#include "app-layer-events.h"#include "detect-engine-state.h"#include "util-file.h"#include "stream-tcp-private.h"#include "rust.h"#include "util-config.h"
Go to the source code of this file.
Data Structures | |
| struct | AppLayerGetTxIterState |
Macros | |
| #define | APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1) |
| #define | APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2) |
| #define | APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3) |
| #define | APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) |
| #define | APP_LAYER_PARSER_EOF_TS BIT_U8(5) |
| #define | APP_LAYER_PARSER_EOF_TC BIT_U8(6) |
| #define | APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) |
| #define | APP_LAYER_PARSER_OPT_UNIDIR_TXS BIT_U32(1) |
| #define | APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) |
| #define | APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63) |
| #define | APP_LAYER_TX_PREFILTER_MASK ~APP_LAYER_TX_INSPECTED_FLAG |
| #define | APP_LAYER_OK (AppLayerResult) { 0, 0, 0 } |
| #define | APP_LAYER_ERROR (AppLayerResult) { -1, 0, 0 } |
| #define | APP_LAYER_INCOMPLETE(c, n) (AppLayerResult) { 1, (c), (n) } |
Typedefs | |
| typedef struct AppLayerParserThreadCtx_ | AppLayerParserThreadCtx |
| typedef AppLayerResult(* | AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, const uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags) |
| Prototype for parsing functions. More... | |
| typedef struct AppLayerGetTxIterState | AppLayerGetTxIterState |
| typedef AppLayerGetTxIterTuple(* | AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
| tx iterator prototype More... | |
Functions | |
| int | AppLayerParserProtoIsRegistered (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSetup (void) |
| void | AppLayerParserPostStreamSetup (void) |
| int | AppLayerParserDeSetup (void) |
| AppLayerParserThreadCtx * | AppLayerParserThreadCtxAlloc (void) |
| Gets a new app layer protocol's parser thread context. More... | |
| void | AppLayerParserThreadCtxFree (AppLayerParserThreadCtx *tctx) |
| Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc(). More... | |
| int | AppLayerParserConfParserEnabled (const char *ipproto, const char *alproto_name) |
| Given a protocol name, checks if the parser is enabled in the conf file. More... | |
| int | AppLayerParserRegisterParser (uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser) |
| Register app layer parser for the protocol. More... | |
| void | AppLayerParserRegisterParserAcceptableDataDirection (uint8_t ipproto, AppProto alproto, uint8_t direction) |
| void | AppLayerParserRegisterOptionFlags (uint8_t ipproto, AppProto alproto, uint32_t flags) |
| void | AppLayerParserRegisterStateFuncs (uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *)) |
| void | AppLayerParserRegisterLocalStorageFunc (uint8_t ipproto, AppProto proto, void *(*LocalStorageAlloc)(void), void(*LocalStorageFree)(void *)) |
| void | AppLayerParserRegisterGetFilesFunc (uint8_t ipproto, AppProto alproto, FileContainer *(*StateGetFiles)(void *, uint8_t)) |
| void | AppLayerParserRegisterGetEventsFunc (uint8_t ipproto, AppProto proto, AppLayerDecoderEvents *(*StateGetEvents)(void *) __attribute__((nonnull))) |
| void | AppLayerParserRegisterLoggerFuncs (uint8_t ipproto, AppProto alproto, LoggerId(*StateGetTxLogged)(void *, void *), void(*StateSetTxLogged)(void *, void *, LoggerId)) |
| void | AppLayerParserRegisterLogger (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserRegisterLoggerBits (uint8_t ipproto, AppProto alproto, LoggerId bits) |
| void | AppLayerParserRegisterTruncateFunc (uint8_t ipproto, AppProto alproto, void(*Truncate)(void *, uint8_t)) |
| void | AppLayerParserRegisterGetStateProgressFunc (uint8_t ipproto, AppProto alproto, int(*StateGetStateProgress)(void *alstate, uint8_t direction)) |
| void | AppLayerParserRegisterTxFreeFunc (uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t)) |
| void | AppLayerParserRegisterGetTxCnt (uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate)) |
| void | AppLayerParserRegisterGetTx (uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id)) |
| void | AppLayerParserRegisterGetTxIterator (uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func) |
| void | AppLayerParserRegisterStateProgressCompletionStatus (AppProto alproto, const int ts, const int tc) |
| void | AppLayerParserRegisterGetEventInfo (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterGetEventInfoById (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterDetectStateFuncs (uint8_t ipproto, AppProto alproto, DetectEngineState *(*GetTxDetectState)(void *tx), int(*SetTxDetectState)(void *tx, DetectEngineState *)) |
| void | AppLayerParserRegisterGetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t(*GetStreamDepth)(void)) |
| void | AppLayerParserRegisterSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void(*SetStreamDepthFlag)(void *tx, uint8_t flags)) |
| void | AppLayerParserRegisterTxDataFunc (uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx)) |
| void | AppLayerParserRegisterApplyTxConfigFunc (uint8_t ipproto, AppProto alproto, bool(*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig)) |
| uint32_t | AppLayerParserGetOptionFlags (uint8_t protomap, AppProto alproto) |
| AppLayerGetTxIteratorFunc | AppLayerGetTxIterator (const uint8_t ipproto, const AppProto alproto) |
| void * | AppLayerParserGetProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserDestroyProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto, void *local_data) |
| uint64_t | AppLayerParserGetTransactionLogId (AppLayerParserState *pstate) |
| void | AppLayerParserSetTransactionLogId (AppLayerParserState *pstate, uint64_t tx_id) |
| uint64_t | AppLayerParserGetTransactionInspectId (AppLayerParserState *pstate, uint8_t direction) |
| void | AppLayerParserSetTransactionInspectId (const Flow *f, AppLayerParserState *pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected) |
| AppLayerDecoderEvents * | AppLayerParserGetDecoderEvents (AppLayerParserState *pstate) |
| void | AppLayerParserSetDecoderEvents (AppLayerParserState *pstate, AppLayerDecoderEvents *devents) |
| AppLayerDecoderEvents * | AppLayerParserGetEventsByTx (uint8_t ipproto, AppProto alproto, void *tx) |
| FileContainer * | AppLayerParserGetFiles (const Flow *f, const uint8_t direction) |
| int | AppLayerParserGetStateProgress (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| get the progress value for a tx/protocol More... | |
| uint64_t | AppLayerParserGetTxCnt (const Flow *, void *alstate) |
| void * | AppLayerParserGetTx (uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id) |
| int | AppLayerParserGetStateProgressCompletionStatus (AppProto alproto, uint8_t direction) |
| int | AppLayerParserGetEventInfo (uint8_t ipproto, AppProto alproto, const char *event_name, int *event_id, AppLayerEventType *event_type) |
| int | AppLayerParserGetEventInfoById (uint8_t ipproto, AppProto alproto, int event_id, const char **event_name, AppLayerEventType *event_type) |
| uint64_t | AppLayerParserGetTransactionActive (const Flow *f, AppLayerParserState *pstate, uint8_t direction) |
| uint8_t | AppLayerParserGetFirstDataDir (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSupportsFiles (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSupportsTxDetectState (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserHasTxDetectState (uint8_t ipproto, AppProto alproto, void *alstate) |
| DetectEngineState * | AppLayerParserGetTxDetectState (uint8_t ipproto, AppProto alproto, void *tx) |
| int | AppLayerParserSetTxDetectState (const Flow *f, void *tx, DetectEngineState *s) |
| bool | AppLayerParserSupportsTxDetectFlags (AppProto alproto) |
| AppLayerTxData * | AppLayerParserGetTxData (uint8_t ipproto, AppProto alproto, void *tx) |
| void | AppLayerParserApplyTxConfig (uint8_t ipproto, AppProto alproto, void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig) |
| int | AppLayerParserParse (ThreadVars *tv, AppLayerParserThreadCtx *tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len) |
| void | AppLayerParserSetEOF (AppLayerParserState *pstate) |
| bool | AppLayerParserHasDecoderEvents (AppLayerParserState *pstate) |
| int | AppLayerParserProtocolIsTxEventAware (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserProtocolHasLogger (uint8_t ipproto, AppProto alproto) |
| LoggerId | AppLayerParserProtocolGetLoggerBits (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserTriggerRawStreamReassembly (Flow *f, int direction) |
| void | AppLayerParserSetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t stream_depth) |
| uint32_t | AppLayerParserGetStreamDepth (const Flow *f) |
| void | AppLayerParserSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags) |
| int | AppLayerParserIsEnabled (AppProto alproto) |
| simple way to globally test if a alproto is registered and fully enabled in the configuration. More... | |
| void | AppLayerParserStateProtoCleanup (uint8_t protomap, AppProto alproto, void *alstate, AppLayerParserState *pstate) |
| void | AppLayerParserStateCleanup (const Flow *f, void *alstate, AppLayerParserState *pstate) |
| void | AppLayerParserRegisterProtocolParsers (void) |
| void | AppLayerParserStateSetFlag (AppLayerParserState *pstate, uint8_t flag) |
| int | AppLayerParserStateIssetFlag (AppLayerParserState *pstate, uint8_t flag) |
| void | AppLayerParserStreamTruncated (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| AppLayerParserState * | AppLayerParserStateAlloc (void) |
| void | AppLayerParserStateFree (AppLayerParserState *pstate) |
| void | AppLayerParserTransactionsCleanup (Flow *f) |
| remove obsolete (inspected and logged) transactions More... | |
| void | AppLayerParserRegisterProtocolUnittests (uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void)) |
| void | AppLayerParserRegisterUnittests (void) |
| void | AppLayerParserBackupParserTable (void) |
| void | AppLayerParserRestoreParserTable (void) |
| void | UTHAppLayerParserStateGetIds (void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min) |
Detailed Description
Definition in file app-layer-parser.h.
Macro Definition Documentation
◆ APP_LAYER_ERROR
| #define APP_LAYER_ERROR (AppLayerResult) { -1, 0, 0 } |
parser has hit an unrecoverable error. Returning this to the API leads to no further calls to the parser.
Definition at line 65 of file app-layer-parser.h.
◆ APP_LAYER_INCOMPLETE
| #define APP_LAYER_INCOMPLETE | ( | c, | |
| n | |||
| ) | (AppLayerResult) { 1, (c), (n) } |
parser needs more data. Through 'c' it will indicate how many of the input bytes it has consumed. Through 'n' it will indicate how many more bytes it needs before getting called again.
- Note
- consumed (c) should never be more than the input len needed (n) + consumed (c) should be more than the input len
Definition at line 73 of file app-layer-parser.h.
◆ APP_LAYER_OK
| #define APP_LAYER_OK (AppLayerResult) { 0, 0, 0 } |
parser has successfully processed in the input, and has consumed all of it.
Definition at line 61 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_BYPASS_READY
| #define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) |
Definition at line 41 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_EOF_TC
| #define APP_LAYER_PARSER_EOF_TC BIT_U8(6) |
Definition at line 43 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_EOF_TS
| #define APP_LAYER_PARSER_EOF_TS BIT_U8(5) |
Definition at line 42 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_INT_STREAM_DEPTH_SET
| #define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) |
Definition at line 49 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_NO_INSPECTION
| #define APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1) |
Definition at line 38 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
| #define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3) |
Definition at line 40 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_NO_REASSEMBLY
| #define APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2) |
Definition at line 39 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_OPT_ACCEPT_GAPS
| #define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) |
Definition at line 46 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_OPT_UNIDIR_TXS
| #define APP_LAYER_PARSER_OPT_UNIDIR_TXS BIT_U32(1) |
Definition at line 47 of file app-layer-parser.h.
◆ APP_LAYER_TX_INSPECTED_FLAG
| #define APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63) |
is tx fully inspected?
Definition at line 54 of file app-layer-parser.h.
◆ APP_LAYER_TX_PREFILTER_MASK
| #define APP_LAYER_TX_PREFILTER_MASK ~APP_LAYER_TX_INSPECTED_FLAG |
other 63 bits are for tracking which prefilter engine is already completely inspected
Definition at line 57 of file app-layer-parser.h.
Typedef Documentation
◆ AppLayerGetTxIteratorFunc
| typedef AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
tx iterator prototype
Definition at line 126 of file app-layer-parser.h.
◆ AppLayerGetTxIterState
| typedef struct AppLayerGetTxIterState AppLayerGetTxIterState |
◆ AppLayerParserFPtr
| typedef AppLayerResult(* AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, const uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags) |
Prototype for parsing functions.
Definition at line 113 of file app-layer-parser.h.
◆ AppLayerParserThreadCtx
| typedef struct AppLayerParserThreadCtx_ AppLayerParserThreadCtx |
Definition at line 80 of file app-layer-parser.h.
Function Documentation
◆ AppLayerGetTxIterator()
| AppLayerGetTxIteratorFunc AppLayerGetTxIterator | ( | const uint8_t | ipproto, |
| const AppProto | alproto | ||
| ) |
Definition at line 676 of file app-layer-parser.c.
Referenced by AppLayerParserSetTransactionInspectId().
◆ AppLayerParserApplyTxConfig()
| void AppLayerParserApplyTxConfig | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | state, | ||
| void * | tx, | ||
| enum ConfigAction | mode, | ||
| AppLayerTxConfig | |||
| ) |
Definition at line 1200 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserBackupParserTable()
| void AppLayerParserBackupParserTable | ( | void | ) |
Definition at line 1779 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserConfParserEnabled()
| int AppLayerParserConfParserEnabled | ( | const char * | ipproto, |
| const char * | alproto_name | ||
| ) |
Given a protocol name, checks if the parser is enabled in the conf file.
- Parameters
-
alproto_name Name of the app layer protocol.
- Return values
-
1 If enabled. 0 If disabled.
Given a protocol name, checks if the parser is enabled in the conf file.
Definition at line 302 of file app-layer-parser.c.
References ConfGetNode(), ConfValIsFalse(), ConfValIsTrue(), FatalError, RunmodeIsUnittests(), SC_ERR_FATAL, SCEnter, SCLogDebug, SCLogError, SCReturnInt, and ConfNode_::val.
Referenced by HTPFreeConfig(), and RegisterMQTTParsers().
◆ AppLayerParserDeSetup()
| int AppLayerParserDeSetup | ( | void | ) |
Definition at line 243 of file app-layer-parser.c.
References FTPParserCleanup(), SCEnter, SCReturnInt, and SMTPParserCleanup().
Referenced by AppLayerDeSetup().
◆ AppLayerParserDestroyProtocolParserLocalStorage()
| void AppLayerParserDestroyProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | local_data | ||
| ) |
Definition at line 626 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserThreadCtxFree().
◆ AppLayerParserGetDecoderEvents()
| AppLayerDecoderEvents* AppLayerParserGetDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 833 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events, SCEnter, and SCReturnPtr.
Referenced by AppLayerDecoderEventsSetEvent(), and AppLayerParserHasDecoderEvents().
◆ AppLayerParserGetEventInfo()
| int AppLayerParserGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const char * | event_name, | ||
| int * | event_id, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1093 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserGetEventInfoById()
| int AppLayerParserGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int | event_id, | ||
| const char ** | event_name, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1103 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserGetEventsByTx()
| AppLayerDecoderEvents* AppLayerParserGetEventsByTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 846 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserGetFiles()
| FileContainer* AppLayerParserGetFiles | ( | const Flow * | f, |
| const uint8_t | direction | ||
| ) |
Definition at line 863 of file app-layer-parser.c.
References SCEnter.
Referenced by DetectFileInspectGeneric(), and FileDisableStoringForTransaction().
◆ AppLayerParserGetFirstDataDir()
| uint8_t AppLayerParserGetFirstDataDir | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1114 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserGetOptionFlags()
| uint32_t AppLayerParserGetOptionFlags | ( | uint8_t | protomap, |
| AppProto | alproto | ||
| ) |
Definition at line 393 of file app-layer-parser.c.
References SCEnter, and SCReturnUInt.
◆ AppLayerParserGetProtocolParserLocalStorage()
| void* AppLayerParserGetProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 611 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserThreadCtxAlloc().
◆ AppLayerParserGetStateProgress()
| int AppLayerParserGetStateProgress | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | flags | ||
| ) |
get the progress value for a tx/protocol
If the stream is disrupted, we return the 'completion' value.
Definition at line 1053 of file app-layer-parser.c.
References flags, IS_DISRUPTED, SCEnter, and unlikely.
Referenced by AppLayerParserSetTransactionInspectId(), and DetectEngineInspectBufferGeneric().
◆ AppLayerParserGetStateProgressCompletionStatus()
| int AppLayerParserGetStateProgressCompletionStatus | ( | AppProto | alproto, |
| uint8_t | direction | ||
| ) |
Definition at line 1085 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetTransactionInspectId(), and OutputRegisterTxLogger().
◆ AppLayerParserGetStreamDepth()
| uint32_t AppLayerParserGetStreamDepth | ( | const Flow * | f | ) |
Definition at line 1483 of file app-layer-parser.c.
References SCReturnInt.
◆ AppLayerParserGetTransactionActive()
| uint64_t AppLayerParserGetTransactionActive | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1123 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, SCEnter, and STREAM_TOSERVER.
Referenced by FlowForceReassemblyNeedReassembly().
◆ AppLayerParserGetTransactionInspectId()
| uint64_t AppLayerParserGetTransactionInspectId | ( | AppLayerParserState * | pstate, |
| uint8_t | direction | ||
| ) |
Definition at line 701 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, SCEnter, SCReturnCT, and STREAM_TOSERVER.
Referenced by AppLayerParserSetTransactionInspectId().
◆ AppLayerParserGetTransactionLogId()
| uint64_t AppLayerParserGetTransactionLogId | ( | AppLayerParserState * | pstate | ) |
Definition at line 684 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturnCT.
◆ AppLayerParserGetTx()
| void* AppLayerParserGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 1076 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetStreamDepthFlag(), EveEmailAddMetadata(), EveHTTP2AddMetadata(), EveHttpAddMetadata(), EveHttpLogJSONBodyBase64(), EveHttpLogJSONBodyPrintable(), EveIKEAddMetadata(), EveNFSAddMetadata(), EveNFSAddMetadataRPC(), EveSMBAddMetadata(), EveSMTPAddMetadata(), HttpXFFGetIPFromTx(), JsonMQTTAddMetadata(), JsonRFBAddMetadata(), and JsonSIPAddMetadata().
◆ AppLayerParserGetTxCnt()
| uint64_t AppLayerParserGetTxCnt | ( | const Flow * | , |
| void * | alstate | ||
| ) |
Definition at line 1067 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetTransactionInspectId(), FlowForceReassemblyNeedReassembly(), HttpXFFGetIP(), and HttpXFFGetIPFromTx().
◆ AppLayerParserGetTxData()
| AppLayerTxData* AppLayerParserGetTxData | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 1190 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetTransactionInspectId().
◆ AppLayerParserGetTxDetectState()
| DetectEngineState* AppLayerParserGetTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 1160 of file app-layer-parser.c.
References SCEnter.
Referenced by DetectRunStoreStateTx().
◆ AppLayerParserHasDecoderEvents()
| bool AppLayerParserHasDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 1409 of file app-layer-parser.c.
References AppLayerParserGetDecoderEvents(), AppLayerDecoderEvents_::cnt, AppLayerParserState_::decoder_events, and SCEnter.
◆ AppLayerParserHasTxDetectState()
| int AppLayerParserHasTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate | ||
| ) |
◆ AppLayerParserIsEnabled()
| int AppLayerParserIsEnabled | ( | AppProto | alproto | ) |
simple way to globally test if a alproto is registered and fully enabled in the configuration.
Definition at line 1427 of file app-layer-parser.c.
References FLOW_PROTO_APPLAYER_MAX.
Referenced by OutputRegisterTxLogger().
◆ AppLayerParserParse()
| int AppLayerParserParse | ( | ThreadVars * | tv, |
| AppLayerParserThreadCtx * | alp_tctx, | ||
| Flow * | f, | ||
| AppProto | alproto, | ||
| uint8_t | flags, | ||
| const uint8_t * | input, | ||
| uint32_t | input_len | ||
| ) |
- Return values
-
int -1 in case of unrecoverable error. App-layer tracking stops for this flow. int 0 ok: we did not update app_progress int 1 ok: we updated app_progress
Definition at line 1226 of file app-layer-parser.c.
References Flow_::alparser, BUG_ON, FlowGetProtoMapping(), Flow_::proto, Flow_::protomap, and SCEnter.
Referenced by AppLayerHandleTCPData(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserPostStreamSetup()
| void AppLayerParserPostStreamSetup | ( | void | ) |
Definition at line 226 of file app-layer-parser.c.
References ALPROTO_MAX, and FLOW_PROTO_DEFAULT.
Referenced by PreRunInit().
◆ AppLayerParserProtocolGetLoggerBits()
Definition at line 1453 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserProtocolHasLogger()
| int AppLayerParserProtocolHasLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1445 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserProtocolIsTxEventAware()
| int AppLayerParserProtocolIsTxEventAware | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1437 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserProtoIsRegistered()
| int AppLayerParserProtoIsRegistered | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 188 of file app-layer-parser.c.
References FlowGetProtoMapping().
◆ AppLayerParserRegisterApplyTxConfigFunc()
| void AppLayerParserRegisterApplyTxConfigFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| bool(*)(void *state, void *tx, int mode, AppLayerTxConfig) | ApplyTxConfig | ||
| ) |
Definition at line 589 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterDetectStateFuncs()
| void AppLayerParserRegisterDetectStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| DetectEngineState *(*)(void *tx) | GetTxDetectState, | ||
| int(*)(void *tx, DetectEngineState *) | SetTxDetectState | ||
| ) |
Definition at line 567 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetEventInfo()
| void AppLayerParserRegisterGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(const char *event_name, int *event_id, AppLayerEventType *event_type) | StateGetEventInfo | ||
| ) |
Definition at line 555 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetEventInfoById()
| void AppLayerParserRegisterGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(int event_id, const char **event_name, AppLayerEventType *event_type) | StateGetEventInfoById | ||
| ) |
Definition at line 543 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetEventsFunc()
| void AppLayerParserRegisterGetEventsFunc | ( | uint8_t | ipproto, |
| AppProto | proto, | ||
| AppLayerDecoderEvents * | *)(void *) __attribute__ StateGetEvents((nonnull) | ||
| ) |
◆ AppLayerParserRegisterGetFilesFunc()
| void AppLayerParserRegisterGetFilesFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| FileContainer *(*)(void *, uint8_t) | StateGetFiles | ||
| ) |
Definition at line 426 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetStateProgressFunc()
| void AppLayerParserRegisterGetStateProgressFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(void *alstate, uint8_t direction) | StateGetStateProgress | ||
| ) |
Definition at line 476 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetStreamDepth()
| void AppLayerParserRegisterGetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t(*)(void) | GetStreamDepth | ||
| ) |
◆ AppLayerParserRegisterGetTx()
| void AppLayerParserRegisterGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | StateGetTx)(void *alstate, uint64_t tx_id | ||
| ) |
Definition at line 509 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTxCnt()
| void AppLayerParserRegisterGetTxCnt | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *alstate) | StateGetTxCnt | ||
| ) |
Definition at line 498 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTxIterator()
| void AppLayerParserRegisterGetTxIterator | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerGetTxIteratorFunc | Func | ||
| ) |
Definition at line 520 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLocalStorageFunc()
| void AppLayerParserRegisterLocalStorageFunc | ( | uint8_t | ipproto, |
| AppProto | proto, | ||
| void *(*)(void) | LocalStorageAlloc, | ||
| void(*)(void *) | LocalStorageFree | ||
| ) |
Definition at line 412 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLogger()
| void AppLayerParserRegisterLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 457 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLoggerBits()
Definition at line 448 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLoggerFuncs()
| void AppLayerParserRegisterLoggerFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| LoggerId(*)(void *, void *) | StateGetTxLogged, | ||
| void(*)(void *, void *, LoggerId) | StateSetTxLogged | ||
| ) |
◆ AppLayerParserRegisterOptionFlags()
| void AppLayerParserRegisterOptionFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | flags | ||
| ) |
Definition at line 383 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterParser()
| int AppLayerParserRegisterParser | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction, | ||
| AppLayerParserFPtr | Parser | ||
| ) |
Register app layer parser for the protocol.
- Return values
-
0 On success. -1 On failure.
Definition at line 360 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterParserAcceptableDataDirection()
| void AppLayerParserRegisterParserAcceptableDataDirection | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction | ||
| ) |
Definition at line 372 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterProtocolParsers()
| void AppLayerParserRegisterProtocolParsers | ( | void | ) |
IMAP
Definition at line 1610 of file app-layer-parser.c.
References ALPROTO_IMAP, AppLayerProtoDetectConfProtoDetectionEnabled(), AppLayerProtoDetectPMRegisterPatternCS(), AppLayerProtoDetectRegisterProtocol(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterHTTP2Parsers(), RegisterIKEParsers(), RegisterKRB5Parsers(), RegisterModbusParsers(), RegisterMQTTParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterNTPParsers(), RegisterRdpParsers(), RegisterRFBParsers(), RegisterSIPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSNMPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), RegisterTemplateRustParsers(), RegisterTFTPParsers(), SCEnter, SCLogInfo, and STREAM_TOSERVER.
Referenced by AppLayerSetup(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserRegisterProtocolUnittests()
| void AppLayerParserRegisterProtocolUnittests | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void) | RegisterUnittests | ||
| ) |
Definition at line 1770 of file app-layer-parser.c.
Referenced by RegisterIKEParsers(), RegisterKRB5Parsers(), RegisterMQTTParsers(), RegisterNTPParsers(), and RegisterTemplateRustParsers().
◆ AppLayerParserRegisterSetStreamDepthFlag()
| void AppLayerParserRegisterSetStreamDepthFlag | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *tx, uint8_t flags) | SetStreamDepthFlag | ||
| ) |
Definition at line 599 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterStateFuncs()
| void AppLayerParserRegisterStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void *(*)(void *, AppProto) | StateAlloc, | ||
| void(*)(void *) | StateFree | ||
| ) |
Definition at line 399 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterStateProgressCompletionStatus()
| void AppLayerParserRegisterStateProgressCompletionStatus | ( | AppProto | alproto, |
| const int | ts, | ||
| const int | tc | ||
| ) |
Definition at line 528 of file app-layer-parser.c.
◆ AppLayerParserRegisterTruncateFunc()
| void AppLayerParserRegisterTruncateFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint8_t) | Truncate | ||
| ) |
Definition at line 466 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterTxDataFunc()
| void AppLayerParserRegisterTxDataFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerTxData *(*)(void *tx) | GetTxData | ||
| ) |
Definition at line 579 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterTxFreeFunc()
| void AppLayerParserRegisterTxFreeFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint64_t) | StateTransactionFree | ||
| ) |
Definition at line 487 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterUnittests()
| void AppLayerParserRegisterUnittests | ( | void | ) |
Definition at line 1883 of file app-layer-parser.c.
References ALPROTO_MAX, FLOW_PROTO_DEFAULT, and SCEnter.
◆ AppLayerParserRestoreParserTable()
| void AppLayerParserRestoreParserTable | ( | void | ) |
Definition at line 1787 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserSetDecoderEvents()
| void AppLayerParserSetDecoderEvents | ( | AppLayerParserState * | pstate, |
| AppLayerDecoderEvents * | devents | ||
| ) |
Definition at line 841 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events.
Referenced by AppLayerDecoderEventsSetEvent().
◆ AppLayerParserSetEOF()
| void AppLayerParserSetEOF | ( | AppLayerParserState * | pstate | ) |
Definition at line 1393 of file app-layer-parser.c.
References APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS, AppLayerParserStateSetFlag(), SCEnter, SCLogDebug, and SCReturn.
◆ AppLayerParserSetStreamDepth()
| void AppLayerParserSetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | stream_depth | ||
| ) |
Definition at line 1472 of file app-layer-parser.c.
◆ AppLayerParserSetStreamDepthFlag()
| void AppLayerParserSetStreamDepthFlag | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | state, | ||
| uint64_t | tx_id, | ||
| uint8_t | flags | ||
| ) |
Definition at line 1488 of file app-layer-parser.c.
References AppLayerParserGetTx(), and SCEnter.
◆ AppLayerParserSetTransactionInspectId()
| void AppLayerParserSetTransactionInspectId | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| void * | alstate, | ||
| const uint8_t | flags, | ||
| bool | tag_txs_as_inspected | ||
| ) |
Definition at line 732 of file app-layer-parser.c.
References Flow_::alproto, AppLayerGetTxIterator(), AppLayerParserGetStateProgress(), AppLayerParserGetStateProgressCompletionStatus(), AppLayerParserGetTransactionInspectId(), AppLayerParserGetTxCnt(), AppLayerParserGetTxData(), flags, Flow_::proto, SCEnter, SCLogDebug, and STREAM_TOSERVER.
Referenced by DeStateUpdateInspectTransactionId().
◆ AppLayerParserSetTransactionLogId()
| void AppLayerParserSetTransactionLogId | ( | AppLayerParserState * | pstate, |
| uint64_t | tx_id | ||
| ) |
Definition at line 691 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturn.
◆ AppLayerParserSetTxDetectState()
| int AppLayerParserSetTxDetectState | ( | const Flow * | f, |
| void * | tx, | ||
| DetectEngineState * | s | ||
| ) |
Definition at line 1168 of file app-layer-parser.c.
References SCEnter.
Referenced by DetectRunStoreStateTx().
◆ AppLayerParserSetup()
| int AppLayerParserSetup | ( | void | ) |
Definition at line 219 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerSetup(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserStateAlloc()
| AppLayerParserState* AppLayerParserStateAlloc | ( | void | ) |
Definition at line 195 of file app-layer-parser.c.
References SCEnter, SCMalloc, and SCReturnPtr.
◆ AppLayerParserStateCleanup()
| void AppLayerParserStateCleanup | ( | const Flow * | f, |
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1521 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserStateProtoCleanup(), and Flow_::protomap.
Referenced by FlowCleanupAppLayer().
◆ AppLayerParserStateFree()
| void AppLayerParserStateFree | ( | AppLayerParserState * | pstate | ) |
Definition at line 208 of file app-layer-parser.c.
References AppLayerDecoderEventsFreeEvents(), AppLayerParserState_::decoder_events, SCEnter, SCFree, and SCReturn.
◆ AppLayerParserStateIssetFlag()
| int AppLayerParserStateIssetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1672 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturnInt.
Referenced by LLVMFuzzerTestOneInput().
◆ AppLayerParserStateProtoCleanup()
| void AppLayerParserStateProtoCleanup | ( | uint8_t | protomap, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1504 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserStateCleanup().
◆ AppLayerParserStateSetFlag()
| void AppLayerParserStateSetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1664 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturn.
Referenced by AppLayerParserSetEOF(), and StreamTcpDisableAppLayer().
◆ AppLayerParserStreamTruncated()
| void AppLayerParserStreamTruncated | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1679 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserSupportsFiles()
| int AppLayerParserSupportsFiles | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1141 of file app-layer-parser.c.
References ALPROTO_HTTP, ALPROTO_HTTP1, ALPROTO_HTTP2, and AppLayerParserSupportsFiles().
Referenced by AppLayerParserSupportsFiles().
◆ AppLayerParserSupportsTxDetectFlags()
| bool AppLayerParserSupportsTxDetectFlags | ( | AppProto | alproto | ) |
Definition at line 1179 of file app-layer-parser.c.
References FLOW_PROTO_APPLAYER_MAX, and SCEnter.
◆ AppLayerParserSupportsTxDetectState()
| int AppLayerParserSupportsTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1153 of file app-layer-parser.c.
◆ AppLayerParserThreadCtxAlloc()
| AppLayerParserThreadCtx* AppLayerParserThreadCtxAlloc | ( | void | ) |
Gets a new app layer protocol's parser thread context.
- Return values
-
Non-NULL pointer on success. NULL pointer on failure.
Definition at line 253 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserGetProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCMalloc, and SCReturnPtr.
Referenced by AppLayerGetCtxThread(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserThreadCtxFree()
| void AppLayerParserThreadCtxFree | ( | AppLayerParserThreadCtx * | tctx | ) |
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
- Parameters
-
tctx Pointer to the thread context to be destroyed.
Definition at line 279 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserDestroyProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCFree, and SCReturn.
Referenced by AppLayerDestroyCtxThread().
◆ AppLayerParserTransactionsCleanup()
| void AppLayerParserTransactionsCleanup | ( | Flow * | f | ) |
remove obsolete (inspected and logged) transactions
Definition at line 884 of file app-layer-parser.c.
References DEBUG_ASSERT_FLOW_LOCKED, and SCEnter.
◆ AppLayerParserTriggerRawStreamReassembly()
| void AppLayerParserTriggerRawStreamReassembly | ( | Flow * | f, |
| int | direction | ||
| ) |
Definition at line 1461 of file app-layer-parser.c.
References Flow_::protoctx, SCEnter, SCLogDebug, SCReturn, and StreamTcpReassembleTriggerRawReassembly().
Referenced by InitGlobal().
◆ UTHAppLayerParserStateGetIds()
| void UTHAppLayerParserStateGetIds | ( | void * | ptr, |
| uint64_t * | i1, | ||
| uint64_t * | i2, | ||
| uint64_t * | log, | ||
| uint64_t * | min | ||
| ) |
Definition at line 174 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and AppLayerParserState_::min_id.
