suricata
app-layer-parser.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Generic App-layer parsing functions.
24  */
25 
26 #include "suricata-common.h"
27 #include "debug.h"
28 #include "util-unittest.h"
29 #include "decode.h"
30 #include "threads.h"
31 
32 #include "util-print.h"
33 #include "util-pool.h"
34 
35 #include "flow-util.h"
36 #include "flow-private.h"
37 
38 #include "detect-engine-state.h"
39 #include "detect-engine-port.h"
40 
41 #include "stream-tcp.h"
42 #include "stream-tcp-private.h"
43 #include "stream.h"
44 #include "stream-tcp-reassemble.h"
45 
46 #include "app-layer.h"
47 #include "app-layer-protos.h"
48 #include "app-layer-parser.h"
49 #include "app-layer-dcerpc.h"
50 #include "app-layer-dcerpc-udp.h"
51 #include "app-layer-smb.h"
52 #include "app-layer-htp.h"
53 #include "app-layer-ftp.h"
54 #include "app-layer-ssl.h"
55 #include "app-layer-ssh.h"
56 #include "app-layer-smtp.h"
57 #include "app-layer-modbus.h"
58 #include "app-layer-enip.h"
59 #include "app-layer-dnp3.h"
60 #include "app-layer-nfs-tcp.h"
61 #include "app-layer-nfs-udp.h"
62 #include "app-layer-ntp.h"
63 #include "app-layer-tftp.h"
64 #include "app-layer-ikev2.h"
65 #include "app-layer-krb5.h"
66 #include "app-layer-snmp.h"
67 #include "app-layer-sip.h"
68 #include "app-layer-rfb.h"
69 #include "app-layer-mqtt.h"
70 #include "app-layer-template.h"
71 #include "app-layer-template-rust.h"
72 #include "app-layer-rdp.h"
73 #include "app-layer-http2.h"
74 
75 #include "conf.h"
76 #include "util-spm.h"
77 
78 #include "util-debug.h"
79 #include "decode-events.h"
80 #include "util-unittest-helper.h"
81 #include "util-validate.h"
82 
83 #include "runmodes.h"
84 
85 #include "rust.h"
86 
87 struct AppLayerParserThreadCtx_ {
88  void *alproto_local_storage[FLOW_PROTO_MAX][ALPROTO_MAX];
89 };
90 
91 
92 /**
93  * \brief App layer protocol parser context.
94  */
95 typedef struct AppLayerParserProtoCtx_
96 {
97  /* 0 - to_server, 1 - to_client. */
98  AppLayerParserFPtr Parser[2];
99  bool logger;
100  uint32_t logger_bits; /**< registered loggers for this proto */
101 
102  void *(*StateAlloc)(void *, AppProto);
103  void (*StateFree)(void *);
104  void (*StateTransactionFree)(void *, uint64_t);
105  void *(*LocalStorageAlloc)(void);
106  void (*LocalStorageFree)(void *);
107 
108  void (*Truncate)(void *, uint8_t);
109  FileContainer *(*StateGetFiles)(void *, uint8_t);
110  AppLayerDecoderEvents *(*StateGetEvents)(void *);
111 
112  int (*StateGetProgress)(void *alstate, uint8_t direction);
113  uint64_t (*StateGetTxCnt)(void *alstate);
114  void *(*StateGetTx)(void *alstate, uint64_t tx_id);
115  AppLayerGetTxIteratorFunc StateGetTxIterator;
116  int (*StateGetProgressCompletionStatus)(uint8_t direction);
117  int (*StateGetEventInfoById)(int event_id, const char **event_name,
118  AppLayerEventType *event_type);
119  int (*StateGetEventInfo)(const char *event_name,
120  int *event_id, AppLayerEventType *event_type);
121 
122  DetectEngineState *(*GetTxDetectState)(void *tx);
123  int (*SetTxDetectState)(void *tx, DetectEngineState *);
124 
125  AppLayerTxData *(*GetTxData)(void *tx);
126  bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig);
127 
128  void (*SetStreamDepthFlag)(void *tx, uint8_t flags);
129 
130  /* each app-layer has its own value */
131  uint32_t stream_depth;
132 
133  /* Indicates the direction the parser is ready to see the data
134  * the first time for a flow. Values accepted -
135  * STREAM_TOSERVER, STREAM_TOCLIENT */
136  uint8_t first_data_dir;
137 
138  /* Option flags such as supporting gaps or not. */
139  uint32_t option_flags;
140  /* coccinelle: AppLayerParserProtoCtx:option_flags:APP_LAYER_PARSER_OPT_ */
141 
142  uint32_t internal_flags;
143  /* coccinelle: AppLayerParserProtoCtx:internal_flags:APP_LAYER_PARSER_INT_ */
144 
145 #ifdef UNITTESTS
146  void (*RegisterUnittests)(void);
147 #endif
148 } AppLayerParserProtoCtx;
149 
150 typedef struct AppLayerParserCtx_ {
151  AppLayerParserProtoCtx ctxs[FLOW_PROTO_MAX][ALPROTO_MAX];
152 } AppLayerParserCtx;
153 
154 struct AppLayerParserState_ {
155  /* coccinelle: AppLayerParserState:flags:APP_LAYER_PARSER_ */
156  uint8_t flags;
157 
158  /* Indicates the current transaction that is being inspected.
159  * We have a var per direction. */
160  uint64_t inspect_id[2];
161  /* Indicates the current transaction being logged. Unlike inspect_id,
162  * we don't need a var per direction since we don't log a transaction
163  * unless we have the entire transaction. */
164  uint64_t log_id;
165 
166  uint64_t min_id;
167 
168  /* Used to store decoder events. */
169  AppLayerDecoderEvents *decoder_events;
170 };
171 
172 #ifdef UNITTESTS
173 void UTHAppLayerParserStateGetIds(void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min)
174 {
175  struct AppLayerParserState_ *s = ptr;
176  *i1 = s->inspect_id[0];
177  *i2 = s->inspect_id[1];
178  *log = s->log_id;
179  *min = s->min_id;
180 }
181 #endif
182 
183 /* Static global version of the parser context.
184  * Post 2.0 let's look at changing this to move it out to app-layer.c. */
185 static AppLayerParserCtx alp_ctx;
186 
187 int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto)
188 {
189  uint8_t ipproto_map = FlowGetProtoMapping(ipproto);
190 
191  return (alp_ctx.ctxs[ipproto_map][alproto].StateAlloc != NULL) ? 1 : 0;
192 }
193 
194 AppLayerParserState *AppLayerParserStateAlloc(void)
195 {
196  SCEnter();
197 
198  AppLayerParserState *pstate = (AppLayerParserState *)SCMalloc(sizeof(*pstate));
199  if (pstate == NULL)
200  goto end;
201  memset(pstate, 0, sizeof(*pstate));
202 
203  end:
204  SCReturnPtr(pstate, "AppLayerParserState");
205 }
206 
207 void AppLayerParserStateFree(AppLayerParserState *pstate)
208 {
209  SCEnter();
210 
211  if (pstate->decoder_events != NULL)
212  AppLayerDecoderEventsFreeEvents(&pstate->decoder_events);
213  SCFree(pstate);
214 
215  SCReturn;
216 }
217 
218 int AppLayerParserSetup(void)
219 {
220  SCEnter();
221  memset(&alp_ctx, 0, sizeof(alp_ctx));
222  SCReturnInt(0);
223 }
224 
225 void AppLayerParserPostStreamSetup(void)
226 {
227  AppProto alproto = 0;
228  int flow_proto = 0;
229 
230  /* lets set a default value for stream_depth */
231  for (flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) {
232  for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
233  if (!(alp_ctx.ctxs[flow_proto][alproto].internal_flags &
234  APP_LAYER_PARSER_INT_STREAM_DEPTH_SET)) {
235  alp_ctx.ctxs[flow_proto][alproto].stream_depth =
236  stream_config.reassembly_depth;
237  }
238  }
239  }
240 }
241 
242 int AppLayerParserDeSetup(void)
243 {
244  SCEnter();
245 
246  FTPParserCleanup();
247  SMTPParserCleanup();
248 
249  SCReturnInt(0);
250 }
251 
252 AppLayerParserThreadCtx *AppLayerParserThreadCtxAlloc(void)
253 {
254  SCEnter();
255 
256  AppProto alproto = 0;
257  int flow_proto = 0;
258  AppLayerParserThreadCtx *tctx;
259 
260  tctx = SCMalloc(sizeof(*tctx));
261  if (tctx == NULL)
262  goto end;
263  memset(tctx, 0, sizeof(*tctx));
264 
265  for (flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) {
266  for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
267  uint8_t ipproto = FlowGetReverseProtoMapping(flow_proto);
268 
269  tctx->alproto_local_storage[flow_proto][alproto] =
270  AppLayerParserGetProtocolParserLocalStorage(ipproto, alproto);
271  }
272  }
273 
274  end:
275  SCReturnPtr(tctx, "void *");
276 }
277 
278 void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
279 {
280  SCEnter();
281 
282  AppProto alproto = 0;
283  int flow_proto = 0;
284 
285  for (flow_proto = 0; flow_proto < FLOW_PROTO_DEFAULT; flow_proto++) {
286  for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
287  uint8_t ipproto = FlowGetReverseProtoMapping(flow_proto);
288 
289  AppLayerParserDestroyProtocolParserLocalStorage(ipproto, alproto,
290  tctx->alproto_local_storage[flow_proto][alproto]);
291  }
292  }
293 
294  SCFree(tctx);
295  SCReturn;
296 }
297 
298 /** \brief check if a parser is enabled in the config
299  * Returns enabled always if: were running unittests
300  */
301 int AppLayerParserConfParserEnabled(const char *ipproto,
302  const char *alproto_name)
303 {
304  SCEnter();
305 
306  int enabled = 1;
307  char param[100];
308  ConfNode *node;
309  int r;
310 
311  if (RunmodeIsUnittests())
312  goto enabled;
313 
314  r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
315  alproto_name, ".enabled");
316  if (r < 0) {
317  FatalError(SC_ERR_FATAL, "snprintf failure.");
318  } else if (r > (int)sizeof(param)) {
319  FatalError(SC_ERR_FATAL, "buffer not big enough to write param.");
320  }
321 
322  node = ConfGetNode(param);
323  if (node == NULL) {
324  SCLogDebug("Entry for %s not found.", param);
325  r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
326  alproto_name, ".", ipproto, ".enabled");
327  if (r < 0) {
328  FatalError(SC_ERR_FATAL, "snprintf failure.");
329  } else if (r > (int)sizeof(param)) {
330  FatalError(SC_ERR_FATAL, "buffer not big enough to write param.");
331  }
332 
333  node = ConfGetNode(param);
334  if (node == NULL) {
335  SCLogDebug("Entry for %s not found.", param);
336  goto enabled;
337  }
338  }
339 
340  if (ConfValIsTrue(node->val)) {
341  goto enabled;
342  } else if (ConfValIsFalse(node->val)) {
343  goto disabled;
344  } else if (strcasecmp(node->val, "detection-only") == 0) {
345  goto disabled;
346  } else {
347  SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param);
348  exit(EXIT_FAILURE);
349  }
350 
351  disabled:
352  enabled = 0;
353  enabled:
354  SCReturnInt(enabled);
355 }
356 
357 /***** Parser related registration *****/
358 
359 int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto,
360  uint8_t direction,
361  AppLayerParserFPtr Parser)
362 {
363  SCEnter();
364 
365  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
366  Parser[(direction & STREAM_TOSERVER) ? 0 : 1] = Parser;
367 
368  SCReturnInt(0);
369 }
370 
371 void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto,
372  uint8_t direction)
373 {
374  SCEnter();
375 
376  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].first_data_dir |=
377  (direction & (STREAM_TOSERVER | STREAM_TOCLIENT));
378 
379  SCReturn;
380 }
381 
382 void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto,
383  uint32_t flags)
384 {
385  SCEnter();
386 
387  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].option_flags |= flags;
388 
389  SCReturn;
390 }
391 
392 uint32_t AppLayerParserGetOptionFlags(uint8_t protomap, AppProto alproto)
393 {
394  SCEnter();
395  SCReturnUInt(alp_ctx.ctxs[protomap][alproto].option_flags);
396 }
397 
398 void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto,
399  void *(*StateAlloc)(void *, AppProto), void (*StateFree)(void *))
400 {
401  SCEnter();
402 
403  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateAlloc =
404  StateAlloc;
405  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateFree =
406  StateFree;
407 
408  SCReturn;
409 }
410 
411 void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto alproto,
412  void *(*LocalStorageAlloc)(void),
413  void (*LocalStorageFree)(void *))
414 {
415  SCEnter();
416 
417  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageAlloc =
418  LocalStorageAlloc;
419  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageFree =
420  LocalStorageFree;
421 
422  SCReturn;
423 }
424 
425 void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto,
426  FileContainer *(*StateGetFiles)(void *, uint8_t))
427 {
428  SCEnter();
429 
430  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetFiles =
431  StateGetFiles;
432 
433  SCReturn;
434 }
435 
436 void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto alproto,
437  AppLayerDecoderEvents *(*StateGetEvents)(void *))
438 {
439  SCEnter();
440 
441  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetEvents =
442  StateGetEvents;
443 
444  SCReturn;
445 }
446 
447 void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits)
448 {
449  SCEnter();
450 
451  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger_bits = bits;
452 
453  SCReturn;
454 }
455 
456 void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
457 {
458  SCEnter();
459 
460  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger = true;
461 
462  SCReturn;
463 }
464 
465 void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto,
466  void (*Truncate)(void *, uint8_t))
467 {
468  SCEnter();
469 
470  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate = Truncate;
471 
472  SCReturn;
473 }
474 
475 void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto,
476  int (*StateGetProgress)(void *alstate, uint8_t direction))
477 {
478  SCEnter();
479 
480  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
481  StateGetProgress = StateGetProgress;
482 
483  SCReturn;
484 }
485 
486 void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto,
487  void (*StateTransactionFree)(void *, uint64_t))
488 {
489  SCEnter();
490 
491  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
492  StateTransactionFree = StateTransactionFree;
493 
494  SCReturn;
495 }
496 
497 void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto,
498  uint64_t (*StateGetTxCnt)(void *alstate))
499 {
500  SCEnter();
501 
502  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
503  StateGetTxCnt = StateGetTxCnt;
504 
505  SCReturn;
506 }
507 
508 void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto,
509  void *(StateGetTx)(void *alstate, uint64_t tx_id))
510 {
511  SCEnter();
512 
513  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
514  StateGetTx = StateGetTx;
515 
516  SCReturn;
517 }
518 
519 void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto,
520  AppLayerGetTxIteratorFunc Func)
521 {
522  SCEnter();
523  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTxIterator = Func;
524  SCReturn;
525 }
526 
527 void AppLayerParserRegisterGetStateProgressCompletionStatus(AppProto alproto,
528  int (*StateGetProgressCompletionStatus)(uint8_t direction))
529 {
530  SCEnter();
531 
532  alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].
533  StateGetProgressCompletionStatus = StateGetProgressCompletionStatus;
534 
535  SCReturn;
536 }
537 
538 void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto,
539  int (*StateGetEventInfoById)(int event_id, const char **event_name,
540  AppLayerEventType *event_type))
541 {
542  SCEnter();
543 
544  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
545  StateGetEventInfoById = StateGetEventInfoById;
546 
547  SCReturn;
548 }
549 
550 void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto,
551  int (*StateGetEventInfo)(const char *event_name, int *event_id,
552  AppLayerEventType *event_type))
553 {
554  SCEnter();
555 
556  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
557  StateGetEventInfo = StateGetEventInfo;
558 
559  SCReturn;
560 }
561 
562 void AppLayerParserRegisterDetectStateFuncs(uint8_t ipproto, AppProto alproto,
563  DetectEngineState *(*GetTxDetectState)(void *tx),
564  int (*SetTxDetectState)(void *tx, DetectEngineState *))
565 {
566  SCEnter();
567 
568  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectState = GetTxDetectState;
569  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetTxDetectState = SetTxDetectState;
570 
571  SCReturn;
572 }
573 
574 void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto,
575  AppLayerTxData *(*GetTxData)(void *tx))
576 {
577  SCEnter();
578 
579  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxData = GetTxData;
580 
581  SCReturn;
582 }
583 
584 void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto,
585  bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig))
586 {
587  SCEnter();
588 
589  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].ApplyTxConfig = ApplyTxConfig;
590 
591  SCReturn;
592 }
593 
594 void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto,
595  void (*SetStreamDepthFlag)(void *tx, uint8_t flags))
596 {
597  SCEnter();
598 
599  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag = SetStreamDepthFlag;
600 
601  SCReturn;
602 }
603 
604 /***** Get and transaction functions *****/
605 
606 void *AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto)
607 {
608  SCEnter();
609  void * r = NULL;
610 
611  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
612  LocalStorageAlloc != NULL)
613  {
614  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
615  LocalStorageAlloc();
616  }
617 
618  SCReturnPtr(r, "void *");
619 }
620 
621 void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto,
622  void *local_data)
623 {
624  SCEnter();
625 
626  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
627  LocalStorageFree != NULL)
628  {
629  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
630  LocalStorageFree(local_data);
631  }
632 
633  SCReturn;
634 }
635 
636 /** \brief default tx iterator
637  *
638  * Used if the app layer parser doesn't register its own iterator.
639  * Simply walks the tx_id space until it finds a tx. Uses 'state' to
640  * keep track of where it left off.
641  *
642  * \retval txptr or NULL if no more txs in list
643  */
644 static AppLayerGetTxIterTuple AppLayerDefaultGetTxIterator(
645  const uint8_t ipproto, const AppProto alproto,
646  void *alstate, uint64_t min_tx_id, uint64_t max_tx_id,
647  AppLayerGetTxIterState *state)
648 {
649  uint64_t ustate = *(uint64_t *)state;
650  uint64_t tx_id = MAX(min_tx_id, ustate);
651  for ( ; tx_id < max_tx_id; tx_id++) {
652  void *tx_ptr = AppLayerParserGetTx(ipproto, alproto, alstate, tx_id);
653  if (tx_ptr != NULL) {
654  ustate = tx_id + 1;
655  *state = *(AppLayerGetTxIterState *)&ustate;
656  AppLayerGetTxIterTuple tuple = {
657  .tx_ptr = tx_ptr,
658  .tx_id = tx_id,
659  .has_next = (tx_id + 1 < max_tx_id),
660  };
661  SCLogDebug("tuple: %p/%"PRIu64"/%s", tuple.tx_ptr, tuple.tx_id,
662  tuple.has_next ? "true" : "false");
663  return tuple;
664  }
665  }
666 
667  AppLayerGetTxIterTuple no_tuple = { NULL, 0, false };
668  return no_tuple;
669 }
670 
671 AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto,
672  const AppProto alproto)
673 {
674  AppLayerGetTxIteratorFunc Func =
675  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetTxIterator;
676  return Func ? Func : AppLayerDefaultGetTxIterator;
677 }
678 
679 uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate)
680 {
681  SCEnter();
682 
683  SCReturnCT((pstate == NULL) ? 0 : pstate->log_id, "uint64_t");
684 }
685 
686 void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id)
687 {
688  SCEnter();
689 
690  if (pstate != NULL)
691  pstate->log_id = tx_id;
692 
693  SCReturn;
694 }
695 
696 uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction)
697 {
698  SCEnter();
699 
700  if (pstate == NULL)
701  SCReturnCT(0ULL, "uint64_t");
702 
703  SCReturnCT(pstate->inspect_id[direction & STREAM_TOSERVER ? 0 : 1], "uint64_t");
704 }
705 
706 static inline uint64_t GetTxDetectFlags(AppLayerTxData *txd, const uint8_t dir)
707 {
708  uint64_t detect_flags =
709  (dir & STREAM_TOSERVER) ? txd->detect_flags_ts : txd->detect_flags_tc;
710  return detect_flags;
711 }
712 
713 static inline void SetTxDetectFlags(AppLayerTxData *txd, const uint8_t dir, const uint64_t detect_flags)
714 {
715  if (dir & STREAM_TOSERVER) {
716  txd->detect_flags_ts = detect_flags;
717  } else {
718  txd->detect_flags_tc = detect_flags;
719  }
720 }
721 
722 static inline uint32_t GetTxLogged(AppLayerTxData *txd)
723 {
724  return txd->logged.flags;
725 }
726 
727 void AppLayerParserSetTransactionInspectId(const Flow *f, AppLayerParserState *pstate,
728  void *alstate, const uint8_t flags,
729  bool tag_txs_as_inspected)
730 {
731  SCEnter();
732 
733  const int direction = (flags & STREAM_TOSERVER) ? 0 : 1;
734  const uint64_t total_txs = AppLayerParserGetTxCnt(f, alstate);
735  uint64_t idx = AppLayerParserGetTransactionInspectId(pstate, flags);
736  const int state_done_progress = AppLayerParserGetStateProgressCompletionStatus(f->alproto, flags);
737  const uint8_t ipproto = f->proto;
738  const AppProto alproto = f->alproto;
739 
740  AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(ipproto, alproto);
741  AppLayerGetTxIterState state;
742  memset(&state, 0, sizeof(state));
743 
744  SCLogDebug("called: %s, tag_txs_as_inspected %s",direction==0?"toserver":"toclient",
745  tag_txs_as_inspected?"true":"false");
746 
747  /* mark all txs as inspected if the applayer progress is
748  * at the 'end state'. */
749  while (1) {
750  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, idx, total_txs, &state);
751  if (ires.tx_ptr == NULL)
752  break;
753 
754  void *tx = ires.tx_ptr;
755  idx = ires.tx_id;
756 
757  int state_progress = AppLayerParserGetStateProgress(ipproto, alproto, tx, flags);
758  if (state_progress < state_done_progress)
759  break;
760 
761  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
762  if (txd && tag_txs_as_inspected) {
763  uint64_t detect_flags = GetTxDetectFlags(txd, flags);
764  if ((detect_flags & APP_LAYER_TX_INSPECTED_FLAG) == 0) {
765  detect_flags |= APP_LAYER_TX_INSPECTED_FLAG;
766  SetTxDetectFlags(txd, flags, detect_flags);
767  SCLogDebug("%p/%"PRIu64" in-order tx is done for direction %s. Flag %016"PRIx64,
768  tx, idx, flags & STREAM_TOSERVER ? "toserver" : "toclient", detect_flags);
769  }
770  }
771  idx++;
772  if (!ires.has_next)
773  break;
774  }
775  pstate->inspect_id[direction] = idx;
776  SCLogDebug("inspect_id now %"PRIu64, pstate->inspect_id[direction]);
777 
778  /* if necessary we flag all txs that are complete as 'inspected'
779  * also move inspect_id forward. */
780  if (tag_txs_as_inspected) {
781  /* continue at idx */
782  while (1) {
783  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, idx, total_txs, &state);
784  if (ires.tx_ptr == NULL)
785  break;
786 
787  void *tx = ires.tx_ptr;
788  /* if we got a higher id than the minimum we requested, we
789  * skipped a bunch of 'null-txs'. Lets see if we can up the
790  * inspect tracker */
791  if (ires.tx_id > idx && pstate->inspect_id[direction] == idx) {
792  pstate->inspect_id[direction] = ires.tx_id;
793  }
794  idx = ires.tx_id;
795 
796  const int state_progress = AppLayerParserGetStateProgress(ipproto, alproto, tx, flags);
797  if (state_progress < state_done_progress)
798  break;
799 
800  /* txd can be NULL for HTTP sessions where the user data alloc failed */
801  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
802  if (likely(txd)) {
803  uint64_t detect_flags = GetTxDetectFlags(txd, flags);
804  if ((detect_flags & APP_LAYER_TX_INSPECTED_FLAG) == 0) {
805  detect_flags |= APP_LAYER_TX_INSPECTED_FLAG;
806  SetTxDetectFlags(txd, flags, detect_flags);
807  SCLogDebug("%p/%"PRIu64" out of order tx is done for direction %s. Flag %016"PRIx64,
808  tx, idx, flags & STREAM_TOSERVER ? "toserver" : "toclient", detect_flags);
809 
810  SCLogDebug("%p/%"PRIu64" out of order tx. Update inspect_id? %"PRIu64,
811  tx, idx, pstate->inspect_id[direction]);
812  if (pstate->inspect_id[direction]+1 == idx)
813  pstate->inspect_id[direction] = idx;
814  }
815  } else {
816  if (pstate->inspect_id[direction]+1 == idx)
817  pstate->inspect_id[direction] = idx;
818  }
819  if (!ires.has_next)
820  break;
821  idx++;
822  }
823  }
824 
825  SCReturn;
826 }
827 
828 AppLayerDecoderEvents *AppLayerParserGetDecoderEvents(AppLayerParserState *pstate)
829 {
830  SCEnter();
831 
832  SCReturnPtr(pstate->decoder_events,
833  "AppLayerDecoderEvents *");
834 }
835 
836 void AppLayerParserSetDecoderEvents(AppLayerParserState *pstate, AppLayerDecoderEvents *devents)
837 {
838  pstate->decoder_events = devents;
839 }
840 
841 AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto,
842  void *tx)
843 {
844  SCEnter();
845 
846  AppLayerDecoderEvents *ptr = NULL;
847 
848  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
849  StateGetEvents != NULL)
850  {
851  ptr = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
852  StateGetEvents(tx);
853  }
854 
855  SCReturnPtr(ptr, "AppLayerDecoderEvents *");
856 }
857 
858 FileContainer *AppLayerParserGetFiles(const Flow *f, const uint8_t direction)
859 {
860  SCEnter();
861 
862  FileContainer *ptr = NULL;
863 
864  if (alp_ctx.ctxs[f->protomap][f->alproto].StateGetFiles != NULL)
865  {
866  ptr = alp_ctx.ctxs[f->protomap][f->alproto].
867  StateGetFiles(f->alstate, direction);
868  }
869 
870  SCReturnPtr(ptr, "FileContainer *");
871 }
872 
873 #define IS_DISRUPTED(flags) ((flags) & (STREAM_DEPTH | STREAM_GAP))
874 
875 extern int g_detect_disabled;
876 /**
877  * \brief remove obsolete (inspected and logged) transactions
878  */
879 void AppLayerParserTransactionsCleanup(Flow *f)
880 {
881  SCEnter();
882  DEBUG_ASSERT_FLOW_LOCKED(f);
883 
884  AppLayerParserProtoCtx *p = &alp_ctx.ctxs[f->protomap][f->alproto];
885  if (unlikely(p->StateTransactionFree == NULL))
886  SCReturn;
887 
888  const bool has_tx_detect_flags = (p->GetTxData != NULL && !g_detect_disabled);
889  const uint8_t ipproto = f->proto;
890  const AppProto alproto = f->alproto;
891  void * const alstate = f->alstate;
892  AppLayerParserState * const alparser = f->alparser;
893 
894  if (alstate == NULL || alparser == NULL)
895  SCReturn;
896 
897  const uint64_t min = alparser->min_id;
898  const uint64_t total_txs = AppLayerParserGetTxCnt(f, alstate);
899  const LoggerId logger_expectation = AppLayerParserProtocolGetLoggerBits(ipproto, alproto);
900  const int tx_end_state_ts = AppLayerParserGetStateProgressCompletionStatus(alproto, STREAM_TOSERVER);
901  const int tx_end_state_tc = AppLayerParserGetStateProgressCompletionStatus(alproto, STREAM_TOCLIENT);
902  const uint8_t ts_disrupt_flags = FlowGetDisruptionFlags(f, STREAM_TOSERVER);
903  const uint8_t tc_disrupt_flags = FlowGetDisruptionFlags(f, STREAM_TOCLIENT);
904 
905  AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(ipproto, alproto);
906  AppLayerGetTxIterState state;
907  memset(&state, 0, sizeof(state));
908  uint64_t i = min;
909  uint64_t new_min = min;
910  SCLogDebug("start min %"PRIu64, min);
911  bool skipped = false;
912  const bool is_unidir =
913  AppLayerParserGetOptionFlags(f->protomap, f->alproto) & APP_LAYER_PARSER_OPT_UNIDIR_TXS;
914 
915  while (1) {
916  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, i, total_txs, &state);
917  if (ires.tx_ptr == NULL)
918  break;
919 
920  void *tx = ires.tx_ptr;
921  i = ires.tx_id; // actual tx id for the tx the IterFunc returned
922 
923  SCLogDebug("%p/%"PRIu64" checking", tx, i);
924 
925  const int tx_progress_tc =
926  AppLayerParserGetStateProgress(ipproto, alproto, tx, tc_disrupt_flags);
927  if (tx_progress_tc < tx_end_state_tc) {
928  SCLogDebug("%p/%"PRIu64" skipping: tc parser not done", tx, i);
929  skipped = true;
930  goto next;
931  }
932  const int tx_progress_ts =
933  AppLayerParserGetStateProgress(ipproto, alproto, tx, ts_disrupt_flags);
934  if (tx_progress_ts < tx_end_state_ts) {
935  SCLogDebug("%p/%"PRIu64" skipping: ts parser not done", tx, i);
936  skipped = true;
937  goto next;
938  }
939 
940  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
941  bool inspected = false;
942  if (txd && has_tx_detect_flags) {
943  if (!IS_DISRUPTED(ts_disrupt_flags) && f->sgh_toserver != NULL) {
944  uint64_t detect_flags_ts = GetTxDetectFlags(txd, STREAM_TOSERVER);
945  if (!(detect_flags_ts & APP_LAYER_TX_INSPECTED_FLAG)) {
946  SCLogDebug("%p/%"PRIu64" skipping: TS inspect not done: ts:%"PRIx64,
947  tx, i, detect_flags_ts);
948  skipped = true;
949  } else {
950  inspected = true;
951  }
952  }
953  if (!IS_DISRUPTED(tc_disrupt_flags) && f->sgh_toclient != NULL) {
954  uint64_t detect_flags_tc = GetTxDetectFlags(txd, STREAM_TOCLIENT);
955  if (!(detect_flags_tc & APP_LAYER_TX_INSPECTED_FLAG)) {
956  SCLogDebug("%p/%"PRIu64" skipping: TC inspect not done: tc:%"PRIx64,
957  tx, i, detect_flags_tc);
958  skipped = true;
959  } else {
960  inspected = true;
961  }
962  }
963  }
964 
965  // If not a unidirectional transaction both sides are required to have
966  // been inspected.
967  if (!is_unidir && skipped) {
968  goto next;
969  }
970 
971  // If this is a unidirectional transaction require only one side to be
972  // inspected, which the inspected flag tells us. This is also guarded
973  // with skip to limit this check to transactions that actually had the
974  // tx inspected flag checked.
975  if (is_unidir && skipped && !inspected) {
976  goto next;
977  }
978 
979  if (txd && logger_expectation != 0) {
980  LoggerId tx_logged = GetTxLogged(txd);
981  if (tx_logged != logger_expectation) {
982  SCLogDebug("%p/%"PRIu64" skipping: logging not done: want:%"PRIx32", have:%"PRIx32,
983  tx, i, logger_expectation, tx_logged);
984  skipped = true;
985  goto next;
986  }
987  }
988 
989  /* if we are here, the tx can be freed. */
990  p->StateTransactionFree(alstate, i);
991  SCLogDebug("%p/%"PRIu64" freed", tx, i);
992 
993  /* if we didn't skip any tx so far, up the minimum */
994  SCLogDebug("skipped? %s i %"PRIu64", new_min %"PRIu64, skipped ? "true" : "false", i, new_min);
995  if (!skipped)
996  new_min = i + 1;
997  SCLogDebug("final i %"PRIu64", new_min %"PRIu64, i, new_min);
998 
999 next:
1000  if (!ires.has_next) {
1001  /* this was the last tx. See if we skipped any. If not
1002  * we removed all and can update the minimum to the max
1003  * id. */
1004  SCLogDebug("no next: cur tx i %"PRIu64", total %"PRIu64, i, total_txs);
1005  if (!skipped) {
1006  new_min = total_txs;
1007  SCLogDebug("no next: cur tx i %"PRIu64", total %"PRIu64": "
1008  "new_min updated to %"PRIu64, i, total_txs, new_min);
1009  }
1010  break;
1011  }
1012  i++;
1013  }
1014 
1015  /* see if we need to bring all trackers up to date. */
1016  SCLogDebug("update f->alparser->min_id? %"PRIu64" vs %"PRIu64, new_min, alparser->min_id);
1017  if (new_min > alparser->min_id) {
1018  const uint64_t next_id = new_min;
1019  alparser->min_id = next_id;
1020  alparser->inspect_id[0] = MAX(alparser->inspect_id[0], next_id);
1021  alparser->inspect_id[1] = MAX(alparser->inspect_id[1], next_id);
1022  alparser->log_id = MAX(alparser->log_id, next_id);
1023  SCLogDebug("updated f->alparser->min_id %"PRIu64, alparser->min_id);
1024  }
1025  SCReturn;
1026 }
1027 
1028 /**
1029  * \brief get the progress value for a tx/protocol
1030  *
1031  * If the stream is disrupted, we return the 'completion' value.
1032  */
1033 int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto,
1034  void *alstate, uint8_t flags)
1035 {
1036  SCEnter();
1037  int r = 0;
1038  if (unlikely(IS_DISRUPTED(flags))) {
1039  r = alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].
1040  StateGetProgressCompletionStatus(flags);
1041  } else {
1042  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
1043  StateGetProgress(alstate, flags);
1044  }
1045  SCReturnInt(r);
1046 }
1047 
1048 uint64_t AppLayerParserGetTxCnt(const Flow *f, void *alstate)
1049 {
1050  SCEnter();
1051  uint64_t r = 0;
1052  r = alp_ctx.ctxs[f->protomap][f->alproto].
1053  StateGetTxCnt(alstate);
1054  SCReturnCT(r, "uint64_t");
1055 }
1056 
1057 void *AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)
1058 {
1059  SCEnter();
1060  void * r = NULL;
1061  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
1062  StateGetTx(alstate, tx_id);
1063  SCReturnPtr(r, "void *");
1064 }
1065 
1066 int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto,
1067  uint8_t direction)
1068 {
1069  SCEnter();
1070  int r = alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].
1071  StateGetProgressCompletionStatus(direction);
1072  SCReturnInt(r);
1073 }
1074 
1075 int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name,
1076  int *event_id, AppLayerEventType *event_type)
1077 {
1078  SCEnter();
1079  int ipproto_map = FlowGetProtoMapping(ipproto);
1080  int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo == NULL) ?
1081  -1 : alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo(event_name, event_id, event_type);
1082  SCReturnInt(r);
1083 }
1084 
1085 int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, int event_id,
1086  const char **event_name, AppLayerEventType *event_type)
1087 {
1088  SCEnter();
1089  int ipproto_map = FlowGetProtoMapping(ipproto);
1090  *event_name = (const char *)NULL;
1091  int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfoById == NULL) ?
1092  -1 : alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfoById(event_id, event_name, event_type);
1093  SCReturnInt(r);
1094 }
1095 
1096 uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto)
1097 {
1098  SCEnter();
1099  uint8_t r = 0;
1100  r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
1101  first_data_dir;
1102  SCReturnCT(r, "uint8_t");
1103 }
1104 
1105 uint64_t AppLayerParserGetTransactionActive(const Flow *f,
1106  AppLayerParserState *pstate, uint8_t direction)
1107 {
1108  SCEnter();
1109 
1110  uint64_t active_id;
1111 
1112  uint64_t log_id = pstate->log_id;
1113  uint64_t inspect_id = pstate->inspect_id[direction & STREAM_TOSERVER ? 0 : 1];
1114  if (alp_ctx.ctxs[f->protomap][f->alproto].logger == true) {
1115  active_id = (log_id < inspect_id) ? log_id : inspect_id;
1116  } else {
1117  active_id = inspect_id;
1118  }
1119 
1120  SCReturnCT(active_id, "uint64_t");
1121 }
1122 
1123 int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto)
1124 {
1125  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetFiles != NULL)
1126  return TRUE;
1127  return FALSE;
1128 }
1129 
1130 int AppLayerParserSupportsTxDetectState(uint8_t ipproto, AppProto alproto)
1131 {
1132  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectState != NULL)
1133  return TRUE;
1134  return FALSE;
1135 }
1136 
1137 DetectEngineState *AppLayerParserGetTxDetectState(uint8_t ipproto, AppProto alproto, void *tx)
1138 {
1139  SCEnter();
1140  DetectEngineState *s;
1141  s = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxDetectState(tx);
1142  SCReturnPtr(s, "DetectEngineState");
1143 }
1144 
1145 int AppLayerParserSetTxDetectState(const Flow *f,
1146  void *tx, DetectEngineState *s)
1147 {
1148  int r;
1149  SCEnter();
1150  if ((alp_ctx.ctxs[f->protomap][f->alproto].GetTxDetectState(tx) != NULL))
1151  SCReturnInt(-EBUSY);
1152  r = alp_ctx.ctxs[f->protomap][f->alproto].SetTxDetectState(tx, s);
1153  SCReturnInt(r);
1154 }
1155 
1156 bool AppLayerParserSupportsTxDetectFlags(AppProto alproto)
1157 {
1158  SCEnter();
1159  for (uint8_t p = 0; p < FLOW_PROTO_APPLAYER_MAX; p++) {
1160  if (alp_ctx.ctxs[p][alproto].GetTxData != NULL) {
1161  SCReturnBool(true);
1162  }
1163  }
1164  SCReturnBool(false);
1165 }
1166 
1167 AppLayerTxData *AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx)
1168 {
1169  SCEnter();
1170  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxData) {
1171  AppLayerTxData *d = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetTxData(tx);
1172  SCReturnPtr(d, "AppLayerTxData");
1173  }
1174  SCReturnPtr(NULL, "AppLayerTxData");
1175 }
1176 
1177 void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto,
1178  void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig config)
1179 {
1180  SCEnter();
1181  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].ApplyTxConfig) {
1182  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].ApplyTxConfig(state, tx, mode, config);
1183  }
1184  SCReturn;
1185 }
1186 
1187 /***** General *****/
1188 
1189 static inline void SetEOFFlags(AppLayerParserState *pstate, const uint8_t flags)
1190 {
1191  if ((flags & (STREAM_EOF|STREAM_TOSERVER)) == (STREAM_EOF|STREAM_TOSERVER)) {
1192  SCLogDebug("setting APP_LAYER_PARSER_EOF_TS");
1193  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_EOF_TS);
1194  } else if ((flags & (STREAM_EOF|STREAM_TOCLIENT)) == (STREAM_EOF|STREAM_TOCLIENT)) {
1195  SCLogDebug("setting APP_LAYER_PARSER_EOF_TC");
1196  AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_EOF_TC);
1197  }
1198 }
1199 
1200 /** \retval int -1 in case of unrecoverable error. App-layer tracking stops for this flow.
1201  * \retval int 0 ok: we did not update app_progress
1202  * \retval int 1 ok: we updated app_progress */
1203 int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto,
1204  uint8_t flags, const uint8_t *input, uint32_t input_len)
1205 {
1206  SCEnter();
1207 #ifdef DEBUG_VALIDATION
1208  BUG_ON(f->protomap != FlowGetProtoMapping(f->proto));
1209 #endif
1210  AppLayerParserState *pstate = f->alparser;
1211  AppLayerParserProtoCtx *p = &alp_ctx.ctxs[f->protomap][alproto];
1212  void *alstate = NULL;
1213  uint64_t p_tx_cnt = 0;
1214  uint32_t consumed = input_len;
1215  const int direction = (flags & STREAM_TOSERVER) ? 0 : 1;
1216 
1217  /* we don't have the parser registered for this protocol */
1218  if (p->StateAlloc == NULL)
1219  goto end;
1220 
1221  if (flags & STREAM_GAP) {
1222  if (!(p->option_flags & APP_LAYER_PARSER_OPT_ACCEPT_GAPS)) {
1223  SCLogDebug("app-layer parser does not accept gaps");
1224  if (f->alstate != NULL && !FlowChangeProto(f)) {
1225  AppLayerParserStreamTruncated(f->proto, alproto, f->alstate,
1226  flags);
1227  }
1228  goto error;
1229  }
1230  }
1231 
1232  /* Get the parser state (if any) */
1233  if (pstate == NULL) {
1234  f->alparser = pstate = AppLayerParserStateAlloc();
1235  if (pstate == NULL)
1236  goto error;
1237  }
1238 
1239  SetEOFFlags(pstate, flags);
1240 
1241  alstate = f->alstate;
1242  if (alstate == NULL || FlowChangeProto(f)) {
1243  f->alstate = alstate = p->StateAlloc(alstate, f->alproto_orig);
1244  if (alstate == NULL)
1245  goto error;
1246  SCLogDebug("alloced new app layer state %p (name %s)",
1247  alstate, AppLayerGetProtoName(f->alproto));
1248  } else {
1249  SCLogDebug("using existing app layer state %p (name %s))",
1250  alstate, AppLayerGetProtoName(f->alproto));
1251  }
1252 
1253  p_tx_cnt = AppLayerParserGetTxCnt(f, f->alstate);
1254 
1255  /* invoke the recursive parser, but only on data. We may get empty msgs on EOF */
1256  if (input_len > 0 || (flags & STREAM_EOF)) {
1257  /* invoke the parser */
1258  AppLayerResult res = p->Parser[direction](f, alstate, pstate,
1259  input, input_len,
1260  alp_tctx->alproto_local_storage[f->protomap][alproto],
1261  flags);
1262  if (res.status < 0) {
1263  goto error;
1264  } else if (res.status > 0) {
1265  DEBUG_VALIDATE_BUG_ON(res.consumed > input_len);
1266  DEBUG_VALIDATE_BUG_ON(res.needed + res.consumed < input_len);
1267  DEBUG_VALIDATE_BUG_ON(res.needed == 0);
1268  /* incomplete is only supported for TCP */
1269  DEBUG_VALIDATE_BUG_ON(f->proto != IPPROTO_TCP);
1270 
1271  /* put protocol in error state on improper use of the
1272  * return codes. */
1273  if (res.consumed > input_len || res.needed + res.consumed < input_len) {
1274  goto error;
1275  }
1276 
1277  if (f->proto == IPPROTO_TCP && f->protoctx != NULL) {
1278  TcpSession *ssn = f->protoctx;
1279  SCLogDebug("direction %d/%s", direction,
1280  (flags & STREAM_TOSERVER) ? "toserver" : "toclient");
1281  if (direction == 0) {
1282  /* parser told us how much data it needs on top of what it
1283  * consumed. So we need tell stream engine how much we need
1284  * before the next call */
1285  ssn->client.data_required = res.needed;
1286  SCLogDebug("setting data_required %u", ssn->client.data_required);
1287  } else {
1288  /* parser told us how much data it needs on top of what it
1289  * consumed. So we need tell stream engine how much we need
1290  * before the next call */
1291  ssn->server.data_required = res.needed;
1292  SCLogDebug("setting data_required %u", ssn->server.data_required);
1293  }
1294  }
1295  consumed = res.consumed;
1296  }
1297  }
1298 
1299  /* set the packets to no inspection and reassembly if required */
1300  if (pstate->flags & APP_LAYER_PARSER_NO_INSPECTION) {
1301  AppLayerParserSetEOF(pstate);
1302  FlowSetNoPayloadInspectionFlag(f);
1303 
1304  if (f->proto == IPPROTO_TCP) {
1305  StreamTcpDisableAppLayer(f);
1306 
1307  /* Set the no reassembly flag for both the stream in this TcpSession */
1308  if (pstate->flags & APP_LAYER_PARSER_NO_REASSEMBLY) {
1309  /* Used only if it's TCP */
1310  TcpSession *ssn = f->protoctx;
1311  if (ssn != NULL) {
1312  StreamTcpSetSessionNoReassemblyFlag(ssn, 0);
1313  StreamTcpSetSessionNoReassemblyFlag(ssn, 1);
1314  }
1315  }
1316  /* Set the bypass flag for both the stream in this TcpSession */
1317  if (pstate->flags & APP_LAYER_PARSER_BYPASS_READY) {
1318  /* Used only if it's TCP */
1319  TcpSession *ssn = f->protoctx;
1320  if (ssn != NULL) {
1321  StreamTcpSetSessionBypassFlag(ssn);
1322  }
1323  }
1324  }
1325  }
1326 
1327  /* In cases like HeartBleed for TLS we need to inspect AppLayer but not Payload */
1328  if (!(f->flags & FLOW_NOPAYLOAD_INSPECTION) && pstate->flags & APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD) {
1329  FlowSetNoPayloadInspectionFlag(f);
1330  /* Set the no reassembly flag for both the stream in this TcpSession */
1331  if (f->proto == IPPROTO_TCP) {
1332  /* Used only if it's TCP */
1333  TcpSession *ssn = f->protoctx;
1334  if (ssn != NULL) {
1335  StreamTcpSetDisableRawReassemblyFlag(ssn, 0);
1336  StreamTcpSetDisableRawReassemblyFlag(ssn, 1);
1337  }
1338  }
1339  }
1340 
1341  /* get the diff in tx cnt for stats keeping */
1342  uint64_t cur_tx_cnt = AppLayerParserGetTxCnt(f, f->alstate);
1343  if (cur_tx_cnt > p_tx_cnt && tv) {
1344  AppLayerIncTxCounter(tv, f, cur_tx_cnt - p_tx_cnt);
1345  }
1346 
1347  /* stream truncated, inform app layer */
1348  if (flags & STREAM_DEPTH)
1349  AppLayerParserStreamTruncated(f->proto, alproto, alstate, flags);
1350 
1351  end:
1352  /* update app progress */
1353  if (consumed != input_len && f->proto == IPPROTO_TCP && f->protoctx != NULL) {
1354  TcpSession *ssn = f->protoctx;
1355  StreamTcpUpdateAppLayerProgress(ssn, direction, consumed);
1356  SCReturnInt(1);
1357  }
1358 
1359  SCReturnInt(0);
1360  error:
1361  /* Set the no app layer inspection flag for both
1362  * the stream in this Flow */
1363  if (f->proto == IPPROTO_TCP) {
1364  StreamTcpDisableAppLayer(f);
1365  }
1366  AppLayerParserSetEOF(pstate);
1367  SCReturnInt(-1);
1368 }
1369 
1370 void AppLayerParserSetEOF(AppLayerParserState *pstate)
1371 {
1372  SCEnter();
1373 
1374  if (pstate == NULL)
1375  goto end;
1376 
1377  SCLogDebug("setting APP_LAYER_PARSER_EOF_TC and APP_LAYER_PARSER_EOF_TS");
1378  AppLayerParserStateSetFlag(pstate, (APP_LAYER_PARSER_EOF_TS|APP_LAYER_PARSER_EOF_TC));
1379 
1380  end:
1381  SCReturn;
1382 }
1383 
1384 /* return true if there are app parser decoder events. These are
1385  * only the ones that are set during protocol detection. */
1386 bool AppLayerParserHasDecoderEvents(AppLayerParserState *pstate)
1387 {
1388  SCEnter();
1389 
1390  if (pstate == NULL)
1391  return false;
1392 
1393  const AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(pstate);
1394  if (decoder_events && decoder_events->cnt)
1395  return true;
1396 
1397  /* if we have reached here, we don't have events */
1398  return false;
1399 }
1400 
1401 /** \brief simple way to globally test if a alproto is registered
1402  * and fully enabled in the configuration.
1403  */
1404 int AppLayerParserIsEnabled(AppProto alproto)
1405 {
1406  return (alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto]
1407  .StateGetProgressCompletionStatus != NULL);
1408 }
1409 
1410 int AppLayerParserProtocolIsTxEventAware(uint8_t ipproto, AppProto alproto)
1411 {
1412  SCEnter();
1413  int ipproto_map = FlowGetProtoMapping(ipproto);
1414  int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEvents == NULL) ? 0 : 1;
1415  SCReturnInt(r);
1416 }
1417 
1418 int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto)
1419 {
1420  SCEnter();
1421  int ipproto_map = FlowGetProtoMapping(ipproto);
1422  int r = (alp_ctx.ctxs[ipproto_map][alproto].logger == false) ? 0 : 1;
1423  SCReturnInt(r);
1424 }
1425 
1426 LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto)
1427 {
1428  SCEnter();
1429  const int ipproto_map = FlowGetProtoMapping(ipproto);
1430  LoggerId r = alp_ctx.ctxs[ipproto_map][alproto].logger_bits;
1431  SCReturnUInt(r);
1432 }
1433 
1434 void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
1435 {
1436  SCEnter();
1437 
1438  SCLogDebug("f %p tcp %p direction %d", f, f ? f->protoctx : NULL, direction);
1439  if (f != NULL && f->protoctx != NULL)
1440  StreamTcpReassembleTriggerRawReassembly(f->protoctx, direction);
1441 
1442  SCReturn;
1443 }
1444 
1445 void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth)
1446 {
1447  SCEnter();
1448 
1449  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].stream_depth = stream_depth;
1450  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].internal_flags |=
1451  APP_LAYER_PARSER_INT_STREAM_DEPTH_SET;
1452 
1453  SCReturn;
1454 }
1455 
1456 uint32_t AppLayerParserGetStreamDepth(const Flow *f)
1457 {
1458  SCReturnInt(alp_ctx.ctxs[f->protomap][f->alproto].stream_depth);
1459 }
1460 
1461 void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags)
1462 {
1463  SCEnter();
1464  void *tx = NULL;
1465  if (state != NULL) {
1466  if ((tx = AppLayerParserGetTx(ipproto, alproto, state, tx_id)) != NULL) {
1467  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag != NULL) {
1468  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].SetStreamDepthFlag(tx, flags);
1469  }
1470  }
1471  }
1472  SCReturn;
1473 }
1474 
1475 /***** Cleanup *****/
1476 
1477 void AppLayerParserStateProtoCleanup(
1478  uint8_t protomap, AppProto alproto, void *alstate, AppLayerParserState *pstate)
1479 {
1480  SCEnter();
1481 
1482  AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[protomap][alproto];
1483 
1484  if (ctx->StateFree != NULL && alstate != NULL)
1485  ctx->StateFree(alstate);
1486 
1487  /* free the app layer parser api state */
1488  if (pstate != NULL)
1489  AppLayerParserStateFree(pstate);
1490 
1491  SCReturn;
1492 }
1493 
1494 void AppLayerParserStateCleanup(const Flow *f, void *alstate, AppLayerParserState *pstate)
1495 {
1496  AppLayerParserStateProtoCleanup(f->protomap, f->alproto, alstate, pstate);
1497 }
1498 
1499 static void ValidateParserProtoDump(AppProto alproto, uint8_t ipproto)
1500 {
1501  uint8_t map = FlowGetProtoMapping(ipproto);
1502  const AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[map][alproto];
1503  const AppLayerParserProtoCtx *ctx_def = &alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto];
1504  printf("ERROR: incomplete app-layer registration\n");
1505  printf("AppLayer protocol %s ipproto %u\n", AppProtoToString(alproto), ipproto);
1506  printf("- option flags %"PRIx32"\n", ctx->option_flags);
1507  printf("- first_data_dir %"PRIx8"\n", ctx->first_data_dir);
1508  printf("Mandatory:\n");
1509  printf("- Parser[0] %p Parser[1] %p\n", ctx->Parser[0], ctx->Parser[1]);
1510  printf("- StateAlloc %p StateFree %p\n", ctx->StateAlloc, ctx->StateFree);
1511  printf("- StateGetTx %p StateGetTxCnt %p StateTransactionFree %p\n",
1512  ctx->StateGetTx, ctx->StateGetTxCnt, ctx->StateTransactionFree);
1513  printf("- GetTxData %p\n", ctx->GetTxData);
1514  printf("- StateGetProgress %p StateGetProgressCompletionStatus %p\n", ctx->StateGetProgress, ctx_def->StateGetProgressCompletionStatus);
1515  printf("- GetTxDetectState %p SetTxDetectState %p\n", ctx->GetTxDetectState, ctx->SetTxDetectState);
1516  printf("Optional:\n");
1517  printf("- LocalStorageAlloc %p LocalStorageFree %p\n", ctx->LocalStorageAlloc, ctx->LocalStorageFree);
1518  printf("- StateGetEvents %p StateGetEventInfo %p StateGetEventInfoById %p\n", ctx->StateGetEvents, ctx->StateGetEventInfo,
1519  ctx->StateGetEventInfoById);
1520 }
1521 
1522 #define BOTH_SET(a, b) ((a) != NULL && (b) != NULL)
1523 #define BOTH_SET_OR_BOTH_UNSET(a, b) (((a) == NULL && (b) == NULL) || ((a) != NULL && (b) != NULL))
1524 #define THREE_SET_OR_THREE_UNSET(a, b, c) (((a) == NULL && (b) == NULL && (c) == NULL) || ((a) != NULL && (b) != NULL && (c) != NULL))
1525 #define THREE_SET(a, b, c) ((a) != NULL && (b) != NULL && (c) != NULL)
1526 
1527 static void ValidateParserProto(AppProto alproto, uint8_t ipproto)
1528 {
1529  uint8_t map = FlowGetProtoMapping(ipproto);
1530  const AppLayerParserProtoCtx *ctx = &alp_ctx.ctxs[map][alproto];
1531  const AppLayerParserProtoCtx *ctx_def = &alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto];
1532 
1533  if (ctx->Parser[0] == NULL && ctx->Parser[1] == NULL)
1534  return;
1535 
1536  if (!(BOTH_SET(ctx->Parser[0], ctx->Parser[1]))) {
1537  goto bad;
1538  }
1539  if (!(BOTH_SET(ctx->StateFree, ctx->StateAlloc))) {
1540  goto bad;
1541  }
1542  if (!(THREE_SET(ctx->StateGetTx, ctx->StateGetTxCnt, ctx->StateTransactionFree))) {
1543  goto bad;
1544  }
1545  /* special case: StateGetProgressCompletionStatus is used from 'default'. */
1546  if (!(BOTH_SET(ctx->StateGetProgress, ctx_def->StateGetProgressCompletionStatus))) {
1547  goto bad;
1548  }
1549  /* local storage is optional, but needs both set if used */
1550  if (!(BOTH_SET_OR_BOTH_UNSET(ctx->LocalStorageAlloc, ctx->LocalStorageFree))) {
1551  goto bad;
1552  }
1553  if (!(BOTH_SET(ctx->GetTxDetectState, ctx->SetTxDetectState))) {
1554  goto bad;
1555  }
1556  if (!(BOTH_SET_OR_BOTH_UNSET(ctx->GetTxDetectState, ctx->SetTxDetectState))) {
1557  goto bad;
1558  }
1559  if (ctx->GetTxData == NULL) {
1560  goto bad;
1561  }
1562  return;
1563 bad:
1564  ValidateParserProtoDump(alproto, ipproto);
1565  exit(EXIT_FAILURE);
1566 }
1567 #undef BOTH_SET
1568 #undef BOTH_SET_OR_BOTH_UNSET
1569 #undef THREE_SET_OR_THREE_UNSET
1570 #undef THREE_SET
1571 
1572 static void ValidateParser(AppProto alproto)
1573 {
1574  ValidateParserProto(alproto, IPPROTO_TCP);
1575  ValidateParserProto(alproto, IPPROTO_UDP);
1576 }
1577 
1578 static void ValidateParsers(void)
1579 {
1580  AppProto p = 0;
1581  for ( ; p < ALPROTO_MAX; p++) {
1582  ValidateParser(p);
1583  }
1584 }
1585 
1586 void AppLayerParserRegisterProtocolParsers(void)
1587 {
1588  SCEnter();
1589 
1590  RegisterHTPParsers();
1591  RegisterSSLParsers();
1592  RegisterDCERPCParsers();
1593  RegisterDCERPCUDPParsers();
1594  RegisterSMBParsers();
1595  RegisterFTPParsers();
1596  RegisterSSHParsers();
1597  RegisterSMTPParsers();
1598  rs_dns_udp_register_parser();
1599  rs_dns_tcp_register_parser();
1600  RegisterModbusParsers();
1601  RegisterENIPUDPParsers();
1602  RegisterENIPTCPParsers();
1603  RegisterDNP3Parsers();
1604  RegisterNFSTCPParsers();
1605  RegisterNFSUDPParsers();
1606  RegisterNTPParsers();
1607  RegisterTFTPParsers();
1608  RegisterIKEV2Parsers();
1609  RegisterKRB5Parsers();
1610  rs_dhcp_register_parser();
1611  RegisterSNMPParsers();
1612  RegisterSIPParsers();
1613  RegisterTemplateRustParsers();
1614  RegisterRFBParsers();
1615  RegisterMQTTParsers();
1616  RegisterTemplateParsers();
1617  RegisterRdpParsers();
1618  RegisterHTTP2Parsers();
1619 
1620  /** IMAP */
1621  AppLayerProtoDetectRegisterProtocol(ALPROTO_IMAP, "imap");
1622  if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", "imap")) {
1623  if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_IMAP,
1624  "1|20|capability", 12, 0, STREAM_TOSERVER) < 0)
1625  {
1626  SCLogInfo("imap proto registration failure");
1627  exit(EXIT_FAILURE);
1628  }
1629  } else {
1630  SCLogInfo("Protocol detection and parser disabled for %s protocol.",
1631  "imap");
1632  }
1633 
1634  ValidateParsers();
1635  return;
1636 }
1637 
1638 
1639 /* coccinelle: AppLayerParserStateSetFlag():2,2:APP_LAYER_PARSER_ */
1640 void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint8_t flag)
1641 {
1642  SCEnter();
1643  pstate->flags |= flag;
1644  SCReturn;
1645 }
1646 
1647 /* coccinelle: AppLayerParserStateIssetFlag():2,2:APP_LAYER_PARSER_ */
1648 int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag)
1649 {
1650  SCEnter();
1651  SCReturnInt(pstate->flags & flag);
1652 }
1653 
1654 
1655 void AppLayerParserStreamTruncated(uint8_t ipproto, AppProto alproto, void *alstate,
1656  uint8_t direction)
1657 {
1658  SCEnter();
1659 
1660  if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate != NULL)
1661  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate(alstate, direction);
1662 
1663  SCReturn;
1664 }
1665 
1666 #ifdef DEBUG
1667 void AppLayerParserStatePrintDetails(AppLayerParserState *pstate)
1668 {
1669  SCEnter();
1670 
1671  if (pstate == NULL)
1672  SCReturn;
1673 
1674  AppLayerParserState *p = pstate;
1675  SCLogDebug("AppLayerParser parser state information for parser state p(%p). "
1676  "p->inspect_id[0](%"PRIu64"), "
1677  "p->inspect_id[1](%"PRIu64"), "
1678  "p->log_id(%"PRIu64"), "
1679  "p->decoder_events(%p).",
1680  pstate, p->inspect_id[0], p->inspect_id[1], p->log_id,
1681  p->decoder_events);
1682 
1683  SCReturn;
1684 }
1685 #endif
1686 
1687 /***** Unittests *****/
1688 
1689 #ifdef UNITTESTS
1690 
1691 static AppLayerParserCtx alp_ctx_backup_unittest;
1692 
1693 typedef struct TestState_ {
1694  uint8_t test;
1695 } TestState;
1696 
1697 /**
1698  * \brief Test parser function to test the memory deallocation of app layer
1699  * parser of occurence of an error.
1700  */
1701 static AppLayerResult TestProtocolParser(Flow *f, void *test_state, AppLayerParserState *pstate,
1702  const uint8_t *input, uint32_t input_len,
1703  void *local_data, const uint8_t flags)
1704 {
1705  SCEnter();
1706  SCReturnStruct(APP_LAYER_ERROR);
1707 }
1708 
1709 /** \brief Function to allocates the Test protocol state memory
1710  */
1711 static void *TestProtocolStateAlloc(void *orig_state, AppProto proto_orig)
1712 {
1713  SCEnter();
1714  void *s = SCMalloc(sizeof(TestState));
1715  if (unlikely(s == NULL))
1716  goto end;
1717  memset(s, 0, sizeof(TestState));
1718  end:
1719  SCReturnPtr(s, "TestState");
1720 }
1721 
1722 /** \brief Function to free the Test Protocol state memory
1723  */
1724 static void TestProtocolStateFree(void *s)
1725 {
1726  SCFree(s);
1727 }
1728 
1729 static uint64_t TestGetTxCnt(void *state)
1730 {
1731  /* single tx */
1732  return 1;
1733 }
1734 
1735 static void TestStateTransactionFree(void *state, uint64_t tx_id)
1736 {
1737  /* do nothing */
1738 }
1739 
1740 static void *TestGetTx(void *state, uint64_t tx_id)
1741 {
1742  TestState *test_state = (TestState *)state;
1743  return test_state;
1744 }
1745 
1746 void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto,
1747  void (*RegisterUnittests)(void))
1748 {
1749  SCEnter();
1750  alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
1751  RegisterUnittests = RegisterUnittests;
1752  SCReturn;
1753 }
1754 
1755 void AppLayerParserBackupParserTable(void)
1756 {
1757  SCEnter();
1758  alp_ctx_backup_unittest = alp_ctx;
1759  memset(&alp_ctx, 0, sizeof(alp_ctx));
1760  SCReturn;
1761 }
1762 
1763 void AppLayerParserRestoreParserTable(void)
1764 {
1765  SCEnter();
1766  alp_ctx = alp_ctx_backup_unittest;
1767  memset(&alp_ctx_backup_unittest, 0, sizeof(alp_ctx_backup_unittest));
1768  SCReturn;
1769 }
1770 
1771 /**
1772  * \test Test the deallocation of app layer parser memory on occurance of
1773  * error in the parsing process.
1774  */
1775 static int AppLayerParserTest01(void)
1776 {
1777  AppLayerParserBackupParserTable();
1778 
1779  int result = 0;
1780  Flow *f = NULL;
1781  uint8_t testbuf[] = { 0x11 };
1782  uint32_t testlen = sizeof(testbuf);
1783  TcpSession ssn;
1784  AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
1785 
1786  memset(&ssn, 0, sizeof(ssn));
1787 
1788  /* Register the Test protocol state and parser functions */
1789  AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TEST, STREAM_TOSERVER,
1790  TestProtocolParser);
1791  AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TEST,
1792  TestProtocolStateAlloc, TestProtocolStateFree);
1793  AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TEST, TestStateTransactionFree);
1794  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TEST, TestGetTx);
1795  AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TEST, TestGetTxCnt);
1796 
1797  f = UTHBuildFlow(AF_INET, "1.2.3.4", "4.3.2.1", 20, 40);
1798  if (f == NULL)
1799  goto end;
1800  f->protoctx = &ssn;
1801  f->alproto = ALPROTO_TEST;
1802  f->proto = IPPROTO_TCP;
1803 
1804  StreamTcpInitConfig(TRUE);
1805 
1806  FLOWLOCK_WRLOCK(f);
1807  int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_TEST,
1808  STREAM_TOSERVER | STREAM_EOF, testbuf,
1809  testlen);
1810  if (r != -1) {
1811  printf("returned %" PRId32 ", expected -1: ", r);
1812  FLOWLOCK_UNLOCK(f);
1813  goto end;
1814  }
1815  FLOWLOCK_UNLOCK(f);
1816 
1817  if (!(ssn.flags & STREAMTCP_FLAG_APP_LAYER_DISABLED)) {
1818  printf("flag should have been set, but is not: ");
1819  goto end;
1820  }
1821 
1822  result = 1;
1823  end:
1824  AppLayerParserRestoreParserTable();
1825  StreamTcpFreeConfig(TRUE);
1826 
1827  UTHFreeFlow(f);
1828  return result;
1829 }
1830 
1831 /**
1832  * \test Test the deallocation of app layer parser memory on occurance of
1833  * error in the parsing process for UDP.
1834  */
1835 static int AppLayerParserTest02(void)
1836 {
1837  AppLayerParserBackupParserTable();
1838 
1839  int result = 1;
1840  Flow *f = NULL;
1841  uint8_t testbuf[] = { 0x11 };
1842  uint32_t testlen = sizeof(testbuf);
1843  AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
1844 
1845  /* Register the Test protocol state and parser functions */
1846  AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_TEST, STREAM_TOSERVER,
1847  TestProtocolParser);
1848  AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_TEST,
1849  TestProtocolStateAlloc, TestProtocolStateFree);
1850  AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_TEST, TestStateTransactionFree);
1851  AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_TEST, TestGetTx);
1852  AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_TEST, TestGetTxCnt);
1853 
1854  f = UTHBuildFlow(AF_INET, "1.2.3.4", "4.3.2.1", 20, 40);
1855  if (f == NULL)
1856  goto end;
1857  f->alproto = ALPROTO_TEST;
1858  f->proto = IPPROTO_UDP;
1859  f->protomap = FlowGetProtoMapping(f->proto);
1860 
1861  StreamTcpInitConfig(TRUE);
1862 
1863  FLOWLOCK_WRLOCK(f);
1864  int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_TEST,
1865  STREAM_TOSERVER | STREAM_EOF, testbuf,
1866  testlen);
1867  if (r != -1) {
1868  printf("returned %" PRId32 ", expected -1: \n", r);
1869  result = 0;
1870  FLOWLOCK_UNLOCK(f);
1871  goto end;
1872  }
1873  FLOWLOCK_UNLOCK(f);
1874 
1875  end:
1876  AppLayerParserRestoreParserTable();
1877  StreamTcpFreeConfig(TRUE);
1878  UTHFreeFlow(f);
1879  return result;
1880 }
1881 
1882 
1883 void AppLayerParserRegisterUnittests(void)
1884 {
1885  SCEnter();
1886 
1887  int ip;
1888  AppProto alproto;
1889  AppLayerParserProtoCtx *ctx;
1890 
1891  for (ip = 0; ip < FLOW_PROTO_DEFAULT; ip++) {
1892  for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
1893  ctx = &alp_ctx.ctxs[ip][alproto];
1894  if (ctx->RegisterUnittests == NULL)
1895  continue;
1896  ctx->RegisterUnittests();
1897  }
1898  }
1899 
1900  UtRegisterTest("AppLayerParserTest01", AppLayerParserTest01);
1901  UtRegisterTest("AppLayerParserTest02", AppLayerParserTest02);
1902 
1903  SCReturn;
1904 }
1905 
1906 #endif
AppLayerParserProtoCtx_::Truncate
void(* Truncate)(void *, uint8_t)
Definition: app-layer-parser.c:108
app-layer-nfs-udp.h
app-layer-dcerpc.h
ALPROTO_TEST
@ ALPROTO_TEST
Definition: app-layer-protos.h:65
AppLayerParserRegisterGetStateProgressFunc
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
Definition: app-layer-parser.c:475
AppLayerParserDeSetup
int AppLayerParserDeSetup(void)
Definition: app-layer-parser.c:242
FileContainer_
Definition: util-file.h:100
app-layer-dcerpc-udp.h
RegisterNTPParsers
void RegisterNTPParsers(void)
Definition: app-layer-ntp.c:38
AppLayerParserProtoCtx_::StateGetTxCnt
uint64_t(* StateGetTxCnt)(void *alstate)
Definition: app-layer-parser.c:113
AppLayerParserProtoCtx_::logger_bits
uint32_t logger_bits
Definition: app-layer-parser.c:100
AppLayerParserProtoCtx_::GetTxData
AppLayerTxData *(* GetTxData)(void *tx)
Definition: app-layer-parser.c:125
RegisterTemplateRustParsers
void RegisterTemplateRustParsers(void)
Definition: app-layer-template-rust.c:48
app-layer-tftp.h
AppLayerParserCtx_::ctxs
AppLayerParserProtoCtx ctxs[FLOW_PROTO_MAX][ALPROTO_MAX]
Definition: app-layer-parser.c:151
AppLayerParserState_::log_id
uint64_t log_id
Definition: app-layer-parser.c:164
RegisterSMBParsers
void RegisterSMBParsers(void)
Definition: app-layer-smb.c:235
app-layer-ssh.h
FLOW_PROTO_DEFAULT
@ FLOW_PROTO_DEFAULT
Definition: flow-private.h:73
AppLayerParserIsEnabled
int AppLayerParserIsEnabled(AppProto alproto)
simple way to globally test if a alproto is registered and fully enabled in the configuration.
Definition: app-layer-parser.c:1404
AppLayerParserRegisterLocalStorageFunc
void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto alproto, void *(*LocalStorageAlloc)(void), void(*LocalStorageFree)(void *))
Definition: app-layer-parser.c:411
BOTH_SET
#define BOTH_SET(a, b)
Definition: app-layer-parser.c:1522
AppLayerParserProtocolHasLogger
int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1418
AppLayerParserRegisterOptionFlags
void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto, uint32_t flags)
Definition: app-layer-parser.c:382
flow-util.h
AppLayerParserSetStreamDepthFlag
void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags)
Definition: app-layer-parser.c:1461
AppLayerParserSetTransactionLogId
void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id)
Definition: app-layer-parser.c:686
AppLayerParserSetStreamDepth
void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth)
Definition: app-layer-parser.c:1445
DetectEngineState_
Definition: detect-engine-state.h:92
ConfNode_::val
char * val
Definition: conf.h:34
stream-tcp.h
AppLayerParserApplyTxConfig
void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto, void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig config)
Definition: app-layer-parser.c:1177
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
AppLayerParserGetProtocolParserLocalStorage
void * AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:606
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
AppLayerParserProtoCtx_::LocalStorageFree
void(* LocalStorageFree)(void *)
Definition: app-layer-parser.c:106
app-layer-ikev2.h
AppLayerParserProtoCtx_
App layer protocol parser context.
Definition: app-layer-parser.c:96
RegisterSSHParsers
void RegisterSSHParsers(void)
Function to register the SSH protocol parsers and other functions.
Definition: app-layer-ssh.c:81
AppLayerParserProtoCtx_::StateGetTx
void *(* StateGetTx)(void *alstate, uint64_t tx_id)
Definition: app-layer-parser.c:114
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
AppLayerParserSetTransactionInspectId
void AppLayerParserSetTransactionInspectId(const Flow *f, AppLayerParserState *pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected)
Definition: app-layer-parser.c:727
APP_LAYER_PARSER_BYPASS_READY
#define APP_LAYER_PARSER_BYPASS_READY
Definition: app-layer-parser.h:40
AppLayerParserGetEventsByTx
AppLayerDecoderEvents * AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto, void *tx)
Definition: app-layer-parser.c:841
AppLayerGetTxIterator
AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto, const AppProto alproto)
Definition: app-layer-parser.c:671
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
RegisterModbusParsers
void RegisterModbusParsers(void)
Function to register the Modbus protocol parsers and other functions.
Definition: app-layer-modbus.c:1464
Flow_::proto
uint8_t proto
Definition: flow.h:365
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:73
AppLayerParserFPtr
AppLayerResult(* AppLayerParserFPtr)(Flow *f, void *protocol_state, AppLayerParserState *pstate, const uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags)
Prototype for parsing functions.
Definition: app-layer-parser.h:113
StreamTcpSetDisableRawReassemblyFlag
void StreamTcpSetDisableRawReassemblyFlag(TcpSession *, char)
Set the No reassembly flag for the given direction in given TCP session.
Definition: stream-tcp.c:5870
AppLayerParserConfParserEnabled
int AppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests
Definition: app-layer-parser.c:301
AppLayerParserGetStateProgress
int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto, void *alstate, uint8_t flags)
get the progress value for a tx/protocol
Definition: app-layer-parser.c:1033
AppLayerParserTriggerRawStreamReassembly
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
Definition: app-layer-parser.c:1434
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:175
threads.h
TcpStreamCnf_::reassembly_depth
uint32_t reassembly_depth
Definition: stream-tcp.h:60
flow-private.h
Flow_
Flow data structure.
Definition: flow.h:347
APP_LAYER_PARSER_INT_STREAM_DEPTH_SET
#define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET
Definition: app-layer-parser.h:48
AppLayerEventType
enum AppLayerEventType_ AppLayerEventType
AppLayerParserRegisterGetEventsFunc
void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto alproto, AppLayerDecoderEvents *(*StateGetEvents)(void *))
Definition: app-layer-parser.c:436
StreamTcpReassembleTriggerRawReassembly
void StreamTcpReassembleTriggerRawReassembly(TcpSession *ssn, int direction)
Trigger RAW stream reassembly.
Definition: stream-tcp-reassemble.c:1940
LoggerId
LoggerId
Definition: suricata-common.h:441
Flow_::protomap
uint8_t protomap
Definition: flow.h:445
AppLayerParserGetTransactionLogId
uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate)
Definition: app-layer-parser.c:679
AppProtoToString
const char * AppProtoToString(AppProto alproto)
Maps the ALPROTO_*, to its string equivalent.
Definition: app-layer-protos.c:30
AppLayerParserRegisterTruncateFunc
void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto, void(*Truncate)(void *, uint8_t))
Definition: app-layer-parser.c:465
AppLayerParserRegisterParserAcceptableDataDirection
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:371
AppLayerParserGetStateProgressCompletionStatus
int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:1066
AppLayerParserGetFirstDataDir
uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1096
AppLayerParserProtoIsRegistered
int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:187
AppLayerParserRegisterTxFreeFunc
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))
Definition: app-layer-parser.c:486
FLOW_NOPAYLOAD_INSPECTION
#define FLOW_NOPAYLOAD_INSPECTION
Definition: flow.h:62
AppLayerParserSupportsFiles
int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1123
Flow_::alproto_orig
AppProto alproto_orig
Definition: flow.h:456
AppLayerParserStateProtoCleanup
void AppLayerParserStateProtoCleanup(uint8_t protomap, AppProto alproto, void *alstate, AppLayerParserState *pstate)
Definition: app-layer-parser.c:1477
AppLayerParserProtoCtx_::StateGetTxIterator
AppLayerGetTxIteratorFunc StateGetTxIterator
Definition: app-layer-parser.c:115
AppLayerParserThreadCtxFree
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
Definition: app-layer-parser.c:278
rust.h
AppLayerDecoderEventsFreeEvents
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events)
Definition: app-layer-events.c:148
StreamTcpUpdateAppLayerProgress
void StreamTcpUpdateAppLayerProgress(TcpSession *ssn, char direction, const uint32_t progress)
update reassembly progress
Definition: stream-tcp.c:5836
AppLayerParserGetFiles
FileContainer * AppLayerParserGetFiles(const Flow *f, const uint8_t direction)
Definition: app-layer-parser.c:858
APP_LAYER_TX_INSPECTED_FLAG
#define APP_LAYER_TX_INSPECTED_FLAG
Definition: app-layer-parser.h:53
stream-tcp-reassemble.h
AppLayerParserRegisterDetectStateFuncs
void AppLayerParserRegisterDetectStateFuncs(uint8_t ipproto, AppProto alproto, DetectEngineState *(*GetTxDetectState)(void *tx), int(*SetTxDetectState)(void *tx, DetectEngineState *))
Definition: app-layer-parser.c:562
AppLayerParserGetOptionFlags
uint32_t AppLayerParserGetOptionFlags(uint8_t protomap, AppProto alproto)
Definition: app-layer-parser.c:392
TestState
struct TestState_ TestState
app-layer-http2.h
RegisterSIPParsers
void RegisterSIPParsers(void)
Definition: app-layer-sip.c:30
app-layer-ftp.h
stream_config
TcpStreamCnf stream_config
Definition: stream-tcp.c:119
MAX
#define MAX(x, y)
Definition: suricata-common.h:381
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:41
ALPROTO_MAX
@ ALPROTO_MAX
Definition: app-layer-protos.h:68
Flow_::protoctx
void * protoctx
Definition: flow.h:441
TcpStream_::data_required
uint32_t data_required
Definition: stream-tcp-private.h:120
AppLayerParserRegisterUnittests
void AppLayerParserRegisterUnittests(void)
Definition: app-layer-parser.c:1883
AppLayerParserGetTransactionInspectId
uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction)
Definition: app-layer-parser.c:696
RegisterKRB5Parsers
void RegisterKRB5Parsers(void)
Definition: app-layer-krb5.c:38
AppLayerDecoderEvents_
Data structure to store app layer decoder events.
Definition: app-layer-events.h:34
util-unittest.h
AppLayerParserProtoCtx_::ApplyTxConfig
bool(* ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig)
Definition: app-layer-parser.c:126
FlowGetReverseProtoMapping
uint8_t FlowGetReverseProtoMapping(uint8_t rproto)
Definition: flow-util.c:109
AppLayerParserProtocolIsTxEventAware
int AppLayerParserProtocolIsTxEventAware(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1410
RegisterDNP3Parsers
void RegisterDNP3Parsers(void)
Register the DNP3 application protocol parser.
Definition: app-layer-dnp3.c:1592
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:565
util-unittest-helper.h
FTPParserCleanup
void FTPParserCleanup(void)
Free memory allocated for global FTP parser state.
Definition: app-layer-ftp.c:1436
TcpSession_::flags
uint16_t flags
Definition: stream-tcp-private.h:269
FLOWLOCK_UNLOCK
#define FLOWLOCK_UNLOCK(fb)
Definition: flow.h:264
AppLayerParserGetEventInfoById
int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, int event_id, const char **event_name, AppLayerEventType *event_type)
Definition: app-layer-parser.c:1085
Flow_::sgh_toserver
const struct SigGroupHead_ * sgh_toserver
Definition: flow.h:483
SCReturnBool
#define SCReturnBool(x)
Definition: util-debug.h:318
AppLayerParserRestoreParserTable
void AppLayerParserRestoreParserTable(void)
Definition: app-layer-parser.c:1763
AppLayerParserState_::inspect_id
uint64_t inspect_id[2]
Definition: app-layer-parser.c:160
AppLayerParserCtx
struct AppLayerParserCtx_ AppLayerParserCtx
Flow_::alparser
AppLayerParserState * alparser
Definition: flow.h:475
AppLayerParserRegisterProtocolParsers
void AppLayerParserRegisterProtocolParsers(void)
Definition: app-layer-parser.c:1586
app-layer-krb5.h
RegisterRFBParsers
void RegisterRFBParsers(void)
Definition: app-layer-rfb.c:54
RegisterDCERPCParsers
void RegisterDCERPCParsers(void)
Definition: app-layer-dcerpc.c:145
UTHBuildFlow
Flow * UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
Definition: util-unittest-helper.c:521
app-layer-htp.h
AppLayerParserStateIssetFlag
int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag)
Definition: app-layer-parser.c:1648
FLOW_PROTO_MAX
@ FLOW_PROTO_MAX
Definition: flow-private.h:76
AppLayerParserProtoCtx_::stream_depth
uint32_t stream_depth
Definition: app-layer-parser.c:131
decode.h
util-debug.h
AppLayerParserState_
Definition: app-layer-parser.c:154
AppLayerParserGetTransactionActive
uint64_t AppLayerParserGetTransactionActive(const Flow *f, AppLayerParserState *pstate, uint8_t direction)
Definition: app-layer-parser.c:1105
AppLayerParserProtoCtx_::logger
bool logger
Definition: app-layer-parser.c:99
app-layer-dnp3.h
AppLayerParserStreamTruncated
void AppLayerParserStreamTruncated(uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction)
Definition: app-layer-parser.c:1655
STREAM_TOSERVER
#define STREAM_TOSERVER
Definition: stream.h:31
res
PoolThreadReserved res
Definition: stream-tcp-private.h:0
alp_tctx
AppLayerParserThreadCtx * alp_tctx
Definition: fuzz_applayerparserparse.c:20
AppLayerParserRegisterLogger
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:456
FLOWLOCK_WRLOCK
#define FLOWLOCK_WRLOCK(fb)
Definition: flow.h:261
app-layer-rfb.h
AppLayerParserRegisterGetFilesFunc
void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto, FileContainer *(*StateGetFiles)(void *, uint8_t))
Definition: app-layer-parser.c:425
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
AppLayerParserProtoCtx_::SetStreamDepthFlag
void(* SetStreamDepthFlag)(void *tx, uint8_t flags)
Definition: app-layer-parser.c:128
AppLayerParserState_::min_id
uint64_t min_id
Definition: app-layer-parser.c:166
RegisterENIPTCPParsers
void RegisterENIPTCPParsers(void)
Function to register the ENIP protocol parsers and other functions.
Definition: app-layer-enip.c:515
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
AppLayerParserRegisterLoggerBits
void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits)
Definition: app-layer-parser.c:447
AppLayerParserProtoCtx_::StateGetEventInfo
int(* StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type)
Definition: app-layer-parser.c:119
AppLayerParserRegisterStateFuncs
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *))
Definition: app-layer-parser.c:398
AppLayerParserProtoCtx_::GetTxDetectState
DetectEngineState *(* GetTxDetectState)(void *tx)
Definition: app-layer-parser.c:122
detect-engine-port.h
APP_LAYER_PARSER_OPT_UNIDIR_TXS
#define APP_LAYER_PARSER_OPT_UNIDIR_TXS
Definition: app-layer-parser.h:46
AppLayerParserSupportsTxDetectState
int AppLayerParserSupportsTxDetectState(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1130
AppLayerParserProtoCtx_::SetTxDetectState
int(* SetTxDetectState)(void *tx, DetectEngineState *)
Definition: app-layer-parser.c:123
AppLayerParserSupportsTxDetectFlags
bool AppLayerParserSupportsTxDetectFlags(AppProto alproto)
Definition: app-layer-parser.c:1156
APP_LAYER_PARSER_NO_REASSEMBLY
#define APP_LAYER_PARSER_NO_REASSEMBLY
Definition: app-layer-parser.h:38
IS_DISRUPTED
#define IS_DISRUPTED(flags)
Definition: app-layer-parser.c:873
AppLayerParserSetEOF
void AppLayerParserSetEOF(AppLayerParserState *pstate)
Definition: app-layer-parser.c:1370
AppLayerParserProtoCtx_::RegisterUnittests
void(* RegisterUnittests)(void)
Definition: app-layer-parser.c:146
AppLayerParserStateFree
void AppLayerParserStateFree(AppLayerParserState *pstate)
Definition: app-layer-parser.c:207
app-layer-parser.h
AppLayerParserStateCleanup
void AppLayerParserStateCleanup(const Flow *f, void *alstate, AppLayerParserState *pstate)
Definition: app-layer-parser.c:1494
TRUE
#define TRUE
Definition: suricata-common.h:33
AppLayerParserBackupParserTable
void AppLayerParserBackupParserTable(void)
Definition: app-layer-parser.c:1755
AppLayerParserProtoCtx_::StateGetEventInfoById
int(* StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type)
Definition: app-layer-parser.c:117
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:282
AppLayerDecoderEvents_::cnt
uint8_t cnt
Definition: app-layer-events.h:38
Flow_::sgh_toclient
const struct SigGroupHead_ * sgh_toclient
Definition: flow.h:480
RegisterNFSTCPParsers
void RegisterNFSTCPParsers(void)
Definition: app-layer-nfs-tcp.c:263
AppLayerParserProtoCtx
struct AppLayerParserProtoCtx_ AppLayerParserProtoCtx
App layer protocol parser context.
FALSE
#define FALSE
Definition: suricata-common.h:34
AppLayerParserSetup
int AppLayerParserSetup(void)
Definition: app-layer-parser.c:218
SCReturn
#define SCReturn
Definition: util-debug.h:302
RegisterFTPParsers
void RegisterFTPParsers(void)
Definition: app-layer-ftp.c:1291
stream.h
AppLayerParserRegisterProtocolUnittests
void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void))
Definition: app-layer-parser.c:1746
AppLayerGetTxIterState
Definition: app-layer-parser.h:118
AppLayerParserProtoCtx_::StateAlloc
void *(* StateAlloc)(void *, AppProto)
Definition: app-layer-parser.c:102
FlowGetProtoMapping
uint8_t FlowGetProtoMapping(uint8_t proto)
Function to map the protocol to the defined FLOW_PROTO_* enumeration.
Definition: flow-util.c:95
STREAM_DEPTH
#define STREAM_DEPTH
Definition: stream.h:34
RegisterTFTPParsers
void RegisterTFTPParsers(void)
Definition: app-layer-tftp.c:182
StreamTcpFreeConfig
void StreamTcpFreeConfig(char quiet)
Definition: stream-tcp.c:668
ALPROTO_IMAP
@ ALPROTO_IMAP
Definition: app-layer-protos.h:35
stream-tcp-private.h
FLOW_PROTO_APPLAYER_MAX
#define FLOW_PROTO_APPLAYER_MAX
Definition: flow-private.h:79
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:42
SCReturnUInt
#define SCReturnUInt(x)
Definition: util-debug.h:306
conf.h
DEBUG_ASSERT_FLOW_LOCKED
#define DEBUG_ASSERT_FLOW_LOCKED(f)
Definition: util-validate.h:108
BOTH_SET_OR_BOTH_UNSET
#define BOTH_SET_OR_BOTH_UNSET(a, b)
Definition: app-layer-parser.c:1523
AppLayerParserThreadCtx_::alproto_local_storage
void * alproto_local_storage[FLOW_PROTO_MAX][ALPROTO_MAX]
Definition: app-layer-parser.c:88
AppLayerParserRegisterGetEventInfo
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type))
Definition: app-layer-parser.c:550
AppLayerParserSetDecoderEvents
void AppLayerParserSetDecoderEvents(AppLayerParserState *pstate, AppLayerDecoderEvents *devents)
Definition: app-layer-parser.c:836
RegisterDCERPCUDPParsers
void RegisterDCERPCUDPParsers(void)
Definition: app-layer-dcerpc-udp.c:116
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:316
AppLayerParserProtoCtx_::StateFree
void(* StateFree)(void *)
Definition: app-layer-parser.c:103
detect-engine-state.h
Data structures and function prototypes for keeping state for the detection engine.
STREAM_GAP
#define STREAM_GAP
Definition: stream.h:33
AppLayerProtoDetectRegisterProtocol
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
Definition: app-layer-detect-proto.c:1876
AppLayerParserRegisterSetStreamDepthFlag
void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void(*SetStreamDepthFlag)(void *tx, uint8_t flags))
Definition: app-layer-parser.c:594
app-layer-sip.h
runmodes.h
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:264
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:217
RegisterRdpParsers
void RegisterRdpParsers(void)
Definition: app-layer-rdp.c:35
APP_LAYER_PARSER_NO_INSPECTION
#define APP_LAYER_PARSER_NO_INSPECTION
Definition: app-layer-parser.h:37
AppLayerParserGetTx
void * AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)
Definition: app-layer-parser.c:1057
g_detect_disabled
int g_detect_disabled
Definition: suricata.c:215
AppLayerParserRegisterParser
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
Definition: app-layer-parser.c:359
RegisterIKEV2Parsers
void RegisterIKEV2Parsers(void)
Definition: app-layer-ikev2.c:38
decode-events.h
AppLayerParserRegisterGetStateProgressCompletionStatus
void AppLayerParserRegisterGetStateProgressCompletionStatus(AppProto alproto, int(*StateGetProgressCompletionStatus)(uint8_t direction))
Definition: app-layer-parser.c:527
UTHFreeFlow
void UTHFreeFlow(Flow *flow)
Definition: util-unittest-helper.c:526
AppLayerParserThreadCtxAlloc
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Definition: app-layer-parser.c:252
AppLayerParserRegisterGetTx
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
Definition: app-layer-parser.c:508
ConfigAction
ConfigAction
Definition: util-config.h:27
AppLayerParserProtoCtx_::Parser
AppLayerParserFPtr Parser[2]
Definition: app-layer-parser.c:98
app-layer-modbus.h
AppLayerParserProtoCtx_::StateTransactionFree
void(* StateTransactionFree)(void *, uint64_t)
Definition: app-layer-parser.c:104
app-layer-enip.h
SCReturnStruct
#define SCReturnStruct(x)
Definition: util-debug.h:320
app-layer-template-rust.h
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:2917
AppLayerParserProtoCtx_::option_flags
uint32_t option_flags
Definition: app-layer-parser.c:139
StreamTcpSetSessionNoReassemblyFlag
void StreamTcpSetSessionNoReassemblyFlag(TcpSession *, char)
disable reassembly
Definition: stream-tcp.c:5854
AppLayerParserTransactionsCleanup
void AppLayerParserTransactionsCleanup(Flow *f)
remove obsolete (inspected and logged) transactions
Definition: app-layer-parser.c:879
flags
uint8_t flags
Definition: decode-gre.h:0
AppLayerParserParse
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
Definition: app-layer-parser.c:1203
StreamTcpDisableAppLayer
void StreamTcpDisableAppLayer(Flow *f)
Definition: stream-tcp-reassemble.c:337
suricata-common.h
AppLayerParserProtoCtx_::internal_flags
uint32_t internal_flags
Definition: app-layer-parser.c:142
util-spm.h
STREAM_TOCLIENT
#define STREAM_TOCLIENT
Definition: stream.h:32
AppLayerParserRegisterApplyTxConfigFunc
void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto, bool(*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig))
Definition: app-layer-parser.c:584
AppLayerParserProtoCtx_::StateGetFiles
FileContainer *(* StateGetFiles)(void *, uint8_t)
Definition: app-layer-parser.c:109
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
RegisterENIPUDPParsers
void RegisterENIPUDPParsers(void)
Function to register the ENIP protocol parsers and other functions.
Definition: app-layer-enip.c:425
AppLayerParserGetTxData
AppLayerTxData * AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx)
Definition: app-layer-parser.c:1167
FatalError
#define FatalError(x,...)
Definition: util-debug.h:532
AppLayerParserRegisterTxDataFunc
void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx))
Definition: app-layer-parser.c:574
TcpSession_::client
TcpStream client
Definition: stream-tcp-private.h:272
AppLayerParserGetStreamDepth
uint32_t AppLayerParserGetStreamDepth(const Flow *f)
Definition: app-layer-parser.c:1456
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:29
util-validate.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
RegisterSNMPParsers
void RegisterSNMPParsers(void)
Definition: app-layer-snmp.c:39
APP_LAYER_PARSER_OPT_ACCEPT_GAPS
#define APP_LAYER_PARSER_OPT_ACCEPT_GAPS
Definition: app-layer-parser.h:45
TcpSession_::server
TcpStream server
Definition: stream-tcp-private.h:271
AppLayerParserRegisterGetTxIterator
void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func)
Definition: app-layer-parser.c:519
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
Flow_::alstate
void * alstate
Definition: flow.h:476
SC_ERR_FATAL
@ SC_ERR_FATAL
Definition: util-error.h:203
AppLayerParserPostStreamSetup
void AppLayerParserPostStreamSetup(void)
Definition: app-layer-parser.c:225
app-layer-template.h
Flow_::flags
uint32_t flags
Definition: flow.h:421
AppLayerParserGetDecoderEvents
AppLayerDecoderEvents * AppLayerParserGetDecoderEvents(AppLayerParserState *pstate)
Definition: app-layer-parser.c:828
THREE_SET
#define THREE_SET(a, b, c)
Definition: app-layer-parser.c:1525
TestState_::test
uint8_t test
Definition: app-layer-parser.c:1694
AppLayerParserRegisterGetEventInfoById
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type))
Definition: app-layer-parser.c:538
AppLayerGetProtoName
const char * AppLayerGetProtoName(AppProto alproto)
Given the internal protocol id, returns a string representation of the protocol.
Definition: app-layer.c:812
UTHAppLayerParserStateGetIds
void UTHAppLayerParserStateGetIds(void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min)
Definition: app-layer-parser.c:173
ConfValIsFalse
int ConfValIsFalse(const char *val)
Check if a value is false.
Definition: conf.c:590
RegisterHTPParsers
void RegisterHTPParsers(void)
Register the HTTP protocol and state handling functions to APP layer of the engine.
Definition: app-layer-htp.c:3108
AppLayerIncTxCounter
void AppLayerIncTxCounter(ThreadVars *tv, Flow *f, uint64_t step)
Definition: app-layer.c:114
StreamTcpInitConfig
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
Definition: stream-tcp.c:365
AppLayerParserGetTxDetectState
DetectEngineState * AppLayerParserGetTxDetectState(uint8_t ipproto, AppProto alproto, void *tx)
Definition: app-layer-parser.c:1137
app-layer-snmp.h
STREAM_EOF
#define STREAM_EOF
Definition: stream.h:30
RegisterSMTPParsers
void RegisterSMTPParsers(void)
Register the SMTP Protocol parser.
Definition: app-layer-smtp.c:1782
AppLayerParserSetTxDetectState
int AppLayerParserSetTxDetectState(const Flow *f, void *tx, DetectEngineState *s)
Definition: app-layer-parser.c:1145
AppLayerParserStateAlloc
AppLayerParserState * AppLayerParserStateAlloc(void)
Definition: app-layer-parser.c:194
SCReturnCT
#define SCReturnCT(x, type)
Definition: util-debug.h:314
app-layer-protos.h
RegisterTemplateParsers
void RegisterTemplateParsers(void)
Definition: app-layer-template.c:479
STREAMTCP_FLAG_APP_LAYER_DISABLED
#define STREAMTCP_FLAG_APP_LAYER_DISABLED
Definition: stream-tcp-private.h:188
AppLayerParserState_::decoder_events
AppLayerDecoderEvents * decoder_events
Definition: app-layer-parser.c:169
AppLayerParserRegisterGetTxCnt
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
Definition: app-layer-parser.c:497
APP_LAYER_ERROR
#define APP_LAYER_ERROR
Definition: app-layer-parser.h:64
app-layer-smb.h
app-layer-mqtt.h
AppLayerParserProtoCtx_::StateGetProgress
int(* StateGetProgress)(void *alstate, uint8_t direction)
Definition: app-layer-parser.c:112
AppLayerParserProtocolGetLoggerBits
LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1426
AppLayerParserStateSetFlag
void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint8_t flag)
Definition: app-layer-parser.c:1640
AppLayerParserCtx_
Definition: app-layer-parser.c:150
AppLayerGetTxIteratorFunc
AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc)(const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state)
tx iterator prototype
Definition: app-layer-parser.h:127
likely
#define likely(expr)
Definition: util-optimize.h:32
RegisterHTTP2Parsers
void RegisterHTTP2Parsers(void)
Definition: app-layer-http2.c:56
AppLayerParserThreadCtx_
Definition: app-layer-parser.c:87
AppLayerProtoDetectPMRegisterPatternCS
int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
Definition: app-layer-detect-proto.c:1774
app-layer-smtp.h
AppLayerParserProtoCtx_::StateGetProgressCompletionStatus
int(* StateGetProgressCompletionStatus)(uint8_t direction)
Definition: app-layer-parser.c:116
APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
Definition: app-layer-parser.h:39
FlowChangeProto
int FlowChangeProto(Flow *f)
Check if change proto flag is set for flow.
Definition: flow.c:212
FlowGetDisruptionFlags
uint8_t FlowGetDisruptionFlags(const Flow *f, uint8_t flags)
get 'disruption' flags: GAP/DEPTH/PASS
Definition: flow.c:1114
TcpSession_
Definition: stream-tcp-private.h:260
RegisterNFSUDPParsers
void RegisterNFSUDPParsers(void)
Definition: app-layer-nfs-udp.c:233
Flow_::alproto
AppProto alproto
application level protocol
Definition: flow.h:450
AppLayerParserDestroyProtocolParserLocalStorage
void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto, void *local_data)
Definition: app-layer-parser.c:621
util-pool.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
AppLayerParserGetTxCnt
uint64_t AppLayerParserGetTxCnt(const Flow *f, void *alstate)
Definition: app-layer-parser.c:1048
AppLayerProtoDetectConfProtoDetectionEnabled
int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
Definition: app-layer-detect-proto.c:1948
SMTPParserCleanup
void SMTPParserCleanup(void)
Free memory allocated for global SMTP parser state.
Definition: app-layer-smtp.c:1840
AppLayerParserHasDecoderEvents
bool AppLayerParserHasDecoderEvents(AppLayerParserState *pstate)
Definition: app-layer-parser.c:1386
RegisterMQTTParsers
void RegisterMQTTParsers(void)
Definition: app-layer-mqtt.c:37
StreamTcpSetSessionBypassFlag
void StreamTcpSetSessionBypassFlag(TcpSession *)
enable bypass
Definition: stream-tcp.c:5881
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:111
app-layer-ssl.h
AppLayerParserProtoCtx_::StateGetEvents
AppLayerDecoderEvents *(* StateGetEvents)(void *)
Definition: app-layer-parser.c:110
TestState_
Definition: app-layer-parser.c:1693
app-layer-ntp.h
debug.h
AppLayerParserState_::flags
uint8_t flags
Definition: app-layer-parser.c:156
AppLayerParserProtoCtx_::LocalStorageAlloc
void *(* LocalStorageAlloc)(void)
Definition: app-layer-parser.c:105
app-layer-nfs-tcp.h
app-layer-rdp.h
app-layer.h
AppLayerParserGetEventInfo
int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name, int *event_id, AppLayerEventType *event_type)
Definition: app-layer-parser.c:1075
AppLayerParserProtoCtx_::first_data_dir
uint8_t first_data_dir
Definition: app-layer-parser.c:136