use std::ffi::CString;
use std::os::raw::{c_char, c_int, c_void};
use suricata::applayer::{
- state_get_tx_iterator, AppLayerEvent, AppLayerParserConfParserEnabled,
- AppLayerParserRegisterLogger, AppLayerRegisterParser, AppLayerRegisterProtocolDetection,
- AppLayerResult, AppLayerStateData, AppLayerTxData, RustParser, State, StreamSlice, Transaction,
- APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS, APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
+ state_get_tx_iterator, AppLayerEvent, AppLayerParserConfParserEnabled, AppLayerRegisterParser,
+ AppLayerRegisterProtocolDetection, AppLayerResult, AppLayerStateData, AppLayerTxData,
+ RustParser, State, StreamSlice, Transaction, APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS,
+ APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
};
use suricata::conf::conf_get;
use suricata::core::{ALPROTO_UNKNOWN, IPPROTO_TCP};
build_slice, cast_pointer, export_state_data_get, export_tx_data_get, SCLogError, SCLogNotice,
};
use suricata_sys::sys::{
- AppLayerParserState, AppProto, Flow, SCAppLayerParserStateIssetFlag,
- SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ AppLayerParserState, AppProto, Flow, SCAppLayerParserRegisterLogger,
+ SCAppLayerParserStateIssetFlag, SCAppLayerProtoDetectConfProtoDetectionEnabled,
};
static mut TEMPLATE_MAX_TX: usize = 256;
SCLogError!("Invalid value for template.max-tx");
}
}
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TEMPLATE);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TEMPLATE);
SCLogNotice!("Rust template parser registered.");
} else {
SCLogNotice!("Protocol detector and parser disabled for TEMPLATE.");
/// cbindgen:ignore
extern "C" {
pub fn AppLayerParserConfParserEnabled(ipproto: *const c_char, proto: *const c_char) -> c_int;
- pub fn AppLayerParserRegisterLogger(pproto: u8, alproto: AppProto);
}
#[repr(C)]
use std::ffi::CString;
use std::os::raw::{c_char, c_int, c_void};
use suricata_sys::sys::{
- AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
+ AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserStateIssetFlag,
SCAppLayerProtoDetectConfProtoDetectionEnabled,
};
SCLogError!("Invalid value for template.max-tx");
}
}
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TEMPLATE);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TEMPLATE);
SCLogNotice!("Rust template parser registered.");
} else {
SCLogNotice!("Protocol detector and parser disabled for TEMPLATE.");
*/
use suricata_sys::sys::{
- AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
- SCAppLayerProtoDetectPMRegisterPatternCS,
+ AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerProtoDetectPMRegisterPatternCS,
};
use crate::applayer::{self, *};
{
SCLogDebug!("Failed to register protocol detection pattern for direction TOCLIENT");
}
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_BITTORRENT_DHT);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_BITTORRENT_DHT);
SCLogDebug!("Parser registered for bittorrent-dht.");
} else {
use std::ffi::CString;
use std::os::raw::{c_char, c_int, c_void};
use suricata_sys::sys::{
- AppLayerParserState, AppProto, SCAppLayerParserRegisterParserAcceptableDataDirection,
- SCAppLayerParserStateIssetFlag, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger,
+ SCAppLayerParserRegisterParserAcceptableDataDirection, SCAppLayerParserStateIssetFlag,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled,
};
pub(super) static mut ALPROTO_ENIP: AppProto = ALPROTO_UNKNOWN;
ALPROTO_ENIP,
STREAM_TOSERVER | STREAM_TOCLIENT,
);
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_ENIP);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_ENIP);
} else {
SCLogDebug!("Protocol detector and parser disabled for ENIP on UDP.");
}
ALPROTO_ENIP,
STREAM_TOSERVER | STREAM_TOCLIENT,
);
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_ENIP);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_ENIP);
} else {
SCLogDebug!("Protocol detector and parser disabled for ENIP on TCP.");
}
use std::fmt;
use std::io;
use suricata_sys::sys::{
- AppLayerParserState, AppProto, SCAppLayerForceProtocolChange,
+ AppLayerParserState, AppProto, SCAppLayerForceProtocolChange, SCAppLayerParserRegisterLogger,
SCAppLayerProtoDetectConfProtoDetectionEnabled,
};
SCLogError!("Invalid value for http2.max-reassembly-size");
}
}
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP2);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP2);
SCLogDebug!("Rust http2 parser registered.");
} else {
SCLogNotice!("Protocol detector and parser disabled for HTTP2.");
} else {
SCLogWarning!("DOH2 is not meant to be detection-only.");
}
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DOH2);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DOH2);
SCLogDebug!("Rust doh2 parser registered.");
} else {
SCLogNotice!("Protocol detector and parser disabled for DOH2.");
use std;
use std::ffi::CString;
use suricata_sys::sys::{
- AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled,
};
#[derive(AppLayerEvent)]
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let _ = AppLayerRegisterParser(&parser, alproto);
}
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_KRB5);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_KRB5);
} else {
SCLogDebug!("Protocol detector and parser disabled for KRB5/UDP.");
}
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let _ = AppLayerRegisterParser(&parser, alproto);
}
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_KRB5);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_KRB5);
} else {
SCLogDebug!("Protocol detector and parser disabled for KRB5/TCP.");
}
use std::ffi::CString;
use std::os::raw::{c_char, c_int, c_void};
use suricata_sys::sys::{
- AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
+ AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserStateIssetFlag,
SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerRequestProtocolTLSUpgrade,
};
SCLogError!("Invalid value for ldap.max-tx");
}
}
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_LDAP);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_LDAP);
} else {
SCLogDebug!("Protocol detection and parser disabled for LDAP/TCP.");
}
SCLogError!("Invalid value for ldap.max-tx");
}
}
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_LDAP);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_LDAP);
} else {
SCLogDebug!("Protocol detection and parser disabled for LDAP/UDP.");
}
use sawp::probe::{Probe, Status};
use sawp_modbus::{self, AccessType, ErrorFlags, Flags, Message};
use suricata_sys::sys::{
- AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
+ AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserStateIssetFlag,
SCAppLayerProtoDetectConfProtoDetectionEnabledDefault,
};
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let _ = AppLayerRegisterParser(&parser, alproto);
}
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MODBUS);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MODBUS);
}
}
use std::ffi::CString;
use std::os::raw::{c_char, c_int, c_void};
use suricata_sys::sys::{
- AppLayerParserState, AppProto, SCAppLayerParserSetStreamDepth, SCAppLayerParserStateIssetFlag,
- SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerRequestProtocolTLSUpgrade,
+ AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserSetStreamDepth,
+ SCAppLayerParserStateIssetFlag, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ SCAppLayerRequestProtocolTLSUpgrade,
};
use sawp::error::Error as SawpError;
SCLogError!("Invalid value for pop3.max-tx");
}
}
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_POP3);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_POP3);
SCLogDebug!("Rust pop3 parser registered.");
} else {
SCLogDebug!("Protocol detector and parser disabled for POP3.");
use std::collections::VecDeque;
use std::ffi::CString;
use suricata_sys::sys::{
- AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled,
};
use tls_parser::TlsExtensionType;
let _ = AppLayerRegisterParser(&parser, alproto);
}
SCLogDebug!("Rust quic parser registered.");
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_QUIC);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_QUIC);
} else {
SCLogDebug!("Protocol detector and parser disabled for quic.");
}
//! RDP application layer
use crate::applayer::{self, *};
-use crate::core::{ALPROTO_UNKNOWN, IPPROTO_TCP, sc_app_layer_parser_trigger_raw_stream_inspection};
+use crate::core::{
+ sc_app_layer_parser_trigger_raw_stream_inspection, ALPROTO_UNKNOWN, IPPROTO_TCP,
+};
+use crate::direction::Direction;
use crate::flow::Flow;
use crate::rdp::parser::*;
-use crate::direction::Direction;
use nom7::Err;
-use suricata_sys::sys::{
- AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
-};
use std;
use std::collections::VecDeque;
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled,
+};
use tls_parser::{parse_tls_plaintext, TlsMessage, TlsMessageHandshake, TlsRecordType};
static mut ALPROTO_RDP: AppProto = ALPROTO_UNKNOWN;
self.new_tx(RdpTransactionItem::X224ConnectionRequest(x224));
self.transactions.push_back(tx);
if !flow.is_null() {
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToServer as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToServer as i32,
+ );
}
}
self.new_tx(RdpTransactionItem::McsConnectRequest(mcs));
self.transactions.push_back(tx);
if !flow.is_null() {
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToServer as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToServer as i32,
+ );
}
}
// unknown message in X.223, skip
self.new_tx(RdpTransactionItem::TlsCertificateChain(chain));
self.transactions.push_back(tx);
if !flow.is_null() {
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToClient as i32,
+ );
}
self.bypass_parsing = true;
}
self.new_tx(RdpTransactionItem::X224ConnectionConfirm(x224));
self.transactions.push_back(tx);
if !flow.is_null() {
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToClient as i32,
+ );
}
}
.new_tx(RdpTransactionItem::McsConnectResponse(mcs));
self.transactions.push_back(tx);
if !flow.is_null() {
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToClient as i32,
+ );
}
self.bypass_parsing = true;
return AppLayerResult::ok();
}
}
-extern "C" fn rdp_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
+extern "C" fn rdp_state_new(
+ _orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto,
+) -> *mut std::os::raw::c_void {
let state = RdpState::new();
let boxed = Box::new(state);
return Box::into_raw(boxed) as *mut _;
unsafe extern "C" fn rdp_parse_ts(
flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
- stream_slice: StreamSlice,
- _data: *const std::os::raw::c_void
+ stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, RdpState);
let buf = stream_slice.as_slice();
unsafe extern "C" fn rdp_parse_tc(
flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
- stream_slice: StreamSlice,
- _data: *const std::os::raw::c_void
+ stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, RdpState);
let buf = stream_slice.as_slice();
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let _ = AppLayerRegisterParser(&parser, alproto);
}
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RDP);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RDP);
}
}
];
let mut state = RdpState::new();
// will consume 0, request length + 1
- assert_eq!(AppLayerResult::incomplete(0, 9), state.parse_ts(std::ptr::null(), buf_1));
+ assert_eq!(
+ AppLayerResult::incomplete(0, 9),
+ state.parse_ts(std::ptr::null(), buf_1)
+ );
assert_eq!(0, state.transactions.len());
// exactly aligns with transaction
- assert_eq!(AppLayerResult::ok(), state.parse_ts(std::ptr::null(), buf_2));
+ assert_eq!(
+ AppLayerResult::ok(),
+ state.parse_ts(std::ptr::null(), buf_2)
+ );
assert_eq!(1, state.transactions.len());
let item = RdpTransactionItem::X224ConnectionRequest(X224ConnectionRequest {
cdt: 0,
let buf_2: &[u8] = &[0x03, 0x00, 0x00, 0x09, 0x02, 0xf0, 0x80, 0x7f, 0x66];
let mut state = RdpState::new();
// will consume 0, request length + 1
- assert_eq!(AppLayerResult::incomplete(0, 6), state.parse_tc(std::ptr::null(), buf_1));
+ assert_eq!(
+ AppLayerResult::incomplete(0, 6),
+ state.parse_tc(std::ptr::null(), buf_1)
+ );
assert_eq!(0, state.transactions.len());
// exactly aligns with transaction
- assert_eq!(AppLayerResult::ok(), state.parse_tc(std::ptr::null(), buf_2));
+ assert_eq!(
+ AppLayerResult::ok(),
+ state.parse_tc(std::ptr::null(), buf_2)
+ );
assert_eq!(1, state.transactions.len());
let item = RdpTransactionItem::McsConnectResponse(McsConnectResponse {});
assert_eq!(item, state.transactions[0].item);
use std::ffi::CString;
use std::os::raw::c_char;
use suricata_sys::sys::{
- AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
- SCAppLayerProtoDetectPMRegisterPatternCI,
+ AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerProtoDetectPMRegisterPatternCI,
};
pub(super) static mut ALPROTO_RFB: AppProto = ALPROTO_UNKNOWN;
let _ = AppLayerRegisterParser(&parser, alproto);
}
SCLogDebug!("Rust rfb parser registered.");
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RFB);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RFB);
if SCAppLayerProtoDetectPMRegisterPatternCI(
IPPROTO_TCP,
ALPROTO_RFB,
use std::collections::VecDeque;
use std::ffi::CString;
use suricata_sys::sys::{
- AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
+ AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserStateIssetFlag,
SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerProtoDetectPMRegisterPatternCS,
};
if register_pattern_probe(core::IPPROTO_UDP) < 0 {
return;
}
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SIP);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SIP);
} else {
SCLogDebug!("Protocol detection and parsing disabled for UDP SIP.");
}
if register_pattern_probe(core::IPPROTO_TCP) < 0 {
return;
}
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SIP);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SIP);
} else {
SCLogDebug!("Protocol detection and parsing disabled for TCP SIP.");
}
use nom7::error::{ErrorKind, make_error};
use suricata_sys::sys::{
AppLayerParserState, AppProto, AppProtoNewProtoFromString, EveJsonTxLoggerRegistrationData,
- SCAppLayerProtoDetectConfProtoDetectionEnabled, SCOutputEvePreRegisterLogger,
- SCOutputJsonLogDirection, SCSigTablePreRegister,
+ SCAppLayerParserRegisterLogger, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ SCOutputEvePreRegisterLogger, SCOutputJsonLogDirection, SCSigTablePreRegister,
};
#[derive(AppLayerEvent)]
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let _ = AppLayerRegisterParser(&parser, ALPROTO_SNMP);
}
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SNMP);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SNMP);
} else {
SCLogDebug!("Protocol detector and parser disabled for SNMP.");
}
use std::ffi::CString;
use std::sync::atomic::{AtomicBool, Ordering};
use suricata_sys::sys::{
- AppLayerParserState, AppProto, SCAppLayerParserStateSetFlag,
+ AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserStateSetFlag,
SCAppLayerProtoDetectConfProtoDetectionEnabled,
};
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let _ = AppLayerRegisterParser(&parser, alproto);
}
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SSH);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SSH);
SCLogDebug!("Rust ssh parser registered.");
} else {
SCLogNotice!("Protocol detector and parser disabled for SSH.");
use flate2::Decompress;
use flate2::FlushDecompress;
use suricata_sys::sys::{
- AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled,
};
use std;
SCLogError!("Invalid value for websocket.max-payload-size");
}
}
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_WEBSOCKET);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_WEBSOCKET);
} else {
SCLogDebug!("Protocol detector and parser disabled for WEBSOCKET.");
}
ipproto: u8, alproto: AppProto, direction: u8,
);
}
+extern "C" {
+ pub fn SCAppLayerParserRegisterLogger(ipproto: u8, alproto: AppProto);
+}
extern "C" {
pub fn SCAppLayerParserSetStreamDepth(ipproto: u8, alproto: AppProto, stream_depth: u32);
}
AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_FTP, ftp_get_event_info);
AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_FTP, ftp_get_event_info_by_id);
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTP);
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTPDATA);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTP);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTPDATA);
sbcfg.buf_size = 4096;
sbcfg.Calloc = FTPCalloc;
SCReturn;
}
-void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
+void SCAppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
{
SCEnter();
// AppLayerDecoderEvents *(*StateGetEvents)(void *) __attribute__((nonnull)));
void AppLayerParserRegisterGetTxFilesFunc(
uint8_t ipproto, AppProto alproto, AppLayerGetFileState (*GetTxFiles)(void *, uint8_t));
-void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto);
+void SCAppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto);
void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits);
void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto,
int (*StateGetStateProgress)(void *alstate, uint8_t direction));
TFTP_MIN_FRAME_LEN, STREAM_TOSERVER, TFTPProbingParser, TFTPProbingParser);
}
}
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_TFTP);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_TFTP);
} else {
SCLogDebug("Protocol detector and parser disabled for TFTP.");
return;
SCLogDebug("HTTP log output initialized");
/* enable the logger for the app layer */
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1);
result.ctx = output_ctx;
result.ok = true;
SCLogDebug("TLS log output initialized");
/* Enable the logger for the app layer */
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
result.ctx = output_ctx;
result.ok = true;
SCLogInfo("storing certs in %s", tls_logfile_base_dir);
/* enable the logger for the app layer */
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
result.ctx = output_ctx;
result.ok = true;
static OutputInitResult DCERPCLogInitSub(SCConfNode *conf, OutputCtx *parent_ctx)
{
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DCERPC);
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DCERPC);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DCERPC);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DCERPC);
return OutputJsonLogInitSub(conf, parent_ctx);
}
dhcplog_ctx->rs_logger = SCDhcpLoggerNew(conf);
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DHCP);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DHCP);
result.ctx = output_ctx;
result.ok = true;
SCLogInfo("DNP3 log sub-module initialized.");
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNP3);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNP3);
result.ctx = output_ctx;
result.ok = true;
SCLogDebug("DNS log sub-module initialized");
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS);
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS);
result.ctx = output_ctx;
result.ok = true;
output_ctx->DeInit = OutputHttpLogDeinitSub;
/* enable the logger for the app layer */
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1);
result.ctx = output_ctx;
result.ok = true;
output_ctx->data = ikelog_ctx;
output_ctx->DeInit = OutputIKELogDeInitCtxSub;
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_IKE);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_IKE);
result.ctx = output_ctx;
result.ok = true;
output_ctx->data = dnslog_ctx;
output_ctx->DeInit = DnsLogDeInitCtxSub;
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_MDNS);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_MDNS);
result.ctx = output_ctx;
result.ok = true;
JsonMQTTLogParseConfig(conf, mqttlog_ctx);
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MQTT);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MQTT);
result.ctx = output_ctx;
result.ok = true;
static OutputInitResult NFSLogInitSub(SCConfNode *conf, OutputCtx *parent_ctx)
{
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_NFS);
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_NFS);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_NFS);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_NFS);
return OutputJsonLogInitSub(conf, parent_ctx);
}
JsonPgsqlLogParseConfig(conf, pgsql_ctx);
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_PGSQL);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_PGSQL);
SCLogDebug("PostgreSQL log sub-module initialized.");
static OutputInitResult SMBLogInitSub(SCConfNode *conf, OutputCtx *parent_ctx)
{
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMB);
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SMB);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMB);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SMB);
OutputInitResult r = OutputJsonLogInitSub(conf, parent_ctx);
if (r.ok) {
// generic init is ok, try smb-specific one
output_ctx->DeInit = OutputSmtpLogDeInitCtxSub;
/* enable the logger for the app layer */
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMTP);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMTP);
result.ctx = output_ctx;
result.ok = true;
output_ctx->data = tls_ctx;
output_ctx->DeInit = OutputTlsLogDeinitSub;
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
result.ctx = output_ctx;
result.ok = true;
om->alproto = ALPROTO_HTTP1;
om->ts_log_progress = -1;
om->tc_log_progress = -1;
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1);
} else if (opts.alproto == ALPROTO_TLS) {
om->TxLogFunc = LuaTxLogger;
om->alproto = ALPROTO_TLS;
om->tc_log_progress = TLS_STATE_SERVER_HANDSHAKE_DONE;
om->ts_log_progress = TLS_STATE_CLIENT_HANDSHAKE_DONE;
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
} else if (opts.alproto == ALPROTO_DNS) {
om->TxLogFunc = LuaTxLogger;
om->alproto = ALPROTO_DNS;
om->ts_log_progress = -1;
om->tc_log_progress = -1;
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS);
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS);
+ SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS);
} else if (opts.alproto == ALPROTO_SSH) {
om->TxLogFunc = LuaTxLogger;
om->alproto = ALPROTO_SSH;
om->TxLogCondition = SSHTxLogCondition;
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SSH);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SSH);
} else if (opts.alproto == ALPROTO_SMTP) {
om->TxLogFunc = LuaTxLogger;
om->alproto = ALPROTO_SMTP;
om->ts_log_progress = -1;
om->tc_log_progress = -1;
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMTP);
+ SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMTP);
} else if (opts.packet && opts.alerts) {
om->PacketLogFunc = LuaPacketLoggerAlerts;
om->PacketConditionFunc = LuaPacketConditionAlerts;
projects / thirdparty / suricata.git / commitdiff
