[people/ms/suricata.git] / src / app-layer-parser.h

/* Copyright (C) 2007-2010 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author Victor Julien <victor@inliniac.net>
 */

#ifndef __APP_LAYER_PARSER_H__
#define __APP_LAYER_PARSER_H__

/** Mapping between local parser id's (e.g. HTTP_FIELD_REQUEST_URI) and
  * the dynamically assigned (at registration) global parser id. */
typedef struct AppLayerLocalMap_ {
    uint16_t parser_id;
} AppLayerLocalMap;

/** \brief Mapping between ALPROTO_* and L7Parsers
 *
 * Map the proto to the parsers for the to_client and to_server directions.
 */
typedef struct AppLayerProto_ {
    char *name; /**< name of the registered proto */

    uint16_t to_server;
    uint16_t to_client;
    uint16_t map_size;
    char logger; /**< does this proto have a logger enabled? */

    AppLayerLocalMap **map;

    void *(*StateAlloc)(void);
    void (*StateFree)(void *);
    void (*StateUpdateTransactionId)(void *, uint16_t *);
    void (*StateTransactionFree)(void *, uint16_t);
    void *(*LocalStorageAlloc)(void);
    void (*LocalStorageFree)(void *);

} AppLayerProto;

/** flags for the result elmts */
#define ALP_RESULT_ELMT_ALLOC 0x01

/** \brief Result elements for the parser */
typedef struct AppLayerParserResultElmt_ {
    uint16_t flags; /* flags. E.g. local alloc */
    uint16_t name_idx; /* idx for names like "http.request_line.uri" */

    uint32_t data_len; /* length of the data from the ptr */
    uint8_t  *data_ptr; /* point to the position in the "input" data
                          * or ptr to new mem if local alloc flag set */
    struct AppLayerParserResultElmt_ *next;
} AppLayerParserResultElmt;

/** \brief List head for parser result elmts */
typedef struct AppLayerParserResult_ {
    AppLayerParserResultElmt *head;
    AppLayerParserResultElmt *tail;
    uint32_t cnt;
} AppLayerParserResult;

#define APP_LAYER_PARSER_USE            0x01
#define APP_LAYER_PARSER_EOF            0x02
#define APP_LAYER_PARSER_DONE           0x04    /**< parser is done, ignore more
                                                     msgs */
#define APP_LAYER_PARSER_NO_INSPECTION  0x08    /**< Flag to indicate no more
                                                     packets payload inspection */
#define APP_LAYER_PARSER_NO_REASSEMBLY  0x10    /**< Flag to indicate no more
                                                     packets reassembly for this
                                                     session */

#define APP_LAYER_TRANSACTION_EOF       0x01    /**< Session done, last transaction
                                                     as well */
#define APP_LAYER_TRANSACTION_TOSERVER  0x02    /**< transaction has been inspected
                                                     in to server direction. */
#define APP_LAYER_TRANSACTION_TOCLIENT  0x04    /**< transaction has been inspected
                                                     in to server direction. */

typedef struct AppLayerParserState_ {
    uint8_t flags;
    uint16_t cur_parser; /**< idx of currently active parser */
    uint8_t *store;
    uint32_t store_len;
    uint16_t parse_field;
} AppLayerParserState;

typedef struct AppLayerParserStateStore_ {
    AppLayerParserState to_client;
    AppLayerParserState to_server;

    /** flags related to the id's */
    uint8_t id_flags;

    /** the highest id of inspected state's (i.e. http transactions), updated by
     *  the stateful detection engine code */
    uint16_t inspect_id;
    /** the highest id of logged state's (i.e. http transactions), updated by
     *  a logging module throught the app layer API */
    uint16_t logged_id;
    /** the higest id of available state's, updated by the app layer parser */
    uint16_t avail_id;
    /** the base id signifies the id number of the oldest id we have in our
     *  state. As transactions may be cleaned up before the entire state is
     *  freed, id's may "disappear". */
    uint16_t base_id;

    uint16_t version;       /**< state version, incremented for each update,
                             *   can wrap around */
} AppLayerParserStateStore;

typedef struct AppLayerParserTableElement_ {
    int (*AppLayerParser)(Flow *f, void *protocol_state, AppLayerParserState
                          *parser_state, uint8_t *input, uint32_t input_len,
                          void *local_storage, AppLayerParserResult *output);

    char *name;

    uint16_t proto;
    uint16_t parser_local_id; /**< local id of the parser in the parser itself. */
} AppLayerParserTableElement;

typedef struct AppLayerProbingParserElement_ {
    const char *al_proto_name;
    uint16_t al_proto;
    uint16_t port;
    uint16_t ip_proto;
    uint8_t priority;
    uint8_t top;
    uint32_t al_proto_mask;
    /* the min length of data that has to be supplied to invoke the parser */
    uint32_t min_depth;
    /* the max length of data after which this parser won't be invoked */
    uint32_t max_depth;
    /* the probing parser function */
    uint16_t (*ProbingParser)(uint8_t *input, uint32_t input_len);

    struct AppLayerProbingParserElement_ *next;
} AppLayerProbingParserElement;

typedef struct AppLayerProbingParser_ {
    /* the port no for which probing parser(s) are invoked */
    uint16_t port;
    uint32_t toserver_al_proto_mask;
    uint32_t toclient_al_proto_mask;
    /* the max depth for all the probing parsers registered for this port */
    uint16_t toserver_max_depth;
    uint16_t toclient_max_depth;

    AppLayerProbingParserElement *toserver;
    AppLayerProbingParserElement *toclient;

    struct AppLayerProbingParser_ *next;
} AppLayerProbingParser;

typedef struct AppLayerProbingParserInfo_ {
    const char *al_proto_name;
    uint16_t ip_proto;
    uint16_t al_proto;
    uint16_t (*ProbingParser)(uint8_t *input, uint32_t input_len);
    struct AppLayerProbingParserInfo_ *next;
} AppLayerProbingParserInfo;

#define APP_LAYER_PROBING_PARSER_PRIORITY_HIGH   1
#define APP_LAYER_PROBING_PARSER_PRIORITY_MEDIUM 2
#define APP_LAYER_PROBING_PARSER_PRIORITY_LOW    3

static inline
AppLayerProbingParser *AppLayerGetProbingParsers(AppLayerProbingParser *probing_parsers,
                                                 uint16_t ip_proto,
                                                 uint16_t port)
{
    if (probing_parsers == NULL)
        return NULL;

    AppLayerProbingParser *pp = probing_parsers;
    while (pp != NULL) {
        if (pp->port == port || pp->port == 0) {
            break;
        }
        pp = pp->next;
    }

    return pp;
}

static inline
AppLayerProbingParserInfo *AppLayerGetProbingParserInfo(AppLayerProbingParserInfo *ppi,
                                                        const char *al_proto_name)
{
    while (ppi != NULL) {
        if (strcmp(ppi->al_proto_name, al_proto_name) == 0)
            return ppi;
        ppi = ppi->next;
    }

    return NULL;
}
struct AlpProtoDetectCtx_;

/* prototypes */
void AppLayerParsersInitPostProcess(void);
void RegisterAppLayerParsers(void);
void AppLayerParserRegisterTests(void);

/* registration */
int AppLayerRegisterProto(char *name, uint8_t proto, uint8_t flags,
                          int (*AppLayerParser)(Flow *f, void *protocol_state,
                                                AppLayerParserState *parser_state,
                                                uint8_t *input, uint32_t input_len,
                                                void *local_data,
                                                AppLayerParserResult *output));
int AppLayerRegisterParser(char *name, uint16_t proto, uint16_t parser_id,
                           int (*AppLayerParser)(Flow *f, void *protocol_state,
                                                 AppLayerParserState *parser_state,
                                                 uint8_t *input, uint32_t input_len,
                                                 void *local_data,
                                                 AppLayerParserResult *output),
                           char *dependency);
void AppLayerRegisterProbingParser(struct AlpProtoDetectCtx_ *, uint16_t, uint16_t,
                                   const char *, uint16_t,
                                   uint16_t, uint16_t, uint8_t, uint8_t,
                                   uint8_t,
                                   uint16_t (*ProbingParser)(uint8_t *, uint32_t));
void AppLayerRegisterStateFuncs(uint16_t proto, void *(*StateAlloc)(void),
                                void (*StateFree)(void *));
void AppLayerRegisterTransactionIdFuncs(uint16_t proto,
        void (*StateTransactionId)(void *, uint16_t *),
        void (*StateTransactionFree)(void *, uint16_t id));
void AppLayerRegisterLocalStorageFunc(uint16_t proto,
                                      void *(*LocalStorageAlloc)(void),
                                      void (*LocalStorageFree)(void *));
void *AppLayerGetProtocolParserLocalStorage(uint16_t);
void AppLayerRegisterLogger(uint16_t proto);
uint16_t AppLayerGetProtoByName(const char *);

int AppLayerParse(void *, Flow *, uint8_t,
                  uint8_t, uint8_t *, uint32_t);

int AlpParseFieldBySize(AppLayerParserResult *, AppLayerParserState *, uint16_t,
                        uint32_t, uint8_t *, uint32_t, uint32_t *);
int AlpParseFieldByEOF(AppLayerParserResult *, AppLayerParserState *, uint16_t,
                       uint8_t *, uint32_t);
int AlpParseFieldByDelimiter(AppLayerParserResult *, AppLayerParserState *,
                             uint16_t, const uint8_t *, uint8_t, uint8_t *,
                             uint32_t, uint32_t *);


/* transaction handling */
int AppLayerTransactionUpdateInspectId(Flow *, char);
void AppLayerTransactionUpdateLoggedId(Flow *);
int AppLayerTransactionGetLoggableId(Flow *f);
int AppLayerTransactionGetLoggedId(Flow *f);
int AppLayerTransactionGetBaseId(Flow *f);
int AppLayerTransactionGetInspectId(Flow *f);
uint16_t AppLayerTransactionGetAvailId(Flow *f);

uint16_t AppLayerGetStateVersion(Flow *f);

void AppLayerSetEOF(Flow *);

/* cleanup */
void AppLayerParserCleanupState(Flow *);
void AppLayerFreeProbingParsers(AppLayerProbingParser *);
void AppLayerFreeProbingParsersInfo(AppLayerProbingParserInfo *);
void AppLayerPrintProbingParsers(AppLayerProbingParser *);

#endif /* __APP_LAYER_PARSER_H__ */
Commit	Line	Data
ce019275 WM	1	/* Copyright (C) 2007-2010 Open Information Security Foundation
	2	*
	3	* You can copy, redistribute or modify this Program under the terms of
	4	* the GNU General Public License version 2 as published by the Free
	5	* Software Foundation.
	6	*
	7	* This program is distributed in the hope that it will be useful,
	8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	10	* GNU General Public License for more details.
	11	*
	12	* You should have received a copy of the GNU General Public License
	13	* version 2 along with this program; if not, write to the Free Software
	14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
	15	* 02110-1301, USA.
	16	*/
	17
	18	/**
	19	* \file
	20	*
	21	* \author Victor Julien <victor@inliniac.net>
	22	*/
	23
8e10844f VJ	24	#ifndef __APP_LAYER_PARSER_H__
	25	#define __APP_LAYER_PARSER_H__
	26
5a9a23f9 VJ	27	/** Mapping between local parser id's (e.g. HTTP_FIELD_REQUEST_URI) and
	28	* the dynamically assigned (at registration) global parser id. */
	29	typedef struct AppLayerLocalMap_ {
fa5939ca	30	uint16_t parser_id;
5a9a23f9 VJ	31	} AppLayerLocalMap;
5a9a23f9 VJ	32
8e10844f VJ	33	/** \brief Mapping between ALPROTO_* and L7Parsers
	34	*
	35	* Map the proto to the parsers for the to_client and to_server directions.
	36	*/
	37	typedef struct AppLayerProto_ {
f1f7df07 VJ	38	char name; /< name of the registered proto /
f1f7df07 VJ	39
fa5939ca BR	40	uint16_t to_server;
fa5939ca BR	41	uint16_t to_client;
06904c90 VJ	42	uint16_t map_size;
06904c90 VJ	43	char logger; /*< does this proto have a logger enabled? /
5a9a23f9 VJ	44
5a9a23f9 VJ	45	AppLayerLocalMap **map;
9f78d47c VJ	46
	47	void (StateAlloc)(void);
	48	void (StateFree)(void );
70b32f73 VJ	49	void (StateUpdateTransactionId)(void , uint16_t *);
70b32f73 VJ	50	void (StateTransactionFree)(void , uint16_t);
01a35bb6	51	void (LocalStorageAlloc)(void);
9a6aef45	52	void (LocalStorageFree)(void );
70b32f73	53
8e10844f VJ	54	} AppLayerProto;
8e10844f VJ	55
9f78d47c VJ	56	/** flags for the result elmts */
	57	#define ALP_RESULT_ELMT_ALLOC 0x01
	58
	59	/** \brief Result elements for the parser */
	60	typedef struct AppLayerParserResultElmt_ {
fa5939ca BR	61	uint16_t flags; /* flags. E.g. local alloc */
fa5939ca BR	62	uint16_t name_idx; /* idx for names like "http.request_line.uri" */
8e10844f	63
fc248ca7	64	uint32_t data_len; /* length of the data from the ptr */
fa5939ca	65	uint8_t data_ptr; / point to the position in the "input" data
8e10844f	66	* or ptr to new mem if local alloc flag set */
9f78d47c VJ	67	struct AppLayerParserResultElmt_ *next;
	68	} AppLayerParserResultElmt;
	69
	70	/** \brief List head for parser result elmts */
	71	typedef struct AppLayerParserResult_ {
	72	AppLayerParserResultElmt *head;
	73	AppLayerParserResultElmt *tail;
fa5939ca	74	uint32_t cnt;
9f78d47c VJ	75	} AppLayerParserResult;
9f78d47c VJ	76
a16e7b74 GS	77	#define APP_LAYER_PARSER_USE 0x01
a16e7b74 GS	78	#define APP_LAYER_PARSER_EOF 0x02
70b32f73 VJ	79	#define APP_LAYER_PARSER_DONE 0x04 /**< parser is done, ignore more
	80	msgs */
	81	#define APP_LAYER_PARSER_NO_INSPECTION 0x08 /**< Flag to indicate no more
	82	packets payload inspection */
	83	#define APP_LAYER_PARSER_NO_REASSEMBLY 0x10 /**< Flag to indicate no more
	84	packets reassembly for this
	85	session */
	86
	87	#define APP_LAYER_TRANSACTION_EOF 0x01 /**< Session done, last transaction
	88	as well */
b8fec77f VJ	89	#define APP_LAYER_TRANSACTION_TOSERVER 0x02 /**< transaction has been inspected
	90	in to server direction. */
	91	#define APP_LAYER_TRANSACTION_TOCLIENT 0x04 /**< transaction has been inspected
	92	in to server direction. */
9f78d47c VJ	93
9f78d47c VJ	94	typedef struct AppLayerParserState_ {
fa5939ca	95	uint8_t flags;
70b32f73	96	uint16_t cur_parser; /*< idx of currently active parser /
fa5939ca BR	97	uint8_t *store;
	98	uint32_t store_len;
	99	uint16_t parse_field;
9f78d47c VJ	100	} AppLayerParserState;
	101
	102	typedef struct AppLayerParserStateStore_ {
	103	AppLayerParserState to_client;
	104	AppLayerParserState to_server;
70b32f73 VJ	105
	106	/** flags related to the id's */
	107	uint8_t id_flags;
	108
	109	/** the highest id of inspected state's (i.e. http transactions), updated by
	110	* the stateful detection engine code */
	111	uint16_t inspect_id;
	112	/** the highest id of logged state's (i.e. http transactions), updated by
	113	* a logging module throught the app layer API */
	114	uint16_t logged_id;
	115	/** the higest id of available state's, updated by the app layer parser */
	116	uint16_t avail_id;
	117	/** the base id signifies the id number of the oldest id we have in our
	118	* state. As transactions may be cleaned up before the entire state is
	119	* freed, id's may "disappear". */
	120	uint16_t base_id;
73efb4c7 VJ	121
	122	uint16_t version; /**< state version, incremented for each update,
	123	* can wrap around */
9f78d47c	124	} AppLayerParserStateStore;
8e10844f VJ	125
8e10844f VJ	126	typedef struct AppLayerParserTableElement_ {
fc2f7f29 GS	127	int (AppLayerParser)(Flow f, void *protocol_state, AppLayerParserState
fc2f7f29 GS	128	parser_state, uint8_t input, uint32_t input_len,
9a6aef45	129	void local_storage, AppLayerParserResult output);
06904c90 VJ	130
	131	char *name;
	132
	133	uint16_t proto;
	134	uint16_t parser_local_id; /*< local id of the parser in the parser itself. /
8e10844f VJ	135	} AppLayerParserTableElement;
8e10844f VJ	136
7c31a232 AS	137	typedef struct AppLayerProbingParserElement_ {
	138	const char *al_proto_name;
	139	uint16_t al_proto;
	140	uint16_t port;
432c3317	141	uint16_t ip_proto;
7c31a232 AS	142	uint8_t priority;
7c31a232 AS	143	uint8_t top;
d68775d4	144	uint32_t al_proto_mask;
7c31a232 AS	145	/* the min length of data that has to be supplied to invoke the parser */
	146	uint32_t min_depth;
	147	/* the max length of data after which this parser won't be invoked */
	148	uint32_t max_depth;
	149	/* the probing parser function */
d3989e7c	150	uint16_t (ProbingParser)(uint8_t input, uint32_t input_len);
7c31a232 AS	151
	152	struct AppLayerProbingParserElement_ *next;
	153	} AppLayerProbingParserElement;
	154
	155	typedef struct AppLayerProbingParser_ {
	156	/* the port no for which probing parser(s) are invoked */
	157	uint16_t port;
d68775d4 AS	158	uint32_t toserver_al_proto_mask;
d68775d4 AS	159	uint32_t toclient_al_proto_mask;
7c31a232 AS	160	/* the max depth for all the probing parsers registered for this port */
	161	uint16_t toserver_max_depth;
	162	uint16_t toclient_max_depth;
	163
	164	AppLayerProbingParserElement *toserver;
	165	AppLayerProbingParserElement *toclient;
	166
	167	struct AppLayerProbingParser_ *next;
	168	} AppLayerProbingParser;
	169
432c3317 AS	170	typedef struct AppLayerProbingParserInfo_ {
	171	const char *al_proto_name;
	172	uint16_t ip_proto;
	173	uint16_t al_proto;
d3989e7c	174	uint16_t (ProbingParser)(uint8_t input, uint32_t input_len);
432c3317 AS	175	struct AppLayerProbingParserInfo_ *next;
	176	} AppLayerProbingParserInfo;
	177
7c31a232 AS	178	#define APP_LAYER_PROBING_PARSER_PRIORITY_HIGH 1
	179	#define APP_LAYER_PROBING_PARSER_PRIORITY_MEDIUM 2
	180	#define APP_LAYER_PROBING_PARSER_PRIORITY_LOW 3
	181
a40fdc79 AS	182	static inline
	183	AppLayerProbingParser AppLayerGetProbingParsers(AppLayerProbingParser probing_parsers,
	184	uint16_t ip_proto,
	185	uint16_t port)
7c31a232 AS	186	{
	187	if (probing_parsers == NULL)
	188	return NULL;
	189
	190	AppLayerProbingParser *pp = probing_parsers;
	191	while (pp != NULL) {
432c3317	192	if (pp->port == port \|\| pp->port == 0) {
7c31a232 AS	193	break;
	194	}
	195	pp = pp->next;
	196	}
	197
	198	return pp;
	199	}
	200
432c3317 AS	201	static inline
	202	AppLayerProbingParserInfo AppLayerGetProbingParserInfo(AppLayerProbingParserInfo ppi,
	203	const char *al_proto_name)
	204	{
	205	while (ppi != NULL) {
	206	if (strcmp(ppi->al_proto_name, al_proto_name) == 0)
	207	return ppi;
	208	ppi = ppi->next;
	209	}
	210
	211	return NULL;
	212	}
6e0d98d9 AS	213	struct AlpProtoDetectCtx_;
6e0d98d9 AS	214
9f78d47c VJ	215	/* prototypes */
	216	void AppLayerParsersInitPostProcess(void);
	217	void RegisterAppLayerParsers(void);
06904c90	218	void AppLayerParserRegisterTests(void);
8e10844f	219
06904c90	220	/* registration */
fc2f7f29 GS	221	int AppLayerRegisterProto(char *name, uint8_t proto, uint8_t flags,
fc2f7f29 GS	222	int (AppLayerParser)(Flow f, void *protocol_state,
9a6aef45 AS	223	AppLayerParserState *parser_state,
	224	uint8_t *input, uint32_t input_len,
	225	void *local_data,
	226	AppLayerParserResult *output));
fc2f7f29 GS	227	int AppLayerRegisterParser(char *name, uint16_t proto, uint16_t parser_id,
fc2f7f29 GS	228	int (AppLayerParser)(Flow f, void *protocol_state,
9a6aef45 AS	229	AppLayerParserState *parser_state,
	230	uint8_t *input, uint32_t input_len,
	231	void *local_data,
	232	AppLayerParserResult *output),
18fe3818	233	char *dependency);
6e0d98d9	234	void AppLayerRegisterProbingParser(struct AlpProtoDetectCtx_ *, uint16_t, uint16_t,
a40fdc79	235	const char *, uint16_t,
b7b7bbec	236	uint16_t, uint16_t, uint8_t, uint8_t,
432c3317	237	uint8_t,
d3989e7c	238	uint16_t (ProbingParser)(uint8_t , uint32_t));
fc2f7f29 GS	239	void AppLayerRegisterStateFuncs(uint16_t proto, void (StateAlloc)(void),
fc2f7f29 GS	240	void (StateFree)(void ));
70b32f73 VJ	241	void AppLayerRegisterTransactionIdFuncs(uint16_t proto,
	242	void (StateTransactionId)(void , uint16_t *),
	243	void (StateTransactionFree)(void , uint16_t id));
9a6aef45 AS	244	void AppLayerRegisterLocalStorageFunc(uint16_t proto,
	245	void (LocalStorageAlloc)(void),
	246	void (LocalStorageFree)(void ));
01a35bb6	247	void *AppLayerGetProtocolParserLocalStorage(uint16_t);
70b32f73	248	void AppLayerRegisterLogger(uint16_t proto);
06904c90	249	uint16_t AppLayerGetProtoByName(const char *);
fc2f7f29	250
9a6aef45 AS	251	int AppLayerParse(void , Flow , uint8_t,
9a6aef45 AS	252	uint8_t, uint8_t *, uint32_t);
fc2f7f29 GS	253
	254	int AlpParseFieldBySize(AppLayerParserResult , AppLayerParserState , uint16_t,
	255	uint32_t, uint8_t , uint32_t, uint32_t );
	256	int AlpParseFieldByEOF(AppLayerParserResult , AppLayerParserState , uint16_t,
	257	uint8_t *, uint32_t);
	258	int AlpParseFieldByDelimiter(AppLayerParserResult , AppLayerParserState ,
	259	uint16_t, const uint8_t , uint8_t, uint8_t ,
	260	uint32_t, uint32_t *);
8e10844f	261
f1f7df07	262
06904c90	263	/* transaction handling */
b8fec77f	264	int AppLayerTransactionUpdateInspectId(Flow *, char);
70b32f73	265	void AppLayerTransactionUpdateLoggedId(Flow *);
70b32f73 VJ	266	int AppLayerTransactionGetLoggableId(Flow *f);
	267	int AppLayerTransactionGetLoggedId(Flow *f);
	268	int AppLayerTransactionGetBaseId(Flow *f);
83b2c8ab	269	int AppLayerTransactionGetInspectId(Flow *f);
23e01d23	270	uint16_t AppLayerTransactionGetAvailId(Flow *f);
70b32f73	271
06904c90	272	uint16_t AppLayerGetStateVersion(Flow *f);
c1e485cc	273
23e01d23 VJ	274	void AppLayerSetEOF(Flow *);
23e01d23 VJ	275
06904c90	276	/* cleanup */
8cc525c9	277	void AppLayerParserCleanupState(Flow *);
a40fdc79	278	void AppLayerFreeProbingParsers(AppLayerProbingParser *);
432c3317 AS	279	void AppLayerFreeProbingParsersInfo(AppLayerProbingParserInfo *);
432c3317 AS	280	void AppLayerPrintProbingParsers(AppLayerProbingParser *);
ba12f3c1	281
8e10844f	282	#endif /* __APP_LAYER_PARSER_H__ */