#include "app-layer-events.h"#include "detect-engine-state.h"#include "util-file.h"#include "stream-tcp-private.h"#include "rust.h"#include "util-config.h"
Go to the source code of this file.
Data Structures | |
| struct | AppLayerGetTxIterState |
Typedefs | |
| typedef struct AppLayerParserThreadCtx_ | AppLayerParserThreadCtx |
| typedef AppLayerResult(* | AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, StreamSlice stream_slice, void *local_storage) |
| Prototype for parsing functions. More... | |
| typedef struct AppLayerGetTxIterState | AppLayerGetTxIterState |
| typedef AppLayerGetTxIterTuple(* | AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
| tx iterator prototype More... | |
Functions | |
| int | AppLayerParserProtoIsRegistered (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSetup (void) |
| void | AppLayerParserPostStreamSetup (void) |
| int | AppLayerParserDeSetup (void) |
| AppLayerParserThreadCtx * | AppLayerParserThreadCtxAlloc (void) |
| Gets a new app layer protocol's parser thread context. More... | |
| void | AppLayerParserThreadCtxFree (AppLayerParserThreadCtx *tctx) |
| Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc(). More... | |
| int | AppLayerParserConfParserEnabled (const char *ipproto, const char *alproto_name) |
| Given a protocol name, checks if the parser is enabled in the conf file. More... | |
| int | AppLayerParserRegisterParser (uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser) |
| Register app layer parser for the protocol. More... | |
| void | AppLayerParserRegisterParserAcceptableDataDirection (uint8_t ipproto, AppProto alproto, uint8_t direction) |
| void | AppLayerParserRegisterOptionFlags (uint8_t ipproto, AppProto alproto, uint32_t flags) |
| void | AppLayerParserRegisterStateFuncs (uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *)) |
| void | AppLayerParserRegisterLocalStorageFunc (uint8_t ipproto, AppProto proto, void *(*LocalStorageAlloc)(void), void(*LocalStorageFree)(void *)) |
| void | AppLayerParserRegisterGetFilesFunc (uint8_t ipproto, AppProto alproto, FileContainer *(*StateGetFiles)(void *, uint8_t)) |
| void | AppLayerParserRegisterLoggerFuncs (uint8_t ipproto, AppProto alproto, LoggerId(*StateGetTxLogged)(void *, void *), void(*StateSetTxLogged)(void *, void *, LoggerId)) |
| void | AppLayerParserRegisterLogger (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserRegisterLoggerBits (uint8_t ipproto, AppProto alproto, LoggerId bits) |
| void | AppLayerParserRegisterTruncateFunc (uint8_t ipproto, AppProto alproto, void(*Truncate)(void *, uint8_t)) |
| void | AppLayerParserRegisterGetStateProgressFunc (uint8_t ipproto, AppProto alproto, int(*StateGetStateProgress)(void *alstate, uint8_t direction)) |
| void | AppLayerParserRegisterTxFreeFunc (uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t)) |
| void | AppLayerParserRegisterGetTxCnt (uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate)) |
| void | AppLayerParserRegisterGetTx (uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id)) |
| void | AppLayerParserRegisterGetTxIterator (uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func) |
| void | AppLayerParserRegisterStateProgressCompletionStatus (AppProto alproto, const int ts, const int tc) |
| void | AppLayerParserRegisterGetEventInfo (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterGetEventInfoById (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterGetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t(*GetStreamDepth)(void)) |
| void | AppLayerParserRegisterSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void(*SetStreamDepthFlag)(void *tx, uint8_t flags)) |
| void | AppLayerParserRegisterTxDataFunc (uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx)) |
| void | AppLayerParserRegisterApplyTxConfigFunc (uint8_t ipproto, AppProto alproto, bool(*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig)) |
| uint32_t | AppLayerParserGetOptionFlags (uint8_t protomap, AppProto alproto) |
| AppLayerGetTxIteratorFunc | AppLayerGetTxIterator (const uint8_t ipproto, const AppProto alproto) |
| void * | AppLayerParserGetProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserDestroyProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto, void *local_data) |
| uint64_t | AppLayerParserGetTransactionLogId (AppLayerParserState *pstate) |
| void | AppLayerParserSetTransactionLogId (AppLayerParserState *pstate, uint64_t tx_id) |
| uint64_t | AppLayerParserGetTransactionInspectId (AppLayerParserState *pstate, uint8_t direction) |
| void | AppLayerParserSetTransactionInspectId (const Flow *f, AppLayerParserState *pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected) |
| AppLayerDecoderEvents * | AppLayerParserGetDecoderEvents (AppLayerParserState *pstate) |
| void | AppLayerParserSetDecoderEvents (AppLayerParserState *pstate, AppLayerDecoderEvents *devents) |
| AppLayerDecoderEvents * | AppLayerParserGetEventsByTx (uint8_t ipproto, AppProto alproto, void *tx) |
| FileContainer * | AppLayerParserGetFiles (const Flow *f, const uint8_t direction) |
| int | AppLayerParserGetStateProgress (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| get the progress value for a tx/protocol More... | |
| uint64_t | AppLayerParserGetTxCnt (const Flow *, void *alstate) |
| void * | AppLayerParserGetTx (uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id) |
| int | AppLayerParserGetStateProgressCompletionStatus (AppProto alproto, uint8_t direction) |
| int | AppLayerParserGetEventInfo (uint8_t ipproto, AppProto alproto, const char *event_name, int *event_id, AppLayerEventType *event_type) |
| int | AppLayerParserGetEventInfoById (uint8_t ipproto, AppProto alproto, int event_id, const char **event_name, AppLayerEventType *event_type) |
| uint64_t | AppLayerParserGetTransactionActive (const Flow *f, AppLayerParserState *pstate, uint8_t direction) |
| uint8_t | AppLayerParserGetFirstDataDir (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSupportsFiles (uint8_t ipproto, AppProto alproto) |
| AppLayerTxData * | AppLayerParserGetTxData (uint8_t ipproto, AppProto alproto, void *tx) |
| void | AppLayerParserApplyTxConfig (uint8_t ipproto, AppProto alproto, void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig) |
| int | AppLayerParserParse (ThreadVars *tv, AppLayerParserThreadCtx *tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len) |
| void | AppLayerParserSetEOF (AppLayerParserState *pstate) |
| bool | AppLayerParserHasDecoderEvents (AppLayerParserState *pstate) |
| int | AppLayerParserProtocolHasLogger (uint8_t ipproto, AppProto alproto) |
| LoggerId | AppLayerParserProtocolGetLoggerBits (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserTriggerRawStreamReassembly (Flow *f, int direction) |
| void | AppLayerParserSetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t stream_depth) |
| uint32_t | AppLayerParserGetStreamDepth (const Flow *f) |
| void | AppLayerParserSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags) |
| int | AppLayerParserIsEnabled (AppProto alproto) |
| simple way to globally test if a alproto is registered and fully enabled in the configuration. More... | |
| void | AppLayerParserStateProtoCleanup (uint8_t protomap, AppProto alproto, void *alstate, AppLayerParserState *pstate) |
| void | AppLayerParserStateCleanup (const Flow *f, void *alstate, AppLayerParserState *pstate) |
| void | AppLayerParserRegisterProtocolParsers (void) |
| void | AppLayerParserStateSetFlag (AppLayerParserState *pstate, uint8_t flag) |
| int | AppLayerParserStateIssetFlag (AppLayerParserState *pstate, uint8_t flag) |
| void | AppLayerParserStreamTruncated (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| AppLayerParserState * | AppLayerParserStateAlloc (void) |
| void | AppLayerParserStateFree (AppLayerParserState *pstate) |
| void | AppLayerParserTransactionsCleanup (Flow *f) |
| remove obsolete (inspected and logged) transactions More... | |
| void | AppLayerParserRegisterProtocolUnittests (uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void)) |
| void | AppLayerParserRegisterUnittests (void) |
| void | AppLayerParserBackupParserTable (void) |
| void | AppLayerParserRestoreParserTable (void) |
| void | UTHAppLayerParserStateGetIds (void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min) |
Detailed Description
Definition in file app-layer-parser.h.
Macro Definition Documentation
◆ APP_LAYER_ERROR
| #define APP_LAYER_ERROR (AppLayerResult) { -1, 0, 0 } |
parser has hit an unrecoverable error. Returning this to the API leads to no further calls to the parser.
Definition at line 91 of file app-layer-parser.h.
◆ APP_LAYER_INCOMPLETE
| #define APP_LAYER_INCOMPLETE | ( | c, | |
| n | |||
| ) | (AppLayerResult) { 1, (c), (n) } |
parser needs more data. Through 'c' it will indicate how many of the input bytes it has consumed. Through 'n' it will indicate how many more bytes it needs before getting called again.
- Note
- consumed (c) should never be more than the input len needed (n) + consumed (c) should be more than the input len
Definition at line 99 of file app-layer-parser.h.
◆ APP_LAYER_OK
| #define APP_LAYER_OK (AppLayerResult) { 0, 0, 0 } |
parser has successfully processed in the input, and has consumed all of it.
Definition at line 87 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_BYPASS_READY
| #define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) |
Definition at line 41 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_EOF_TC
| #define APP_LAYER_PARSER_EOF_TC BIT_U8(6) |
Definition at line 43 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_EOF_TS
| #define APP_LAYER_PARSER_EOF_TS BIT_U8(5) |
Definition at line 42 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_INT_STREAM_DEPTH_SET
| #define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) |
Definition at line 49 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_NO_INSPECTION
| #define APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1) |
Definition at line 38 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
| #define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3) |
Definition at line 40 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_NO_REASSEMBLY
| #define APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2) |
Definition at line 39 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_OPT_ACCEPT_GAPS
| #define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) |
Definition at line 46 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_OPT_UNIDIR_TXS
| #define APP_LAYER_PARSER_OPT_UNIDIR_TXS BIT_U32(1) |
Definition at line 47 of file app-layer-parser.h.
◆ APP_LAYER_TX_INSPECTED_FLAG
| #define APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63) |
is tx fully inspected?
Definition at line 80 of file app-layer-parser.h.
◆ APP_LAYER_TX_PREFILTER_MASK
| #define APP_LAYER_TX_PREFILTER_MASK ~(APP_LAYER_TX_INSPECTED_FLAG | APP_LAYER_TX_RESERVED_FLAGS) |
other 63 bits are for tracking which prefilter engine is already completely inspected
Definition at line 83 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED10_FLAG
| #define APP_LAYER_TX_RESERVED10_FLAG BIT_U64(57) |
Definition at line 63 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED11_FLAG
| #define APP_LAYER_TX_RESERVED11_FLAG BIT_U64(58) |
Definition at line 64 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED12_FLAG
| #define APP_LAYER_TX_RESERVED12_FLAG BIT_U64(59) |
Definition at line 65 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED13_FLAG
| #define APP_LAYER_TX_RESERVED13_FLAG BIT_U64(60) |
Definition at line 66 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED14_FLAG
| #define APP_LAYER_TX_RESERVED14_FLAG BIT_U64(61) |
Definition at line 67 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED15_FLAG
| #define APP_LAYER_TX_RESERVED15_FLAG BIT_U64(62) |
Definition at line 68 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED1_FLAG
| #define APP_LAYER_TX_RESERVED1_FLAG BIT_U64(48) |
reserved for future use
Definition at line 54 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED2_FLAG
| #define APP_LAYER_TX_RESERVED2_FLAG BIT_U64(49) |
Definition at line 55 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED3_FLAG
| #define APP_LAYER_TX_RESERVED3_FLAG BIT_U64(50) |
Definition at line 56 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED4_FLAG
| #define APP_LAYER_TX_RESERVED4_FLAG BIT_U64(51) |
Definition at line 57 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED5_FLAG
| #define APP_LAYER_TX_RESERVED5_FLAG BIT_U64(52) |
Definition at line 58 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED6_FLAG
| #define APP_LAYER_TX_RESERVED6_FLAG BIT_U64(53) |
Definition at line 59 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED7_FLAG
| #define APP_LAYER_TX_RESERVED7_FLAG BIT_U64(54) |
Definition at line 60 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED8_FLAG
| #define APP_LAYER_TX_RESERVED8_FLAG BIT_U64(55) |
Definition at line 61 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED9_FLAG
| #define APP_LAYER_TX_RESERVED9_FLAG BIT_U64(56) |
Definition at line 62 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED_FLAGS
| #define APP_LAYER_TX_RESERVED_FLAGS |
Definition at line 70 of file app-layer-parser.h.
Typedef Documentation
◆ AppLayerGetTxIteratorFunc
| typedef AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
tx iterator prototype
Definition at line 150 of file app-layer-parser.h.
◆ AppLayerGetTxIterState
| typedef struct AppLayerGetTxIterState AppLayerGetTxIterState |
◆ AppLayerParserFPtr
| typedef AppLayerResult(* AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, StreamSlice stream_slice, void *local_storage) |
Prototype for parsing functions.
Definition at line 139 of file app-layer-parser.h.
◆ AppLayerParserThreadCtx
| typedef struct AppLayerParserThreadCtx_ AppLayerParserThreadCtx |
Definition at line 106 of file app-layer-parser.h.
Function Documentation
◆ AppLayerGetTxIterator()
| AppLayerGetTxIteratorFunc AppLayerGetTxIterator | ( | const uint8_t | ipproto, |
| const AppProto | alproto | ||
| ) |
Definition at line 647 of file app-layer-parser.c.
Referenced by AppLayerParserSetTransactionInspectId().
◆ AppLayerParserApplyTxConfig()
| void AppLayerParserApplyTxConfig | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | state, | ||
| void * | tx, | ||
| enum ConfigAction | mode, | ||
| AppLayerTxConfig | |||
| ) |
Definition at line 1141 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserBackupParserTable()
| void AppLayerParserBackupParserTable | ( | void | ) |
Definition at line 1721 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserConfParserEnabled()
| int AppLayerParserConfParserEnabled | ( | const char * | ipproto, |
| const char * | alproto_name | ||
| ) |
Given a protocol name, checks if the parser is enabled in the conf file.
- Parameters
-
alproto_name Name of the app layer protocol.
- Return values
-
1 If enabled. 0 If disabled.
Given a protocol name, checks if the parser is enabled in the conf file.
Definition at line 296 of file app-layer-parser.c.
References ConfGetNode(), ConfValIsFalse(), ConfValIsTrue(), FatalError, RunmodeIsUnittests(), SC_ERR_FATAL, SCEnter, SCLogDebug, SCLogError, SCReturnInt, and ConfNode_::val.
Referenced by HTPFreeConfig(), and RegisterMQTTParsers().
◆ AppLayerParserDeSetup()
| int AppLayerParserDeSetup | ( | void | ) |
Definition at line 237 of file app-layer-parser.c.
References FTPParserCleanup(), SCEnter, SCReturnInt, and SMTPParserCleanup().
Referenced by AppLayerDeSetup().
◆ AppLayerParserDestroyProtocolParserLocalStorage()
| void AppLayerParserDestroyProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | local_data | ||
| ) |
Definition at line 597 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserThreadCtxFree().
◆ AppLayerParserGetDecoderEvents()
| AppLayerDecoderEvents* AppLayerParserGetDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 804 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events, SCEnter, and SCReturnPtr.
Referenced by AppLayerDecoderEventsSetEvent(), and AppLayerParserHasDecoderEvents().
◆ AppLayerParserGetEventInfo()
| int AppLayerParserGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const char * | event_name, | ||
| int * | event_id, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1077 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserGetEventInfoById()
| int AppLayerParserGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int | event_id, | ||
| const char ** | event_name, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1087 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserGetEventsByTx()
| AppLayerDecoderEvents* AppLayerParserGetEventsByTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 817 of file app-layer-parser.c.
References AppLayerParserGetTxData(), AppLayerDecoderEvents_::events, SCEnter, and SCReturnPtr.
◆ AppLayerParserGetFiles()
| FileContainer* AppLayerParserGetFiles | ( | const Flow * | f, |
| const uint8_t | direction | ||
| ) |
Definition at line 833 of file app-layer-parser.c.
References SCEnter.
Referenced by DetectFileInspectGeneric(), and FileDisableStoringForTransaction().
◆ AppLayerParserGetFirstDataDir()
| uint8_t AppLayerParserGetFirstDataDir | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1098 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserGetOptionFlags()
| uint32_t AppLayerParserGetOptionFlags | ( | uint8_t | protomap, |
| AppProto | alproto | ||
| ) |
Definition at line 387 of file app-layer-parser.c.
References SCEnter, and SCReturnUInt.
◆ AppLayerParserGetProtocolParserLocalStorage()
| void* AppLayerParserGetProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 582 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserThreadCtxAlloc().
◆ AppLayerParserGetStateProgress()
| int AppLayerParserGetStateProgress | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | flags | ||
| ) |
get the progress value for a tx/protocol
If the stream is disrupted, we return the 'completion' value.
Definition at line 1041 of file app-layer-parser.c.
References flags, IS_DISRUPTED, SCEnter, and unlikely.
Referenced by AppLayerParserSetTransactionInspectId(), and DetectEngineInspectBufferGeneric().
◆ AppLayerParserGetStateProgressCompletionStatus()
| int AppLayerParserGetStateProgressCompletionStatus | ( | AppProto | alproto, |
| uint8_t | direction | ||
| ) |
Definition at line 1069 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetTransactionInspectId(), and OutputRegisterTxLogger().
◆ AppLayerParserGetStreamDepth()
| uint32_t AppLayerParserGetStreamDepth | ( | const Flow * | f | ) |
Definition at line 1433 of file app-layer-parser.c.
References SCReturnInt.
◆ AppLayerParserGetTransactionActive()
| uint64_t AppLayerParserGetTransactionActive | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1105 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and SCEnter.
Referenced by FlowForceReassemblyNeedReassembly().
◆ AppLayerParserGetTransactionInspectId()
| uint64_t AppLayerParserGetTransactionInspectId | ( | AppLayerParserState * | pstate, |
| uint8_t | direction | ||
| ) |
Definition at line 672 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, SCEnter, and SCReturnCT.
Referenced by AppLayerParserSetTransactionInspectId().
◆ AppLayerParserGetTransactionLogId()
| uint64_t AppLayerParserGetTransactionLogId | ( | AppLayerParserState * | pstate | ) |
Definition at line 655 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturnCT.
◆ AppLayerParserGetTx()
| void* AppLayerParserGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 1062 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetStreamDepthFlag(), EveEmailAddMetadata(), EveHTTP2AddMetadata(), EveHttpAddMetadata(), EveHttpLogJSONBodyBase64(), EveHttpLogJSONBodyPrintable(), EveIKEAddMetadata(), EveNFSAddMetadata(), EveNFSAddMetadataRPC(), EveSMBAddMetadata(), EveSMTPAddMetadata(), HttpXFFGetIPFromTx(), JsonModbusAddMetadata(), JsonMQTTAddMetadata(), JsonRFBAddMetadata(), and JsonSIPAddMetadata().
◆ AppLayerParserGetTxCnt()
| uint64_t AppLayerParserGetTxCnt | ( | const Flow * | , |
| void * | alstate | ||
| ) |
Definition at line 1055 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetTransactionInspectId(), FlowForceReassemblyNeedReassembly(), HttpXFFGetIP(), and HttpXFFGetIPFromTx().
◆ AppLayerParserGetTxData()
| AppLayerTxData* AppLayerParserGetTxData | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 1134 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserGetEventsByTx(), AppLayerParserSetTransactionInspectId(), and DetectRunStoreStateTx().
◆ AppLayerParserHasDecoderEvents()
| bool AppLayerParserHasDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 1367 of file app-layer-parser.c.
References AppLayerParserGetDecoderEvents(), AppLayerDecoderEvents_::cnt, AppLayerParserState_::decoder_events, and SCEnter.
◆ AppLayerParserIsEnabled()
| int AppLayerParserIsEnabled | ( | AppProto | alproto | ) |
simple way to globally test if a alproto is registered and fully enabled in the configuration.
Definition at line 1385 of file app-layer-parser.c.
References FLOW_PROTO_APPLAYER_MAX.
Referenced by OutputRegisterTxLogger().
◆ AppLayerParserParse()
| int AppLayerParserParse | ( | ThreadVars * | tv, |
| AppLayerParserThreadCtx * | alp_tctx, | ||
| Flow * | f, | ||
| AppProto | alproto, | ||
| uint8_t | flags, | ||
| const uint8_t * | input, | ||
| uint32_t | input_len | ||
| ) |
- Return values
-
int -1 in case of unrecoverable error. App-layer tracking stops for this flow. int 0 ok: we did not update app_progress int 1 ok: we updated app_progress
Definition at line 1183 of file app-layer-parser.c.
References Flow_::alparser, BUG_ON, FlowGetProtoMapping(), Flow_::proto, Flow_::protomap, and SCEnter.
Referenced by AppLayerHandleTCPData(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserPostStreamSetup()
| void AppLayerParserPostStreamSetup | ( | void | ) |
Definition at line 220 of file app-layer-parser.c.
References ALPROTO_MAX, and FLOW_PROTO_DEFAULT.
Referenced by PreRunInit().
◆ AppLayerParserProtocolGetLoggerBits()
Definition at line 1403 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserProtocolHasLogger()
| int AppLayerParserProtocolHasLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1395 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserProtoIsRegistered()
| int AppLayerParserProtoIsRegistered | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 182 of file app-layer-parser.c.
References FlowGetProtoMapping().
◆ AppLayerParserRegisterApplyTxConfigFunc()
| void AppLayerParserRegisterApplyTxConfigFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| bool(*)(void *state, void *tx, int mode, AppLayerTxConfig) | ApplyTxConfig | ||
| ) |
Definition at line 560 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetEventInfo()
| void AppLayerParserRegisterGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(const char *event_name, int *event_id, AppLayerEventType *event_type) | StateGetEventInfo | ||
| ) |
Definition at line 538 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetEventInfoById()
| void AppLayerParserRegisterGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(int event_id, const char **event_name, AppLayerEventType *event_type) | StateGetEventInfoById | ||
| ) |
Definition at line 526 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetFilesFunc()
| void AppLayerParserRegisterGetFilesFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| FileContainer *(*)(void *, uint8_t) | StateGetFiles | ||
| ) |
Definition at line 420 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetStateProgressFunc()
| void AppLayerParserRegisterGetStateProgressFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(void *alstate, uint8_t direction) | StateGetStateProgress | ||
| ) |
Definition at line 459 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetStreamDepth()
| void AppLayerParserRegisterGetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t(*)(void) | GetStreamDepth | ||
| ) |
◆ AppLayerParserRegisterGetTx()
| void AppLayerParserRegisterGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | StateGetTx)(void *alstate, uint64_t tx_id | ||
| ) |
Definition at line 492 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTxCnt()
| void AppLayerParserRegisterGetTxCnt | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *alstate) | StateGetTxCnt | ||
| ) |
Definition at line 481 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTxIterator()
| void AppLayerParserRegisterGetTxIterator | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerGetTxIteratorFunc | Func | ||
| ) |
Definition at line 503 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLocalStorageFunc()
| void AppLayerParserRegisterLocalStorageFunc | ( | uint8_t | ipproto, |
| AppProto | proto, | ||
| void *(*)(void) | LocalStorageAlloc, | ||
| void(*)(void *) | LocalStorageFree | ||
| ) |
Definition at line 406 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLogger()
| void AppLayerParserRegisterLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 440 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLoggerBits()
Definition at line 431 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLoggerFuncs()
| void AppLayerParserRegisterLoggerFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| LoggerId(*)(void *, void *) | StateGetTxLogged, | ||
| void(*)(void *, void *, LoggerId) | StateSetTxLogged | ||
| ) |
◆ AppLayerParserRegisterOptionFlags()
| void AppLayerParserRegisterOptionFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | flags | ||
| ) |
Definition at line 377 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterParser()
| int AppLayerParserRegisterParser | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction, | ||
| AppLayerParserFPtr | Parser | ||
| ) |
Register app layer parser for the protocol.
- Return values
-
0 On success. -1 On failure.
Definition at line 354 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterParserAcceptableDataDirection()
| void AppLayerParserRegisterParserAcceptableDataDirection | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction | ||
| ) |
Definition at line 366 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterProtocolParsers()
| void AppLayerParserRegisterProtocolParsers | ( | void | ) |
IMAP
Definition at line 1553 of file app-layer-parser.c.
References ALPROTO_IMAP, AppLayerProtoDetectConfProtoDetectionEnabled(), AppLayerProtoDetectPMRegisterPatternCS(), AppLayerProtoDetectRegisterProtocol(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterHTTP2Parsers(), RegisterIKEParsers(), RegisterKRB5Parsers(), RegisterModbusParsers(), RegisterMQTTParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterNTPParsers(), RegisterRdpParsers(), RegisterRFBParsers(), RegisterSIPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSNMPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), RegisterTemplateRustParsers(), RegisterTFTPParsers(), SCEnter, and SCLogInfo.
Referenced by AppLayerSetup(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserRegisterProtocolUnittests()
| void AppLayerParserRegisterProtocolUnittests | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void) | RegisterUnittests | ||
| ) |
Definition at line 1712 of file app-layer-parser.c.
Referenced by RegisterIKEParsers(), RegisterKRB5Parsers(), RegisterModbusParsers(), RegisterMQTTParsers(), RegisterNTPParsers(), and RegisterTemplateRustParsers().
◆ AppLayerParserRegisterSetStreamDepthFlag()
| void AppLayerParserRegisterSetStreamDepthFlag | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *tx, uint8_t flags) | SetStreamDepthFlag | ||
| ) |
Definition at line 570 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterStateFuncs()
| void AppLayerParserRegisterStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void *(*)(void *, AppProto) | StateAlloc, | ||
| void(*)(void *) | StateFree | ||
| ) |
Definition at line 393 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterStateProgressCompletionStatus()
| void AppLayerParserRegisterStateProgressCompletionStatus | ( | AppProto | alproto, |
| const int | ts, | ||
| const int | tc | ||
| ) |
Definition at line 511 of file app-layer-parser.c.
◆ AppLayerParserRegisterTruncateFunc()
| void AppLayerParserRegisterTruncateFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint8_t) | Truncate | ||
| ) |
Definition at line 449 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterTxDataFunc()
| void AppLayerParserRegisterTxDataFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerTxData *(*)(void *tx) | GetTxData | ||
| ) |
Definition at line 550 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterTxFreeFunc()
| void AppLayerParserRegisterTxFreeFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint64_t) | StateTransactionFree | ||
| ) |
Definition at line 470 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterUnittests()
| void AppLayerParserRegisterUnittests | ( | void | ) |
Definition at line 1824 of file app-layer-parser.c.
References ALPROTO_MAX, FLOW_PROTO_DEFAULT, and SCEnter.
◆ AppLayerParserRestoreParserTable()
| void AppLayerParserRestoreParserTable | ( | void | ) |
Definition at line 1729 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserSetDecoderEvents()
| void AppLayerParserSetDecoderEvents | ( | AppLayerParserState * | pstate, |
| AppLayerDecoderEvents * | devents | ||
| ) |
Definition at line 812 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events.
Referenced by AppLayerDecoderEventsSetEvent().
◆ AppLayerParserSetEOF()
| void AppLayerParserSetEOF | ( | AppLayerParserState * | pstate | ) |
Definition at line 1351 of file app-layer-parser.c.
References APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS, AppLayerParserStateSetFlag(), SCEnter, SCLogDebug, and SCReturn.
◆ AppLayerParserSetStreamDepth()
| void AppLayerParserSetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | stream_depth | ||
| ) |
Definition at line 1422 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserSetStreamDepthFlag()
| void AppLayerParserSetStreamDepthFlag | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | state, | ||
| uint64_t | tx_id, | ||
| uint8_t | flags | ||
| ) |
Definition at line 1438 of file app-layer-parser.c.
References AppLayerParserGetTx(), and SCEnter.
◆ AppLayerParserSetTransactionInspectId()
| void AppLayerParserSetTransactionInspectId | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| void * | alstate, | ||
| const uint8_t | flags, | ||
| bool | tag_txs_as_inspected | ||
| ) |
Definition at line 703 of file app-layer-parser.c.
References Flow_::alproto, AppLayerGetTxIterator(), AppLayerParserGetStateProgress(), AppLayerParserGetStateProgressCompletionStatus(), AppLayerParserGetTransactionInspectId(), AppLayerParserGetTxCnt(), AppLayerParserGetTxData(), flags, Flow_::proto, SCEnter, and SCLogDebug.
Referenced by DeStateUpdateInspectTransactionId().
◆ AppLayerParserSetTransactionLogId()
| void AppLayerParserSetTransactionLogId | ( | AppLayerParserState * | pstate, |
| uint64_t | tx_id | ||
| ) |
Definition at line 662 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturn.
◆ AppLayerParserSetup()
| int AppLayerParserSetup | ( | void | ) |
Definition at line 213 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerSetup(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserStateAlloc()
| AppLayerParserState* AppLayerParserStateAlloc | ( | void | ) |
Definition at line 189 of file app-layer-parser.c.
References SCEnter, SCMalloc, and SCReturnPtr.
◆ AppLayerParserStateCleanup()
| void AppLayerParserStateCleanup | ( | const Flow * | f, |
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1471 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserStateProtoCleanup(), and Flow_::protomap.
Referenced by FlowCleanupAppLayer().
◆ AppLayerParserStateFree()
| void AppLayerParserStateFree | ( | AppLayerParserState * | pstate | ) |
Definition at line 202 of file app-layer-parser.c.
References AppLayerDecoderEventsFreeEvents(), AppLayerParserState_::decoder_events, SCEnter, SCFree, and SCReturn.
◆ AppLayerParserStateIssetFlag()
| int AppLayerParserStateIssetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1615 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturnInt.
Referenced by LLVMFuzzerTestOneInput().
◆ AppLayerParserStateProtoCleanup()
| void AppLayerParserStateProtoCleanup | ( | uint8_t | protomap, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1454 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserStateCleanup().
◆ AppLayerParserStateSetFlag()
| void AppLayerParserStateSetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1607 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturn.
Referenced by AppLayerParserSetEOF(), and StreamTcpDisableAppLayer().
◆ AppLayerParserStreamTruncated()
| void AppLayerParserStreamTruncated | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1622 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserSupportsFiles()
| int AppLayerParserSupportsFiles | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1122 of file app-layer-parser.c.
References ALPROTO_HTTP, ALPROTO_HTTP1, ALPROTO_HTTP2, and AppLayerParserSupportsFiles().
Referenced by AppLayerParserSupportsFiles().
◆ AppLayerParserThreadCtxAlloc()
| AppLayerParserThreadCtx* AppLayerParserThreadCtxAlloc | ( | void | ) |
Gets a new app layer protocol's parser thread context.
- Return values
-
Non-NULL pointer on success. NULL pointer on failure.
Definition at line 247 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserGetProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCMalloc, and SCReturnPtr.
Referenced by AppLayerGetCtxThread(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserThreadCtxFree()
| void AppLayerParserThreadCtxFree | ( | AppLayerParserThreadCtx * | tctx | ) |
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
- Parameters
-
tctx Pointer to the thread context to be destroyed.
Definition at line 273 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserDestroyProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCFree, and SCReturn.
Referenced by AppLayerDestroyCtxThread().
◆ AppLayerParserTransactionsCleanup()
| void AppLayerParserTransactionsCleanup | ( | Flow * | f | ) |
remove obsolete (inspected and logged) transactions
Definition at line 857 of file app-layer-parser.c.
References DEBUG_ASSERT_FLOW_LOCKED, and SCEnter.
◆ AppLayerParserTriggerRawStreamReassembly()
| void AppLayerParserTriggerRawStreamReassembly | ( | Flow * | f, |
| int | direction | ||
| ) |
Definition at line 1411 of file app-layer-parser.c.
References Flow_::protoctx, SCEnter, SCLogDebug, SCReturn, and StreamTcpReassembleTriggerRawReassembly().
Referenced by InitGlobal().
◆ UTHAppLayerParserStateGetIds()
| void UTHAppLayerParserStateGetIds | ( | void * | ptr, |
| uint64_t * | i1, | ||
| uint64_t * | i2, | ||
| uint64_t * | log, | ||
| uint64_t * | min | ||
| ) |
Definition at line 168 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and AppLayerParserState_::min_id.
