Add per state structure for storing flags and other variables.
# default: []
include = [
"StreamSlice",
+ "AppLayerStateData",
"AppLayerGetTxIterTuple",
"RdpState",
"SIPState",
}
}
+#[repr(C)]
+#[derive(Default,Debug,PartialEq,Copy,Clone)]
+pub struct AppLayerStateData {
+ pub file_flags: u16,
+}
+
+impl AppLayerStateData {
+ pub fn new() -> Self {
+ Self {
+ file_flags: 0,
+ }
+ }
+ pub fn update_file_flags(&mut self, flags: u16) {
+ self.file_flags |= flags;
+ }
+}
+
+#[macro_export]
+macro_rules!export_state_data_get {
+ ($name:ident, $type:ty) => {
+ #[no_mangle]
+ pub unsafe extern "C" fn $name(state: *mut std::os::raw::c_void)
+ -> *mut crate::applayer::AppLayerStateData
+ {
+ let state = &mut *(state as *mut $type);
+ &mut state.state_data
+ }
+ }
+}
+
#[repr(C)]
#[derive(Default,Debug,PartialEq,Copy,Clone)]
pub struct AppLayerResult {
/// Function to get the TX iterator
pub get_tx_iterator: Option<GetTxIteratorFn>,
+ pub get_state_data: GetStateDataFn,
pub get_tx_data: GetTxDataFn,
// Function to apply config to a TX. Optional. Normal (bidirectional)
istate: &mut u64)
-> AppLayerGetTxIterTuple;
pub type GetTxDataFn = unsafe extern "C" fn(*mut c_void) -> *mut AppLayerTxData;
+pub type GetStateDataFn = unsafe extern "C" fn(*mut c_void) -> *mut AppLayerStateData;
pub type ApplyTxConfigFn = unsafe extern "C" fn (*mut c_void, *mut c_void, c_int, AppLayerTxConfig);
pub type TruncateFn = unsafe extern "C" fn (*mut c_void, u8);
pub type GetFrameIdByName = unsafe extern "C" fn(*const c_char) -> c_int;
}
pub struct TemplateState {
+ state_data: AppLayerStateData,
tx_id: u64,
transactions: VecDeque<TemplateTransaction>,
request_gap: bool,
impl TemplateState {
pub fn new() -> Self {
Self {
+ state_data: AppLayerStateData::new(),
tx_id: 0,
transactions: VecDeque::new(),
request_gap: false,
}
export_tx_data_get!(rs_template_get_tx_data, TemplateTransaction);
+export_state_data_get!(rs_template_get_state_data, TemplateState);
// Parser name as a C style string.
const PARSER_NAME: &'static [u8] = b"template-rust\0";
get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<TemplateState, TemplateTransaction>),
get_tx_data: rs_template_get_tx_data,
+ get_state_data: rs_template_get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
truncate: None,
pub ts_ssn_trunc: bool, /// true if Truncated in this direction
pub tc_ssn_trunc: bool,
pub flow: Option<*const core::Flow>,
+ state_data: AppLayerStateData,
}
impl State<DCERPCTransaction> for DCERPCState {
0
}
+export_state_data_get!(rs_dcerpc_get_state_data, DCERPCState);
// Parser name as a C style string.
pub const PARSER_NAME: &'static [u8] = b"dcerpc\0";
get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<DCERPCState, DCERPCTransaction>),
get_tx_data: rs_dcerpc_get_tx_data,
+ get_state_data: rs_dcerpc_get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
truncate: None,
#[derive(Default, Debug)]
pub struct DCERPCUDPState {
+ state_data: AppLayerStateData,
pub tx_id: u64,
pub transactions: VecDeque<DCERPCTransaction>,
}
0
}
+export_state_data_get!(rs_dcerpc_udp_get_state_data, DCERPCUDPState);
+
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_udp_register_parser() {
let parser = RustParser {
get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<DCERPCUDPState, DCERPCTransaction>),
get_tx_data: rs_dcerpc_udp_get_tx_data,
+ get_state_data: rs_dcerpc_udp_get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None,
-/* Copyright (C) 2018-2020 Open Information Security Foundation
+/* Copyright (C) 2018-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#[derive(Default)]
pub struct DHCPState {
+ state_data: AppLayerStateData,
+
// Internal transaction ID.
tx_id: u64,
}
export_tx_data_get!(rs_dhcp_get_tx_data, DHCPTransaction);
+export_state_data_get!(rs_dhcp_get_state_data, DHCPState);
const PARSER_NAME: &'static [u8] = b"dhcp\0";
get_files : None,
get_tx_iterator : Some(applayer::state_get_tx_iterator::<DHCPState, DHCPTransaction>),
get_tx_data : rs_dhcp_get_tx_data,
+ get_state_data : rs_dhcp_get_state_data,
apply_tx_config : None,
flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate : None,
#[derive(Default)]
pub struct DNSState {
+ state_data: AppLayerStateData,
+
// Internal transaction ID.
pub tx_id: u64,
return &mut tx.tx_data;
}
+export_state_data_get!(rs_dns_get_state_data, DNSState);
+
#[no_mangle]
pub unsafe extern "C" fn rs_dns_tx_get_query_name(tx: &mut DNSTransaction,
i: u32,
get_files: None,
get_tx_iterator: Some(crate::applayer::state_get_tx_iterator::<DNSState, DNSTransaction>),
get_tx_data: rs_dns_state_get_tx_data,
+ get_state_data: rs_dns_get_state_data,
apply_tx_config: Some(rs_dns_apply_tx_config),
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None,
get_files: None,
get_tx_iterator: Some(crate::applayer::state_get_tx_iterator::<DNSState, DNSTransaction>),
get_tx_data: rs_dns_state_get_tx_data,
+ get_state_data: rs_dns_get_state_data,
apply_tx_config: Some(rs_dns_apply_tx_config),
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS | APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None,
}
pub struct HTTP2State {
+ state_data: AppLayerStateData,
tx_id: u64,
request_frame_size: u32,
response_frame_size: u32,
impl HTTP2State {
pub fn new() -> Self {
Self {
+ state_data: AppLayerStateData::new(),
tx_id: 0,
request_frame_size: 0,
response_frame_size: 0,
// C exports.
export_tx_data_get!(rs_http2_get_tx_data, HTTP2Transaction);
+export_state_data_get!(rs_http2_get_state_data, HTTP2State);
/// C entry point for a probing parser.
#[no_mangle]
get_files: Some(rs_http2_getfiles),
get_tx_iterator: Some(applayer::state_get_tx_iterator::<HTTP2State, HTTP2Transaction>),
get_tx_data: rs_http2_get_tx_data,
+ get_state_data: rs_http2_get_state_data,
apply_tx_config: None,
flags: 0,
truncate: None,
-/* Copyright (C) 2020 Open Information Security Foundation
+/* Copyright (C) 2020-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#[derive(Default)]
pub struct IKEState {
+ state_data: AppLayerStateData,
tx_id: u64,
pub transactions: Vec<IKETransaction>,
const PARSER_ALIAS: &'static [u8] = b"ikev2\0";
export_tx_data_get!(rs_ike_get_tx_data, IKETransaction);
+export_state_data_get!(rs_ike_get_state_data, IKEState);
#[no_mangle]
pub unsafe extern "C" fn rs_ike_register_parser() {
get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<IKEState, IKETransaction>),
get_tx_data: rs_ike_get_tx_data,
+ get_state_data: rs_ike_get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None,
-/* Copyright (C) 2017-2020 Open Information Security Foundation
+/* Copyright (C) 2017-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
}
pub struct KRB5State {
+ state_data: AppLayerStateData,
+
pub req_id: u8,
pub record_ts: usize,
impl KRB5State {
pub fn new() -> KRB5State {
KRB5State{
+ state_data: AppLayerStateData::new(),
req_id: 0,
record_ts: 0,
defrag_buf_ts: Vec::new(),
}
export_tx_data_get!(rs_krb5_get_tx_data, KRB5Transaction);
+export_state_data_get!(rs_krb5_get_state_data, KRB5State);
const PARSER_NAME : &'static [u8] = b"krb5\0";
get_files : None,
get_tx_iterator : Some(applayer::state_get_tx_iterator::<KRB5State, KRB5Transaction>),
get_tx_data : rs_krb5_get_tx_data,
+ get_state_data : rs_krb5_get_state_data,
apply_tx_config : None,
flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate : None,
}
pub struct ModbusState {
+ state_data: AppLayerStateData,
pub transactions: Vec<ModbusTransaction>,
tx_id: u64,
givenup: bool, // Indicates flood
impl ModbusState {
pub fn new() -> Self {
Self {
+ state_data: AppLayerStateData::new(),
transactions: Vec::new(),
tx_id: 0,
givenup: false,
&mut tx.tx_data
}
+export_state_data_get!(rs_modbus_get_state_data, ModbusState);
+
#[no_mangle]
pub unsafe extern "C" fn rs_modbus_register_parser() {
let default_port = std::ffi::CString::new("[502]").unwrap();
get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<ModbusState, ModbusTransaction>),
get_tx_data: rs_modbus_state_get_tx_data,
+ get_state_data: rs_modbus_get_state_data,
apply_tx_config: None,
flags: 0,
truncate: None,
}
pub struct MQTTState {
+ state_data: AppLayerStateData,
tx_id: u64,
pub protocol_version: u8,
transactions: VecDeque<MQTTTransaction>,
impl MQTTState {
pub fn new() -> Self {
Self {
+ state_data: AppLayerStateData::new(),
tx_id: 0,
protocol_version: 0,
transactions: VecDeque::new(),
const PARSER_NAME: &'static [u8] = b"mqtt\0";
export_tx_data_get!(rs_mqtt_get_tx_data, MQTTTransaction);
+export_state_data_get!(rs_mqtt_get_state_data, MQTTState);
#[no_mangle]
pub unsafe extern "C" fn rs_mqtt_register_parser(cfg_max_msg_len: u32) {
get_files: None,
get_tx_iterator: Some(crate::applayer::state_get_tx_iterator::<MQTTState, MQTTTransaction>),
get_tx_data: rs_mqtt_get_tx_data,
+ get_state_data: rs_mqtt_get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None,
-/* Copyright (C) 2017 Open Information Security Foundation
+/* Copyright (C) 2017-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#[derive(Debug)]
pub struct NFSState {
+ state_data: AppLayerStateData,
+
/// map xid to procedure so replies can lookup the procedure
pub requestmap: HashMap<u32, NFSRequestXidMap>,
/// Allocation function for a new TLS parser instance
pub fn new() -> NFSState {
NFSState {
+ state_data: AppLayerStateData::new(),
requestmap:HashMap::new(),
namemap:HashMap::new(),
transactions: Vec::new(),
return &mut tx.tx_data;
}
+export_state_data_get!(rs_nfs_get_state_data, NFSState);
+
/// return procedure(s) in the tx. At 0 return the main proc,
/// otherwise get procs from the 'file_additional_procs'.
/// Keep calling until 0 is returned.
get_files: Some(rs_nfs_getfiles),
get_tx_iterator: Some(applayer::state_get_tx_iterator::<NFSState, NFSTransaction>),
get_tx_data: rs_nfs_get_tx_data,
+ get_state_data: rs_nfs_get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
truncate: None,
get_files: Some(rs_nfs_getfiles),
get_tx_iterator: Some(applayer::state_get_tx_iterator::<NFSState, NFSTransaction>),
get_tx_data: rs_nfs_get_tx_data,
+ get_state_data: rs_nfs_get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None,
-/* Copyright (C) 2017-2020 Open Information Security Foundation
+/* Copyright (C) 2017-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
}
pub struct NTPState {
+ state_data: AppLayerStateData,
+
/// List of transactions for this session
transactions: Vec<NTPTransaction>,
impl NTPState {
pub fn new() -> NTPState {
- NTPState{
+ NTPState {
+ state_data: AppLayerStateData::new(),
transactions: Vec::new(),
events: 0,
tx_id: 0,
}
export_tx_data_get!(rs_ntp_get_tx_data, NTPTransaction);
+export_state_data_get!(rs_ntp_get_state_data, NTPState);
const PARSER_NAME : &'static [u8] = b"ntp\0";
get_files : None,
get_tx_iterator : Some(applayer::state_get_tx_iterator::<NTPState, NTPTransaction>),
get_tx_data : rs_ntp_get_tx_data,
+ get_state_data : rs_ntp_get_state_data,
apply_tx_config : None,
flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate : None,
#[derive(Debug)]
pub struct PgsqlState {
+ state_data: AppLayerStateData,
tx_id: u64,
transactions: VecDeque<PgsqlTransaction>,
request_gap: bool,
impl PgsqlState {
pub fn new() -> Self {
Self {
+ state_data: AppLayerStateData::new(),
tx_id: 0,
transactions: VecDeque::new(),
request_gap: false,
}
export_tx_data_get!(rs_pgsql_get_tx_data, PgsqlTransaction);
+export_state_data_get!(rs_pgsql_get_state_data, PgsqlState);
// Parser name as a C style string.
const PARSER_NAME: &'static [u8] = b"pgsql\0";
crate::applayer::state_get_tx_iterator::<PgsqlState, PgsqlTransaction>,
),
get_tx_data: rs_pgsql_get_tx_data,
+ get_state_data: rs_pgsql_get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
truncate: None,
}
pub struct QuicState {
+ state_data: AppLayerStateData,
max_tx_id: u64,
keys: Option<QuicKeys>,
hello_tc: bool,
impl Default for QuicState {
fn default() -> Self {
Self {
+ state_data: AppLayerStateData::new(),
max_tx_id: 0,
keys: None,
hello_tc: false,
}
export_tx_data_get!(rs_quic_get_tx_data, QuicTransaction);
+export_state_data_get!(rs_quic_get_state_data, QuicState);
// Parser name as a C style string.
const PARSER_NAME: &[u8] = b"quic\0";
get_files: None,
get_tx_iterator: Some(rs_quic_state_get_tx_iterator),
get_tx_data: rs_quic_get_tx_data,
+ get_state_data: rs_quic_get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None,
#[derive(Debug, PartialEq)]
pub struct RdpState {
+ state_data: AppLayerStateData,
next_id: u64,
transactions: VecDeque<RdpTransaction>,
tls_parsing: bool,
impl RdpState {
fn new() -> Self {
Self {
+ state_data: AppLayerStateData::new(),
next_id: 0,
transactions: VecDeque::new(),
tls_parsing: false,
}
export_tx_data_get!(rs_rdp_get_tx_data, RdpTransaction);
+export_state_data_get!(rs_rdp_get_state_data, RdpState);
//
// registration
get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<RdpState, RdpTransaction>),
get_tx_data: rs_rdp_get_tx_data,
+ get_state_data: rs_rdp_get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None,
-/* Copyright (C) 2020 Open Information Security Foundation
+/* Copyright (C) 2020-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
}
pub struct RFBState {
+ state_data: AppLayerStateData,
tx_id: u64,
transactions: Vec<RFBTransaction>,
state: parser::RFBGlobalState
impl RFBState {
pub fn new() -> Self {
Self {
+ state_data: AppLayerStateData::new(),
tx_id: 0,
transactions: Vec::new(),
state: parser::RFBGlobalState::TCServerProtocolVersion
const PARSER_NAME: &'static [u8] = b"rfb\0";
export_tx_data_get!(rs_rfb_get_tx_data, RFBTransaction);
+export_state_data_get!(rs_rfb_get_state_data, RFBState);
#[no_mangle]
pub unsafe extern "C" fn rs_rfb_register_parser() {
get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<RFBState, RFBTransaction>),
get_tx_data: rs_rfb_get_tx_data,
+ get_state_data: rs_rfb_get_state_data,
apply_tx_config: None,
flags: 0,
truncate: None,
}
pub struct SIPState {
+ state_data: AppLayerStateData,
transactions: Vec<SIPTransaction>,
tx_id: u64,
}
impl SIPState {
pub fn new() -> SIPState {
SIPState {
+ state_data: AppLayerStateData::new(),
transactions: Vec::new(),
tx_id: 0,
}
}
export_tx_data_get!(rs_sip_get_tx_data, SIPTransaction);
+export_state_data_get!(rs_sip_get_state_data, SIPState);
const PARSER_NAME: &'static [u8] = b"sip\0";
get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<SIPState, SIPTransaction>),
get_tx_data: rs_sip_get_tx_data,
+ get_state_data: rs_sip_get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None,
#[derive(Default, Debug)]
pub struct SMBState<> {
+ pub state_data: AppLayerStateData,
+
/// map ssn/tree/msgid to vec (guid/name/share)
pub ssn2vec_map: HashMap<SMBCommonHdr, Vec<u8>>,
/// map guid to filename
/// Allocation function for a new TLS parser instance
pub fn new() -> Self {
Self {
+ state_data:AppLayerStateData::new(),
ssn2vec_map:HashMap::new(),
guid2name_map:HashMap::new(),
ssn2vecoffset_map:HashMap::new(),
}
+export_state_data_get!(rs_smb_get_state_data, SMBState);
+
#[no_mangle]
pub unsafe extern "C" fn rs_smb_get_tx_data(
tx: *mut std::os::raw::c_void)
get_files: Some(rs_smb_getfiles),
get_tx_iterator: Some(applayer::state_get_tx_iterator::<SMBState, SMBTransaction>),
get_tx_data: rs_smb_get_tx_data,
+ get_state_data: rs_smb_get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
truncate: Some(rs_smb_state_truncate),
-/* Copyright (C) 2017-2020 Open Information Security Foundation
+/* Copyright (C) 2017-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
}
pub struct SNMPState<'a> {
+ state_data: AppLayerStateData,
+
/// SNMP protocol version
pub version: u32,
impl<'a> SNMPState<'a> {
pub fn new() -> SNMPState<'a> {
SNMPState{
+ state_data: AppLayerStateData::new(),
version: 0,
transactions: Vec::new(),
tx_id: 0,
}
export_tx_data_get!(rs_snmp_get_tx_data, SNMPTransaction);
+export_state_data_get!(rs_snmp_get_state_data, SNMPState);
const PARSER_NAME : &'static [u8] = b"snmp\0";
get_files : None,
get_tx_iterator : Some(applayer::state_get_tx_iterator::<SNMPState, SNMPTransaction>),
get_tx_data : rs_snmp_get_tx_data,
+ get_state_data : rs_snmp_get_state_data,
apply_tx_config : None,
flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate : None,
}
pub struct SSHState {
+ state_data: AppLayerStateData,
transaction: SSHTransaction,
}
impl SSHState {
pub fn new() -> Self {
Self {
+ state_data: AppLayerStateData::new(),
transaction: SSHTransaction::new(),
}
}
// C exports.
export_tx_data_get!(rs_ssh_get_tx_data, SSHTransaction);
+export_state_data_get!(rs_ssh_get_state_data, SSHState);
#[no_mangle]
pub extern "C" fn rs_ssh_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
get_files: None,
get_tx_iterator: None,
get_tx_data: rs_ssh_get_tx_data,
+ get_state_data: rs_ssh_get_state_data,
apply_tx_config: None,
flags: 0,
truncate: None,
}
pub struct TelnetState {
+ state_data: AppLayerStateData,
tx_id: u64,
transactions: Vec<TelnetTransaction>,
request_gap: bool,
impl TelnetState {
pub fn new() -> Self {
Self {
+ state_data: AppLayerStateData::new(),
tx_id: 0,
transactions: Vec::new(),
request_gap: false,
}
export_tx_data_get!(rs_telnet_get_tx_data, TelnetTransaction);
+export_state_data_get!(rs_telnet_get_state_data, TelnetState);
// Parser name as a C style string.
const PARSER_NAME: &'static [u8] = b"telnet\0";
get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<TelnetState, TelnetTransaction>),
get_tx_data: rs_telnet_get_tx_data,
+ get_state_data: rs_telnet_get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
truncate: None,
-/* Copyright (C) 2017-2020 Open Information Security Foundation
+/* Copyright (C) 2017-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
use nom7::bytes::streaming::{tag, take_while};
use nom7::number::streaming::be_u8;
-use crate::applayer::AppLayerTxData;
+use crate::applayer::{AppLayerTxData,AppLayerStateData};
const READREQUEST: u8 = 1;
const WRITEREQUEST: u8 = 2;
}
pub struct TFTPState {
+ state_data: AppLayerStateData,
pub transactions : Vec<TFTPTransaction>,
/// tx counter for assigning incrementing id's to tx's
tx_id: u64,
#[no_mangle]
pub extern "C" fn rs_tftp_state_alloc() -> *mut std::os::raw::c_void {
- let state = TFTPState { transactions : Vec::new(), tx_id: 0, };
+ let state = TFTPState { state_data: AppLayerStateData::new(), transactions : Vec::new(), tx_id: 0, };
let boxed = Box::new(state);
return Box::into_raw(boxed) as *mut _;
}
return &mut tx.tx_data;
}
+#[no_mangle]
+pub unsafe extern "C" fn rs_tftp_get_state_data(
+ state: *mut std::os::raw::c_void)
+ -> *mut AppLayerStateData
+{
+ let state = cast_pointer!(state, TFTPState);
+ return &mut state.state_data;
+}
+
#[cfg(test)]
mod test {
use super::*;
return &tx->tx_data;
}
+static AppLayerStateData *DNP3GetStateData(void *vstate)
+{
+ DNP3State *state = (DNP3State *)vstate;
+ return &state->state_data;
+}
+
/**
* \brief Check if the prefix code is a size prefix.
*
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_DNP3,
DNP3GetTxData);
+ AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_DNP3, DNP3GetStateData);
}
else {
SCLogConfig("Parser disabled for protocol %s. "
* \brief Per flow DNP3 state.
*/
typedef struct DNP3State_ {
+ AppLayerStateData state_data;
TAILQ_HEAD(, DNP3Transaction_) tx_list;
DNP3Transaction *curr; /**< Current transaction. */
uint64_t transaction_max;
/** \brief Per flow ENIP state container */
typedef struct ENIPState_
{
+ AppLayerStateData state_data;
TAILQ_HEAD(, ENIPTransaction_) tx_list; /**< transaction list */
ENIPTransaction *curr; /**< ptr to current tx */
ENIPTransaction *iter;
return &tx->tx_data;
}
+static AppLayerStateData *ENIPGetStateData(void *vstate)
+{
+ ENIPState *state = (ENIPState *)vstate;
+ return &state->state_data;
+}
+
static void *ENIPGetTx(void *alstate, uint64_t tx_id)
{
ENIPState *enip = (ENIPState *) alstate;
AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetTxData);
+ AppLayerParserRegisterStateDataFunc(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetStateData);
AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetTxCnt);
AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_ENIP, ENIPStateTransactionFree);
AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetTxData);
+ AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetStateData);
AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetTxCnt);
AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_ENIP, ENIPStateTransactionFree);
return &tx->tx_data;
}
+static AppLayerStateData *FTPGetStateData(void *vstate)
+{
+ FtpState *s = (FtpState *)vstate;
+ return &s->state_data;
+}
+
static void FTPStateTransactionFree(void *state, uint64_t tx_id)
{
FtpState *ftp_state = state;
return &ftp_state->tx_data;
}
+static AppLayerStateData *FTPDataGetStateData(void *vstate)
+{
+ FtpDataState *ftp_state = (FtpDataState *)vstate;
+ return &ftp_state->state_data;
+}
+
static void FTPDataStateTransactionFree(void *state, uint64_t tx_id)
{
/* do nothing */
AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_FTP, FTPGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_FTP, FTPGetTxData);
AppLayerParserRegisterGetTxIterator(IPPROTO_TCP, ALPROTO_FTP, FTPGetTxIterator);
+ AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_FTP, FTPGetStateData);
AppLayerParserRegisterLocalStorageFunc(IPPROTO_TCP, ALPROTO_FTP, FTPLocalStorageAlloc,
FTPLocalStorageFree);
AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_FTPDATA, FTPDataGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_FTPDATA, FTPDataGetTxData);
+ AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_FTPDATA, FTPDataGetStateData);
AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_FTPDATA, FTPDataGetTxCnt);
-/* Copyright (C) 2007-2020 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
/* specifies which loggers are done logging */
uint32_t logged;
+ AppLayerStateData state_data;
} FtpState;
enum {
uint8_t state;
uint8_t direction;
AppLayerTxData tx_data;
+ AppLayerStateData state_data;
} FtpDataState;
void RegisterFTPParsers(void);
return NULL;
}
+static AppLayerStateData *HTPGetStateData(void *vstate)
+{
+ HtpState *s = vstate;
+ return &s->state_data;
+}
+
static int HTPRegisterPatternsForProtocolDetection(void)
{
const char *methods[] = { "GET", "PUT", "POST", "HEAD", "TRACE", "OPTIONS",
AppLayerParserRegisterTruncateFunc(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateTruncate);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_HTTP1, HTPGetTxData);
+ AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_HTTP1, HTPGetStateData);
AppLayerParserRegisterSetStreamDepthFlag(
IPPROTO_TCP, ALPROTO_HTTP1, AppLayerHtpSetStreamDepthFlag);
StreamSlice *slice;
FrameId request_frame_id;
FrameId response_frame_id;
+ AppLayerStateData state_data;
} HtpState;
/** part of the engine needs the request body (e.g. http_client_body keyword) */
-/* Copyright (C) 2015-2020 Open Information Security Foundation
+/* Copyright (C) 2015-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
-/* Copyright (C) 2015-2020 Open Information Security Foundation
+/* Copyright (C) 2015-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
int (*StateGetEventInfo)(const char *event_name,
int *event_id, AppLayerEventType *event_type);
+ AppLayerStateData *(*GetStateData)(void *state);
AppLayerTxData *(*GetTxData)(void *tx);
bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig);
SCReturn;
}
+void AppLayerParserRegisterStateDataFunc(
+ uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state))
+{
+ SCEnter();
+
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetStateData = GetStateData;
+
+ SCReturn;
+}
+
void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto,
bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig))
{
SCReturnPtr(d, "AppLayerTxData");
}
+AppLayerStateData *AppLayerParserGetStateData(uint8_t ipproto, AppProto alproto, void *state)
+{
+ SCEnter();
+ if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetStateData) {
+ AppLayerStateData *d =
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetStateData(state);
+ SCReturnPtr(d, "AppLayerStateData");
+ }
+ SCReturnPtr(NULL, "AppLayerStateData");
+}
+
void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto,
void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig config)
{
printf("- StateGetTx %p StateGetTxCnt %p StateTransactionFree %p\n",
ctx->StateGetTx, ctx->StateGetTxCnt, ctx->StateTransactionFree);
printf("- GetTxData %p\n", ctx->GetTxData);
+ printf("- GetStateData %p\n", ctx->GetStateData);
printf("- StateGetProgress %p\n", ctx->StateGetProgress);
printf("Optional:\n");
printf("- LocalStorageAlloc %p LocalStorageFree %p\n", ctx->LocalStorageAlloc, ctx->LocalStorageFree);
if (ctx->GetTxData == NULL) {
goto bad;
}
+ if (ctx->GetStateData == NULL) {
+ goto bad;
+ }
return;
bad:
ValidateParserProtoDump(alproto, ipproto);
AppLayerTxData *(*GetTxData)(void *tx));
void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto,
bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig));
+void AppLayerParserRegisterStateDataFunc(
+ uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state));
/***** Get and transaction functions *****/
int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto);
AppLayerTxData *AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx);
+AppLayerStateData *AppLayerParserGetStateData(uint8_t ipproto, AppProto alproto, void *state);
void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto,
void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig);
p->GetTxData);
}
+ if (p->GetStateData) {
+ AppLayerParserRegisterStateDataFunc(p->ip_proto, alproto, p->GetStateData);
+ }
+
if (p->ApplyTxConfig) {
AppLayerParserRegisterApplyTxConfigFunc(p->ip_proto, alproto,
p->ApplyTxConfig);
const AppProto alproto, void *alstate, uint64_t min_tx_id,
uint64_t max_tx_id, AppLayerGetTxIterState *istate);
+ AppLayerStateData *(*GetStateData)(void *state);
AppLayerTxData *(*GetTxData)(void *tx);
bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig);
return &tx->tx_data;
}
+static AppLayerStateData *SMTPGetStateData(void *vstate)
+{
+ SMTPState *state = (SMTPState *)vstate;
+ return &state->state_data;
+}
+
/**
* \brief Register the SMTP Protocol parser.
*/
AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateGetTxCnt);
AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPGetTxData);
+ AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPGetStateData);
AppLayerParserRegisterStateProgressCompletionStatus(ALPROTO_SMTP, 1, 1);
AppLayerParserRegisterTruncateFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateTruncate);
} else {
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
} SMTPConfig;
typedef struct SMTPState_ {
+ AppLayerStateData state_data;
SMTPTransaction *curr_tx;
TAILQ_HEAD(, SMTPTransaction_) tx_list; /**< transaction list */
uint64_t tx_cnt;
return &ssl_state->tx_data;
}
+static AppLayerStateData *SSLGetStateData(void *vstate)
+{
+ SSLState *ssl_state = (SSLState *)vstate;
+ return &ssl_state->state_data;
+}
+
void SSLVersionToString(uint16_t version, char *buffer)
{
buffer[0] = '\0';
AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData);
+ AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetStateData);
AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxCnt);
typedef struct SSLState_ {
Flow *f;
+ AppLayerStateData state_data;
AppLayerTxData tx_data;
/* holds some state flags we need */
-/* Copyright (C) 2015-2020 Open Information Security Foundation
+/* Copyright (C) 2015-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
return &tx->tx_data;
}
+/**
+ * \brief retrieve the state data
+ */
+static AppLayerStateData *TemplateGetStateData(void *vstate)
+{
+ TemplateState *state = vstate;
+ return &state->state_data;
+}
+
void RegisterTemplateParsers(void)
{
const char *proto_name = "template";
TemplateGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TEMPLATE,
TemplateGetTxData);
+ AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_TEMPLATE, TemplateGetStateData);
AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TEMPLATE,
TemplateStateGetEventInfo);
-/* Copyright (C) 2015-2018 Open Information Security Foundation
+/* Copyright (C) 2015-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
} TemplateTransaction;
typedef struct TemplateState {
+ AppLayerStateData state_data;
/** List of Template transactions associated with this
* state. */
-/* Copyright (C) 2017-2020 Open Information Security Foundation
+/* Copyright (C) 2017-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
AppLayerParserRegisterTxDataFunc(IPPROTO_UDP, ALPROTO_TFTP,
rs_tftp_get_tx_data);
+ AppLayerParserRegisterStateDataFunc(IPPROTO_UDP, ALPROTO_TFTP, rs_tftp_get_state_data);
}
else {
SCLogDebug("TFTP protocol parsing disabled.");
projects / thirdparty / suricata.git / commitdiff
