|
suricata
|
|
suricata
|
#include "app-layer-events.h"#include "detect-engine-state.h"#include "util-file.h"#include "stream-tcp-private.h"
Go to the source code of this file.
Data Structures | |
| struct | AppLayerGetTxIterTuple |
| struct | AppLayerGetTxIterState |
Macros | |
| #define | APP_LAYER_PARSER_EOF BIT_U8(0) |
| #define | APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1) |
| #define | APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2) |
| #define | APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3) |
| #define | APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) |
| #define | APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) |
| #define | APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) |
| #define | APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63) |
| #define | APP_LAYER_TX_PREFILTER_MASK ~APP_LAYER_TX_INSPECTED_FLAG |
Typedefs | |
| typedef struct AppLayerParserThreadCtx_ | AppLayerParserThreadCtx |
| typedef int(* | AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags) |
| Prototype for parsing functions. More... | |
| typedef struct AppLayerGetTxIterTuple | AppLayerGetTxIterTuple |
| typedef struct AppLayerGetTxIterState | AppLayerGetTxIterState |
| typedef AppLayerGetTxIterTuple(* | AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
| tx iterator prototype More... | |
Functions | |
| int | AppLayerParserProtoIsRegistered (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSetup (void) |
| void | AppLayerParserPostStreamSetup (void) |
| int | AppLayerParserDeSetup (void) |
| AppLayerParserThreadCtx * | AppLayerParserThreadCtxAlloc (void) |
| Gets a new app layer protocol's parser thread context. More... | |
| void | AppLayerParserThreadCtxFree (AppLayerParserThreadCtx *tctx) |
| Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc(). More... | |
| int | AppLayerParserConfParserEnabled (const char *ipproto, const char *alproto_name) |
| Given a protocol name, checks if the parser is enabled in the conf file. More... | |
| int | AppLayerParserRegisterParser (uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser) |
| Register app layer parser for the protocol. More... | |
| void | AppLayerParserRegisterParserAcceptableDataDirection (uint8_t ipproto, AppProto alproto, uint8_t direction) |
| void | AppLayerParserRegisterOptionFlags (uint8_t ipproto, AppProto alproto, uint32_t flags) |
| void | AppLayerParserRegisterStateFuncs (uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void), void(*StateFree)(void *)) |
| void | AppLayerParserRegisterLocalStorageFunc (uint8_t ipproto, AppProto proto, void *(*LocalStorageAlloc)(void), void(*LocalStorageFree)(void *)) |
| void | AppLayerParserRegisterGetFilesFunc (uint8_t ipproto, AppProto alproto, FileContainer *(*StateGetFiles)(void *, uint8_t)) |
| void | AppLayerParserRegisterGetEventsFunc (uint8_t ipproto, AppProto proto, AppLayerDecoderEvents *(*StateGetEvents)(void *) __attribute__((nonnull))) |
| void | AppLayerParserRegisterLoggerFuncs (uint8_t ipproto, AppProto alproto, LoggerId(*StateGetTxLogged)(void *, void *), void(*StateSetTxLogged)(void *, void *, LoggerId)) |
| void | AppLayerParserRegisterLogger (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserRegisterLoggerBits (uint8_t ipproto, AppProto alproto, LoggerId bits) |
| void | AppLayerParserRegisterTruncateFunc (uint8_t ipproto, AppProto alproto, void(*Truncate)(void *, uint8_t)) |
| void | AppLayerParserRegisterGetStateProgressFunc (uint8_t ipproto, AppProto alproto, int(*StateGetStateProgress)(void *alstate, uint8_t direction)) |
| void | AppLayerParserRegisterTxFreeFunc (uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t)) |
| void | AppLayerParserRegisterGetTxCnt (uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate)) |
| void | AppLayerParserRegisterGetTx (uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id)) |
| void | AppLayerParserRegisterGetTxIterator (uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func) |
| void | AppLayerParserRegisterGetStateProgressCompletionStatus (AppProto alproto, int(*StateGetStateProgressCompletionStatus)(uint8_t direction)) |
| void | AppLayerParserRegisterGetEventInfo (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterGetEventInfoById (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterDetectStateFuncs (uint8_t ipproto, AppProto alproto, DetectEngineState *(*GetTxDetectState)(void *tx), int(*SetTxDetectState)(void *tx, DetectEngineState *)) |
| void | AppLayerParserRegisterGetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t(*GetStreamDepth)(void)) |
| void | AppLayerParserRegisterMpmIDsFuncs (uint8_t ipproto, AppProto alproto, uint64_t(*GetTxMpmIDs)(void *tx), int(*SetTxMpmIDs)(void *tx, uint64_t)) |
| void | AppLayerParserRegisterDetectFlagsFuncs (uint8_t ipproto, AppProto alproto, uint64_t(*GetTxDetectFlags)(void *tx, uint8_t dir), void(*SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t)) |
| AppLayerGetTxIteratorFunc | AppLayerGetTxIterator (const uint8_t ipproto, const AppProto alproto) |
| void * | AppLayerParserGetProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserDestroyProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto, void *local_data) |
| uint64_t | AppLayerParserGetTransactionLogId (AppLayerParserState *pstate) |
| void | AppLayerParserSetTransactionLogId (AppLayerParserState *pstate, uint64_t tx_id) |
| void | AppLayerParserSetTxLogged (uint8_t ipproto, AppProto alproto, void *alstate, void *tx, LoggerId logged) |
| LoggerId | AppLayerParserGetTxLogged (const Flow *f, void *alstate, void *tx) |
| uint64_t | AppLayerParserGetTransactionInspectId (AppLayerParserState *pstate, uint8_t direction) |
| void | AppLayerParserSetTransactionInspectId (const Flow *f, AppLayerParserState *pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected) |
| AppLayerDecoderEvents * | AppLayerParserGetDecoderEvents (AppLayerParserState *pstate) |
| void | AppLayerParserSetDecoderEvents (AppLayerParserState *pstate, AppLayerDecoderEvents *devents) |
| AppLayerDecoderEvents * | AppLayerParserGetEventsByTx (uint8_t ipproto, AppProto alproto, void *tx) |
| FileContainer * | AppLayerParserGetFiles (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| int | AppLayerParserGetStateProgress (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| get the progress value for a tx/protocol More... | |
| uint64_t | AppLayerParserGetTxCnt (const Flow *, void *alstate) |
| void * | AppLayerParserGetTx (uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id) |
| int | AppLayerParserGetStateProgressCompletionStatus (AppProto alproto, uint8_t direction) |
| int | AppLayerParserGetEventInfo (uint8_t ipproto, AppProto alproto, const char *event_name, int *event_id, AppLayerEventType *event_type) |
| int | AppLayerParserGetEventInfoById (uint8_t ipproto, AppProto alproto, int event_id, const char **event_name, AppLayerEventType *event_type) |
| uint64_t | AppLayerParserGetTransactionActive (const Flow *f, AppLayerParserState *pstate, uint8_t direction) |
| uint8_t | AppLayerParserGetFirstDataDir (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSupportsFiles (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSupportsTxDetectState (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserHasTxDetectState (uint8_t ipproto, AppProto alproto, void *alstate) |
| DetectEngineState * | AppLayerParserGetTxDetectState (uint8_t ipproto, AppProto alproto, void *tx) |
| int | AppLayerParserSetTxDetectState (const Flow *f, void *tx, DetectEngineState *s) |
| uint64_t | AppLayerParserGetTxDetectFlags (uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir) |
| void | AppLayerParserSetTxDetectFlags (uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir, uint64_t) |
| int | AppLayerParserParse (ThreadVars *tv, AppLayerParserThreadCtx *tctx, Flow *f, AppProto alproto, uint8_t flags, uint8_t *input, uint32_t input_len) |
| void | AppLayerParserSetEOF (AppLayerParserState *pstate) |
| bool | AppLayerParserHasDecoderEvents (AppLayerParserState *pstate) |
| int | AppLayerParserIsTxAware (AppProto alproto) |
| simpler way to globally test if a alproto is registered and fully enabled in the configuration. More... | |
| int | AppLayerParserProtocolIsTxEventAware (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserProtocolHasLogger (uint8_t ipproto, AppProto alproto) |
| LoggerId | AppLayerParserProtocolGetLoggerBits (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserTriggerRawStreamReassembly (Flow *f, int direction) |
| void | AppLayerParserSetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t stream_depth) |
| uint32_t | AppLayerParserGetStreamDepth (const Flow *f) |
| void | AppLayerParserStateCleanup (const Flow *f, void *alstate, AppLayerParserState *pstate) |
| void | AppLayerParserRegisterProtocolParsers (void) |
| void | AppLayerParserStateSetFlag (AppLayerParserState *pstate, uint8_t flag) |
| int | AppLayerParserStateIssetFlag (AppLayerParserState *pstate, uint8_t flag) |
| void | AppLayerParserStreamTruncated (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| AppLayerParserState * | AppLayerParserStateAlloc (void) |
| void | AppLayerParserStateFree (AppLayerParserState *pstate) |
| void | AppLayerParserTransactionsCleanup (Flow *f) |
| remove obsolete (inspected and logged) transactions More... | |
| void | AppLayerParserRegisterProtocolUnittests (uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void)) |
| void | AppLayerParserRegisterUnittests (void) |
| void | AppLayerParserBackupParserTable (void) |
| void | AppLayerParserRestoreParserTable (void) |
| void | UTHAppLayerParserStateGetIds (void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min) |
Definition in file app-layer-parser.h.
| #define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) |
Definition at line 38 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), and SSLVersionToString().
| #define APP_LAYER_PARSER_EOF BIT_U8(0) |
Definition at line 34 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), AppLayerParserSetEOF(), DCERPCParser(), OutputRegisterTxLogger(), SMTPProcessDataChunk(), and SSLVersionToString().
| #define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) |
Definition at line 43 of file app-layer-parser.h.
Referenced by AppLayerParserPostStreamSetup(), and AppLayerParserSetStreamDepth().
| #define APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1) |
Definition at line 35 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), RegisterSSHParsers(), RegisterSSLParsers(), and SSLVersionToString().
| #define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3) |
Definition at line 37 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), and SSLVersionToString().
| #define APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2) |
Definition at line 36 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), and SSLVersionToString().
| #define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) |
Definition at line 41 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), RegisterENIPTCPParsers(), RegisterNFSTCPParsers(), and RegisterSMBParsers().
| #define APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63) |
is tx fully inspected?
Definition at line 48 of file app-layer-parser.h.
Referenced by AppLayerParserSetTransactionInspectId(), and AppLayerParserTransactionsCleanup().
| #define APP_LAYER_TX_PREFILTER_MASK ~APP_LAYER_TX_INSPECTED_FLAG |
other 63 bits are for tracking which prefilter engine is already completely inspected
Definition at line 51 of file app-layer-parser.h.
| typedef AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
tx iterator prototype
Definition at line 112 of file app-layer-parser.h.
| typedef struct AppLayerGetTxIterState AppLayerGetTxIterState |
| typedef struct AppLayerGetTxIterTuple AppLayerGetTxIterTuple |
| typedef int(* AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags) |
Prototype for parsing functions.
Definition at line 92 of file app-layer-parser.h.
| typedef struct AppLayerParserThreadCtx_ AppLayerParserThreadCtx |
Definition at line 61 of file app-layer-parser.h.
| AppLayerGetTxIteratorFunc AppLayerGetTxIterator | ( | const uint8_t | ipproto, |
| const AppProto | alproto | ||
| ) |
Definition at line 677 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), and AppLayerParserProtoCtx_::StateGetTxIterator.
Referenced by AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), and OutputRegisterTxLogger().
| void AppLayerParserBackupParserTable | ( | void | ) |
Definition at line 2002 of file app-layer-parser.c.
References SCEnter, and SCReturn.
Referenced by AppLayerParserRestoreParserTable().
| int AppLayerParserConfParserEnabled | ( | const char * | ipproto, |
| const char * | alproto_name | ||
| ) |
Given a protocol name, checks if the parser is enabled in the conf file.
| alproto_name | Name of the app layer protocol. |
| 1 | If enabled. |
| 0 | If disabled. |
Given a protocol name, checks if the parser is enabled in the conf file.
Definition at line 298 of file app-layer-parser.c.
References ConfGetNode(), ConfValIsFalse(), ConfValIsTrue(), RunmodeIsUnittests(), SC_ERR_FATAL, SCEnter, SCLogDebug, SCLogError, SCReturnInt, and ConfNode_::val.
Referenced by HTPFreeConfig(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| int AppLayerParserDeSetup | ( | void | ) |
Definition at line 239 of file app-layer-parser.c.
References SCEnter, SCReturnInt, and SMTPParserCleanup().
Referenced by AppLayerDeSetup().
| void AppLayerParserDestroyProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | local_data | ||
| ) |
Definition at line 627 of file app-layer-parser.c.
References AppLayerParserGetTx(), AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerGetTxIterTuple::has_next, MAX, SCEnter, SCLogDebug, SCReturn, AppLayerGetTxIterTuple::tx_id, tx_id, and AppLayerGetTxIterTuple::tx_ptr.
Referenced by AppLayerParserThreadCtxFree().
| AppLayerDecoderEvents* AppLayerParserGetDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 833 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events, SCEnter, and SCReturnPtr.
Referenced by AppLayerDecoderEventsSetEvent(), AppLayerParserHasDecoderEvents(), and HtpConfigRestoreBackup().
| int AppLayerParserGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const char * | event_name, | ||
| int * | event_id, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1053 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::StateGetEventInfo.
Referenced by DetectAppLayerEventRegister().
| int AppLayerParserGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int | event_id, | ||
| const char ** | event_name, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1063 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::StateGetEventInfoById.
| AppLayerDecoderEvents* AppLayerParserGetEventsByTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 846 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by DetectAppLayerEventRegister(), HtpConfigRestoreBackup(), and HTPFileClose().
| FileContainer* AppLayerParserGetFiles | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 863 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by DetectEngineStateResetTxs(), DetectFileInspectGeneric(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectFilestoreRegister(), FileDisableFilesize(), FileDisableMagic(), FileDisableMd5(), FileDisableSha1(), FileDisableSha256(), FileDisableStoring(), FileDisableStoringForTransaction(), OutputRegisterFiledataLogger(), and OutputRegisterFileLogger().
| uint8_t AppLayerParserGetFirstDataDir | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1074 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnCT.
Referenced by AppLayerIncTxCounter().
| void* AppLayerParserGetProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 612 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by AppLayerParserThreadCtxAlloc().
| int AppLayerParserGetStateProgress | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | flags | ||
| ) |
get the progress value for a tx/protocol
If the stream is disrupted, we return the 'completion' value.
Definition at line 1011 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, FlowGetProtoMapping(), IS_DISRUPTED, SCEnter, SCReturnInt, and unlikely.
Referenced by AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), DetectAppLayerEventRegister(), DetectEngineInspectBufferGeneric(), DetectHttpClientBodyRegister(), and OutputRegisterTxLogger().
| int AppLayerParserGetStateProgressCompletionStatus | ( | AppProto | alproto, |
| uint8_t | direction | ||
| ) |
Definition at line 1044 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, SCEnter, and SCReturnInt.
Referenced by AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), DetectAppLayerEventRegister(), and OutputRegisterTxLogger().
| uint32_t AppLayerParserGetStreamDepth | ( | const Flow * | f | ) |
Definition at line 1370 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, Flow_::protomap, SCReturnInt, and AppLayerParserProtoCtx_::stream_depth.
Referenced by AppLayerIncTxCounter().
| uint64_t AppLayerParserGetTransactionActive | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1083 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, AppLayerParserProtoCtx_::logger, Flow_::protomap, SCEnter, SCReturnCT, and STREAM_TOSERVER.
Referenced by FlowForceReassemblyNeedReassembly().
| uint64_t AppLayerParserGetTransactionInspectId | ( | AppLayerParserState * | pstate, |
| uint8_t | direction | ||
| ) |
Definition at line 730 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, SCEnter, SCReturnCT, and STREAM_TOSERVER.
Referenced by AppLayerParserSetTransactionInspectId(), DetectEngineStateResetTxs(), DetectLuaRegister(), and HttpHeaderGetBufferSpaceForTXID().
| uint64_t AppLayerParserGetTransactionLogId | ( | AppLayerParserState * | pstate | ) |
Definition at line 713 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturnCT.
Referenced by OutputRegisterTxLogger().
| void* AppLayerParserGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 1035 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by AppLayerParserDestroyProtocolParserLocalStorage(), DetectEngineStateResetTxs(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectUricontentRegister(), HtpConfigRestoreBackup(), HTPFileClose(), and HttpXFFGetIPFromTx().
| uint64_t AppLayerParserGetTxCnt | ( | const Flow * | , |
| void * | alstate | ||
| ) |
Definition at line 1026 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, Flow_::protomap, SCEnter, and SCReturnCT.
Referenced by AppLayerParserParse(), AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), DetectEngineStateResetTxs(), DetectLuaRegister(), DetectPcrePayloadMatch(), FlowForceReassemblyNeedReassembly(), HttpXFFGetIP(), HttpXFFGetIPFromTx(), and OutputRegisterTxLogger().
| uint64_t AppLayerParserGetTxDetectFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx, | ||
| uint8_t | dir | ||
| ) |
Definition at line 1134 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, flags, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectFlags, SCEnter, and SCReturnUInt.
Referenced by AppLayerParserSetTransactionInspectId(), and AppLayerParserTransactionsCleanup().
| DetectEngineState* AppLayerParserGetTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 1115 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectState, SCEnter, and SCReturnPtr.
Referenced by DetectEngineStateResetTxs(), and DetectRunStoreStateTx().
Definition at line 699 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, Flow_::protomap, SCEnter, SCReturnUInt, and AppLayerParserProtoCtx_::StateGetTxLogged.
Referenced by AppLayerParserTransactionsCleanup(), and OutputRegisterTxLogger().
| bool AppLayerParserHasDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 1300 of file app-layer-parser.c.
References AppLayerParserGetDecoderEvents(), AppLayerDecoderEvents_::cnt, AppLayerParserState_::decoder_events, and SCEnter.
Referenced by SigMatchSignaturesGetSgh().
| int AppLayerParserHasTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate | ||
| ) |
| int AppLayerParserIsTxAware | ( | AppProto | alproto | ) |
simpler way to globally test if a alproto is registered and fully enabled in the configuration.
Definition at line 1318 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, and AppLayerParserProtoCtx_::StateGetProgressCompletionStatus.
Referenced by OutputRegisterTxLogger().
| int AppLayerParserParse | ( | ThreadVars * | tv, |
| AppLayerParserThreadCtx * | tctx, | ||
| Flow * | f, | ||
| AppProto | alproto, | ||
| uint8_t | flags, | ||
| uint8_t * | input, | ||
| uint32_t | input_len | ||
| ) |
Definition at line 1155 of file app-layer-parser.c.
References Flow_::alparser, Flow_::alproto, AppLayerParserThreadCtx_::alproto_local_storage, Flow_::alstate, APP_LAYER_PARSER_BYPASS_READY, APP_LAYER_PARSER_EOF, APP_LAYER_PARSER_NO_INSPECTION, APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD, APP_LAYER_PARSER_NO_REASSEMBLY, APP_LAYER_PARSER_OPT_ACCEPT_GAPS, AppLayerGetProtoName(), AppLayerIncTxCounter(), AppLayerParserGetTxCnt(), AppLayerParserSetEOF(), AppLayerParserStateAlloc(), AppLayerParserStateSetFlag(), AppLayerParserStreamTruncated(), BUG_ON, AppLayerParserCtx_::ctxs, AppLayerParserState_::flags, Flow_::flags, FLOW_NOPAYLOAD_INSPECTION, FlowGetProtoMapping(), AppLayerParserProtoCtx_::option_flags, AppLayerParserProtoCtx_::Parser, Flow_::proto, Flow_::protoctx, Flow_::protomap, SCEnter, SCLogDebug, SCReturnInt, AppLayerParserProtoCtx_::StateAlloc, STREAM_DEPTH, STREAM_EOF, STREAM_GAP, STREAM_TOCLIENT, STREAM_TOSERVER, StreamTcpDisableAppLayer(), StreamTcpSetDisableRawReassemblyFlag(), StreamTcpSetSessionBypassFlag(), and StreamTcpSetSessionNoReassemblyFlag().
Referenced by AppLayerHandleTCPData(), AppLayerHandleUdp(), AppLayerIncTxCounter(), AppLayerParserRestoreParserTable(), AppLayerParserStreamTruncated(), DetectBypassRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTemplateRustBufferRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FTPAtExitPrintStats(), HtpConfigRestoreBackup(), HTPFileClose(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterModbusParsers(), RegisterSMBParsers(), RegisterSSHParsers(), RegisterSSLParsers(), and SMTPParserCleanup().
| void AppLayerParserPostStreamSetup | ( | void | ) |
Definition at line 222 of file app-layer-parser.c.
References ALPROTO_MAX, APP_LAYER_PARSER_INT_STREAM_DEPTH_SET, AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, AppLayerParserProtoCtx_::internal_flags, TcpStreamCnf_::reassembly_depth, stream_config, and AppLayerParserProtoCtx_::stream_depth.
Referenced by PreRunInit().
Definition at line 1340 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger_bits, SCEnter, and SCReturnUInt.
Referenced by AppLayerParserTransactionsCleanup(), and OutputRegisterTxLogger().
| int AppLayerParserProtocolHasLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1332 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger, SCEnter, and SCReturnInt.
Referenced by OutputRegisterTxLogger(), and RunModeInitializeOutputs().
| int AppLayerParserProtocolIsTxEventAware | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1324 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::StateGetEvents.
| int AppLayerParserProtoIsRegistered | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 184 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), and AppLayerParserProtoCtx_::StateAlloc.
Referenced by AppLayerSetupCounters().
| void AppLayerParserRegisterDetectFlagsFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *tx, uint8_t dir) | GetTxDetectFlags, | ||
| void(*)(void *tx, uint8_t dir, uint64_t) | SetTxDetectFlags | ||
| ) |
Definition at line 588 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectFlags, SCEnter, SCReturn, and AppLayerParserProtoCtx_::SetTxDetectFlags.
Referenced by RegisterDNP3Parsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), and RegisterSSLParsers().
| void AppLayerParserRegisterDetectStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| DetectEngineState *(*)(void *tx) | GetTxDetectState, | ||
| int(*)(void *tx, DetectEngineState *) | SetTxDetectState | ||
| ) |
Definition at line 576 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectState, SCEnter, SCReturn, and AppLayerParserProtoCtx_::SetTxDetectState.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(const char *event_name, int *event_id, AppLayerEventType *event_type) | StateGetEventInfo | ||
| ) |
Definition at line 564 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), DNSAppLayerRegisterGetEventInfo(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetEventInfoById | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(int event_id, const char **event_name, AppLayerEventType *event_type) | StateGetEventInfoById | ||
| ) |
Definition at line 552 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), DNSAppLayerRegisterGetEventInfoById(), RegisterDNP3Parsers(), RegisterENIPUDPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSLParsers(), and RegisterTemplateParsers().
| void AppLayerParserRegisterGetEventsFunc | ( | uint8_t | ipproto, |
| AppProto | proto, | ||
| AppLayerDecoderEvents * | *)(void *) __attribute__ StateGetEvents((nonnull) | ||
| ) |
| void AppLayerParserRegisterGetFilesFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| FileContainer *(*)(void *, uint8_t) | StateGetFiles | ||
| ) |
Definition at line 424 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::StateGetFiles.
Referenced by AppLayerRegisterParser(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), and RegisterSMTPParsers().
| void AppLayerParserRegisterGetStateProgressCompletionStatus | ( | AppProto | alproto, |
| int(*)(uint8_t direction) | StateGetStateProgressCompletionStatus | ||
| ) |
Definition at line 541 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetStateProgressFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(void *alstate, uint8_t direction) | StateGetStateProgress | ||
| ) |
Definition at line 489 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t(*)(void) | GetStreamDepth | ||
| ) |
| void AppLayerParserRegisterGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | StateGetTx)(void *alstate, uint64_t tx_id | ||
| ) |
Definition at line 522 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetTxCnt | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *alstate) | StateGetTxCnt | ||
| ) |
Definition at line 511 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerParserRestoreParserTable(), AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetTxIterator | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerGetTxIteratorFunc | Func | ||
| ) |
Definition at line 533 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::StateGetTxIterator.
Referenced by AppLayerRegisterParser(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), and RegisterSMBParsers().
| void AppLayerParserRegisterLocalStorageFunc | ( | uint8_t | ipproto, |
| AppProto | proto, | ||
| void *(*)(void) | LocalStorageAlloc, | ||
| void(*)(void *) | LocalStorageFree | ||
| ) |
Definition at line 410 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::LocalStorageAlloc, AppLayerParserProtoCtx_::LocalStorageFree, SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), and RegisterSMTPParsers().
| void AppLayerParserRegisterLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 470 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger, SCEnter, and SCReturn.
Referenced by JsonDNSLogAnswer(), LogHttpLogInitCtx(), and TLSGetIPInformations().
Definition at line 461 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger_bits, SCEnter, and SCReturn.
Referenced by RunModeInitializeOutputs().
| void AppLayerParserRegisterLoggerFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| LoggerId(*)(void *, void *) | StateGetTxLogged, | ||
| void(*)(void *, void *, LoggerId) | StateSetTxLogged | ||
| ) |
Definition at line 446 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, AppLayerParserProtoCtx_::StateGetTxLogged, and AppLayerParserProtoCtx_::StateSetTxLogged.
Referenced by AppLayerRegisterParser(), RegisterDNP3Parsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterMpmIDsFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *tx) | GetTxMpmIDs, | ||
| int(*)(void *tx, uint64_t) | SetTxMpmIDs | ||
| ) |
Definition at line 600 of file app-layer-parser.c.
References AppProtoToString(), SC_WARN_DEPRECATED, SCEnter, SCLogWarning, and SCReturn.
Referenced by AppLayerRegisterParser().
| void AppLayerParserRegisterOptionFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | flags | ||
| ) |
Definition at line 386 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, flags, FlowGetProtoMapping(), AppLayerParserProtoCtx_::option_flags, SCEnter, and SCReturn.
Referenced by RegisterENIPTCPParsers(), RegisterNFSTCPParsers(), and RegisterSMBParsers().
| int AppLayerParserRegisterParser | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction, | ||
| AppLayerParserFPtr | Parser | ||
| ) |
Register app layer parser for the protocol.
| 0 | On success. |
| -1 | On failure. |
Definition at line 363 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and STREAM_TOSERVER.
Referenced by AppLayerParserRestoreParserTable(), AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterParserAcceptableDataDirection | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction | ||
| ) |
Definition at line 375 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, AppLayerParserProtoCtx_::first_data_dir, FlowGetProtoMapping(), SCEnter, SCReturn, STREAM_TOCLIENT, and STREAM_TOSERVER.
Referenced by RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterSSHParsers(), and RegisterSSLParsers().
| void AppLayerParserRegisterProtocolParsers | ( | void | ) |
IMAP
MSN Messenger
Definition at line 1482 of file app-layer-parser.c.
References ALPROTO_IMAP, ALPROTO_MSN, AppLayerProtoDetectConfProtoDetectionEnabled(), AppLayerProtoDetectPMRegisterPatternCS(), AppLayerProtoDetectRegisterProtocol(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDHCPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterIKEV2Parsers(), RegisterKRB5Parsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterNTPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSNMPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), RegisterTemplateRustParsers(), RegisterTFTPParsers(), SCEnter, SCLogInfo, and STREAM_TOSERVER.
Referenced by AppLayerSetup().
| void AppLayerParserRegisterProtocolUnittests | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void) | RegisterUnittests | ||
| ) |
Definition at line 1993 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDHCPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTemplateRustParsers().
| void AppLayerParserRegisterStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void *(*)(void) | StateAlloc, | ||
| void(*)(void *) | StateFree | ||
| ) |
Definition at line 396 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, AppLayerParserProtoCtx_::StateAlloc, and AppLayerParserProtoCtx_::StateFree.
Referenced by AppLayerParserRestoreParserTable(), AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterTruncateFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint8_t) | Truncate | ||
| ) |
Definition at line 479 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::Truncate.
Referenced by RegisterHTPParsers(), RegisterSMBParsers(), and RegisterSMTPParsers().
| void AppLayerParserRegisterTxFreeFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint64_t) | StateTransactionFree | ||
| ) |
Definition at line 500 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterUnittests | ( | void | ) |
Definition at line 2126 of file app-layer-parser.c.
References ALPROTO_MAX, AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, AppLayerParserProtoCtx_::RegisterUnittests, SCEnter, SCReturn, and UtRegisterTest().
| void AppLayerParserRestoreParserTable | ( | void | ) |
Definition at line 2010 of file app-layer-parser.c.
References Flow_::alproto, ALPROTO_TEST, AppLayerParserBackupParserTable(), AppLayerParserParse(), AppLayerParserRegisterGetTxCnt(), AppLayerParserRegisterParser(), AppLayerParserRegisterStateFuncs(), AppLayerParserRestoreParserTable(), AppLayerParserThreadCtxAlloc(), TcpSession_::flags, FlowGetProtoMapping(), FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, Flow_::proto, Flow_::protoctx, Flow_::protomap, SCEnter, SCReturn, STREAM_EOF, STREAM_TOSERVER, STREAMTCP_FLAG_APP_LAYER_DISABLED, StreamTcpFreeConfig(), StreamTcpInitConfig(), TRUE, UTHBuildFlow(), and UTHFreeFlow().
Referenced by AppLayerParserRestoreParserTable().
| void AppLayerParserSetDecoderEvents | ( | AppLayerParserState * | pstate, |
| AppLayerDecoderEvents * | devents | ||
| ) |
Definition at line 841 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events.
Referenced by AppLayerDecoderEventsSetEvent().
| void AppLayerParserSetEOF | ( | AppLayerParserState * | pstate | ) |
Definition at line 1285 of file app-layer-parser.c.
References APP_LAYER_PARSER_EOF, AppLayerParserStateSetFlag(), SCEnter, and SCReturn.
Referenced by AppLayerParserParse().
| void AppLayerParserSetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | stream_depth | ||
| ) |
Definition at line 1359 of file app-layer-parser.c.
References APP_LAYER_PARSER_INT_STREAM_DEPTH_SET, AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::internal_flags, SCEnter, SCReturn, and AppLayerParserProtoCtx_::stream_depth.
Referenced by RegisterModbusParsers(), and RegisterSMBParsers().
| void AppLayerParserSetTransactionInspectId | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| void * | alstate, | ||
| const uint8_t | flags, | ||
| bool | tag_txs_as_inspected | ||
| ) |
Definition at line 740 of file app-layer-parser.c.
References Flow_::alproto, APP_LAYER_TX_INSPECTED_FLAG, AppLayerGetTxIterator(), AppLayerParserGetStateProgress(), AppLayerParserGetStateProgressCompletionStatus(), AppLayerParserGetTransactionInspectId(), AppLayerParserGetTxCnt(), AppLayerParserGetTxDetectFlags(), AppLayerParserSetTxDetectFlags(), AppLayerGetTxIterTuple::has_next, AppLayerParserState_::inspect_id, Flow_::proto, SCEnter, SCLogDebug, SCReturn, STREAM_TOSERVER, AppLayerGetTxIterTuple::tx_id, and AppLayerGetTxIterTuple::tx_ptr.
Referenced by DeStateUpdateInspectTransactionId().
| void AppLayerParserSetTransactionLogId | ( | AppLayerParserState * | pstate, |
| uint64_t | tx_id | ||
| ) |
Definition at line 720 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, SCReturn, and tx_id.
Referenced by OutputRegisterTxLogger().
| void AppLayerParserSetTxDetectFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx, | ||
| uint8_t | dir, | ||
| uint64_t | |||
| ) |
Definition at line 1144 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::SetTxDetectFlags.
Referenced by AppLayerParserSetTransactionInspectId().
| int AppLayerParserSetTxDetectState | ( | const Flow * | f, |
| void * | tx, | ||
| DetectEngineState * | s | ||
| ) |
Definition at line 1123 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, AppLayerParserProtoCtx_::GetTxDetectState, Flow_::protomap, SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::SetTxDetectState.
Referenced by DetectRunStoreStateTx().
| void AppLayerParserSetTxLogged | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| void * | tx, | ||
| LoggerId | logged | ||
| ) |
Definition at line 685 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by OutputRegisterTxLogger().
| int AppLayerParserSetup | ( | void | ) |
Definition at line 215 of file app-layer-parser.c.
References SCEnter, and SCReturnInt.
Referenced by AppLayerSetup(), and RegisterAllModules().
| AppLayerParserState* AppLayerParserStateAlloc | ( | void | ) |
Definition at line 191 of file app-layer-parser.c.
References SCEnter, SCMalloc, and SCReturnPtr.
Referenced by AppLayerParserParse(), and HtpConfigRestoreBackup().
| void AppLayerParserStateCleanup | ( | const Flow * | f, |
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1377 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserStateFree(), AppProtoToString(), AppLayerParserCtx_::ctxs, AppLayerParserProtoCtx_::first_data_dir, FLOW_PROTO_DEFAULT, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectState, AppLayerParserProtoCtx_::LocalStorageAlloc, AppLayerParserProtoCtx_::LocalStorageFree, AppLayerParserProtoCtx_::option_flags, AppLayerParserProtoCtx_::Parser, Flow_::protomap, SCEnter, SCReturn, AppLayerParserProtoCtx_::SetTxDetectState, AppLayerParserProtoCtx_::StateAlloc, AppLayerParserProtoCtx_::StateFree, AppLayerParserProtoCtx_::StateGetEventInfo, AppLayerParserProtoCtx_::StateGetEventInfoById, AppLayerParserProtoCtx_::StateGetEvents, AppLayerParserProtoCtx_::StateGetProgress, AppLayerParserProtoCtx_::StateGetProgressCompletionStatus, AppLayerParserProtoCtx_::StateGetTx, AppLayerParserProtoCtx_::StateGetTxCnt, AppLayerParserProtoCtx_::StateGetTxLogged, AppLayerParserProtoCtx_::StateSetTxLogged, and AppLayerParserProtoCtx_::StateTransactionFree.
Referenced by AppLayerProtoDetectReset(), and FlowCleanupAppLayer().
| void AppLayerParserStateFree | ( | AppLayerParserState * | pstate | ) |
Definition at line 204 of file app-layer-parser.c.
References AppLayerDecoderEventsFreeEvents(), AppLayerParserState_::decoder_events, SCEnter, SCFree, and SCReturn.
Referenced by AppLayerParserStateCleanup().
| int AppLayerParserStateIssetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1551 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturnInt.
Referenced by DCERPCParser(), OutputRegisterTxLogger(), RegisterSSHParsers(), SMTPProcessDataChunk(), and SSLVersionToString().
| void AppLayerParserStateSetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1544 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturn.
Referenced by AppLayerParserParse(), AppLayerParserSetEOF(), and SSLVersionToString().
| void AppLayerParserStreamTruncated | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1558 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), BUG_ON, AppLayerParserCtx_::ctxs, AppLayerParserState_::decoder_events, Flow_::dp, Flow_::dst, flags, Flow_::flags, FLOW_INITIALIZE, FLOW_IPV4, FlowFree(), FlowGetProtoMapping(), AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, Flow_::proto, Flow_::protoctx, Flow_::protomap, SCCalloc, SCEnter, SCLogDebug, SCReturn, Flow_::sp, Flow_::src, STREAM_EOF, STREAM_START, STREAM_TOCLIENT, STREAM_TOSERVER, and AppLayerParserProtoCtx_::Truncate.
Referenced by AppLayerParserParse().
| int AppLayerParserSupportsFiles | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1101 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FALSE, FlowGetProtoMapping(), and TRUE.
Referenced by SigMatchList2DataArray().
| int AppLayerParserSupportsTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1108 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FALSE, FlowGetProtoMapping(), and TRUE.
| AppLayerParserThreadCtx* AppLayerParserThreadCtxAlloc | ( | void | ) |
Gets a new app layer protocol's parser thread context.
| Non-NULL | pointer on success. NULL pointer on failure. |
Definition at line 248 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserGetProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCMalloc, and SCReturnPtr.
Referenced by AppLayerGetCtxThread(), AppLayerParserRestoreParserTable(), AppLayerParserStreamTruncated(), DetectBypassRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTemplateRustBufferRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FTPAtExitPrintStats(), HtpConfigRestoreBackup(), HTPFileClose(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterModbusParsers(), RegisterSMBParsers(), RegisterSSHParsers(), RegisterSSLParsers(), and SMTPParserCleanup().
| void AppLayerParserThreadCtxFree | ( | AppLayerParserThreadCtx * | tctx | ) |
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
| tctx | Pointer to the thread context to be destroyed. |
Definition at line 274 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserDestroyProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCFree, and SCReturn.
Referenced by AppLayerDestroyCtxThread(), AppLayerParserStreamTruncated(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTemplateRustBufferRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FTPAtExitPrintStats(), HtpConfigRestoreBackup(), HTPFileClose(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterModbusParsers(), RegisterSMBParsers(), RegisterSSHParsers(), RegisterSSLParsers(), and SMTPParserCleanup().
| void AppLayerParserTransactionsCleanup | ( | Flow * | f | ) |
remove obsolete (inspected and logged) transactions
Definition at line 883 of file app-layer-parser.c.
References Flow_::alparser, Flow_::alproto, Flow_::alstate, APP_LAYER_TX_INSPECTED_FLAG, AppLayerGetTxIterator(), AppLayerParserGetStateProgress(), AppLayerParserGetStateProgressCompletionStatus(), AppLayerParserGetTxCnt(), AppLayerParserGetTxDetectFlags(), AppLayerParserGetTxLogged(), AppLayerParserProtocolGetLoggerBits(), AppLayerParserCtx_::ctxs, DEBUG_ASSERT_FLOW_LOCKED, AppLayerGetTxIterTuple::has_next, AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, MAX, AppLayerParserState_::min_id, next, Flow_::proto, Flow_::protomap, SCEnter, SCLogDebug, SCReturn, Flow_::sgh_toclient, Flow_::sgh_toserver, AppLayerParserProtoCtx_::StateTransactionFree, STREAM_TOCLIENT, STREAM_TOSERVER, AppLayerGetTxIterTuple::tx_id, AppLayerGetTxIterTuple::tx_ptr, and unlikely.
Referenced by HtpConfigRestoreBackup(), and RegisterSMBParsers().
| void AppLayerParserTriggerRawStreamReassembly | ( | Flow * | f, |
| int | direction | ||
| ) |
Definition at line 1348 of file app-layer-parser.c.
References Flow_::protoctx, SCEnter, SCLogDebug, SCReturn, and StreamTcpReassembleTriggerRawReassembly().
Referenced by HTPFreeConfig(), and SSLVersionToString().
| void UTHAppLayerParserStateGetIds | ( | void * | ptr, |
| uint64_t * | i1, | ||
| uint64_t * | i2, | ||
| uint64_t * | log, | ||
| uint64_t * | min | ||
| ) |
Definition at line 170 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and AppLayerParserState_::min_id.
Referenced by HtpConfigRestoreBackup(), and RegisterSMBParsers().
1.8.11