|
suricata
|
|
suricata
|
#include "app-layer-events.h"#include "detect-engine-state.h"#include "util-file.h"#include "stream-tcp-private.h"
Go to the source code of this file.
Data Structures | |
| struct | AppLayerGetTxIterTuple |
| struct | AppLayerGetTxIterState |
Macros | |
| #define | APP_LAYER_PARSER_EOF BIT_U8(0) |
| #define | APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1) |
| #define | APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2) |
| #define | APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3) |
| #define | APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) |
| #define | APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) |
| #define | APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) |
| #define | APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63) |
| #define | APP_LAYER_TX_PREFILTER_MASK ~APP_LAYER_TX_INSPECTED_FLAG |
Typedefs | |
| typedef struct AppLayerParserThreadCtx_ | AppLayerParserThreadCtx |
| typedef int(* | AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, const uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags) |
| Prototype for parsing functions. More... | |
| typedef struct AppLayerGetTxIterTuple | AppLayerGetTxIterTuple |
| typedef struct AppLayerGetTxIterState | AppLayerGetTxIterState |
| typedef AppLayerGetTxIterTuple(* | AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
| tx iterator prototype More... | |
Functions | |
| int | AppLayerParserProtoIsRegistered (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSetup (void) |
| void | AppLayerParserPostStreamSetup (void) |
| int | AppLayerParserDeSetup (void) |
| AppLayerParserThreadCtx * | AppLayerParserThreadCtxAlloc (void) |
| Gets a new app layer protocol's parser thread context. More... | |
| void | AppLayerParserThreadCtxFree (AppLayerParserThreadCtx *tctx) |
| Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc(). More... | |
| int | AppLayerParserConfParserEnabled (const char *ipproto, const char *alproto_name) |
| Given a protocol name, checks if the parser is enabled in the conf file. More... | |
| int | AppLayerParserRegisterParser (uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser) |
| Register app layer parser for the protocol. More... | |
| void | AppLayerParserRegisterParserAcceptableDataDirection (uint8_t ipproto, AppProto alproto, uint8_t direction) |
| void | AppLayerParserRegisterOptionFlags (uint8_t ipproto, AppProto alproto, uint32_t flags) |
| void | AppLayerParserRegisterStateFuncs (uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void), void(*StateFree)(void *)) |
| void | AppLayerParserRegisterLocalStorageFunc (uint8_t ipproto, AppProto proto, void *(*LocalStorageAlloc)(void), void(*LocalStorageFree)(void *)) |
| void | AppLayerParserRegisterGetFilesFunc (uint8_t ipproto, AppProto alproto, FileContainer *(*StateGetFiles)(void *, uint8_t)) |
| void | AppLayerParserRegisterGetEventsFunc (uint8_t ipproto, AppProto proto, AppLayerDecoderEvents *(*StateGetEvents)(void *) __attribute__((nonnull))) |
| void | AppLayerParserRegisterLoggerFuncs (uint8_t ipproto, AppProto alproto, LoggerId(*StateGetTxLogged)(void *, void *), void(*StateSetTxLogged)(void *, void *, LoggerId)) |
| void | AppLayerParserRegisterLogger (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserRegisterLoggerBits (uint8_t ipproto, AppProto alproto, LoggerId bits) |
| void | AppLayerParserRegisterTruncateFunc (uint8_t ipproto, AppProto alproto, void(*Truncate)(void *, uint8_t)) |
| void | AppLayerParserRegisterGetStateProgressFunc (uint8_t ipproto, AppProto alproto, int(*StateGetStateProgress)(void *alstate, uint8_t direction)) |
| void | AppLayerParserRegisterTxFreeFunc (uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t)) |
| void | AppLayerParserRegisterGetTxCnt (uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate)) |
| void | AppLayerParserRegisterGetTx (uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id)) |
| void | AppLayerParserRegisterGetTxIterator (uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func) |
| void | AppLayerParserRegisterGetStateProgressCompletionStatus (AppProto alproto, int(*StateGetStateProgressCompletionStatus)(uint8_t direction)) |
| void | AppLayerParserRegisterGetEventInfo (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterGetEventInfoById (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterDetectStateFuncs (uint8_t ipproto, AppProto alproto, DetectEngineState *(*GetTxDetectState)(void *tx), int(*SetTxDetectState)(void *tx, DetectEngineState *)) |
| void | AppLayerParserRegisterGetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t(*GetStreamDepth)(void)) |
| void | AppLayerParserRegisterMpmIDsFuncs (uint8_t ipproto, AppProto alproto, uint64_t(*GetTxMpmIDs)(void *tx), int(*SetTxMpmIDs)(void *tx, uint64_t)) |
| void | AppLayerParserRegisterDetectFlagsFuncs (uint8_t ipproto, AppProto alproto, uint64_t(*GetTxDetectFlags)(void *tx, uint8_t dir), void(*SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t)) |
| void | AppLayerParserRegisterSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void(*SetStreamDepthFlag)(void *tx, uint8_t flags)) |
| AppLayerGetTxIteratorFunc | AppLayerGetTxIterator (const uint8_t ipproto, const AppProto alproto) |
| void * | AppLayerParserGetProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserDestroyProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto, void *local_data) |
| uint64_t | AppLayerParserGetTransactionLogId (AppLayerParserState *pstate) |
| void | AppLayerParserSetTransactionLogId (AppLayerParserState *pstate, uint64_t tx_id) |
| void | AppLayerParserSetTxLogged (uint8_t ipproto, AppProto alproto, void *alstate, void *tx, LoggerId logged) |
| LoggerId | AppLayerParserGetTxLogged (const Flow *f, void *alstate, void *tx) |
| uint64_t | AppLayerParserGetTransactionInspectId (AppLayerParserState *pstate, uint8_t direction) |
| void | AppLayerParserSetTransactionInspectId (const Flow *f, AppLayerParserState *pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected) |
| AppLayerDecoderEvents * | AppLayerParserGetDecoderEvents (AppLayerParserState *pstate) |
| void | AppLayerParserSetDecoderEvents (AppLayerParserState *pstate, AppLayerDecoderEvents *devents) |
| AppLayerDecoderEvents * | AppLayerParserGetEventsByTx (uint8_t ipproto, AppProto alproto, void *tx) |
| FileContainer * | AppLayerParserGetFiles (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| int | AppLayerParserGetStateProgress (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| get the progress value for a tx/protocol More... | |
| uint64_t | AppLayerParserGetTxCnt (const Flow *, void *alstate) |
| void * | AppLayerParserGetTx (uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id) |
| int | AppLayerParserGetStateProgressCompletionStatus (AppProto alproto, uint8_t direction) |
| int | AppLayerParserGetEventInfo (uint8_t ipproto, AppProto alproto, const char *event_name, int *event_id, AppLayerEventType *event_type) |
| int | AppLayerParserGetEventInfoById (uint8_t ipproto, AppProto alproto, int event_id, const char **event_name, AppLayerEventType *event_type) |
| uint64_t | AppLayerParserGetTransactionActive (const Flow *f, AppLayerParserState *pstate, uint8_t direction) |
| uint8_t | AppLayerParserGetFirstDataDir (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSupportsFiles (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSupportsTxDetectState (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserHasTxDetectState (uint8_t ipproto, AppProto alproto, void *alstate) |
| DetectEngineState * | AppLayerParserGetTxDetectState (uint8_t ipproto, AppProto alproto, void *tx) |
| int | AppLayerParserSetTxDetectState (const Flow *f, void *tx, DetectEngineState *s) |
| uint64_t | AppLayerParserGetTxDetectFlags (uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir) |
| void | AppLayerParserSetTxDetectFlags (uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir, uint64_t) |
| int | AppLayerParserParse (ThreadVars *tv, AppLayerParserThreadCtx *tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len) |
| void | AppLayerParserSetEOF (AppLayerParserState *pstate) |
| bool | AppLayerParserHasDecoderEvents (AppLayerParserState *pstate) |
| int | AppLayerParserIsTxAware (AppProto alproto) |
| simpler way to globally test if a alproto is registered and fully enabled in the configuration. More... | |
| int | AppLayerParserProtocolIsTxEventAware (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserProtocolHasLogger (uint8_t ipproto, AppProto alproto) |
| LoggerId | AppLayerParserProtocolGetLoggerBits (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserTriggerRawStreamReassembly (Flow *f, int direction) |
| void | AppLayerParserSetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t stream_depth) |
| uint32_t | AppLayerParserGetStreamDepth (const Flow *f) |
| void | AppLayerParserSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags) |
| void | AppLayerParserStateCleanup (const Flow *f, void *alstate, AppLayerParserState *pstate) |
| void | AppLayerParserRegisterProtocolParsers (void) |
| void | AppLayerParserStateSetFlag (AppLayerParserState *pstate, uint8_t flag) |
| int | AppLayerParserStateIssetFlag (AppLayerParserState *pstate, uint8_t flag) |
| void | AppLayerParserStreamTruncated (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| AppLayerParserState * | AppLayerParserStateAlloc (void) |
| void | AppLayerParserStateFree (AppLayerParserState *pstate) |
| void | AppLayerParserTransactionsCleanup (Flow *f) |
| remove obsolete (inspected and logged) transactions More... | |
| void | AppLayerParserRegisterProtocolUnittests (uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void)) |
| void | AppLayerParserRegisterUnittests (void) |
| void | AppLayerParserBackupParserTable (void) |
| void | AppLayerParserRestoreParserTable (void) |
| void | UTHAppLayerParserStateGetIds (void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min) |
Definition in file app-layer-parser.h.
| #define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) |
Definition at line 38 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), and SSLVersionToString().
| #define APP_LAYER_PARSER_EOF BIT_U8(0) |
Definition at line 34 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), AppLayerParserSetEOF(), DCERPCParser(), OutputRegisterTxLogger(), SMTPProcessDataChunk(), and SSLVersionToString().
| #define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) |
Definition at line 43 of file app-layer-parser.h.
Referenced by AppLayerParserPostStreamSetup(), and AppLayerParserSetStreamDepth().
| #define APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1) |
Definition at line 35 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), RegisterSSHParsers(), SSLJA3IsEnabled(), and SSLVersionToString().
| #define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3) |
Definition at line 37 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), and SSLVersionToString().
| #define APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2) |
Definition at line 36 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), and SSLVersionToString().
| #define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) |
Definition at line 41 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), RegisterDNSTCPParsers(), RegisterENIPTCPParsers(), RegisterNFSTCPParsers(), and RegisterSMBParsers().
| #define APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63) |
is tx fully inspected?
Definition at line 48 of file app-layer-parser.h.
Referenced by AppLayerParserSetTransactionInspectId(), and AppLayerParserTransactionsCleanup().
| #define APP_LAYER_TX_PREFILTER_MASK ~APP_LAYER_TX_INSPECTED_FLAG |
other 63 bits are for tracking which prefilter engine is already completely inspected
Definition at line 51 of file app-layer-parser.h.
| typedef AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
tx iterator prototype
Definition at line 112 of file app-layer-parser.h.
| typedef struct AppLayerGetTxIterState AppLayerGetTxIterState |
| typedef struct AppLayerGetTxIterTuple AppLayerGetTxIterTuple |
| typedef int(* AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, const uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags) |
Prototype for parsing functions.
Definition at line 92 of file app-layer-parser.h.
| typedef struct AppLayerParserThreadCtx_ AppLayerParserThreadCtx |
Definition at line 61 of file app-layer-parser.h.
| AppLayerGetTxIteratorFunc AppLayerGetTxIterator | ( | const uint8_t | ipproto, |
| const AppProto | alproto | ||
| ) |
Definition at line 692 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), and AppLayerParserProtoCtx_::StateGetTxIterator.
Referenced by AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), and OutputRegisterTxLogger().
| void AppLayerParserBackupParserTable | ( | void | ) |
Definition at line 2019 of file app-layer-parser.c.
References SCEnter, and SCReturn.
Referenced by AppLayerParserRestoreParserTable().
| int AppLayerParserConfParserEnabled | ( | const char * | ipproto, |
| const char * | alproto_name | ||
| ) |
Given a protocol name, checks if the parser is enabled in the conf file.
| alproto_name | Name of the app layer protocol. |
| 1 | If enabled. |
| 0 | If disabled. |
Given a protocol name, checks if the parser is enabled in the conf file.
Definition at line 303 of file app-layer-parser.c.
References ConfGetNode(), ConfValIsFalse(), ConfValIsTrue(), RunmodeIsUnittests(), SC_ERR_FATAL, SCEnter, SCLogDebug, SCLogError, SCReturnInt, and ConfNode_::val.
Referenced by HTPFreeConfig(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| int AppLayerParserDeSetup | ( | void | ) |
Definition at line 243 of file app-layer-parser.c.
References FTPParserCleanup(), SCEnter, SCReturnInt, and SMTPParserCleanup().
Referenced by AppLayerDeSetup().
| void AppLayerParserDestroyProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | local_data | ||
| ) |
Definition at line 642 of file app-layer-parser.c.
References AppLayerParserGetTx(), AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerGetTxIterTuple::has_next, MAX, SCEnter, SCLogDebug, SCReturn, AppLayerGetTxIterTuple::tx_id, tx_id, and AppLayerGetTxIterTuple::tx_ptr.
Referenced by AppLayerParserThreadCtxFree().
| AppLayerDecoderEvents* AppLayerParserGetDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 848 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events, SCEnter, and SCReturnPtr.
Referenced by AppLayerDecoderEventsSetEvent(), AppLayerParserHasDecoderEvents(), and HtpConfigRestoreBackup().
| int AppLayerParserGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const char * | event_name, | ||
| int * | event_id, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1068 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::StateGetEventInfo.
Referenced by DetectAppLayerEventRegister().
| int AppLayerParserGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int | event_id, | ||
| const char ** | event_name, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1078 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::StateGetEventInfoById.
| AppLayerDecoderEvents* AppLayerParserGetEventsByTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 861 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by DetectAppLayerEventRegister(), HtpConfigRestoreBackup(), and HTPFileClose().
| FileContainer* AppLayerParserGetFiles | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 878 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by DetectEngineStateResetTxs(), DetectFileInspectGeneric(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectFilestoreRegister(), FileDisableFilesize(), FileDisableMagic(), FileDisableMd5(), FileDisableSha1(), FileDisableSha256(), FileDisableStoring(), FileDisableStoringForTransaction(), OutputRegisterFiledataLogger(), and OutputRegisterFileLogger().
| uint8_t AppLayerParserGetFirstDataDir | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1089 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnCT.
Referenced by AppLayerIncTxCounter().
| void* AppLayerParserGetProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 627 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by AppLayerParserThreadCtxAlloc().
| int AppLayerParserGetStateProgress | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | flags | ||
| ) |
get the progress value for a tx/protocol
If the stream is disrupted, we return the 'completion' value.
Definition at line 1026 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, FlowGetProtoMapping(), IS_DISRUPTED, SCEnter, SCReturnInt, and unlikely.
Referenced by AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), DetectAppLayerEventRegister(), DetectEngineInspectBufferGeneric(), DetectHttpClientBodyRegister(), and OutputRegisterTxLogger().
| int AppLayerParserGetStateProgressCompletionStatus | ( | AppProto | alproto, |
| uint8_t | direction | ||
| ) |
Definition at line 1059 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, SCEnter, and SCReturnInt.
Referenced by AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), DetectAppLayerEventRegister(), and OutputRegisterTxLogger().
| uint32_t AppLayerParserGetStreamDepth | ( | const Flow * | f | ) |
Definition at line 1385 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, Flow_::protomap, SCReturnInt, and AppLayerParserProtoCtx_::stream_depth.
Referenced by AppLayerIncTxCounter().
| uint64_t AppLayerParserGetTransactionActive | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1098 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, AppLayerParserProtoCtx_::logger, Flow_::protomap, SCEnter, SCReturnCT, and STREAM_TOSERVER.
Referenced by FlowForceReassemblyNeedReassembly().
| uint64_t AppLayerParserGetTransactionInspectId | ( | AppLayerParserState * | pstate, |
| uint8_t | direction | ||
| ) |
Definition at line 745 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, SCEnter, SCReturnCT, and STREAM_TOSERVER.
Referenced by AppLayerParserSetTransactionInspectId(), DetectEngineStateResetTxs(), DetectLuaRegister(), and HttpHeaderGetBufferSpaceForTXID().
| uint64_t AppLayerParserGetTransactionLogId | ( | AppLayerParserState * | pstate | ) |
Definition at line 728 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturnCT.
Referenced by OutputRegisterTxLogger().
| void* AppLayerParserGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 1050 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by AppLayerParserDestroyProtocolParserLocalStorage(), AppLayerParserSetStreamDepthFlag(), DetectEngineStateResetTxs(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectUricontentRegister(), HtpConfigRestoreBackup(), HTPFileClose(), HttpXFFGetIPFromTx(), JsonEmailAddMetadata(), JsonHttpAddMetadata(), JsonHttpLogJSONBodyBase64(), JsonHttpLogJSONBodyPrintable(), JsonNFSAddMetadata(), JsonNFSAddMetadataRPC(), JsonSIPAddMetadata(), JsonSMBAddMetadata(), and JsonSMTPAddMetadata().
| uint64_t AppLayerParserGetTxCnt | ( | const Flow * | , |
| void * | alstate | ||
| ) |
Definition at line 1041 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, Flow_::protomap, SCEnter, and SCReturnCT.
Referenced by AppLayerParserParse(), AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), DetectEngineStateResetTxs(), DetectLuaRegister(), DetectPcrePayloadMatch(), FlowForceReassemblyNeedReassembly(), HttpXFFGetIP(), HttpXFFGetIPFromTx(), and OutputRegisterTxLogger().
| uint64_t AppLayerParserGetTxDetectFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx, | ||
| uint8_t | dir | ||
| ) |
Definition at line 1149 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, flags, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectFlags, SCEnter, and SCReturnUInt.
Referenced by AppLayerParserSetTransactionInspectId(), and AppLayerParserTransactionsCleanup().
| DetectEngineState* AppLayerParserGetTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 1130 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectState, SCEnter, and SCReturnPtr.
Referenced by DetectEngineStateResetTxs(), and DetectRunStoreStateTx().
Definition at line 714 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, Flow_::protomap, SCEnter, SCReturnUInt, and AppLayerParserProtoCtx_::StateGetTxLogged.
Referenced by AppLayerParserTransactionsCleanup(), and OutputRegisterTxLogger().
| bool AppLayerParserHasDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 1315 of file app-layer-parser.c.
References AppLayerParserGetDecoderEvents(), AppLayerDecoderEvents_::cnt, AppLayerParserState_::decoder_events, and SCEnter.
Referenced by SigMatchSignaturesGetSgh().
| int AppLayerParserHasTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate | ||
| ) |
| int AppLayerParserIsTxAware | ( | AppProto | alproto | ) |
simpler way to globally test if a alproto is registered and fully enabled in the configuration.
Definition at line 1333 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, and AppLayerParserProtoCtx_::StateGetProgressCompletionStatus.
Referenced by OutputRegisterTxLogger().
| int AppLayerParserParse | ( | ThreadVars * | tv, |
| AppLayerParserThreadCtx * | tctx, | ||
| Flow * | f, | ||
| AppProto | alproto, | ||
| uint8_t | flags, | ||
| const uint8_t * | input, | ||
| uint32_t | input_len | ||
| ) |
Definition at line 1170 of file app-layer-parser.c.
References Flow_::alparser, Flow_::alproto, AppLayerParserThreadCtx_::alproto_local_storage, Flow_::alstate, APP_LAYER_PARSER_BYPASS_READY, APP_LAYER_PARSER_EOF, APP_LAYER_PARSER_NO_INSPECTION, APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD, APP_LAYER_PARSER_NO_REASSEMBLY, APP_LAYER_PARSER_OPT_ACCEPT_GAPS, AppLayerGetProtoName(), AppLayerIncTxCounter(), AppLayerParserGetTxCnt(), AppLayerParserSetEOF(), AppLayerParserStateAlloc(), AppLayerParserStateSetFlag(), AppLayerParserStreamTruncated(), BUG_ON, AppLayerParserCtx_::ctxs, AppLayerParserState_::flags, Flow_::flags, FLOW_NOPAYLOAD_INSPECTION, FlowGetProtoMapping(), AppLayerParserProtoCtx_::option_flags, AppLayerParserProtoCtx_::Parser, Flow_::proto, Flow_::protoctx, Flow_::protomap, SCEnter, SCLogDebug, SCReturnInt, AppLayerParserProtoCtx_::StateAlloc, STREAM_DEPTH, STREAM_EOF, STREAM_GAP, STREAM_TOCLIENT, STREAM_TOSERVER, StreamTcpDisableAppLayer(), StreamTcpSetDisableRawReassemblyFlag(), StreamTcpSetSessionBypassFlag(), and StreamTcpSetSessionNoReassemblyFlag().
Referenced by AppLayerHandleTCPData(), AppLayerHandleUdp(), AppLayerIncTxCounter(), AppLayerParserRestoreParserTable(), AppLayerParserStreamTruncated(), DetectBypassRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTemplateRustBufferRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FTPParserCleanup(), HtpConfigRestoreBackup(), HTPFileClose(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterModbusParsers(), RegisterSMBParsers(), RegisterSSHParsers(), SMTPParserCleanup(), and SSLJA3IsEnabled().
| void AppLayerParserPostStreamSetup | ( | void | ) |
Definition at line 226 of file app-layer-parser.c.
References ALPROTO_MAX, APP_LAYER_PARSER_INT_STREAM_DEPTH_SET, AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, AppLayerParserProtoCtx_::internal_flags, TcpStreamCnf_::reassembly_depth, stream_config, and AppLayerParserProtoCtx_::stream_depth.
Referenced by PreRunInit().
Definition at line 1355 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger_bits, SCEnter, and SCReturnUInt.
Referenced by AppLayerParserTransactionsCleanup(), and OutputRegisterTxLogger().
| int AppLayerParserProtocolHasLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1347 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger, SCEnter, and SCReturnInt.
Referenced by OutputRegisterTxLogger(), and RunModeInitializeOutputs().
| int AppLayerParserProtocolIsTxEventAware | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1339 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::StateGetEvents.
| int AppLayerParserProtoIsRegistered | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 188 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), and AppLayerParserProtoCtx_::StateAlloc.
Referenced by AppLayerSetupCounters().
| void AppLayerParserRegisterDetectFlagsFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *tx, uint8_t dir) | GetTxDetectFlags, | ||
| void(*)(void *tx, uint8_t dir, uint64_t) | SetTxDetectFlags | ||
| ) |
Definition at line 593 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectFlags, SCEnter, SCReturn, and AppLayerParserProtoCtx_::SetTxDetectFlags.
Referenced by RegisterDNP3Parsers(), RegisterDNSUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), and RegisterSSLParsers().
| void AppLayerParserRegisterDetectStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| DetectEngineState *(*)(void *tx) | GetTxDetectState, | ||
| int(*)(void *tx, DetectEngineState *) | SetTxDetectState | ||
| ) |
Definition at line 581 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectState, SCEnter, SCReturn, and AppLayerParserProtoCtx_::SetTxDetectState.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(const char *event_name, int *event_id, AppLayerEventType *event_type) | StateGetEventInfo | ||
| ) |
Definition at line 569 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), DNSAppLayerRegisterGetEventInfo(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(int event_id, const char **event_name, AppLayerEventType *event_type) | StateGetEventInfoById | ||
| ) |
Definition at line 557 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), DNSAppLayerRegisterGetEventInfoById(), RegisterDNP3Parsers(), RegisterENIPUDPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSLParsers(), and RegisterTemplateParsers().
| void AppLayerParserRegisterGetEventsFunc | ( | uint8_t | ipproto, |
| AppProto | proto, | ||
| AppLayerDecoderEvents * | *)(void *) __attribute__ StateGetEvents((nonnull) | ||
| ) |
| void AppLayerParserRegisterGetFilesFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| FileContainer *(*)(void *, uint8_t) | StateGetFiles | ||
| ) |
Definition at line 429 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::StateGetFiles.
Referenced by AppLayerRegisterParser(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), and RegisterSMTPParsers().
| void AppLayerParserRegisterGetStateProgressCompletionStatus | ( | AppProto | alproto, |
| int(*)(uint8_t direction) | StateGetStateProgressCompletionStatus | ||
| ) |
Definition at line 546 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetStateProgressFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(void *alstate, uint8_t direction) | StateGetStateProgress | ||
| ) |
Definition at line 494 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t(*)(void) | GetStreamDepth | ||
| ) |
| void AppLayerParserRegisterGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | StateGetTx)(void *alstate, uint64_t tx_id | ||
| ) |
Definition at line 527 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetTxCnt | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *alstate) | StateGetTxCnt | ||
| ) |
Definition at line 516 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerParserRestoreParserTable(), AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetTxIterator | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerGetTxIteratorFunc | Func | ||
| ) |
Definition at line 538 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::StateGetTxIterator.
Referenced by AppLayerRegisterParser(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), and RegisterSMBParsers().
| void AppLayerParserRegisterLocalStorageFunc | ( | uint8_t | ipproto, |
| AppProto | proto, | ||
| void *(*)(void) | LocalStorageAlloc, | ||
| void(*)(void *) | LocalStorageFree | ||
| ) |
Definition at line 415 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::LocalStorageAlloc, AppLayerParserProtoCtx_::LocalStorageFree, SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterFTPParsers(), and RegisterSMTPParsers().
| void AppLayerParserRegisterLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 475 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger, SCEnter, and SCReturn.
Referenced by JsonDNSLogAnswer(), JsonNFSAddMetadata(), JsonSIPAddMetadata(), JsonSMBAddMetadata(), JsonTlsLogJSONExtended(), LogHttpLogInitCtx(), and TLSGetIPInformations().
Definition at line 466 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger_bits, SCEnter, and SCReturn.
Referenced by RunModeInitializeOutputs().
| void AppLayerParserRegisterLoggerFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| LoggerId(*)(void *, void *) | StateGetTxLogged, | ||
| void(*)(void *, void *, LoggerId) | StateSetTxLogged | ||
| ) |
Definition at line 451 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, AppLayerParserProtoCtx_::StateGetTxLogged, and AppLayerParserProtoCtx_::StateSetTxLogged.
Referenced by AppLayerRegisterParser(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterMpmIDsFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *tx) | GetTxMpmIDs, | ||
| int(*)(void *tx, uint64_t) | SetTxMpmIDs | ||
| ) |
Definition at line 605 of file app-layer-parser.c.
References AppProtoToString(), SC_WARN_DEPRECATED, SCEnter, SCLogWarning, and SCReturn.
Referenced by AppLayerRegisterParser().
| void AppLayerParserRegisterOptionFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | flags | ||
| ) |
Definition at line 391 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, flags, FlowGetProtoMapping(), AppLayerParserProtoCtx_::option_flags, SCEnter, and SCReturn.
Referenced by RegisterDNSTCPParsers(), RegisterENIPTCPParsers(), RegisterNFSTCPParsers(), and RegisterSMBParsers().
| int AppLayerParserRegisterParser | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction, | ||
| AppLayerParserFPtr | Parser | ||
| ) |
Register app layer parser for the protocol.
| 0 | On success. |
| -1 | On failure. |
Definition at line 368 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and STREAM_TOSERVER.
Referenced by AppLayerParserRestoreParserTable(), AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterParserAcceptableDataDirection | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction | ||
| ) |
Definition at line 380 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, AppLayerParserProtoCtx_::first_data_dir, FlowGetProtoMapping(), SCEnter, SCReturn, STREAM_TOCLIENT, and STREAM_TOSERVER.
Referenced by RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterSSHParsers(), and RegisterSSLParsers().
| void AppLayerParserRegisterProtocolParsers | ( | void | ) |
IMAP
Definition at line 1511 of file app-layer-parser.c.
References ALPROTO_IMAP, AppLayerProtoDetectConfProtoDetectionEnabled(), AppLayerProtoDetectPMRegisterPatternCS(), AppLayerProtoDetectRegisterProtocol(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDHCPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterIKEV2Parsers(), RegisterKRB5Parsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterNTPParsers(), RegisterRdpParsers(), RegisterSIPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSNMPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), RegisterTemplateRustParsers(), RegisterTFTPParsers(), SCEnter, SCLogInfo, and STREAM_TOSERVER.
Referenced by AppLayerSetup().
| void AppLayerParserRegisterProtocolUnittests | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void) | RegisterUnittests | ||
| ) |
Definition at line 2010 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDHCPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterKRB5Parsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterNTPParsers(), RegisterSIPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTemplateRustParsers().
| void AppLayerParserRegisterSetStreamDepthFlag | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *tx, uint8_t flags) | SetStreamDepthFlag | ||
| ) |
Definition at line 615 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::SetStreamDepthFlag.
Referenced by RegisterHTPParsers().
| void AppLayerParserRegisterStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void *(*)(void) | StateAlloc, | ||
| void(*)(void *) | StateFree | ||
| ) |
Definition at line 401 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, AppLayerParserProtoCtx_::StateAlloc, and AppLayerParserProtoCtx_::StateFree.
Referenced by AppLayerParserRestoreParserTable(), AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterTruncateFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint8_t) | Truncate | ||
| ) |
Definition at line 484 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::Truncate.
Referenced by RegisterHTPParsers(), RegisterSMBParsers(), and RegisterSMTPParsers().
| void AppLayerParserRegisterTxFreeFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint64_t) | StateTransactionFree | ||
| ) |
Definition at line 505 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterUnittests | ( | void | ) |
Definition at line 2143 of file app-layer-parser.c.
References ALPROTO_MAX, AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, AppLayerParserProtoCtx_::RegisterUnittests, SCEnter, SCReturn, and UtRegisterTest().
| void AppLayerParserRestoreParserTable | ( | void | ) |
Definition at line 2027 of file app-layer-parser.c.
References Flow_::alproto, ALPROTO_TEST, AppLayerParserBackupParserTable(), AppLayerParserParse(), AppLayerParserRegisterGetTxCnt(), AppLayerParserRegisterParser(), AppLayerParserRegisterStateFuncs(), AppLayerParserRestoreParserTable(), AppLayerParserThreadCtxAlloc(), TcpSession_::flags, FlowGetProtoMapping(), FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, Flow_::proto, Flow_::protoctx, Flow_::protomap, SCEnter, SCReturn, STREAM_EOF, STREAM_TOSERVER, STREAMTCP_FLAG_APP_LAYER_DISABLED, StreamTcpFreeConfig(), StreamTcpInitConfig(), TRUE, UTHBuildFlow(), and UTHFreeFlow().
Referenced by AppLayerParserRestoreParserTable().
| void AppLayerParserSetDecoderEvents | ( | AppLayerParserState * | pstate, |
| AppLayerDecoderEvents * | devents | ||
| ) |
Definition at line 856 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events.
Referenced by AppLayerDecoderEventsSetEvent().
| void AppLayerParserSetEOF | ( | AppLayerParserState * | pstate | ) |
Definition at line 1300 of file app-layer-parser.c.
References APP_LAYER_PARSER_EOF, AppLayerParserStateSetFlag(), SCEnter, and SCReturn.
Referenced by AppLayerParserParse().
| void AppLayerParserSetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | stream_depth | ||
| ) |
Definition at line 1374 of file app-layer-parser.c.
References APP_LAYER_PARSER_INT_STREAM_DEPTH_SET, AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::internal_flags, SCEnter, SCReturn, and AppLayerParserProtoCtx_::stream_depth.
Referenced by RegisterModbusParsers(), and RegisterSMBParsers().
| void AppLayerParserSetStreamDepthFlag | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | state, | ||
| uint64_t | tx_id, | ||
| uint8_t | flags | ||
| ) |
Definition at line 1390 of file app-layer-parser.c.
References AppLayerParserGetTx(), AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::SetStreamDepthFlag.
Referenced by DetectFilestoreRegister().
| void AppLayerParserSetTransactionInspectId | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| void * | alstate, | ||
| const uint8_t | flags, | ||
| bool | tag_txs_as_inspected | ||
| ) |
Definition at line 755 of file app-layer-parser.c.
References Flow_::alproto, APP_LAYER_TX_INSPECTED_FLAG, AppLayerGetTxIterator(), AppLayerParserGetStateProgress(), AppLayerParserGetStateProgressCompletionStatus(), AppLayerParserGetTransactionInspectId(), AppLayerParserGetTxCnt(), AppLayerParserGetTxDetectFlags(), AppLayerParserSetTxDetectFlags(), AppLayerGetTxIterTuple::has_next, AppLayerParserState_::inspect_id, Flow_::proto, SCEnter, SCLogDebug, SCReturn, STREAM_TOSERVER, AppLayerGetTxIterTuple::tx_id, and AppLayerGetTxIterTuple::tx_ptr.
Referenced by DeStateUpdateInspectTransactionId().
| void AppLayerParserSetTransactionLogId | ( | AppLayerParserState * | pstate, |
| uint64_t | tx_id | ||
| ) |
Definition at line 735 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, SCReturn, and tx_id.
Referenced by OutputRegisterTxLogger().
| void AppLayerParserSetTxDetectFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx, | ||
| uint8_t | dir, | ||
| uint64_t | |||
| ) |
Definition at line 1159 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::SetTxDetectFlags.
Referenced by AppLayerParserSetTransactionInspectId().
| int AppLayerParserSetTxDetectState | ( | const Flow * | f, |
| void * | tx, | ||
| DetectEngineState * | s | ||
| ) |
Definition at line 1138 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, AppLayerParserProtoCtx_::GetTxDetectState, Flow_::protomap, SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::SetTxDetectState.
Referenced by DetectRunStoreStateTx().
| void AppLayerParserSetTxLogged | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| void * | tx, | ||
| LoggerId | logged | ||
| ) |
Definition at line 700 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by OutputRegisterTxLogger().
| int AppLayerParserSetup | ( | void | ) |
Definition at line 219 of file app-layer-parser.c.
References SCEnter, and SCReturnInt.
Referenced by AppLayerSetup(), and RegisterAllModules().
| AppLayerParserState* AppLayerParserStateAlloc | ( | void | ) |
Definition at line 195 of file app-layer-parser.c.
References SCEnter, SCMalloc, and SCReturnPtr.
Referenced by AppLayerParserParse(), and HtpConfigRestoreBackup().
| void AppLayerParserStateCleanup | ( | const Flow * | f, |
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1406 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserStateFree(), AppProtoToString(), AppLayerParserCtx_::ctxs, AppLayerParserProtoCtx_::first_data_dir, FLOW_PROTO_DEFAULT, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectState, AppLayerParserProtoCtx_::LocalStorageAlloc, AppLayerParserProtoCtx_::LocalStorageFree, AppLayerParserProtoCtx_::option_flags, AppLayerParserProtoCtx_::Parser, Flow_::protomap, SCEnter, SCReturn, AppLayerParserProtoCtx_::SetTxDetectState, AppLayerParserProtoCtx_::StateAlloc, AppLayerParserProtoCtx_::StateFree, AppLayerParserProtoCtx_::StateGetEventInfo, AppLayerParserProtoCtx_::StateGetEventInfoById, AppLayerParserProtoCtx_::StateGetEvents, AppLayerParserProtoCtx_::StateGetProgress, AppLayerParserProtoCtx_::StateGetProgressCompletionStatus, AppLayerParserProtoCtx_::StateGetTx, AppLayerParserProtoCtx_::StateGetTxCnt, AppLayerParserProtoCtx_::StateGetTxLogged, AppLayerParserProtoCtx_::StateSetTxLogged, and AppLayerParserProtoCtx_::StateTransactionFree.
Referenced by AppLayerProtoDetectReset(), and FlowCleanupAppLayer().
| void AppLayerParserStateFree | ( | AppLayerParserState * | pstate | ) |
Definition at line 208 of file app-layer-parser.c.
References AppLayerDecoderEventsFreeEvents(), AppLayerParserState_::decoder_events, SCEnter, SCFree, and SCReturn.
Referenced by AppLayerParserStateCleanup().
| int AppLayerParserStateIssetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1568 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturnInt.
Referenced by DCERPCParser(), OutputRegisterTxLogger(), RegisterSSHParsers(), SMTPProcessDataChunk(), and SSLVersionToString().
| void AppLayerParserStateSetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1561 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturn.
Referenced by AppLayerParserParse(), AppLayerParserSetEOF(), and SSLVersionToString().
| void AppLayerParserStreamTruncated | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1575 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), BUG_ON, AppLayerParserCtx_::ctxs, AppLayerParserState_::decoder_events, Flow_::dp, Flow_::dst, flags, Flow_::flags, FLOW_INITIALIZE, FLOW_IPV4, FlowFree(), FlowGetProtoMapping(), AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, Flow_::proto, Flow_::protoctx, Flow_::protomap, SCCalloc, SCEnter, SCLogDebug, SCReturn, Flow_::sp, Flow_::src, STREAM_EOF, STREAM_START, STREAM_TOCLIENT, STREAM_TOSERVER, and AppLayerParserProtoCtx_::Truncate.
Referenced by AppLayerParserParse().
| int AppLayerParserSupportsFiles | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1116 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FALSE, FlowGetProtoMapping(), and TRUE.
Referenced by SigMatchList2DataArray().
| int AppLayerParserSupportsTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1123 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FALSE, FlowGetProtoMapping(), and TRUE.
| AppLayerParserThreadCtx* AppLayerParserThreadCtxAlloc | ( | void | ) |
Gets a new app layer protocol's parser thread context.
| Non-NULL | pointer on success. NULL pointer on failure. |
Definition at line 253 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserGetProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCMalloc, and SCReturnPtr.
Referenced by AppLayerGetCtxThread(), AppLayerParserRestoreParserTable(), AppLayerParserStreamTruncated(), DetectBypassRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTemplateRustBufferRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FTPParserCleanup(), HtpConfigRestoreBackup(), HTPFileClose(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterModbusParsers(), RegisterSMBParsers(), RegisterSSHParsers(), SMTPParserCleanup(), and SSLJA3IsEnabled().
| void AppLayerParserThreadCtxFree | ( | AppLayerParserThreadCtx * | tctx | ) |
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
| tctx | Pointer to the thread context to be destroyed. |
Definition at line 279 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserDestroyProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCFree, and SCReturn.
Referenced by AppLayerDestroyCtxThread(), AppLayerParserStreamTruncated(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTemplateRustBufferRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FTPParserCleanup(), HtpConfigRestoreBackup(), HTPFileClose(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterModbusParsers(), RegisterSMBParsers(), RegisterSSHParsers(), SMTPParserCleanup(), and SSLJA3IsEnabled().
| void AppLayerParserTransactionsCleanup | ( | Flow * | f | ) |
remove obsolete (inspected and logged) transactions
Definition at line 898 of file app-layer-parser.c.
References Flow_::alparser, Flow_::alproto, Flow_::alstate, APP_LAYER_TX_INSPECTED_FLAG, AppLayerGetTxIterator(), AppLayerParserGetStateProgress(), AppLayerParserGetStateProgressCompletionStatus(), AppLayerParserGetTxCnt(), AppLayerParserGetTxDetectFlags(), AppLayerParserGetTxLogged(), AppLayerParserProtocolGetLoggerBits(), AppLayerParserCtx_::ctxs, DEBUG_ASSERT_FLOW_LOCKED, AppLayerGetTxIterTuple::has_next, AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, MAX, AppLayerParserState_::min_id, next, Flow_::proto, Flow_::protomap, SCEnter, SCLogDebug, SCReturn, Flow_::sgh_toclient, Flow_::sgh_toserver, AppLayerParserProtoCtx_::StateTransactionFree, STREAM_TOCLIENT, STREAM_TOSERVER, AppLayerGetTxIterTuple::tx_id, AppLayerGetTxIterTuple::tx_ptr, and unlikely.
Referenced by HtpConfigRestoreBackup(), and RegisterSMBParsers().
| void AppLayerParserTriggerRawStreamReassembly | ( | Flow * | f, |
| int | direction | ||
| ) |
Definition at line 1363 of file app-layer-parser.c.
References Flow_::protoctx, SCEnter, SCLogDebug, SCReturn, and StreamTcpReassembleTriggerRawReassembly().
Referenced by HTPFreeConfig(), SMTPProcessDataChunk(), and SSLVersionToString().
| void UTHAppLayerParserStateGetIds | ( | void * | ptr, |
| uint64_t * | i1, | ||
| uint64_t * | i2, | ||
| uint64_t * | log, | ||
| uint64_t * | min | ||
| ) |
Definition at line 174 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and AppLayerParserState_::min_id.
Referenced by HtpConfigRestoreBackup(), and RegisterSMBParsers().
1.8.11