#include "app-layer-events.h"#include "app-layer-frames.h"#include "detect-engine-state.h"#include "util-file.h"#include "stream-tcp-private.h"#include "rust.h"#include "util-config.h"
Go to the source code of this file.
Data Structures | |
| struct | AppLayerGetTxIterState |
Typedefs | |
| typedef struct AppLayerParserThreadCtx_ | AppLayerParserThreadCtx |
| typedef AppLayerResult(* | AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, StreamSlice stream_slice, void *local_storage) |
| Prototype for parsing functions. More... | |
| typedef struct AppLayerGetTxIterState | AppLayerGetTxIterState |
| typedef AppLayerGetTxIterTuple(* | AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
| tx iterator prototype More... | |
| typedef int(* | AppLayerParserGetFrameIdByNameFn) (const char *frame_name) |
| typedef const char *(* | AppLayerParserGetFrameNameByIdFn) (const uint8_t id) |
Functions | |
| int | AppLayerParserProtoIsRegistered (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSetup (void) |
| void | AppLayerParserPostStreamSetup (void) |
| int | AppLayerParserDeSetup (void) |
| AppLayerParserThreadCtx * | AppLayerParserThreadCtxAlloc (void) |
| Gets a new app layer protocol's parser thread context. More... | |
| void | AppLayerParserThreadCtxFree (AppLayerParserThreadCtx *tctx) |
| Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc(). More... | |
| int | AppLayerParserConfParserEnabled (const char *ipproto, const char *alproto_name) |
| Given a protocol name, checks if the parser is enabled in the conf file. More... | |
| int | AppLayerParserRegisterParser (uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser) |
| Register app layer parser for the protocol. More... | |
| void | AppLayerParserRegisterParserAcceptableDataDirection (uint8_t ipproto, AppProto alproto, uint8_t direction) |
| void | AppLayerParserRegisterOptionFlags (uint8_t ipproto, AppProto alproto, uint32_t flags) |
| void | AppLayerParserRegisterStateFuncs (uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void *, AppProto), void(*StateFree)(void *)) |
| void | AppLayerParserRegisterLocalStorageFunc (uint8_t ipproto, AppProto proto, void *(*LocalStorageAlloc)(void), void(*LocalStorageFree)(void *)) |
| void | AppLayerParserRegisterGetFilesFunc (uint8_t ipproto, AppProto alproto, FileContainer *(*StateGetFiles)(void *, uint8_t)) |
| void | AppLayerParserRegisterLoggerFuncs (uint8_t ipproto, AppProto alproto, LoggerId(*StateGetTxLogged)(void *, void *), void(*StateSetTxLogged)(void *, void *, LoggerId)) |
| void | AppLayerParserRegisterLogger (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserRegisterLoggerBits (uint8_t ipproto, AppProto alproto, LoggerId bits) |
| void | AppLayerParserRegisterTruncateFunc (uint8_t ipproto, AppProto alproto, void(*Truncate)(void *, uint8_t)) |
| void | AppLayerParserRegisterGetStateProgressFunc (uint8_t ipproto, AppProto alproto, int(*StateGetStateProgress)(void *alstate, uint8_t direction)) |
| void | AppLayerParserRegisterTxFreeFunc (uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t)) |
| void | AppLayerParserRegisterGetTxCnt (uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate)) |
| void | AppLayerParserRegisterGetTx (uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id)) |
| void | AppLayerParserRegisterGetTxIterator (uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func) |
| void | AppLayerParserRegisterStateProgressCompletionStatus (AppProto alproto, const int ts, const int tc) |
| void | AppLayerParserRegisterGetEventInfo (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterGetEventInfoById (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterGetFrameFuncs (uint8_t ipproto, AppProto alproto, AppLayerParserGetFrameIdByNameFn GetFrameIdByName, AppLayerParserGetFrameNameByIdFn GetFrameNameById) |
| void | AppLayerParserRegisterGetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t(*GetStreamDepth)(void)) |
| void | AppLayerParserRegisterSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void(*SetStreamDepthFlag)(void *tx, uint8_t flags)) |
| void | AppLayerParserRegisterTxDataFunc (uint8_t ipproto, AppProto alproto, AppLayerTxData *(*GetTxData)(void *tx)) |
| void | AppLayerParserRegisterApplyTxConfigFunc (uint8_t ipproto, AppProto alproto, bool(*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig)) |
| uint32_t | AppLayerParserGetOptionFlags (uint8_t protomap, AppProto alproto) |
| AppLayerGetTxIteratorFunc | AppLayerGetTxIterator (const uint8_t ipproto, const AppProto alproto) |
| void * | AppLayerParserGetProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserDestroyProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto, void *local_data) |
| uint64_t | AppLayerParserGetTransactionLogId (AppLayerParserState *pstate) |
| void | AppLayerParserSetTransactionLogId (AppLayerParserState *pstate, uint64_t tx_id) |
| uint64_t | AppLayerParserGetTransactionInspectId (AppLayerParserState *pstate, uint8_t direction) |
| void | AppLayerParserSetTransactionInspectId (const Flow *f, AppLayerParserState *pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected) |
| AppLayerDecoderEvents * | AppLayerParserGetDecoderEvents (AppLayerParserState *pstate) |
| void | AppLayerParserSetDecoderEvents (AppLayerParserState *pstate, AppLayerDecoderEvents *devents) |
| AppLayerDecoderEvents * | AppLayerParserGetEventsByTx (uint8_t ipproto, AppProto alproto, void *tx) |
| FileContainer * | AppLayerParserGetFiles (const Flow *f, const uint8_t direction) |
| int | AppLayerParserGetStateProgress (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| get the progress value for a tx/protocol More... | |
| uint64_t | AppLayerParserGetTxCnt (const Flow *, void *alstate) |
| void * | AppLayerParserGetTx (uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id) |
| int | AppLayerParserGetStateProgressCompletionStatus (AppProto alproto, uint8_t direction) |
| int | AppLayerParserGetEventInfo (uint8_t ipproto, AppProto alproto, const char *event_name, int *event_id, AppLayerEventType *event_type) |
| int | AppLayerParserGetEventInfoById (uint8_t ipproto, AppProto alproto, int event_id, const char **event_name, AppLayerEventType *event_type) |
| uint64_t | AppLayerParserGetTransactionActive (const Flow *f, AppLayerParserState *pstate, uint8_t direction) |
| uint8_t | AppLayerParserGetFirstDataDir (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSupportsFiles (uint8_t ipproto, AppProto alproto) |
| AppLayerTxData * | AppLayerParserGetTxData (uint8_t ipproto, AppProto alproto, void *tx) |
| void | AppLayerParserApplyTxConfig (uint8_t ipproto, AppProto alproto, void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig) |
| int | AppLayerParserParse (ThreadVars *tv, AppLayerParserThreadCtx *tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len) |
| void | AppLayerParserSetEOF (AppLayerParserState *pstate) |
| bool | AppLayerParserHasDecoderEvents (AppLayerParserState *pstate) |
| int | AppLayerParserProtocolHasLogger (uint8_t ipproto, AppProto alproto) |
| LoggerId | AppLayerParserProtocolGetLoggerBits (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserTriggerRawStreamReassembly (Flow *f, int direction) |
| void | AppLayerParserSetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t stream_depth) |
| uint32_t | AppLayerParserGetStreamDepth (const Flow *f) |
| void | AppLayerParserSetStreamDepthFlag (uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags) |
| int | AppLayerParserIsEnabled (AppProto alproto) |
| simple way to globally test if a alproto is registered and fully enabled in the configuration. More... | |
| int | AppLayerParserGetFrameIdByName (uint8_t ipproto, AppProto alproto, const char *name) |
| const char * | AppLayerParserGetFrameNameById (uint8_t ipproto, AppProto alproto, const uint8_t id) |
| void | AppLayerParserStateProtoCleanup (uint8_t protomap, AppProto alproto, void *alstate, AppLayerParserState *pstate) |
| void | AppLayerParserStateCleanup (const Flow *f, void *alstate, AppLayerParserState *pstate) |
| void | AppLayerParserRegisterProtocolParsers (void) |
| void | AppLayerParserStateSetFlag (AppLayerParserState *pstate, uint8_t flag) |
| int | AppLayerParserStateIssetFlag (AppLayerParserState *pstate, uint8_t flag) |
| void | AppLayerParserStreamTruncated (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| AppLayerParserState * | AppLayerParserStateAlloc (void) |
| void | AppLayerParserStateFree (AppLayerParserState *pstate) |
| void | AppLayerParserTransactionsCleanup (Flow *f) |
| remove obsolete (inspected and logged) transactions More... | |
| void | AppLayerParserRegisterProtocolUnittests (uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void)) |
| void | AppLayerParserRegisterUnittests (void) |
| void | AppLayerParserBackupParserTable (void) |
| void | AppLayerParserRestoreParserTable (void) |
| void | UTHAppLayerParserStateGetIds (void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min) |
| void | AppLayerFramesFreeContainer (Flow *f) |
Detailed Description
Definition in file app-layer-parser.h.
Macro Definition Documentation
◆ APP_LAYER_ERROR
| #define APP_LAYER_ERROR (AppLayerResult) { -1, 0, 0 } |
parser has hit an unrecoverable error. Returning this to the API leads to no further calls to the parser.
Definition at line 92 of file app-layer-parser.h.
◆ APP_LAYER_INCOMPLETE
| #define APP_LAYER_INCOMPLETE | ( | c, | |
| n | |||
| ) | (AppLayerResult) { 1, (c), (n) } |
parser needs more data. Through 'c' it will indicate how many of the input bytes it has consumed. Through 'n' it will indicate how many more bytes it needs before getting called again.
- Note
- consumed (c) should never be more than the input len needed (n) + consumed (c) should be more than the input len
Definition at line 100 of file app-layer-parser.h.
◆ APP_LAYER_OK
| #define APP_LAYER_OK (AppLayerResult) { 0, 0, 0 } |
parser has successfully processed in the input, and has consumed all of it.
Definition at line 88 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_BYPASS_READY
| #define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) |
Definition at line 42 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_EOF_TC
| #define APP_LAYER_PARSER_EOF_TC BIT_U8(6) |
Definition at line 44 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_EOF_TS
| #define APP_LAYER_PARSER_EOF_TS BIT_U8(5) |
Definition at line 43 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_INT_STREAM_DEPTH_SET
| #define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) |
Definition at line 50 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_NO_INSPECTION
| #define APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1) |
Definition at line 39 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD
| #define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3) |
Definition at line 41 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_NO_REASSEMBLY
| #define APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2) |
Definition at line 40 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_OPT_ACCEPT_GAPS
| #define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) |
Definition at line 47 of file app-layer-parser.h.
◆ APP_LAYER_PARSER_OPT_UNIDIR_TXS
| #define APP_LAYER_PARSER_OPT_UNIDIR_TXS BIT_U32(1) |
Definition at line 48 of file app-layer-parser.h.
◆ APP_LAYER_TX_INSPECTED_FLAG
| #define APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63) |
is tx fully inspected?
Definition at line 81 of file app-layer-parser.h.
◆ APP_LAYER_TX_PREFILTER_MASK
| #define APP_LAYER_TX_PREFILTER_MASK ~(APP_LAYER_TX_INSPECTED_FLAG | APP_LAYER_TX_RESERVED_FLAGS) |
other 63 bits are for tracking which prefilter engine is already completely inspected
Definition at line 84 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED10_FLAG
| #define APP_LAYER_TX_RESERVED10_FLAG BIT_U64(57) |
Definition at line 64 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED11_FLAG
| #define APP_LAYER_TX_RESERVED11_FLAG BIT_U64(58) |
Definition at line 65 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED12_FLAG
| #define APP_LAYER_TX_RESERVED12_FLAG BIT_U64(59) |
Definition at line 66 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED13_FLAG
| #define APP_LAYER_TX_RESERVED13_FLAG BIT_U64(60) |
Definition at line 67 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED14_FLAG
| #define APP_LAYER_TX_RESERVED14_FLAG BIT_U64(61) |
Definition at line 68 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED15_FLAG
| #define APP_LAYER_TX_RESERVED15_FLAG BIT_U64(62) |
Definition at line 69 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED1_FLAG
| #define APP_LAYER_TX_RESERVED1_FLAG BIT_U64(48) |
reserved for future use
Definition at line 55 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED2_FLAG
| #define APP_LAYER_TX_RESERVED2_FLAG BIT_U64(49) |
Definition at line 56 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED3_FLAG
| #define APP_LAYER_TX_RESERVED3_FLAG BIT_U64(50) |
Definition at line 57 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED4_FLAG
| #define APP_LAYER_TX_RESERVED4_FLAG BIT_U64(51) |
Definition at line 58 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED5_FLAG
| #define APP_LAYER_TX_RESERVED5_FLAG BIT_U64(52) |
Definition at line 59 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED6_FLAG
| #define APP_LAYER_TX_RESERVED6_FLAG BIT_U64(53) |
Definition at line 60 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED7_FLAG
| #define APP_LAYER_TX_RESERVED7_FLAG BIT_U64(54) |
Definition at line 61 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED8_FLAG
| #define APP_LAYER_TX_RESERVED8_FLAG BIT_U64(55) |
Definition at line 62 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED9_FLAG
| #define APP_LAYER_TX_RESERVED9_FLAG BIT_U64(56) |
Definition at line 63 of file app-layer-parser.h.
◆ APP_LAYER_TX_RESERVED_FLAGS
| #define APP_LAYER_TX_RESERVED_FLAGS |
Definition at line 71 of file app-layer-parser.h.
Typedef Documentation
◆ AppLayerGetTxIteratorFunc
| typedef AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
tx iterator prototype
Definition at line 151 of file app-layer-parser.h.
◆ AppLayerGetTxIterState
| typedef struct AppLayerGetTxIterState AppLayerGetTxIterState |
◆ AppLayerParserFPtr
| typedef AppLayerResult(* AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, StreamSlice stream_slice, void *local_storage) |
Prototype for parsing functions.
Definition at line 140 of file app-layer-parser.h.
◆ AppLayerParserGetFrameIdByNameFn
| typedef int(* AppLayerParserGetFrameIdByNameFn) (const char *frame_name) |
Definition at line 158 of file app-layer-parser.h.
◆ AppLayerParserGetFrameNameByIdFn
| typedef const char*(* AppLayerParserGetFrameNameByIdFn) (const uint8_t id) |
Definition at line 159 of file app-layer-parser.h.
◆ AppLayerParserThreadCtx
| typedef struct AppLayerParserThreadCtx_ AppLayerParserThreadCtx |
Definition at line 107 of file app-layer-parser.h.
Function Documentation
◆ AppLayerFramesFreeContainer()
| void AppLayerFramesFreeContainer | ( | Flow * | f | ) |
Definition at line 191 of file app-layer-parser.c.
References Flow_::alparser, and AppLayerParserState_::frames.
◆ AppLayerGetTxIterator()
| AppLayerGetTxIteratorFunc AppLayerGetTxIterator | ( | const uint8_t | ipproto, |
| const AppProto | alproto | ||
| ) |
Definition at line 708 of file app-layer-parser.c.
Referenced by AppLayerParserSetTransactionInspectId(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserApplyTxConfig()
| void AppLayerParserApplyTxConfig | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | state, | ||
| void * | tx, | ||
| enum ConfigAction | mode, | ||
| AppLayerTxConfig | |||
| ) |
Definition at line 1202 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserBackupParserTable()
| void AppLayerParserBackupParserTable | ( | void | ) |
Definition at line 1832 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserConfParserEnabled()
| int AppLayerParserConfParserEnabled | ( | const char * | ipproto, |
| const char * | alproto_name | ||
| ) |
Given a protocol name, checks if the parser is enabled in the conf file.
- Parameters
-
alproto_name Name of the app layer protocol.
- Return values
-
1 If enabled. 0 If disabled.
Given a protocol name, checks if the parser is enabled in the conf file.
Definition at line 347 of file app-layer-parser.c.
References ConfGetNode(), ConfValIsFalse(), ConfValIsTrue(), FatalError, RunmodeIsUnittests(), SC_ERR_FATAL, SCEnter, SCLogDebug, SCLogError, SCReturnInt, and ConfNode_::val.
Referenced by HTPFreeConfig(), and RegisterMQTTParsers().
◆ AppLayerParserDeSetup()
| int AppLayerParserDeSetup | ( | void | ) |
Definition at line 296 of file app-layer-parser.c.
References FTPParserCleanup(), SCEnter, SCReturnInt, and SMTPParserCleanup().
Referenced by AppLayerDeSetup().
◆ AppLayerParserDestroyProtocolParserLocalStorage()
| void AppLayerParserDestroyProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | local_data | ||
| ) |
Definition at line 658 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserThreadCtxFree().
◆ AppLayerParserGetDecoderEvents()
| AppLayerDecoderEvents* AppLayerParserGetDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 865 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events, SCEnter, and SCReturnPtr.
Referenced by AppLayerParserHasDecoderEvents().
◆ AppLayerParserGetEventInfo()
| int AppLayerParserGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const char * | event_name, | ||
| int * | event_id, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1138 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserGetEventInfoById()
| int AppLayerParserGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int | event_id, | ||
| const char ** | event_name, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1148 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserGetEventsByTx()
| AppLayerDecoderEvents* AppLayerParserGetEventsByTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 878 of file app-layer-parser.c.
References AppLayerParserGetTxData(), AppLayerDecoderEvents_::events, SCEnter, and SCReturnPtr.
◆ AppLayerParserGetFiles()
| FileContainer* AppLayerParserGetFiles | ( | const Flow * | f, |
| const uint8_t | direction | ||
| ) |
Definition at line 894 of file app-layer-parser.c.
References SCEnter.
Referenced by DetectFileInspectGeneric(), and FileDisableStoringForTransaction().
◆ AppLayerParserGetFirstDataDir()
| uint8_t AppLayerParserGetFirstDataDir | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1159 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserGetFrameIdByName()
| int AppLayerParserGetFrameIdByName | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const char * | name | ||
| ) |
Definition at line 1540 of file app-layer-parser.c.
◆ AppLayerParserGetFrameNameById()
| const char* AppLayerParserGetFrameNameById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const uint8_t | id | ||
| ) |
Definition at line 1549 of file app-layer-parser.c.
Referenced by DetectRunFrameInspectRule(), and FrameJsonLogOneFrame().
◆ AppLayerParserGetOptionFlags()
| uint32_t AppLayerParserGetOptionFlags | ( | uint8_t | protomap, |
| AppProto | alproto | ||
| ) |
Definition at line 438 of file app-layer-parser.c.
References SCEnter, and SCReturnUInt.
◆ AppLayerParserGetProtocolParserLocalStorage()
| void* AppLayerParserGetProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 643 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserThreadCtxAlloc().
◆ AppLayerParserGetStateProgress()
| int AppLayerParserGetStateProgress | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | flags | ||
| ) |
get the progress value for a tx/protocol
If the stream is disrupted, we return the 'completion' value.
Definition at line 1102 of file app-layer-parser.c.
References flags, IS_DISRUPTED, SCEnter, and unlikely.
Referenced by AppLayerParserSetTransactionInspectId(), and DetectEngineInspectBufferGeneric().
◆ AppLayerParserGetStateProgressCompletionStatus()
| int AppLayerParserGetStateProgressCompletionStatus | ( | AppProto | alproto, |
| uint8_t | direction | ||
| ) |
Definition at line 1130 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetTransactionInspectId(), and OutputRegisterTxLogger().
◆ AppLayerParserGetStreamDepth()
| uint32_t AppLayerParserGetStreamDepth | ( | const Flow * | f | ) |
Definition at line 1521 of file app-layer-parser.c.
References SCReturnInt.
◆ AppLayerParserGetTransactionActive()
| uint64_t AppLayerParserGetTransactionActive | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1166 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and SCEnter.
Referenced by FlowForceReassemblyNeedReassembly().
◆ AppLayerParserGetTransactionInspectId()
| uint64_t AppLayerParserGetTransactionInspectId | ( | AppLayerParserState * | pstate, |
| uint8_t | direction | ||
| ) |
Definition at line 733 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, SCEnter, and SCReturnCT.
Referenced by AppLayerParserSetTransactionInspectId().
◆ AppLayerParserGetTransactionLogId()
| uint64_t AppLayerParserGetTransactionLogId | ( | AppLayerParserState * | pstate | ) |
Definition at line 716 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturnCT.
◆ AppLayerParserGetTx()
| void* AppLayerParserGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 1123 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetStreamDepthFlag(), EveEmailAddMetadata(), EveHTTP2AddMetadata(), EveHttpAddMetadata(), EveHttpLogJSONBodyBase64(), EveHttpLogJSONBodyPrintable(), EveIKEAddMetadata(), EveNFSAddMetadata(), EveNFSAddMetadataRPC(), EveSMBAddMetadata(), EveSMTPAddMetadata(), HttpXFFGetIPFromTx(), JsonModbusAddMetadata(), JsonMQTTAddMetadata(), JsonQuicAddMetadata(), JsonRFBAddMetadata(), and JsonSIPAddMetadata().
◆ AppLayerParserGetTxCnt()
| uint64_t AppLayerParserGetTxCnt | ( | const Flow * | , |
| void * | alstate | ||
| ) |
Definition at line 1116 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserSetTransactionInspectId(), FlowForceReassemblyNeedReassembly(), HttpXFFGetIP(), HttpXFFGetIPFromTx(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserGetTxData()
| AppLayerTxData* AppLayerParserGetTxData | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 1195 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserGetEventsByTx(), AppLayerParserSetTransactionInspectId(), and DetectRunStoreStateTx().
◆ AppLayerParserHasDecoderEvents()
| bool AppLayerParserHasDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 1455 of file app-layer-parser.c.
References AppLayerParserGetDecoderEvents(), AppLayerDecoderEvents_::cnt, AppLayerParserState_::decoder_events, and SCEnter.
◆ AppLayerParserIsEnabled()
| int AppLayerParserIsEnabled | ( | AppProto | alproto | ) |
simple way to globally test if a alproto is registered and fully enabled in the configuration.
Definition at line 1473 of file app-layer-parser.c.
References FLOW_PROTO_APPLAYER_MAX.
Referenced by OutputRegisterTxLogger().
◆ AppLayerParserParse()
| int AppLayerParserParse | ( | ThreadVars * | tv, |
| AppLayerParserThreadCtx * | alp_tctx, | ||
| Flow * | f, | ||
| AppProto | alproto, | ||
| uint8_t | flags, | ||
| const uint8_t * | input, | ||
| uint32_t | input_len | ||
| ) |
- Return values
-
int -1 in case of unrecoverable error. App-layer tracking stops for this flow. int 0 ok: we did not update app_progress int 1 ok: we updated app_progress
Definition at line 1244 of file app-layer-parser.c.
References Flow_::alparser, BUG_ON, FlowGetProtoMapping(), Flow_::proto, Flow_::protomap, and SCEnter.
Referenced by AppLayerHandleTCPData(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserPostStreamSetup()
| void AppLayerParserPostStreamSetup | ( | void | ) |
Definition at line 282 of file app-layer-parser.c.
References ALPROTO_MAX, and FLOW_PROTO_DEFAULT.
Referenced by PreRunInit().
◆ AppLayerParserProtocolGetLoggerBits()
Definition at line 1491 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserProtocolHasLogger()
| int AppLayerParserProtocolHasLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1483 of file app-layer-parser.c.
References FlowGetProtoMapping(), and SCEnter.
◆ AppLayerParserProtoIsRegistered()
| int AppLayerParserProtoIsRegistered | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 243 of file app-layer-parser.c.
References FlowGetProtoMapping().
◆ AppLayerParserRegisterApplyTxConfigFunc()
| void AppLayerParserRegisterApplyTxConfigFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| bool(*)(void *state, void *tx, int mode, AppLayerTxConfig) | ApplyTxConfig | ||
| ) |
Definition at line 621 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetEventInfo()
| void AppLayerParserRegisterGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(const char *event_name, int *event_id, AppLayerEventType *event_type) | StateGetEventInfo | ||
| ) |
Definition at line 599 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetEventInfoById()
| void AppLayerParserRegisterGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(int event_id, const char **event_name, AppLayerEventType *event_type) | StateGetEventInfoById | ||
| ) |
Definition at line 577 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetFilesFunc()
| void AppLayerParserRegisterGetFilesFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| FileContainer *(*)(void *, uint8_t) | StateGetFiles | ||
| ) |
Definition at line 471 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetFrameFuncs()
| void AppLayerParserRegisterGetFrameFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerParserGetFrameIdByNameFn | GetFrameIdByName, | ||
| AppLayerParserGetFrameNameByIdFn | GetFrameNameById | ||
| ) |
Definition at line 589 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetStateProgressFunc()
| void AppLayerParserRegisterGetStateProgressFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(void *alstate, uint8_t direction) | StateGetStateProgress | ||
| ) |
Definition at line 510 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetStreamDepth()
| void AppLayerParserRegisterGetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t(*)(void) | GetStreamDepth | ||
| ) |
◆ AppLayerParserRegisterGetTx()
| void AppLayerParserRegisterGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | StateGetTx)(void *alstate, uint64_t tx_id | ||
| ) |
Definition at line 543 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTxCnt()
| void AppLayerParserRegisterGetTxCnt | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *alstate) | StateGetTxCnt | ||
| ) |
Definition at line 532 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterGetTxIterator()
| void AppLayerParserRegisterGetTxIterator | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerGetTxIteratorFunc | Func | ||
| ) |
Definition at line 554 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLocalStorageFunc()
| void AppLayerParserRegisterLocalStorageFunc | ( | uint8_t | ipproto, |
| AppProto | proto, | ||
| void *(*)(void) | LocalStorageAlloc, | ||
| void(*)(void *) | LocalStorageFree | ||
| ) |
Definition at line 457 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLogger()
| void AppLayerParserRegisterLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 491 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLoggerBits()
Definition at line 482 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterLoggerFuncs()
| void AppLayerParserRegisterLoggerFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| LoggerId(*)(void *, void *) | StateGetTxLogged, | ||
| void(*)(void *, void *, LoggerId) | StateSetTxLogged | ||
| ) |
◆ AppLayerParserRegisterOptionFlags()
| void AppLayerParserRegisterOptionFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | flags | ||
| ) |
Definition at line 428 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterParser()
| int AppLayerParserRegisterParser | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction, | ||
| AppLayerParserFPtr | Parser | ||
| ) |
Register app layer parser for the protocol.
- Return values
-
0 On success. -1 On failure.
Definition at line 405 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterParserAcceptableDataDirection()
| void AppLayerParserRegisterParserAcceptableDataDirection | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction | ||
| ) |
Definition at line 417 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterProtocolParsers()
| void AppLayerParserRegisterProtocolParsers | ( | void | ) |
IMAP
Definition at line 1659 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerSetup(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserRegisterProtocolUnittests()
| void AppLayerParserRegisterProtocolUnittests | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void) | RegisterUnittests | ||
| ) |
Definition at line 1823 of file app-layer-parser.c.
Referenced by RegisterIKEParsers(), RegisterKRB5Parsers(), RegisterModbusParsers(), RegisterMQTTParsers(), RegisterNTPParsers(), and RegisterTemplateRustParsers().
◆ AppLayerParserRegisterSetStreamDepthFlag()
| void AppLayerParserRegisterSetStreamDepthFlag | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *tx, uint8_t flags) | SetStreamDepthFlag | ||
| ) |
Definition at line 631 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterStateFuncs()
| void AppLayerParserRegisterStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void *(*)(void *, AppProto) | StateAlloc, | ||
| void(*)(void *) | StateFree | ||
| ) |
Definition at line 444 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterStateProgressCompletionStatus()
| void AppLayerParserRegisterStateProgressCompletionStatus | ( | AppProto | alproto, |
| const int | ts, | ||
| const int | tc | ||
| ) |
Definition at line 562 of file app-layer-parser.c.
◆ AppLayerParserRegisterTruncateFunc()
| void AppLayerParserRegisterTruncateFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint8_t) | Truncate | ||
| ) |
Definition at line 500 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterTxDataFunc()
| void AppLayerParserRegisterTxDataFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerTxData *(*)(void *tx) | GetTxData | ||
| ) |
Definition at line 611 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterTxFreeFunc()
| void AppLayerParserRegisterTxFreeFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint64_t) | StateTransactionFree | ||
| ) |
Definition at line 521 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserRegisterUnittests()
| void AppLayerParserRegisterUnittests | ( | void | ) |
Definition at line 1935 of file app-layer-parser.c.
References ALPROTO_MAX, FLOW_PROTO_DEFAULT, and SCEnter.
◆ AppLayerParserRestoreParserTable()
| void AppLayerParserRestoreParserTable | ( | void | ) |
Definition at line 1840 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserSetDecoderEvents()
| void AppLayerParserSetDecoderEvents | ( | AppLayerParserState * | pstate, |
| AppLayerDecoderEvents * | devents | ||
| ) |
Definition at line 873 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events.
◆ AppLayerParserSetEOF()
| void AppLayerParserSetEOF | ( | AppLayerParserState * | pstate | ) |
Definition at line 1439 of file app-layer-parser.c.
References APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS, AppLayerParserStateSetFlag(), SCEnter, SCLogDebug, and SCReturn.
◆ AppLayerParserSetStreamDepth()
| void AppLayerParserSetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | stream_depth | ||
| ) |
Definition at line 1510 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserSetStreamDepthFlag()
| void AppLayerParserSetStreamDepthFlag | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | state, | ||
| uint64_t | tx_id, | ||
| uint8_t | flags | ||
| ) |
Definition at line 1526 of file app-layer-parser.c.
References AppLayerParserGetTx(), and SCEnter.
◆ AppLayerParserSetTransactionInspectId()
| void AppLayerParserSetTransactionInspectId | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| void * | alstate, | ||
| const uint8_t | flags, | ||
| bool | tag_txs_as_inspected | ||
| ) |
Definition at line 764 of file app-layer-parser.c.
References Flow_::alproto, AppLayerGetTxIterator(), AppLayerParserGetStateProgress(), AppLayerParserGetStateProgressCompletionStatus(), AppLayerParserGetTransactionInspectId(), AppLayerParserGetTxCnt(), AppLayerParserGetTxData(), flags, Flow_::proto, SCEnter, and SCLogDebug.
Referenced by DeStateUpdateInspectTransactionId().
◆ AppLayerParserSetTransactionLogId()
| void AppLayerParserSetTransactionLogId | ( | AppLayerParserState * | pstate, |
| uint64_t | tx_id | ||
| ) |
Definition at line 723 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturn.
◆ AppLayerParserSetup()
| int AppLayerParserSetup | ( | void | ) |
Definition at line 275 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerSetup(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserStateAlloc()
| AppLayerParserState* AppLayerParserStateAlloc | ( | void | ) |
Definition at line 250 of file app-layer-parser.c.
References SCEnter, SCMalloc, and SCReturnPtr.
◆ AppLayerParserStateCleanup()
| void AppLayerParserStateCleanup | ( | const Flow * | f, |
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1577 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserStateProtoCleanup(), and Flow_::protomap.
Referenced by FlowCleanupAppLayer().
◆ AppLayerParserStateFree()
| void AppLayerParserStateFree | ( | AppLayerParserState * | pstate | ) |
Definition at line 263 of file app-layer-parser.c.
References AppLayerDecoderEventsFreeEvents(), AppLayerParserState_::decoder_events, and SCEnter.
◆ AppLayerParserStateIssetFlag()
| int AppLayerParserStateIssetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1726 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturnInt.
Referenced by LLVMFuzzerTestOneInput().
◆ AppLayerParserStateProtoCleanup()
| void AppLayerParserStateProtoCleanup | ( | uint8_t | protomap, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1560 of file app-layer-parser.c.
References SCEnter.
Referenced by AppLayerParserStateCleanup().
◆ AppLayerParserStateSetFlag()
| void AppLayerParserStateSetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1718 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturn.
Referenced by AppLayerParserSetEOF(), and StreamTcpDisableAppLayer().
◆ AppLayerParserStreamTruncated()
| void AppLayerParserStreamTruncated | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1733 of file app-layer-parser.c.
References SCEnter.
◆ AppLayerParserSupportsFiles()
| int AppLayerParserSupportsFiles | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1183 of file app-layer-parser.c.
References ALPROTO_HTTP, ALPROTO_HTTP1, ALPROTO_HTTP2, and AppLayerParserSupportsFiles().
Referenced by AppLayerParserSupportsFiles().
◆ AppLayerParserThreadCtxAlloc()
| AppLayerParserThreadCtx* AppLayerParserThreadCtxAlloc | ( | void | ) |
Gets a new app layer protocol's parser thread context.
- Return values
-
Non-NULL pointer on success. NULL pointer on failure.
Definition at line 306 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserGetProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCCalloc, SCEnter, and SCReturnPtr.
Referenced by AppLayerGetCtxThread(), and LLVMFuzzerTestOneInput().
◆ AppLayerParserThreadCtxFree()
| void AppLayerParserThreadCtxFree | ( | AppLayerParserThreadCtx * | tctx | ) |
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
- Parameters
-
tctx Pointer to the thread context to be destroyed.
Definition at line 327 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserDestroyProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCFree, and SCReturn.
Referenced by AppLayerDestroyCtxThread().
◆ AppLayerParserTransactionsCleanup()
| void AppLayerParserTransactionsCleanup | ( | Flow * | f | ) |
remove obsolete (inspected and logged) transactions
Definition at line 918 of file app-layer-parser.c.
References DEBUG_ASSERT_FLOW_LOCKED, and SCEnter.
Referenced by LLVMFuzzerTestOneInput().
◆ AppLayerParserTriggerRawStreamReassembly()
| void AppLayerParserTriggerRawStreamReassembly | ( | Flow * | f, |
| int | direction | ||
| ) |
Definition at line 1499 of file app-layer-parser.c.
References Flow_::protoctx, SCEnter, SCLogDebug, SCReturn, and StreamTcpReassembleTriggerRawReassembly().
◆ UTHAppLayerParserStateGetIds()
| void UTHAppLayerParserStateGetIds | ( | void * | ptr, |
| uint64_t * | i1, | ||
| uint64_t * | i2, | ||
| uint64_t * | log, | ||
| uint64_t * | min | ||
| ) |
Definition at line 229 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and AppLayerParserState_::min_id.
