#[no_mangle]
pub extern "C" fn rs_dns_parse_response_tcp(_flow: *const core::Flow,
state: *mut std::os::raw::c_void,
- _pstate: *mut std::os::raw::c_void,
+ _pstate: *mut AppLayerParserState,
input: *const u8,
input_len: u32,
_data: *const std::os::raw::c_void,
use std::os::raw::{c_char, c_int, c_void};
use suricata::applayer::{
state_get_tx_iterator, AppLayerEvent, AppLayerParserConfParserEnabled,
- AppLayerParserRegisterLogger, AppLayerParserStateIssetFlag, AppLayerRegisterParser,
- AppLayerRegisterProtocolDetection, AppLayerResult, AppLayerStateData, AppLayerTxData,
- RustParser, State, StreamSlice, Transaction, APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS,
- APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
+ AppLayerParserRegisterLogger, AppLayerRegisterParser, AppLayerRegisterProtocolDetection,
+ AppLayerResult, AppLayerStateData, AppLayerTxData, RustParser, State, StreamSlice, Transaction,
+ APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS, APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
};
use suricata::conf::conf_get;
use suricata::core::{ALPROTO_UNKNOWN, IPPROTO_TCP};
use suricata::{
build_slice, cast_pointer, export_state_data_get, export_tx_data_get, SCLogError, SCLogNotice,
};
-use suricata_sys::sys::{AppProto, Flow, SCAppLayerProtoDetectConfProtoDetectionEnabled};
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, Flow, SCAppLayerParserStateIssetFlag,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled,
+};
static mut TEMPLATE_MAX_TX: usize = 256;
}
unsafe extern "C" fn template_parse_request(
- _flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
- _data: *const c_void,
+ _flow: *mut Flow, state: *mut c_void, pstate: *mut AppLayerParserState,
+ stream_slice: StreamSlice, _data: *const c_void,
) -> AppLayerResult {
- let eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0;
+ let eof = SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0;
if eof {
// If needed, handle EOF, or pass it into the parser.
}
unsafe extern "C" fn template_parse_response(
- _flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
- _data: *const c_void,
+ _flow: *mut Flow, state: *mut c_void, pstate: *mut AppLayerParserState,
+ stream_slice: StreamSlice, _data: *const c_void,
) -> AppLayerResult {
- let _eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0;
+ let _eof = SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0;
let state = cast_pointer!(state, TemplateState);
if stream_slice.is_gap() {
// Make the AppLayerEvent derive macro available to users importing
// AppLayerEvent from this module.
pub use suricata_derive::AppLayerEvent;
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{AppLayerParserState, AppProto};
/// Cast pointer to a variable, as a mutable reference to an object
///
pub type ParseFn = unsafe extern "C" fn (flow: *mut Flow,
state: *mut c_void,
- pstate: *mut c_void,
+ pstate: *mut AppLayerParserState,
stream_slice: StreamSlice,
data: *const c_void) -> AppLayerResult;
pub type ProbeFn = unsafe extern "C" fn (flow: *const Flow, flags: u8, input:*const u8, input_len: u32, rdir: *mut u8) -> AppProto;
/// cbindgen:ignore
extern "C" {
- pub fn AppLayerParserStateIssetFlag(state: *mut c_void, flag: u16) -> u16;
pub fn AppLayerParserSetStreamDepth(ipproto: u8, alproto: AppProto, stream_depth: u32);
pub fn AppLayerParserConfParserEnabled(ipproto: *const c_char, proto: *const c_char) -> c_int;
pub fn AppLayerParserRegisterLogger(pproto: u8, alproto: AppProto);
use std::collections::VecDeque;
use std::ffi::CString;
use std::os::raw::{c_char, c_int, c_void};
-use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled,
+};
static mut TEMPLATE_MAX_TX: usize = 256;
}
unsafe extern "C" fn template_parse_request(
- _flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
- _data: *const c_void,
+ _flow: *mut Flow, state: *mut c_void, pstate: *mut AppLayerParserState,
+ stream_slice: StreamSlice, _data: *const c_void,
) -> AppLayerResult {
- let eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0;
+ let eof = SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0;
if eof {
// If needed, handle EOF, or pass it into the parser.
}
unsafe extern "C" fn template_parse_response(
- _flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
- _data: *const c_void,
+ _flow: *mut Flow, state: *mut c_void, pstate: *mut AppLayerParserState,
+ stream_slice: StreamSlice, _data: *const c_void,
) -> AppLayerResult {
- let _eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0;
+ let _eof = SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0;
let state = cast_pointer!(state, TemplateState);
if stream_slice.is_gap() {
* 02110-1301, USA.
*/
- use suricata_sys::sys::{
- AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
SCAppLayerProtoDetectPMRegisterPatternCS,
};
impl BitTorrentDHTTransaction {
pub fn new(direction: Direction) -> Self {
- Self {
- tx_data: AppLayerTxData::for_direction(direction),
- ..Default::default()
- }
+ Self {
+ tx_data: AppLayerTxData::for_direction(direction),
+ ..Default::default()
+ }
}
/// Set an event on the transaction
std::mem::drop(Box::from_raw(state as *mut BitTorrentDHTState));
}
-unsafe extern "C" fn state_tx_free(
- state: *mut std::os::raw::c_void, tx_id: u64,
-) {
+unsafe extern "C" fn state_tx_free(state: *mut std::os::raw::c_void, tx_id: u64) {
let state = cast_pointer!(state, BitTorrentDHTState);
state.free_tx(tx_id);
}
unsafe extern "C" fn parse_ts(
- _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
return parse(
- _flow, state, _pstate, stream_slice,
- _data, Direction::ToServer);
+ _flow,
+ state,
+ _pstate,
+ stream_slice,
+ _data,
+ Direction::ToServer,
+ );
}
unsafe extern "C" fn parse_tc(
- _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
return parse(
- _flow, state, _pstate, stream_slice,
- _data, Direction::ToClient);
+ _flow,
+ state,
+ _pstate,
+ stream_slice,
+ _data,
+ Direction::ToClient,
+ );
}
unsafe extern "C" fn parse(
- _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
- stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
- direction: Direction,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
+ stream_slice: StreamSlice, _data: *const std::os::raw::c_void, direction: Direction,
) -> AppLayerResult {
let state = cast_pointer!(state, BitTorrentDHTState);
let buf = stream_slice.as_slice();
}
}
-unsafe extern "C" fn state_get_tx_count(
- state: *mut std::os::raw::c_void,
-) -> u64 {
+unsafe extern "C" fn state_get_tx_count(state: *mut std::os::raw::c_void) -> u64 {
let state = cast_pointer!(state, BitTorrentDHTState);
return state.tx_id;
}
use nom7::number::Endianness;
use nom7::{Err, IResult, Needed};
use suricata_sys::sys::{
- AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
SCAppLayerProtoDetectPMRegisterPatternCSwPP,
};
use std;
}
unsafe extern "C" fn parse_request(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void,
) -> AppLayerResult {
}
unsafe extern "C" fn parse_response(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void,
) -> AppLayerResult {
use crate::flow::Flow;
use nom7::Err;
use suricata_sys::sys::{
- AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
SCAppLayerProtoDetectPMRegisterPatternCSwPP,
};
use std;
}
unsafe extern "C" fn parse(
- _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void,
) -> AppLayerResult {
* 02110-1301, USA.
*/
-use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+};
use crate::applayer::{self, *};
use crate::core::{ALPROTO_UNKNOWN, IPPROTO_UDP};
}
unsafe extern "C" fn dhcp_parse(
- _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, DHCPState);
use nom7::number::streaming::be_u16;
use nom7::{Err, IResult};
use suricata_sys::sys::{
- AppProto, DetectEngineThreadCtx, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ AppLayerParserState, AppProto, DetectEngineThreadCtx,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled,
};
/// DNS record types.
/// C binding parse a DNS request. Returns 1 on success, -1 on failure.
pub(crate) unsafe extern "C" fn parse_request(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, DNSState);
}
unsafe extern "C" fn parse_response(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, DNSState);
/// C binding parse a DNS request. Returns 1 on success, -1 on failure.
unsafe extern "C" fn parse_request_tcp(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, DNSState);
}
unsafe extern "C" fn parse_response_tcp(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, DNSState);
use std::collections::VecDeque;
use std::ffi::CString;
use std::os::raw::{c_char, c_int, c_void};
-use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled,
+};
pub(super) static mut ALPROTO_ENIP: AppProto = ALPROTO_UNKNOWN;
}
unsafe extern "C" fn enip_parse_request_udp(
- flow: *mut Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
- _data: *const c_void,
+ flow: *mut Flow, state: *mut c_void, _pstate: *mut AppLayerParserState,
+ stream_slice: StreamSlice, _data: *const c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, EnipState);
state.parse_udp(stream_slice, true, flow)
}
unsafe extern "C" fn enip_parse_response_udp(
- flow: *mut Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
- _data: *const c_void,
+ flow: *mut Flow, state: *mut c_void, _pstate: *mut AppLayerParserState,
+ stream_slice: StreamSlice, _data: *const c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, EnipState);
state.parse_udp(stream_slice, false, flow)
}
unsafe extern "C" fn enip_parse_request_tcp(
- flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
- _data: *const c_void,
+ flow: *mut Flow, state: *mut c_void, pstate: *mut AppLayerParserState,
+ stream_slice: StreamSlice, _data: *const c_void,
) -> AppLayerResult {
- let eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0;
+ let eof = SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0;
if eof {
return AppLayerResult::ok();
}
}
unsafe extern "C" fn enip_parse_response_tcp(
- flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
- _data: *const c_void,
+ flow: *mut Flow, state: *mut c_void, pstate: *mut AppLayerParserState,
+ stream_slice: StreamSlice, _data: *const c_void,
) -> AppLayerResult {
- let eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0;
+ let eof = SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0;
if eof {
return AppLayerResult::ok();
}
use std::fmt;
use std::io;
use suricata_sys::sys::{
- AppProto, SCAppLayerForceProtocolChange, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ AppLayerParserState, AppProto, SCAppLayerForceProtocolChange,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled,
};
static mut ALPROTO_HTTP2: AppProto = ALPROTO_UNKNOWN;
}
unsafe extern "C" fn http2_parse_ts(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, HTTP2State);
}
unsafe extern "C" fn http2_parse_tc(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, HTTP2State);
use crate::ike::ikev2::{handle_ikev2, Ikev2Container};
use crate::ike::parser::*;
use nom7::Err;
-use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
use std;
use std::collections::HashSet;
use std::ffi::CString;
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+};
#[derive(AppLayerEvent)]
pub enum IkeEvent {
impl IKETransaction {
pub fn new(direction: Direction) -> Self {
- Self {
- direction,
- tx_data: applayer::AppLayerTxData::for_direction(direction),
- ..Default::default()
- }
+ Self {
+ direction,
+ tx_data: applayer::AppLayerTxData::for_direction(direction),
+ ..Default::default()
+ }
}
/// Set an event.
}
pub fn get_tx(&mut self, tx_id: u64) -> Option<&mut IKETransaction> {
- self.transactions.iter_mut().find(|tx| tx.tx_id == tx_id + 1)
+ self.transactions
+ .iter_mut()
+ .find(|tx| tx.tx_id == tx_id + 1)
}
pub fn new_tx(&mut self, direction: Direction) -> IKETransaction {
}
unsafe extern "C" fn ike_parse_request(
- _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, IKEState);
}
unsafe extern "C" fn ike_parse_response(
- _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, IKEState);
use nom7::{Err, IResult};
use std;
use std::ffi::CString;
-use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+};
#[derive(AppLayerEvent)]
pub enum KRB5Event {
}
unsafe extern "C" fn krb5_parse_request(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let buf = stream_slice.as_slice();
}
unsafe extern "C" fn krb5_parse_response(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let buf = stream_slice.as_slice();
}
unsafe extern "C" fn krb5_parse_request_tcp(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, KRB5State);
}
unsafe extern "C" fn krb5_parse_response_tcp(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, KRB5State);
use std::ffi::CString;
use std::os::raw::{c_char, c_int, c_void};
use suricata_sys::sys::{
- AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerRequestProtocolTLSUpgrade,
+ AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerRequestProtocolTLSUpgrade,
};
use crate::ldap::types::*;
fn find_request(&mut self, message_id: MessageID) -> Option<&mut LdapTransaction> {
self.transactions.iter_mut().find(|tx| {
tx.request
- .as_ref().is_some_and(|req| req.message_id == message_id)
+ .as_ref()
+ .is_some_and(|req| req.message_id == message_id)
})
}
}
unsafe extern "C" fn ldap_parse_request(
- flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
- _data: *const c_void,
+ flow: *mut Flow, state: *mut c_void, pstate: *mut AppLayerParserState,
+ stream_slice: StreamSlice, _data: *const c_void,
) -> AppLayerResult {
if stream_slice.is_empty() {
- if AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0 {
+ if SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0 {
return AppLayerResult::ok();
} else {
return AppLayerResult::err();
}
unsafe extern "C" fn ldap_parse_response(
- flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
- _data: *const c_void,
+ flow: *mut Flow, state: *mut c_void, pstate: *mut AppLayerParserState,
+ stream_slice: StreamSlice, _data: *const c_void,
) -> AppLayerResult {
if stream_slice.is_empty() {
- if AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0 {
+ if SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0 {
return AppLayerResult::ok();
} else {
return AppLayerResult::err();
}
unsafe extern "C" fn ldap_parse_request_udp(
- flow: *mut Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
- _data: *const c_void,
+ flow: *mut Flow, state: *mut c_void, _pstate: *mut AppLayerParserState,
+ stream_slice: StreamSlice, _data: *const c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, LdapState);
state.parse_request_udp(flow, stream_slice)
}
unsafe extern "C" fn ldap_parse_response_udp(
- flow: *mut Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
- _data: *const c_void,
+ flow: *mut Flow, state: *mut c_void, _pstate: *mut AppLayerParserState,
+ stream_slice: StreamSlice, _data: *const c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, LdapState);
state.parse_response_udp(flow, stream_slice)
use sawp::parser::{Direction, Parse};
use sawp::probe::{Probe, Status};
use sawp_modbus::{self, AccessType, ErrorFlags, Flags, Message};
-use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabledDefault};
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
+ SCAppLayerProtoDetectConfProtoDetectionEnabledDefault,
+};
pub const REQUEST_FLOOD: usize = 500; // Default unreplied Modbus requests are considered a flood
pub const MODBUS_PARSER: sawp_modbus::Modbus = sawp_modbus::Modbus { probe_strict: true };
}
unsafe extern "C" fn modbus_parse_request(
- flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let buf = stream_slice.as_slice();
if buf.is_empty() {
- if AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0 {
+ if SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0 {
return AppLayerResult::ok();
} else {
return AppLayerResult::err();
}
unsafe extern "C" fn modbus_parse_response(
- flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let buf = stream_slice.as_slice();
if buf.is_empty() {
- if AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0 {
+ if SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0 {
return AppLayerResult::ok();
} else {
return AppLayerResult::err();
use std;
use std::collections::VecDeque;
use std::ffi::CString;
-use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+};
// Used as a special pseudo packet identifier to denote the first CONNECT
// packet in a connection. Note that there is no risk of collision with a
}
unsafe extern "C" fn mqtt_parse_request(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, MQTTState);
}
unsafe extern "C" fn mqtt_parse_response(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, MQTTState);
use nom7::{Err, Needed};
use suricata_sys::sys::{
- AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
SCAppLayerProtoDetectPPParseConfPorts, SCAppLayerProtoDetectPPRegister,
};
/// C binding parse a NFS TCP request. Returns 1 on success, -1 on failure.
unsafe extern "C" fn nfs_parse_request(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, NFSState);
}
unsafe extern "C" fn nfs_parse_response(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, NFSState);
/// C binding to parse an NFS/UDP request. Returns 1 on success, -1 on failure.
unsafe extern "C" fn nfs_parse_request_udp(
- f: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ f: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, NFSState);
}
unsafe extern "C" fn nfs_parse_response_udp(
- f: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ f: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, NFSState);
use std::ffi::CString;
use nom7::Err;
-use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+};
#[derive(AppLayerEvent)]
pub enum NTPEvent {
}
unsafe extern "C" fn ntp_parse_request(
- _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, NTPState);
}
unsafe extern "C" fn ntp_parse_response(
- _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, NTPState);
use std::collections::VecDeque;
use std::ffi::CString;
use suricata_sys::sys::{
- AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerRequestProtocolTLSUpgrade,
+ AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerRequestProtocolTLSUpgrade,
};
const PGSQL_CONFIG_DEFAULT_STREAM_DEPTH: u32 = 0;
}
unsafe extern "C" fn parse_request(
- flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
if stream_slice.is_empty() {
- if AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0 {
+ if SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0 {
SCLogDebug!(" Suricata reached `eof`");
return AppLayerResult::ok();
} else {
}
unsafe extern "C" fn parse_response(
- flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
if stream_slice.is_empty() {
- if AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0 {
+ if SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0 {
return AppLayerResult::ok();
} else {
return AppLayerResult::err();
use std::ffi::CString;
use std::os::raw::{c_char, c_int, c_void};
use suricata_sys::sys::{
- AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerRequestProtocolTLSUpgrade,
+ AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerRequestProtocolTLSUpgrade,
};
use sawp::error::Error as SawpError;
}
unsafe extern "C" fn pop3_parse_request(
- flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
+ flow: *mut Flow, state: *mut c_void, pstate: *mut AppLayerParserState, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
- let eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0;
+ let eof = SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0;
if eof {
// If needed, handle EOF, or pass it into the parser.
}
unsafe extern "C" fn pop3_parse_response(
- flow: *mut Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice,
+ flow: *mut Flow, state: *mut c_void, pstate: *mut AppLayerParserState, stream_slice: StreamSlice,
_data: *const c_void,
) -> AppLayerResult {
- let _eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0;
+ let _eof = SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0;
let state = cast_pointer!(state, POP3State);
if stream_slice.is_gap() {
};
use std::collections::VecDeque;
use std::ffi::CString;
-use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+};
use tls_parser::TlsExtensionType;
static mut ALPROTO_QUIC: AppProto = ALPROTO_UNKNOWN;
}
unsafe extern "C" fn quic_parse_tc(
- _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, QuicState);
}
unsafe extern "C" fn quic_parse_ts(
- _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ _flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, QuicState);
use crate::rdp::parser::*;
use crate::direction::Direction;
use nom7::Err;
-use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+};
use std;
use std::collections::VecDeque;
use tls_parser::{parse_tls_plaintext, TlsMessage, TlsMessageHandshake, TlsRecordType};
//
unsafe extern "C" fn rdp_parse_ts(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void
) -> AppLayerResult {
}
unsafe extern "C" fn rdp_parse_tc(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void
) -> AppLayerResult {
use super::parser;
use crate::applayer;
use crate::applayer::*;
-use crate::core::{ALPROTO_UNKNOWN, IPPROTO_TCP, sc_app_layer_parser_trigger_raw_stream_inspection};
+use crate::core::{
+ sc_app_layer_parser_trigger_raw_stream_inspection, ALPROTO_UNKNOWN, IPPROTO_TCP,
+};
use crate::direction::Direction;
use crate::flow::Flow;
use crate::frames::*;
use nom7::Err;
-use suricata_sys::sys::{
- AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
- SCAppLayerProtoDetectPMRegisterPatternCI,
-};
use std;
use std::ffi::CString;
use std::os::raw::c_char;
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ SCAppLayerProtoDetectPMRegisterPatternCI,
+};
pub(super) static mut ALPROTO_RFB: AppProto = ALPROTO_UNKNOWN;
if let Some(current_transaction) = self.get_current_tx() {
current_transaction.ts_client_protocol_version = Some(request);
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToServer as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToServer as i32,
+ );
} else {
debug_validate_fail!(
"no transaction set at protocol selection stage"
current_transaction.ts_security_type_selection = Some(request);
current_transaction.chosen_security_type =
Some(chosen_security_type as u32);
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToServer as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToServer as i32,
+ );
} else {
debug_validate_fail!("no transaction set at security type stage");
}
if let Some(current_transaction) = self.get_current_tx() {
current_transaction.ts_vnc_response = Some(request);
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToServer as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToServer as i32,
+ );
} else {
debug_validate_fail!("no transaction set at security result stage");
}
if let Some(current_transaction) = self.get_current_tx() {
current_transaction.ts_client_init = Some(request);
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToServer as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToServer as i32,
+ );
} else {
debug_validate_fail!("no transaction set at client init stage");
}
if let Some(current_transaction) = self.get_current_tx() {
current_transaction.tc_server_protocol_version = Some(request);
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToClient as i32,
+ );
} else {
debug_validate_fail!("no transaction set but we just set one");
}
if let Some(current_transaction) = self.get_current_tx() {
current_transaction.tc_supported_security_types = Some(request);
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToClient as i32,
+ );
} else {
debug_validate_fail!("no transaction set at security type stage");
}
current_transaction.tc_server_security_type = Some(request);
current_transaction.chosen_security_type =
Some(chosen_security_type);
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToClient as i32,
+ );
} else {
debug_validate_fail!("no transaction set at security type stage");
}
if let Some(current_transaction) = self.get_current_tx() {
current_transaction.tc_vnc_challenge = Some(request);
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToClient as i32,
+ );
} else {
debug_validate_fail!("no transaction set at auth stage");
}
if let Some(current_transaction) = self.get_current_tx() {
current_transaction.tc_security_result = Some(request);
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToClient as i32,
+ );
} else {
debug_validate_fail!(
"no transaction set at security result stage"
Ok((_rem, request)) => {
if let Some(current_transaction) = self.get_current_tx() {
current_transaction.tc_failure_reason = Some(request);
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToClient as i32,
+ );
} else {
debug_validate_fail!("no transaction set at failure reason stage");
}
if let Some(current_transaction) = self.get_current_tx() {
current_transaction.tc_server_init = Some(request);
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToClient as i32,
+ );
// connection initialization is complete and parsed
current_transaction.complete = true;
} else {
}
unsafe extern "C" fn rfb_parse_request(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, RFBState);
}
unsafe extern "C" fn rfb_parse_response(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, RFBState);
use crate::applayer::{self, *};
use crate::core;
-use crate::core::{ALPROTO_UNKNOWN, IPPROTO_TCP, IPPROTO_UDP, sc_app_layer_parser_trigger_raw_stream_inspection};
+use crate::core::{
+ sc_app_layer_parser_trigger_raw_stream_inspection, ALPROTO_UNKNOWN, IPPROTO_TCP, IPPROTO_UDP,
+};
use crate::direction::Direction;
use crate::flow::Flow;
use crate::frames::*;
use crate::sip::parser::*;
use nom7::Err;
-use suricata_sys::sys::{
- AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
- SCAppLayerProtoDetectPMRegisterPatternCS,
-};
use std;
use std::collections::VecDeque;
use std::ffi::CString;
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerProtoDetectPMRegisterPatternCS,
+};
// app-layer-frame-documentation tag start: FrameType enum
#[derive(AppLayerFrameType)]
tx.request_line = req_line;
}
self.transactions.push_back(tx);
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToServer as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToServer as i32,
+ );
let consumed = start.len() - rem.len();
start = rem;
tx.response_line = resp_line;
}
self.transactions.push_back(tx);
- sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32);
+ sc_app_layer_parser_trigger_raw_stream_inspection(
+ flow,
+ Direction::ToClient as i32,
+ );
let consumed = start.len() - rem.len();
start = rem;
pub static mut ALPROTO_SIP: AppProto = ALPROTO_UNKNOWN;
unsafe extern "C" fn sip_parse_request(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, SIPState);
}
unsafe extern "C" fn sip_parse_request_tcp(
- flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
if stream_slice.is_empty() {
- if AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0 {
+ if SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0 {
return AppLayerResult::ok();
} else {
return AppLayerResult::err();
}
unsafe extern "C" fn sip_parse_response(
- flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, SIPState);
}
unsafe extern "C" fn sip_parse_response_tcp(
- flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
if stream_slice.is_empty() {
- if AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0 {
+ if SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0 {
return AppLayerResult::ok();
} else {
return AppLayerResult::err();
use lru::LruCache;
use suricata_sys::sys::{
- AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+ AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
SCAppLayerProtoDetectPMRegisterPatternCSwPP, SCAppLayerProtoDetectPPParseConfPorts,
SCAppLayerProtoDetectPPRegister,
};
/// C binding parse a SMB request. Returns 1 on success, -1 on failure.
unsafe extern "C" fn smb_parse_request_tcp(flow: *mut Flow,
state: *mut ffi::c_void,
- _pstate: *mut std::os::raw::c_void,
+ _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void,
)
unsafe extern "C" fn smb_parse_response_tcp(flow: *mut Flow,
state: *mut ffi::c_void,
- _pstate: *mut std::os::raw::c_void,
+ _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice,
_data: *const ffi::c_void,
)
use nom7::{Err, IResult};
use nom7::error::{ErrorKind, make_error};
use suricata_sys::sys::{
- AppProto, AppProtoNewProtoFromString, EveJsonTxLoggerRegistrationData,
+ AppLayerParserState, AppProto, AppProtoNewProtoFromString, EveJsonTxLoggerRegistrationData,
SCAppLayerProtoDetectConfProtoDetectionEnabled, SCOutputEvePreRegisterLogger,
SCOutputJsonLogDirection, SCSigTablePreRegister,
};
unsafe extern "C" fn snmp_parse_request(_flow: *mut Flow,
state: *mut std::os::raw::c_void,
- _pstate: *mut std::os::raw::c_void,
+ _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void,
) -> AppLayerResult {
unsafe extern "C" fn snmp_parse_response(_flow: *mut Flow,
state: *mut std::os::raw::c_void,
- _pstate: *mut std::os::raw::c_void,
+ _pstate: *mut AppLayerParserState,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void,
) -> AppLayerResult {
use std::ffi::CString;
use std::sync::atomic::{AtomicBool, Ordering};
use suricata_sys::sys::{
- AppLayerParserState_, AppProto, SCAppLayerParserStateSetFlag,
+ AppLayerParserState, AppProto, SCAppLayerParserStateSetFlag,
SCAppLayerProtoDetectConfProtoDetectionEnabled,
};
}
fn parse_record(
- &mut self, mut input: &[u8], resp: bool, pstate: *mut std::os::raw::c_void,
+ &mut self, mut input: &[u8], resp: bool, pstate: *mut AppLayerParserState,
flow: *const Flow, stream_slice: &StreamSlice,
) -> AppLayerResult {
let (hdr, ohdr) = if !resp {
if flags != 0 {
unsafe {
- // TODO a later bindgen should prove that this cast is useless
- SCAppLayerParserStateSetFlag(
- pstate as *mut AppLayerParserState_,
- flags,
- );
+ SCAppLayerParserStateSetFlag(pstate, flags);
}
}
}
}
fn parse_banner(
- &mut self, input: &[u8], resp: bool, pstate: *mut std::os::raw::c_void, flow: *const Flow,
+ &mut self, input: &[u8], resp: bool, pstate: *mut AppLayerParserState, flow: *const Flow,
stream_slice: &StreamSlice,
) -> AppLayerResult {
let hdr = if !resp {
}
unsafe extern "C" fn ssh_parse_request(
- flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = &mut cast_pointer!(state, SSHState);
}
unsafe extern "C" fn ssh_parse_response(
- flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void,
+ flow: *mut Flow, state: *mut std::os::raw::c_void, pstate: *mut AppLayerParserState,
stream_slice: StreamSlice, _data: *const std::os::raw::c_void,
) -> AppLayerResult {
let state = &mut cast_pointer!(state, SSHState);
use crate::frames::*;
use std::ffi::CString;
use nom7::IResult;
-use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag,
+ SCAppLayerProtoDetectConfProtoDetectionEnabled,
+};
use super::parser;
static mut ALPROTO_TELNET: AppProto = ALPROTO_UNKNOWN;
unsafe extern "C" fn telnet_parse_request(
flow: *mut Flow,
state: *mut std::os::raw::c_void,
- pstate: *mut std::os::raw::c_void,
+ pstate: *mut AppLayerParserState,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void
) -> AppLayerResult {
- let eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0;
+ let eof = SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0;
if eof {
// If needed, handle EOF, or pass it into the parser.
unsafe extern "C" fn telnet_parse_response(
flow: *mut Flow,
state: *mut std::os::raw::c_void,
- pstate: *mut std::os::raw::c_void,
+ pstate: *mut AppLayerParserState,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void
) -> AppLayerResult {
- let _eof = AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0;
+ let _eof = SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0;
let state = cast_pointer!(state, TelnetState);
if stream_slice.is_gap() {
use flate2::Decompress;
use flate2::FlushDecompress;
-use suricata_sys::sys::{AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled};
+use suricata_sys::sys::{
+ AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled,
+};
use std;
use std::collections::VecDeque;
}
unsafe extern "C" fn websocket_parse_request(
- flow: *mut Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
- _data: *const c_void,
+ flow: *mut Flow, state: *mut c_void, _pstate: *mut AppLayerParserState,
+ stream_slice: StreamSlice, _data: *const c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, WebSocketState);
state.parse(stream_slice, Direction::ToServer, flow)
}
unsafe extern "C" fn websocket_parse_response(
- flow: *mut Flow, state: *mut c_void, _pstate: *mut c_void, stream_slice: StreamSlice,
- _data: *const c_void,
+ flow: *mut Flow, state: *mut c_void, _pstate: *mut AppLayerParserState,
+ stream_slice: StreamSlice, _data: *const c_void,
) -> AppLayerResult {
let state = cast_pointer!(state, WebSocketState);
state.parse(stream_slice, Direction::ToClient, flow)
extern "C" {
pub fn SCAppLayerParserStateSetFlag(pstate: *mut AppLayerParserState, flag: u16);
}
+extern "C" {
+ pub fn SCAppLayerParserStateIssetFlag(pstate: *mut AppLayerParserState, flag: u16) -> u16;
+}
const uint8_t *input = StreamSliceGetData(&stream_slice);
uint32_t input_len = StreamSliceGetDataLen(&stream_slice);
- if (input == NULL && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) {
+ if (input == NULL && SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) {
SCReturnStruct(APP_LAYER_OK);
} else if (input == NULL || input_len == 0) {
SCReturnStruct(APP_LAYER_ERROR);
const uint8_t *input = StreamSliceGetData(&stream_slice);
uint32_t input_len = StreamSliceGetDataLen(&stream_slice);
const bool eof = (direction & STREAM_TOSERVER)
- ? AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) != 0
- : AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) != 0;
+ ? SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) != 0
+ : SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) != 0;
SCTxDataUpdateFileFlags(&ftpdata_state->tx_data, ftpdata_state->state_data.file_flags);
if (ftpdata_state->tx_data.file_tx == 0)
}
/* if the TCP connection is closed, then close the HTTP connection */
- if (AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) &&
- !(hstate->flags & HTP_FLAG_STATE_CLOSED_TS))
- {
+ if (SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) &&
+ !(hstate->flags & HTP_FLAG_STATE_CLOSED_TS)) {
htp_connp_request_close(hstate->connp, &ts);
hstate->flags |= HTP_FLAG_STATE_CLOSED_TS;
SCLogDebug("stream eof encountered, closing htp handle for ts");
}
/* if we the TCP connection is closed, then close the HTTP connection */
- if (AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) &&
- !(hstate->flags & HTP_FLAG_STATE_CLOSED_TC))
- {
+ if (SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) &&
+ !(hstate->flags & HTP_FLAG_STATE_CLOSED_TC)) {
htp_connp_close(hstate->connp, &ts);
hstate->flags |= HTP_FLAG_STATE_CLOSED_TC;
}
SCReturn;
}
-/* coccinelle: AppLayerParserStateIssetFlag():2,2:APP_LAYER_PARSER_ */
-uint16_t AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag)
+/* coccinelle: SCAppLayerParserStateIssetFlag():2,2:APP_LAYER_PARSER_ */
+uint16_t SCAppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag)
{
SCEnter();
SCReturnUInt(pstate->flags & flag);
void AppLayerParserRegisterProtocolParsers(void);
void SCAppLayerParserStateSetFlag(AppLayerParserState *pstate, uint16_t flag);
-uint16_t AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag);
+uint16_t SCAppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint16_t flag);
AppLayerParserState *AppLayerParserStateAlloc(void);
void AppLayerParserStateFree(AppLayerParserState *pstate);
uint32_t input_len = StreamSliceGetDataLen(&stream_slice);
if (input_buf == NULL &&
- ((direction == 0 && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
+ ((direction == 0 && SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
(direction == 1 &&
- AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) {
+ SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) {
SCReturnStruct(APP_LAYER_OK);
} else if (input_buf == NULL || input_len == 0) {
SCReturnStruct(APP_LAYER_OK);
void *tx = SCSshStateGetTx(ssh_state, 0);
FAIL_IF(SCSshTxGetFlags(tx, STREAM_TOCLIENT) != SshStateFinished);
- FAIL_IF(!(AppLayerParserStateIssetFlag(f->alparser, APP_LAYER_PARSER_NO_INSPECTION)));
+ FAIL_IF(!(SCAppLayerParserStateIssetFlag(f->alparser, APP_LAYER_PARSER_NO_INSPECTION)));
UTHFreePacket(p);
StreamTcpUTClearSession(&ssn);
int32_t input_len = (int32_t)StreamSliceGetDataLen(&stream_slice);
if ((input == NULL || input_len == 0) &&
- ((direction == 0 && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
+ ((direction == 0 && SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) ||
(direction == 1 &&
- AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) {
+ SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) {
/* flag session as finished if APP_LAYER_PARSER_EOF is set */
if (direction == 0)
UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
}
/* flag session as finished if APP_LAYER_PARSER_EOF is set */
- if (AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) &&
- AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)) {
+ if (SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) &&
+ SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)) {
/* update both sides to keep existing behavior */
UpdateClientState(ssl_state, TLS_STATE_CLIENT_FINISHED);
UpdateServerState(ssl_state, TLS_STATE_SERVER_FINISHED);
/* Likely connection closed, we can just return here. */
if ((input == NULL || input_len == 0) &&
- AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) {
+ SCAppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) {
SCReturnStruct(APP_LAYER_OK);
}
}
const TcpSession *ssn = p->flow->protoctx;
bool setting_nopayload = p->flow->alparser &&
- AppLayerParserStateIssetFlag(
+ SCAppLayerParserStateIssetFlag(
p->flow->alparser, APP_LAYER_PARSER_NO_INSPECTION) &&
!(p->flags & PKT_NOPAYLOAD_INSPECTION);
// we may be right after disabling app-layer (ssh)
// this is the first packet that sets no payload inspection
bool setting_nopayload =
p->flow->alparser &&
- AppLayerParserStateIssetFlag(p->flow->alparser, APP_LAYER_PARSER_NO_INSPECTION) &&
+ SCAppLayerParserStateIssetFlag(p->flow->alparser, APP_LAYER_PARSER_NO_INSPECTION) &&
!(p->flags & PKT_NOPAYLOAD_INSPECTION);
if (FlowChangeProto(p->flow) || setting_nopayload) {
StreamTcpDetectLogFlush(tv, fw->stream_thread, p->flow, p, &fw->pq);
frames = &frames_container->toserver;
SCLogDebug("TOSERVER base %" PRIu64 ", app %" PRIu64, STREAM_BASE_OFFSET(stream),
STREAM_APP_PROGRESS(stream));
- eof |= AppLayerParserStateIssetFlag(p->flow->alparser, APP_LAYER_PARSER_EOF_TS) != 0;
+ eof |= SCAppLayerParserStateIssetFlag(p->flow->alparser, APP_LAYER_PARSER_EOF_TS) != 0;
} else {
stream = &ssn->server;
frames = &frames_container->toclient;
- eof |= AppLayerParserStateIssetFlag(p->flow->alparser, APP_LAYER_PARSER_EOF_TC) != 0;
+ eof |= SCAppLayerParserStateIssetFlag(p->flow->alparser, APP_LAYER_PARSER_EOF_TC) != 0;
}
eof |= last_pseudo;
SCLogDebug("eof %s", eof ? "true" : "false");
SCLogDebug("pcap_cnt %" PRIu64, p->pcap_cnt);
const bool last_pseudo = (p->flowflags & FLOW_PKT_LAST_PSEUDO) != 0;
- const bool ts_eof = AppLayerParserStateIssetFlag(f->alparser, APP_LAYER_PARSER_EOF_TS) != 0;
- const bool tc_eof = AppLayerParserStateIssetFlag(f->alparser, APP_LAYER_PARSER_EOF_TC) != 0;
+ const bool ts_eof = SCAppLayerParserStateIssetFlag(f->alparser, APP_LAYER_PARSER_EOF_TS) != 0;
+ const bool tc_eof = SCAppLayerParserStateIssetFlag(f->alparser, APP_LAYER_PARSER_EOF_TC) != 0;
const bool eof = last_pseudo || (ts_eof && tc_eof);
SCLogDebug("eof %d last_pseudo %d ts_eof %d tc_eof %d", eof, last_pseudo, ts_eof, tc_eof);
}
flags &= ~(STREAM_START);
if (f->alparser &&
- (((flags & STREAM_TOSERVER) != 0 &&
- AppLayerParserStateIssetFlag(f->alparser, APP_LAYER_PARSER_EOF_TS)) ||
- ((flags & STREAM_TOCLIENT) != 0 &&
- AppLayerParserStateIssetFlag(f->alparser, APP_LAYER_PARSER_EOF_TC)))) {
+ (((flags & STREAM_TOSERVER) != 0 && SCAppLayerParserStateIssetFlag(f->alparser,
+ APP_LAYER_PARSER_EOF_TS)) ||
+ ((flags & STREAM_TOCLIENT) != 0 &&
+ SCAppLayerParserStateIssetFlag(
+ f->alparser, APP_LAYER_PARSER_EOF_TC)))) {
//no final chunk
alsize = 0;
break;
projects / thirdparty / suricata.git / commitdiff
