git.ipfire.org Git - thirdparty/suricata.git/commit

author	Victor Julien <vjulien@oisf.net>
	Fri, 3 Dec 2021 06:40:56 +0000 (07:40 +0100)
committer	Victor Julien <vjulien@oisf.net>
	Mon, 17 Jan 2022 20:44:04 +0000 (21:44 +0100)
commit	1556e86c7db139057e8ad0a964dc77d010b8134b
tree	acd55819345c1be169213bb08d493ca7f6dc7ede	tree \| snapshot
parent	e6f49e5a051d7d1b6e699b4bf6905a017461211d	commit \| diff

app/frames: initial support

The idea of stream frames is that the applayer parsers can tag PDUs and
other arbitrary frames in the stream while parsing. These frames can then
be inspected from the rule language. This will allow rules that are more
precise and less costly.

The frames are stored per direction in the `AppLayerParserState` and will only
be initialized when actual frames are in use. The per direction storage has a
fixed size static portion and dynamic support for a larger number. This is done
for effeciency.

When the Stream Buffer slides, frames are updated as they use offsets relative
to the stream. A negative offset is used for frames that started before the
current window.

Frames have events to inspect/log parser errors that don't fit the TX model.

Frame id starts at 1. So implementations can keep track of frame ids where 0
is not set.

Frames affect TCP window sliding. The frames keep a "left edge" which
signifies how much data to keep for frames that are still in progress.

src/Makefile.am		diff \| blob \| blame \| history
src/app-layer-frames.c	[new file with mode: 0644]	blob
src/app-layer-frames.h	[new file with mode: 0644]	blob
src/app-layer-parser.c		diff \| blob \| blame \| history
src/app-layer-parser.h		diff \| blob \| blame \| history
src/app-layer.c		diff \| blob \| blame \| history
src/flow-worker.c		diff \| blob \| blame \| history
src/stream-tcp-list.c		diff \| blob \| blame \| history
src/stream-tcp-reassemble.c		diff \| blob \| blame \| history