[people/ms/suricata.git] / src / app-layer-parser.h

/* Copyright (C) 2007-2020 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author Victor Julien <victor@inliniac.net>
 * \author Anoop Saldanha <anoopsaldanha@gmail.com>
 */

#ifndef __APP_LAYER_PARSER_H__
#define __APP_LAYER_PARSER_H__

#include "app-layer-events.h"
#include "detect-engine-state.h"
#include "util-file.h"
#include "stream-tcp-private.h"
#include "rust.h"

/* Flags for AppLayerParserState. */
#define APP_LAYER_PARSER_EOF                    BIT_U8(0)
#define APP_LAYER_PARSER_NO_INSPECTION          BIT_U8(1)
#define APP_LAYER_PARSER_NO_REASSEMBLY          BIT_U8(2)
#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD  BIT_U8(3)
#define APP_LAYER_PARSER_BYPASS_READY           BIT_U8(4)

/* Flags for AppLayerParserProtoCtx. */
#define APP_LAYER_PARSER_OPT_ACCEPT_GAPS        BIT_U32(0)

#define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET   BIT_U32(0)

/* applies to DetectFlags uint64_t field */

/** is tx fully inspected? */
#define APP_LAYER_TX_INSPECTED_FLAG             BIT_U64(63)
/** other 63 bits are for tracking which prefilter engine is already
 *  completely inspected */
#define APP_LAYER_TX_PREFILTER_MASK             ~APP_LAYER_TX_INSPECTED_FLAG

/** parser has successfully processed in the input, and has consumed
 *  all of it. */
#define APP_LAYER_OK (AppLayerResult) { 0, 0, 0 }

/** parser has hit an unrecoverable error. Returning this to the API
 *  leads to no further calls to the parser. */
#define APP_LAYER_ERROR (AppLayerResult) { -1, 0, 0 }

/** parser needs more data. Through 'c' it will indicate how many
 *  of the input bytes it has consumed. Through 'n' it will indicate
 *  how many more bytes it needs before getting called again.
 *  \note consumed (c) should never be more than the input len
 *        needed (n) + consumed (c) should be more than the input len
 */
#define APP_LAYER_INCOMPLETE(c,n) (AppLayerResult) { 1, (c), (n) }

int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto);

/***** transaction handling *****/

int AppLayerParserSetup(void);
void AppLayerParserPostStreamSetup(void);
int AppLayerParserDeSetup(void);

typedef struct AppLayerParserThreadCtx_ AppLayerParserThreadCtx;

/**
 * \brief Gets a new app layer protocol's parser thread context.
 *
 * \retval Non-NULL pointer on success.
 *         NULL pointer on failure.
 */
AppLayerParserThreadCtx *AppLayerParserThreadCtxAlloc(void);

/**
 * \brief Destroys the app layer parser thread context obtained
 *        using AppLayerParserThreadCtxAlloc().
 *
 * \param tctx Pointer to the thread context to be destroyed.
 */
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx);

/**
 * \brief Given a protocol name, checks if the parser is enabled in
 *        the conf file.
 *
 * \param alproto_name Name of the app layer protocol.
 *
 * \retval 1 If enabled.
 * \retval 0 If disabled.
 */
int AppLayerParserConfParserEnabled(const char *ipproto,
                                    const char *alproto_name);

/** \brief Prototype for parsing functions */
typedef AppLayerResult (*AppLayerParserFPtr)(Flow *f, void *protocol_state,
        AppLayerParserState *pstate,
        const uint8_t *buf, uint32_t buf_len,
        void *local_storage, const uint8_t flags);

typedef struct AppLayerGetTxIterState {
    union {
        void *ptr;
        uint64_t u64;
    } un;
} AppLayerGetTxIterState;

/** \brief tx iterator prototype */
typedef AppLayerGetTxIterTuple (*AppLayerGetTxIteratorFunc)
       (const uint8_t ipproto, const AppProto alproto,
        void *alstate, uint64_t min_tx_id, uint64_t max_tx_id,
        AppLayerGetTxIterState *state);

/***** Parser related registration *****/

/**
 * \brief Register app layer parser for the protocol.
 *
 * \retval 0 On success.
 * \retval -1 On failure.
 */
int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto,
                      uint8_t direction,
                      AppLayerParserFPtr Parser);
void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto,
                                              AppProto alproto,
                                              uint8_t direction);
void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto,
        uint32_t flags);
void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto,
                           void *(*StateAlloc)(void),
                           void (*StateFree)(void *));
void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto proto,
                                 void *(*LocalStorageAlloc)(void),
                                 void (*LocalStorageFree)(void *));
void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto,
                             FileContainer *(*StateGetFiles)(void *, uint8_t));
void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto proto,
    AppLayerDecoderEvents *(*StateGetEvents)(void *) __attribute__((nonnull)));
void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto,
                         LoggerId (*StateGetTxLogged)(void *, void *),
                         void (*StateSetTxLogged)(void *, void *, LoggerId));
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto);
void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits);
void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto,
                             void (*Truncate)(void *, uint8_t));
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto,
    int (*StateGetStateProgress)(void *alstate, uint8_t direction));
void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto,
                           void (*StateTransactionFree)(void *, uint64_t));
void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto,
                         uint64_t (*StateGetTxCnt)(void *alstate));
void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto,
                      void *(StateGetTx)(void *alstate, uint64_t tx_id));
void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto,
                      AppLayerGetTxIteratorFunc Func);
void AppLayerParserRegisterGetStateProgressCompletionStatus(AppProto alproto,
    int (*StateGetStateProgressCompletionStatus)(uint8_t direction));
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto,
    int (*StateGetEventInfo)(const char *event_name, int *event_id,
                             AppLayerEventType *event_type));
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto,
    int (*StateGetEventInfoById)(int event_id, const char **event_name,
                                 AppLayerEventType *event_type));
void AppLayerParserRegisterDetectStateFuncs(uint8_t ipproto, AppProto alproto,
        DetectEngineState *(*GetTxDetectState)(void *tx),
        int (*SetTxDetectState)(void *tx, DetectEngineState *));
void AppLayerParserRegisterGetStreamDepth(uint8_t ipproto,
                                          AppProto alproto,
                                          uint32_t (*GetStreamDepth)(void));
void AppLayerParserRegisterDetectFlagsFuncs(uint8_t ipproto, AppProto alproto,
        uint64_t(*GetTxDetectFlags)(void *tx, uint8_t dir),
        void (*SetTxDetectFlags)(void *tx, uint8_t dir, uint64_t));
void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto,
        void (*SetStreamDepthFlag)(void *tx, uint8_t flags));

/***** Get and transaction functions *****/

AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto,
         const AppProto alproto);

void *AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto);
void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto,
                                          void *local_data);


uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate);
void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id);

void AppLayerParserSetTxLogged(uint8_t ipproto, AppProto alproto, void *alstate,
                               void *tx, LoggerId logged);
LoggerId AppLayerParserGetTxLogged(const Flow *f, void *alstate, void *tx);

uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction);
void AppLayerParserSetTransactionInspectId(const Flow *f, AppLayerParserState *pstate,
                                void *alstate, const uint8_t flags, bool tag_txs_as_inspected);

AppLayerDecoderEvents *AppLayerParserGetDecoderEvents(AppLayerParserState *pstate);
void AppLayerParserSetDecoderEvents(AppLayerParserState *pstate, AppLayerDecoderEvents *devents);
AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto, void *tx);
FileContainer *AppLayerParserGetFiles(const Flow *f, const uint8_t direction);
int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto,
                        void *alstate, uint8_t direction);
uint64_t AppLayerParserGetTxCnt(const Flow *, void *alstate);
void *AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id);
int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto, uint8_t direction);
int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name,
                    int *event_id, AppLayerEventType *event_type);
int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, int event_id,
                    const char **event_name, AppLayerEventType *event_type);

uint64_t AppLayerParserGetTransactionActive(const Flow *f, AppLayerParserState *pstate, uint8_t direction);

uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto);

int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto);
int AppLayerParserSupportsTxDetectState(uint8_t ipproto, AppProto alproto);
int AppLayerParserHasTxDetectState(uint8_t ipproto, AppProto alproto, void *alstate);
DetectEngineState *AppLayerParserGetTxDetectState(uint8_t ipproto, AppProto alproto, void *tx);
int AppLayerParserSetTxDetectState(const Flow *f, void *tx, DetectEngineState *s);

uint64_t AppLayerParserGetTxDetectFlags(uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir);
void AppLayerParserSetTxDetectFlags(uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir, uint64_t);
bool AppLayerParserSupportsTxDetectFlags(AppProto alproto);

/***** General *****/

int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *tctx, Flow *f, AppProto alproto,
                   uint8_t flags, const uint8_t *input, uint32_t input_len);
void AppLayerParserSetEOF(AppLayerParserState *pstate);
bool AppLayerParserHasDecoderEvents(AppLayerParserState *pstate);
int AppLayerParserProtocolIsTxEventAware(uint8_t ipproto, AppProto alproto);
int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto);
LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto);
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction);
void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth);
uint32_t AppLayerParserGetStreamDepth(const Flow *f);
void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags);
int AppLayerParserIsEnabled(AppProto alproto);

/***** Cleanup *****/

void AppLayerParserStateCleanup(const Flow *f, void *alstate, AppLayerParserState *pstate);

void AppLayerParserRegisterProtocolParsers(void);


void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint8_t flag);
int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag);

void AppLayerParserStreamTruncated(uint8_t ipproto, AppProto alproto, void *alstate,
                        uint8_t direction);


AppLayerParserState *AppLayerParserStateAlloc(void);
void AppLayerParserStateFree(AppLayerParserState *pstate);

void AppLayerParserTransactionsCleanup(Flow *f);

#ifdef DEBUG
void AppLayerParserStatePrintDetails(AppLayerParserState *pstate);
#endif


/***** Unittests *****/

#ifdef UNITTESTS
void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto,
                                  void (*RegisterUnittests)(void));
void AppLayerParserRegisterUnittests(void);
void AppLayerParserBackupParserTable(void);
void AppLayerParserRestoreParserTable(void);
void UTHAppLayerParserStateGetIds(void *ptr, uint64_t *i1, uint64_t *i2, uint64_t *log, uint64_t *min);
#endif

#endif /* __APP_LAYER_PARSER_H__ */
Commit	Line	Data
21e6f1f0	1	/* Copyright (C) 2007-2020 Open Information Security Foundation
ce019275 WM	2	*
	3	* You can copy, redistribute or modify this Program under the terms of
	4	* the GNU General Public License version 2 as published by the Free
	5	* Software Foundation.
	6	*
	7	* This program is distributed in the hope that it will be useful,
	8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	10	* GNU General Public License for more details.
	11	*
	12	* You should have received a copy of the GNU General Public License
	13	* version 2 along with this program; if not, write to the Free Software
	14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
	15	* 02110-1301, USA.
	16	*/
	17
	18	/**
	19	* \file
	20	*
	21	* \author Victor Julien <victor@inliniac.net>
429c6388	22	* \author Anoop Saldanha <anoopsaldanha@gmail.com>
ce019275 WM	23	*/
ce019275 WM	24
59327e0f VJ	25	#ifndef __APP_LAYER_PARSER_H__
59327e0f VJ	26	#define __APP_LAYER_PARSER_H__
8e10844f	27
347c0df9	28	#include "app-layer-events.h"
1cf02560	29	#include "detect-engine-state.h"
e1022ee5	30	#include "util-file.h"
b160c49e	31	#include "stream-tcp-private.h"
b573c16d	32	#include "rust.h"
e1022ee5	33
c862bbdc	34	/* Flags for AppLayerParserState. */
26eb49d7 EL	35	#define APP_LAYER_PARSER_EOF BIT_U8(0)
	36	#define APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1)
	37	#define APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2)
	38	#define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3)
	39	#define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4)
2c857087	40
c862bbdc	41	/* Flags for AppLayerParserProtoCtx. */
c8fb9bcb VJ	42	#define APP_LAYER_PARSER_OPT_ACCEPT_GAPS BIT_U32(0)
	43
	44	#define APP_LAYER_PARSER_INT_STREAM_DEPTH_SET BIT_U32(0)
c862bbdc	45
daeb8fd3 VJ	46	/* applies to DetectFlags uint64_t field */
	47
	48	/** is tx fully inspected? */
	49	#define APP_LAYER_TX_INSPECTED_FLAG BIT_U64(63)
	50	/** other 63 bits are for tracking which prefilter engine is already
	51	* completely inspected */
	52	#define APP_LAYER_TX_PREFILTER_MASK ~APP_LAYER_TX_INSPECTED_FLAG
	53
21e6f1f0 VJ	54	/** parser has successfully processed in the input, and has consumed
21e6f1f0 VJ	55	* all of it. */
44d3f264	56	#define APP_LAYER_OK (AppLayerResult) { 0, 0, 0 }
21e6f1f0 VJ	57
	58	/** parser has hit an unrecoverable error. Returning this to the API
	59	* leads to no further calls to the parser. */
44d3f264	60	#define APP_LAYER_ERROR (AppLayerResult) { -1, 0, 0 }
21e6f1f0 VJ	61
	62	/** parser needs more data. Through 'c' it will indicate how many
	63	* of the input bytes it has consumed. Through 'n' it will indicate
	64	* how many more bytes it needs before getting called again.
	65	* \note consumed (c) should never be more than the input len
	66	* needed (n) + consumed (c) should be more than the input len
	67	*/
674b8dc0	68	#define APP_LAYER_INCOMPLETE(c,n) (AppLayerResult) { 1, (c), (n) }
3bcf948a	69
5908dd08	70	int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto);
2c857087 VJ	71
	72	/*** transaction handling ***/
	73
429c6388	74	int AppLayerParserSetup(void);
6d562f3b	75	void AppLayerParserPostStreamSetup(void);
429c6388 AS	76	int AppLayerParserDeSetup(void);
429c6388 AS	77
9634e60e VJ	78	typedef struct AppLayerParserThreadCtx_ AppLayerParserThreadCtx;
9634e60e VJ	79
429c6388 AS	80	/**
	81	* \brief Gets a new app layer protocol's parser thread context.
	82	*
	83	* \retval Non-NULL pointer on success.
	84	* NULL pointer on failure.
	85	*/
9634e60e	86	AppLayerParserThreadCtx *AppLayerParserThreadCtxAlloc(void);
429c6388 AS	87
	88	/**
	89	* \brief Destroys the app layer parser thread context obtained
fdefb65b	90	* using AppLayerParserThreadCtxAlloc().
429c6388 AS	91	*
	92	* \param tctx Pointer to the thread context to be destroyed.
	93	*/
9634e60e	94	void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx);
429c6388 AS	95
	96	/**
	97	* \brief Given a protocol name, checks if the parser is enabled in
	98	* the conf file.
	99	*
	100	* \param alproto_name Name of the app layer protocol.
	101	*
	102	* \retval 1 If enabled.
	103	* \retval 0 If disabled.
d4d18e31	104	*/
429c6388 AS	105	int AppLayerParserConfParserEnabled(const char *ipproto,
429c6388 AS	106	const char *alproto_name);
d4d18e31	107
7c8bdfd3	108	/** \brief Prototype for parsing functions */
44d3f264	109	typedef AppLayerResult (AppLayerParserFPtr)(Flow f, void *protocol_state,
7c8bdfd3	110	AppLayerParserState *pstate,
579cc9f0	111	const uint8_t *buf, uint32_t buf_len,
7bc3c3ac	112	void *local_storage, const uint8_t flags);
7c8bdfd3	113
e96d9c11 VJ	114	typedef struct AppLayerGetTxIterState {
	115	union {
	116	void *ptr;
	117	uint64_t u64;
	118	} un;
	119	} AppLayerGetTxIterState;
	120
	121	/** \brief tx iterator prototype */
	122	typedef AppLayerGetTxIterTuple (*AppLayerGetTxIteratorFunc)
	123	(const uint8_t ipproto, const AppProto alproto,
	124	void *alstate, uint64_t min_tx_id, uint64_t max_tx_id,
	125	AppLayerGetTxIterState *state);
	126
429c6388	127	/*** Parser related registration ***/
d4d18e31 AS	128
d4d18e31 AS	129	/**
429c6388	130	* \brief Register app layer parser for the protocol.
d4d18e31	131	*
429c6388 AS	132	* \retval 0 On success.
429c6388 AS	133	* \retval -1 On failure.
d4d18e31	134	*/
5cdeadb3	135	int AppLayerParserRegisterParser(uint8_t ipproto, AppProto alproto,
429c6388	136	uint8_t direction,
7c8bdfd3	137	AppLayerParserFPtr Parser);
5cdeadb3	138	void AppLayerParserRegisterParserAcceptableDataDirection(uint8_t ipproto,
429c6388 AS	139	AppProto alproto,
429c6388 AS	140	uint8_t direction);
c862bbdc	141	void AppLayerParserRegisterOptionFlags(uint8_t ipproto, AppProto alproto,
c8fb9bcb	142	uint32_t flags);
5cdeadb3	143	void AppLayerParserRegisterStateFuncs(uint8_t ipproto, AppProto alproto,
429c6388 AS	144	void (StateAlloc)(void),
429c6388 AS	145	void (StateFree)(void ));
5cdeadb3	146	void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto proto,
429c6388 AS	147	void (LocalStorageAlloc)(void),
429c6388 AS	148	void (LocalStorageFree)(void ));
5cdeadb3	149	void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto,
429c6388	150	FileContainer (StateGetFiles)(void *, uint8_t));
5cdeadb3	151	void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto proto,
d568e7fa	152	AppLayerDecoderEvents (StateGetEvents)(void *) __attribute__((nonnull)));
f3599323	153	void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto,
bca0cd71 VJ	154	LoggerId (StateGetTxLogged)(void , void *),
bca0cd71 VJ	155	void (StateSetTxLogged)(void , void *, LoggerId));
5cdeadb3	156	void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto);
01724f04	157	void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits);
5cdeadb3	158	void AppLayerParserRegisterTruncateFunc(uint8_t ipproto, AppProto alproto,
429c6388	159	void (Truncate)(void , uint8_t));
5cdeadb3	160	void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto,
429c6388	161	int (StateGetStateProgress)(void alstate, uint8_t direction));
5cdeadb3	162	void AppLayerParserRegisterTxFreeFunc(uint8_t ipproto, AppProto alproto,
429c6388	163	void (StateTransactionFree)(void , uint64_t));
5cdeadb3	164	void AppLayerParserRegisterGetTxCnt(uint8_t ipproto, AppProto alproto,
429c6388	165	uint64_t (StateGetTxCnt)(void alstate));
5cdeadb3	166	void AppLayerParserRegisterGetTx(uint8_t ipproto, AppProto alproto,
429c6388	167	void (StateGetTx)(void alstate, uint64_t tx_id));
e96d9c11 VJ	168	void AppLayerParserRegisterGetTxIterator(uint8_t ipproto, AppProto alproto,
e96d9c11 VJ	169	AppLayerGetTxIteratorFunc Func);
c4b918b6	170	void AppLayerParserRegisterGetStateProgressCompletionStatus(AppProto alproto,
429c6388	171	int (*StateGetStateProgressCompletionStatus)(uint8_t direction));
5cdeadb3	172	void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto,
429c6388 AS	173	int (StateGetEventInfo)(const char event_name, int *event_id,
429c6388 AS	174	AppLayerEventType *event_type));
50e23ba9 JL	175	void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto,
	176	int (StateGetEventInfoById)(int event_id, const char *event_name,
	177	AppLayerEventType *event_type));
1cf02560 VJ	178	void AppLayerParserRegisterDetectStateFuncs(uint8_t ipproto, AppProto alproto,
1cf02560 VJ	179	DetectEngineState (GetTxDetectState)(void *tx),
7548944b	180	int (SetTxDetectState)(void tx, DetectEngineState *));
b160c49e GL	181	void AppLayerParserRegisterGetStreamDepth(uint8_t ipproto,
	182	AppProto alproto,
	183	uint32_t (*GetStreamDepth)(void));
daeb8fd3 VJ	184	void AppLayerParserRegisterDetectFlagsFuncs(uint8_t ipproto, AppProto alproto,
	185	uint64_t(GetTxDetectFlags)(void tx, uint8_t dir),
	186	void (SetTxDetectFlags)(void tx, uint8_t dir, uint64_t));
ed5a439b GL	187	void AppLayerParserRegisterSetStreamDepthFlag(uint8_t ipproto, AppProto alproto,
ed5a439b GL	188	void (SetStreamDepthFlag)(void tx, uint8_t flags));
d4d18e31	189
429c6388	190	/*** Get and transaction functions ***/
16cfae2f	191
e96d9c11 VJ	192	AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto,
	193	const AppProto alproto);
	194
5cdeadb3 VJ	195	void *AppLayerParserGetProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto);
5cdeadb3 VJ	196	void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto alproto,
429c6388	197	void *local_data);
6cb00142	198
6cb00142	199
9634e60e	200	uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate);
e9fccfa6	201	void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id);
5c01b409	202
f3599323	203	void AppLayerParserSetTxLogged(uint8_t ipproto, AppProto alproto, void *alstate,
bca0cd71 VJ	204	void *tx, LoggerId logged);
bca0cd71 VJ	205	LoggerId AppLayerParserGetTxLogged(const Flow f, void alstate, void *tx);
5c01b409	206
9634e60e	207	uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction);
5c01b409	208	void AppLayerParserSetTransactionInspectId(const Flow f, AppLayerParserState pstate,
af51e0f5	209	void *alstate, const uint8_t flags, bool tag_txs_as_inspected);
5c01b409	210
9634e60e VJ	211	AppLayerDecoderEvents AppLayerParserGetDecoderEvents(AppLayerParserState pstate);
9634e60e VJ	212	void AppLayerParserSetDecoderEvents(AppLayerParserState pstate, AppLayerDecoderEvents devents);
d568e7fa	213	AppLayerDecoderEvents AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto, void tx);
a4a4d17a	214	FileContainer AppLayerParserGetFiles(const Flow f, const uint8_t direction);
5cdeadb3	215	int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto,
429c6388	216	void *alstate, uint8_t direction);
5c01b409	217	uint64_t AppLayerParserGetTxCnt(const Flow , void alstate);
5cdeadb3	218	void AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void alstate, uint64_t tx_id);
c4b918b6	219	int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto, uint8_t direction);
5cdeadb3	220	int AppLayerParserGetEventInfo(uint8_t ipproto, AppProto alproto, const char *event_name,
429c6388	221	int event_id, AppLayerEventType event_type);
50e23ba9 JL	222	int AppLayerParserGetEventInfoById(uint8_t ipproto, AppProto alproto, int event_id,
50e23ba9 JL	223	const char *event_name, AppLayerEventType event_type);
6cb00142	224
3148ff34	225	uint64_t AppLayerParserGetTransactionActive(const Flow f, AppLayerParserState pstate, uint8_t direction);
6cb00142	226
f5f14880	227	uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto);
ddde572f	228
bcfa484b	229	int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto);
1cf02560	230	int AppLayerParserSupportsTxDetectState(uint8_t ipproto, AppProto alproto);
f536099a	231	int AppLayerParserHasTxDetectState(uint8_t ipproto, AppProto alproto, void *alstate);
1cf02560	232	DetectEngineState AppLayerParserGetTxDetectState(uint8_t ipproto, AppProto alproto, void tx);
7548944b	233	int AppLayerParserSetTxDetectState(const Flow f, void tx, DetectEngineState *s);
1cf02560	234
daeb8fd3 VJ	235	uint64_t AppLayerParserGetTxDetectFlags(uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir);
daeb8fd3 VJ	236	void AppLayerParserSetTxDetectFlags(uint8_t ipproto, AppProto alproto, void *tx, uint8_t dir, uint64_t);
739df21e	237	bool AppLayerParserSupportsTxDetectFlags(AppProto alproto);
daeb8fd3	238
429c6388 AS	239	/*** General ***/
429c6388 AS	240
675fa564	241	int AppLayerParserParse(ThreadVars tv, AppLayerParserThreadCtx tctx, Flow *f, AppProto alproto,
579cc9f0	242	uint8_t flags, const uint8_t *input, uint32_t input_len);
9634e60e	243	void AppLayerParserSetEOF(AppLayerParserState *pstate);
af51e0f5	244	bool AppLayerParserHasDecoderEvents(AppLayerParserState *pstate);
5cdeadb3	245	int AppLayerParserProtocolIsTxEventAware(uint8_t ipproto, AppProto alproto);
078ff0c0	246	int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto);
bca0cd71	247	LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto);
2d223b69	248	void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction);
b160c49e	249	void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth);
3148ff34	250	uint32_t AppLayerParserGetStreamDepth(const Flow *f);
ed5a439b	251	void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags);
d369e54f	252	int AppLayerParserIsEnabled(AppProto alproto);
429c6388 AS	253
	254	/*** Cleanup ***/
	255
3148ff34	256	void AppLayerParserStateCleanup(const Flow f, void alstate, AppLayerParserState *pstate);
429c6388 AS	257
	258	void AppLayerParserRegisterProtocolParsers(void);
	259
	260
9634e60e VJ	261	void AppLayerParserStateSetFlag(AppLayerParserState *pstate, uint8_t flag);
9634e60e VJ	262	int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag);
429c6388	263
5cdeadb3	264	void AppLayerParserStreamTruncated(uint8_t ipproto, AppProto alproto, void *alstate,
429c6388 AS	265	uint8_t direction);
	266
	267
	268
9634e60e VJ	269	AppLayerParserState *AppLayerParserStateAlloc(void);
9634e60e VJ	270	void AppLayerParserStateFree(AppLayerParserState *pstate);
429c6388	271
7a96d18f	272	void AppLayerParserTransactionsCleanup(Flow *f);
429c6388 AS	273
429c6388 AS	274	#ifdef DEBUG
9634e60e	275	void AppLayerParserStatePrintDetails(AppLayerParserState *pstate);
429c6388	276	#endif
6cb00142	277
077ac816	278
6cb00142 AS	279	/*** Unittests ***/
6cb00142 AS	280
429c6388	281	#ifdef UNITTESTS
5cdeadb3	282	void AppLayerParserRegisterProtocolUnittests(uint8_t ipproto, AppProto alproto,
429c6388 AS	283	void (*RegisterUnittests)(void));
	284	void AppLayerParserRegisterUnittests(void);
	285	void AppLayerParserBackupParserTable(void);
	286	void AppLayerParserRestoreParserTable(void);
37203c98	287	void UTHAppLayerParserStateGetIds(void ptr, uint64_t i1, uint64_t i2, uint64_t log, uint64_t *min);
429c6388	288	#endif
6cb00142	289
59327e0f	290	#endif /* __APP_LAYER_PARSER_H__ */