suricata
app-layer-smb-tcp-rust.c
Go to the documentation of this file.
1 /* Copyright (C) 2017 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata-common.h"
19 #include "suricata.h"
20 
21 #include "app-layer-protos.h"
22 #include "app-layer-detect-proto.h"
23 #include "app-layer-parser.h"
24 
25 #include "util-unittest.h"
26 
27 #ifdef HAVE_RUST
28 #include "rust.h"
29 #include "app-layer-smb-tcp-rust.h"
30 #include "rust-smb-smb-gen.h"
31 #include "rust-smb-files-gen.h"
32 #include "util-misc.h"
33 
34 #define MIN_REC_SIZE 32+4 // SMB hdr + nbss hdr
35 
36 static int RustSMBTCPParseRequest(Flow *f, void *state,
37  AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
38  void *local_data, const uint8_t flags)
39 {
40  SCLogDebug("RustSMBTCPParseRequest");
41  uint16_t file_flags = FileFlowToFlags(f, STREAM_TOSERVER);
42  rs_smb_setfileflags(0, state, file_flags|FILE_USE_DETECT);
43 
44  int res;
45  if (input == NULL && input_len > 0) {
46  res = rs_smb_parse_request_tcp_gap(state, input_len);
47  } else {
48  res = rs_smb_parse_request_tcp(f, state, pstate, input, input_len,
49  local_data, flags);
50  }
51  if (res != 1) {
52  SCLogDebug("SMB request%s of %u bytes, retval %d",
53  (input == NULL && input_len > 0) ? " is GAP" : "", input_len, res);
54  }
55  return res;
56 }
57 
58 static int RustSMBTCPParseResponse(Flow *f, void *state,
59  AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
60  void *local_data, const uint8_t flags)
61 {
62  SCLogDebug("RustSMBTCPParseResponse");
63  uint16_t file_flags = FileFlowToFlags(f, STREAM_TOCLIENT);
64  rs_smb_setfileflags(1, state, file_flags|FILE_USE_DETECT);
65 
66  SCLogDebug("RustSMBTCPParseResponse %p/%u", input, input_len);
67  int res;
68  if (input == NULL && input_len > 0) {
69  res = rs_smb_parse_response_tcp_gap(state, input_len);
70  } else {
71  res = rs_smb_parse_response_tcp(f, state, pstate, input, input_len,
72  local_data, flags);
73  }
74  if (res != 1) {
75  SCLogDebug("SMB response%s of %u bytes, retval %d",
76  (input == NULL && input_len > 0) ? " is GAP" : "", input_len, res);
77  }
78  return res;
79 }
80 
81 static uint16_t RustSMBTCPProbe(Flow *f,
82  uint8_t *input, uint32_t len)
83 {
84  SCLogDebug("RustSMBTCPProbe");
85 
86  if (len < MIN_REC_SIZE) {
87  return ALPROTO_UNKNOWN;
88  }
89 
90  const int r = rs_smb_probe_tcp(input, len);
91  switch (r) {
92  case 1:
93  return ALPROTO_SMB;
94  case 0:
95  return ALPROTO_UNKNOWN;
96  case -1:
97  default:
98  return ALPROTO_FAILED;
99  }
100 }
101 
102 static int RustSMBGetAlstateProgress(void *tx, uint8_t direction)
103 {
104  return rs_smb_tx_get_alstate_progress(tx, direction);
105 }
106 
107 static uint64_t RustSMBGetTxCnt(void *alstate)
108 {
109  return rs_smb_state_get_tx_count(alstate);
110 }
111 
112 static void *RustSMBGetTx(void *alstate, uint64_t tx_id)
113 {
114  return rs_smb_state_get_tx(alstate, tx_id);
115 }
116 
117 static AppLayerGetTxIterTuple RustSMBGetTxIterator(
118  const uint8_t ipproto, const AppProto alproto,
119  void *alstate, uint64_t min_tx_id, uint64_t max_tx_id,
120  AppLayerGetTxIterState *istate)
121 {
122  return rs_smb_state_get_tx_iterator(alstate, min_tx_id, (uint64_t *)istate);
123 }
124 
125 
126 static void RustSMBSetTxLogged(void *alstate, void *tx, uint32_t logger)
127 {
128  rs_smb_tx_set_logged(alstate, tx, logger);
129 }
130 
131 static LoggerId RustSMBGetTxLogged(void *alstate, void *tx)
132 {
133  return rs_smb_tx_get_logged(alstate, tx);
134 }
135 
136 static void RustSMBStateTransactionFree(void *state, uint64_t tx_id)
137 {
138  rs_smb_state_tx_free(state, tx_id);
139 }
140 
141 static DetectEngineState *RustSMBGetTxDetectState(void *tx)
142 {
143  return rs_smb_state_get_tx_detect_state(tx);
144 }
145 
146 static int RustSMBSetTxDetectState(void *tx, DetectEngineState *s)
147 {
148  rs_smb_state_set_tx_detect_state(tx, s);
149  return 0;
150 }
151 
152 static FileContainer *RustSMBGetFiles(void *state, uint8_t direction)
153 {
154  return rs_smb_getfiles(direction, state);
155 }
156 
157 static AppLayerDecoderEvents *RustSMBGetEvents(void *state, uint64_t id)
158 {
159  return rs_smb_state_get_events(state, id);
160 }
161 
162 static int RustSMBGetEventInfo(const char *event_name, int *event_id,
164 {
165  return rs_smb_state_get_event_info(event_name, event_id, event_type);
166 }
167 
168 static void RustSMBSetDetectFlags(void *tx, uint8_t dir, uint64_t flags)
169 {
170  rs_smb_tx_set_detect_flags(tx, dir, flags);
171 }
172 
173 static uint64_t RustSMBGetDetectFlags(void *tx, uint8_t dir)
174 {
175  return rs_smb_tx_get_detect_flags(tx, dir);
176 }
177 
178 static void RustSMBStateTruncate(void *state, uint8_t direction)
179 {
180  return rs_smb_state_truncate(state, direction);
181 }
182 
183 static int RustSMBRegisterPatternsForProtocolDetection(void)
184 {
185  int r = 0;
186  /* SMB1 */
188  "|ff|SMB", 8, 4, STREAM_TOSERVER);
190  "|ff|SMB", 8, 4, STREAM_TOCLIENT);
191 
192  /* SMB2/3 */
194  "|fe|SMB", 8, 4, STREAM_TOSERVER);
196  "|fe|SMB", 8, 4, STREAM_TOCLIENT);
197 
198  /* SMB3 encrypted records */
200  "|fd|SMB", 8, 4, STREAM_TOSERVER);
202  "|fd|SMB", 8, 4, STREAM_TOCLIENT);
203  return r == 0 ? 0 : -1;
204 }
205 
207 static SuricataFileContext sfc = { &sbcfg };
208 
209 #define SMB_CONFIG_DEFAULT_STREAM_DEPTH 0
210 
211 #ifdef UNITTESTS
212 static void SMBParserRegisterTests(void);
213 #endif
214 
215 static uint32_t stream_depth = SMB_CONFIG_DEFAULT_STREAM_DEPTH;
216 
217 void RegisterRustSMBTCPParsers(void)
218 {
219  const char *proto_name = "smb";
220 
221  /** SMB */
222  if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
224  if (RustSMBRegisterPatternsForProtocolDetection() < 0)
225  return;
226 
227  rs_smb_init(&sfc);
228 
229  if (RunmodeIsUnittests()) {
230  AppLayerProtoDetectPPRegister(IPPROTO_TCP, "445", ALPROTO_SMB, 0,
231  MIN_REC_SIZE, STREAM_TOSERVER, RustSMBTCPProbe,
232  NULL);
233  } else {
234  int have_cfg = AppLayerProtoDetectPPParseConfPorts("tcp",
235  IPPROTO_TCP, proto_name, ALPROTO_SMB, 0,
236  MIN_REC_SIZE, RustSMBTCPProbe, RustSMBTCPProbe);
237  /* if we have no config, we enable the default port 445 */
238  if (!have_cfg) {
239  SCLogWarning(SC_ERR_SMB_CONFIG, "no SMB TCP config found, "
240  "enabling SMB detection on "
241  "port 445.");
242  AppLayerProtoDetectPPRegister(IPPROTO_TCP, "445", ALPROTO_SMB, 0,
243  MIN_REC_SIZE, STREAM_TOSERVER, RustSMBTCPProbe,
244  RustSMBTCPProbe);
245  }
246  }
247  } else {
248  SCLogInfo("Protocol detection and parser disabled for %s protocol.",
249  proto_name);
250  return;
251  }
252 
253  if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
255  RustSMBTCPParseRequest);
257  RustSMBTCPParseResponse);
259  rs_smb_state_new, rs_smb_state_free);
261  RustSMBStateTransactionFree);
262 
264  RustSMBGetEvents);
266  RustSMBGetEventInfo);
267 
269  RustSMBGetTxDetectState, RustSMBSetTxDetectState);
270  AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_SMB, RustSMBGetTx);
271  AppLayerParserRegisterGetTxIterator(IPPROTO_TCP, ALPROTO_SMB, RustSMBGetTxIterator);
273  RustSMBGetTxCnt);
275  RustSMBGetTxLogged, RustSMBSetTxLogged);
277  RustSMBGetAlstateProgress);
279  rs_smb_state_progress_completion_status);
281  RustSMBGetDetectFlags, RustSMBSetDetectFlags);
283  RustSMBStateTruncate);
284  AppLayerParserRegisterGetFilesFunc(IPPROTO_TCP, ALPROTO_SMB, RustSMBGetFiles);
285 
286  /* This parser accepts gaps. */
289 
290  ConfNode *p = ConfGetNode("app-layer.protocols.smb.stream-depth");
291  if (p != NULL) {
292  uint32_t value;
293  if (ParseSizeStringU32(p->val, &value) < 0) {
294  SCLogError(SC_ERR_SMB_CONFIG, "invalid value for stream-depth %s", p->val);
295  } else {
296  stream_depth = value;
297  }
298  }
299  SCLogConfig("SMB stream depth: %u", stream_depth);
300 
301  AppLayerParserSetStreamDepth(IPPROTO_TCP, ALPROTO_SMB, stream_depth);
302  } else {
303  SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
304  "still on.", proto_name);
305  }
306 #ifdef UNITTESTS
308 #endif
309 
310  return;
311 }
312 
313 #ifdef UNITTESTS
314 #include "stream-tcp.h"
315 #include "util-unittest-helper.h"
316 
317 /** \test multi transactions and cleanup */
318 static int SMBParserTxCleanupTest(void)
319 {
320  uint64_t ret[4];
322  FAIL_IF_NULL(alp_tctx);
323 
325  TcpSession ssn;
326  memset(&ssn, 0, sizeof(ssn));
327 
328  Flow *f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 445);
329  FAIL_IF_NULL(f);
330  f->protoctx = &ssn;
331  f->proto = IPPROTO_TCP;
332  f->alproto = ALPROTO_SMB;
333 
334  char req_str[] ="\x00\x00\x00\x79\xfe\x53\x4d\x42\x40\x00\x01\x00\x00\x00\x00\x00" \
335  "\x05\x00\xe0\x1e\x10\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00" \
336  "\x00\x00\x00\x00\x00\x00\x00\x00\x10\x72\xd2\x9f\x36\xc2\x08\x14" \
337  "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \
338  "\x00\x00\x00\x00\x39\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00" \
339  "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00" \
340  "\x00\x00\x00\x00\x07\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00" \
341  "\x78\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
342  req_str[28] = 0x01;
343  int r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
344  STREAM_TOSERVER | STREAM_START, (uint8_t *)req_str, sizeof(req_str));
345  FAIL_IF_NOT(r == 0);
346  req_str[28]++;
347  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
348  STREAM_TOSERVER, (uint8_t *)req_str, sizeof(req_str));
349  FAIL_IF_NOT(r == 0);
350  req_str[28]++;
351  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
352  STREAM_TOSERVER, (uint8_t *)req_str, sizeof(req_str));
353  FAIL_IF_NOT(r == 0);
354  req_str[28]++;
355  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
356  STREAM_TOSERVER, (uint8_t *)req_str, sizeof(req_str));
357  FAIL_IF_NOT(r == 0);
358  req_str[28]++;
359  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
360  STREAM_TOSERVER, (uint8_t *)req_str, sizeof(req_str));
361  FAIL_IF_NOT(r == 0);
362  req_str[28]++;
363  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
364  STREAM_TOSERVER, (uint8_t *)req_str, sizeof(req_str));
365  FAIL_IF_NOT(r == 0);
366  req_str[28]++;
367  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
368  STREAM_TOSERVER, (uint8_t *)req_str, sizeof(req_str));
369  FAIL_IF_NOT(r == 0);
370  req_str[28]++;
371  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
372  STREAM_TOSERVER, (uint8_t *)req_str, sizeof(req_str));
373  FAIL_IF_NOT(r == 0);
374  req_str[28]++;
375 
377  UTHAppLayerParserStateGetIds(f->alparser, &ret[0], &ret[1], &ret[2], &ret[3]);
378  FAIL_IF_NOT(ret[0] == 0); // inspect_id[0]
379  FAIL_IF_NOT(ret[1] == 0); // inspect_id[1]
380  FAIL_IF_NOT(ret[2] == 0); // log_id
381  FAIL_IF_NOT(ret[3] == 0); // min_id
382 
383  char resp_str[] = "\x00\x00\x00\x98\xfe\x53\x4d\x42\x40\x00\x01\x00\x00\x00\x00\x00" \
384  "\x05\x00\x21\x00\x11\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00" \
385  "\x00\x00\x00\x00\x00\x00\x00\x00\x10\x72\xd2\x9f\x36\xc2\x08\x14" \
386  "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \
387  "\x00\x00\x00\x00\x59\x00\x00\x00\x01\x00\x00\x00\x48\x38\x40\xb3" \
388  "\x0f\xa8\xd3\x01\x84\x9a\x2b\x46\xf7\xa8\xd3\x01\x48\x38\x40\xb3" \
389  "\x0f\xa8\xd3\x01\x48\x38\x40\xb3\x0f\xa8\xd3\x01\x00\x00\x00\x00" \
390  "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00" \
391  "\x00\x00\x00\x00\x9e\x8f\xb8\x91\x00\x00\x00\x00\x01\x5b\x11\xbb" \
392  "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
393 
394  resp_str[28] = 0x01;
395  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
396  STREAM_TOCLIENT | STREAM_START, (uint8_t *)resp_str, sizeof(resp_str));
397  FAIL_IF_NOT(r == 0);
398  resp_str[28] = 0x04;
399  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
400  STREAM_TOCLIENT, (uint8_t *)resp_str, sizeof(resp_str));
401  FAIL_IF_NOT(r == 0);
402  resp_str[28] = 0x05;
403  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
404  STREAM_TOCLIENT, (uint8_t *)resp_str, sizeof(resp_str));
405  FAIL_IF_NOT(r == 0);
406  resp_str[28] = 0x06;
407  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
408  STREAM_TOCLIENT, (uint8_t *)resp_str, sizeof(resp_str));
409  FAIL_IF_NOT(r == 0);
410  resp_str[28] = 0x08;
411  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
412  STREAM_TOCLIENT, (uint8_t *)resp_str, sizeof(resp_str));
413  FAIL_IF_NOT(r == 0);
414  resp_str[28] = 0x02;
415  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
416  STREAM_TOCLIENT, (uint8_t *)resp_str, sizeof(resp_str));
417  FAIL_IF_NOT(r == 0);
418  resp_str[28] = 0x07;
419  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
420  STREAM_TOCLIENT, (uint8_t *)resp_str, sizeof(resp_str));
421  FAIL_IF_NOT(r == 0);
423 
424  UTHAppLayerParserStateGetIds(f->alparser, &ret[0], &ret[1], &ret[2], &ret[3]);
425  FAIL_IF_NOT(ret[0] == 2); // inspect_id[0]
426  FAIL_IF_NOT(ret[1] == 2); // inspect_id[1]
427  FAIL_IF_NOT(ret[2] == 2); // log_id
428  FAIL_IF_NOT(ret[3] == 2); // min_id
429 
430  resp_str[28] = 0x03;
431  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
432  STREAM_TOCLIENT, (uint8_t *)resp_str, sizeof(resp_str));
433  FAIL_IF_NOT(r == 0);
435 
436  UTHAppLayerParserStateGetIds(f->alparser, &ret[0], &ret[1], &ret[2], &ret[3]);
437  FAIL_IF_NOT(ret[0] == 8); // inspect_id[0]
438  FAIL_IF_NOT(ret[1] == 8); // inspect_id[1]
439  FAIL_IF_NOT(ret[2] == 8); // log_id
440  FAIL_IF_NOT(ret[3] == 8); // min_id
441 
442  req_str[28] = 0x09;
443  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
444  STREAM_TOSERVER | STREAM_EOF, (uint8_t *)req_str, sizeof(req_str));
445  FAIL_IF_NOT(r == 0);
447 
448  UTHAppLayerParserStateGetIds(f->alparser, &ret[0], &ret[1], &ret[2], &ret[3]);
449  FAIL_IF_NOT(ret[0] == 8); // inspect_id[0] not updated by ..Cleanup() until full tx is done
450  FAIL_IF_NOT(ret[1] == 8); // inspect_id[1]
451  FAIL_IF_NOT(ret[2] == 8); // log_id
452  FAIL_IF_NOT(ret[3] == 8); // min_id
453 
454  resp_str[28] = 0x09;
455  r = AppLayerParserParse(NULL, alp_tctx, f, ALPROTO_SMB,
456  STREAM_TOCLIENT | STREAM_EOF, (uint8_t *)resp_str, sizeof(resp_str));
457  FAIL_IF_NOT(r == 0);
459 
460  UTHAppLayerParserStateGetIds(f->alparser, &ret[0], &ret[1], &ret[2], &ret[3]);
461  FAIL_IF_NOT(ret[0] == 9); // inspect_id[0]
462  FAIL_IF_NOT(ret[1] == 9); // inspect_id[1]
463  FAIL_IF_NOT(ret[2] == 9); // log_id
464  FAIL_IF_NOT(ret[3] == 9); // min_id
465 
466  AppLayerParserThreadCtxFree(alp_tctx);
468  UTHFreeFlow(f);
469 
470  PASS;
471 }
472 
473 static void SMBParserRegisterTests(void)
474 {
475  UtRegisterTest("SMBParserTxCleanupTest", SMBParserTxCleanupTest);
476 }
477 
478 #endif /* UNITTESTS */
479 #endif /* HAVE_RUST */
void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth)
#define STREAMING_BUFFER_CONFIG_INITIALIZER
enum AppLayerEventType_ AppLayerEventType
uint16_t flags
#define SCLogDebug(...)
Definition: util-debug.h:335
void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto, uint32_t flags)
void AppLayerProtoDetectPPRegister(uint8_t ipproto, const char *portstr, AppProto alproto, uint16_t min_depth, uint16_t max_depth, uint8_t direction, ProbingParserFPtr ProbingParser1, ProbingParserFPtr ProbingParser2)
register parser at a port
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int(*StateGetProgress)(void *alstate, uint8_t direction))
uint32_t event_type
uint8_t proto
Definition: flow.h:346
LoggerId
#define PASS
Pass the test.
int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
Given a protocol name, checks if proto detection is enabled in the conf file.
void AppLayerParserRegisterDetectFlagsFuncs(uint8_t ipproto, AppProto alproto, uint64_t(*GetTxDetectFlags)(void *tx, uint8_t dir), void(*SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t))
void AppLayerParserRegisterDetectStateFuncs(uint8_t ipproto, AppProto alproto, DetectEngineState *(*GetTxDetectState)(void *tx), int(*SetTxDetectState)(void *tx, DetectEngineState *))
void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto, void(*Truncate)(void *, uint8_t))
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
void StreamTcpFreeConfig(char quiet)
Definition: stream-tcp.c:669
void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto, LoggerId(*StateGetTxLogged)(void *, void *), void(*StateSetTxLogged)(void *, void *, LoggerId))
uint16_t AppProto
char * val
Definition: conf.h:34
#define TRUE
void * protoctx
Definition: flow.h:398
int AppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name)
check if a parser is enabled in the config Returns enabled always if: were running unittests and when...
Flow * UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
Data structure to store app layer decoder events.
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto, uint8_t direction, AppLayerParserFPtr Parser)
Register app layer parser for the protocol.
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto, void *(StateGetTx)(void *alstate, uint64_t tx_id))
void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto, FileContainer *(*StateGetFiles)(void *, uint8_t))
int AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, uint8_t ipproto, const char *alproto_name, AppProto alproto, uint16_t min_depth, uint16_t max_depth, ProbingParserFPtr ProbingParserTs, ProbingParserFPtr ProbingParserTc)
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type))
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
#define STREAM_EOF
Definition: stream.h:30
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
Definition: stream-tcp.c:365
#define STREAM_TOCLIENT
Definition: stream.h:32
void AppLayerParserRegisterGetStateProgressCompletionStatus(AppProto alproto, int(*StateGetProgressCompletionStatus)(uint8_t direction))
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol&#39;s parser thread context.
int RunmodeIsUnittests(void)
Definition: suricata.c:261
void RegisterRustSMBTCPParsers(void)
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:281
Definition: conf.h:32
#define FILE_USE_DETECT
Definition: util-file.h:49
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:254
void AppLayerParserTransactionsCleanup(Flow *f)
remove obsolete (inspected and logged) transactions
void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_name)
Registers a protocol for protocol detection phase.
void SMBParserRegisterTests(void)
PoolThreadReserved res
int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction)
Registers a case-sensitive pattern for protocol detection.
uint16_t tx_id
void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto alproto, AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t))
void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto, void(*RegisterUnittests)(void))
#define STREAM_START
Definition: stream.h:29
#define STREAM_TOSERVER
Definition: stream.h:31
#define APP_LAYER_PARSER_OPT_ACCEPT_GAPS
void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto, AppLayerGetTxIteratorFunc Func)
uint16_t FileFlowToFlags(const Flow *flow, uint8_t direction)
Definition: util-file.c:217
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:176
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto, uint64_t(*StateGetTxCnt)(void *alstate))
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto, void *(*StateAlloc)(void), void(*StateFree)(void *))
uint8_t len
int ParseSizeStringU32(const char *size, uint32_t *res)
Definition: util-misc.c:186
AppProto alproto
application level protocol
Definition: flow.h:407
void UTHAppLayerParserStateGetIds(void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min)
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
Flow data structure.
Definition: flow.h:327
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
AppLayerParserState * alparser
Definition: flow.h:435
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, uint8_t *input, uint32_t input_len)
void UTHFreeFlow(Flow *flow)
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto, void(*StateTransactionFree)(void *, uint64_t))