#include "app-layer-events.h"#include "detect-engine-state.h"#include "util-file.h"#include "stream-tcp-private.h"#include "rust.h"#include "util-config.h"
Go to the source code of this file.
Data Structures | |
| struct | AppLayerGetTxIterState |
Macros | |
| #define | APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1) |
| #define | APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2) |
| #define | APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3) |
| #define | APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) |
| #define | APP_LAYER_PARSER_EOF_TS BIT_U8(5) |
| #define | APP_LAYER_PARSER_EOF_TC BIT_U8(6) |
| #define | APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) |
| #define | APP_LAYER_PARSER_OPT_UNIDIR_TXS BIT_U32(1) |
| #define | APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) |
| #define | APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63) |
| #define | APP_LAYER_TX_PREFILTER_MASK ~APP_LAYER_TX_INSPECTED_FLAG |
| #define | APP_LAYER_OK (AppLayerResult) { 0, 0, 0 } |
| #define | APP_LAYER_ERROR (AppLayerResult) { -1, 0, 0 } |
| #define | APP_LAYER_INCOMPLETE(c, n) (AppLayerResult) { 1, (c), (n) } |
Typedefs | |
| typedef struct AppLayerParserThreadCtx_ | AppLayerParserThreadCtx |
| typedef AppLayerResult(* | AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, const uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags) |
| Prototype for parsing functions. More... | |
| typedef struct AppLayerGetTxIterState | AppLayerGetTxIterState |
| typedef AppLayerGetTxIterTuple(* | AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
| tx iterator prototype More... | |
Functions | |
| int | AppLayerParserProtoIsRegistered (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSetup (void) |
| void | AppLayerParserPostStreamSetup (void) |
| int | AppLayerParserDeSetup (void) |
| AppLayerParserThreadCtx * | AppLayerParserThreadCtxAlloc (void) |
| Gets a new app layer protocol's parser thread context. More... | |
| void | AppLayerParserThreadCtxFree (AppLayerParserThreadCtx *tctx) |
| Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc(). More... | |
| int | AppLayerParserConfParserEnabled (const char *ipproto, const char *alproto_name) |
| Given a protocol name, checks if the parser is enabled in the conf file. More... | |
| int | AppLayerParserRegisterParser (uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser) |
| Register app layer parser for the protocol. More... | |
| void | AppLayerParserRegisterParserAcceptableDataDirection (uint8_t ipproto, AppProto alproto, uint8_t direction) |
| void | AppLayerParserRegisterOptionFlags (uint8_t ipproto, AppProto alproto, uint32_t flags) |
| void | AppLayerParserRegisterStateFuncs (uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *)) |
| void | AppLayerParserRegisterLocalStorageFunc (uint8_t ipproto, AppProto proto, void *(*LocalStorageAlloc)(void), void(*LocalStorageFree)(void *)) |
| void | AppLayerParserRegisterGetFilesFunc (uint8_t ipproto, AppProto alproto, FileContainer *(*StateGetFiles)(void *, uint8_t)) |
| void | AppLayerParserRegisterGetEventsFunc (uint8_t ipproto, AppProto proto, AppLayerDecoderEvents *(*StateGetEvents)(void *) __attribute__((nonnull))) |
| void | AppLayerParserRegisterLoggerFuncs (uint8_t ipproto, AppProto alproto, LoggerId(*StateGetTxLogged)(void *, void *), void(*StateSetTxLogged)(void *, void *, LoggerId)) |
| void | AppLayerParserRegisterLogger (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserRegisterLoggerBits (uint8_t ipproto, AppProto alproto, LoggerId bits) |
| void | AppLayerParserRegisterTruncateFunc (uint8_t ipproto, AppProto alproto, void(*Truncate)(void *, uint8_t)) |
| void | AppLayerParserRegisterGetStateProgressFunc (uint8_t ipproto, AppProto alproto, int(*StateGetStateProgress)(void *alstate, uint8_t direction)) |
| void | AppLayerParserRegisterTxFreeFunc (uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t)) |
| void | AppLayerParserRegisterGetTxCnt (uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate)) |
| void | AppLayerParserRegisterGetTx (uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id)) |
| void | AppLayerParserRegisterGetTxIterator (uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func) |
| void | AppLayerParserRegisterStateProgressCompletionStatus (AppProto alproto, const int ts, const int tc) |
| void | AppLayerParserRegisterGetEventInfo (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterGetEventInfoById (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterDetectStateFuncs (uint8_t ipproto, AppProto alproto, DetectEngineState *(*GetTxDetectState)(void *tx), int(*SetTxDetectState)(void *tx, DetectEngineState *)) |
| void | AppLayerParserRegisterGetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t(*GetStreamDepth)(void)) |
| void | AppLayerParserRegisterSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void(*SetStreamDepthFlag)(void *tx, uint8_t flags)) |
| void | AppLayerParserRegisterTxDataFunc (uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx)) |
| void | AppLayerParserRegisterApplyTxConfigFunc (uint8_t ipproto, AppProto alproto, bool(*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig)) |
| uint32_t | AppLayerParserGetOptionFlags (uint8_t protomap, AppProto alproto) |
| AppLayerGetTxIteratorFunc | AppLayerGetTxIterator (const uint8_t ipproto, const AppProto alproto) |
| void * | AppLayerParserGetProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserDestroyProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto, void *local_data) |
| uint64_t | AppLayerParserGetTransactionLogId (AppLayerParserState *pstate) |
| void | AppLayerParserSetTransactionLogId (AppLayerParserState *pstate, uint64_t tx_id) |
| uint64_t | AppLayerParserGetTransactionInspectId (AppLayerParserState *pstate, uint8_t direction) |
| void | AppLayerParserSetTransactionInspectId (const Flow *f, AppLayerParserState *pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected) |
| AppLayerDecoderEvents * | AppLayerParserGetDecoderEvents (AppLayerParserState *pstate) |
| void | AppLayerParserSetDecoderEvents (AppLayerParserState *pstate, AppLayerDecoderEvents *devents) |
| AppLayerDecoderEvents * | AppLayerParserGetEventsByTx (uint8_t ipproto, AppProto alproto, void *tx) |
| FileContainer * | AppLayerParserGetFiles (const Flow *f, const uint8_t direction) |
| int | AppLayerParserGetStateProgress (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| get the progress value for a tx/protocol More... | |
| uint64_t | AppLayerParserGetTxCnt (const Flow *, void *alstate) |
| void * | AppLayerParserGetTx (uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id) |
| int | AppLayerParserGetStateProgressCompletionStatus (AppProto alproto, uint8_t direction) |
| int | AppLayerParserGetEventInfo (uint8_t ipproto, AppProto alproto, const char *event_name, int *event_id, AppLayerEventType *event_type) |
| int | AppLayerParserGetEventInfoById (uint8_t ipproto, AppProto alproto, int event_id, const char **event_name, AppLayerEventType *event_type) |
| uint64_t | AppLayerParserGetTransactionActive (const Flow *f, AppLayerParserState *pstate, uint8_t direction) |
| uint8_t | AppLayerParserGetFirstDataDir (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSupportsFiles (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserHasTxDetectState (uint8_t ipproto, AppProto alproto, void *alstate) |
| DetectEngineState * | AppLayerParserGetTxDetectState (uint8_t ipproto, AppProto alproto, void *tx) |
| int | AppLayerParserSetTxDetectState (const Flow *f, void *tx, DetectEngineState *s) |
| AppLayerTxData * | AppLayerParserGetTxData (uint8_t ipproto, AppProto alproto, void *tx) |
| void | AppLayerParserApplyTxConfig (uint8_t ipproto, AppProto alproto, void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig) |
| int | AppLayerParserParse (ThreadVars *tv, AppLayerParserThreadCtx *tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len) |
| void | AppLayerParserSetEOF (AppLayerParserState *pstate) |
| bool | AppLayerParserHasDecoderEvents (AppLayerParserState *pstate) |
| int | AppLayerParserProtocolIsTxEventAware (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserProtocolHasLogger (uint8_t ipproto, AppProto alproto) |
| LoggerId | AppLayerParserProtocolGetLoggerBits (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserTriggerRawStreamReassembly (Flow *f, int direction) |
| void | AppLayerParserSetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t stream_depth) |
| uint32_t | AppLayerParserGetStreamDepth (const Flow *f) |
| void | AppLayerParserSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags) |
| int | AppLayerParserIsEnabled (AppProto alproto) |
| simple way to globally test if a alproto is registered and fully enabled in the configuration. More... | |
| void | AppLayerParserStateProtoCleanup (uint8_t protomap, AppProto alproto, void *alstate, AppLayerParserState *pstate) |
| void | AppLayerParserStateCleanup (const Flow *f, void *alstate, AppLayerParserState *pstate) |
| void | AppLayerParserRegisterProtocolParsers (void) |
| void | AppLayerParserStateSetFlag (AppLayerParserState *pstate, uint8_t flag) |
| int | AppLayerParserStateIssetFlag (AppLayerParserState *pstate, uint8_t flag) |
| void | AppLayerParserStreamTruncated (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| AppLayerParserState * | AppLayerParserStateAlloc (void) |
| void | AppLayerParserStateFree (AppLayerParserState *pstate) |
| void | AppLayerParserTransactionsCleanup (Flow *f) |
| remove obsolete (inspected and logged) transactions More... | |
| void | AppLayerParserRegisterProtocolUnittests (uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void)) |
| void | AppLayerParserRegisterUnittests (void) |
| void | AppLayerParserBackupParserTable (void) |
| void | AppLayerParserRestoreParserTable (void) |
| void | UTHAppLayerParserStateGetIds (void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min) |
Detailed Description
Definition in file app-layer-parser.h.
Macro Definition Documentation
◆ APP_LAYER_ERROR
| #define APP_LAYER_ERROR (AppLayerResult) { -1, 0, 0 } |
parser has hit an unrecoverable error. Returning this to the API leads to no further calls to the parser.
Definition at line 65 of file app-layer-parser.h.
◆ APP_LAYER_INCOMPLETE
| #define APP_LAYER_INCOMPLETE | ( | c, | |
| n | |||
| ) | (AppLayerResult) { 1, (c), (n) } |
parser needs more data. Through 'c' it will indicate how many of the input bytes it has consumed. Through 'n' it will indicate how many more bytes it needs before getting called again.
- Note
- consumed (c) should never be more than the input len needed (n) + consumed (c) should be more than the input len
Definition at line 73 of file app-layer-parser.h.
◆ APP_LAYER_OK
| #define APP_LAYER_OK (AppLayerResult) { 0, 0, 0 } |
parser has successfully processed in the input, and has consumed all of it.
Definition at line 61 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_BYPASS_READY
| #define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) |
Definition at line 41 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_EOF_TC
| #define APP_LAYER_PARSER_EOF_TC BIT_U8(6) |
Definition at line 43 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_EOF_TS
| #define APP_LAYER_PARSER_EOF_TS BIT_U8(5) |
Definition at line 42 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_INT_STREAM_DEPTH_SET
| #define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) |
Definition at line 49 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_NO_INSPECTION
| #define APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1) |
Definition at line 38 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
| #define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3) |
Definition at line 40 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_NO_REASSEMBLY
| #define APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2) |
Definition at line 39 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_OPT_ACCEPT_GAPS
| #define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) |
Definition at line 46 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_OPT_UNIDIR_TXS
| #define APP_LAYER_PARSER_OPT_UNIDIR_TXS BIT_U32(1) |
Definition at line 47 of file app-layer-parser.h.
◆ APP_LAYER_TX_INSPECTED_FLAG
| #define APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63) |
is tx fully inspected?
Definition at line 54 of file app-layer-parser.h.
◆ APP_LAYER_TX_PREFILTER_MASK
| #define APP_LAYER_TX_PREFILTER_MASK ~APP_LAYER_TX_INSPECTED_FLAG |
other 63 bits are for tracking which prefilter engine is already completely inspected
Definition at line 57 of file app-layer-parser.h.
Typedef Documentation
◆ AppLayerGetTxIteratorFunc
| typedef AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
tx iterator prototype
Definition at line 126 of file app-layer-parser.h.
◆ AppLayerGetTxIterState
| typedef struct AppLayerGetTxIterState AppLayerGetTxIterState |
◆ AppLayerParserFPtr
| typedef AppLayerResult(* AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, const uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags) |
Prototype for parsing functions.
Definition at line 113 of file app-layer-parser.h.
◆ AppLayerParserThreadCtx
| typedef struct AppLayerParserThreadCtx_ AppLayerParserThreadCtx |
Definition at line 80 of file app-layer-parser.h.
Function Documentation
◆ AppLayerGetTxIterator()
| AppLayerGetTxIteratorFunc AppLayerGetTxIterator | ( | const uint8_t | ipproto, |
| const AppProto | alproto | ||
| ) |
Definition at line 674 of file app-layer-parser.c.
Referenced by AppLayerParserSetTransactionInspectId().
◆ AppLayerParserApplyTxConfig()
| void AppLayerParserApplyTxConfig | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | state, | ||
| void * | tx, | ||
| enum ConfigAction | mode, | ||
| AppLayerTxConfig | |||
| ) |
Definition at line 1168 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserBackupParserTable()
| void AppLayerParserBackupParserTable | ( | void | ) |
Definition at line 1745 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserConfParserEnabled()
| int AppLayerParserConfParserEnabled | ( | const char * | ipproto, |
| const char * | alproto_name | ||
| ) |
Given a protocol name, checks if the parser is enabled in the conf file.
- Parameters
-
alproto_name Name of the app layer protocol.
- Return values
-
1 If enabled. 0 If disabled.
Given a protocol name, checks if the parser is enabled in the conf file.
Definition at line 300 of file app-layer-parser.c.
References ConfGetNode(), ConfValIsFalse(), ConfValIsTrue(), FatalError, RunmodeIsUnittests(), SC_ERR_FATAL, SCEnter, SCLogDebug, SCLogError, SCReturnInt, and ConfNode_::val.
Referenced by HTPFreeConfig(), and RegisterMQTTParsers().
◆ AppLayerParserDeSetup()
| int AppLayerParserDeSetup | ( | void | ) |
Definition at line 241 of file app-layer-parser.c.
References FTPParserCleanup(), SCEnter, SCReturnInt, and SMTPParserCleanup().
Referenced by AppLayerDeSetup().
◆ AppLayerParserDestroyProtocolParserLocalStorage()
| void AppLayerParserDestroyProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | local_data | ||
| ) |
Definition at line 624 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserThreadCtxFree().
◆ AppLayerParserGetDecoderEvents()
| AppLayerDecoderEvents* AppLayerParserGetDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 831 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events, SCEnter, and SCReturnPtr.
Referenced by AppLayerDecoderEventsSetEvent(), and AppLayerParserHasDecoderEvents().
◆ AppLayerParserGetEventInfo()
| int AppLayerParserGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const char * | event_name, | ||
| int * | event_id, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1089 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserGetEventInfoById()
| int AppLayerParserGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int | event_id, | ||
| const char ** | event_name, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1099 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserGetEventsByTx()
| AppLayerDecoderEvents* AppLayerParserGetEventsByTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 844 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserGetFiles()
| FileContainer* AppLayerParserGetFiles | ( | const Flow * | f, |
| const uint8_t | direction | ||
| ) |
Definition at line 861 of file app-layer-parser.c.
References SCEnter.
Referenced by DetectFileInspectGeneric(), and FileDisableStoringForTransaction().
◆ AppLayerParserGetFirstDataDir()
| uint8_t AppLayerParserGetFirstDataDir | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1110 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserGetOptionFlags()
| uint32_t AppLayerParserGetOptionFlags | ( | uint8_t | protomap, |
| AppProto | alproto | ||
| ) |
Definition at line 391 of file app-layer-parser.c.
References SCEnter, and SCReturnUInt.
◆ AppLayerParserGetProtocolParserLocalStorage()
| void* AppLayerParserGetProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 609 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserThreadCtxAlloc().
◆ AppLayerParserGetStateProgress()
| int AppLayerParserGetStateProgress | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | flags | ||
| ) |
get the progress value for a tx/protocol
If the stream is disrupted, we return the 'completion' value.
Definition at line 1053 of file app-layer-parser.c.
References flags, IS_DISRUPTED, SCEnter, and unlikely.
Referenced by AppLayerParserSetTransactionInspectId(), and DetectEngineInspectBufferGeneric().
◆ AppLayerParserGetStateProgressCompletionStatus()
| int AppLayerParserGetStateProgressCompletionStatus | ( | AppProto | alproto, |
| uint8_t | direction | ||
| ) |
Definition at line 1081 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetTransactionInspectId(), and OutputRegisterTxLogger().
◆ AppLayerParserGetStreamDepth()
| uint32_t AppLayerParserGetStreamDepth | ( | const Flow * | f | ) |
Definition at line 1452 of file app-layer-parser.c.
References SCReturnInt.
◆ AppLayerParserGetTransactionActive()
| uint64_t AppLayerParserGetTransactionActive | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1117 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, SCEnter, and STREAM_TOSERVER.
Referenced by FlowForceReassemblyNeedReassembly().
◆ AppLayerParserGetTransactionInspectId()
| uint64_t AppLayerParserGetTransactionInspectId | ( | AppLayerParserState * | pstate, |
| uint8_t | direction | ||
| ) |
Definition at line 699 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, SCEnter, SCReturnCT, and STREAM_TOSERVER.
Referenced by AppLayerParserSetTransactionInspectId().
◆ AppLayerParserGetTransactionLogId()
| uint64_t AppLayerParserGetTransactionLogId | ( | AppLayerParserState * | pstate | ) |
Definition at line 682 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturnCT.
◆ AppLayerParserGetTx()
| void* AppLayerParserGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 1074 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetStreamDepthFlag(), EveEmailAddMetadata(), EveHTTP2AddMetadata(), EveHttpAddMetadata(), EveHttpLogJSONBodyBase64(), EveHttpLogJSONBodyPrintable(), EveIKEAddMetadata(), EveNFSAddMetadata(), EveNFSAddMetadataRPC(), EveSMBAddMetadata(), EveSMTPAddMetadata(), HttpXFFGetIPFromTx(), JsonModbusAddMetadata(), JsonMQTTAddMetadata(), JsonRFBAddMetadata(), and JsonSIPAddMetadata().
◆ AppLayerParserGetTxCnt()
| uint64_t AppLayerParserGetTxCnt | ( | const Flow * | , |
| void * | alstate | ||
| ) |
Definition at line 1067 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetTransactionInspectId(), FlowForceReassemblyNeedReassembly(), HttpXFFGetIP(), and HttpXFFGetIPFromTx().
◆ AppLayerParserGetTxData()
| AppLayerTxData* AppLayerParserGetTxData | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 1161 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetTransactionInspectId().
◆ AppLayerParserGetTxDetectState()
| DetectEngineState* AppLayerParserGetTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 1146 of file app-layer-parser.c.
References SCEnter.
Referenced by DetectRunStoreStateTx().
◆ AppLayerParserHasDecoderEvents()
| bool AppLayerParserHasDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 1378 of file app-layer-parser.c.
References AppLayerParserGetDecoderEvents(), AppLayerDecoderEvents_::cnt, AppLayerParserState_::decoder_events, and SCEnter.
◆ AppLayerParserHasTxDetectState()
| int AppLayerParserHasTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate | ||
| ) |
◆ AppLayerParserIsEnabled()
| int AppLayerParserIsEnabled | ( | AppProto | alproto | ) |
simple way to globally test if a alproto is registered and fully enabled in the configuration.
Definition at line 1396 of file app-layer-parser.c.
References FLOW_PROTO_APPLAYER_MAX.
Referenced by OutputRegisterTxLogger().
◆ AppLayerParserParse()
| int AppLayerParserParse | ( | ThreadVars * | tv, |
| AppLayerParserThreadCtx * | alp_tctx, | ||
| Flow * | f, | ||
| AppProto | alproto, | ||
| uint8_t | flags, | ||
| const uint8_t * | input, | ||
| uint32_t | input_len | ||
| ) |
- Return values
-
int -1 in case of unrecoverable error. App-layer tracking stops for this flow. int 0 ok: we did not update app_progress int 1 ok: we updated app_progress
Definition at line 1195 of file app-layer-parser.c.
References Flow_::alparser, BUG_ON, FlowGetProtoMapping(), Flow_::proto, Flow_::protomap, and SCEnter.
Referenced by AppLayerHandleTCPData(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserPostStreamSetup()
| void AppLayerParserPostStreamSetup | ( | void | ) |
Definition at line 224 of file app-layer-parser.c.
References ALPROTO_MAX, and FLOW_PROTO_DEFAULT.
Referenced by PreRunInit().
◆ AppLayerParserProtocolGetLoggerBits()
Definition at line 1422 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserProtocolHasLogger()
| int AppLayerParserProtocolHasLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1414 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserProtocolIsTxEventAware()
| int AppLayerParserProtocolIsTxEventAware | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1406 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserProtoIsRegistered()
| int AppLayerParserProtoIsRegistered | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 186 of file app-layer-parser.c.
References FlowGetProtoMapping().
◆ AppLayerParserRegisterApplyTxConfigFunc()
| void AppLayerParserRegisterApplyTxConfigFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| bool(*)(void *state, void *tx, int mode, AppLayerTxConfig) | ApplyTxConfig | ||
| ) |
Definition at line 587 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterDetectStateFuncs()
| void AppLayerParserRegisterDetectStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| DetectEngineState *(*)(void *tx) | GetTxDetectState, | ||
| int(*)(void *tx, DetectEngineState *) | SetTxDetectState | ||
| ) |
Definition at line 565 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetEventInfo()
| void AppLayerParserRegisterGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(const char *event_name, int *event_id, AppLayerEventType *event_type) | StateGetEventInfo | ||
| ) |
Definition at line 553 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetEventInfoById()
| void AppLayerParserRegisterGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(int event_id, const char **event_name, AppLayerEventType *event_type) | StateGetEventInfoById | ||
| ) |
Definition at line 541 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetEventsFunc()
| void AppLayerParserRegisterGetEventsFunc | ( | uint8_t | ipproto, |
| AppProto | proto, | ||
| AppLayerDecoderEvents * | *)(void *) __attribute__ StateGetEvents((nonnull) | ||
| ) |
◆ AppLayerParserRegisterGetFilesFunc()
| void AppLayerParserRegisterGetFilesFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| FileContainer *(*)(void *, uint8_t) | StateGetFiles | ||
| ) |
Definition at line 424 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetStateProgressFunc()
| void AppLayerParserRegisterGetStateProgressFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(void *alstate, uint8_t direction) | StateGetStateProgress | ||
| ) |
Definition at line 474 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetStreamDepth()
| void AppLayerParserRegisterGetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t(*)(void) | GetStreamDepth | ||
| ) |
◆ AppLayerParserRegisterGetTx()
| void AppLayerParserRegisterGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | StateGetTx)(void *alstate, uint64_t tx_id | ||
| ) |
Definition at line 507 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTxCnt()
| void AppLayerParserRegisterGetTxCnt | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *alstate) | StateGetTxCnt | ||
| ) |
Definition at line 496 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTxIterator()
| void AppLayerParserRegisterGetTxIterator | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerGetTxIteratorFunc | Func | ||
| ) |
Definition at line 518 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLocalStorageFunc()
| void AppLayerParserRegisterLocalStorageFunc | ( | uint8_t | ipproto, |
| AppProto | proto, | ||
| void *(*)(void) | LocalStorageAlloc, | ||
| void(*)(void *) | LocalStorageFree | ||
| ) |
Definition at line 410 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLogger()
| void AppLayerParserRegisterLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 455 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLoggerBits()
Definition at line 446 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLoggerFuncs()
| void AppLayerParserRegisterLoggerFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| LoggerId(*)(void *, void *) | StateGetTxLogged, | ||
| void(*)(void *, void *, LoggerId) | StateSetTxLogged | ||
| ) |
◆ AppLayerParserRegisterOptionFlags()
| void AppLayerParserRegisterOptionFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | flags | ||
| ) |
Definition at line 381 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterParser()
| int AppLayerParserRegisterParser | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction, | ||
| AppLayerParserFPtr | Parser | ||
| ) |
Register app layer parser for the protocol.
- Return values
-
0 On success. -1 On failure.
Definition at line 358 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterParserAcceptableDataDirection()
| void AppLayerParserRegisterParserAcceptableDataDirection | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction | ||
| ) |
Definition at line 370 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterProtocolParsers()
| void AppLayerParserRegisterProtocolParsers | ( | void | ) |
IMAP
Definition at line 1576 of file app-layer-parser.c.
References ALPROTO_IMAP, AppLayerProtoDetectConfProtoDetectionEnabled(), AppLayerProtoDetectPMRegisterPatternCS(), AppLayerProtoDetectRegisterProtocol(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterHTTP2Parsers(), RegisterIKEParsers(), RegisterKRB5Parsers(), RegisterModbusParsers(), RegisterMQTTParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterNTPParsers(), RegisterRdpParsers(), RegisterRFBParsers(), RegisterSIPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSNMPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), RegisterTemplateRustParsers(), RegisterTFTPParsers(), SCEnter, SCLogInfo, and STREAM_TOSERVER.
Referenced by AppLayerSetup(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserRegisterProtocolUnittests()
| void AppLayerParserRegisterProtocolUnittests | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void) | RegisterUnittests | ||
| ) |
Definition at line 1736 of file app-layer-parser.c.
Referenced by RegisterIKEParsers(), RegisterKRB5Parsers(), RegisterModbusParsers(), RegisterMQTTParsers(), RegisterNTPParsers(), and RegisterTemplateRustParsers().
◆ AppLayerParserRegisterSetStreamDepthFlag()
| void AppLayerParserRegisterSetStreamDepthFlag | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *tx, uint8_t flags) | SetStreamDepthFlag | ||
| ) |
Definition at line 597 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterStateFuncs()
| void AppLayerParserRegisterStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void *(*)(void *, AppProto) | StateAlloc, | ||
| void(*)(void *) | StateFree | ||
| ) |
Definition at line 397 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterStateProgressCompletionStatus()
| void AppLayerParserRegisterStateProgressCompletionStatus | ( | AppProto | alproto, |
| const int | ts, | ||
| const int | tc | ||
| ) |
Definition at line 526 of file app-layer-parser.c.
◆ AppLayerParserRegisterTruncateFunc()
| void AppLayerParserRegisterTruncateFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint8_t) | Truncate | ||
| ) |
Definition at line 464 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterTxDataFunc()
| void AppLayerParserRegisterTxDataFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerTxData *(*)(void *tx) | GetTxData | ||
| ) |
Definition at line 577 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterTxFreeFunc()
| void AppLayerParserRegisterTxFreeFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint64_t) | StateTransactionFree | ||
| ) |
Definition at line 485 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterUnittests()
| void AppLayerParserRegisterUnittests | ( | void | ) |
Definition at line 1849 of file app-layer-parser.c.
References ALPROTO_MAX, FLOW_PROTO_DEFAULT, and SCEnter.
◆ AppLayerParserRestoreParserTable()
| void AppLayerParserRestoreParserTable | ( | void | ) |
Definition at line 1753 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserSetDecoderEvents()
| void AppLayerParserSetDecoderEvents | ( | AppLayerParserState * | pstate, |
| AppLayerDecoderEvents * | devents | ||
| ) |
Definition at line 839 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events.
Referenced by AppLayerDecoderEventsSetEvent().
◆ AppLayerParserSetEOF()
| void AppLayerParserSetEOF | ( | AppLayerParserState * | pstate | ) |
Definition at line 1362 of file app-layer-parser.c.
References APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS, AppLayerParserStateSetFlag(), SCEnter, SCLogDebug, and SCReturn.
◆ AppLayerParserSetStreamDepth()
| void AppLayerParserSetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | stream_depth | ||
| ) |
Definition at line 1441 of file app-layer-parser.c.
◆ AppLayerParserSetStreamDepthFlag()
| void AppLayerParserSetStreamDepthFlag | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | state, | ||
| uint64_t | tx_id, | ||
| uint8_t | flags | ||
| ) |
Definition at line 1457 of file app-layer-parser.c.
References AppLayerParserGetTx(), and SCEnter.
◆ AppLayerParserSetTransactionInspectId()
| void AppLayerParserSetTransactionInspectId | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| void * | alstate, | ||
| const uint8_t | flags, | ||
| bool | tag_txs_as_inspected | ||
| ) |
Definition at line 730 of file app-layer-parser.c.
References Flow_::alproto, AppLayerGetTxIterator(), AppLayerParserGetStateProgress(), AppLayerParserGetStateProgressCompletionStatus(), AppLayerParserGetTransactionInspectId(), AppLayerParserGetTxCnt(), AppLayerParserGetTxData(), flags, Flow_::proto, SCEnter, SCLogDebug, and STREAM_TOSERVER.
Referenced by DeStateUpdateInspectTransactionId().
◆ AppLayerParserSetTransactionLogId()
| void AppLayerParserSetTransactionLogId | ( | AppLayerParserState * | pstate, |
| uint64_t | tx_id | ||
| ) |
Definition at line 689 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturn.
◆ AppLayerParserSetTxDetectState()
| int AppLayerParserSetTxDetectState | ( | const Flow * | f, |
| void * | tx, | ||
| DetectEngineState * | s | ||
| ) |
Definition at line 1153 of file app-layer-parser.c.
References SCEnter.
Referenced by DetectRunStoreStateTx().
◆ AppLayerParserSetup()
| int AppLayerParserSetup | ( | void | ) |
Definition at line 217 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerSetup(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserStateAlloc()
| AppLayerParserState* AppLayerParserStateAlloc | ( | void | ) |
Definition at line 193 of file app-layer-parser.c.
References SCEnter, SCMalloc, and SCReturnPtr.
◆ AppLayerParserStateCleanup()
| void AppLayerParserStateCleanup | ( | const Flow * | f, |
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1490 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserStateProtoCleanup(), and Flow_::protomap.
Referenced by FlowCleanupAppLayer().
◆ AppLayerParserStateFree()
| void AppLayerParserStateFree | ( | AppLayerParserState * | pstate | ) |
Definition at line 206 of file app-layer-parser.c.
References AppLayerDecoderEventsFreeEvents(), AppLayerParserState_::decoder_events, SCEnter, SCFree, and SCReturn.
◆ AppLayerParserStateIssetFlag()
| int AppLayerParserStateIssetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1638 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturnInt.
Referenced by LLVMFuzzerTestOneInput().
◆ AppLayerParserStateProtoCleanup()
| void AppLayerParserStateProtoCleanup | ( | uint8_t | protomap, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1473 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserStateCleanup().
◆ AppLayerParserStateSetFlag()
| void AppLayerParserStateSetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1630 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturn.
Referenced by AppLayerParserSetEOF(), and StreamTcpDisableAppLayer().
◆ AppLayerParserStreamTruncated()
| void AppLayerParserStreamTruncated | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1645 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserSupportsFiles()
| int AppLayerParserSupportsFiles | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1134 of file app-layer-parser.c.
References ALPROTO_HTTP, ALPROTO_HTTP1, ALPROTO_HTTP2, and AppLayerParserSupportsFiles().
Referenced by AppLayerParserSupportsFiles().
◆ AppLayerParserThreadCtxAlloc()
| AppLayerParserThreadCtx* AppLayerParserThreadCtxAlloc | ( | void | ) |
Gets a new app layer protocol's parser thread context.
- Return values
-
Non-NULL pointer on success. NULL pointer on failure.
Definition at line 251 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserGetProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCMalloc, and SCReturnPtr.
Referenced by AppLayerGetCtxThread(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserThreadCtxFree()
| void AppLayerParserThreadCtxFree | ( | AppLayerParserThreadCtx * | tctx | ) |
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
- Parameters
-
tctx Pointer to the thread context to be destroyed.
Definition at line 277 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserDestroyProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCFree, and SCReturn.
Referenced by AppLayerDestroyCtxThread().
◆ AppLayerParserTransactionsCleanup()
| void AppLayerParserTransactionsCleanup | ( | Flow * | f | ) |
remove obsolete (inspected and logged) transactions
Definition at line 882 of file app-layer-parser.c.
References DEBUG_ASSERT_FLOW_LOCKED, and SCEnter.
◆ AppLayerParserTriggerRawStreamReassembly()
| void AppLayerParserTriggerRawStreamReassembly | ( | Flow * | f, |
| int | direction | ||
| ) |
Definition at line 1430 of file app-layer-parser.c.
References Flow_::protoctx, SCEnter, SCLogDebug, SCReturn, and StreamTcpReassembleTriggerRawReassembly().
Referenced by InitGlobal().
◆ UTHAppLayerParserStateGetIds()
| void UTHAppLayerParserStateGetIds | ( | void * | ptr, |
| uint64_t * | i1, | ||
| uint64_t * | i2, | ||
| uint64_t * | log, | ||
| uint64_t * | min | ||
| ) |
Definition at line 172 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and AppLayerParserState_::min_id.
