int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto)
{
SCEnter();
int ipproto_map = FlowGetProtoMapping(ipproto);
int r = (alp_ctx.ctxs[ipproto_map][alproto].logger == 0) ? 0 : 1;
SCReturnInt(r);
}
FileContainer *AppLayerParserGetFiles(uint8_t ipproto, AppProto alproto,
void *alstate, uint8_t direction)
{
SCEnter();
FileContainer *ptr = NULL;
if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetFiles != NULL)
{
ptr = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetFiles(alstate, direction);
}
SCReturnPtr(ptr, "FileContainer *");
}
int AppLayerParserProtocolSupportsTxs(uint8_t ipproto, AppProto alproto)
{
SCEnter();
int ipproto_map = FlowGetProtoMapping(ipproto);
int r = (alp_ctx.ctxs[ipproto_map][alproto].StateTransactionFree == NULL) ? 0 : 1;
SCReturnInt(r);
}
int AppLayerParserProtocolIsTxEventAware(uint8_t ipproto, AppProto alproto)
{
SCEnter();
int ipproto_map = FlowGetProtoMapping(ipproto);
int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEvents == NULL) ? 0 : 1;
SCReturnInt(r);
}
int AppLayerParserGetStateProgressCompletionStatus(uint8_t ipproto, AppProto alproto,
uint8_t direction)
{
SCEnter();
SCReturnInt(alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetProgressCompletionStatus(direction));
}
AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto,
void *alstate, uint64_t tx_id)
{
SCEnter();
AppLayerDecoderEvents *ptr = NULL;
if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetEvents != NULL)
{
ptr = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetEvents(alstate, tx_id);
}
SCReturnPtr(ptr, "AppLayerDecoderEvents *");
}
void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth)
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].stream_depth = stream_depth;
SCReturn;
}
uint64_t AppLayerParserGetTxCnt(uint8_t ipproto, AppProto alproto, void *alstate)
{
SCEnter();
uint64_t r = 0;
r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetTxCnt(alstate);
SCReturnCT(r, "uint64_t");
}
void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto,
void (*RegisterUnittests)(void))
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
RegisterUnittests = RegisterUnittests;
SCReturn;
}
uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto)
{
SCEnter();
uint8_t r = 0;
r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
first_data_dir;
SCReturnCT(r, "uint8_t");
}
void *AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)
{
SCEnter();
void * r = NULL;
r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetTx(alstate, tx_id);
SCReturnPtr(r, "void *");
}
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger = TRUE;
SCReturn;
}
int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto,
void *alstate, uint8_t direction)
{
SCEnter();
int r = 0;
r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetProgress(alstate, direction);
SCReturnInt(r);
}
void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto,
void (*Truncate)(void *, uint8_t))
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate = Truncate;
SCReturn;
}
int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name,
int *event_id, AppLayerEventType *event_type)
{
SCEnter();
int ipproto_map = FlowGetProtoMapping(ipproto);
int r = (alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo == NULL) ?
-1 : alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo(event_name, event_id, event_type);
SCReturnInt(r);
}
void AppLayerParserRegisterHasEventsFunc(uint8_t ipproto, AppProto alproto,
int (*StateHasEvents)(void *))
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateHasEvents =
StateHasEvents;
SCReturn;
}
void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto alproto,
AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t))
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetEvents =
StateGetEvents;
SCReturn;
}
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto, AppProto alproto,
uint8_t direction)
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].first_data_dir |=
(direction & (STREAM_TOSERVER | STREAM_TOCLIENT));
SCReturn;
}
void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto,
FileContainer *(*StateGetFiles)(void *, uint8_t))
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetFiles =
StateGetFiles;
SCReturn;
}
int AppLayerParserHasDecoderEvents(uint8_t ipproto, AppProto alproto,
void *alstate, AppLayerParserState *pstate,
uint8_t flags)
{
SCEnter();
if (alstate == NULL || pstate == NULL)
goto not_present;
AppLayerDecoderEvents *decoder_events;
uint64_t tx_id;
uint64_t max_id;
if (AppLayerParserProtocolIsTxEventAware(ipproto, alproto)) {
/* fast path if supported by alproto */
if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateHasEvents != NULL) {
if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateHasEvents(alstate) == 1)
{
goto present;
}
} else {
/* check each tx */
tx_id = AppLayerParserGetTransactionInspectId(pstate, flags);
max_id = AppLayerParserGetTxCnt(ipproto, alproto, alstate);
for ( ; tx_id < max_id; tx_id++) {
decoder_events = AppLayerParserGetEventsByTx(ipproto, alproto, alstate, tx_id);
if (decoder_events && decoder_events->cnt)
goto present;
}
}
}
decoder_events = AppLayerParserGetDecoderEvents(pstate);
if (decoder_events && decoder_events->cnt)
goto present;
/* if we have reached here, we don't have events */
not_present:
SCReturnInt(0);
present:
SCReturnInt(1);
}
/** \brief active TX retrieval for normal ops: so with detection and logging
*
* \retval tx_id lowest tx_id that still needs work */
uint64_t AppLayerTransactionGetActiveDetectLog(Flow *f, uint8_t flags) {
AppLayerParserProtoCtx *p = &alp_ctx.ctxs[FlowGetProtoMapping(f->proto)][f->alproto];
uint64_t log_id = f->alparser->log_id;
uint64_t inspect_id = f->alparser->inspect_id[flags & STREAM_TOSERVER ? 0 : 1];
if (p->logger == TRUE) {
return (log_id < inspect_id) ? log_id : inspect_id;
} else {
return inspect_id;
}
}
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto,
void *(StateGetTx)(void *alstate, uint64_t tx_id))
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetTx = StateGetTx;
SCReturn;
}
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto,
uint64_t (*StateGetTxCnt)(void *alstate))
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetTxCnt = StateGetTxCnt;
SCReturn;
}
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto,
void (*StateTransactionFree)(void *, uint64_t))
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateTransactionFree = StateTransactionFree;
SCReturn;
}
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto,
int (*StateGetProgress)(void *alstate, uint8_t direction))
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetProgress = StateGetProgress;
SCReturn;
}
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto,
int (*StateGetEventInfo)(const char *event_name, int *event_id,
AppLayerEventType *event_type))
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetEventInfo = StateGetEventInfo;
SCReturn;
}
void AppLayerParserRegisterGetStateProgressCompletionStatus(uint8_t ipproto,
AppProto alproto,
int (*StateGetProgressCompletionStatus)(uint8_t direction))
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetProgressCompletionStatus = StateGetProgressCompletionStatus;
SCReturn;
}
/* initialize the flow from the first packet
* we see from it. */
void FlowInit(Flow *f, const Packet *p)
{
SCEnter();
SCLogDebug("flow %p", f);
f->proto = p->proto;
f->recursion_level = p->recursion_level;
f->vlan_id[0] = p->vlan_id[0];
f->vlan_id[1] = p->vlan_id[1];
if (PKT_IS_IPV4(p)) {
FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET(p, &f->src);
FLOW_SET_IPV4_DST_ADDR_FROM_PACKET(p, &f->dst);
f->flags |= FLOW_IPV4;
} else if (PKT_IS_IPV6(p)) {
FLOW_SET_IPV6_SRC_ADDR_FROM_PACKET(p, &f->src);
FLOW_SET_IPV6_DST_ADDR_FROM_PACKET(p, &f->dst);
f->flags |= FLOW_IPV6;
}
#ifdef DEBUG
/* XXX handle default */
else {
printf("FIXME: %s:%s:%" PRId32 "\n", __FILE__, __FUNCTION__, __LINE__);
}
#endif
if (p->tcph != NULL) { /* XXX MACRO */
SET_TCP_SRC_PORT(p,&f->sp);
SET_TCP_DST_PORT(p,&f->dp);
} else if (p->udph != NULL) { /* XXX MACRO */
SET_UDP_SRC_PORT(p,&f->sp);
SET_UDP_DST_PORT(p,&f->dp);
} else if (p->icmpv4h != NULL) {
f->type = p->type;
f->code = p->code;
} else if (p->icmpv6h != NULL) {
f->type = p->type;
f->code = p->code;
} else if (p->sctph != NULL) { /* XXX MACRO */
SET_SCTP_SRC_PORT(p,&f->sp);
SET_SCTP_DST_PORT(p,&f->dp);
} /* XXX handle default */
#ifdef DEBUG
else {
printf("FIXME: %s:%s:%" PRId32 "\n", __FILE__, __FUNCTION__, __LINE__);
}
#endif
COPY_TIMESTAMP(&p->ts, &f->startts);
f->protomap = FlowGetProtoMapping(f->proto);
SCReturn;
}
/**
* \brief get the progress value for a tx/protocol
*
* If the stream is disrupted, we return the 'completion' value.
*/
int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto,
void *alstate, uint8_t flags)
{
SCEnter();
int r = 0;
if (unlikely(IS_DISRUPTED(flags))) {
r = alp_ctx.ctxs[FLOW_PROTO_DEFAULT][alproto].
StateGetProgressCompletionStatus(flags);
} else {
r = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetProgress(alstate, flags);
}
SCReturnInt(r);
}
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto,
uint8_t direction,
int (*Parser)(Flow *f, void *protocol_state,
AppLayerParserState *pstate,
uint8_t *buf, uint32_t buf_len,
void *local_storage))
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
Parser[(direction & STREAM_TOSERVER) ? 0 : 1] = Parser;
SCReturnInt(0);
}
