#include "app-layer-events.h"
#include "util-file.h"
#include "rust.h"
#include "util-config.h"

Include dependency graph for app-layer-parser.h:

Data Structures
struct	AppLayerGetTxIterState

Macros
#define	APP_LAYER_PARSER_NO_INSPECTION BIT_U16(1)

#define	APP_LAYER_PARSER_NO_REASSEMBLY BIT_U16(2)

#define	APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U16(3)

#define	APP_LAYER_PARSER_BYPASS_READY BIT_U16(4)

#define	APP_LAYER_PARSER_EOF_TS BIT_U16(5)

#define	APP_LAYER_PARSER_EOF_TC BIT_U16(6)

#define	APP_LAYER_PARSER_TRUNC_TS BIT_U16(7)

#define	APP_LAYER_PARSER_TRUNC_TC BIT_U16(8)

#define	APP_LAYER_PARSER_SFRAME_TS BIT_U16(9)

#define	APP_LAYER_PARSER_SFRAME_TC BIT_U16(10)

#define	APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0)

#define	APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0)

#define	APP_LAYER_TX_RESERVED1_FLAG BIT_U64(48)

#define	APP_LAYER_TX_RESERVED2_FLAG BIT_U64(49)

#define	APP_LAYER_TX_RESERVED3_FLAG BIT_U64(50)

#define	APP_LAYER_TX_RESERVED4_FLAG BIT_U64(51)

#define	APP_LAYER_TX_RESERVED5_FLAG BIT_U64(52)

#define	APP_LAYER_TX_RESERVED6_FLAG BIT_U64(53)

#define	APP_LAYER_TX_RESERVED7_FLAG BIT_U64(54)

#define	APP_LAYER_TX_RESERVED8_FLAG BIT_U64(55)

#define	APP_LAYER_TX_RESERVED9_FLAG BIT_U64(56)

#define	APP_LAYER_TX_RESERVED10_FLAG BIT_U64(57)

#define	APP_LAYER_TX_RESERVED11_FLAG BIT_U64(58)

#define	APP_LAYER_TX_RESERVED12_FLAG BIT_U64(59)

#define	APP_LAYER_TX_RESERVED13_FLAG BIT_U64(60)

#define	APP_LAYER_TX_RESERVED14_FLAG BIT_U64(61)

#define	APP_LAYER_TX_RESERVED_FLAGS

#define	APP_LAYER_TX_SKIP_INSPECT_FLAG BIT_U64(62)

#define	APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63)

#define	APP_LAYER_TX_PREFILTER_MASK ~(APP_LAYER_TX_INSPECTED_FLAG \| APP_LAYER_TX_RESERVED_FLAGS)

#define	APP_LAYER_OK (AppLayerResult) { 0, 0, 0 }

#define	APP_LAYER_ERROR (AppLayerResult) { -1, 0, 0 }

#define	APP_LAYER_INCOMPLETE(c, n) (AppLayerResult) { 1, (c), (n) }

Typedefs
typedef struct AppLayerParserThreadCtx_	AppLayerParserThreadCtx

typedef AppLayerResult(*	AppLayerParserFPtr) (Flow f, void protocol_state, AppLayerParserState pstate, StreamSlice stream_slice, void local_storage)
	Prototype for parsing functions. More...

typedef struct AppLayerGetTxIterState	AppLayerGetTxIterState

typedef AppLayerGetTxIterTuple(*	AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState state)
	tx iterator prototype More...

typedef int(*	AppLayerParserGetFrameIdByNameFn) (const char *frame_name)

typedef const char (	AppLayerParserGetFrameNameByIdFn) (const uint8_t id)

Functions
int	AppLayerParserProtoIsRegistered (uint8_t ipproto, AppProto alproto)

int	AppLayerParserSetup (void)

void	AppLayerParserPostStreamSetup (void)

int	AppLayerParserDeSetup (void)

AppLayerParserThreadCtx *	AppLayerParserThreadCtxAlloc (void)
	Gets a new app layer protocol's parser thread context. More...

void	AppLayerParserThreadCtxFree (AppLayerParserThreadCtx *tctx)
	Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc(). More...

int	AppLayerParserConfParserEnabled (const char ipproto, const char alproto_name)
	Given a protocol name, checks if the parser is enabled in the conf file. More...

int	AppLayerParserRegisterParser (uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
	Register app layer parser for the protocol. More...

void	AppLayerParserRegisterParserAcceptableDataDirection (uint8_t ipproto, AppProto alproto, uint8_t direction)

void	AppLayerParserRegisterOptionFlags (uint8_t ipproto, AppProto alproto, uint32_t flags)

void	AppLayerParserRegisterStateFuncs (uint8_t ipproto, AppProto alproto, void (StateAlloc)(void , AppProto), void(StateFree)(void *))

void	AppLayerParserRegisterLocalStorageFunc (uint8_t ipproto, AppProto proto, void (LocalStorageAlloc)(void), void(LocalStorageFree)(void ))

void	AppLayerParserRegisterGetTxFilesFunc (uint8_t ipproto, AppProto alproto, AppLayerGetFileState(GetTxFiles)(void , void *, uint8_t))

void	AppLayerParserRegisterLogger (uint8_t ipproto, AppProto alproto)

void	AppLayerParserRegisterLoggerBits (uint8_t ipproto, AppProto alproto, LoggerId bits)

void	AppLayerParserRegisterTruncateFunc (uint8_t ipproto, AppProto alproto, void(Truncate)(void , uint8_t))

void	AppLayerParserRegisterGetStateProgressFunc (uint8_t ipproto, AppProto alproto, int(StateGetStateProgress)(void alstate, uint8_t direction))

void	AppLayerParserRegisterTxFreeFunc (uint8_t ipproto, AppProto alproto, void(StateTransactionFree)(void , uint64_t))

void	AppLayerParserRegisterGetTxCnt (uint8_t ipproto, AppProto alproto, uint64_t(StateGetTxCnt)(void alstate))

void	AppLayerParserRegisterGetTx (uint8_t ipproto, AppProto alproto, void (StateGetTx)(void alstate, uint64_t tx_id))

void	AppLayerParserRegisterGetTxIterator (uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func)

void	AppLayerParserRegisterStateProgressCompletionStatus (AppProto alproto, const int ts, const int tc)

void	AppLayerParserRegisterGetEventInfo (uint8_t ipproto, AppProto alproto, int(StateGetEventInfo)(const char event_name, int event_id, AppLayerEventType event_type))

void	AppLayerParserRegisterGetEventInfoById (uint8_t ipproto, AppProto alproto, int(StateGetEventInfoById)(int event_id, const char event_name, AppLayerEventType event_type))

void	AppLayerParserRegisterGetFrameFuncs (uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetFrameIdByName, AppLayerParserGetFrameNameByIdFn GetFrameNameById)

void	AppLayerParserRegisterSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void(SetStreamDepthFlag)(void tx, uint8_t flags))

void	AppLayerParserRegisterTxDataFunc (uint8_t ipproto, AppProto alproto, AppLayerTxData (GetTxData)(void *tx))

void	AppLayerParserRegisterApplyTxConfigFunc (uint8_t ipproto, AppProto alproto, bool(ApplyTxConfig)(void state, void *tx, int mode, AppLayerTxConfig))

void	AppLayerParserRegisterStateDataFunc (uint8_t ipproto, AppProto alproto, AppLayerStateData (GetStateData)(void *state))

uint32_t	AppLayerParserGetOptionFlags (uint8_t protomap, AppProto alproto)

AppLayerGetTxIteratorFunc	AppLayerGetTxIterator (const uint8_t ipproto, const AppProto alproto)

void *	AppLayerParserGetProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto)

void	AppLayerParserDestroyProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto, void *local_data)

uint64_t	AppLayerParserGetTransactionLogId (AppLayerParserState *pstate)

void	AppLayerParserSetTransactionLogId (AppLayerParserState *pstate, uint64_t tx_id)

uint64_t	AppLayerParserGetTransactionInspectId (AppLayerParserState *pstate, uint8_t direction)

void	AppLayerParserSetTransactionInspectId (const Flow f, AppLayerParserState pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected)

AppLayerDecoderEvents *	AppLayerParserGetDecoderEvents (AppLayerParserState *pstate)

void	AppLayerParserSetDecoderEvents (AppLayerParserState pstate, AppLayerDecoderEvents devents)

AppLayerDecoderEvents *	AppLayerParserGetEventsByTx (uint8_t ipproto, AppProto alproto, void *tx)

AppLayerGetFileState	AppLayerParserGetTxFiles (const Flow f, void state, void *tx, const uint8_t direction)

int	AppLayerParserGetStateProgress (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction)
	get the progress value for a tx/protocol More...

uint64_t	AppLayerParserGetTxCnt (const Flow , void alstate)

void *	AppLayerParserGetTx (uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)

int	AppLayerParserGetStateProgressCompletionStatus (AppProto alproto, uint8_t direction)

int	AppLayerParserGetEventInfo (uint8_t ipproto, AppProto alproto, const char event_name, int event_id, AppLayerEventType *event_type)

int	AppLayerParserGetEventInfoById (uint8_t ipproto, AppProto alproto, int event_id, const char *event_name, AppLayerEventType event_type)

uint64_t	AppLayerParserGetTransactionActive (const Flow f, AppLayerParserState pstate, uint8_t direction)

uint8_t	AppLayerParserGetFirstDataDir (uint8_t ipproto, AppProto alproto)

int	AppLayerParserSupportsFiles (uint8_t ipproto, AppProto alproto)

AppLayerTxData *	AppLayerParserGetTxData (uint8_t ipproto, AppProto alproto, void *tx)

uint64_t	AppLayerParserGetTxDetectFlags (AppLayerTxData *txd, const uint8_t dir)

AppLayerStateData *	AppLayerParserGetStateData (uint8_t ipproto, AppProto alproto, void *state)

void	AppLayerParserApplyTxConfig (uint8_t ipproto, AppProto alproto, void state, void tx, enum ConfigAction mode, AppLayerTxConfig)

int	AppLayerParserParse (ThreadVars tv, AppLayerParserThreadCtx tctx, Flow f, AppProto alproto, uint8_t flags, const uint8_t input, uint32_t input_len)

void	AppLayerParserSetEOF (AppLayerParserState *pstate)

bool	AppLayerParserHasDecoderEvents (AppLayerParserState *pstate)

int	AppLayerParserProtocolHasLogger (uint8_t ipproto, AppProto alproto)

LoggerId	AppLayerParserProtocolGetLoggerBits (uint8_t ipproto, AppProto alproto)

void	AppLayerParserTriggerRawStreamReassembly (Flow *f, int direction)

void	AppLayerParserSetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t stream_depth)

uint32_t	AppLayerParserGetStreamDepth (const Flow *f)

void	AppLayerParserSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags)

int	AppLayerParserIsEnabled (AppProto alproto)
	simple way to globally test if a alproto is registered and fully enabled in the configuration. More...

int	AppLayerParserGetFrameIdByName (uint8_t ipproto, AppProto alproto, const char *name)

const char *	AppLayerParserGetFrameNameById (uint8_t ipproto, AppProto alproto, const uint8_t id)

void	AppLayerParserStateProtoCleanup (uint8_t protomap, AppProto alproto, void alstate, AppLayerParserState pstate)

void	AppLayerParserStateCleanup (const Flow f, void alstate, AppLayerParserState *pstate)

void	AppLayerParserRegisterProtocolParsers (void)

void	AppLayerParserStateSetFlag (AppLayerParserState *pstate, uint16_t flag)

uint16_t	AppLayerParserStateIssetFlag (AppLayerParserState *pstate, uint16_t flag)

AppLayerParserState *	AppLayerParserStateAlloc (void)

void	AppLayerParserStateFree (AppLayerParserState *pstate)

void	AppLayerParserTransactionsCleanup (Flow *f, const uint8_t pkt_dir)
	remove obsolete (inspected and logged) transactions More...

void	AppLayerParserRegisterProtocolUnittests (uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void))

void	AppLayerParserRegisterUnittests (void)

void	AppLayerParserBackupParserTable (void)

void	AppLayerParserRestoreParserTable (void)

void	UTHAppLayerParserStateGetIds (void ptr, uint64_t i1, uint64_t i2, uint64_t log, uint64_t *min)

void	AppLayerFramesFreeContainer (Flow *f)

void	FileApplyTxFlags (const AppLayerTxData txd, const uint8_t direction, File file)

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t; Anoop Saldanha anoop.nosp@m.sald.nosp@m.anha@.nosp@m.gmai.nosp@m.l.com

Definition in file app-layer-parser.h.

Macro Definition Documentation

◆ APP_LAYER_ERROR

#define APP_LAYER_ERROR (AppLayerResult) { -1, 0, 0 }

parser has hit an unrecoverable error. Returning this to the API leads to no further calls to the parser.

Definition at line 93 of file app-layer-parser.h.

◆ APP_LAYER_INCOMPLETE

#define APP_LAYER_INCOMPLETE	(	c,
		n
	)	(AppLayerResult) { 1, (c), (n) }

parser needs more data. Through 'c' it will indicate how many of the input bytes it has consumed. Through 'n' it will indicate how many more bytes it needs before getting called again.

Note: consumed (c) should never be more than the input len needed (n) + consumed (c) should be more than the input len

Definition at line 101 of file app-layer-parser.h.

◆ APP_LAYER_OK

#define APP_LAYER_OK (AppLayerResult) { 0, 0, 0 }

parser has successfully processed in the input, and has consumed all of it.

Definition at line 89 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_BYPASS_READY

#define APP_LAYER_PARSER_BYPASS_READY BIT_U16(4)

Definition at line 39 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_EOF_TC

#define APP_LAYER_PARSER_EOF_TC BIT_U16(6)

Definition at line 41 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_EOF_TS

#define APP_LAYER_PARSER_EOF_TS BIT_U16(5)

Definition at line 40 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_INT_STREAM_DEPTH_SET

#define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0)

Definition at line 50 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_NO_INSPECTION

#define APP_LAYER_PARSER_NO_INSPECTION BIT_U16(1)

Definition at line 36 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD

#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U16(3)

Definition at line 38 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_NO_REASSEMBLY

#define APP_LAYER_PARSER_NO_REASSEMBLY BIT_U16(2)

Definition at line 37 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_OPT_ACCEPT_GAPS

#define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0)

Definition at line 48 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_SFRAME_TC

#define APP_LAYER_PARSER_SFRAME_TC BIT_U16(10)

Definition at line 45 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_SFRAME_TS

#define APP_LAYER_PARSER_SFRAME_TS BIT_U16(9)

Definition at line 44 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_TRUNC_TC

#define APP_LAYER_PARSER_TRUNC_TC BIT_U16(8)

Definition at line 43 of file app-layer-parser.h.

◆ APP_LAYER_PARSER_TRUNC_TS

#define APP_LAYER_PARSER_TRUNC_TS BIT_U16(7)

Definition at line 42 of file app-layer-parser.h.

◆ APP_LAYER_TX_INSPECTED_FLAG

#define APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63)

is tx fully inspected?

Definition at line 82 of file app-layer-parser.h.

◆ APP_LAYER_TX_PREFILTER_MASK

#define APP_LAYER_TX_PREFILTER_MASK ~(APP_LAYER_TX_INSPECTED_FLAG | APP_LAYER_TX_RESERVED_FLAGS)

other 63 bits are for tracking which prefilter engine is already completely inspected

Definition at line 85 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED10_FLAG

#define APP_LAYER_TX_RESERVED10_FLAG BIT_U64(57)

Definition at line 64 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED11_FLAG

#define APP_LAYER_TX_RESERVED11_FLAG BIT_U64(58)

Definition at line 65 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED12_FLAG

#define APP_LAYER_TX_RESERVED12_FLAG BIT_U64(59)

Definition at line 66 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED13_FLAG

#define APP_LAYER_TX_RESERVED13_FLAG BIT_U64(60)

Definition at line 67 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED14_FLAG

#define APP_LAYER_TX_RESERVED14_FLAG BIT_U64(61)

Definition at line 68 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED1_FLAG

#define APP_LAYER_TX_RESERVED1_FLAG BIT_U64(48)

reserved for future use

Definition at line 55 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED2_FLAG

#define APP_LAYER_TX_RESERVED2_FLAG BIT_U64(49)

Definition at line 56 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED3_FLAG

#define APP_LAYER_TX_RESERVED3_FLAG BIT_U64(50)

Definition at line 57 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED4_FLAG

#define APP_LAYER_TX_RESERVED4_FLAG BIT_U64(51)

Definition at line 58 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED5_FLAG

#define APP_LAYER_TX_RESERVED5_FLAG BIT_U64(52)

Definition at line 59 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED6_FLAG

#define APP_LAYER_TX_RESERVED6_FLAG BIT_U64(53)

Definition at line 60 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED7_FLAG

#define APP_LAYER_TX_RESERVED7_FLAG BIT_U64(54)

Definition at line 61 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED8_FLAG

#define APP_LAYER_TX_RESERVED8_FLAG BIT_U64(55)

Definition at line 62 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED9_FLAG

#define APP_LAYER_TX_RESERVED9_FLAG BIT_U64(56)

Definition at line 63 of file app-layer-parser.h.

◆ APP_LAYER_TX_RESERVED_FLAGS

#define APP_LAYER_TX_RESERVED_FLAGS

Value:

    (APP_LAYER_TX_RESERVED1_FLAG | APP_LAYER_TX_RESERVED2_FLAG | APP_LAYER_TX_RESERVED3_FLAG |     \
            APP_LAYER_TX_RESERVED4_FLAG | APP_LAYER_TX_RESERVED5_FLAG |                            \
            APP_LAYER_TX_RESERVED6_FLAG | APP_LAYER_TX_RESERVED7_FLAG |                            \
            APP_LAYER_TX_RESERVED8_FLAG | APP_LAYER_TX_RESERVED9_FLAG |                            \
            APP_LAYER_TX_RESERVED10_FLAG | APP_LAYER_TX_RESERVED11_FLAG |                          \
            APP_LAYER_TX_RESERVED12_FLAG | APP_LAYER_TX_RESERVED13_FLAG |                          \
            APP_LAYER_TX_RESERVED14_FLAG)

Definition at line 70 of file app-layer-parser.h.

◆ APP_LAYER_TX_SKIP_INSPECT_FLAG

#define APP_LAYER_TX_SKIP_INSPECT_FLAG BIT_U64(62)

should inspection be skipped in that direction

Definition at line 80 of file app-layer-parser.h.

Typedef Documentation

◆ AppLayerGetTxIteratorFunc

typedef AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state)

tx iterator prototype

Definition at line 152 of file app-layer-parser.h.

◆ AppLayerGetTxIterState

typedef struct AppLayerGetTxIterState AppLayerGetTxIterState

◆ AppLayerParserFPtr

typedef AppLayerResult(* AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, StreamSlice stream_slice, void *local_storage)

Prototype for parsing functions.

Definition at line 141 of file app-layer-parser.h.

◆ AppLayerParserGetFrameIdByNameFn

typedef int(* AppLayerParserGetFrameIdByNameFn) (const char *frame_name)

Definition at line 159 of file app-layer-parser.h.

◆ AppLayerParserGetFrameNameByIdFn

typedef const char*(* AppLayerParserGetFrameNameByIdFn) (const uint8_t id)

Definition at line 160 of file app-layer-parser.h.

◆ AppLayerParserThreadCtx

typedef struct AppLayerParserThreadCtx_ AppLayerParserThreadCtx

Definition at line 108 of file app-layer-parser.h.

Function Documentation

◆ AppLayerFramesFreeContainer()

void AppLayerFramesFreeContainer ( Flow * f )

Definition at line 175 of file app-layer-parser.c.

References Flow_::alparser, and AppLayerParserState_::frames.

◆ AppLayerGetTxIterator()

AppLayerGetTxIteratorFunc AppLayerGetTxIterator	(	const uint8_t	ipproto,
		const AppProto	alproto
	)

Definition at line 704 of file app-layer-parser.c.

Referenced by AppLayerParserSetTransactionInspectId().

Here is the caller graph for this function:

◆ AppLayerParserApplyTxConfig()

void AppLayerParserApplyTxConfig	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	state,
		void *	tx,
		enum ConfigAction	mode,
		AppLayerTxConfig
	)

Definition at line 1217 of file app-layer-parser.c.

References FlowGetProtoMapping(), and SCEnter.

Here is the call graph for this function:

◆ AppLayerParserBackupParserTable()

void AppLayerParserBackupParserTable ( void )

Definition at line 1919 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserConfParserEnabled()

int AppLayerParserConfParserEnabled	(	const char *	ipproto,
		const char *	alproto_name
	)

Given a protocol name, checks if the parser is enabled in the conf file.

Parameters

alproto_name Name of the app layer protocol.

Return values

1	If enabled.
0	If disabled.

Given a protocol name, checks if the parser is enabled in the conf file.

Definition at line 334 of file app-layer-parser.c.

References ConfGetNode(), ConfValIsFalse(), ConfValIsTrue(), FatalError, RunmodeIsUnittests(), SCEnter, SCLogDebug, SCLogError, SCReturnInt, and ConfNode_::val.

Referenced by HTPFreeConfig(), and RegisterMQTTParsers().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ AppLayerParserDeSetup()

int AppLayerParserDeSetup ( void )

Definition at line 283 of file app-layer-parser.c.

References FTPParserCleanup(), SCEnter, SCReturnInt, and SMTPParserCleanup().

Referenced by AppLayerDeSetup().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ AppLayerParserDestroyProtocolParserLocalStorage()

void AppLayerParserDestroyProtocolParserLocalStorage	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	local_data
	)

Definition at line 654 of file app-layer-parser.c.

References SCEnter.

Referenced by AppLayerParserThreadCtxFree().

Here is the caller graph for this function:

◆ AppLayerParserGetDecoderEvents()

AppLayerDecoderEvents* AppLayerParserGetDecoderEvents ( AppLayerParserState * pstate )

Definition at line 861 of file app-layer-parser.c.

References AppLayerParserState_::decoder_events, SCEnter, and SCReturnPtr.

Referenced by AppLayerParserHasDecoderEvents().

Here is the caller graph for this function:

◆ AppLayerParserGetEventInfo()

int AppLayerParserGetEventInfo	(	uint8_t	ipproto,
		AppProto	alproto,
		const char *	event_name,
		int *	event_id,
		AppLayerEventType *	event_type
	)

Definition at line 1142 of file app-layer-parser.c.

References FlowGetProtoMapping(), and SCEnter.

Here is the call graph for this function:

◆ AppLayerParserGetEventInfoById()

int AppLayerParserGetEventInfoById	(	uint8_t	ipproto,
		AppProto	alproto,
		int	event_id,
		const char **	event_name,
		AppLayerEventType *	event_type
	)

Definition at line 1152 of file app-layer-parser.c.

References FlowGetProtoMapping(), and SCEnter.

Here is the call graph for this function:

◆ AppLayerParserGetEventsByTx()

AppLayerDecoderEvents* AppLayerParserGetEventsByTx	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	tx
	)

Definition at line 874 of file app-layer-parser.c.

References AppLayerParserGetTxData(), AppLayerDecoderEvents_::events, SCEnter, and SCReturnPtr.

Here is the call graph for this function:

◆ AppLayerParserGetFirstDataDir()

uint8_t AppLayerParserGetFirstDataDir	(	uint8_t	ipproto,
		AppProto	alproto
	)

Definition at line 1163 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserGetFrameIdByName()

int AppLayerParserGetFrameIdByName	(	uint8_t	ipproto,
		AppProto	alproto,
		const char *	name
	)

Definition at line 1616 of file app-layer-parser.c.

◆ AppLayerParserGetFrameNameById()

const char* AppLayerParserGetFrameNameById	(	uint8_t	ipproto,
		AppProto	alproto,
		const uint8_t	id
	)

Definition at line 1625 of file app-layer-parser.c.

Referenced by DetectRunFrameInspectRule(), and FrameJsonLogOneFrame().

Here is the caller graph for this function:

◆ AppLayerParserGetOptionFlags()

uint32_t AppLayerParserGetOptionFlags	(	uint8_t	protomap,
		AppProto	alproto
	)

Definition at line 425 of file app-layer-parser.c.

References SCEnter, and SCReturnUInt.

◆ AppLayerParserGetProtocolParserLocalStorage()

void* AppLayerParserGetProtocolParserLocalStorage	(	uint8_t	ipproto,
		AppProto	alproto
	)

Definition at line 639 of file app-layer-parser.c.

References SCEnter.

Referenced by AppLayerParserThreadCtxAlloc().

Here is the caller graph for this function:

◆ AppLayerParserGetStateData()

AppLayerStateData* AppLayerParserGetStateData	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	state
	)

Definition at line 1206 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserGetStateProgress()

int AppLayerParserGetStateProgress	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	alstate,
		uint8_t	flags
	)

get the progress value for a tx/protocol

If the stream is disrupted, we return the 'completion' value.

Definition at line 1105 of file app-layer-parser.c.

References flags, IS_DISRUPTED, SCEnter, and unlikely.

Referenced by AppLayerParserSetTransactionInspectId(), and DetectEngineInspectBufferGeneric().

Here is the caller graph for this function:

◆ AppLayerParserGetStateProgressCompletionStatus()

int AppLayerParserGetStateProgressCompletionStatus	(	AppProto	alproto,
		uint8_t	direction
	)

Definition at line 1134 of file app-layer-parser.c.

References SCEnter.

Referenced by AppLayerParserSetTransactionInspectId(), and OutputRegisterTxLogger().

Here is the caller graph for this function:

◆ AppLayerParserGetStreamDepth()

uint32_t AppLayerParserGetStreamDepth ( const Flow * f )

Definition at line 1597 of file app-layer-parser.c.

References SCReturnInt.

◆ AppLayerParserGetTransactionActive()

uint64_t AppLayerParserGetTransactionActive	(	const Flow *	f,
		AppLayerParserState *	pstate,
		uint8_t	direction
	)

Definition at line 1170 of file app-layer-parser.c.

References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and SCEnter.

Referenced by FlowForceReassemblyNeedReassembly().

Here is the caller graph for this function:

◆ AppLayerParserGetTransactionInspectId()

uint64_t AppLayerParserGetTransactionInspectId	(	AppLayerParserState *	pstate,
		uint8_t	direction
	)

Definition at line 729 of file app-layer-parser.c.

References AppLayerParserState_::inspect_id, SCEnter, and SCReturnCT.

Referenced by AppLayerParserSetTransactionInspectId().

Here is the caller graph for this function:

◆ AppLayerParserGetTransactionLogId()

uint64_t AppLayerParserGetTransactionLogId ( AppLayerParserState * pstate )

Definition at line 712 of file app-layer-parser.c.

References AppLayerParserState_::log_id, SCEnter, and SCReturnCT.

◆ AppLayerParserGetTx()

void* AppLayerParserGetTx	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	alstate,
		uint64_t	tx_id
	)

Definition at line 1127 of file app-layer-parser.c.

References SCEnter.

Referenced by AppLayerParserSetStreamDepthFlag().

Here is the caller graph for this function:

◆ AppLayerParserGetTxCnt()

uint64_t AppLayerParserGetTxCnt	(	const Flow *	,
		void *	alstate
	)

Definition at line 1120 of file app-layer-parser.c.

References SCEnter.

Referenced by AppLayerParserSetTransactionInspectId(), and FlowForceReassemblyNeedReassembly().

Here is the caller graph for this function:

◆ AppLayerParserGetTxData()

AppLayerTxData* AppLayerParserGetTxData	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	tx
	)

Definition at line 1199 of file app-layer-parser.c.

References SCEnter.

Referenced by AppLayerParserGetEventsByTx(), AppLayerParserSetTransactionInspectId(), and DetectRunStoreStateTx().

Here is the caller graph for this function:

◆ AppLayerParserGetTxDetectFlags()

uint64_t AppLayerParserGetTxDetectFlags	(	AppLayerTxData *	txd,
		const uint8_t	dir
	)

inline

Definition at line 739 of file app-layer-parser.c.

Referenced by AppLayerParserSetTransactionInspectId().

Here is the caller graph for this function:

◆ AppLayerParserGetTxFiles()

AppLayerGetFileState AppLayerParserGetTxFiles	(	const Flow *	f,
		void *	state,
		void *	tx,
		const uint8_t	direction
	)

Definition at line 890 of file app-layer-parser.c.

References SCEnter.

Referenced by DetectEngineInspectFiledata(), and DetectFileInspectGeneric().

Here is the caller graph for this function:

◆ AppLayerParserHasDecoderEvents()

bool AppLayerParserHasDecoderEvents ( AppLayerParserState * pstate )

Definition at line 1531 of file app-layer-parser.c.

References AppLayerParserGetDecoderEvents(), AppLayerDecoderEvents_::cnt, AppLayerParserState_::decoder_events, and SCEnter.

Here is the call graph for this function:

◆ AppLayerParserIsEnabled()

int AppLayerParserIsEnabled ( AppProto alproto )

simple way to globally test if a alproto is registered and fully enabled in the configuration.

Definition at line 1549 of file app-layer-parser.c.

References FLOW_PROTO_APPLAYER_MAX.

Referenced by OutputRegisterTxLogger().

Here is the caller graph for this function:

◆ AppLayerParserParse()

int AppLayerParserParse	(	ThreadVars *	tv,
		AppLayerParserThreadCtx *	alp_tctx,
		Flow *	f,
		AppProto	alproto,
		uint8_t	flags,
		const uint8_t *	input,
		uint32_t	input_len
	)

Return values

int	-1 in case of unrecoverable error. App-layer tracking stops for this flow.
int	0 ok: we did not update app_progress
int	1 ok: we updated app_progress

Definition at line 1307 of file app-layer-parser.c.

References Flow_::alparser, BUG_ON, FlowGetProtoMapping(), Flow_::proto, Flow_::protomap, and SCEnter.

Referenced by LLVMFuzzerTestOneInput().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ AppLayerParserPostStreamSetup()

void AppLayerParserPostStreamSetup ( void )

Definition at line 269 of file app-layer-parser.c.

References ALPROTO_MAX, and FLOW_PROTO_DEFAULT.

Referenced by PreRunInit().

Here is the caller graph for this function:

◆ AppLayerParserProtocolGetLoggerBits()

LoggerId AppLayerParserProtocolGetLoggerBits	(	uint8_t	ipproto,
		AppProto	alproto
	)

Definition at line 1567 of file app-layer-parser.c.

References FlowGetProtoMapping(), and SCEnter.

Here is the call graph for this function:

◆ AppLayerParserProtocolHasLogger()

int AppLayerParserProtocolHasLogger	(	uint8_t	ipproto,
		AppProto	alproto
	)

Definition at line 1559 of file app-layer-parser.c.

References FlowGetProtoMapping(), and SCEnter.

Here is the call graph for this function:

◆ AppLayerParserProtoIsRegistered()

int AppLayerParserProtoIsRegistered	(	uint8_t	ipproto,
		AppProto	alproto
	)

Definition at line 230 of file app-layer-parser.c.

References FlowGetProtoMapping().

Here is the call graph for this function:

◆ AppLayerParserRegisterApplyTxConfigFunc()

void AppLayerParserRegisterApplyTxConfigFunc	(	uint8_t	ipproto,
		AppProto	alproto,
		bool()(void state, void *tx, int mode, AppLayerTxConfig)	ApplyTxConfig
	)

Definition at line 617 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetEventInfo()

void AppLayerParserRegisterGetEventInfo	(	uint8_t	ipproto,
		AppProto	alproto,
		int()(const char event_name, int event_id, AppLayerEventType event_type)	StateGetEventInfo
	)

Definition at line 585 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetEventInfoById()

void AppLayerParserRegisterGetEventInfoById	(	uint8_t	ipproto,
		AppProto	alproto,
		int()(int event_id, const char event_name, AppLayerEventType event_type)	StateGetEventInfoById
	)

Definition at line 563 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetFrameFuncs()

void AppLayerParserRegisterGetFrameFuncs	(	uint8_t	ipproto,
		AppProto	alproto,
		AppLayerParserGetFrameIdByNameFn	GetFrameIdByName,
		AppLayerParserGetFrameNameByIdFn	GetFrameNameById
	)

Definition at line 575 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetStateProgressFunc()

void AppLayerParserRegisterGetStateProgressFunc	(	uint8_t	ipproto,
		AppProto	alproto,
		int()(void alstate, uint8_t direction)	StateGetStateProgress
	)

Definition at line 496 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetTx()

void AppLayerParserRegisterGetTx	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	StateGetTx)(void *alstate, uint64_t tx_id
	)

Definition at line 529 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetTxCnt()

void AppLayerParserRegisterGetTxCnt	(	uint8_t	ipproto,
		AppProto	alproto,
		uint64_t()(void alstate)	StateGetTxCnt
	)

Definition at line 518 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetTxFilesFunc()

void AppLayerParserRegisterGetTxFilesFunc	(	uint8_t	ipproto,
		AppProto	alproto,
		AppLayerGetFileState()(void , void *, uint8_t)	GetTxFiles
	)

Definition at line 458 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterGetTxIterator()

void AppLayerParserRegisterGetTxIterator	(	uint8_t	ipproto,
		AppProto	alproto,
		AppLayerGetTxIteratorFunc	Func
	)

Definition at line 540 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterLocalStorageFunc()

void AppLayerParserRegisterLocalStorageFunc	(	uint8_t	ipproto,
		AppProto	proto,
		void ()(void)	LocalStorageAlloc,
		void()(void )	LocalStorageFree
	)

Definition at line 444 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterLogger()

void AppLayerParserRegisterLogger	(	uint8_t	ipproto,
		AppProto	alproto
	)

Definition at line 477 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterLoggerBits()

void AppLayerParserRegisterLoggerBits	(	uint8_t	ipproto,
		AppProto	alproto,
		LoggerId	bits
	)

Definition at line 468 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterOptionFlags()

void AppLayerParserRegisterOptionFlags	(	uint8_t	ipproto,
		AppProto	alproto,
		uint32_t	flags
	)

Definition at line 415 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterParser()

int AppLayerParserRegisterParser	(	uint8_t	ipproto,
		AppProto	alproto,
		uint8_t	direction,
		AppLayerParserFPtr	Parser
	)

Register app layer parser for the protocol.

Return values

0	On success.
-1	On failure.

Definition at line 392 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterParserAcceptableDataDirection()

void AppLayerParserRegisterParserAcceptableDataDirection	(	uint8_t	ipproto,
		AppProto	alproto,
		uint8_t	direction
	)

Definition at line 404 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterProtocolParsers()

void AppLayerParserRegisterProtocolParsers ( void )

IMAP

Definition at line 1739 of file app-layer-parser.c.

References SCEnter.

Referenced by AppLayerSetup(), and LLVMFuzzerTestOneInput().

Here is the caller graph for this function:

◆ AppLayerParserRegisterProtocolUnittests()

void AppLayerParserRegisterProtocolUnittests	(	uint8_t	ipproto,
		AppProto	alproto,
		void(*)(void)	RegisterUnittests
	)

Definition at line 1910 of file app-layer-parser.c.

Referenced by RegisterIKEParsers(), RegisterKRB5Parsers(), RegisterModbusParsers(), RegisterMQTTParsers(), and RegisterNTPParsers().

Here is the caller graph for this function:

◆ AppLayerParserRegisterSetStreamDepthFlag()

void AppLayerParserRegisterSetStreamDepthFlag	(	uint8_t	ipproto,
		AppProto	alproto,
		void()(void tx, uint8_t flags)	SetStreamDepthFlag
	)

Definition at line 627 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterStateDataFunc()

void AppLayerParserRegisterStateDataFunc	(	uint8_t	ipproto,
		AppProto	alproto,
		AppLayerStateData ()(void *state)	GetStateData
	)

Definition at line 607 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterStateFuncs()

void AppLayerParserRegisterStateFuncs	(	uint8_t	ipproto,
		AppProto	alproto,
		void ()(void *, AppProto)	StateAlloc,
		void()(void )	StateFree
	)

Definition at line 431 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterStateProgressCompletionStatus()

void AppLayerParserRegisterStateProgressCompletionStatus	(	AppProto	alproto,
		const int	ts,
		const int	tc
	)

Definition at line 548 of file app-layer-parser.c.

References BUG_ON, and ts.

◆ AppLayerParserRegisterTruncateFunc()

void AppLayerParserRegisterTruncateFunc	(	uint8_t	ipproto,
		AppProto	alproto,
		void()(void , uint8_t)	Truncate
	)

Definition at line 486 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterTxDataFunc()

void AppLayerParserRegisterTxDataFunc	(	uint8_t	ipproto,
		AppProto	alproto,
		AppLayerTxData ()(void *tx)	GetTxData
	)

Definition at line 597 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterTxFreeFunc()

void AppLayerParserRegisterTxFreeFunc	(	uint8_t	ipproto,
		AppProto	alproto,
		void()(void , uint64_t)	StateTransactionFree
	)

Definition at line 507 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserRegisterUnittests()

void AppLayerParserRegisterUnittests ( void )

Definition at line 2022 of file app-layer-parser.c.

References ALPROTO_MAX, FLOW_PROTO_DEFAULT, and SCEnter.

◆ AppLayerParserRestoreParserTable()

void AppLayerParserRestoreParserTable ( void )

Definition at line 1927 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserSetDecoderEvents()

void AppLayerParserSetDecoderEvents	(	AppLayerParserState *	pstate,
		AppLayerDecoderEvents *	devents
	)

Definition at line 869 of file app-layer-parser.c.

References AppLayerParserState_::decoder_events.

◆ AppLayerParserSetEOF()

void AppLayerParserSetEOF ( AppLayerParserState * pstate )

Definition at line 1515 of file app-layer-parser.c.

References APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS, AppLayerParserStateSetFlag(), SCEnter, SCLogDebug, and SCReturn.

Here is the call graph for this function:

◆ AppLayerParserSetStreamDepth()

void AppLayerParserSetStreamDepth	(	uint8_t	ipproto,
		AppProto	alproto,
		uint32_t	stream_depth
	)

Definition at line 1586 of file app-layer-parser.c.

References SCEnter.

◆ AppLayerParserSetStreamDepthFlag()

void AppLayerParserSetStreamDepthFlag	(	uint8_t	ipproto,
		AppProto	alproto,
		void *	state,
		uint64_t	tx_id,
		uint8_t	flags
	)

Definition at line 1602 of file app-layer-parser.c.

References AppLayerParserGetTx(), and SCEnter.

Here is the call graph for this function:

◆ AppLayerParserSetTransactionInspectId()

void AppLayerParserSetTransactionInspectId	(	const Flow *	f,
		AppLayerParserState *	pstate,
		void *	alstate,
		const uint8_t	flags,
		bool	tag_txs_as_inspected
	)