[people/ms/suricata.git] / rust / src / applayer.rs

/* Copyright (C) 2017-2021 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

//! Parser registration functions and common interface

use std;
use crate::core::{self,DetectEngineState,Flow,AppLayerEventType,AppLayerDecoderEvents,AppProto};
use crate::filecontainer::FileContainer;
use crate::applayer;
use std::os::raw::{c_void,c_char,c_int};
use crate::core::SC;
use std::ffi::CStr;

#[repr(C)]
#[derive(Default, Debug,PartialEq)]
pub struct AppLayerTxConfig {
    /// config: log flags
    log_flags: u8,
}

impl AppLayerTxConfig {
    pub fn new() -> Self {
        Self {
            log_flags: 0,
        }
    }

    pub fn add_log_flags(&mut self, flags: u8) {
        self.log_flags |= flags;
    }
    pub fn set_log_flags(&mut self, flags: u8) {
        self.log_flags = flags;
    }
    pub fn get_log_flags(&self) -> u8 {
        self.log_flags
    }
}

#[repr(C)]
#[derive(Default, Debug,PartialEq)]
pub struct AppLayerTxData {
    /// config: log flags
    pub config: AppLayerTxConfig,

    /// logger flags for tx logging api
    logged: LoggerFlags,

    /// track file open/logs so we can know how long to keep the tx
    pub files_opened: u32,
    pub files_logged: u32,
    pub files_stored: u32,

    /// detection engine flags for use by detection engine
    detect_flags_ts: u64,
    detect_flags_tc: u64,
}

impl AppLayerTxData {
    pub fn new() -> Self {
        Self {
            config: AppLayerTxConfig::new(),
            logged: LoggerFlags::new(),
            files_opened: 0,
            files_logged: 0,
            files_stored: 0,
            detect_flags_ts: 0,
            detect_flags_tc: 0,
        }
    }
    pub fn init_files_opened(&mut self) {
        self.files_opened = 1;
    }
    pub fn incr_files_opened(&mut self) {
        self.files_opened += 1;
    }
}

#[macro_export]
macro_rules!export_tx_data_get {
    ($name:ident, $type:ty) => {
        #[no_mangle]
        pub unsafe extern "C" fn $name(tx: *mut std::os::raw::c_void)
            -> *mut crate::applayer::AppLayerTxData
        {
            let tx = &mut *(tx as *mut $type);
            &mut tx.tx_data
        }
    }
}

#[repr(C)]
#[derive(Default,Debug,PartialEq,Copy,Clone)]
pub struct AppLayerResult {
    pub status: i32,
    pub consumed: u32,
    pub needed: u32,
}

impl AppLayerResult {
    /// parser has successfully processed in the input, and has consumed all of it
    pub fn ok() -> Self {
        Default::default()
    }
    /// parser has hit an unrecoverable error. Returning this to the API
    /// leads to no further calls to the parser.
    pub fn err() -> Self {
        return Self {
            status: -1,
            ..Default::default()
        };
    }
    /// parser needs more data. Through 'consumed' it will indicate how many
    /// of the input bytes it has consumed. Through 'needed' it will indicate
    /// how many more bytes it needs before getting called again.
    /// Note: consumed should never be more than the input len
    ///       needed + consumed should be more than the input len
    pub fn incomplete(consumed: u32, needed: u32) -> Self {
        return Self {
            status: 1,
            consumed: consumed,
            needed: needed,
        };
    }

    pub fn is_ok(self) -> bool {
        self.status == 0
    }
    pub fn is_incomplete(self) -> bool {
        self.status == 1
    }
    pub fn is_err(self) -> bool {
        self.status == -1
    }
}

impl From<bool> for AppLayerResult {
    fn from(v: bool) -> Self {
        if v == false {
            Self::err()
        } else {
            Self::ok()
        }
    }
}

impl From<i32> for AppLayerResult {
    fn from(v: i32) -> Self {
        if v < 0 {
            Self::err()
        } else {
            Self::ok()
        }
    }
}

/// Rust parser declaration
#[repr(C)]
pub struct RustParser {
    /// Parser name.
    pub name:               *const c_char,
    /// Default port
    pub default_port:       *const c_char,

    /// IP Protocol (core::IPPROTO_UDP, core::IPPROTO_TCP, etc.)
    pub ipproto:            c_int,

    /// Probing function, for packets going to server
    pub probe_ts:           Option<ProbeFn>,
    /// Probing function, for packets going to client
    pub probe_tc:           Option<ProbeFn>,

    /// Minimum frame depth for probing
    pub min_depth:          u16,
    /// Maximum frame depth for probing
    pub max_depth:          u16,

    /// Allocation function for a new state
    pub state_new:          StateAllocFn,
    /// Function called to free a state
    pub state_free:         StateFreeFn,

    /// Parsing function, for packets going to server
    pub parse_ts:           ParseFn,
    /// Parsing function, for packets going to client
    pub parse_tc:           ParseFn,

    /// Get the current transaction count
    pub get_tx_count:       StateGetTxCntFn,
    /// Get a transaction
    pub get_tx:             StateGetTxFn,
    /// Function called to free a transaction
    pub tx_free:            StateTxFreeFn,
    /// Progress values at which the tx is considered complete in a direction
    pub tx_comp_st_ts:      c_int,
    pub tx_comp_st_tc:      c_int,
    /// Function returning the current transaction progress
    pub tx_get_progress:    StateGetProgressFn,

    /// Function called to get a detection state
    pub get_de_state:       GetDetectStateFn,
    /// Function called to set a detection state
    pub set_de_state:       SetDetectStateFn,

    /// Function to get events
    pub get_events:         Option<GetEventsFn>,
    /// Function to get an event id from a description
    pub get_eventinfo:      Option<GetEventInfoFn>,
    /// Function to get an event description from an event id
    pub get_eventinfo_byid: Option<GetEventInfoByIdFn>,

    /// Function to allocate local storage
    pub localstorage_new:   Option<LocalStorageNewFn>,
    /// Function to free local storage
    pub localstorage_free:  Option<LocalStorageFreeFn>,

    /// Function to get files
    pub get_files:          Option<GetFilesFn>,

    /// Function to get the TX iterator
    pub get_tx_iterator:    Option<GetTxIteratorFn>,

    pub get_tx_data: GetTxDataFn,

    // Function to apply config to a TX. Optional. Normal (bidirectional)
    // transactions don't need to set this. It is meant for cases where
    // the requests and responses are not sharing tx. It is then up to
    // the implementation to make sure the config is applied correctly.
    pub apply_tx_config: Option<ApplyTxConfigFn>,

    pub flags: u32,

    /// Function to handle the end of data coming on one of the sides
    /// due to the stream reaching its 'depth' limit.
    pub truncate: Option<TruncateFn>,
}

/// Create a slice, given a buffer and a length
///
/// UNSAFE !
#[macro_export]
macro_rules! build_slice {
    ($buf:ident, $len:expr) => ( std::slice::from_raw_parts($buf, $len) );
}

/// Cast pointer to a variable, as a mutable reference to an object
///
/// UNSAFE !
#[macro_export]
macro_rules! cast_pointer {
    ($ptr:ident, $ty:ty) => ( &mut *($ptr as *mut $ty) );
}

pub type ParseFn      = unsafe extern "C" fn (flow: *const Flow,
                                       state: *mut c_void,
                                       pstate: *mut c_void,
                                       input: *const u8,
                                       input_len: u32,
                                       data: *const c_void,
                                       flags: u8) -> AppLayerResult;
pub type ProbeFn      = unsafe extern "C" fn (flow: *const Flow, flags: u8, input:*const u8, input_len: u32, rdir: *mut u8) -> AppProto;
pub type StateAllocFn = extern "C" fn (*mut c_void, AppProto) -> *mut c_void;
pub type StateFreeFn  = unsafe extern "C" fn (*mut c_void);
pub type StateTxFreeFn  = unsafe extern "C" fn (*mut c_void, u64);
pub type StateGetTxFn            = unsafe extern "C" fn (*mut c_void, u64) -> *mut c_void;
pub type StateGetTxCntFn         = unsafe extern "C" fn (*mut c_void) -> u64;
pub type StateGetProgressFn = unsafe extern "C" fn (*mut c_void, u8) -> c_int;
pub type GetDetectStateFn   = unsafe extern "C" fn (*mut c_void) -> *mut DetectEngineState;
pub type SetDetectStateFn   = unsafe extern "C" fn (*mut c_void, &mut DetectEngineState) -> c_int;
pub type GetEventInfoFn     = unsafe extern "C" fn (*const c_char, *mut c_int, *mut AppLayerEventType) -> c_int;
pub type GetEventInfoByIdFn = unsafe extern "C" fn (c_int, *mut *const c_char, *mut AppLayerEventType) -> i8;
pub type GetEventsFn        = unsafe extern "C" fn (*mut c_void) -> *mut AppLayerDecoderEvents;
pub type LocalStorageNewFn  = extern "C" fn () -> *mut c_void;
pub type LocalStorageFreeFn = extern "C" fn (*mut c_void);
pub type GetFilesFn         = unsafe
extern "C" fn (*mut c_void, u8) -> *mut FileContainer;
pub type GetTxIteratorFn    = unsafe extern "C" fn (ipproto: u8, alproto: AppProto,
                                             state: *mut c_void,
                                             min_tx_id: u64,
                                             max_tx_id: u64,
                                             istate: &mut u64)
                                             -> AppLayerGetTxIterTuple;
pub type GetTxDataFn = unsafe extern "C" fn(*mut c_void) -> *mut AppLayerTxData;
pub type ApplyTxConfigFn = unsafe extern "C" fn (*mut c_void, *mut c_void, c_int, AppLayerTxConfig);
pub type TruncateFn = unsafe extern "C" fn (*mut c_void, u8);


// Defined in app-layer-register.h
extern {
    pub fn AppLayerRegisterProtocolDetection(parser: *const RustParser, enable_default: c_int) -> AppProto;
    pub fn AppLayerRegisterParserAlias(parser_name: *const c_char, alias_name: *const c_char);
}

#[allow(non_snake_case)]
pub unsafe fn AppLayerRegisterParser(parser: *const RustParser, alproto: AppProto) -> c_int {
    (SC.unwrap().AppLayerRegisterParser)(parser, alproto)
}

// Defined in app-layer-detect-proto.h
extern {
    pub fn AppLayerProtoDetectPPRegister(ipproto: u8, portstr: *const c_char, alproto: AppProto,
                                         min_depth: u16, max_depth: u16, dir: u8,
                                         pparser1: ProbeFn, pparser2: ProbeFn);
    pub fn AppLayerProtoDetectPPParseConfPorts(ipproto_name: *const c_char, ipproto: u8,
                                               alproto_name: *const c_char, alproto: AppProto,
                                               min_depth: u16, max_depth: u16,
                                               pparser_ts: ProbeFn, pparser_tc: ProbeFn) -> i32;
    pub fn AppLayerProtoDetectPMRegisterPatternCSwPP(ipproto: u8, alproto: AppProto,
                                                     pattern: *const c_char, depth: u16,
                                                     offset: u16, direction: u8, ppfn: ProbeFn,
                                                     pp_min_depth: u16, pp_max_depth: u16) -> c_int;
    pub fn AppLayerProtoDetectConfProtoDetectionEnabled(ipproto: *const c_char, proto: *const c_char) -> c_int;
    pub fn AppLayerProtoDetectConfProtoDetectionEnabledDefault(ipproto: *const c_char, proto: *const c_char, default: bool) -> c_int;
}

// Defined in app-layer-parser.h
pub const APP_LAYER_PARSER_EOF_TS : u8 = BIT_U8!(5);
pub const APP_LAYER_PARSER_EOF_TC : u8 = BIT_U8!(6);
pub const APP_LAYER_PARSER_NO_INSPECTION : u8 = BIT_U8!(1);
pub const APP_LAYER_PARSER_NO_REASSEMBLY : u8 = BIT_U8!(2);
pub const APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD : u8 = BIT_U8!(3);
pub const APP_LAYER_PARSER_BYPASS_READY : u8 = BIT_U8!(4);

pub const APP_LAYER_PARSER_OPT_ACCEPT_GAPS: u32 = BIT_U32!(0);
pub const APP_LAYER_PARSER_OPT_UNIDIR_TXS: u32 = BIT_U32!(1);

pub type AppLayerGetTxIteratorFn = unsafe extern "C" fn (ipproto: u8,
                                                  alproto: AppProto,
                                                  alstate: *mut c_void,
                                                  min_tx_id: u64,
                                                  max_tx_id: u64,
                                                  istate: &mut u64) -> applayer::AppLayerGetTxIterTuple;

extern {
    pub fn AppLayerParserStateSetFlag(state: *mut c_void, flag: u8);
    pub fn AppLayerParserStateIssetFlag(state: *mut c_void, flag: u8) -> c_int;
    pub fn AppLayerParserSetStreamDepth(ipproto: u8, alproto: AppProto, stream_depth: u32);
    pub fn AppLayerParserConfParserEnabled(ipproto: *const c_char, proto: *const c_char) -> c_int;
    pub fn AppLayerParserRegisterGetTxIterator(ipproto: u8, alproto: AppProto, fun: AppLayerGetTxIteratorFn);
    pub fn AppLayerParserRegisterOptionFlags(ipproto: u8, alproto: AppProto, flags: u32);
}

#[repr(C)]
pub struct AppLayerGetTxIterTuple {
    tx_ptr: *mut std::os::raw::c_void,
    tx_id: u64,
    has_next: bool,
}

impl AppLayerGetTxIterTuple {
    pub fn with_values(tx_ptr: *mut std::os::raw::c_void, tx_id: u64, has_next: bool) -> AppLayerGetTxIterTuple {
        AppLayerGetTxIterTuple {
            tx_ptr: tx_ptr, tx_id: tx_id, has_next: has_next,
        }
    }
    pub fn not_found() -> AppLayerGetTxIterTuple {
        AppLayerGetTxIterTuple {
            tx_ptr: std::ptr::null_mut(), tx_id: 0, has_next: false,
        }
    }
}

/// LoggerFlags tracks which loggers have already been executed.
#[repr(C)]
#[derive(Default, Debug,PartialEq)]
pub struct LoggerFlags {
    flags: u32,
}

impl LoggerFlags {

    pub fn new() -> Self {
        Default::default()
    }

    pub fn get(&self) -> u32 {
        self.flags
    }

    pub fn set(&mut self, bits: u32) {
        self.flags = bits;
    }

}

/// Export a function to get the DetectEngineState on a struct.
#[macro_export]
macro_rules!export_tx_get_detect_state {
    ($name:ident, $type:ty) => (
        #[no_mangle]
        pub unsafe extern "C" fn $name(tx: *mut std::os::raw::c_void)
            -> *mut core::DetectEngineState
        {
            let tx = cast_pointer!(tx, $type);
            match tx.de_state {
                Some(ds) => {
                    return ds;
                },
                None => {
                    return std::ptr::null_mut();
                }
            }
        }
    )
}

/// Export a function to set the DetectEngineState on a struct.
#[macro_export]
macro_rules!export_tx_set_detect_state {
    ($name:ident, $type:ty) => (
        #[no_mangle]
        pub unsafe extern "C" fn $name(tx: *mut std::os::raw::c_void,
                de_state: &mut core::DetectEngineState) -> std::os::raw::c_int
        {
            let tx = cast_pointer!(tx, $type);
            tx.de_state = Some(de_state);
            0
        }
    )
}

/// AppLayerEvent trait that will be implemented on enums that
/// derive AppLayerEvent.
pub trait AppLayerEvent {
    /// Return the enum variant of the given ID.
    fn from_id(id: i32) -> Option<Self> where Self: std::marker::Sized;

    /// Convert the enum variant to a C-style string (suffixed with \0).
    fn to_cstring(&self) -> &str;

    /// Return the enum variant for the given name.
    fn from_string(s: &str) -> Option<Self> where Self: std::marker::Sized;

    /// Return the ID value of the enum variant.
    fn as_i32(&self) -> i32;

    unsafe extern "C" fn get_event_info(
        event_name: *const std::os::raw::c_char,
        event_id: *mut std::os::raw::c_int,
        event_type: *mut core::AppLayerEventType,
    ) -> std::os::raw::c_int;

    unsafe extern "C" fn get_event_info_by_id(
        event_id: std::os::raw::c_int,
        event_name: *mut *const std::os::raw::c_char,
        event_type: *mut core::AppLayerEventType,
    ) -> i8;
}

/// Generic `get_info_info` implementation for enums implementing
/// AppLayerEvent.
///
/// Normally usage of this function will be generated by
/// derive(AppLayerEvent), for example:
///
/// #[derive(AppLayerEvent)]
/// enum AppEvent {
///     EventOne,
///     EventTwo,
/// }
///
/// get_event_info::<AppEvent>(...)
#[inline(always)]
pub unsafe fn get_event_info<T: AppLayerEvent>(
    event_name: *const std::os::raw::c_char,
    event_id: *mut std::os::raw::c_int,
    event_type: *mut core::AppLayerEventType,
) -> std::os::raw::c_int {
    if event_name.is_null() {
        return -1;
    }

    let event = match CStr::from_ptr(event_name).to_str().map(T::from_string) {
        Ok(Some(event)) => event.as_i32(),
        _ => -1,
    };
    *event_type = core::APP_LAYER_EVENT_TYPE_TRANSACTION;
    *event_id = event as std::os::raw::c_int;
    return 0;
}

/// Generic `get_info_info_by_id` implementation for enums implementing
/// AppLayerEvent.
#[inline(always)]
pub unsafe fn get_event_info_by_id<T: AppLayerEvent>(
    event_id: std::os::raw::c_int,
    event_name: *mut *const std::os::raw::c_char,
    event_type: *mut core::AppLayerEventType,
) -> i8 {
    if let Some(e) = T::from_id(event_id as i32) {
        *event_name = e.to_cstring().as_ptr() as *const std::os::raw::c_char;
        *event_type = core::APP_LAYER_EVENT_TYPE_TRANSACTION;
        return 0;
    }
    return -1;
}

/// Transaction trait.
///
/// This trait defines methods that a Transaction struct must implement
/// in order to define some generic helper functions.
pub trait Transaction {
    fn id(&self) -> u64;
}

pub trait State<Tx: Transaction> {
    fn get_transactions(&self) -> &[Tx];

    fn get_transaction_iterator(&self, min_tx_id: u64, state: &mut u64) -> AppLayerGetTxIterTuple {
        let mut index = *state as usize;
        let transactions = self.get_transactions();
        let len = transactions.len();
        while index < len {
            let tx = &transactions[index];
            if tx.id() < min_tx_id + 1 {
                index += 1;
                continue;
            }
            *state = index as u64;
            return AppLayerGetTxIterTuple::with_values(
                tx as *const _ as *mut _,
                tx.id() - 1,
                len - index > 1,
            );
        }
        return AppLayerGetTxIterTuple::not_found();
    }
}

pub unsafe extern "C" fn state_get_tx_iterator<S: State<Tx>, Tx: Transaction>(
    _ipproto: u8, _alproto: AppProto, state: *mut std::os::raw::c_void, min_tx_id: u64,
    _max_tx_id: u64, istate: &mut u64,
) -> AppLayerGetTxIterTuple {
    let state = cast_pointer!(state, S);
    state.get_transaction_iterator(min_tx_id, istate)
}
Commit	Line	Data
c78f5ac3	1	/* Copyright (C) 2017-2021 Open Information Security Foundation
c54fc7f9 JI	2	*
	3	* You can copy, redistribute or modify this Program under the terms of
	4	* the GNU General Public License version 2 as published by the Free
	5	* Software Foundation.
	6	*
	7	* This program is distributed in the hope that it will be useful,
	8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	10	* GNU General Public License for more details.
	11	*
	12	* You should have received a copy of the GNU General Public License
	13	* version 2 along with this program; if not, write to the Free Software
	14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
	15	* 02110-1301, USA.
	16	*/
	17
2f5834cd VJ	18	//! Parser registration functions and common interface
2f5834cd VJ	19
e96d9c11	20	use std;
0fa7b5c2	21	use crate::core::{self,DetectEngineState,Flow,AppLayerEventType,AppLayerDecoderEvents,AppProto};
2f5834cd VJ	22	use crate::filecontainer::FileContainer;
	23	use crate::applayer;
	24	use std::os::raw::{c_void,c_char,c_int};
3ada5e14	25	use crate::core::SC;
0fa7b5c2	26	use std::ffi::CStr;
2f5834cd	27
411f428a	28	#[repr(C)]
f502f21f	29	#[derive(Default, Debug,PartialEq)]
411f428a VJ	30	pub struct AppLayerTxConfig {
	31	/// config: log flags
	32	log_flags: u8,
	33	}
	34
	35	impl AppLayerTxConfig {
	36	pub fn new() -> Self {
	37	Self {
	38	log_flags: 0,
	39	}
	40	}
	41
	42	pub fn add_log_flags(&mut self, flags: u8) {
	43	self.log_flags \|= flags;
	44	}
	45	pub fn set_log_flags(&mut self, flags: u8) {
	46	self.log_flags = flags;
	47	}
	48	pub fn get_log_flags(&self) -> u8 {
	49	self.log_flags
	50	}
	51	}
	52
	53	#[repr(C)]
f502f21f	54	#[derive(Default, Debug,PartialEq)]
411f428a VJ	55	pub struct AppLayerTxData {
	56	/// config: log flags
	57	pub config: AppLayerTxConfig,
c797c9f0 VJ	58
	59	/// logger flags for tx logging api
	60	logged: LoggerFlags,
e15995e2	61
c78f5ac3 VJ	62	/// track file open/logs so we can know how long to keep the tx
	63	pub files_opened: u32,
	64	pub files_logged: u32,
56d3e28a	65	pub files_stored: u32,
c78f5ac3	66
e15995e2 VJ	67	/// detection engine flags for use by detection engine
	68	detect_flags_ts: u64,
	69	detect_flags_tc: u64,
411f428a VJ	70	}
	71
	72	impl AppLayerTxData {
	73	pub fn new() -> Self {
	74	Self {
	75	config: AppLayerTxConfig::new(),
c797c9f0	76	logged: LoggerFlags::new(),
c78f5ac3 VJ	77	files_opened: 0,
c78f5ac3 VJ	78	files_logged: 0,
56d3e28a	79	files_stored: 0,
e15995e2 VJ	80	detect_flags_ts: 0,
e15995e2 VJ	81	detect_flags_tc: 0,
411f428a VJ	82	}
411f428a VJ	83	}
c78f5ac3 VJ	84	pub fn init_files_opened(&mut self) {
	85	self.files_opened = 1;
	86	}
	87	pub fn incr_files_opened(&mut self) {
	88	self.files_opened += 1;
	89	}
411f428a VJ	90	}
	91
	92	#[macro_export]
	93	macro_rules!export_tx_data_get {
	94	($name:ident, $type:ty) => {
	95	#[no_mangle]
	96	pub unsafe extern "C" fn $name(tx: *mut std::os::raw::c_void)
	97	-> *mut crate::applayer::AppLayerTxData
	98	{
	99	let tx = &mut (tx as mut $type);
	100	&mut tx.tx_data
	101	}
	102	}
	103	}
	104
2f5834cd	105	#[repr(C)]
aa8871a5	106	#[derive(Default,Debug,PartialEq,Copy,Clone)]
2f5834cd VJ	107	pub struct AppLayerResult {
	108	pub status: i32,
	109	pub consumed: u32,
	110	pub needed: u32,
	111	}
	112
	113	impl AppLayerResult {
	114	/// parser has successfully processed in the input, and has consumed all of it
aa8871a5 JL	115	pub fn ok() -> Self {
aa8871a5 JL	116	Default::default()
2f5834cd VJ	117	}
	118	/// parser has hit an unrecoverable error. Returning this to the API
	119	/// leads to no further calls to the parser.
aa8871a5 JL	120	pub fn err() -> Self {
aa8871a5 JL	121	return Self {
2f5834cd	122	status: -1,
aa8871a5	123	..Default::default()
2f5834cd VJ	124	};
	125	}
	126	/// parser needs more data. Through 'consumed' it will indicate how many
	127	/// of the input bytes it has consumed. Through 'needed' it will indicate
	128	/// how many more bytes it needs before getting called again.
	129	/// Note: consumed should never be more than the input len
	130	/// needed + consumed should be more than the input len
aa8871a5 JL	131	pub fn incomplete(consumed: u32, needed: u32) -> Self {
aa8871a5 JL	132	return Self {
2f5834cd VJ	133	status: 1,
	134	consumed: consumed,
	135	needed: needed,
	136	};
	137	}
b0288da6 VJ	138
	139	pub fn is_ok(self) -> bool {
	140	self.status == 0
	141	}
	142	pub fn is_incomplete(self) -> bool {
	143	self.status == 1
	144	}
	145	pub fn is_err(self) -> bool {
	146	self.status == -1
	147	}
2f5834cd VJ	148	}
2f5834cd VJ	149
acef21b7 VJ	150	impl From<bool> for AppLayerResult {
	151	fn from(v: bool) -> Self {
	152	if v == false {
	153	Self::err()
	154	} else {
	155	Self::ok()
	156	}
	157	}
	158	}
	159
	160	impl From<i32> for AppLayerResult {
	161	fn from(v: i32) -> Self {
	162	if v < 0 {
	163	Self::err()
	164	} else {
	165	Self::ok()
	166	}
	167	}
	168	}
	169
2f5834cd VJ	170	/// Rust parser declaration
	171	#[repr(C)]
	172	pub struct RustParser {
	173	/// Parser name.
	174	pub name: *const c_char,
	175	/// Default port
	176	pub default_port: *const c_char,
	177
	178	/// IP Protocol (core::IPPROTO_UDP, core::IPPROTO_TCP, etc.)
	179	pub ipproto: c_int,
	180
	181	/// Probing function, for packets going to server
	182	pub probe_ts: Option<ProbeFn>,
	183	/// Probing function, for packets going to client
	184	pub probe_tc: Option<ProbeFn>,
	185
	186	/// Minimum frame depth for probing
	187	pub min_depth: u16,
	188	/// Maximum frame depth for probing
	189	pub max_depth: u16,
	190
	191	/// Allocation function for a new state
	192	pub state_new: StateAllocFn,
	193	/// Function called to free a state
	194	pub state_free: StateFreeFn,
	195
	196	/// Parsing function, for packets going to server
	197	pub parse_ts: ParseFn,
	198	/// Parsing function, for packets going to client
	199	pub parse_tc: ParseFn,
	200
	201	/// Get the current transaction count
	202	pub get_tx_count: StateGetTxCntFn,
	203	/// Get a transaction
	204	pub get_tx: StateGetTxFn,
	205	/// Function called to free a transaction
	206	pub tx_free: StateTxFreeFn,
efc9a7a3 VJ	207	/// Progress values at which the tx is considered complete in a direction
	208	pub tx_comp_st_ts: c_int,
	209	pub tx_comp_st_tc: c_int,
2f5834cd VJ	210	/// Function returning the current transaction progress
	211	pub tx_get_progress: StateGetProgressFn,
	212
2f5834cd VJ	213	/// Function called to get a detection state
	214	pub get_de_state: GetDetectStateFn,
	215	/// Function called to set a detection state
	216	pub set_de_state: SetDetectStateFn,
	217
	218	/// Function to get events
	219	pub get_events: Option<GetEventsFn>,
	220	/// Function to get an event id from a description
	221	pub get_eventinfo: Option<GetEventInfoFn>,
	222	/// Function to get an event description from an event id
	223	pub get_eventinfo_byid: Option<GetEventInfoByIdFn>,
	224
	225	/// Function to allocate local storage
	226	pub localstorage_new: Option<LocalStorageNewFn>,
	227	/// Function to free local storage
	228	pub localstorage_free: Option<LocalStorageFreeFn>,
	229
2f5834cd VJ	230	/// Function to get files
	231	pub get_files: Option<GetFilesFn>,
	232
	233	/// Function to get the TX iterator
	234	pub get_tx_iterator: Option<GetTxIteratorFn>,
	235
c94a5e63	236	pub get_tx_data: GetTxDataFn,
5665fc83 VJ	237
	238	// Function to apply config to a TX. Optional. Normal (bidirectional)
	239	// transactions don't need to set this. It is meant for cases where
	240	// the requests and responses are not sharing tx. It is then up to
	241	// the implementation to make sure the config is applied correctly.
	242	pub apply_tx_config: Option<ApplyTxConfigFn>,
53aa967e JI	243
53aa967e JI	244	pub flags: u32,
4da0d9bd VJ	245
	246	/// Function to handle the end of data coming on one of the sides
	247	/// due to the stream reaching its 'depth' limit.
	248	pub truncate: Option<TruncateFn>,
2f5834cd VJ	249	}
	250
	251	/// Create a slice, given a buffer and a length
	252	///
	253	/// UNSAFE !
	254	#[macro_export]
	255	macro_rules! build_slice {
363b5f99	256	($buf:ident, $len:expr) => ( std::slice::from_raw_parts($buf, $len) );
2f5834cd VJ	257	}
	258
	259	/// Cast pointer to a variable, as a mutable reference to an object
	260	///
	261	/// UNSAFE !
	262	#[macro_export]
	263	macro_rules! cast_pointer {
363b5f99	264	($ptr:ident, $ty:ty) => ( &mut ($ptr as mut $ty) );
2f5834cd VJ	265	}
2f5834cd VJ	266
363b5f99	267	pub type ParseFn = unsafe extern "C" fn (flow: *const Flow,
2f5834cd VJ	268	state: *mut c_void,
	269	pstate: *mut c_void,
	270	input: *const u8,
	271	input_len: u32,
	272	data: *const c_void,
	273	flags: u8) -> AppLayerResult;
363b5f99	274	pub type ProbeFn = unsafe extern "C" fn (flow: const Flow, flags: u8, input:const u8, input_len: u32, rdir: *mut u8) -> AppProto;
547d6c2d	275	pub type StateAllocFn = extern "C" fn (mut c_void, AppProto) -> mut c_void;
363b5f99 JI	276	pub type StateFreeFn = unsafe extern "C" fn (*mut c_void);
	277	pub type StateTxFreeFn = unsafe extern "C" fn (*mut c_void, u64);
	278	pub type StateGetTxFn = unsafe extern "C" fn (mut c_void, u64) -> mut c_void;
	279	pub type StateGetTxCntFn = unsafe extern "C" fn (*mut c_void) -> u64;
	280	pub type StateGetProgressFn = unsafe extern "C" fn (*mut c_void, u8) -> c_int;
	281	pub type GetDetectStateFn = unsafe extern "C" fn (mut c_void) -> mut DetectEngineState;
	282	pub type SetDetectStateFn = unsafe extern "C" fn (*mut c_void, &mut DetectEngineState) -> c_int;
	283	pub type GetEventInfoFn = unsafe extern "C" fn (const c_char, mut c_int, *mut AppLayerEventType) -> c_int;
	284	pub type GetEventInfoByIdFn = unsafe extern "C" fn (c_int, mut const c_char, *mut AppLayerEventType) -> i8;
	285	pub type GetEventsFn = unsafe extern "C" fn (mut c_void) -> mut AppLayerDecoderEvents;
2f5834cd VJ	286	pub type LocalStorageNewFn = extern "C" fn () -> *mut c_void;
2f5834cd VJ	287	pub type LocalStorageFreeFn = extern "C" fn (*mut c_void);
363b5f99 JI	288	pub type GetFilesFn = unsafe
	289	extern "C" fn (mut c_void, u8) -> mut FileContainer;
	290	pub type GetTxIteratorFn = unsafe extern "C" fn (ipproto: u8, alproto: AppProto,
2f5834cd VJ	291	state: *mut c_void,
	292	min_tx_id: u64,
	293	max_tx_id: u64,
	294	istate: &mut u64)
	295	-> AppLayerGetTxIterTuple;
411f428a	296	pub type GetTxDataFn = unsafe extern "C" fn(mut c_void) -> mut AppLayerTxData;
5665fc83	297	pub type ApplyTxConfigFn = unsafe extern "C" fn (mut c_void, mut c_void, c_int, AppLayerTxConfig);
4da0d9bd VJ	298	pub type TruncateFn = unsafe extern "C" fn (*mut c_void, u8);
4da0d9bd VJ	299
2f5834cd VJ	300
	301	// Defined in app-layer-register.h
	302	extern {
	303	pub fn AppLayerRegisterProtocolDetection(parser: *const RustParser, enable_default: c_int) -> AppProto;
ab6171c4	304	pub fn AppLayerRegisterParserAlias(parser_name: const c_char, alias_name: const c_char);
3ada5e14 JI	305	}
	306
	307	#[allow(non_snake_case)]
	308	pub unsafe fn AppLayerRegisterParser(parser: *const RustParser, alproto: AppProto) -> c_int {
	309	(SC.unwrap().AppLayerRegisterParser)(parser, alproto)
2f5834cd VJ	310	}
	311
	312	// Defined in app-layer-detect-proto.h
	313	extern {
cb8bd8c6 SB	314	pub fn AppLayerProtoDetectPPRegister(ipproto: u8, portstr: *const c_char, alproto: AppProto,
	315	min_depth: u16, max_depth: u16, dir: u8,
	316	pparser1: ProbeFn, pparser2: ProbeFn);
	317	pub fn AppLayerProtoDetectPPParseConfPorts(ipproto_name: *const c_char, ipproto: u8,
	318	alproto_name: *const c_char, alproto: AppProto,
	319	min_depth: u16, max_depth: u16,
	320	pparser_ts: ProbeFn, pparser_tc: ProbeFn) -> i32;
	321	pub fn AppLayerProtoDetectPMRegisterPatternCSwPP(ipproto: u8, alproto: AppProto,
d66ad96f SB	322	pattern: *const c_char, depth: u16,
	323	offset: u16, direction: u8, ppfn: ProbeFn,
	324	pp_min_depth: u16, pp_max_depth: u16) -> c_int;
2f5834cd	325	pub fn AppLayerProtoDetectConfProtoDetectionEnabled(ipproto: const c_char, proto: const c_char) -> c_int;
ea4a509a	326	pub fn AppLayerProtoDetectConfProtoDetectionEnabledDefault(ipproto: const c_char, proto: const c_char, default: bool) -> c_int;
2f5834cd VJ	327	}
	328
	329	// Defined in app-layer-parser.h
fdab22d9 PA	330	pub const APP_LAYER_PARSER_EOF_TS : u8 = BIT_U8!(5);
	331	pub const APP_LAYER_PARSER_EOF_TC : u8 = BIT_U8!(6);
	332	pub const APP_LAYER_PARSER_NO_INSPECTION : u8 = BIT_U8!(1);
	333	pub const APP_LAYER_PARSER_NO_REASSEMBLY : u8 = BIT_U8!(2);
	334	pub const APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD : u8 = BIT_U8!(3);
	335	pub const APP_LAYER_PARSER_BYPASS_READY : u8 = BIT_U8!(4);
e96d9c11	336
a0e3e2d7	337	pub const APP_LAYER_PARSER_OPT_ACCEPT_GAPS: u32 = BIT_U32!(0);
ac3cf6ff	338	pub const APP_LAYER_PARSER_OPT_UNIDIR_TXS: u32 = BIT_U32!(1);
a0e3e2d7	339
363b5f99	340	pub type AppLayerGetTxIteratorFn = unsafe extern "C" fn (ipproto: u8,
2f5834cd VJ	341	alproto: AppProto,
	342	alstate: *mut c_void,
	343	min_tx_id: u64,
	344	max_tx_id: u64,
	345	istate: &mut u64) -> applayer::AppLayerGetTxIterTuple;
	346
	347	extern {
	348	pub fn AppLayerParserStateSetFlag(state: *mut c_void, flag: u8);
	349	pub fn AppLayerParserStateIssetFlag(state: *mut c_void, flag: u8) -> c_int;
cb8bd8c6	350	pub fn AppLayerParserSetStreamDepth(ipproto: u8, alproto: AppProto, stream_depth: u32);
2f5834cd VJ	351	pub fn AppLayerParserConfParserEnabled(ipproto: const c_char, proto: const c_char) -> c_int;
2f5834cd VJ	352	pub fn AppLayerParserRegisterGetTxIterator(ipproto: u8, alproto: AppProto, fun: AppLayerGetTxIteratorFn);
2f5834cd VJ	353	pub fn AppLayerParserRegisterOptionFlags(ipproto: u8, alproto: AppProto, flags: u32);
	354	}
	355
e96d9c11 VJ	356	#[repr(C)]
e96d9c11 VJ	357	pub struct AppLayerGetTxIterTuple {
3f6624bf	358	tx_ptr: *mut std::os::raw::c_void,
e96d9c11 VJ	359	tx_id: u64,
	360	has_next: bool,
	361	}
	362
	363	impl AppLayerGetTxIterTuple {
3f6624bf	364	pub fn with_values(tx_ptr: *mut std::os::raw::c_void, tx_id: u64, has_next: bool) -> AppLayerGetTxIterTuple {
e96d9c11 VJ	365	AppLayerGetTxIterTuple {
	366	tx_ptr: tx_ptr, tx_id: tx_id, has_next: has_next,
	367	}
	368	}
	369	pub fn not_found() -> AppLayerGetTxIterTuple {
	370	AppLayerGetTxIterTuple {
	371	tx_ptr: std::ptr::null_mut(), tx_id: 0, has_next: false,
	372	}
	373	}
	374	}
	375
c54fc7f9	376	/// LoggerFlags tracks which loggers have already been executed.
c797c9f0	377	#[repr(C)]
f502f21f	378	#[derive(Default, Debug,PartialEq)]
c54fc7f9 JI	379	pub struct LoggerFlags {
	380	flags: u32,
	381	}
	382
	383	impl LoggerFlags {
	384
aa8871a5 JL	385	pub fn new() -> Self {
aa8871a5 JL	386	Default::default()
c54fc7f9 JI	387	}
c54fc7f9 JI	388
bca0cd71 VJ	389	pub fn get(&self) -> u32 {
	390	self.flags
	391	}
	392
	393	pub fn set(&mut self, bits: u32) {
	394	self.flags = bits;
	395	}
	396
c54fc7f9	397	}
2ec33816 JI	398
	399	/// Export a function to get the DetectEngineState on a struct.
	400	#[macro_export]
	401	macro_rules!export_tx_get_detect_state {
	402	($name:ident, $type:ty) => (
	403	#[no_mangle]
363b5f99	404	pub unsafe extern "C" fn $name(tx: *mut std::os::raw::c_void)
2ec33816 JI	405	-> *mut core::DetectEngineState
	406	{
	407	let tx = cast_pointer!(tx, $type);
	408	match tx.de_state {
	409	Some(ds) => {
	410	return ds;
	411	},
	412	None => {
	413	return std::ptr::null_mut();
	414	}
	415	}
	416	}
	417	)
	418	}
	419
	420	/// Export a function to set the DetectEngineState on a struct.
	421	#[macro_export]
	422	macro_rules!export_tx_set_detect_state {
	423	($name:ident, $type:ty) => (
	424	#[no_mangle]
363b5f99	425	pub unsafe extern "C" fn $name(tx: *mut std::os::raw::c_void,
3f6624bf	426	de_state: &mut core::DetectEngineState) -> std::os::raw::c_int
2ec33816 JI	427	{
	428	let tx = cast_pointer!(tx, $type);
	429	tx.de_state = Some(de_state);
	430	0
	431	}
	432	)
	433	}
dbea7d63 JI	434
	435	/// AppLayerEvent trait that will be implemented on enums that
	436	/// derive AppLayerEvent.
	437	pub trait AppLayerEvent {
	438	/// Return the enum variant of the given ID.
	439	fn from_id(id: i32) -> Option<Self> where Self: std::marker::Sized;
	440
	441	/// Convert the enum variant to a C-style string (suffixed with \0).
	442	fn to_cstring(&self) -> &str;
	443
0fa7b5c2 JI	444	/// Return the enum variant for the given name.
0fa7b5c2 JI	445	fn from_string(s: &str) -> Option<Self> where Self: std::marker::Sized;
dbea7d63 JI	446
	447	/// Return the ID value of the enum variant.
	448	fn as_i32(&self) -> i32;
9221f1d9 JI	449
	450	unsafe extern "C" fn get_event_info(
	451	event_name: *const std::os::raw::c_char,
	452	event_id: *mut std::os::raw::c_int,
	453	event_type: *mut core::AppLayerEventType,
	454	) -> std::os::raw::c_int;
	455
	456	unsafe extern "C" fn get_event_info_by_id(
	457	event_id: std::os::raw::c_int,
	458	event_name: mut const std::os::raw::c_char,
	459	event_type: *mut core::AppLayerEventType,
	460	) -> i8;
dbea7d63	461	}
0fa7b5c2 JI	462
	463	/// Generic `get_info_info` implementation for enums implementing
	464	/// AppLayerEvent.
	465	///
	466	/// Normally usage of this function will be generated by
	467	/// derive(AppLayerEvent), for example:
	468	///
	469	/// #[derive(AppLayerEvent)]
	470	/// enum AppEvent {
	471	/// EventOne,
	472	/// EventTwo,
	473	/// }
	474	///
	475	/// get_event_info::<AppEvent>(...)
	476	#[inline(always)]
9221f1d9	477	pub unsafe fn get_event_info<T: AppLayerEvent>(
0fa7b5c2 JI	478	event_name: *const std::os::raw::c_char,
	479	event_id: *mut std::os::raw::c_int,
	480	event_type: *mut core::AppLayerEventType,
	481	) -> std::os::raw::c_int {
23768c71	482	if event_name.is_null() {
0fa7b5c2 JI	483	return -1;
	484	}
	485
9221f1d9 JI	486	let event = match CStr::from_ptr(event_name).to_str().map(T::from_string) {
	487	Ok(Some(event)) => event.as_i32(),
	488	_ => -1,
	489	};
	490	*event_type = core::APP_LAYER_EVENT_TYPE_TRANSACTION;
	491	*event_id = event as std::os::raw::c_int;
	492	return 0;
0fa7b5c2 JI	493	}
	494
	495	/// Generic `get_info_info_by_id` implementation for enums implementing
	496	/// AppLayerEvent.
	497	#[inline(always)]
9221f1d9	498	pub unsafe fn get_event_info_by_id<T: AppLayerEvent>(
0fa7b5c2 JI	499	event_id: std::os::raw::c_int,
	500	event_name: mut const std::os::raw::c_char,
	501	event_type: *mut core::AppLayerEventType,
	502	) -> i8 {
	503	if let Some(e) = T::from_id(event_id as i32) {
9221f1d9 JI	504	event_name = e.to_cstring().as_ptr() as const std::os::raw::c_char;
9221f1d9 JI	505	*event_type = core::APP_LAYER_EVENT_TYPE_TRANSACTION;
0fa7b5c2 JI	506	return 0;
	507	}
	508	return -1;
	509	}
049d4321 JI	510
	511	/// Transaction trait.
	512	///
	513	/// This trait defines methods that a Transaction struct must implement
	514	/// in order to define some generic helper functions.
	515	pub trait Transaction {
	516	fn id(&self) -> u64;
	517	}
	518
	519	pub trait State<Tx: Transaction> {
	520	fn get_transactions(&self) -> &[Tx];
	521
	522	fn get_transaction_iterator(&self, min_tx_id: u64, state: &mut u64) -> AppLayerGetTxIterTuple {
	523	let mut index = *state as usize;
	524	let transactions = self.get_transactions();
	525	let len = transactions.len();
	526	while index < len {
	527	let tx = &transactions[index];
	528	if tx.id() < min_tx_id + 1 {
	529	index += 1;
	530	continue;
	531	}
	532	*state = index as u64;
	533	return AppLayerGetTxIterTuple::with_values(
	534	tx as const _ as mut _,
	535	tx.id() - 1,
	536	len - index > 1,
	537	);
	538	}
	539	return AppLayerGetTxIterTuple::not_found();
	540	}
	541	}
	542
	543	pub unsafe extern "C" fn state_get_tx_iterator<S: State<Tx>, Tx: Transaction>(
	544	_ipproto: u8, _alproto: AppProto, state: *mut std::os::raw::c_void, min_tx_id: u64,
	545	_max_tx_id: u64, istate: &mut u64,
	546	) -> AppLayerGetTxIterTuple {
	547	let state = cast_pointer!(state, S);
	548	state.get_transaction_iterator(min_tx_id, istate)
	549	}