use std::os::raw::{c_char, c_int, c_void};
use suricata::applayer::{
state_get_tx_iterator, AppLayerEvent, AppLayerParserConfParserEnabled,
- AppLayerParserRegisterLogger, AppLayerParserStateIssetFlag,
- AppLayerProtoDetectConfProtoDetectionEnabled, AppLayerRegisterParser,
+ AppLayerParserRegisterLogger, AppLayerParserStateIssetFlag, AppLayerRegisterParser,
AppLayerRegisterProtocolDetection, AppLayerResult, AppLayerStateData, AppLayerTxData,
RustParser, State, StreamSlice, Transaction, APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS,
APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
use suricata::{
build_slice, cast_pointer, export_state_data_get, export_tx_data_get, SCLogError, SCLogNotice,
};
-use suricata_sys::sys::{AppProto, Flow};
+use suricata_sys::sys::{AppProto, Flow, SCAppLayerProtoDetectConfProtoDetectionEnabled};
static mut TEMPLATE_MAX_TX: usize = 256;
}
unsafe extern "C" fn template_parse_request(
- _flow: *const Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
+ _flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
let eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0;
}
unsafe extern "C" fn template_parse_response(
- _flow: *const Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
+ _flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
let _eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0;
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_TEMPLATE = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
}
}
-pub type ParseFn = unsafe extern "C" fn (flow: *const Flow,
+pub type ParseFn = unsafe extern "C" fn (flow: *mut Flow,
state: *mut c_void,
pstate: *mut c_void,
stream_slice: StreamSlice,
}
-// Defined in app-layer-detect-proto.h
-/// cbindgen:ignore
-extern "C" {
- pub fn AppLayerForceProtocolChange(f: *const Flow, new_proto: AppProto);
- pub fn AppLayerProtoDetectPPRegister(ipproto: u8, portstr: *const c_char, alproto: AppProto,
- min_depth: u16, max_depth: u16, dir: u8,
- pparser1: ProbeFn, pparser2: ProbeFn);
- pub fn AppLayerProtoDetectPPParseConfPorts(ipproto_name: *const c_char, ipproto: u8,
- alproto_name: *const c_char, alproto: AppProto,
- min_depth: u16, max_depth: u16,
- pparser_ts: ProbeFn, pparser_tc: ProbeFn) -> i32;
- pub fn AppLayerProtoDetectPMRegisterPatternCI(ipproto: u8, alproto: AppProto,
- pattern: *const c_char, depth: u16,
- offset: u16, direction: u8) -> c_int;
- pub fn AppLayerProtoDetectPMRegisterPatternCS(ipproto: u8, alproto: AppProto,
- pattern: *const c_char, depth: u16,
- offset: u16, direction: u8) -> c_int;
- pub fn AppLayerProtoDetectPMRegisterPatternCSwPP(ipproto: u8, alproto: AppProto,
- pattern: *const c_char, depth: u16,
- offset: u16, direction: u8, ppfn: ProbeFn,
- pp_min_depth: u16, pp_max_depth: u16) -> c_int;
- pub fn AppLayerProtoDetectConfProtoDetectionEnabled(ipproto: *const c_char, proto: *const c_char) -> c_int;
- pub fn AppLayerProtoDetectConfProtoDetectionEnabledDefault(ipproto: *const c_char, proto: *const c_char, default: bool) -> c_int;
- pub fn AppLayerRequestProtocolTLSUpgrade(flow: *const Flow) -> bool;
-}
-
// Defined in app-layer-parser.h
pub const APP_LAYER_PARSER_NO_INSPECTION : u16 = BIT_U16!(1);
pub const APP_LAYER_PARSER_NO_REASSEMBLY : u16 = BIT_U16!(2);
use std::collections::VecDeque;
use std::ffi::CString;
use std::os::raw::{c_char, c_int, c_void};
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
static mut TEMPLATE_MAX_TX: usize = 256;
return ALPROTO_UNKNOWN;
}
-extern "C" fn template_state_new(
- _orig_state: *mut c_void, _orig_proto: AppProto,
-) -> *mut c_void {
+extern "C" fn template_state_new(_orig_state: *mut c_void, _orig_proto: AppProto) -> *mut c_void {
let state = TemplateState::new();
let boxed = Box::new(state);
return Box::into_raw(boxed) as *mut c_void;
}
unsafe extern "C" fn template_parse_request(
- _flow: *const Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
+ _flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
let eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0;
}
unsafe extern "C" fn template_parse_response(
- _flow: *const Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
+ _flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
let _eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0;
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_TEMPLATE = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
* 02110-1301, USA.
*/
-use suricata_sys::sys::AppProto;
+ use suricata_sys::sys::{
+ AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ SCAppLayerProtoDetectPMRegisterPatternCS,
+};
use crate::applayer::{self, *};
use crate::bittorrent_dht::parser::{
}
unsafe extern "C" fn parse_ts(
- _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
return parse(
}
unsafe extern "C" fn parse_tc(
- _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
return parse(
}
unsafe extern "C" fn parse(
- _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
direction: Direction,
) -> AppLayerResult {
let ip_proto_str = CString::new("udp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_BITTORRENT_DHT = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let _ = AppLayerRegisterParser(&parser, alproto);
}
- if AppLayerProtoDetectPMRegisterPatternCS(
+ if SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP,
ALPROTO_BITTORRENT_DHT,
BITTORRENT_DHT_PAYLOAD_PREFIX.as_ptr() as *const c_char,
{
SCLogDebug!("Failed to register protocol detection pattern for direction TOSERVER");
};
- if AppLayerProtoDetectPMRegisterPatternCS(
+ if SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP,
ALPROTO_BITTORRENT_DHT,
BITTORRENT_DHT_PAYLOAD_PREFIX.as_ptr() as *const c_char,
use nom7::error::{Error, ErrorKind};
use nom7::number::Endianness;
use nom7::{Err, IResult, Needed};
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{
+ AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ SCAppLayerProtoDetectPMRegisterPatternCSwPP,
+};
use std;
use std::cmp;
use std::ffi::CString;
}
unsafe extern "C" fn parse_request(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void,
) -> AppLayerResult {
}
unsafe extern "C" fn parse_response(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void,
) -> AppLayerResult {
fn register_pattern_probe() -> i8 {
unsafe {
- if AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_DCERPC,
+ if SCAppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_DCERPC,
b"|05 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0,
- Direction::ToServer.into(), probe_tcp, 0, 0) < 0 {
- SCLogDebug!("TOSERVER => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
+ Direction::ToServer.into(), Some(probe_tcp), 0, 0) < 0 {
+ SCLogDebug!("TOSERVER => SCAppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
return -1;
}
- if AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_DCERPC,
+ if SCAppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_DCERPC,
b"|05 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0,
- Direction::ToClient.into(), probe_tcp, 0, 0) < 0 {
- SCLogDebug!("TOCLIENT => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
+ Direction::ToClient.into(), Some(probe_tcp), 0, 0) < 0 {
+ SCLogDebug!("TOCLIENT => SCAppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
return -1;
}
}
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(
ip_proto_str.as_ptr(),
parser.name,
) != 0
use crate::direction::{Direction, DIR_BOTH};
use crate::flow::Flow;
use nom7::Err;
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{
+ AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ SCAppLayerProtoDetectPMRegisterPatternCSwPP,
+};
use std;
use std::ffi::CString;
use std::collections::VecDeque;
}
unsafe extern "C" fn parse(
- _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void,
) -> AppLayerResult {
fn register_pattern_probe() -> i8 {
unsafe {
- if AppLayerProtoDetectPMRegisterPatternCSwPP(core::IPPROTO_UDP, ALPROTO_DCERPC,
+ if SCAppLayerProtoDetectPMRegisterPatternCSwPP(core::IPPROTO_UDP, ALPROTO_DCERPC,
b"|04 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0,
- Direction::ToServer.into(), probe_udp, 0, 0) < 0 {
- SCLogDebug!("TOSERVER => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
+ Direction::ToServer.into(), Some(probe_udp), 0, 0) < 0 {
+ SCLogDebug!("TOSERVER => SCAppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
return -1;
}
}
};
let ip_proto_str = CString::new("udp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_DCERPC = alproto;
if register_pattern_probe() < 0 {
* 02110-1301, USA.
*/
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
use crate::applayer::{self, *};
use crate::core::{ALPROTO_UNKNOWN, IPPROTO_UDP};
}
unsafe extern "C" fn dhcp_parse(
- _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, DHCPState);
let ip_proto_str = CString::new("udp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_DHCP = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
use nom7::number::streaming::be_u16;
use nom7::{Err, IResult};
-use suricata_sys::sys::{AppProto, DetectEngineThreadCtx};
+use suricata_sys::sys::{
+ AppProto, DetectEngineThreadCtx, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+};
/// DNS record types.
/// DNS error codes.
OtherError,
}
-pub(crate) fn dns_parse_request(input: &[u8], variant: &DnsVariant) -> Result<DNSTransaction, DNSParseError> {
+pub(crate) fn dns_parse_request(
+ input: &[u8], variant: &DnsVariant,
+) -> Result<DNSTransaction, DNSParseError> {
let (body, header) = if let Some((body, header)) = dns_validate_header(input) {
(body, header)
} else {
}
}
- pub(crate) fn parse_request_udp(&mut self, flow: *const Flow, stream_slice: StreamSlice) -> bool {
+ pub(crate) fn parse_request_udp(
+ &mut self, flow: *const Flow, stream_slice: StreamSlice,
+ ) -> bool {
let input = stream_slice.as_slice();
let frame = Frame::new(
flow,
/// C binding parse a DNS request. Returns 1 on success, -1 on failure.
pub(crate) unsafe extern "C" fn parse_request(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, DNSState);
}
unsafe extern "C" fn parse_response(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, DNSState);
/// C binding parse a DNS request. Returns 1 on success, -1 on failure.
unsafe extern "C" fn parse_request_tcp(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, DNSState);
}
unsafe extern "C" fn parse_response_tcp(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, DNSState);
tx.response.is_some()
}
-pub(crate) unsafe extern "C" fn state_get_tx_data(tx: *mut std::os::raw::c_void) -> *mut AppLayerTxData {
+pub(crate) unsafe extern "C" fn state_get_tx_data(
+ tx: *mut std::os::raw::c_void,
+) -> *mut AppLayerTxData {
let tx = cast_pointer!(tx, DNSTransaction);
return &mut tx.tx_data;
}
};
let ip_proto_str = CString::new("udp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_DNS = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
};
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_DNS = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
use std::collections::VecDeque;
use std::ffi::CString;
use std::os::raw::{c_char, c_int, c_void};
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
pub(super) static mut ALPROTO_ENIP: AppProto = ALPROTO_UNKNOWN;
}
if request {
tx.request = Some(pdu);
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToServer as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToServer as i32,
+ );
} else {
tx.response = Some(pdu);
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToClient as i32,
+ );
}
self.transactions.push_back(tx);
}
}
unsafe extern "C" fn enip_parse_request_udp(
- flow: *const Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
+ flow: *mut Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, EnipState);
}
unsafe extern "C" fn enip_parse_response_udp(
- flow: *const Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
+ flow: *mut Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, EnipState);
}
unsafe extern "C" fn enip_parse_request_tcp(
- flow: *const Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
+ flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
let eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0;
}
unsafe extern "C" fn enip_parse_response_tcp(
- flow: *const Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
+ flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
let eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0;
}
}
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_ENIP = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
parser.flags = APP_LAYER_PARSER_OPT_ACCEPT_GAPS;
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_ENIP = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
use std::ffi::CString;
use std::fmt;
use std::io;
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{
+ AppProto, SCAppLayerForceProtocolChange, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+};
static mut ALPROTO_HTTP2: AppProto = ALPROTO_UNKNOWN;
static mut ALPROTO_DOH2: AppProto = ALPROTO_UNKNOWN;
return r;
}
- fn handle_dns_data(&mut self, dir: Direction, flow: *const Flow) {
+ fn handle_dns_data(&mut self, dir: Direction, flow: *mut Flow) {
if let Some(doh) = &mut self.doh {
if !doh.data_buf[dir.index()].is_empty() {
if dir.is_to_client() {
dtx.id = 1;
doh.dns_response_tx = Some(dtx);
unsafe {
- AppLayerForceProtocolChange(flow, ALPROTO_DOH2);
+ SCAppLayerForceProtocolChange(flow, ALPROTO_DOH2);
}
}
- } else if let Ok(mut dtx) = dns_parse_request(&doh.data_buf[dir.index()], &DnsVariant::Dns) {
+ } else if let Ok(mut dtx) =
+ dns_parse_request(&doh.data_buf[dir.index()], &DnsVariant::Dns)
+ {
dtx.id = 1;
doh.dns_request_tx = Some(dtx);
unsafe {
- AppLayerForceProtocolChange(flow, ALPROTO_DOH2);
+ SCAppLayerForceProtocolChange(flow, ALPROTO_DOH2);
}
}
}
}
fn parse_frames(
- &mut self, mut input: &[u8], il: usize, dir: Direction, flow: *const Flow,
+ &mut self, mut input: &[u8], il: usize, dir: Direction, flow: *mut Flow,
stream_slice: &StreamSlice,
) -> AppLayerResult {
while !input.is_empty() {
if let Ok(mut dtx) = dns_parse_request(&doh_req_buf, &DnsVariant::Dns) {
dtx.id = 1;
unsafe {
- AppLayerForceProtocolChange(flow, ALPROTO_DOH2);
+ SCAppLayerForceProtocolChange(flow, ALPROTO_DOH2);
}
if let Some(doh) = &mut tx.doh {
doh.dns_request_tx = Some(dtx);
return AppLayerResult::ok();
}
- fn parse_ts(&mut self, flow: *const Flow, stream_slice: StreamSlice) -> AppLayerResult {
+ fn parse_ts(&mut self, flow: *mut Flow, stream_slice: StreamSlice) -> AppLayerResult {
//very first : skip magic
let mut input = stream_slice.as_slice();
let mut magic_consumed = 0;
}
}
- fn parse_tc(&mut self, flow: *const Flow, stream_slice: StreamSlice) -> AppLayerResult {
+ fn parse_tc(&mut self, flow: *mut Flow, stream_slice: StreamSlice) -> AppLayerResult {
//first consume frame bytes
let mut input = stream_slice.as_slice();
let il = input.len();
}
unsafe extern "C" fn http2_parse_ts(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, HTTP2State);
}
unsafe extern "C" fn http2_parse_tc(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, HTTP2State);
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_HTTP2 = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
parser.name = b"doh2\0".as_ptr() as *const std::os::raw::c_char;
parser.probe_tc = None;
parser.default_port = std::ptr::null();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_DOH2 = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
use crate::ike::ikev2::{handle_ikev2, Ikev2Container};
use crate::ike::parser::*;
use nom7::Err;
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
use std;
use std::collections::HashSet;
use std::ffi::CString;
}
unsafe extern "C" fn ike_parse_request(
- _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, IKEState);
}
unsafe extern "C" fn ike_parse_response(
- _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, IKEState);
let ip_proto_str = CString::new("udp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_IKE = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
use nom7::{Err, IResult};
use std;
use std::ffi::CString;
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
#[derive(AppLayerEvent)]
pub enum KRB5Event {
}
unsafe extern "C" fn krb5_parse_request(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let buf = stream_slice.as_slice();
}
unsafe extern "C" fn krb5_parse_response(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let buf = stream_slice.as_slice();
}
unsafe extern "C" fn krb5_parse_request_tcp(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, KRB5State);
}
unsafe extern "C" fn krb5_parse_response_tcp(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, KRB5State);
};
// register UDP parser
let ip_proto_str = CString::new("udp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
// store the allocated ID for the probe function
ALPROTO_KRB5 = alproto;
parser.parse_ts = krb5_parse_request_tcp;
parser.parse_tc = krb5_parse_response_tcp;
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
// store the allocated ID for the probe function
ALPROTO_KRB5 = alproto;
use std::collections::VecDeque;
use std::ffi::CString;
use std::os::raw::{c_char, c_int, c_void};
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{
+ AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerRequestProtocolTLSUpgrade,
+};
use crate::ldap::types::*;
})
}
- fn parse_request(&mut self, flow: *const Flow, stream_slice: StreamSlice) -> AppLayerResult {
+ fn parse_request(&mut self, flow: *mut Flow, stream_slice: StreamSlice) -> AppLayerResult {
let input = stream_slice.as_slice();
if input.is_empty() {
return AppLayerResult::ok();
if self.has_starttls {
unsafe {
- AppLayerRequestProtocolTLSUpgrade(flow);
+ SCAppLayerRequestProtocolTLSUpgrade(flow);
}
return AppLayerResult::ok();
}
}
unsafe extern "C" fn ldap_parse_request(
- flow: *const Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
+ flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
if stream_slice.is_empty() {
}
unsafe extern "C" fn ldap_parse_response(
- flow: *const Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
+ flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
if stream_slice.is_empty() {
}
unsafe extern "C" fn ldap_parse_request_udp(
- flow: *const Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
+ flow: *mut Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, LdapState);
}
unsafe extern "C" fn ldap_parse_response_udp(
- flow: *const Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
+ flow: *mut Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, LdapState);
};
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_LDAP = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
};
let ip_proto_str = CString::new("udp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_LDAP = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
use crate::flow::Flow;
use suricata_sys::sys::DetectEngineThreadCtx;
-use suricata_sys::sys::{AppProto, AppProtoEnum};
+use suricata_sys::sys::{AppProto, AppProtoEnum, SCAppLayerProtoDetectConfProtoDetectionEnabled};
pub(super) static mut ALPROTO_MDNS: AppProto = ALPROTO_UNKNOWN;
};
let ip_proto_str = CString::new("udp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_MDNS = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
use sawp::parser::{Direction, Parse};
use sawp::probe::{Probe, Status};
use sawp_modbus::{self, AccessType, ErrorFlags, Flags, Message};
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabledDefault};
pub const REQUEST_FLOOD: usize = 500; // Default unreplied Modbus requests are considered a flood
pub const MODBUS_PARSER: sawp_modbus::Modbus = sawp_modbus::Modbus { probe_strict: true };
}
unsafe extern "C" fn modbus_parse_request(
- flow: *const Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let buf = stream_slice.as_slice();
}
unsafe extern "C" fn modbus_parse_response(
- flow: *const Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let buf = stream_slice.as_slice();
};
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabledDefault(
+ if SCAppLayerProtoDetectConfProtoDetectionEnabledDefault(
ip_proto_str.as_ptr(),
parser.name,
false,
use std;
use std::collections::VecDeque;
use std::ffi::CString;
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
// Used as a special pseudo packet identifier to denote the first CONNECT
// packet in a connection. Note that there is no risk of collision with a
}
unsafe extern "C" fn mqtt_parse_request(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, MQTTState);
}
unsafe extern "C" fn mqtt_parse_response(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, MQTTState);
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_MQTT = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
use std::ffi::CString;
use nom7::{Err, Needed};
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{
+ AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ SCAppLayerProtoDetectPPParseConfPorts, SCAppLayerProtoDetectPPRegister,
+};
use crate::applayer;
use crate::applayer::*;
/// C binding parse a NFS TCP request. Returns 1 on success, -1 on failure.
unsafe extern "C" fn nfs_parse_request(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, NFSState);
}
unsafe extern "C" fn nfs_parse_response(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, NFSState);
/// C binding to parse an NFS/UDP request. Returns 1 on success, -1 on failure.
unsafe extern "C" fn nfs_parse_request_udp(
- f: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ f: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, NFSState);
}
unsafe extern "C" fn nfs_parse_response_udp(
- f: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ f: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, NFSState);
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_NFS = alproto;
let midstream = conf_get_bool("stream.midstream");
if midstream {
- if AppLayerProtoDetectPPParseConfPorts(
+ if SCAppLayerProtoDetectPPParseConfPorts(
ip_proto_str.as_ptr(),
IPPROTO_TCP,
parser.name,
ALPROTO_NFS,
0,
NFS_MIN_FRAME_LEN,
- nfs_probe_ms,
- nfs_probe_ms,
+ Some(nfs_probe_ms),
+ Some(nfs_probe_ms),
) == 0
{
SCLogDebug!("No NFSTCP app-layer configuration, enabling NFSTCP detection TCP detection on port {:?}.",
default_port);
/* register 'midstream' probing parsers if midstream is enabled. */
- AppLayerProtoDetectPPRegister(
+ SCAppLayerProtoDetectPPRegister(
IPPROTO_TCP,
default_port.as_ptr(),
ALPROTO_NFS,
0,
NFS_MIN_FRAME_LEN,
Direction::ToServer.into(),
- nfs_probe_ms,
- nfs_probe_ms,
+ Some(nfs_probe_ms),
+ Some(nfs_probe_ms),
);
}
} else {
- AppLayerProtoDetectPPRegister(
+ SCAppLayerProtoDetectPPRegister(
IPPROTO_TCP,
default_port.as_ptr(),
ALPROTO_NFS,
0,
NFS_MIN_FRAME_LEN,
Direction::ToServer.into(),
- ffi_nfs_probe,
- ffi_nfs_probe,
+ Some(ffi_nfs_probe),
+ Some(ffi_nfs_probe),
);
}
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let ip_proto_str = CString::new("udp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_NFS = alproto;
- if AppLayerProtoDetectPPParseConfPorts(
+ if SCAppLayerProtoDetectPPParseConfPorts(
ip_proto_str.as_ptr(),
IPPROTO_UDP,
parser.name,
ALPROTO_NFS,
0,
NFS_MIN_FRAME_LEN,
- nfs_probe_udp_ts,
- nfs_probe_udp_tc,
+ Some(nfs_probe_udp_ts),
+ Some(nfs_probe_udp_tc),
) == 0
{
SCLogDebug!("No NFSUDP app-layer configuration, enabling NFSUDP detection UDP detection on port {:?}.",
default_port);
- AppLayerProtoDetectPPRegister(
+ SCAppLayerProtoDetectPPRegister(
IPPROTO_UDP,
default_port.as_ptr(),
ALPROTO_NFS,
0,
NFS_MIN_FRAME_LEN,
Direction::ToServer.into(),
- nfs_probe_udp_ts,
- nfs_probe_udp_tc,
+ Some(nfs_probe_udp_ts),
+ Some(nfs_probe_udp_tc),
);
}
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
use std::ffi::CString;
use nom7::Err;
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
#[derive(AppLayerEvent)]
pub enum NTPEvent {
}
unsafe extern "C" fn ntp_parse_request(
- _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, NTPState);
}
unsafe extern "C" fn ntp_parse_response(
- _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, NTPState);
};
let ip_proto_str = CString::new("udp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
// store the allocated ID for the probe function
ALPROTO_NTP = alproto;
use std;
use std::collections::VecDeque;
use std::ffi::CString;
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{
+ AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerRequestProtocolTLSUpgrade,
+};
const PGSQL_CONFIG_DEFAULT_STREAM_DEPTH: u32 = 0;
/// If there is data from the backend message that Suri should store separately in the State or
/// Transaction, that is also done here
fn response_process_next_state(
- &mut self, response: &PgsqlBEMessage, f: *const Flow,
+ &mut self, response: &PgsqlBEMessage, f: *mut Flow,
) -> Option<PgsqlStateProgress> {
match response {
PgsqlBEMessage::SSLResponse(parser::SSLResponseMessage::SSLAccepted) => {
SCLogDebug!("SSL Request accepted");
unsafe {
- AppLayerRequestProtocolTLSUpgrade(f);
+ SCAppLayerRequestProtocolTLSUpgrade(f);
}
Some(PgsqlStateProgress::Finished)
}
}
}
- fn parse_response(&mut self, flow: *const Flow, input: &[u8]) -> AppLayerResult {
+ fn parse_response(&mut self, flow: *mut Flow, input: &[u8]) -> AppLayerResult {
// We're not interested in empty responses.
if input.is_empty() {
return AppLayerResult::ok();
tx.data_size = 0;
} else if state == PgsqlStateProgress::CopyDataOutReceived {
tx.incr_row_cnt();
- } else if state == PgsqlStateProgress::CopyDoneReceived && tx.get_row_cnt() > 0 {
+ } else if state == PgsqlStateProgress::CopyDoneReceived
+ && tx.get_row_cnt() > 0
+ {
// let's summarize the info from the data_rows in one response
let consolidated_copy_data = PgsqlBEMessage::ConsolidatedCopyDataOut(
ConsolidatedDataRowPacket {
}
unsafe extern "C" fn parse_request(
- flow: *const Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
if stream_slice.is_empty() {
}
unsafe extern "C" fn parse_response(
- flow: *const Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
if stream_slice.is_empty() {
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_PGSQL = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
use std::collections::VecDeque;
use std::ffi::CString;
use std::os::raw::{c_char, c_int, c_void};
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{
+ AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerRequestProtocolTLSUpgrade,
+};
use sawp::error::Error as SawpError;
use sawp::error::ErrorKind as SawpErrorKind;
return AppLayerResult::ok();
}
- fn parse_response(&mut self, input: &[u8], flow: *const Flow) -> AppLayerResult {
+ fn parse_response(&mut self, input: &[u8], flow: *mut Flow) -> AppLayerResult {
// We're not interested in empty responses.
if input.is_empty() {
return AppLayerResult::ok();
match &command.keyword {
sawp_pop3::Keyword::STLS => {
unsafe {
- AppLayerRequestProtocolTLSUpgrade(flow);
+ SCAppLayerRequestProtocolTLSUpgrade(flow);
};
}
sawp_pop3::Keyword::RETR => {
}
unsafe extern "C" fn pop3_parse_request(
- flow: *const Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
+ flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
let eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0;
}
unsafe extern "C" fn pop3_parse_response(
- flow: *const Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
+ flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
let _eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0;
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_POP3 = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
};
use std::collections::VecDeque;
use std::ffi::CString;
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
use tls_parser::TlsExtensionType;
static mut ALPROTO_QUIC: AppProto = ALPROTO_UNKNOWN;
}
unsafe extern "C" fn quic_parse_tc(
- _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, QuicState);
}
unsafe extern "C" fn quic_parse_ts(
- _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, QuicState);
let ip_proto_str = CString::new("udp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_QUIC = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
use crate::rdp::parser::*;
use crate::direction::Direction;
use nom7::Err;
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
use std;
use std::collections::VecDeque;
use tls_parser::{parse_tls_plaintext, TlsMessage, TlsMessageHandshake, TlsRecordType};
//
unsafe extern "C" fn rdp_parse_ts(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void
) -> AppLayerResult {
}
unsafe extern "C" fn rdp_parse_tc(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void
) -> AppLayerResult {
let ip_proto_str = std::ffi::CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_RDP = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
use crate::flow::Flow;
use crate::frames::*;
use nom7::Err;
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{
+ AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ SCAppLayerProtoDetectPMRegisterPatternCI,
+};
use std;
use std::ffi::CString;
use std::os::raw::c_char;
}
unsafe extern "C" fn rfb_parse_request(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, RFBState);
}
unsafe extern "C" fn rfb_parse_response(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, RFBState);
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_RFB = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
}
SCLogDebug!("Rust rfb parser registered.");
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RFB);
- if AppLayerProtoDetectPMRegisterPatternCI(
+ if SCAppLayerProtoDetectPMRegisterPatternCI(
IPPROTO_TCP,
ALPROTO_RFB,
b"RFB \0".as_ptr() as *const c_char,
{
SCLogDebug!("Failed to register protocol detection pattern for direction TOSERVER");
};
- if AppLayerProtoDetectPMRegisterPatternCI(
+ if SCAppLayerProtoDetectPMRegisterPatternCI(
IPPROTO_TCP,
ALPROTO_RFB,
b"RFB \0".as_ptr() as *const c_char,
use crate::frames::*;
use crate::sip::parser::*;
use nom7::Err;
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{
+ AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ SCAppLayerProtoDetectPMRegisterPatternCS,
+};
use std;
use std::collections::VecDeque;
use std::ffi::CString;
pub static mut ALPROTO_SIP: AppProto = ALPROTO_UNKNOWN;
unsafe extern "C" fn sip_parse_request(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, SIPState);
}
unsafe extern "C" fn sip_parse_request_tcp(
- flow: *const Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
if stream_slice.is_empty() {
}
unsafe extern "C" fn sip_parse_response(
- flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, SIPState);
}
unsafe extern "C" fn sip_parse_response_tcp(
- flow: *const Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
if stream_slice.is_empty() {
unsafe {
for method in methods {
let depth = (method.len() - 1) as u16;
- r |= AppLayerProtoDetectPMRegisterPatternCS(
+ r |= SCAppLayerProtoDetectPMRegisterPatternCS(
proto,
ALPROTO_SIP,
method.as_ptr() as *const std::os::raw::c_char,
Direction::ToServer as u8,
);
}
- r |= AppLayerProtoDetectPMRegisterPatternCS(
+ r |= SCAppLayerProtoDetectPMRegisterPatternCS(
proto,
ALPROTO_SIP,
b"SIP/2.0\0".as_ptr() as *const std::os::raw::c_char,
Direction::ToClient as u8,
);
if proto == core::IPPROTO_UDP {
- r |= AppLayerProtoDetectPMRegisterPatternCS(
+ r |= SCAppLayerProtoDetectPMRegisterPatternCS(
proto,
ALPROTO_SIP,
"UPDATE\0".as_ptr() as *const std::os::raw::c_char,
};
let ip_proto_str = CString::new("udp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_SIP = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
parser.parse_tc = sip_parse_response_tcp;
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_SIP = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
use nom7::error::{make_error, ErrorKind};
use lru::LruCache;
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{
+ AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ SCAppLayerProtoDetectPMRegisterPatternCSwPP, SCAppLayerProtoDetectPPParseConfPorts,
+ SCAppLayerProtoDetectPPRegister,
+};
use std::num::NonZeroUsize;
use crate::core::*;
}
/// C binding parse a SMB request. Returns 1 on success, -1 on failure.
-unsafe extern "C" fn smb_parse_request_tcp(flow: *const Flow,
+unsafe extern "C" fn smb_parse_request_tcp(flow: *mut Flow,
state: *mut ffi::c_void,
_pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
}
-unsafe extern "C" fn smb_parse_response_tcp(flow: *const Flow,
+unsafe extern "C" fn smb_parse_response_tcp(flow: *mut Flow,
state: *mut ffi::c_void,
_pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
let mut r = 0;
unsafe {
// SMB1
- r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
+ r |= SCAppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
b"|ff|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
- Direction::ToServer as u8, smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
- r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
+ Direction::ToServer as u8, Some(smb_probe_begins_tcp), MIN_REC_SIZE, MIN_REC_SIZE);
+ r |= SCAppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
b"|ff|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
- Direction::ToClient as u8, smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
+ Direction::ToClient as u8, Some(smb_probe_begins_tcp), MIN_REC_SIZE, MIN_REC_SIZE);
// SMB2/3
- r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
+ r |= SCAppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
b"|fe|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
- Direction::ToServer as u8, smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
- r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
+ Direction::ToServer as u8, Some(smb_probe_begins_tcp), MIN_REC_SIZE, MIN_REC_SIZE);
+ r |= SCAppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
b"|fe|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
- Direction::ToClient as u8, smb_probe_begins_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
+ Direction::ToClient as u8, Some(smb_probe_begins_tcp), MIN_REC_SIZE, MIN_REC_SIZE);
// SMB3 encrypted records
- r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
+ r |= SCAppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
b"|fd|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
- Direction::ToServer as u8, smb3_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
- r |= AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
+ Direction::ToServer as u8, Some(smb3_probe_tcp), MIN_REC_SIZE, MIN_REC_SIZE);
+ r |= SCAppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_SMB,
b"|fd|SMB\0".as_ptr() as *const std::os::raw::c_char, 8, 4,
- Direction::ToClient as u8, smb3_probe_tcp, MIN_REC_SIZE, MIN_REC_SIZE);
+ Direction::ToClient as u8, Some(smb3_probe_tcp), MIN_REC_SIZE, MIN_REC_SIZE);
}
if r == 0 {
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(
ip_proto_str.as_ptr(),
parser.name,
) != 0
return;
}
- let have_cfg = AppLayerProtoDetectPPParseConfPorts(ip_proto_str.as_ptr(),
+ let have_cfg = SCAppLayerProtoDetectPPParseConfPorts(ip_proto_str.as_ptr(),
IPPROTO_TCP, parser.name, ALPROTO_SMB, 0,
- MIN_REC_SIZE, c_smb_probe_tcp, c_smb_probe_tcp);
+ MIN_REC_SIZE, Some(c_smb_probe_tcp), Some(c_smb_probe_tcp));
if have_cfg == 0 {
- AppLayerProtoDetectPPRegister(IPPROTO_TCP, default_port.as_ptr(), ALPROTO_SMB,
- 0, MIN_REC_SIZE, Direction::ToServer as u8, c_smb_probe_tcp, c_smb_probe_tcp);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, default_port.as_ptr(), ALPROTO_SMB,
+ 0, MIN_REC_SIZE, Direction::ToServer as u8, Some(c_smb_probe_tcp), Some(c_smb_probe_tcp));
}
if AppLayerParserConfParserEnabled(
use nom7::error::{ErrorKind, make_error};
use suricata_sys::sys::{
AppProto, AppProtoNewProtoFromString, EveJsonTxLoggerRegistrationData,
- SCOutputJsonLogDirection, SCOutputEvePreRegisterLogger, SCSigTablePreRegister,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled, SCOutputEvePreRegisterLogger,
+ SCOutputJsonLogDirection, SCSigTablePreRegister,
};
#[derive(AppLayerEvent)]
snmp_state.free();
}
-unsafe extern "C" fn snmp_parse_request(_flow: *const Flow,
+unsafe extern "C" fn snmp_parse_request(_flow: *mut Flow,
state: *mut std::os::raw::c_void,
_pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
state.parse(stream_slice.as_slice(), Direction::ToServer).into()
}
-unsafe extern "C" fn snmp_parse_response(_flow: *const Flow,
+unsafe extern "C" fn snmp_parse_response(_flow: *mut Flow,
state: *mut std::os::raw::c_void,
_pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
};
SCOutputEvePreRegisterLogger(reg_data);
SCSigTablePreRegister(Some(detect_snmp_register));
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
// port 161
_ = AppLayerRegisterProtocolDetection(&parser, 1);
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
use nom7::Err;
use std::ffi::CString;
use std::sync::atomic::{AtomicBool, Ordering};
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
#[repr(C)]
#[derive(Debug, PartialEq, Eq, Clone, Copy)]
}
unsafe extern "C" fn ssh_parse_request(
- flow: *const Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = &mut cast_pointer!(state, SSHState);
}
unsafe extern "C" fn ssh_parse_response(
- flow: *const Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = &mut cast_pointer!(state, SSHState);
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_SSH = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
use crate::frames::*;
use std::ffi::CString;
use nom7::IResult;
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
use super::parser;
static mut ALPROTO_TELNET: AppProto = ALPROTO_UNKNOWN;
}
unsafe extern "C" fn telnet_parse_request(
- flow: *const Flow,
+ flow: *mut Flow,
state: *mut std::os::raw::c_void,
pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
}
unsafe extern "C" fn telnet_parse_response(
- flow: *const Flow,
+ flow: *mut Flow,
state: *mut std::os::raw::c_void,
pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(
ip_proto_str.as_ptr(),
parser.name,
) != 0
use super::parser;
use crate::applayer::{self, *};
use crate::conf::conf_get;
-use crate::core::{ALPROTO_FAILED, ALPROTO_UNKNOWN, IPPROTO_TCP, sc_app_layer_parser_trigger_raw_stream_inspection};
+use crate::core::{
+ sc_app_layer_parser_trigger_raw_stream_inspection, ALPROTO_FAILED, ALPROTO_UNKNOWN, IPPROTO_TCP,
+};
use crate::direction::Direction;
use crate::flow::Flow;
use crate::frames::Frame;
use flate2::Decompress;
use flate2::FlushDecompress;
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
use std;
use std::collections::VecDeque;
return ALPROTO_UNKNOWN;
}
-extern "C" fn websocket_state_new(
- _orig_state: *mut c_void, _orig_proto: AppProto,
-) -> *mut c_void {
+extern "C" fn websocket_state_new(_orig_state: *mut c_void, _orig_proto: AppProto) -> *mut c_void {
let state = WebSocketState::new();
let boxed = Box::new(state);
return Box::into_raw(boxed) as *mut c_void;
}
unsafe extern "C" fn websocket_parse_request(
- flow: *const Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
+ flow: *mut Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, WebSocketState);
}
unsafe extern "C" fn websocket_parse_response(
- flow: *const Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
+ flow: *mut Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, WebSocketState);
return state.tx_id;
}
-unsafe extern "C" fn websocket_tx_get_alstate_progress(
- _tx: *mut c_void, _direction: u8,
-) -> c_int {
+unsafe extern "C" fn websocket_tx_get_alstate_progress(_tx: *mut c_void, _direction: u8) -> c_int {
return 1;
}
let ip_proto_str = CString::new("tcp").unwrap();
- if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
+ if SCAppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_WEBSOCKET = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
extern "C" {
pub fn SCConfGetValueNode(node: *const SCConfNode) -> *const ::std::os::raw::c_char;
}
+pub type ProbingParserFPtr = ::std::option::Option<
+ unsafe extern "C" fn(
+ f: *const Flow,
+ flags: u8,
+ input: *const u8,
+ input_len: u32,
+ rdir: *mut u8,
+ ) -> AppProto,
+>;
+extern "C" {
+ #[doc = " PP registration"]
+ pub fn SCAppLayerProtoDetectPPRegister(
+ ipproto: u8, portstr: *const ::std::os::raw::c_char, alproto: AppProto, min_depth: u16,
+ max_depth: u16, direction: u8, ProbingParser1: ProbingParserFPtr,
+ ProbingParser2: ProbingParserFPtr,
+ );
+}
+extern "C" {
+ #[doc = " \\retval bool 0 if no config was found, 1 if config was found"]
+ pub fn SCAppLayerProtoDetectPPParseConfPorts(
+ ipproto_name: *const ::std::os::raw::c_char, ipproto: u8,
+ alproto_name: *const ::std::os::raw::c_char, alproto: AppProto, min_depth: u16,
+ max_depth: u16, ProbingParserTs: ProbingParserFPtr, ProbingParserTc: ProbingParserFPtr,
+ ) -> ::std::os::raw::c_int;
+}
+extern "C" {
+ #[doc = " \\brief Registers a case-sensitive pattern for protocol detection."]
+ pub fn SCAppLayerProtoDetectPMRegisterPatternCS(
+ ipproto: u8, alproto: AppProto, pattern: *const ::std::os::raw::c_char, depth: u16,
+ offset: u16, direction: u8,
+ ) -> ::std::os::raw::c_int;
+}
+extern "C" {
+ pub fn SCAppLayerProtoDetectPMRegisterPatternCSwPP(
+ ipproto: u8, alproto: AppProto, pattern: *const ::std::os::raw::c_char, depth: u16,
+ offset: u16, direction: u8, PPFunc: ProbingParserFPtr, pp_min_depth: u16,
+ pp_max_depth: u16,
+ ) -> ::std::os::raw::c_int;
+}
+extern "C" {
+ #[doc = " \\brief Registers a case-insensitive pattern for protocol detection."]
+ pub fn SCAppLayerProtoDetectPMRegisterPatternCI(
+ ipproto: u8, alproto: AppProto, pattern: *const ::std::os::raw::c_char, depth: u16,
+ offset: u16, direction: u8,
+ ) -> ::std::os::raw::c_int;
+}
+extern "C" {
+ pub fn SCAppLayerRequestProtocolTLSUpgrade(f: *mut Flow) -> bool;
+}
+extern "C" {
+ pub fn SCAppLayerForceProtocolChange(f: *mut Flow, new_proto: AppProto);
+}
+extern "C" {
+ #[doc = " \\brief Given a protocol name, checks if proto detection is enabled in\n the conf file.\n\n \\param alproto Name of the app layer protocol.\n\n \\retval 1 If enabled.\n \\retval 0 If disabled."]
+ pub fn SCAppLayerProtoDetectConfProtoDetectionEnabled(
+ ipproto: *const ::std::os::raw::c_char, alproto: *const ::std::os::raw::c_char,
+ ) -> ::std::os::raw::c_int;
+}
+extern "C" {
+ #[doc = " \\brief Given a protocol name, checks if proto detection is enabled in\n the conf file.\n\n \\param alproto Name of the app layer protocol.\n \\param default_enabled enable by default if not in the configuration file\n\n \\retval 1 If enabled.\n \\retval 0 If disabled."]
+ pub fn SCAppLayerProtoDetectConfProtoDetectionEnabledDefault(
+ ipproto: *const ::std::os::raw::c_char, alproto: *const ::std::os::raw::c_char,
+ default_enabled: bool,
+ ) -> ::std::os::raw::c_int;
+}
*
* \param direction STREAM_TOSERVER or STREAM_TOCLIENT for dp or sp
*/
-void AppLayerProtoDetectPPRegister(uint8_t ipproto,
- const char *portstr,
- AppProto alproto,
- uint16_t min_depth, uint16_t max_depth,
- uint8_t direction,
- ProbingParserFPtr ProbingParser1,
- ProbingParserFPtr ProbingParser2)
+void SCAppLayerProtoDetectPPRegister(uint8_t ipproto, const char *portstr, AppProto alproto,
+ uint16_t min_depth, uint16_t max_depth, uint8_t direction, ProbingParserFPtr ProbingParser1,
+ ProbingParserFPtr ProbingParser2)
{
SCEnter();
SCReturn;
}
-int AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name,
- uint8_t ipproto,
- const char *alproto_name,
- AppProto alproto,
- uint16_t min_depth, uint16_t max_depth,
- ProbingParserFPtr ProbingParserTs,
- ProbingParserFPtr ProbingParserTc)
+int SCAppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, uint8_t ipproto,
+ const char *alproto_name, AppProto alproto, uint16_t min_depth, uint16_t max_depth,
+ ProbingParserFPtr ProbingParserTs, ProbingParserFPtr ProbingParserTc)
{
SCEnter();
port_node = SCConfNodeLookupChild(node, "toserver");
if (port_node != NULL && port_node->val != NULL) {
- AppLayerProtoDetectPPRegister(ipproto,
- port_node->val,
- alproto,
- min_depth, max_depth,
- STREAM_TOSERVER, /* to indicate dp */
- ProbingParserTs, ProbingParserTc);
+ SCAppLayerProtoDetectPPRegister(ipproto, port_node->val, alproto, min_depth, max_depth,
+ STREAM_TOSERVER, /* to indicate dp */
+ ProbingParserTs, ProbingParserTc);
}
/* detect by source port of flow */
port_node = SCConfNodeLookupChild(node, "toclient");
if (port_node != NULL && port_node->val != NULL) {
- AppLayerProtoDetectPPRegister(ipproto,
- port_node->val,
- alproto,
- min_depth, max_depth,
- STREAM_TOCLIENT, /* to indicate sp */
- ProbingParserTc, ProbingParserTs);
-
+ SCAppLayerProtoDetectPPRegister(ipproto, port_node->val, alproto, min_depth, max_depth,
+ STREAM_TOCLIENT, /* to indicate sp */
+ ProbingParserTc, ProbingParserTs);
}
config = 1;
/***** PM registration *****/
-int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto,
- const char *pattern,
- uint16_t depth, uint16_t offset,
- uint8_t direction)
+int SCAppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern,
+ uint16_t depth, uint16_t offset, uint8_t direction)
{
SCEnter();
int r = AppLayerProtoDetectPMRegisterPattern(ipproto, alproto,
SCReturnInt(r);
}
-int AppLayerProtoDetectPMRegisterPatternCSwPP(uint8_t ipproto, AppProto alproto,
- const char *pattern, uint16_t depth, uint16_t offset,
- uint8_t direction,
- ProbingParserFPtr PPFunc,
- uint16_t pp_min_depth, uint16_t pp_max_depth)
+int SCAppLayerProtoDetectPMRegisterPatternCSwPP(uint8_t ipproto, AppProto alproto,
+ const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction,
+ ProbingParserFPtr PPFunc, uint16_t pp_min_depth, uint16_t pp_max_depth)
{
SCEnter();
int r = AppLayerProtoDetectPMRegisterPattern(ipproto, alproto,
SCReturnInt(r);
}
-int AppLayerProtoDetectPMRegisterPatternCI(uint8_t ipproto, AppProto alproto,
- const char *pattern,
- uint16_t depth, uint16_t offset,
- uint8_t direction)
+int SCAppLayerProtoDetectPMRegisterPatternCI(uint8_t ipproto, AppProto alproto, const char *pattern,
+ uint16_t depth, uint16_t offset, uint8_t direction)
{
SCEnter();
int r = AppLayerProtoDetectPMRegisterPattern(ipproto, alproto,
*
* \param f flow to act on
*/
-bool AppLayerRequestProtocolTLSUpgrade(Flow *f)
+bool SCAppLayerRequestProtocolTLSUpgrade(Flow *f)
{
return AppLayerRequestProtocolChange(f, 443, ALPROTO_TLS);
}
* \param f flow to act on
* \param new_proto new app-layer protocol
*/
-void AppLayerForceProtocolChange(Flow *f, AppProto new_proto)
+void SCAppLayerForceProtocolChange(Flow *f, AppProto new_proto)
{
if (new_proto != f->alproto) {
f->alproto_orig = f->alproto;
FLOW_RESET_PE_DONE(f, STREAM_TOCLIENT);
f->probing_parser_toserver_alproto_masks = 0;
f->probing_parser_toclient_alproto_masks = 0;
-
// Does not free the structures for the parser
// keeps f->alstate for new state creation
f->alparser = NULL;
f->alproto_tc = ALPROTO_UNKNOWN;
}
-int AppLayerProtoDetectConfProtoDetectionEnabledDefault(
+int SCAppLayerProtoDetectConfProtoDetectionEnabledDefault(
const char *ipproto, const char *alproto, bool default_enabled)
{
SCEnter();
SCReturnInt(enabled);
}
-int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
+int SCAppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto)
{
- return AppLayerProtoDetectConfProtoDetectionEnabledDefault(ipproto, alproto, true);
+ return SCAppLayerProtoDetectConfProtoDetectionEnabledDefault(ipproto, alproto, true);
}
AppLayerProtoDetectThreadCtx *AppLayerProtoDetectGetCtxThread(void)
AppLayerProtoDetectSetup();
const char *buf = "HTTP";
- AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP1, buf, 4, 0, STREAM_TOCLIENT);
+ SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_HTTP1, buf, 4, 0, STREAM_TOCLIENT);
buf = "GET";
- AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP1, buf, 4, 0, STREAM_TOSERVER);
+ SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_HTTP1, buf, 4, 0, STREAM_TOSERVER);
AppLayerProtoDetectPrepareState();
FAIL_IF(alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 1);
AppLayerProtoDetectSetup();
const char *buf = "HTTP";
- AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP1, buf, 4, 0, STREAM_TOCLIENT);
+ SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_HTTP1, buf, 4, 0, STREAM_TOCLIENT);
buf = "ftp";
- AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
+ SCAppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
AppLayerProtoDetectPrepareState();
FAIL_IF(alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0);
const char *buf = "HTTP";
- AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP1, buf, 4, 0, STREAM_TOCLIENT);
+ SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_HTTP1, buf, 4, 0, STREAM_TOCLIENT);
buf = "220 ";
- AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
+ SCAppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
AppLayerProtoDetectPrepareState();
/* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
f.protomap = FlowGetProtoMapping(IPPROTO_TCP);
const char *buf = "200 ";
- AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP1, buf, 13, 0, STREAM_TOCLIENT);
+ SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_HTTP1, buf, 13, 0, STREAM_TOCLIENT);
AppLayerProtoDetectPrepareState();
/* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
f.protomap = FlowGetProtoMapping(IPPROTO_TCP);
const char *buf = "HTTP";
- AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP1, buf, 4, 0, STREAM_TOCLIENT);
+ SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_HTTP1, buf, 4, 0, STREAM_TOCLIENT);
buf = "220 ";
- AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
+ SCAppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
AppLayerProtoDetectPrepareState();
/* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
f.protomap = FlowGetProtoMapping(IPPROTO_TCP);
const char *buf = "HTTP";
- AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP1, buf, 4, 0, STREAM_TOCLIENT);
+ SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_HTTP1, buf, 4, 0, STREAM_TOCLIENT);
buf = "220 ";
- AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
+ SCAppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
AppLayerProtoDetectPrepareState();
/* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
memset(pm_results, 0, sizeof(pm_results));
const char *buf = "HTTP";
- AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP1, buf, 4, 0, STREAM_TOCLIENT);
+ SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_HTTP1, buf, 4, 0, STREAM_TOCLIENT);
AppLayerProtoDetectPrepareState();
/* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
f.protomap = FlowGetProtoMapping(IPPROTO_TCP);
const char *buf = "|ff|SMB";
- AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB, buf, 8, 4, STREAM_TOCLIENT);
+ SCAppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB, buf, 8, 4, STREAM_TOCLIENT);
AppLayerProtoDetectPrepareState();
/* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
f.protomap = FlowGetProtoMapping(IPPROTO_TCP);
const char *buf = "|fe|SMB";
- AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB, buf, 8, 4, STREAM_TOCLIENT);
+ SCAppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB, buf, 8, 4, STREAM_TOCLIENT);
AppLayerProtoDetectPrepareState();
/* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
f.protomap = FlowGetProtoMapping(IPPROTO_TCP);
const char *buf = "|05 00|";
- AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_DCERPC, buf, 4, 0, STREAM_TOCLIENT);
+ SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_DCERPC, buf, 4, 0, STREAM_TOCLIENT);
AppLayerProtoDetectPrepareState();
/* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
memset(&f, 0x00, sizeof(f));
f.protomap = FlowGetProtoMapping(IPPROTO_TCP);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_TCP, ALPROTO_HTTP1, "HTTP", 4, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_TCP, ALPROTO_HTTP1, "GET", 3, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_TCP, ALPROTO_HTTP1, "PUT", 3, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_TCP, ALPROTO_HTTP1, "POST", 4, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_TCP, ALPROTO_HTTP1, "TRACE", 5, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_TCP, ALPROTO_HTTP1, "OPTIONS", 7, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_TCP, ALPROTO_HTTP1, "CONNECT", 7, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_TCP, ALPROTO_HTTP1, "HTTP", 4, 0, STREAM_TOCLIENT);
AppLayerProtoDetectPrepareState();
int r = 0;
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_TCP, ALPROTO_HTTP1, "HTTP", 4, 0, STREAM_TOSERVER);
if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].head == NULL ||
alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL)
memset(&f, 0x00, sizeof(f));
f.protomap = FlowGetProtoMapping(IPPROTO_TCP);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "HTTP", 4, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "GET", 3, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "PUT", 3, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "POST", 4, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "TRACE", 5, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "OPTIONS", 7, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "CONNECT", 7, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "HTTP", 4, 0, STREAM_TOCLIENT);
AppLayerProtoDetectPrepareState();
memset(&f, 0x00, sizeof(f));
f.protomap = FlowGetProtoMapping(IPPROTO_UDP);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "HTTP", 4, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "GET", 3, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "PUT", 3, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "POST", 4, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "TRACE", 5, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "OPTIONS", 7, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "CONNECT", 7, 0, STREAM_TOSERVER);
- AppLayerProtoDetectPMRegisterPatternCS(
+ SCAppLayerProtoDetectPMRegisterPatternCS(
IPPROTO_UDP, ALPROTO_HTTP1, "HTTP", 4, 0, STREAM_TOCLIENT);
AppLayerProtoDetectPrepareState();
return result;
}
-static uint16_t ProbingParserDummyForTesting(Flow *f, uint8_t direction,
- const uint8_t *input,
- uint32_t input_len, uint8_t *rdir)
+static uint16_t ProbingParserDummyForTesting(
+ const Flow *f, uint8_t direction, const uint8_t *input, uint32_t input_len, uint8_t *rdir)
{
return 0;
}
int result = 0;
- AppLayerProtoDetectPPRegister(IPPROTO_TCP, "80", ALPROTO_HTTP1, 5, 8, STREAM_TOSERVER,
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "80", ALPROTO_HTTP1, 5, 8, STREAM_TOSERVER,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "80", ALPROTO_SMB, 5, 6, STREAM_TOSERVER,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "80", ALPROTO_FTP, 7, 10, STREAM_TOSERVER,
+ ProbingParserDummyForTesting, NULL);
+
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "81", ALPROTO_DCERPC, 9, 10, STREAM_TOSERVER,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "81", ALPROTO_FTP, 7, 15, STREAM_TOSERVER,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "0", ALPROTO_SMTP, 12, 0, STREAM_TOSERVER,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "0", ALPROTO_TLS, 12, 18, STREAM_TOSERVER,
+ ProbingParserDummyForTesting, NULL);
+
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "85", ALPROTO_DCERPC, 9, 10, STREAM_TOSERVER,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "85", ALPROTO_FTP, 7, 15, STREAM_TOSERVER,
ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "80",
- ALPROTO_SMB,
- 5, 6,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "80",
- ALPROTO_FTP,
- 7, 10,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting, NULL);
-
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "81",
- ALPROTO_DCERPC,
- 9, 10,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "81",
- ALPROTO_FTP,
- 7, 15,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "0",
- ALPROTO_SMTP,
- 12, 0,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "0",
- ALPROTO_TLS,
- 12, 18,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting, NULL);
-
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "85",
- ALPROTO_DCERPC,
- 9, 10,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "85",
- ALPROTO_FTP,
- 7, 15,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting, NULL);
result = 1;
- AppLayerProtoDetectPPRegister(IPPROTO_UDP,
- "85",
- ALPROTO_IMAP,
- 12, 23,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_UDP, "85", ALPROTO_IMAP, 12, 23, STREAM_TOSERVER,
+ ProbingParserDummyForTesting, NULL);
/* toclient */
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "0",
- ALPROTO_JABBER,
- 12, 23,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "0",
- ALPROTO_IRC,
- 12, 14,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting, NULL);
-
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "85",
- ALPROTO_DCERPC,
- 9, 10,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "81",
- ALPROTO_FTP,
- 7, 15,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "0",
- ALPROTO_TLS,
- 12, 18,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_TCP, "80", ALPROTO_HTTP1, 5, 8, STREAM_TOCLIENT,
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "0", ALPROTO_JABBER, 12, 23, STREAM_TOCLIENT,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "0", ALPROTO_IRC, 12, 14, STREAM_TOCLIENT,
+ ProbingParserDummyForTesting, NULL);
+
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "85", ALPROTO_DCERPC, 9, 10, STREAM_TOCLIENT,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "81", ALPROTO_FTP, 7, 15, STREAM_TOCLIENT,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "0", ALPROTO_TLS, 12, 18, STREAM_TOCLIENT,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "80", ALPROTO_HTTP1, 5, 8, STREAM_TOCLIENT,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "81", ALPROTO_DCERPC, 9, 10, STREAM_TOCLIENT,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "90", ALPROTO_FTP, 7, 15, STREAM_TOCLIENT,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "80", ALPROTO_SMB, 5, 6, STREAM_TOCLIENT,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_UDP, "85", ALPROTO_IMAP, 12, 23, STREAM_TOCLIENT,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "0", ALPROTO_SMTP, 12, 17, STREAM_TOCLIENT,
+ ProbingParserDummyForTesting, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "80", ALPROTO_FTP, 7, 10, STREAM_TOCLIENT,
ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "81",
- ALPROTO_DCERPC,
- 9, 10,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "90",
- ALPROTO_FTP,
- 7, 15,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "80",
- ALPROTO_SMB,
- 5, 6,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_UDP,
- "85",
- ALPROTO_IMAP,
- 12, 23,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "0",
- ALPROTO_SMTP,
- 12, 17,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting, NULL);
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "80",
- ALPROTO_FTP,
- 7, 10,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting, NULL);
AppLayerProtoDetectPPTestDataElement element_ts_80[] = {
{ "http", ALPROTO_HTTP1, 80, 5, 8 },
#ifndef SURICATA_APP_LAYER_DETECT_PROTO__H
#define SURICATA_APP_LAYER_DETECT_PROTO__H
-#include "flow.h"
+// only forward declaration for bindgen
+typedef struct Flow_ Flow;
#include "app-layer-protos.h"
typedef struct AppLayerProtoDetectThreadCtx_ AppLayerProtoDetectThreadCtx;
typedef AppProto (*ProbingParserFPtr)(
- Flow *f, uint8_t flags, const uint8_t *input, uint32_t input_len, uint8_t *rdir);
+ const Flow *f, uint8_t flags, const uint8_t *input, uint32_t input_len, uint8_t *rdir);
/***** Protocol Retrieval *****/
/***** PP registration *****/
-void AppLayerProtoDetectPPRegister(uint8_t ipproto,
- const char *portstr,
- AppProto alproto,
- uint16_t min_depth, uint16_t max_depth,
- uint8_t direction,
- ProbingParserFPtr ProbingParser1,
- ProbingParserFPtr ProbingParser2);
+void SCAppLayerProtoDetectPPRegister(uint8_t ipproto, const char *portstr, AppProto alproto,
+ uint16_t min_depth, uint16_t max_depth, uint8_t direction, ProbingParserFPtr ProbingParser1,
+ ProbingParserFPtr ProbingParser2);
/**
* \retval bool 0 if no config was found, 1 if config was found
*/
-int AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name,
- uint8_t ipproto,
- const char *alproto_name,
- AppProto alproto,
- uint16_t min_depth, uint16_t max_depth,
- ProbingParserFPtr ProbingParserTs,
- ProbingParserFPtr ProbingParserTc);
+int SCAppLayerProtoDetectPPParseConfPorts(const char *ipproto_name, uint8_t ipproto,
+ const char *alproto_name, AppProto alproto, uint16_t min_depth, uint16_t max_depth,
+ ProbingParserFPtr ProbingParserTs, ProbingParserFPtr ProbingParserTc);
/***** PM registration *****/
/**
* \brief Registers a case-sensitive pattern for protocol detection.
*/
-int AppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto,
- const char *pattern, uint16_t depth, uint16_t offset,
- uint8_t direction);
-int AppLayerProtoDetectPMRegisterPatternCSwPP(uint8_t ipproto, AppProto alproto,
- const char *pattern, uint16_t depth, uint16_t offset,
- uint8_t direction,
- ProbingParserFPtr PPFunc,
- uint16_t pp_min_depth, uint16_t pp_max_depth);
+int SCAppLayerProtoDetectPMRegisterPatternCS(uint8_t ipproto, AppProto alproto, const char *pattern,
+ uint16_t depth, uint16_t offset, uint8_t direction);
+int SCAppLayerProtoDetectPMRegisterPatternCSwPP(uint8_t ipproto, AppProto alproto,
+ const char *pattern, uint16_t depth, uint16_t offset, uint8_t direction,
+ ProbingParserFPtr PPFunc, uint16_t pp_min_depth, uint16_t pp_max_depth);
/**
* \brief Registers a case-insensitive pattern for protocol detection.
*/
-int AppLayerProtoDetectPMRegisterPatternCI(uint8_t ipproto, AppProto alproto,
- const char *pattern,
- uint16_t depth, uint16_t offset,
- uint8_t direction);
+int SCAppLayerProtoDetectPMRegisterPatternCI(uint8_t ipproto, AppProto alproto, const char *pattern,
+ uint16_t depth, uint16_t offset, uint8_t direction);
/***** Setup/General Registration *****/
void AppLayerProtoDetectReset(Flow *);
bool AppLayerRequestProtocolChange(Flow *f, uint16_t dp, AppProto expect_proto);
-bool AppLayerRequestProtocolTLSUpgrade(Flow *f);
+bool SCAppLayerRequestProtocolTLSUpgrade(Flow *f);
-void AppLayerForceProtocolChange(Flow *f, AppProto new_proto);
+void SCAppLayerForceProtocolChange(Flow *f, AppProto new_proto);
/**
* \brief Cleans up the app layer protocol detection phase.
* \retval 1 If enabled.
* \retval 0 If disabled.
*/
-int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto,
- const char *alproto);
+int SCAppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto, const char *alproto);
/**
* \brief Given a protocol name, checks if proto detection is enabled in
* \retval 1 If enabled.
* \retval 0 If disabled.
*/
-int AppLayerProtoDetectConfProtoDetectionEnabledDefault(
+int SCAppLayerProtoDetectConfProtoDetectionEnabledDefault(
const char *ipproto, const char *alproto, bool default_enabled);
/**
/**
* \brief DNP3 probing parser.
*/
-static uint16_t DNP3ProbingParser(Flow *f, uint8_t direction,
- const uint8_t *input, uint32_t len,
- uint8_t *rdir)
+static uint16_t DNP3ProbingParser(
+ const Flow *f, uint8_t direction, const uint8_t *input, uint32_t len, uint8_t *rdir)
{
const DNP3LinkHeader *const hdr = (const DNP3LinkHeader *)input;
const bool toserver = (direction & STREAM_TOSERVER) != 0;
const char *proto_name = "dnp3";
- if (AppLayerProtoDetectConfProtoDetectionEnabledDefault("tcp", proto_name, false)) {
+ if (SCAppLayerProtoDetectConfProtoDetectionEnabledDefault("tcp", proto_name, false)) {
AppLayerProtoDetectRegisterProtocol(ALPROTO_DNP3, proto_name);
if (RunmodeIsUnittests()) {
- AppLayerProtoDetectPPRegister(IPPROTO_TCP, DNP3_DEFAULT_PORT,
- ALPROTO_DNP3, 0, sizeof(DNP3LinkHeader), STREAM_TOSERVER,
- DNP3ProbingParser, DNP3ProbingParser);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, DNP3_DEFAULT_PORT, ALPROTO_DNP3, 0,
+ sizeof(DNP3LinkHeader), STREAM_TOSERVER, DNP3ProbingParser, DNP3ProbingParser);
}
else {
- if (!AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
- proto_name, ALPROTO_DNP3, 0, sizeof(DNP3LinkHeader),
- DNP3ProbingParser, DNP3ProbingParser)) {
+ if (!SCAppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP, proto_name, ALPROTO_DNP3,
+ 0, sizeof(DNP3LinkHeader), DNP3ProbingParser, DNP3ProbingParser)) {
return;
}
}
switch (state->command) {
case FTP_COMMAND_AUTH_TLS:
if (line.len >= 4 && SCMemcmp("234 ", line.buf, 4) == 0) {
- AppLayerRequestProtocolTLSUpgrade(f);
+ SCAppLayerRequestProtocolTLSUpgrade(f);
}
break;
}
static AppProto FTPUserProbingParser(
- Flow *f, uint8_t direction, const uint8_t *input, uint32_t len, uint8_t *rdir)
+ const Flow *f, uint8_t direction, const uint8_t *input, uint32_t len, uint8_t *rdir)
{
if (f->alproto_tc == ALPROTO_POP3) {
// POP traffic begins by same "USER" pattern as FTP
}
static AppProto FTPServerProbingParser(
- Flow *f, uint8_t direction, const uint8_t *input, uint32_t len, uint8_t *rdir)
+ const Flow *f, uint8_t direction, const uint8_t *input, uint32_t len, uint8_t *rdir)
{
// another check for minimum length
if (len < 5) {
static int FTPRegisterPatternsForProtocolDetection(void)
{
- if (AppLayerProtoDetectPMRegisterPatternCI(
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
IPPROTO_TCP, ALPROTO_FTP, "220 (", 5, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCI(
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
IPPROTO_TCP, ALPROTO_FTP, "FEAT", 4, 0, STREAM_TOSERVER) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_FTP, "USER ", 5, 0,
+ if (SCAppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_FTP, "USER ", 5, 0,
STREAM_TOSERVER, FTPUserProbingParser, 5, 5) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCI(
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
IPPROTO_TCP, ALPROTO_FTP, "PASS ", 5, 0, STREAM_TOSERVER) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCI(
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
IPPROTO_TCP, ALPROTO_FTP, "PORT ", 5, 0, STREAM_TOSERVER) < 0) {
return -1;
}
// Only check FTP on known ports as the banner has nothing special beyond
// the response code shared with SMTP.
- if (!AppLayerProtoDetectPPParseConfPorts(
+ if (!SCAppLayerProtoDetectPPParseConfPorts(
"tcp", IPPROTO_TCP, "ftp", ALPROTO_FTP, 0, 5, NULL, FTPServerProbingParser)) {
// STREAM_TOSERVER here means use 21 as flow destination port
// and NULL, FTPServerProbingParser means use probing parser to client
- AppLayerProtoDetectPPRegister(IPPROTO_TCP, "21", ALPROTO_FTP, 0, 5, STREAM_TOSERVER, NULL,
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "21", ALPROTO_FTP, 0, 5, STREAM_TOSERVER, NULL,
FTPServerProbingParser);
}
return 0;
const char *proto_data_name = "ftp-data";
/** FTP */
- if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
+ if (SCAppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
AppLayerProtoDetectRegisterProtocol(ALPROTO_FTP, proto_name);
if (FTPRegisterPatternsForProtocolDetection() < 0 )
return;
{
SCEnter();
- if (!AppLayerProtoDetectConfProtoDetectionEnabled("tcp", "http") ||
- !AppLayerParserConfParserEnabled("tcp", "http"))
- {
+ if (!SCAppLayerProtoDetectConfProtoDetectionEnabled("tcp", "http") ||
+ !AppLayerParserConfParserEnabled("tcp", "http")) {
SCReturn;
}
* 3 is subtracted from the length since the spacing is hex typed as |xx|
* but the pattern matching should only be one char
*/
- register_result = AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_HTTP1,
+ register_result = SCAppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_HTTP1,
method_buffer, (uint16_t)strlen(method_buffer) - 3, 0, STREAM_TOSERVER);
if (register_result < 0) {
return -1;
/* Loop through all the http version patterns that are TO_CLIENT */
for (versions_pos = 0; versions[versions_pos]; versions_pos++) {
- register_result = AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_HTTP1,
+ register_result = SCAppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_HTTP1,
versions[versions_pos], (uint16_t)strlen(versions[versions_pos]), 0,
STREAM_TOCLIENT);
if (register_result < 0) {
const char *proto_name = "http";
/** HTTP */
- if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
+ if (SCAppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
AppLayerProtoDetectRegisterProtocol(ALPROTO_HTTP1, proto_name);
if (HTPRegisterPatternsForProtocolDetection() < 0)
return;
/* Using the 24 bytes pattern makes AppLayerTest09 fail/leak
* The complete pattern is "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"
*/
- if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_HTTP2,
- "PRI * HTTP/2.0\r\n",
- 16, 0, STREAM_TOSERVER) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
+ IPPROTO_TCP, ALPROTO_HTTP2, "PRI * HTTP/2.0\r\n", 16, 0, STREAM_TOSERVER) < 0) {
return -1;
}
return 0;
{
const char *proto_name = "http2";
- if (AppLayerProtoDetectConfProtoDetectionEnabledDefault("tcp", proto_name, true)) {
+ if (SCAppLayerProtoDetectConfProtoDetectionEnabledDefault("tcp", proto_name, true)) {
AppLayerProtoDetectRegisterProtocol(ALPROTO_HTTP2, proto_name);
if (HTTP2RegisterPatternsForProtocolDetection() < 0)
return;
static int IMAPRegisterPatternsForProtocolDetection(void)
{
- if (AppLayerProtoDetectPMRegisterPatternCI(
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
IPPROTO_TCP, ALPROTO_IMAP, "* OK ", 5, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCI(
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
IPPROTO_TCP, ALPROTO_IMAP, "* NO ", 5, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCI(
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
IPPROTO_TCP, ALPROTO_IMAP, "* BAD ", 6, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCI(
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
IPPROTO_TCP, ALPROTO_IMAP, "* LIST ", 7, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCI(
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
IPPROTO_TCP, ALPROTO_IMAP, "* ESEARCH ", 10, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCI(
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
IPPROTO_TCP, ALPROTO_IMAP, "* STATUS ", 9, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCI(
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
IPPROTO_TCP, ALPROTO_IMAP, "* FLAGS ", 8, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
* AppLayerTest10 fails because it expects protocol detection to be completed with only 17 bytes
* as input, and with this new pattern, we would need more bytes to finish protocol detection.
*/
- if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_IMAP, " CAPABILITY",
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_IMAP, " CAPABILITY",
17 /*6 for max tag len + space + len(CAPABILITY)*/, 0, STREAM_TOSERVER) < 0) {
return -1;
}
{
const char *proto_name = "imap";
- if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
+ if (SCAppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
SCLogDebug("IMAP protocol detection is enabled.");
AppLayerProtoDetectRegisterProtocol(ALPROTO_IMAP, proto_name);
if (IMAPRegisterPatternsForProtocolDetection() < 0)
/* Check if NFSTCP TCP detection is enabled. If it does not exist in
* the configuration file then it will be enabled by default. */
- if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
+ if (SCAppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
SCNfsInit(&sfc);
SCRegisterNfsParser();
if (RunmodeIsUnittests()) {
SCLogDebug("Unittest mode, registering default configuration.");
- AppLayerProtoDetectPPRegister(p->ip_proto, p->default_port,
- alproto, p->min_depth, p->max_depth, STREAM_TOSERVER,
- p->ProbeTS, p->ProbeTC);
+ SCAppLayerProtoDetectPPRegister(p->ip_proto, p->default_port, alproto, p->min_depth,
+ p->max_depth, STREAM_TOSERVER, p->ProbeTS, p->ProbeTC);
}
else {
- if (!AppLayerProtoDetectPPParseConfPorts(ip_proto_str, p->ip_proto,
- p->name, alproto, p->min_depth, p->max_depth,
- p->ProbeTS, p->ProbeTC)) {
+ if (!SCAppLayerProtoDetectPPParseConfPorts(ip_proto_str, p->ip_proto, p->name, alproto,
+ p->min_depth, p->max_depth, p->ProbeTS, p->ProbeTC)) {
if (enable_default != 0) {
SCLogDebug("No %s app-layer configuration, enabling %s"
" detection %s detection on port %s.",
p->name, p->name, ip_proto_str, p->default_port);
- AppLayerProtoDetectPPRegister(p->ip_proto,
- p->default_port, alproto,
- p->min_depth, p->max_depth, STREAM_TOSERVER,
- p->ProbeTS, p->ProbeTC);
+ SCAppLayerProtoDetectPPRegister(p->ip_proto, p->default_port, alproto, p->min_depth,
+ p->max_depth, STREAM_TOSERVER, p->ProbeTS, p->ProbeTC);
} else {
SCLogDebug("No %s app-layer configuration for detection port (%s).",
p->name, ip_proto_str);
}
}
-
}
return alproto;
if (reply_code == SMTP_REPLY_220) {
/* we are entering STARTTLS data mode */
state->parser_state |= SMTP_PARSER_STATE_COMMAND_DATA_MODE;
- if (!AppLayerRequestProtocolTLSUpgrade(f)) {
+ if (!SCAppLayerRequestProtocolTLSUpgrade(f)) {
SMTPSetEvent(state, SMTP_DECODER_EVENT_FAILED_PROTOCOL_CHANGE);
}
if (state->curr_tx) {
}
static AppProto SMTPServerProbingParser(
- Flow *f, uint8_t direction, const uint8_t *input, uint32_t len, uint8_t *rdir)
+ const Flow *f, uint8_t direction, const uint8_t *input, uint32_t len, uint8_t *rdir)
{
// another check for minimum length
if (len < 5) {
static int SMTPRegisterPatternsForProtocolDetection(void)
{
- if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_SMTP,
- "EHLO", 4, 0, STREAM_TOSERVER) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
+ IPPROTO_TCP, ALPROTO_SMTP, "EHLO", 4, 0, STREAM_TOSERVER) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_SMTP,
- "HELO", 4, 0, STREAM_TOSERVER) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
+ IPPROTO_TCP, ALPROTO_SMTP, "HELO", 4, 0, STREAM_TOSERVER) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_SMTP,
- "QUIT", 4, 0, STREAM_TOSERVER) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
+ IPPROTO_TCP, ALPROTO_SMTP, "QUIT", 4, 0, STREAM_TOSERVER) < 0) {
return -1;
}
- if (!AppLayerProtoDetectPPParseConfPorts(
+ if (!SCAppLayerProtoDetectPPParseConfPorts(
"tcp", IPPROTO_TCP, "smtp", ALPROTO_SMTP, 0, 5, NULL, SMTPServerProbingParser)) {
// STREAM_TOSERVER means here use 25 as flow destination port
- AppLayerProtoDetectPPRegister(IPPROTO_TCP, "25,465", ALPROTO_SMTP, 0, 5, STREAM_TOSERVER,
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "25,465", ALPROTO_SMTP, 0, 5, STREAM_TOSERVER,
NULL, SMTPServerProbingParser);
}
{
const char *proto_name = "smtp";
- if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
+ if (SCAppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
AppLayerProtoDetectRegisterProtocol(ALPROTO_SMTP, proto_name);
if (SMTPRegisterPatternsForProtocolDetection() < 0 )
return;
static int SSHRegisterPatternsForProtocolDetection(void)
{
- if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_SSH,
- "SSH-", 4, 0, STREAM_TOSERVER) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
+ IPPROTO_TCP, ALPROTO_SSH, "SSH-", 4, 0, STREAM_TOSERVER) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_SSH,
- "SSH-", 4, 0, STREAM_TOCLIENT) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCI(
+ IPPROTO_TCP, ALPROTO_SSH, "SSH-", 4, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
return 0;
{
const char *proto_name = "ssh";
- if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
+ if (SCAppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
AppLayerProtoDetectRegisterProtocol(ALPROTO_SSH, proto_name);
if (SSHRegisterPatternsForProtocolDetection() < 0)
return;
/* do nothing */
}
-static AppProto SSLProbingParser(Flow *f, uint8_t direction,
- const uint8_t *input, uint32_t ilen, uint8_t *rdir)
+static AppProto SSLProbingParser(
+ const Flow *f, uint8_t direction, const uint8_t *input, uint32_t ilen, uint8_t *rdir)
{
/* probably a rst/fin sending an eof */
if (ilen < 3)
static int SSLRegisterPatternsForProtocolDetection(void)
{
- if (AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2,
+ if (SCAppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2,
STREAM_TOSERVER, SSLProbingParser, 0, 3) < 0) {
return -1;
}
/** SSLv3 */
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|01 03 00|", 3, 0, STREAM_TOSERVER) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 3, 0, STREAM_TOSERVER) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|16 03 00|", 3, 0, STREAM_TOSERVER) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOSERVER) < 0) {
return -1;
}
/** TLSv1 */
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|01 03 01|", 3, 0, STREAM_TOSERVER) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|01 03 01|", 3, 0, STREAM_TOSERVER) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|16 03 01|", 3, 0, STREAM_TOSERVER) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOSERVER) < 0) {
return -1;
}
/** TLSv1.1 */
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|01 03 02|", 3, 0, STREAM_TOSERVER) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|01 03 02|", 3, 0, STREAM_TOSERVER) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|16 03 02|", 3, 0, STREAM_TOSERVER) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOSERVER) < 0) {
return -1;
}
/** TLSv1.2 */
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|01 03 03|", 3, 0, STREAM_TOSERVER) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|01 03 03|", 3, 0, STREAM_TOSERVER) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|16 03 03|", 3, 0, STREAM_TOSERVER) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOSERVER) < 0) {
return -1;
}
/***** toclient direction *****/
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|15 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|15 03 00|", 3, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|17 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|17 03 00|", 3, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
/** TLSv1 */
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|15 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|15 03 01|", 3, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|17 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|17 03 01|", 3, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
/** TLSv1.1 */
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|15 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|15 03 02|", 3, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|17 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|17 03 02|", 3, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
/** TLSv1.2 */
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|15 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|15 03 03|", 3, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
- "|17 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
- {
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(
+ IPPROTO_TCP, ALPROTO_TLS, "|17 03 03|", 3, 0, STREAM_TOCLIENT) < 0) {
return -1;
}
* Updated by Anoop Saldanha. Disabled it for now. We'll get back to
* it after some tests */
#if 0
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
"|01 03 00|", 5, 2, STREAM_TOSERVER) < 0)
{
return -1;
}
- if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ if (SCAppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
"|00 02|", 7, 5, STREAM_TOCLIENT) < 0)
{
return -1;
SC_ATOMIC_INIT(ssl_config.enable_ja3);
/** SSLv2 and SSLv23*/
- if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
+ if (SCAppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
AppLayerProtoDetectRegisterProtocol(ALPROTO_TLS, proto_name);
if (SSLRegisterPatternsForProtocolDetection() < 0)
return;
if (RunmodeIsUnittests()) {
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "443",
- ALPROTO_TLS,
- 0, 3,
- STREAM_TOSERVER,
- SSLProbingParser, NULL);
+ SCAppLayerProtoDetectPPRegister(
+ IPPROTO_TCP, "443", ALPROTO_TLS, 0, 3, STREAM_TOSERVER, SSLProbingParser, NULL);
} else {
- if (AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
- proto_name, ALPROTO_TLS,
- 0, 3,
- SSLProbingParser, NULL) == 0) {
+ if (SCAppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP, proto_name, ALPROTO_TLS,
+ 0, 3, SSLProbingParser, NULL) == 0) {
SCLogConfig("no TLS config found, "
"enabling TLS detection on port 443.");
- AppLayerProtoDetectPPRegister(IPPROTO_TCP,
- "443",
- ALPROTO_TLS,
- 0, 3,
- STREAM_TOSERVER,
- SSLProbingParser, NULL);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_TCP, "443", ALPROTO_TLS, 0, 3,
+ STREAM_TOSERVER, SSLProbingParser, NULL);
}
}
} else {
* \retval ALPROTO_TFTP if it looks like tftp, otherwise
* ALPROTO_UNKNOWN.
*/
-static AppProto TFTPProbingParser(Flow *f, uint8_t direction,
- const uint8_t *input, uint32_t input_len, uint8_t *rdir)
+static AppProto TFTPProbingParser(
+ const Flow *f, uint8_t direction, const uint8_t *input, uint32_t input_len, uint8_t *rdir)
{
/* Very simple test - if there is input, this is tftp.
* Also check if it's starting by a zero */
/* Check if TFTP UDP detection is enabled. If it does not exist in
* the configuration file then it will be enabled by default. */
- if (AppLayerProtoDetectConfProtoDetectionEnabled("udp", proto_name)) {
+ if (SCAppLayerProtoDetectConfProtoDetectionEnabled("udp", proto_name)) {
SCLogDebug("TFTP UDP protocol detection enabled.");
if (RunmodeIsUnittests()) {
SCLogDebug("Unittest mode, registering default configuration.");
- AppLayerProtoDetectPPRegister(IPPROTO_UDP, TFTP_DEFAULT_PORT,
- ALPROTO_TFTP, 0, TFTP_MIN_FRAME_LEN,
- STREAM_TOSERVER, TFTPProbingParser,
- TFTPProbingParser);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_UDP, TFTP_DEFAULT_PORT, ALPROTO_TFTP, 0,
+ TFTP_MIN_FRAME_LEN, STREAM_TOSERVER, TFTPProbingParser, TFTPProbingParser);
} else {
- if (!AppLayerProtoDetectPPParseConfPorts("udp", IPPROTO_UDP,
- proto_name, ALPROTO_TFTP,
- 0, TFTP_MIN_FRAME_LEN,
- TFTPProbingParser, TFTPProbingParser)) {
+ if (!SCAppLayerProtoDetectPPParseConfPorts("udp", IPPROTO_UDP, proto_name, ALPROTO_TFTP,
+ 0, TFTP_MIN_FRAME_LEN, TFTPProbingParser, TFTPProbingParser)) {
SCLogDebug("No tftp app-layer configuration, enabling tftp"
" detection UDP detection on port %s.",
TFTP_DEFAULT_PORT);
- AppLayerProtoDetectPPRegister(IPPROTO_UDP,
- TFTP_DEFAULT_PORT, ALPROTO_TFTP,
- 0, TFTP_MIN_FRAME_LEN,
- STREAM_TOSERVER,TFTPProbingParser,
- TFTPProbingParser);
+ SCAppLayerProtoDetectPPRegister(IPPROTO_UDP, TFTP_DEFAULT_PORT, ALPROTO_TFTP, 0,
+ TFTP_MIN_FRAME_LEN, STREAM_TOSERVER, TFTPProbingParser, TFTPProbingParser);
}
}
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_TFTP);
#include "conf.h"
+#include "app-layer-detect-proto.h"
+
#endif
projects / thirdparty / suricata.git / commitdiff
