app-layer-parser.c:1123
AppLayerParserProtoCtx_::logger
bool logger
Definition: app-layer-parser.c:99
app-layer-dnp3.h
AppLayerParserStreamTruncated
void AppLayerParserStreamTruncated(uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction)
Definition: app-layer-parser.c:1679
STREAM_TOSERVER
#define STREAM_TOSERVER
Definition: stream.h:31
res
PoolThreadReserved res
Definition: stream-tcp-private.h:0
alp_tctx
AppLayerParserThreadCtx * alp_tctx
Definition: fuzz_applayerparserparse.c:19
AppLayerParserRegisterLogger
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:457
app-layer-rfb.h
AppLayerParserRegisterGetFilesFunc
void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto, FileContainer *(*StateGetFiles)(void *, uint8_t))
Definition: app-layer-parser.c:426
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
AppLayerParserProtoCtx_::SetStreamDepthFlag
void(* SetStreamDepthFlag)(void *tx, uint8_t flags)
Definition: app-layer-parser.c:129
AppLayerParserState_::min_id
uint64_t min_id
Definition: app-layer-parser.c:167
RegisterENIPTCPParsers
void RegisterENIPTCPParsers(void)
Function to register the ENIP protocol parsers and other functions.
Definition: app-layer-enip.c:506
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
FLOW_PROTO_DEFAULT
@ FLOW_PROTO_DEFAULT
Definition: flow-private.h:73
AppLayerParserRegisterLoggerBits
void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits)
Definition: app-layer-parser.c:448
AppLayerParserProtoCtx_::StateGetEventInfo
int(* StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type)
Definition: app-layer-parser.c:120
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *))
Definition: app-layer-parser.c:399
AppLayerParserProtoCtx_::GetTxDetectState
DetectEngineState *(* GetTxDetectState)(void *tx)
Definition: app-layer-parser.c:123
detect-engine-port.h
APP_LAYER_PARSER_OPT_UNIDIR_TXS
#define APP_LAYER_PARSER_OPT_UNIDIR_TXS
Definition: app-layer-parser.h:46
AppLayerParserSupportsTxDetectState
int AppLayerParserSupportsTxDetectState(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1153
AppLayerParserProtoCtx_::SetTxDetectState
int(* SetTxDetectState)(void *tx, DetectEngineState *)
Definition: app-layer-parser.c:124
AppLayerParserSupportsTxDetectFlags
bool AppLayerParserSupportsTxDetectFlags(AppProto alproto)
Definition: app-layer-parser.c:1179
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:38
IS_DISRUPTED
#define IS_DISRUPTED(flags)
Definition: app-layer-parser.c:878
AppLayerParserSetEOF
void AppLayerParserSetEOF(AppLayerParserState *pstate)
Definition: app-layer-parser.c:1393
AppLayerParserProtoCtx_::RegisterUnittests
void(* RegisterUnittests)(void)
Definition: app-layer-parser.c:147
AppLayerParserStateFree
void AppLayerParserStateFree(AppLayerParserState *pstate)
Definition: app-layer-parser.c:208
app-layer-parser.h
AppLayerParserStateCleanup
void AppLayerParserStateCleanup(const Flow *f, void *alstate, AppLayerParserState *pstate)
Definition: app-layer-parser.c:1521
TRUE
#define TRUE
Definition: suricata-common.h:33
AppLayerParserBackupParserTable
void AppLayerParserBackupParserTable(void)
Definition: app-layer-parser.c:1779
AppLayerParserProtoCtx_::StateGetEventInfoById
int(* StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type)
Definition: app-layer-parser.c:118
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:277
AppLayerDecoderEvents_::cnt
uint8_t cnt
Definition: app-layer-events.h:38
Flow_::sgh_toclient
const struct SigGroupHead_ * sgh_toclient
Definition: flow.h:484
RegisterNFSTCPParsers
void RegisterNFSTCPParsers(void)
Definition: app-layer-nfs-tcp.c:235
AppLayerParserProtoCtx
struct AppLayerParserProtoCtx_ AppLayerParserProtoCtx
App layer protocol parser context.
FALSE
#define FALSE
Definition: suricata-common.h:34
AppLayerParserSetup
int AppLayerParserSetup(void)
Definition: app-layer-parser.c:219
SCReturn
#define SCReturn
Definition: util-debug.h:302
RegisterFTPParsers
void RegisterFTPParsers(void)
Definition: app-layer-ftp.c:1281
stream.h
AppLayerParserRegisterProtocolUnittests
void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void))
Definition: app-layer-parser.c:1770
AppLayerGetTxIterState
Definition: app-layer-parser.h:118
AppLayerParserProtoCtx_::StateAlloc
void *(* StateAlloc)(void *, AppProto)
Definition: app-layer-parser.c:102
FlowGetProtoMapping
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition: flow-util.c:95
STREAM_DEPTH
#define STREAM_DEPTH
Definition: stream.h:34
RegisterTFTPParsers
void RegisterTFTPParsers(void)
Definition: app-layer-tftp.c:173
StreamTcpFreeConfig
void StreamTcpFreeConfig(char quiet)
Definition: stream-tcp.c:670
ALPROTO_IMAP
@ ALPROTO_IMAP
Definition: app-layer-protos.h:35
stream-tcp-private.h
FLOW_PROTO_APPLAYER_MAX
#define FLOW_PROTO_APPLAYER_MAX
Definition: flow-private.h:79
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:42
SCReturnUInt
#define SCReturnUInt(x)
Definition: util-debug.h:306
conf.h
DEBUG_ASSERT_FLOW_LOCKED
#define DEBUG_ASSERT_FLOW_LOCKED(f)
Definition: util-validate.h:108
BOTH_SET_OR_BOTH_UNSET
#define BOTH_SET_OR_BOTH_UNSET(a, b)
Definition: app-layer-parser.c:1549
AppLayerParserThreadCtx_::alproto_local_storage
void * alproto_local_storage[FLOW_PROTO_MAX][ALPROTO_MAX]
Definition: app-layer-parser.c:88
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:555
AppLayerParserSetDecoderEvents
void AppLayerParserSetDecoderEvents(AppLayerParserState *pstate, AppLayerDecoderEvents *devents)
Definition: app-layer-parser.c:841
RegisterDCERPCUDPParsers
void RegisterDCERPCUDPParsers(void)
Definition: app-layer-dcerpc-udp.c:127
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:316
AppLayerParserProtoCtx_::StateFree
void(* StateFree)(void *)
Definition: app-layer-parser.c:103
detect-engine-state.h
Data structures and function prototypes for keeping state for the detection engine.
STREAM_GAP
#define STREAM_GAP
Definition: stream.h:33
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1859
AppLayerParserRegisterSetStreamDepthFlag
void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void(*SetStreamDepthFlag)(void *tx, uint8_t flags))
Definition: app-layer-parser.c:599
app-layer-sip.h
ALPROTO_HTTP2
@ ALPROTO_HTTP2
Definition: app-layer-protos.h:59
runmodes.h
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:264
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:217
RegisterRdpParsers
void RegisterRdpParsers(void)
Definition: app-layer-rdp.c:35
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:37
AppLayerParserGetTx
void * AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)
Definition: app-layer-parser.c:1076
g_detect_disabled
int g_detect_disabled
Definition: suricata.c:211
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:360
RegisterIKEV2Parsers
void RegisterIKEV2Parsers(void)
Definition: app-layer-ikev2.c:38
decode-events.h
UTHFreeFlow
void UTHFreeFlow(Flow *flow)
Definition: util-unittest-helper.c:526
AppLayerParserThreadCtxAlloc
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Definition: app-layer-parser.c:253
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:509
ConfigAction
ConfigAction
Definition: util-config.h:27
AppLayerParserProtoCtx_::Parser
AppLayerParserFPtr Parser[2]
Definition: app-layer-parser.c:98
app-layer-modbus.h
AppLayerParserProtoCtx_::StateTransactionFree
void(* StateTransactionFree)(void *, uint64_t)
Definition: app-layer-parser.c:104
app-layer-enip.h
SCReturnStruct
#define SCReturnStruct(x)
Definition: util-debug.h:320
app-layer-template-rust.h
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:2911
AppLayerParserProtoCtx_::option_flags
uint32_t option_flags
Definition: app-layer-parser.c:140
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:71
StreamTcpSetSessionNoReassemblyFlag
void StreamTcpSetSessionNoReassemblyFlag(TcpSession *, char)
disable reassembly
Definition: stream-tcp.c:5891
AppLayerParserTransactionsCleanup
void AppLayerParserTransactionsCleanup(Flow *f)
remove obsolete (inspected and logged) transactions
Definition: app-layer-parser.c:884
flags
uint8_t flags
Definition: decode-gre.h:0
AppLayerParserParse
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
Definition: app-layer-parser.c:1226
StreamTcpDisableAppLayer
void StreamTcpDisableAppLayer(Flow *f)
Definition: stream-tcp-reassemble.c:337
suricata-common.h
ALPROTO_HTTP1
@ ALPROTO_HTTP1
Definition: app-layer-protos.h:30
AppLayerParserProtoCtx_::internal_flags
uint32_t internal_flags
Definition: app-layer-parser.c:143
util-spm.h
STREAM_TOCLIENT
#define STREAM_TOCLIENT
Definition: stream.h:32
AppLayerParserRegisterApplyTxConfigFunc
void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto, bool(*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig))
Definition: app-layer-parser.c:589
AppLayerParserProtoCtx_::StateGetFiles
FileContainer *(* StateGetFiles)(void *, uint8_t)
Definition: app-layer-parser.c:109
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
RegisterENIPUDPParsers
void RegisterENIPUDPParsers(void)
Function to register the ENIP protocol parsers and other functions.
Definition: app-layer-enip.c:416
AppLayerParserGetTxData
AppLayerTxData * AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx)
Definition: app-layer-parser.c:1190
FatalError
#define FatalError(x,...)
Definition: util-debug.h:532
AppLayerParserRegisterTxDataFunc
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx))
Definition: app-layer-parser.c:579
TcpSession_::client
TcpStream client
Definition: stream-tcp-private.h:272
AppLayerParserGetStreamDepth
uint32_t AppLayerParserGetStreamDepth(const Flow *f)
Definition: app-layer-parser.c:1483
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:29
util-validate.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
RegisterSNMPParsers
void RegisterSNMPParsers(void)
Definition: app-layer-snmp.c:39
APP_LAYER_PARSER_OPT_ACCEPT_GAPS
#define APP_LAYER_PARSER_OPT_ACCEPT_GAPS
Definition: app-layer-parser.h:45
TcpSession_::server
TcpStream server
Definition: stream-tcp-private.h:271
AppLayerParserRegisterGetTxIterator
void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func)
Definition: app-layer-parser.c:520
AppLayerParserProtoCtx_::complete_ts
int complete_ts
Definition: app-layer-parser.c:116
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
Flow_::alstate
void * alstate
Definition: flow.h:480
SC_ERR_FATAL
@ SC_ERR_FATAL
Definition: util-error.h:203
AppLayerParserPostStreamSetup
void AppLayerParserPostStreamSetup(void)
Definition: app-layer-parser.c:226
app-layer-template.h
Flow_::flags
uint32_t flags
Definition: flow.h:425
AppLayerParserGetDecoderEvents
AppLayerDecoderEvents * AppLayerParserGetDecoderEvents(AppLayerParserState *pstate)
Definition: app-layer-parser.c:833
THREE_SET
#define THREE_SET(a, b, c)
Definition: app-layer-parser.c:1551
TestState_::test
uint8_t test
Definition: app-layer-parser.c:1718
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:543
AppLayerGetProtoName
const char * AppLayerGetProtoName(AppProto alproto)
Given the internal protocol id, returns a string representation of the protocol.
Definition: app-layer.c:812
UTHAppLayerParserStateGetIds
void UTHAppLayerParserStateGetIds(void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min)
Definition: app-layer-parser.c:174
ConfValIsFalse
int ConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:590
RegisterHTPParsers
void RegisterHTPParsers(void)
Register the HTTP protocol and state handling functions to APP layer of the engine.
Definition: app-layer-htp.c:3119
ALPROTO_HTTP
@ ALPROTO_HTTP
Definition: app-layer-protos.h:63
AppLayerIncTxCounter
void AppLayerIncTxCounter(ThreadVars *tv, Flow *f, uint64_t step)
Definition: app-layer.c:114
StreamTcpInitConfig
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
Definition: stream-tcp.c:365
AppLayerParserGetTxDetectState
DetectEngineState * AppLayerParserGetTxDetectState(uint8_t ipproto, AppProto alproto, void *tx)
Definition: app-layer-parser.c:1160
app-layer-snmp.h
STREAM_EOF
#define STREAM_EOF
Definition: stream.h:30
RegisterSMTPParsers
void RegisterSMTPParsers(void)
Register the SMTP Protocol parser.
Definition: app-layer-smtp.c:1778
AppLayerParserSetTxDetectState
int AppLayerParserSetTxDetectState(const Flow *f, void *tx, DetectEngineState *s)
Definition: app-layer-parser.c:1168
AppLayerParserStateAlloc
AppLayerParserState * AppLayerParserStateAlloc(void)
Definition: app-layer-parser.c:195
SCReturnCT
#define SCReturnCT(x, type)
Definition: util-debug.h:314
app-layer-protos.h
RegisterTemplateParsers
void RegisterTemplateParsers(void)
Definition: app-layer-template.c:470
STREAMTCP_FLAG_APP_LAYER_DISABLED
#define STREAMTCP_FLAG_APP_LAYER_DISABLED
Definition: stream-tcp-private.h:188
AppLayerParserState_::decoder_events
AppLayerDecoderEvents * decoder_events
Definition: app-layer-parser.c:170
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:498
APP_LAYER_ERROR
#define APP_LAYER_ERROR
Definition: app-layer-parser.h:64
app-layer-smb.h
app-layer-mqtt.h
AppLayerParserProtoCtx_::StateGetProgress
int(* StateGetProgress)(void *alstate, uint8_t direction)
Definition: app-layer-parser.c:112
AppLayerParserProtocolGetLoggerBits
LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1453
AppLayerParserStateSetFlag
void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint8_t flag)
Definition: app-layer-parser.c:1664
AppLayerParserCtx_
Definition: app-layer-parser.c:151
AppLayerGetTxIteratorFunc
AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc)(const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state)
tx iterator prototype
Definition: app-layer-parser.h:127
likely
#define likely(expr)
Definition: util-optimize.h:32
RegisterHTTP2Parsers
void RegisterHTTP2Parsers(void)
Definition: app-layer-http2.c:56
AppLayerParserThreadCtx_
Definition: app-layer-parser.c:87
AppLayerProtoDetectPMRegisterPatternCS
int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1757
app-layer-smtp.h
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:39
FlowChangeProto
int FlowChangeProto(Flow *f)
Check if change proto flag is set for flow.
Definition: flow.c:212
FlowGetDisruptionFlags
uint8_t FlowGetDisruptionFlags(const Flow *f, uint8_t flags)
get 'disruption' flags: GAP/DEPTH/PASS
Definition: flow.c:1114
TcpSession_
Definition: stream-tcp-private.h:260
RegisterNFSUDPParsers
void RegisterNFSUDPParsers(void)
Definition: app-layer-nfs-udp.c:224
Flow_::alproto
AppProto alproto
application level protocol
Definition: flow.h:454
AppLayerParserDestroyProtocolParserLocalStorage
void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto, void *local_data)
Definition: app-layer-parser.c:626
util-pool.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
AppLayerParserGetTxCnt
uint64_t AppLayerParserGetTxCnt(const Flow *f, void *alstate)
Definition: app-layer-parser.c:1067
AppLayerProtoDetectConfProtoDetectionEnabled
int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:1931
SMTPParserCleanup
void SMTPParserCleanup(void)
Free memory allocated for global SMTP parser state.
Definition: app-layer-smtp.c:1835
AppLayerParserHasDecoderEvents
bool AppLayerParserHasDecoderEvents(AppLayerParserState *pstate)
Definition: app-layer-parser.c:1409
RegisterMQTTParsers
void RegisterMQTTParsers(void)
Definition: app-layer-mqtt.c:37
StreamTcpSetSessionBypassFlag
void StreamTcpSetSessionBypassFlag(TcpSession *)
enable bypass
Definition: stream-tcp.c:5918
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:111
app-layer-ssl.h
AppLayerParserProtoCtx_::StateGetEvents
AppLayerDecoderEvents *(* StateGetEvents)(void *)
Definition: app-layer-parser.c:110
TestState_
Definition: app-layer-parser.c:1717
app-layer-ntp.h
debug.h
AppLayerParserState_::flags
uint8_t flags
Definition: app-layer-parser.c:157
AppLayerParserProtoCtx_::LocalStorageAlloc
void *(* LocalStorageAlloc)(void)
Definition: app-layer-parser.c:105
app-layer-nfs-tcp.h
app-layer-rdp.h
app-layer.h
AppLayerParserGetEventInfo
int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name, int *event_id, AppLayerEventType *event_type)
Definition: app-layer-parser.c:1093
AppLayerParserProtoCtx_::first_data_dir
uint8_t first_data_dir
Definition: app-layer-parser.c:137