|
suricata
|
|
suricata
|
#include "app-layer-events.h"#include "detect-engine-state.h"#include "util-file.h"#include "stream-tcp-private.h"
Go to the source code of this file.
Data Structures | |
| struct | AppLayerGetTxIterTuple |
| struct | AppLayerGetTxIterState |
Macros | |
| #define | APP_LAYER_PARSER_EOF BIT_U8(0) |
| #define | APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1) |
| #define | APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2) |
| #define | APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3) |
| #define | APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) |
| #define | APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) |
| #define | APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) |
| #define | APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63) |
| #define | APP_LAYER_TX_PREFILTER_MASK ~APP_LAYER_TX_INSPECTED_FLAG |
Typedefs | |
| typedef struct AppLayerParserThreadCtx_ | AppLayerParserThreadCtx |
| typedef int(* | AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags) |
| Prototype for parsing functions. More... | |
| typedef struct AppLayerGetTxIterTuple | AppLayerGetTxIterTuple |
| typedef struct AppLayerGetTxIterState | AppLayerGetTxIterState |
| typedef AppLayerGetTxIterTuple(* | AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
| tx iterator prototype More... | |
Functions | |
| int | AppLayerParserProtoIsRegistered (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSetup (void) |
| void | AppLayerParserPostStreamSetup (void) |
| int | AppLayerParserDeSetup (void) |
| AppLayerParserThreadCtx * | AppLayerParserThreadCtxAlloc (void) |
| Gets a new app layer protocol's parser thread context. More... | |
| void | AppLayerParserThreadCtxFree (AppLayerParserThreadCtx *tctx) |
| Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc(). More... | |
| int | AppLayerParserConfParserEnabled (const char *ipproto, const char *alproto_name) |
| Given a protocol name, checks if the parser is enabled in the conf file. More... | |
| int | AppLayerParserRegisterParser (uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser) |
| Register app layer parser for the protocol. More... | |
| void | AppLayerParserRegisterParserAcceptableDataDirection (uint8_t ipproto, AppProto alproto, uint8_t direction) |
| void | AppLayerParserRegisterOptionFlags (uint8_t ipproto, AppProto alproto, uint32_t flags) |
| void | AppLayerParserRegisterStateFuncs (uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void), void(*StateFree)(void *)) |
| void | AppLayerParserRegisterLocalStorageFunc (uint8_t ipproto, AppProto proto, void *(*LocalStorageAlloc)(void), void(*LocalStorageFree)(void *)) |
| void | AppLayerParserRegisterGetFilesFunc (uint8_t ipproto, AppProto alproto, FileContainer *(*StateGetFiles)(void *, uint8_t)) |
| void | AppLayerParserRegisterGetEventsFunc (uint8_t ipproto, AppProto proto, AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t)) |
| void | AppLayerParserRegisterLoggerFuncs (uint8_t ipproto, AppProto alproto, LoggerId(*StateGetTxLogged)(void *, void *), void(*StateSetTxLogged)(void *, void *, LoggerId)) |
| void | AppLayerParserRegisterLogger (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserRegisterLoggerBits (uint8_t ipproto, AppProto alproto, LoggerId bits) |
| void | AppLayerParserRegisterTruncateFunc (uint8_t ipproto, AppProto alproto, void(*Truncate)(void *, uint8_t)) |
| void | AppLayerParserRegisterGetStateProgressFunc (uint8_t ipproto, AppProto alproto, int(*StateGetStateProgress)(void *alstate, uint8_t direction)) |
| void | AppLayerParserRegisterTxFreeFunc (uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t)) |
| void | AppLayerParserRegisterGetTxCnt (uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate)) |
| void | AppLayerParserRegisterGetTx (uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id)) |
| void | AppLayerParserRegisterGetTxIterator (uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func) |
| void | AppLayerParserRegisterGetStateProgressCompletionStatus (AppProto alproto, int(*StateGetStateProgressCompletionStatus)(uint8_t direction)) |
| void | AppLayerParserRegisterGetEventInfo (uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type)) |
| void | AppLayerParserRegisterDetectStateFuncs (uint8_t ipproto, AppProto alproto, DetectEngineState *(*GetTxDetectState)(void *tx), int(*SetTxDetectState)(void *tx, DetectEngineState *)) |
| void | AppLayerParserRegisterGetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t(*GetStreamDepth)(void)) |
| void | AppLayerParserRegisterMpmIDsFuncs (uint8_t ipproto, AppProto alproto, uint64_t(*GetTxMpmIDs)(void *tx), int(*SetTxMpmIDs)(void *tx, uint64_t)) |
| void | AppLayerParserRegisterDetectFlagsFuncs (uint8_t ipproto, AppProto alproto, uint64_t(*GetTxDetectFlags)(void *tx, uint8_t dir), void(*SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t)) |
| AppLayerGetTxIteratorFunc | AppLayerGetTxIterator (const uint8_t ipproto, const AppProto alproto) |
| void * | AppLayerParserGetProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserDestroyProtocolParserLocalStorage (uint8_t ipproto, AppProto alproto, void *local_data) |
| uint64_t | AppLayerParserGetTransactionLogId (AppLayerParserState *pstate) |
| void | AppLayerParserSetTransactionLogId (AppLayerParserState *pstate, uint64_t tx_id) |
| void | AppLayerParserSetTxLogged (uint8_t ipproto, AppProto alproto, void *alstate, void *tx, LoggerId logged) |
| LoggerId | AppLayerParserGetTxLogged (const Flow *f, void *alstate, void *tx) |
| uint64_t | AppLayerParserGetTransactionInspectId (AppLayerParserState *pstate, uint8_t direction) |
| void | AppLayerParserSetTransactionInspectId (const Flow *f, AppLayerParserState *pstate, void *alstate, const uint8_t flags, bool tag_txs_as_inspected) |
| AppLayerDecoderEvents * | AppLayerParserGetDecoderEvents (AppLayerParserState *pstate) |
| void | AppLayerParserSetDecoderEvents (AppLayerParserState *pstate, AppLayerDecoderEvents *devents) |
| AppLayerDecoderEvents * | AppLayerParserGetEventsByTx (uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id) |
| FileContainer * | AppLayerParserGetFiles (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| int | AppLayerParserGetStateProgress (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| get the progress value for a tx/protocol More... | |
| uint64_t | AppLayerParserGetTxCnt (const Flow *, void *alstate) |
| void * | AppLayerParserGetTx (uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id) |
| int | AppLayerParserGetStateProgressCompletionStatus (AppProto alproto, uint8_t direction) |
| int | AppLayerParserGetEventInfo (uint8_t ipproto, AppProto alproto, const char *event_name, int *event_id, AppLayerEventType *event_type) |
| uint64_t | AppLayerParserGetTransactionActive (const Flow *f, AppLayerParserState *pstate, uint8_t direction) |
| uint8_t | AppLayerParserGetFirstDataDir (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSupportsFiles (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserSupportsTxDetectState (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserHasTxDetectState (uint8_t ipproto, AppProto alproto, void *alstate) |
| DetectEngineState * | AppLayerParserGetTxDetectState (uint8_t ipproto, AppProto alproto, void *tx) |
| int | AppLayerParserSetTxDetectState (const Flow *f, void *tx, DetectEngineState *s) |
| uint64_t | AppLayerParserGetTxDetectFlags (uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir) |
| void | AppLayerParserSetTxDetectFlags (uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir, uint64_t) |
| int | AppLayerParserParse (ThreadVars *tv, AppLayerParserThreadCtx *tctx, Flow *f, AppProto alproto, uint8_t flags, uint8_t *input, uint32_t input_len) |
| void | AppLayerParserSetEOF (AppLayerParserState *pstate) |
| bool | AppLayerParserHasDecoderEvents (AppLayerParserState *pstate) |
| int | AppLayerParserIsTxAware (AppProto alproto) |
| simpler way to globally test if a alproto is registered and fully enabled in the configuration. More... | |
| int | AppLayerParserProtocolIsTxAware (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserProtocolIsTxEventAware (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserProtocolSupportsTxs (uint8_t ipproto, AppProto alproto) |
| int | AppLayerParserProtocolHasLogger (uint8_t ipproto, AppProto alproto) |
| LoggerId | AppLayerParserProtocolGetLoggerBits (uint8_t ipproto, AppProto alproto) |
| void | AppLayerParserTriggerRawStreamReassembly (Flow *f, int direction) |
| void | AppLayerParserSetStreamDepth (uint8_t ipproto, AppProto alproto, uint32_t stream_depth) |
| uint32_t | AppLayerParserGetStreamDepth (const Flow *f) |
| void | AppLayerParserStateCleanup (const Flow *f, void *alstate, AppLayerParserState *pstate) |
| void | AppLayerParserRegisterProtocolParsers (void) |
| void | AppLayerParserStateSetFlag (AppLayerParserState *pstate, uint8_t flag) |
| int | AppLayerParserStateIssetFlag (AppLayerParserState *pstate, uint8_t flag) |
| void | AppLayerParserStreamTruncated (uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction) |
| AppLayerParserState * | AppLayerParserStateAlloc (void) |
| void | AppLayerParserStateFree (AppLayerParserState *pstate) |
| void | AppLayerParserTransactionsCleanup (Flow *f) |
| remove obsolete (inspected and logged) transactions More... | |
| void | AppLayerParserRegisterProtocolUnittests (uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void)) |
| void | AppLayerParserRegisterUnittests (void) |
| void | AppLayerParserBackupParserTable (void) |
| void | AppLayerParserRestoreParserTable (void) |
| void | UTHAppLayerParserStateGetIds (void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min) |
Definition in file app-layer-parser.h.
| #define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) |
Definition at line 38 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), and SSLVersionToString().
| #define APP_LAYER_PARSER_EOF BIT_U8(0) |
Definition at line 34 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), AppLayerParserSetEOF(), DCERPCParser(), OutputRegisterTxLogger(), RegisterTFTPParsers(), SMTPProcessDataChunk(), and SSLVersionToString().
| #define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0) |
Definition at line 43 of file app-layer-parser.h.
Referenced by AppLayerParserPostStreamSetup(), and AppLayerParserSetStreamDepth().
| #define APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1) |
Definition at line 35 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), RegisterSSHParsers(), RegisterSSLParsers(), and SSLVersionToString().
| #define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3) |
Definition at line 37 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), and SSLVersionToString().
| #define APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2) |
Definition at line 36 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), and SSLVersionToString().
| #define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0) |
Definition at line 41 of file app-layer-parser.h.
Referenced by AppLayerParserParse(), RegisterENIPTCPParsers(), RegisterNFSTCPParsers(), and RegisterSMBParsers().
| #define APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63) |
is tx fully inspected?
Definition at line 48 of file app-layer-parser.h.
Referenced by AppLayerParserSetTransactionInspectId(), and AppLayerParserTransactionsCleanup().
| #define APP_LAYER_TX_PREFILTER_MASK ~APP_LAYER_TX_INSPECTED_FLAG |
other 63 bits are for tracking which prefilter engine is already completely inspected
Definition at line 51 of file app-layer-parser.h.
| typedef AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc) (const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state) |
tx iterator prototype
Definition at line 112 of file app-layer-parser.h.
| typedef struct AppLayerGetTxIterState AppLayerGetTxIterState |
| typedef struct AppLayerGetTxIterTuple AppLayerGetTxIterTuple |
| typedef int(* AppLayerParserFPtr) (Flow *f, void *protocol_state, AppLayerParserState *pstate, uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags) |
Prototype for parsing functions.
Definition at line 92 of file app-layer-parser.h.
| typedef struct AppLayerParserThreadCtx_ AppLayerParserThreadCtx |
Definition at line 61 of file app-layer-parser.h.
| AppLayerGetTxIteratorFunc AppLayerGetTxIterator | ( | const uint8_t | ipproto, |
| const AppProto | alproto | ||
| ) |
Definition at line 662 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), and AppLayerParserProtoCtx_::StateGetTxIterator.
Referenced by AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), and OutputRegisterTxLogger().
| void AppLayerParserBackupParserTable | ( | void | ) |
Definition at line 1991 of file app-layer-parser.c.
References SCEnter, and SCReturn.
Referenced by AppLayerParserRestoreParserTable().
| int AppLayerParserConfParserEnabled | ( | const char * | ipproto, |
| const char * | alproto_name | ||
| ) |
Given a protocol name, checks if the parser is enabled in the conf file.
| alproto_name | Name of the app layer protocol. |
| 1 | If enabled. |
| 0 | If disabled. |
Given a protocol name, checks if the parser is enabled in the conf file.
Definition at line 295 of file app-layer-parser.c.
References ConfGetNode(), ConfValIsFalse(), ConfValIsTrue(), RunmodeIsUnittests(), SC_ERR_FATAL, SCEnter, SCLogDebug, SCLogError, SCReturnInt, and ConfNode_::val.
Referenced by HTPFreeConfig(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| int AppLayerParserDeSetup | ( | void | ) |
Definition at line 236 of file app-layer-parser.c.
References SCEnter, SCReturnInt, and SMTPParserCleanup().
Referenced by AppLayerDeSetup().
| void AppLayerParserDestroyProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | local_data | ||
| ) |
Definition at line 612 of file app-layer-parser.c.
References AppLayerParserGetTx(), AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerGetTxIterTuple::has_next, MAX, SCEnter, SCLogDebug, SCReturn, AppLayerGetTxIterTuple::tx_id, tx_id, and AppLayerGetTxIterTuple::tx_ptr.
Referenced by AppLayerParserThreadCtxFree().
| AppLayerDecoderEvents* AppLayerParserGetDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 818 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events, SCEnter, and SCReturnPtr.
Referenced by AppLayerDecoderEventsSetEvent(), AppLayerParserHasDecoderEvents(), and HtpConfigRestoreBackup().
| int AppLayerParserGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| const char * | event_name, | ||
| int * | event_id, | ||
| AppLayerEventType * | event_type | ||
| ) |
Definition at line 1039 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::StateGetEventInfo.
Referenced by DetectAppLayerEventRegister().
| AppLayerDecoderEvents* AppLayerParserGetEventsByTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 831 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by DetectAppLayerEventRegister(), HtpConfigRestoreBackup(), and HTPFileClose().
| FileContainer* AppLayerParserGetFiles | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 848 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by DetectEngineStateResetTxs(), DetectFileInspectGeneric(), DetectFilenameRegister(), DetectFilestoreRegister(), FileDisableFilesize(), FileDisableMagic(), FileDisableMd5(), FileDisableSha1(), FileDisableSha256(), FileDisableStoring(), FileDisableStoringForTransaction(), OutputRegisterFiledataLogger(), and OutputRegisterFileLogger().
| uint8_t AppLayerParserGetFirstDataDir | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1049 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnCT.
Referenced by AppLayerIncTxCounter().
| void* AppLayerParserGetProtocolParserLocalStorage | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 597 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by AppLayerParserThreadCtxAlloc().
| int AppLayerParserGetStateProgress | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | flags | ||
| ) |
get the progress value for a tx/protocol
If the stream is disrupted, we return the 'completion' value.
Definition at line 996 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, FlowGetProtoMapping(), IS_DISRUPTED, SCEnter, SCReturnInt, and unlikely.
Referenced by AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), DetectAppLayerEventRegister(), DetectEngineInspectBufferGeneric(), DetectHttpClientBodyRegister(), DetectHttpResponseLineRegister(), and OutputRegisterTxLogger().
| int AppLayerParserGetStateProgressCompletionStatus | ( | AppProto | alproto, |
| uint8_t | direction | ||
| ) |
Definition at line 1029 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, SCEnter, and SCReturnInt.
Referenced by AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), DetectAppLayerEventRegister(), and OutputRegisterTxLogger().
| uint32_t AppLayerParserGetStreamDepth | ( | const Flow * | f | ) |
Definition at line 1366 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, Flow_::protomap, SCReturnInt, and AppLayerParserProtoCtx_::stream_depth.
Referenced by AppLayerIncTxCounter().
| uint64_t AppLayerParserGetTransactionActive | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1058 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, AppLayerParserProtoCtx_::logger, Flow_::protomap, SCEnter, SCReturnCT, and STREAM_TOSERVER.
Referenced by FlowForceReassemblyNeedReassembly().
| uint64_t AppLayerParserGetTransactionInspectId | ( | AppLayerParserState * | pstate, |
| uint8_t | direction | ||
| ) |
Definition at line 715 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, SCEnter, SCReturnCT, and STREAM_TOSERVER.
Referenced by AppLayerParserSetTransactionInspectId(), DetectEngineStateResetTxs(), DetectLuaRegister(), and HttpHeaderGetBufferSpaceForTXID().
| uint64_t AppLayerParserGetTransactionLogId | ( | AppLayerParserState * | pstate | ) |
Definition at line 698 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, and SCReturnCT.
Referenced by OutputRegisterTxLogger().
| void* AppLayerParserGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 1020 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturnPtr.
Referenced by AppLayerParserDestroyProtocolParserLocalStorage(), DetectEngineStateResetTxs(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectUricontentRegister(), HTPFileClose(), and HttpXFFGetIPFromTx().
| uint64_t AppLayerParserGetTxCnt | ( | const Flow * | , |
| void * | alstate | ||
| ) |
Definition at line 1011 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, Flow_::protomap, SCEnter, and SCReturnCT.
Referenced by AppLayerParserParse(), AppLayerParserSetTransactionInspectId(), AppLayerParserTransactionsCleanup(), DetectEngineStateResetTxs(), DetectLuaRegister(), DetectPcrePayloadMatch(), FlowForceReassemblyNeedReassembly(), HttpXFFGetIP(), HttpXFFGetIPFromTx(), and OutputRegisterTxLogger().
| uint64_t AppLayerParserGetTxDetectFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx, | ||
| uint8_t | dir | ||
| ) |
Definition at line 1109 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, flags, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectFlags, SCEnter, and SCReturnUInt.
Referenced by AppLayerParserSetTransactionInspectId(), and AppLayerParserTransactionsCleanup().
| DetectEngineState* AppLayerParserGetTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx | ||
| ) |
Definition at line 1090 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectState, SCEnter, and SCReturnPtr.
Referenced by DetectEngineStateResetTxs(), and DetectRunStoreStateTx().
Definition at line 684 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, Flow_::protomap, SCEnter, SCReturnUInt, and AppLayerParserProtoCtx_::StateGetTxLogged.
Referenced by AppLayerParserTransactionsCleanup(), and OutputRegisterTxLogger().
| bool AppLayerParserHasDecoderEvents | ( | AppLayerParserState * | pstate | ) |
Definition at line 1280 of file app-layer-parser.c.
References AppLayerParserGetDecoderEvents(), AppLayerDecoderEvents_::cnt, AppLayerParserState_::decoder_events, and SCEnter.
Referenced by SigMatchSignaturesGetSgh().
| int AppLayerParserHasTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate | ||
| ) |
| int AppLayerParserIsTxAware | ( | AppProto | alproto | ) |
simpler way to globally test if a alproto is registered and fully enabled in the configuration.
Definition at line 1298 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, and AppLayerParserProtoCtx_::StateGetProgressCompletionStatus.
Referenced by OutputRegisterTxLogger().
| int AppLayerParserParse | ( | ThreadVars * | tv, |
| AppLayerParserThreadCtx * | tctx, | ||
| Flow * | f, | ||
| AppProto | alproto, | ||
| uint8_t | flags, | ||
| uint8_t * | input, | ||
| uint32_t | input_len | ||
| ) |
Definition at line 1130 of file app-layer-parser.c.
References Flow_::alparser, Flow_::alproto, AppLayerParserThreadCtx_::alproto_local_storage, Flow_::alstate, APP_LAYER_PARSER_BYPASS_READY, APP_LAYER_PARSER_EOF, APP_LAYER_PARSER_NO_INSPECTION, APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD, APP_LAYER_PARSER_NO_REASSEMBLY, APP_LAYER_PARSER_OPT_ACCEPT_GAPS, AppLayerGetProtoName(), AppLayerIncTxCounter(), AppLayerParserGetTxCnt(), AppLayerParserProtocolIsTxAware(), AppLayerParserSetEOF(), AppLayerParserStateAlloc(), AppLayerParserStateSetFlag(), AppLayerParserStreamTruncated(), BUG_ON, AppLayerParserCtx_::ctxs, AppLayerParserState_::flags, Flow_::flags, FLOW_NOPAYLOAD_INSPECTION, FlowGetProtoMapping(), likely, AppLayerParserProtoCtx_::option_flags, AppLayerParserProtoCtx_::Parser, Flow_::proto, Flow_::protoctx, Flow_::protomap, SCEnter, SCLogDebug, SCReturnInt, AppLayerParserProtoCtx_::StateAlloc, STREAM_DEPTH, STREAM_EOF, STREAM_GAP, STREAM_TOCLIENT, STREAM_TOSERVER, StreamTcpDisableAppLayer(), StreamTcpSetDisableRawReassemblyFlag(), StreamTcpSetSessionBypassFlag(), and StreamTcpSetSessionNoReassemblyFlag().
Referenced by AppLayerHandleTCPData(), AppLayerHandleUdp(), AppLayerIncTxCounter(), AppLayerParserRestoreParserTable(), AppLayerParserStreamTruncated(), DetectBypassRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTemplateRustBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FTPAtExitPrintStats(), HtpConfigRestoreBackup(), HTPFileClose(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterModbusParsers(), RegisterSMBParsers(), RegisterSSHParsers(), RegisterSSLParsers(), and SMTPParserCleanup().
| void AppLayerParserPostStreamSetup | ( | void | ) |
Definition at line 219 of file app-layer-parser.c.
References ALPROTO_MAX, APP_LAYER_PARSER_INT_STREAM_DEPTH_SET, AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, AppLayerParserProtoCtx_::internal_flags, TcpStreamCnf_::reassembly_depth, stream_config, and AppLayerParserProtoCtx_::stream_depth.
Referenced by PreRunInit().
Definition at line 1336 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger_bits, SCEnter, and SCReturnUInt.
Referenced by AppLayerParserTransactionsCleanup(), and OutputRegisterTxLogger().
| int AppLayerParserProtocolHasLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1328 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger, SCEnter, and SCReturnInt.
Referenced by OutputRegisterTxLogger(), and RunModeInitializeOutputs().
| int AppLayerParserProtocolIsTxAware | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1304 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::StateGetTx.
Referenced by AppLayerParserParse(), AppLayerRegisterThreadCounters(), AppLayerSetupCounters(), and OutputRegisterTxLogger().
| int AppLayerParserProtocolIsTxEventAware | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1312 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::StateGetEvents.
| int AppLayerParserProtocolSupportsTxs | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1320 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::StateTransactionFree.
Referenced by DetectSignatureApplyActions(), FlowForceReassemblyNeedReassembly(), and SigMatchSignaturesGetSgh().
| int AppLayerParserProtoIsRegistered | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 181 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), and AppLayerParserProtoCtx_::StateAlloc.
Referenced by AppLayerSetupCounters().
| void AppLayerParserRegisterDetectFlagsFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *tx, uint8_t dir) | GetTxDetectFlags, | ||
| void(*)(void *tx, uint8_t dir, uint64_t) | SetTxDetectFlags | ||
| ) |
Definition at line 573 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectFlags, SCEnter, SCReturn, and AppLayerParserProtoCtx_::SetTxDetectFlags.
Referenced by RegisterHTPParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), and RegisterSSLParsers().
| void AppLayerParserRegisterDetectStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| DetectEngineState *(*)(void *tx) | GetTxDetectState, | ||
| int(*)(void *tx, DetectEngineState *) | SetTxDetectState | ||
| ) |
Definition at line 561 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectState, SCEnter, SCReturn, and AppLayerParserProtoCtx_::SetTxDetectState.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetEventInfo | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(const char *event_name, int *event_id, AppLayerEventType *event_type) | StateGetEventInfo | ||
| ) |
Definition at line 549 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), DNSAppLayerRegisterGetEventInfo(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetEventsFunc | ( | uint8_t | ipproto, |
| AppProto | proto, | ||
| AppLayerDecoderEvents *(*)(void *, uint64_t) | StateGetEvents | ||
| ) |
Definition at line 432 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::StateGetEvents.
Referenced by AppLayerRegisterParser(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetFilesFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| FileContainer *(*)(void *, uint8_t) | StateGetFiles | ||
| ) |
Definition at line 421 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::StateGetFiles.
Referenced by AppLayerRegisterParser(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), and RegisterSMTPParsers().
| void AppLayerParserRegisterGetStateProgressCompletionStatus | ( | AppProto | alproto, |
| int(*)(uint8_t direction) | StateGetStateProgressCompletionStatus | ||
| ) |
Definition at line 538 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetStateProgressFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| int(*)(void *alstate, uint8_t direction) | StateGetStateProgress | ||
| ) |
Definition at line 486 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t(*)(void) | GetStreamDepth | ||
| ) |
| void AppLayerParserRegisterGetTx | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | StateGetTx)(void *alstate, uint64_t tx_id | ||
| ) |
Definition at line 519 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetTxCnt | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *alstate) | StateGetTxCnt | ||
| ) |
Definition at line 508 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterGetTxIterator | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| AppLayerGetTxIteratorFunc | Func | ||
| ) |
Definition at line 530 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::StateGetTxIterator.
Referenced by AppLayerRegisterParser(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), and RegisterSMBParsers().
| void AppLayerParserRegisterLocalStorageFunc | ( | uint8_t | ipproto, |
| AppProto | proto, | ||
| void *(*)(void) | LocalStorageAlloc, | ||
| void(*)(void *) | LocalStorageFree | ||
| ) |
Definition at line 407 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::LocalStorageAlloc, AppLayerParserProtoCtx_::LocalStorageFree, SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), and RegisterSMTPParsers().
| void AppLayerParserRegisterLogger | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 467 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger, SCEnter, and SCReturn.
Referenced by LogHttpLogInitCtx(), and TLSGetIPInformations().
Definition at line 458 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::logger_bits, SCEnter, and SCReturn.
Referenced by RunModeInitializeOutputs().
| void AppLayerParserRegisterLoggerFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| LoggerId(*)(void *, void *) | StateGetTxLogged, | ||
| void(*)(void *, void *, LoggerId) | StateSetTxLogged | ||
| ) |
Definition at line 443 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, AppLayerParserProtoCtx_::StateGetTxLogged, and AppLayerParserProtoCtx_::StateSetTxLogged.
Referenced by AppLayerRegisterParser(), RegisterDNP3Parsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterMpmIDsFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint64_t(*)(void *tx) | GetTxMpmIDs, | ||
| int(*)(void *tx, uint64_t) | SetTxMpmIDs | ||
| ) |
Definition at line 585 of file app-layer-parser.c.
References AppProtoToString(), SC_WARN_DEPRECATED, SCEnter, SCLogWarning, and SCReturn.
Referenced by AppLayerRegisterParser().
| void AppLayerParserRegisterOptionFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | flags | ||
| ) |
Definition at line 383 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, flags, FlowGetProtoMapping(), AppLayerParserProtoCtx_::option_flags, SCEnter, and SCReturn.
Referenced by RegisterENIPTCPParsers(), RegisterNFSTCPParsers(), and RegisterSMBParsers().
| int AppLayerParserRegisterParser | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction, | ||
| AppLayerParserFPtr | Parser | ||
| ) |
Register app layer parser for the protocol.
| 0 | On success. |
| -1 | On failure. |
Definition at line 360 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturnInt, and STREAM_TOSERVER.
Referenced by AppLayerParserRestoreParserTable(), AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterParserAcceptableDataDirection | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint8_t | direction | ||
| ) |
Definition at line 372 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, AppLayerParserProtoCtx_::first_data_dir, FlowGetProtoMapping(), SCEnter, SCReturn, STREAM_TOCLIENT, and STREAM_TOSERVER.
Referenced by RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterSSHParsers(), and RegisterSSLParsers().
| void AppLayerParserRegisterProtocolParsers | ( | void | ) |
IMAP
MSN Messenger
Definition at line 1477 of file app-layer-parser.c.
References ALPROTO_IMAP, ALPROTO_MSN, AppLayerProtoDetectConfProtoDetectionEnabled(), AppLayerProtoDetectPMRegisterPatternCS(), AppLayerProtoDetectRegisterProtocol(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDHCPParsers(), RegisterDNP3Parsers(), RegisterDNSTCPParsers(), RegisterDNSUDPParsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterIKEV2Parsers(), RegisterKRB5Parsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterNTPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), RegisterTemplateRustParsers(), RegisterTFTPParsers(), SCEnter, SCLogInfo, and STREAM_TOSERVER.
Referenced by AppLayerSetup().
| void AppLayerParserRegisterProtocolUnittests | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void) | RegisterUnittests | ||
| ) |
Definition at line 1982 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDHCPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), RegisterTemplateRustParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterStateFuncs | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void *(*)(void) | StateAlloc, | ||
| void(*)(void *) | StateFree | ||
| ) |
Definition at line 393 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, AppLayerParserProtoCtx_::StateAlloc, and AppLayerParserProtoCtx_::StateFree.
Referenced by AppLayerParserRestoreParserTable(), AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterTruncateFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint8_t) | Truncate | ||
| ) |
Definition at line 476 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::Truncate.
Referenced by RegisterHTPParsers(), RegisterSMBParsers(), and RegisterSMTPParsers().
| void AppLayerParserRegisterTxFreeFunc | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void(*)(void *, uint64_t) | StateTransactionFree | ||
| ) |
Definition at line 497 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by AppLayerRegisterParser(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterFTPParsers(), RegisterHTPParsers(), RegisterModbusParsers(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterSMBParsers(), RegisterSMTPParsers(), RegisterSSHParsers(), RegisterSSLParsers(), RegisterTemplateParsers(), and RegisterTFTPParsers().
| void AppLayerParserRegisterUnittests | ( | void | ) |
Definition at line 2113 of file app-layer-parser.c.
References ALPROTO_MAX, AppLayerParserCtx_::ctxs, FLOW_PROTO_DEFAULT, AppLayerParserProtoCtx_::RegisterUnittests, SCEnter, SCReturn, and UtRegisterTest().
| void AppLayerParserRestoreParserTable | ( | void | ) |
Definition at line 1999 of file app-layer-parser.c.
References Flow_::alproto, ALPROTO_TEST, AppLayerParserBackupParserTable(), AppLayerParserParse(), AppLayerParserRegisterParser(), AppLayerParserRegisterStateFuncs(), AppLayerParserRestoreParserTable(), AppLayerParserThreadCtxAlloc(), TcpSession_::flags, FlowGetProtoMapping(), FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, Flow_::proto, Flow_::protoctx, Flow_::protomap, SCEnter, SCReturn, STREAM_EOF, STREAM_TOSERVER, STREAMTCP_FLAG_APP_LAYER_DISABLED, StreamTcpFreeConfig(), StreamTcpInitConfig(), TRUE, UTHBuildFlow(), and UTHFreeFlow().
Referenced by AppLayerParserRestoreParserTable().
| void AppLayerParserSetDecoderEvents | ( | AppLayerParserState * | pstate, |
| AppLayerDecoderEvents * | devents | ||
| ) |
Definition at line 826 of file app-layer-parser.c.
References AppLayerParserState_::decoder_events.
Referenced by AppLayerDecoderEventsSetEvent().
| void AppLayerParserSetEOF | ( | AppLayerParserState * | pstate | ) |
Definition at line 1265 of file app-layer-parser.c.
References APP_LAYER_PARSER_EOF, AppLayerParserStateSetFlag(), SCEnter, and SCReturn.
Referenced by AppLayerParserParse().
| void AppLayerParserSetStreamDepth | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| uint32_t | stream_depth | ||
| ) |
Definition at line 1355 of file app-layer-parser.c.
References APP_LAYER_PARSER_INT_STREAM_DEPTH_SET, AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), AppLayerParserProtoCtx_::internal_flags, SCEnter, SCReturn, and AppLayerParserProtoCtx_::stream_depth.
Referenced by RegisterModbusParsers(), and RegisterSMBParsers().
| void AppLayerParserSetTransactionInspectId | ( | const Flow * | f, |
| AppLayerParserState * | pstate, | ||
| void * | alstate, | ||
| const uint8_t | flags, | ||
| bool | tag_txs_as_inspected | ||
| ) |
Definition at line 725 of file app-layer-parser.c.
References Flow_::alproto, APP_LAYER_TX_INSPECTED_FLAG, AppLayerGetTxIterator(), AppLayerParserGetStateProgress(), AppLayerParserGetStateProgressCompletionStatus(), AppLayerParserGetTransactionInspectId(), AppLayerParserGetTxCnt(), AppLayerParserGetTxDetectFlags(), AppLayerParserSetTxDetectFlags(), AppLayerGetTxIterTuple::has_next, AppLayerParserState_::inspect_id, Flow_::proto, SCEnter, SCLogDebug, SCReturn, STREAM_TOSERVER, AppLayerGetTxIterTuple::tx_id, and AppLayerGetTxIterTuple::tx_ptr.
Referenced by DeStateUpdateInspectTransactionId().
| void AppLayerParserSetTransactionLogId | ( | AppLayerParserState * | pstate, |
| uint64_t | tx_id | ||
| ) |
Definition at line 705 of file app-layer-parser.c.
References AppLayerParserState_::log_id, SCEnter, SCReturn, and tx_id.
Referenced by OutputRegisterTxLogger().
| void AppLayerParserSetTxDetectFlags | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | tx, | ||
| uint8_t | dir, | ||
| uint64_t | |||
| ) |
Definition at line 1119 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, SCReturn, and AppLayerParserProtoCtx_::SetTxDetectFlags.
Referenced by AppLayerParserSetTransactionInspectId().
| int AppLayerParserSetTxDetectState | ( | const Flow * | f, |
| void * | tx, | ||
| DetectEngineState * | s | ||
| ) |
Definition at line 1098 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserCtx_::ctxs, AppLayerParserProtoCtx_::GetTxDetectState, Flow_::protomap, SCEnter, SCReturnInt, and AppLayerParserProtoCtx_::SetTxDetectState.
Referenced by DetectRunStoreStateTx().
| void AppLayerParserSetTxLogged | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| void * | tx, | ||
| LoggerId | logged | ||
| ) |
Definition at line 670 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FlowGetProtoMapping(), SCEnter, and SCReturn.
Referenced by OutputRegisterTxLogger().
| int AppLayerParserSetup | ( | void | ) |
Definition at line 212 of file app-layer-parser.c.
References SCEnter, and SCReturnInt.
Referenced by AppLayerSetup(), and RegisterAllModules().
| AppLayerParserState* AppLayerParserStateAlloc | ( | void | ) |
Definition at line 188 of file app-layer-parser.c.
References SCEnter, SCMalloc, and SCReturnPtr.
Referenced by AppLayerParserParse(), and HtpConfigRestoreBackup().
| void AppLayerParserStateCleanup | ( | const Flow * | f, |
| void * | alstate, | ||
| AppLayerParserState * | pstate | ||
| ) |
Definition at line 1373 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserStateFree(), AppProtoToString(), AppLayerParserCtx_::ctxs, AppLayerParserProtoCtx_::first_data_dir, FLOW_PROTO_DEFAULT, FlowGetProtoMapping(), AppLayerParserProtoCtx_::GetTxDetectState, AppLayerParserProtoCtx_::LocalStorageAlloc, AppLayerParserProtoCtx_::LocalStorageFree, AppLayerParserProtoCtx_::option_flags, AppLayerParserProtoCtx_::Parser, Flow_::protomap, SCEnter, SCReturn, AppLayerParserProtoCtx_::SetTxDetectState, AppLayerParserProtoCtx_::StateAlloc, AppLayerParserProtoCtx_::StateFree, AppLayerParserProtoCtx_::StateGetEventInfo, AppLayerParserProtoCtx_::StateGetEvents, AppLayerParserProtoCtx_::StateGetProgress, AppLayerParserProtoCtx_::StateGetProgressCompletionStatus, AppLayerParserProtoCtx_::StateGetTx, AppLayerParserProtoCtx_::StateGetTxCnt, AppLayerParserProtoCtx_::StateGetTxLogged, AppLayerParserProtoCtx_::StateSetTxLogged, and AppLayerParserProtoCtx_::StateTransactionFree.
Referenced by AppLayerProtoDetectReset(), and FlowCleanupAppLayer().
| void AppLayerParserStateFree | ( | AppLayerParserState * | pstate | ) |
Definition at line 201 of file app-layer-parser.c.
References AppLayerDecoderEventsFreeEvents(), AppLayerParserState_::decoder_events, SCEnter, SCFree, and SCReturn.
Referenced by AppLayerParserStateCleanup().
| int AppLayerParserStateIssetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1545 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturnInt.
Referenced by DCERPCParser(), OutputRegisterTxLogger(), RegisterSSHParsers(), RegisterTFTPParsers(), SMTPProcessDataChunk(), and SSLVersionToString().
| void AppLayerParserStateSetFlag | ( | AppLayerParserState * | pstate, |
| uint8_t | flag | ||
| ) |
Definition at line 1538 of file app-layer-parser.c.
References AppLayerParserState_::flags, SCEnter, and SCReturn.
Referenced by AppLayerParserParse(), AppLayerParserSetEOF(), and SSLVersionToString().
| void AppLayerParserStreamTruncated | ( | uint8_t | ipproto, |
| AppProto | alproto, | ||
| void * | alstate, | ||
| uint8_t | direction | ||
| ) |
Definition at line 1552 of file app-layer-parser.c.
References Flow_::alproto, AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), BUG_ON, AppLayerParserCtx_::ctxs, AppLayerParserState_::decoder_events, Flow_::dp, Flow_::dst, flags, Flow_::flags, FLOW_INITIALIZE, FLOW_IPV4, FlowFree(), FlowGetProtoMapping(), AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, Flow_::proto, Flow_::protoctx, Flow_::protomap, SCCalloc, SCEnter, SCLogDebug, SCReturn, Flow_::sp, Flow_::src, STREAM_EOF, STREAM_START, STREAM_TOCLIENT, STREAM_TOSERVER, and AppLayerParserProtoCtx_::Truncate.
Referenced by AppLayerParserParse().
| int AppLayerParserSupportsFiles | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1076 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FALSE, FlowGetProtoMapping(), and TRUE.
Referenced by SigMatchList2DataArray().
| int AppLayerParserSupportsTxDetectState | ( | uint8_t | ipproto, |
| AppProto | alproto | ||
| ) |
Definition at line 1083 of file app-layer-parser.c.
References AppLayerParserCtx_::ctxs, FALSE, FlowGetProtoMapping(), and TRUE.
| AppLayerParserThreadCtx* AppLayerParserThreadCtxAlloc | ( | void | ) |
Gets a new app layer protocol's parser thread context.
| Non-NULL | pointer on success. NULL pointer on failure. |
Definition at line 245 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserGetProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCMalloc, and SCReturnPtr.
Referenced by AppLayerGetCtxThread(), AppLayerParserRestoreParserTable(), AppLayerParserStreamTruncated(), DetectBypassRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTemplateRustBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FTPAtExitPrintStats(), HtpConfigRestoreBackup(), HTPFileClose(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterModbusParsers(), RegisterSMBParsers(), RegisterSSHParsers(), RegisterSSLParsers(), and SMTPParserCleanup().
| void AppLayerParserThreadCtxFree | ( | AppLayerParserThreadCtx * | tctx | ) |
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
| tctx | Pointer to the thread context to be destroyed. |
Definition at line 271 of file app-layer-parser.c.
References AppLayerParserThreadCtx_::alproto_local_storage, ALPROTO_MAX, AppLayerParserDestroyProtocolParserLocalStorage(), FLOW_PROTO_DEFAULT, FlowGetReverseProtoMapping(), SCEnter, SCFree, and SCReturn.
Referenced by AppLayerDestroyCtxThread(), AppLayerParserStreamTruncated(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTemplateRustBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FTPAtExitPrintStats(), HtpConfigRestoreBackup(), HTPFileClose(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterModbusParsers(), RegisterSMBParsers(), RegisterSSHParsers(), RegisterSSLParsers(), and SMTPParserCleanup().
| void AppLayerParserTransactionsCleanup | ( | Flow * | f | ) |
remove obsolete (inspected and logged) transactions
Definition at line 868 of file app-layer-parser.c.
References Flow_::alparser, Flow_::alproto, Flow_::alstate, APP_LAYER_TX_INSPECTED_FLAG, AppLayerGetTxIterator(), AppLayerParserGetStateProgress(), AppLayerParserGetStateProgressCompletionStatus(), AppLayerParserGetTxCnt(), AppLayerParserGetTxDetectFlags(), AppLayerParserGetTxLogged(), AppLayerParserProtocolGetLoggerBits(), AppLayerParserCtx_::ctxs, DEBUG_ASSERT_FLOW_LOCKED, AppLayerGetTxIterTuple::has_next, AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, MAX, AppLayerParserState_::min_id, next, Flow_::proto, Flow_::protomap, SCEnter, SCLogDebug, SCReturn, Flow_::sgh_toclient, Flow_::sgh_toserver, AppLayerParserProtoCtx_::StateTransactionFree, STREAM_TOCLIENT, STREAM_TOSERVER, AppLayerGetTxIterTuple::tx_id, AppLayerGetTxIterTuple::tx_ptr, and unlikely.
Referenced by HtpConfigRestoreBackup(), and RegisterSMBParsers().
| void AppLayerParserTriggerRawStreamReassembly | ( | Flow * | f, |
| int | direction | ||
| ) |
Definition at line 1344 of file app-layer-parser.c.
References Flow_::protoctx, SCEnter, SCLogDebug, SCReturn, and StreamTcpReassembleTriggerRawReassembly().
Referenced by HTPFreeConfig(), and SSLVersionToString().
| void UTHAppLayerParserStateGetIds | ( | void * | ptr, |
| uint64_t * | i1, | ||
| uint64_t * | i2, | ||
| uint64_t * | log, | ||
| uint64_t * | min | ||
| ) |
Definition at line 167 of file app-layer-parser.c.
References AppLayerParserState_::inspect_id, AppLayerParserState_::log_id, and AppLayerParserState_::min_id.
Referenced by HtpConfigRestoreBackup(), and RegisterSMBParsers().
1.8.11