#include "app-layer-events.h"
#include "util-file.h"
#include "rust.h"
#include "util-config.h"

Include dependency graph for app-layer-parser.h:

Data Structures
struct	AppLayerGetTxIterState

Macros
#define	APP_LAYER_PARSER_NO_INSPECTION BIT_U16(1)

#define	APP_LAYER_PARSER_NO_REASSEMBLY BIT_U16(2)

#define	APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U16(3)

#define	APP_LAYER_PARSER_BYPASS_READY BIT_U16(4)

#define	APP_LAYER_PARSER_EOF_TS BIT_U16(5)

#define	APP_LAYER_PARSER_EOF_TC BIT_U16(6)

#define	APP_LAYER_PARSER_SFRAME_TS BIT_U16(9)

#define	APP_LAYER_PARSER_SFRAME_TC BIT_U16(10)

#define	APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0)

#define	APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0)

#define	APP_LAYER_TX_RESERVED1_FLAG BIT_U64(48)

#define	APP_LAYER_TX_RESERVED2_FLAG BIT_U64(49)

#define	APP_LAYER_TX_RESERVED3_FLAG BIT_U64(50)

#define	APP_LAYER_TX_RESERVED4_FLAG BIT_U64(51)

#define	APP_LAYER_TX_RESERVED5_FLAG BIT_U64(52)

#define	APP_LAYER_TX_RESERVED6_FLAG BIT_U64(53)

#define	APP_LAYER_TX_RESERVED7_FLAG BIT_U64(54)

#define	APP_LAYER_TX_RESERVED8_FLAG BIT_U64(55)

#define	APP_LAYER_TX_RESERVED9_FLAG BIT_U64(56)

#define	APP_LAYER_TX_RESERVED10_FLAG BIT_U64(57)

#define	APP_LAYER_TX_RESERVED11_FLAG BIT_U64(58)

#define	APP_LAYER_TX_RESERVED12_FLAG BIT_U64(59)

#define	APP_LAYER_TX_RESERVED13_FLAG BIT_U64(60)

#define	APP_LAYER_TX_RESERVED14_FLAG BIT_U64(61)

#define	APP_LAYER_TX_RESERVED_FLAGS

#define	APP_LAYER_TX_SKIP_INSPECT_FLAG BIT_U64(62)

#define	APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63)

#define	APP_LAYER_TX_PREFILTER_MASK ~(APP_LAYER_TX_INSPECTED_FLAG \| APP_LAYER_TX_RESERVED_FLAGS)

#define	APP_LAYER_OK (AppLayerResult) { 0, 0, 0 }

#define	APP_LAYER_ERROR (AppLayerResult) { -1, 0, 0 }

#define	APP_LAYER_INCOMPLETE(c, n) (AppLayerResult) { 1, (c), (n) }

Typedefs
typedef struct AppLayerParserThreadCtx_	AppLayerParserThreadCtx

typedef AppLayerResult(*	AppLayerParserFPtr) (Flow f, void protocol_state, AppLayerParserState pstate, StreamSlice stream_slice, void local_storage)
	Prototype for parsing functions. More...

typedef struct AppLayerGetTxIterState	AppLayerGetTxIterState

typedef AppLayerGetTxIterTuple(*	AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState state)
	tx iterator prototype More...

typedef int(*	AppLayerParserGetFrameIdByNameFn) (const char *frame_name)

typedef const char (	AppLayerParserGetFrameNameByIdFn) (const uint8_t id)

Functions
int	AppLayerParserProtoIsRegistered (uint8_t ipproto, AppProto alproto)

int	AppLayerParserSetup (void)

void	AppLayerParserPostStreamSetup (void)

int	AppLayerParserDeSetup (void)

AppLayerParserThreadCtx *	AppLayerParserThreadCtxAlloc (void)
	Gets a new app layer protocol's parser thread context. More...

void	AppLayerParserThreadCtxFree (AppLayerParserThreadCtx *tctx)
	Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc(). More...

int	AppLayerParserConfParserEnabled (const char ipproto, const char alproto_name)
	Given a protocol name, checks if the parser is enabled in the conf file. More...

int	AppLayerParserPreRegister (void(*Register)(void))

int	AppLayerParserRegisterParser (uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
	Register app layer parser for the protocol. More...

void	AppLayerParserRegisterParserAcceptableDataDirection (uint8_t ipproto, AppProto alproto, uint8_t direction)

void	AppLayerParserRegisterOptionFlags (uint8_t ipproto, AppProto alproto, uint32_t flags)

void	AppLayerParserRegisterStateFuncs (uint8_t ipproto, AppProto alproto, void (StateAlloc)(void , AppProto), void(StateFree)(void *))

void	AppLayerParserRegisterLocalStorageFunc (uint8_t ipproto, AppProto proto, void (LocalStorageAlloc)(void), void(LocalStorageFree)(void ))

void	AppLayerParserRegisterGetTxFilesFunc (uint8_t ipproto, AppProto alproto, AppLayerGetFileState(GetTxFiles)(void , uint8_t))

void	AppLayerParserRegisterLogger (uint8_t ipproto, AppProto alproto)

void	AppLayerParserRegisterLoggerBits (uint8_t ipproto, AppProto alproto, LoggerId bits)

void	AppLayerParserRegisterGetStateProgressFunc (uint8_t ipproto, AppProto alproto, int(StateGetStateProgress)(void alstate, uint8_t direction))

void	AppLayerParserRegisterTxFreeFunc (uint8_t ipproto, AppProto alproto, void(StateTransactionFree)(void , uint64_t))

void	AppLayerParserRegisterGetTxCnt (uint8_t ipproto, AppProto alproto, uint64_t(StateGetTxCnt)(void alstate))

void	AppLayerParserRegisterGetTx (uint8_t ipproto, AppProto alproto, void (StateGetTx)(void alstate, uint64_t tx_id))

void	AppLayerParserRegisterGetTxIterator (uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func)

void	AppLayerParserRegisterStateProgressCompletionStatus (AppProto alproto, const int ts, const int tc)

void	AppLayerParserRegisterGetEventInfo (uint8_t ipproto, AppProto alproto, int(StateGetEventInfo)(const char event_name, uint8_t event_id, AppLayerEventType event_type))

void	AppLayerParserRegisterGetEventInfoById (uint8_t ipproto, AppProto alproto, int(StateGetEventInfoById)(uint8_t event_id, const char event_name, AppLayerEventType event_type))

void	AppLayerParserRegisterGetFrameFuncs (uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetFrameIdByName, AppLayerParserGetFrameNameByIdFn GetFrameNameById)

void	AppLayerParserRegisterSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void(SetStreamDepthFlag)(void tx, uint8_t flags))

void	AppLayerParserRegisterTxDataFunc (uint8_t ipproto, AppProto alproto, AppLayerTxData (GetTxData)(void *tx))

void	AppLayerParserRegisterApplyTxConfigFunc (uint8_t ipproto, AppProto alproto, bool(ApplyTxConfig)(void state, void *tx, int mode, AppLayerTxConfig))

void	AppLayerParserRegisterStateDataFunc (uint8_t ipproto, AppProto alproto, AppLayerStateData (GetStateData)(void *state))

AppLayerGetTxIteratorFunc	AppLayerGetTxIterator (const uint8_t ipproto, const AppProto alproto)

void *	AppLayerParserGetProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto)

void	AppLayerParserDestroyProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto, void *local_data)

uint64_t	AppLayerParserGetTransactionLogId (AppLayerParserState *pstate)

void	AppLayerParserSetTransactionLogId (AppLayerParserState *pstate, uint64_t tx_id)

uint64_t	AppLayerParserGetTransactionInspectId (AppLayerParserState *pstate, uint8_t direction)

void	AppLayerParserSetTransactionInspectId (const Flow f, AppLayerParserState pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected)

AppLayerDecoderEvents *	AppLayerParserGetDecoderEvents (AppLayerParserState *pstate)

AppLayerDecoderEvents *	AppLayerParserGetEventsByTx (uint8_t ipproto, AppProto alproto, void *tx)

AppLayerGetFileState	AppLayerParserGetTxFiles (const Flow f, void tx, const uint8_t direction)

int	AppLayerParserGetStateProgress (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction)
	get the progress value for a tx/protocol More...

uint64_t	AppLayerParserGetTxCnt (const Flow , void alstate)

void *	AppLayerParserGetTx (uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)

int	AppLayerParserGetStateProgressCompletionStatus (AppProto alproto, uint8_t direction)

int	AppLayerParserGetEventInfo (uint8_t ipproto, AppProto alproto, const char event_name, uint8_t event_id, AppLayerEventType *event_type)

int	AppLayerParserGetEventInfoById (uint8_t ipproto, AppProto alproto, uint8_t event_id, const char *event_name, AppLayerEventType event_type)

uint64_t	AppLayerParserGetTransactionActive (const Flow f, AppLayerParserState pstate, uint8_t direction)

uint8_t	AppLayerParserGetFirstDataDir (uint8_t ipproto, AppProto alproto)

bool	AppLayerParserSupportsFiles (uint8_t ipproto, AppProto alproto)

AppLayerTxData *	AppLayerParserGetTxData (uint8_t ipproto, AppProto alproto, void *tx)

uint64_t	AppLayerParserGetTxDetectFlags (AppLayerTxData *txd, const uint8_t dir)

AppLayerStateData *	AppLayerParserGetStateData (uint8_t ipproto, AppProto alproto, void *state)

void	AppLayerParserApplyTxConfig (uint8_t ipproto, AppProto alproto, void state, void tx, enum ConfigAction mode, AppLayerTxConfig)

int	AppLayerParserParse (ThreadVars tv, AppLayerParserThreadCtx tctx, Flow f, AppProto alproto, uint8_t flags, const uint8_t input, uint32_t input_len)

void	AppLayerParserSetEOF (AppLayerParserState *pstate)

bool	AppLayerParserHasDecoderEvents (AppLayerParserState *pstate)

int	AppLayerParserProtocolHasLogger (uint8_t ipproto, AppProto alproto)

LoggerId	AppLayerParserProtocolGetLoggerBits (uint8_t ipproto, AppProto alproto)

void	AppLayerParserTriggerRawStreamReassembly (Flow *f, int direction)

void	AppLayerParserSetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t stream_depth)

uint32_t	AppLayerParserGetStreamDepth (const Flow *f)

void	AppLayerParserSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags)

int	AppLayerParserIsEnabled (AppProto alproto)
	simple way to globally test if a alproto is registered and fully enabled in the configuration. More...

int	AppLayerParserGetFrameIdByName (uint8_t ipproto, AppProto alproto, const char *name)

const char *	AppLayerParserGetFrameNameById (uint8_t ipproto, AppProto alproto, const uint8_t id)

void	AppLayerParserStateProtoCleanup (uint8_t protomap, AppProto alproto, void alstate, AppLayerParserState pstate)

void	AppLayerParserStateCleanup (const Flow f, void alstate, AppLayerParserState *pstate)

void	AppLayerParserRegisterProtocolParsers (void)

void	AppLayerParserStateSetFlag (AppLayerParserState *pstate, uint16_t flag)

uint16_t	AppLayerParserStateIssetFlag (AppLayerParserState *pstate, uint16_t flag)

AppLayerParserState *	AppLayerParserStateAlloc (void)

void	AppLayerParserStateFree (AppLayerParserState *pstate)

void	AppLayerParserTransactionsCleanup (Flow *f, const uint8_t pkt_dir)
	remove obsolete (inspected and logged) transactions More...

void	AppLayerParserRegisterProtocolUnittests (uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void))

void	AppLayerParserRegisterUnittests (void)

void	UTHAppLayerParserStateGetIds (void ptr, uint64_t i1, uint64_t i2, uint64_t log, uint64_t *min)

void	AppLayerFramesFreeContainer (Flow *f)

void	FileApplyTxFlags (const AppLayerTxData txd, const uint8_t direction, File file)

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t; Anoop Saldanha anoop.nosp@m.sald.nosp@m.anha@.nosp@m.gmai.nosp@m.l.com

Definition in file app-layer-parser.h.

Macro Definition Documentation

◆ APP_LAYER_ERROR

#define APP_LAYER_ERROR (AppLayerResult) { -1, 0, 0 }

parser has hit an unrecoverable error. Returning this to the API leads to no further calls to the parser.

Definition at line 92 of file app-layer-parser.h.

◆ APP_LAYER_INCOMPLETE

#define APP_LAYER_INCOMPLETE	(	c,
		n
	)	(AppLayerResult) { 1, (c), (n) }

parser needs more data. Through 'c' it will indicate how many of the input bytes it has consumed. Through 'n' it will indicate how many more bytes it needs before getting called again.

Note: consumed (c) should never be more than the input len needed (n) + consumed (c) should be more than the input len

Definition at line 100 of file app-layer-parser.h.

◆ APP_LAYER_OK

#define APP_LAYER_OK (AppLayerResult) { 0, 0, 0 }

parser has successfully processed in the input, and has consumed all of it.

Definition at line 88 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_BYPASS_READY

#define APP_LAYER_PARSER_BYPASS_READY BIT_U16(4)

Definition at line 39 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_EOF_TC

#define APP_LAYER_PARSER_EOF_TC BIT_U16(6)

Definition at line 41 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_EOF_TS

#define APP_LAYER_PARSER_EOF_TS BIT_U16(5)

Definition at line 40 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_INT_STREAM_DEPTH_SET

#define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0)

Definition at line 49 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_NO_INSPECTION

#define APP_LAYER_PARSER_NO_INSPECTION BIT_U16(1)

Definition at line 36 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD

#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U16(3)

Definition at line 38 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_NO_REASSEMBLY

#define APP_LAYER_PARSER_NO_REASSEMBLY BIT_U16(2)

Definition at line 37 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_OPT_ACCEPT_GAPS

#define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0)

Definition at line 47 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_SFRAME_TC

#define APP_LAYER_PARSER_SFRAME_TC BIT_U16(10)

Definition at line 44 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_SFRAME_TS

#define APP_LAYER_PARSER_SFRAME_TS BIT_U16(9)

Definition at line 43 of file app-layer-parser.h.

◆ APP_LAYER_TX_INSPECTED_FLAG

#define APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63)

is tx fully inspected?

Definition at line 81 of file app-layer-parser.h.

◆ APP_LAYER_TX_PREFILTER_MASK

#define APP_LAYER_TX_PREFILTER_MASK ~(APP_LAYER_TX_INSPECTED_FLAG | APP_LAYER_TX_RESERVED_FLAGS)

other 63 bits are for tracking which prefilter engine is already completely inspected

Definition at line 84 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED10_FLAG

#define APP_LAYER_TX_RESERVED10_FLAG BIT_U64(57)

Definition at line 63 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED11_FLAG

#define APP_LAYER_TX_RESERVED11_FLAG BIT_U64(58)

Definition at line 64 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED12_FLAG

#define APP_LAYER_TX_RESERVED12_FLAG BIT_U64(59)

Definition at line 65 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED13_FLAG

#define APP_LAYER_TX_RESERVED13_FLAG BIT_U64(60)

Definition at line 66 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED14_FLAG

#define APP_LAYER_TX_RESERVED14_FLAG BIT_U64(61)

Definition at line 67 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED1_FLAG

#define APP_LAYER_TX_RESERVED1_FLAG BIT_U64(48)

reserved for future use

Definition at line 54 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED2_FLAG

#define APP_LAYER_TX_RESERVED2_FLAG BIT_U64(49)

Definition at line 55 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED3_FLAG

#define APP_LAYER_TX_RESERVED3_FLAG BIT_U64(50)

Definition at line 56 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED4_FLAG

#define APP_LAYER_TX_RESERVED4_FLAG BIT_U64(51)

Definition at line 57 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED5_FLAG

#define APP_LAYER_TX_RESERVED5_FLAG BIT_U64(52)

Definition at line 58 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED6_FLAG

#define APP_LAYER_TX_RESERVED6_FLAG BIT_U64(53)

Definition at line 59 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED7_FLAG

#define APP_LAYER_TX_RESERVED7_FLAG BIT_U64(54)

Definition at line 60 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED8_FLAG

#define APP_LAYER_TX_RESERVED8_FLAG BIT_U64(55)

Definition at line 61 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED9_FLAG

#define APP_LAYER_TX_RESERVED9_FLAG BIT_U64(56)

Definition at line 62 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED_FLAGS

#define APP_LAYER_TX_RESERVED_FLAGS

Value:

    (APP_LAYER_TX_RESERVED1_FLAG | APP_LAYER_TX_RESERVED2_FLAG | APP_LAYER_TX_RESERVED3_FLAG |     \
            APP_LAYER_TX_RESERVED4_FLAG | APP_LAYER_TX_RESERVED5_FLAG |                            \
            APP_LAYER_TX_RESERVED6_FLAG | APP_LAYER_TX_RESERVED7_FLAG |                            \
            APP_LAYER_TX_RESERVED8_FLAG | APP_LAYER_TX_RESERVED9_FLAG |                            \
            APP_LAYER_TX_RESERVED10_FLAG | APP_LAYER_TX_RESERVED11_FLAG |                          \
            APP_LAYER_TX_RESERVED12_FLAG | APP_LAYER_TX_RESERVED13_FLAG |                          \
            APP_LAYER_TX_RESERVED14_FLAG)

Definition at line 69 of file app-layer-parser.h.

◆ APP_LAYER_TX_SKIP_INSPECT_FLAG

#define APP_LAYER_TX_SKIP_INSPECT_FLAG BIT_U64(62)

should inspection be skipped in that direction

Definition at line 79 of file app-layer-parser.h.

Typedef Documentation

◆ AppLayerGetTxIteratorFunc

typedef AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state)

tx iterator prototype

Definition at line 151 of file app-layer-parser.h.

◆ AppLayerGetTxIterState

typedef struct AppLayerGetTxIterState AppLayerGetTxIterState

◆ AppLayerParserFPtr

typedef AppLayerResult(* AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, StreamSlice stream_slice, void *local_storage)

Prototype for parsing functions.

Definition at line 140 of file app-layer-parser.h.

◆ AppLayerParserGetFrameIdByNameFn

typedef int(* AppLayerParserGetFrameIdByNameFn) (const char *frame_name)

Definition at line 158 of file app-layer-parser.h.

◆ AppLayerParserGetFrameNameByIdFn

typedef const char*(* AppLayerParserGetFrameNameByIdFn) (const uint8_t id)

Definition at line 159 of file app-layer-parser.h.

◆ AppLayerParserThreadCtx

typedef struct AppLayerParserThreadCtx_ AppLayerParserThreadCtx

Definition at line 107 of file app-layer-parser.h.

Function Documentation

◆ AppLayerFramesFreeContainer()

void AppLayerFramesFreeContainer ( Flow * f )

Definition at line 165 of file app-layer-parser.c.

References Flow_::alparser, and AppLayerParserState_::frames.

◆ AppLayerGetTxIterator()

AppLayerGetTxIteratorFunc AppLayerGetTxIterator	(	const uint8_t	ipproto,
		const AppProto	alproto
	)

Definition at line 672 of file app-layer-parser.c.

Referenced by AppLayerParserSetTransactionInspectId().

Here is the caller graph for this function:

◆ AppLayerParserApplyTxConfig()

void AppLayerParserApplyTxConfig	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	state,
		void *	tx,
		enum ConfigAction	mode,
		AppLayerTxConfig
	)

Definition at line 1184 of file app-layer-parser.c.

References FlowGetProtoMapping(), and SCEnter.

Here is the call graph for this function:

◆ AppLayerParserConfParserEnabled()

int AppLayerParserConfParserEnabled	(	const char *	ipproto,
		const char *	alproto_name
	)

Given a protocol name, checks if the parser is enabled in the conf file.

Parameters

alproto_name Name of the app layer protocol.

Return values

1	If enabled.
0	If disabled.

Given a protocol name, checks if the parser is enabled in the conf file.

Definition at line 333 of file app-layer-parser.c.

References ConfGetNode(), ConfValIsFalse(), ConfValIsTrue(), FatalError, RunmodeIsUnittests(), SCEnter, SCLogDebug, SCLogError, SCReturnInt, and ConfNode_::val.

Referenced by HTPFreeConfig().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ AppLayerParserDeSetup()

int AppLayerParserDeSetup ( void )

Definition at line 273 of file app-layer-parser.c.

References SCEnter, and SCFree.

Referenced by AppLayerDeSetup().

Here is the caller graph for this function:

◆ AppLayerParserDestroyProtocolParserLocalStorage()

void AppLayerParserDestroyProtocolParserLocalStorage	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	local_data
	)

Definition at line 625 of file app-layer-parser.c.

References SCEnter.

Referenced by AppLayerParserThreadCtxFree().

Here is the caller graph for this function:

◆ AppLayerParserGetDecoderEvents()

AppLayerDecoderEvents* AppLayerParserGetDecoderEvents ( AppLayerParserState * pstate )

Definition at line 828 of file app-layer-parser.c.

References AppLayerParserState_::decoder_events, SCEnter, and SCReturnPtr.

Referenced by AppLayerParserHasDecoderEvents().

Here is the caller graph for this function:

◆ AppLayerParserGetEventInfo()

int AppLayerParserGetEventInfo	(	uint8_t	ipproto,
		AppProto	alproto,
		const char *	event_name,
		uint8_t *	event_id,
		AppLayerEventType *	event_type
	)

Definition at line 1107 of file app-layer-parser.c.

References FlowGetProtoMapping(), and SCEnter.

Here is the call graph for this function:

◆ AppLayerParserGetEventInfoById()

int AppLayerParserGetEventInfoById	(	uint8_t	ipproto,
		AppProto	alproto,
		uint8_t	event_id,
		const char **	event_name,
		AppLayerEventType *	event_type
	)

Definition at line 1119 of file app-layer-parser.c.

References FlowGetProtoMapping(), and SCEnter.

Here is the call graph for this function:

◆ AppLayerParserGetEventsByTx()

AppLayerDecoderEvents* AppLayerParserGetEventsByTx	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	tx
	)

Definition at line 836 of file app-layer-parser.c.

References AppLayerParserGetTxData(), AppLayerDecoderEvents_::events, SCEnter, and SCReturnPtr.

Here is the call graph for this function:

◆ AppLayerParserGetFirstDataDir()

uint8_t AppLayerParserGetFirstDataDir	(	uint8_t	ipproto,
		AppProto	alproto
	)

Definition at line 1132 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserGetFrameIdByName()

int AppLayerParserGetFrameIdByName	(	uint8_t	ipproto,
		AppProto	alproto,
		const char *	name
	)

Definition at line 1581 of file app-layer-parser.c.

◆ AppLayerParserGetFrameNameById()

const char* AppLayerParserGetFrameNameById	(	uint8_t	ipproto,
		AppProto	alproto,
		const uint8_t	id
	)

Definition at line 1590 of file app-layer-parser.c.

Referenced by DetectRunFrameInspectRule(), and FrameJsonLogOneFrame().

Here is the caller graph for this function:

◆ AppLayerParserGetProtocolParserLocalStorage()

void* AppLayerParserGetProtocolParserLocalStorage	(	uint8_t	ipproto,
		AppProto	alproto
	)

Definition at line 613 of file app-layer-parser.c.

References SCEnter.

Referenced by AppLayerParserThreadCtxAlloc().

Here is the caller graph for this function:

◆ AppLayerParserGetStateData()

AppLayerStateData* AppLayerParserGetStateData	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	state
	)

Definition at line 1173 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserGetStateProgress()

int AppLayerParserGetStateProgress	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	alstate,
		uint8_t	flags
	)

get the progress value for a tx/protocol

If the stream is disrupted, we return the 'completion' value.

Definition at line 1070 of file app-layer-parser.c.

References flags, IS_DISRUPTED, SCEnter, and unlikely.

Referenced by AppLayerParserSetTransactionInspectId(), DetectEngineInspectBufferGeneric(), DetectEngineInspectFiledata(), and DetectEngineInspectMultiBufferGeneric().

Here is the caller graph for this function:

◆ AppLayerParserGetStateProgressCompletionStatus()

int AppLayerParserGetStateProgressCompletionStatus	(	AppProto	alproto,
		uint8_t	direction
	)

Definition at line 1099 of file app-layer-parser.c.

References SCEnter.

Referenced by AppLayerParserSetTransactionInspectId().

Here is the caller graph for this function:

◆ AppLayerParserGetStreamDepth()

uint32_t AppLayerParserGetStreamDepth ( const Flow * f )

Definition at line 1562 of file app-layer-parser.c.

References SCReturnInt.

◆ AppLayerParserGetTransactionActive()

uint64_t AppLayerParserGetTransactionActive	(	const Flow *	f,
		AppLayerParserState *	pstate,
		uint8_t	direction
	)

Definition at line 1139 of file app-layer-parser.c.

References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and SCEnter.

Referenced by FlowNeedsReassembly().

Here is the caller graph for this function:

◆ AppLayerParserGetTransactionInspectId()

uint64_t AppLayerParserGetTransactionInspectId	(	AppLayerParserState *	pstate,
		uint8_t	direction
	)

Definition at line 697 of file app-layer-parser.c.

References AppLayerParserState_::inspect_id, SCEnter, and SCReturnCT.

Referenced by AppLayerParserSetTransactionInspectId().

Here is the caller graph for this function:

◆ AppLayerParserGetTransactionLogId()

uint64_t AppLayerParserGetTransactionLogId ( AppLayerParserState * pstate )

Definition at line 680 of file app-layer-parser.c.

References AppLayerParserState_::log_id, SCEnter, and SCReturnCT.

◆ AppLayerParserGetTx()

void* AppLayerParserGetTx	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	alstate,
		uint64_t	tx_id
	)

Definition at line 1092 of file app-layer-parser.c.

References SCEnter.

Referenced by AppLayerParserSetStreamDepthFlag().

Here is the caller graph for this function:

◆ AppLayerParserGetTxCnt()

uint64_t AppLayerParserGetTxCnt	(	const Flow *	,
		void *	alstate
	)

Definition at line 1085 of file app-layer-parser.c.

References SCEnter.

Referenced by AppLayerParserSetTransactionInspectId(), and FlowNeedsReassembly().

Here is the caller graph for this function:

◆ AppLayerParserGetTxData()

AppLayerTxData* AppLayerParserGetTxData	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	tx
	)

Definition at line 1166 of file app-layer-parser.c.

References SCEnter.

Referenced by AppLayerParserGetEventsByTx(), AppLayerParserSetTransactionInspectId(), and DetectRunStoreStateTx().

Here is the caller graph for this function:

◆ AppLayerParserGetTxDetectFlags()

uint64_t AppLayerParserGetTxDetectFlags	(	AppLayerTxData *	txd,
		const uint8_t	dir
	)

inline

Definition at line 707 of file app-layer-parser.c.

Referenced by AppLayerParserSetTransactionInspectId().

Here is the caller graph for this function:

◆ AppLayerParserGetTxFiles()

AppLayerGetFileState AppLayerParserGetTxFiles	(	const Flow *	f,
		void *	tx,
		const uint8_t	direction
	)

Definition at line 852 of file app-layer-parser.c.

References SCEnter.

Referenced by DetectEngineInspectFiledata(), and DetectFileInspectGeneric().

Here is the caller graph for this function:

◆ AppLayerParserHasDecoderEvents()

bool AppLayerParserHasDecoderEvents ( AppLayerParserState * pstate )

Definition at line 1496 of file app-layer-parser.c.

References AppLayerParserGetDecoderEvents(), AppLayerDecoderEvents_::cnt, AppLayerParserState_::decoder_events, and SCEnter.

Here is the call graph for this function:

◆ AppLayerParserIsEnabled()

int AppLayerParserIsEnabled ( AppProto alproto )

simple way to globally test if a alproto is registered and fully enabled in the configuration.

Definition at line 1514 of file app-layer-parser.c.

References FLOW_PROTO_APPLAYER_MAX.

◆ AppLayerParserParse()

int AppLayerParserParse	(	ThreadVars *	tv,
		AppLayerParserThreadCtx *	alp_tctx,
		Flow *	f,
		AppProto	alproto,
		uint8_t	flags,
		const uint8_t *	input,
		uint32_t	input_len
	)

Return values

int	-1 in case of unrecoverable error. App-layer tracking stops for this flow.
int	0 ok: we did not update app_progress
int	1 ok: we updated app_progress

Definition at line 1274 of file app-layer-parser.c.

References Flow_::alparser, BUG_ON, FlowGetProtoMapping(), Flow_::proto, Flow_::protomap, and SCEnter.

Referenced by LLVMFuzzerTestOneInput().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ AppLayerParserPostStreamSetup()

void AppLayerParserPostStreamSetup ( void )

Definition at line 260 of file app-layer-parser.c.

References FLOW_PROTO_DEFAULT, and g_alproto_max.

Referenced by PreRunInit().

Here is the caller graph for this function:

◆ AppLayerParserPreRegister()

int AppLayerParserPreRegister ( void(*)(void) Register )

Definition at line 1708 of file app-layer-parser.c.

◆ AppLayerParserProtocolGetLoggerBits()

LoggerId AppLayerParserProtocolGetLoggerBits	(	uint8_t	ipproto,
		AppProto	alproto
	)

Definition at line 1532 of file app-layer-parser.c.

References FlowGetProtoMapping(), and SCEnter.

Here is the call graph for this function:

◆ AppLayerParserProtocolHasLogger()

int AppLayerParserProtocolHasLogger	(	uint8_t	ipproto,
		AppProto	alproto
	)

Definition at line 1524 of file app-layer-parser.c.

References FlowGetProtoMapping(), and SCEnter.

Here is the call graph for this function:

◆ AppLayerParserProtoIsRegistered()

int AppLayerParserProtoIsRegistered	(	uint8_t	ipproto,
		AppProto	alproto
	)

Definition at line 217 of file app-layer-parser.c.

References FlowGetProtoMapping().

Here is the call graph for this function:

◆ AppLayerParserRegisterApplyTxConfigFunc()

void AppLayerParserRegisterApplyTxConfigFunc	(	uint8_t	ipproto,
		AppProto	alproto,
		bool()(void state, void *tx, int mode, AppLayerTxConfig)	ApplyTxConfig
	)

Definition at line 591 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetEventInfo()

void AppLayerParserRegisterGetEventInfo	(	uint8_t	ipproto,
		AppProto	alproto,
		int()(const char event_name, uint8_t event_id, AppLayerEventType event_type)	StateGetEventInfo
	)

Definition at line 560 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetEventInfoById()

void AppLayerParserRegisterGetEventInfoById	(	uint8_t	ipproto,
		AppProto	alproto,
		int()(uint8_t event_id, const char event_name, AppLayerEventType event_type)	StateGetEventInfoById
	)

Definition at line 538 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetFrameFuncs()

void AppLayerParserRegisterGetFrameFuncs	(	uint8_t	ipproto,
		AppProto	alproto,
		AppLayerParserGetFrameIdByNameFn	GetFrameIdByName,
		AppLayerParserGetFrameNameByIdFn	GetFrameNameById
	)

Definition at line 550 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetStateProgressFunc()

void AppLayerParserRegisterGetStateProgressFunc	(	uint8_t	ipproto,
		AppProto	alproto,
		int()(void alstate, uint8_t direction)	StateGetStateProgress
	)

Definition at line 475 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetTx()

void AppLayerParserRegisterGetTx	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	StateGetTx)(void *alstate, uint64_t tx_id
	)

Definition at line 505 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetTxCnt()

void AppLayerParserRegisterGetTxCnt	(	uint8_t	ipproto,
		AppProto	alproto,
		uint64_t()(void alstate)	StateGetTxCnt
	)

Definition at line 495 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetTxFilesFunc()

void AppLayerParserRegisterGetTxFilesFunc	(	uint8_t	ipproto,
		AppProto	alproto,
		AppLayerGetFileState()(void , uint8_t)	GetTxFiles
	)

Definition at line 447 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetTxIterator()

void AppLayerParserRegisterGetTxIterator	(	uint8_t	ipproto,
		AppProto	alproto,
		AppLayerGetTxIteratorFunc	Func
	)

Definition at line 515 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterLocalStorageFunc()

void AppLayerParserRegisterLocalStorageFunc	(	uint8_t	ipproto,
		AppProto	proto,
		void ()(void)	LocalStorageAlloc,
		void()(void )	LocalStorageFree
	)

Definition at line 435 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterLogger()

void AppLayerParserRegisterLogger	(	uint8_t	ipproto,
		AppProto	alproto
	)

Definition at line 466 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterLoggerBits()

void AppLayerParserRegisterLoggerBits	(	uint8_t	ipproto,
		AppProto	alproto,
		LoggerId	bits
	)

Definition at line 457 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterOptionFlags()

void AppLayerParserRegisterOptionFlags	(	uint8_t	ipproto,
		AppProto	alproto,
		uint32_t	flags
	)

Definition at line 414 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterParser()

int AppLayerParserRegisterParser	(	uint8_t	ipproto,
		AppProto	alproto,
		uint8_t	direction,
		AppLayerParserFPtr	Parser
	)

Register app layer parser for the protocol.

Return values

0	On success.
-1	On failure.

Definition at line 391 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterParserAcceptableDataDirection()

void AppLayerParserRegisterParserAcceptableDataDirection	(	uint8_t	ipproto,
		AppProto	alproto,
		uint8_t	direction
	)

Definition at line 403 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterProtocolParsers()

void AppLayerParserRegisterProtocolParsers ( void )

POP3

Definition at line 1724 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterProtocolUnittests()

void AppLayerParserRegisterProtocolUnittests	(	uint8_t	ipproto,
		AppProto	alproto,
		void(*)(void)	RegisterUnittests
	)

Definition at line 1804 of file app-layer-parser.c.

Referenced by RegisterIKEParsers(), and RegisterModbusParsers().

Here is the caller graph for this function:

◆ AppLayerParserRegisterSetStreamDepthFlag()

void AppLayerParserRegisterSetStreamDepthFlag	(	uint8_t	ipproto,
		AppProto	alproto,
		void()(void tx, uint8_t flags)	SetStreamDepthFlag
	)

Definition at line 601 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterStateDataFunc()

void AppLayerParserRegisterStateDataFunc	(	uint8_t	ipproto,
		AppProto	alproto,
		AppLayerStateData ()(void *state)	GetStateData
	)

Definition at line 581 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterStateFuncs()

void AppLayerParserRegisterStateFuncs	(	uint8_t	ipproto,
		AppProto	alproto,
		void ()(void *, AppProto)	StateAlloc,
		void()(void )	StateFree
	)

Definition at line 424 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterStateProgressCompletionStatus()

void AppLayerParserRegisterStateProgressCompletionStatus	(	AppProto	alproto,
		const int	ts,
		const int	tc
	)

Definition at line 523 of file app-layer-parser.c.

References BUG_ON, and ts.

◆ AppLayerParserRegisterTxDataFunc()

void AppLayerParserRegisterTxDataFunc	(	uint8_t	ipproto,
		AppProto	alproto,
		AppLayerTxData ()(void *tx)	GetTxData
	)

Definition at line 571 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterTxFreeFunc()

void AppLayerParserRegisterTxFreeFunc	(	uint8_t	ipproto,
		AppProto	alproto,
		void()(void , uint64_t)	StateTransactionFree
	)

Definition at line 485 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterUnittests()

void AppLayerParserRegisterUnittests ( void )

Definition at line 1813 of file app-layer-parser.c.

References ctx, FLOW_PROTO_DEFAULT, g_alproto_max, and SCEnter.

◆ AppLayerParserSetEOF()

void AppLayerParserSetEOF ( AppLayerParserState * pstate )

Definition at line 1480 of file app-layer-parser.c.

References APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS, AppLayerParserStateSetFlag(), SCEnter, SCLogDebug, and SCReturn.

Here is the call graph for this function:

◆ AppLayerParserSetStreamDepth()

void AppLayerParserSetStreamDepth	(	uint8_t	ipproto,
		AppProto	alproto,
		uint32_t	stream_depth
	)

Definition at line 1551 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserSetStreamDepthFlag()

void AppLayerParserSetStreamDepthFlag	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	state,
		uint64_t	tx_id,
		uint8_t	flags
	)

Definition at line 1567 of file app-layer-parser.c.

References AppLayerParserGetTx(), and SCEnter.

Here is the call graph for this function:

◆ AppLayerParserSetTransactionInspectId()

void AppLayerParserSetTransactionInspectId	(	const Flow *	f,
		AppLayerParserState *	pstate,
		void *	alstate,
		const uint8_t	flags,
		bool	tag_txs_as_inspected
	)