|
suricata
|
|
suricata
|
#include "app-layer-events.h"#include "detect-engine-state.h"#include "util-file.h"#include "stream-tcp-private.h"
Go to the source code of this file.
Data Structures | |
| struct | AppLayerGetTxIterTuple |
| struct | AppLayerGetTxIterState |
Macros | |
| #define | APP_LAYER_PARSER_EOF BIT_U8(0) |
| #define | APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1) |
| #define | APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2) |
| #define | APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3) |
| #define | APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) |
| #define | APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) |
| #define | APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) |
| #define | APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63) |
| #define | APP_LAYER_TX_PREFILTER_MASK ~APP_LAYER_TX_INSPECTED_FLAG |
Typedefs | |
| typedef struct AppLayerParserThreadCtx_ | AppLayerParserThreadCtx |
| typedef int(* | AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags) |
| Prototype for parsing functions. More... | |
| typedef struct AppLayerGetTxIterTuple | AppLayerGetTxIterTuple |
| typedef struct AppLayerGetTxIterState | AppLayerGetTxIterState |
| typedef AppLayerGetTxIterTuple(* | AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
| tx iterator prototype More... | |
Functions | |
| int | AppLayerParserProtoIsRegistered (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSetup (void) |
| void | AppLayerParserPostStreamSetup (void) |
| int | AppLayerParserDeSetup (void) |
| AppLayerParserThreadCtx * | AppLayerParserThreadCtxAlloc (void) |
| Gets a new app layer protocol's parser thread context. More... | |
| void | AppLayerParserThreadCtxFree (AppLayerParserThreadCtx *tctx) |
| Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc(). More... | |
| int | AppLayerParserConfParserEnabled (const char *ipproto, const char *alproto_name) |
| Given a protocol name, checks if the parser is enabled in the conf file. More... | |
| int | AppLayerParserRegisterParser (uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser) |
| Register app layer parser for the protocol. More... | |
| void | AppLayerParserRegisterParserAcceptableDataDirection (uint8_t ipproto, AppProto alproto, uint8_t direction) |
| void | AppLayerParserRegisterOptionFlags (uint8_t ipproto, AppProto alproto, uint32_t flags) |
| void | AppLayerParserRegisterStateFuncs (uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void), void(*StateFree)(void *)) |
| void | AppLayerParserRegisterLocalStorageFunc (uint8_t ipproto, AppProto proto, void *(*LocalStorageAlloc)(void), void(*LocalStorageFree)(void *)) |
| void | AppLayerParserRegisterGetFilesFunc (uint8_t ipproto, AppProto alproto, FileContainer *(*StateGetFiles)(void *, uint8_t)) |
| void | AppLayerParserRegisterGetEventsFunc (uint8_t ipproto, AppProto proto, AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t)) |
| void | AppLayerParserRegisterLoggerFuncs (uint8_t ipproto, AppProto alproto, LoggerId(*StateGetTxLogged)(void *, void *), void(*StateSetTxLogged)(void *, void *, LoggerId)) |
| void | AppLayerParserRegisterLogger (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserRegisterLoggerBits (uint8_t ipproto, AppProto alproto, LoggerId bits) |
| void | AppLayerParserRegisterTruncateFunc (uint8_t ipproto, AppProto alproto, void(*Truncate)(void *, uint8_t)) |
| void | AppLayerParserRegisterGetStateProgressFunc (uint8_t ipproto, AppProto alproto, int(*StateGetStateProgress)(void *alstate, uint8_t direction)) |
| void | AppLayerParserRegisterTxFreeFunc (uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t)) |
| void | AppLayerParserRegisterGetTxCnt (uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate)) |
| void | AppLayerParserRegisterGetTx (uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id)) |
| void | AppLayerParserRegisterGetTxIterator (uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func) |
| void | AppLayerParserRegisterGetStateProgressCompletionStatus (AppProto alproto, int(*StateGetStateProgressCompletionStatus)(uint8_t direction)) |
| void | AppLayerParserRegisterGetEventInfo (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterDetectStateFuncs (uint8_t ipproto, AppProto alproto, DetectEngineState *(*GetTxDetectState)(void *tx), int(*SetTxDetectState)(void *tx, DetectEngineState *)) |
| void | AppLayerParserRegisterGetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t(*GetStreamDepth)(void)) |
| void | AppLayerParserRegisterMpmIDsFuncs (uint8_t ipproto, AppProto alproto, uint64_t(*GetTxMpmIDs)(void *tx), int(*SetTxMpmIDs)(void *tx, uint64_t)) |
| void | AppLayerParserRegisterDetectFlagsFuncs (uint8_t ipproto, AppProto alproto, uint64_t(*GetTxDetectFlags)(void *tx, uint8_t dir), void(*SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t)) |
| AppLayerGetTxIteratorFunc | AppLayerGetTxIterator (const uint8_t ipproto, const AppProto alproto) |
| void * | AppLayerParserGetProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserDestroyProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto, void *local_data) |
| uint64_t | AppLayerParserGetTransactionLogId (AppLayerParserState *pstate) |
| void | AppLayerParserSetTransactionLogId (AppLayerParserState *pstate, uint64_t tx_id) |
| void | AppLayerParserSetTxLogged (uint8_t ipproto, AppProto alproto, void *alstate, void *tx, LoggerId logged) |
| LoggerId | AppLayerParserGetTxLogged (const Flow *f, void *alstate, void *tx) |
| uint64_t | AppLayerParserGetTransactionInspectId (AppLayerParserState *pstate, uint8_t direction) |
| void | AppLayerParserSetTransactionInspectId (const Flow *f, AppLayerParserState *pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected) |
| AppLayerDecoderEvents * | AppLayerParserGetDecoderEvents (AppLayerParserState *pstate) |
| void | AppLayerParserSetDecoderEvents (AppLayerParserState *pstate, AppLayerDecoderEvents *devents) |
| AppLayerDecoderEvents * | AppLayerParserGetEventsByTx (uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id) |
| FileContainer * | AppLayerParserGetFiles (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| int | AppLayerParserGetStateProgress (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| get the progress value for a tx/protocol More... | |
| uint64_t | AppLayerParserGetTxCnt (const Flow *, void *alstate) |
| void * | AppLayerParserGetTx (uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id) |
| int | AppLayerParserGetStateProgressCompletionStatus (AppProto alproto, uint8_t direction) |
| int | AppLayerParserGetEventInfo (uint8_t ipproto, AppProto alproto, const char *event_name, int *event_id, AppLayerEventType *event_type) |
| uint64_t | AppLayerParserGetTransactionActive (const Flow *f, AppLayerParserState *pstate, uint8_t direction) |
| uint8_t | AppLayerParserGetFirstDataDir (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSupportsFiles (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSupportsTxDetectState (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserHasTxDetectState (uint8_t ipproto, AppProto alproto, void *alstate) |
| DetectEngineState * | AppLayerParserGetTxDetectState (uint8_t ipproto, AppProto alproto, void *tx) |
| int | AppLayerParserSetTxDetectState (const Flow *f, void *tx, DetectEngineState *s) |
| uint64_t | AppLayerParserGetTxDetectFlags (uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir) |
| void | AppLayerParserSetTxDetectFlags (uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir, uint64_t) |
| int | AppLayerParserParse (ThreadVars *tv, AppLayerParserThreadCtx *tctx, Flow *f, AppProto alproto, uint8_t flags, uint8_t *input, uint32_t input_len) |
| void | AppLayerParserSetEOF (AppLayerParserState *pstate) |
| bool | AppLayerParserHasDecoderEvents (AppLayerParserState *pstate) |
| int | AppLayerParserIsTxAware (AppProto alproto) |
| simpler way to globally test if a alproto is registered and fully enabled in the configuration. More... | |
| int | AppLayerParserProtocolIsTxAware (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserProtocolIsTxEventAware (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserProtocolSupportsTxs (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserProtocolHasLogger (uint8_t ipproto, AppProto alproto) |
| LoggerId | AppLayerParserProtocolGetLoggerBits (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserTriggerRawStreamReassembly (Flow *f, int direction) |
| void | AppLayerParserSetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t stream_depth) |
| uint32_t | AppLayerParserGetStreamDepth (const Flow *f) |
| void | AppLayerParserStateCleanup (const Flow *f, void *alstate, AppLayerParserState *pstate) |
| void | AppLayerParserRegisterProtocolParsers (void) |
| void | AppLayerParserStateSetFlag (AppLayerParserState *pstate, uint8_t flag) |
| int | AppLayerParserStateIssetFlag (AppLayerParserState *pstate, uint8_t flag) |
| void | AppLayerParserStreamTruncated (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| AppLayerParserState * | AppLayerParserStateAlloc (void) |
| void | AppLayerParserStateFree (AppLayerParserState *pstate) |
| void | AppLayerParserTransactionsCleanup (Flow *f) |
| remove obsolete (inspected and logged) transactions More... | |
| void | AppLayerParserRegisterProtocolUnittests (uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void)) |
| void | AppLayerParserRegisterUnittests (void) |
| void | AppLayerParserBackupParserTable (void) |
| void | AppLayerParserRestoreParserTable (void) |
| void | UTHAppLayerParserStateGetIds (void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min) |
Definition in file app-layer-parser.h.
| #define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) |
Definition at line 38 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), and SSLVersionToString().
| #define APP_LAYER_PARSER_EOF BIT_U8(0) |
Definition at line 34 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), AppLayerParserSetEOF(), DCERPCParser(), OutputRegisterTxLogger(), RegisterTFTPParsers(), SMTPProcessDataChunk(), and SSLVersionToString().
| #define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) |
Definition at line 43 of file app-layer-parser.h.
Referenced by AppLayerParserPostStreamSetup(), and AppLayerParserSetStreamDepth().
| #define APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1) |
Definition at line 35 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), RegisterSSHParsers(), RegisterSSLParsers(), and SSLVersionToString().
| #define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3) |
Definition at line 37 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), and SSLVersionToString().
| #define APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2) |
Definition at line 36 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), and SSLVersionToString().
| #define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) |
Definition at line 41 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), RegisterDNSTCPParsers(), RegisterENIPTCPParsers(), and RegisterNFSTCPParsers().
| #define APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63) |
is tx fully inspected?
Definition at line 48 of file app-layer-parser.h.
Referenced by AppLayerParserSetTransactionInspectId(), and AppLayerParserTransactionsCleanup().
| #define APP_LAYER_TX_PREFILTER_MASK ~APP_LAYER_TX_INSPECTED_FLAG |
other 63 bits are for tracking which prefilter engine is already completely inspected
Definition at line 51 of file app-layer-parser.h.
| typedef AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
tx iterator prototype
Definition at line 112 of file app-layer-parser.h.
| typedef struct AppLayerGetTxIterState AppLayerGetTxIterState |
| typedef struct AppLayerGetTxIterTuple AppLayerGetTxIterTuple |
| typedef int(* AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags) |
Prototype for parsing functions.
Definition at line 92 of file app-layer-parser.h.
| typedef struct AppLayerParserThreadCtx_ AppLayerParserThreadCtx |
Definition at line 61 of file app-layer-parser.h.
| AppLayerGetTxIteratorFunc AppLayerGetTxIterator | ( | const uint8_t | ipproto, |
| const AppProto | alproto | ||
| ) |
Definition at line 663 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), and AppLayerParserProtoCtx_::StateGetTxIterator.
Referenced by AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), and OutputRegisterTxLogger().
| void AppLayerParserBackupParserTable | ( | void | ) |
Definition at line 1994 of file app-layer-parser.c.
References SCEnter, and SCReturn.
Referenced by AppLayerParserRestoreParserTable().
| int AppLayerParserConfParserEnabled | ( | const char * | ipproto, |
| const char * | alproto_name | ||
| ) |
Given a protocol name, checks if the parser is enabled in the conf file.
| alproto_name | Name of the app layer protocol. |
| 1 | If enabled. |
| 0 | If disabled. |
Given a protocol name, checks if the parser is enabled in the conf file.
Definition at line 296 of file app-layer-parser.c.
References ConfGetNode(), ConfValIsFalse(), ConfValIsTrue(), RunmodeIsUnittests(), SC_ERR_FATAL, SCEnter, SCLogDebug, SCLogError, SCReturnInt, and ConfNode_::val.
Referenced by HTPFreeConfig(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| int AppLayerParserDeSetup | ( | void | ) |
Definition at line 237 of file app-layer-parser.c.
References SCEnter, SCReturnInt, and SMTPParserCleanup().
Referenced by AppLayerDeSetup().
| void AppLayerParserDestroyProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | local_data | ||
| ) |
Definition at line 613 of file app-layer-parser.c.
References AppLayerParserGetTx(), AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerGetTxIterTuple::has_next, MAX, SCEnter, SCLogDebug, SCReturn, tx_id, AppLayerGetTxIterTuple::tx_id, and AppLayerGetTxIterTuple::tx_ptr.
Referenced by AppLayerParserThreadCtxFree().
| AppLayerDecoderEvents* AppLayerParserGetDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 819 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events, SCEnter, and SCReturnPtr.
Referenced by AppLayerDecoderEventsSetEvent(), AppLayerParserHasDecoderEvents(), and HtpConfigRestoreBackup().
| int AppLayerParserGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const char * | event_name, | ||
| int * | event_id, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1040 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::StateGetEventInfo.
Referenced by DetectAppLayerEventRegister().
| AppLayerDecoderEvents* AppLayerParserGetEventsByTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 832 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by DetectAppLayerEventRegister(), HtpConfigRestoreBackup(), and HTPFileClose().
| FileContainer* AppLayerParserGetFiles | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 849 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by DetectEngineStateResetTxs(), DetectFileInspectGeneric(), DetectFilenameRegister(), DetectFilestorePostMatch(), FileDisableFilesize(), FileDisableMagic(), FileDisableMd5(), FileDisableSha1(), FileDisableSha256(), FileDisableStoring(), FileDisableStoringForTransaction(), OutputRegisterFiledataLogger(), and OutputRegisterFileLogger().
| uint8_t AppLayerParserGetFirstDataDir | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1050 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnCT.
Referenced by AppLayerIncTxCounter().
| void* AppLayerParserGetProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 598 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by AppLayerParserThreadCtxAlloc().
| int AppLayerParserGetStateProgress | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | flags | ||
| ) |
get the progress value for a tx/protocol
If the stream is disrupted, we return the 'completion' value.
Definition at line 997 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, FlowGetProtoMapping(), IS_DISRUPTED, SCEnter, SCReturnInt, and unlikely.
Referenced by AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), DetectAppLayerEventRegister(), DetectEngineInspectBufferGeneric(), DetectHttpClientBodyRegister(), DetectHttpResponseLineRegister(), and OutputRegisterTxLogger().
| int AppLayerParserGetStateProgressCompletionStatus | ( | AppProto | alproto, |
| uint8_t | direction | ||
| ) |
Definition at line 1030 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, SCEnter, and SCReturnInt.
Referenced by AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), DetectAppLayerEventRegister(), and OutputRegisterTxLogger().
| uint32_t AppLayerParserGetStreamDepth | ( | const Flow * | f | ) |
Definition at line 1367 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, Flow_::protomap, SCReturnInt, and AppLayerParserProtoCtx_::stream_depth.
Referenced by AppLayerIncTxCounter().
| uint64_t AppLayerParserGetTransactionActive | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1059 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, AppLayerParserProtoCtx_::logger, Flow_::protomap, SCEnter, SCReturnCT, and STREAM_TOSERVER.
Referenced by FlowForceReassemblyNeedReassembly().
| uint64_t AppLayerParserGetTransactionInspectId | ( | AppLayerParserState * | pstate, |
| uint8_t | direction | ||
| ) |
Definition at line 716 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, SCEnter, SCReturnCT, and STREAM_TOSERVER.
Referenced by AppLayerParserSetTransactionInspectId(), DetectEngineStateResetTxs(), DetectLuaRegister(), and HttpHeaderGetBufferSpaceForTXID().
| uint64_t AppLayerParserGetTransactionLogId | ( | AppLayerParserState * | pstate | ) |
Definition at line 699 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturnCT.
Referenced by OutputRegisterTxLogger().
| void* AppLayerParserGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 1021 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by AppLayerParserDestroyProtocolParserLocalStorage(), DetectEngineStateResetTxs(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectUricontentRegister(), HTPFileClose(), and HttpXFFGetIPFromTx().
| uint64_t AppLayerParserGetTxCnt | ( | const Flow * | , |
| void * | alstate | ||
| ) |
Definition at line 1012 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, Flow_::protomap, SCEnter, and SCReturnCT.
Referenced by AppLayerParserParse(), AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), DetectEngineStateResetTxs(), DetectLuaRegister(), DetectPcrePayloadMatch(), FlowForceReassemblyNeedReassembly(), HttpXFFGetIP(), HttpXFFGetIPFromTx(), and OutputRegisterTxLogger().
| uint64_t AppLayerParserGetTxDetectFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx, | ||
| uint8_t | dir | ||
| ) |
Definition at line 1110 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, flags, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectFlags, SCEnter, and SCReturnUInt.
Referenced by AppLayerParserSetTransactionInspectId(), and AppLayerParserTransactionsCleanup().
| DetectEngineState* AppLayerParserGetTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 1091 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectState, SCEnter, and SCReturnPtr.
Referenced by DetectEngineStateResetTxs(), and DetectRunStoreStateTx().
Definition at line 685 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, Flow_::protomap, SCEnter, SCReturnUInt, and AppLayerParserProtoCtx_::StateGetTxLogged.
Referenced by AppLayerParserTransactionsCleanup(), and OutputRegisterTxLogger().
| bool AppLayerParserHasDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 1281 of file app-layer-parser.c.
References AppLayerParserGetDecoderEvents(), AppLayerDecoderEvents_::cnt, AppLayerParserState_::decoder_events, and SCEnter.
Referenced by SigMatchSignaturesGetSgh().
| int AppLayerParserHasTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate | ||
| ) |
| int AppLayerParserIsTxAware | ( | AppProto | alproto | ) |
simpler way to globally test if a alproto is registered and fully enabled in the configuration.
Definition at line 1299 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, and AppLayerParserProtoCtx_::StateGetProgressCompletionStatus.
Referenced by OutputRegisterTxLogger().
| int AppLayerParserParse | ( | ThreadVars * | tv, |
| AppLayerParserThreadCtx * | tctx, | ||
| Flow * | f, | ||
| AppProto | alproto, | ||
| uint8_t | flags, | ||
| uint8_t * | input, | ||
| uint32_t | input_len | ||
| ) |
Definition at line 1131 of file app-layer-parser.c.
References Flow_::alparser, Flow_::alproto, AppLayerParserThreadCtx_::alproto_local_storage, Flow_::alstate, APP_LAYER_PARSER_BYPASS_READY, APP_LAYER_PARSER_EOF, APP_LAYER_PARSER_NO_INSPECTION, APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD, APP_LAYER_PARSER_NO_REASSEMBLY, APP_LAYER_PARSER_OPT_ACCEPT_GAPS, AppLayerGetProtoName(), AppLayerIncTxCounter(), AppLayerParserGetTxCnt(), AppLayerParserProtocolIsTxAware(), AppLayerParserSetEOF(), AppLayerParserStateAlloc(), AppLayerParserStateSetFlag(), AppLayerParserStreamTruncated(), BUG_ON, AppLayerParserCtx_::ctxs, AppLayerParserState_::flags, Flow_::flags, FLOW_NOPAYLOAD_INSPECTION, FlowGetProtoMapping(), likely, AppLayerParserProtoCtx_::option_flags, AppLayerParserProtoCtx_::Parser, Flow_::proto, Flow_::protoctx, Flow_::protomap, SCEnter, SCLogDebug, SCReturnInt, AppLayerParserProtoCtx_::StateAlloc, STREAM_DEPTH, STREAM_EOF, STREAM_GAP, STREAM_TOCLIENT, STREAM_TOSERVER, StreamTcpDisableAppLayer(), StreamTcpSetDisableRawReassemblyFlag(), StreamTcpSetSessionBypassFlag(), and StreamTcpSetSessionNoReassemblyFlag().
Referenced by AppLayerHandleTCPData(), AppLayerHandleUdp(), AppLayerIncTxCounter(), AppLayerParserRestoreParserTable(), AppLayerParserStreamTruncated(), DetectBypassRegister(), DetectDceGetState(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTemplateRustBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FTPAtExitPrintStats(), HtpConfigRestoreBackup(), HTPFileClose(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterModbusParsers(), RegisterSMB2Parsers(), RegisterSMBParsers(), RegisterSSHParsers(), RegisterSSLParsers(), and SMTPParserCleanup().
| void AppLayerParserPostStreamSetup | ( | void | ) |
Definition at line 220 of file app-layer-parser.c.
References ALPROTO_MAX, APP_LAYER_PARSER_INT_STREAM_DEPTH_SET, AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, AppLayerParserProtoCtx_::internal_flags, TcpStreamCnf_::reassembly_depth, stream_config, and AppLayerParserProtoCtx_::stream_depth.
Referenced by PreRunInit().
Definition at line 1337 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger_bits, SCEnter, and SCReturnUInt.
Referenced by AppLayerParserTransactionsCleanup(), and OutputRegisterTxLogger().
| int AppLayerParserProtocolHasLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1329 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger, SCEnter, and SCReturnInt.
Referenced by OutputRegisterTxLogger(), and RunModeInitializeOutputs().
| int AppLayerParserProtocolIsTxAware | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1305 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::StateGetTx.
Referenced by AppLayerParserParse(), AppLayerRegisterThreadCounters(), AppLayerSetupCounters(), and OutputRegisterTxLogger().
| int AppLayerParserProtocolIsTxEventAware | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1313 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::StateGetEvents.
| int AppLayerParserProtocolSupportsTxs | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1321 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::StateTransactionFree.
Referenced by DetectSignatureApplyActions(), FlowForceReassemblyNeedReassembly(), and SigMatchSignaturesGetSgh().
| int AppLayerParserProtoIsRegistered | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 182 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), and AppLayerParserProtoCtx_::StateAlloc.
Referenced by AppLayerSetupCounters().
| void AppLayerParserRegisterDetectFlagsFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *tx, uint8_t dir) | GetTxDetectFlags, | ||
| void(*)(void *tx, uint8_t dir, uint64_t) | SetTxDetectFlags | ||
| ) |
Definition at line 574 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectFlags, SCEnter, SCReturn, and AppLayerParserProtoCtx_::SetTxDetectFlags.
Referenced by RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterHTPParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), and RegisterSSLParsers().
| void AppLayerParserRegisterDetectStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| DetectEngineState *(*)(void *tx) | GetTxDetectState, | ||
| int(*)(void *tx, DetectEngineState *) | SetTxDetectState | ||
| ) |
Definition at line 562 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectState, SCEnter, SCReturn, and AppLayerParserProtoCtx_::SetTxDetectState.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(const char *event_name, int *event_id, AppLayerEventType *event_type) | StateGetEventInfo | ||
| ) |
Definition at line 550 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), DNSAppLayerRegisterGetEventInfo(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMTPParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetEventsFunc | ( | uint8_t | ipproto, |
| AppProto | proto, | ||
| AppLayerDecoderEvents *(*)(void *, uint64_t) | StateGetEvents | ||
| ) |
Definition at line 433 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::StateGetEvents.
Referenced by AppLayerRegisterParser(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMTPParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetFilesFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| FileContainer *(*)(void *, uint8_t) | StateGetFiles | ||
| ) |
Definition at line 422 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::StateGetFiles.
Referenced by AppLayerRegisterParser(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), and RegisterSMTPParsers().
| void AppLayerParserRegisterGetStateProgressCompletionStatus | ( | AppProto | alproto, |
| int(*)(uint8_t direction) | StateGetStateProgressCompletionStatus | ||
| ) |
Definition at line 539 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetStateProgressFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(void *alstate, uint8_t direction) | StateGetStateProgress | ||
| ) |
Definition at line 487 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t(*)(void) | GetStreamDepth | ||
| ) |
| void AppLayerParserRegisterGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | StateGetTx)(void *alstate, uint64_t tx_id | ||
| ) |
Definition at line 520 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetTxCnt | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *alstate) | StateGetTxCnt | ||
| ) |
Definition at line 509 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetTxIterator | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerGetTxIteratorFunc | Func | ||
| ) |
Definition at line 531 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::StateGetTxIterator.
Referenced by AppLayerRegisterParser(), RegisterNFSTCPParsers(), and RegisterNFSUDPParsers().
| void AppLayerParserRegisterLocalStorageFunc | ( | uint8_t | ipproto, |
| AppProto | proto, | ||
| void *(*)(void) | LocalStorageAlloc, | ||
| void(*)(void *) | LocalStorageFree | ||
| ) |
Definition at line 408 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::LocalStorageAlloc, AppLayerParserProtoCtx_::LocalStorageFree, SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), and RegisterSMTPParsers().
| void AppLayerParserRegisterLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 468 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger, SCEnter, and SCReturn.
Referenced by LogHttpLogInitCtx(), and TLSGetIPInformations().
Definition at line 459 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger_bits, SCEnter, and SCReturn.
Referenced by RunModeInitializeOutputs().
| void AppLayerParserRegisterLoggerFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| LoggerId(*)(void *, void *) | StateGetTxLogged, | ||
| void(*)(void *, void *, LoggerId) | StateSetTxLogged | ||
| ) |
Definition at line 444 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, AppLayerParserProtoCtx_::StateGetTxLogged, and AppLayerParserProtoCtx_::StateSetTxLogged.
Referenced by AppLayerRegisterParser(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterMpmIDsFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *tx) | GetTxMpmIDs, | ||
| int(*)(void *tx, uint64_t) | SetTxMpmIDs | ||
| ) |
Definition at line 586 of file app-layer-parser.c.
References AppProtoToString(), SC_WARN_DEPRECATED, SCEnter, SCLogWarning, and SCReturn.
Referenced by AppLayerRegisterParser().
| void AppLayerParserRegisterOptionFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | flags | ||
| ) |
Definition at line 384 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, flags, FlowGetProtoMapping(), AppLayerParserProtoCtx_::option_flags, SCEnter, and SCReturn.
Referenced by RegisterDNSTCPParsers(), RegisterENIPTCPParsers(), and RegisterNFSTCPParsers().
| int AppLayerParserRegisterParser | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction, | ||
| AppLayerParserFPtr | Parser | ||
| ) |
Register app layer parser for the protocol.
| 0 | On success. |
| -1 | On failure. |
Definition at line 361 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and STREAM_TOSERVER.
Referenced by AppLayerParserRestoreParserTable(), AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMB2Parsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterParserAcceptableDataDirection | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction | ||
| ) |
Definition at line 373 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, AppLayerParserProtoCtx_::first_data_dir, FlowGetProtoMapping(), SCEnter, SCReturn, STREAM_TOCLIENT, and STREAM_TOSERVER.
Referenced by RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterSMBParsers(), RegisterSSHParsers(), and RegisterSSLParsers().
| void AppLayerParserRegisterProtocolParsers | ( | void | ) |
IMAP
MSN Messenger
Definition at line 1478 of file app-layer-parser.c.
References ALPROTO_IMAP, ALPROTO_MSN, AppLayerProtoDetectConfProtoDetectionEnabled(), AppLayerProtoDetectPMRegisterPatternCS(), AppLayerProtoDetectRegisterProtocol(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDHCPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterIKEV2Parsers(), RegisterKRB5Parsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterNTPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), RegisterTemplateRustParsers(), RegisterTFTPParsers(), SCEnter, SCLogInfo, and STREAM_TOSERVER.
Referenced by AppLayerSetup().
| void AppLayerParserRegisterProtocolUnittests | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void) | RegisterUnittests | ||
| ) |
Definition at line 1985 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDHCPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMB2Parsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), RegisterTemplateRustParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void *(*)(void) | StateAlloc, | ||
| void(*)(void *) | StateFree | ||
| ) |
Definition at line 394 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, AppLayerParserProtoCtx_::StateAlloc, and AppLayerParserProtoCtx_::StateFree.
Referenced by AppLayerParserRestoreParserTable(), AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMB2Parsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterTruncateFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint8_t) | Truncate | ||
| ) |
Definition at line 477 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::Truncate.
Referenced by RegisterHTPParsers(), and RegisterSMTPParsers().
| void AppLayerParserRegisterTxFreeFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint64_t) | StateTransactionFree | ||
| ) |
Definition at line 498 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterUnittests | ( | void | ) |
Definition at line 2116 of file app-layer-parser.c.
References ALPROTO_MAX, AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, AppLayerParserProtoCtx_::RegisterUnittests, SCEnter, SCReturn, and UtRegisterTest().
| void AppLayerParserRestoreParserTable | ( | void | ) |
Definition at line 2002 of file app-layer-parser.c.
References Flow_::alproto, ALPROTO_TEST, AppLayerParserBackupParserTable(), AppLayerParserParse(), AppLayerParserRegisterParser(), AppLayerParserRegisterStateFuncs(), AppLayerParserRestoreParserTable(), AppLayerParserThreadCtxAlloc(), TcpSession_::flags, FlowGetProtoMapping(), FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, Flow_::proto, Flow_::protoctx, Flow_::protomap, SCEnter, SCReturn, STREAM_EOF, STREAM_TOSERVER, STREAMTCP_FLAG_APP_LAYER_DISABLED, StreamTcpFreeConfig(), StreamTcpInitConfig(), TRUE, UTHBuildFlow(), and UTHFreeFlow().
Referenced by AppLayerParserRestoreParserTable().
| void AppLayerParserSetDecoderEvents | ( | AppLayerParserState * | pstate, |
| AppLayerDecoderEvents * | devents | ||
| ) |
Definition at line 827 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events.
Referenced by AppLayerDecoderEventsSetEvent().
| void AppLayerParserSetEOF | ( | AppLayerParserState * | pstate | ) |
Definition at line 1266 of file app-layer-parser.c.
References APP_LAYER_PARSER_EOF, AppLayerParserStateSetFlag(), SCEnter, and SCReturn.
Referenced by AppLayerParserParse().
| void AppLayerParserSetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | stream_depth | ||
| ) |
Definition at line 1356 of file app-layer-parser.c.
References APP_LAYER_PARSER_INT_STREAM_DEPTH_SET, AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::internal_flags, SCEnter, SCReturn, and AppLayerParserProtoCtx_::stream_depth.
Referenced by RegisterModbusParsers().
| void AppLayerParserSetTransactionInspectId | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| void * | alstate, | ||
| const uint8_t | flags, | ||
| bool | tag_txs_as_inspected | ||
| ) |
Definition at line 726 of file app-layer-parser.c.
References Flow_::alproto, APP_LAYER_TX_INSPECTED_FLAG, AppLayerGetTxIterator(), AppLayerParserGetStateProgress(), AppLayerParserGetStateProgressCompletionStatus(), AppLayerParserGetTransactionInspectId(), AppLayerParserGetTxCnt(), AppLayerParserGetTxDetectFlags(), AppLayerParserSetTxDetectFlags(), AppLayerGetTxIterTuple::has_next, AppLayerParserState_::inspect_id, Flow_::proto, SCEnter, SCLogDebug, SCReturn, STREAM_TOSERVER, AppLayerGetTxIterTuple::tx_id, and AppLayerGetTxIterTuple::tx_ptr.
Referenced by DeStateUpdateInspectTransactionId().
| void AppLayerParserSetTransactionLogId | ( | AppLayerParserState * | pstate, |
| uint64_t | tx_id | ||
| ) |
Definition at line 706 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, SCReturn, and tx_id.
Referenced by OutputRegisterTxLogger().
| void AppLayerParserSetTxDetectFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx, | ||
| uint8_t | dir, | ||
| uint64_t | |||
| ) |
Definition at line 1120 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::SetTxDetectFlags.
Referenced by AppLayerParserSetTransactionInspectId().
| int AppLayerParserSetTxDetectState | ( | const Flow * | f, |
| void * | tx, | ||
| DetectEngineState * | s | ||
| ) |
Definition at line 1099 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, AppLayerParserProtoCtx_::GetTxDetectState, Flow_::protomap, SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::SetTxDetectState.
Referenced by DetectRunStoreStateTx().
| void AppLayerParserSetTxLogged | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| void * | tx, | ||
| LoggerId | logged | ||
| ) |
Definition at line 671 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by OutputRegisterTxLogger().
| int AppLayerParserSetup | ( | void | ) |
Definition at line 213 of file app-layer-parser.c.
References SCEnter, and SCReturnInt.
Referenced by AppLayerSetup(), and RegisterAllModules().
| AppLayerParserState* AppLayerParserStateAlloc | ( | void | ) |
Definition at line 189 of file app-layer-parser.c.
References SCEnter, SCMalloc, and SCReturnPtr.
Referenced by AppLayerParserParse(), and HtpConfigRestoreBackup().
| void AppLayerParserStateCleanup | ( | const Flow * | f, |
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1374 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserStateFree(), AppProtoToString(), AppLayerParserCtx_::ctxs, AppLayerParserProtoCtx_::first_data_dir, FLOW_PROTO_DEFAULT, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectState, AppLayerParserProtoCtx_::LocalStorageAlloc, AppLayerParserProtoCtx_::LocalStorageFree, AppLayerParserProtoCtx_::option_flags, AppLayerParserProtoCtx_::Parser, Flow_::protomap, SCEnter, SCReturn, AppLayerParserProtoCtx_::SetTxDetectState, AppLayerParserProtoCtx_::StateAlloc, AppLayerParserProtoCtx_::StateFree, AppLayerParserProtoCtx_::StateGetEventInfo, AppLayerParserProtoCtx_::StateGetEvents, AppLayerParserProtoCtx_::StateGetProgress, AppLayerParserProtoCtx_::StateGetProgressCompletionStatus, AppLayerParserProtoCtx_::StateGetTx, AppLayerParserProtoCtx_::StateGetTxCnt, AppLayerParserProtoCtx_::StateGetTxLogged, AppLayerParserProtoCtx_::StateSetTxLogged, and AppLayerParserProtoCtx_::StateTransactionFree.
Referenced by AppLayerProtoDetectReset(), and FlowCleanupAppLayer().
| void AppLayerParserStateFree | ( | AppLayerParserState * | pstate | ) |
Definition at line 202 of file app-layer-parser.c.
References AppLayerDecoderEventsFreeEvents(), AppLayerParserState_::decoder_events, SCEnter, SCFree, and SCReturn.
Referenced by AppLayerParserStateCleanup().
| int AppLayerParserStateIssetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1548 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturnInt.
Referenced by DCERPCParser(), OutputRegisterTxLogger(), RegisterSSHParsers(), RegisterTFTPParsers(), SMTPProcessDataChunk(), and SSLVersionToString().
| void AppLayerParserStateSetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1541 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturn.
Referenced by AppLayerParserParse(), AppLayerParserSetEOF(), and SSLVersionToString().
| void AppLayerParserStreamTruncated | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1555 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), BUG_ON, AppLayerParserCtx_::ctxs, AppLayerParserState_::decoder_events, Flow_::dp, Flow_::dst, flags, Flow_::flags, FLOW_INITIALIZE, FLOW_IPV4, FlowFree(), FlowGetProtoMapping(), AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, Flow_::proto, Flow_::protoctx, Flow_::protomap, SCCalloc, SCEnter, SCLogDebug, SCReturn, Flow_::sp, Flow_::src, STREAM_EOF, STREAM_START, STREAM_TOCLIENT, STREAM_TOSERVER, and AppLayerParserProtoCtx_::Truncate.
Referenced by AppLayerParserParse().
| int AppLayerParserSupportsFiles | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1077 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FALSE, FlowGetProtoMapping(), and TRUE.
Referenced by SigMatchList2DataArray().
| int AppLayerParserSupportsTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1084 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FALSE, FlowGetProtoMapping(), and TRUE.
| AppLayerParserThreadCtx* AppLayerParserThreadCtxAlloc | ( | void | ) |
Gets a new app layer protocol's parser thread context.
| Non-NULL | pointer on success. NULL pointer on failure. |
Definition at line 246 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserGetProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCMalloc, and SCReturnPtr.
Referenced by AppLayerGetCtxThread(), AppLayerParserRestoreParserTable(), AppLayerParserStreamTruncated(), DetectBypassRegister(), DetectDceGetState(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTemplateRustBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FTPAtExitPrintStats(), HtpConfigRestoreBackup(), HTPFileClose(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterModbusParsers(), RegisterSMB2Parsers(), RegisterSMBParsers(), RegisterSSHParsers(), RegisterSSLParsers(), and SMTPParserCleanup().
| void AppLayerParserThreadCtxFree | ( | AppLayerParserThreadCtx * | tctx | ) |
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
| tctx | Pointer to the thread context to be destroyed. |
Definition at line 272 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserDestroyProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCFree, and SCReturn.
Referenced by AppLayerDestroyCtxThread(), AppLayerParserStreamTruncated(), DetectDceGetState(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTemplateRustBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FTPAtExitPrintStats(), HtpConfigRestoreBackup(), HTPFileClose(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterModbusParsers(), RegisterSMB2Parsers(), RegisterSMBParsers(), RegisterSSHParsers(), RegisterSSLParsers(), and SMTPParserCleanup().
| void AppLayerParserTransactionsCleanup | ( | Flow * | f | ) |
remove obsolete (inspected and logged) transactions
Definition at line 869 of file app-layer-parser.c.
References Flow_::alparser, Flow_::alproto, Flow_::alstate, APP_LAYER_TX_INSPECTED_FLAG, AppLayerGetTxIterator(), AppLayerParserGetStateProgress(), AppLayerParserGetStateProgressCompletionStatus(), AppLayerParserGetTxCnt(), AppLayerParserGetTxDetectFlags(), AppLayerParserGetTxLogged(), AppLayerParserProtocolGetLoggerBits(), AppLayerParserCtx_::ctxs, DEBUG_ASSERT_FLOW_LOCKED, AppLayerGetTxIterTuple::has_next, AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, MAX, AppLayerParserState_::min_id, next, Flow_::proto, Flow_::protomap, SCEnter, SCLogDebug, SCReturn, Flow_::sgh_toclient, Flow_::sgh_toserver, AppLayerParserProtoCtx_::StateTransactionFree, STREAM_TOCLIENT, STREAM_TOSERVER, AppLayerGetTxIterTuple::tx_id, AppLayerGetTxIterTuple::tx_ptr, and unlikely.
Referenced by HtpConfigRestoreBackup(), and RegisterDNSUDPParsers().
| void AppLayerParserTriggerRawStreamReassembly | ( | Flow * | f, |
| int | direction | ||
| ) |
Definition at line 1345 of file app-layer-parser.c.
References Flow_::protoctx, SCEnter, SCLogDebug, SCReturn, and StreamTcpReassembleTriggerRawReassembly().
Referenced by HTPFreeConfig(), and SSLVersionToString().
| void UTHAppLayerParserStateGetIds | ( | void * | ptr, |
| uint64_t * | i1, | ||
| uint64_t * | i2, | ||
| uint64_t * | log, | ||
| uint64_t * | min | ||
| ) |
Definition at line 168 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and AppLayerParserState_::min_id.
Referenced by HtpConfigRestoreBackup(), and RegisterDNSUDPParsers().
1.8.11