[people/ms/suricata.git] / src / app-layer-parser.h

/* Copyright (C) 2007-2020 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author Victor Julien <victor@inliniac.net>
 * \author Anoop Saldanha <anoopsaldanha@gmail.com>
 */

#ifndef __APP_LAYER_PARSER_H__
#define __APP_LAYER_PARSER_H__

#include "app-layer-events.h"
#include "detect-engine-state.h"
#include "util-file.h"
#include "stream-tcp-private.h"
#include "rust.h"
#include "util-config.h"

/* Flags for AppLayerParserState. */
// flag available                               BIT_U8(0)
#define APP_LAYER_PARSER_NO_INSPECTION          BIT_U8(1)
#define APP_LAYER_PARSER_NO_REASSEMBLY          BIT_U8(2)
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD  BIT_U8(3)
#define APP_LAYER_PARSER_BYPASS_READY           BIT_U8(4)
#define APP_LAYER_PARSER_EOF_TS                 BIT_U8(5)
#define APP_LAYER_PARSER_EOF_TC                 BIT_U8(6)

/* Flags for AppLayerParserProtoCtx. */
#define APP_LAYER_PARSER_OPT_ACCEPT_GAPS        BIT_U32(0)
#define APP_LAYER_PARSER_OPT_UNIDIR_TXS         BIT_U32(1)

#define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET   BIT_U32(0)

/* applies to DetectFlags uint64_t field */

/** reserved for future use */
#define APP_LAYER_TX_RESERVED1_FLAG  BIT_U64(48)
#define APP_LAYER_TX_RESERVED2_FLAG  BIT_U64(49)
#define APP_LAYER_TX_RESERVED3_FLAG  BIT_U64(50)
#define APP_LAYER_TX_RESERVED4_FLAG  BIT_U64(51)
#define APP_LAYER_TX_RESERVED5_FLAG  BIT_U64(52)
#define APP_LAYER_TX_RESERVED6_FLAG  BIT_U64(53)
#define APP_LAYER_TX_RESERVED7_FLAG  BIT_U64(54)
#define APP_LAYER_TX_RESERVED8_FLAG  BIT_U64(55)
#define APP_LAYER_TX_RESERVED9_FLAG  BIT_U64(56)
#define APP_LAYER_TX_RESERVED10_FLAG BIT_U64(57)
#define APP_LAYER_TX_RESERVED11_FLAG BIT_U64(58)
#define APP_LAYER_TX_RESERVED12_FLAG BIT_U64(59)
#define APP_LAYER_TX_RESERVED13_FLAG BIT_U64(60)
#define APP_LAYER_TX_RESERVED14_FLAG BIT_U64(61)
#define APP_LAYER_TX_RESERVED15_FLAG BIT_U64(62)

#define APP_LAYER_TX_RESERVED_FLAGS                                                                \
    (APP_LAYER_TX_RESERVED1_FLAG | APP_LAYER_TX_RESERVED2_FLAG | APP_LAYER_TX_RESERVED3_FLAG |     \
            APP_LAYER_TX_RESERVED4_FLAG | APP_LAYER_TX_RESERVED5_FLAG |                            \
            APP_LAYER_TX_RESERVED6_FLAG | APP_LAYER_TX_RESERVED7_FLAG |                            \
            APP_LAYER_TX_RESERVED8_FLAG | APP_LAYER_TX_RESERVED9_FLAG |                            \
            APP_LAYER_TX_RESERVED10_FLAG | APP_LAYER_TX_RESERVED11_FLAG |                          \
            APP_LAYER_TX_RESERVED12_FLAG | APP_LAYER_TX_RESERVED13_FLAG |                          \
            APP_LAYER_TX_RESERVED14_FLAG | APP_LAYER_TX_RESERVED15_FLAG)

/** is tx fully inspected? */
#define APP_LAYER_TX_INSPECTED_FLAG             BIT_U64(63)
/** other 63 bits are for tracking which prefilter engine is already
 *  completely inspected */
#define APP_LAYER_TX_PREFILTER_MASK ~(APP_LAYER_TX_INSPECTED_FLAG | APP_LAYER_TX_RESERVED_FLAGS)

/** parser has successfully processed in the input, and has consumed
 *  all of it. */
#define APP_LAYER_OK (AppLayerResult) { 0, 0, 0 }

/** parser has hit an unrecoverable error. Returning this to the API
 *  leads to no further calls to the parser. */
#define APP_LAYER_ERROR (AppLayerResult) { -1, 0, 0 }

/** parser needs more data. Through 'c' it will indicate how many
 *  of the input bytes it has consumed. Through 'n' it will indicate
 *  how many more bytes it needs before getting called again.
 *  \note consumed (c) should never be more than the input len
 *        needed (n) + consumed (c) should be more than the input len
 */
#define APP_LAYER_INCOMPLETE(c,n) (AppLayerResult) { 1, (c), (n) }

int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto);

/***** transaction handling *****/

int AppLayerParserSetup(void);
void AppLayerParserPostStreamSetup(void);
int AppLayerParserDeSetup(void);

typedef struct AppLayerParserThreadCtx_ AppLayerParserThreadCtx;

/**
 * \brief Gets a new app layer protocol's parser thread context.
 *
 * \retval Non-NULL pointer on success.
 *         NULL pointer on failure.
 */
AppLayerParserThreadCtx *AppLayerParserThreadCtxAlloc(void);

/**
 * \brief Destroys the app layer parser thread context obtained
 *        using AppLayerParserThreadCtxAlloc().
 *
 * \param tctx Pointer to the thread context to be destroyed.
 */
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx);

/**
 * \brief Given a protocol name, checks if the parser is enabled in
 *        the conf file.
 *
 * \param alproto_name Name of the app layer protocol.
 *
 * \retval 1 If enabled.
 * \retval 0 If disabled.
 */
int AppLayerParserConfParserEnabled(const char *ipproto,
                                    const char *alproto_name);

/** \brief Prototype for parsing functions */
typedef AppLayerResult (*AppLayerParserFPtr)(Flow *f, void *protocol_state,
        AppLayerParserState *pstate,
        const uint8_t *buf, uint32_t buf_len,
        void *local_storage, const uint8_t flags);

typedef struct AppLayerGetTxIterState {
    union {
        void *ptr;
        uint64_t u64;
    } un;
} AppLayerGetTxIterState;

/** \brief tx iterator prototype */
typedef AppLayerGetTxIterTuple (*AppLayerGetTxIteratorFunc)
       (const uint8_t ipproto, const AppProto alproto,
        void *alstate, uint64_t min_tx_id, uint64_t max_tx_id,
        AppLayerGetTxIterState *state);

/***** Parser related registration *****/

/**
 * \brief Register app layer parser for the protocol.
 *
 * \retval 0 On success.
 * \retval -1 On failure.
 */
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto,
                      uint8_t direction,
                      AppLayerParserFPtr Parser);
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto,
                                              AppProto alproto,
                                              uint8_t direction);
void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto,
        uint32_t flags);
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto,
        void *(*StateAlloc)(void *, AppProto), void (*StateFree)(void *));
void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto proto,
                                 void *(*LocalStorageAlloc)(void),
                                 void (*LocalStorageFree)(void *));
void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto,
                             FileContainer *(*StateGetFiles)(void *, uint8_t));
// void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto proto,
//     AppLayerDecoderEvents *(*StateGetEvents)(void *) __attribute__((nonnull)));
void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto,
                         LoggerId (*StateGetTxLogged)(void *, void *),
                         void (*StateSetTxLogged)(void *, void *, LoggerId));
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto);
void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits);
void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto,
                             void (*Truncate)(void *, uint8_t));
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto,
    int (*StateGetStateProgress)(void *alstate, uint8_t direction));
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto,
                           void (*StateTransactionFree)(void *, uint64_t));
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto,
                         uint64_t (*StateGetTxCnt)(void *alstate));
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto,
                      void *(StateGetTx)(void *alstate, uint64_t tx_id));
void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto,
                      AppLayerGetTxIteratorFunc Func);
void AppLayerParserRegisterStateProgressCompletionStatus(
        AppProto alproto, const int ts, const int tc);
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto,
    int (*StateGetEventInfo)(const char *event_name, int *event_id,
                             AppLayerEventType *event_type));
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto,
    int (*StateGetEventInfoById)(int event_id, const char **event_name,
                                 AppLayerEventType *event_type));
void AppLayerParserRegisterGetStreamDepth(uint8_t ipproto,
                                          AppProto alproto,
                                          uint32_t (*GetStreamDepth)(void));
void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto,
        void (*SetStreamDepthFlag)(void *tx, uint8_t flags));

void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto,
        AppLayerTxData *(*GetTxData)(void *tx));
void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto,
        bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig));

/***** Get and transaction functions *****/

uint32_t AppLayerParserGetOptionFlags(uint8_t protomap, AppProto alproto);
AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto,
         const AppProto alproto);

void *AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto);
void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto,
                                          void *local_data);


uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate);
void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id);

uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction);
void AppLayerParserSetTransactionInspectId(const Flow *f, AppLayerParserState *pstate,
                                void *alstate, const uint8_t flags, bool tag_txs_as_inspected);

AppLayerDecoderEvents *AppLayerParserGetDecoderEvents(AppLayerParserState *pstate);
void AppLayerParserSetDecoderEvents(AppLayerParserState *pstate, AppLayerDecoderEvents *devents);
AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto, void *tx);
FileContainer *AppLayerParserGetFiles(const Flow *f, const uint8_t direction);
int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto,
                        void *alstate, uint8_t direction);
uint64_t AppLayerParserGetTxCnt(const Flow *, void *alstate);
void *AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id);
int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto, uint8_t direction);
int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name,
                    int *event_id, AppLayerEventType *event_type);
int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, int event_id,
                    const char **event_name, AppLayerEventType *event_type);

uint64_t AppLayerParserGetTransactionActive(const Flow *f, AppLayerParserState *pstate, uint8_t direction);

uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto);

int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto);

AppLayerTxData *AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx);
void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto,
        void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig);

/***** General *****/

int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *tctx, Flow *f, AppProto alproto,
                   uint8_t flags, const uint8_t *input, uint32_t input_len);
void AppLayerParserSetEOF(AppLayerParserState *pstate);
bool AppLayerParserHasDecoderEvents(AppLayerParserState *pstate);
int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto);
LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto);
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction);
void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth);
uint32_t AppLayerParserGetStreamDepth(const Flow *f);
void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags);
int AppLayerParserIsEnabled(AppProto alproto);

/***** Cleanup *****/

void AppLayerParserStateProtoCleanup(
        uint8_t protomap, AppProto alproto, void *alstate, AppLayerParserState *pstate);
void AppLayerParserStateCleanup(const Flow *f, void *alstate, AppLayerParserState *pstate);

void AppLayerParserRegisterProtocolParsers(void);


void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint8_t flag);
int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag);

void AppLayerParserStreamTruncated(uint8_t ipproto, AppProto alproto, void *alstate,
                        uint8_t direction);


AppLayerParserState *AppLayerParserStateAlloc(void);
void AppLayerParserStateFree(AppLayerParserState *pstate);

void AppLayerParserTransactionsCleanup(Flow *f);

#ifdef DEBUG
void AppLayerParserStatePrintDetails(AppLayerParserState *pstate);
#endif


/***** Unittests *****/

#ifdef UNITTESTS
void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto,
                                  void (*RegisterUnittests)(void));
void AppLayerParserRegisterUnittests(void);
void AppLayerParserBackupParserTable(void);
void AppLayerParserRestoreParserTable(void);
void UTHAppLayerParserStateGetIds(void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min);
#endif

#endif /* __APP_LAYER_PARSER_H__ */
Commit	Line	Data
21e6f1f0	1	/* Copyright (C) 2007-2020 Open Information Security Foundation
ce019275 WM	2	*
	3	* You can copy, redistribute or modify this Program under the terms of
	4	* the GNU General Public License version 2 as published by the Free
	5	* Software Foundation.
	6	*
	7	* This program is distributed in the hope that it will be useful,
	8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	10	* GNU General Public License for more details.
	11	*
	12	* You should have received a copy of the GNU General Public License
	13	* version 2 along with this program; if not, write to the Free Software
	14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
	15	* 02110-1301, USA.
	16	*/
	17
	18	/**
	19	* \file
	20	*
	21	* \author Victor Julien <victor@inliniac.net>
429c6388	22	* \author Anoop Saldanha <anoopsaldanha@gmail.com>
ce019275 WM	23	*/
ce019275 WM	24
59327e0f VJ	25	#ifndef __APP_LAYER_PARSER_H__
59327e0f VJ	26	#define __APP_LAYER_PARSER_H__
8e10844f	27
347c0df9	28	#include "app-layer-events.h"
1cf02560	29	#include "detect-engine-state.h"
e1022ee5	30	#include "util-file.h"
b160c49e	31	#include "stream-tcp-private.h"
b573c16d	32	#include "rust.h"
5665fc83	33	#include "util-config.h"
e1022ee5	34
c862bbdc	35	/* Flags for AppLayerParserState. */
4f73943d	36	// flag available BIT_U8(0)
26eb49d7 EL	37	#define APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1)
	38	#define APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2)
	39	#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3)
	40	#define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4)
4f73943d VJ	41	#define APP_LAYER_PARSER_EOF_TS BIT_U8(5)
4f73943d VJ	42	#define APP_LAYER_PARSER_EOF_TC BIT_U8(6)
2c857087	43
c862bbdc	44	/* Flags for AppLayerParserProtoCtx. */
c8fb9bcb	45	#define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0)
ac3cf6ff	46	#define APP_LAYER_PARSER_OPT_UNIDIR_TXS BIT_U32(1)
c8fb9bcb VJ	47
c8fb9bcb VJ	48	#define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0)
c862bbdc	49
daeb8fd3 VJ	50	/* applies to DetectFlags uint64_t field */
daeb8fd3 VJ	51
ed877849 VJ	52	/** reserved for future use */
	53	#define APP_LAYER_TX_RESERVED1_FLAG BIT_U64(48)
	54	#define APP_LAYER_TX_RESERVED2_FLAG BIT_U64(49)
	55	#define APP_LAYER_TX_RESERVED3_FLAG BIT_U64(50)
	56	#define APP_LAYER_TX_RESERVED4_FLAG BIT_U64(51)
	57	#define APP_LAYER_TX_RESERVED5_FLAG BIT_U64(52)
	58	#define APP_LAYER_TX_RESERVED6_FLAG BIT_U64(53)
	59	#define APP_LAYER_TX_RESERVED7_FLAG BIT_U64(54)
	60	#define APP_LAYER_TX_RESERVED8_FLAG BIT_U64(55)
	61	#define APP_LAYER_TX_RESERVED9_FLAG BIT_U64(56)
	62	#define APP_LAYER_TX_RESERVED10_FLAG BIT_U64(57)
	63	#define APP_LAYER_TX_RESERVED11_FLAG BIT_U64(58)
	64	#define APP_LAYER_TX_RESERVED12_FLAG BIT_U64(59)
	65	#define APP_LAYER_TX_RESERVED13_FLAG BIT_U64(60)
	66	#define APP_LAYER_TX_RESERVED14_FLAG BIT_U64(61)
	67	#define APP_LAYER_TX_RESERVED15_FLAG BIT_U64(62)
	68
	69	#define APP_LAYER_TX_RESERVED_FLAGS \
	70	(APP_LAYER_TX_RESERVED1_FLAG \| APP_LAYER_TX_RESERVED2_FLAG \| APP_LAYER_TX_RESERVED3_FLAG \| \
	71	APP_LAYER_TX_RESERVED4_FLAG \| APP_LAYER_TX_RESERVED5_FLAG \| \
	72	APP_LAYER_TX_RESERVED6_FLAG \| APP_LAYER_TX_RESERVED7_FLAG \| \
	73	APP_LAYER_TX_RESERVED8_FLAG \| APP_LAYER_TX_RESERVED9_FLAG \| \
	74	APP_LAYER_TX_RESERVED10_FLAG \| APP_LAYER_TX_RESERVED11_FLAG \| \
	75	APP_LAYER_TX_RESERVED12_FLAG \| APP_LAYER_TX_RESERVED13_FLAG \| \
	76	APP_LAYER_TX_RESERVED14_FLAG \| APP_LAYER_TX_RESERVED15_FLAG)
	77
daeb8fd3 VJ	78	/** is tx fully inspected? */
	79	#define APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63)
	80	/** other 63 bits are for tracking which prefilter engine is already
	81	* completely inspected */
ed877849	82	#define APP_LAYER_TX_PREFILTER_MASK ~(APP_LAYER_TX_INSPECTED_FLAG \| APP_LAYER_TX_RESERVED_FLAGS)
daeb8fd3	83
21e6f1f0 VJ	84	/** parser has successfully processed in the input, and has consumed
21e6f1f0 VJ	85	* all of it. */
44d3f264	86	#define APP_LAYER_OK (AppLayerResult) { 0, 0, 0 }
21e6f1f0 VJ	87
	88	/** parser has hit an unrecoverable error. Returning this to the API
	89	* leads to no further calls to the parser. */
44d3f264	90	#define APP_LAYER_ERROR (AppLayerResult) { -1, 0, 0 }
21e6f1f0 VJ	91
	92	/** parser needs more data. Through 'c' it will indicate how many
	93	* of the input bytes it has consumed. Through 'n' it will indicate
	94	* how many more bytes it needs before getting called again.
	95	* \note consumed (c) should never be more than the input len
	96	* needed (n) + consumed (c) should be more than the input len
	97	*/
674b8dc0	98	#define APP_LAYER_INCOMPLETE(c,n) (AppLayerResult) { 1, (c), (n) }
3bcf948a	99
5908dd08	100	int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto);
2c857087 VJ	101
	102	/*** transaction handling ***/
	103
429c6388	104	int AppLayerParserSetup(void);
6d562f3b	105	void AppLayerParserPostStreamSetup(void);
429c6388 AS	106	int AppLayerParserDeSetup(void);
429c6388 AS	107
9634e60e VJ	108	typedef struct AppLayerParserThreadCtx_ AppLayerParserThreadCtx;
9634e60e VJ	109
429c6388 AS	110	/**
	111	* \brief Gets a new app layer protocol's parser thread context.
	112	*
	113	* \retval Non-NULL pointer on success.
	114	* NULL pointer on failure.
	115	*/
9634e60e	116	AppLayerParserThreadCtx *AppLayerParserThreadCtxAlloc(void);
429c6388 AS	117
	118	/**
	119	* \brief Destroys the app layer parser thread context obtained
fdefb65b	120	* using AppLayerParserThreadCtxAlloc().
429c6388 AS	121	*
	122	* \param tctx Pointer to the thread context to be destroyed.
	123	*/
9634e60e	124	void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx);
429c6388 AS	125
	126	/**
	127	* \brief Given a protocol name, checks if the parser is enabled in
	128	* the conf file.
	129	*
	130	* \param alproto_name Name of the app layer protocol.
	131	*
	132	* \retval 1 If enabled.
	133	* \retval 0 If disabled.
d4d18e31	134	*/
429c6388 AS	135	int AppLayerParserConfParserEnabled(const char *ipproto,
429c6388 AS	136	const char *alproto_name);
d4d18e31	137
7c8bdfd3	138	/** \brief Prototype for parsing functions */
44d3f264	139	typedef AppLayerResult (AppLayerParserFPtr)(Flow f, void *protocol_state,
7c8bdfd3	140	AppLayerParserState *pstate,
579cc9f0	141	const uint8_t *buf, uint32_t buf_len,
7bc3c3ac	142	void *local_storage, const uint8_t flags);
7c8bdfd3	143
e96d9c11 VJ	144	typedef struct AppLayerGetTxIterState {
	145	union {
	146	void *ptr;
	147	uint64_t u64;
	148	} un;
	149	} AppLayerGetTxIterState;
	150
	151	/** \brief tx iterator prototype */
	152	typedef AppLayerGetTxIterTuple (*AppLayerGetTxIteratorFunc)
	153	(const uint8_t ipproto, const AppProto alproto,
	154	void *alstate, uint64_t min_tx_id, uint64_t max_tx_id,
	155	AppLayerGetTxIterState *state);
	156
429c6388	157	/*** Parser related registration ***/
d4d18e31 AS	158
d4d18e31 AS	159	/**
429c6388	160	* \brief Register app layer parser for the protocol.
d4d18e31	161	*
429c6388 AS	162	* \retval 0 On success.
429c6388 AS	163	* \retval -1 On failure.
d4d18e31	164	*/
5cdeadb3	165	int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto,
429c6388	166	uint8_t direction,
7c8bdfd3	167	AppLayerParserFPtr Parser);
5cdeadb3	168	void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto,
429c6388 AS	169	AppProto alproto,
429c6388 AS	170	uint8_t direction);
c862bbdc	171	void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto,
c8fb9bcb	172	uint32_t flags);
5cdeadb3	173	void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto,
547d6c2d	174	void (StateAlloc)(void , AppProto), void (StateFree)(void *));
5cdeadb3	175	void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto proto,
429c6388 AS	176	void (LocalStorageAlloc)(void),
429c6388 AS	177	void (LocalStorageFree)(void ));
5cdeadb3	178	void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto,
429c6388	179	FileContainer (StateGetFiles)(void *, uint8_t));
7732efbe JI	180	// void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto proto,
7732efbe JI	181	// AppLayerDecoderEvents (StateGetEvents)(void *) __attribute__((nonnull)));
f3599323	182	void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto,
bca0cd71 VJ	183	LoggerId (StateGetTxLogged)(void , void *),
bca0cd71 VJ	184	void (StateSetTxLogged)(void , void *, LoggerId));
5cdeadb3	185	void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto);
01724f04	186	void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits);
5cdeadb3	187	void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto,
429c6388	188	void (Truncate)(void , uint8_t));
5cdeadb3	189	void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto,
429c6388	190	int (StateGetStateProgress)(void alstate, uint8_t direction));
5cdeadb3	191	void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto,
429c6388	192	void (StateTransactionFree)(void , uint64_t));
5cdeadb3	193	void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto,
429c6388	194	uint64_t (StateGetTxCnt)(void alstate));
5cdeadb3	195	void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto,
429c6388	196	void (StateGetTx)(void alstate, uint64_t tx_id));
e96d9c11 VJ	197	void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto,
e96d9c11 VJ	198	AppLayerGetTxIteratorFunc Func);
efc9a7a3 VJ	199	void AppLayerParserRegisterStateProgressCompletionStatus(
efc9a7a3 VJ	200	AppProto alproto, const int ts, const int tc);
5cdeadb3	201	void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto,
429c6388 AS	202	int (StateGetEventInfo)(const char event_name, int *event_id,
429c6388 AS	203	AppLayerEventType *event_type));
50e23ba9 JL	204	void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto,
	205	int (StateGetEventInfoById)(int event_id, const char *event_name,
	206	AppLayerEventType *event_type));
b160c49e GL	207	void AppLayerParserRegisterGetStreamDepth(uint8_t ipproto,
	208	AppProto alproto,
	209	uint32_t (*GetStreamDepth)(void));
ed5a439b GL	210	void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto,
ed5a439b GL	211	void (SetStreamDepthFlag)(void tx, uint8_t flags));
d4d18e31	212
411f428a VJ	213	void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto,
411f428a VJ	214	AppLayerTxData (GetTxData)(void *tx));
5665fc83 VJ	215	void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto,
5665fc83 VJ	216	bool (ApplyTxConfig)(void state, void *tx, int mode, AppLayerTxConfig));
411f428a	217
429c6388	218	/*** Get and transaction functions ***/
16cfae2f	219
ac3cf6ff	220	uint32_t AppLayerParserGetOptionFlags(uint8_t protomap, AppProto alproto);
e96d9c11 VJ	221	AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto,
	222	const AppProto alproto);
	223
5cdeadb3 VJ	224	void *AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto);
5cdeadb3 VJ	225	void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto,
429c6388	226	void *local_data);
6cb00142	227
6cb00142	228
9634e60e	229	uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate);
e9fccfa6	230	void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id);
5c01b409	231
9634e60e	232	uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction);
5c01b409	233	void AppLayerParserSetTransactionInspectId(const Flow f, AppLayerParserState pstate,
af51e0f5	234	void *alstate, const uint8_t flags, bool tag_txs_as_inspected);
5c01b409	235
9634e60e VJ	236	AppLayerDecoderEvents AppLayerParserGetDecoderEvents(AppLayerParserState pstate);
9634e60e VJ	237	void AppLayerParserSetDecoderEvents(AppLayerParserState pstate, AppLayerDecoderEvents devents);
d568e7fa	238	AppLayerDecoderEvents AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto, void tx);
a4a4d17a	239	FileContainer AppLayerParserGetFiles(const Flow f, const uint8_t direction);
5cdeadb3	240	int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto,
429c6388	241	void *alstate, uint8_t direction);
5c01b409	242	uint64_t AppLayerParserGetTxCnt(const Flow , void alstate);
5cdeadb3	243	void AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void alstate, uint64_t tx_id);
c4b918b6	244	int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto, uint8_t direction);
5cdeadb3	245	int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name,
429c6388	246	int event_id, AppLayerEventType event_type);
50e23ba9 JL	247	int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, int event_id,
50e23ba9 JL	248	const char *event_name, AppLayerEventType event_type);
6cb00142	249
3148ff34	250	uint64_t AppLayerParserGetTransactionActive(const Flow f, AppLayerParserState pstate, uint8_t direction);
6cb00142	251
f5f14880	252	uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto);
ddde572f	253
bcfa484b	254	int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto);
1cf02560	255
411f428a	256	AppLayerTxData AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void tx);
5665fc83 VJ	257	void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto,
5665fc83 VJ	258	void state, void tx, enum ConfigAction mode, AppLayerTxConfig);
411f428a	259
429c6388 AS	260	/*** General ***/
429c6388 AS	261
675fa564	262	int AppLayerParserParse(ThreadVars tv, AppLayerParserThreadCtx tctx, Flow *f, AppProto alproto,
579cc9f0	263	uint8_t flags, const uint8_t *input, uint32_t input_len);
9634e60e	264	void AppLayerParserSetEOF(AppLayerParserState *pstate);
af51e0f5	265	bool AppLayerParserHasDecoderEvents(AppLayerParserState *pstate);
078ff0c0	266	int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto);
bca0cd71	267	LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto);
2d223b69	268	void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction);
b160c49e	269	void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth);
3148ff34	270	uint32_t AppLayerParserGetStreamDepth(const Flow *f);
ed5a439b	271	void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags);
d369e54f	272	int AppLayerParserIsEnabled(AppProto alproto);
429c6388 AS	273
	274	/*** Cleanup ***/
	275
21e74179 PA	276	void AppLayerParserStateProtoCleanup(
21e74179 PA	277	uint8_t protomap, AppProto alproto, void alstate, AppLayerParserState pstate);
3148ff34	278	void AppLayerParserStateCleanup(const Flow f, void alstate, AppLayerParserState *pstate);
429c6388 AS	279
	280	void AppLayerParserRegisterProtocolParsers(void);
	281
	282
9634e60e VJ	283	void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint8_t flag);
9634e60e VJ	284	int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag);
429c6388	285
5cdeadb3	286	void AppLayerParserStreamTruncated(uint8_t ipproto, AppProto alproto, void *alstate,
429c6388 AS	287	uint8_t direction);
	288
	289
	290
9634e60e VJ	291	AppLayerParserState *AppLayerParserStateAlloc(void);
9634e60e VJ	292	void AppLayerParserStateFree(AppLayerParserState *pstate);
429c6388	293
7a96d18f	294	void AppLayerParserTransactionsCleanup(Flow *f);
429c6388 AS	295
429c6388 AS	296	#ifdef DEBUG
9634e60e	297	void AppLayerParserStatePrintDetails(AppLayerParserState *pstate);
429c6388	298	#endif
6cb00142	299
077ac816	300
6cb00142 AS	301	/*** Unittests ***/
6cb00142 AS	302
429c6388	303	#ifdef UNITTESTS
5cdeadb3	304	void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto,
429c6388 AS	305	void (*RegisterUnittests)(void));
	306	void AppLayerParserRegisterUnittests(void);
	307	void AppLayerParserBackupParserTable(void);
	308	void AppLayerParserRestoreParserTable(void);
37203c98	309	void UTHAppLayerParserStateGetIds(void ptr, uint64_t i1, uint64_t i2, uint64_t log, uint64_t *min);
429c6388	310	#endif
6cb00142	311
59327e0f	312	#endif /* __APP_LAYER_PARSER_H__ */