suricata
app-layer.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2014 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
23  *
24  * Application layer handling and protocols implementation
25  */
26 
27 #ifndef SURICATA_APP_LAYER_H
28 #define SURICATA_APP_LAYER_H
29 
30 #include "threadvars.h"
31 #include "decode.h"
32 #include "flow.h"
33 
34 #include "stream-tcp-private.h"
35 #include "stream-tcp-reassemble.h"
36 
37 
38 #include "rust.h"
39 
40 #define APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER \
41  (~STREAM_TOSERVER & ~STREAM_TOCLIENT)
42 
43 /***** L7 layer dispatchers *****/
44 
45 /**
46  * \brief Handles reassembled tcp stream.
47  */
48 int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, Packet *p, Flow *f,
49  TcpSession *ssn, TcpStream **stream, uint8_t *data, uint32_t data_len, uint8_t flags,
50  enum StreamUpdateDir dir);
51 
52 /**
53  * \brief Handles an udp chunk.
54  */
55 int AppLayerHandleUdp(ThreadVars *tv, AppLayerThreadCtx *app_tctx,
56  Packet *p, Flow *f);
57 
58 /***** Utility *****/
59 
60 /**
61  * \brief Given a protocol string, returns the corresponding internal
62  * protocol id.
63  *
64  * \param The internal protocol id.
65  */
66 AppProto AppLayerGetProtoByName(char *alproto_name);
67 
68 /**
69  * \brief Given the internal protocol id, returns a string representation
70  * of the protocol.
71  *
72  * \param alproto The internal protocol id.
73  *
74  * \retval String representation of the protocol.
75  */
76 const char *AppLayerGetProtoName(AppProto alproto);
77 
78 void AppLayerListSupportedProtocols(void);
79 
80 /***** Setup/General Registration *****/
81 
82 /**
83  * \brief Setup the app layer.
84  *
85  * Includes protocol detection setup and the protocol parser setup.
86  *
87  * \retval 0 On success.
88  * \retval -1 On failure.
89  */
90 int AppLayerSetup(void);
91 
92 /**
93  * \brief De initializes the app layer.
94  *
95  * Includes de initializing protocol detection and the protocol parser.
96  */
97 int AppLayerDeSetup(void);
98 
99 /**
100  * \brief Creates a new app layer thread context.
101  *
102  * \retval Pointer to the newly create thread context, on success;
103  * NULL, on failure.
104  */
105 AppLayerThreadCtx *AppLayerGetCtxThread(void);
106 
107 /**
108  * \brief Destroys the context created by AppLayerGetCtxThread().
109  *
110  * \param tctx Pointer to the thread context to destroy.
111  */
112 void AppLayerDestroyCtxThread(AppLayerThreadCtx *tctx);
113 
114 /**
115  * \brief Registers per flow counters for all protocols
116  *
117  */
118 void AppLayerRegisterThreadCounters(ThreadVars *tv);
119 
120 /***** Profiling *****/
121 
122 void AppLayerProfilingResetInternal(AppLayerThreadCtx *app_tctx);
123 
124 void AppLayerProfilingStoreInternal(AppLayerThreadCtx *app_tctx, Packet *p);
125 
126 #ifdef PROFILING
127 #define AppLayerProfilingReset(app_tctx) AppLayerProfilingResetInternal(app_tctx)
128 #define AppLayerProfilingStore(app_tctx, p) AppLayerProfilingStoreInternal(app_tctx, p)
129 #else
130 #define AppLayerProfilingReset(app_tctx)
131 #define AppLayerProfilingStore(app_tctx, p)
132 #endif
133 
134 void AppLayerRegisterGlobalCounters(void);
135 
136 /***** Unittests *****/
137 
138 #ifdef UNITTESTS
139 void AppLayerUnittestsRegister(void);
140 #endif
141 
142 void AppLayerIncTxCounter(ThreadVars *tv, Flow *f, uint64_t step);
143 void AppLayerIncGapErrorCounter(ThreadVars *tv, Flow *f);
144 void AppLayerIncAllocErrorCounter(ThreadVars *tv, Flow *f);
145 void AppLayerIncParserErrorCounter(ThreadVars *tv, Flow *f);
146 void AppLayerIncInternalErrorCounter(ThreadVars *tv, Flow *f);
147 
148 static inline const uint8_t *StreamSliceGetData(const StreamSlice *stream_slice)
149 {
150  return stream_slice->input;
151 }
152 
153 static inline uint32_t StreamSliceGetDataLen(const StreamSlice *stream_slice)
154 {
155  return stream_slice->input_len;
156 }
157 
158 #endif
AppLayerProfilingStoreInternal
void AppLayerProfilingStoreInternal(AppLayerThreadCtx *app_tctx, Packet *p)
Definition: app-layer.c:1102
TcpStream_
Definition: stream-tcp-private.h:106
AppLayerIncParserErrorCounter
void AppLayerIncParserErrorCounter(ThreadVars *tv, Flow *f)
Definition: app-layer.c:178
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:81
Flow_
Flow data structure.
Definition: flow.h:356
rust.h
stream-tcp-reassemble.h
AppLayerRegisterGlobalCounters
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
Definition: app-layer.c:1110
AppLayerGetProtoName
const char * AppLayerGetProtoName(AppProto alproto)
Given the internal protocol id, returns a string representation of the protocol.
Definition: app-layer.c:1005
AppLayerIncAllocErrorCounter
void AppLayerIncAllocErrorCounter(ThreadVars *tv, Flow *f)
Definition: app-layer.c:170
AppLayerHandleTCPData
int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, Packet *p, Flow *f, TcpSession *ssn, TcpStream **stream, uint8_t *data, uint32_t data_len, uint8_t flags, enum StreamUpdateDir dir)
Handles reassembled tcp stream.
Definition: app-layer.c:708
AppLayerDeSetup
int AppLayerDeSetup(void)
De initializes the app layer.
Definition: app-layer.c:1047
decode.h
AppLayerThreadCtx_
This is for the app layer in general and it contains per thread context relevant to both the alpd and...
Definition: app-layer.c:58
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
AppLayerIncGapErrorCounter
void AppLayerIncGapErrorCounter(ThreadVars *tv, Flow *f)
Definition: app-layer.c:162
AppLayerSetup
int AppLayerSetup(void)
Setup the app layer.
Definition: app-layer.c:1032
Packet_
Definition: decode.h:473
stream-tcp-private.h
flags
uint8_t flags
Definition: decode-gre.h:0
AppLayerGetCtxThread
AppLayerThreadCtx * AppLayerGetCtxThread(void)
Creates a new app layer thread context.
Definition: app-layer.c:1059
AppLayerRegisterThreadCounters
void AppLayerRegisterThreadCounters(ThreadVars *tv)
Registers per flow counters for all protocols.
Definition: app-layer.c:1249
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
threadvars.h
AppLayerUnittestsRegister
void AppLayerUnittestsRegister(void)
Definition: app-layer.c:2952
AppLayerIncInternalErrorCounter
void AppLayerIncInternalErrorCounter(ThreadVars *tv, Flow *f)
Definition: app-layer.c:186
AppLayerListSupportedProtocols
void AppLayerListSupportedProtocols(void)
Definition: app-layer.c:1012
AppLayerDestroyCtxThread
void AppLayerDestroyCtxThread(AppLayerThreadCtx *tctx)
Destroys the context created by AppLayerGetCtxThread().
Definition: app-layer.c:1080
AppLayerGetProtoByName
AppProto AppLayerGetProtoByName(char *alproto_name)
Given a protocol string, returns the corresponding internal protocol id.
Definition: app-layer.c:998
TcpReassemblyThreadCtx_
Definition: stream-tcp-reassemble.h:61
StreamUpdateDir
StreamUpdateDir
Definition: stream-tcp-reassemble.h:54
TcpSession_
Definition: stream-tcp-private.h:283
AppLayerProfilingResetInternal
void AppLayerProfilingResetInternal(AppLayerThreadCtx *app_tctx)
Definition: app-layer.c:1097
flow.h
AppLayerHandleUdp
int AppLayerHandleUdp(ThreadVars *tv, AppLayerThreadCtx *app_tctx, Packet *p, Flow *f)
Handles an udp chunk.
Definition: app-layer.c:874
AppLayerIncTxCounter
void AppLayerIncTxCounter(ThreadVars *tv, Flow *f, uint64_t step)
Definition: app-layer.c:154