app-layer.[ch], app-layer-detect-proto.[ch] and app-layer-parser.[ch].
Things addressed in this commit:
- Brings out a proper separation between protocol detection phase and the
parser phase.
- The dns app layer now is registered such that we don't use "dnstcp" and
"dnsudp" in the rules. A user who previously wrote a rule like this -
"alert dnstcp....." or
"alert dnsudp....."
would now have to use,
alert dns (ipproto:tcp;) or
alert udp (app-layer-protocol:dns;) or
alert ip (ipproto:udp; app-layer-protocol:dns;)
The same rules extend to other another such protocol, dcerpc.
- The app layer parser api now takes in the ipproto while registering
callbacks.
- The app inspection/detection engine also takes an ipproto.
- All app layer parser functions now take direction as STREAM_TOSERVER or
STREAM_TOCLIENT, as opposed to 0 or 1, which was taken by some of the
functions.
- FlowInitialize() and FlowRecycle() now resets proto to 0. This is
needed by unittests, which would try to clean the flow, and that would
call the api, AppLayerParserCleanupParserState(), which would try to
clean the app state, but the app layer now needs an ipproto to figure
out which api to internally call to clean the state, and if the ipproto
is 0, it would return without trying to clean the state.
- A lot of unittests are now updated where if they are using a flow and
they need to use the app layer, we would set a flow ipproto.
- The "app-layer" section in the yaml conf has also been updated as well.
#include "alert-unified2-alert.h"
#include "decode-ipv4.h"
+#include "flow.h"
+
#include "host.h"
#include "util-profiling.h"
#include "decode.h"
#include "util-byte.h"
#include "util-misc.h"
+#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "app-layer.h"
htp_tx_t *tx = NULL;
uint64_t total_txs = 0;
- htp_state = (HtpState *)AppLayerGetProtoStateFromPacket(p);
+ htp_state = (HtpState *)FlowGetAppState(p->flow);
if (htp_state == NULL) {
SCLogDebug("no http state, XFF IP cannot be retrieved");
return 0;
}
- total_txs = AppLayerGetTxCnt(ALPROTO_HTTP, htp_state);
+ total_txs = AppLayerParserGetTxCnt(p->flow->proto, ALPROTO_HTTP, htp_state);
if (tx_id >= total_txs)
return 0;
- tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, tx_id);
+ tx = AppLayerParserGetTx(p->flow->proto, ALPROTO_HTTP, htp_state, tx_id);
if (tx == NULL) {
SCLogDebug("tx is NULL, XFF cannot be retrieved");
return 0;
uint64_t tx_id = 0;
uint64_t total_txs = 0;
- htp_state = (HtpState *)AppLayerGetProtoStateFromPacket(p);
+ htp_state = (HtpState *)FlowGetAppState(p->flow);
if (htp_state == NULL) {
SCLogDebug("no http state, XFF IP cannot be retrieved");
goto end;
}
- total_txs = AppLayerGetTxCnt(ALPROTO_HTTP, htp_state);
+ total_txs = AppLayerParserGetTxCnt(p->flow->proto, ALPROTO_HTTP, htp_state);
for (; tx_id < total_txs; tx_id++) {
if (GetXFFIPFromTx(p, tx_id, xff_header, dstbuf, dstbuflen) == 1)
return 1;
if ((aun->unified2alert_ctx->xff_mode & UNIFIED2_ALERT_XFF_OVERWRITE) && p->flow != NULL) {
FLOWLOCK_RDLOCK(p->flow);
- if (AppLayerGetProtoFromPacket(p) == ALPROTO_HTTP) {
+ if (FlowGetAppProtocol(p->flow) == ALPROTO_HTTP) {
char buffer[UNIFIED2_ALERT_XFF_MAXLEN];
if (GetXFFIP(p, aun->unified2alert_ctx->xff_header, buffer, UNIFIED2_ALERT_XFF_MAXLEN) == 1) {
if ((aun->unified2alert_ctx->xff_mode & UNIFIED2_ALERT_XFF_EXTRADATA) && p->flow != NULL) {
FLOWLOCK_RDLOCK(p->flow);
- if (AppLayerGetProtoFromPacket(p) == ALPROTO_HTTP) {
+ if (FlowGetAppProtocol(p->flow) == ALPROTO_HTTP) {
char buffer[UNIFIED2_ALERT_XFF_MAXLEN];
int have_xff_ip = 0;
if ((aun->unified2alert_ctx->xff_mode & UNIFIED2_ALERT_XFF_EXTRADATA) && p->flow != NULL) {
FLOWLOCK_RDLOCK(p->flow);
- if (AppLayerGetProtoFromPacket(p) == ALPROTO_HTTP) {
+ if (FlowGetAppProtocol(p->flow) == ALPROTO_HTTP) {
char buffer[UNIFIED2_ALERT_XFF_MAXLEN];
int have_xff_ip = 0;
#include "app-layer-protos.h"
#include "app-layer-parser.h"
+#include "app-layer.h"
#include "util-spm.h"
#include "util-unittest.h"
};
static uint32_t FragmentDataParser(Flow *f, void *dcerpcudp_state,
- AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
- AppLayerParserResult *output) {
+ void *pstate, uint8_t *input, uint32_t input_len)
+{
SCEnter();
DCERPCUDPState *sstate = (DCERPCUDPState *) dcerpcudp_state;
uint8_t **stub_data_buffer = NULL;
* fragmented packets.
*/
static int DCERPCUDPParseHeader(Flow *f, void *dcerpcudp_state,
- AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
- AppLayerParserResult *output) {
+ void *pstate, uint8_t *input, uint32_t input_len)
+{
SCEnter();
uint8_t *p = input;
DCERPCUDPState *sstate = (DCERPCUDPState *) dcerpcudp_state;
}
static int DCERPCUDPParse(Flow *f, void *dcerpc_state,
- AppLayerParserState *pstate,
+ void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *local_data)
{
uint32_t retval = 0;
uint32_t parsed = 0;
DCERPCUDPState *sstate = (DCERPCUDPState *) dcerpc_state;
while (sstate->bytesprocessed < DCERPC_UDP_HDR_LEN && input_len) {
hdrretval = DCERPCUDPParseHeader(f, dcerpc_state, pstate, input,
- input_len, output);
+ input_len);
if (hdrretval == -1 || hdrretval > (int32_t)input_len) {
sstate->bytesprocessed = 0;
SCReturnInt(hdrretval);
&& sstate->bytesprocessed < sstate->dcerpc.dcerpchdrudp.fraglen
&& input_len) {
retval = FragmentDataParser(f, dcerpc_state, pstate, input + parsed,
- input_len, output);
+ input_len);
if (retval || retval > input_len) {
parsed += retval;
input_len -= retval;
if (pstate == NULL)
SCReturnInt(-1);
- pstate->parse_field = 0;
-
SCReturnInt(1);
}
}
}
+static int DCERPCUDPRegisterPatternsForProtocolDetection(void)
+{
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_DCERPC,
+ "|04 00|", 2, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+
+ return 0;
+}
+
void RegisterDCERPCUDPParsers(void) {
- char *proto_name = "dcerpcudp";
+ char *proto_name = "dcerpc";
- if (AppLayerProtoDetectionEnabled("dcerpc")) {
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_UDP, ALPROTO_DCERPC_UDP, "|04 00|", 2, 0, STREAM_TOSERVER);
- AppLayerRegisterParserAcceptableDataDirection(ALPROTO_DCERPC_UDP, STREAM_TOSERVER);
+ if (AppLayerProtoDetectConfProtoDetectionEnabled("udp", proto_name)) {
+ AppLayerProtoDetectRegisterProtocol(ALPROTO_DCERPC, proto_name);
+ if (DCERPCUDPRegisterPatternsForProtocolDetection() < 0)
+ return;
} else {
SCLogInfo("Protocol detection and parser disabled for %s protocol.",
"dcerpc");
return;
}
- if (AppLayerParserEnabled("dcerpc")) {
- AppLayerRegisterProto(proto_name, ALPROTO_DCERPC_UDP, STREAM_TOSERVER,
- DCERPCUDPParse);
- AppLayerRegisterProto(proto_name, ALPROTO_DCERPC_UDP, STREAM_TOCLIENT,
- DCERPCUDPParse);
- AppLayerRegisterStateFuncs(ALPROTO_DCERPC_UDP, DCERPCUDPStateAlloc,
- DCERPCUDPStateFree);
+ if (AppLayerParserConfParserEnabled("udp", "dcerpc")) {
+ AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_DCERPC, STREAM_TOSERVER,
+ DCERPCUDPParse);
+ AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ DCERPCUDPParse);
+ AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPStateAlloc,
+ DCERPCUDPStateFree);
+ AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_UDP, ALPROTO_DCERPC, STREAM_TOSERVER);
} else {
SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
"still on.", "dcerpc");
}
#ifdef UNITTESTS
- AppLayerParserRegisterUnittests(ALPROTO_DCERPC_UDP, DCERPCUDPParserRegisterTests);
+ AppLayerParserRegisterProtocolUnittests(IPPROTO_UDP, ALPROTO_DCERPC, DCERPCUDPParserRegisterTests);
#endif
return;
TcpSession ssn;
DCERPCUuidEntry *uuid_entry;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
- f.protoctx = (void *)&ssn;
FLOW_INITIALIZE(&f);
+ f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_UDP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_DCERPC_UDP, STREAM_TOSERVER|STREAM_START, dcerpcrequest, requestlen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcrequest, requestlen);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
#include "app-layer-protos.h"
#include "app-layer-parser.h"
+#include "app-layer.h"
#include "util-spm.h"
#include "util-unittest.h"
}
static int DCERPCParse(Flow *f, void *dcerpc_state,
- AppLayerParserState *pstate,
+ void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output, int dir) {
+ void *local_data, int dir) {
SCEnter();
int32_t retval = 0;
if (pstate == NULL)
SCReturnInt(-1);
- pstate->parse_field = 0;
-
SCReturnInt(1);
}
static int DCERPCParseRequest(Flow *f, void *dcerpc_state,
- AppLayerParserState *pstate,
+ void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *local_data)
{
return DCERPCParse(f, dcerpc_state, pstate, input, input_len,
- local_data, output, 0);
+ local_data, 0);
}
static int DCERPCParseResponse(Flow *f, void *dcerpc_state,
- AppLayerParserState *pstate,
+ void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *local_data)
{
return DCERPCParse(f, dcerpc_state, pstate, input, input_len,
- local_data, output, 1);
+ local_data, 1);
}
static void *DCERPCStateAlloc(void) {
}
}
+static int DCERPCRegisterPatternsForProtocolDetection(void)
+{
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_DCERPC,
+ "|05 00|", 2, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_DCERPC,
+ "|05 00|", 2, 0, STREAM_TOCLIENT) < 0)
+ {
+ return -1;
+ }
+
+ return 0;
+}
+
void RegisterDCERPCParsers(void) {
char *proto_name = "dcerpc";
- if (AppLayerProtoDetectionEnabled(proto_name)) {
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_DCERPC, "|05 00|", 2, 0, STREAM_TOSERVER);
- /* toclient direction */
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_DCERPC, "|05 00|", 2, 0, STREAM_TOCLIENT);
- AppLayerRegisterParserAcceptableDataDirection(ALPROTO_DCERPC, STREAM_TOSERVER);
+ if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
+ AppLayerProtoDetectRegisterProtocol(ALPROTO_DCERPC, proto_name);
+ if (DCERPCRegisterPatternsForProtocolDetection() < 0)
+ return;
} else {
SCLogInfo("Protocol detection and parser disabled for %s protocol.",
proto_name);
return;
}
- if (AppLayerParserEnabled(proto_name)) {
- AppLayerRegisterProto(proto_name, ALPROTO_DCERPC, STREAM_TOSERVER,
- DCERPCParseRequest);
- AppLayerRegisterProto(proto_name, ALPROTO_DCERPC, STREAM_TOCLIENT,
- DCERPCParseResponse);
- AppLayerRegisterStateFuncs(ALPROTO_DCERPC, DCERPCStateAlloc,
- DCERPCStateFree);
+ if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_DCERPC, STREAM_TOSERVER,
+ DCERPCParseRequest);
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ DCERPCParseResponse);
+ AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_DCERPC, DCERPCStateAlloc,
+ DCERPCStateFree);
+ AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_DCERPC, STREAM_TOSERVER);
} else {
SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
"still on.", proto_name);
}
#ifdef UNITTESTS
- AppLayerParserRegisterUnittests(ALPROTO_DCERPC, DCERPCParserRegisterTests);
+ AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_DCERPC, DCERPCParserRegisterTests);
#endif
return;
uint32_t bindacklen = sizeof(dcerpcbindack);
TcpSession ssn;
DCERPCUuidEntry *uuid_entry;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcbind, bindlen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcbind, bindlen);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpcbindack, bindacklen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpcbindack, bindacklen);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_EOF, dcerpcrequest, requestlen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_EOF, dcerpcrequest, requestlen);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t requestlen = sizeof(dcerpcrequest);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcrequest, requestlen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcrequest, requestlen);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t requestlen = sizeof(dcerpcrequest);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcrequest, requestlen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START, dcerpcrequest, requestlen);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t request9_len = sizeof(request9);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
/* bind */
- int r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START,
- bind, bind_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START,
+ bind, bind_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
/* bind_ack */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- bind_ack, bind_ack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ bind_ack, bind_ack_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
/* request1 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request1, request1_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request2 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request3 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request3, request3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request3, request3_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request4 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request4, request4_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request4, request4_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request5 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request5, request5_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request5, request5_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
/* request6 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request6, request6_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request6, request6_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request7 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request7, request7_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request7, request7_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request8 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request8, request8_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request8, request8_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request9 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request9, request9_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request9, request9_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request1 again */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request1, request1_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
#endif
uint32_t bind2_len = sizeof(bind2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- bind1, bind1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ bind1, bind1_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- bind2, bind2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ bind2, bind2_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t bind2_len = sizeof(bind2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START,
- bind1, bind1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START,
+ bind1, bind1_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.dcerpcbindbindack.numctxitemsleft == 8);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- bind2, bind2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ bind2, bind2_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.dcerpcbindbindack.numctxitemsleft == 0);
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t request3_len = sizeof(request3);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START,
- request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START,
+ request1, request1_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.pdu_fragged = 1);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.pdu_fragged = 1);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request3, request3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request3, request3_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.pdu_fragged == 0);
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t request_len = sizeof(request);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- request, request_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ request, request_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.pdu_fragged == 0);
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t request_len = sizeof(request);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- request, request_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ request, request_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.pdu_fragged == 1);
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t request2_len = sizeof(request2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START,
- fault, fault_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER|STREAM_START,
+ fault, fault_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request1, request1_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.pdu_fragged == 1);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.pdu_fragged == 0);
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t request3_len = sizeof(request3);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request1, request1_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.pdu_fragged == 0);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.pdu_fragged == 1);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request3, request3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request3, request3_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.pdu_fragged == 0);
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t bind_ack2_len = sizeof(bind_ack2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- bind_ack1, bind_ack1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ bind_ack1, bind_ack1_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.pdu_fragged == 1);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- bind_ack2, bind_ack2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ bind_ack2, bind_ack2_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.pdu_fragged == 0);
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t bind_len = sizeof(bind);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- bind, bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ bind, bind_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t bind_len = sizeof(bind);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- bind, bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ bind, bind_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t bind_ack_len = sizeof(bind_ack);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- bind_ack, bind_ack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ bind_ack, bind_ack_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
TcpSession ssn;
DCERPCUuidEntry *item = NULL;
int count = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
uint8_t accepted_uuids[3][16] = {
{0x4b, 0x32, 0x4f, 0xc8, 0x16, 0x70, 0x01, 0xd3,
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- bind1, bind1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ bind1, bind1_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- bind_ack1, bind_ack1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ bind_ack1, bind_ack1_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- bind2, bind2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ bind2, bind2_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- bind_ack2, bind_ack2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ bind_ack2, bind_ack2_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- bind3, bind3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ bind3, bind3_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- bind_ack3, bind_ack3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ bind_ack3, bind_ack3_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
TcpSession ssn;
DCERPCUuidEntry *item = NULL;
int count = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
uint8_t accepted_uuids[2][16] = {
{0x57, 0x67, 0x4c, 0xd0, 0x52, 0x00, 0x11, 0xce,
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- bind, bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ bind, bind_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- bind_ack, bind_ack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ bind_ack, bind_ack_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- alter_context, alter_context_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ alter_context, alter_context_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- alter_context_resp, alter_context_resp_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ alter_context_resp, alter_context_resp_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t request2_len = sizeof(request2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request1, request1_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.pdu_fragged == 1);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
result = 0;
result &= (dcerpc_state->dcerpc.dcerpcrequest.opnum == 2);
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t bindlen = sizeof(dcerpcbind);
uint32_t bindacklen = sizeof(dcerpcbindack);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, dcerpcbind, bindlen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START, dcerpcbind, bindlen);
if (r != 0) {
printf("dcerpc header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpcbindack, bindacklen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpcbindack, bindacklen);
if (r == 0) {
printf("dce parser didn't return fail\n");
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
-/* Copyright (C) 2007-2013 Open Information Security Foundation
+/* Copyright (C) 2007-2014 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* 02110-1301, USA.
*/
-/** \file
- *
- * \author Victor Julien <victor@inliniac.net>
- *
- * A simple application layer (L7) protocol detector. It works by allowing
- * developers to set a series of patterns that if exactly matching indicate
- * that the session is a certain protocol.
+/**
+ * \file
*
- * \todo More advanced detection methods, regex maybe.
- * \todo Fall back to port based classification if other detection fails.
+ * \author Victor Julien <victor@inliniac.net>
+ * \author Anoop Saldanha <anoopsaldanha@gmail.com>
*/
#include "suricata-common.h"
#include "tm-threads.h"
#include "detect.h"
+#include "detect-engine-port.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-content.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
-#include "util-mpm.h"
#include "util-print.h"
#include "util-pool.h"
#include "util-unittest.h"
#include "flow.h"
#include "flow-util.h"
+#include "flow-private.h"
#include "stream-tcp-private.h"
#include "stream-tcp-reassemble.h"
#include "stream-tcp.h"
#include "stream.h"
+#include "app-layer.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer-detect-proto.h"
+#include "conf.h"
+#include "util-memcmp.h"
#include "util-spm.h"
#include "util-cuda.h"
#include "util-debug.h"
-#include "conf.h"
-
-#define INSPECT_BYTES 32
-#define ASYNC_MAX 75000
-
-/** global app layer detection context */
-AlpProtoDetectCtx alp_proto_ctx;
-
-/** \brief Initialize the app layer proto detection */
-void AlpProtoInit(AlpProtoDetectCtx *ctx) {
- memset(ctx, 0x00, sizeof(AlpProtoDetectCtx));
-
- MpmInitCtx(&ctx->toserver.mpm_ctx, MPM_B2G);
- MpmInitCtx(&ctx->toclient.mpm_ctx, MPM_B2G);
-
- memset(&ctx->toserver.map, 0x00, sizeof(ctx->toserver.map));
- memset(&ctx->toclient.map, 0x00, sizeof(ctx->toclient.map));
+#include "runmodes.h"
+
+typedef struct AppLayerProtoDetectProbingParserElement_ {
+ uint16_t alproto;
+ /* \todo don't really need it. See if you can get rid of it */
+ uint16_t port;
+ /* \todo calculate at runtime and get rid of this var */
+ uint32_t alproto_mask;
+ /* \todo check if we can reduce the bottom 2 vars to uint16_t */
+ /* the min length of data that has to be supplied to invoke the parser */
+ uint32_t min_depth;
+ /* the max length of data after which this parser won't be invoked */
+ uint32_t max_depth;
+ /* the probing parser function */
+ ProbingParserFPtr ProbingParser;
+
+ struct AppLayerProtoDetectProbingParserElement_ *next;
+} AppLayerProtoDetectProbingParserElement;
+
+typedef struct AppLayerProtoDetectProbingParserPort_ {
+ /* the port no for which probing parser(s) are invoked */
+ uint16_t port;
+
+ uint32_t toserver_alproto_mask;
+ uint32_t toclient_alproto_mask;
+ /* the max depth for all the probing parsers registered for this port */
+ uint16_t toserver_max_depth;
+ uint16_t toclient_max_depth;
+
+ AppLayerProtoDetectProbingParserElement *toserver;
+ AppLayerProtoDetectProbingParserElement *toclient;
+
+ struct AppLayerProtoDetectProbingParserPort_ *next;
+} AppLayerProtoDetectProbingParserPort;
+
+typedef struct AppLayerProtoDetectProbingParser_ {
+ uint16_t ip_proto;
+ AppLayerProtoDetectProbingParserPort *port;
+
+ struct AppLayerProtoDetectProbingParser_ *next;
+} AppLayerProtoDetectProbingParser;
+
+typedef struct AppLayerProtoDetectPMSignature_ {
+ AppProto alproto;
+ /* \todo Change this into a non-pointer */
+ DetectContentData *cd;
+ struct AppLayerProtoDetectPMSignature_ *next;
+} AppLayerProtoDetectPMSignature;
+
+typedef struct AppLayerProtoDetectPMCtx_ {
+ uint16_t max_len;
+ uint16_t min_len;
+ MpmCtx mpm_ctx;
- ctx->toserver.id = 0;
- ctx->toclient.id = 0;
- ctx->toclient.min_len = INSPECT_BYTES;
- ctx->toserver.min_len = INSPECT_BYTES;
+ /** Mapping between pattern id and signature. As each signature has a
+ * unique pattern with a unique id, we can lookup the signature by
+ * the pattern id. */
+ AppLayerProtoDetectPMSignature **map;
+ AppLayerProtoDetectPMSignature *head;
- intmax_t value = 0;
- if ((ConfGetInt("app-layer.proto-detect.toclient-async-max", &value)) == 1) {
- if (value >= 0 && value <= 1048576) {
- ctx->toclient.async_max = (uint32_t)value;
- } else {
- ctx->toclient.async_max = (uint32_t)ASYNC_MAX;
- }
- } else {
- ctx->toclient.async_max = (uint32_t)ASYNC_MAX;
- }
- if ((ConfGetInt("app-layer.proto-detect.toserver-async-max", &value)) == 1) {
- if (value >= 0 && value <= 1048576) {
- ctx->toserver.async_max = (uint32_t)value;
- } else {
- ctx->toserver.async_max = (uint32_t)ASYNC_MAX;
- }
- } else {
- ctx->toserver.async_max = (uint32_t)ASYNC_MAX;
- }
- SCLogDebug("toclient.async_max %u toserver.async_max %u",
- ctx->toclient.async_max, ctx->toserver.async_max);
+ /* \todo we don't need this except at setup time. Get rid of it. */
+ PatIntId max_pat_id;
+} AppLayerProtoDetectPMCtx;
- ctx->mpm_pattern_id_store = MpmPatternIdTableInitHash();
-}
+typedef struct AppLayerProtoDetectCtxIpproto_ {
+ /* 0 - toserver, 1 - toclient */
+ AppLayerProtoDetectPMCtx ctx_pm[2];
+} AppLayerProtoDetectCtxIpproto;
/**
- * \brief Turn a proto detection into a AlpProtoSignature and store it
- * in the ctx.
- *
- * \param ctx the contex
- * \param co the content match
- * \param proto the proto id
- * \initonly
+ * \brief The app layer protocol detection context.
*/
-static void AlpProtoAddSignature(AlpProtoDetectCtx *ctx, DetectContentData *co, uint16_t ip_proto, uint16_t proto) {
- AlpProtoSignature *s = SCMalloc(sizeof(AlpProtoSignature));
- if (unlikely(s == NULL)) {
- SCLogError(SC_ERR_FATAL, "Error allocating memory. Signature not loaded. Not enough memory so.. exiting..");
- exit(EXIT_FAILURE);
- }
- memset(s, 0x00, sizeof(AlpProtoSignature));
-
- s->ip_proto = ip_proto;
- s->proto = proto;
- s->co = co;
+typedef struct AppLayerProtoDetectCtx_ {
+ /* Context per ip_proto.
+ * \todo Modify ctx_ipp to hold for only tcp and udp. The rest can be
+ * implemented if needed. Waste of space otherwise. */
+ AppLayerProtoDetectCtxIpproto ctx_ipp[FLOW_PROTO_DEFAULT];
- if (ctx->head == NULL) {
- ctx->head = s;
- } else {
- s->next = ctx->head;
- ctx->head = s;
- }
-
- ctx->sigs++;
-}
+ AppLayerProtoDetectProbingParser *ctx_pp;
-/** \brief free a AlpProtoSignature, recursively free any next sig */
-static void AlpProtoFreeSignature(AlpProtoSignature *s)
-{
- if (s == NULL)
- return;
-
- DetectContentFree(s->co);
- s->co = NULL;
- s->proto = 0;
+ /* Indicates the protocols that have registered themselves
+ * for protocol detection. This table is independent of the
+ * ipproto. */
+ char *alproto_names[ALPROTO_MAX];
+} AppLayerProtoDetectCtx;
- AlpProtoSignature *next_s = s->next;
+/**
+ * \brief The app layer protocol detection thread context.
+ */
+typedef struct AppLayerProtoDetectCtxThread_ {
+ PatternMatcherQueue pmq;
+ /* The value 2 is for direction(0 - toserver, 1 - toclient). */
+ MpmThreadCtx mpm_tctx[FLOW_PROTO_DEFAULT][2];
+} AppLayerProtoDetectCtxThread;
- SCFree(s);
+/* The global app layer proto detection context. */
+AppLayerProtoDetectCtx alpd_ctx;
- AlpProtoFreeSignature(next_s);
-}
+/***** Static Internal Calls: Protocol Retrieval *****/
-/**
- * \brief Match a AlpProtoSignature against a buffer
- *
- * \param s signature
- * \param buf pointer to buffer
- * \param buflen length of the buffer
- * \param ip_proto packet's ip_proto
- *
- * \retval proto the detected proto or ALPROTO_UNKNOWN if no match
- */
-static uint16_t AlpProtoMatchSignature(AlpProtoSignature *s, uint8_t *buf,
- uint16_t buflen, uint16_t ip_proto)
+static uint16_t AppLayerProtoDetectPMMatchSignature(AppLayerProtoDetectPMSignature *s,
+ uint8_t *buf, uint16_t buflen,
+ uint16_t ipproto)
{
SCEnter();
uint16_t proto = ALPROTO_UNKNOWN;
uint8_t *found = NULL;
- if (s->ip_proto != ip_proto) {
- goto end;
- }
-
- if (s->co->offset > buflen) {
+ if (s->cd->offset > buflen) {
SCLogDebug("s->co->offset (%"PRIu16") > buflen (%"PRIu16")",
- s->co->offset, buflen);
+ s->cd->offset, buflen);
goto end;
}
- if (s->co->depth > buflen) {
+ if (s->cd->depth > buflen) {
SCLogDebug("s->co->depth (%"PRIu16") > buflen (%"PRIu16")",
- s->co->depth, buflen);
+ s->cd->depth, buflen);
goto end;
}
- uint8_t *sbuf = buf + s->co->offset;
- uint16_t sbuflen = s->co->depth - s->co->offset;
- SCLogDebug("s->co->offset (%"PRIu16") s->co->depth (%"PRIu16")",
- s->co->offset, s->co->depth);
+ uint8_t *sbuf = buf + s->cd->offset;
+ uint16_t sbuflen = s->cd->depth - s->cd->offset;
+ SCLogDebug("s->co->offset (%"PRIu16") s->cd->depth (%"PRIu16")",
+ s->cd->offset, s->cd->depth);
- if (s->co->flags & DETECT_CONTENT_NOCASE)
- found = SpmNocaseSearch(sbuf, sbuflen, s->co->content, s->co->content_len);
+ if (s->cd->flags & DETECT_CONTENT_NOCASE)
+ found = SpmNocaseSearch(sbuf, sbuflen, s->cd->content, s->cd->content_len);
else
- found = SpmSearch(sbuf, sbuflen, s->co->content, s->co->content_len);
+ found = SpmSearch(sbuf, sbuflen, s->cd->content, s->cd->content_len);
if (found != NULL)
- proto = s->proto;
+ proto = s->alproto;
-end:
+ end:
SCReturnInt(proto);
}
-/**
- * \brief Add a proto detection string to the detection ctx.
- *
- * \param ctx The detection ctx
- * \param ip_proto The IP proto (TCP, UDP, etc)
- * \param al_proto Application layer proto
- * \param content A content string in the 'content:"some|20|string"' format.
- * \param depth Depth setting for the content. E.g. 4 means that the content has to match in the first 4 bytes of the stream.
- * \param offset Offset setting for the content. E.g. 4 mean that the content has to match after the first 4 bytes of the stream.
- * \param flags Set STREAM_TOCLIENT or STREAM_TOSERVER for the direction in which to try to match the content.
- * \param ci Pattern is case-insensitive.
- */
-void AlpProtoAddPattern(AlpProtoDetectCtx *ctx, char *name, uint16_t ip_proto,
- uint16_t al_proto, char *content, uint16_t depth,
- uint16_t offset, uint8_t flags, uint8_t ci)
-{
- if (al_proto_table[al_proto].name != NULL) {
- BUG_ON(strcmp(al_proto_table[al_proto].name, name) != 0);
- } else {
- al_proto_table[al_proto].name = name;
- }
-
- DetectContentData *cd = DetectContentParseEncloseQuotes(content);
- if (cd == NULL) {
- return;
- }
- cd->depth = depth;
- cd->offset = offset;
-
- cd->id = DetectContentGetId(ctx->mpm_pattern_id_store, cd);
-
- //PrintRawDataFp(stdout,cd->content,cd->content_len);
- SCLogDebug("cd->depth %"PRIu16" and cd->offset %"PRIu16" cd->id %"PRIu32"",
- cd->depth, cd->offset, cd->id);
-
- AlpProtoDetectDirection *dir;
- if (flags & STREAM_TOCLIENT) {
- dir = &ctx->toclient;
- } else {
- dir = &ctx->toserver;
- }
-
- if (ci == 1) {
- cd->flags |= DETECT_CONTENT_NOCASE;
- MpmAddPatternCI(&dir->mpm_ctx, cd->content, cd->content_len,
- cd->offset, cd->depth,
- cd->id, cd->id, 0);
- } else {
- MpmAddPatternCS(&dir->mpm_ctx, cd->content, cd->content_len,
- cd->offset, cd->depth,
- cd->id, cd->id, 0);
- }
-
- BUG_ON(dir->id == ALP_DETECT_MAX);
- dir->map[dir->id] = al_proto;
- dir->id++;
-
- if (depth > dir->max_len)
- dir->max_len = depth;
-
- /* set the min_len for the stream engine to set the min smsg size for app
- layer*/
- if (depth < dir->min_len)
- dir->min_len = depth;
-
- /* finally turn into a signature and add to the ctx */
- AlpProtoAddSignature(ctx, cd, ip_proto, al_proto);
-}
-
-
-void AlpProtoAddCI(AlpProtoDetectCtx *ctx, char *name, uint16_t ip_proto,
- uint16_t al_proto, char *content, uint16_t depth,
- uint16_t offset, uint8_t flags)
-{
- AlpProtoAddPattern(ctx, name, ip_proto, al_proto, content, depth,
- offset, flags, 1);
-
- return;
-}
-
-void AlpProtoAdd(AlpProtoDetectCtx *ctx, char *name, uint16_t ip_proto,
- uint16_t al_proto, char *content, uint16_t depth,
- uint16_t offset, uint8_t flags)
+static uint16_t AppLayerProtoDetectPMGetProto(AppLayerProtoDetectCtxThread *tctx,
+ Flow *f,
+ uint8_t *buf, uint16_t buflen,
+ uint8_t direction,
+ uint8_t ipproto,
+ AppProto *pm_results)
{
- AlpProtoAddPattern(ctx, name, ip_proto, al_proto, content, depth,
- offset, flags, 0);
-
- return;
-}
-
-#ifdef UNITTESTS
-void AlpProtoTestDestroy(AlpProtoDetectCtx *ctx) {
- mpm_table[ctx->toserver.mpm_ctx.mpm_type].DestroyCtx(&ctx->toserver.mpm_ctx);
- mpm_table[ctx->toclient.mpm_ctx.mpm_type].DestroyCtx(&ctx->toclient.mpm_ctx);
- AlpProtoFreeSignature(ctx->head);
- AppLayerFreeProbingParsers(ctx->probing_parsers);
- ctx->probing_parsers = NULL;
-
- return;
-}
-#endif
-
-void AlpProtoDestroy() {
- SCEnter();
- mpm_table[alp_proto_ctx.toserver.mpm_ctx.mpm_type].DestroyCtx(&alp_proto_ctx.toserver.mpm_ctx);
- mpm_table[alp_proto_ctx.toclient.mpm_ctx.mpm_type].DestroyCtx(&alp_proto_ctx.toclient.mpm_ctx);
- MpmPatternIdTableFreeHash(alp_proto_ctx.mpm_pattern_id_store);
- AlpProtoFreeSignature(alp_proto_ctx.head);
- AppLayerFreeProbingParsers(alp_proto_ctx.probing_parsers);
- alp_proto_ctx.probing_parsers = NULL;
-
- SCReturn;
-}
-
-void AlpProtoFinalizeThread(AlpProtoDetectCtx *ctx, AlpProtoDetectThreadCtx *tctx) {
- uint32_t sig_maxid = 0;
- uint32_t pat_maxid = ctx->mpm_pattern_id_store ? ctx->mpm_pattern_id_store->max_id : 0;
-
- memset(tctx, 0x00, sizeof(AlpProtoDetectThreadCtx));
-
- if (ctx->toclient.id > 0) {
- //sig_maxid = ctx->toclient.id;
- mpm_table[ctx->toclient.mpm_ctx.mpm_type].InitThreadCtx(&ctx->toclient.mpm_ctx, &tctx->toclient.mpm_ctx, sig_maxid);
- PmqSetup(&tctx->toclient.pmq, sig_maxid, pat_maxid);
- }
- if (ctx->toserver.id > 0) {
- //sig_maxid = ctx->toserver.id;
- mpm_table[ctx->toserver.mpm_ctx.mpm_type].InitThreadCtx(&ctx->toserver.mpm_ctx, &tctx->toserver.mpm_ctx, sig_maxid);
- PmqSetup(&tctx->toserver.pmq, sig_maxid, pat_maxid);
- }
-
- int i;
- for (i = 0; i < ALPROTO_MAX; i++) {
- tctx->alproto_local_storage[i] = AppLayerGetProtocolParserLocalStorage(i);
- }
-
- return;
-}
-
-void AlpProtoDeFinalize2Thread(AlpProtoDetectThreadCtx *tctx) {
- if (alp_proto_ctx.toclient.id > 0) {
- mpm_table[alp_proto_ctx.toclient.mpm_ctx.mpm_type].DestroyThreadCtx
- (&alp_proto_ctx.toclient.mpm_ctx, &tctx->toclient.mpm_ctx);
- PmqFree(&tctx->toclient.pmq);
- }
- if (alp_proto_ctx.toserver.id > 0) {
- mpm_table[alp_proto_ctx.toserver.mpm_ctx.mpm_type].DestroyThreadCtx
- (&alp_proto_ctx.toserver.mpm_ctx, &tctx->toserver.mpm_ctx);
- PmqFree(&tctx->toserver.pmq);
- }
-
-}
-/** \brief to be called by ReassemblyThreadInit
- * \todo this is a hack, we need a proper place to store the global ctx */
-void AlpProtoFinalize2Thread(AlpProtoDetectThreadCtx *tctx) {
- AlpProtoFinalizeThread(&alp_proto_ctx, tctx);
- return;
-}
-
-void AlpProtoFinalizeGlobal(AlpProtoDetectCtx *ctx) {
- if (ctx == NULL)
- return;
-
- mpm_table[ctx->toclient.mpm_ctx.mpm_type].Prepare(&ctx->toclient.mpm_ctx);
- mpm_table[ctx->toserver.mpm_ctx.mpm_type].Prepare(&ctx->toserver.mpm_ctx);
-
- /* allocate and initialize the mapping between pattern id and signature */
- ctx->map = (AlpProtoSignature **)SCMalloc(ctx->sigs * sizeof(AlpProtoSignature *));
- if (ctx->map == NULL) {
- SCLogError(SC_ERR_MEM_ALLOC, "%s", strerror(errno));
- return;
- }
- memset(ctx->map, 0x00, ctx->sigs * sizeof(AlpProtoSignature *));
-
- AlpProtoSignature *s = ctx->head;
- AlpProtoSignature *temp = NULL;
- for ( ; s != NULL; s = s->next) {
- BUG_ON(s->co == NULL);
-
- if (ctx->map[s->co->id] == NULL) {
- ctx->map[s->co->id] = s;
- } else {
- temp = ctx->map[s->co->id];
- while (temp->map_next != NULL)
- temp = temp->map_next;
- temp->map_next = s;
- }
- }
-}
-
-void AppLayerDetectProtoThreadInit(void) {
- AlpProtoInit(&alp_proto_ctx);
- RegisterAppLayerParsers();
- AlpProtoFinalizeGlobal(&alp_proto_ctx);
-
- return;
-}
-
-/**
- * \brief Get the app layer proto based on a buffer using a Patter matcher
- * parser.
- *
- * \param ctx Global app layer detection context
- * \param tctx Thread app layer detection context
- * \param f Pointer to the flow.
- * \param buf Pointer to the buffer to inspect
- * \param buflen Lenght of the buffer
- * \param flags Flags.
- * \param Pointer to the results array, ALPROTO_MAX long.
- *
- * \retval pm_matches Returns the no of alproto matches.
- */
-uint16_t AppLayerDetectGetProtoPMParser(AlpProtoDetectCtx *ctx,
- AlpProtoDetectThreadCtx *tctx,
- Flow *f,
- uint8_t *buf, uint16_t buflen,
- uint8_t flags, uint8_t ipproto,
- uint16_t *pm_results) {
SCEnter();
- uint16_t pm_matches = 0;
pm_results[0] = ALPROTO_UNKNOWN;
- AlpProtoDetectDirection *dir;
- AlpProtoDetectDirectionThread *tdir;
- uint16_t max_len;
+ AppLayerProtoDetectPMCtx *pm_ctx;
+ MpmThreadCtx *mpm_tctx;
+ uint16_t pm_matches = 0;
+ uint8_t cnt;
+ uint16_t searchlen;
- if (flags & STREAM_TOSERVER) {
- dir = &ctx->toserver;
- tdir = &tctx->toserver;
- max_len = ctx->toserver.max_len;
+ if (direction & STREAM_TOSERVER) {
+ pm_ctx = &alpd_ctx.ctx_ipp[FlowGetProtoMapping(ipproto)].ctx_pm[0];
+ mpm_tctx = &tctx->mpm_tctx[FlowGetProtoMapping(ipproto)][0];
} else {
- dir = &ctx->toclient;
- tdir = &tctx->toclient;
- max_len = ctx->toclient.max_len;
+ pm_ctx = &alpd_ctx.ctx_ipp[FlowGetProtoMapping(ipproto)].ctx_pm[1];
+ mpm_tctx = &tctx->mpm_tctx[FlowGetProtoMapping(ipproto)][1];
}
- if (dir->id == 0) {
+ if (pm_ctx->mpm_ctx.pattern_cnt == 0)
goto end;
- }
- /* see if we can limit the data we inspect */
- uint16_t searchlen = buflen;
- if (searchlen > dir->max_len)
- searchlen = dir->max_len;
+ searchlen = buflen;
+ if (searchlen > pm_ctx->max_len)
+ searchlen = pm_ctx->max_len;
uint32_t search_cnt = 0;
/* do the mpm search */
- search_cnt = mpm_table[dir->mpm_ctx.mpm_type].Search(&dir->mpm_ctx,
- &tdir->mpm_ctx,
- &tdir->pmq, buf,
- searchlen);
- SCLogDebug("search cnt %" PRIu32 "", search_cnt);
+ search_cnt = mpm_table[pm_ctx->mpm_ctx.mpm_type].Search(&pm_ctx->mpm_ctx,
+ mpm_tctx,
+ &tctx->pmq,
+ buf, searchlen);
if (search_cnt == 0)
goto end;
/* alproto bit field */
- uint8_t pm_results_bf[ALPROTO_MAX / 8];
+ uint8_t pm_results_bf[(ALPROTO_MAX / 8) + 1];
memset(pm_results_bf, 0, sizeof(pm_results_bf));
- for (uint8_t s_cnt = 0; s_cnt < search_cnt; s_cnt++) {
- AlpProtoSignature *s = ctx->map[tdir->pmq.pattern_id_array[s_cnt]];
- SCLogDebug("array count is %"PRIu32" patid %"PRIu16"",
- tdir->pmq.pattern_id_array_cnt,
- tdir->pmq.pattern_id_array[s_cnt]);
+ for (cnt = 0; cnt < search_cnt; cnt++) {
+ AppLayerProtoDetectPMSignature *s = pm_ctx->map[tctx->pmq.pattern_id_array[cnt]];
while (s != NULL) {
- uint16_t proto = AlpProtoMatchSignature(s, buf, buflen, ipproto);
- if (proto != ALPROTO_UNKNOWN && !(pm_results_bf[proto / 8] & (1 << (proto % 8))) ) {
- pm_results[pm_matches++] = proto;
- pm_results_bf[proto / 8] |= 1 << (proto % 8);
- }
- s = s->map_next;
+ uint16_t proto = AppLayerProtoDetectPMMatchSignature(s, buf, searchlen, ipproto);
+ if (proto != ALPROTO_UNKNOWN &&
+ !(pm_results_bf[proto / 8] & (1 << (proto % 8))) )
+ {
+ pm_results[pm_matches++] = proto;
+ pm_results_bf[proto / 8] |= 1 << (proto % 8);
+ }
+ s = s->next;
}
}
-end:
- PmqReset(&tdir->pmq);
+ end:
+ PmqReset(&tctx->pmq);
+ if (buflen >= pm_ctx->max_len)
+ FLOW_SET_PM_DONE(f, direction);
+ SCReturnUInt(pm_matches);
+}
- if (mpm_table[dir->mpm_ctx.mpm_type].Cleanup != NULL) {
- mpm_table[dir->mpm_ctx.mpm_type].Cleanup(&tdir->mpm_ctx);
- }
-#if 0
- printf("AppLayerDetectGetProto: returning %" PRIu16 " (%s): ", proto, flags & STREAM_TOCLIENT ? "TOCLIENT" : "TOSERVER");
- switch (proto) {
- case ALPROTO_HTTP:
- printf("HTTP: ");
- /* print the first 32 bytes */
- if (buflen > 0) {
- PrintRawUriFp(stdout,buf,(buflen>32)?32:buflen);
- }
- printf("\n");
- break;
- case ALPROTO_FTP:
- printf("FTP\n");
- break;
- case ALPROTO_SSL:
- printf("SSL\n");
- break;
- case ALPROTO_SSH:
- printf("SSH\n");
- break;
- case ALPROTO_TLS:
- printf("TLS\n");
- break;
- case ALPROTO_IMAP:
- printf("IMAP\n");
- break;
- case ALPROTO_SMTP:
- printf("SMTP\n");
- break;
- case ALPROTO_JABBER:
- printf("JABBER\n");
- break;
- case ALPROTO_MSN:
- printf("MSN\n");
- break;
- case ALPROTO_SMB:
- printf("SMB\n");
- break;
- case ALPROTO_SMB2:
- printf("SMB2\n");
- break;
- case ALPROTO_DCERPC:
- printf("DCERPC\n");
+static AppLayerProtoDetectProbingParserPort *AppLayerProtoDetectGetProbingParsers(AppLayerProtoDetectProbingParser *pp,
+ uint16_t ip_proto,
+ uint16_t port)
+{
+ AppLayerProtoDetectProbingParserPort *pp_port = NULL;
+
+ while (pp != NULL) {
+ if (pp->ip_proto == ip_proto)
break;
- case ALPROTO_UNKNOWN:
- default:
- printf("UNKNOWN (%u): cnt was %u (", proto, cnt);
- /* print the first 32 bytes */
- if (buflen > 0) {
- PrintRawUriFp(stdout,buf,(buflen>32)?32:buflen);
- }
- printf(")\n");
+
+ pp = pp->next;
+ }
+
+ if (pp == NULL)
+ goto end;
+
+ pp_port = pp->port;
+ while (pp_port != NULL) {
+ if (pp_port->port == port || pp_port->port == 0) {
break;
+ }
+ pp_port = pp_port->next;
}
-#endif
- if (buflen >= max_len)
- FLOW_SET_PM_DONE(f, flags);
- SCReturnUInt(pm_matches);
+
+ end:
+ SCReturnPtr(pp_port, "AppLayerProtoDetectProbingParserPort *");
}
/**
* \brief Call the probing parser if it exists for this src or dst port.
*/
-uint16_t AppLayerDetectGetProtoProbingParser(AlpProtoDetectCtx *ctx, Flow *f,
- uint8_t *buf, uint32_t buflen,
- uint8_t flags, uint8_t ipproto)
+static AppProto AppLayerProtoDetectPPGetProto(Flow *f,
+ uint8_t *buf, uint32_t buflen,
+ uint8_t ipproto, uint8_t direction)
{
- AppLayerProbingParserPort *pp_port = NULL;
- AppLayerProbingParserElement *pe = NULL;
- uint32_t *al_proto_masks;
-
- if (flags & STREAM_TOSERVER) {
- pp_port = AppLayerGetProbingParsers(ctx->probing_parsers, ipproto, f->dp);
- al_proto_masks = &f->probing_parser_toserver_al_proto_masks;
+ AppLayerProtoDetectProbingParserPort *pp_port = NULL;
+ AppLayerProtoDetectProbingParserElement *pe = NULL;
+ AppProto alproto = ALPROTO_UNKNOWN;
+ uint32_t *alproto_masks;
+
+ if (direction & STREAM_TOSERVER) {
+ pp_port = AppLayerProtoDetectGetProbingParsers(alpd_ctx.ctx_pp, ipproto, f->dp);
+ alproto_masks = &f->probing_parser_toserver_alproto_masks;
if (pp_port == NULL) {
SCLogDebug("toserver-No probing parser registered for port %"PRIu16,
f->dp);
- FLOW_SET_PP_DONE(f, flags);
- return ALPROTO_UNKNOWN;
+ FLOW_SET_PP_DONE(f, direction);
+ goto end;
}
pe = pp_port->toserver;
} else {
- pp_port = AppLayerGetProbingParsers(ctx->probing_parsers, ipproto, f->sp);
- al_proto_masks = &f->probing_parser_toclient_al_proto_masks;
+ pp_port = AppLayerProtoDetectGetProbingParsers(alpd_ctx.ctx_pp, ipproto, f->sp);
+ alproto_masks = &f->probing_parser_toclient_alproto_masks;
if (pp_port == NULL) {
SCLogDebug("toclient-No probing parser registered for port %"PRIu16,
f->sp);
- FLOW_SET_PP_DONE(f, flags);
- return ALPROTO_UNKNOWN;
+ FLOW_SET_PP_DONE(f, direction);
+ goto end;
}
pe = pp_port->toclient;
}
while (pe != NULL) {
if ((buflen < pe->min_depth) ||
- (al_proto_masks[0] & pe->al_proto_mask)) {
+ (alproto_masks[0] & pe->alproto_mask)) {
pe = pe->next;
continue;
}
- int alproto = pe->ProbingParser(buf, buflen, NULL);
+ alproto = pe->ProbingParser(buf, buflen, NULL);
if (alproto != ALPROTO_UNKNOWN && alproto != ALPROTO_FAILED)
- return alproto;
+ goto end;
if (alproto == ALPROTO_FAILED ||
(pe->max_depth != 0 && buflen > pe->max_depth)) {
- al_proto_masks[0] |= pe->al_proto_mask;
+ alproto_masks[0] |= pe->alproto_mask;
}
pe = pe->next;
}
- if (flags & STREAM_TOSERVER) {
- if (al_proto_masks[0] == pp_port->toserver_al_proto_mask) {
- FLOW_SET_PP_DONE(f, flags);
- return ALPROTO_UNKNOWN;
+ if (direction & STREAM_TOSERVER) {
+ if (alproto_masks[0] == pp_port->toserver_alproto_mask) {
+ FLOW_SET_PP_DONE(f, direction);
+ goto end;
}
} else {
- if (al_proto_masks[0] == pp_port->toclient_al_proto_mask) {
- FLOW_SET_PP_DONE(f, flags);
- return ALPROTO_UNKNOWN;
+ if (alproto_masks[0] == pp_port->toclient_alproto_mask) {
+ FLOW_SET_PP_DONE(f, direction);
+ goto end;
}
}
- return ALPROTO_UNKNOWN;
+ end:
+ SCReturnCT(alproto, "AppProto");
}
-/**
- * \brief Get the app layer proto.
- *
- * \param ctx Global app layer detection context.
- * \param tctx Thread app layer detection context.
- * \param f Pointer to the flow.
- * \param buf Pointer to the buffer to inspect.
- * \param buflen Lenght of the buffer.
- * \param flags Flags.
- *
- * \retval proto App Layer proto, or ALPROTO_UNKNOWN if unknown
- */
-uint16_t AppLayerDetectGetProto(AlpProtoDetectCtx *ctx,
- AlpProtoDetectThreadCtx *tctx, Flow *f,
- uint8_t *buf, uint32_t buflen,
- uint8_t flags, uint8_t ipproto)
-{
- if (!FLOW_IS_PM_DONE(f, flags)) {
- uint16_t pm_results[ALPROTO_MAX];
- uint16_t pm_matches = AppLayerDetectGetProtoPMParser(ctx, tctx, f, buf, buflen, flags, ipproto, pm_results);
- uint8_t dir = (flags & STREAM_TOSERVER) ? 0 : 1;
- for (uint16_t i = 0; i < pm_matches; i++) {
- if (al_proto_table[pm_results[i]].PPAlprotoMap[dir] != NULL) {
- if (pm_results[i] != al_proto_table[pm_results[i]].PPAlprotoMap[dir](buf, buflen, NULL)) {
- /* \todo set event - Needs some deliberation */
- continue;
- }
- }
+/***** Static Internal Calls: PP registration *****/
+
+static void AppLayerProtoDetectPPGetIpprotos(AppProto alproto,
+ uint8_t *ipprotos)
+{
+ SCEnter();
+
+ AppLayerProtoDetectProbingParser *pp;
+ AppLayerProtoDetectProbingParserPort *pp_port;
+ AppLayerProtoDetectProbingParserElement *pp_pe;
- return pm_results[i];
+ for (pp = alpd_ctx.ctx_pp; pp != NULL; pp = pp->next) {
+ for (pp_port = pp->port; pp_port != NULL; pp_port = pp_port->next) {
+ for (pp_pe = pp_port->toserver; pp_pe != NULL; pp_pe = pp_pe->next) {
+ if (alproto == pp_pe->alproto)
+ ipprotos[pp->ip_proto / 8] |= 1 << (pp->ip_proto % 8);
+ }
+ for (pp_pe = pp_port->toclient; pp_pe != NULL; pp_pe = pp_pe->next) {
+ if (alproto == pp_pe->alproto)
+ ipprotos[pp->ip_proto / 8] |= 1 << (pp->ip_proto % 8);
+ }
}
}
- if (!FLOW_IS_PP_DONE(f, flags))
- return AppLayerDetectGetProtoProbingParser(ctx, f, buf, buflen, flags, ipproto);
- return ALPROTO_UNKNOWN;
-}
-
-/*****Unittests*****/
-#ifdef UNITTESTS
+ SCReturn;
+}
-int AlpDetectTest01(void) {
- char *buf = SCStrdup("HTTP");
- int r = 1;
- AlpProtoDetectCtx ctx;
+static uint32_t AppLayerProtoDetectProbingParserGetMask(uint16_t alproto)
+{
+ SCEnter();
- AlpProtoInit(&ctx);
+ if (!(alproto > ALPROTO_UNKNOWN && alproto < ALPROTO_FAILED)) {
+ SCLogError(SC_ERR_ALPARSER, "Unknown protocol detected - %"PRIu16,
+ alproto);
+ exit(EXIT_FAILURE);
+ }
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
- SCFree(buf);
+ SCReturnUInt(1 << alproto);
+}
- if (ctx.toclient.id != 1) {
- r = 0;
- }
+static inline AppLayerProtoDetectProbingParserElement *AllocAppLayerProtoDetectProbingParserElement(void)
+{
+ SCEnter();
- buf = SCStrdup("GET");
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOSERVER);
- if (ctx.toserver.id != 1) {
- r = 0;
+ AppLayerProtoDetectProbingParserElement *p = SCMalloc(sizeof(AppLayerProtoDetectProbingParserElement));
+ if (unlikely(p == NULL)) {
+ exit(EXIT_FAILURE);
}
- SCFree(buf);
+ memset(p, 0, sizeof(AppLayerProtoDetectProbingParserElement));
- AlpProtoTestDestroy(&ctx);
-
- return r;
+ SCReturnPtr(p, "AppLayerProtoDetectProbingParserElement");
}
-int AlpDetectTest02(void) {
- char *buf = SCStrdup("HTTP");
- int r = 1;
- AlpProtoDetectCtx ctx;
- AlpProtoInit(&ctx);
+static inline void DeAllocAppLayerProtoDetectProbingParserElement(AppLayerProtoDetectProbingParserElement *p)
+{
+ SCEnter();
+ SCFree(p);
+ SCReturn;
+}
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
- SCFree(buf);
+static inline AppLayerProtoDetectProbingParserPort *AllocAppLayerProtoDetectProbingParserPort(void)
+{
+ SCEnter();
- if (ctx.toclient.id != 1) {
- r = 0;
+ AppLayerProtoDetectProbingParserPort *p = SCMalloc(sizeof(AppLayerProtoDetectProbingParserPort));
+ if (unlikely(p == NULL)) {
+ exit(EXIT_FAILURE);
}
+ memset(p, 0, sizeof(AppLayerProtoDetectProbingParserPort));
- if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_HTTP) {
- r = 0;
- }
+ SCReturnPtr(p, "AppLayerProtoDetectProbingParserPort");
+}
+
+static inline void DeAllocAppLayerProtoDetectProbingParserPort(AppLayerProtoDetectProbingParserPort *p)
+{
+ SCEnter();
- buf = SCStrdup("220 ");
- AlpProtoAdd(&ctx, "ftp", IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
- SCFree(buf);
+ AppLayerProtoDetectProbingParserElement *e;
- if (ctx.toclient.id != 2) {
- r = 0;
+ e = p->toserver;
+ while (e != NULL) {
+ AppLayerProtoDetectProbingParserElement *e_next = e->next;
+ DeAllocAppLayerProtoDetectProbingParserElement(e);
+ e = e_next;
}
- if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_FTP) {
- r = 0;
+ e = p->toclient;
+ while (e != NULL) {
+ AppLayerProtoDetectProbingParserElement *e_next = e->next;
+ DeAllocAppLayerProtoDetectProbingParserElement(e);
+ e = e_next;
}
- AlpProtoTestDestroy(&ctx);
+ SCFree(p);
- return r;
+ SCReturn;
}
-int AlpDetectTest03(void) {
- uint8_t l7data[] = "HTTP/1.1 200 OK\r\nServer: Apache/1.0\r\n\r\n";
- char *buf = SCStrdup("HTTP");
- int r = 1;
- AlpProtoDetectCtx ctx;
- AlpProtoDetectThreadCtx tctx;
+static inline AppLayerProtoDetectProbingParser *AllocAppLayerProtoDetectProbingParser(void)
+{
+ SCEnter();
- AlpProtoInit(&ctx);
+ AppLayerProtoDetectProbingParser *p = SCMalloc(sizeof(AppLayerProtoDetectProbingParser));
+ if (unlikely(p == NULL)) {
+ exit(EXIT_FAILURE);
+ }
+ memset(p, 0, sizeof(AppLayerProtoDetectProbingParser));
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
- SCFree(buf);
+ SCReturnPtr(p, "AppLayerProtoDetectProbingParser");
+}
- if (ctx.toclient.id != 1) {
- r = 0;
- }
+static inline void DeAllocAppLayerProtoDetectProbingParser(AppLayerProtoDetectProbingParser *p)
+{
+ SCEnter();
- if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_HTTP) {
- r = 0;
+ AppLayerProtoDetectProbingParserPort *pt = p->port;
+ while (pt != NULL) {
+ AppLayerProtoDetectProbingParserPort *pt_next = pt->next;
+ DeAllocAppLayerProtoDetectProbingParserPort(pt);
+ pt = pt_next;
}
- buf = SCStrdup("220 ");
- AlpProtoAdd(&ctx, "ftp", IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
- SCFree(buf);
+ SCFree(p);
- if (ctx.toclient.id != 2) {
- r = 0;
- }
+ SCReturn;
+}
- if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_FTP) {
- r = 0;
- }
+static AppLayerProtoDetectProbingParserElement *
+AppLayerProtoDetectCreateAppLayerProtoDetectProbingParserElement(uint16_t alproto,
+ uint16_t port,
+ uint16_t min_depth,
+ uint16_t max_depth,
+ uint16_t (*AppLayerProtoDetectProbingParser)
+ (uint8_t *input, uint32_t input_len, uint32_t *offset))
+{
+ AppLayerProtoDetectProbingParserElement *pe = AllocAppLayerProtoDetectProbingParserElement();
+
+ pe->alproto = alproto;
+ pe->port = port;
+ pe->alproto_mask = AppLayerProtoDetectProbingParserGetMask(alproto);
+ pe->min_depth = min_depth;
+ pe->max_depth = max_depth;
+ pe->ProbingParser = AppLayerProtoDetectProbingParser;
+ pe->next = NULL;
+
+ if (max_depth != 0 && min_depth >= max_depth) {
+ SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to "
+ "register the probing parser. min_depth >= max_depth");
+ goto error;
+ }
+ if (alproto <= ALPROTO_UNKNOWN || alproto >= ALPROTO_MAX) {
+ SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to register "
+ "the probing parser. Invalid alproto - %d", alproto);
+ goto error;
+ }
+ if (AppLayerProtoDetectProbingParser == NULL) {
+ SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to "
+ "register the probing parser. Probing parser func NULL");
+ goto error;
+ }
+
+ SCReturnPtr(pe, "AppLayerProtoDetectProbingParserElement");
+ error:
+ DeAllocAppLayerProtoDetectProbingParserElement(pe);
+ SCReturnPtr(NULL, "AppLayerProtoDetectProbingParserElement");
+}
- AlpProtoFinalizeGlobal(&ctx);
- AlpProtoFinalizeThread(&ctx, &tctx);
+static AppLayerProtoDetectProbingParserElement *
+DuplicateAppLayerProtoDetectProbingParserElement(AppLayerProtoDetectProbingParserElement *pe)
+{
+ SCEnter();
- uint32_t cnt = mpm_table[ctx.toclient.mpm_ctx.mpm_type].Search(&ctx.toclient.mpm_ctx, &tctx.toclient.mpm_ctx, NULL, l7data, sizeof(l7data));
- if (cnt != 1) {
- printf("cnt %u != 1: ", cnt);
- r = 0;
- }
+ AppLayerProtoDetectProbingParserElement *new_pe = AllocAppLayerProtoDetectProbingParserElement();
- AlpProtoTestDestroy(&ctx);
+ new_pe->alproto = pe->alproto;
+ new_pe->port = pe->port;
+ new_pe->alproto_mask = pe->alproto_mask;
+ new_pe->min_depth = pe->min_depth;
+ new_pe->max_depth = pe->max_depth;
+ new_pe->ProbingParser = pe->ProbingParser;
+ new_pe->next = NULL;
- return r;
+ SCReturnPtr(new_pe, "AppLayerProtoDetectProbingParserElement");
}
-int AlpDetectTest04(void) {
- uint8_t l7data[] = "HTTP/1.1 200 OK\r\nServer: Apache/1.0\r\n\r\n";
- char *buf = SCStrdup("200 ");
- int r = 1;
- AlpProtoDetectCtx ctx;
- AlpProtoDetectThreadCtx tctx;
+void AppLayerProtoDetectPrintProbingParsers(AppLayerProtoDetectProbingParser *pp)
+{
+ SCEnter();
- AlpProtoInit(&ctx);
+ AppLayerProtoDetectProbingParserPort *pp_port = NULL;
+ AppLayerProtoDetectProbingParserElement *pp_pe = NULL;
+
+ printf("\n");
+
+ for ( ; pp != NULL; pp = pp->next) {
+ /* print ip protocol */
+ if (pp->ip_proto == IPPROTO_TCP)
+ printf("IPProto: TCP\n");
+ else if (pp->ip_proto == IPPROTO_UDP)
+ printf("IPProto: UDP\n");
+ else
+ printf("IPProto: %"PRIu16"\n", pp->ip_proto);
+
+ pp_port = pp->port;
+ for ( ; pp_port != NULL; pp_port = pp_port->next) {
+ if (pp_port->toserver == NULL)
+ goto AppLayerProtoDetectPrintProbingParsers_jump_toclient;
+ printf(" Port: %"PRIu16 "\n", pp_port->port);
+
+ printf(" To_Server: (max-depth: %"PRIu16 ", "
+ "mask - %"PRIu32")\n",
+ pp_port->toserver_max_depth,
+ pp_port->toserver_alproto_mask);
+ pp_pe = pp_port->toserver;
+ for ( ; pp_pe != NULL; pp_pe = pp_pe->next) {
+
+ if (pp_pe->alproto == ALPROTO_HTTP)
+ printf(" alproto: ALPROTO_HTTP\n");
+ else if (pp_pe->alproto == ALPROTO_FTP)
+ printf(" alproto: ALPROTO_FTP\n");
+ else if (pp_pe->alproto == ALPROTO_SMTP)
+ printf(" alproto: ALPROTO_SMTP\n");
+ else if (pp_pe->alproto == ALPROTO_TLS)
+ printf(" alproto: ALPROTO_TLS\n");
+ else if (pp_pe->alproto == ALPROTO_SSH)
+ printf(" alproto: ALPROTO_SSH\n");
+ else if (pp_pe->alproto == ALPROTO_IMAP)
+ printf(" alproto: ALPROTO_IMAP\n");
+ else if (pp_pe->alproto == ALPROTO_MSN)
+ printf(" alproto: ALPROTO_MSN\n");
+ else if (pp_pe->alproto == ALPROTO_JABBER)
+ printf(" alproto: ALPROTO_JABBER\n");
+ else if (pp_pe->alproto == ALPROTO_SMB)
+ printf(" alproto: ALPROTO_SMB\n");
+ else if (pp_pe->alproto == ALPROTO_SMB2)
+ printf(" alproto: ALPROTO_SMB2\n");
+ else if (pp_pe->alproto == ALPROTO_DCERPC)
+ printf(" alproto: ALPROTO_DCERPC\n");
+ else if (pp_pe->alproto == ALPROTO_IRC)
+ printf(" alproto: ALPROTO_IRC\n");
+ else
+ printf("impossible\n");
+
+ printf(" port: %"PRIu16 "\n", pp_pe->port);
+ printf(" mask: %"PRIu32 "\n", pp_pe->alproto_mask);
+ printf(" min_depth: %"PRIu32 "\n", pp_pe->min_depth);
+ printf(" max_depth: %"PRIu32 "\n", pp_pe->max_depth);
+
+ printf("\n");
+ }
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
- SCFree(buf);
+ AppLayerProtoDetectPrintProbingParsers_jump_toclient:
+ if (pp_port->toclient == NULL) {
+ continue;
+ }
- if (ctx.toclient.id != 1) {
- r = 0;
+ printf(" To_Client: (max-depth: %"PRIu16 ", "
+ "mask - %"PRIu32")\n",
+ pp_port->toclient_max_depth,
+ pp_port->toclient_alproto_mask);
+ pp_pe = pp_port->toclient;
+ for ( ; pp_pe != NULL; pp_pe = pp_pe->next) {
+
+ if (pp_pe->alproto == ALPROTO_HTTP)
+ printf(" alproto: ALPROTO_HTTP\n");
+ else if (pp_pe->alproto == ALPROTO_FTP)
+ printf(" alproto: ALPROTO_FTP\n");
+ else if (pp_pe->alproto == ALPROTO_SMTP)
+ printf(" alproto: ALPROTO_SMTP\n");
+ else if (pp_pe->alproto == ALPROTO_TLS)
+ printf(" alproto: ALPROTO_TLS\n");
+ else if (pp_pe->alproto == ALPROTO_SSH)
+ printf(" alproto: ALPROTO_SSH\n");
+ else if (pp_pe->alproto == ALPROTO_IMAP)
+ printf(" alproto: ALPROTO_IMAP\n");
+ else if (pp_pe->alproto == ALPROTO_MSN)
+ printf(" alproto: ALPROTO_MSN\n");
+ else if (pp_pe->alproto == ALPROTO_JABBER)
+ printf(" alproto: ALPROTO_JABBER\n");
+ else if (pp_pe->alproto == ALPROTO_SMB)
+ printf(" alproto: ALPROTO_SMB\n");
+ else if (pp_pe->alproto == ALPROTO_SMB2)
+ printf(" alproto: ALPROTO_SMB2\n");
+ else if (pp_pe->alproto == ALPROTO_DCERPC)
+ printf(" alproto: ALPROTO_DCERPC\n");
+ else if (pp_pe->alproto == ALPROTO_IRC)
+ printf(" alproto: ALPROTO_IRC\n");
+ else
+ printf("impossible\n");
+
+ printf(" port: %"PRIu16 "\n", pp_pe->port);
+ printf(" mask: %"PRIu32 "\n", pp_pe->alproto_mask);
+ printf(" min_depth: %"PRIu32 "\n", pp_pe->min_depth);
+ printf(" max_depth: %"PRIu32 "\n", pp_pe->max_depth);
+
+ printf("\n");
+ }
+ }
}
- if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_HTTP) {
- r = 0;
- }
+ SCReturn;
+}
- AlpProtoFinalizeGlobal(&ctx);
- AlpProtoFinalizeThread(&ctx, &tctx);
+static inline void AppendAppLayerProtoDetectProbingParserElement(AppLayerProtoDetectProbingParserElement **head_pe,
+ AppLayerProtoDetectProbingParserElement *new_pe)
+{
+ SCEnter();
- uint32_t cnt = mpm_table[ctx.toclient.mpm_ctx.mpm_type].Search(&ctx.toclient.mpm_ctx, &tctx.toclient.mpm_ctx, &tctx.toclient.pmq, l7data, sizeof(l7data));
- if (cnt != 1) {
- printf("cnt %u != 1: ", cnt);
- r = 0;
+ if (*head_pe == NULL) {
+ *head_pe = new_pe;
+ goto end;
}
- AlpProtoTestDestroy(&ctx);
+ if ((*head_pe)->port == 0) {
+ if (new_pe->port != 0) {
+ new_pe->next = *head_pe;
+ *head_pe = new_pe;
+ } else {
+ AppLayerProtoDetectProbingParserElement *temp_pe = *head_pe;
+ while (temp_pe->next != NULL)
+ temp_pe = temp_pe->next;
+ temp_pe->next = new_pe;
+ }
+ } else {
+ AppLayerProtoDetectProbingParserElement *temp_pe = *head_pe;
+ if (new_pe->port == 0) {
+ while (temp_pe->next != NULL)
+ temp_pe = temp_pe->next;
+ temp_pe->next = new_pe;
+ } else {
+ while (temp_pe->next != NULL && temp_pe->next->port != 0)
+ temp_pe = temp_pe->next;
+ new_pe->next = temp_pe->next;
+ temp_pe->next = new_pe;
- return r;
+ }
+ }
+
+ end:
+ SCReturn;
}
-int AlpDetectTest05(void) {
- uint8_t l7data[] = "HTTP/1.1 200 OK\r\nServer: Apache/1.0\r\n\r\n<HTML><BODY>Blahblah</BODY></HTML>";
- char *buf = SCStrdup("HTTP");
- int r = 1;
+static inline void AppendAppLayerProtoDetectProbingParser(AppLayerProtoDetectProbingParser **head_pp,
+ AppLayerProtoDetectProbingParser *new_pp)
+{
+ SCEnter();
+
+ if (*head_pp == NULL) {
+ *head_pp = new_pp;
+ goto end;
+ }
+
+ AppLayerProtoDetectProbingParser *temp_pp = *head_pp;
+ while (temp_pp->next != NULL)
+ temp_pp = temp_pp->next;
+ temp_pp->next = new_pp;
- AlpProtoDetectCtx ctx;
- AlpProtoDetectThreadCtx tctx;
+ end:
+ SCReturn;
+}
- AlpProtoInit(&ctx);
+static inline void AppendAppLayerProtoDetectProbingParserPort(AppLayerProtoDetectProbingParserPort **head_port,
+ AppLayerProtoDetectProbingParserPort *new_port)
+{
+ SCEnter();
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
- SCFree(buf);
+ if (*head_port == NULL) {
+ *head_port = new_port;
+ goto end;
+ }
- if (ctx.toclient.id != 1) {
- r = 0;
+ if ((*head_port)->port == 0) {
+ new_port->next = *head_port;
+ *head_port = new_port;
+ } else {
+ AppLayerProtoDetectProbingParserPort *temp_port = *head_port;
+ while (temp_port->next != NULL && temp_port->next->port != 0) {
+ temp_port = temp_port->next;
+ }
+ new_port->next = temp_port->next;
+ temp_port->next = new_port;
}
- if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_HTTP) {
- r = 0;
+ end:
+ SCReturn;
+}
+
+static inline void AppLayerProtoDetectInsertNewProbingParser(AppLayerProtoDetectProbingParser **pp,
+ uint16_t ip_proto,
+ uint16_t port,
+ uint16_t alproto,
+ uint16_t min_depth, uint16_t max_depth,
+ uint8_t direction,
+ ProbingParserFPtr ProbingParser)
+{
+ SCEnter();
+
+ /* get the top level ipproto pp */
+ AppLayerProtoDetectProbingParser *curr_pp = *pp;
+ while (curr_pp != NULL) {
+ if (curr_pp->ip_proto == ip_proto)
+ break;
+ curr_pp = curr_pp->next;
+ }
+ if (curr_pp == NULL) {
+ AppLayerProtoDetectProbingParser *new_pp = AllocAppLayerProtoDetectProbingParser();
+ new_pp->ip_proto = ip_proto;
+ AppendAppLayerProtoDetectProbingParser(pp, new_pp);
+ curr_pp = new_pp;
}
- buf = SCStrdup("220 ");
- AlpProtoAdd(&ctx, "ftp", IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
- SCFree(buf);
+ /* get the top level port pp */
+ AppLayerProtoDetectProbingParserPort *curr_port = curr_pp->port;
+ while (curr_port != NULL) {
+ if (curr_port->port == port)
+ break;
+ curr_port = curr_port->next;
+ }
+ if (curr_port == NULL) {
+ AppLayerProtoDetectProbingParserPort *new_port = AllocAppLayerProtoDetectProbingParserPort();
+ new_port->port = port;
+ AppendAppLayerProtoDetectProbingParserPort(&curr_pp->port, new_port);
+ curr_port = new_port;
+ if (direction & STREAM_TOSERVER) {
+ curr_port->toserver_max_depth = max_depth;
+ } else {
+ curr_port->toclient_max_depth = max_depth;
+ }
+
+ AppLayerProtoDetectProbingParserPort *zero_port;
+
+ zero_port = curr_pp->port;
+ while (zero_port != NULL && zero_port->port != 0) {
+ zero_port = zero_port->next;
+ }
+ if (zero_port != NULL) {
+ AppLayerProtoDetectProbingParserElement *zero_pe;
+
+ zero_pe = zero_port->toserver;
+ for ( ; zero_pe != NULL; zero_pe = zero_pe->next) {
+ if (curr_port->toserver == NULL)
+ curr_port->toserver_max_depth = zero_pe->max_depth;
+ if (zero_pe->max_depth == 0)
+ curr_port->toserver_max_depth = zero_pe->max_depth;
+ if (curr_port->toserver_max_depth != 0 &&
+ curr_port->toserver_max_depth < zero_pe->max_depth) {
+ curr_port->toserver_max_depth = zero_pe->max_depth;
+ }
+
+ AppLayerProtoDetectProbingParserElement *dup_pe =
+ DuplicateAppLayerProtoDetectProbingParserElement(zero_pe);
+ AppendAppLayerProtoDetectProbingParserElement(&curr_port->toserver, dup_pe);
+ curr_port->toserver_alproto_mask |= dup_pe->alproto_mask;
+ }
+
+ zero_pe = zero_port->toclient;
+ for ( ; zero_pe != NULL; zero_pe = zero_pe->next) {
+ if (curr_port->toclient == NULL)
+ curr_port->toclient_max_depth = zero_pe->max_depth;
+ if (zero_pe->max_depth == 0)
+ curr_port->toclient_max_depth = zero_pe->max_depth;
+ if (curr_port->toclient_max_depth != 0 &&
+ curr_port->toclient_max_depth < zero_pe->max_depth) {
+ curr_port->toclient_max_depth = zero_pe->max_depth;
+ }
+
+ AppLayerProtoDetectProbingParserElement *dup_pe =
+ DuplicateAppLayerProtoDetectProbingParserElement(zero_pe);
+ AppendAppLayerProtoDetectProbingParserElement(&curr_port->toclient, dup_pe);
+ curr_port->toclient_alproto_mask |= dup_pe->alproto_mask;
+ }
+ } /* if (zero_port != NULL) */
+ } /* if (curr_port == NULL) */
+
+ /* insert the pe_pp */
+ AppLayerProtoDetectProbingParserElement *curr_pe;
+ if (direction & STREAM_TOSERVER)
+ curr_pe = curr_port->toserver;
+ else
+ curr_pe = curr_port->toclient;
+ while (curr_pe != NULL) {
+ if (curr_pe->alproto == alproto) {
+ SCLogError(SC_ERR_ALPARSER, "Duplicate pp registered - "
+ "ip_proto - %"PRIu16" Port - %"PRIu16" "
+ "App Protocol - NULL, App Protocol(ID) - "
+ "%"PRIu16" min_depth - %"PRIu16" "
+ "max_dept - %"PRIu16".",
+ ip_proto, port, alproto,
+ min_depth, max_depth);
+ goto error;
+ }
+ curr_pe = curr_pe->next;
+ }
+ /* Get a new parser element */
+ AppLayerProtoDetectProbingParserElement *new_pe =
+ AppLayerProtoDetectCreateAppLayerProtoDetectProbingParserElement(alproto,
+ curr_port->port,
+ min_depth, max_depth,
+ ProbingParser);
+ if (new_pe == NULL)
+ goto error;
+ curr_pe = new_pe;
+ AppLayerProtoDetectProbingParserElement **head_pe;
+ if (direction & STREAM_TOSERVER) {
+ if (curr_port->toserver == NULL)
+ curr_port->toserver_max_depth = new_pe->max_depth;
+ if (new_pe->max_depth == 0)
+ curr_port->toserver_max_depth = new_pe->max_depth;
+ if (curr_port->toserver_max_depth != 0 &&
+ curr_port->toserver_max_depth < new_pe->max_depth) {
+ curr_port->toserver_max_depth = new_pe->max_depth;
+ }
+ curr_port->toserver_alproto_mask |= new_pe->alproto_mask;
+ head_pe = &curr_port->toserver;
+ } else {
+ if (curr_port->toclient == NULL)
+ curr_port->toclient_max_depth = new_pe->max_depth;
+ if (new_pe->max_depth == 0)
+ curr_port->toclient_max_depth = new_pe->max_depth;
+ if (curr_port->toclient_max_depth != 0 &&
+ curr_port->toclient_max_depth < new_pe->max_depth) {
+ curr_port->toclient_max_depth = new_pe->max_depth;
+ }
+ curr_port->toclient_alproto_mask |= new_pe->alproto_mask;
+ head_pe = &curr_port->toclient;
+ }
+ AppendAppLayerProtoDetectProbingParserElement(head_pe, new_pe);
+
+ if (curr_port->port == 0) {
+ AppLayerProtoDetectProbingParserPort *temp_port = curr_pp->port;
+ while (temp_port != NULL && temp_port->port != 0) {
+ if (direction & STREAM_TOSERVER) {
+ if (temp_port->toserver == NULL)
+ temp_port->toserver_max_depth = curr_pe->max_depth;
+ if (curr_pe->max_depth == 0)
+ temp_port->toserver_max_depth = curr_pe->max_depth;
+ if (temp_port->toserver_max_depth != 0 &&
+ temp_port->toserver_max_depth < curr_pe->max_depth) {
+ temp_port->toserver_max_depth = curr_pe->max_depth;
+ }
+ AppendAppLayerProtoDetectProbingParserElement(&temp_port->toserver,
+ DuplicateAppLayerProtoDetectProbingParserElement(curr_pe));
+ temp_port->toserver_alproto_mask |= curr_pe->alproto_mask;
+ } else {
+ if (temp_port->toclient == NULL)
+ temp_port->toclient_max_depth = curr_pe->max_depth;
+ if (curr_pe->max_depth == 0)
+ temp_port->toclient_max_depth = curr_pe->max_depth;
+ if (temp_port->toclient_max_depth != 0 &&
+ temp_port->toclient_max_depth < curr_pe->max_depth) {
+ temp_port->toclient_max_depth = curr_pe->max_depth;
+ }
+ AppendAppLayerProtoDetectProbingParserElement(&temp_port->toclient,
+ DuplicateAppLayerProtoDetectProbingParserElement(curr_pe));
+ temp_port->toclient_alproto_mask |= curr_pe->alproto_mask;
+ }
+ temp_port = temp_port->next;
+ } /* while */
+ } /* if */
+
+ error:
+ SCReturn;
+}
+
+/***** Static Internal Calls: PM registration *****/
+
+static void AppLayerProtoDetectPMGetIpprotos(AppProto alproto,
+ uint8_t *ipprotos)
+{
+ SCEnter();
+
+ AppLayerProtoDetectPMSignature *s;
+ int pat_id, max_pat_id;
+
+ int i, j;
+ uint16_t ipproto;
+
+ for (i = 0; i < FLOW_PROTO_DEFAULT; i++) {
+ ipproto = FlowGetReverseProtoMapping(i);
+ for (j = 0; j < 2; j++) {
+ AppLayerProtoDetectPMCtx *pm_ctx = &alpd_ctx.ctx_ipp[i].ctx_pm[j];
+ max_pat_id = pm_ctx->max_pat_id;
+
+ for (pat_id = 0; pat_id < max_pat_id; pat_id++) {
+ s = pm_ctx->map[pat_id];
+ while (s != NULL) {
+ if (s->alproto == alproto)
+ ipprotos[ipproto / 8] |= 1 << (ipproto % 8);
+ s = s->next;
+ }
+ }
+ }
+ }
+
+ SCReturn;
+}
+
+static int AppLayerProtoDetectPMSetContentIDs(AppLayerProtoDetectPMCtx *ctx)
+{
+ SCEnter();
+
+ typedef struct TempContainer_ {
+ PatIntId id;
+ uint16_t content_len;
+ uint8_t *content;
+ } TempContainer;
+
+ AppLayerProtoDetectPMSignature *s = NULL;
+ uint32_t struct_total_size = 0;
+ uint32_t content_total_size = 0;
+ /* array hash buffer */
+ uint8_t *ahb = NULL;
+ uint8_t *content = NULL;
+ uint8_t content_len = 0;
+ PatIntId max_id = 0;
+ TempContainer *struct_offset = NULL;
+ uint8_t *content_offset = NULL;
+ TempContainer *dup = NULL;
+ int ret = 0;
+
+ if (ctx->head == NULL)
+ goto end;
+
+ for (s = ctx->head; s != NULL; s = s->next) {
+ struct_total_size += sizeof(TempContainer);
+ content_total_size += s->cd->content_len;
+ }
+
+ ahb = SCMalloc(sizeof(uint8_t) * (struct_total_size + content_total_size));
+ if (unlikely(ahb == NULL))
+ goto error;
+
+ struct_offset = (TempContainer *)ahb;
+ content_offset = ahb + struct_total_size;
+ for (s = ctx->head; s != NULL; s = s->next) {
+ dup = (TempContainer *)ahb;
+ content = s->cd->content;
+ content_len = s->cd->content_len;
+
+ for (; dup != struct_offset; dup++) {
+ if (dup->content_len != content_len ||
+ SCMemcmp(dup->content, content, dup->content_len) != 0)
+ {
+ continue;
+ }
+ break;
+ }
+
+ if (dup != struct_offset) {
+ s->cd->id = dup->id;
+ continue;
+ }
+
+ struct_offset->content_len = content_len;
+ struct_offset->content = content_offset;
+ content_offset += content_len;
+ memcpy(struct_offset->content, content, content_len);
+ struct_offset->id = max_id++;
+ s->cd->id = struct_offset->id;
+
+ struct_offset++;
+ }
+
+ ctx->max_pat_id = max_id;
+
+ goto end;
+ error:
+ ret = -1;
+ end:
+ if (ahb != NULL)
+ SCFree(ahb);
+ SCReturnInt(ret);
+}
+
+static int AppLayerProtoDetectPMMapSignatures(AppLayerProtoDetectPMCtx *ctx)
+{
+ SCEnter();
+
+ int ret = 0;
+ PatIntId max_pat_id = 0, tmp_pat_id;
+ AppLayerProtoDetectPMSignature *s, *next_s;
+ int is_ci;
+ int mpm_ret;
+
+ max_pat_id = ctx->max_pat_id;
+
+ ctx->map = SCMalloc((max_pat_id) * sizeof(ctx->map));
+ if (ctx->map == NULL)
+ goto error;
+ memset(ctx->map, 0, (max_pat_id) * sizeof(ctx->map));
+
+ for (s = ctx->head; s != NULL;) {
+ next_s = s->next;
+ s->next = ctx->map[s->cd->id];
+ ctx->map[s->cd->id] = s;
+
+ s = next_s;
+ }
+ ctx->head = NULL;
+
+ for (tmp_pat_id = 0; tmp_pat_id < max_pat_id; tmp_pat_id++) {
+ is_ci = 0;
+ for (s = ctx->map[tmp_pat_id]; s != NULL; s = s->next) {
+ if (s->cd->flags & DETECT_CONTENT_NOCASE) {
+ is_ci = 1;
+ break;
+ }
+ }
+ if (is_ci) {
+ mpm_ret = MpmAddPatternCI(&ctx->mpm_ctx,
+ s->cd->content, s->cd->content_len,
+ 0, 0,
+ tmp_pat_id, 0, 0);
+ if (mpm_ret < 0)
+ goto error;
+ } else {
+ s = ctx->map[tmp_pat_id];
+ mpm_ret = MpmAddPatternCS(&ctx->mpm_ctx,
+ s->cd->content, s->cd->content_len,
+ 0, 0,
+ tmp_pat_id, 0, 0);
+ if (mpm_ret < 0)
+ goto error;
+ }
+ }
+
+ goto end;
+ error:
+ ret = -1;
+ end:
+ SCReturnInt(ret);
+}
+
+static int AppLayerProtoDetectPMPrepareMpm(AppLayerProtoDetectPMCtx *ctx)
+{
+ SCEnter();
+
+ int ret = 0;
+ MpmCtx *mpm_ctx = &ctx->mpm_ctx;
+
+ if (mpm_table[mpm_ctx->mpm_type].Prepare(mpm_ctx) < 0)
+ goto error;
+
+ goto end;
+ error:
+ ret = -1;
+ end:
+ SCReturnInt(ret);
+}
+
+static void AppLayerProtoDetectPMFreeSignature(AppLayerProtoDetectPMSignature *sig)
+{
+ SCEnter();
+ DetectContentFree(sig->cd);
+ SCFree(sig);
+ SCReturn;
+}
+
+static int AppLayerProtoDetectPMAddSignature(AppLayerProtoDetectPMCtx *ctx, DetectContentData *cd,
+ AppProto alproto)
+{
+ SCEnter();
+
+ int ret = 0;
+ AppLayerProtoDetectPMSignature *s = SCMalloc(sizeof(*s));
+ if (unlikely(s == NULL))
+ goto error;
+ memset(s, 0, sizeof(*s));
+
+ s->alproto = alproto;
+ s->cd = cd;
+
+ /* prepend to the list */
+ s->next = ctx->head;
+ ctx->head = s;
+
+ goto end;
+ error:
+ ret = -1;
+ end:
+ SCReturnInt(ret);
+}
+
+static int AppLayerProtoDetectPMRegisterPattern(uint16_t ipproto, uint16_t alproto,
+ char *pattern,
+ uint16_t depth, uint16_t offset,
+ uint8_t direction,
+ uint8_t is_cs)
+{
+ SCEnter();
+
+ AppLayerProtoDetectCtxIpproto *ctx_ipp = &alpd_ctx.ctx_ipp[FlowGetProtoMapping(ipproto)];
+ AppLayerProtoDetectPMCtx *ctx_pm = NULL;
+ DetectContentData *cd;
+ int ret = 0;
+
+ cd = DetectContentParseEncloseQuotes(pattern);
+ if (cd == NULL)
+ goto error;
+ cd->depth = depth;
+ cd->offset = offset;
+ if (!is_cs)
+ cd->flags |= DETECT_CONTENT_NOCASE;
+ if (depth < cd->content_len)
+ goto error;
+
+ if (direction & STREAM_TOSERVER)
+ ctx_pm = (AppLayerProtoDetectPMCtx *)&ctx_ipp->ctx_pm[0];
+ else
+ ctx_pm = (AppLayerProtoDetectPMCtx *)&ctx_ipp->ctx_pm[1];
+
+ if (depth > ctx_pm->max_len)
+ ctx_pm->max_len = depth;
+ if (depth < ctx_pm->min_len)
+ ctx_pm->min_len = depth;
+
+ /* Finally turn it into a signature and add to the ctx. */
+ AppLayerProtoDetectPMAddSignature(ctx_pm, cd, alproto);
+
+ goto end;
+ error:
+ ret = -1;
+ end:
+ SCReturnInt(ret);
+}
+
+/***** Protocol Retrieval *****/
+
+AppProto AppLayerProtoDetectGetProto(void *tctx,
+ Flow *f,
+ uint8_t *buf, uint32_t buflen,
+ uint8_t ipproto, uint8_t direction)
+{
+ SCEnter();
+
+ AppProto alproto = ALPROTO_UNKNOWN;
+ uint16_t pm_results[ALPROTO_MAX];
+ uint16_t pm_matches;
+
+ if (!FLOW_IS_PM_DONE(f, direction)) {
+ pm_matches = AppLayerProtoDetectPMGetProto(tctx,
+ f,
+ buf, buflen,
+ direction,
+ ipproto,
+ pm_results);
+ if (pm_matches > 0) {
+ alproto = pm_results[0];
+ goto end;
+ }
+ }
+
+ if (!FLOW_IS_PP_DONE(f, direction))
+ alproto = AppLayerProtoDetectPPGetProto(f, buf, buflen, ipproto, direction);
+
+ end:
+ SCReturnCT(alproto, "AppProto");
+}
+
+static void AppLayerProtoDetectFreeProbingParsers(AppLayerProtoDetectProbingParser *pp)
+{
+ SCEnter();
+
+ AppLayerProtoDetectProbingParser *tmp_pp = NULL;
+
+ if (pp == NULL)
+ goto end;
+
+ while (pp != NULL) {
+ tmp_pp = pp->next;
+ DeAllocAppLayerProtoDetectProbingParser(pp);
+ pp = tmp_pp;
+ }
+
+ end:
+ SCReturn;
+}
+
+/***** State Preparation *****/
+
+int AppLayerProtoDetectPrepareState(void)
+{
+ SCEnter();
+
+ AppLayerProtoDetectPMCtx *ctx_pm;
+ int i, j;
+ int ret = 0;
+
+ for (i = 0; i < FLOW_PROTO_DEFAULT; i++) {
+ for (j = 0; j < 2; j++) {
+ ctx_pm = &alpd_ctx.ctx_ipp[i].ctx_pm[j];
+
+ if (AppLayerProtoDetectPMSetContentIDs(ctx_pm) < 0)
+ goto error;
+
+ if (ctx_pm->max_pat_id == 0)
+ continue;
+
+ if (AppLayerProtoDetectPMMapSignatures(ctx_pm) < 0)
+ goto error;
+ if (AppLayerProtoDetectPMPrepareMpm(ctx_pm) < 0)
+ goto error;
+ }
+ }
+
+ goto end;
+ error:
+ ret = -1;
+ end:
+ SCReturnInt(ret);
+}
+
+/***** PP registration *****/
+
+void AppLayerProtoDetectPPRegister(uint16_t ipproto,
+ char *portstr,
+ uint16_t alproto,
+ uint16_t min_depth, uint16_t max_depth,
+ uint8_t direction,
+ ProbingParserFPtr ProbingParser)
+{
+ SCEnter();
+
+ DetectPort *head = NULL;
+ DetectPortParse(&head, portstr);
+ DetectPort *temp_dp = head;
+ while (temp_dp != NULL) {
+ uint32_t port = temp_dp->port;
+ if (port == 0 && temp_dp->port2 != 0)
+ port++;
+ for ( ; port <= temp_dp->port2; port++) {
+ AppLayerProtoDetectInsertNewProbingParser(&alpd_ctx.ctx_pp,
+ ipproto,
+ port,
+ alproto,
+ min_depth, max_depth,
+ direction,
+ ProbingParser);
+ }
+ temp_dp = temp_dp->next;
+ }
+ DetectPortCleanupList(head);
+
+ SCReturn;
+}
+
+void AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name,
+ uint16_t ipproto,
+ const char *alproto_name,
+ AppProto alproto,
+ uint16_t min_depth, uint16_t max_depth,
+ ProbingParserFPtr ProbingParser)
+{
+ SCEnter();
+
+ char param[100];
+ int r;
+ ConfNode *node;
+ ConfNode *port_node = NULL;
+
+ r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
+ alproto_name, ".detection-ports");
+ if (r < 0) {
+ SCLogError(SC_ERR_FATAL, "snprintf failure.");
+ exit(EXIT_FAILURE);
+ } else if (r > (int)sizeof(param)) {
+ SCLogError(SC_ERR_FATAL, "buffer not big enough to write param.");
+ exit(EXIT_FAILURE);
+ }
+ node = ConfGetNode(param);
+ if (node == NULL) {
+ SCLogDebug("Entry for %s not found.", param);
+ r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
+ alproto_name, ".", ipproto_name, ".detection-ports");
+ if (r < 0) {
+ SCLogError(SC_ERR_FATAL, "snprintf failure.");
+ exit(EXIT_FAILURE);
+ } else if (r > (int)sizeof(param)) {
+ SCLogError(SC_ERR_FATAL, "buffer not big enough to write param.");
+ exit(EXIT_FAILURE);
+ }
+ node = ConfGetNode(param);
+ if (node == NULL)
+ goto end;
+ }
+
+ port_node = ConfNodeLookupChild(node, "toserver");
+ if (port_node != NULL && port_node->val != NULL) {
+ AppLayerProtoDetectPPRegister(ipproto,
+ port_node->val,
+ alproto,
+ min_depth, max_depth,
+ STREAM_TOSERVER,
+ ProbingParser);
+ }
+ port_node = ConfNodeLookupChild(node, "toclient");
+
+ if (port_node != NULL && port_node->val != NULL) {
+ AppLayerProtoDetectPPRegister(ipproto,
+ port_node->val,
+ alproto,
+ min_depth, max_depth,
+ STREAM_TOCLIENT,
+ ProbingParser);
+
+ }
+
+ end:
+ SCReturn;
+}
+
+/***** PM registration *****/
+
+int AppLayerProtoDetectPMRegisterPatternCS(uint16_t ipproto, AppProto alproto,
+ char *pattern,
+ uint16_t depth, uint16_t offset,
+ uint8_t direction)
+{
+ SCEnter();
+ SCReturnInt(AppLayerProtoDetectPMRegisterPattern(ipproto, alproto,
+ pattern,
+ depth, offset,
+ direction,
+ 1 /* case-sensitive */));
+}
+
+int AppLayerProtoDetectPMRegisterPatternCI(uint16_t ipproto, AppProto alproto,
+ char *pattern,
+ uint16_t depth, uint16_t offset,
+ uint8_t direction)
+{
+ SCEnter();
+ SCReturnInt(AppLayerProtoDetectPMRegisterPattern(ipproto, alproto,
+ pattern,
+ depth, offset,
+ direction,
+ 0 /* !case-sensitive */));
+}
+
+/***** Setup/General Registration *****/
+
+int AppLayerProtoDetectSetup(void)
+{
+ SCEnter();
+
+ int i, j;
+
+ memset(&alpd_ctx, 0, sizeof(alpd_ctx));
+
+ for (i = 0; i < FLOW_PROTO_DEFAULT; i++) {
+ for (j = 0; j < 2; j++) {
+ MpmInitCtx(&alpd_ctx.ctx_ipp[i].ctx_pm[j].mpm_ctx, MPM_AC);
+ }
+ }
+
+ SCReturnInt(0);
+}
+
+/**
+ * \todo incomplete. Need more work.
+ */
+int AppLayerProtoDetectDeSetup(void)
+{
+ SCEnter();
+
+ int ipproto_map = 0;
+ int dir = 0;
+ PatIntId id = 0;
+ AppLayerProtoDetectPMCtx *pm_ctx = NULL;
+ AppLayerProtoDetectPMSignature *sig = NULL, *next_sig = NULL;
+
+ for (ipproto_map = 0; ipproto_map < FLOW_PROTO_DEFAULT; ipproto_map++) {
+ for (dir = 0; dir < 2; dir++) {
+ pm_ctx = &alpd_ctx.ctx_ipp[ipproto_map].ctx_pm[dir];
+ mpm_table[pm_ctx->mpm_ctx.mpm_type].DestroyCtx(pm_ctx->mpm_ctx.ctx);
+ for (id = 0; id < pm_ctx->max_pat_id; id++) {
+ sig = pm_ctx->map[id];
+ next_sig = sig->next;
+ while (sig != NULL) {
+ AppLayerProtoDetectPMFreeSignature(sig);
+ sig = next_sig;
+ }
+ }
+ }
+ }
+
+ AppLayerProtoDetectFreeProbingParsers(alpd_ctx.ctx_pp);
+
+ SCReturnInt(0);
+}
+
+void AppLayerProtoDetectRegisterProtocol(AppProto alproto, char *alproto_name)
+{
+ SCEnter();
+
+ if (alpd_ctx.alproto_names[alproto] != NULL)
+ goto end;
+
+ alpd_ctx.alproto_names[alproto] = alproto_name;
+
+ goto end;
+ end:
+ SCReturn;
+}
+
+int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto,
+ const char *alproto)
+{
+ SCEnter();
+
+ BUG_ON(ipproto == NULL || alproto == NULL);
+
+ int enabled = 1;
+ char param[100];
+ ConfNode *node;
+ int r;
+
+ if (RunmodeIsUnittests())
+ goto enabled;
+
+ r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
+ alproto, ".enabled");
+ if (r < 0) {
+ SCLogError(SC_ERR_FATAL, "snprintf failure.");
+ exit(EXIT_FAILURE);
+ } else if (r > (int)sizeof(param)) {
+ SCLogError(SC_ERR_FATAL, "buffer not big enough to write param.");
+ exit(EXIT_FAILURE);
+ }
+
+ node = ConfGetNode(param);
+ if (node == NULL) {
+ SCLogDebug("Entry for %s not found.", param);
+ r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
+ alproto, ".", ipproto, ".enabled");
+ if (r < 0) {
+ SCLogError(SC_ERR_FATAL, "snprintf failure.");
+ exit(EXIT_FAILURE);
+ } else if (r > (int)sizeof(param)) {
+ SCLogError(SC_ERR_FATAL, "buffer not big enough to write param.");
+ exit(EXIT_FAILURE);
+ }
+
+ node = ConfGetNode(param);
+ if (node == NULL) {
+ SCLogDebug("Entry for %s not found.", param);
+ goto enabled;
+ }
+ }
+
+ if (strcasecmp(node->val, "yes") == 0) {
+ goto enabled;
+ } else if (strcasecmp(node->val, "no") == 0) {
+ goto disabled;
+ } else if (strcasecmp(node->val, "detection-only") == 0) {
+ goto enabled;
+ } else {
+ SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param);
+ exit(EXIT_FAILURE);
+ }
+
+ disabled:
+ enabled = 0;
+ enabled:
+ SCReturnInt(enabled);
+}
+
+void *AppLayerProtoDetectGetCtxThread(void)
+{
+ SCEnter();
+
+ AppLayerProtoDetectCtxThread *alpd_tctx = NULL;
+ MpmCtx *mpm_ctx;
+ MpmThreadCtx *mpm_tctx;
+ int i, j;
+ PatIntId max_pat_id = 0;
+
+ for (i = 0; i < FLOW_PROTO_DEFAULT; i++) {
+ for (j = 0; j < 2; j++) {
+ if (max_pat_id == 0)
+ {
+ max_pat_id = alpd_ctx.ctx_ipp[i].ctx_pm[j].max_pat_id;
+ } else if (alpd_ctx.ctx_ipp[i].ctx_pm[j].max_pat_id &&
+ max_pat_id < alpd_ctx.ctx_ipp[i].ctx_pm[j].max_pat_id)
+ {
+ max_pat_id = alpd_ctx.ctx_ipp[i].ctx_pm[j].max_pat_id;
+ }
+ }
+ }
+
+ alpd_tctx = SCMalloc(sizeof(*alpd_tctx));
+ if (alpd_tctx == NULL)
+ goto error;
+ memset(alpd_tctx, 0, sizeof(*alpd_tctx));
+
+ /* Get the max pat id for all the mpm ctxs. */
+ if (PmqSetup(&alpd_tctx->pmq, max_pat_id) < 0)
+ goto error;
+
+ for (i = 0; i < FLOW_PROTO_DEFAULT; i++) {
+ for (j = 0; j < 2; j++) {
+ mpm_ctx = &alpd_ctx.ctx_ipp[i].ctx_pm[j].mpm_ctx;
+ mpm_tctx = &alpd_tctx->mpm_tctx[i][j];
+ mpm_table[mpm_ctx->mpm_type].InitThreadCtx(mpm_ctx, mpm_tctx, 0);
+ }
+ }
+
+ goto end;
+ error:
+ if (alpd_tctx != NULL)
+ AppLayerProtoDetectDestroyCtxThread(alpd_tctx);
+ alpd_tctx = NULL;
+ end:
+ SCReturnPtr(alpd_tctx, "void *");
+}
+
+void AppLayerProtoDetectDestroyCtxThread(void *tctx)
+{
+ SCEnter();
+
+ AppLayerProtoDetectCtxThread *alpd_tctx = (AppLayerProtoDetectCtxThread *)tctx;
+ MpmCtx *mpm_ctx;
+ MpmThreadCtx *mpm_tctx;
+ int ipproto_map, dir;
+
+ for (ipproto_map = 0; ipproto_map < FLOW_PROTO_DEFAULT; ipproto_map++) {
+ for (dir = 0; dir < 2; dir++) {
+ mpm_ctx = &alpd_ctx.ctx_ipp[ipproto_map].ctx_pm[dir].mpm_ctx;
+ mpm_tctx = &alpd_tctx->mpm_tctx[ipproto_map][dir];
+ mpm_table[mpm_ctx->mpm_type].DestroyThreadCtx(mpm_ctx, mpm_tctx);
+ }
+ }
+ PmqFree(&alpd_tctx->pmq);
+ SCFree(alpd_tctx);
+
+ SCReturn;
+}
+
+/***** Utility *****/
+
+void AppLayerProtoDetectSupportedIpprotos(AppProto alproto, uint8_t *ipprotos)
+{
+ SCEnter();
+
+ AppLayerProtoDetectPMGetIpprotos(alproto, ipprotos);
+ AppLayerProtoDetectPPGetIpprotos(alproto, ipprotos);
+
+ SCReturn;
+}
+
+AppProto AppLayerProtoDetectGetProtoByName(char *alproto_name)
+{
+ SCEnter();
+
+ AppProto a = ALPROTO_UNKNOWN;
+
+ for (a = 0; a < ALPROTO_MAX; a++) {
+ if (alpd_ctx.alproto_names[a] != NULL &&
+ strlen(alpd_ctx.alproto_names[a]) == strlen(alproto_name) &&
+ (SCMemcmp(alpd_ctx.alproto_names[a], alproto_name, strlen(alproto_name)) == 0))
+ {
+ goto end;
+ }
+ }
+
+ end:
+ SCReturnCT(a, "AppProto");
+}
+
+char *AppLayerProtoDetectGetProtoName(AppProto alproto)
+{
+ return alpd_ctx.alproto_names[alproto];
+}
+
+void AppLayerProtoDetectSupportedAppProtocols(AppProto *alprotos)
+{
+ SCEnter();
+
+ memset(alprotos, 0, ALPROTO_MAX * sizeof(AppProto));
+
+ int alproto;
+
+ for (alproto = 0; alproto != ALPROTO_MAX; alproto++) {
+ if (alpd_ctx.alproto_names[alproto] != NULL)
+ alprotos[alproto] = 1;
+ }
+
+ SCReturn;
+}
+
+/***** Unittests *****/
+
+#ifdef UNITTESTS
+
+static AppLayerProtoDetectCtx alpd_ctx_ut;
+
+void AppLayerProtoDetectUnittestCtxBackup(void)
+{
+ SCEnter();
+ alpd_ctx_ut = alpd_ctx;
+ memset(&alpd_ctx, 0, sizeof(alpd_ctx));
+ SCReturn;
+}
+
+void AppLayerProtoDetectUnittestCtxRestore(void)
+{
+ SCEnter();
+ alpd_ctx = alpd_ctx_ut;
+ memset(&alpd_ctx_ut, 0, sizeof(alpd_ctx_ut));
+ SCReturn;
+}
+
+int AppLayerProtoDetectTest01(void)
+{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
+ char *buf;
+ int r = 0;
+
+ buf = "HTTP";
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
+ buf = "GET";
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOSERVER);
+
+ AppLayerProtoDetectPrepareState();
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 1) {
+ printf("Failure - "
+ "alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 1\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1) {
+ printf("Failure - "
+ "alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1\n");
+ goto end;
+ }
+
+ r = 1;
+
+ end:
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
+ return r;
+}
+
+int AppLayerProtoDetectTest02(void)
+{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
+ char *buf;
+ int r = 0;
+
+ buf = "HTTP";
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
+ buf = "ftp";
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
+
+ AppLayerProtoDetectPrepareState();
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n");
+ goto end;
+ }
+
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n");
+ goto end;
+ }
+
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_FTP) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_FTP\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1]->alproto != ALPROTO_HTTP) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1].alproto != ALPROTO_HTTP\n");
+ goto end;
+ }
+
+ r = 1;
+
+ end:
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
+ return r;
+}
+
+int AppLayerProtoDetectTest03(void)
+{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
+ uint8_t l7data[] = "HTTP/1.1 200 OK\r\nServer: Apache/1.0\r\n\r\n";
+ char *buf;
+ int r = 0;
+ Flow f;
+ uint16_t pm_results[ALPROTO_MAX];
+ void *alpd_tctx;
+
+ memset(pm_results, 0, sizeof(pm_results));
+
+ buf = "HTTP";
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
+ buf = "220 ";
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
+
+ AppLayerProtoDetectPrepareState();
+ /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
+ * it sets internal structures which depends on the above function. */
+ alpd_tctx = AppLayerProtoDetectGetCtxThread();
+
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n");
+ goto end;
+ }
+
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n");
+ goto end;
+ }
+
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_FTP) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_FTP\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1]->alproto != ALPROTO_HTTP) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1].alproto != ALPROTO_HTTP\n");
+ goto end;
+ }
+
+ uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx,
+ &f,
+ l7data, sizeof(l7data),
+ STREAM_TOCLIENT,
+ IPPROTO_TCP,
+ pm_results);
+ if (cnt != 1 && pm_results[0] != ALPROTO_HTTP) {
+ printf("cnt != 1 && pm_results[0] != AlPROTO_HTTP\n");
+ goto end;
+ }
+
+ r = 1;
+
+ end:
+ if (alpd_tctx != NULL)
+ AppLayerProtoDetectDestroyCtxThread(alpd_tctx);
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
+ return r;
+}
+
+int AppLayerProtoDetectTest04(void)
+{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
+ uint8_t l7data[] = "HTTP/1.1 200 OK\r\nServer: Apache/1.0\r\n\r\n";
+ char *buf;
+ int r = 0;
+ Flow f;
+ uint16_t pm_results[ALPROTO_MAX];
+ void *alpd_tctx;
+
+ memset(pm_results, 0, sizeof(pm_results));
+
+ buf = "200 ";
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 13, 0, STREAM_TOCLIENT);
+
+ AppLayerProtoDetectPrepareState();
+ /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
+ * it sets internal structures which depends on the above function. */
+ alpd_tctx = AppLayerProtoDetectGetCtxThread();
+
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n");
+ goto end;
+ }
+
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n");
+ goto end;
+ }
+
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_HTTP) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_HTTP\n");
+ goto end;
+ }
+
+ uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx,
+ &f,
+ l7data, sizeof(l7data),
+ STREAM_TOCLIENT,
+ IPPROTO_TCP,
+ pm_results);
+ if (cnt != 1 && pm_results[0] != ALPROTO_HTTP) {
+ printf("cnt != 1 && pm_results[0] != AlPROTO_HTTP\n");
+ goto end;
+ }
+
+ r = 1;
+
+ end:
+ if (alpd_tctx != NULL)
+ AppLayerProtoDetectDestroyCtxThread(alpd_tctx);
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
+ return r;
+}
+
+int AppLayerProtoDetectTest05(void)
+{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
+ uint8_t l7data[] = "HTTP/1.1 200 OK\r\nServer: Apache/1.0\r\n\r\n<HTML><BODY>Blahblah</BODY></HTML>";
+ char *buf;
+ int r = 0;
+ Flow f;
+ uint16_t pm_results[ALPROTO_MAX];
+ void *alpd_tctx;
+
+ memset(pm_results, 0, sizeof(pm_results));
+
+ buf = "HTTP";
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
+ buf = "220 ";
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
+
+ AppLayerProtoDetectPrepareState();
+ /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
+ * it sets internal structures which depends on the above function. */
+ alpd_tctx = AppLayerProtoDetectGetCtxThread();
- if (ctx.toclient.id != 2) {
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n");
+ goto end;
}
- if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_FTP) {
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n");
+ goto end;
}
- AlpProtoFinalizeGlobal(&ctx);
- AlpProtoFinalizeThread(&ctx, &tctx);
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_FTP) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_FTP\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1]->alproto != ALPROTO_HTTP) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1].alproto != ALPROTO_HTTP\n");
+ goto end;
+ }
- uint16_t pm_results[ALPROTO_MAX];
- Flow f;
- AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results);
- if (pm_results[0] != ALPROTO_HTTP) {
- printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_HTTP);
- r = 0;
+ uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx,
+ &f,
+ l7data, sizeof(l7data),
+ STREAM_TOCLIENT,
+ IPPROTO_TCP,
+ pm_results);
+ if (cnt != 1 && pm_results[0] != ALPROTO_HTTP) {
+ printf("cnt != 1 && pm_results[0] != AlPROTO_HTTP\n");
+ goto end;
}
- AlpProtoTestDestroy(&ctx);
+ r = 1;
+ end:
+ if (alpd_tctx != NULL)
+ AppLayerProtoDetectDestroyCtxThread(alpd_tctx);
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
return r;
}
-int AlpDetectTest06(void) {
+int AppLayerProtoDetectTest06(void)
+{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
uint8_t l7data[] = "220 Welcome to the OISF FTP server\r\n";
- char *buf = SCStrdup("HTTP");
- int r = 1;
- AlpProtoDetectCtx ctx;
- AlpProtoDetectThreadCtx tctx;
+ char *buf;
+ int r = 0;
+ Flow f;
+ uint16_t pm_results[ALPROTO_MAX];
+ void *alpd_tctx;
- AlpProtoInit(&ctx);
+ buf = "HTTP";
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
+ buf = "220 ";
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
- SCFree(buf);
+ AppLayerProtoDetectPrepareState();
+ /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
+ * it sets internal structures which depends on the above function. */
+ alpd_tctx = AppLayerProtoDetectGetCtxThread();
- if (ctx.toclient.id != 1) {
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n");
+ goto end;
}
-
- if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_HTTP) {
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n");
+ goto end;
}
- buf = SCStrdup("220 ");
- AlpProtoAdd(&ctx, "ftp", IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
- SCFree(buf);
-
- if (ctx.toclient.id != 2) {
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n");
+ goto end;
}
-
- if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_FTP) {
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n");
+ goto end;
}
- AlpProtoFinalizeGlobal(&ctx);
- AlpProtoFinalizeThread(&ctx, &tctx);
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_FTP) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_FTP\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1]->alproto != ALPROTO_HTTP) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[1].alproto != ALPROTO_HTTP\n");
+ goto end;
+ }
- uint16_t pm_results[ALPROTO_MAX];
- Flow f;
- AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results);
- if (pm_results[0] != ALPROTO_FTP) {
- printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_FTP);
- r = 0;
+ uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx,
+ &f,
+ l7data, sizeof(l7data),
+ STREAM_TOCLIENT,
+ IPPROTO_TCP,
+ pm_results);
+ if (cnt != 1 && pm_results[0] != ALPROTO_FTP) {
+ printf("cnt != 1 && pm_results[0] != AlPROTO_FTP\n");
+ goto end;
}
- AlpProtoTestDestroy(&ctx);
+ r = 1;
+ end:
+ if (alpd_tctx != NULL)
+ AppLayerProtoDetectDestroyCtxThread(alpd_tctx);
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
return r;
}
-int AlpDetectTest07(void) {
+int AppLayerProtoDetectTest07(void)
+{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
uint8_t l7data[] = "220 Welcome to the OISF HTTP/FTP server\r\n";
- char *buf = SCStrdup("HTTP");
- int r = 1;
- AlpProtoDetectCtx ctx;
- AlpProtoDetectThreadCtx tctx;
+ char *buf;
+ int r = 0;
+ Flow f;
+ uint16_t pm_results[ALPROTO_MAX];
+ void *alpd_tctx;
+
+ memset(pm_results, 0, sizeof(pm_results));
- AlpProtoInit(&ctx);
+ buf = "HTTP";
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
- SCFree(buf);
+ AppLayerProtoDetectPrepareState();
+ /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
+ * it sets internal structures which depends on the above function. */
+ alpd_tctx = AppLayerProtoDetectGetCtxThread();
- if (ctx.toclient.id != 1) {
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n");
+ goto end;
}
- if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_HTTP) {
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n");
+ goto end;
}
- AlpProtoFinalizeGlobal(&ctx);
- AlpProtoFinalizeThread(&ctx, &tctx);
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_HTTP) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_HTTP\n");
+ goto end;
+ }
- uint16_t pm_results[ALPROTO_MAX];
- Flow f;
- AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results);
- if (pm_results[0] != ALPROTO_UNKNOWN) {
- printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_UNKNOWN);
- r = 0;
+ uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx,
+ &f,
+ l7data, sizeof(l7data),
+ STREAM_TOCLIENT,
+ IPPROTO_TCP,
+ pm_results);
+ if (cnt != 0) {
+ printf("cnt != 0\n");
+ goto end;
}
- AlpProtoTestDestroy(&ctx);
+ r = 1;
+ end:
+ if (alpd_tctx != NULL)
+ AppLayerProtoDetectDestroyCtxThread(alpd_tctx);
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
return r;
}
-int AlpDetectTest08(void) {
- uint8_t l7data[] = "\x00\x00\x00\x85" // NBSS
- "\xff\x53\x4d\x42\x72\x00\x00\x00" // SMB
- "\x00\x18\x53\xc8\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\xff\xfe\x00\x00\x00\x00"
- "\x00" // WordCount
- "\x62\x00" // ByteCount
- "\x02\x50\x43\x20\x4e\x45\x54\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20"
- "\x31\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00\x02\x57\x69\x6e\x64\x6f\x77\x73"
- "\x20\x66\x6f\x72\x20\x57\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61\x00\x02\x4c"
- "\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54"
- "\x20\x4c\x4d\x20\x30\x2e\x31\x32\x00";
- char *buf = SCStrdup("|ff|SMB");
- int r = 1;
- AlpProtoDetectCtx ctx;
- AlpProtoDetectThreadCtx tctx;
+int AppLayerProtoDetectTest08(void)
+{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
+ uint8_t l7data[] = {
+ 0x00, 0x00, 0x00, 0x85, 0xff, 0x53, 0x4d, 0x42,
+ 0x72, 0x00, 0x00, 0x00, 0x00, 0x18, 0x53, 0xc8,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xfe,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x62, 0x00, 0x02,
+ 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f,
+ 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52,
+ 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02,
+ 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, 0x2e,
+ 0x30, 0x00, 0x02, 0x57, 0x69, 0x6e, 0x64, 0x6f,
+ 0x77, 0x73, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x57,
+ 0x6f, 0x72, 0x6b, 0x67, 0x72, 0x6f, 0x75, 0x70,
+ 0x73, 0x20, 0x33, 0x2e, 0x31, 0x61, 0x00, 0x02,
+ 0x4c, 0x4d, 0x31, 0x2e, 0x32, 0x58, 0x30, 0x30,
+ 0x32, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41,
+ 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4e, 0x54,
+ 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32,
+ 0x00
+ };
+ char *buf;
+ int r = 0;
+ Flow f;
+ uint16_t pm_results[ALPROTO_MAX];
+ void *alpd_tctx;
+
+ memset(pm_results, 0, sizeof(pm_results));
- AlpProtoInit(&ctx);
+ buf = "|ff|SMB";
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB, buf, 8, 4, STREAM_TOCLIENT);
- AlpProtoAdd(&ctx, "smb", IPPROTO_TCP, ALPROTO_SMB, buf, 8, 4, STREAM_TOCLIENT);
- SCFree(buf);
+ AppLayerProtoDetectPrepareState();
+ /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
+ * it sets internal structures which depends on the above function. */
+ alpd_tctx = AppLayerProtoDetectGetCtxThread();
- if (ctx.toclient.id != 1) {
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n");
+ goto end;
}
- if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_SMB) {
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n");
+ goto end;
}
- AlpProtoFinalizeGlobal(&ctx);
- AlpProtoFinalizeThread(&ctx, &tctx);
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_SMB) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_SMB\n");
+ goto end;
+ }
- uint16_t pm_results[ALPROTO_MAX];
- Flow f;
- AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results);
- if (pm_results[0] != ALPROTO_SMB) {
- printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_SMB);
- r = 0;
+ uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx,
+ &f,
+ l7data, sizeof(l7data),
+ STREAM_TOCLIENT,
+ IPPROTO_TCP,
+ pm_results);
+ if (cnt != 1 && pm_results[0] != ALPROTO_SMB) {
+ printf("cnt != 1 && pm_results[0] != AlPROTO_SMB\n");
+ goto end;
}
- AlpProtoTestDestroy(&ctx);
+ r = 1;
+ end:
+ if (alpd_tctx != NULL)
+ AppLayerProtoDetectDestroyCtxThread(alpd_tctx);
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
return r;
}
-int AlpDetectTest09(void) {
- uint8_t l7data[] =
- "\x00\x00\x00\x66" // NBSS
- "\xfe\x53\x4d\x42\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00" // SMB2
- "\x3f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x24\x00\x01\x00x00\x00\x00\x00\x00\x00\x0\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x02";
+int AppLayerProtoDetectTest09(void)
+{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
+ uint8_t l7data[] = {
+ 0x00, 0x00, 0x00, 0x66, 0xfe, 0x53, 0x4d, 0x42,
+ 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x3f, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x01, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x02, 0x02
+ };
+ char *buf;
+ int r = 0;
+ Flow f;
+ uint16_t pm_results[ALPROTO_MAX];
+ void *alpd_tctx;
- char *buf = SCStrdup("|fe|SMB");
- int r = 1;
- AlpProtoDetectCtx ctx;
- AlpProtoDetectThreadCtx tctx;
+ memset(pm_results, 0, sizeof(pm_results));
- AlpProtoInit(&ctx);
+ buf = "|fe|SMB";
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB2, buf, 8, 4, STREAM_TOCLIENT);
- AlpProtoAdd(&ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, buf, 8, 4, STREAM_TOCLIENT);
- SCFree(buf);
+ AppLayerProtoDetectPrepareState();
+ /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
+ * it sets internal structures which depends on the above function. */
+ alpd_tctx = AppLayerProtoDetectGetCtxThread();
- if (ctx.toclient.id != 1) {
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n");
+ goto end;
}
- if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_SMB2) {
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n");
+ goto end;
}
- AlpProtoFinalizeGlobal(&ctx);
- AlpProtoFinalizeThread(&ctx, &tctx);
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_SMB2) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_SMB2\n");
+ goto end;
+ }
- uint16_t pm_results[ALPROTO_MAX];
- Flow f;
- AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results);
- if (pm_results[0] != ALPROTO_SMB2) {
- printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_SMB2);
- r = 0;
+ uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx,
+ &f,
+ l7data, sizeof(l7data),
+ STREAM_TOCLIENT,
+ IPPROTO_TCP,
+ pm_results);
+ if (cnt != 1 && pm_results[0] != ALPROTO_SMB2) {
+ printf("cnt != 1 && pm_results[0] != AlPROTO_SMB2\n");
+ goto end;
}
- AlpProtoTestDestroy(&ctx);
+ r = 1;
+ end:
+ if (alpd_tctx != NULL)
+ AppLayerProtoDetectDestroyCtxThread(alpd_tctx);
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
return r;
}
-int AlpDetectTest10(void) {
- uint8_t l7data[] = "\x05\x00\x0b\x03\x10\x00\x00\x00\x48\x00\x00\x00"
- "\x00\x00\x00\x00\xd0\x16\xd0\x16\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00"
- "\x01\x00\xb8\x4a\x9f\x4d\x1c\x7d\xcf\x11\x86\x1e\x00\x20\xaf\x6e\x7c\x57"
- "\x00\x00\x00\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10"
- "\x48\x60\x02\x00\x00\x00";
- char *buf = SCStrdup("|05 00|");
- int r = 1;
- AlpProtoDetectCtx ctx;
- AlpProtoDetectThreadCtx tctx;
+int AppLayerProtoDetectTest10(void)
+{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
+ uint8_t l7data[] = {
+ 0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00,
+ 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xd0, 0x16, 0xd0, 0x16, 0x00, 0x00, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
+ 0xb8, 0x4a, 0x9f, 0x4d, 0x1c, 0x7d, 0xcf, 0x11,
+ 0x86, 0x1e, 0x00, 0x20, 0xaf, 0x6e, 0x7c, 0x57,
+ 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
+ 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
+ 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00
+ };
+ char *buf;
+ int r = 0;
+ Flow f;
+ uint16_t pm_results[ALPROTO_MAX];
+ void *alpd_tctx;
+
+ memset(pm_results, 0, sizeof(pm_results));
- AlpProtoInit(&ctx);
+ buf = "|05 00|";
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_DCERPC, buf, 4, 0, STREAM_TOCLIENT);
- AlpProtoAdd(&ctx, "dcerpc", IPPROTO_TCP, ALPROTO_DCERPC, buf, 4, 0, STREAM_TOCLIENT);
- SCFree(buf);
+ AppLayerProtoDetectPrepareState();
+ /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
+ * it sets internal structures which depends on the above function. */
+ alpd_tctx = AppLayerProtoDetectGetCtxThread();
- if (ctx.toclient.id != 1) {
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 0\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 2\n");
+ goto end;
}
- if (ctx.toclient.map[ctx.toclient.id - 1] != ALPROTO_DCERPC) {
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n");
+ goto end;
}
- AlpProtoFinalizeGlobal(&ctx);
- AlpProtoFinalizeThread(&ctx, &tctx);
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_DCERPC) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0].alproto != ALPROTO_DCERPC\n");
+ goto end;
+ }
- uint16_t pm_results[ALPROTO_MAX];
- Flow f;
- AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data,sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results);
- if (pm_results[0] != ALPROTO_DCERPC) {
- printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_DCERPC);
- r = 0;
+ uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx,
+ &f,
+ l7data, sizeof(l7data),
+ STREAM_TOCLIENT,
+ IPPROTO_TCP,
+ pm_results);
+ if (cnt != 1 && pm_results[0] != ALPROTO_DCERPC) {
+ printf("cnt != 1 && pm_results[0] != AlPROTO_DCERPC\n");
+ goto end;
}
- AlpProtoTestDestroy(&ctx);
+ r = 1;
+ end:
+ if (alpd_tctx != NULL)
+ AppLayerProtoDetectDestroyCtxThread(alpd_tctx);
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
return r;
}
-/** \test why we still get http for connect... obviously because we also match on the reply, duh */
-int AlpDetectTest11(void) {
+/**
+ * \test Why we still get http for connect... obviously because
+ * we also match on the reply, duh
+ */
+int AppLayerProtoDetectTest11(void)
+{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
uint8_t l7data[] = "CONNECT www.ssllabs.com:443 HTTP/1.0\r\n";
uint8_t l7data_resp[] = "HTTP/1.1 405 Method Not Allowed\r\n";
- int r = 1;
- AlpProtoDetectCtx ctx;
- AlpProtoDetectThreadCtx tctx;
-
- AlpProtoInit(&ctx);
-
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT);
-
- if (ctx.toserver.id != 6) {
- printf("ctx.toserver.id %u != 6: ", ctx.toserver.id);
- r = 0;
+ int r = 0;
+ Flow f;
+ uint16_t pm_results[ALPROTO_MAX];
+ void *alpd_tctx;
+
+ memset(pm_results, 0, sizeof(pm_results));
+
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "CONNECT", 7, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT);
+
+ AppLayerProtoDetectPrepareState();
+ /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
+ * it sets internal structures which depends on the above function. */
+ alpd_tctx = AppLayerProtoDetectGetCtxThread();
+
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 7) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 7\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].max_pat_id != 1\n");
+ goto end;
}
- if (ctx.toserver.map[ctx.toserver.id - 1] != ALPROTO_HTTP) {
- printf("ctx.toserver.id %u != %u: ", ctx.toserver.map[ctx.toserver.id - 1],ALPROTO_HTTP);
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map == NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map == NULL) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map != NULL\n");
+ goto end;
}
- AlpProtoFinalizeGlobal(&ctx);
- AlpProtoFinalizeThread(&ctx, &tctx);
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[0]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[1]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[2]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[3]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[4]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[5]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[6]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[1].map[0]->alproto != ALPROTO_HTTP)
+ {
+ printf("failure 1\n");
+ goto end;
+ }
- uint16_t pm_results[ALPROTO_MAX];
- Flow f;
- AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data, sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results);
- if (pm_results[0] == ALPROTO_HTTP) {
- printf("proto %" PRIu8 " == %" PRIu8 ": ", pm_results[0], ALPROTO_HTTP);
- r = 0;
+ memset(pm_results, 0, sizeof(pm_results));
+ uint32_t cnt = AppLayerProtoDetectPMGetProto(alpd_tctx,
+ &f,
+ l7data, sizeof(l7data),
+ STREAM_TOSERVER,
+ IPPROTO_TCP,
+ pm_results);
+ if (cnt != 1 && pm_results[0] != ALPROTO_HTTP) {
+ printf("l7data - cnt != 1 && pm_results[0] != AlPROTO_HTTP\n");
+ goto end;
}
- AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data_resp, sizeof(l7data_resp), STREAM_TOSERVER, IPPROTO_TCP, pm_results);
- if (pm_results[0] != ALPROTO_HTTP) {
- printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_HTTP);
- r = 0;
+ memset(pm_results, 0, sizeof(pm_results));
+ cnt = AppLayerProtoDetectPMGetProto(alpd_tctx,
+ &f,
+ l7data_resp, sizeof(l7data_resp),
+ STREAM_TOCLIENT,
+ IPPROTO_TCP,
+ pm_results);
+ if (cnt != 1 && pm_results[0] != ALPROTO_HTTP) {
+ printf("l7data_resp - cnt != 1 && pm_results[0] != AlPROTO_HTTP\n");
+ goto end;
}
- AlpProtoTestDestroy(&ctx);
+ r = 1;
+
+ end:
+ if (alpd_tctx != NULL)
+ AppLayerProtoDetectDestroyCtxThread(alpd_tctx);
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
return r;
}
-/** \test AlpProtoSignature test */
-int AlpDetectTest12(void) {
- AlpProtoDetectCtx ctx;
- int r = 0;
+/**
+ * \test AlpProtoSignature test
+ */
+int AppLayerProtoDetectTest12(void)
+{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
- AlpProtoInit(&ctx);
- AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
- AlpProtoFinalizeGlobal(&ctx);
+ int r = 0;
- if (ctx.head == NULL) {
- printf("ctx.head == NULL: ");
- goto end;
- }
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].head == NULL ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map != NULL)
+ {
+ printf("failure 1\n");
+ goto end;
+ }
- if (ctx.head->proto != ALPROTO_HTTP) {
- printf("ctx.head->proto != ALPROTO_HTTP: ");
+ AppLayerProtoDetectPrepareState();
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].max_pat_id != 1) {
+ printf("failure 2\n");
goto end;
}
-
- if (ctx.sigs != 1) {
- printf("ctx.sigs %"PRIu16", expected 1: ", ctx.sigs);
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].head != NULL ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map == NULL)
+ {
+ printf("failure 3\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[0]->alproto != ALPROTO_HTTP) {
+ printf("failure 4\n");
goto end;
}
-
- if (ctx.map == NULL) {
- printf("no mapping: ");
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[0]->cd->id != 0) {
+ printf("failure 5\n");
goto end;
}
-
- if (ctx.map[ctx.head->co->id] != ctx.head) {
- printf("wrong sig: ");
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_TCP].ctx_pm[0].map[0]->next != NULL) {
+ printf("failure 6\n");
goto end;
}
r = 1;
-end:
+
+ end:
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
return r;
}
* \test What about if we add some sigs only for udp but call for tcp?
* It should not detect any proto
*/
-int AlpDetectTest13(void) {
+int AppLayerProtoDetectTest13(void)
+{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
uint8_t l7data[] = "CONNECT www.ssllabs.com:443 HTTP/1.0\r\n";
uint8_t l7data_resp[] = "HTTP/1.1 405 Method Not Allowed\r\n";
- int r = 1;
- AlpProtoDetectCtx ctx;
- AlpProtoDetectThreadCtx tctx;
-
- AlpProtoInit(&ctx);
-
- AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT);
-
- if (ctx.toserver.id != 6) {
- printf("ctx.toserver.id %u != 6: ", ctx.toserver.id);
- r = 0;
+ int r = 0;
+ Flow f;
+ uint16_t pm_results[ALPROTO_MAX];
+ void *alpd_tctx;
+ uint32_t cnt;
+
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "CONNECT", 7, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT);
+
+ AppLayerProtoDetectPrepareState();
+ /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
+ * it sets internal structures which depends on the above function. */
+ alpd_tctx = AppLayerProtoDetectGetCtxThread();
+
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].max_pat_id != 7) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].max_pat_id != 7\n");
+ goto end;
}
-
- if (ctx.toserver.map[ctx.toserver.id - 1] != ALPROTO_HTTP) {
- printf("ctx.toserver.id %u != %u: ", ctx.toserver.map[ctx.toserver.id - 1],ALPROTO_HTTP);
- r = 0;
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[1].max_pat_id != 1) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[1].max_pat_id != 1\n");
+ goto end;
}
- AlpProtoFinalizeGlobal(&ctx);
- AlpProtoFinalizeThread(&ctx, &tctx);
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[0]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[1]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[2]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[3]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[4]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[5]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[6]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[1].map[0]->alproto != ALPROTO_HTTP)
+ {
+ printf("failure 1\n");
+ goto end;
+ }
- uint16_t pm_results[ALPROTO_MAX];
- Flow f;
- AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data, sizeof(l7data), STREAM_TOCLIENT, IPPROTO_TCP, pm_results);
- if (pm_results[0] == ALPROTO_HTTP) {
- printf("proto %" PRIu8 " == %" PRIu8 ": ", pm_results[0], ALPROTO_HTTP);
- r = 0;
+ memset(pm_results, 0, sizeof(pm_results));
+ cnt = AppLayerProtoDetectPMGetProto(alpd_tctx,
+ &f,
+ l7data, sizeof(l7data),
+ STREAM_TOSERVER,
+ IPPROTO_TCP,
+ pm_results);
+ if (cnt != 0) {
+ printf("l7data - cnt != 0\n");
+ goto end;
}
- AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data_resp, sizeof(l7data_resp), STREAM_TOSERVER, IPPROTO_TCP, pm_results);
- if (pm_results[0] == ALPROTO_HTTP) {
- printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_HTTP);
- r = 0;
+ memset(pm_results, 0, sizeof(pm_results));
+ cnt = AppLayerProtoDetectPMGetProto(alpd_tctx,
+ &f,
+ l7data_resp, sizeof(l7data_resp),
+ STREAM_TOCLIENT,
+ IPPROTO_TCP,
+ pm_results);
+ if (cnt != 0) {
+ printf("l7data_resp - cnt != 0\n");
+ goto end;
}
- AlpProtoTestDestroy(&ctx);
+ r = 1;
+
+ end:
+ if (alpd_tctx != NULL)
+ AppLayerProtoDetectDestroyCtxThread(alpd_tctx);
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
return r;
}
* It should detect ALPROTO_HTTP (over udp). This is just a check
* to ensure that TCP/UDP differences work correctly.
*/
-int AlpDetectTest14(void) {
+int AppLayerProtoDetectTest14(void)
+{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
uint8_t l7data[] = "CONNECT www.ssllabs.com:443 HTTP/1.0\r\n";
uint8_t l7data_resp[] = "HTTP/1.1 405 Method Not Allowed\r\n";
- int r = 1;
- AlpProtoDetectCtx ctx;
- AlpProtoDetectThreadCtx tctx;
-
- AlpProtoInit(&ctx);
+ int r = 0;
+ Flow f;
+ uint16_t pm_results[ALPROTO_MAX];
+ void *alpd_tctx;
+ uint32_t cnt;
+
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "CONNECT", 7, 0, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT);
+
+ AppLayerProtoDetectPrepareState();
+ /* AppLayerProtoDetectGetCtxThread() should be called post AppLayerProtoDetectPrepareState(), since
+ * it sets internal structures which depends on the above function. */
+ alpd_tctx = AppLayerProtoDetectGetCtxThread();
+
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].max_pat_id != 7) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].max_pat_id != 7\n");
+ goto end;
+ }
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[1].max_pat_id != 1) {
+ printf("alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[1].max_pat_id != 1\n");
+ goto end;
+ }
- AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER);
- AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT);
+ if (alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[0]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[1]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[2]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[3]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[4]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[5]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[0].map[6]->alproto != ALPROTO_HTTP ||
+ alpd_ctx.ctx_ipp[FLOW_PROTO_UDP].ctx_pm[1].map[0]->alproto != ALPROTO_HTTP)
+ {
+ printf("failure 1\n");
+ goto end;
+ }
- if (ctx.toserver.id != 6) {
- printf("ctx.toserver.id %u != 6: ", ctx.toserver.id);
- r = 0;
+ memset(pm_results, 0, sizeof(pm_results));
+ cnt = AppLayerProtoDetectPMGetProto(alpd_tctx,
+ &f,
+ l7data, sizeof(l7data),
+ STREAM_TOSERVER,
+ IPPROTO_UDP,
+ pm_results);
+ if (cnt != 1 && pm_results[0] != ALPROTO_HTTP) {
+ printf("l7data - cnt != 0\n");
+ goto end;
}
- if (ctx.toserver.map[ctx.toserver.id - 1] != ALPROTO_HTTP) {
- printf("ctx.toserver.id %u != %u: ", ctx.toserver.map[ctx.toserver.id - 1],ALPROTO_HTTP);
- r = 0;
+ memset(pm_results, 0, sizeof(pm_results));
+ cnt = AppLayerProtoDetectPMGetProto(alpd_tctx,
+ &f,
+ l7data_resp, sizeof(l7data_resp),
+ STREAM_TOCLIENT,
+ IPPROTO_UDP,
+ pm_results);
+ if (cnt != 1 && pm_results[0] != ALPROTO_HTTP) {
+ printf("l7data_resp - cnt != 0\n");
+ goto end;
}
- AlpProtoFinalizeGlobal(&ctx);
- AlpProtoFinalizeThread(&ctx, &tctx);
+ r = 1;
- uint16_t pm_results[ALPROTO_MAX];
- Flow f;
- AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data, sizeof(l7data), STREAM_TOCLIENT, IPPROTO_UDP, pm_results);
- if (pm_results[0] == ALPROTO_HTTP) {
- printf("proto %" PRIu8 " == %" PRIu8 ": ", pm_results[0], ALPROTO_HTTP);
- r = 0;
+ end:
+ if (alpd_tctx != NULL)
+ AppLayerProtoDetectDestroyCtxThread(alpd_tctx);
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
+ return r;
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+typedef struct AppLayerProtoDetectPPTestDataElement_ {
+ char *alproto_name;
+ uint16_t alproto;
+ uint16_t port;
+ uint32_t alproto_mask;
+ uint32_t min_depth;
+ uint32_t max_depth;
+} AppLayerProtoDetectPPTestDataElement;
+
+typedef struct AppLayerProtoDetectPPTestDataPort_ {
+ uint16_t port;
+ uint32_t toserver_alproto_mask;
+ uint32_t toclient_alproto_mask;
+ uint16_t toserver_max_depth;
+ uint16_t toclient_max_depth;
+
+ AppLayerProtoDetectPPTestDataElement *toserver_element;
+ AppLayerProtoDetectPPTestDataElement *toclient_element;
+ int ts_no_of_element;
+ int tc_no_of_element;
+} AppLayerProtoDetectPPTestDataPort;
+
+
+typedef struct AppLayerProtoDetectPPTestDataIPProto_ {
+ uint16_t ip_proto;
+
+ AppLayerProtoDetectPPTestDataPort *port;
+ int no_of_port;
+} AppLayerProtoDetectPPTestDataIPProto;
+
+static int AppLayerProtoDetectPPTestData(AppLayerProtoDetectProbingParser *pp,
+ AppLayerProtoDetectPPTestDataIPProto *ip_proto,
+ int no_of_ip_proto)
+{
+ int result = 0;
+ int i, j, k;
+#ifdef DEBUG
+ int dir = 0;
+#endif
+ for (i = 0; i < no_of_ip_proto; i++, pp = pp->next) {
+ if (pp->ip_proto != ip_proto[i].ip_proto)
+ goto end;
+
+ AppLayerProtoDetectProbingParserPort *pp_port = pp->port;
+ for (k = 0; k < ip_proto[i].no_of_port; k++, pp_port = pp_port->next) {
+ if (pp_port->port != ip_proto[i].port[k].port)
+ goto end;
+ if (pp_port->toserver_alproto_mask != ip_proto[i].port[k].toserver_alproto_mask)
+ goto end;
+ if (pp_port->toclient_alproto_mask != ip_proto[i].port[k].toclient_alproto_mask)
+ goto end;
+ if (pp_port->toserver_max_depth != ip_proto[i].port[k].toserver_max_depth)
+ goto end;
+ if (pp_port->toclient_max_depth != ip_proto[i].port[k].toclient_max_depth)
+ goto end;
+
+ AppLayerProtoDetectProbingParserElement *pp_element = pp_port->toserver;
+#ifdef DEBUG
+ dir = 0;
+#endif
+ for (j = 0 ; j < ip_proto[i].port[k].ts_no_of_element;
+ j++, pp_element = pp_element->next) {
+
+ if (pp_element->alproto != ip_proto[i].port[k].toserver_element[j].alproto) {
+ goto end;
+ }
+ if (pp_element->port != ip_proto[i].port[k].toserver_element[j].port) {
+ goto end;
+ }
+ if (pp_element->alproto_mask != ip_proto[i].port[k].toserver_element[j].alproto_mask) {
+ goto end;
+ }
+ if (pp_element->min_depth != ip_proto[i].port[k].toserver_element[j].min_depth) {
+ goto end;
+ }
+ if (pp_element->max_depth != ip_proto[i].port[k].toserver_element[j].max_depth) {
+ goto end;
+ }
+ } /* for */
+ if (pp_element != NULL)
+ goto end;
+
+ pp_element = pp_port->toclient;
+#ifdef DEBUG
+ dir = 1;
+#endif
+ for (j = 0 ; j < ip_proto[i].port[k].tc_no_of_element; j++, pp_element = pp_element->next) {
+ if (pp_element->alproto != ip_proto[i].port[k].toclient_element[j].alproto) {
+ goto end;
+ }
+ if (pp_element->port != ip_proto[i].port[k].toclient_element[j].port) {
+ goto end;
+ }
+ if (pp_element->alproto_mask != ip_proto[i].port[k].toclient_element[j].alproto_mask) {
+ goto end;
+ }
+ if (pp_element->min_depth != ip_proto[i].port[k].toclient_element[j].min_depth) {
+ goto end;
+ }
+ if (pp_element->max_depth != ip_proto[i].port[k].toclient_element[j].max_depth) {
+ goto end;
+ }
+ } /* for */
+ if (pp_element != NULL)
+ goto end;
+ }
+ if (pp_port != NULL)
+ goto end;
}
+ if (pp != NULL)
+ goto end;
+
+ result = 1;
+ end:
+#ifdef DEBUG
+ printf("i = %d, k = %d, j = %d(%s)\n", i, k, j, (dir == 0) ? "ts" : "tc");
+#endif
+ return result;
+}
+
+static uint16_t ProbingParserDummyForTesting(uint8_t *input,
+ uint32_t input_len,
+ uint32_t *offset)
+{
+ return 0;
+}
+
+static int AppLayerProtoDetectTest15(void)
+{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
+ int result = 0;
+
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "80",
+ ALPROTO_HTTP,
+ 5, 8,
+ STREAM_TOSERVER,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "80",
+ ALPROTO_SMB,
+ 5, 6,
+ STREAM_TOSERVER,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "80",
+ ALPROTO_FTP,
+ 7, 10,
+ STREAM_TOSERVER,
+ ProbingParserDummyForTesting);
+
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "81",
+ ALPROTO_DCERPC,
+ 9, 10,
+ STREAM_TOSERVER,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "81",
+ ALPROTO_FTP,
+ 7, 15,
+ STREAM_TOSERVER,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "0",
+ ALPROTO_SMTP,
+ 12, 0,
+ STREAM_TOSERVER,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "0",
+ ALPROTO_TLS,
+ 12, 18,
+ STREAM_TOSERVER,
+ ProbingParserDummyForTesting);
+
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "85",
+ ALPROTO_DCERPC,
+ 9, 10,
+ STREAM_TOSERVER,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "85",
+ ALPROTO_FTP,
+ 7, 15,
+ STREAM_TOSERVER,
+ ProbingParserDummyForTesting);
+ result = 1;
- AppLayerDetectGetProtoPMParser(&ctx, &tctx, &f, l7data_resp, sizeof(l7data_resp), STREAM_TOSERVER, IPPROTO_UDP, pm_results);
- if (pm_results[0] != ALPROTO_HTTP) {
- printf("proto %" PRIu8 " != %" PRIu8 ": ", pm_results[0], ALPROTO_HTTP);
- r = 0;
+ AppLayerProtoDetectPPRegister(IPPROTO_UDP,
+ "85",
+ ALPROTO_IMAP,
+ 12, 23,
+ STREAM_TOSERVER,
+ ProbingParserDummyForTesting);
+
+ /* toclient */
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "0",
+ ALPROTO_JABBER,
+ 12, 23,
+ STREAM_TOCLIENT,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "0",
+ ALPROTO_IRC,
+ 12, 14,
+ STREAM_TOCLIENT,
+ ProbingParserDummyForTesting);
+
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "85",
+ ALPROTO_DCERPC,
+ 9, 10,
+ STREAM_TOCLIENT,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "81",
+ ALPROTO_FTP,
+ 7, 15,
+ STREAM_TOCLIENT,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "0",
+ ALPROTO_TLS,
+ 12, 18,
+ STREAM_TOCLIENT,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "80",
+ ALPROTO_HTTP,
+ 5, 8,
+ STREAM_TOCLIENT,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "81",
+ ALPROTO_DCERPC,
+ 9, 10,
+ STREAM_TOCLIENT,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "90",
+ ALPROTO_FTP,
+ 7, 15,
+ STREAM_TOCLIENT,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "80",
+ ALPROTO_SMB,
+ 5, 6,
+ STREAM_TOCLIENT,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_UDP,
+ "85",
+ ALPROTO_IMAP,
+ 12, 23,
+ STREAM_TOCLIENT,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "0",
+ ALPROTO_SMTP,
+ 12, 17,
+ STREAM_TOCLIENT,
+ ProbingParserDummyForTesting);
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "80",
+ ALPROTO_FTP,
+ 7, 10,
+ STREAM_TOCLIENT,
+ ProbingParserDummyForTesting);
+
+ AppLayerProtoDetectPPTestDataElement element_ts_80[] = {
+ { "http", ALPROTO_HTTP, 80, 1 << ALPROTO_HTTP, 5, 8 },
+ { "smb", ALPROTO_SMB, 80, 1 << ALPROTO_SMB, 5, 6 },
+ { "ftp", ALPROTO_FTP, 80, 1 << ALPROTO_FTP, 7, 10 },
+ { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 },
+ { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
+ { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 },
+ { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
+ };
+ AppLayerProtoDetectPPTestDataElement element_tc_80[] = {
+ { "http", ALPROTO_HTTP, 80, 1 << ALPROTO_HTTP, 5, 8 },
+ { "smb", ALPROTO_SMB, 80, 1 << ALPROTO_SMB, 5, 6 },
+ { "ftp", ALPROTO_FTP, 80, 1 << ALPROTO_FTP, 7, 10 },
+ { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
+ { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 },
+ { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
+ { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 }
+ };
+
+ AppLayerProtoDetectPPTestDataElement element_ts_81[] = {
+ { "dcerpc", ALPROTO_DCERPC, 81, 1 << ALPROTO_DCERPC, 9, 10 },
+ { "ftp", ALPROTO_FTP, 81, 1 << ALPROTO_FTP, 7, 15 },
+ { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 },
+ { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
+ { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 },
+ { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
+ };
+ AppLayerProtoDetectPPTestDataElement element_tc_81[] = {
+ { "ftp", ALPROTO_FTP, 81, 1 << ALPROTO_FTP, 7, 15 },
+ { "dcerpc", ALPROTO_DCERPC, 81, 1 << ALPROTO_DCERPC, 9, 10 },
+ { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
+ { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 },
+ { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
+ { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 }
+ };
+
+ AppLayerProtoDetectPPTestDataElement element_ts_85[] = {
+ { "dcerpc", ALPROTO_DCERPC, 85, 1 << ALPROTO_DCERPC, 9, 10 },
+ { "ftp", ALPROTO_FTP, 85, 1 << ALPROTO_FTP, 7, 15 },
+ { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 },
+ { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
+ { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 },
+ { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
+ };
+ AppLayerProtoDetectPPTestDataElement element_tc_85[] = {
+ { "dcerpc", ALPROTO_DCERPC, 85, 1 << ALPROTO_DCERPC, 9, 10 },
+ { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
+ { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 },
+ { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
+ { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 }
+ };
+
+ AppLayerProtoDetectPPTestDataElement element_ts_90[] = {
+ { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 },
+ { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
+ { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 },
+ { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
+ };
+ AppLayerProtoDetectPPTestDataElement element_tc_90[] = {
+ { "ftp", ALPROTO_FTP, 90, 1 << ALPROTO_FTP, 7, 15 },
+ { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
+ { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 },
+ { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
+ { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 }
+ };
+
+ AppLayerProtoDetectPPTestDataElement element_ts_0[] = {
+ { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 },
+ { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
+ { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 },
+ { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
+ };
+ AppLayerProtoDetectPPTestDataElement element_tc_0[] = {
+ { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
+ { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 },
+ { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
+ { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 }
+ };
+
+
+ AppLayerProtoDetectPPTestDataElement element_ts_85_udp[] = {
+ { "imap", ALPROTO_IMAP, 85, 1 << ALPROTO_IMAP, 12, 23 },
+ };
+ AppLayerProtoDetectPPTestDataElement element_tc_85_udp[] = {
+ { "imap", ALPROTO_IMAP, 85, 1 << ALPROTO_IMAP, 12, 23 },
+ };
+
+ AppLayerProtoDetectPPTestDataPort ports_tcp[] = {
+ { 80,
+ ((1 << ALPROTO_HTTP) | (1 << ALPROTO_SMB) | (1 << ALPROTO_FTP) |
+ (1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)),
+ ((1 << ALPROTO_HTTP) | (1 << ALPROTO_SMB) | (1 << ALPROTO_FTP) |
+ (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)),
+ 0, 23,
+ element_ts_80, element_tc_80,
+ sizeof(element_ts_80) / sizeof(AppLayerProtoDetectPPTestDataElement),
+ sizeof(element_tc_80) / sizeof(AppLayerProtoDetectPPTestDataElement),
+ },
+ { 81,
+ ((1 << ALPROTO_DCERPC) | (1 << ALPROTO_FTP) |
+ (1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)),
+ ((1 << ALPROTO_FTP) | (1 << ALPROTO_DCERPC) |
+ (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)),
+ 0, 23,
+ element_ts_81, element_tc_81,
+ sizeof(element_ts_81) / sizeof(AppLayerProtoDetectPPTestDataElement),
+ sizeof(element_tc_81) / sizeof(AppLayerProtoDetectPPTestDataElement),
+ },
+ { 85,
+ ((1 << ALPROTO_DCERPC) | (1 << ALPROTO_FTP) |
+ (1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)),
+ ((1 << ALPROTO_DCERPC) |
+ (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)),
+ 0, 23,
+ element_ts_85, element_tc_85,
+ sizeof(element_ts_85) / sizeof(AppLayerProtoDetectPPTestDataElement),
+ sizeof(element_tc_85) / sizeof(AppLayerProtoDetectPPTestDataElement)
+ },
+ { 90,
+ ((1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)),
+ ((1 << ALPROTO_FTP) |
+ (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)),
+ 0, 23,
+ element_ts_90, element_tc_90,
+ sizeof(element_ts_90) / sizeof(AppLayerProtoDetectPPTestDataElement),
+ sizeof(element_tc_90) / sizeof(AppLayerProtoDetectPPTestDataElement)
+ },
+ { 0,
+ ((1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)),
+ ((1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)),
+ 0, 23,
+ element_ts_0, element_tc_0,
+ sizeof(element_ts_0) / sizeof(AppLayerProtoDetectPPTestDataElement),
+ sizeof(element_tc_0) / sizeof(AppLayerProtoDetectPPTestDataElement)
+ }
+ };
+
+ AppLayerProtoDetectPPTestDataPort ports_udp[] = {
+ { 85,
+ (1 << ALPROTO_IMAP),
+ (1 << ALPROTO_IMAP),
+ 23, 23,
+ element_ts_85_udp, element_tc_85_udp,
+ sizeof(element_ts_85_udp) / sizeof(AppLayerProtoDetectPPTestDataElement),
+ sizeof(element_tc_85_udp) / sizeof(AppLayerProtoDetectPPTestDataElement),
+ },
+ };
+
+ AppLayerProtoDetectPPTestDataIPProto ip_proto[] = {
+ { IPPROTO_TCP,
+ ports_tcp,
+ sizeof(ports_tcp) / sizeof(AppLayerProtoDetectPPTestDataPort),
+ },
+ { IPPROTO_UDP,
+ ports_udp,
+ sizeof(ports_udp) / sizeof(AppLayerProtoDetectPPTestDataPort),
+ },
+ };
+
+
+ if (AppLayerProtoDetectPPTestData(alpd_ctx.ctx_pp, ip_proto,
+ sizeof(ip_proto) / sizeof(AppLayerProtoDetectPPTestDataIPProto)) == 0) {
+ goto end;
}
+ result = 1;
- AlpProtoTestDestroy(&ctx);
- return r;
+ end:
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
+ return result;
}
+
/** \test test if the engine detect the proto and match with it */
-static int AlpDetectTestSig1(void)
+static int AppLayerProtoDetectTest16(void)
{
int result = 0;
Flow *f = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
DetectEngineCtx *de_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&ssn, 0, sizeof(TcpSession));
goto end;
}
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
p->flow = f;
p->flowflags |= FLOW_PKT_TOSERVER;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
- SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ SCMutexLock(&f->m);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f->m);
goto end;
}
result = 1;
-end:
+ end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
/** \test test if the engine detect the proto on a non standar port
* and match with it */
-static int AlpDetectTestSig2(void)
+static int AppLayerProtoDetectTest17(void)
{
int result = 0;
Flow *f = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
DetectEngineCtx *de_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&ssn, 0, sizeof(TcpSession));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
p->flow = f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f->m);
result = 1;
-end:
+ end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
/** \test test if the engine detect the proto and doesn't match
* because the sig expects another proto (ex ftp)*/
-static int AlpDetectTestSig3(void)
+static int AppLayerProtoDetectTest18(void)
{
int result = 0;
Flow *f = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
DetectEngineCtx *de_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&ssn, 0, sizeof(TcpSession));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
p->flow = f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f->m);
}
result = 1;
-end:
+ end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
/** \test test if the engine detect the proto and doesn't match
* because the packet has another proto (ex ftp) */
-static int AlpDetectTestSig4(void)
+static int AppLayerProtoDetectTest19(void)
{
int result = 0;
Flow *f = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
DetectEngineCtx *de_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&ssn, 0, sizeof(TcpSession));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
p->flow = f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_FTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_FTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f->m);
result = 1;
-end:
+ end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
/** \test test if the engine detect the proto and match with it
* and also against a content option */
-static int AlpDetectTestSig5(void)
+static int AppLayerProtoDetectTest20(void)
{
int result = 0;
Flow *f = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
DetectEngineCtx *de_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&ssn, 0, sizeof(TcpSession));
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f->m);
result = 1;
-end:
+ end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
return result;
}
-#endif /* UNITTESTS */
-void AlpDetectRegisterTests(void) {
-#ifdef UNITTESTS
- UtRegisterTest("AlpDetectTest01", AlpDetectTest01, 1);
- UtRegisterTest("AlpDetectTest02", AlpDetectTest02, 1);
- UtRegisterTest("AlpDetectTest03", AlpDetectTest03, 1);
- UtRegisterTest("AlpDetectTest04", AlpDetectTest04, 1);
- UtRegisterTest("AlpDetectTest05", AlpDetectTest05, 1);
- UtRegisterTest("AlpDetectTest06", AlpDetectTest06, 1);
- UtRegisterTest("AlpDetectTest07", AlpDetectTest07, 1);
- UtRegisterTest("AlpDetectTest08", AlpDetectTest08, 1);
- UtRegisterTest("AlpDetectTest09", AlpDetectTest09, 1);
- UtRegisterTest("AlpDetectTest10", AlpDetectTest10, 1);
- UtRegisterTest("AlpDetectTest11", AlpDetectTest11, 1);
- UtRegisterTest("AlpDetectTest12", AlpDetectTest12, 1);
- UtRegisterTest("AlpDetectTest13", AlpDetectTest13, 1);
- UtRegisterTest("AlpDetectTest14", AlpDetectTest14, 1);
- UtRegisterTest("AlpDetectTestSig1", AlpDetectTestSig1, 1);
- UtRegisterTest("AlpDetectTestSig2", AlpDetectTestSig2, 1);
- UtRegisterTest("AlpDetectTestSig3", AlpDetectTestSig3, 1);
- UtRegisterTest("AlpDetectTestSig4", AlpDetectTestSig4, 1);
- UtRegisterTest("AlpDetectTestSig5", AlpDetectTestSig5, 1);
-#endif /* UNITTESTS */
+void AppLayerProtoDetectUnittestsRegister(void)
+{
+ SCEnter();
+
+ UtRegisterTest("AppLayerProtoDetectTest01", AppLayerProtoDetectTest01, 1);
+ UtRegisterTest("AppLayerProtoDetectTest02", AppLayerProtoDetectTest02, 1);
+ UtRegisterTest("AppLayerProtoDetectTest03", AppLayerProtoDetectTest03, 1);
+ UtRegisterTest("AppLayerProtoDetectTest04", AppLayerProtoDetectTest04, 1);
+ UtRegisterTest("AppLayerProtoDetectTest05", AppLayerProtoDetectTest05, 1);
+ UtRegisterTest("AppLayerProtoDetectTest06", AppLayerProtoDetectTest06, 1);
+ UtRegisterTest("AppLayerProtoDetectTest07", AppLayerProtoDetectTest07, 1);
+ UtRegisterTest("AppLayerProtoDetectTest08", AppLayerProtoDetectTest08, 1);
+ UtRegisterTest("AppLayerProtoDetectTest09", AppLayerProtoDetectTest09, 1);
+ UtRegisterTest("AppLayerProtoDetectTest10", AppLayerProtoDetectTest10, 1);
+ UtRegisterTest("AppLayerProtoDetectTest11", AppLayerProtoDetectTest11, 1);
+ UtRegisterTest("AppLayerProtoDetectTest12", AppLayerProtoDetectTest12, 1);
+ UtRegisterTest("AppLayerProtoDetectTest13", AppLayerProtoDetectTest13, 1);
+ UtRegisterTest("AppLayerProtoDetectTest14", AppLayerProtoDetectTest14, 1);
+ UtRegisterTest("AppLayerProtoDetectTest15", AppLayerProtoDetectTest15, 1);
+ UtRegisterTest("AppLayerProtoDetectTest16", AppLayerProtoDetectTest16, 1);
+ UtRegisterTest("AppLayerProtoDetectTest17", AppLayerProtoDetectTest17, 1);
+ UtRegisterTest("AppLayerProtoDetectTest18", AppLayerProtoDetectTest18, 1);
+ UtRegisterTest("AppLayerProtoDetectTest19", AppLayerProtoDetectTest19, 1);
+ UtRegisterTest("AppLayerProtoDetectTest20", AppLayerProtoDetectTest20, 1);
+
+ SCReturn;
}
+
+#endif /* UNITTESTS */
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2014 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* \file
*
* \author Victor Julien <victor@inliniac.net>
+ * \author Anoop Saldanha <anoopsaldanha@gmail.com>
*/
-#ifndef __APP_LAYER_DETECT_PROTO_H__
-#define __APP_LAYER_DETECT_PROTO_H__
+#ifndef __APP_LAYER_DETECT_PROTO__H__
+#define __APP_LAYER_DETECT_PROTO__H__
-#include "stream.h"
-#include "detect-content.h"
-#include "app-layer-parser.h"
+typedef uint16_t (*ProbingParserFPtr)(uint8_t *input, uint32_t input_len,
+ uint32_t *offset);
-/** \brief Signature for proto detection
- * \todo we might just use SigMatch here
+/***** Protocol Retrieval *****/
+
+/**
+ * \brief Returns the app layer protocol given a buffer.
+ *
+ * \param tctx Pointer to the app layer protocol detection thread context.
+ * \param f Pointer to the flow.
+ * \param buf The buffer to be inspected.
+ * \param buflen The length of the above buffer.
+ * \param ipproto The ip protocol.
+ * \param direction The direction bitfield - STREAM_TOSERVER/STREAM_TOCLIENT.
+ *
+ * \retval The app layer protocol.
+ */
+AppProto AppLayerProtoDetectGetProto(void *tctx,
+ Flow *f,
+ uint8_t *buf, uint32_t buflen,
+ uint8_t ipproto, uint8_t direction);
+
+/***** State Preparation *****/
+
+/**
+ * \brief Prepares the internal state for protocol detection.
+ * This needs to be called once all the patterns and probing parser
+ * ports have been registered.
+ */
+int AppLayerProtoDetectPrepareState(void);
+
+/***** PP registration *****/
+
+void AppLayerProtoDetectPPRegister(uint16_t ipproto,
+ char *portstr,
+ AppProto alproto,
+ uint16_t min_depth, uint16_t max_depth,
+ uint8_t direction,
+ ProbingParserFPtr ProbingParser);
+void AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name,
+ uint16_t ipproto,
+ const char *alproto_name,
+ AppProto alproto,
+ uint16_t min_depth, uint16_t max_depth,
+ ProbingParserFPtr ProbingParser);
+
+/***** PM registration *****/
+
+/**
+ * \brief Registers a case-sensitive pattern for protocol detection.
+ */
+int AppLayerProtoDetectPMRegisterPatternCS(uint16_t ipproto, AppProto alproto,
+ char *pattern,
+ uint16_t depth, uint16_t offset,
+ uint8_t direction);
+/**
+ * \brief Registers a case-insensitive pattern for protocol detection.
+ */
+int AppLayerProtoDetectPMRegisterPatternCI(uint16_t ipproto, AppProto alproto,
+ char *pattern,
+ uint16_t depth, uint16_t offset,
+ uint8_t direction);
+
+/***** Setup/General Registration *****/
+
+/**
+ * \brief The first function to be called. This initializes a global
+ * protocol detection context.
+ *
+ * \retval 0 On succcess;
+ * \retval -1 On failure.
+ */
+int AppLayerProtoDetectSetup(void);
+
+/**
+ * \brief Cleans up the app layer protocol detection phase.
+ */
+int AppLayerProtoDetectDeSetup(void);
+
+/**
+ * \brief Registers a protocol for protocol detection phase.
+ *
+ * This is the first function to be called after calling the
+ * setup function, AppLayerProtoDetectSetup(), before calling any other
+ * app layer functions, AppLayerParser or AppLayerProtoDetect, alike.
+ * With this function you are associating/registering a string
+ * that can be used by users to write rules, i.e.
+ * you register the http protocol for protocol detection using
+ * AppLayerProtoDetectRegisterProtocol(ctx, ALPROTO_HTTP, "http"),
+ * following which you can write rules like -
+ * alert http any any -> any any (sid:1;)
+ * which basically matches on the HTTP protocol.
+ *
+ * \param alproto The protocol.
+ * \param alproto_str The string to associate with the above "alproto".
+ * Please send a static string that won't be destroyed
+ * post making this call, since this function won't
+ * create a copy of the received argument.
+ *
+ * \retval 0 On success;
+ * -1 On failure.
+ */
+void AppLayerProtoDetectRegisterProtocol(AppProto alproto, char *alproto_name);
+
+/**
+ * \brief Given a protocol name, checks if proto detection is enabled in
+ * the conf file.
+ *
+ * \param alproto Name of the app layer protocol.
+ *
+ * \retval 1 If enabled.
+ * \retval 0 If disabled.
+ */
+int AppLayerProtoDetectConfProtoDetectionEnabled(const char *ipproto,
+ const char *alproto);
+
+/**
+ * \brief Inits and returns an app layer protocol detection thread context.
+
+ * \param ctx Pointer to the app layer protocol detection context.
+ *
+ * \retval Pointer to the thread context, on success;
+ * NULL, on failure.
+ */
+void *AppLayerProtoDetectGetCtxThread(void);
+
+/**
+ * \brief Destroys the app layer protocol detection thread context.
+ *
+ * \param tctx Pointer to the app layer protocol detection thread context.
*/
-typedef struct AlpProtoSignature_ {
- uint16_t ip_proto; /**< protocol (TCP/UDP) */
- uint16_t proto; /**< protocol */
- DetectContentData *co; /**< content match that needs to match */
- struct AlpProtoSignature_ *next; /**< next signature */
- struct AlpProtoSignature_ *map_next; /**< next signature with same id */
-} AlpProtoSignature;
-
-#define ALP_DETECT_MAX 256
-
-typedef struct AlpProtoDetectDirection_ {
- MpmCtx mpm_ctx;
- uint32_t id;
- uint16_t map[ALP_DETECT_MAX]; /**< a mapping between condition id's and
- protocol */
- uint16_t max_len; /**< max length of all patterns, so we can
- limit the search */
- uint16_t min_len; /**< min length of all patterns, so we can
- tell the stream engine to feed data
- to app layer as soon as it has min
- size data */
- uint32_t async_max; /**< max bytes in this direction while 0 in
- the other, before we give up. */
-} AlpProtoDetectDirection;
-
-typedef struct AlpProtoDetectCtx_ {
- AlpProtoDetectDirection toserver;
- AlpProtoDetectDirection toclient;
-
- MpmPatternIdStore *mpm_pattern_id_store; /** pattern id store */
-
- /** Mapping between pattern id and signature. As each signature has a
- * unique pattern with a unique id, we can lookup the signature by
- * the pattern id. */
- AlpProtoSignature **map;
-
- AlpProtoSignature *head; /**< list of sigs */
- AppLayerProbingParser *probing_parsers;
- uint16_t sigs; /**< number of sigs */
-} AlpProtoDetectCtx;
-
-extern AlpProtoDetectCtx alp_proto_ctx;
-
-#define FLOW_IS_PM_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags & FLOW_TS_PM_ALPROTO_DETECT_DONE) : ((f)->flags & FLOW_TC_PM_ALPROTO_DETECT_DONE))
-#define FLOW_IS_PP_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags & FLOW_TS_PP_ALPROTO_DETECT_DONE) : ((f)->flags & FLOW_TC_PP_ALPROTO_DETECT_DONE))
-
-#define FLOW_SET_PM_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags |= FLOW_TS_PM_ALPROTO_DETECT_DONE) : ((f)->flags |= FLOW_TC_PM_ALPROTO_DETECT_DONE))
-#define FLOW_SET_PP_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags |= FLOW_TS_PP_ALPROTO_DETECT_DONE) : ((f)->flags |= FLOW_TC_PP_ALPROTO_DETECT_DONE))
-
-#define FLOW_RESET_PM_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags &= ~FLOW_TS_PM_ALPROTO_DETECT_DONE) : ((f)->flags &= ~FLOW_TC_PM_ALPROTO_DETECT_DONE))
-#define FLOW_RESET_PP_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags &= ~FLOW_TS_PP_ALPROTO_DETECT_DONE) : ((f)->flags &= ~FLOW_TC_PP_ALPROTO_DETECT_DONE))
-
-void AlpProtoInit(AlpProtoDetectCtx *);
-void *AppLayerDetectProtoThread(void *td);
-
-void AppLayerDetectProtoThreadInit(void);
-
-uint16_t AppLayerDetectGetProtoPMParser(AlpProtoDetectCtx *ctx,
- AlpProtoDetectThreadCtx *tctx,
- Flow *f,
- uint8_t *buf, uint16_t buflen,
- uint8_t flags, uint8_t ipproto,
- uint16_t *pm_results);
-uint16_t AppLayerDetectGetProtoProbingParser(AlpProtoDetectCtx *, Flow *,
- uint8_t *, uint32_t,
- uint8_t, uint8_t);
-uint16_t AppLayerDetectGetProto(AlpProtoDetectCtx *, AlpProtoDetectThreadCtx *,
- Flow *, uint8_t *, uint32_t,
- uint8_t, uint8_t);
-void AlpProtoAddCI(AlpProtoDetectCtx *, char *, uint16_t, uint16_t, char *, uint16_t, uint16_t, uint8_t);
-void AlpProtoAdd(AlpProtoDetectCtx *, char *, uint16_t, uint16_t, char *, uint16_t, uint16_t, uint8_t);
-
-void AppLayerDetectProtoThreadSpawn(void);
-void AlpDetectRegisterTests(void);
-
-void AlpProtoFinalizeGlobal(AlpProtoDetectCtx *);
-void AlpProtoFinalizeThread(AlpProtoDetectCtx *, AlpProtoDetectThreadCtx *);
-void AlpProtoFinalize2Thread(AlpProtoDetectThreadCtx *);
-void AlpProtoDeFinalize2Thread (AlpProtoDetectThreadCtx *);
-void AlpProtoTestDestroy(AlpProtoDetectCtx *);
-void AlpProtoDestroy(void);
-
-#endif /* __APP_LAYER_DETECT_PROTO_H__ */
+void AppLayerProtoDetectDestroyCtxThread(void *tctx);
+
+/***** Utility *****/
+
+void AppLayerProtoDetectSupportedIpprotos(AppProto alproto, uint8_t *ipprotos);
+AppProto AppLayerProtoDetectGetProtoByName(char *alproto_name);
+char *AppLayerProtoDetectGetProtoName(AppProto alproto);
+void AppLayerProtoDetectSupportedAppProtocols(AppProto *alprotos);
+
+/***** Unittests *****/
+
+#ifdef UNITTESTS
+
+/**
+ * \brief Backs up the internal context used by the app layer proto detection
+ * module.
+ */
+void AppLayerProtoDetectUnittestCtxBackup(void);
+
+/**
+ * \brief Restores back the internal context used by the app layer proto
+ * detection module, that was previously backed up by calling
+ * AppLayerProtoDetectUnittestCtxBackup().
+ */
+void AppLayerProtoDetectUnittestCtxRestore(void);
+
+/**
+ * \brief Register unittests for app layer proto detection module.
+ */
+void AppLayerProtoDetectUnittestsRegister(void);
+
+#endif /* UNITTESTS */
+#endif /* __APP_LAYER_DETECT_PROTO__H__ */
*/
#include "suricata-common.h"
+#include "stream.h"
#include "app-layer-parser.h"
#include "app-layer-dns-common.h"
#ifdef DEBUG
return 0;
}
-void DNSAppLayerRegisterGetEventInfo(uint16_t alproto)
+void DNSAppLayerRegisterGetEventInfo(uint16_t ipproto, uint16_t alproto)
{
- return AppLayerRegisterGetEventInfo(alproto, DNSStateGetEventInfo);
+ AppLayerParserRegisterGetEventInfo(ipproto, alproto, DNSStateGetEventInfo);
+
+ return;
}
AppLayerDecoderEvents *DNSGetEvents(void *state, uint64_t id) {
/* value for tx->replied value */
int DNSGetAlstateProgressCompletionStatus(uint8_t direction) {
- return (direction == 0) ? 0 : 1;
+ return (direction & STREAM_TOSERVER) ? 0 : 1;
}
void DNSSetEvent(DNSState *s, uint8_t e) {
void DNSAppLayerDecoderEventsRegister(int alproto);
int DNSStateGetEventInfo(const char *event_name,
int *event_id, AppLayerEventType *event_type);
-void DNSAppLayerRegisterGetEventInfo(uint16_t alproto);
+void DNSAppLayerRegisterGetEventInfo(uint16_t ipproto, uint16_t alproto);
void *DNSGetTx(void *alstate, uint64_t tx_id);
uint64_t DNSGetTxCnt(void *alstate);
* \brief Parse DNS request packet
*/
static int DNSTCPRequestParse(Flow *f, void *dstate,
- AppLayerParserState *pstate,
- uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *pstate,
+ uint8_t *input, uint32_t input_len,
+ void *local_data)
{
DNSState *dns_state = (DNSState *)dstate;
SCLogDebug("starting %u", input_len);
*
*/
static int DNSTCPResponseParse(Flow *f, void *dstate,
- AppLayerParserState *pstate,
- uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *pstate,
+ uint8_t *input, uint32_t input_len,
+ void *local_data)
{
DNSState *dns_state = (DNSState *)dstate;
return ALPROTO_FAILED;
} else if (ilen > 512) {
SCLogDebug("all the parser told us was not enough data, which is expected. Lets assume it's DNS");
- return ALPROTO_DNS_TCP;
+ return ALPROTO_DNS;
}
SCLogDebug("not yet enough info %u > %u", ntohs(dns_header->len), ilen);
if (r != 1)
return ALPROTO_FAILED;
- SCLogDebug("ALPROTO_DNS_TCP");
- return ALPROTO_DNS_TCP;
+ SCLogDebug("ALPROTO_DNS");
+ return ALPROTO_DNS;
}
void RegisterDNSTCPParsers(void) {
- char *proto_name = "dnstcp";
+ char *proto_name = "dns";
/** DNS */
- if (AppLayerProtoDetectionEnabled(proto_name)) {
+ if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
+ AppLayerProtoDetectRegisterProtocol(ALPROTO_DNS, proto_name);
+
if (RunmodeIsUnittests()) {
- AppLayerRegisterProbingParser(&alp_proto_ctx,
- IPPROTO_TCP,
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
"53",
- proto_name,
ALPROTO_DNS,
0, sizeof(DNSTcpHeader),
STREAM_TOSERVER,
DNSTcpProbingParser);
} else {
- AppLayerParseProbingParserPorts(proto_name, ALPROTO_DNS,
- 0, sizeof(DNSTcpHeader),
- DNSTcpProbingParser);
+ AppLayerProtoDetectPPParseConfPorts("udp", IPPROTO_TCP,
+ proto_name, ALPROTO_DNS,
+ 0, sizeof(DNSTcpHeader),
+ DNSTcpProbingParser);
}
} else {
SCLogInfo("Protocol detection and parser disabled for %s protocol.",
return;
}
- if (AppLayerParserEnabled(proto_name)) {
- AppLayerRegisterProto(proto_name, ALPROTO_DNS_TCP, STREAM_TOSERVER,
- DNSTCPRequestParse);
- AppLayerRegisterProto(proto_name, ALPROTO_DNS_TCP, STREAM_TOCLIENT,
- DNSTCPResponseParse);
- AppLayerRegisterStateFuncs(ALPROTO_DNS_TCP, DNSStateAlloc,
- DNSStateFree);
- AppLayerRegisterTxFreeFunc(ALPROTO_DNS_TCP,
- DNSStateTransactionFree);
-
- AppLayerRegisterGetEventsFunc(ALPROTO_DNS_TCP, DNSGetEvents);
- AppLayerRegisterHasEventsFunc(ALPROTO_DNS_TCP, DNSHasEvents);
-
- AppLayerRegisterGetTx(ALPROTO_DNS_TCP,
- DNSGetTx);
- AppLayerRegisterGetTxCnt(ALPROTO_DNS_TCP,
- DNSGetTxCnt);
- AppLayerRegisterGetAlstateProgressFunc(ALPROTO_DNS_TCP,
- DNSGetAlstateProgress);
- AppLayerRegisterGetAlstateProgressCompletionStatus(ALPROTO_DNS_TCP,
- DNSGetAlstateProgressCompletionStatus);
- DNSAppLayerRegisterGetEventInfo(ALPROTO_DNS_TCP);
+ if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_DNS, STREAM_TOSERVER,
+ DNSTCPRequestParse);
+ AppLayerParserRegisterParser(IPPROTO_TCP , ALPROTO_DNS, STREAM_TOCLIENT,
+ DNSTCPResponseParse);
+ AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_DNS, DNSStateAlloc,
+ DNSStateFree);
+ AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_DNS,
+ DNSStateTransactionFree);
+
+ AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_DNS, DNSGetEvents);
+ AppLayerParserRegisterHasEventsFunc(IPPROTO_TCP, ALPROTO_DNS, DNSHasEvents);
+
+ AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_DNS, DNSGetTx);
+ AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_DNS, DNSGetTxCnt);
+ AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_DNS,
+ DNSGetAlstateProgress);
+ AppLayerParserRegisterGetStateProgressCompletionStatus(IPPROTO_TCP, ALPROTO_DNS,
+ DNSGetAlstateProgressCompletionStatus);
+ DNSAppLayerRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_DNS);
} else {
SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
"still on.", proto_name);
* \brief Parse DNS request packet
*/
static int DNSUDPRequestParse(Flow *f, void *dstate,
- AppLayerParserState *pstate,
- uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *pstate,
+ uint8_t *input, uint32_t input_len,
+ void *local_data)
{
DNSState *dns_state = (DNSState *)dstate;
*
*/
static int DNSUDPResponseParse(Flow *f, void *dstate,
- AppLayerParserState *pstate,
- uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *pstate,
+ uint8_t *input, uint32_t input_len,
+ void *local_data)
{
DNSState *dns_state = (DNSState *)dstate;
return ALPROTO_UNKNOWN;
}
- if (DNSUDPRequestParse(NULL, NULL, NULL, input, ilen, NULL, NULL) == -1)
+ if (DNSUDPRequestParse(NULL, NULL, NULL, input, ilen, NULL) == -1)
return ALPROTO_FAILED;
- return ALPROTO_DNS_UDP;
+ return ALPROTO_DNS;
}
static void DNSUDPConfigure(void) {
}
void RegisterDNSUDPParsers(void) {
- char *proto_name = "dnsudp";
+ char *proto_name = "dns";
/** DNS */
- if (AppLayerProtoDetectionEnabled(proto_name)) {
+ if (AppLayerProtoDetectConfProtoDetectionEnabled("udp", proto_name)) {
+ AppLayerProtoDetectRegisterProtocol(ALPROTO_DNS, proto_name);
+
if (RunmodeIsUnittests()) {
- AppLayerRegisterProbingParser(&alp_proto_ctx,
- IPPROTO_UDP,
+ AppLayerProtoDetectPPRegister(IPPROTO_UDP,
"53",
- proto_name,
ALPROTO_DNS,
0, sizeof(DNSHeader),
STREAM_TOSERVER,
DNSUdpProbingParser);
} else {
- AppLayerParseProbingParserPorts(proto_name, ALPROTO_DNS,
- 0, sizeof(DNSHeader),
- DNSUdpProbingParser);
+ AppLayerProtoDetectPPParseConfPorts("udp", IPPROTO_UDP,
+ proto_name, ALPROTO_DNS,
+ 0, sizeof(DNSHeader),
+ DNSUdpProbingParser);
}
} else {
SCLogInfo("Protocol detection and parser disabled for %s protocol.",
return;
}
- if (AppLayerParserEnabled(proto_name)) {
- AppLayerRegisterProto(proto_name, ALPROTO_DNS_UDP, STREAM_TOSERVER,
- DNSUDPRequestParse);
- AppLayerRegisterProto(proto_name, ALPROTO_DNS_UDP, STREAM_TOCLIENT,
- DNSUDPResponseParse);
- AppLayerRegisterStateFuncs(ALPROTO_DNS_UDP, DNSStateAlloc,
- DNSStateFree);
- AppLayerRegisterTxFreeFunc(ALPROTO_DNS_UDP,
- DNSStateTransactionFree);
-
- AppLayerRegisterGetEventsFunc(ALPROTO_DNS_UDP, DNSGetEvents);
- AppLayerRegisterHasEventsFunc(ALPROTO_DNS_UDP, DNSHasEvents);
-
- AppLayerRegisterGetTx(ALPROTO_DNS_UDP,
- DNSGetTx);
- AppLayerRegisterGetTxCnt(ALPROTO_DNS_UDP,
- DNSGetTxCnt);
- AppLayerRegisterGetAlstateProgressFunc(ALPROTO_DNS_UDP,
- DNSGetAlstateProgress);
- AppLayerRegisterGetAlstateProgressCompletionStatus(ALPROTO_DNS_UDP,
- DNSGetAlstateProgressCompletionStatus);
-
- DNSAppLayerRegisterGetEventInfo(ALPROTO_DNS_UDP);
+ if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
+ AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_DNS, STREAM_TOSERVER,
+ DNSUDPRequestParse);
+ AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_DNS, STREAM_TOCLIENT,
+ DNSUDPResponseParse);
+ AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_DNS, DNSStateAlloc,
+ DNSStateFree);
+ AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_DNS,
+ DNSStateTransactionFree);
+
+ AppLayerParserRegisterGetEventsFunc(IPPROTO_UDP, ALPROTO_DNS, DNSGetEvents);
+ AppLayerParserRegisterHasEventsFunc(IPPROTO_UDP, ALPROTO_DNS, DNSHasEvents);
+
+ AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_DNS,
+ DNSGetTx);
+ AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_DNS,
+ DNSGetTxCnt);
+ AppLayerParserRegisterGetStateProgressFunc(IPPROTO_UDP, ALPROTO_DNS,
+ DNSGetAlstateProgress);
+ AppLayerParserRegisterGetStateProgressCompletionStatus(IPPROTO_UDP, ALPROTO_DNS,
+ DNSGetAlstateProgressCompletionStatus);
+
+ DNSAppLayerRegisterGetEventInfo(IPPROTO_UDP, ALPROTO_DNS);
DNSUDPConfigure();
} else {
"still on.", proto_name);
}
#ifdef UNITTESTS
- AppLayerParserRegisterUnittests(ALPROTO_DNS_UDP, DNSUDPParserRegisterTests);
+ AppLayerParserRegisterProtocolUnittests(IPPROTO_UDP, ALPROTO_DNS, DNSUDPParserRegisterTests);
#endif
}
if (f == NULL)
goto end;
f->proto = IPPROTO_UDP;
- f->alproto = ALPROTO_DNS_UDP;
+ f->alproto = ALPROTO_DNS;
f->alstate = DNSStateAlloc();
- int r = DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL, NULL);
+ int r = DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL);
if (r != 1)
goto end;
#include "stream-tcp.h"
#include "stream.h"
+#include "app-layer.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer-ftp.h"
* \retval 1 when the command is parsed, 0 otherwise
*/
static int FTPParseRequest(Flow *f, void *ftp_state,
- AppLayerParserState *pstate,
+ void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *local_data)
{
SCEnter();
/* PrintRawDataFp(stdout, input,input_len); */
*
* \retval 1 when the command is parsed, 0 otherwise
*/
-static int FTPParseResponse(Flow *f, void *ftp_state, AppLayerParserState *pstate,
+static int FTPParseResponse(Flow *f, void *ftp_state, void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *local_data)
{
return 1;
}
#endif
}
+static int FTPRegisterPatternsForProtocolDetection(void)
+{
+ if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_FTP,
+ "USER ", 5, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_FTP,
+ "PASS ", 5, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCI(IPPROTO_TCP, ALPROTO_FTP,
+ "PORT ", 5, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+
+ return 0;
+}
+
void RegisterFTPParsers(void) {
char *proto_name = "ftp";
/** FTP */
- if (AppLayerProtoDetectionEnabled(proto_name)) {
- AlpProtoAddCI(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_FTP, "USER ", 5, 0, STREAM_TOSERVER);
- AlpProtoAddCI(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_FTP, "PASS ", 5, 0, STREAM_TOSERVER);
- AlpProtoAddCI(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_FTP, "PORT ", 5, 0, STREAM_TOSERVER);
- AppLayerRegisterParserAcceptableDataDirection(ALPROTO_FTP, STREAM_TOSERVER | STREAM_TOCLIENT);
+ if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
+ AppLayerProtoDetectRegisterProtocol(ALPROTO_FTP, proto_name);
+ if (FTPRegisterPatternsForProtocolDetection() < 0 )
+ return;
}
- if (AppLayerParserEnabled(proto_name)) {
- AppLayerRegisterProto(proto_name, ALPROTO_FTP, STREAM_TOSERVER,
- FTPParseRequest);
- AppLayerRegisterProto(proto_name, ALPROTO_FTP, STREAM_TOCLIENT,
- FTPParseResponse);
- AppLayerRegisterStateFuncs(ALPROTO_FTP, FTPStateAlloc, FTPStateFree);
+ if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_FTP, STREAM_TOSERVER,
+ FTPParseRequest);
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_FTP, STREAM_TOCLIENT,
+ FTPParseResponse);
+ AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_FTP, FTPStateAlloc, FTPStateFree);
+ AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_FTP, STREAM_TOSERVER | STREAM_TOCLIENT);
} else {
SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
"still on.", proto_name);
}
#ifdef UNITTESTS
- AppLayerParserRegisterUnittests(ALPROTO_FTP, FTPParserRegisterTests);
+ AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_FTP, FTPParserRegisterTests);
#endif
}
uint8_t ftpbuf[] = "PORT 192,168,1,1,0,80\r\n";
uint32_t ftplen = sizeof(ftpbuf) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_EOF, ftpbuf, ftplen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_EOF, ftpbuf, ftplen);
if (r != 0) {
SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint8_t ftpbuf3[] = "1,1,10,20\r\n";
uint32_t ftplen3 = sizeof(ftpbuf3) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_START, ftpbuf1, ftplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_START, ftpbuf1, ftplen1);
if (r != 0) {
SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER, ftpbuf2, ftplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER, ftpbuf2, ftplen2);
if (r != 0) {
SCLogDebug("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_EOF, ftpbuf3, ftplen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_EOF, ftpbuf3, ftplen3);
if (r != 0) {
SCLogDebug("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint8_t ftpbuf1[] = "PORT";
uint32_t ftplen1 = sizeof(ftpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, ftpbuf1, ftplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, ftpbuf1, ftplen1);
if (r != 0) {
SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint8_t ftpbuf2[] = "RT\r\n";
uint32_t ftplen2 = sizeof(ftpbuf2) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_START, ftpbuf1, ftplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_START, ftpbuf1, ftplen1);
if (r != 0) {
SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_EOF, ftpbuf2, ftplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER|STREAM_EOF, ftpbuf2, ftplen2);
if (r != 0) {
SCLogDebug("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint8_t ftpbuf1[] = "PORT 1,2,3,4,5,6\r\n";
uint32_t ftplen1 = sizeof(ftpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
int r = 0;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
else flags = STREAM_TOSERVER;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_FTP, flags, &ftpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, flags, &ftpbuf1[u], 1);
if (r != 0) {
SCLogDebug("toserver chunk %" PRIu32 " returned %" PRId32 ", expected 0: ", u, r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
#include "stream-tcp.h"
#include "stream.h"
+#include "app-layer.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer-htp.h"
uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
HtpState *http_state = NULL;
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCLogDebug("\n>>>> processing chunk 1 <<<<\n");
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0);
if (tx == NULL) {
goto end;
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
TcpSession ssn;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCLogDebug("\n>>>> processing chunk 1 <<<<\n");
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 3 size %u <<<<\n", httplen3);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 4 size %u <<<<\n", httplen4);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0);
if (tx == NULL) {
goto end;
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
TcpSession ssn;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCLogDebug("\n>>>> processing chunk 1 <<<<\n");
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 3 size %u <<<<\n", httplen3);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 4 size %u <<<<\n", httplen4);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 5 size %u <<<<\n", httplen5);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf5, httplen5);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf5, httplen5);
if (r != 0) {
printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 6 size %u <<<<\n", httplen6);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf6, httplen6);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf6, httplen6);
if (r != 0) {
printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0);
if (tx == NULL) {
goto end;
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
TcpSession ssn;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCLogDebug("\n>>>> processing chunk 1 <<<<\n");
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 3 size %u <<<<\n", httplen3);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 4 size %u <<<<\n", httplen4);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 5 size %u <<<<\n", httplen5);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf5, httplen5);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf5, httplen5);
if (r != 0) {
printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 6 size %u <<<<\n", httplen6);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf6, httplen6);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf6, httplen6);
if (r != 0) {
printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0);
if (tx == NULL) {
goto end;
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
TcpSession ssn;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCLogDebug("\n>>>> processing chunk 1 size %u <<<<\n", httplen1);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0);
if (tx == NULL) {
goto end;
}
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
TcpSession ssn;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCLogDebug("\n>>>> processing chunk 1 size %u <<<<\n", httplen1);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0);
if (tx == NULL) {
goto end;
}
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
TcpSession ssn;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCLogDebug("\n>>>> processing chunk 1 size %u <<<<\n", httplen1);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0);
if (tx == NULL) {
goto end;
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
HtpState *http_state = NULL;
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCLogDebug("\n>>>> processing chunk 1 <<<<\n");
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f->m);
- AppLayerDecoderEvents *decoder_events = AppLayerGetDecoderEventsForFlow(f);
+ AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(f->alparser);
if (decoder_events == NULL) {
printf("no app events: ");
SCMutexUnlock(&f->m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
TcpSession ssn;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCLogDebug("\n>>>> processing chunk 1 <<<<\n");
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 3 size %u <<<<\n", httplen3);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 4 size %u <<<<\n", httplen4);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f->m);
- AppLayerDecoderEvents *decoder_events = AppLayerGetDecoderEventsForFlow(f);
+ AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(f->alparser);
if (decoder_events == NULL) {
printf("no app events: ");
SCMutexUnlock(&f->m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
TcpSession ssn;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCLogDebug("\n>>>> processing chunk 1 <<<<\n");
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 3 size %u <<<<\n", httplen3);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 4 size %u <<<<\n", httplen4);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f->m);
- AppLayerDecoderEvents *decoder_events = AppLayerGetDecoderEventsForFlow(f);
+ AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(f->alparser);
if (decoder_events != NULL) {
printf("app events: ");
SCMutexUnlock(&f->m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
TcpSession ssn;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCLogDebug("\n>>>> processing chunk 1 <<<<\n");
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f->m);
SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f->m);
SCLogDebug("\n>>>> processing chunk 3 size %u <<<<\n", httplen3);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f->m);
SCLogDebug("\n>>>> processing chunk 4 size %u <<<<\n", httplen4);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f->m);
}
SCMutexLock(&f->m);
- AppLayerDecoderEvents *decoder_events = AppLayerGetDecoderEventsForFlow(f);
+ AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(f->alparser);
if (decoder_events != NULL) {
printf("app events: ");
SCMutexUnlock(&f->m);
}
SCMutexUnlock(&f->m);
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, http_state, 0);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, http_state, 0);
if (tx == NULL) {
goto end;
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
#include "app-layer-protos.h"
#include "app-layer-parser.h"
+#include "app-layer.h"
#include "app-layer-htp.h"
#include "app-layer-htp-body.h"
#include "app-layer-htp-file.h"
* \retval On success returns 1 or on failure returns -1.
*/
static int HTPHandleRequestData(Flow *f, void *htp_state,
- AppLayerParserState *pstate,
+ void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data,
- AppLayerParserResult *output)
+ void *local_data)
{
SCEnter();
int r = -1;
HTPHandleError(hstate);
/* if the TCP connection is closed, then close the HTTP connection */
- if ((pstate->flags & APP_LAYER_PARSER_EOF) &&
- !(hstate->flags & HTP_FLAG_STATE_CLOSED_TS)) {
+ if (AppLayerParserParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF) &&
+ !(hstate->flags & HTP_FLAG_STATE_CLOSED_TS))
+ {
htp_connp_close(hstate->connp, &ts);
hstate->flags |= HTP_FLAG_STATE_CLOSED_TS;
SCLogDebug("stream eof encountered, closing htp handle for ts");
* \retval On success returns 1 or on failure returns -1
*/
static int HTPHandleResponseData(Flow *f, void *htp_state,
- AppLayerParserState *pstate,
- uint8_t *input, uint32_t input_len,
- void *local_data,
- AppLayerParserResult *output)
+ void *pstate,
+ uint8_t *input, uint32_t input_len,
+ void *local_data)
{
SCEnter();
int r = -1;
}
/* if we the TCP connection is closed, then close the HTTP connection */
- if ((pstate->flags & APP_LAYER_PARSER_EOF) &&
- !(hstate->flags & HTP_FLAG_STATE_CLOSED_TC)) {
+ if (AppLayerParserParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF) &&
+ !(hstate->flags & HTP_FLAG_STATE_CLOSED_TC))
+ {
htp_connp_close(hstate->connp, &ts);
hstate->flags |= HTP_FLAG_STATE_CLOSED_TC;
}
/* we currently only handle multipart for ts. When we support it for tc,
* we will need to supply right direction */
- tx_progress = AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0);
+ tx_progress = AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER);
/* if we're in the file storage process, deal with that now */
if (htud->tsflags & HTP_FILENAME_SET) {
if (header_start != NULL || form_end != NULL || (tx_progress > HTP_REQUEST_BODY)) {
{
SCEnter();
- if (!AppLayerProtoDetectionEnabled("http") || !AppLayerParserEnabled("http"))
+ if (!AppLayerProtoDetectConfProtoDetectionEnabled("tcp", "http") ||
+ !AppLayerParserConfParserEnabled("tcp", "http"))
+ {
SCReturn;
+ }
HTPCfgRec *nextrec = cfglist.next;
SCRadixReleaseRadixTree(cfgtree);
/* request done, do raw reassembly now to inspect state and stream
* at the same time. */
- AppLayerTriggerRawStreamReassembly(hstate->f);
+ AppLayerParserTriggerRawStreamReassembly(hstate->f);
SCReturnInt(HTP_OK);
}
/* response done, do raw reassembly now to inspect state and stream
* at the same time. */
- AppLayerTriggerRawStreamReassembly(hstate->f);
+ AppLayerParserTriggerRawStreamReassembly(hstate->f);
SCReturnInt(HTP_OK);
}
static int HTPStateGetAlstateProgress(void *tx, uint8_t direction)
{
- if (direction == 0)
+ if (direction & STREAM_TOSERVER)
return ((htp_tx_t *)tx)->request_progress;
else
return ((htp_tx_t *)tx)->response_progress;
static int HTPStateGetAlstateProgressCompletionStatus(uint8_t direction)
{
- return (direction == 0) ? HTP_REQUEST_COMPLETE : HTP_RESPONSE_COMPLETE;
+ return (direction & STREAM_TOSERVER) ? HTP_REQUEST_COMPLETE : HTP_RESPONSE_COMPLETE;
}
int HTPStateGetEventInfo(const char *event_name,
return 0;
}
-static void HTPStateTruncate(void *state, uint8_t flags) {
- FileContainer *fc = HTPStateGetFiles(state, flags);
+static void HTPStateTruncate(void *state, uint8_t direction)
+{
+ FileContainer *fc = HTPStateGetFiles(state, direction);
if (fc != NULL) {
FileTruncateAllOpenFiles(fc);
}
}
+static int HTPRegisterPatternsForProtocolDetection(void)
+{
+ /* toserver */
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "GET|20|", 4, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "GET|09|", 4, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "PUT|20|", 4, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "PUT|09|", 4, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "POST|20|", 5, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "POST|09|", 5, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "HEAD|20|", 5, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "HEAD|09|", 5, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "TRACE|20|", 6, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "TRACE|09|", 6, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "OPTIONS|20|", 8, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "OPTIONS|09|", 8, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "CONNECT|20|", 8, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "CONNECT|09|", 8, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+
+ /* toclient */
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "HTTP/0.9", 8, 0, STREAM_TOCLIENT) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "HTTP/1.0", 8, 0, STREAM_TOCLIENT) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP,
+ "HTTP/1.1", 8, 0, STREAM_TOCLIENT) < 0)
+ {
+ return -1;
+ }
+
+ return 0;
+}
+
/**
* \brief Register the HTTP protocol and state handling functions to APP layer
* of the engine.
char *proto_name = "http";
/** HTTP */
- if (AppLayerProtoDetectionEnabled(proto_name)) {
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "GET|20|", 4, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "GET|09|", 4, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "PUT|20|", 4, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "PUT|09|", 4, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "POST|20|", 5, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "POST|09|", 5, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|20|", 5, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|09|", 5, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "TRACE|20|", 6, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "TRACE|09|", 6, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS|20|", 8, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS|09|", 8, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "CONNECT|20|", 8, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "CONNECT|09|", 8, 0, STREAM_TOSERVER);
-
- /* toclient direction */
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "HTTP/0.9", 8, 0, STREAM_TOCLIENT);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "HTTP/1.0", 8, 0, STREAM_TOCLIENT);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "HTTP/1.1", 8, 0, STREAM_TOCLIENT);
- AppLayerRegisterParserAcceptableDataDirection(ALPROTO_HTTP, STREAM_TOSERVER);
+ if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
+ AppLayerProtoDetectRegisterProtocol(ALPROTO_HTTP, proto_name);
+ if (HTPRegisterPatternsForProtocolDetection() < 0)
+ return;
} else {
SCLogInfo("Protocol detection and parser disabled for %s protocol",
proto_name);
return;
}
- if (AppLayerParserEnabled(proto_name)) {
- AppLayerRegisterStateFuncs(ALPROTO_HTTP, HTPStateAlloc, HTPStateFree);
- AppLayerRegisterTxFreeFunc(ALPROTO_HTTP, HTPStateTransactionFree);
- AppLayerRegisterGetFilesFunc(ALPROTO_HTTP, HTPStateGetFiles);
- AppLayerRegisterGetAlstateProgressFunc(ALPROTO_HTTP, HTPStateGetAlstateProgress);
- AppLayerRegisterGetTxCnt(ALPROTO_HTTP, HTPStateGetTxCnt);
- AppLayerRegisterGetTx(ALPROTO_HTTP, HTPStateGetTx);
- AppLayerRegisterGetAlstateProgressCompletionStatus(ALPROTO_HTTP,
- HTPStateGetAlstateProgressCompletionStatus);
+ if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
+ AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_HTTP, HTPStateAlloc, HTPStateFree);
+ AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_HTTP, HTPStateTransactionFree);
+ AppLayerParserRegisterGetFilesFunc(IPPROTO_TCP, ALPROTO_HTTP, HTPStateGetFiles);
+ AppLayerParserRegisterGetStateProgressFunc(IPPROTO_TCP, ALPROTO_HTTP, HTPStateGetAlstateProgress);
+ AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, HTPStateGetTxCnt);
+ AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_HTTP, HTPStateGetTx);
+ AppLayerParserRegisterGetStateProgressCompletionStatus(IPPROTO_TCP, ALPROTO_HTTP,
+ HTPStateGetAlstateProgressCompletionStatus);
- AppLayerRegisterGetEventInfo(ALPROTO_HTTP, HTPStateGetEventInfo);
+ AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_HTTP, HTPStateGetEventInfo);
- AppLayerRegisterTruncateFunc(ALPROTO_HTTP, HTPStateTruncate);
+ AppLayerParserRegisterTruncateFunc(IPPROTO_TCP, ALPROTO_HTTP, HTPStateTruncate);
- AppLayerRegisterProto(proto_name, ALPROTO_HTTP, STREAM_TOSERVER,
- HTPHandleRequestData);
- AppLayerRegisterProto(proto_name, ALPROTO_HTTP, STREAM_TOCLIENT,
- HTPHandleResponseData);
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_HTTP, STREAM_TOSERVER,
+ HTPHandleRequestData);
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_HTTP, STREAM_TOCLIENT,
+ HTPHandleResponseData);
SC_ATOMIC_INIT(htp_config_flags);
+ AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_HTTP, STREAM_TOSERVER);
HTPConfigure();
} else {
SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
"still on.", proto_name);
}
#ifdef UNITTESTS
- AppLayerParserRegisterUnittests(ALPROTO_HTTP, HTPParserRegisterTests);
+ AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_HTTP, HTPParserRegisterTests);
#endif
SCReturn;
TcpSession ssn;
HtpState *htp_state = NULL;
int r = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
- STREAM_EOF, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
+ STREAM_EOF, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
HtpState *htp_state = NULL;
int r = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&ssn, 0, sizeof(ssn));
f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 80);
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
else flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
int r = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
- STREAM_EOF, httpbuf1, httplen1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
+ STREAM_EOF, httpbuf1, httplen1);
if (r != 0) {
SCMutexUnlock(&f->m);
goto end;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
uint8_t httpbuf6[] = "esults are tha bomb!";
uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START,
- httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START,
+ httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, httpbuf4,
- httplen4);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, httpbuf4,
+ httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf5, httplen5);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf5, httplen5);
if (r != 0) {
printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3,
- httplen3);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf3,
+ httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf6,
- httplen6);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf6,
+ httplen6);
if (r != 0) {
printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
uint32_t httplen2 = sizeof(httpbuf2) - 1; /* minus the \0 */
TcpSession ssn;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START,
- httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START,
+ httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, httpbuf2,
- httplen2);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, httpbuf2,
+ httplen2);
if (r != 0) {
printf("toclient chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (http_state != NULL)
HTPStateFree(http_state);
TcpSession ssn;
HtpState *htp_state = NULL;
int r = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
uint8_t httpbuf1[] = "GET /secondhouse/image/js/\%ce\%de\%ce\%fd_RentCity.js?v=2011.05.02 HTTP/1.0\r\n\r\n";
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
char input[] = "\
%YAML 1.1\n\
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
flags = STREAM_TOSERVER|STREAM_START|STREAM_EOF;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, httpbuf1, httplen1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk returned %" PRId32 ", expected"
" 0: ", r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
uint8_t httpbuf1[] = "GET /secondhouse/image/js/\%ce\%de\%ce\%fd_RentCity.js?v=2011.05.02 HTTP/1.0\r\n\r\n";
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
char input[] = "\
%YAML 1.1\n\
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
flags = STREAM_TOSERVER|STREAM_START|STREAM_EOF;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, httpbuf1, httplen1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk returned %" PRId32 ", expected"
" 0: ", r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
TcpSession ssn;
HtpState *htp_state = NULL;
int r = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
TcpSession ssn;
HtpState *htp_state = NULL;
int r = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
TcpSession ssn;
HtpState *htp_state = NULL;
int r = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
}
result = 1;
-end:
+ end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
TcpSession ssn;
HtpState *htp_state = NULL;
int r = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
" Data is c0oL!";
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
HtpState *htp_state = NULL;
int r = 0;
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
SCRadixNode *cfgnode = NULL;
htp_cfg_t *htp = cfglist.cfg;
else flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
HTPFreeConfig();
ConfDeInit();
ConfRestoreContextBackup();
"GET /abc/def?ghi%252fjkl HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n";
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
HtpState *htp_state = NULL;
int r = 0;
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
else flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
HTPFreeConfig();
ConfDeInit();
ConfRestoreContextBackup();
"GET /abc/def?ghi%252fjkl HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n";
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
HtpState *htp_state = NULL;
int r = 0;
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
else flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
HTPFreeConfig();
ConfDeInit();
ConfRestoreContextBackup();
"GET /abc/def?ghi%252fjkl HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n";
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
HtpState *htp_state = NULL;
int r = 0;
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
else flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
HTPFreeConfig();
ConfDeInit();
ConfRestoreContextBackup();
"GET /abc/def?a=http://www.abc.com/ HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n";
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
HtpState *htp_state = NULL;
int r = 0;
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
else flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
HTPFreeConfig();
ConfDeInit();
ConfRestoreContextBackup();
"GET /index?id=\\\"<script>alert(document.cookie)</script> HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n";
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
HtpState *htp_state = NULL;
int r = 0;
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
else flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
HTPFreeConfig();
ConfDeInit();
ConfRestoreContextBackup();
"GET /put.php?ip=1.2.3.4&port=+6000 HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n";
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
HtpState *htp_state = NULL;
int r = 0;
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
else flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
HTPFreeConfig();
ConfDeInit();
ConfRestoreContextBackup();
"GET /put.php?ip=1.2.3.4&port=+6000 HTTP/1.1\r\nHost: www.domain.ltd\r\n\r\n";
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
HtpState *htp_state = NULL;
int r = 0;
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
else flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
HTPFreeConfig();
ConfDeInit();
ConfRestoreContextBackup();
"GET http://suricata-ids.org/blah/ HTTP/1.1\r\nHost: suricata-ids.org\r\n\r\n";
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
HtpState *htp_state = NULL;
int r = 0;
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
else flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
HTPFreeConfig();
ConfDeInit();
ConfRestoreContextBackup();
"GET http://suricata-ids.org/blah/ HTTP/1.1\r\nHost: suricata-ids.org\r\n\r\n";
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
HtpState *htp_state = NULL;
int r = 0;
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
else flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, &httpbuf1[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
HTPFreeConfig();
ConfDeInit();
ConfRestoreContextBackup();
memset(&hstate, 0x00, sizeof(hstate));
Flow flow;
memset(&flow, 0x00, sizeof(flow));
- AppLayerParserStateStore parser;
+ void *parser = AppLayerParserAllocAppLayerParserParserState();
memset(&parser, 0x00, sizeof(parser));
htp_tx_t tx;
memset(&tx, 0, sizeof(tx));
TcpSession ssn;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCLogDebug("\n>>>> processing chunk 1 <<<<\n");
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f->m);
SCLogDebug("\n>>>> processing chunk 1 again <<<<\n");
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f->m);
- AppLayerDecoderEvents *decoder_events = AppLayerGetDecoderEventsForFlow(f);
+ AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(f->alparser);
if (decoder_events != NULL) {
printf("app events: ");
SCMutexUnlock(&f->m);
SCMutexUnlock(&f->m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
HTPFreeConfig();
ConfDeInit();
ConfRestoreContextBackup();
request-body-limit: 0\n\
response-body-limit: 0\n\
";
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
else flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, (uint8_t *)&httpbuf[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, (uint8_t *)&httpbuf[u], 1);
if (u < 18294) { /* first 18294 bytes should result in 0 */
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
}
SCMutexLock(&f->m);
- AppLayerDecoderEvents *decoder_events = AppLayerGetDecoderEventsForFlow(f);
+ AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(f->alparser);
if (decoder_events == NULL) {
printf("no app events: ");
SCMutexUnlock(&f->m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
response-body-limit: 0\n\
meta-field-limit: 20000\n\
";
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
else flags = STREAM_TOSERVER;
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, flags, (uint8_t *)&httpbuf[u], 1);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, flags, (uint8_t *)&httpbuf[u], 1);
if (r != 0) {
printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected"
" 0: ", u, r);
}
SCMutexLock(&f->m);
- AppLayerDecoderEvents *decoder_events = AppLayerGetDecoderEventsForFlow(f);
+ AppLayerDecoderEvents *decoder_events = AppLayerParserGetDecoderEvents(f->alparser);
if (decoder_events != NULL) {
printf("app events: ");
SCMutexUnlock(&f->m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
#include "util-pool.h"
#include "flow-util.h"
+#include "flow-private.h"
#include "detect-engine-state.h"
#include "detect-engine-port.h"
#include "util-unittest-helper.h"
#include "util-validate.h"
-AppLayerProto al_proto_table[ALPROTO_MAX]; /**< Application layer protocol
- table mapped to their
- corresponding parsers */
+#include "runmodes.h"
-#define MAX_PARSERS 100
-static AppLayerParserTableElement al_parser_table[MAX_PARSERS];
-static uint16_t al_max_parsers = 0; /* incremented for every registered parser */
+typedef struct AppLayerParserCtxThread_ {
+ void *alproto_local_storage[FLOW_PROTO_MAX][ALPROTO_MAX];
+} AppLayerParserCtxThread;
-static Pool *al_result_pool = NULL;
-static SCMutex al_result_pool_mutex = SCMUTEX_INITIALIZER;
-#ifdef DEBUG
-static uint32_t al_result_pool_elmts = 0;
-#endif /* DEBUG */
-
-/** \brief Get the file container flow
- * \param f flow pointer to a LOCKED flow
- * \retval files void pointer to the state
- * \retval direction flow direction, either STREAM_TOCLIENT or STREAM_TOSERVER
- * \retval NULL in case we have no state */
-FileContainer *AppLayerGetFilesFromFlow(Flow *f, uint8_t direction) {
- SCEnter();
- DEBUG_ASSERT_FLOW_LOCKED(f);
-
- uint16_t alproto = f->alproto;
+/**
+ * \brief App layer protocol parser context.
+ */
+typedef struct AppLayerParserpCtx_
+{
+ /* 0 - to_server, 1 - to_client. */
+ int (*Parser[2])(Flow *f, void *protocol_state,
+ void *pstate,
+ uint8_t *input, uint32_t input_len,
+ void *local_storage);
+ char logger;
+
+ void *(*StateAlloc)(void);
+ void (*StateFree)(void *);
+ void (*StateTransactionFree)(void *, uint64_t);
+ void *(*LocalStorageAlloc)(void);
+ void (*LocalStorageFree)(void *);
+
+ void (*Truncate)(void *, uint8_t);
+ FileContainer *(*StateGetFiles)(void *, uint8_t);
+ AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t);
+ int (*StateHasEvents)(void *);
+
+ int (*StateGetProgress)(void *alstate, uint8_t direction);
+ uint64_t (*StateGetTxCnt)(void *alstate);
+ void *(*StateGetTx)(void *alstate, uint64_t tx_id);
+ int (*StateGetProgressCompletionStatus)(uint8_t direction);
+ int (*StateGetEventInfo)(const char *event_name,
+ int *event_id, AppLayerEventType *event_type);
+
+ /* Indicates the direction the parser is ready to see the data
+ * the first time for a flow. Values accepted -
+ * STREAM_TOSERVER, STREAM_TOCLIENT */
+ uint8_t first_data_dir;
- if (alproto == ALPROTO_UNKNOWN)
- SCReturnPtr(NULL, "FileContainer");
+#ifdef UNITTESTS
+ void (*RegisterUnittests)(void);
+#endif
+} AppLayerParserpCtx;
+
+typedef struct AppLayerParserCtx_ {
+ AppLayerParserpCtx ctxs[FLOW_PROTO_MAX][ALPROTO_MAX];
+} AppLayerParserCtx;
+
+typedef struct AppLayerParserParserState_ {
+ uint8_t flags;
+
+ /* Indicates the current transaction that is being inspected.
+ * We have a var per direction. */
+ uint64_t inspect_id[2];
+ /* Indicates the current transaction being logged. Unlike inspect_id,
+ * we don't need a var per direction since we don't log a transaction
+ * unless we have the entire transaction. */
+ uint64_t log_id;
+ /* State version, incremented for each update. Can wrap around. */
+ uint16_t version;
+
+ /* Used to store decoder events. */
+ AppLayerDecoderEvents *decoder_events;
+} AppLayerParserParserState;
- if (al_proto_table[alproto].StateGetFiles != NULL) {
- FileContainer *ptr = al_proto_table[alproto].StateGetFiles(AppLayerGetProtoStateFromFlow(f), direction);
- SCReturnPtr(ptr, "FileContainer");
- } else {
- SCReturnPtr(NULL, "FileContainer");
- }
-}
+/* Static global version of the parser context.
+ * Post 2.0 let's look at changing this to move it out to app-layer.c. */
+static AppLayerParserCtx alp_ctx;
-/** \brief Get the decoder events from the flow
- * \param f flow pointer to a LOCKED flow
- * \param tx_id transaction id
- * \retval files void pointer to the state
- * \retval NULL in case we have no state */
-AppLayerDecoderEvents *AppLayerGetEventsFromFlowByTx(Flow *f, uint64_t tx_id) {
+static void AppLayerParserTransactionsCleanup(uint16_t ipproto, AppProto alproto,
+ void *alstate, void *pstate)
+{
SCEnter();
- DEBUG_ASSERT_FLOW_LOCKED(f);
+ AppLayerParserParserState *parser_state_store = pstate;
+ uint64_t inspect = 0, log = 0;
+ uint64_t min;
+ AppLayerParserpCtx *ctx = &alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto];
+
+ if (ctx->StateTransactionFree == NULL)
+ goto end;
- uint16_t alproto = f->alproto;
- if (alproto == ALPROTO_UNKNOWN)
- SCReturnPtr(NULL, "AppLayerDecoderEvents");
+ if (parser_state_store->inspect_id[0] < parser_state_store->inspect_id[1])
+ inspect = parser_state_store->inspect_id[0];
+ else
+ inspect = parser_state_store->inspect_id[1];
+ log = parser_state_store->log_id;
- if (al_proto_table[alproto].StateGetEvents != NULL) {
- AppLayerDecoderEvents *ptr = al_proto_table[alproto].StateGetEvents(AppLayerGetProtoStateFromFlow(f), tx_id);
- SCReturnPtr(ptr, "AppLayerDecoderEvents");
+ if (ctx->logger == TRUE) {
+ min = log < inspect ? log : inspect;
+ if (min > 0)
+ ctx->StateTransactionFree(alstate, min - 1);
} else {
- SCReturnPtr(NULL, "AppLayerDecoderEvents");
+ if (inspect > 0)
+ ctx->StateTransactionFree(alstate, inspect - 1);
}
-}
-
-/** \brief check if we have decoder events
- * \retval 1 yes
- * \retval 0 no */
-int AppLayerFlowHasDecoderEvents(Flow *f, uint8_t flags) {
- AppLayerDecoderEvents *decoder_events;
-
- DEBUG_ASSERT_FLOW_LOCKED(f);
- if (f->alproto <= ALPROTO_UNKNOWN || f->alproto >= ALPROTO_MAX)
- return 0;
-
- if (AppLayerProtoIsTxEventAware(f->alproto)) {
- /* fast path if supported by proto */
- if (al_proto_table[f->alproto].StateHasEvents != NULL) {
- if (al_proto_table[f->alproto].StateHasEvents(f->alstate) == 1)
- return 1;
- } else {
- /* check each tx */
- uint64_t tx_id = AppLayerTransactionGetInspectId(f, flags);
- uint64_t max_id = AppLayerGetTxCnt(f->alproto, f->alstate);
+ end:
+ SCReturn;
+}
- for ( ; tx_id < max_id; tx_id++) {
- decoder_events = AppLayerGetEventsFromFlowByTx(f, tx_id);
- if (decoder_events && decoder_events->cnt)
- return 1;
- }
- }
- }
+void *AppLayerParserAllocAppLayerParserParserState(void)
+{
+ SCEnter();
- decoder_events = AppLayerGetDecoderEventsForFlow(f);
- if (decoder_events && decoder_events->cnt)
- return 1;
+ AppLayerParserParserState *pstate = (AppLayerParserParserState *)SCMalloc(sizeof(*pstate));
+ if (pstate == NULL)
+ goto end;
+ memset(pstate, 0, sizeof(*pstate));
- return 0;
+ end:
+ SCReturnPtr(pstate, "pstate");
}
-/** \brief Return true if alproto uses per TX events
- * \param alproto proto to check
- */
-int AppLayerProtoIsTxEventAware(uint16_t alproto) {
- if (alproto > ALPROTO_UNKNOWN && alproto < ALPROTO_MAX &&
- al_proto_table[alproto].StateGetEvents != NULL)
- return 1;
+void AppLayerParserDeAllocAppLayerParserParserState(void *pstate)
+{
+ SCEnter();
+
+ if (((AppLayerParserParserState *)pstate)->decoder_events != NULL)
+ AppLayerDecoderEventsFreeEvents(((AppLayerParserParserState *)pstate)->decoder_events);
+ SCFree(pstate);
- return 0;
+ SCReturn;
}
-/** \brief Alloc a AppLayerParserResultElmt func for the pool */
-static void *AlpResultElmtPoolAlloc()
+int AppLayerParserSetup(void)
{
- AppLayerParserResultElmt *e = NULL;
+ SCEnter();
- e = (AppLayerParserResultElmt *)SCMalloc
- (sizeof(AppLayerParserResultElmt));
- if (e == NULL)
- return NULL;
+ memset(&alp_ctx, 0, sizeof(alp_ctx));
-#ifdef DEBUG
- al_result_pool_elmts++;
- SCLogDebug("al_result_pool_elmts %"PRIu32"", al_result_pool_elmts);
-#endif /* DEBUG */
- return e;
+ SCReturnInt(0);
}
-int AppLayerGetAlstateProgress(uint16_t alproto, void *state, uint8_t direction)
+int AppLayerParserDeSetup(void)
{
- return al_proto_table[alproto].StateGetAlstateProgress(state, direction);
-}
+ SCEnter();
-uint64_t AppLayerGetTxCnt(uint16_t alproto, void *alstate)
-{
- return al_proto_table[alproto].StateGetTxCnt(alstate);
+ SCReturnInt(0);
}
-void *AppLayerGetTx(uint16_t alproto, void *alstate, uint64_t tx_id)
+void *AppLayerParserGetCtxThread(void)
{
- return al_proto_table[alproto].StateGetTx(alstate, tx_id);
-}
+ SCEnter();
-int AppLayerGetAlstateProgressCompletionStatus(uint16_t alproto, uint8_t direction)
-{
- return al_proto_table[alproto].StateGetAlstateProgressCompletionStatus(direction);
-}
+ AppProto i = 0;
+ int j = 0;
+ AppLayerParserCtxThread *tctx;
-int AppLayerAlprotoSupportsTxs(uint16_t alproto)
-{
- return (al_proto_table[alproto].StateTransactionFree != NULL);
+ tctx = SCMalloc(sizeof(*tctx));
+ if (tctx == NULL)
+ goto end;
+ memset(tctx, 0, sizeof(*tctx));
+
+ for (i = 0; i < FLOW_PROTO_DEFAULT; i++) {
+ for (j = 0; j < ALPROTO_MAX; j++) {
+ tctx->alproto_local_storage[i][j] =
+ AppLayerParserGetProtocolParserLocalStorage(FlowGetReverseProtoMapping(i),
+ j);
+ }
+ }
+
+ end:
+ SCReturnPtr(tctx, "void *");
}
-static void AlpResultElmtPoolCleanup(void *e)
+void AppLayerParserDestroyCtxThread(void *alpd_tctx)
{
- AppLayerParserResultElmt *re = (AppLayerParserResultElmt *)e;
+ SCEnter();
- if (re->flags & ALP_RESULT_ELMT_ALLOC) {
- if (re->data_ptr != NULL)
- SCFree(re->data_ptr);
+ AppProto i = 0;
+ int j = 0;
+ AppLayerParserCtxThread *tctx = (AppLayerParserCtxThread *)alpd_tctx;
+
+ for (i = 0; i < FLOW_PROTO_DEFAULT; i++) {
+ for (j = 0; j < ALPROTO_MAX; j++) {
+ AppLayerParserDestroyProtocolParserLocalStorage(FlowGetReverseProtoMapping(i),
+ j,
+ tctx->alproto_local_storage[i][j]);
+ }
}
-#ifdef DEBUG
- al_result_pool_elmts--;
- SCLogDebug("al_result_pool_elmts %"PRIu32"", al_result_pool_elmts);
-#endif /* DEBUG */
+ SCReturn;
}
-static AppLayerParserResultElmt *AlpGetResultElmt(void)
+int AppLayerParserConfParserEnabled(const char *ipproto,
+ const char *alproto_name)
{
- SCMutexLock(&al_result_pool_mutex);
- AppLayerParserResultElmt *e = (AppLayerParserResultElmt *)PoolGet(al_result_pool);
- SCMutexUnlock(&al_result_pool_mutex);
+ SCEnter();
+
+ int enabled = 1;
+ char param[100];
+ ConfNode *node;
+ int r;
- if (e == NULL) {
- return NULL;
+ if (RunmodeIsUnittests())
+ goto enabled;
+
+ r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
+ alproto_name, ".enabled");
+ if (r < 0) {
+ SCLogError(SC_ERR_FATAL, "snprintf failure.");
+ exit(EXIT_FAILURE);
+ } else if (r > (int)sizeof(param)) {
+ SCLogError(SC_ERR_FATAL, "buffer not big enough to write param.");
+ exit(EXIT_FAILURE);
}
- e->next = NULL;
- return e;
-}
-static void AlpReturnResultElmt(AppLayerParserResultElmt *e)
-{
- if (e->flags & ALP_RESULT_ELMT_ALLOC) {
- if (e->data_ptr != NULL)
- SCFree(e->data_ptr);
+ node = ConfGetNode(param);
+ if (node == NULL) {
+ SCLogDebug("Entry for %s not found.", param);
+ r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
+ alproto_name, ".", ipproto, ".enabled");
+ if (r < 0) {
+ SCLogError(SC_ERR_FATAL, "snprintf failure.");
+ exit(EXIT_FAILURE);
+ } else if (r > (int)sizeof(param)) {
+ SCLogError(SC_ERR_FATAL, "buffer not big enough to write param.");
+ exit(EXIT_FAILURE);
+ }
+
+ node = ConfGetNode(param);
+ if (node == NULL) {
+ SCLogDebug("Entry for %s not found.", param);
+ goto enabled;
+ }
}
- e->flags = 0;
- e->data_ptr = NULL;
- e->data_len = 0;
- e->next = NULL;
-
- SCMutexLock(&al_result_pool_mutex);
- PoolReturn(al_result_pool, (void *)e);
- SCMutexUnlock(&al_result_pool_mutex);
-}
-static void AlpAppendResultElmt(AppLayerParserResult *r, AppLayerParserResultElmt *e)
-{
- if (r->head == NULL) {
- r->head = e;
- r->tail = e;
- r->cnt = 1;
+ if (strcasecmp(node->val, "yes") == 0) {
+ goto enabled;
+ } else if (strcasecmp(node->val, "no") == 0) {
+ goto disabled;
+ } else if (strcasecmp(node->val, "detection-only") == 0) {
+ goto enabled;
} else {
- r->tail->next = e;
- r->tail = e;
- r->cnt++;
+ SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param);
+ exit(EXIT_FAILURE);
}
+
+ disabled:
+ enabled = 0;
+ enabled:
+ SCReturnInt(enabled);
}
-/**
- * \param alloc Is ptr alloc'd (1) or a ptr to static mem (0).
- * \retval -1 error
- * \retval 0 ok
- */
-static int AlpStoreField(AppLayerParserResult *output, uint16_t idx,
- uint8_t *ptr, uint32_t len, uint8_t alloc)
+/***** Parser related registration *****/
+
+int AppLayerParserRegisterParser(uint16_t ipproto, AppProto alproto,
+ uint8_t direction,
+ int (*Parser)(Flow *f, void *protocol_state,
+ void *pstate,
+ uint8_t *buf, uint32_t buf_len,
+ void *local_storage))
{
SCEnter();
- AppLayerParserResultElmt *e = AlpGetResultElmt();
- if (e == NULL) {
- SCLogError(SC_ERR_POOL_EMPTY, "App layer \"al_result_pool\" is empty");
- SCReturnInt(-1);
- }
-
- if (alloc == 1)
- e->flags |= ALP_RESULT_ELMT_ALLOC;
-
- e->name_idx = idx;
- e->data_ptr = ptr;
- e->data_len = len;
- AlpAppendResultElmt(output, e);
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ Parser[(direction & STREAM_TOSERVER) ? 0 : 1] = Parser;
SCReturnInt(0);
}
-void AppLayerSetEOF(Flow *f)
+void AppLayerParserRegisterParserAcceptableDataDirection(uint16_t ipproto, AppProto alproto,
+ uint8_t direction)
{
- if (f == NULL)
- return;
-
- AppLayerParserStateStore *parser_state_store =
- (AppLayerParserStateStore *)f->alparser;
- if (parser_state_store != NULL) {
- parser_state_store->id_flags |= APP_LAYER_TRANSACTION_EOF;
- parser_state_store->to_client.flags |= APP_LAYER_PARSER_EOF;
- parser_state_store->to_server.flags |= APP_LAYER_PARSER_EOF;
- /* increase version so we will inspect it one more time
- * with the EOF flags now set */
- parser_state_store->version++;
- }
+ SCEnter();
+
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].first_data_dir |=
+ (direction & (STREAM_TOSERVER | STREAM_TOCLIENT));
+
+ SCReturn;
}
-/** \brief Parse a field up to we reach the size limit
- *
- * \retval 1 Field found and stored.
- * \retval 0 Field parsing in progress.
- * \retval -1 error
- */
-int AlpParseFieldBySize(AppLayerParserResult *output, AppLayerParserState *pstate,
- uint16_t field_idx, uint32_t size, uint8_t *input,
- uint32_t input_len, uint32_t *offset)
+void AppLayerParserRegisterStateFuncs(uint16_t ipproto, AppProto alproto,
+ void *(*StateAlloc)(void),
+ void (*StateFree)(void *))
{
SCEnter();
- void *ptmp;
- if ((pstate->store_len + input_len) < size) {
- if (pstate->store_len == 0) {
- pstate->store = SCMalloc(input_len);
- if (pstate->store == NULL)
- SCReturnInt(-1);
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateAlloc =
+ StateAlloc;
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateFree =
+ StateFree;
- memcpy(pstate->store, input, input_len);
- pstate->store_len = input_len;
- } else {
- ptmp = SCRealloc(pstate->store, (input_len + pstate->store_len));
- if (ptmp == NULL) {
- SCFree(pstate->store);
- pstate->store = NULL;
- SCReturnInt(-1);
- }
- pstate->store = ptmp;
+ SCReturn;
+}
- memcpy(pstate->store+pstate->store_len, input, input_len);
- pstate->store_len += input_len;
- }
- } else {
- if (pstate->store_len == 0) {
- int r = AlpStoreField(output, field_idx, input, size, /* static mem */0);
- if (r == -1) {
- SCLogError(SC_ERR_ALPARSER, "Failed to store field value");
- SCReturnInt(-1);
- }
- (*offset) += size;
+void AppLayerParserRegisterLocalStorageFunc(uint16_t ipproto, AppProto alproto,
+ void *(*LocalStorageAlloc)(void),
+ void (*LocalStorageFree)(void *))
+{
+ SCEnter();
- SCReturnInt(1);
- } else {
- uint32_t diff = size - pstate->store_len;
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageAlloc =
+ LocalStorageAlloc;
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].LocalStorageFree =
+ LocalStorageFree;
- ptmp = SCRealloc(pstate->store, (diff + pstate->store_len));
- if (ptmp == NULL) {
- SCFree(pstate->store);
- pstate->store = NULL;
- SCReturnInt(-1);
- }
- pstate->store = ptmp;
+ SCReturn;
+}
- memcpy(pstate->store+pstate->store_len, input, diff);
- pstate->store_len += diff;
+void AppLayerParserRegisterGetFilesFunc(uint16_t ipproto, AppProto alproto,
+ FileContainer *(*StateGetFiles)(void *, uint8_t))
+{
+ SCEnter();
- int r = AlpStoreField(output, field_idx, pstate->store,
- pstate->store_len, /* alloc mem */1);
- if (r == -1) {
- SCLogError(SC_ERR_ALPARSER, "Failed to store field value");
- SCReturnInt(-1);
- }
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetFiles =
+ StateGetFiles;
- (*offset) += diff;
+ SCReturn;
+}
- pstate->store = NULL;
- pstate->store_len = 0;
+void AppLayerParserRegisterGetEventsFunc(uint16_t ipproto, AppProto alproto,
+ AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t))
+{
+ SCEnter();
- SCReturnInt(1);
- }
- }
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetEvents =
+ StateGetEvents;
- SCReturnInt(0);
+ SCReturn;
}
-/** \brief Parse a field up to the EOF
- *
- * \retval 1 Field found and stored.
- * \retval 0 Field parsing in progress.
- * \retval -1 error
- */
-int AlpParseFieldByEOF(AppLayerParserResult *output, AppLayerParserState *pstate,
- uint16_t field_idx, uint8_t *input, uint32_t input_len)
+void AppLayerParserRegisterHasEventsFunc(uint16_t ipproto, AppProto alproto,
+ int (*StateHasEvents)(void *))
{
SCEnter();
- void *ptmp;
-
- if (pstate->store_len == 0) {
- if (pstate->flags & APP_LAYER_PARSER_EOF) {
- SCLogDebug("store_len 0 and EOF");
- int r = AlpStoreField(output, field_idx, input, input_len, 0);
- if (r == -1) {
- SCLogError(SC_ERR_ALPARSER, "Failed to store field value");
- SCReturnInt(-1);
- }
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateHasEvents =
+ StateHasEvents;
- SCReturnInt(1);
- } else {
- SCLogDebug("store_len 0 but no EOF");
+ SCReturn;
+}
- /* delimiter field not found, so store the result for the next run */
- pstate->store = SCMalloc(input_len);
- if (pstate->store == NULL)
- SCReturnInt(-1);
+void AppLayerParserRegisterLogger(uint16_t ipproto, AppProto alproto)
+{
+ SCEnter();
- memcpy(pstate->store, input, input_len);
- pstate->store_len = input_len;
- }
- } else {
- if (pstate->flags & APP_LAYER_PARSER_EOF) {
- SCLogDebug("store_len %" PRIu32 " and EOF", pstate->store_len);
-
- ptmp = SCRealloc(pstate->store, (input_len + pstate->store_len));
- if (ptmp == NULL) {
- SCFree(pstate->store);
- pstate->store = NULL;
- pstate->store_len = 0;
- SCReturnInt(-1);
- }
- pstate->store = ptmp;
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger = TRUE;
- memcpy(pstate->store+pstate->store_len, input, input_len);
- pstate->store_len += input_len;
+ SCReturn;
+}
- int r = AlpStoreField(output, field_idx, pstate->store, pstate->store_len, 1);
- if (r == -1) {
- SCLogError(SC_ERR_ALPARSER, "Failed to store field value");
- SCReturnInt(-1);
- }
+void AppLayerParserRegisterTruncateFunc(uint16_t ipproto, AppProto alproto,
+ void (*Truncate)(void *, uint8_t))
+{
+ SCEnter();
- pstate->store = NULL;
- pstate->store_len = 0;
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate = Truncate;
- SCReturnInt(1);
- } else {
- SCLogDebug("store_len %" PRIu32 " but no EOF", pstate->store_len);
-
- /* delimiter field not found, so store the result for the next run */
- ptmp = SCRealloc(pstate->store, (input_len + pstate->store_len));
- if (ptmp == NULL) {
- SCFree(pstate->store);
- pstate->store = NULL;
- SCReturnInt(-1);
- }
- pstate->store = ptmp;
+ SCReturn;
+}
- memcpy(pstate->store+pstate->store_len, input, input_len);
- pstate->store_len += input_len;
- }
+void AppLayerParserRegisterGetStateProgressFunc(uint16_t ipproto, AppProto alproto,
+ int (*StateGetProgress)(void *alstate, uint8_t direction))
+{
+ SCEnter();
- }
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ StateGetProgress = StateGetProgress;
- SCReturnInt(0);
+ SCReturn;
}
-/** \brief Parse a field up to a delimeter.
- *
- * \retval 1 Field found and stored.
- * \retval 0 Field parsing in progress.
- * \retval -1 error
- */
-int AlpParseFieldByDelimiter(AppLayerParserResult *output, AppLayerParserState *pstate,
- uint16_t field_idx, const uint8_t *delim, uint8_t delim_len,
- uint8_t *input, uint32_t input_len, uint32_t *offset)
+void AppLayerParserRegisterTxFreeFunc(uint16_t ipproto, AppProto alproto,
+ void (*StateTransactionFree)(void *, uint64_t))
{
SCEnter();
- void *ptmp;
- SCLogDebug("pstate->store_len %" PRIu32 ", delim_len %" PRIu32 "",
- pstate->store_len, delim_len);
-
- if (pstate->store_len == 0) {
- uint8_t *ptr = SpmSearch(input, input_len, (uint8_t*)delim, delim_len);
- if (ptr != NULL) {
- uint32_t len = ptr - input;
- SCLogDebug(" len %" PRIu32 "", len);
-
- int r = AlpStoreField(output, field_idx, input, len, 0);
- if (r == -1) {
- SCLogError(SC_ERR_ALPARSER, "Failed to store field value");
- SCReturnInt(-1);
- }
- (*offset) += (len + delim_len);
- SCReturnInt(1);
- } else {
- if (pstate->flags & APP_LAYER_PARSER_EOF) {
- SCLogDebug("delim not found and EOF");
- SCReturnInt(0);
- }
-
- SCLogDebug("delim not found, continue");
- /* delimiter field not found, so store the result for the next run */
- pstate->store = SCMalloc(input_len);
- if (pstate->store == NULL)
- SCReturnInt(-1);
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ StateTransactionFree = StateTransactionFree;
- memcpy(pstate->store, input, input_len);
- pstate->store_len = input_len;
- }
- } else {
- uint8_t *ptr = SpmSearch(input, input_len, (uint8_t*)delim, delim_len);
- if (ptr != NULL) {
- uint32_t len = ptr - input;
- SCLogDebug("len %" PRIu32 " + %" PRIu32 " = %" PRIu32 "", len,
- pstate->store_len, len + pstate->store_len);
-
- ptmp = SCRealloc(pstate->store, (len + pstate->store_len));
- if (ptmp == NULL) {
- SCFree(pstate->store);
- pstate->store = NULL;
- SCReturnInt(-1);
- }
- pstate->store = ptmp;
+ SCReturn;
+}
- memcpy(pstate->store+pstate->store_len, input, len);
- pstate->store_len += len;
+void AppLayerParserRegisterGetTxCnt(uint16_t ipproto, AppProto alproto,
+ uint64_t (*StateGetTxCnt)(void *alstate))
+{
+ SCEnter();
- int r = AlpStoreField(output, field_idx, pstate->store,
- pstate->store_len, 1);
- if (r == -1) {
- SCLogError(SC_ERR_ALPARSER, "Failed to store field value");
- SCReturnInt(-1);
- }
- pstate->store = NULL;
- pstate->store_len = 0;
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ StateGetTxCnt = StateGetTxCnt;
- (*offset) += (len + delim_len);
- SCReturnInt(1);
- } else {
- if (pstate->flags & APP_LAYER_PARSER_EOF) {
- /* if the input len is smaller than the delim len we search the
- * pstate->store since we may match there. */
- if (delim_len > input_len) {
- /* delimiter field not found, so store the result for the
- * next run */
- ptmp = SCRealloc(pstate->store,
- (input_len + pstate->store_len));
- if (ptmp == NULL) {
- SCFree(pstate->store);
- pstate->store = NULL;
- SCReturnInt(-1);
- }
- pstate->store = ptmp;
-
- memcpy(pstate->store+pstate->store_len, input, input_len);
- pstate->store_len += input_len;
- SCLogDebug("input_len < delim_len, checking pstate->store");
-
- if (pstate->store_len >= delim_len) {
- ptr = SpmSearch(pstate->store, pstate->store_len, (uint8_t*)delim,
- delim_len);
- if (ptr != NULL) {
- SCLogDebug("now we found the delim");
-
- uint32_t len = ptr - pstate->store;
- int r = AlpStoreField(output, field_idx,
- pstate->store, len, 1);
- if (r == -1) {
- SCLogError(SC_ERR_ALPARSER, "Failed to store "
- "field value");
- SCReturnInt(-1);
- }
-
- pstate->store = NULL;
- pstate->store_len = 0;
-
- (*offset) += (input_len);
-
- SCLogDebug("offset %" PRIu32 "", (*offset));
- SCReturnInt(1);
- }
- goto free_and_return;
- }
- goto free_and_return;
- }
- free_and_return:
- SCLogDebug("not found and EOF, so free what we have so far.");
- SCFree(pstate->store);
- pstate->store = NULL;
- pstate->store_len = 0;
- SCReturnInt(0);
- }
+ SCReturn;
+}
- /* delimiter field not found, so store the result for the next run */
- ptmp = SCRealloc(pstate->store, (input_len + pstate->store_len));
- if (ptmp == NULL) {
- SCFree(pstate->store);
- pstate->store = NULL;
- SCReturnInt(-1);
- }
- pstate->store = ptmp;
-
- memcpy(pstate->store+pstate->store_len, input, input_len);
- pstate->store_len += input_len;
-
- /* if the input len is smaller than the delim len we search the
- * pstate->store since we may match there. */
- if (delim_len > input_len && delim_len <= pstate->store_len) {
- SCLogDebug("input_len < delim_len, checking pstate->store");
-
- ptr = SpmSearch(pstate->store, pstate->store_len, (uint8_t*)delim, delim_len);
- if (ptr != NULL) {
- SCLogDebug("now we found the delim");
-
- uint32_t len = ptr - pstate->store;
- int r = AlpStoreField(output, field_idx, pstate->store, len, 1);
- if (r == -1) {
- SCLogError(SC_ERR_ALPARSER, "Failed to store field value");
- SCReturnInt(-1);
- }
- pstate->store = NULL;
- pstate->store_len = 0;
-
- (*offset) += (input_len);
-
- SCLogDebug("ffset %" PRIu32 "", (*offset));
- SCReturnInt(1);
- }
- }
- }
+void AppLayerParserRegisterGetTx(uint16_t ipproto, AppProto alproto,
+ void *(StateGetTx)(void *alstate, uint64_t tx_id))
+{
+ SCEnter();
- }
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ StateGetTx = StateGetTx;
- SCReturnInt(0);
+ SCReturn;
}
-uint16_t AppLayerGetProtoByName(const char *name)
+void AppLayerParserRegisterGetStateProgressCompletionStatus(uint16_t ipproto,
+ uint16_t alproto,
+ int (*StateGetProgressCompletionStatus)(uint8_t direction))
{
- uint8_t u = 1;
- SCLogDebug("looking for name %s", name);
+ SCEnter();
- for ( ; u < ALPROTO_MAX; u++) {
- if (al_proto_table[u].name == NULL)
- continue;
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ StateGetProgressCompletionStatus = StateGetProgressCompletionStatus;
- SCLogDebug("name %s proto %"PRIu16"",
- al_proto_table[u].name, u);
+ SCReturn;
+}
- if (strcasecmp(name,al_proto_table[u].name) == 0) {
- SCLogDebug("match, returning %"PRIu16"", u);
- return u;
- }
- }
+void AppLayerParserRegisterGetEventInfo(uint16_t ipproto, AppProto alproto,
+ int (*StateGetEventInfo)(const char *event_name, int *event_id,
+ AppLayerEventType *event_type))
+{
+ SCEnter();
- AppLayerProbingParser *pp = alp_proto_ctx.probing_parsers;
- while (pp != NULL) {
- AppLayerProbingParserPort *pp_port = pp->port;
- while (pp_port != NULL) {
- AppLayerProbingParserElement *pp_pe = pp_port->toserver;
- while (pp_pe != NULL) {
- if (strcasecmp(pp_pe->al_proto_name, name) == 0) {
- return pp_pe->al_proto;
- }
-
- pp_pe = pp_pe->next;
- }
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ StateGetEventInfo = StateGetEventInfo;
- pp_pe = pp_port->toclient;
- while (pp_pe != NULL) {
- if (strcasecmp(pp_pe->al_proto_name, name) == 0) {
- return pp_pe->al_proto;
- }
+ SCReturn;
+}
- pp_pe = pp_pe->next;
- }
+/***** Get and transaction functions *****/
- pp_port = pp_port->next;
- }
- pp = pp->next;
+void *AppLayerParserGetProtocolParserLocalStorage(uint16_t ipproto, AppProto alproto)
+{
+ SCEnter();
+
+ if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ LocalStorageAlloc != NULL)
+ {
+ SCReturnPtr(alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ LocalStorageAlloc(), "void *");
}
- return ALPROTO_UNKNOWN;
+ SCReturnPtr(NULL, "void *");
}
-const char *AppLayerGetProtoString(int proto)
+void AppLayerParserDestroyProtocolParserLocalStorage(uint16_t ipproto, AppProto alproto,
+ void *local_data)
{
+ SCEnter();
- if ((proto >= ALPROTO_MAX) || (proto < 0)) {
- return "Undefined";
+ if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ LocalStorageFree != NULL)
+ {
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ LocalStorageFree(local_data);
}
- if (al_proto_table[proto].name == NULL) {
- return "Unset";
- } else {
- return al_proto_table[proto].name;
- }
+ SCReturn;
}
-/** \brief Description: register a parser.
- *
- * \param name full parser name, e.g. "http.request_line"
- * \todo do we need recursive, so a "http" and a "request_line" where the engine
- * knows it's actually "http.request_line"... same difference maybe.
- * \param AppLayerParser pointer to the parser function
- *
- * \retval 0 on success
- * \retval -1 on error
- */
-int AppLayerRegisterParser(char *name, uint16_t proto, uint16_t parser_id,
- int (*AppLayerParser)(Flow *f, void *protocol_state,
- AppLayerParserState *parser_state,
- uint8_t *input, uint32_t input_len,
- void *local_data,
- AppLayerParserResult *output),
- char *dependency)
+uint64_t AppLayerParserGetTransactionLogId(void *pstate)
{
+ SCEnter();
- al_max_parsers++;
+ SCReturnCT(((AppLayerParserParserState *)pstate)->log_id, "uint64_t");
+}
- if(al_max_parsers >= MAX_PARSERS){
- SCLogInfo("Failed to register %s al_parser_table array full",name);
- exit(EXIT_FAILURE);
- }
+void AppLayerParserSetTransactionLogId(void *pstate)
+{
+ SCEnter();
- al_parser_table[al_max_parsers].name = name;
- al_parser_table[al_max_parsers].proto = proto;
- al_parser_table[al_max_parsers].parser_local_id = parser_id;
- al_parser_table[al_max_parsers].AppLayerParser = AppLayerParser;
+ ((AppLayerParserParserState *)pstate)->log_id++;
- SCLogDebug("registered %p at proto %" PRIu32 ", al_proto_table idx "
- "%" PRIu32 ", parser_local_id %" PRIu32 "",
- AppLayerParser, proto, al_max_parsers,
- parser_id);
- return 0;
+ SCReturn;
}
-/** \brief Description: register a protocol parser.
- *
- * \param name full parser name, e.g. "http.request_line"
- * \todo do we need recursive, so a "http" and a "request_line" where the engine
- * knows it's actually "http.request_line"... same difference maybe.
- * \param AppLayerParser pointer to the parser function
- *
- * \retval 0 on success
- * \retval -1 on error
- */
-int AppLayerRegisterProto(char *name, uint8_t proto, uint8_t flags,
- int (*AppLayerParser)(Flow *f, void *protocol_state,
- AppLayerParserState *parser_state,
- uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output))
+uint64_t AppLayerParserGetTransactionInspectId(void *pstate, uint8_t direction)
{
+ SCEnter();
- al_max_parsers++;
-
- if(al_max_parsers >= MAX_PARSERS){
- SCLogInfo("Failed to register %s al_parser_table array full",name);
- exit(EXIT_FAILURE);
- }
+ SCReturnCT(((AppLayerParserParserState *)pstate)->
+ inspect_id[direction & STREAM_TOSERVER ? 0 : 1], "uint64_t");
+}
- /* register name here as well so pp only protocols will work */
- if (al_proto_table[proto].name != NULL) {
- BUG_ON(strcmp(al_proto_table[proto].name, name) != 0);
- } else {
- al_proto_table[proto].name = name;
- }
+void AppLayerParserSetTransactionInspectId(void *pstate,
+ uint16_t ipproto, AppProto alproto, void *alstate,
+ uint8_t direction)
+{
+ SCEnter();
- al_parser_table[al_max_parsers].name = name;
- al_parser_table[al_max_parsers].AppLayerParser = AppLayerParser;
+ uint8_t dir = (direction & STREAM_TOSERVER) ? 0 : 1;
+ uint64_t total_txs = AppLayerParserGetTxCnt(ipproto, alproto, alstate);
+ uint64_t idx = AppLayerParserGetTransactionInspectId(pstate, direction);
+ int state_done_progress = AppLayerParserGetStateProgressCompletionStatus(ipproto, alproto, direction);
+ void *tx;
+ int state_progress;
- /* create proto, direction -- parser mapping */
- if (flags & STREAM_TOSERVER) {
- al_proto_table[proto].to_server = al_max_parsers;
- } else if (flags & STREAM_TOCLIENT) {
- al_proto_table[proto].to_client = al_max_parsers;
+ for (; idx < total_txs; idx++) {
+ tx = AppLayerParserGetTx(ipproto, alproto, alstate, idx);
+ if (tx == NULL)
+ continue;
+ state_progress = AppLayerParserGetStateProgress(ipproto, alproto, tx, direction);
+ if (state_progress >= state_done_progress)
+ continue;
+ else
+ break;
}
+ ((AppLayerParserParserState *)pstate)->inspect_id[dir] = idx;
- SCLogDebug("registered %p at proto %" PRIu32 " flags %02X, al_proto_table "
- "idx %" PRIu32 ", %s", AppLayerParser, proto,
- flags, al_max_parsers, name);
- return 0;
-}
-
-#ifdef UNITTESTS
-void AppLayerParserRegisterUnittests(uint16_t proto, void (*RegisterUnittests)(void)) {
- al_proto_table[proto].RegisterUnittests = RegisterUnittests;
+ SCReturn;
}
-#endif
-void AppLayerRegisterStateFuncs(uint16_t proto, void *(*StateAlloc)(void),
- void (*StateFree)(void *))
+AppLayerDecoderEvents *AppLayerParserGetDecoderEvents(void *pstate)
{
- al_proto_table[proto].StateAlloc = StateAlloc;
- al_proto_table[proto].StateFree = StateFree;
-}
+ SCEnter();
-void AppLayerRegisterTxFreeFunc(uint16_t proto,
- void (*StateTransactionFree)(void *, uint64_t))
-{
- al_proto_table[proto].StateTransactionFree = StateTransactionFree;
+ SCReturnPtr(((AppLayerParserParserState *)pstate)->decoder_events,
+ "AppLayerDecoderEvents *");
}
-void AppLayerRegisterLocalStorageFunc(uint16_t proto,
- void *(*LocalStorageAlloc)(void),
- void (*LocalStorageFree)(void *))
+void AppLayerParserSetDecoderEvents(void *pstate, AppLayerDecoderEvents *devents)
{
- al_proto_table[proto].LocalStorageAlloc = LocalStorageAlloc;
- al_proto_table[proto].LocalStorageFree = LocalStorageFree;
-
- return;
+ (((AppLayerParserParserState *)pstate)->decoder_events) = devents;
}
-void AppLayerRegisterTruncateFunc(uint16_t proto, void (*Truncate)(void *, uint8_t))
+AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint16_t ipproto, AppProto alproto,
+ void *alstate, uint64_t tx_id)
{
- al_proto_table[proto].Truncate = Truncate;
+ SCEnter();
- return;
-}
-
-void AppLayerStreamTruncated(uint16_t proto, void *state, uint8_t flags) {
- if (al_proto_table[proto].Truncate != NULL) {
- al_proto_table[proto].Truncate(state, flags);
- }
-}
+ AppLayerDecoderEvents *ptr = NULL;
-void *AppLayerGetProtocolParserLocalStorage(uint16_t proto)
-{
- if (al_proto_table[proto].LocalStorageAlloc != NULL) {
- return al_proto_table[proto].LocalStorageAlloc();
+ if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ StateGetEvents != NULL)
+ {
+ ptr = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ StateGetEvents(alstate, tx_id);
}
- return NULL;
-}
-
-void AppLayerRegisterGetFilesFunc(uint16_t proto,
- FileContainer *(*StateGetFiles)(void *, uint8_t))
-{
- al_proto_table[proto].StateGetFiles = StateGetFiles;
-}
-
-void AppLayerRegisterGetAlstateProgressFunc(uint16_t alproto,
- int (*StateGetAlstateProgress)(void *alstate, uint8_t direction))
-{
- al_proto_table[alproto].StateGetAlstateProgress = StateGetAlstateProgress;
-}
-
-void AppLayerRegisterGetTxCnt(uint16_t alproto,
- uint64_t (*StateGetTxCnt)(void *alstate))
-{
- al_proto_table[alproto].StateGetTxCnt = StateGetTxCnt;
-}
-
-void AppLayerRegisterGetTx(uint16_t alproto,
- void *(StateGetTx)(void *alstate, uint64_t tx_id))
-{
- al_proto_table[alproto].StateGetTx = StateGetTx;
-}
-
-void AppLayerRegisterGetAlstateProgressCompletionStatus(uint16_t alproto,
- int (*StateGetAlstateProgressCompletionStatus)(uint8_t direction))
-{
- al_proto_table[alproto].StateGetAlstateProgressCompletionStatus =
- StateGetAlstateProgressCompletionStatus;
-}
-
-void AppLayerRegisterGetEventsFunc(uint16_t proto,
- AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t))
-{
- al_proto_table[proto].StateGetEvents = StateGetEvents;
-}
-
-void AppLayerRegisterHasEventsFunc(uint16_t proto,
- int (*StateHasEvents)(void *)) {
- al_proto_table[proto].StateHasEvents = StateHasEvents;
-}
-
-/** \brief Indicate to the app layer parser that a logger is active
- * for this protocol.
- */
-void AppLayerRegisterLogger(uint16_t proto) {
- al_proto_table[proto].logger = TRUE;
-}
-
-void AppLayerRegisterGetEventInfo(uint16_t alproto,
- int (*StateGetEventInfo)(const char *event_name,
- int *event_id,
- AppLayerEventType *event_type))
-{
- al_proto_table[alproto].StateGetEventInfo = StateGetEventInfo;
+ SCReturnPtr(ptr, "AppLayerDecoderEvents *");
}
-AppLayerParserStateStore *AppLayerParserStateStoreAlloc(void)
-{
- AppLayerParserStateStore *s = (AppLayerParserStateStore *)SCMalloc
- (sizeof(AppLayerParserStateStore));
- if (s == NULL)
- return NULL;
-
- memset(s, 0, sizeof(AppLayerParserStateStore));
-
- return s;
-}
-
-/** \brief free a AppLayerParserStateStore structure
- * \param s AppLayerParserStateStore structure to free */
-void AppLayerParserStateStoreFree(AppLayerParserStateStore *s)
-{
- if (s->to_server.store != NULL)
- SCFree(s->to_server.store);
- if (s->to_client.store != NULL)
- SCFree(s->to_client.store);
- if (s->decoder_events != NULL)
- AppLayerDecoderEventsFreeEvents(s->decoder_events);
- s->decoder_events = NULL;
-
- SCFree(s);
-}
-
-static void AppLayerParserResultCleanup(AppLayerParserResult *result)
-{
- AppLayerParserResultElmt *e = result->head;
- while (e != NULL) {
- AppLayerParserResultElmt *next_e = e->next;
-
- result->head = next_e;
- if (next_e == NULL)
- result->tail = NULL;
- result->cnt--;
-
- AlpReturnResultElmt(e);
- e = next_e;
- }
-}
-
-static int AppLayerDoParse(void *local_data, Flow *f,
- void *app_layer_state,
- AppLayerParserState *parser_state,
- uint8_t *input, uint32_t input_len,
- uint16_t parser_idx,
- uint16_t proto)
+uint16_t AppLayerParserGetStateVersion(void *pstate)
{
SCEnter();
- DEBUG_ASSERT_FLOW_LOCKED(f);
-
- int retval = 0;
- AppLayerParserResult result = { NULL, NULL, 0 };
-
- SCLogDebug("parser_idx %" PRIu32 "", parser_idx);
- //printf("--- (%u)\n", input_len);
- //PrintRawDataFp(stdout, input,input_len);
- //printf("---\n");
-
- /* invoke the parser */
- int r = al_parser_table[parser_idx].
- AppLayerParser(f, app_layer_state,
- parser_state, input, input_len,
- local_data, &result);
- if (r < 0) {
- if (r == -1) {
- AppLayerParserResultCleanup(&result);
- SCReturnInt(-1);
-#ifdef DEBUG
- } else {
- BUG_ON(r); /* this is not supposed to happen!! */
-#else
- SCReturnInt(-1);
-#endif
- }
- }
-
- /* process the result elements */
- AppLayerParserResultElmt *e = result.head;
- for (; e != NULL; e = e->next) {
- SCLogDebug("e %p e->name_idx %" PRIu32 ", e->data_ptr %p, e->data_len "
- "%" PRIu32 ", map_size %" PRIu32 "", e, e->name_idx,
- e->data_ptr, e->data_len, al_proto_table[proto].map_size);
-
- /* no parser defined for this field. */
- if (e->name_idx >= al_proto_table[proto].map_size ||
- al_proto_table[proto].map[e->name_idx] == NULL)
- {
- SCLogDebug("no parser for proto %" PRIu32 ", parser_local_id "
- "%" PRIu32 "", proto, e->name_idx);
- continue;
- }
-
- uint16_t idx = al_proto_table[proto].map[e->name_idx]->parser_id;
-
- /* prepare */
- uint16_t tmp = parser_state->parse_field;
- parser_state->parse_field = 0;
- parser_state->flags |= APP_LAYER_PARSER_EOF;
-
- r = AppLayerDoParse(local_data, f, app_layer_state, parser_state, e->data_ptr,
- e->data_len, idx, proto);
-
- /* restore */
- parser_state->flags &= ~APP_LAYER_PARSER_EOF;
- parser_state->parse_field = tmp;
-
- /* bail out on a serious error */
- if (r < 0) {
- if (r == -1) {
- retval = -1;
- break;
-#ifdef DEBUG
- } else {
- BUG_ON(r); /* this is not supposed to happen!! */
-#else
- SCReturnInt(-1);
-#endif
- }
- }
- }
-
- AppLayerParserResultCleanup(&result);
- SCReturnInt(retval);
+ SCReturnCT((pstate == NULL) ? 0 : ((AppLayerParserParserState *)pstate)->version,
+ "uint16_t");
}
-/**
- * \brief remove obsolete (inspected and logged) transactions
- */
-static void AppLayerTransactionsCleanup(AppLayerProto *p, AppLayerParserStateStore *parser_state_store, void *app_layer_state)
-{
- if (p->StateTransactionFree == NULL)
- return;
-
- uint64_t inspect = 0, log = 0;
- if (parser_state_store->inspect_id[0] < parser_state_store->inspect_id[1])
- inspect = parser_state_store->inspect_id[0];
- else
- inspect = parser_state_store->inspect_id[1];
- log = parser_state_store->log_id;
-
- SCLogDebug("inspect %"PRIu64", log %"PRIu64", logger: %s",
- inspect, log, p->logger ? "true" : "false");
-
- if (p->logger == TRUE) {
- uint64_t min = log < inspect ? log : inspect;
- if (min > 0) {
- SCLogDebug("freeing %"PRIu64" (with logger) %p", min - 1, p->StateTransactionFree);
- p->StateTransactionFree(app_layer_state, min - 1);
- }
- } else {
- if (inspect > 0) {
- SCLogDebug("freeing %"PRIu64" (no logger) %p", inspect - 1, p->StateTransactionFree);
- p->StateTransactionFree(app_layer_state, inspect - 1);
- }
- }
-}
-
-#ifdef DEBUG
-uint32_t applayererrors = 0;
-uint32_t applayerhttperrors = 0;
-#endif
-
-/**
- * \brief Layer 7 Parsing main entry point.
- *
- * \param f Properly initialized and locked flow.
- * \param proto L7 proto, e.g. ALPROTO_HTTP
- * \param flags Stream flags
- * \param input Input L7 data
- * \param input_len Length of the input data.
- *
- * \retval -1 error
- * \retval 0 ok
- */
-int AppLayerParse(void *local_data, Flow *f, uint8_t proto,
- uint8_t flags, uint8_t *input, uint32_t input_len)
+FileContainer *AppLayerParserGetFiles(uint16_t ipproto, AppProto alproto,
+ void *alstate, uint8_t direction)
{
SCEnter();
- DEBUG_ASSERT_FLOW_LOCKED(f);
-
- uint16_t parser_idx = 0;
- AppLayerProto *p = &al_proto_table[proto];
- TcpSession *ssn = NULL;
-
- /* Used only if it's TCP */
- ssn = f->protoctx;
-
- /* Do this check before calling AppLayerParse */
- if (flags & STREAM_GAP) {
- SCLogDebug("stream gap detected (missing packets), this is not yet supported.");
-
- if (f->alstate != NULL)
- AppLayerStreamTruncated(proto, f->alstate, flags);
- goto error;
- }
-
- /* Get the parser state (if any) */
- AppLayerParserStateStore *parser_state_store = f->alparser;
- if (parser_state_store == NULL) {
- parser_state_store = AppLayerParserStateStoreAlloc();
- if (parser_state_store == NULL)
- goto error;
-
- f->alparser = (void *)parser_state_store;
- }
-
- parser_state_store->version++;
- SCLogDebug("app layer state version incremented to %"PRIu16,
- parser_state_store->version);
-
- AppLayerParserState *parser_state = NULL;
- if (flags & STREAM_TOSERVER) {
- SCLogDebug("to_server msg (flow %p)", f);
-
- parser_state = &parser_state_store->to_server;
- if (!(parser_state->flags & APP_LAYER_PARSER_USE)) {
- parser_idx = p->to_server;
- parser_state->cur_parser = parser_idx;
- parser_state->flags |= APP_LAYER_PARSER_USE;
- } else {
- SCLogDebug("using parser %" PRIu32 " we stored before (to_server)",
- parser_state->cur_parser);
- parser_idx = parser_state->cur_parser;
- }
- } else {
- SCLogDebug("to_client msg (flow %p)", f);
-
- parser_state = &parser_state_store->to_client;
- if (!(parser_state->flags & APP_LAYER_PARSER_USE)) {
- parser_idx = p->to_client;
- parser_state->cur_parser = parser_idx;
- parser_state->flags |= APP_LAYER_PARSER_USE;
- } else {
- SCLogDebug("using parser %" PRIu32 " we stored before (to_client)",
- parser_state->cur_parser);
- parser_idx = parser_state->cur_parser;
- }
- }
-
- if (parser_idx == 0 || (parser_state->flags & APP_LAYER_PARSER_DONE)) {
- SCLogDebug("no parser for protocol %" PRIu32 "", proto);
- SCReturnInt(0);
- }
-
- if (flags & STREAM_EOF)
- parser_state->flags |= APP_LAYER_PARSER_EOF;
-
- /* See if we already have a 'app layer' state */
- void *app_layer_state = f->alstate;
- if (app_layer_state == NULL) {
- /* lock the allocation of state as we may
- * alloc more than one otherwise */
- app_layer_state = p->StateAlloc();
- if (app_layer_state == NULL) {
- goto error;
- }
-
- f->alstate = app_layer_state;
- SCLogDebug("alloced new app layer state %p (name %s)",
- app_layer_state, al_proto_table[f->alproto].name);
- } else {
- SCLogDebug("using existing app layer state %p (name %s))",
- app_layer_state, al_proto_table[f->alproto].name);
- }
-
- /* invoke the recursive parser, but only on data. We may get empty msgs on EOF */
- if (input_len > 0) {
- int r = AppLayerDoParse(local_data, f, app_layer_state, parser_state,
- input, input_len, parser_idx, proto);
- if (r < 0)
- goto error;
- }
-
- /* set the packets to no inspection and reassembly if required */
- if (parser_state->flags & APP_LAYER_PARSER_NO_INSPECTION) {
- AppLayerSetEOF(f);
- FlowSetNoPayloadInspectionFlag(f);
- FlowSetSessionNoApplayerInspectionFlag(f);
-
- /* Set the no reassembly flag for both the stream in this TcpSession */
- if (parser_state->flags & APP_LAYER_PARSER_NO_REASSEMBLY) {
- if (ssn != NULL) {
- StreamTcpSetSessionNoReassemblyFlag(ssn,
- flags & STREAM_TOCLIENT ? 1 : 0);
- StreamTcpSetSessionNoReassemblyFlag(ssn,
- flags & STREAM_TOSERVER ? 1 : 0);
- }
- }
- }
-
- /* next, see if we can get rid of transactions now */
- AppLayerTransactionsCleanup(p, parser_state_store, app_layer_state);
-
- if (parser_state->flags & APP_LAYER_PARSER_EOF) {
- SCLogDebug("eof, flag Transaction id's");
- parser_state_store->id_flags |= APP_LAYER_TRANSACTION_EOF;
- }
-
- /* stream truncated, inform app layer */
- if (flags & STREAM_DEPTH) {
- AppLayerStreamTruncated(proto, app_layer_state, flags);
- }
-
- SCReturnInt(0);
-
-error:
- if (ssn != NULL) {
-#ifdef DEBUG
- if (FLOW_IS_IPV4(f)) {
- char src[16];
- char dst[16];
- PrintInet(AF_INET, (const void*)&f->src.addr_data32[0], src,
- sizeof (src));
- PrintInet(AF_INET, (const void*)&f->dst.addr_data32[0], dst,
- sizeof (dst));
-
- SCLogDebug("Error occured in parsing \"%s\" app layer "
- "protocol, using network protocol %"PRIu8", source IP "
- "address %s, destination IP address %s, src port %"PRIu16" and "
- "dst port %"PRIu16"", al_proto_table[f->alproto].name,
- f->proto, src, dst, f->sp, f->dp);
- fflush(stdout);
- } else if (FLOW_IS_IPV6(f)) {
- char dst6[46];
- char src6[46];
-
- PrintInet(AF_INET6, (const void*)&f->src.addr_data32, src6,
- sizeof (src6));
- PrintInet(AF_INET6, (const void*)&f->dst.addr_data32, dst6,
- sizeof (dst6));
-
- SCLogDebug("Error occured in parsing \"%s\" app layer "
- "protocol, using network protocol %"PRIu8", source IPv6 "
- "address %s, destination IPv6 address %s, src port %"PRIu16" and "
- "dst port %"PRIu16"", al_proto_table[f->alproto].name,
- f->proto, src6, dst6, f->sp, f->dp);
- fflush(stdout);
- }
- applayererrors++;
- if (f->alproto == ALPROTO_HTTP)
- applayerhttperrors++;
-#endif
- /* Set the no app layer inspection flag for both
- * the stream in this Flow */
- FlowSetSessionNoApplayerInspectionFlag(f);
- AppLayerSetEOF(f);
- }
+ FileContainer *ptr = NULL;
- SCReturnInt(-1);
-}
-
-/**
- * \brief Get 'active' tx id, meaning the lowest id that still need work.
- *
- * \retval id tx id
- */
-uint64_t AppLayerTransactionGetActive(Flow *f, uint8_t flags) {
- AppLayerProto *p = &al_proto_table[f->alproto];
- uint64_t log_id = ((AppLayerParserStateStore *)f->alparser)->log_id;
- uint64_t inspect_id = ((AppLayerParserStateStore *)f->alparser)->
- inspect_id[flags & STREAM_TOSERVER ? 0 : 1];
- if (p->logger == TRUE) {
- return (log_id < inspect_id) ? log_id : inspect_id;
- } else {
- return inspect_id;
+ if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ StateGetFiles != NULL)
+ {
+ ptr = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ StateGetFiles(alstate, direction);
}
-}
-
-void AppLayerTransactionUpdateLogId(Flow *f)
-{
- DEBUG_ASSERT_FLOW_LOCKED(f);
- ((AppLayerParserStateStore *)f->alparser)->log_id++;
- return;
+ SCReturnPtr(ptr, "FileContainer *");
}
-uint64_t AppLayerTransactionGetLogId(Flow *f)
-{
- DEBUG_ASSERT_FLOW_LOCKED(f);
-
- return ((AppLayerParserStateStore *)f->alparser)->log_id;
-}
-
-uint16_t AppLayerGetStateVersion(Flow *f)
+int AppLayerParserGetStateProgress(uint16_t ipproto, AppProto alproto,
+ void *alstate, uint8_t direction)
{
SCEnter();
-
- DEBUG_ASSERT_FLOW_LOCKED(f);
-
- uint16_t version = 0;
- AppLayerParserStateStore *parser_state_store = NULL;
-
- parser_state_store = (AppLayerParserStateStore *)f->alparser;
- if (parser_state_store != NULL) {
- version = parser_state_store->version;
- }
-
- SCReturnUInt(version);
-}
-
-uint64_t AppLayerTransactionGetInspectId(Flow *f, uint8_t flags)
-{
- DEBUG_ASSERT_FLOW_LOCKED(f);
-
- return ((AppLayerParserStateStore *)f->alparser)->
- inspect_id[flags & STREAM_TOSERVER ? 0 : 1];
+ SCReturnInt(alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ StateGetProgress(alstate, direction));
}
-void AppLayerTransactionUpdateInspectId(Flow *f, uint8_t flags)
+uint64_t AppLayerParserGetTxCnt(uint16_t ipproto, AppProto alproto, void *alstate)
{
- uint8_t direction = (flags & STREAM_TOSERVER) ? 0 : 1;
-
- FLOWLOCK_WRLOCK(f);
- uint64_t total_txs = AppLayerGetTxCnt(f->alproto, f->alstate);
- uint64_t idx = AppLayerTransactionGetInspectId(f, flags);
- int state_done_progress = AppLayerGetAlstateProgressCompletionStatus(f->alproto, direction);
- void *tx;
- int state_progress;
-
- for (; idx < total_txs; idx++) {
- tx = AppLayerGetTx(f->alproto, f->alstate, idx);
- if (tx == NULL)
- continue;
- state_progress = AppLayerGetAlstateProgress(f->alproto, tx, direction);
- if (state_progress >= state_done_progress)
- continue;
- else
- break;
- }
- ((AppLayerParserStateStore *)f->alparser)->inspect_id[direction] = idx;
- FLOWLOCK_UNLOCK(f);
-
- return;
-}
-
-void AppLayerListSupportedProtocols(void)
-{
- uint32_t i;
- uint32_t temp_alprotos_buf[ALPROTO_MAX];
- memset(temp_alprotos_buf, 0, sizeof(temp_alprotos_buf));
-
- printf("=========Supported App Layer Protocols=========\n");
-
- /* for each proto, alloc the map array */
- for (i = 0; i < ALPROTO_MAX; i++) {
- if (al_proto_table[i].name == NULL)
- continue;
-
- temp_alprotos_buf[i] = 1;
- printf("%s\n", al_proto_table[i].name);
- }
-
- AppLayerProbingParser *pp = alp_proto_ctx.probing_parsers;
- while (pp != NULL) {
- AppLayerProbingParserPort *pp_port = pp->port;
- while (pp_port != NULL) {
- AppLayerProbingParserElement *pp_pe = pp_port->toserver;
- while (pp_pe != NULL) {
- if (temp_alprotos_buf[pp_pe->al_proto] == 1) {
- pp_pe = pp_pe->next;
- continue;
- }
-
- printf("%s\n", pp_pe->al_proto_name);
- pp_pe = pp_pe->next;
- }
-
- pp_pe = pp_port->toclient;
- while (pp_pe != NULL) {
- if (temp_alprotos_buf[pp_pe->al_proto] == 1) {
- pp_pe = pp_pe->next;;
- continue;
- }
-
- printf("%s\n", pp_pe->al_proto_name);
- pp_pe = pp_pe->next;
- }
-
- pp_port = pp_port->next;
- }
- pp = pp->next;
- }
-
- return;
-}
-
-AppLayerDecoderEvents *AppLayerGetDecoderEventsForFlow(Flow *f)
-{
- DEBUG_ASSERT_FLOW_LOCKED(f);
-
- /* Get the parser state (if any) */
- AppLayerParserStateStore *parser_state_store = NULL;
-
- if (f == NULL || f->alparser == NULL) {
- return NULL;
- }
-
- parser_state_store = (AppLayerParserStateStore *)f->alparser;
- if (parser_state_store != NULL) {
- return parser_state_store->decoder_events;
- }
-
- return NULL;
-}
-
-/**
- * \brief Trigger "raw" stream reassembly from the app layer.
- *
- * This way HTTP for example, can trigger raw stream inspection right
- * when the full request body is received. This is often smaller than
- * our raw reassembly size limit.
- *
- * \param f flow, for access the stream state
- */
-void AppLayerTriggerRawStreamReassembly(Flow *f) {
SCEnter();
-
- DEBUG_ASSERT_FLOW_LOCKED(f);
-
-#ifdef DEBUG
- BUG_ON(f == NULL);
-#endif
-
- if (f != NULL && f->protoctx != NULL) {
- TcpSession *ssn = (TcpSession *)f->protoctx;
- StreamTcpReassembleTriggerRawReassembly(ssn);
- }
-
- SCReturn;
+ SCReturnCT(alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ StateGetTxCnt(alstate), "uint64_t");
}
-void RegisterAppLayerParsers(void)
-{
- /** \todo move to general init function */
- memset(&al_proto_table, 0, sizeof(al_proto_table));
- memset(&al_parser_table, 0, sizeof(al_parser_table));
-
- /** setup result pool
- * \todo Per thread pool */
- al_result_pool = PoolInit(1000, 250,
- sizeof(AppLayerParserResultElmt),
- AlpResultElmtPoolAlloc, NULL, NULL,
- AlpResultElmtPoolCleanup, NULL);
-
- RegisterHTPParsers();
- RegisterSSLParsers();
- RegisterSMBParsers();
- /** \todo bug 719 */
- //RegisterSMB2Parsers();
- RegisterDCERPCParsers();
- RegisterDCERPCUDPParsers();
- RegisterFTPParsers();
- /* we are disabling the ssh parser temporarily, since we are moving away
- * from some of the archaic features we use in the app layer. We will
- * reintroduce this parser. Also do note that keywords that rely on
- * the ssh parser would now be disabled */
-#if 0
- RegisterSSHParsers();
-#endif
- RegisterSMTPParsers();
- RegisterDNSUDPParsers();
- RegisterDNSTCPParsers();
-
- /** IMAP */
- if (AppLayerProtoDetectionEnabled("imap")) {
- //AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_IMAP, "|2A 20|OK|20|", 5, 0, STREAM_TOCLIENT);
- AlpProtoAdd(&alp_proto_ctx, "imap", IPPROTO_TCP, ALPROTO_IMAP, "1|20|capability", 12, 0, STREAM_TOSERVER);
- } else {
- SCLogInfo("Protocol detection and parser disabled for %s protocol.",
- "imap");
- return;
- }
-
- /** MSN Messenger */
- if (AppLayerProtoDetectionEnabled("msn")) {
- //AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_MSN, "MSNP", 10, 6, STREAM_TOCLIENT);
- AlpProtoAdd(&alp_proto_ctx, "msn", IPPROTO_TCP, ALPROTO_MSN, "MSNP", 10, 6, STREAM_TOSERVER);
- } else {
- SCLogInfo("Protocol detection and parser disabled for %s protocol.",
- "msn");
- return;
- }
-
-#if 0
- /** Jabber */
- if (AppLayerProtoDetectionEnabled("jabber")) {
- AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_JABBER, "xmlns='jabber|3A|client'", 74, 53, STREAM_TOCLIENT);
- AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_JABBER, "xmlns='jabber|3A|client'", 74, 53, STREAM_TOSERVER);
- } else {
- SCLogInfo("Protocol detection disabled for %s protocol and as a "
- "consequence the conf param \"app-layer.protocols.%s."
- "parser-enabled\" will now be ignored.", "jabber", "jabber");
- return;
- }
-#endif
-
- return;
-}
-
-void AppLayerParserCleanupState(Flow *f)
-{
- if (f == NULL) {
- SCLogDebug("no flow");
- return;
- }
- if (f->alproto >= ALPROTO_MAX) {
- SCLogDebug("app layer proto unknown");
- return;
- }
-
- /* free the parser protocol state */
- AppLayerProto *p = &al_proto_table[f->alproto];
- if (p->StateFree != NULL && f->alstate != NULL) {
- SCLogDebug("calling StateFree");
- p->StateFree(f->alstate);
- f->alstate = NULL;
- }
-
- /* free the app layer parser api state */
- if (f->alparser != NULL) {
- SCLogDebug("calling AppLayerParserStateStoreFree");
- AppLayerParserStateStoreFree(f->alparser);
- f->alparser = NULL;
- }
-}
-
-/** \brief Create a mapping between the individual parsers local field id's
- * and the global field parser id's.
- *
- */
-void AppLayerParsersInitPostProcess(void)
-{
- uint16_t u16 = 0;
-
- /* build local->global mapping */
- for (u16 = 1; u16 <= al_max_parsers; u16++) {
- /* no local parser */
- if (al_parser_table[u16].parser_local_id == 0)
- continue;
-
- if (al_parser_table[u16].parser_local_id >
- al_proto_table[al_parser_table[u16].proto].map_size)
- {
- al_proto_table[al_parser_table[u16].proto].map_size =
- al_parser_table[u16].parser_local_id;
- }
- SCLogDebug("map_size %" PRIu32 "", al_proto_table
- [al_parser_table[u16].proto].map_size);
- }
-
- /* for each proto, alloc the map array */
- for (u16 = 0; u16 < ALPROTO_MAX; u16++) {
- if (al_proto_table[u16].map_size == 0)
- continue;
-
- al_proto_table[u16].map_size++;
- al_proto_table[u16].map = (AppLayerLocalMap **)SCMalloc
- (al_proto_table[u16].map_size *
- sizeof(AppLayerLocalMap *));
- if (al_proto_table[u16].map == NULL) {
- SCLogError(SC_ERR_FATAL, "Fatal error encountered in AppLayerParsersInitPostProcess. Exiting...");
- exit(EXIT_FAILURE);
- }
- memset(al_proto_table[u16].map, 0, al_proto_table[u16].map_size *
- sizeof(AppLayerLocalMap *));
-
- uint16_t u = 0;
- for (u = 1; u <= al_max_parsers; u++) {
- /* no local parser */
- if (al_parser_table[u].parser_local_id == 0)
- continue;
-
- if (al_parser_table[u].proto != u16)
- continue;
-
- uint16_t parser_local_id = al_parser_table[u].parser_local_id;
- SCLogDebug("parser_local_id: %" PRIu32 "", parser_local_id);
-
- if (parser_local_id < al_proto_table[u16].map_size) {
- al_proto_table[u16].map[parser_local_id] = SCMalloc(sizeof(AppLayerLocalMap));
- if (al_proto_table[u16].map[parser_local_id] == NULL) {
- exit(EXIT_FAILURE);
- }
-
- al_proto_table[u16].map[parser_local_id]->parser_id = u;
- }
- }
- }
-
- for (u16 = 0; u16 < ALPROTO_MAX; u16++) {
- if (al_proto_table[u16].map_size == 0)
- continue;
-
- if (al_proto_table[u16].map == NULL)
- continue;
-
- uint16_t x = 0;
- for (x = 0; x < al_proto_table[u16].map_size; x++) {
- if (al_proto_table[u16].map[x] == NULL)
- continue;
-
- SCLogDebug("al_proto_table[%" PRIu32 "].map[%" PRIu32 "]->parser_id:"
- " %" PRIu32 "", u16, x, al_proto_table[u16].map[x]->parser_id);
- }
- }
-}
-
-/*************************App Layer Conf Options Parsing***********************/
-/**
- * \brief Given a protocol name, checks if the parser is enabled in the
- * conf file.
- *
- * \param al_proto Name of the app layer protocol.
- *
- * \retval 1 If enabled.
- * \retval 0 If disabled.
- */
-int AppLayerParserEnabled(const char *al_proto)
+void *AppLayerParserGetTx(uint16_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)
{
- int enabled = 1;
-
- char param[100];
- int r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
- al_proto, ".enabled");
- if (r < 0) {
- SCLogError(SC_ERR_FATAL, "snprintf failure.");
- exit(EXIT_FAILURE);
- } else if (r > (int)sizeof(param)) {
- SCLogError(SC_ERR_FATAL, "buffer not big enough to write param.");
- exit(EXIT_FAILURE);
- }
-
- ConfNode *node = ConfGetNode(param);
- if (node == NULL) {
- SCLogInfo("Entry for %s not found.", param);
- return enabled;
- } else {
- if (strcasecmp(node->val, "yes") == 0) {
- enabled = 1;
- } else if (strcasecmp(node->val, "no") == 0) {
- enabled = 0;
- } else if (strcasecmp(node->val, "detection-only") == 0) {
- enabled = 0;
- } else {
- SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param);
- exit(EXIT_FAILURE);
- }
- }
-
- return enabled;
-}
-
-/**
- * \brief Given a protocol name, checks if proto detection is enabled in the
- * conf file.
- *
- * \param al_proto Name of the app layer protocol.
- *
- * \retval 1 If enabled.
- * \retval 0 If disabled.
- */
-int AppLayerProtoDetectionEnabled(const char *al_proto)
-{
- int enabled = 1;
-
- char param[100];
- int r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
- al_proto, ".enabled");
- if (r < 0) {
- SCLogError(SC_ERR_FATAL, "snprintf failure.");
- exit(EXIT_FAILURE);
- } else if (r > (int)sizeof(param)) {
- SCLogError(SC_ERR_FATAL, "buffer not big enough to write param.");
- exit(EXIT_FAILURE);
- }
-
- ConfNode *node = ConfGetNode(param);
- if (node == NULL) {
- SCLogInfo("Entry for %s not found.", param);
- return enabled;
- } else {
- if (strcasecmp(node->val, "yes") == 0) {
- enabled = 1;
- } else if (strcasecmp(node->val, "no") == 0) {
- enabled = 0;
- } else if (strcasecmp(node->val, "detection-only") == 0) {
- enabled = 1;
- } else {
- SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param);
- exit(EXIT_FAILURE);
- }
- }
-
- return enabled;
+ SCEnter();
+ SCReturnPtr(alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ StateGetTx(alstate, tx_id), "void *");
}
-/**
- * \brief Gets event info for this alproto.
- *
- * \param alproto The app layer protocol.
- * \param event_name The event name.
- * \param event_id The event id.
- * \param The type of event, as represented by AppLayerEventType.
- *
- * \retval 0 On succesfully returning back info.
- * \retval -1 On failure.
- */
-int AppLayerGetEventInfo(uint16_t alproto, const char *event_name,
- int *event_id, AppLayerEventType *event_type)
+int AppLayerParserGetStateProgressCompletionStatus(uint16_t ipproto, AppProto alproto,
+ uint8_t direction)
{
- if (al_proto_table[alproto].StateGetEventInfo == NULL)
- return -1;
+ SCEnter();
+ SCReturnInt(alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ StateGetProgressCompletionStatus(direction));
- return al_proto_table[alproto].StateGetEventInfo(event_name,
- event_id, event_type);
}
-void AppLayerParseProbingParserPorts(const char *al_proto_name, uint16_t al_proto,
- uint16_t min_depth, uint16_t max_depth,
- ProbingParserFPtr ProbingParser)
+int AppLayerParserGetEventInfo(uint16_t ipproto, AppProto alproto, const char *event_name,
+ int *event_id, AppLayerEventType *event_type)
{
- char param[100];
- uint8_t ip_proto;
- DetectProto dp;
- int r;
- ConfNode *node;
- ConfNode *proto_node = NULL;
- ConfNode *port_node = NULL;
-
- r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
- al_proto_name, ".detection-ports");
- if (r < 0) {
- SCLogError(SC_ERR_FATAL, "snprintf failure.");
- exit(EXIT_FAILURE);
- } else if (r > (int)sizeof(param)) {
- SCLogError(SC_ERR_FATAL, "buffer not big enough to write param.");
- exit(EXIT_FAILURE);
- }
- node = ConfGetNode(param);
- if (node == NULL) {
- SCLogDebug("Entry for %s not found.", param);
- return;
- }
-
- /* for each proto */
- TAILQ_FOREACH(proto_node, &node->head, next) {
- memset(&dp, 0, sizeof(dp));
- r = DetectProtoParse(&dp, proto_node->name);
- if (r < 0) {
- SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for "
- "%s.%s. Accepted values are tcp, udp and sctp",
- param, proto_node->name);
- exit(EXIT_FAILURE);
- }
- if (dp.proto[IPPROTO_TCP / 8] & (1 << (IPPROTO_TCP % 8))) {
- ip_proto = IPPROTO_TCP;
- } else if (dp.proto[IPPROTO_UDP / 8] & (1 << (IPPROTO_UDP % 8))) {
- ip_proto = IPPROTO_UDP;
- } else if (dp.proto[IPPROTO_SCTP / 8] & (1 << (IPPROTO_SCTP % 8))) {
- ip_proto = IPPROTO_SCTP;
- } else {
- SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for "
- "%s.%s. Accepted values are tcp, udp and sctp",
- param, proto_node->name);
- exit(EXIT_FAILURE);
- }
-
- /* toserver */
- r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
- al_proto_name, ".detection-ports.", proto_node->name, ".toserver");
- if (r < 0) {
- SCLogError(SC_ERR_FATAL, "snprintf failure.");
- exit(EXIT_FAILURE);
- } else if (r > (int)sizeof(param)) {
- SCLogError(SC_ERR_FATAL, "buffer not big enough to write param.");
- exit(EXIT_FAILURE);
- }
- port_node = ConfGetNode(param);
- if (port_node != NULL && port_node->val != NULL) {
- AppLayerRegisterProbingParser(&alp_proto_ctx,
- ip_proto,
- port_node->val,
- (char *)al_proto_name,
- al_proto,
- min_depth, max_depth,
- STREAM_TOSERVER,
- ProbingParser);
- }
-
- /* toclient */
- r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
- al_proto_name, ".detection-ports.", proto_node->name, ".toclient");
- if (r < 0) {
- SCLogError(SC_ERR_FATAL, "snprintf failure.");
- exit(EXIT_FAILURE);
- } else if (r > (int)sizeof(param)) {
- SCLogError(SC_ERR_FATAL, "buffer not big enough to write param.");
- exit(EXIT_FAILURE);
- }
- port_node = ConfGetNode(param);
- if (port_node != NULL && port_node->val != NULL) {
- AppLayerRegisterProbingParser(&alp_proto_ctx,
- ip_proto,
- port_node->val,
- (char *)al_proto_name,
- al_proto,
- min_depth, max_depth,
- STREAM_TOCLIENT,
- ProbingParser);
-
- }
- }
-
- return;
+ SCEnter();
+ int ipproto_map = FlowGetProtoMapping(ipproto);
+ SCReturnInt((alp_ctx.ctxs[ipproto_map][alproto].StateGetEventInfo == NULL) ?
+ -1 :
+ alp_ctx.ctxs[ipproto_map][alproto].
+ StateGetEventInfo(event_name, event_id, event_type));
}
-/********************************Probing Parsers*******************************/
-
-
-static uint32_t AppLayerProbingParserGetMask(uint16_t al_proto)
+uint8_t AppLayerParserGetFirstDataDir(uint16_t ipproto, uint16_t alproto)
{
- if (al_proto > ALPROTO_UNKNOWN &&
- al_proto < ALPROTO_FAILED) {
- return (1 << al_proto);
- } else {
- SCLogError(SC_ERR_ALPARSER, "Unknown protocol detected - %"PRIu16,
- al_proto);
- exit(EXIT_FAILURE);
- }
+ SCEnter();
+ SCReturnCT(alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ first_data_dir, "uint8_t");
}
-static inline AppLayerProbingParserElement *AllocAppLayerProbingParserElement(void)
+uint64_t AppLayerParserGetTransactionActive(uint16_t ipproto, AppProto alproto, void *pstate, uint8_t direction)
{
- AppLayerProbingParserElement *p = SCMalloc(sizeof(AppLayerProbingParserElement));
- if (unlikely(p == NULL)) {
- exit(EXIT_FAILURE);
- }
- memset(p, 0, sizeof(AppLayerProbingParserElement));
-
- return p;
-}
+ SCEnter();
+ AppLayerParserParserState *pstate_1 = (AppLayerParserParserState *)pstate;
+ uint64_t active_id;
-static inline void DeAllocAppLayerProbingParserElement(AppLayerProbingParserElement *p)
-{
- SCFree(p->al_proto_name);
- SCFree(p);
- return;
-}
-
-static inline AppLayerProbingParserPort *AllocAppLayerProbingParserPort(void)
-{
- AppLayerProbingParserPort *p = SCMalloc(sizeof(AppLayerProbingParserPort));
- if (unlikely(p == NULL)) {
- exit(EXIT_FAILURE);
+ uint64_t log_id = pstate_1->log_id;
+ uint64_t inspect_id = pstate_1->inspect_id[direction & STREAM_TOSERVER ? 0 : 1];
+ if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].logger == TRUE) {
+ active_id = (log_id < inspect_id) ? log_id : inspect_id;
+ } else {
+ active_id = inspect_id;
}
- memset(p, 0, sizeof(AppLayerProbingParserPort));
- return p;
+ SCReturnCT(active_id, "uint64_t");
}
-static inline void DeAllocAppLayerProbingParserPort(AppLayerProbingParserPort *p)
+/***** General *****/
+
+int AppLayerParserParse(void *tctx, Flow *f, AppProto alproto,
+ uint8_t flags, uint8_t *input, uint32_t input_len)
{
- AppLayerProbingParserElement *e;
+ SCEnter();
- e = p->toserver;
- while (e != NULL) {
- AppLayerProbingParserElement *e_next = e->next;
- DeAllocAppLayerProbingParserElement(e);
- e = e_next;
- }
+ AppLayerParserParserState *pstate = NULL;
+ AppLayerParserpCtx *p = &alp_ctx.ctxs[FlowGetProtoMapping(f->proto)][alproto];
+ TcpSession *ssn = NULL;
+ void *alstate = NULL;
+ AppLayerParserCtxThread *alp_tctx = (AppLayerParserCtxThread *)tctx;
- e = p->toclient;
- while (e != NULL) {
- AppLayerProbingParserElement *e_next = e->next;
- DeAllocAppLayerProbingParserElement(e);
- e = e_next;
- }
+ /* we don't have the parser registered for this protocol */
+ if (p->StateAlloc == NULL)
+ goto end;
- SCFree(p);
+ /* Used only if it's TCP */
+ ssn = f->protoctx;
- return;
-}
+ /* Do this check before calling AppLayerParse */
+ if (flags & STREAM_GAP) {
+ SCLogDebug("stream gap detected (missing packets), "
+ "this is not yet supported.");
-static inline AppLayerProbingParser *AllocAppLayerProbingParser(void)
-{
- AppLayerProbingParser *p = SCMalloc(sizeof(AppLayerProbingParser));
- if (unlikely(p == NULL)) {
- exit(EXIT_FAILURE);
+ if (f->alstate != NULL)
+ AppLayerParserStreamTruncated(f->proto, alproto, f->alstate, flags);
+ goto error;
}
- memset(p, 0, sizeof(AppLayerProbingParser));
-
- return p;
-}
-static inline void DeAllocAppLayerProbingParser(AppLayerProbingParser *p)
-{
- AppLayerProbingParserPort *pt = p->port;
- while (pt != NULL) {
- AppLayerProbingParserPort *pt_next = pt->next;
- DeAllocAppLayerProbingParserPort(pt);
- pt = pt_next;
+ /* Get the parser state (if any) */
+ pstate = f->alparser;
+ if (pstate == NULL) {
+ f->alparser = pstate = AppLayerParserAllocAppLayerParserParserState();
+ if (pstate == NULL)
+ goto error;
}
+ pstate->version++;
+ SCLogDebug("app layer parser state version incremented to %"PRIu16,
+ pstate->version);
- SCFree(p);
-
- return;
-}
-
-static AppLayerProbingParserElement *
-AppLayerCreateAppLayerProbingParserElement(const char *al_proto_name,
- uint16_t al_proto,
- uint16_t port,
- uint16_t min_depth,
- uint16_t max_depth,
- uint16_t (*AppLayerProbingParser)
- (uint8_t *input, uint32_t input_len, uint32_t *offset))
-{
- AppLayerProbingParserElement *pe = AllocAppLayerProbingParserElement();
+ if (flags & STREAM_EOF)
+ AppLayerParserParserStateSetFlag(pstate, APP_LAYER_PARSER_EOF);
- pe->al_proto_name = SCStrdup(al_proto_name);
- if (pe->al_proto_name == NULL)
- exit(EXIT_FAILURE);
- pe->al_proto = al_proto;
- pe->port = port;
- pe->al_proto_mask = AppLayerProbingParserGetMask(al_proto);
- pe->min_depth = min_depth;
- pe->max_depth = max_depth;
- pe->ProbingParser = AppLayerProbingParser;
- pe->next = NULL;
-
- if (max_depth != 0 && min_depth >= max_depth) {
- SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to "
- "register the probing parser. min_depth >= max_depth");
- goto error;
+ alstate = f->alstate;
+ if (alstate == NULL) {
+ f->alstate = alstate = p->StateAlloc();
+ if (alstate == NULL)
+ goto error;
+ SCLogDebug("alloced new app layer state %p (name %s)",
+ alstate, AppLayerGetProtoName(f->alproto));
+ } else {
+ SCLogDebug("using existing app layer state %p (name %s))",
+ alstate, AppLayerGetProtoName(f->alproto));
}
- if (al_proto <= ALPROTO_UNKNOWN || al_proto >= ALPROTO_MAX) {
- SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to register "
- "the probing parser. Invalid alproto - %d", al_proto);
- goto error;
+
+ /* invoke the recursive parser, but only on data. We may get empty msgs on EOF */
+ if (input_len > 0) {
+ /* invoke the parser */
+ if (p->Parser[(flags & STREAM_TOSERVER) ? 0 : 1](f, alstate, pstate,
+ input, input_len,
+ alp_tctx->alproto_local_storage[FlowGetProtoMapping(f->proto)][alproto]) < 0)
+ {
+ goto error;
+ }
}
- if (AppLayerProbingParser == NULL) {
- SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to "
- "register the probing parser. Probing parser func NULL");
- goto error;
+
+ /* set the packets to no inspection and reassembly if required */
+ if (pstate->flags & APP_LAYER_PARSER_NO_INSPECTION) {
+ AppLayerParserSetEOF(pstate);
+ FlowSetNoPayloadInspectionFlag(f);
+ FlowSetSessionNoApplayerInspectionFlag(f);
+
+ /* Set the no reassembly flag for both the stream in this TcpSession */
+ if (pstate->flags & APP_LAYER_PARSER_NO_REASSEMBLY) {
+ if (ssn != NULL) {
+ StreamTcpSetSessionNoReassemblyFlag(ssn,
+ flags & STREAM_TOCLIENT ? 1 : 0);
+ StreamTcpSetSessionNoReassemblyFlag(ssn,
+ flags & STREAM_TOSERVER ? 1 : 0);
+ }
+ }
}
- return pe;
+ /* next, see if we can get rid of transactions now */
+ AppLayerParserTransactionsCleanup(f->proto, alproto, alstate, pstate);
+
+ /* stream truncated, inform app layer */
+ if (flags & STREAM_DEPTH)
+ AppLayerParserStreamTruncated(f->proto, alproto, alstate, flags);
+
+ end:
+ SCReturnInt(0);
error:
- DeAllocAppLayerProbingParserElement(pe);
- return NULL;
+ if (ssn != NULL) {
+ /* Set the no app layer inspection flag for both
+ * the stream in this Flow */
+ FlowSetSessionNoApplayerInspectionFlag(f);
+ AppLayerParserSetEOF(pstate);
+ }
+ SCReturnInt(-1);
}
-static AppLayerProbingParserElement *
-DuplicateAppLayerProbingParserElement(AppLayerProbingParserElement *pe)
+void AppLayerParserSetEOF(void *pstate)
{
- AppLayerProbingParserElement *new_pe = AllocAppLayerProbingParserElement();
- if (unlikely(new_pe == NULL)) {
- return NULL;
- }
+ SCEnter();
- new_pe->al_proto_name = SCStrdup(pe->al_proto_name);
- if (new_pe->al_proto_name == NULL)
- exit(EXIT_FAILURE);
- new_pe->al_proto = pe->al_proto;
- new_pe->port = pe->port;
- new_pe->al_proto_mask = pe->al_proto_mask;
- new_pe->min_depth = pe->min_depth;
- new_pe->max_depth = pe->max_depth;
- new_pe->ProbingParser = pe->ProbingParser;
- new_pe->next = NULL;
-
- return new_pe;
+ if (pstate == NULL)
+ goto end;
+
+ AppLayerParserParserStateSetFlag(pstate, APP_LAYER_PARSER_EOF);
+ /* increase version so we will inspect it one more time
+ * with the EOF flags now set */
+ ((AppLayerParserParserState *)pstate)->version++;
+
+ end:
+ SCReturn;
}
-void AppLayerPrintProbingParsers(AppLayerProbingParser *pp)
+int AppLayerParserHasDecoderEvents(uint16_t ipproto, AppProto alproto,
+ void *alstate, void *pstate,
+ uint8_t flags)
{
- AppLayerProbingParserPort *pp_port = NULL;
- AppLayerProbingParserElement *pp_pe = NULL;
-
- printf("\n");
+ SCEnter();
- for ( ; pp != NULL; pp = pp->next) {
- /* print ip protocol */
- if (pp->ip_proto == IPPROTO_TCP)
- printf("IPProto: TCP\n");
- else if (pp->ip_proto == IPPROTO_UDP)
- printf("IPProto: UDP\n");
- else
- printf("IPProto: %"PRIu16"\n", pp->ip_proto);
-
- pp_port = pp->port;
- for ( ; pp_port != NULL; pp_port = pp_port->next) {
- if (pp_port->toserver == NULL)
- goto AppLayerPrintProbingParsers_jump_toclient;
- printf(" Port: %"PRIu16 "\n", pp_port->port);
-
- printf(" To_Server: (max-depth: %"PRIu16 ", "
- "mask - %"PRIu32")\n",
- pp_port->toserver_max_depth,
- pp_port->toserver_al_proto_mask);
- pp_pe = pp_port->toserver;
- for ( ; pp_pe != NULL; pp_pe = pp_pe->next) {
- printf(" name: %s\n", pp_pe->al_proto_name);
-
- if (pp_pe->al_proto == ALPROTO_HTTP)
- printf(" alproto: ALPROTO_HTTP\n");
- else if (pp_pe->al_proto == ALPROTO_FTP)
- printf(" alproto: ALPROTO_FTP\n");
- else if (pp_pe->al_proto == ALPROTO_SMTP)
- printf(" alproto: ALPROTO_SMTP\n");
- else if (pp_pe->al_proto == ALPROTO_TLS)
- printf(" alproto: ALPROTO_TLS\n");
- else if (pp_pe->al_proto == ALPROTO_SSH)
- printf(" alproto: ALPROTO_SSH\n");
- else if (pp_pe->al_proto == ALPROTO_IMAP)
- printf(" alproto: ALPROTO_IMAP\n");
- else if (pp_pe->al_proto == ALPROTO_MSN)
- printf(" alproto: ALPROTO_MSN\n");
- else if (pp_pe->al_proto == ALPROTO_JABBER)
- printf(" alproto: ALPROTO_JABBER\n");
- else if (pp_pe->al_proto == ALPROTO_SMB)
- printf(" alproto: ALPROTO_SMB\n");
- else if (pp_pe->al_proto == ALPROTO_SMB2)
- printf(" alproto: ALPROTO_SMB2\n");
- else if (pp_pe->al_proto == ALPROTO_DCERPC)
- printf(" alproto: ALPROTO_DCERPC\n");
- else if (pp_pe->al_proto == ALPROTO_DCERPC_UDP)
- printf(" alproto: ALPROTO_DCERPC_UDP\n");
- else if (pp_pe->al_proto == ALPROTO_IRC)
- printf(" alproto: ALPROTO_IRC\n");
- else
- printf("impossible\n");
-
- printf(" port: %"PRIu16 "\n", pp_pe->port);
- printf(" mask: %"PRIu32 "\n", pp_pe->al_proto_mask);
- printf(" min_depth: %"PRIu32 "\n", pp_pe->min_depth);
- printf(" max_depth: %"PRIu32 "\n", pp_pe->max_depth);
-
- printf("\n");
- }
+ if (alstate == NULL || pstate == NULL)
+ goto not_present;
- AppLayerPrintProbingParsers_jump_toclient:
- if (pp_port->toclient == NULL) {
- continue;
+ AppLayerDecoderEvents *decoder_events;
+ uint64_t tx_id;
+ uint64_t max_id;
+
+ if (AppLayerParserProtocolIsTxEventAware(ipproto, alproto)) {
+ /* fast path if supported by alproto */
+ if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateHasEvents != NULL) {
+ if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ StateHasEvents(alstate) == 1)
+ {
+ goto present;
}
-
- printf(" To_Client: (max-depth: %"PRIu16 ", "
- "mask - %"PRIu32")\n",
- pp_port->toclient_max_depth,
- pp_port->toclient_al_proto_mask);
- pp_pe = pp_port->toclient;
- for ( ; pp_pe != NULL; pp_pe = pp_pe->next) {
- printf(" name: %s\n", pp_pe->al_proto_name);
-
- if (pp_pe->al_proto == ALPROTO_HTTP)
- printf(" alproto: ALPROTO_HTTP\n");
- else if (pp_pe->al_proto == ALPROTO_FTP)
- printf(" alproto: ALPROTO_FTP\n");
- else if (pp_pe->al_proto == ALPROTO_SMTP)
- printf(" alproto: ALPROTO_SMTP\n");
- else if (pp_pe->al_proto == ALPROTO_TLS)
- printf(" alproto: ALPROTO_TLS\n");
- else if (pp_pe->al_proto == ALPROTO_SSH)
- printf(" alproto: ALPROTO_SSH\n");
- else if (pp_pe->al_proto == ALPROTO_IMAP)
- printf(" alproto: ALPROTO_IMAP\n");
- else if (pp_pe->al_proto == ALPROTO_MSN)
- printf(" alproto: ALPROTO_MSN\n");
- else if (pp_pe->al_proto == ALPROTO_JABBER)
- printf(" alproto: ALPROTO_JABBER\n");
- else if (pp_pe->al_proto == ALPROTO_SMB)
- printf(" alproto: ALPROTO_SMB\n");
- else if (pp_pe->al_proto == ALPROTO_SMB2)
- printf(" alproto: ALPROTO_SMB2\n");
- else if (pp_pe->al_proto == ALPROTO_DCERPC)
- printf(" alproto: ALPROTO_DCERPC\n");
- else if (pp_pe->al_proto == ALPROTO_DCERPC_UDP)
- printf(" alproto: ALPROTO_DCERPC_UDP\n");
- else if (pp_pe->al_proto == ALPROTO_IRC)
- printf(" alproto: ALPROTO_IRC\n");
- else
- printf("impossible\n");
-
- printf(" port: %"PRIu16 "\n", pp_pe->port);
- printf(" mask: %"PRIu32 "\n", pp_pe->al_proto_mask);
- printf(" min_depth: %"PRIu32 "\n", pp_pe->min_depth);
- printf(" max_depth: %"PRIu32 "\n", pp_pe->max_depth);
-
- printf("\n");
+ } else {
+ /* check each tx */
+ tx_id = AppLayerParserGetTransactionInspectId(pstate, flags);
+ max_id = AppLayerParserGetTxCnt(ipproto, alproto, alstate);
+ for ( ; tx_id < max_id; tx_id++) {
+ decoder_events = AppLayerParserGetEventsByTx(ipproto, alproto, alstate, tx_id);
+ if (decoder_events && decoder_events->cnt)
+ goto present;
}
}
}
- return;
+ decoder_events = AppLayerParserGetDecoderEvents(pstate);
+ if (decoder_events && decoder_events->cnt)
+ goto present;
+
+ /* if we have reached here, we don't have events */
+ not_present:
+ SCReturnInt(0);
+ present:
+ SCReturnInt(1);
}
-static inline void AppendAppLayerProbingParserElement(AppLayerProbingParserElement **head_pe,
- AppLayerProbingParserElement *new_pe)
+int AppLayerParserProtocolIsTxEventAware(uint16_t ipproto, AppProto alproto)
{
- if (*head_pe == NULL) {
- *head_pe = new_pe;
- return;
- }
-
- if ((*head_pe)->port == 0) {
- if (new_pe->port != 0) {
- new_pe->next = *head_pe;
- *head_pe = new_pe;
- } else {
- AppLayerProbingParserElement *temp_pe = *head_pe;
- while (temp_pe->next != NULL)
- temp_pe = temp_pe->next;
- temp_pe->next = new_pe;
- }
- } else {
- AppLayerProbingParserElement *temp_pe = *head_pe;
- if (new_pe->port == 0) {
- while (temp_pe->next != NULL)
- temp_pe = temp_pe->next;
- temp_pe->next = new_pe;
- } else {
- while (temp_pe->next != NULL && temp_pe->next->port != 0)
- temp_pe = temp_pe->next;
- new_pe->next = temp_pe->next;
- temp_pe->next = new_pe;
-
- }
- }
+ SCEnter();
+ int ipproto_map = FlowGetProtoMapping(ipproto);
+ SCReturnInt((alp_ctx.ctxs[ipproto_map][alproto].StateHasEvents == NULL) ?
+ 0 : 1);
+}
- return;
+int AppLayerParserProtocolSupportsTxs(uint16_t ipproto, AppProto alproto)
+{
+ SCEnter();
+ int ipproto_map = FlowGetProtoMapping(ipproto);
+ SCReturnInt((alp_ctx.ctxs[ipproto_map][alproto].StateTransactionFree == NULL) ?
+ 0 : 1);
}
-static inline void AppendAppLayerProbingParser(AppLayerProbingParser **head_pp,
- AppLayerProbingParser *new_pp)
+void AppLayerParserTriggerRawStreamReassembly(Flow *f)
{
- if (*head_pp == NULL) {
- *head_pp = new_pp;
- return;
- }
+ SCEnter();
- AppLayerProbingParser *temp_pp = *head_pp;
- while (temp_pp->next != NULL)
- temp_pp = temp_pp->next;
- temp_pp->next = new_pp;
+ if (f != NULL && f->protoctx != NULL)
+ StreamTcpReassembleTriggerRawReassembly(f->protoctx);
- return;
+ SCReturn;
}
-static inline void AppendAppLayerProbingParserPort(AppLayerProbingParserPort **head_port,
- AppLayerProbingParserPort *new_port)
+/***** Cleanup *****/
+
+void AppLayerParserCleanupParserState(uint16_t ipproto, AppProto alproto, void *alstate, void *pstate)
{
- if (*head_port == NULL) {
- *head_port = new_port;
- return;
- }
+ SCEnter();
- if ((*head_port)->port == 0) {
- new_port->next = *head_port;
- *head_port = new_port;
- } else {
- AppLayerProbingParserPort *temp_port = *head_port;
- while (temp_port->next != NULL && temp_port->next->port != 0) {
- temp_port = temp_port->next;
- }
- new_port->next = temp_port->next;
- temp_port->next = new_port;
- }
+ AppLayerParserpCtx *ctx = &alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto];
- return;
-}
+ if (ctx->StateFree != NULL && alstate != NULL)
+ ctx->StateFree(alstate);
-static inline void AppLayerInsertNewProbingParser(AppLayerProbingParser **pp,
- uint16_t ip_proto,
- uint16_t port,
- char *al_proto_name, uint16_t al_proto,
- uint16_t min_depth, uint16_t max_depth,
- uint8_t flags,
- ProbingParserFPtr ProbingParser)
-{
- /* get the top level ipproto pp */
- AppLayerProbingParser *curr_pp = *pp;
- while (curr_pp != NULL) {
- if (curr_pp->ip_proto == ip_proto)
- break;
- curr_pp = curr_pp->next;
- }
- if (curr_pp == NULL) {
- AppLayerProbingParser *new_pp = AllocAppLayerProbingParser();
- new_pp->ip_proto = ip_proto;
- AppendAppLayerProbingParser(pp, new_pp);
- curr_pp = new_pp;
- }
+ /* free the app layer parser api state */
+ if (pstate != NULL)
+ AppLayerParserDeAllocAppLayerParserParserState(pstate);
- /* get the top level port pp */
- AppLayerProbingParserPort *curr_port = curr_pp->port;
- while (curr_port != NULL) {
- if (curr_port->port == port)
- break;
- curr_port = curr_port->next;
- }
- if (curr_port == NULL) {
- AppLayerProbingParserPort *new_port = AllocAppLayerProbingParserPort();
- new_port->port = port;
- AppendAppLayerProbingParserPort(&curr_pp->port, new_port);
- curr_port = new_port;
- if (flags & STREAM_TOSERVER) {
- curr_port->toserver_max_depth = max_depth;
- } else {
- curr_port->toclient_max_depth = max_depth;
- } /* else - if (flags & STREAM_TOSERVER) */
+ SCReturn;
+}
- AppLayerProbingParserPort *zero_port;
- zero_port = curr_pp->port;
- while (zero_port != NULL && zero_port->port != 0) {
- zero_port = zero_port->next;
- }
- if (zero_port != NULL) {
- AppLayerProbingParserElement *zero_pe;
-
- zero_pe = zero_port->toserver;
- for ( ; zero_pe != NULL; zero_pe = zero_pe->next) {
- if (curr_port->toserver == NULL)
- curr_port->toserver_max_depth = zero_pe->max_depth;
- if (zero_pe->max_depth == 0)
- curr_port->toserver_max_depth = zero_pe->max_depth;
- if (curr_port->toserver_max_depth != 0 &&
- curr_port->toserver_max_depth < zero_pe->max_depth) {
- curr_port->toserver_max_depth = zero_pe->max_depth;
- }
-
- AppLayerProbingParserElement *dup_pe =
- DuplicateAppLayerProbingParserElement(zero_pe);
- AppendAppLayerProbingParserElement(&curr_port->toserver, dup_pe);
- curr_port->toserver_al_proto_mask |= dup_pe->al_proto_mask;
- }
+void AppLayerParserRegisterProtocolParsers(void)
+{
+ SCEnter();
- zero_pe = zero_port->toclient;
- for ( ; zero_pe != NULL; zero_pe = zero_pe->next) {
- if (curr_port->toclient == NULL)
- curr_port->toclient_max_depth = zero_pe->max_depth;
- if (zero_pe->max_depth == 0)
- curr_port->toclient_max_depth = zero_pe->max_depth;
- if (curr_port->toclient_max_depth != 0 &&
- curr_port->toclient_max_depth < zero_pe->max_depth) {
- curr_port->toclient_max_depth = zero_pe->max_depth;
- }
-
- AppLayerProbingParserElement *dup_pe =
- DuplicateAppLayerProbingParserElement(zero_pe);
- AppendAppLayerProbingParserElement(&curr_port->toclient, dup_pe);
- curr_port->toclient_al_proto_mask |= dup_pe->al_proto_mask;
- }
- } /* if (zero_port != NULL) */
- } /* if (curr_port == NULL) */
+ RegisterHTPParsers();
+ RegisterSSLParsers();
+ RegisterSMBParsers();
+ /** \todo bug 719 */
+ //RegisterSMB2Parsers();
+ RegisterDCERPCParsers();
+ RegisterDCERPCUDPParsers();
+ RegisterFTPParsers();
+ /* we are disabling the ssh parser temporarily, since we are moving away
+ * from some of the archaic features we use in the app layer. We will
+ * reintroduce this parser. Also do note that keywords that rely on
+ * the ssh parser would now be disabled */
+#if 0
+ RegisterSSHParsers();
+#endif
+ RegisterSMTPParsers();
+ RegisterDNSUDPParsers();
+ RegisterDNSTCPParsers();
- /* insert the pe_pp */
- AppLayerProbingParserElement *curr_pe;
- if (flags & STREAM_TOSERVER)
- curr_pe = curr_port->toserver;
- else
- curr_pe = curr_port->toclient;
- while (curr_pe != NULL) {
- if (curr_pe->al_proto == al_proto) {
- SCLogError(SC_ERR_ALPARSER, "Duplicate pp registered - "
- "ip_proto - %"PRIu16" Port - %"PRIu16" "
- "App Protocol - %s, App Protocol(ID) - "
- "%"PRIu16" min_depth - %"PRIu16" "
- "max_dept - %"PRIu16".",
- ip_proto, port, al_proto_name, al_proto,
- min_depth, max_depth);
- goto error;
+ /** IMAP */
+ AppLayerProtoDetectRegisterProtocol(ALPROTO_IMAP, "imap");
+ if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", "imap")) {
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_IMAP,
+ "1|20|capability", 12, 0, STREAM_TOSERVER) < 0)
+ {
+ SCLogInfo("imap proto registration failure\n");
+ exit(EXIT_FAILURE);
}
- curr_pe = curr_pe->next;
+ } else {
+ SCLogInfo("Protocol detection and parser disabled for %s protocol.",
+ "imap");
}
- /* Get a new parser element */
- AppLayerProbingParserElement *new_pe =
- AppLayerCreateAppLayerProbingParserElement(al_proto_name,
- al_proto,
- curr_port->port,
- min_depth, max_depth,
- ProbingParser);
- if (new_pe == NULL)
- goto error;
- curr_pe = new_pe;
- AppLayerProbingParserElement **head_pe;
- if (flags & STREAM_TOSERVER) {
- if (curr_port->toserver == NULL)
- curr_port->toserver_max_depth = new_pe->max_depth;
- if (new_pe->max_depth == 0)
- curr_port->toserver_max_depth = new_pe->max_depth;
- if (curr_port->toserver_max_depth != 0 &&
- curr_port->toserver_max_depth < new_pe->max_depth) {
- curr_port->toserver_max_depth = new_pe->max_depth;
+
+ /** MSN Messenger */
+ AppLayerProtoDetectRegisterProtocol(ALPROTO_MSN, "msn");
+ if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", "msn")) {
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_MSN,
+ "msn", 10, 6, STREAM_TOSERVER) < 0)
+ {
+ SCLogInfo("msn proto registration failure\n");
+ exit(EXIT_FAILURE);
}
- curr_port->toserver_al_proto_mask |= new_pe->al_proto_mask;
- head_pe = &curr_port->toserver;
} else {
- if (curr_port->toclient == NULL)
- curr_port->toclient_max_depth = new_pe->max_depth;
- if (new_pe->max_depth == 0)
- curr_port->toclient_max_depth = new_pe->max_depth;
- if (curr_port->toclient_max_depth != 0 &&
- curr_port->toclient_max_depth < new_pe->max_depth) {
- curr_port->toclient_max_depth = new_pe->max_depth;
- }
- curr_port->toclient_al_proto_mask |= new_pe->al_proto_mask;
- head_pe = &curr_port->toclient;
+ SCLogInfo("Protocol detection and parser disabled for %s protocol.",
+ "msn");
}
- AppendAppLayerProbingParserElement(head_pe, new_pe);
-
- if (curr_port->port == 0) {
- AppLayerProbingParserPort *temp_port = curr_pp->port;
- while (temp_port != NULL && temp_port->port != 0) {
- if (flags & STREAM_TOSERVER) {
- if (temp_port->toserver == NULL)
- temp_port->toserver_max_depth = curr_pe->max_depth;
- if (curr_pe->max_depth == 0)
- temp_port->toserver_max_depth = curr_pe->max_depth;
- if (temp_port->toserver_max_depth != 0 &&
- temp_port->toserver_max_depth < curr_pe->max_depth) {
- temp_port->toserver_max_depth = curr_pe->max_depth;
- }
- AppendAppLayerProbingParserElement(&temp_port->toserver,
- DuplicateAppLayerProbingParserElement(curr_pe));
- temp_port->toserver_al_proto_mask |= curr_pe->al_proto_mask;
- } else {
- if (temp_port->toclient == NULL)
- temp_port->toclient_max_depth = curr_pe->max_depth;
- if (curr_pe->max_depth == 0)
- temp_port->toclient_max_depth = curr_pe->max_depth;
- if (temp_port->toclient_max_depth != 0 &&
- temp_port->toclient_max_depth < curr_pe->max_depth) {
- temp_port->toclient_max_depth = curr_pe->max_depth;
- }
- AppendAppLayerProbingParserElement(&temp_port->toclient,
- DuplicateAppLayerProbingParserElement(curr_pe));
- temp_port->toclient_al_proto_mask |= curr_pe->al_proto_mask;
- }
- temp_port = temp_port->next;
- } /* while */
- } /* if */
- error:
return;
}
-void AppLayerRegisterParserAcceptableDataDirection(uint16_t al_proto,
- uint8_t flags)
-{
- al_proto_table[al_proto].first_data_dir |=
- (flags & (STREAM_TOSERVER | STREAM_TOCLIENT));
- return;
+void AppLayerParserParserStateSetFlag(void *pstate, uint8_t flag)
+{
+ SCEnter();
+ ((AppLayerParserParserState *)pstate)->flags |= flag;
+ SCReturn;
}
-void AppLayerMapProbingParserAgainstAlproto(uint16_t al_proto,
- uint8_t flags,
- ProbingParserFPtr ProbingParser)
+int AppLayerParserParserStateIssetFlag(void *pstate, uint8_t flag)
{
- al_proto_table[al_proto].PPAlprotoMap[(flags & STREAM_TOSERVER) ? 0 : 1] = ProbingParser;
-
- return;
+ SCEnter();
+ SCReturnInt(((AppLayerParserParserState *)pstate)->flags & flag);
}
-void AppLayerRegisterProbingParser(AlpProtoDetectCtx *ctx,
- uint16_t ip_proto,
- char *portstr,
- char *al_proto_name, uint16_t al_proto,
- uint16_t min_depth, uint16_t max_depth,
- uint8_t flags,
- ProbingParserFPtr ProbingParser)
+
+void AppLayerParserStreamTruncated(uint16_t ipproto, AppProto alproto, void *alstate,
+ uint8_t direction)
{
- DetectPort *head = NULL;
- DetectPortParse(&head, portstr);
- DetectPort *temp_dp = head;
- while (temp_dp != NULL) {
- uint32_t port = temp_dp->port;
- if (port == 0 && temp_dp->port2 != 0)
- port++;
- for ( ; port <= temp_dp->port2; port++) {
- AppLayerInsertNewProbingParser(&ctx->probing_parsers,
- ip_proto,
- port,
- al_proto_name, al_proto,
- min_depth, max_depth,
- flags,
- ProbingParser);
- }
- temp_dp = temp_dp->next;
- }
- DetectPortCleanupList(head);
+ SCEnter();
- return;
+
+ if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate != NULL)
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].Truncate(alstate, direction);
+
+ SCReturn;
}
-void AppLayerFreeProbingParsers(AppLayerProbingParser *pp)
+#ifdef DEBUG
+void AppLayerParserPrintDetailsParserState(void *pstate)
{
- AppLayerProbingParser *tmp_pp = NULL;
+ SCEnter();
- if (pp == NULL)
- return;
+ if (pstate == NULL)
+ SCReturn;
- while (pp != NULL) {
- tmp_pp = pp->next;
- DeAllocAppLayerProbingParser(pp);
- pp = tmp_pp;
- }
+ AppLayerParserParserState *p = (AppLayerParserParserState *)pstate;
+ SCLogDebug("AppLayerParser parser state information for parser state p(%p). "
+ "p->inspect_id[0](%"PRIu64"), "
+ "p->inspect_id[1](%"PRIu64"), "
+ "p->log_id(%"PRIu64"), "
+ "p->version(%"PRIu16"), "
+ "p->decoder_events(%p).",
+ pstate, p->inspect_id[0], p->inspect_id[1], p->log_id,
+ p->version, p->decoder_events);
- return;
+ SCReturn;
}
+#endif
+
-/**************************************Unittests*******************************/
+/***** Unittests *****/
#ifdef UNITTESTS
+static AppLayerParserCtx alp_ctx_backup_unittest;
+
typedef struct TestState_ {
uint8_t test;
-}TestState;
+} TestState;
/**
* \brief Test parser function to test the memory deallocation of app layer
* parser of occurence of an error.
*/
-static int TestProtocolParser(Flow *f, void *test_state, AppLayerParserState *pstate,
+static int TestProtocolParser(Flow *f, void *test_state, void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *local_data)
{
- return -1;
+ SCEnter();
+ SCReturnInt(-1);
}
/** \brief Function to allocates the Test protocol state memory
*/
static void *TestProtocolStateAlloc(void)
{
+ SCEnter();
void *s = SCMalloc(sizeof(TestState));
if (unlikely(s == NULL))
- return NULL;
-
+ goto end;
memset(s, 0, sizeof(TestState));
- return s;
+ end:
+ SCReturnPtr(s, "TestState");
}
/** \brief Function to free the Test Protocol state memory
SCFree(s);
}
-static AppLayerProto al_proto_table_ut_backup[ALPROTO_MAX];
-
-void AppLayerParserBackupAlprotoTable(void)
+void AppLayerParserRegisterProtocolUnittests(uint16_t ipproto, AppProto alproto,
+ void (*RegisterUnittests)(void))
{
- int i;
- for (i = ALPROTO_UNKNOWN; i < ALPROTO_MAX; i++)
- al_proto_table_ut_backup[i].StateGetEventInfo = al_proto_table[i].StateGetEventInfo;
-
- return;
+ SCEnter();
+ alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
+ RegisterUnittests = RegisterUnittests;
+ SCReturn;
}
-void AppLayerParserRestoreAlprotoTable(void)
+void AppLayerParserBackupParserTable(void)
{
- int i;
- for (i = ALPROTO_UNKNOWN; i < ALPROTO_MAX; i++)
- al_proto_table[i].StateGetEventInfo = al_proto_table_ut_backup[i].StateGetEventInfo;
+ SCEnter();
+ alp_ctx_backup_unittest = alp_ctx;
+ memset(&alp_ctx, 0, sizeof(alp_ctx));
+ SCReturn;
+}
- return;
+void AppLayerParserRestoreParserTable(void)
+{
+ SCEnter();
+ alp_ctx = alp_ctx_backup_unittest;
+ memset(&alp_ctx_backup_unittest, 0, sizeof(alp_ctx_backup_unittest));
+ SCReturn;
}
/**
* \test Test the deallocation of app layer parser memory on occurance of
* error in the parsing process.
*/
-static int AppLayerParserTest01 (void)
+static int AppLayerParserTest01(void)
{
+ AppLayerParserBackupParserTable();
+
int result = 0;
Flow *f = NULL;
uint8_t testbuf[] = { 0x11 };
uint32_t testlen = sizeof(testbuf);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&ssn, 0, sizeof(ssn));
/* Register the Test protocol state and parser functions */
- AppLayerRegisterProto("test", ALPROTO_TEST, STREAM_TOSERVER,
- TestProtocolParser);
- AppLayerRegisterStateFuncs(ALPROTO_TEST, TestProtocolStateAlloc,
- TestProtocolStateFree);
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TEST, STREAM_TOSERVER,
+ TestProtocolParser);
+ AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TEST,
+ TestProtocolStateAlloc, TestProtocolStateFree);
f = UTHBuildFlow(AF_INET, "1.2.3.4", "4.3.2.1", 20, 40);
if (f == NULL)
goto end;
f->protoctx = &ssn;
-
f->alproto = ALPROTO_TEST;
f->proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_TEST, STREAM_TOSERVER|STREAM_EOF, testbuf,
- testlen);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_TEST, STREAM_TOSERVER|STREAM_EOF,
+ testbuf, testlen);
if (r != -1) {
printf("returned %" PRId32 ", expected -1: ", r);
SCMutexUnlock(&f->m);
}
SCMutexUnlock(&f->m);
- if (!(f->flags & FLOW_NO_APPLAYER_INSPECTION))
- {
+ if (!(f->flags & FLOW_NO_APPLAYER_INSPECTION)) {
printf("flag should have been set, but is not: ");
goto end;
}
result = 1;
-end:
+ end:
+ AppLayerParserRestoreParserTable();
StreamTcpFreeConfig(TRUE);
UTHFreeFlow(f);
* \test Test the deallocation of app layer parser memory on occurance of
* error in the parsing process for UDP.
*/
-static int AppLayerParserTest02 (void)
+static int AppLayerParserTest02(void)
{
+ AppLayerParserBackupParserTable();
+
int result = 1;
Flow *f = NULL;
uint8_t testbuf[] = { 0x11 };
uint32_t testlen = sizeof(testbuf);
+ void *alp_tctx = AppLayerParserGetCtxThread();
/* Register the Test protocol state and parser functions */
- AppLayerRegisterProto("test", ALPROTO_TEST, STREAM_TOSERVER,
- TestProtocolParser);
- AppLayerRegisterStateFuncs(ALPROTO_TEST, TestProtocolStateAlloc,
- TestProtocolStateFree);
+ AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_TEST, STREAM_TOSERVER,
+ TestProtocolParser);
+ AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_TEST,
+ TestProtocolStateAlloc, TestProtocolStateFree);
f = UTHBuildFlow(AF_INET, "1.2.3.4", "4.3.2.1", 20, 40);
if (f == NULL)
StreamTcpInitConfig(TRUE);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_TEST, STREAM_TOSERVER|STREAM_EOF, testbuf,
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_TEST, STREAM_TOSERVER|STREAM_EOF, testbuf,
testlen);
if (r != -1) {
printf("returned %" PRId32 ", expected -1: \n", r);
}
SCMutexUnlock(&f->m);
-end:
+ end:
+ AppLayerParserRestoreParserTable();
StreamTcpFreeConfig(TRUE);
UTHFreeFlow(f);
return result;
}
-typedef struct AppLayerPPTestDataElement_ {
- char *al_proto_name;
- uint16_t al_proto;
- uint16_t port;
- uint32_t al_proto_mask;
- uint32_t min_depth;
- uint32_t max_depth;
-} AppLayerPPTestDataElement;
-
-typedef struct AppLayerPPTestDataPort_ {
- uint16_t port;
- uint32_t toserver_al_proto_mask;
- uint32_t toclient_al_proto_mask;
- uint16_t toserver_max_depth;
- uint16_t toclient_max_depth;
-
- AppLayerPPTestDataElement *toserver_element;
- AppLayerPPTestDataElement *toclient_element;
- int ts_no_of_element;
- int tc_no_of_element;
-} AppLayerPPTestDataPort;
-
-
-typedef struct AppLayerPPTestDataIPProto_ {
- uint16_t ip_proto;
-
- AppLayerPPTestDataPort *port;
- int no_of_port;
-} AppLayerPPTestDataIPProto;
-
-int AppLayerPPTestData(AppLayerProbingParser *pp,
- AppLayerPPTestDataIPProto *ip_proto, int no_of_ip_proto)
-{
- int result = 0;
- int i, j, k;
-#ifdef DEBUG
- int dir = 0;
-#endif
- for (i = 0; i < no_of_ip_proto; i++, pp = pp->next) {
- if (pp->ip_proto != ip_proto[i].ip_proto)
- goto end;
-
- AppLayerProbingParserPort *pp_port = pp->port;
- for (k = 0; k < ip_proto[i].no_of_port; k++, pp_port = pp_port->next) {
- if (pp_port->port != ip_proto[i].port[k].port)
- goto end;
- if (pp_port->toserver_al_proto_mask != ip_proto[i].port[k].toserver_al_proto_mask)
- goto end;
- if (pp_port->toclient_al_proto_mask != ip_proto[i].port[k].toclient_al_proto_mask)
- goto end;
- if (pp_port->toserver_max_depth != ip_proto[i].port[k].toserver_max_depth)
- goto end;
- if (pp_port->toclient_max_depth != ip_proto[i].port[k].toclient_max_depth)
- goto end;
-
- AppLayerProbingParserElement *pp_element = pp_port->toserver;
-#ifdef DEBUG
- dir = 0;
-#endif
- for (j = 0 ; j < ip_proto[i].port[k].ts_no_of_element;
- j++, pp_element = pp_element->next) {
-
- if ((strlen(pp_element->al_proto_name) !=
- strlen(ip_proto[i].port[k].toserver_element[j].al_proto_name)) ||
- strcasecmp(pp_element->al_proto_name,
- ip_proto[i].port[k].toserver_element[j].al_proto_name) != 0) {
- goto end;
- }
- if (pp_element->al_proto != ip_proto[i].port[k].toserver_element[j].al_proto) {
- goto end;
- }
- if (pp_element->port != ip_proto[i].port[k].toserver_element[j].port) {
- goto end;
- }
- if (pp_element->al_proto_mask != ip_proto[i].port[k].toserver_element[j].al_proto_mask) {
- goto end;
- }
- if (pp_element->min_depth != ip_proto[i].port[k].toserver_element[j].min_depth) {
- goto end;
- }
- if (pp_element->max_depth != ip_proto[i].port[k].toserver_element[j].max_depth) {
- goto end;
- }
- } /* for */
- if (pp_element != NULL)
- goto end;
-
- pp_element = pp_port->toclient;
-#ifdef DEBUG
- dir = 1;
-#endif
- for (j = 0 ; j < ip_proto[i].port[k].tc_no_of_element; j++, pp_element = pp_element->next) {
- if ((strlen(pp_element->al_proto_name) !=
- strlen(ip_proto[i].port[k].toclient_element[j].al_proto_name)) ||
- strcasecmp(pp_element->al_proto_name,
- ip_proto[i].port[k].toclient_element[j].al_proto_name) != 0) {
- goto end;
- }
- if (pp_element->al_proto != ip_proto[i].port[k].toclient_element[j].al_proto) {
- goto end;
- }
- if (pp_element->port != ip_proto[i].port[k].toclient_element[j].port) {
- goto end;
- }
- if (pp_element->al_proto_mask != ip_proto[i].port[k].toclient_element[j].al_proto_mask) {
- goto end;
- }
- if (pp_element->min_depth != ip_proto[i].port[k].toclient_element[j].min_depth) {
- goto end;
- }
- if (pp_element->max_depth != ip_proto[i].port[k].toclient_element[j].max_depth) {
- goto end;
- }
- } /* for */
- if (pp_element != NULL)
- goto end;
- }
- if (pp_port != NULL)
- goto end;
- }
- if (pp != NULL)
- goto end;
-
- result = 1;
- end:
-#ifdef DEBUG
- printf("i = %d, k = %d, j = %d(%s)\n", i, k, j, (dir == 0) ? "ts" : "tc");
-#endif
- return result;
-}
-
-uint16_t ProbingParserDummyForTesting(uint8_t *input, uint32_t input_len, uint32_t *offset)
-{
- return 0;
-}
-
-static int AppLayerProbingParserTest01(void)
-{
- int result = 0;
-
- AlpProtoDetectCtx ctx;
- AlpProtoInit(&ctx);
-
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "80",
- "http",
- ALPROTO_HTTP,
- 5, 8,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "80",
- "smb",
- ALPROTO_SMB,
- 5, 6,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "80",
- "ftp",
- ALPROTO_FTP,
- 7, 10,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting);
-
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "81",
- "dcerpc",
- ALPROTO_DCERPC,
- 9, 10,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "81",
- "ftp",
- ALPROTO_FTP,
- 7, 15,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "0",
- "smtp",
- ALPROTO_SMTP,
- 12, 0,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "0",
- "tls",
- ALPROTO_TLS,
- 12, 18,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting);
-
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "85",
- "dcerpc",
- ALPROTO_DCERPC,
- 9, 10,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "85",
- "ftp",
- ALPROTO_FTP,
- 7, 15,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting);
- result = 1;
-
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_UDP,
- "85",
- "imap",
- ALPROTO_IMAP,
- 12, 23,
- STREAM_TOSERVER,
- ProbingParserDummyForTesting);
-
- /* toclient */
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "0",
- "jabber",
- ALPROTO_JABBER,
- 12, 23,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "0",
- "irc",
- ALPROTO_IRC,
- 12, 14,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting);
-
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "85",
- "dcerpc",
- ALPROTO_DCERPC,
- 9, 10,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "81",
- "ftp",
- ALPROTO_FTP,
- 7, 15,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "0",
- "tls",
- ALPROTO_TLS,
- 12, 18,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "80",
- "http",
- ALPROTO_HTTP,
- 5, 8,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "81",
- "dcerpc",
- ALPROTO_DCERPC,
- 9, 10,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "90",
- "ftp",
- ALPROTO_FTP,
- 7, 15,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "80",
- "smb",
- ALPROTO_SMB,
- 5, 6,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_UDP,
- "85",
- "imap",
- ALPROTO_IMAP,
- 12, 23,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "0",
- "smtp",
- ALPROTO_SMTP,
- 12, 17,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "80",
- "ftp",
- ALPROTO_FTP,
- 7, 10,
- STREAM_TOCLIENT,
- ProbingParserDummyForTesting);
-
- //AppLayerPrintProbingParsers(ctx.probing_parsers);
-
- AppLayerPPTestDataElement element_ts_80[] =
- { { "http", ALPROTO_HTTP, 80, 1 << ALPROTO_HTTP, 5, 8 },
- { "smb", ALPROTO_SMB, 80, 1 << ALPROTO_SMB, 5, 6 },
- { "ftp", ALPROTO_FTP, 80, 1 << ALPROTO_FTP, 7, 10 },
- { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 },
- { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
- { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 },
- { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
- };
- AppLayerPPTestDataElement element_tc_80[] =
- { { "http", ALPROTO_HTTP, 80, 1 << ALPROTO_HTTP, 5, 8 },
- { "smb", ALPROTO_SMB, 80, 1 << ALPROTO_SMB, 5, 6 },
- { "ftp", ALPROTO_FTP, 80, 1 << ALPROTO_FTP, 7, 10 },
- { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
- { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 },
- { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
- { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 }
- };
-
- AppLayerPPTestDataElement element_ts_81[] =
- { { "dcerpc", ALPROTO_DCERPC, 81, 1 << ALPROTO_DCERPC, 9, 10 },
- { "ftp", ALPROTO_FTP, 81, 1 << ALPROTO_FTP, 7, 15 },
- { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 },
- { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
- { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 },
- { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
- };
- AppLayerPPTestDataElement element_tc_81[] =
- { { "ftp", ALPROTO_FTP, 81, 1 << ALPROTO_FTP, 7, 15 },
- { "dcerpc", ALPROTO_DCERPC, 81, 1 << ALPROTO_DCERPC, 9, 10 },
- { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
- { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 },
- { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
- { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 }
- };
-
- AppLayerPPTestDataElement element_ts_85[] =
- { { "dcerpc", ALPROTO_DCERPC, 85, 1 << ALPROTO_DCERPC, 9, 10 },
- { "ftp", ALPROTO_FTP, 85, 1 << ALPROTO_FTP, 7, 15 },
- { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 },
- { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
- { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 },
- { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
- };
- AppLayerPPTestDataElement element_tc_85[] =
- { { "dcerpc", ALPROTO_DCERPC, 85, 1 << ALPROTO_DCERPC, 9, 10 },
- { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
- { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 },
- { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
- { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 }
- };
-
- AppLayerPPTestDataElement element_ts_90[] =
- { { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 },
- { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
- { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 },
- { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
- };
- AppLayerPPTestDataElement element_tc_90[] =
- { { "ftp", ALPROTO_FTP, 90, 1 << ALPROTO_FTP, 7, 15 },
- { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
- { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 },
- { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
- { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 }
- };
-
- AppLayerPPTestDataElement element_ts_0[] =
- { { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 0 },
- { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
- { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 25 },
- { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
- };
- AppLayerPPTestDataElement element_tc_0[] =
- { { "jabber", ALPROTO_JABBER, 0, 1 << ALPROTO_JABBER, 12, 23 },
- { "irc", ALPROTO_IRC, 0, 1 << ALPROTO_IRC, 12, 14 },
- { "tls", ALPROTO_TLS, 0, 1 << ALPROTO_TLS, 12, 18 },
- { "smtp", ALPROTO_SMTP, 0, 1 << ALPROTO_SMTP, 12, 17 }
- };
-
-
- AppLayerPPTestDataElement element_ts_85_udp[] =
- { { "imap", ALPROTO_IMAP, 85, 1 << ALPROTO_IMAP, 12, 23 },
- };
- AppLayerPPTestDataElement element_tc_85_udp[] =
- { { "imap", ALPROTO_IMAP, 85, 1 << ALPROTO_IMAP, 12, 23 },
- };
-
- AppLayerPPTestDataPort ports_tcp[] =
- { { 80,
- ((1 << ALPROTO_HTTP) | (1 << ALPROTO_SMB) | (1 << ALPROTO_FTP) |
- (1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)),
- ((1 << ALPROTO_HTTP) | (1 << ALPROTO_SMB) | (1 << ALPROTO_FTP) |
- (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)),
- 0, 23,
- element_ts_80, element_tc_80,
- sizeof(element_ts_80) / sizeof(AppLayerPPTestDataElement),
- sizeof(element_tc_80) / sizeof(AppLayerPPTestDataElement),
- },
- { 81,
- ((1 << ALPROTO_DCERPC) | (1 << ALPROTO_FTP) |
- (1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)),
- ((1 << ALPROTO_FTP) | (1 << ALPROTO_DCERPC) |
- (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)),
- 0, 23,
- element_ts_81, element_tc_81,
- sizeof(element_ts_81) / sizeof(AppLayerPPTestDataElement),
- sizeof(element_tc_81) / sizeof(AppLayerPPTestDataElement),
- },
- { 85,
- ((1 << ALPROTO_DCERPC) | (1 << ALPROTO_FTP) |
- (1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)),
- ((1 << ALPROTO_DCERPC) |
- (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)),
- 0, 23,
- element_ts_85, element_tc_85,
- sizeof(element_ts_85) / sizeof(AppLayerPPTestDataElement),
- sizeof(element_tc_85) / sizeof(AppLayerPPTestDataElement)
- },
- { 90,
- ((1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)),
- ((1 << ALPROTO_FTP) |
- (1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)),
- 0, 23,
- element_ts_90, element_tc_90,
- sizeof(element_ts_90) / sizeof(AppLayerPPTestDataElement),
- sizeof(element_tc_90) / sizeof(AppLayerPPTestDataElement)
- },
- { 0,
- ((1 << ALPROTO_SMTP) | (1 << ALPROTO_TLS) | (1 << ALPROTO_IRC) | (1 << ALPROTO_JABBER)),
- ((1 << ALPROTO_JABBER) | (1 << ALPROTO_IRC) | (1 << ALPROTO_TLS) | (1 << ALPROTO_SMTP)),
- 0, 23,
- element_ts_0, element_tc_0,
- sizeof(element_ts_0) / sizeof(AppLayerPPTestDataElement),
- sizeof(element_tc_0) / sizeof(AppLayerPPTestDataElement)
- }
- };
-
- AppLayerPPTestDataPort ports_udp[] =
- { { 85,
- (1 << ALPROTO_IMAP),
- (1 << ALPROTO_IMAP),
- 23, 23,
- element_ts_85_udp, element_tc_85_udp,
- sizeof(element_ts_85_udp) / sizeof(AppLayerPPTestDataElement),
- sizeof(element_tc_85_udp) / sizeof(AppLayerPPTestDataElement),
- },
- };
-
- AppLayerPPTestDataIPProto ip_proto[] =
- { { IPPROTO_TCP,
- ports_tcp,
- sizeof(ports_tcp) / sizeof(AppLayerPPTestDataPort),
- },
- { IPPROTO_UDP,
- ports_udp,
- sizeof(ports_udp) / sizeof(AppLayerPPTestDataPort),
- },
- };
-
-
- if (AppLayerPPTestData(ctx.probing_parsers, ip_proto,
- sizeof(ip_proto) / sizeof(AppLayerPPTestDataIPProto)) == 0) {
- goto end;
- }
- result = 1;
-
- end:
- AlpProtoTestDestroy(&ctx);
- return result;
-}
-
-#endif /* UNITESTS */
-void AppLayerParserRegisterTests(void)
+void AppLayerParserRegisterUnittests(void)
{
-#ifdef UNITTESTS
- int i;
- for (i = 0; i < ALPROTO_MAX; i++) {
- AppLayerProto *p = &al_proto_table[i];
-
- if (p->name == NULL)
- continue;
+ SCEnter();
- g_ut_modules++;
+ int ip;
+ uint16_t alproto;
+ AppLayerParserpCtx *ctx;
- if (p->RegisterUnittests != NULL) {
- p->RegisterUnittests();
- g_ut_covered++;
- } else {
- if (coverage_unittests)
- SCLogWarning(SC_WARN_NO_UNITTESTS, "app layer module %s has no "
- "unittests", p->name);
+ for (ip = 0; ip < FLOW_PROTO_DEFAULT; ip++) {
+ for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
+ ctx = &alp_ctx.ctxs[ip][alproto];
+ if (ctx->RegisterUnittests == NULL)
+ continue;
+ ctx->RegisterUnittests();
}
}
UtRegisterTest("AppLayerParserTest01", AppLayerParserTest01, 1);
UtRegisterTest("AppLayerParserTest02", AppLayerParserTest02, 1);
- UtRegisterTest("AppLayerProbingParserTest01",
- AppLayerProbingParserTest01, 1);
-#endif /* UNITTESTS */
- return;
+ SCReturn;
}
+
+#endif
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2013 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* \file
*
* \author Victor Julien <victor@inliniac.net>
+ * \author Anoop Saldanha <anoopsaldanha@gmail.com>
*/
-#ifndef __APP_LAYER_PARSER_H__
-#define __APP_LAYER_PARSER_H__
+#ifndef __APP_LAYER_PARSER__H__
+#define __APP_LAYER_PARSER__H__
#include "decode-events.h"
-
#include "util-file.h"
-/** Mapping between local parser id's (e.g. HTTP_FIELD_REQUEST_URI) and
- * the dynamically assigned (at registration) global parser id. */
-typedef struct AppLayerLocalMap_ {
- uint16_t parser_id;
-} AppLayerLocalMap;
-
-typedef uint16_t (*ProbingParserFPtr)(uint8_t *input, uint32_t input_len,
- uint32_t *offset);
-
-/** \brief Mapping between ALPROTO_* and L7Parsers
- *
- * Map the proto to the parsers for the to_client and to_server directions.
- */
-typedef struct AppLayerProto_ {
- char *name; /**< name of the registered proto */
-
- uint16_t to_server;
- uint16_t to_client;
- uint16_t map_size;
- char logger; /**< does this proto have a logger enabled? */
-
- AppLayerLocalMap **map;
-
- void *(*StateAlloc)(void);
- void (*StateFree)(void *);
- void (*StateTransactionFree)(void *, uint64_t);
- void *(*LocalStorageAlloc)(void);
- void (*LocalStorageFree)(void *);
-
- /** truncate state after a gap/depth event */
- void (*Truncate)(void *, uint8_t);
- FileContainer *(*StateGetFiles)(void *, uint8_t);
- AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t);
- /* bool indicating a state has decoder/parser events */
- int (*StateHasEvents)(void *);
-
- int (*StateGetAlstateProgress)(void *alstate, uint8_t direction);
- uint64_t (*StateGetTxCnt)(void *alstate);
- void *(*StateGetTx)(void *alstate, uint64_t tx_id);
- int (*StateGetAlstateProgressCompletionStatus)(uint8_t direction);
-
- int (*StateGetEventInfo)(const char *event_name,
- int *event_id, AppLayerEventType *event_type);
-
- ProbingParserFPtr PPAlprotoMap[2];
- /* Indicates the direction the parser is ready to see the data
- * the first time for a flow. Values accepted -
- * STREAM_TOSERVER, STREAM_TOCLIENT */
- uint8_t first_data_dir;
-
-#ifdef UNITTESTS
- void (*RegisterUnittests)(void);
-#endif
-} AppLayerProto;
-
-/** flags for the result elmts */
-#define ALP_RESULT_ELMT_ALLOC 0x01
-
-/** \brief Result elements for the parser */
-typedef struct AppLayerParserResultElmt_ {
- uint16_t flags; /* flags. E.g. local alloc */
- uint16_t name_idx; /* idx for names like "http.request_line.uri" */
-
- uint32_t data_len; /* length of the data from the ptr */
- uint8_t *data_ptr; /* point to the position in the "input" data
- * or ptr to new mem if local alloc flag set */
- struct AppLayerParserResultElmt_ *next;
-} AppLayerParserResultElmt;
-
-/** \brief List head for parser result elmts */
-typedef struct AppLayerParserResult_ {
- AppLayerParserResultElmt *head;
- AppLayerParserResultElmt *tail;
- uint32_t cnt;
-} AppLayerParserResult;
-
-#define APP_LAYER_PARSER_USE 0x01
-#define APP_LAYER_PARSER_EOF 0x02
-#define APP_LAYER_PARSER_DONE 0x04 /**< parser is done, ignore more
- msgs */
-#define APP_LAYER_PARSER_NO_INSPECTION 0x08 /**< Flag to indicate no more
- packets payload inspection */
-#define APP_LAYER_PARSER_NO_REASSEMBLY 0x10 /**< Flag to indicate no more
- packets reassembly for this
- session */
-
-#define APP_LAYER_TRANSACTION_EOF 0x01 /**< Session done, last transaction
- as well */
-#define APP_LAYER_TRANSACTION_TOSERVER 0x02 /**< transaction has been inspected
- in to server direction. */
-#define APP_LAYER_TRANSACTION_TOCLIENT 0x04 /**< transaction has been inspected
- in to server direction. */
-
-typedef struct AppLayerParserState_ {
- uint8_t flags;
- uint16_t cur_parser; /**< idx of currently active parser */
- uint8_t *store;
- uint32_t store_len;
- uint16_t parse_field;
-} AppLayerParserState;
-
-typedef struct AppLayerParserStateStore_ {
- AppLayerParserState to_client;
- AppLayerParserState to_server;
-
- /** flags related to the id's */
- uint8_t id_flags;
-
- /* Indicates the current transaction that is being indicated. We have
- * a var per direction. */
- uint64_t inspect_id[2];
- /* Indicates the current transaction being logged. Unlike inspect_id,
- * we don't need a var per direction since we don't log a transaction
- * unless we have the entire transaction. */
- uint64_t log_id;
- uint16_t version; /**< state version, incremented for each update,
- * can wrap around */
-
- /* Used to store decoder events */
- AppLayerDecoderEvents *decoder_events;
-} AppLayerParserStateStore;
-
-typedef struct AppLayerParserTableElement_ {
- int (*AppLayerParser)(Flow *f, void *protocol_state, AppLayerParserState
- *parser_state, uint8_t *input, uint32_t input_len,
- void *local_storage, AppLayerParserResult *output);
-
- char *name;
-
- uint16_t proto;
- uint16_t parser_local_id; /**< local id of the parser in the parser itself. */
-} AppLayerParserTableElement;
-
-typedef struct AppLayerProbingParserElement_ {
- char *al_proto_name;
- uint16_t al_proto;
- /* \todo don't really need it. See if you can get rid of it */
- uint16_t port;
- /* \todo calculate at runtime and get rid of this var */
- uint32_t al_proto_mask;
- /* \todo check if we can reduce the bottom 2 vars to uint16_t */
- /* the min length of data that has to be supplied to invoke the parser */
- uint32_t min_depth;
- /* the max length of data after which this parser won't be invoked */
- uint32_t max_depth;
- /* the probing parser function */
- ProbingParserFPtr ProbingParser;
-
- struct AppLayerProbingParserElement_ *next;
-} AppLayerProbingParserElement;
-
-typedef struct AppLayerProbingParserPort_ {
- /* the port no for which probing parser(s) are invoked */
- uint16_t port;
-
- uint32_t toserver_al_proto_mask;
- uint32_t toclient_al_proto_mask;
- /* the max depth for all the probing parsers registered for this port */
- uint16_t toserver_max_depth;
- uint16_t toclient_max_depth;
-
- AppLayerProbingParserElement *toserver;
- AppLayerProbingParserElement *toclient;
-
- struct AppLayerProbingParserPort_ *next;
-} AppLayerProbingParserPort;
-
-typedef struct AppLayerProbingParser_ {
- uint16_t ip_proto;
- AppLayerProbingParserPort *port;
-
- struct AppLayerProbingParser_ *next;
-} AppLayerProbingParser;
-
-extern AppLayerProto al_proto_table[];
-
-static inline
-AppLayerProbingParserPort *AppLayerGetProbingParsers(AppLayerProbingParser *pp,
- uint16_t ip_proto,
- uint16_t port)
-{
- while (pp != NULL) {
- if (pp->ip_proto == ip_proto)
- break;
-
- pp = pp->next;
- }
-
- if (pp == NULL)
- return NULL;
-
- AppLayerProbingParserPort *pp_port = pp->port;
- while (pp_port != NULL) {
- if (pp_port->port == port || pp_port->port == 0) {
- break;
- }
- pp_port = pp_port->next;
- }
-
- return pp_port;
-}
-
-struct AlpProtoDetectCtx_;
-
-/* prototypes */
-void AppLayerParsersInitPostProcess(void);
-void RegisterAppLayerParsers(void);
-void AppLayerParserRegisterTests(void);
-
-/* registration */
-int AppLayerRegisterProto(char *name, uint8_t proto, uint8_t flags,
- int (*AppLayerParser)(Flow *f, void *protocol_state,
- AppLayerParserState *parser_state,
- uint8_t *input, uint32_t input_len,
- void *local_data,
- AppLayerParserResult *output));
-int AppLayerRegisterParser(char *name, uint16_t proto, uint16_t parser_id,
- int (*AppLayerParser)(Flow *f, void *protocol_state,
- AppLayerParserState *parser_state,
- uint8_t *input, uint32_t input_len,
- void *local_data,
- AppLayerParserResult *output),
- char *dependency);
-void AppLayerRegisterParserAcceptableDataDirection(uint16_t al_proto,
- uint8_t flags);
-void AppLayerMapProbingParserAgainstAlproto(uint16_t al_proto,
- uint8_t flags,
- ProbingParserFPtr ProbingParser);
-void AppLayerRegisterProbingParser(struct AlpProtoDetectCtx_ *,
- uint16_t ip_proto,
- char *portstr,
- char *al_proto_name, uint16_t al_proto,
- uint16_t min_depth, uint16_t max_depth,
- uint8_t flags,
- ProbingParserFPtr ProbingParser);
-#ifdef UNITTESTS
-void AppLayerParserRegisterUnittests(uint16_t proto, void (*RegisterUnittests)(void));
-#endif
-void AppLayerRegisterStateFuncs(uint16_t proto, void *(*StateAlloc)(void),
- void (*StateFree)(void *));
-void AppLayerRegisterLocalStorageFunc(uint16_t proto,
- void *(*LocalStorageAlloc)(void),
- void (*LocalStorageFree)(void *));
-void *AppLayerGetProtocolParserLocalStorage(uint16_t);
-void AppLayerRegisterGetFilesFunc(uint16_t proto,
- FileContainer *(*StateGetFile)(void *, uint8_t));
-void AppLayerRegisterGetEventsFunc(uint16_t proto,
- AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t));
-void AppLayerRegisterHasEventsFunc(uint16_t proto,
- int (*StateHasEvents)(void *));
-
-void AppLayerRegisterLogger(uint16_t proto);
-uint16_t AppLayerGetProtoByName(const char *);
-const char *AppLayerGetProtoString(int proto);
-void AppLayerRegisterTruncateFunc(uint16_t proto, void (*Truncate)(void *, uint8_t));
-void AppLayerRegisterGetAlstateProgressFunc(uint16_t alproto,
- int (*StateGetAlstateProgress)(void *alstate, uint8_t direction));
-void AppLayerRegisterTxFreeFunc(uint16_t proto,
- void (*StateTransactionFree)(void *, uint64_t));
-void AppLayerRegisterGetTxCnt(uint16_t alproto,
- uint64_t (*StateGetTxCnt)(void *alstate));
-void AppLayerRegisterGetTx(uint16_t alproto,
- void *(*StateGetTx)(void *alstate, uint64_t tx_id));
-void AppLayerRegisterGetAlstateProgressCompletionStatus(uint16_t alproto,
- int (*StateProgressCompletionStatus)(uint8_t direction));
-void AppLayerRegisterGetEventInfo(uint16_t alproto,
- int (*StateGetEventInfo)(const char *event_name,
- int *event_id,
- AppLayerEventType *event_type));
-
-int AppLayerParse(void *, Flow *, uint8_t,
- uint8_t, uint8_t *, uint32_t);
-
-int AlpParseFieldBySize(AppLayerParserResult *, AppLayerParserState *, uint16_t,
- uint32_t, uint8_t *, uint32_t, uint32_t *);
-int AlpParseFieldByEOF(AppLayerParserResult *, AppLayerParserState *, uint16_t,
- uint8_t *, uint32_t);
-int AlpParseFieldByDelimiter(AppLayerParserResult *, AppLayerParserState *,
- uint16_t, const uint8_t *, uint8_t, uint8_t *,
- uint32_t, uint32_t *);
-
-
-/***** transaction handling *****/
-
-/**
- * \brief Update the current log id. Does one step increments currently.
- *
- * \param f Flow.
- */
-void AppLayerTransactionUpdateLogId(Flow *f);
-
-/**
- * \brief Get the current log id.
- *
- * \param f Flow.
- */
-uint64_t AppLayerTransactionGetLogId(Flow *f);
-
-/**
- * \brief Updates the inspection id for the alstate.
- *
- * \param f Pointer to the flow(LOCKED).
- * \param direction Direction. 0 - toserver, 1 - toclient.
- */
-void AppLayerTransactionUpdateInspectId(Flow *f, uint8_t direction);
-
-/**
- * \brief Get the current tx id to be inspected.
- *
- * \param f Flow.
- * \param flags Flags.
- *
- * \retval A positive integer value.
- */
-uint64_t AppLayerTransactionGetInspectId(Flow *f, uint8_t flags);
-
-uint64_t AppLayerTransactionGetActive(Flow *f, uint8_t flags);
-
-
-void AppLayerSetEOF(Flow *);
-
-
-
-/***** cleanup *****/
-
-void AppLayerParserCleanupState(Flow *);
-void AppLayerFreeProbingParsers(AppLayerProbingParser *);
-void AppLayerPrintProbingParsers(AppLayerProbingParser *);
-
-void AppLayerListSupportedProtocols(void);
-AppLayerDecoderEvents *AppLayerGetDecoderEventsForFlow(Flow *);
-AppLayerDecoderEvents *AppLayerGetEventsFromFlowByTx(Flow *f, uint64_t tx_id);
-int AppLayerProtoIsTxEventAware(uint16_t alproto);
-int AppLayerFlowHasDecoderEvents(Flow *f, uint8_t flags);
-
-/***** Alproto param retrieval ******/
-
-/**
- * \brief get the version of the state in a direction
- *
- * \param f Flow(LOCKED).
- * \param direction STREAM_TOSERVER or STREAM_TOCLIENT
- */
-uint16_t AppLayerGetStateVersion(Flow *f);
-
-FileContainer *AppLayerGetFilesFromFlow(Flow *, uint8_t);
-
-/**
- * \brief Get the state progress.
- *
- * This is a generic wrapper to each ALPROTO. The value returned
- * needs to be interpreted by the caller, based on the ALPROTO_*
- * the caller supplies.
- *
- * The state can be anything based on what the ALPROTO handler
- * expects. We have given a return value of int, although a range
- * of -128 to 127 (int8_t) should be more than sufficient.
- *
- * \param alproto The app protocol.
- * \param state App state.
- * \param dir Directin. 0 - ts, 1 - tc.
- *
- * \retval An integer value indicating the current progress of "state".
- */
-int AppLayerGetAlstateProgress(uint16_t alproto, void *state, uint8_t direction);
-
-/**
- * \brief Get the no of txs.
- *
- * \param alproto The app protocol.
- * \param alstate App state.
- *
- * \retval A positive integer value indicating the no of txs.
- */
-uint64_t AppLayerGetTxCnt(uint16_t alproto, void *alstate);
-
-/**
- * \brief Get a tx referenced by the id.
- *
- * \param alproto The app protocol
- * \param alstate App state.
- * \param tx_id The transaction id.
- *
- * \retval Tx instance.
+#define APP_LAYER_PARSER_EOF 0x01
+#define APP_LAYER_PARSER_NO_INSPECTION 0x02
+#define APP_LAYER_PARSER_NO_REASSEMBLY 0x04
+
+int AppLayerParserSetup(void);
+
+int AppLayerParserDeSetup(void);
+
+/**
+ * \brief Gets a new app layer protocol's parser thread context.
+ *
+ * \retval Non-NULL pointer on success.
+ * NULL pointer on failure.
+ */
+void *AppLayerParserGetCtxThread(void);
+
+/**
+ * \brief Destroys the app layer parser thread context obtained
+ * using AppLayerParserGetCtxThread().
+ *
+ * \param tctx Pointer to the thread context to be destroyed.
+ */
+void AppLayerParserDestroyCtxThread(void *tctx);
+
+/**
+ * \brief Given a protocol name, checks if the parser is enabled in
+ * the conf file.
+ *
+ * \param alproto_name Name of the app layer protocol.
+ *
+ * \retval 1 If enabled.
+ * \retval 0 If disabled.
*/
-void *AppLayerGetTx(uint16_t alproto, void *alstate, uint64_t tx_id);
+int AppLayerParserConfParserEnabled(const char *ipproto,
+ const char *alproto_name);
-/**
- * \brief Get the state value for the following alproto, that corresponds to
- * COMPLETE or DONE.
- *
- * \param alproto The app protocol.
- * \param direction The direction. 0 - ts, 1 - tc.
- *
- * \retval An integer value indicating the state value.
- */
-int AppLayerGetAlstateProgressCompletionStatus(uint16_t alproto, uint8_t direction);
+/***** Parser related registration *****/
/**
- * \brief Informs if the alproto supports transactions or not.
- *
- * \param alproto The app protocol.
- * \param direction The direction. 0 - ts, 1 - tc.
+ * \brief Register app layer parser for the protocol.
*
- * \retval 1 If true; 0 If false.
+ * \retval 0 On success.
+ * \retval -1 On failure.
*/
-int AppLayerAlprotoSupportsTxs(uint16_t alproto);
+int AppLayerParserRegisterParser(uint16_t ip_proto, AppProto alproto,
+ uint8_t direction,
+ int (*Parser)(Flow *f, void *protocol_state,
+ void *pstate,
+ uint8_t *buf, uint32_t buf_len,
+ void *local_storage));
+void AppLayerParserRegisterParserAcceptableDataDirection(uint16_t ipproto,
+ AppProto alproto,
+ uint8_t direction);
+void AppLayerParserRegisterStateFuncs(uint16_t ipproto, AppProto alproto,
+ void *(*StateAlloc)(void),
+ void (*StateFree)(void *));
+void AppLayerParserRegisterLocalStorageFunc(uint16_t ipproto, AppProto proto,
+ void *(*LocalStorageAlloc)(void),
+ void (*LocalStorageFree)(void *));
+void AppLayerParserRegisterGetFilesFunc(uint16_t ipproto, AppProto alproto,
+ FileContainer *(*StateGetFiles)(void *, uint8_t));
+void AppLayerParserRegisterGetEventsFunc(uint16_t ipproto, AppProto proto,
+ AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t));
+void AppLayerParserRegisterHasEventsFunc(uint16_t ipproto, AppProto alproto,
+ int (*StateHasEvents)(void *));
+void AppLayerParserRegisterLogger(uint16_t ipproto, AppProto alproto);
+void AppLayerParserRegisterTruncateFunc(uint16_t ipproto, AppProto alproto,
+ void (*Truncate)(void *, uint8_t));
+void AppLayerParserRegisterGetStateProgressFunc(uint16_t ipproto, AppProto alproto,
+ int (*StateGetStateProgress)(void *alstate, uint8_t direction));
+void AppLayerParserRegisterTxFreeFunc(uint16_t ipproto, AppProto alproto,
+ void (*StateTransactionFree)(void *, uint64_t));
+void AppLayerParserRegisterGetTxCnt(uint16_t ipproto, AppProto alproto,
+ uint64_t (*StateGetTxCnt)(void *alstate));
+void AppLayerParserRegisterGetTx(uint16_t ipproto, AppProto alproto,
+ void *(StateGetTx)(void *alstate, uint64_t tx_id));
+void AppLayerParserRegisterGetStateProgressCompletionStatus(uint16_t ipproto,
+ uint16_t alproto,
+ int (*StateGetStateProgressCompletionStatus)(uint8_t direction));
+void AppLayerParserRegisterGetEventInfo(uint16_t ipproto, AppProto alproto,
+ int (*StateGetEventInfo)(const char *event_name, int *event_id,
+ AppLayerEventType *event_type));
-/**
- * \brief Triggers raw reassembly.
- *
- * \param f Flow pointer.
- */
-void AppLayerTriggerRawStreamReassembly(Flow *);
+/***** Get and transaction functions *****/
-/**
- * \brief Informs if the specified alproto's parser is enabled.
- *
- * \param alproto Character string holding the alproto name.
- */
-int AppLayerParserEnabled(const char *alproto);
+void *AppLayerParserGetProtocolParserLocalStorage(uint16_t ipproto, AppProto alproto);
+void AppLayerParserDestroyProtocolParserLocalStorage(uint16_t ipproto, AppProto alproto,
+ void *local_data);
-/**
- * \brief Informs if the specified alproto has detection enabled.
- *
- * \param alproto Character string holding the alproto name.
- */
-int AppLayerProtoDetectionEnabled(const char *alproto);
-/**
- * \brief Gets event info for this alproto.
- *
- * \param alproto Character string holding the alproto name.
- * \param event_name Name of the event.
- * \param event_id Pointer to an instance to send back event id.
- */
-int AppLayerGetEventInfo(uint16_t alproto, const char *event_name,
- int *event_id, AppLayerEventType *event_type);
+uint64_t AppLayerParserGetTransactionLogId(void *pstate);
+void AppLayerParserSetTransactionLogId(void *pstate);
+uint64_t AppLayerParserGetTransactionInspectId(void *pstate, uint8_t direction);
+void AppLayerParserSetTransactionInspectId(void *pstate,
+ uint16_t ipproto, AppProto alproto, void *alstate,
+ uint8_t direction);
+AppLayerDecoderEvents *AppLayerParserGetDecoderEvents(void *pstate);
+void AppLayerParserSetDecoderEvents(void *pstate, AppLayerDecoderEvents *devents);
+AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint16_t ipproto, AppProto alproto, void *alstate,
+ uint64_t tx_id);
+uint16_t AppLayerParserGetStateVersion(void *pstate);
+FileContainer *AppLayerParserGetFiles(uint16_t ipproto, AppProto alproto,
+ void *alstate, uint8_t direction);
+int AppLayerParserGetStateProgress(uint16_t ipproto, AppProto alproto,
+ void *alstate, uint8_t direction);
+uint64_t AppLayerParserGetTxCnt(uint16_t ipproto, AppProto alproto, void *alstate);
+void *AppLayerParserGetTx(uint16_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id);
+int AppLayerParserGetStateProgressCompletionStatus(uint16_t ipproto, AppProto alproto,
+ uint8_t direction);
+int AppLayerParserGetEventInfo(uint16_t ipproto, AppProto alproto, const char *event_name,
+ int *event_id, AppLayerEventType *event_type);
-/***** Utility *****/
+uint64_t AppLayerParserGetTransactionActive(uint16_t ipproto, AppProto alproto, void *pstate, uint8_t direction);
-void AppLayerParseProbingParserPorts(const char *al_proto_name, uint16_t al_proto,
- uint16_t min_depth, uint16_t max_depth,
- ProbingParserFPtr ProbingParser);
+uint8_t AppLayerParserGetFirstDataDir(uint16_t ipproto, uint16_t alproto);
+/***** General *****/
+
+int AppLayerParserParse(void *tctx, Flow *f, AppProto alproto,
+ uint8_t flags, uint8_t *input, uint32_t input_len);
+void AppLayerParserSetEOF(void *pstate);
+int AppLayerParserHasDecoderEvents(uint16_t ipproto, AppProto alproto, void *alstate, void *pstate,
+ uint8_t flags);
+int AppLayerParserProtocolIsTxEventAware(uint16_t ipproto, AppProto alproto);
+int AppLayerParserProtocolSupportsTxs(uint16_t ipproto, AppProto alproto);
+void AppLayerParserTriggerRawStreamReassembly(Flow *f);
+
+/***** Cleanup *****/
+
+void AppLayerParserCleanupParserState(uint16_t ipproto, AppProto alproto, void *alstate, void *pstate);
+
+void AppLayerParserRegisterProtocolParsers(void);
+
+
+void AppLayerParserParserStateSetFlag(void *pstate, uint8_t flag);
+int AppLayerParserParserStateIssetFlag(void *pstate, uint8_t flag);
+
+void AppLayerParserStreamTruncated(uint16_t ipproto, AppProto alproto, void *alstate,
+ uint8_t direction);
+
+
+
+void *AppLayerParserAllocAppLayerParserParserState(void);
+void AppLayerParserDeAllocAppLayerParserParserState(void *pstate);
+
+
+
+#ifdef DEBUG
+void AppLayerParserPrintDetailsParserState(void *pstate);
+#endif
/***** Unittests *****/
-/**
- * \brief Backup al_proto_table.
- *
- * Currently we backup only the event table. Feel free to backup
- * other stuff as and when required.
- */
-void AppLayerParserBackupAlprotoTable(void);
-void AppLayerParserRestoreAlprotoTable(void);
+#ifdef UNITTESTS
+void AppLayerParserRegisterProtocolUnittests(uint16_t ipproto, AppProto alproto,
+ void (*RegisterUnittests)(void));
+void AppLayerParserRegisterUnittests(void);
+void AppLayerParserBackupParserTable(void);
+void AppLayerParserRestoreParserTable(void);
+#endif
-#endif /* __APP_LAYER_PARSER_H__ */
+#endif /* __APP_LAYER_PARSER__H__ */
#define CASE_CODE(E) case E: return #E
-/**
- * \brief Maps the ALPROTO_*, to its string equivalent.
- *
- * \param alproto App layer protocol id.
- *
- * \retval String equivalent for the alproto.
- */
const char *AppProtoToString(AppProto alproto)
{
const char *proto_name = NULL;
case ALPROTO_DCERPC:
proto_name = "dcerpc";
break;
- case ALPROTO_DCERPC_UDP:
- proto_name = "dcerpcudp";
- break;
case ALPROTO_IRC:
proto_name = "irc";
break;
- case ALPROTO_DNS_TCP:
- proto_name = "dnstcp";
- break;
- case ALPROTO_DNS_UDP:
- proto_name = "dnsudp";
- break;
case ALPROTO_DNS:
proto_name = "dns";
break;
ALPROTO_SMB,
ALPROTO_SMB2,
ALPROTO_DCERPC,
- ALPROTO_DCERPC_UDP,
ALPROTO_IRC,
ALPROTO_DNS,
- ALPROTO_DNS_UDP,
- ALPROTO_DNS_TCP,
/* used by the probing parser when alproto detection fails
* permanently for that particular stream */
typedef uint16_t AppProto;
+/**
+ * \brief Maps the ALPROTO_*, to its string equivalent.
+ *
+ * \param alproto App layer protocol id.
+ *
+ * \retval String equivalent for the alproto.
+ */
const char *AppProtoToString(AppProto alproto);
#endif /* __APP_LAYER_PROTOS__H__ */
-
#include "stream-tcp.h"
#include "stream.h"
+#include "app-layer.h"
#include "app-layer-detect-proto.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
*/
/* For WriteAndX we need to get writeandxdataoffset */
static uint32_t SMBParseWriteAndX(Flow *f, void *smb_state,
- AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
- AppLayerParserResult *output) {
+ void *pstate, uint8_t *input, uint32_t input_len)
+{
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
* \brief SMB Read AndX Response Parsing
*/
static uint32_t SMBParseReadAndX(Flow *f, void *smb_state,
- AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
- AppLayerParserResult *output) {
+ void *pstate, uint8_t *input, uint32_t input_len)
+{
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
}
static uint32_t SMBParseTransact(Flow *f, void *smb_state,
- AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
- AppLayerParserResult *output) {
+ void *pstate, uint8_t *input, uint32_t input_len)
+{
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
/**
* Handle variable length padding for WriteAndX and ReadAndX
*/
-static uint32_t PaddingParser(void *smb_state, AppLayerParserState *pstate,
- uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
+static uint32_t PaddingParser(void *smb_state, void *pstate,
+ uint8_t *input, uint32_t input_len)
+{
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
* \retval -1 f DCERPCParser does not validate
* \retval Number of bytes processed
*/
-static int32_t DataParser(void *smb_state, AppLayerParserState *pstate,
- uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
+static int32_t DataParser(void *smb_state, void *pstate,
+ uint8_t *input, uint32_t input_len)
+{
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
* Determine if this is an SMB AndX Command
*/
static uint32_t SMBGetWordCount(Flow *f, void *smb_state,
- AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
- AppLayerParserResult *output) {
+ void *pstate, uint8_t *input, uint32_t input_len)
+{
SCEnter();
if (input_len > 0) {
*/
static uint32_t SMBGetByteCount(Flow *f, void *smb_state,
- AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
- AppLayerParserResult *output) {
+ void *pstate, uint8_t *input, uint32_t input_len)
+{
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
* until sstate->wordcount.wordcount bytes are parsed.
*/
static uint32_t SMBParseWordCount(Flow *f, void *smb_state,
- AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
- AppLayerParserResult *output) {
+ void *pstate, uint8_t *input, uint32_t input_len)
+{
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
if ((sstate->smb.flags & SMB_FLAGS_SERVER_TO_REDIR) && sstate->smb.command
== SMB_COM_READ_ANDX) {
- retval = SMBParseReadAndX(f, sstate, pstate, input, input_len,
- output);
+ retval = SMBParseReadAndX(f, sstate, pstate, input, input_len);
if (retval <= sstate->wordcount.wordcountleft) {
sstate->wordcount.wordcountleft -= retval;
SCLogDebug("SMB_COM_READ_ANDX returned %d - %u bytes at offset %"PRIu64"", retval, sstate->andx.datalength, sstate->andx.dataoffset);
} else if (((sstate->smb.flags & SMB_FLAGS_SERVER_TO_REDIR) == 0)
&& sstate->smb.command == SMB_COM_WRITE_ANDX) {
- retval = SMBParseWriteAndX(f, sstate, pstate, input,
- input_len, output);
+ retval = SMBParseWriteAndX(f, sstate, pstate, input, input_len);
if (retval <= sstate->wordcount.wordcountleft) {
sstate->wordcount.wordcountleft -= retval;
SCLogDebug("SMB_COM_WRITE_ANDX returned %d - %u bytes at offset %"PRIu64"", retval, sstate->andx.datalength, sstate->andx.dataoffset);
}
} else if (sstate->smb.command == SMB_COM_TRANSACTION) {
- retval = SMBParseTransact(f, sstate, pstate, input, input_len,
- output);
+ retval = SMBParseTransact(f, sstate, pstate, input, input_len);
if (retval <= sstate->wordcount.wordcountleft) {
sstate->wordcount.wordcountleft -= retval;
SCLogDebug("SMB_COM_TRANSACTION returned %d - %u bytes at offset %"PRIu64"", retval, sstate->andx.datalength, sstate->andx.dataoffset);
* until sstate->bytecount.bytecount bytes are parsed.
*/
static uint32_t SMBParseByteCount(Flow *f, void *smb_state,
- AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
- AppLayerParserResult *output)
+ void *pstate, uint8_t *input, uint32_t input_len)
{
SCEnter();
(sstate->smb.command == SMB_COM_TRANSACTION))
{
if (sstate->andx.paddingparsed == 0) {
- ures = PaddingParser(sstate, pstate, input + parsed, input_len, output);
+ ures = PaddingParser(sstate, pstate, input + parsed, input_len);
if (ures <= input_len) {
parsed += ures;
input_len -= ures;
if (sstate->andx.datalength && input_len) {
/* Uncomment the next line to help debug DCERPC over SMB */
//hexdump(f, input + parsed, input_len);
- sres = DataParser(sstate, pstate, input + parsed, input_len, output);
+ sres = DataParser(sstate, pstate, input + parsed, input_len);
if (sres != -1 && sres <= (int32_t)input_len) {
parsed += (uint32_t)sres;
input_len -= (uint32_t)sres;
* \retval 0 no input or already done
*/
static uint32_t NBSSParseHeader(Flow *f, void *smb_state,
- AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
- AppLayerParserResult *output) {
+ void *pstate, uint8_t *input, uint32_t input_len)
+{
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
* \retval -1 error
*/
static int SMBParseHeader(Flow *f, void *smb_state,
- AppLayerParserState *pstate, uint8_t *input, uint32_t input_len,
- AppLayerParserResult *output) {
+ void *pstate, uint8_t *input, uint32_t input_len)
+{
SCEnter();
SMBState *sstate = (SMBState *) smb_state;
SCReturnInt((p - input));
}
-static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate,
+static int SMBParse(Flow *f, void *smb_state, void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output, uint8_t dir)
+ void *local_data, uint8_t dir)
{
SCEnter();
while (input_len && sstate->bytesprocessed < NBSS_HDR_LEN) {
retval = NBSSParseHeader(f, smb_state, pstate, input + parsed,
- input_len, output);
+ input_len);
if (retval && retval <= input_len) {
parsed += retval;
input_len -= retval;
sstate->bytesprocessed < NBSS_HDR_LEN + SMB_HDR_LEN)) {
/* inside while */
hdrretval = SMBParseHeader(f, smb_state, pstate, input + parsed,
- input_len, output);
+ input_len);
if (hdrretval == -1 || hdrretval > (int32_t)input_len) {
SCLogDebug("Error parsing SMB Header");
sstate->bytesprocessed = 0;
(sstate->bytesprocessed == NBSS_HDR_LEN + SMB_HDR_LEN)) {
/* inside if */
retval = SMBGetWordCount(f, smb_state, pstate, input + parsed,
- input_len, output);
+ input_len);
if (retval && retval <= input_len) {
parsed += retval;
input_len -= retval;
sstate->wordcount.wordcount))) {
/* inside while */
retval = SMBParseWordCount(f, smb_state, pstate,
- input + parsed, input_len, output);
+ input + parsed, input_len);
if (retval && retval <= input_len) {
parsed += retval;
input_len -= retval;
+ sstate->wordcount.wordcount))) {
/* inside while */
retval = SMBGetByteCount(f, smb_state, pstate, input + parsed,
- input_len, output);
+ input_len);
if (retval && retval <= input_len) {
parsed += retval;
input_len -= retval;
+ sstate->bytecount.bytecount))) {
/* inside while */
retval = SMBParseByteCount(f, smb_state, pstate,
- input + parsed, input_len, output);
+ input + parsed, input_len);
if (retval && retval <= input_len) {
parsed += retval;
input_len -= retval;
} /* while (input_len) */
- pstate->parse_field = 0;
-
sstate->data_needed_for_dir = dir;
SCReturnInt(1);
}
-static int SMBParseRequest(Flow *f, void *smb_state, AppLayerParserState *pstate,
+static int SMBParseRequest(Flow *f, void *smb_state, void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *local_data)
{
- return SMBParse(f, smb_state, pstate, input, input_len, local_data, output, 0);
+ return SMBParse(f, smb_state, pstate, input, input_len, local_data, 0);
}
-static int SMBParseResponse(Flow *f, void *smb_state, AppLayerParserState *pstate,
+static int SMBParseResponse(Flow *f, void *smb_state, void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *local_data)
{
- return SMBParse(f, smb_state, pstate, input, input_len, local_data, output, 1);
+ return SMBParse(f, smb_state, pstate, input, input_len, local_data, 1);
}
return ALPROTO_UNKNOWN;
}
+static int SMBRegisterPatternsForProtocolDetection(void)
+{
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB,
+ "|ff|SMB", 8, 4, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB2,
+ "|fe|SMB", 8, 4, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+
+ return 0;
+}
+
void RegisterSMBParsers(void) {
char *proto_name = "smb";
- if (AppLayerProtoDetectionEnabled(proto_name)) {
- /** SMB */
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER);
- /** SMB2 */
- AlpProtoAdd(&alp_proto_ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER);
+ if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
+ AppLayerProtoDetectRegisterProtocol(ALPROTO_SMB, proto_name);
+ if (SMBRegisterPatternsForProtocolDetection() < 0)
+ return;
if (RunmodeIsUnittests()) {
- AppLayerRegisterProbingParser(&alp_proto_ctx,
- IPPROTO_TCP,
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
"139",
- "smb",
ALPROTO_SMB,
SMB_PROBING_PARSER_MIN_DEPTH, 0,
STREAM_TOSERVER,
SMBProbingParser);
} else {
- AppLayerParseProbingParserPorts(proto_name, ALPROTO_SMB,
- SMB_PROBING_PARSER_MIN_DEPTH, 0,
- SMBProbingParser);
+ AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
+ proto_name, ALPROTO_SMB,
+ SMB_PROBING_PARSER_MIN_DEPTH, 0,
+ SMBProbingParser);
}
- AppLayerRegisterParserAcceptableDataDirection(ALPROTO_SMB, STREAM_TOSERVER);
+ AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_SMB, STREAM_TOSERVER);
} else {
SCLogInfo("Protocol detection and parser disabled for %s protocol.",
proto_name);
return;
}
- if (AppLayerParserEnabled(proto_name)) {
- AppLayerRegisterProto(proto_name, ALPROTO_SMB, STREAM_TOSERVER, SMBParseRequest);
- AppLayerRegisterProto(proto_name, ALPROTO_SMB, STREAM_TOCLIENT, SMBParseResponse);
- AppLayerRegisterStateFuncs(ALPROTO_SMB, SMBStateAlloc, SMBStateFree);
+ if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_SMB, STREAM_TOSERVER, SMBParseRequest);
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_SMB, STREAM_TOCLIENT, SMBParseResponse);
+ AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_SMB, SMBStateAlloc, SMBStateFree);
} else {
SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
"still on.", proto_name);
}
#ifdef UNITTESTS
- AppLayerParserRegisterUnittests(ALPROTO_SMB, SMBParserRegisterTests);
+ AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_SMB, SMBParserRegisterTests);
#endif
return;
}
uint32_t smblen = sizeof(smbbuf) - 1;
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_EOF, smbbuf, smblen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_EOF, smbbuf, smblen);
if (r != 0) {
printf("smb header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint32_t smblen = sizeof(smbbuf);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_EOF, smbbuf, smblen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_EOF, smbbuf, smblen);
if (r != 0) {
printf("smb header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
printUUID("BIND", smb_state->dcerpc.dcerpcbindbindack.uuid_entry);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint32_t smblen2 = sizeof(smbbuf2);
uint32_t smblen3 = sizeof(smbbuf3);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
int r = 0;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_START, smbbuf1, smblen1);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_START, smbbuf1, smblen1);
if (r != 0) {
printf("smb header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf2, smblen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf2, smblen2);
if (r != 0) {
printf("smb header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf3, smblen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf3, smblen3);
if (r != 0) {
printf("smb header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
printUUID("BIND", smb_state->dcerpc.dcerpcbindbindack.uuid_entry);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint32_t smblen3 = sizeof(smbbuf3);
uint32_t smblen4 = sizeof(smbbuf4);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
int r = 0;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_START, smbbuf1, smblen1);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER|STREAM_START, smbbuf1, smblen1);
if (r != 0) {
printf("smb header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf2, smblen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf2, smblen2);
if (r != 0) {
printf("smb header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf3, smblen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf3, smblen3);
if (r != 0) {
printf("smb header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf4, smblen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf4, smblen4);
if (r != 0) {
printf("smb header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
int SMBParserTest05(void)
{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
uint8_t smbbuf1[] = {
/* session request */
0x81, 0x00, 0x00, 0x44, 0x20, 0x43, 0x4b, 0x46,
uint32_t smblen2 = sizeof(smbbuf2);
int result = 0;
- AlpProtoDetectCtx ctx;
- AlpProtoDetectThreadCtx tctx;
uint16_t alproto;
Flow f;
+ void *alpd_tctx;
memset(&f, 0, sizeof(f));
f.dp = 139;
- AlpProtoInit(&ctx);
-
/** SMB */
- AlpProtoAdd(&ctx, "smb", IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOCLIENT);
- AlpProtoAdd(&ctx, "smb", IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOCLIENT);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER);
/** SMB2 */
- AlpProtoAdd(&ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOCLIENT);
- AlpProtoAdd(&ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOCLIENT);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER);
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
"139",
- "smb",
ALPROTO_SMB,
SMB_PROBING_PARSER_MIN_DEPTH, 0,
STREAM_TOSERVER,
SMBProbingParser);
+ AppLayerProtoDetectPrepareState();
+ alpd_tctx = AppLayerProtoDetectGetCtxThread();
- AlpProtoFinalizeGlobal(&ctx);
- AlpProtoFinalizeThread(&ctx, &tctx);
-
- alproto = AppLayerDetectGetProto(&ctx, &tctx, &f,
- smbbuf1, smblen1,
- STREAM_TOSERVER, IPPROTO_TCP);
+ alproto = AppLayerProtoDetectGetProto(alpd_tctx,
+ &f,
+ smbbuf1, smblen1,
+ IPPROTO_TCP, STREAM_TOSERVER);
if (alproto != ALPROTO_UNKNOWN) {
printf("alproto is %"PRIu16 ". Should be ALPROTO_UNKNOWN\n",
alproto);
goto end;
}
- alproto = AppLayerDetectGetProto(&ctx, &tctx, &f,
- smbbuf2, smblen2,
- STREAM_TOSERVER, IPPROTO_TCP);
+ alproto = AppLayerProtoDetectGetProto(alpd_tctx,
+ &f,
+ smbbuf2, smblen2,
+ IPPROTO_TCP, STREAM_TOSERVER);
if (alproto != ALPROTO_SMB) {
printf("alproto is %"PRIu16 ". Should be ALPROTO_SMB\n",
alproto);
result = 1;
end:
- AlpProtoTestDestroy(&ctx);
- PmqFree(&tctx.toclient.pmq);
- PmqFree(&tctx.toserver.pmq);
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
+ if (alpd_tctx != NULL)
+ AppLayerProtoDetectDestroyCtxThread(alpd_tctx);
return result;
}
int SMBParserTest06(void)
{
+ AppLayerProtoDetectUnittestCtxBackup();
+ AppLayerProtoDetectSetup();
+
uint8_t smbbuf1[] = {
/* session request */
0x83, 0x00, 0x00, 0x01, 0x82
uint32_t smblen2 = sizeof(smbbuf2);
int result = 0;
- AlpProtoDetectCtx ctx;
- AlpProtoDetectThreadCtx tctx;
uint16_t alproto;
Flow f;
+ void *alpd_tctx;
memset(&f, 0, sizeof(f));
f.dp = 139;
- AlpProtoInit(&ctx);
-
/** SMB */
- AlpProtoAdd(&ctx, "smb", IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOCLIENT);
- AlpProtoAdd(&ctx, "smb", IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOCLIENT);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER);
/** SMB2 */
- AlpProtoAdd(&ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOCLIENT);
- AlpProtoAdd(&ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER);
-
- AppLayerRegisterProbingParser(&ctx,
- IPPROTO_TCP,
- "139",
- "smb",
- ALPROTO_SMB,
- SMB_PROBING_PARSER_MIN_DEPTH, 0,
- STREAM_TOSERVER,
- SMBProbingParser);
-
- AlpProtoFinalizeGlobal(&ctx);
- AlpProtoFinalizeThread(&ctx, &tctx);
-
- alproto = AppLayerDetectGetProto(&ctx, &tctx, &f,
- smbbuf1, smblen1,
- STREAM_TOSERVER, IPPROTO_TCP);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOCLIENT);
+ AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER);
+
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+ "139",
+ ALPROTO_SMB,
+ SMB_PROBING_PARSER_MIN_DEPTH, 0,
+ STREAM_TOSERVER,
+ SMBProbingParser);
+
+ AppLayerProtoDetectPrepareState();
+ alpd_tctx = AppLayerProtoDetectGetCtxThread();
+
+ alproto = AppLayerProtoDetectGetProto(alpd_tctx,
+ &f,
+ smbbuf1, smblen1,
+ IPPROTO_TCP, STREAM_TOSERVER);
if (alproto != ALPROTO_UNKNOWN) {
printf("alproto is %"PRIu16 ". Should be ALPROTO_UNKNOWN\n",
alproto);
goto end;
}
- alproto = AppLayerDetectGetProto(&ctx, &tctx, &f,
- smbbuf2, smblen2,
- STREAM_TOSERVER, IPPROTO_TCP);
+ alproto = AppLayerProtoDetectGetProto(alpd_tctx,
+ &f,
+ smbbuf2, smblen2,
+ IPPROTO_TCP, STREAM_TOSERVER);
if (alproto != ALPROTO_SMB) {
printf("alproto is %"PRIu16 ". Should be ALPROTO_SMB\n",
alproto);
result = 1;
end:
- AlpProtoTestDestroy(&ctx);
- PmqFree(&tctx.toclient.pmq);
- PmqFree(&tctx.toserver.pmq);
+ AppLayerProtoDetectDeSetup();
+ AppLayerProtoDetectUnittestCtxRestore();
+ if (alpd_tctx != NULL)
+ AppLayerProtoDetectDestroyCtxThread(alpd_tctx);
return result;
}
};
uint32_t smblen1 = sizeof(smbbuf1);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
int r = 0;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOCLIENT | STREAM_START, smbbuf1, smblen1);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOCLIENT | STREAM_START, smbbuf1, smblen1);
if (r != 0) {
printf("smb header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint32_t smblen1 = sizeof(smbbuf1);
uint32_t smblen2 = sizeof(smbbuf2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
int r = 0;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOCLIENT | STREAM_START, smbbuf1, smblen1);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOCLIENT | STREAM_START, smbbuf1, smblen1);
if (r != 0) {
printf("smb header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOCLIENT, smbbuf2, smblen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOCLIENT, smbbuf2, smblen2);
if (r != 0) {
printf("smb header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint32_t smblen1 = sizeof(smbbuf1);
uint32_t smblen2 = sizeof(smbbuf2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
int r = 0;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER | STREAM_START, smbbuf1, smblen1);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER | STREAM_START, smbbuf1, smblen1);
if (r != 0) {
printf("smb header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf2, smblen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER, smbbuf2, smblen2);
if (r != 0) {
printf("smb header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint32_t smblen1 = sizeof(smbbuf1);
uint32_t smblen2 = sizeof(smbbuf2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
int r = 0;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOSERVER | STREAM_START, smbbuf1, smblen1);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOSERVER | STREAM_START, smbbuf1, smblen1);
if (r != 0) {
printf("smb header check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_SMB, STREAM_TOCLIENT, smbbuf2, smblen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB, STREAM_TOCLIENT, smbbuf2, smblen2);
if (r == 0) {
printf("smb parser didn't return fail\n");
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
#include "stream-tcp.h"
#include "stream.h"
+#include "app-layer.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
SMB_FIELD_MAX,
};
-static uint32_t NBSSParseHeader(void *smb2_state, AppLayerParserState *pstate,
- uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
+static uint32_t NBSSParseHeader(void *smb2_state, void *pstate,
+ uint8_t *input, uint32_t input_len)
+{
SCEnter();
SMB2State *sstate = (SMB2State *) smb2_state;
uint8_t *p = input;
SCReturnUInt((uint32_t)(p - input));
}
-static uint32_t SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate,
- uint8_t *input, uint32_t input_len, AppLayerParserResult *output) {
+static uint32_t SMB2ParseHeader(void *smb2_state, void *pstate,
+ uint8_t *input, uint32_t input_len)
+{
SCEnter();
SMB2State *sstate = (SMB2State *) smb2_state;
SCReturnUInt((uint32_t)(p - input));
}
-static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate,
+static int SMB2Parse(Flow *f, void *smb2_state, void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output) {
+ void *local_data)
+{
SCEnter();
SMB2State *sstate = (SMB2State *) smb2_state;
uint32_t retval = 0;
return -1;
while (sstate->bytesprocessed < NBSS_HDR_LEN && input_len) {
- retval = NBSSParseHeader(smb2_state, pstate, input, input_len, output);
+ retval = NBSSParseHeader(smb2_state, pstate, input, input_len);
if (retval <= input_len) {
parsed += retval;
input_len -= retval;
case NBSS_SESSION_MESSAGE:
while (input_len && (sstate->bytesprocessed >= NBSS_HDR_LEN &&
sstate->bytesprocessed < NBSS_HDR_LEN + SMB2_HDR_LEN)) {
- retval = SMB2ParseHeader(smb2_state, pstate, input + parsed, input_len, output);
+ retval = SMB2ParseHeader(smb2_state, pstate, input + parsed, input_len);
if (retval <= input_len) {
parsed += retval;
input_len -= retval;
default:
break;
}
- pstate->parse_field = 0;
- pstate->flags |= APP_LAYER_PARSER_DONE;
SCReturnInt(1);
}
/** SMB2 */
char *proto_name = "smb2";
- if (AppLayerProtoDetectionEnabled(proto_name)) {
- AppLayerRegisterProto(proto_name, ALPROTO_SMB2, STREAM_TOSERVER, SMB2Parse);
- AppLayerRegisterProto(proto_name, ALPROTO_SMB2, STREAM_TOCLIENT, SMB2Parse);
- AppLayerRegisterStateFuncs(ALPROTO_SMB2, SMB2StateAlloc, SMB2StateFree);
+ if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_SMB2, STREAM_TOSERVER, SMB2Parse);
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_SMB2, STREAM_TOCLIENT, SMB2Parse);
+ AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_SMB2, SMB2StateAlloc, SMB2StateFree);
} else {
SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
"still on.", proto_name);
}
#ifdef UNITTESTS
- AppLayerParserRegisterUnittests(ALPROTO_SMB2, SMB2ParserRegisterTests);
+ AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_SMB2, SMB2ParserRegisterTests);
#endif
return;
}
uint32_t smb2len = sizeof(smb2buf) - 1;
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_SMB2, STREAM_TOSERVER|STREAM_EOF, smb2buf, smb2len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMB2, STREAM_TOSERVER|STREAM_EOF, smb2buf, smb2len);
if (r != 0) {
printf("smb2 header check returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
#include "stream-tcp.h"
#include "stream.h"
+#include "app-layer.h"
+#include "app-layer-detect-proto.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer-smtp.h"
}
static int SMTPProcessCommandBDAT(SMTPState *state, Flow *f,
- AppLayerParserState *pstate)
+ void *pstate)
{
SCEnter();
}
static int SMTPProcessCommandDATA(SMTPState *state, Flow *f,
- AppLayerParserState *pstate)
+ void *pstate)
{
SCEnter();
}
static int SMTPProcessCommandSTARTTLS(SMTPState *state, Flow *f,
- AppLayerParserState *pstate)
+ void *pstate)
{
return 0;
}
static int SMTPProcessReply(SMTPState *state, Flow *f,
- AppLayerParserState *pstate)
+ void *pstate)
{
SCEnter();
if (reply_code == SMTP_REPLY_220) {
/* we are entering STARRTTLS data mode */
state->parser_state |= SMTP_PARSER_STATE_COMMAND_DATA_MODE;
- pstate->flags |= APP_LAYER_PARSER_DONE;
- pstate->flags |= APP_LAYER_PARSER_NO_INSPECTION;
- pstate->flags |= APP_LAYER_PARSER_NO_REASSEMBLY;
+ AppLayerParserParserStateSetFlag(pstate,
+ APP_LAYER_PARSER_NO_INSPECTION |
+ APP_LAYER_PARSER_NO_REASSEMBLY);
} else {
/* decoder event */
AppLayerDecoderEventsSetEvent(f,
}
static int SMTPProcessRequest(SMTPState *state, Flow *f,
- AppLayerParserState *pstate)
+ void *pstate)
{
SCEnter();
}
static int SMTPParse(int direction, Flow *f, SMTPState *state,
- AppLayerParserState *pstate, uint8_t *input,
+ void *pstate, uint8_t *input,
uint32_t input_len,
- PatternMatcherQueue *local_data, AppLayerParserResult *output)
+ PatternMatcherQueue *local_data)
{
SCEnter();
}
static int SMTPParseClientRecord(Flow *f, void *alstate,
- AppLayerParserState *pstate,
+ void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *local_data)
{
SCEnter();
/* first arg 0 is toserver */
- return SMTPParse(0, f, alstate, pstate, input, input_len, local_data,
- output);
+ return SMTPParse(0, f, alstate, pstate, input, input_len, local_data);
}
static int SMTPParseServerRecord(Flow *f, void *alstate,
- AppLayerParserState *pstate,
+ void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *local_data)
{
SCEnter();
/* first arg 1 is toclient */
- return SMTPParse(1, f, alstate, pstate, input, input_len, local_data,
- output);
+ return SMTPParse(1, f, alstate, pstate, input, input_len, local_data);
return 0;
}
if (unlikely(pmq == NULL)) {
exit(EXIT_FAILURE);
}
- PmqSetup(pmq, 0,
+ PmqSetup(pmq,
sizeof(smtp_reply_map)/sizeof(SCEnumCharMap) - 2);
return pmq;
return 0;
}
+static int SMTPRegisterPatternsForProtocolDetection(void)
+{
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMTP,
+ "EHLO", 4, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMTP,
+ "HELO", 4, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_SMTP,
+ "QUIT", 4, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+
+ return 0;
+}
+
/**
* \brief Register the SMPT Protocol parser.
*/
{
char *proto_name = "smtp";
- if (AppLayerProtoDetectionEnabled(proto_name)) {
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_SMTP, "EHLO", 4, 0,
- STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_SMTP, "HELO", 4, 0,
- STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_SMTP, "QUIT", 4, 0,
- STREAM_TOSERVER);
+ if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
+ AppLayerProtoDetectRegisterProtocol(ALPROTO_SMTP, proto_name);
+ if (SMTPRegisterPatternsForProtocolDetection() < 0 )
+ return;
} else {
SCLogInfo("Protocol detection and parser disabled for %s protocol.",
proto_name);
return;
}
- if (AppLayerParserEnabled(proto_name)) {
- AppLayerRegisterStateFuncs(ALPROTO_SMTP, SMTPStateAlloc, SMTPStateFree);
+ if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
+ AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateAlloc, SMTPStateFree);
- AppLayerRegisterProto(proto_name, ALPROTO_SMTP, STREAM_TOSERVER,
- SMTPParseClientRecord);
- AppLayerRegisterProto(proto_name, ALPROTO_SMTP, STREAM_TOCLIENT,
- SMTPParseServerRecord);
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_SMTP, STREAM_TOSERVER,
+ SMTPParseClientRecord);
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_SMTP, STREAM_TOCLIENT,
+ SMTPParseServerRecord);
- AppLayerRegisterGetEventInfo(ALPROTO_SMTP, SMTPStateGetEventInfo);
+ AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateGetEventInfo);
- AppLayerRegisterLocalStorageFunc(ALPROTO_SMTP, SMTPLocalStorageAlloc,
- SMTPLocalStorageFree);
+ AppLayerParserRegisterLocalStorageFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPLocalStorageAlloc,
+ SMTPLocalStorageFree);
} else {
SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
"still on.", proto_name);
SMTPSetMpmState();
#ifdef UNITTESTS
- AppLayerParserRegisterUnittests(ALPROTO_SMTP, SMTPParserRegisterTests);
+ AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_SMTP, SMTPParserRegisterTests);
#endif
return;
}
uint32_t reply2_len = sizeof(reply2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
- void *thread_local_data = SMTPLocalStorageAlloc();
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- welcome_reply, welcome_reply_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ welcome_reply, welcome_reply_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request1, request1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply1, reply1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply1, reply1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply2, reply2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply2, reply2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
- SMTPLocalStorageFree(thread_local_data);
return result;
}
uint32_t reply10_len = sizeof(reply10);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
- void *thread_local_data = SMTPLocalStorageAlloc();
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- welcome_reply, welcome_reply_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ welcome_reply, welcome_reply_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request1, request1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply1, reply1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply1, reply1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply2, reply2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply2, reply2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request3, request3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request3, request3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply3, reply3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply3, reply3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request4, request4_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request4, request4_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply4, reply4_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply4, reply4_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request5_1, request5_1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request5_1, request5_1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request5_2, request5_2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request5_2, request5_2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request5_3, request5_3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request5_3, request5_3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request5_4, request5_4_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request5_4, request5_4_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request5_5, request5_5_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request5_5, request5_5_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply5, reply5_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply5, reply5_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request6, request6_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request6, request6_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply6, reply6_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply6, reply6_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request7, request7_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request7, request7_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply7, reply7_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply7, reply7_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request8, request8_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request8, request8_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply8, reply8_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply8, reply8_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request9_1, request9_1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request9_1, request9_1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request9_2, request9_2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request9_2, request9_2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request9_3, request9_3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request9_3, request9_3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request9_4, request9_4_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request9_4, request9_4_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request9_5, request9_5_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request9_5, request9_5_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply9, reply9_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply9, reply9_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request10, request10_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request10, request10_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply10, reply10_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply10, reply10_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
- SMTPLocalStorageFree(thread_local_data);
return result;
}
uint32_t reply2_len = sizeof(reply2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
- void *thread_local_data = SMTPLocalStorageAlloc();
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- welcome_reply, welcome_reply_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ welcome_reply, welcome_reply_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request1, request1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply1, reply1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply1, reply1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply2, reply2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply2, reply2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
- SMTPLocalStorageFree(thread_local_data);
return result;
}
uint32_t request1_len = sizeof(request1);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
- void *thread_local_data = SMTPLocalStorageAlloc();
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- welcome_reply, welcome_reply_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ welcome_reply, welcome_reply_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request1, request1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
- SMTPLocalStorageFree(thread_local_data);
return result;
}
uint32_t reply3_len = sizeof(reply3);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
- void *thread_local_data = SMTPLocalStorageAlloc();
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- welcome_reply, welcome_reply_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ welcome_reply, welcome_reply_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request1, request1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply1, reply1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply1, reply1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply2, reply2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply2, reply2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request3, request3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request3, request3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply3, reply3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply3, reply3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
- SMTPLocalStorageFree(thread_local_data);
return result;
}
uint32_t request6_len = sizeof(request6);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
- void *thread_local_data = SMTPLocalStorageAlloc();
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- welcome_reply, welcome_reply_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ welcome_reply, welcome_reply_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request1, request1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply1, reply1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply1, reply1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply2, reply2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply2, reply2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request3, request3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request3, request3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply3, reply3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply3, reply3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request4, request4_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request4, request4_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request5, request5_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request5, request5_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request6, request6_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request6, request6_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
- SMTPLocalStorageFree(thread_local_data);
return result;
}
int32_t request2_len = sizeof(request2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
- void *thread_local_data = SMTPLocalStorageAlloc();
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request1_1, request1_1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request1_1, request1_1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request1_2, request1_2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request1_2, request1_2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
- SMTPLocalStorageFree(thread_local_data);
return result;
}
int32_t request2_len = sizeof(request2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
- void *thread_local_data = SMTPLocalStorageAlloc();
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request1_1, request1_1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request1_1, request1_1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request1_2, request1_2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request1_2, request1_2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
- SMTPLocalStorageFree(thread_local_data);
return result;
}
int32_t request2_len = sizeof(request2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
- void *thread_local_data = SMTPLocalStorageAlloc();
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request1_1, request1_1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request1_1, request1_1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request1_2, request1_2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request1_2, request1_2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
- SMTPLocalStorageFree(thread_local_data);
return result;
}
int32_t request2_len = sizeof(request2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
- void *thread_local_data = SMTPLocalStorageAlloc();
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request1_1, request1_1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request1_1, request1_1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request1_2, request1_2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request1_2, request1_2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
- SMTPLocalStorageFree(thread_local_data);
return result;
}
int32_t request2_len = sizeof(request2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
- void *thread_local_data = SMTPLocalStorageAlloc();
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request1, request1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
- SMTPLocalStorageFree(thread_local_data);
return result;
}
};
uint32_t reply1_len = sizeof(reply1);
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
f.alproto = ALPROTO_SMTP;
StreamTcpInitConfig(TRUE);
- void *thread_local_data = SMTPLocalStorageAlloc();
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER | STREAM_START,
- request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER | STREAM_START,
+ request1, request1_len);
if (r != 0) {
printf("AppLayerParse for smtp failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT | STREAM_TOCLIENT,
- reply1, reply1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT | STREAM_TOCLIENT,
+ reply1, reply1_len);
if (r == 0) {
printf("AppLayerParse for smtp failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
- SMTPLocalStorageFree(thread_local_data);
FLOW_DESTROY(&f);
UTHFreePackets(&p, 1);
return result;
};
uint32_t request2_len = sizeof(request2);
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
f.alproto = ALPROTO_SMTP;
StreamTcpInitConfig(TRUE);
- void *thread_local_data = SMTPLocalStorageAlloc();
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER | STREAM_START,
- request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER | STREAM_START,
+ request1, request1_len);
if (r != 0) {
printf("AppLayerParse for smtp failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
- reply1, reply1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
+ reply1, reply1_len);
if (r != 0) {
printf("AppLayerParse for smtp failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
- request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER,
+ request2, request2_len);
if (r != 0) {
printf("AppLayerParse for smtp failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
- SMTPLocalStorageFree(thread_local_data);
FLOW_DESTROY(&f);
UTHFreePackets(&p, 1);
return result;
#include "stream-tcp.h"
#include "stream.h"
+#include "app-layer.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer-ssl.h"
}
static int SSLv2Decode(uint8_t direction, SSLState *ssl_state,
- AppLayerParserState *pstate, uint8_t *input,
+ void *pstate, uint8_t *input,
uint32_t input_len)
{
int retval = 0;
if ((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED) &&
(ssl_state->flags & SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED)) {
- pstate->flags |= APP_LAYER_PARSER_DONE;
- pstate->flags |= APP_LAYER_PARSER_NO_INSPECTION;
+ AppLayerParserParserStateSetFlag(pstate,
+ APP_LAYER_PARSER_NO_INSPECTION);
if (ssl_config.no_reassemble == 1)
- pstate->flags |= APP_LAYER_PARSER_NO_REASSEMBLY;
+ AppLayerParserParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
SCLogDebug("SSLv2 No reassembly & inspection has been set");
}
}
}
static int SSLv3Decode(uint8_t direction, SSLState *ssl_state,
- AppLayerParserState *pstate, uint8_t *input,
+ void *pstate, uint8_t *input,
uint32_t input_len)
{
int retval = 0;
if ((ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC) &&
(ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) {
/* set flags */
- pstate->flags |= APP_LAYER_PARSER_DONE;
- pstate->flags |= APP_LAYER_PARSER_NO_INSPECTION;
+ AppLayerParserParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_INSPECTION);
if (ssl_config.no_reassemble == 1)
- pstate->flags |= APP_LAYER_PARSER_NO_REASSEMBLY;
+ AppLayerParserParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
}
break;
*
* \retval >=0 On success.
*/
-static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserState *pstate,
+static int SSLDecode(Flow *f, uint8_t direction, void *alstate, void *pstate,
uint8_t *input, uint32_t ilen)
{
SSLState *ssl_state = (SSLState *)alstate;
return 1;
}
-int SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
+int SSLParseClientRecord(Flow *f, void *alstate, void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *local_data)
{
return SSLDecode(f, 0 /* toserver */, alstate, pstate, input, input_len);
}
-int SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
+int SSLParseServerRecord(Flow *f, void *alstate, void *pstate,
uint8_t *input, uint32_t input_len,
- void *local_data, AppLayerParserResult *output)
+ void *local_data)
{
return SSLDecode(f, 1 /* toclient */, alstate, pstate, input, input_len);
}
return 0;
}
+static int SSLRegisterPatternsForProtocolDetection(void)
+{
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|01 00 02|", 5, 2, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+
+ /** SSLv3 */
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|01 03 00|", 3, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|16 03 00|", 3, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+
+ /** TLSv1 */
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|01 03 01|", 3, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|16 03 01|", 3, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+
+ /** TLSv1.1 */
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|01 03 02|", 3, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|16 03 02|", 3, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+
+ /** TLSv1.2 */
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|01 03 03|", 3, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|16 03 03|", 3, 0, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+
+ /***** toclient direction *****/
+
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|17 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
+ {
+ return -1;
+ }
+
+ /** TLSv1 */
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|17 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
+ {
+ return -1;
+ }
+
+ /** TLSv1.1 */
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|17 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
+ {
+ return -1;
+ }
+
+ /** TLSv1.2 */
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|17 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
+ {
+ return -1;
+ }
+
+ /* Subsection - SSLv2 style record by client, but informing the server
+ * the max version it supports.
+ * Updated by Anoop Saldanha. Disabled it for now. We'll get back to
+ * it after some tests */
+#if 0
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|01 03 00|", 5, 2, STREAM_TOSERVER) < 0)
+ {
+ return -1;
+ }
+ if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+ "|00 02|", 7, 5, STREAM_TOCLIENT) < 0)
+ {
+ return -1;
+ }
+#endif
+
+ return 0;
+}
+
/**
* \brief Function to register the SSL protocol parser and other functions
*/
char *proto_name = "tls";
/** SSLv2 and SSLv23*/
- if (AppLayerProtoDetectionEnabled(proto_name)) {
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2, STREAM_TOSERVER);
- /* subsection - SSLv2 style record by client, but informing the server the max
- * version it supports */
- /* Updated by Anoop Saldanha. Disabled it for now. We'll get back to it
- * after some tests */
- //AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 5, 2, STREAM_TOSERVER);
- //AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|00 02|", 7, 5, STREAM_TOCLIENT);
-
- /** SSLv3 */
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 3, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOSERVER); /* client hello */
- /** TLSv1 */
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 01|", 3, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOSERVER); /* client hello */
- /** TLSv1.1 */
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 02|", 3, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOSERVER); /* client hello */
- /** TLSv1.2 */
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 03|", 3, 0, STREAM_TOSERVER);
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOSERVER); /* client hello */
-
- /* toclient direction */
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOCLIENT); /* server hello */
- /** TLSv1 */
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOCLIENT); /* server hello */
- /** TLSv1.1 */
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOCLIENT); /* server hello */
- /** TLSv1.2 */
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOCLIENT); /* server hello */
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|17 03 00|", 3, 0, STREAM_TOCLIENT); /* server hello */
- /** TLSv1 */
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|17 03 01|", 3, 0, STREAM_TOCLIENT); /* server hello */
- /** TLSv1.1 */
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|17 03 02|", 3, 0, STREAM_TOCLIENT); /* server hello */
- /** TLSv1.2 */
- AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|17 03 03|", 3, 0, STREAM_TOCLIENT); /* server hello */
+ if (AppLayerProtoDetectConfProtoDetectionEnabled("tcp", proto_name)) {
+ AppLayerProtoDetectRegisterProtocol(ALPROTO_TLS, proto_name);
+
+ if (SSLRegisterPatternsForProtocolDetection() < 0)
+ return;
if (RunmodeIsUnittests()) {
- AppLayerRegisterProbingParser(&alp_proto_ctx,
- IPPROTO_TCP,
+ AppLayerProtoDetectPPRegister(IPPROTO_TCP,
"443",
- proto_name,
ALPROTO_TLS,
0, 3,
STREAM_TOSERVER,
SSLProbingParser);
} else {
- AppLayerParseProbingParserPorts(proto_name, ALPROTO_TLS,
- 0, 3,
- SSLProbingParser);
+ AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
+ proto_name, ALPROTO_TLS,
+ 0, 3,
+ SSLProbingParser);
}
-
- AppLayerRegisterParserAcceptableDataDirection(ALPROTO_TLS, STREAM_TOSERVER);
} else {
SCLogInfo("Protocol detection and parser disabled for %s protocol",
proto_name);
return;
}
- if (AppLayerParserEnabled(proto_name)) {
- AppLayerRegisterProto(proto_name, ALPROTO_TLS, STREAM_TOSERVER,
- SSLParseClientRecord);
+ if (AppLayerParserConfParserEnabled("tcp", proto_name)) {
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER,
+ SSLParseClientRecord);
- AppLayerRegisterProto(proto_name, ALPROTO_TLS, STREAM_TOCLIENT,
- SSLParseServerRecord);
- AppLayerRegisterGetEventInfo(ALPROTO_TLS, SSLStateGetEventInfo);
+ AppLayerParserRegisterParser(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOCLIENT,
+ SSLParseServerRecord);
+ AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TLS, SSLStateGetEventInfo);
- AppLayerRegisterStateFuncs(ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
+ AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
+ AppLayerParserRegisterParserAcceptableDataDirection(IPPROTO_TCP, ALPROTO_TLS, STREAM_TOSERVER);
/* Get the value of no reassembly option from the config file */
if (ConfGetNode("app-layer.protocols.tls.no-reassemble") == NULL) {
}
#ifdef UNITTESTS
- AppLayerParserRegisterUnittests(ALPROTO_TLS, SSLParserRegisterTests);
+ AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_TLS, SSLParserRegisterTests);
#endif
/* Get the value of no reassembly option from the config file */
uint8_t tlsbuf[] = { 0x16, 0x03, 0x01 };
uint32_t tlslen = sizeof(tlsbuf);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_EOF, tlsbuf, tlslen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_EOF, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint8_t tlsbuf2[] = { 0x03, 0x01 };
uint32_t tlslen2 = sizeof(tlsbuf2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint8_t tlsbuf3[] = { 0x01 };
uint32_t tlslen3 = sizeof(tlsbuf3);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint8_t tlsbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x01 };
uint32_t tlslen4 = sizeof(tlsbuf4);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint8_t tlsbuf[] = { 0x16, 0x03, 0x01, 0x00, 0x01 };
uint32_t tlslen = sizeof(tlsbuf);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
tlsbuf[0] = 0x14;
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
tlsbuf[0] = 0x14;
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
tlsbuf[0] = 0x17;
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint8_t tlsbuf[] = { 0x16, 0x03, 0x01, 0x00, 0x01 };
uint32_t tlslen = sizeof(tlsbuf);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
tlsbuf[0] = 0x14;
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
tlsbuf[0] = 0x17;
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
tlsbuf[0] = 0x14;
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
tlsbuf[0] = 0x17;
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
};
uint32_t tlslen1 = sizeof(tlsbuf1);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
};
uint32_t tlslen1 = sizeof(tlsbuf1);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf1, tlslen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf1, tlslen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
0x00, 0x0a, 0x00, 0x02, 0x01, 0x00 };
uint32_t tlslen = sizeof(tlsbuf);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint8_t tlsbuf[] = { 0x16, 0x03, 0x00, 0x00, 0x01 };
uint32_t tlslen = sizeof(tlsbuf);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
tlsbuf[0] = 0x14;
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
tlsbuf[0] = 0x14;
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
tlsbuf[0] = 0x17;
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf, tlslen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
};
uint32_t buf2_len = sizeof(buf2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
};
uint32_t buf2_len = sizeof(buf2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
};
uint32_t buf2_len = sizeof(buf2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
};
uint32_t buf3_len = sizeof(buf2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf3, buf3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf3, buf3_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
};
uint32_t buf4_len = sizeof(buf4);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf3, buf3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf3, buf3_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf4, buf4_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf4, buf4_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint32_t buf2_len = sizeof(buf2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint32_t buf1_len = sizeof(buf1);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
if (r == 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint32_t buf1_len = sizeof(buf1);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
if (r == 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint32_t buf1_len = sizeof(buf1);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
if (r == 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint32_t buf2_len = sizeof(buf2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint32_t buf1_len = sizeof(buf1);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint32_t buf1_len = sizeof(buf1);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
if (r == 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint32_t buf_len = sizeof(buf);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_EOF, buf,
- buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_EOF, buf,
+ buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
0x2f, 0x34, 0x84, 0x20, 0xc5};
uint32_t buf_len = sizeof(buf);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
//AppLayerDetectProtoThreadInit();
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT | STREAM_EOF, buf,
- buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT | STREAM_EOF, buf,
+ buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
uint32_t toserver_app_data_buf_len = sizeof(toserver_app_data_buf);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
//AppLayerDetectProtoThreadInit();
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_START, chello_buf,
- chello_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_START, chello_buf,
+ chello_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, shello_buf,
- shello_buf_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, shello_buf,
+ shello_buf_len);
if (r != 0) {
printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, client_change_cipher_spec_buf,
- client_change_cipher_spec_buf_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, client_change_cipher_spec_buf,
+ client_change_cipher_spec_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, server_change_cipher_spec_buf,
- server_change_cipher_spec_buf_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, server_change_cipher_spec_buf,
+ server_change_cipher_spec_buf_len);
if (r != 0) {
printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, toserver_app_data_buf,
- toserver_app_data_buf_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, toserver_app_data_buf,
+ toserver_app_data_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- AppLayerParserStateStore *parser_state_store =
- (AppLayerParserStateStore *)f.alparser;
- AppLayerParserState *parser_state = &parser_state_store->to_server;
- if (!(parser_state->flags & APP_LAYER_PARSER_NO_INSPECTION) &&
+ if (!AppLayerParserParserStateIssetFlag(f.alparser, APP_LAYER_PARSER_NO_INSPECTION) &&
!(ssn.client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) &&
!(ssn.server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) {
printf("The flags should be set\n");
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
};
uint32_t buf2_len = sizeof(buf2);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf1, buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, buf2, buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
uint32_t client_key_exchange_cipher_enc_hs_len = sizeof(client_key_exchange_cipher_enc_hs);
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, client_hello, client_hello_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, client_hello, client_hello_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT,
- server_hello_certificate_done,
- server_hello_certificate_done_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,
+ server_hello_certificate_done,
+ server_hello_certificate_done_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER,
- client_key_exchange_cipher_enc_hs,
- client_key_exchange_cipher_enc_hs_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER,
+ client_key_exchange_cipher_enc_hs,
+ client_key_exchange_cipher_enc_hs_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
return result;
}
* \file
*
* \author Victor Julien <victor@inliniac.net>
+ * \author Anoop Saldanha <anoopsaldanha@gmail.com>
*
* Generic App-layer functions
*/
#include "suricata-common.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
+#include "app-layer-protos.h"
#include "app-layer-detect-proto.h"
#include "stream-tcp-reassemble.h"
#include "stream-tcp-private.h"
#include "util-validate.h"
#include "decode-events.h"
-//#define PRINT
-extern uint8_t engine_mode;
-
-/** \brief Get the active app layer proto from the packet
- * \param p packet pointer with a LOCKED flow
- * \retval alstate void pointer to the state
- * \retval proto (ALPROTO_UNKNOWN if no proto yet) */
-uint16_t AppLayerGetProtoFromPacket(Packet *p) {
- SCEnter();
-
- if (p == NULL || p->flow == NULL) {
- SCReturnUInt(ALPROTO_UNKNOWN);
- }
-
- DEBUG_ASSERT_FLOW_LOCKED(p->flow);
-
- SCLogDebug("p->flow->alproto %"PRIu16"", p->flow->alproto);
-
- SCReturnUInt(p->flow->alproto);
-}
-
-/** \brief Get the active app layer state from the packet
- * \param p packet pointer with a LOCKED flow
- * \retval alstate void pointer to the state
- * \retval NULL in case we have no state */
-void *AppLayerGetProtoStateFromPacket(Packet *p) {
- SCEnter();
-
- if (p == NULL || p->flow == NULL) {
- SCReturnPtr(NULL, "void");
- }
-
- DEBUG_ASSERT_FLOW_LOCKED(p->flow);
-
- SCLogDebug("p->flow->alproto %"PRIu16"", p->flow->alproto);
-
- SCLogDebug("p->flow %p", p->flow);
- SCReturnPtr(p->flow->alstate, "void");
-}
-
-/** \brief Get the active app layer state from the flow
- * \param f flow pointer to a LOCKED flow
- * \retval alstate void pointer to the state
- * \retval NULL in case we have no state */
-void *AppLayerGetProtoStateFromFlow(Flow *f) {
- SCEnter();
-
- DEBUG_ASSERT_FLOW_LOCKED(f);
-
- if (f == NULL) {
- SCReturnPtr(NULL, "void");
- }
-
- SCLogDebug("f->alproto %"PRIu16"", f->alproto);
-
- SCReturnPtr(f->alstate, "void");
-}
-
-/** global app layer detection context */
-extern AlpProtoDetectCtx alp_proto_ctx;
-
/**
- * \brief Handle a chunk of TCP data
- *
- * If the protocol is yet unknown, the proto detection code is run first.
- *
- * \param dp_ctx Thread app layer detect context
- * \param f Flow
- * \param ssn TCP Session
- * \param data ptr to reassembled data
- * \param data_len length of the data chunk
- * \param flags control flags
- *
- * During detection this function can call the stream reassembly,
- * inline or non-inline for the opposing direction, while already
- * being called by the same stream reassembly for a particular
- * direction. This should cause any issues, since processing of
- * each stream is independent of the other stream.
- *
- * \retval 0 ok
- * \retval -1 error
+ * \brief This is for the app layer in general and it contains per thread
+ * context relevant to both the alpd and alp.
*/
+typedef struct AppLayerCtxThread_ {
+ /* App layer protocol detection thread context, from AppLayerProtoDetectGetCtxThread(). */
+ void *alpd_tctx;
+ /* App layer parser thread context, from AppLayerParserGetCtxThread(). */
+ void *alp_tctx;
+
+#ifdef PROFILING
+ uint64_t ticks_start;
+ uint64_t ticks_end;
+ uint64_t ticks_spent;
+ uint16_t alproto;
+ uint64_t proto_detect_ticks_start;
+ uint64_t proto_detect_ticks_end;
+ uint64_t proto_detect_ticks_spent;
+#endif
+} AppLayerCtxThread;
+
+/***** L7 layer dispatchers *****/
+
int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
- Flow *f, TcpSession *ssn, TcpStream *stream,
- uint8_t *data, uint32_t data_len, Packet *p,
+ Packet *p, Flow *f,
+ TcpSession *ssn, TcpStream *stream,
+ uint8_t *data, uint32_t data_len,
uint8_t flags)
{
SCEnter();
- AlpProtoDetectThreadCtx *dp_ctx = &ra_ctx->dp_ctx;
DEBUG_ASSERT_FLOW_LOCKED(f);
+ AppLayerCtxThread *app_tctx = ra_ctx->app_tctx;
+ uint16_t *alproto;
+ uint16_t *alproto_otherdir;
+ uint8_t dir;
+ uint32_t data_al_so_far;
int r = 0;
-
-#if DEBUG
- BUG_ON(f == NULL);
- BUG_ON(ssn == NULL);
-#endif
+ uint8_t first_data_dir;
SCLogDebug("data_len %u flags %02X", data_len, flags);
if (f->flags & FLOW_NO_APPLAYER_INSPECTION) {
SCLogDebug("FLOW_AL_NO_APPLAYER_INSPECTION is set");
- SCReturnInt(r);
+ goto end;
}
- uint16_t *alproto;
- uint16_t *alproto_otherdir;
- uint8_t dir;
if (flags & STREAM_TOSERVER) {
alproto = &f->alproto_ts;
alproto_otherdir = &f->alproto_tc;
alproto_otherdir = &f->alproto_ts;
dir = 1;
}
- SCLogDebug("dir %u alproto %u alproto_other_dir %u",
- dir, *alproto, *alproto_otherdir);
- //PrintRawDataFp(stdout, data, data_len);
/* if we don't know the proto yet and we have received a stream
* initializer message, we run proto detection.
* only run the proto detection once. */
if (*alproto == ALPROTO_UNKNOWN && (flags & STREAM_GAP)) {
StreamTcpSetStreamFlagAppProtoDetectionCompleted(stream);
- SCLogDebug("ALPROTO_UNKNOWN flow %p, due to GAP in stream start", f);
StreamTcpSetSessionNoReassemblyFlag(ssn, dir);
+ SCLogDebug("ALPROTO_UNKNOWN flow %p, due to GAP in stream start", f);
} else if (*alproto == ALPROTO_UNKNOWN && (flags & STREAM_START)) {
- uint32_t data_al_so_far;
if (data_len == 0)
data_al_so_far = 0;
else
}
#endif
- PACKET_PROFILING_APP_PD_START(dp_ctx);
- *alproto = AppLayerDetectGetProto(&alp_proto_ctx, dp_ctx, f,
- data, data_len, flags, IPPROTO_TCP);
- PACKET_PROFILING_APP_PD_END(dp_ctx);
- SCLogDebug("alproto %u", *alproto);
+ PACKET_PROFILING_APP_PD_START(app_tctx);
+ *alproto = AppLayerProtoDetectGetProto(app_tctx->alpd_tctx,
+ f,
+ data, data_len,
+ IPPROTO_TCP, flags);
+ PACKET_PROFILING_APP_PD_END(app_tctx);
if (*alproto != ALPROTO_UNKNOWN) {
if (*alproto_otherdir != ALPROTO_UNKNOWN && *alproto_otherdir != *alproto) {
}
f->alproto = *alproto;
- SCLogDebug("calling StreamTcpSetStreamFlagAppProtoDetectionCompleted "
- "on stream %p (%s)", stream, (stream == &ssn->client) ?
- "ssn->client" : "ssn->server");
StreamTcpSetStreamFlagAppProtoDetectionCompleted(stream);
/* if we have seen data from the other direction first, send
* will now call shortly for the opposing direction. */
if ((ssn->data_first_seen_dir & (STREAM_TOSERVER | STREAM_TOCLIENT)) &&
!(flags & ssn->data_first_seen_dir)) {
- SCLogDebug("entering opposing dir hack");
TcpStream *opposing_stream = NULL;
if (stream == &ssn->client) {
opposing_stream = &ssn->server;
p->flowflags |= FLOW_PKT_TOSERVER;
}
}
- SCLogDebug("ret %d", ret);
if (ret < 0) {
FlowSetSessionNoApplayerInspectionFlag(f);
- SCLogDebug("calling StreamTcpSetStreamFlagAppProtoDetectionCompleted "
- "on both streams");
StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->client);
StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->server);
- r = -1;
- goto end;
+ goto failure;
}
}
* flow, it shows something's fishy.
*/
if (ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) {
- if (al_proto_table[*alproto].first_data_dir &&
- !(al_proto_table[*alproto].first_data_dir & ssn->data_first_seen_dir))
- {
+ first_data_dir = AppLayerParserGetFirstDataDir(f->proto, *alproto);
+
+ if (first_data_dir && !(first_data_dir & ssn->data_first_seen_dir)) {
AppLayerDecoderEventsSetEventRaw(p->app_layer_events,
APPLAYER_WRONG_DIRECTION_FIRST_DATA);
FlowSetSessionNoApplayerInspectionFlag(f);
- SCLogDebug("calling StreamTcpSetStreamFlagAppProtoDetectionCompleted "
- "on both streams");
StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->server);
StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->client);
/* Set a value that is neither STREAM_TOSERVER, nor STREAM_TOCLIENT */
ssn->data_first_seen_dir = APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER;
- r = -1;
- goto end;
+ goto failure;
}
/* This can happen if the current direction is not the
* right direction, and the data from the other(also
* the forced call to STreamTcpAppLayerReassemble still
* hasn't managed to send data from the other direction
* to the app layer. */
- if (al_proto_table[*alproto].first_data_dir &&
- !(al_proto_table[*alproto].first_data_dir & flags))
- {
+ if (first_data_dir && !(first_data_dir & flags)) {
BUG_ON(*alproto_otherdir != ALPROTO_UNKNOWN);
- AppLayerParserCleanupState(f);
+ FlowCleanupAppLayer(f);
f->alproto = *alproto = ALPROTO_UNKNOWN;
StreamTcpResetStreamFlagAppProtoDetectionCompleted(stream);
- FLOW_RESET_PM_DONE(f, flags);
FLOW_RESET_PP_DONE(f, flags);
- r = 0;
- goto end;
+ FLOW_RESET_PM_DONE(f, flags);
+ goto failure;
}
}
/* Set a value that is neither STREAM_TOSERVER, nor STREAM_TOCLIENT */
ssn->data_first_seen_dir = APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER;
- PACKET_PROFILING_APP_START(dp_ctx, *alproto);
- r = AppLayerParse(dp_ctx->alproto_local_storage[*alproto], f, *alproto, flags, data + data_al_so_far, data_len - data_al_so_far);
- PACKET_PROFILING_APP_END(dp_ctx, *alproto);
+ PACKET_PROFILING_APP_START(app_tctx, *alproto);
+ r = AppLayerParserParse(app_tctx->alp_tctx, f, *alproto, flags, data + data_al_so_far, data_len - data_al_so_far);
+ PACKET_PROFILING_APP_END(app_tctx, *alproto);
f->data_al_so_far[dir] = 0;
} else {
- SCLogDebug("alproto == ALPROTO_UNKNOWN (%u)", *alproto);
if (*alproto_otherdir != ALPROTO_UNKNOWN) {
+ first_data_dir = AppLayerParserGetFirstDataDir(f->proto, *alproto_otherdir);
+
/* this would handle this test case -
* http parser which says it wants to see toserver data first only.
* tcp handshake
* acceptable direction we error out.
*/
if ((ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) &&
- (al_proto_table[*alproto_otherdir].first_data_dir) &&
- !(al_proto_table[*alproto_otherdir].first_data_dir & flags))
- {
- r = -1;
- FlowSetSessionNoApplayerInspectionFlag(f);
- SCLogDebug("calling StreamTcpSetStreamFlagAppProtoDetectionCompleted "
- "on both streams");
- StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->server);
- StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->client);
- goto end;
- }
+ (first_data_dir) && !(first_data_dir & flags))
+ {
+ FlowSetSessionNoApplayerInspectionFlag(f);
+ StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->server);
+ StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->client);
+ goto failure;
+ }
if (data_len > 0)
ssn->data_first_seen_dir = APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER;
- PACKET_PROFILING_APP_START(dp_ctx, *alproto_otherdir);
- r = AppLayerParse(dp_ctx->alproto_local_storage[*alproto_otherdir], f, *alproto_otherdir, flags,
+ PACKET_PROFILING_APP_START(app_tctx, *alproto_otherdir);
+ r = AppLayerParserParse(app_tctx->alp_tctx, f, *alproto_otherdir, flags,
data + data_al_so_far, data_len - data_al_so_far);
- PACKET_PROFILING_APP_END(dp_ctx, *alproto_otherdir);
+ PACKET_PROFILING_APP_END(app_tctx, *alproto_otherdir);
if (FLOW_IS_PM_DONE(f, flags) && FLOW_IS_PP_DONE(f, flags)) {
AppLayerDecoderEventsSetEventRaw(p->app_layer_events,
APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION);
- SCLogDebug("calling StreamTcpSetStreamFlagAppProtoDetectionCompleted "
- "on stream %p (%s)", stream, (stream == &ssn->client) ?
- "ssn->client" : "ssn->server");
StreamTcpSetStreamFlagAppProtoDetectionCompleted(stream);
f->data_al_so_far[dir] = 0;
} else {
f->data_al_so_far[dir] = data_len;
- SCLogDebug("data_len %u stored in flow for dir %u", data_len, dir);
}
} else {
-
- SCLogDebug("both unknown FLOW_IS_PM_DONE(f, STREAM_TOSERVER) %s "
- "FLOW_IS_PP_DONE(f, STREAM_TOSERVER) %s "
- "FLOW_IS_PM_DONE(f, STREAM_TOCLIENT) %s "
- "FLOW_IS_PP_DONE(f, STREAM_TOCLIENT) %s,"
- " stream ts %u stream tc %u",
- FLOW_IS_PM_DONE(f, STREAM_TOSERVER)?"true":"false",
- FLOW_IS_PP_DONE(f, STREAM_TOSERVER)?"true":"false",
- FLOW_IS_PM_DONE(f, STREAM_TOCLIENT)?"true":"false",
- FLOW_IS_PP_DONE(f, STREAM_TOCLIENT)?"true":"false",
- StreamTcpGetStreamSize(&ssn->client), StreamTcpGetStreamSize(&ssn->server));
-
- int flow_done = 0;
if (FLOW_IS_PM_DONE(f, STREAM_TOSERVER) && FLOW_IS_PP_DONE(f, STREAM_TOSERVER) &&
FLOW_IS_PM_DONE(f, STREAM_TOCLIENT) && FLOW_IS_PP_DONE(f, STREAM_TOCLIENT)) {
- SCLogDebug("proto detection failed for both streams");
- flow_done = 1;
- } else if (FLOW_IS_PM_DONE(f, STREAM_TOSERVER) && FLOW_IS_PP_DONE(f, STREAM_TOSERVER) &&
- StreamTcpGetStreamSize(&ssn->server) == 0 &&
- StreamTcpGetStreamSize(&ssn->client) > alp_proto_ctx.toserver.async_max) {
- SCLogDebug("%u bytes toserver and no proto, no data to "
- "client, giving up", alp_proto_ctx.toserver.async_max);
- ssn->server.flags |= STREAMTCP_STREAM_FLAG_APPPROTO_DETECTION_SKIPPED;
- flow_done = 1;
- } else if (FLOW_IS_PM_DONE(f, STREAM_TOCLIENT) && FLOW_IS_PP_DONE(f, STREAM_TOCLIENT) &&
- StreamTcpGetStreamSize(&ssn->client) == 0 &&
- StreamTcpGetStreamSize(&ssn->server) > alp_proto_ctx.toclient.async_max) {
- SCLogDebug("%u bytes toclient and no proto, no data to "
- "server, giving up", alp_proto_ctx.toclient.async_max);
- ssn->client.flags |= STREAMTCP_STREAM_FLAG_APPPROTO_DETECTION_SKIPPED;
- flow_done = 1;
- }
-
- if (flow_done) {
FlowSetSessionNoApplayerInspectionFlag(f);
StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->server);
StreamTcpSetStreamFlagAppProtoDetectionCompleted(&ssn->client);
/* if we don't have a data object here we are not getting it
* a start msg should have gotten us one */
if (f->alproto != ALPROTO_UNKNOWN) {
- PACKET_PROFILING_APP_START(dp_ctx, f->alproto);
- r = AppLayerParse(dp_ctx->alproto_local_storage[f->alproto], f, f->alproto, flags, data, data_len);
- PACKET_PROFILING_APP_END(dp_ctx, f->alproto);
+ PACKET_PROFILING_APP_START(app_tctx, f->alproto);
+ r = AppLayerParserParse(app_tctx->alp_tctx, f, f->alproto, flags, data, data_len);
+ PACKET_PROFILING_APP_END(app_tctx, f->alproto);
} else {
SCLogDebug(" smsg not start, but no l7 data? Weird");
}
}
+ goto end;
+ failure:
+ r = -1;
end:
SCReturnInt(r);
}
-/**
- * \brief Attach a stream message to the TCP session for inspection
- * in the detection engine.
- *
- * \param dp_ctx Thread app layer detect context
- * \param smsg Stream message
- *
- * \retval 0 ok
- * \retval -1 error
- */
-int AppLayerHandleTCPMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg)
+int AppLayerHandleTCPMsg(StreamMsg *smsg)
{
SCEnter();
+ TcpSession *ssn;
+ StreamMsg *cur;
+
#ifdef PRINT
printf("=> Stream Data (raw reassembly) -- start %s%s\n",
- smsg->flags & STREAM_TOCLIENT ? "toclient" : "",
- smsg->flags & STREAM_TOSERVER ? "toserver" : "");
+ smsg->flags & STREAM_TOCLIENT ? "toclient" : "",
+ smsg->flags & STREAM_TOSERVER ? "toserver" : "");
PrintRawDataFp(stdout, smsg->data.data, smsg->data.data_len);
printf("=> Stream Data -- end\n");
#endif
SCLogDebug("smsg %p", smsg);
BUG_ON(smsg->flow == NULL);
- TcpSession *ssn = smsg->flow->protoctx;
+ ssn = smsg->flow->protoctx;
if (ssn != NULL) {
SCLogDebug("storing smsg %p in the tcp session", smsg);
smsg->next = NULL;
smsg->prev = NULL;
} else {
- StreamMsg *cur = ssn->toserver_smsg_tail;
+ cur = ssn->toserver_smsg_tail;
cur->next = smsg;
smsg->prev = cur;
smsg->next = NULL;
smsg->next = NULL;
smsg->prev = NULL;
} else {
- StreamMsg *cur = ssn->toclient_smsg_tail;
+ cur = ssn->toclient_smsg_tail;
cur->next = smsg;
smsg->prev = cur;
smsg->next = NULL;
SCReturnInt(0);
}
-/**
- * \brief Handle a app layer UDP message
- *
- * If the protocol is yet unknown, the proto detection code is run first.
- *
- * \param dp_ctx Thread app layer detect context
- * \param f unlocked flow
- * \param p UDP packet
- *
- * \retval 0 ok
- * \retval -1 error
- */
-int AppLayerHandleUdp(AlpProtoDetectThreadCtx *dp_ctx, Flow *f, Packet *p)
+int AppLayerHandleUdp(void *app_tctx, Packet *p, Flow *f)
{
SCEnter();
- int r = 0;
+ AppLayerCtxThread *tctx = (AppLayerCtxThread *)app_tctx;
- if (f == NULL) {
- SCReturnInt(r);
- }
+ int r = 0;
FLOWLOCK_WRLOCK(f);
* only run the proto detection once. */
if (f->alproto == ALPROTO_UNKNOWN && !(f->flags & FLOW_ALPROTO_DETECT_DONE)) {
SCLogDebug("Detecting AL proto on udp mesg (len %" PRIu32 ")",
- p->payload_len);
+ p->payload_len);
- PACKET_PROFILING_APP_PD_START(dp_ctx);
- f->alproto = AppLayerDetectGetProto(&alp_proto_ctx, dp_ctx, f,
- p->payload, p->payload_len, flags, IPPROTO_UDP);
- PACKET_PROFILING_APP_PD_END(dp_ctx);
+ PACKET_PROFILING_APP_PD_START(tctx);
+ f->alproto = AppLayerProtoDetectGetProto(tctx->alpd_tctx,
+ f,
+ p->payload, p->payload_len,
+ IPPROTO_UDP, flags);
+ PACKET_PROFILING_APP_PD_END(tctx);
if (f->alproto != ALPROTO_UNKNOWN) {
f->flags |= FLOW_ALPROTO_DETECT_DONE;
- PACKET_PROFILING_APP_START(dp_ctx, f->alproto);
- r = AppLayerParse(dp_ctx->alproto_local_storage[f->alproto], f, f->alproto, flags,
+ PACKET_PROFILING_APP_START(tctx, f->alproto);
+ r = AppLayerParserParse(tctx->alp_tctx,
+ f, f->alproto, flags,
p->payload, p->payload_len);
- PACKET_PROFILING_APP_END(dp_ctx, f->alproto);
+ PACKET_PROFILING_APP_END(tctx, f->alproto);
} else {
f->flags |= FLOW_ALPROTO_DETECT_DONE;
SCLogDebug("ALPROTO_UNKNOWN flow %p", f);
}
} else {
SCLogDebug("stream data (len %" PRIu32 " ), alproto "
- "%"PRIu16" (flow %p)", p->payload_len, f->alproto, f);
+ "%"PRIu16" (flow %p)", p->payload_len, f->alproto, f);
/* if we don't have a data object here we are not getting it
* a start msg should have gotten us one */
if (f->alproto != ALPROTO_UNKNOWN) {
PACKET_PROFILING_APP_START(dp_ctx, f->alproto);
- r = AppLayerParse(dp_ctx->alproto_local_storage[f->alproto], f, f->alproto, flags,
+ r = AppLayerParserParse(tctx->alp_tctx,
+ f, f->alproto, flags,
p->payload, p->payload_len);
PACKET_PROFILING_APP_END(dp_ctx, f->alproto);
} else {
}
FLOWLOCK_UNLOCK(f);
- PACKET_PROFILING_APP_STORE(dp_ctx, p);
+ PACKET_PROFILING_APP_STORE(tctx, p);
SCReturnInt(r);
}
-/************Unittests*************/
+/***** Utility *****/
+
+AppProto AppLayerGetProtoByName(char *alproto_name)
+{
+ SCEnter();
+ SCReturnCT(AppLayerProtoDetectGetProtoByName(alproto_name), "AppProto");
+}
+
+char *AppLayerGetProtoName(AppProto alproto)
+{
+ SCEnter();
+ SCReturnCT(AppLayerProtoDetectGetProtoName(alproto), "char *");
+}
+
+void AppLayerListSupportedProtocols(void)
+{
+ SCEnter();
+
+ AppProto alproto;
+ AppProto alprotos[ALPROTO_MAX];
+
+ AppLayerProtoDetectSupportedAppProtocols(alprotos);
+
+ printf("=========Supported App Layer Protocols=========\n");
+ for (alproto = 0; alproto < ALPROTO_MAX; alproto++) {
+ if (alprotos[alproto] == 1)
+ printf("%s\n", AppLayerGetProtoName(alproto));
+ }
+
+ SCReturn;
+}
+
+/***** Setup/General Registration *****/
+
+int AppLayerSetup(void)
+{
+ SCEnter();
+
+ AppLayerProtoDetectSetup();
+ AppLayerParserSetup();
+
+ AppLayerParserRegisterProtocolParsers();
+ AppLayerProtoDetectPrepareState();
+
+ SCReturnInt(0);
+}
+
+int AppLayerDeSetup(void)
+{
+ SCEnter();
+
+ AppLayerProtoDetectDeSetup();
+ AppLayerParserDeSetup();
+
+ SCReturnInt(0);
+}
+
+void *AppLayerGetCtxThread(void)
+{
+ SCEnter();
+
+ AppLayerCtxThread *app_tctx = SCMalloc(sizeof(*app_tctx));
+ if (app_tctx == NULL)
+ goto error;
+ memset(app_tctx, 0, sizeof(*app_tctx));
+
+ if ((app_tctx->alpd_tctx = AppLayerProtoDetectGetCtxThread()) == NULL)
+ goto error;
+ if ((app_tctx->alp_tctx = AppLayerParserGetCtxThread()) == NULL)
+ goto error;
+
+ goto done;
+ error:
+ AppLayerDestroyCtxThread(app_tctx);
+ app_tctx = NULL;
+ done:
+ SCReturnPtr(app_tctx, "void *");
+}
+
+void AppLayerDestroyCtxThread(void *tctx)
+{
+ SCEnter();
+
+ AppLayerCtxThread *app_tctx = (AppLayerCtxThread *)tctx;
+
+ if (app_tctx->alpd_tctx != NULL)
+ AppLayerProtoDetectDestroyCtxThread(app_tctx->alpd_tctx);
+ if (app_tctx->alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(app_tctx->alp_tctx);
+ SCFree(app_tctx);
+
+ SCReturn;
+}
+
+/***** Unittests *****/
#ifdef UNITTESTS
memset(&tcph, 0, sizeof (TCPHdr));
f.flags = FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->tcph = &tcph;
/* handshake */
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_HTTP ||
- f.alproto_ts != ALPROTO_HTTP ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_HTTP ||
+ f.alproto_ts != ALPROTO_HTTP ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) {
goto end;
if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_HTTP ||
- f.alproto_ts != ALPROTO_HTTP ||
- f.alproto_tc != ALPROTO_HTTP ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_HTTP ||
+ f.alproto_ts != ALPROTO_HTTP ||
+ f.alproto_tc != ALPROTO_HTTP ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) {
StreamTcpSessionClear(p->flow->protoctx);
ret = 1;
-end:
+ end:
StreamTcpFreeConfig(TRUE);
SCFree(p);
return ret;
memset(&tcph, 0, sizeof (TCPHdr));
f.flags = FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->tcph = &tcph;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_HTTP ||
- f.alproto_ts != ALPROTO_HTTP ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_HTTP ||
+ f.alproto_ts != ALPROTO_HTTP ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) {
goto end;
if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_HTTP ||
- f.alproto_ts != ALPROTO_HTTP ||
- f.alproto_tc != ALPROTO_HTTP ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_HTTP ||
+ f.alproto_ts != ALPROTO_HTTP ||
+ f.alproto_tc != ALPROTO_HTTP ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) {
StreamTcpSessionClear(p->flow->protoctx);
ret = 1;
-end:
+ end:
StreamTcpFreeConfig(TRUE);
SCFree(p);
return ret;
/**
* \test GET -> RUBBISH(PM AND PP DONE IN ONE GO)
*/
- static int AppLayerTest03(void)
+static int AppLayerTest03(void)
{
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (unlikely(p == NULL))
memset(&tcph, 0, sizeof (TCPHdr));
f.flags = FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->tcph = &tcph;
/* handshake */
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_HTTP ||
- f.alproto_ts != ALPROTO_HTTP ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_HTTP ||
+ f.alproto_ts != ALPROTO_HTTP ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) {
goto end;
if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_HTTP ||
- f.alproto_ts != ALPROTO_HTTP ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_HTTP ||
+ f.alproto_ts != ALPROTO_HTTP ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) {
StreamTcpSessionClear(p->flow->protoctx);
ret = 1;
-end:
+ end:
StreamTcpFreeConfig(TRUE);
SCFree(p);
return ret;
memset(&tcph, 0, sizeof (TCPHdr));
f.flags = FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->tcph = &tcph;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_HTTP ||
- f.alproto_ts != ALPROTO_HTTP ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_HTTP ||
+ f.alproto_ts != ALPROTO_HTTP ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_HTTP ||
- f.alproto_ts != ALPROTO_HTTP ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 4 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_HTTP ||
+ f.alproto_ts != ALPROTO_HTTP ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 4 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_HTTP ||
- f.alproto_ts != ALPROTO_HTTP ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 4 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_HTTP ||
+ f.alproto_ts != ALPROTO_HTTP ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 4 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) {
goto end;
if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_HTTP ||
- f.alproto_ts != ALPROTO_HTTP ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_HTTP ||
+ f.alproto_ts != ALPROTO_HTTP ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) {
StreamTcpSessionClear(p->flow->protoctx);
ret = 1;
-end:
+ end:
StreamTcpFreeConfig(TRUE);
SCFree(p);
return ret;
memset(&tcph, 0, sizeof (TCPHdr));
f.flags = FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->tcph = &tcph;
/* handshake */
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_HTTP ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_HTTP ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_HTTP ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_HTTP ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) {
StreamTcpSessionClear(p->flow->protoctx);
ret = 1;
-end:
+ end:
StreamTcpFreeConfig(TRUE);
SCFree(p);
return ret;
memset(&tcph, 0, sizeof (TCPHdr));
f.flags = FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->tcph = &tcph;
/* handshake */
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOCLIENT) {
goto end;
if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_HTTP ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_HTTP ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
+ f.alproto != ALPROTO_HTTP ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_HTTP ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
!(f.flags & FLOW_NO_APPLAYER_INSPECTION) ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
StreamTcpSessionClear(p->flow->protoctx);
ret = 1;
-end:
+ end:
StreamTcpFreeConfig(TRUE);
SCFree(p);
return ret;
memset(&tcph, 0, sizeof (TCPHdr));
f.flags = FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->tcph = &tcph;
/* handshake */
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_HTTP ||
- f.alproto_ts != ALPROTO_HTTP ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_HTTP ||
+ f.alproto_ts != ALPROTO_HTTP ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) {
goto end;
if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_HTTP ||
- f.alproto_ts != ALPROTO_HTTP ||
- f.alproto_tc != ALPROTO_HTTP ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
+ f.alproto != ALPROTO_HTTP ||
+ f.alproto_ts != ALPROTO_HTTP ||
+ f.alproto_tc != ALPROTO_HTTP ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
(f.flags & FLOW_NO_APPLAYER_INSPECTION) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
StreamTcpSessionClear(p->flow->protoctx);
ret = 1;
-end:
+ end:
StreamTcpFreeConfig(TRUE);
SCFree(p);
return ret;
memset(&tcph, 0, sizeof (TCPHdr));
f.flags = FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->tcph = &tcph;
/* handshake */
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_DCERPC ||
- f.alproto_ts != ALPROTO_DCERPC ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_DCERPC ||
+ f.alproto_ts != ALPROTO_DCERPC ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER) {
goto end;
if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_DCERPC ||
- f.alproto_ts != ALPROTO_DCERPC ||
- f.alproto_tc != ALPROTO_DCERPC ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
+ f.alproto != ALPROTO_DCERPC ||
+ f.alproto_ts != ALPROTO_DCERPC ||
+ f.alproto_tc != ALPROTO_DCERPC ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
!(f.flags & FLOW_NO_APPLAYER_INSPECTION) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
StreamTcpSessionClear(p->flow->protoctx);
ret = 1;
-end:
+ end:
StreamTcpFreeConfig(TRUE);
SCFree(p);
return ret;
memset(&tcph, 0, sizeof (TCPHdr));
f.flags = FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->tcph = &tcph;
/* handshake */
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
!(f.flags & FLOW_NO_APPLAYER_INSPECTION) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
StreamTcpSessionClear(p->flow->protoctx);
ret = 1;
-end:
+ end:
StreamTcpFreeConfig(TRUE);
SCFree(p);
return ret;
memset(&tcph, 0, sizeof (TCPHdr));
f.flags = FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->tcph = &tcph;
/* handshake */
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
!(f.flags & FLOW_NO_APPLAYER_INSPECTION) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
StreamTcpSessionClear(p->flow->protoctx);
ret = 1;
-end:
+ end:
StreamTcpFreeConfig(TRUE);
SCFree(p);
return ret;
memset(&tcph, 0, sizeof (TCPHdr));
f.flags = FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->tcph = &tcph;
/* handshake */
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != 0) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
- f.flags & FLOW_NO_APPLAYER_INSPECTION ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
+ f.flags & FLOW_NO_APPLAYER_INSPECTION ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
ssn->data_first_seen_dir != STREAM_TOSERVER) {
goto end;
if (!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->server) ||
!StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(&ssn->client) ||
- f.alproto != ALPROTO_UNKNOWN ||
- f.alproto_ts != ALPROTO_UNKNOWN ||
- f.alproto_tc != ALPROTO_UNKNOWN ||
- f.data_al_so_far[0] != 0 ||
- f.data_al_so_far[1] != 0 ||
+ f.alproto != ALPROTO_UNKNOWN ||
+ f.alproto_ts != ALPROTO_UNKNOWN ||
+ f.alproto_tc != ALPROTO_UNKNOWN ||
+ f.data_al_so_far[0] != 0 ||
+ f.data_al_so_far[1] != 0 ||
!(f.flags & FLOW_NO_APPLAYER_INSPECTION) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOSERVER) || !FLOW_IS_PP_DONE(&f, STREAM_TOSERVER) ||
!FLOW_IS_PM_DONE(&f, STREAM_TOCLIENT) || !FLOW_IS_PP_DONE(&f, STREAM_TOCLIENT) ||
StreamTcpSessionClear(p->flow->protoctx);
ret = 1;
-end:
+ end:
StreamTcpFreeConfig(TRUE);
SCFree(p);
return ret;
}
-#endif
-
-void AppLayerRegisterUnittests(void)
+void AppLayerUnittestsRegister(void)
{
-#ifdef UNITTESTS
+ SCEnter();
+
UtRegisterTest("AppLayerTest01", AppLayerTest01, 1);
UtRegisterTest("AppLayerTest02", AppLayerTest02, 1);
UtRegisterTest("AppLayerTest03", AppLayerTest03, 1);
UtRegisterTest("AppLayerTest09", AppLayerTest09, 1);
UtRegisterTest("AppLayerTest10", AppLayerTest10, 1);
UtRegisterTest("AppLayerTest11", AppLayerTest11, 1);
-#endif
- return;
+ SCReturn;
}
+
+#endif /* UNITTESTS */
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2014 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
*/
/**
- * \file
- *
* \author Victor Julien <victor@inliniac.net>
+ * \author Anoop Saldanha <anoopsaldanha@gmail.com>
*/
-#ifndef __APP_LAYER_H__
-#define __APP_LAYER_H__
+#ifndef __APP_LAYER__H__
+#define __APP_LAYER__H__
-#include "flow.h"
+#include "threadvars.h"
#include "decode.h"
+#include "flow.h"
-#include "stream-tcp.h"
+#include "stream-tcp-private.h"
+#include "stream-tcp-reassemble.h"
+#include "stream.h"
-#include "app-layer-protos.h"
-#include "app-layer-parser.h"
-#include "app-layer-detect-proto.h"
+#define APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER \
+ (~STREAM_TOSERVER & ~STREAM_TOCLIENT)
-#include "stream.h"
+/***** L7 layer dispatchers *****/
+
+/**
+ * \brief Handles reassembled tcp stream.
+ */
+int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
+ Packet *p, Flow *f,
+ TcpSession *ssn, TcpStream *stream,
+ uint8_t *data, uint32_t data_len,
+ uint8_t flags);
+
+/**
+ * \brief Attach a stream message to the TCP session for inspection
+ * in the detection engine.
+ *
+ * \param app_layer_tctx Pointer to the app layer thread context.
+ * \param smsg Stream message.
+ *
+ * \retval 0 On success.
+ * \retval -1 On failure.
+ */
+int AppLayerHandleTCPMsg(StreamMsg *smsg);
+
+/**
+ * \brief Handles an udp chunk.
+ */
+int AppLayerHandleUdp(void *app_tctx, Packet *p, Flow *f);
-#define APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER (~STREAM_TOSERVER & ~STREAM_TOCLIENT)
+/***** Utility *****/
-uint16_t AppLayerGetProtoFromPacket(Packet *);
-void *AppLayerGetProtoStateFromPacket(Packet *);
-void *AppLayerGetProtoStateFromFlow(Flow *);
-int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, Flow *f,
- TcpSession *ssn, TcpStream *stream, uint8_t *data, uint32_t data_len, Packet *p, uint8_t flags);
-int AppLayerHandleTCPMsg(AlpProtoDetectThreadCtx *, StreamMsg *);
-//int AppLayerHandleMsg(AlpProtoDetectThreadCtx *, StreamMsg *);
-int AppLayerHandleUdp(AlpProtoDetectThreadCtx *, Flow *, Packet *p);
+/**
+ * \brief Given a protocol string, returns the corresponding internal
+ * protocol id.
+ *
+ * \param The internal protocol id.
+ */
+AppProto AppLayerGetProtoByName(char *alproto_name);
+
+/**
+ * \brief Given the internal protocol id, returns a string representation
+ * of the protocol.
+ *
+ * \param alproto The internal protocol id.
+ *
+ * \retval String representation of the protocol.
+ */
+char *AppLayerGetProtoName(AppProto alproto);
+
+void AppLayerListSupportedProtocols(void);
+
+/***** Setup/General Registration *****/
+
+/**
+ * \brief Setup the app layer.
+ *
+ * Includes protocol detection setup and the protocol parser setup.
+ *
+ * \retval 0 On success.
+ * \retval -1 On failure.
+ */
+int AppLayerSetup(void);
+
+/**
+ * \brief De initializes the app layer.
+ *
+ * Includes de initializing protocol detection and the protocol parser.
+ */
+int AppLayerDeSetup(void);
+
+/**
+ * \brief Creates a new app layer thread context.
+ *
+ * \retval Pointer to the newly create thread context, on success;
+ * NULL, on failure.
+ */
+void *AppLayerGetCtxThread(void);
+
+/**
+ * \brief Destroys the context created by AppLayeGetCtxThread().
+ *
+ * \param tctx Pointer to the thread context to destroy.
+ */
+void AppLayerDestroyCtxThread(void *tctx);
-void AppLayerRegisterUnittests(void);
+/***** Unittests *****/
-#endif /* __APP_LAYER_H__ */
+#ifdef UNITTESTS
+void AppLayerUnittestsRegister(void);
+#endif
+#endif
*/
#define AppLayerDecoderEventsSetEvent(f, event) \
do { \
- AppLayerParserStateStore *parser_state_store = \
- (AppLayerParserStateStore *)(f)->alparser; \
AppLayerDecoderEvents *devents = \
- parser_state_store->decoder_events; \
+ AppLayerParserGetDecoderEvents((f)->alparser); \
if (devents == NULL) { \
AppLayerDecoderEvents *new_devents = \
SCMalloc(sizeof(AppLayerDecoderEvents)); \
if (new_devents == NULL) \
break; \
memset(new_devents, 0, sizeof(AppLayerDecoderEvents)); \
- parser_state_store->decoder_events = new_devents; \
+ AppLayerParserSetDecoderEvents((f)->alparser, new_devents); \
devents = new_devents; \
} \
if (devents->cnt == devents->events_buffer_size) { \
/* handle the app layer part of the UDP packet payload */
if (unlikely(p->flow != NULL)) {
- AppLayerHandleUdp(&dtv->udp_dp_ctx, p->flow, p);
+ AppLayerHandleUdp(dtv->app_tctx, p, p->flow);
}
return TM_ECODE_OK;
#include "util-debug.h"
#include "util-mem.h"
#include "app-layer-detect-proto.h"
+#include "app-layer.h"
#include "tm-threads.h"
#include "util-error.h"
#include "util-print.h"
if ( (dtv = SCMalloc(sizeof(DecodeThreadVars))) == NULL)
return NULL;
-
memset(dtv, 0, sizeof(DecodeThreadVars));
- /* initialize UDP app layer code */
- AlpProtoFinalize2Thread(&dtv->udp_dp_ctx);
+ dtv->app_tctx = AppLayerGetCtxThread();
/** set config defaults */
int vlanbool = 0;
SCCondT cond_q;
} PacketQueue;
-/** \brief Specific ctx for AL proto detection */
-typedef struct AlpProtoDetectDirectionThread_ {
- MpmThreadCtx mpm_ctx;
- PatternMatcherQueue pmq;
-} AlpProtoDetectDirectionThread;
-
-/** \brief Specific ctx for AL proto detection */
-typedef struct AlpProtoDetectThreadCtx_ {
- AlpProtoDetectDirectionThread toserver;
- AlpProtoDetectDirectionThread toclient;
-
- void *alproto_local_storage[ALPROTO_MAX];
-
-#ifdef PROFILING
- uint64_t ticks_start;
- uint64_t ticks_end;
- uint64_t ticks_spent;
- uint16_t alproto;
- uint64_t proto_detect_ticks_start;
- uint64_t proto_detect_ticks_end;
- uint64_t proto_detect_ticks_spent;
-#endif
-} AlpProtoDetectThreadCtx;
-
/** \brief Structure to hold thread specific data for all decode modules */
typedef struct DecodeThreadVars_
{
/** Specific context for udp protocol detection (here atm) */
- AlpProtoDetectThreadCtx udp_dp_ctx;
+ void *app_tctx;
int vlan_disabled;
#include "threads.h"
#include "decode.h"
+#include "app-layer.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer-smtp.h"
#include "util-unittest-helper.h"
-int DetectAppLayerEventPktMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
- Packet *p, Signature *s, SigMatch *m);
-int DetectAppLayerEventAppMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *,
+static int DetectAppLayerEventPktMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
+ Packet *p, Signature *s, SigMatch *m);
+static int DetectAppLayerEventAppMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *,
uint8_t, void *, Signature *, SigMatch *);
-int DetectAppLayerEventSetup(DetectEngineCtx *, Signature *, char *);
-void DetectAppLayerEventRegisterTests(void);
-void DetectAppLayerEventFree(void *);
+static int DetectAppLayerEventSetupP1(DetectEngineCtx *, Signature *, char *);
+static void DetectAppLayerEventRegisterTests(void);
+static void DetectAppLayerEventFree(void *);
/**
* \brief Registers the keyword handlers for the "app-layer-event" keyword.
DetectAppLayerEventPktMatch;
sigmatch_table[DETECT_AL_APP_LAYER_EVENT].AppLayerMatch =
DetectAppLayerEventAppMatch;
- sigmatch_table[DETECT_AL_APP_LAYER_EVENT].Setup = DetectAppLayerEventSetup;
+ sigmatch_table[DETECT_AL_APP_LAYER_EVENT].Setup = DetectAppLayerEventSetupP1;
sigmatch_table[DETECT_AL_APP_LAYER_EVENT].Free = DetectAppLayerEventFree;
sigmatch_table[DETECT_AL_APP_LAYER_EVENT].RegisterTests =
DetectAppLayerEventRegisterTests;
}
-int DetectAppLayerEventPktMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
+static int DetectAppLayerEventPktMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Packet *p, Signature *s, SigMatch *m)
{
DetectAppLayerEventData *aled = (DetectAppLayerEventData *)m->ctx;
aled->event_id);
}
-int DetectAppLayerEventAppMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
+static int DetectAppLayerEventAppMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, void *state, Signature *s,
SigMatch *m)
{
FLOWLOCK_RDLOCK(f);
if (r == 0) {
- decoder_events = AppLayerGetDecoderEventsForFlow(f);
+ decoder_events = AppLayerParserGetDecoderEvents(f->alparser);
if (decoder_events != NULL &&
AppLayerDecoderEventsIsEventSet(decoder_events, aled->event_id)) {
r = 1;
return aled;
}
-static DetectAppLayerEventData *DetectAppLayerEventParseApp(const char *arg,
- AppLayerEventType *event_type)
+static int DetectAppLayerEventParseAppP2(DetectAppLayerEventData *data,
+ uint8_t *ipproto_bitarray,
+ AppLayerEventType *event_type)
+{
+ int event_id = 0;
+ const char *p_idx;
+ uint8_t ipproto;
+ char alproto_name[50];
+ int r = 0;
+
+ p_idx = strchr(data->arg, '.');
+ strlcpy(alproto_name, data->arg, p_idx - data->arg + 1);
+
+ if (ipproto_bitarray[IPPROTO_TCP / 8] & 1 << (IPPROTO_TCP % 8)) {
+ ipproto = IPPROTO_TCP;
+ } else if (ipproto_bitarray[IPPROTO_UDP / 8] & 1 << (IPPROTO_UDP % 8)) {
+ ipproto = IPPROTO_UDP;
+ } else {
+ BUG_ON(1);
+ }
+
+ r = AppLayerParserGetEventInfo(ipproto, data->alproto,
+ p_idx + 1, &event_id, event_type);
+ if (r < 0) {
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword's "
+ "protocol \"%s\" doesn't have event \"%s\" registered",
+ alproto_name, p_idx + 1);
+ return -1;
+ }
+ data->event_id = event_id;
+
+ return 0;
+}
+
+static DetectAppLayerEventData *DetectAppLayerEventParseAppP1(const char *arg)
{
/* period index */
DetectAppLayerEventData *aled;
-
uint16_t alproto;
- int event_id = 0;
-
const char *p_idx;
char alproto_name[50];
- int r = 0;
p_idx = strchr(arg, '.');
/* + 1 for trailing \0 */
strlcpy(alproto_name, arg, p_idx - arg + 1);
- /* XXX HACK to support "dns" we use this trick */
- if (strcasecmp(alproto_name, "dns") == 0)
- strlcpy(alproto_name, "dnsudp", sizeof(alproto_name));
-
alproto = AppLayerGetProtoByName(alproto_name);
if (alproto == ALPROTO_UNKNOWN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword "
alproto_name);
return NULL;
}
- r = AppLayerGetEventInfo(alproto, p_idx + 1, &event_id, event_type);
- if (r < 0) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword's "
- "protocol \"%s\" doesn't have event \"%s\" registered",
- alproto_name, p_idx + 1);
- return NULL;
- }
- aled = SCMalloc(sizeof(DetectAppLayerEventData));
+ aled = SCMalloc(sizeof(*aled));
if (unlikely(aled == NULL))
return NULL;
- memset(aled,0x00,sizeof(*aled));
+ memset(aled, 0x00, sizeof(*aled));
aled->alproto = alproto;
- aled->event_id = event_id;
+ aled->arg = SCStrdup(arg);
+ if (aled->arg == NULL) {
+ SCFree(aled);
+ return NULL;
+ }
return aled;
}
static DetectAppLayerEventData *DetectAppLayerEventParse(const char *arg,
AppLayerEventType *event_type)
{
+ *event_type = 0;
+
if (arg == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword supplied "
"with no arguments. This keyword needs an argument.");
if (strchr(arg, '.') == NULL) {
return DetectAppLayerEventParsePkt(arg, event_type);
} else {
- return DetectAppLayerEventParseApp(arg, event_type);
+ return DetectAppLayerEventParseAppP1(arg);
+ }
+}
+
+static int DetectAppLayerEventSetupP2(Signature *s,
+ SigMatch *sm)
+{
+ AppLayerEventType event_type = 0;
+
+ if (DetectAppLayerEventParseAppP2(sm->ctx, s->proto.proto,
+ &event_type) < 0)
+ {
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "App layer event setup "
+ "phase2 failure.");
+ return -1;
}
+ if (event_type == APP_LAYER_EVENT_TYPE_GENERAL)
+ SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH);
+ else
+ SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_APP_EVENT);
+ /* We should have set this flag already in SetupP1 */
+ s->flags |= SIG_FLAG_APPLAYER;
+
+ return 0;
}
-int DetectAppLayerEventSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
+static int DetectAppLayerEventSetupP1(DetectEngineCtx *de_ctx, Signature *s, char *arg)
{
DetectAppLayerEventData *data = NULL;
SigMatch *sm = NULL;
sm->ctx = (void *)data;
if (s->alproto != ALPROTO_UNKNOWN) {
- if (s->alproto == ALPROTO_DNS &&
- (data->alproto == ALPROTO_DNS_UDP || data->alproto == ALPROTO_DNS_TCP))
- {
- SCLogDebug("DNS app layer event");
- } else if (s->alproto != data->alproto) {
+ if (s->alproto != data->alproto) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains "
"conflicting keywords needing different alprotos");
goto error;
if (event_type == APP_LAYER_EVENT_TYPE_PACKET) {
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
- } else if (event_type == APP_LAYER_EVENT_TYPE_GENERAL) {
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH);
- s->flags |= SIG_FLAG_APPLAYER;
} else {
- /* implied APP_LAYER_EVENT_TYPE_TRANSACTION */
+ /* We push it to this list temporarily. We deal with
+ * these in DetectAppLayerEventPrepare(). */
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_APP_EVENT);
s->flags |= SIG_FLAG_APPLAYER;
}
return -1;
}
-void DetectAppLayerEventFree(void *ptr)
+static void DetectAppLayerEventFree(void *ptr)
{
+ DetectAppLayerEventData *data = (DetectAppLayerEventData *)ptr;
+ if (data->arg != NULL)
+ SCFree(data->arg);
+
SCFree(ptr);
return;
}
+int DetectAppLayerEventPrepare(Signature *s)
+{
+ SigMatch *sm = s->sm_lists[DETECT_SM_LIST_APP_EVENT];
+ s->sm_lists[DETECT_SM_LIST_APP_EVENT] = NULL;
+ s->sm_lists_tail[DETECT_SM_LIST_APP_EVENT] = NULL;
+
+ while (sm != NULL) {
+ sm->next = sm->prev = NULL;
+ if (DetectAppLayerEventSetupP2(s, sm) < 0)
+ return -1;
+ sm = sm->next;
+ }
+
+ return 0;
+}
+
/**********************************Unittests***********************************/
#ifdef UNITTESTS /* UNITTESTS */
int DetectAppLayerEventTest01(void)
{
- AppLayerParserBackupAlprotoTable();
- AppLayerRegisterGetEventInfo(ALPROTO_SMTP,
- DetectAppLayerEventTestGetEventInfo);
+ AppLayerParserBackupParserTable();
+ AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_SMTP,
+ DetectAppLayerEventTestGetEventInfo);
AppLayerEventType event_type;
int result = 0;
+ uint8_t ipproto_bitarray[256 / 8];
+ memset(ipproto_bitarray, 0, sizeof(ipproto_bitarray));
+ ipproto_bitarray[IPPROTO_TCP / 8] |= 1 << (IPPROTO_TCP % 8);
DetectAppLayerEventData *aled = DetectAppLayerEventParse("smtp.event1",
&event_type);
if (aled == NULL)
goto end;
+ if (DetectAppLayerEventParseAppP2(aled, ipproto_bitarray, &event_type) < 0) {
+ printf("failure 1\n");
+ goto end;
+ }
if (aled->alproto != ALPROTO_SMTP ||
aled->event_id != APP_LAYER_EVENT_TEST_MAP_EVENT1) {
printf("test failure. Holding wrong state\n");
result = 1;
end:
- AppLayerParserRestoreAlprotoTable();
+ AppLayerParserRestoreParserTable();
if (aled != NULL)
DetectAppLayerEventFree(aled);
return result;
int DetectAppLayerEventTest02(void)
{
- AppLayerParserBackupAlprotoTable();
+ AppLayerParserBackupParserTable();
- AppLayerRegisterGetEventInfo(ALPROTO_SMTP,
- DetectAppLayerEventTestGetEventInfo);
- AppLayerRegisterGetEventInfo(ALPROTO_HTTP,
- DetectAppLayerEventTestGetEventInfo);
- AppLayerRegisterGetEventInfo(ALPROTO_SMB,
- DetectAppLayerEventTestGetEventInfo);
- AppLayerRegisterGetEventInfo(ALPROTO_FTP,
- DetectAppLayerEventTestGetEventInfo);
+ AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_SMTP,
+ DetectAppLayerEventTestGetEventInfo);
+ AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_HTTP,
+ DetectAppLayerEventTestGetEventInfo);
+ AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_SMB,
+ DetectAppLayerEventTestGetEventInfo);
+ AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_FTP,
+ DetectAppLayerEventTestGetEventInfo);
AppLayerEventType event_type;
int result = 0;
+ uint8_t ipproto_bitarray[256 / 8];
+ memset(ipproto_bitarray, 0, sizeof(ipproto_bitarray));
+ ipproto_bitarray[IPPROTO_TCP / 8] |= 1 << (IPPROTO_TCP % 8);
DetectAppLayerEventData *aled = DetectAppLayerEventParse("smtp.event1",
&event_type);
if (aled == NULL)
goto end;
+ if (DetectAppLayerEventParseAppP2(aled, ipproto_bitarray, &event_type) < 0) {
+ printf("failure 1\n");
+ goto end;
+ }
if (aled->alproto != ALPROTO_SMTP ||
aled->event_id != APP_LAYER_EVENT_TEST_MAP_EVENT1) {
printf("test failure. Holding wrong state\n");
&event_type);
if (aled == NULL)
goto end;
+ if (DetectAppLayerEventParseAppP2(aled, ipproto_bitarray, &event_type) < 0) {
+ printf("failure 1\n");
+ goto end;
+ }
if (aled->alproto != ALPROTO_SMTP ||
aled->event_id != APP_LAYER_EVENT_TEST_MAP_EVENT4) {
printf("test failure. Holding wrong state\n");
&event_type);
if (aled == NULL)
goto end;
+ if (DetectAppLayerEventParseAppP2(aled, ipproto_bitarray, &event_type) < 0) {
+ printf("failure 1\n");
+ goto end;
+ }
if (aled->alproto != ALPROTO_HTTP ||
aled->event_id != APP_LAYER_EVENT_TEST_MAP_EVENT2) {
printf("test failure. Holding wrong state\n");
&event_type);
if (aled == NULL)
goto end;
+ if (DetectAppLayerEventParseAppP2(aled, ipproto_bitarray, &event_type) < 0) {
+ printf("failure 1\n");
+ goto end;
+ }
if (aled->alproto != ALPROTO_SMB ||
aled->event_id != APP_LAYER_EVENT_TEST_MAP_EVENT3) {
printf("test failure. Holding wrong state\n");
&event_type);
if (aled == NULL)
goto end;
+ if (DetectAppLayerEventParseAppP2(aled, ipproto_bitarray, &event_type) < 0) {
+ printf("failure 1\n");
+ goto end;
+ }
if (aled->alproto != ALPROTO_FTP ||
aled->event_id != APP_LAYER_EVENT_TEST_MAP_EVENT5) {
printf("test failure. Holding wrong state\n");
result = 1;
end:
- AppLayerParserRestoreAlprotoTable();
+ AppLayerParserRestoreParserTable();
if (aled != NULL)
DetectAppLayerEventFree(aled);
return result;
goto end;
FLOW_INITIALIZE(f);
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
f->flags |= FLOW_IPV4;
p = PacketGetFromAlloc();
StreamTcpInitConfig(TRUE);
p->flowflags = FLOW_PKT_TOSERVER;
- if (AppLayerHandleTCPData(&tv, ra_ctx, f, &ssn, &stream_ts, buf_ts,
- sizeof(buf_ts), p, STREAM_TOSERVER | STREAM_START) < 0) {
+ if (AppLayerHandleTCPData(&tv, ra_ctx, p, f, &ssn, &stream_ts, buf_ts,
+ sizeof(buf_ts), STREAM_TOSERVER | STREAM_START) < 0) {
printf("AppLayerHandleTCPData failure\n");
goto end;
}
}
p->flowflags = FLOW_PKT_TOCLIENT;
- if (AppLayerHandleTCPData(&tv, ra_ctx, f, &ssn, &stream_tc, buf_tc,
- sizeof(buf_tc), p, STREAM_TOCLIENT | STREAM_START) < 0) {
+ if (AppLayerHandleTCPData(&tv, ra_ctx, p, f, &ssn, &stream_tc, buf_tc,
+ sizeof(buf_tc), STREAM_TOCLIENT | STREAM_START) < 0) {
printf("AppLayerHandleTCPData failure\n");
goto end;
}
goto end;
FLOW_INITIALIZE(f);
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
f->flags |= FLOW_IPV4;
p = PacketGetFromAlloc();
StreamTcpInitConfig(TRUE);
p->flowflags = FLOW_PKT_TOSERVER;
- if (AppLayerHandleTCPData(&tv, ra_ctx, f, &ssn, &stream_ts, buf_ts,
- sizeof(buf_ts), p, STREAM_TOSERVER | STREAM_START) < 0) {
+ if (AppLayerHandleTCPData(&tv, ra_ctx, p, f, &ssn, &stream_ts, buf_ts,
+ sizeof(buf_ts), STREAM_TOSERVER | STREAM_START) < 0) {
printf("AppLayerHandleTCPData failure\n");
goto end;
}
}
p->flowflags = FLOW_PKT_TOCLIENT;
- if (AppLayerHandleTCPData(&tv, ra_ctx, f, &ssn, &stream_tc, buf_tc,
- sizeof(buf_tc), p, STREAM_TOCLIENT | STREAM_START) < 0) {
+ if (AppLayerHandleTCPData(&tv, ra_ctx, p, f, &ssn, &stream_tc, buf_tc,
+ sizeof(buf_tc), STREAM_TOCLIENT | STREAM_START) < 0) {
printf("AppLayerHandleTCPData failure\n");
goto end;
}
goto end;
FLOW_INITIALIZE(f);
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
f->flags |= FLOW_IPV4;
p = PacketGetFromAlloc();
StreamTcpInitConfig(TRUE);
p->flowflags = FLOW_PKT_TOSERVER;
- if (AppLayerHandleTCPData(&tv, ra_ctx, f, &ssn, &stream_ts, buf_ts,
- sizeof(buf_ts), p, STREAM_TOSERVER | STREAM_START) < 0) {
+ if (AppLayerHandleTCPData(&tv, ra_ctx, p, f, &ssn, &stream_ts, buf_ts,
+ sizeof(buf_ts), STREAM_TOSERVER | STREAM_START) < 0) {
printf("AppLayerHandleTCPData failure\n");
goto end;
}
}
p->flowflags = FLOW_PKT_TOCLIENT;
- if (AppLayerHandleTCPData(&tv, ra_ctx, f, &ssn, &stream_tc, buf_tc,
- sizeof(buf_tc), p, STREAM_TOCLIENT | STREAM_START) < 0) {
+ if (AppLayerHandleTCPData(&tv, ra_ctx, p, f, &ssn, &stream_tc, buf_tc,
+ sizeof(buf_tc), STREAM_TOCLIENT | STREAM_START) < 0) {
printf("AppLayerHandleTCPData failure\n");
goto end;
}
typedef struct DetectAppLayerEventData_ {
uint16_t alproto;
int event_id;
+
+ char *arg;
} DetectAppLayerEventData;
+int DetectAppLayerEventPrepare(Signature *s);
void DetectAppLayerEventRegister(void);
#endif /* __DETECT_APP_LAYER_EVENT_H__ */
#include "detect-engine.h"
#include "detect-parse.h"
#include "detect-app-layer-protocol.h"
+#include "app-layer.h"
#include "app-layer-parser.h"
#include "util-debug.h"
#include "util-unittest.h"
while (*arg != '\0' && isspace((unsigned char)*arg))
arg++;
- if (strcasecmp(arg, "dns") == 0) {
- alproto = ALPROTO_DNS;
- } else {
- alproto = AppLayerGetProtoByName(arg);
- if (alproto == ALPROTO_UNKNOWN) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-protocol "
- "keyword supplied with unknown protocol \"%s\"", arg);
- return NULL;
- }
+ alproto = AppLayerGetProtoByName((char *)arg);
+ if (alproto == ALPROTO_UNKNOWN) {
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-protocol "
+ "keyword supplied with unknown protocol \"%s\"", arg);
+ return NULL;
}
data = SCMalloc(sizeof(DetectAppLayerProtocolData));
uint32_t dcerpc_bindack_len = sizeof(dcerpc_bindack);
uint32_t dcerpc_request_len = sizeof(dcerpc_request);
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
SCLogDebug("handling to_server chunk");
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- dcerpc_bind, dcerpc_bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ dcerpc_bind, dcerpc_bind_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
SCLogDebug("handling to_client chunk");
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack,
- dcerpc_bindack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack,
+ dcerpc_bindack_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_request,
- dcerpc_request_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_request,
+ dcerpc_request_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
uint32_t dcerpc_request3_len = sizeof(dcerpc_request3);
uint32_t dcerpc_response3_len = sizeof(dcerpc_response3);
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
memset(&f, 0, sizeof(f));
SCLogDebug("chunk 1, bind");
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- dcerpc_bind, dcerpc_bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ dcerpc_bind, dcerpc_bind_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
SCLogDebug("chunk 2, bind_ack");
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack,
- dcerpc_bindack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack,
+ dcerpc_bindack_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
SCLogDebug("chunk 3, request 1");
/* request1 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1,
- dcerpc_request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1,
+ dcerpc_request1_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
SCLogDebug("sending response1");
/* response1 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1,
- dcerpc_response1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1,
+ dcerpc_response1_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
SCLogDebug("sending request2");
/* request2 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2,
- dcerpc_request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2,
+ dcerpc_request2_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
}
/* response2 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response2,
- dcerpc_response2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response2,
+ dcerpc_response2_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
}
/* request3 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request3,
- dcerpc_request3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request3,
+ dcerpc_request3_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
}
/* response3 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF,
- dcerpc_response3, dcerpc_response3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF,
+ dcerpc_response3, dcerpc_response3_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
uint32_t dcerpc_bindack_len = sizeof(dcerpc_bindack);
uint32_t dcerpc_request_len = sizeof(dcerpc_request);
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- dcerpc_bind, dcerpc_bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ dcerpc_bind, dcerpc_bind_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
goto end;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack,
- dcerpc_bindack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack,
+ dcerpc_bindack_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_request,
- dcerpc_request_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_request,
+ dcerpc_request_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
};
uint32_t dcerpc_request2_len = sizeof(dcerpc_request2);
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- dcerpc_bind, dcerpc_bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ dcerpc_bind, dcerpc_bind_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
goto end;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack,
- dcerpc_bindack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack,
+ dcerpc_bindack_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_alter_context,
- dcerpc_alter_context_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_alter_context,
+ dcerpc_alter_context_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_alter_context_resp,
- dcerpc_alter_context_resp_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_alter_context_resp,
+ dcerpc_alter_context_resp_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1,
- dcerpc_request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1,
+ dcerpc_request1_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1,
- dcerpc_response1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1,
+ dcerpc_response1_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2,
- dcerpc_request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2,
+ dcerpc_request2_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
uint32_t dcerpc_bindack_len = sizeof(dcerpc_bindack);
uint32_t dcerpc_request_len = sizeof(dcerpc_request);
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- dcerpc_bind, dcerpc_bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ dcerpc_bind, dcerpc_bind_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- dcerpc_bindack, dcerpc_bindack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ dcerpc_bindack, dcerpc_bindack_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_EOF,
- dcerpc_request, dcerpc_request_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_EOF,
+ dcerpc_request, dcerpc_request_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
uint32_t dcerpc_request_len = sizeof(dcerpc_request);
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- dcerpc_request, dcerpc_request_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ dcerpc_request, dcerpc_request_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
uint32_t dcerpc_request3_len = sizeof(dcerpc_request3);
uint32_t dcerpc_response3_len = sizeof(dcerpc_response3);
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
SCLogDebug("sending bind");
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- dcerpc_bind, dcerpc_bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ dcerpc_bind, dcerpc_bind_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc bind failed. Returned %" PRId32, r);
goto end;
SCLogDebug("sending bind_ack");
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- dcerpc_bindack, dcerpc_bindack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ dcerpc_bindack, dcerpc_bindack_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
SCLogDebug("sending request1");
/* request1 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- dcerpc_request1, dcerpc_request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ dcerpc_request1, dcerpc_request1_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
SCLogDebug("sending response1");
/* response1 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- dcerpc_response1, dcerpc_response1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ dcerpc_response1, dcerpc_response1_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
}
/* request2 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- dcerpc_request2, dcerpc_request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ dcerpc_request2, dcerpc_request2_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
}
/* response2 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- dcerpc_response2, dcerpc_response2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ dcerpc_response2, dcerpc_response2_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
}
/* request3 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- dcerpc_request3, dcerpc_request3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ dcerpc_request3, dcerpc_request3_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
}
/* response3 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF,
- dcerpc_response3, dcerpc_response3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF,
+ dcerpc_response3, dcerpc_response3_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
uint32_t dcerpc_request3_len = sizeof(dcerpc_request3);
uint32_t dcerpc_response3_len = sizeof(dcerpc_response3);
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
/* request1 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- dcerpc_request1, dcerpc_request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ dcerpc_request1, dcerpc_request1_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
printf("AppLayerParse for dcerpcrequest1 failed. Returned %" PRId32, r);
goto end;
/* response1 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- dcerpc_response1, dcerpc_response1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ dcerpc_response1, dcerpc_response1_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
printf("AppLayerParse for dcerpcresponse1 failed. Returned %" PRId32, r);
goto end;
/* request2 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- dcerpc_request2, dcerpc_request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ dcerpc_request2, dcerpc_request2_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
printf("AppLayerParse for dcerpcrequest2 failed. Returned %" PRId32, r);
goto end;
/* response2 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- dcerpc_response2, dcerpc_response2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ dcerpc_response2, dcerpc_response2_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
printf("AppLayerParse for dcerpcresponse2 failed. Returned %" PRId32, r);
goto end;
/* request3 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- dcerpc_request3, dcerpc_request3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ dcerpc_request3, dcerpc_request3_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
printf("AppLayerParse for dcerpc request3 failed. Returned %" PRId32, r);
goto end;
/* response3 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF,
- dcerpc_response3, dcerpc_response3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF,
+ dcerpc_response3, dcerpc_response3_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
printf("AppLayerParse for dcerpc response3 failed. Returned %" PRId32, r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
uint32_t dcerpc_request2_len = sizeof(dcerpc_request2);
uint32_t dcerpc_response2_len = sizeof(dcerpc_response2);
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- dcerpc_bind, dcerpc_bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ dcerpc_bind, dcerpc_bind_len);
if (r != 0) {
printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack,
- dcerpc_bindack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack,
+ dcerpc_bindack_len);
if (r != 0) {
printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
/* request1 */
SCLogDebug("Sending request1");
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1,
- dcerpc_request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1,
+ dcerpc_request1_len);
if (r != 0) {
printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
}
/* response1 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1,
- dcerpc_response1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1,
+ dcerpc_response1_len);
if (r != 0) {
printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
}
/* request2 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2,
- dcerpc_request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2,
+ dcerpc_request2_len);
if (r != 0) {
printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
}
/* response2 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, dcerpc_response2,
- dcerpc_response2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, dcerpc_response2,
+ dcerpc_response2_len);
if (r != 0) {
printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
uint32_t dcerpc_request2_len = sizeof(dcerpc_request2);
uint32_t dcerpc_response2_len = sizeof(dcerpc_response2);
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
/* request1 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1,
- dcerpc_request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1,
+ dcerpc_request1_len);
if (r != 0) {
printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
goto end;
/* response1 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1,
- dcerpc_response1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1,
+ dcerpc_response1_len);
if (r != 0) {
printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
/* request2 */
printf("Sending Request2\n");
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2,
- dcerpc_request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2,
+ dcerpc_request2_len);
if (r != 0) {
printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
goto end;
/* response2 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, dcerpc_response2,
- dcerpc_response2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF, dcerpc_response2,
+ dcerpc_response2_len);
if (r != 0) {
printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
goto end;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
uint32_t dcerpc_bind_len = sizeof(dcerpc_bind);
uint32_t dcerpc_bindack_len = sizeof(dcerpc_bindack);
uint32_t dcerpc_request_len = sizeof(dcerpc_request);
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- dcerpc_bind, dcerpc_bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ dcerpc_bind, dcerpc_bind_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
/* do detect */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack,
- dcerpc_bindack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack,
+ dcerpc_bindack_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
goto end;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_EOF,
- dcerpc_request, dcerpc_request_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_EOF,
+ dcerpc_request, dcerpc_request_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
uint32_t dcerpc_request_len = sizeof(dcerpc_request);
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- dcerpc_request, dcerpc_request_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ dcerpc_request, dcerpc_request_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
uint32_t dcerpc_request3_len = sizeof(dcerpc_request3);
uint32_t dcerpc_response3_len = sizeof(dcerpc_response3);
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- dcerpc_bind, dcerpc_bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ dcerpc_bind, dcerpc_bind_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack,
- dcerpc_bindack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_bindack,
+ dcerpc_bindack_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
/* request1 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1,
- dcerpc_request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request1,
+ dcerpc_request1_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
/* response1 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1,
- dcerpc_response1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response1,
+ dcerpc_response1_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
/* request2 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2,
- dcerpc_request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request2,
+ dcerpc_request2_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
/* response2 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response2,
- dcerpc_response2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, dcerpc_response2,
+ dcerpc_response2_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
/* request3 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request3,
- dcerpc_request3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, dcerpc_request3,
+ dcerpc_request3_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
/* response3 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF,
- dcerpc_response3, dcerpc_response3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF,
+ dcerpc_response3, dcerpc_response3_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
uint32_t dcerpc_request3_len = sizeof(dcerpc_request3);
uint32_t dcerpc_response3_len = sizeof(dcerpc_response3);
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
/* request1 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
- dcerpc_request1, dcerpc_request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER | STREAM_START,
+ dcerpc_request1, dcerpc_request1_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
/* response1 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- dcerpc_response1, dcerpc_response1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ dcerpc_response1, dcerpc_response1_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
/* request2 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- dcerpc_request2, dcerpc_request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ dcerpc_request2, dcerpc_request2_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
/* response2 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
- dcerpc_response2, dcerpc_response2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT,
+ dcerpc_response2, dcerpc_response2_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
/* request3 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
- dcerpc_request3, dcerpc_request3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER,
+ dcerpc_request3, dcerpc_request3_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
/* response3 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF,
- dcerpc_response3, dcerpc_response3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT | STREAM_EOF,
+ dcerpc_response3, dcerpc_response3_len);
if (r != 0) {
SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
+
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
#include "util-spm.h"
#include "util-print.h"
+#include "stream-tcp.h"
+
#include "app-layer.h"
#include "app-layer-dns-common.h"
#include "detect-dns-query.h"
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
p->flow = &f;
p->flags |= PKT_HAS_FLOW;
p->flowflags |= FLOW_PKT_TOSERVER;
- f.alproto = ALPROTO_DNS_UDP;
+ f.alproto = ALPROTO_DNS;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOSERVER, buf, sizeof(buf));
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf, sizeof(buf));
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.flags |= FLOW_IPV4;
f.proto = IPPROTO_UDP;
- f.alproto = ALPROTO_DNS_UDP;
+ f.alproto = ALPROTO_DNS;
p1->flow = &f;
p1->flags |= PKT_HAS_FLOW;
de_ctx->flags |= DE_QUIET;
s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any "
- "(msg:\"Test dns_query option\"; "
- "dns_query; content:\"google.com\"; nocase; sid:1;)");
+ "(msg:\"Test dns_query option\"; "
+ "dns_query; content:\"google.com\"; nocase; sid:1;)");
if (s == NULL) {
goto end;
}
s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any "
- "(msg:\"Test dns_query option\"; "
- "dns_query; content:\"google.net\"; nocase; sid:2;)");
+ "(msg:\"Test dns_query option\"; "
+ "dns_query; content:\"google.net\"; nocase; sid:2;)");
if (s == NULL) {
goto end;
}
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOSERVER, buf1, sizeof(buf1));
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf1, sizeof(buf1));
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOCLIENT, buf2, sizeof(buf2));
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOCLIENT, buf2, sizeof(buf2));
if (r != 0) {
printf("toserver client 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOSERVER, buf3, sizeof(buf3));
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf3, sizeof(buf3));
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
p->flow = &f;
p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST;
p->flowflags |= FLOW_PKT_TOSERVER|FLOW_PKT_ESTABLISHED;
- f.alproto = ALPROTO_DNS_TCP;
+ f.alproto = ALPROTO_DNS;
StreamTcpInitConfig(TRUE);
de_ctx->mpm_matcher = DEFAULT_MPM;
de_ctx->flags |= DE_QUIET;
- s = DetectEngineAppendSig(de_ctx, "alert dnstcp any any -> any any "
- "(msg:\"Test dns_query option\"; "
- "content:\"google\"; nocase; dns_query; sid:1;)");
+ s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any "
+ "(msg:\"Test dns_query option\"; "
+ "content:\"google\"; nocase; dns_query; sid:1;)");
if (s == NULL) {
goto end;
}
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_DNS_TCP, STREAM_TOSERVER, buf, sizeof(buf));
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf, sizeof(buf));
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
f.protoctx = (void *)&ssn;
f.flags |= FLOW_IPV4;
f.proto = IPPROTO_TCP;
- f.alproto = ALPROTO_DNS_TCP;
+ f.alproto = ALPROTO_DNS;
p1->flow = &f;
p1->flags |= PKT_HAS_FLOW|PKT_STREAM_EST;
de_ctx->mpm_matcher = DEFAULT_MPM;
de_ctx->flags |= DE_QUIET;
- s = DetectEngineAppendSig(de_ctx, "alert dnstcp any any -> any any "
- "(msg:\"Test dns_query option\"; "
- "dns_query; content:\"google\"; nocase; sid:1;)");
+ s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any "
+ "(msg:\"Test dns_query option\"; "
+ "dns_query; content:\"google\"; nocase; sid:1;)");
if (s == NULL) {
goto end;
}
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_DNS_TCP, STREAM_TOSERVER, buf1, sizeof(buf1));
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf1, sizeof(buf1));
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DNS_TCP, STREAM_TOSERVER, buf2, sizeof(buf2));
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf2, sizeof(buf2));
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
f.protoctx = (void *)&ssn;
f.flags |= FLOW_IPV4;
f.proto = IPPROTO_TCP;
- f.alproto = ALPROTO_DNS_TCP;
+ f.alproto = ALPROTO_DNS;
p1->flow = &f;
p1->flags |= PKT_HAS_FLOW|PKT_STREAM_EST;
de_ctx->mpm_matcher = DEFAULT_MPM;
de_ctx->flags |= DE_QUIET;
- s = DetectEngineAppendSig(de_ctx, "alert dnstcp any any -> any any "
- "(msg:\"Test dns_query option\"; "
- "dns_query; content:\"google.com\"; nocase; sid:1;)");
+ s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any "
+ "(msg:\"Test dns_query option\"; "
+ "dns_query; content:\"google.com\"; nocase; sid:1;)");
if (s == NULL) {
goto end;
}
- s = DetectEngineAppendSig(de_ctx, "alert dnstcp any any -> any any "
- "(msg:\"Test dns_query option\"; "
- "dns_query; content:\"google.net\"; nocase; sid:2;)");
+ s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any "
+ "(msg:\"Test dns_query option\"; "
+ "dns_query; content:\"google.net\"; nocase; sid:2;)");
if (s == NULL) {
goto end;
}
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_DNS_TCP, STREAM_TOSERVER, buf1, sizeof(buf1));
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf1, sizeof(buf1));
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DNS_TCP, STREAM_TOSERVER, buf2, sizeof(buf2));
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf2, sizeof(buf2));
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DNS_TCP, STREAM_TOCLIENT, buf3, sizeof(buf3));
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOCLIENT, buf3, sizeof(buf3));
if (r != 0) {
printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DNS_TCP, STREAM_TOSERVER, buf4, sizeof(buf4));
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf4, sizeof(buf4));
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
p->flow = &f;
p->flags |= PKT_HAS_FLOW;
p->flowflags |= FLOW_PKT_TOSERVER;
- f.alproto = ALPROTO_DNS_UDP;
+ f.alproto = ALPROTO_DNS;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
de_ctx->flags |= DE_QUIET;
s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any "
- "(msg:\"Test dns_query option\"; "
- "dns_query; content:\"google\"; nocase; "
- "pcre:\"/google\\.com$/i\"; sid:1;)");
+ "(msg:\"Test dns_query option\"; "
+ "dns_query; content:\"google\"; nocase; "
+ "pcre:\"/google\\.com$/i\"; sid:1;)");
if (s == NULL) {
goto end;
}
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOSERVER, buf, sizeof(buf));
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf, sizeof(buf));
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.flags |= FLOW_IPV4;
f.proto = IPPROTO_UDP;
- f.alproto = ALPROTO_DNS_UDP;
+ f.alproto = ALPROTO_DNS;
p1->flow = &f;
p1->flags |= PKT_HAS_FLOW;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOSERVER, buf1, sizeof(buf1));
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf1, sizeof(buf1));
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOCLIENT, buf2, sizeof(buf2));
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOCLIENT, buf2, sizeof(buf2));
if (r != -1) {
printf("toserver client 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DNS_UDP, STREAM_TOSERVER, buf3, sizeof(buf3));
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DNS, STREAM_TOSERVER, buf3, sizeof(buf3));
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
{
AppLayerDecoderEvents *decoder_events = NULL;
int r = 0;
- int direction = 0;
uint16_t alproto;
SigMatch *sm;
DetectAppLayerEventData *aled = NULL;
alproto = f->alproto;
- decoder_events = AppLayerGetEventsFromFlowByTx(f, tx_id);
+ decoder_events = AppLayerParserGetEventsByTx(f->proto, alproto, alstate, tx_id);
if (decoder_events == NULL)
goto end;
if (r == 1) {
return DETECT_ENGINE_INSPECT_SIG_MATCH;
} else {
- direction = (flags & STREAM_TOSERVER) ? 0 : 1;
- if (AppLayerGetAlstateProgress(alproto, tx, direction) ==
- AppLayerGetAlstateProgressCompletionStatus(alproto, direction))
+ if (AppLayerParserGetStateProgress(f->proto, alproto, tx, flags) ==
+ AppLayerParserGetStateProgressCompletionStatus(f->proto, alproto, flags))
{
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
} else {
#include "detect-bytetest.h"
#include "detect-bytejump.h"
#include "detect-byte-extract.h"
+#include "detect-content.h"
#include "detect-engine-content-inspection.h"
+#include "stream-tcp.h"
+
#include "app-layer.h"
#include "app-layer-dcerpc.h"
#include "flow-util.h"
"content:\"|79 26 46 f7 bf a1|\"; distance:0; sid:8;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCLogDebug("sending request 2");
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCLogDebug("sending request 3");
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request3, request3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request3, request3_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCLogDebug("sending request 4");
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request4, request4_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request4, request4_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request5, request5_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request5, request5_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request6, request6_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request6, request6_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request7, request7_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request7, request7_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request8, request8_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request8, request8_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request9, request9_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request9, request9_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"dce_stub_data; content:\"|2d 5e 63 2a 4c|\"; distance:0; sid:2;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"content:\"|2d 5e 63 2a 4c|\"; distance:0; sid:2;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"content:\"|2d 5e 63 2a 4c|\"; distance:0; sid:2;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"dce_stub_data; content:\"|2d 5e 63 2a 4c|\"; distance:0; sid:2;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"content:\"|2d 5e 63 2a 4c|\"; distance:0; sid:2;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"content:\"|2d 5e 63 35 25|\"; distance:0; sid:2;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"distance:0; within:2; sid:1;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"distance:0; within:2; sid:1;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"distance:-10; within:3; sid:1;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"distance:1; within:3; sid:1;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"distance:2; within:3; sid:1;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"(dce_stub_data; content:\"|00 18|\"; sid:3;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response1, response1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response1, response1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response2, response2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response2, response2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request3, request3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request3, request3_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response3, response3_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response3, response3_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"(dce_stub_data; content:\"|3f 00|\"; sid:2;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
/* request 1 */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
/* bind */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, bind, bind_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
/* bind_ack. A new transaction initiation */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, bind_ack, bind_ack_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
/* we should have a match for the sig once again for the same flow, since
* the detection engine state for the flow has been reset because of a
* fresh transaction */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request2, request2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
/* response */
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response2, response2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOCLIENT, response2, response2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"byte_test:2,=,46,5,relative,dce; sid:2;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
/* request 1 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"byte_test:2,=,11776,5,relative; sid:2;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
/* request 1 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"byte_test:2,=,46,5,relative,little; sid:2;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
/* request 1 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"byte_jump:2,2,relative,dce; byte_test:2,=,14080,0,relative; sid:2;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
/* request 1 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"byte_jump:2,2,relative; byte_test:2,=,14080,0,relative; sid:2;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
/* request 1 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"byte_jump:2,2,little,relative; byte_test:2,=,14080,0,relative; sid:2;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
/* request 1 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"content:\"string\"; within:8; sid:1;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
/* request 1 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"content:\"string\"; within:8; sid:1;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
/* request 1 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"content:\"string\"; within:8; sid:1;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
/* request 1 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"content:!\"and\"; distance:0; sid:1;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
/* request 1 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
"pcre:/super/R; content:\"nova\"; within:7; sid:1;)";
Signature *s;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
/* request 1 */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
#include "app-layer-parser.h"
+#include "stream-tcp.h"
+
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "app-layer.h"
if ((htp_state->cfg->request_body_limit == 0 ||
htud->request_body.content_len_so_far < htp_state->cfg->request_body_limit) &&
htud->request_body.content_len_so_far < htp_state->cfg->request_inspect_min_size &&
- !(AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_BODY) &&
+ !(AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_BODY) &&
!(flags & STREAM_EOF)) {
SCLogDebug("we still haven't seen the entire request body. "
"Let's defer body inspection till we see the "
end:
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_BODY)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_BODY)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
else
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"This is dummy body1";
uint32_t http1_len = sizeof(http1_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
strlen(request_buffer));
}
uint32_t http_buf_len = TOTAL_REQUESTS * strlen(request_buffer);
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_HTTP;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
"dummy";
uint32_t response_buf_len = strlen((char *)response_buf);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT,
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT,
response_buf, response_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
HtpConfigRestoreBackup();
ConfRestoreContextBackup();
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
HtpConfigRestoreBackup();
ConfRestoreContextBackup();
#include "util-print.h"
#include "flow.h"
+#include "stream-tcp.h"
+
#include "app-layer-parser.h"
#include "util-unittest.h"
end:
if (flags & STREAM_TOSERVER) {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_HEADERS)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_HEADERS)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
} else {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1) > HTP_RESPONSE_HEADERS)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOCLIENT) > HTP_RESPONSE_HEADERS)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
}
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
#include "util-memcmp.h"
#include "flow.h"
+#include "stream-tcp.h"
+
#include "app-layer-parser.h"
#include "util-unittest.h"
htp_table_t *headers;
if (flags & STREAM_TOSERVER) {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) <= HTP_REQUEST_HEADERS)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) <= HTP_REQUEST_HEADERS)
goto end;
headers = tx->request_headers;
} else {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1) <= HTP_RESPONSE_HEADERS)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOCLIENT) <= HTP_RESPONSE_HEADERS)
goto end;
headers = tx->response_headers;
}
end:
if (flags & STREAM_TOSERVER) {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_HEADERS)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_HEADERS)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
} else {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1) > HTP_RESPONSE_HEADERS)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOCLIENT) > HTP_RESPONSE_HEADERS)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
}
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_buf2_len = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1,
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1,
http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_buf2_len = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1,
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1,
http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_buf2_len = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1,
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1,
http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"SixZix: blah\r\n\r\n";
uint32_t http1_len = sizeof(http1_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n";
uint32_t http1_len = sizeof(http1_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
#include "util-print.h"
#include "flow.h"
+#include "stream-tcp.h"
+
#include "app-layer-parser.h"
#include "util-unittest.h"
return DETECT_ENGINE_INSPECT_SIG_MATCH;
end:
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_HEADERS)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_HEADERS)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
else
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
#include "util-print.h"
#include "flow.h"
+#include "stream-tcp.h"
+
#include "app-layer-parser.h"
#include "util-unittest.h"
{
htp_tx_t *tx = (htp_tx_t *)txv;
if (tx->request_method == NULL) {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_LINE)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_LINE)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
else
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
#include "util-print.h"
#include "flow.h"
+#include "stream-tcp.h"
+
#include "app-layer-parser.h"
#include "util-unittest.h"
SCReturnInt(cnt);
if (flags & STREAM_TOSERVER) {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, txv, 0) <= HTP_REQUEST_HEADERS)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, STREAM_TOSERVER) <= HTP_REQUEST_HEADERS)
SCReturnInt(cnt);
if (tx_ud->request_headers_raw != NULL) {
flags);
}
} else {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, txv, 1) <= HTP_RESPONSE_HEADERS)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, STREAM_TOCLIENT) <= HTP_RESPONSE_HEADERS)
SCReturnInt(cnt);
if (tx_ud->response_headers_raw != NULL) {
uint32_t headers_raw_len = 0;
if (flags & STREAM_TOSERVER) {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, txv, 0) <= HTP_REQUEST_HEADERS)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, STREAM_TOSERVER) <= HTP_REQUEST_HEADERS)
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
} else {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, txv, 1) <= HTP_RESPONSE_HEADERS)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, STREAM_TOCLIENT) <= HTP_RESPONSE_HEADERS)
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
}
end:
if (flags & STREAM_TOSERVER) {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, txv, 0) > HTP_REQUEST_HEADERS)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, STREAM_TOSERVER) > HTP_REQUEST_HEADERS)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
} else {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, txv, 1) > HTP_RESPONSE_HEADERS)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, STREAM_TOCLIENT) > HTP_RESPONSE_HEADERS)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
}
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_buf2_len = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1,
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1,
http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_buf2_len = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1,
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1,
http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n";
uint32_t http1_len = sizeof(http1_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
#include "util-print.h"
#include "flow.h"
+#include "stream-tcp.h"
+
#include "app-layer-parser.h"
#include "util-unittest.h"
return DETECT_ENGINE_INSPECT_SIG_MATCH;
end:
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_HEADERS)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_HEADERS)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
else
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
#include "util-print.h"
#include "flow.h"
+#include "stream-tcp.h"
+
#include "app-layer-parser.h"
#include "util-unittest.h"
{
htp_tx_t *tx = (htp_tx_t *)txv;
if (tx->request_uri == NULL) {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_LINE)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_LINE)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
else
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"This is dummy body1";
uint32_t http1_len = sizeof(http1_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
#include "util-print.h"
#include "flow.h"
+#include "stream-tcp.h"
+
#include "app-layer-parser.h"
#include "util-unittest.h"
htud->response_body.content_len_so_far,
htp_state->cfg->response_inspect_min_size,
flags & STREAM_EOF ? "true" : "false",
- (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1) > HTP_RESPONSE_BODY) ? "true" : "false");
+ (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOCLIENT) > HTP_RESPONSE_BODY) ? "true" : "false");
/* inspect the body if the transfer is complete or we have hit
* our body size limit */
if ((htp_state->cfg->response_body_limit == 0 ||
htud->response_body.content_len_so_far < htp_state->cfg->response_body_limit) &&
htud->response_body.content_len_so_far < htp_state->cfg->response_inspect_min_size &&
- !(AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1) > HTP_RESPONSE_BODY) &&
+ !(AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOCLIENT) > HTP_RESPONSE_BODY) &&
!(flags & STREAM_EOF)) {
SCLogDebug("we still haven't seen the entire response body. "
"Let's defer body inspection till we see the "
return DETECT_ENGINE_INSPECT_SIG_MATCH;
end:
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1) > HTP_RESPONSE_BODY)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOCLIENT) > HTP_RESPONSE_BODY)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
else
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
"message";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"xxxxABC";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint8_t http_buf3[] =
"8901234ABC";
uint32_t http_len3 = sizeof(http_buf3) - 1;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint8_t http_buf3[] =
"8901234ABC";
uint32_t http_len3 = sizeof(http_buf3) - 1;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
HTPFreeConfig();
HtpConfigRestoreBackup();
ConfRestoreContextBackup();
uint8_t http_buf3[] =
"8901234ABC";
uint32_t http_len3 = sizeof(http_buf3) - 1;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
HTPFreeConfig();
HtpConfigRestoreBackup();
ConfRestoreContextBackup();
};
uint32_t http_len2 = sizeof(http_buf2);
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
// 0xb2, 0x7d, 0xac, 0x9b, 0x19, 0x00, 0x00, 0x00,
uint32_t http_len2 = sizeof(http_buf2);
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
// 0xb2, 0x7d, 0xac, 0x9b, 0x19, 0x00, 0x00, 0x00,
uint32_t http_len2 = sizeof(http_buf2);
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
};
uint32_t http_len2 = sizeof(http_buf2);
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
};
uint32_t http_len2 = sizeof(http_buf2);
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"XYZ_klm_1234abcd_XYZ_klm_5678abcd";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
#include "util-print.h"
#include "flow.h"
+#include "stream-tcp.h"
+
#include "app-layer-parser.h"
#include "util-unittest.h"
{
htp_tx_t *tx = (htp_tx_t *)txv;
if (tx->response_status == NULL) {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_RESPONSE_LINE)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_RESPONSE_LINE)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
else
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
"message";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"xxxxABC";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n"
"12345678901234ABC";
uint32_t http_len3 = sizeof(http_buf3) - 1;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
#include "util-print.h"
#include "flow.h"
+#include "stream-tcp.h"
+
#include "app-layer-parser.h"
#include "util-unittest.h"
{
htp_tx_t *tx = (htp_tx_t *)txv;
if (tx->response_message == NULL) {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_RESPONSE_LINE)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_RESPONSE_LINE)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
else
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
"message";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"xxxxABC";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n"
"12345678901234ABC";
uint32_t http_len3 = sizeof(http_buf3) - 1;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"abcdef";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
#include "util-print.h"
#include "flow.h"
+#include "stream-tcp.h"
+
#include "app-layer-parser.h"
#include "util-unittest.h"
return DETECT_ENGINE_INSPECT_SIG_MATCH;
end:
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0) > HTP_REQUEST_HEADERS)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER) > HTP_REQUEST_HEADERS)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
else
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
#include "stream-tcp-private.h"
#include "stream-tcp-reassemble.h"
+#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-protos.h"
#include "app-layer-htp.h"
#include "util-unittest-helper.h"
#include "util-profiling.h"
+#include "flow-util.h"
+
/** convert enum to string */
#define CASE_CODE(E) case E: return #E
SCMutexLock(&f->de_state_m);
if (f->de_state == NULL || f->de_state->dir_state[flags & STREAM_TOSERVER ? 0 : 1].cnt == 0) {
- if (AppLayerAlprotoSupportsTxs(alproto)) {
+ if (AppLayerParserProtocolSupportsTxs(f->proto, alproto)) {
FLOWLOCK_RDLOCK(f);
- if (AppLayerTransactionGetInspectId(f, flags) >= AppLayerGetTxCnt(alproto, f->alstate))
+ if (AppLayerParserGetTransactionInspectId(f->alparser, flags) >= AppLayerParserGetTxCnt(f->proto, alproto, f->alstate))
r = 2;
else
r = 0;
if (alstate == NULL)
goto end;
- if (AppLayerAlprotoSupportsTxs(alproto)) {
+ if (AppLayerParserProtocolSupportsTxs(f->proto, alproto)) {
FLOWLOCK_WRLOCK(f);
if (alproto == ALPROTO_HTTP) {
goto end;
}
}
- tx_id = AppLayerTransactionGetInspectId(f, flags);
+ tx_id = AppLayerParserGetTransactionInspectId(f->alparser, flags);
SCLogDebug("tx_id %"PRIu64, tx_id);
- total_txs = AppLayerGetTxCnt(alproto, alstate);
+ total_txs = AppLayerParserGetTxCnt(f->proto, alproto, alstate);
SCLogDebug("total_txs %"PRIu64, total_txs);
for (; tx_id < total_txs; tx_id++) {
total_matches = 0;
- tx = AppLayerGetTx(alproto, alstate, tx_id);
+ tx = AppLayerParserGetTx(f->proto, alproto, alstate, tx_id);
if (tx == NULL)
continue;
- engine = app_inspection_engine[alproto][direction];
+ engine = app_inspection_engine[FlowGetProtoMapping(f->proto)][alproto][direction];
inspect_flags = 0;
while (engine != NULL) {
if (s->sm_lists[engine->sm_list] != NULL) {
}
if (tx_id == (total_txs - 1)) {
- void *tx = AppLayerGetTx(alproto, alstate, tx_id);
+ void *tx = AppLayerParserGetTx(f->proto, alproto, alstate, tx_id);
if (tx == NULL)
continue;
- if (AppLayerGetAlstateProgress(alproto, tx, direction) <
- AppLayerGetAlstateProgressCompletionStatus(alproto, direction)) {
+ if (AppLayerParserGetStateProgress(f->proto, alproto, tx, flags) <
+ AppLayerParserGetStateProgressCompletionStatus(f->proto, alproto, flags)) {
store_de_state = 1;
if (engine == NULL || inspect_flags & DE_STATE_FLAG_SIG_CANT_MATCH)
inspect_flags |= DE_STATE_FLAG_FULL_INSPECT;
* keywords with transaction keywords. Without this we would
* assume that we have an alert if engine == NULL */
uint8_t total_matches = 0;
- uint8_t direction = (flags & STREAM_TOSERVER) ? 0 : 1;
DeStateResetFileInspection(f, alproto, alstate, flags);
- if (AppLayerAlprotoSupportsTxs(alproto)) {
+ if (AppLayerParserProtocolSupportsTxs(f->proto, alproto)) {
FLOWLOCK_RDLOCK(f);
- inspect_tx_id = AppLayerTransactionGetInspectId(f, flags);
- total_txs = AppLayerGetTxCnt(alproto, alstate);
- inspect_tx = AppLayerGetTx(alproto, alstate, inspect_tx_id);
+ inspect_tx_id = AppLayerParserGetTransactionInspectId(f->alparser, flags);
+ total_txs = AppLayerParserGetTxCnt(f->proto, alproto, alstate);
+ inspect_tx = AppLayerParserGetTx(f->proto, alproto, alstate, inspect_tx_id);
if (inspect_tx == NULL) {
FLOWLOCK_UNLOCK(f);
SCMutexUnlock(&f->de_state_m);
return;
}
- if (AppLayerGetAlstateProgress(alproto, inspect_tx, direction) >=
- AppLayerGetAlstateProgressCompletionStatus(alproto, direction)) {
+ if (AppLayerParserGetStateProgress(f->proto, alproto, inspect_tx, flags) >=
+ AppLayerParserGetStateProgressCompletionStatus(f->proto, alproto, flags)) {
reset_de_state = 1;
}
FLOWLOCK_UNLOCK(f);
}
}
- engine = app_inspection_engine[alproto][(flags & STREAM_TOSERVER) ? 0 : 1];
- inspect_tx = AppLayerGetTx(alproto, alstate, inspect_tx_id);
+ engine = app_inspection_engine[FlowGetProtoMapping(f->proto)][alproto][(flags & STREAM_TOSERVER) ? 0 : 1];
+ inspect_tx = AppLayerParserGetTx(f->proto, alproto, alstate, inspect_tx_id);
if (inspect_tx == NULL) {
FLOWLOCK_UNLOCK(f);
RULE_PROFILING_END(det_ctx, s, match);
void DeStateUpdateInspectTransactionId(Flow *f, uint8_t direction)
{
- AppLayerTransactionUpdateInspectId(f, direction);
+ FLOWLOCK_WRLOCK(f);
+ AppLayerParserSetTransactionInspectId(f->alparser, f->proto, f->alproto, f->alstate, direction);
+ FLOWLOCK_UNLOCK(f);
return;
}
uint32_t httplen3 = sizeof(httpbuf3) - 1; /* minus the \0 */
uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (http_state != NULL) {
HTPStateFree(http_state);
}
uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */
uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */
uint32_t httplen7 = sizeof(httpbuf7) - 1; /* minus the \0 */
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
if (r != 0) {
printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
if (r != 0) {
printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
SCLogDebug("sending data chunk 7");
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7);
if (r != 0) {
printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
Flow *f = NULL;
Packet *p = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
f->alproto = ALPROTO_HTTP;
p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
StreamTcpInitConfig(TRUE);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f->m);
- FileContainer *files = AppLayerGetFilesFromFlow(p->flow, STREAM_TOSERVER);
+ FileContainer *files = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto,
+ p->flow->alstate, STREAM_TOSERVER);
if (files == NULL) {
printf("no stored files: ");
SCMutexUnlock(&f->m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
UTHFreeFlow(f);
if (det_ctx != NULL) {
Flow *f = NULL;
Packet *p = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
f->alproto = ALPROTO_HTTP;
p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
StreamTcpInitConfig(TRUE);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f->m);
- FileContainer *files = AppLayerGetFilesFromFlow(p->flow, STREAM_TOSERVER);
+ FileContainer *files = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto,
+ p->flow->alstate, STREAM_TOSERVER);
if (files == NULL) {
printf("no stored files: ");
SCMutexUnlock(&f->m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
UTHFreeFlow(f);
if (det_ctx != NULL) {
Flow *f = NULL;
Packet *p = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
f->alproto = ALPROTO_HTTP;
p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
StreamTcpInitConfig(TRUE);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f->m);
- FileContainer *files = AppLayerGetFilesFromFlow(p->flow, STREAM_TOSERVER);
+ FileContainer *files = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto,
+ p->flow->alstate, STREAM_TOSERVER);
if (files == NULL) {
printf("no stored files: ");
SCMutexUnlock(&f->m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
UTHFreeFlow(f);
if (det_ctx != NULL) {
Flow *f = NULL;
Packet *p = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
f->alproto = ALPROTO_HTTP;
p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
StreamTcpInitConfig(TRUE);
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f->m);
- FileContainer *files = AppLayerGetFilesFromFlow(p->flow, STREAM_TOSERVER);
+ FileContainer *files = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto,
+ p->flow->alstate, STREAM_TOSERVER);
if (files == NULL) {
printf("no stored files: ");
SCMutexUnlock(&f->m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
UTHFreeFlow(f);
if (det_ctx != NULL) {
Flow *f = NULL;
Packet *p = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&ssn, 0, sizeof(ssn));
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
f->alproto = ALPROTO_HTTP;
p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
SCLogDebug("\n>>>> processing chunk 1 <<<<\n");
SCMutexLock(&f->m);
- int r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCLogDebug("\n>>>> processing chunk 2 size %u <<<<\n", httplen2);
SCMutexLock(&f->m);
- r = AppLayerParse(NULL, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_EOF, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f->m);
- FileContainer *files = AppLayerGetFilesFromFlow(p->flow, STREAM_TOSERVER);
+ FileContainer *files = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto,
+ p->flow->alstate, STREAM_TOSERVER);
if (files == NULL) {
printf("no stored files: ");
SCMutexUnlock(&f->m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
UTHFreeFlow(f);
if (det_ctx != NULL) {
#include "util-print.h"
#include "flow.h"
+#include "stream-tcp.h"
+
#include "app-layer-parser.h"
#include "util-unittest.h"
HtpTxUserData *tx_ud = htp_tx_get_user_data(txv);
if (tx_ud == NULL || tx_ud->request_uri_normalized == NULL) {
- if (AppLayerGetAlstateProgress(ALPROTO_HTTP, txv, 0) > HTP_REQUEST_LINE)
+ if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, STREAM_TOSERVER) > HTP_REQUEST_LINE)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
else
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
DetectEngineStateReset(f.de_state, STREAM_TOSERVER | STREAM_TOCLIENT);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->payload_len = http_buf2_len;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
#include "debug.h"
#include "detect.h"
#include "flow.h"
+#include "flow-private.h"
+#include "flow-util.h"
#include "conf.h"
#include "conf-yaml-loader.h"
static uint8_t DetectEngineCtxLoadConf(DetectEngineCtx *);
/* 2 - for each direction */
-DetectEngineAppInspectionEngine *app_inspection_engine[ALPROTO_MAX][2];
+DetectEngineAppInspectionEngine *app_inspection_engine[FLOW_PROTO_DEFAULT][ALPROTO_MAX][2];
#if 0
-static void DetectEnginePrintAppInspectionEngines(DetectEngineAppInspectionEngine *list[][2])
+static void DetectEnginePrintAppInspectionEngines(DetectEngineAppInspectionEngine *list[][ALPROTO_MAX][2])
{
printf("\n");
void DetectEngineRegisterAppInspectionEngines(void)
{
struct tmp_t {
+ uint16_t ipproto;
uint16_t alproto;
int32_t sm_list;
uint32_t inspect_flags;
};
struct tmp_t data_toserver[] = {
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_UMATCH,
DE_STATE_FLAG_URI_INSPECT,
DE_STATE_FLAG_URI_INSPECT,
0,
DetectEngineInspectPacketUris },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_HCBDMATCH,
DE_STATE_FLAG_HCBD_INSPECT,
DE_STATE_FLAG_HCBD_INSPECT,
0,
DetectEngineInspectHttpClientBody },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_HHDMATCH,
DE_STATE_FLAG_HHD_INSPECT,
DE_STATE_FLAG_HHD_INSPECT,
0,
DetectEngineInspectHttpHeader },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_HRHDMATCH,
DE_STATE_FLAG_HRHD_INSPECT,
DE_STATE_FLAG_HRHD_INSPECT,
0,
DetectEngineInspectHttpRawHeader },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_HMDMATCH,
DE_STATE_FLAG_HMD_INSPECT,
DE_STATE_FLAG_HMD_INSPECT,
0,
DetectEngineInspectHttpMethod },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_HCDMATCH,
DE_STATE_FLAG_HCD_INSPECT,
DE_STATE_FLAG_HCD_INSPECT,
0,
DetectEngineInspectHttpCookie },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_HRUDMATCH,
DE_STATE_FLAG_HRUD_INSPECT,
DE_STATE_FLAG_HRUD_INSPECT,
0,
DetectEngineInspectHttpRawUri },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_FILEMATCH,
DE_STATE_FLAG_FILE_TS_INSPECT,
DE_STATE_FLAG_FILE_TS_INSPECT,
0,
DetectFileInspectHttp },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_HUADMATCH,
DE_STATE_FLAG_HUAD_INSPECT,
DE_STATE_FLAG_HUAD_INSPECT,
0,
DetectEngineInspectHttpUA },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_HHHDMATCH,
DE_STATE_FLAG_HHHD_INSPECT,
DE_STATE_FLAG_HHHD_INSPECT,
0,
DetectEngineInspectHttpHH },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_HRHHDMATCH,
DE_STATE_FLAG_HRHHD_INSPECT,
DE_STATE_FLAG_HRHHD_INSPECT,
0,
DetectEngineInspectHttpHRH },
/* DNS */
- { ALPROTO_DNS,
+ { IPPROTO_TCP,
+ ALPROTO_DNS,
DETECT_SM_LIST_DNSQUERY_MATCH,
DE_STATE_FLAG_DNSQUERY_INSPECT,
DE_STATE_FLAG_DNSQUERY_INSPECT,
/* specifically for UDP, register again
* allows us to use the alproto w/o translation
* in the detection engine */
- { ALPROTO_DNS_UDP,
- DETECT_SM_LIST_DNSQUERY_MATCH,
- DE_STATE_FLAG_DNSQUERY_INSPECT,
- DE_STATE_FLAG_DNSQUERY_INSPECT,
- 0,
- DetectEngineInspectDnsQueryName },
- /* dito for TCP */
- { ALPROTO_DNS_TCP,
+ { IPPROTO_UDP,
+ ALPROTO_DNS,
DETECT_SM_LIST_DNSQUERY_MATCH,
DE_STATE_FLAG_DNSQUERY_INSPECT,
DE_STATE_FLAG_DNSQUERY_INSPECT,
};
struct tmp_t data_toclient[] = {
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_HSBDMATCH,
DE_STATE_FLAG_HSBD_INSPECT,
DE_STATE_FLAG_HSBD_INSPECT,
1,
DetectEngineInspectHttpServerBody },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_HHDMATCH,
DE_STATE_FLAG_HHD_INSPECT,
DE_STATE_FLAG_HHD_INSPECT,
1,
DetectEngineInspectHttpHeader },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_HRHDMATCH,
DE_STATE_FLAG_HRHD_INSPECT,
DE_STATE_FLAG_HRHD_INSPECT,
1,
DetectEngineInspectHttpRawHeader },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_HCDMATCH,
DE_STATE_FLAG_HCD_INSPECT,
DE_STATE_FLAG_HCD_INSPECT,
1,
DetectEngineInspectHttpCookie },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_FILEMATCH,
DE_STATE_FLAG_FILE_TC_INSPECT,
DE_STATE_FLAG_FILE_TC_INSPECT,
1,
DetectFileInspectHttp },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_HSMDMATCH,
DE_STATE_FLAG_HSMD_INSPECT,
DE_STATE_FLAG_HSMD_INSPECT,
1,
DetectEngineInspectHttpStatMsg },
- { ALPROTO_HTTP,
+ { IPPROTO_TCP,
+ ALPROTO_HTTP,
DETECT_SM_LIST_HSCDMATCH,
DE_STATE_FLAG_HSCD_INSPECT,
DE_STATE_FLAG_HSCD_INSPECT,
size_t i;
for (i = 0 ; i < sizeof(data_toserver) / sizeof(struct tmp_t); i++) {
- DetectEngineRegisterAppInspectionEngine(data_toserver[i].alproto,
+ DetectEngineRegisterAppInspectionEngine(data_toserver[i].ipproto,
+ data_toserver[i].alproto,
data_toserver[i].dir,
data_toserver[i].sm_list,
data_toserver[i].inspect_flags,
}
for (i = 0 ; i < sizeof(data_toclient) / sizeof(struct tmp_t); i++) {
- DetectEngineRegisterAppInspectionEngine(data_toclient[i].alproto,
+ DetectEngineRegisterAppInspectionEngine(data_toclient[i].ipproto,
+ data_toclient[i].alproto,
data_toclient[i].dir,
data_toclient[i].sm_list,
data_toclient[i].inspect_flags,
}
static void AppendAppInspectionEngine(DetectEngineAppInspectionEngine *engine,
- DetectEngineAppInspectionEngine *list[][2])
+ DetectEngineAppInspectionEngine *list[][ALPROTO_MAX][2])
{
/* append to the list */
- DetectEngineAppInspectionEngine *tmp = list[engine->alproto][engine->dir];
+ DetectEngineAppInspectionEngine *tmp = list[FlowGetProtoMapping(engine->ipproto)][engine->alproto][engine->dir];
DetectEngineAppInspectionEngine *insert = NULL;
while (tmp != NULL) {
if (tmp->dir == engine->dir &&
tmp = tmp->next;
}
if (insert == NULL)
- list[engine->alproto][engine->dir] = engine;
+ list[FlowGetProtoMapping(engine->ipproto)][engine->alproto][engine->dir] = engine;
else
insert->next = engine;
return;
}
-void DetectEngineRegisterAppInspectionEngine(uint16_t alproto,
+void DetectEngineRegisterAppInspectionEngine(uint16_t ipproto,
+ uint16_t alproto,
uint16_t dir,
int32_t sm_list,
uint32_t inspect_flags,
Signature *sig, Flow *f,
uint8_t flags, void *alstate,
void *tx, uint64_t tx_id),
- DetectEngineAppInspectionEngine *list[][2])
+ DetectEngineAppInspectionEngine *list[][ALPROTO_MAX][2])
{
if ((list == NULL) ||
(alproto <= ALPROTO_UNKNOWN || alproto >= ALPROTO_FAILED) ||
(dir > 1) ||
(sm_list < DETECT_SM_LIST_MATCH || sm_list >= DETECT_SM_LIST_MAX) ||
- (Callback == NULL)) {
+ (Callback == NULL))
+ {
SCLogError(SC_ERR_INVALID_ARGUMENTS, "Invalid arguments");
exit(EXIT_FAILURE);
}
- DetectEngineAppInspectionEngine *tmp = list[alproto][dir];
+ DetectEngineAppInspectionEngine *tmp = list[FlowGetProtoMapping(ipproto)][alproto][dir];
while (tmp != NULL) {
if (tmp->sm_list == sm_list && tmp->Callback == Callback) {
return;
exit(EXIT_FAILURE);
}
memset(new_engine, 0, sizeof(*new_engine));
+ new_engine->ipproto = ipproto;
new_engine->alproto = alproto;
new_engine->dir = dir;
new_engine->sm_list = sm_list;
PatternMatchThreadPrepare(&det_ctx->mtcs, de_ctx->mpm_matcher, DetectContentMaxId(de_ctx));
PatternMatchThreadPrepare(&det_ctx->mtcu, de_ctx->mpm_matcher, DetectUricontentMaxId(de_ctx));
- PmqSetup(&det_ctx->pmq, 0, de_ctx->max_fp_id);
+ PmqSetup(&det_ctx->pmq, de_ctx->max_fp_id);
for (i = 0; i < DETECT_SMSG_PMQ_NUM; i++) {
- PmqSetup(&det_ctx->smsg_pmq[i], 0, de_ctx->max_fp_id);
+ PmqSetup(&det_ctx->smsg_pmq[i], de_ctx->max_fp_id);
}
/* IP-ONLY */
int DetectEngineTest05(void)
{
int result = 0;
+ int ip = 0;
- DetectEngineAppInspectionEngine *engine_list[ALPROTO_MAX][2];
+ DetectEngineAppInspectionEngine *engine_list[FLOW_PROTO_DEFAULT][ALPROTO_MAX][2];
memset(engine_list, 0, sizeof(engine_list));
- DetectEngineRegisterAppInspectionEngine(ALPROTO_HTTP,
+ DetectEngineRegisterAppInspectionEngine(IPPROTO_TCP,
+ ALPROTO_HTTP,
0 /* STREAM_TOSERVER */,
DETECT_SM_LIST_UMATCH,
DE_STATE_FLAG_URI_INSPECT,
engine_list);
int alproto = ALPROTO_UNKNOWN + 1;
+ for (ip = 0; ip < FLOW_PROTO_DEFAULT; ip++) {
for ( ; alproto < ALPROTO_FAILED; alproto++) {
int dir = 0;
for ( ; dir < 2; dir++) {
if (alproto == ALPROTO_HTTP && dir == 0) {
- if (engine_list[alproto][dir]->next != NULL) {
+ if (engine_list[ip][alproto][dir]->next != NULL) {
printf("more than one entry found\n");
goto end;
}
- DetectEngineAppInspectionEngine *engine = engine_list[alproto][dir];
+ DetectEngineAppInspectionEngine *engine = engine_list[ip][alproto][dir];
if (engine->alproto != alproto ||
engine->dir != dir ||
} /* if (alproto == ALPROTO_HTTP && dir == 0) */
if (alproto == ALPROTO_HTTP && dir == 1) {
- if (engine_list[alproto][dir] != NULL) {
+ if (engine_list[ip][alproto][dir] != NULL) {
printf("failed for http and dir(1-toclient)\n");
goto end;
}
}
if (alproto != ALPROTO_HTTP &&
- engine_list[alproto][0] != NULL &&
- engine_list[alproto][1] != NULL) {
+ engine_list[ip][alproto][0] != NULL &&
+ engine_list[ip][alproto][1] != NULL) {
printf("failed for protocol %d\n", alproto);
goto end;
}
} /* for ( ; dir < 2 ..)*/
} /* for ( ; alproto < ALPROTO_FAILED; ..) */
+ }
result = 1;
end:
int DetectEngineTest06(void)
{
int result = 0;
+ int ip = 0;
- DetectEngineAppInspectionEngine *engine_list[ALPROTO_MAX][2];
+ DetectEngineAppInspectionEngine *engine_list[FLOW_PROTO_DEFAULT][ALPROTO_MAX][2];
memset(engine_list, 0, sizeof(engine_list));
- DetectEngineRegisterAppInspectionEngine(ALPROTO_HTTP,
+ DetectEngineRegisterAppInspectionEngine(IPPROTO_TCP,
+ ALPROTO_HTTP,
0 /* STREAM_TOSERVER */,
DETECT_SM_LIST_UMATCH,
DE_STATE_FLAG_URI_INSPECT,
DE_STATE_FLAG_URI_INSPECT,
DummyTestAppInspectionEngine01,
engine_list);
- DetectEngineRegisterAppInspectionEngine(ALPROTO_HTTP,
+ DetectEngineRegisterAppInspectionEngine(IPPROTO_TCP,
+ ALPROTO_HTTP,
1 /* STREAM_TOCLIENT */,
DETECT_SM_LIST_UMATCH,
DE_STATE_FLAG_URI_INSPECT,
engine_list);
int alproto = ALPROTO_UNKNOWN + 1;
+ for (ip = 0; ip < FLOW_PROTO_DEFAULT; ip++) {
for ( ; alproto < ALPROTO_FAILED; alproto++) {
int dir = 0;
for ( ; dir < 2; dir++) {
if (alproto == ALPROTO_HTTP && dir == 0) {
- if (engine_list[alproto][dir]->next != NULL) {
+ if (engine_list[ip][alproto][dir]->next != NULL) {
printf("more than one entry found\n");
goto end;
}
- DetectEngineAppInspectionEngine *engine = engine_list[alproto][dir];
+ DetectEngineAppInspectionEngine *engine = engine_list[ip][alproto][dir];
if (engine->alproto != alproto ||
engine->dir != dir ||
} /* if (alproto == ALPROTO_HTTP && dir == 0) */
if (alproto == ALPROTO_HTTP && dir == 1) {
- if (engine_list[alproto][dir]->next != NULL) {
+ if (engine_list[ip][alproto][dir]->next != NULL) {
printf("more than one entry found\n");
goto end;
}
- DetectEngineAppInspectionEngine *engine = engine_list[alproto][dir];
+ DetectEngineAppInspectionEngine *engine = engine_list[ip][alproto][dir];
if (engine->alproto != alproto ||
engine->dir != dir ||
} /* if (alproto == ALPROTO_HTTP && dir == 1) */
if (alproto != ALPROTO_HTTP &&
- engine_list[alproto][0] != NULL &&
- engine_list[alproto][1] != NULL) {
+ engine_list[ip][alproto][0] != NULL &&
+ engine_list[ip][alproto][1] != NULL) {
printf("failed for protocol %d\n", alproto);
goto end;
}
} /* for ( ; dir < 2 ..)*/
} /* for ( ; alproto < ALPROTO_FAILED; ..) */
+ }
result = 1;
end:
int DetectEngineTest07(void)
{
int result = 0;
+ int ip = 0;
- DetectEngineAppInspectionEngine *engine_list[ALPROTO_MAX][2];
+ DetectEngineAppInspectionEngine *engine_list[FLOW_PROTO_DEFAULT][ALPROTO_MAX][2];
memset(engine_list, 0, sizeof(engine_list));
struct test_data_t {
size_t i = 0;
for ( ; i < sizeof(data) / sizeof(struct test_data_t); i++) {
- DetectEngineRegisterAppInspectionEngine(ALPROTO_HTTP,
+ DetectEngineRegisterAppInspectionEngine(IPPROTO_TCP,
+ ALPROTO_HTTP,
data[i].dir /* STREAM_TOCLIENT */,
data[i].sm_list,
data[i].inspect_flags,
#endif
int alproto = ALPROTO_UNKNOWN + 1;
+ for (ip = 0; ip < FLOW_PROTO_DEFAULT; ip++) {
for ( ; alproto < ALPROTO_FAILED; alproto++) {
int dir = 0;
for ( ; dir < 2; dir++) {
if (alproto == ALPROTO_HTTP) {
- DetectEngineAppInspectionEngine *engine = engine_list[alproto][dir];
+ DetectEngineAppInspectionEngine *engine = engine_list[ip][alproto][dir];
size_t i = 0;
for ( ; i < (sizeof(data) / sizeof(struct test_data_t)); i++) {
engine = engine->next;
}
} else {
- if (engine_list[alproto][0] != NULL &&
- engine_list[alproto][1] != NULL) {
+ if (engine_list[ip][alproto][0] != NULL &&
+ engine_list[ip][alproto][1] != NULL) {
printf("failed for protocol %d\n", alproto);
goto end;
}
} /* else */
} /* for ( ; dir < 2; dir++) */
} /* for ( ; alproto < ALPROTO_FAILED; ..) */
+ }
result = 1;
end:
#include "detect.h"
#include "tm-threads.h"
+#include "flow-private.h"
typedef struct DetectEngineAppInspectionEngine_ {
+ uint16_t ipproto;
uint16_t alproto;
uint16_t dir;
struct DetectEngineAppInspectionEngine_ *next;
} DetectEngineAppInspectionEngine;
-extern DetectEngineAppInspectionEngine *app_inspection_engine[ALPROTO_MAX][2];
+extern DetectEngineAppInspectionEngine *app_inspection_engine[FLOW_PROTO_DEFAULT][ALPROTO_MAX][2];
/* prototypes */
void DetectEngineRegisterAppInspectionEngines(void);
* the inpsect_flags.
* \param Callback The engine callback.
*/
-void DetectEngineRegisterAppInspectionEngine(uint16_t alproto,
+void DetectEngineRegisterAppInspectionEngine(uint16_t ipproto,
+ uint16_t alproto,
uint16_t direction,
int32_t sm_list,
uint32_t inspect_flags,
Signature *sig, Flow *f,
uint8_t flags, void *alstate,
void *tx, uint64_t tx_id),
- DetectEngineAppInspectionEngine *list[][2]);
+ DetectEngineAppInspectionEngine *list[][ALPROTO_MAX][2]);
#endif /* __DETECT_ENGINE_H__ */
#include "util-unittest-helper.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "stream-tcp.h"
FLOWLOCK_WRLOCK(p->flow);
- FileContainer *ffc = AppLayerGetFilesFromFlow(p->flow, flags);
+ FileContainer *ffc = AppLayerParserGetFiles(p->flow->proto, p->flow->alproto,
+ p->flow->alstate, flags);
/* filestore for single files only */
if (s->filestore_sm->ctx == NULL) {
#include "flow-var.h"
#include "decode-events.h"
+#include "app-layer.h"
#include "app-layer-detect-proto.h"
#include "detect-fragbits.h"
memset(p, 0, SIZE_OF_PACKET);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&ipv4h, 0, sizeof(IPV4Hdr));
- AlpProtoFinalize2Thread(&dtv.udp_dp_ctx);
+ dtv.app_tctx = AppLayerGetCtxThread();
p->ip4h = &ipv4h;
memset(p, 0, SIZE_OF_PACKET);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&ipv4h, 0, sizeof(IPV4Hdr));
- AlpProtoFinalize2Thread(&dtv.udp_dp_ctx);
+ dtv.app_tctx = AppLayerGetCtxThread();
p->ip4h = &ipv4h;
#include "detect-content.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "app-layer-ftp.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.src.address.address_un_data32[0]=0x01020304;
f.protoctx =(void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v,(void *)de_ctx,(void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER, ftpbuf1, ftplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER, ftpbuf1, ftplen1);
if (r != 0) {
SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf2, ftplen2);
+ r = AppLayerParserParse(alp_tctx, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf2, ftplen2);
if (r != 0) {
SCLogDebug("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf3, ftplen3);
+ r = AppLayerParserParse(alp_tctx, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf3, ftplen3);
if (r != 0) {
SCLogDebug("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf4, ftplen4);
+ r = AppLayerParserParse(alp_tctx, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf4, ftplen4);
if (r != 0) {
SCLogDebug("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(p, 0, SIZE_OF_PACKET);
FLOW_INITIALIZE(&f);
f.src.address.address_un_data32[0]=0x04030201;
f.protoctx =(void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v,(void *)de_ctx,(void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_FTP, STREAM_TOSERVER, ftpbuf1, ftplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_FTP, STREAM_TOSERVER, ftpbuf1, ftplen1);
if (r != 0) {
SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf2, ftplen2);
+ r = AppLayerParserParse(alp_tctx, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf2, ftplen2);
if (r != 0) {
SCLogDebug("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf3, ftplen3);
+ r = AppLayerParserParse(alp_tctx, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf3, ftplen3);
if (r != 0) {
SCLogDebug("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf4, ftplen4);
+ r = AppLayerParserParse(alp_tctx, &f,ALPROTO_FTP, STREAM_TOSERVER, ftpbuf4, ftplen4);
if (r != 0) {
SCLogDebug("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
#include "util-spm.h"
#include "app-layer.h"
-
+#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "detect-http-client-body.h"
#include "stream-tcp.h"
"This is dummy message body";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
-
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
-
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"This is dummy message body";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"This is dummy message body";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
-
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */
uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */
uint32_t httplen7 = sizeof(httpbuf7) - 1; /* minus the \0 */
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
if (r != 0) {
printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
if (r != 0) {
printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
SCLogDebug("sending data chunk 7");
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7);
if (r != 0) {
printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) {
+ if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) {
printf("The http app layer doesn't have 2 transactions, but it should: ");
goto end;
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */
uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */
uint32_t httplen7 = sizeof(httpbuf7) - 1; /* minus the \0 */
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
if (r != 0) {
printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
if (r != 0) {
printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
SCLogDebug("sending data chunk 7");
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7);
if (r != 0) {
printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
/* hardcoded check of the transactions and it's client body chunks */
- if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) {
+ if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) {
printf("The http app layer doesn't have 2 transactions, but it should: ");
goto end;
}
- htp_tx_t *t1 = AppLayerGetTx(ALPROTO_HTTP, htp_state, 0);
- htp_tx_t *t2 = AppLayerGetTx(ALPROTO_HTTP, htp_state, 1);
+ htp_tx_t *t1 = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 0);
+ htp_tx_t *t2 = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 1);
HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(t1);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
#include "util-print.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "detect-http-cookie.h"
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_HTTP;
/* request */
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER,
- httpbuf_request, httpbuf_request_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER,
+ httpbuf_request, httpbuf_request_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
/* response */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT,
- httpbuf_response, httpbuf_response_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT,
+ httpbuf_response, httpbuf_response_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_HTTP;
/* request */
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER,
- httpbuf_request, httpbuf_request_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER,
+ httpbuf_request, httpbuf_request_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
/* response */
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT,
- httpbuf_response, httpbuf_response_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT,
+ httpbuf_response, httpbuf_response_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
#include "util-print.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "detect-http-header.h"
"This is dummy message body\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
-
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
p1->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
p1->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
p1->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
p1->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"This is dummy message body\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"This is dummy message body\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
#include "util-spm.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "stream-tcp.h"
"\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
-
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
-
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
-
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */
uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */
uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
if (r != 0) {
printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
SCLogDebug("sending data chunk 7");
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
if (r != 0) {
printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) {
+ if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) {
printf("The http app layer doesn't have 2 transactions, but it should: ");
goto end;
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
#include "util-spm.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "stream-tcp.h"
"\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
-
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
-
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
-
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */
uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */
uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
if (r != 0) {
printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
SCLogDebug("sending data chunk 7");
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
if (r != 0) {
printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) {
+ if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) {
printf("The http app layer doesn't have 2 transactions, but it should: ");
goto end;
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
#include "util-spm.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "detect-http-method.h"
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
-
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
-
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, (void *) det_ctx);
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
-
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
-
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
#include "util-print.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "detect-http-raw-header.h"
"This is dummy message body\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
-
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
p1->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
p1->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
p1->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
p1->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"This is dummy message body\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"This is dummy message body\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
#include "util-spm.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "detect-http-server-body.h"
"message";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"message";
uint32_t http_len3 = sizeof(http_buf3) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"sage4u!!";
uint32_t http_len3 = sizeof(http_buf3) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"e4u!!";
uint32_t http_len4 = sizeof(http_buf4) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"e4u!!";
uint32_t http_len4 = sizeof(http_buf4) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"bigmessage4u!!";
uint32_t http_len3 = sizeof(http_buf3) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"bigmessage4u!!";
uint32_t http_len3 = sizeof(http_buf3) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n"
"two";
uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
SCLogDebug("add chunk 1");
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
SCLogDebug("add chunk 2");
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
SCLogDebug("add chunk 3");
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
SCLogDebug("add chunk 4");
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) {
+ if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) {
printf("The http app layer doesn't have 2 transactions, but it should: ");
goto end;
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
"\r\n"
"two";
uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) {
+ if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) {
printf("The http app layer doesn't have 2 transactions, but it should: ");
goto end;
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
"message";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"message";
uint32_t http_len3 = sizeof(http_buf3) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"sage4u!!";
uint32_t http_len3 = sizeof(http_buf3) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"e4u!!";
uint32_t http_len4 = sizeof(http_buf4) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"e4u!!";
uint32_t http_len4 = sizeof(http_buf4) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf4, http_len4);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"bigmessage4u!!";
uint32_t http_len3 = sizeof(http_buf3) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"bigmessage4u!!";
uint32_t http_len3 = sizeof(http_buf3) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, http_buf1, http_len1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, http_buf3, http_len3);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend";
uint32_t http_len2 = sizeof(http_buf2) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|STREAM_EOF, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_START|STREAM_EOF, http_buf2, http_len2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n"
"two";
uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) {
+ if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) {
printf("The http app layer doesn't have 2 transactions, but it should: ");
goto end;
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
"\r\n"
"two";
uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT|STREAM_EOF, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) {
+ if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) {
printf("The http app layer doesn't have 2 transactions, but it should: ");
goto end;
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
#include "util-print.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "detect-http-stat-code.h"
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
if (r != 0) {
printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
if (r != 0) {
printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
if (r != 0) {
printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
if (r != 0) {
printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
#include "util-print.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "detect-http-stat-msg.h"
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
if (r != 0) {
printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
if (r != 0) {
printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOCLIENT, httpbuf2, httplen2);
if (r != 0) {
printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
#include "util-spm.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "stream-tcp.h"
"\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
-
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
-
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t http1_len = sizeof(http1_buf) - 1;
uint32_t http2_len = sizeof(http2_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http1_buf, http1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http2_buf, http2_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: \n", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
"\r\n";
uint32_t http_len = sizeof(http_buf) - 1;
int result = 0;
-
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
uint32_t httplen4 = sizeof(httpbuf4) - 1; /* minus the \0 */
uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */
uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
if (r != 0) {
printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
SCLogDebug("sending data chunk 7");
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
if (r != 0) {
printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) {
+ if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) {
printf("The http app layer doesn't have 2 transactions, but it should: ");
goto end;
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
HtpState *htp_state = p->flow->alstate;
if (htp_state != NULL && htp_state->connp != NULL) {
htp_tx_t *tx = NULL;
- uint64_t idx = AppLayerTransactionGetInspectId(p->flow, 0);
- uint64_t total_txs= AppLayerGetTxCnt(ALPROTO_HTTP, htp_state);
+ uint64_t idx = AppLayerParserGetTransactionInspectId(p->flow->alparser,
+ STREAM_TOSERVER);
+ uint64_t total_txs= AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state);
for ( ; idx < total_txs; idx++) {
- tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, idx);
+ tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, idx);
if (tx == NULL)
continue;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH);
} else {
SCLogError(SC_ERR_LUAJIT_ERROR, "luajit can't be used with protocol %s",
- AppLayerGetProtoString(luajit->alproto));
+ AppLayerGetProtoName(luajit->alproto));
goto error;
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
ut_script = script;
memset(&th_v, 0, sizeof(th_v));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_HTTP;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_HTTP;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_HTTP;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
ut_script = script;
memset(&th_v, 0, sizeof(th_v));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_HTTP;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
ut_script = script;
memset(&th_v, 0, sizeof(th_v));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_HTTP;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
ut_script = script;
memset(&th_v, 0, sizeof(th_v));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_HTTP;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
#include "detect-app-layer-protocol.h"
#include "detect-engine-apt-event.h"
#include "detect-luajit.h"
+#include "detect-app-layer-event.h"
#include "pkt-var.h"
#include "host.h"
#include "conf.h"
#include "conf-yaml-loader.h"
+#include "app-layer.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "detect-parse.h"
#include "detect-engine-iponly.h"
#include "app-layer-detect-proto.h"
+#include "app-layer.h"
extern int sc_set_caps;
static uint32_t dbg_srcportany_cnt = 0;
static uint32_t dbg_dstportany_cnt = 0;
-/* Context of the app layer proto detection */
-extern AlpProtoDetectCtx alp_proto_ctx;
-
/**
* \brief We use this as data to the hash table DetectEngineCtx->dup_sig_hash_table.
*/
int SigParseProto(Signature *s, const char *protostr) {
SCEnter();
- AppLayerProbingParser *pp;
- AppLayerProbingParserPort *pp_port;
- AppLayerProbingParserElement *pp_pe;
-
int r = DetectProtoParse(&s->proto, (char *)protostr);
if (r < 0) {
- s->alproto = AppLayerGetProtoByName(protostr);
+ s->alproto = AppLayerGetProtoByName((char *)protostr);
/* indicate that the signature is app-layer */
if (s->alproto != ALPROTO_UNKNOWN)
s->flags |= SIG_FLAG_APPLAYER;
-
- for (pp = alp_proto_ctx.probing_parsers; pp != NULL; pp = pp->next) {
- for (pp_port = pp->port; pp_port != NULL; pp_port = pp_port->next) {
- for (pp_pe = pp_port->toserver; pp_pe != NULL; pp_pe = pp_pe->next) {
- if (strcasecmp(pp_pe->al_proto_name, protostr) != 0)
- continue;
- s->flags |= SIG_FLAG_APPLAYER;
- s->alproto = pp_pe->al_proto;
- }
-
- for (pp_pe = pp_port->toclient; pp_pe != NULL; pp_pe = pp_pe->next) {
- if (strcasecmp(pp_pe->al_proto_name, protostr) != 0)
- continue;
- s->flags |= SIG_FLAG_APPLAYER;
- s->alproto = pp_pe->al_proto;
- }
- }
- }
-
- if (s->alproto == ALPROTO_UNKNOWN) {
+ else {
SCLogError(SC_ERR_UNKNOWN_PROTOCOL, "protocol \"%s\" cannot be used "
"in a signature. Either detection for this protocol "
"supported yet OR detection has been disabled for "
if (SigParseAction(s, parser->action) < 0)
goto error;
- /* Parse Proto */
- if (strcasecmp(parser->protocol, "dns") == 0) {
- /** XXX HACK */
- if (SigParseProto(s, "dnstcp") < 0)
- goto error;
- if (SigParseProto(s, "dnsudp") < 0)
- goto error;
- s->alproto = ALPROTO_DNS;
- } else {
- if (SigParseProto(s, parser->protocol) < 0)
- goto error;
- }
+ if (SigParseProto(s, parser->protocol) < 0)
+ goto error;
if (strcmp(parser->direction, "<-") == 0) {
SCLogError(SC_ERR_INVALID_DIRECTION, "\"<-\" is not a valid direction modifier, \"->\" and \"<>\" are supported.");
}
}
- if (s->alproto != ALPROTO_UNKNOWN) {
- if (s->flags & SIG_FLAG_STATE_MATCH) {
- if (s->alproto == ALPROTO_DNS) {
- if (al_proto_table[ALPROTO_DNS_UDP].to_server == 0 ||
- al_proto_table[ALPROTO_DNS_UDP].to_client == 0 ||
- al_proto_table[ALPROTO_DNS_TCP].to_server == 0 ||
- al_proto_table[ALPROTO_DNS_TCP].to_client == 0) {
- SCLogInfo("Signature uses options that need the app layer "
- "parser for dns, but the parser's disabled "
- "for the protocol. Please check if you have "
- "disabled it through the option "
- "\"app-layer.protocols.dcerpc[udp|tcp].enabled\""
- "or internally the parser has been disabled in "
- "the code. Invalidating signature.");
- SCReturnInt(0);
- }
- } else {
- if (al_proto_table[s->alproto].to_server == 0 ||
- al_proto_table[s->alproto].to_client == 0) {
- const char *proto_name = AppProtoToString(s->alproto);
- SCLogInfo("Signature uses options that need the app layer "
- "parser for \"%s\", but the parser's disabled "
- "for the protocol. Please check if you have "
- "disabled it through the option "
- "\"app-layer.protocols.%s.enabled\" or internally "
- "there the parser has been disabled in the code. "
- "Invalidating signature.", proto_name, proto_name);
- SCReturnInt(0);
- }
- }
- }
-
-
-
-
-
- }
+ //if (s->alproto != ALPROTO_UNKNOWN) {
+ // if (s->flags & SIG_FLAG_STATE_MATCH) {
+ // if (s->alproto == ALPROTO_DNS) {
+ // if (al_proto_table[ALPROTO_DNS_UDP].to_server == 0 ||
+ // al_proto_table[ALPROTO_DNS_UDP].to_client == 0 ||
+ // al_proto_table[ALPROTO_DNS_TCP].to_server == 0 ||
+ // al_proto_table[ALPROTO_DNS_TCP].to_client == 0) {
+ // SCLogInfo("Signature uses options that need the app layer "
+ // "parser for dns, but the parser's disabled "
+ // "for the protocol. Please check if you have "
+ // "disabled it through the option "
+ // "\"app-layer.protocols.dcerpc[udp|tcp].enabled\""
+ // "or internally the parser has been disabled in "
+ // "the code. Invalidating signature.");
+ // SCReturnInt(0);
+ // }
+ // } else {
+ // if (al_proto_table[s->alproto].to_server == 0 ||
+ // al_proto_table[s->alproto].to_client == 0) {
+ // const char *proto_name = AppProtoToString(s->alproto);
+ // SCLogInfo("Signature uses options that need the app layer "
+ // "parser for \"%s\", but the parser's disabled "
+ // "for the protocol. Please check if you have "
+ // "disabled it through the option "
+ // "\"app-layer.protocols.%s.enabled\" or internally "
+ // "there the parser has been disabled in the code. "
+ // "Invalidating signature.", proto_name, proto_name);
+ // SCReturnInt(0);
+ // }
+ // }
+ // }
+ //
+ //
+ //
+ //
+ //
+ //}
if (s->flags & SIG_FLAG_REQUIRE_PACKET) {
pm = SigMatchGetLastSMFromLists(s, 24,
static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr,
uint8_t dir)
{
- AlpProtoSignature *als;
- AppLayerProbingParser *pp;
- AppLayerProbingParserPort *pp_port;
- AppLayerProbingParserElement *pp_pe;
SigMatch *sm;
Signature *sig = SigAlloc();
if (sig == NULL)
/* at this point if we had alert ip and the ip proto was not
* overridden, we use the ip proto that has been configured
* against the app proto in use. */
- if (override_needed) {
-
- for (als = alp_proto_ctx.head; als != NULL; als = als->next) {
- if (sig->alproto == als->proto)
- sig->proto.proto[als->ip_proto / 8] |= 1 << (als->ip_proto % 8);
- }
+ if (override_needed)
+ AppLayerProtoDetectSupportedIpprotos(sig->alproto, sig->proto.proto);
+ }
- for (pp = alp_proto_ctx.probing_parsers; pp != NULL; pp = pp->next) {
- for (pp_port = pp->port; pp_port != NULL; pp_port = pp_port->next) {
- for (pp_pe = pp_port->toserver; pp_pe != NULL; pp_pe = pp_pe->next) {
- if (sig->alproto == pp_pe->al_proto)
- sig->proto.proto[pp->ip_proto / 8] |= 1 << (pp->ip_proto % 8);
- }
- for (pp_pe = pp_port->toclient; pp_pe != NULL; pp_pe = pp_pe->next) {
- if (sig->alproto == pp_pe->al_proto)
- sig->proto.proto[pp->ip_proto / 8] |= 1 << (pp->ip_proto % 8);
- }
- }
- }
- } /* if */
- } /* if */
+ DetectAppLayerEventPrepare(sig);
/* set mpm_content_len */
SigBuildAddressMatchArray(sig);
- if (sig->sm_lists[DETECT_SM_LIST_APP_EVENT] != NULL &&
- (AppLayerProtoIsTxEventAware(sig->alproto) || sig->alproto == ALPROTO_DNS)) {
- if (sig->alproto == ALPROTO_DNS) {
- DetectEngineRegisterAppInspectionEngine(ALPROTO_DNS_TCP,
- 0,
- DETECT_SM_LIST_APP_EVENT,
- DE_STATE_FLAG_APP_EVENT_INSPECT,
- DE_STATE_FLAG_APP_EVENT_INSPECT,
- DetectEngineAptEventInspect,
- app_inspection_engine);
- DetectEngineRegisterAppInspectionEngine(ALPROTO_DNS_UDP,
- 0,
- DETECT_SM_LIST_APP_EVENT,
- DE_STATE_FLAG_APP_EVENT_INSPECT,
- DE_STATE_FLAG_APP_EVENT_INSPECT,
- DetectEngineAptEventInspect,
- app_inspection_engine);
- DetectEngineRegisterAppInspectionEngine(ALPROTO_DNS_TCP,
- 1,
- DETECT_SM_LIST_APP_EVENT,
- DE_STATE_FLAG_APP_EVENT_INSPECT,
- DE_STATE_FLAG_APP_EVENT_INSPECT,
- DetectEngineAptEventInspect,
- app_inspection_engine);
- DetectEngineRegisterAppInspectionEngine(ALPROTO_DNS_UDP,
- 1,
- DETECT_SM_LIST_APP_EVENT,
- DE_STATE_FLAG_APP_EVENT_INSPECT,
- DE_STATE_FLAG_APP_EVENT_INSPECT,
- DetectEngineAptEventInspect,
- app_inspection_engine);
- } else {
- DetectEngineRegisterAppInspectionEngine(sig->alproto,
- (sig->flags & SIG_FLAG_TOSERVER) ? 0 : 1,
- DETECT_SM_LIST_APP_EVENT,
- DE_STATE_FLAG_APP_EVENT_INSPECT,
- DE_STATE_FLAG_APP_EVENT_INSPECT,
- DetectEngineAptEventInspect,
- app_inspection_engine);
+ if (sig->sm_lists[DETECT_SM_LIST_APP_EVENT] != NULL) {
+ if (AppLayerParserProtocolIsTxEventAware(IPPROTO_TCP, sig->alproto)) {
+ if (sig->flags & SIG_FLAG_TOSERVER) {
+ DetectEngineRegisterAppInspectionEngine(IPPROTO_TCP,
+ sig->alproto,
+ 0,
+ DETECT_SM_LIST_APP_EVENT,
+ DE_STATE_FLAG_APP_EVENT_INSPECT,
+ DE_STATE_FLAG_APP_EVENT_INSPECT,
+ DetectEngineAptEventInspect,
+ app_inspection_engine);
+ }
+ if (sig->flags & SIG_FLAG_TOCLIENT) {
+ DetectEngineRegisterAppInspectionEngine(IPPROTO_TCP,
+ sig->alproto,
+ 1,
+ DETECT_SM_LIST_APP_EVENT,
+ DE_STATE_FLAG_APP_EVENT_INSPECT,
+ DE_STATE_FLAG_APP_EVENT_INSPECT,
+ DetectEngineAptEventInspect,
+ app_inspection_engine);
+ }
+ }
+ if (AppLayerParserProtocolIsTxEventAware(IPPROTO_UDP, sig->alproto)) {
+ if (sig->flags & SIG_FLAG_TOSERVER) {
+ DetectEngineRegisterAppInspectionEngine(IPPROTO_UDP,
+ sig->alproto,
+ 0,
+ DETECT_SM_LIST_APP_EVENT,
+ DE_STATE_FLAG_APP_EVENT_INSPECT,
+ DE_STATE_FLAG_APP_EVENT_INSPECT,
+ DetectEngineAptEventInspect,
+ app_inspection_engine);
+ }
+ if (sig->flags & SIG_FLAG_TOCLIENT) {
+ DetectEngineRegisterAppInspectionEngine(IPPROTO_UDP,
+ sig->alproto,
+ 1,
+ DETECT_SM_LIST_APP_EVENT,
+ DE_STATE_FLAG_APP_EVENT_INSPECT,
+ DE_STATE_FLAG_APP_EVENT_INSPECT,
+ DetectEngineAptEventInspect,
+ app_inspection_engine);
+ }
}
}
#include "util-pool.h"
#include "conf.h"
+#include "app-layer.h"
#include "app-layer-htp.h"
#include "stream.h"
#include "stream-tcp.h"
DetectEngineThreadCtx *det_ctx = NULL;
int result = 0;
Flow f;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&th_v, 0, sizeof(th_v));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_HTTP;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, buf, buflen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, buf, buflen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */
uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */
uint32_t httplen7 = sizeof(httpbuf7) - 1; /* minus the \0 */
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
AppLayerHtpEnableRequestBodyCallback();
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
if (r != 0) {
printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
if (r != 0) {
printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7);
if (r != 0) {
printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r);
goto end;
}
/* hardcoded check of the transactions and it's client body chunks */
- if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) {
+ if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) {
printf("The http app layer doesn't have 2 transactions, but it should: ");
goto end;
}
- htp_tx_t *t1 = AppLayerGetTx(ALPROTO_HTTP, htp_state, 0);
- htp_tx_t *t2 = AppLayerGetTx(ALPROTO_HTTP, htp_state, 1);
+ htp_tx_t *t1 = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 0);
+ htp_tx_t *t2 = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 1);
HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(t1);
if (htud == NULL) {
result = 1;
end:
-
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SCMutexUnlock(&f.m);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */
uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */
uint32_t httplen7 = sizeof(httpbuf7) - 1; /* minus the \0 */
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
if (r != 0) {
printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
if (r != 0) {
printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
SCLogDebug("sending data chunk 7");
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7);
if (r != 0) {
printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
/* hardcoded check of the transactions and it's client body chunks */
- if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) {
+ if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) {
printf("The http app layer doesn't have 2 transactions, but it should: ");
goto end;
}
- htp_tx_t *t1 = AppLayerGetTx(ALPROTO_HTTP, htp_state, 0);
- htp_tx_t *t2 = AppLayerGetTx(ALPROTO_HTTP, htp_state, 1);
+ htp_tx_t *t1 = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 0);
+ htp_tx_t *t2 = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 1);
HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(t1);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
uint32_t httplen5 = sizeof(httpbuf5) - 1; /* minus the \0 */
uint32_t httplen6 = sizeof(httpbuf6) - 1; /* minus the \0 */
uint32_t httplen7 = sizeof(httpbuf7) - 1; /* minus the \0 */
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf3, httplen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf4, httplen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
result = 0;
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf5, httplen5);
if (r != 0) {
printf("toserver chunk 5 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
p->alerts.cnt = 0;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf6, httplen6);
if (r != 0) {
printf("toserver chunk 6 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
SCLogDebug("sending data chunk 7");
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf7, httplen7);
if (r != 0) {
printf("toserver chunk 7 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- if (AppLayerGetTxCnt(ALPROTO_HTTP, htp_state) != 2) {
+ if (AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state) != 2) {
printf("The http app layer doesn't have 2 transactions, but it should: ");
goto end;
}
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL) {
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
}
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_HTTP;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_HTTP;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_HTTP;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
PacketCopyData(p, raw_eth_pkt, pktsize);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&th_v, 0, sizeof(th_v));
-
+ dtv.app_tctx = AppLayerGetCtxThread();
FlowInitConfig(FLOW_QUIET);
DecodeEthernet(&th_v, &dtv, p, GET_PKT_DATA(p), pktsize, NULL);
result = 1;
end:
+ if (dtv.app_tctx != NULL)
+ AppLayerDestroyCtxThread(dtv.app_tctx);
if (de_ctx != NULL)
{
SigGroupCleanup(de_ctx);
#include "util-unittest-helper.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "detect-ssl-state.h"
DetectEngineCtx *de_ctx = NULL;
SSLState *ssl_state = NULL;
int r = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST;
p->flowflags |= FLOW_PKT_TOSERVER;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_START, chello_buf,
- chello_buf_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER | STREAM_START, chello_buf,
+ chello_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, shello_buf,
- shello_buf_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, shello_buf,
+ shello_buf_len);
if (r != 0) {
printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, client_change_cipher_spec_buf,
- client_change_cipher_spec_buf_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, client_change_cipher_spec_buf,
+ client_change_cipher_spec_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOCLIENT, server_change_cipher_spec_buf,
- server_change_cipher_spec_buf_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT, server_change_cipher_spec_buf,
+ server_change_cipher_spec_buf_len);
if (r != 0) {
printf("toclient chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, toserver_app_data_buf,
- toserver_app_data_buf_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, toserver_app_data_buf,
+ toserver_app_data_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
#include "util-unittest-helper.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "detect-ssl-version.h"
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf1, ssllen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf1, ssllen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf2, ssllen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf2, ssllen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf3, ssllen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf3, ssllen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf4, ssllen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf4, ssllen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf1, ssllen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf1, ssllen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf2, ssllen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf2, ssllen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf3, ssllen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf3, ssllen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf4, ssllen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf4, ssllen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf1, ssllen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf1, ssllen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf2, ssllen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf2, ssllen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf3, ssllen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf3, ssllen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf4, ssllen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf4, ssllen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
#include "util-unittest-helper.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "app-layer-ssl.h"
#include "detect-tls-version.h"
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
- r = AppLayerParse(NULL, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
#include "stream-tcp.h"
#include "stream.h"
+#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-protos.h"
#include "app-layer-htp.h"
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
int r = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
- STREAM_EOF, httpbuf1, httplen1);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
+ STREAM_EOF, httpbuf1, httplen1);
if (r != 0) {
printf("AppLayerParse failed: r(%d) != 0: ", r);
goto end;
goto end;
}
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, 0);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 0);
if (tx->request_method_number != HTP_M_GET ||
tx->request_protocol_number != HTP_PROTOCOL_1_1)
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
SCMutexUnlock(&f.m);
FLOW_DESTROY(&f);
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
int r = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
- STREAM_EOF, httpbuf1, httplen1);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
+ STREAM_EOF, httpbuf1, httplen1);
if (r != 0) {
printf("AppLayerParse failed: r(%d) != 0: ", r);
goto end;
goto end;
}
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, 0);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 0);
if (tx->request_method_number != HTP_M_GET ||
tx->request_protocol_number != HTP_PROTOCOL_1_1)
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
int r = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
- STREAM_EOF, httpbuf1, httplen1);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
+ STREAM_EOF, httpbuf1, httplen1);
if (r != 0) {
printf("AppLayerParse failed: r(%d) != 0: ", r);
goto end;
goto end;
}
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, 0);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 0);
if (tx->request_method_number != HTP_M_UNKNOWN ||
tx->request_protocol_number != HTP_PROTOCOL_1_1)
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */
TcpSession ssn;
int r = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
+
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
StreamTcpInitConfig(TRUE);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
- STREAM_EOF, httpbuf1, httplen1);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER|STREAM_START|
+ STREAM_EOF, httpbuf1, httplen1);
if (r != 0) {
printf("AppLayerParse failed: r(%d) != 0: ", r);
goto end;
goto end;
}
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, 0);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, 0);
if (tx->request_method_number != HTP_M_GET ||
tx->request_protocol_number != HTP_PROTOCOL_1_1)
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
StreamTcpFreeConfig(TRUE);
if (htp_state != NULL)
HTPStateFree(htp_state);
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
HtpState *http_state = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
//if (http_state != NULL) HTPStateFree(http_state);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf2, httplen2);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx);
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx);
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
TCPHdr tcp_hdr;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
-
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx);
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
-
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx);
*/
#include "suricata-common.h"
+#include "app-layer.h"
#include "app-layer-protos.h"
#include "app-layer-htp.h"
#include "util-unittest.h"
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, httpbuf1, httplen1);
if (r != 0) {
SCLogDebug("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
SCLogDebug("DCERPC sig, alproto not SMB or SMB2");
return 0;
}
- } else if (s->alproto == ALPROTO_DNS) {
- if (alproto != ALPROTO_DNS_UDP && alproto != ALPROTO_DNS_TCP) {
- SCLogDebug("DNS sig, alproto not DNS/TCP or DNS/UDP");
- return 0;
- }
} else {
SCLogDebug("alproto mismatch");
return 0;
}
int tx_progress = 0;
- uint64_t idx = AppLayerTransactionGetInspectId(p->flow, flags);
- uint64_t total_txs = AppLayerGetTxCnt(ALPROTO_HTTP, alstate);
+ uint64_t idx = AppLayerParserGetTransactionInspectId(p->flow->alparser, flags);
+ uint64_t total_txs = AppLayerParserGetTxCnt(p->flow->proto, ALPROTO_HTTP, alstate);
for (; idx < total_txs; idx++) {
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, idx);
+ htp_tx_t *tx = AppLayerParserGetTx(p->flow->proto, ALPROTO_HTTP, htp_state, idx);
if (tx == NULL)
continue;
- tx_progress = AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0);
+ tx_progress = AppLayerParserGetStateProgress(p->flow->proto, ALPROTO_HTTP, tx, STREAM_TOSERVER);
if (p->flowflags & FLOW_PKT_TOSERVER) {
if (tx_progress > HTP_REQUEST_LINE) {
}
}
} else { /* implied FLOW_PKT_TOCLIENT */
- tx_progress = AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1);
+ tx_progress = AppLayerParserGetStateProgress(p->flow->proto, ALPROTO_HTTP, tx, STREAM_TOCLIENT);
if (tx_progress > HTP_RESPONSE_LINE) {
if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HSMD) {
FLOWLOCK_UNLOCK(p->flow);
}
/* all dns based mpms */
- else if (alproto == ALPROTO_DNS_TCP && alstate != NULL) {
+ else if (alproto == ALPROTO_DNS && alstate != NULL) {
if (p->flowflags & FLOW_PKT_TOSERVER) {
if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_DNSQUERY) {
FLOWLOCK_RDLOCK(p->flow);
- uint64_t idx = AppLayerTransactionGetInspectId(p->flow, flags);
- uint64_t total_txs = AppLayerGetTxCnt(alproto, alstate);
+ uint64_t idx = AppLayerParserGetTransactionInspectId(p->flow->alparser, flags);
+ uint64_t total_txs = AppLayerParserGetTxCnt(p->flow->proto, alproto, alstate);
for (; idx < total_txs; idx++) {
- void *tx = AppLayerGetTx(alproto, alstate, idx);
+ void *tx = AppLayerParserGetTx(p->flow->proto, alproto, alstate, idx);
if (tx == NULL)
continue;
}
/* UDP DNS inspection is independent of est or not */
- if (alproto == ALPROTO_DNS_UDP && alstate != NULL) {
+ if (alproto == ALPROTO_DNS && alstate != NULL) {
if (p->flowflags & FLOW_PKT_TOSERVER) {
SCLogDebug("mpm inspection");
if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_DNSQUERY) {
FLOWLOCK_RDLOCK(p->flow);
- uint64_t idx = AppLayerTransactionGetInspectId(p->flow, flags);
- uint64_t total_txs = AppLayerGetTxCnt(alproto, alstate);
+ uint64_t idx = AppLayerParserGetTransactionInspectId(p->flow->alparser, flags);
+ uint64_t total_txs = AppLayerParserGetTxCnt(p->flow->proto, alproto, alstate);
for (; idx < total_txs; idx++) {
- void *tx = AppLayerGetTx(alproto, alstate, idx);
+ void *tx = AppLayerParserGetTx(p->flow->proto, alproto, alstate, idx);
if (tx == NULL)
continue;
SCLogDebug("tx %p",tx);
#ifdef DEBUG
static void DebugInspectIds(Packet *p, Flow *f, StreamMsg *smsg)
{
- AppLayerParserStateStore *parser_state_store = f->alparser;
- if (parser_state_store != NULL) {
- SCLogDebug("pcap_cnt %02"PRIu64", %s, %12s, inspect_id(ts) %"PRIu64
- ", inspect_id(tc) %"PRIu64", smsg %s",
- p->pcap_cnt, p->flowflags & FLOW_PKT_TOSERVER ? "toserver" : "toclient",
- p->flags & PKT_STREAM_EST ? "established" : "stateless",
- parser_state_store->inspect_id[0], parser_state_store->inspect_id[1],
- smsg?"yes":"no");
-
- //if (smsg)
- // PrintRawDataFp(stdout,smsg->data.data, smsg->data.data_len);
- }
+ SCLogDebug("pcap_cnt %02"PRIu64", %s, %12s, smsg %s",
+ p->pcap_cnt, p->flowflags & FLOW_PKT_TOSERVER ? "toserver" : "toclient",
+ p->flags & PKT_STREAM_EST ? "established" : "stateless",
+ smsg ? "yes" : "no");
+ AppLayerParserPrintDetailsParserState(f->alparser);
}
#endif
(p->proto == IPPROTO_UDP) ||
(p->proto == IPPROTO_SCTP && (p->flowflags & FLOW_PKT_ESTABLISHED)))
{
- alstate = AppLayerGetProtoStateFromPacket(p);
- alproto = AppLayerGetProtoFromPacket(p);
- alversion = AppLayerGetStateVersion(pflow);
+ alstate = FlowGetAppState(p->flow);
+ alproto = FlowGetAppProtocol(p->flow);
+ alversion = AppLayerParserGetStateVersion(p->flow->alparser);
SCLogDebug("alstate %p, alproto %u", alstate, alproto);
} else {
SCLogDebug("packet doesn't have established flag set (proto %d)", p->proto);
}
- app_decoder_events = AppLayerFlowHasDecoderEvents(pflow, flags);
+ app_decoder_events = AppLayerParserHasDecoderEvents(p->flow->proto,
+ p->flow->alproto,
+ p->flow->alstate,
+ p->flow->alparser,
+ flags);
}
FLOWLOCK_UNLOCK(pflow);
end:
/* see if we need to increment the inspect_id and reset the de_state */
- if (alstate != NULL && AppLayerAlprotoSupportsTxs(alproto)) {
+ if (alstate != NULL && AppLayerParserProtocolSupportsTxs(p->flow->proto, alproto)) {
PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL);
DeStateUpdateInspectTransactionId(pflow, flags);
PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL);
printf("%sDescription: %s\n", prefix, sigmatch_table[i].desc);
}
printf("%sProtocol: %s\n", prefix,
- AppLayerGetProtoString(sigmatch_table[i].alproto));
+ AppLayerGetProtoName(sigmatch_table[i].alproto));
printf("%sFeatures: ", prefix);
PrintFeatureList(sigmatch_table[i].flags, ',');
if (sigmatch_table[i].url) {
}
/* Build feature */
printf(";%s;",
- AppLayerGetProtoString(sigmatch_table[i].alproto));
+ AppLayerGetProtoName(sigmatch_table[i].alproto));
PrintFeatureList(sigmatch_table[i].flags, ':');
printf(";");
if (sigmatch_table[i].url) {
Flow f;
TcpSession ssn;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.flags |= FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
UTHFreePackets(&p, 1);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
Flow f;
TcpSession ssn;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.flags |= FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
SCMutexUnlock(&f.m);
UTHFreePackets(&p, 1);
StreamTcpFreeConfig(TRUE);
- AppLayerParserCleanupState(&f);
+ FlowCleanupAppLayer(&f);
FLOW_DESTROY(&f);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
Flow f;
TcpSession ssn;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&f, 0, sizeof(Flow));
memset(&th_v, 0, sizeof(th_v));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.flags |= FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
PacketAlertCheck(p, 1) ? "OK" : "FAIL",
PacketAlertCheck(p, 2) ? "OK" : "FAIL");
- AppLayerParserCleanupState(&f);
+end:
+ FlowCleanupAppLayer(&f);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
-end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
UTHFreePackets(&p, 1);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
DetectEngineThreadCtx *det_ctx;
Flow f;
TcpSession ssn;
+ void *alp_tctx = AppLayerParserGetCtxThread();
int result = 0;
memset(&th_v, 0, sizeof(th_v));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.flags |= FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
else
result = 0;
- AppLayerParserCleanupState(&f);
+end:
+ FlowCleanupAppLayer(&f);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
-end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
UTHFreePackets(&p, 1);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
Flow f;
TcpSession ssn;
int result = 0;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, buf, buflen);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
else
result = 1;
- AppLayerParserCleanupState(&f);
+ end:
+ FlowCleanupAppLayer(&f);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
-end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
UTHFreePackets(&p, 1);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
if (PacketAlertCheck(p, 1) && PacketAlertCheck(p, 2))
result = 1;
- AppLayerParserCleanupState(&f);
+ end:
+ FlowCleanupAppLayer(&f);
SigGroupCleanup(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
-end:
UTHFreePackets(&p, 1);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
Signature *s = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
+ void *alp_tctx = AppLayerParserGetCtxThread();
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
+ f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;
p1->flow = &f;
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
- int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
+ int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf1, http_buf1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
}
SCMutexLock(&f.m);
- r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
+ r = AppLayerParserParse(alp_tctx, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf2, http_buf2_len);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
result = 1;
end:
+ if (alp_tctx != NULL)
+ AppLayerParserDestroyCtxThread(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
#include "stream.h"
#include "app-layer-parser.h"
+#include "app-layer.h"
#include "util-profiling.h"
memset(&p->ts, 0, sizeof(struct timeval));
TimeGet(&p->ts);
- AppLayerSetEOF(f);
+ AppLayerParserSetEOF(f->alparser);
return p;
}
/* if app layer still needs some love, push through */
if (f->alproto != ALPROTO_UNKNOWN && f->alstate != NULL &&
- AppLayerAlprotoSupportsTxs(f->alproto))
+ AppLayerParserProtocolSupportsTxs(f->proto, f->alproto))
{
- uint64_t total_txs = AppLayerGetTxCnt(f->alproto, f->alstate);
+ uint64_t total_txs = AppLayerParserGetTxCnt(f->proto, f->alproto, f->alstate);
- if (AppLayerTransactionGetActive(f, STREAM_TOCLIENT) < total_txs) {
+ if (AppLayerParserGetTransactionActive(f->proto, f->alproto,
+ f->alparser, STREAM_TOCLIENT) < total_txs)
+ {
if (*server != STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY)
*server = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION;
}
- if (AppLayerTransactionGetActive(f, STREAM_TOSERVER) < total_txs) {
+ if (AppLayerParserGetTransactionActive(f->proto, f->alproto,
+ f->alparser, STREAM_TOSERVER) < total_txs)
+ {
if (*client != STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY)
*client = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION;
}
}
}
+uint8_t FlowGetReverseProtoMapping(uint8_t rproto)
+{
+ switch (rproto) {
+ case FLOW_PROTO_TCP:
+ return IPPROTO_TCP;
+ case FLOW_PROTO_UDP:
+ return IPPROTO_UDP;
+ case FLOW_PROTO_ICMP:
+ return IPPROTO_ICMP;
+ case FLOW_PROTO_SCTP:
+ return IPPROTO_SCTP;
+ default:
+ exit(EXIT_FAILURE);
+ }
+}
+
/* initialize the flow from the first packet
* we see from it. */
void FlowInit(Flow *f, const Packet *p)
#define FLOW_INITIALIZE(f) do { \
(f)->sp = 0; \
(f)->dp = 0; \
+ (f)->proto = 0; \
SC_ATOMIC_INIT((f)->use_cnt); \
- (f)->probing_parser_toserver_al_proto_masks = 0; \
- (f)->probing_parser_toclient_al_proto_masks = 0; \
+ (f)->probing_parser_toserver_alproto_masks = 0; \
+ (f)->probing_parser_toclient_alproto_masks = 0; \
(f)->flags = 0; \
(f)->lastts_sec = 0; \
FLOWLOCK_INIT((f)); \
#define FLOW_RECYCLE(f) do { \
(f)->sp = 0; \
(f)->dp = 0; \
+ (f)->proto = 0; \
SC_ATOMIC_RESET((f)->use_cnt); \
- (f)->probing_parser_toserver_al_proto_masks = 0; \
- (f)->probing_parser_toclient_al_proto_masks = 0; \
+ (f)->probing_parser_toserver_alproto_masks = 0; \
+ (f)->probing_parser_toclient_alproto_masks = 0; \
(f)->flags = 0; \
(f)->lastts_sec = 0; \
(f)->protoctx = NULL; \
void FlowFree(Flow *);
uint8_t FlowGetProtoMapping(uint8_t);
void FlowInit(Flow *, const Packet *);
+uint8_t FlowGetReverseProtoMapping(uint8_t rproto);
#endif /* __FLOW_UTIL_H__ */
void FlowCleanupAppLayer(Flow *f)
{
- if (f == NULL)
+ if (f == NULL || f->proto == 0)
return;
- AppLayerParserCleanupState(f);
+ AppLayerParserCleanupParserState(f->proto, f->alproto, f->alstate, f->alparser);
+ f->alstate = NULL;
+ f->alparser = NULL;
return;
}
return 1;
}
+AppProto FlowGetAppProtocol(Flow *f)
+{
+ return f->alproto;
+}
+
+void *FlowGetAppState(Flow *f)
+{
+ return f->alstate;
+}
+
/************************************Unittests*******************************/
#ifdef UNITTESTS
#error Enable FLOWLOCK_RWLOCK or FLOWLOCK_MUTEX
#endif
+#define FLOW_IS_PM_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags & FLOW_TS_PM_ALPROTO_DETECT_DONE) : ((f)->flags & FLOW_TC_PM_ALPROTO_DETECT_DONE))
+#define FLOW_IS_PP_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags & FLOW_TS_PP_ALPROTO_DETECT_DONE) : ((f)->flags & FLOW_TC_PP_ALPROTO_DETECT_DONE))
+
+#define FLOW_SET_PM_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags |= FLOW_TS_PM_ALPROTO_DETECT_DONE) : ((f)->flags |= FLOW_TC_PM_ALPROTO_DETECT_DONE))
+#define FLOW_SET_PP_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags |= FLOW_TS_PP_ALPROTO_DETECT_DONE) : ((f)->flags |= FLOW_TC_PP_ALPROTO_DETECT_DONE))
+
+#define FLOW_RESET_PM_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags &= ~FLOW_TS_PM_ALPROTO_DETECT_DONE) : ((f)->flags &= ~FLOW_TC_PM_ALPROTO_DETECT_DONE))
+#define FLOW_RESET_PP_DONE(f, dir) (((dir) & STREAM_TOSERVER) ? ((f)->flags &= ~FLOW_TS_PP_ALPROTO_DETECT_DONE) : ((f)->flags &= ~FLOW_TC_PP_ALPROTO_DETECT_DONE))
+
/* global flow config */
typedef struct FlowCnf_
{
/** flow queue id, used with autofp */
SC_ATOMIC_DECLARE(int, autofp_tmqh_flow_qid);
- uint32_t probing_parser_toserver_al_proto_masks;
- uint32_t probing_parser_toclient_al_proto_masks;
+ uint32_t probing_parser_toserver_alproto_masks;
+ uint32_t probing_parser_toclient_alproto_masks;
uint32_t flags;
int FlowClearMemory(Flow *,uint8_t );
+AppProto FlowGetAppProtocol(Flow *f);
+void *FlowGetAppState(Flow *f);
+
+
+
#endif /* __FLOW_H__ */
/* check if we have DNS state or not */
FLOWLOCK_WRLOCK(p->flow); /* WRITE lock before we updated flow logged id */
- uint16_t proto = AppLayerGetProtoFromPacket(p);
- if (proto != ALPROTO_DNS_UDP && proto != ALPROTO_DNS_TCP) {
- SCLogDebug("proto not ALPROTO_DNS_UDP: %u", proto);
+ if (FlowGetAppProtocol(p->flow) != ALPROTO_DNS) {
+ SCLogDebug("proto not ALPROTO_DNS_UDP: %u", FlowGetAppProtocol(p->flow));
goto end;
}
- DNSState *dns_state = (DNSState *)AppLayerGetProtoStateFromPacket(p);
+ DNSState *dns_state = (DNSState *)FlowGetAppState(p->flow);
if (dns_state == NULL) {
SCLogDebug("no dns state, so no request logging");
goto end;
}
- uint64_t total_txs = AppLayerGetTxCnt(proto, dns_state);
- uint64_t tx_id = AppLayerTransactionGetLogId(p->flow);
- //int tx_progress_done_value_ts = AppLayerGetAlstateProgressCompletionStatus(proto, 0);
- //int tx_progress_done_value_tc = AppLayerGetAlstateProgressCompletionStatus(proto, 1);
+ uint64_t total_txs = AppLayerParserGetTxCnt(p->flow->proto, ALPROTO_DNS, dns_state);
+ uint64_t tx_id = AppLayerParserGetTransactionLogId(p->flow->alparser);
SCLogDebug("pcap_cnt %"PRIu64, p->pcap_cnt);
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
DNSTransaction *tx = NULL;
for (; tx_id < total_txs; tx_id++)
{
- tx = AppLayerGetTx(proto, dns_state, tx_id);
+ tx = AppLayerParserGetTx(p->flow->proto, ALPROTO_DNS, dns_state, tx_id);
if (tx == NULL)
continue;
}
SCLogDebug("calling AppLayerTransactionUpdateLoggedId");
- AppLayerTransactionUpdateLogId(p->flow);
+ AppLayerParserSetTransactionLogId(p->flow->alparser);
}
end:
SCLogDebug("DNS log output initialized");
- AppLayerRegisterLogger(ALPROTO_DNS_UDP);
- AppLayerRegisterLogger(ALPROTO_DNS_TCP);
+ AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS);
+ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS);
return output_ctx;
}
static void LogFileMetaGetUri(FILE *fp, Packet *p, File *ff) {
HtpState *htp_state = (HtpState *)p->flow->alstate;
if (htp_state != NULL) {
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid);
if (tx != NULL) {
HtpTxUserData *tx_ud = htp_tx_get_user_data(tx);
if (tx_ud->request_uri_normalized != NULL) {
static void LogFileMetaGetHost(FILE *fp, Packet *p, File *ff) {
HtpState *htp_state = (HtpState *)p->flow->alstate;
if (htp_state != NULL) {
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid);
if (tx != NULL && tx->request_hostname != NULL) {
PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(tx->request_hostname),
bstr_len(tx->request_hostname));
static void LogFileMetaGetReferer(FILE *fp, Packet *p, File *ff) {
HtpState *htp_state = (HtpState *)p->flow->alstate;
if (htp_state != NULL) {
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid);
if (tx != NULL) {
htp_header_t *h = NULL;
h = (htp_header_t *)htp_table_get_c(tx->request_headers,
static void LogFileMetaGetUserAgent(FILE *fp, Packet *p, File *ff) {
HtpState *htp_state = (HtpState *)p->flow->alstate;
if (htp_state != NULL) {
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid);
if (tx != NULL) {
htp_header_t *h = NULL;
h = (htp_header_t *)htp_table_get_c(tx->request_headers,
FLOWLOCK_WRLOCK(p->flow);
file_trunc = StreamTcpReassembleDepthReached(p);
- FileContainer *ffc = AppLayerGetFilesFromFlow(p->flow, flags);
+ FileContainer *ffc = AppLayerParserGetFiles(IPPROTO_TCP, p->flow->alproto,
+ p->flow->alstate, flags);
SCLogDebug("ffc %p", ffc);
if (ffc != NULL) {
File *ff;
static void LogFilestoreMetaGetUri(FILE *fp, Packet *p, File *ff) {
HtpState *htp_state = (HtpState *)p->flow->alstate;
if (htp_state != NULL) {
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid);
if (tx != NULL) {
HtpTxUserData *tx_ud = htp_tx_get_user_data(tx);
if (tx_ud->request_uri_normalized != NULL) {
static void LogFilestoreMetaGetHost(FILE *fp, Packet *p, File *ff) {
HtpState *htp_state = (HtpState *)p->flow->alstate;
if (htp_state != NULL) {
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid);
if (tx != NULL && tx->request_hostname != NULL) {
PrintRawUriFp(fp, (uint8_t *)bstr_ptr(tx->request_hostname),
bstr_len(tx->request_hostname));
static void LogFilestoreMetaGetReferer(FILE *fp, Packet *p, File *ff) {
HtpState *htp_state = (HtpState *)p->flow->alstate;
if (htp_state != NULL) {
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid);
if (tx != NULL) {
htp_header_t *h = NULL;
h = (htp_header_t *)htp_table_get_c(tx->request_headers,
static void LogFilestoreMetaGetUserAgent(FILE *fp, Packet *p, File *ff) {
HtpState *htp_state = (HtpState *)p->flow->alstate;
if (htp_state != NULL) {
- htp_tx_t *tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, ff->txid);
+ htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid);
if (tx != NULL) {
htp_header_t *h = NULL;
h = (htp_header_t *)htp_table_get_c(tx->request_headers,
FLOWLOCK_WRLOCK(p->flow);
file_trunc = StreamTcpReassembleDepthReached(p);
- FileContainer *ffc = AppLayerGetFilesFromFlow(p->flow, flags);
+ FileContainer *ffc = AppLayerParserGetFiles(IPPROTO_TCP, p->flow->alproto, p->flow->alstate, flags);
SCLogDebug("ffc %p", ffc);
if (ffc != NULL) {
File *ff;
#include "log-httplog.h"
#include "app-layer-htp.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "util-privs.h"
#include "util-buffer.h"
/* check if we have HTTP state or not */
FLOWLOCK_WRLOCK(p->flow); /* WRITE lock before we updated flow logged id */
- uint16_t proto = AppLayerGetProtoFromPacket(p);
+ uint16_t proto = FlowGetAppProtocol(p->flow);
if (proto != ALPROTO_HTTP)
goto end;
- htp_state = (HtpState *)AppLayerGetProtoStateFromPacket(p);
+ htp_state = (HtpState *)FlowGetAppState(p->flow);
if (htp_state == NULL) {
SCLogDebug("no http state, so no request logging");
goto end;
}
- total_txs = AppLayerGetTxCnt(ALPROTO_HTTP, htp_state);
- tx_id = AppLayerTransactionGetLogId(p->flow);
- tx_progress_done_value_ts = AppLayerGetAlstateProgressCompletionStatus(ALPROTO_HTTP, 0);
- tx_progress_done_value_tc = AppLayerGetAlstateProgressCompletionStatus(ALPROTO_HTTP, 1);
+ total_txs = AppLayerParserGetTxCnt(IPPROTO_TCP, ALPROTO_HTTP, htp_state);
+ tx_id = AppLayerParserGetTransactionLogId(p->flow->alparser);
+ tx_progress_done_value_ts = AppLayerParserGetStateProgressCompletionStatus(IPPROTO_TCP, ALPROTO_HTTP, STREAM_TOSERVER);
+ tx_progress_done_value_tc = AppLayerParserGetStateProgressCompletionStatus(IPPROTO_TCP, ALPROTO_HTTP, STREAM_TOCLIENT);
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
for (; tx_id < total_txs; tx_id++)
{
- tx = AppLayerGetTx(ALPROTO_HTTP, htp_state, tx_id);
+ tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, tx_id);
if (tx == NULL) {
SCLogDebug("tx is NULL not logging !!");
continue;
}
- if (!(((AppLayerParserStateStore *)p->flow->alparser)->id_flags & APP_LAYER_TRANSACTION_EOF)) {
- tx_progress = AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 0);
+ if (!AppLayerParserParserStateIssetFlag(p->flow->alparser, APP_LAYER_PARSER_EOF)) {
+ tx_progress = AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOSERVER);
if (tx_progress < tx_progress_done_value_ts)
break;
- tx_progress = AppLayerGetAlstateProgress(ALPROTO_HTTP, tx, 1);
+ tx_progress = AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, STREAM_TOCLIENT);
if (tx_progress < tx_progress_done_value_tc)
break;
}
fflush(hlog->file_ctx->fp);
SCMutexUnlock(&hlog->file_ctx->fp_mutex);
- AppLayerTransactionUpdateLogId(p->flow);
+ AppLayerParserSetTransactionLogId(p->flow->alparser);
}
end:
SCLogDebug("HTTP log output initialized");
/* enable the logger for the app layer */
- AppLayerRegisterLogger(ALPROTO_HTTP);
+ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP);
return output_ctx;
#include "log-tlslog.h"
#include "app-layer-ssl.h"
#include "app-layer.h"
+#include "app-layer-parser.h"
#include "util-privs.h"
#include "util-buffer.h"
/* check if we have TLS state or not */
FLOWLOCK_WRLOCK(p->flow);
- uint16_t proto = AppLayerGetProtoFromPacket(p);
+ uint16_t proto = FlowGetAppProtocol(p->flow);
if (proto != ALPROTO_TLS)
goto end;
- SSLState *ssl_state = (SSLState *) AppLayerGetProtoStateFromPacket(p);
+ SSLState *ssl_state = (SSLState *)FlowGetAppState(p->flow);
if (ssl_state == NULL) {
SCLogDebug("no tls state, so no request logging");
goto end;
LogTlsLogPem(aft, p, ssl_state, hlog, ipproto);
}
- if (AppLayerTransactionGetLogId(p->flow) != 0) {
+ if (AppLayerParserGetTransactionLogId(p->flow->alparser) != 0) {
goto end;
}
timebuf, srcip, sp, dstip, dp,
ssl_state->server_connp.cert0_subject, ssl_state->server_connp.cert0_issuerdn);
- AppLayerTransactionUpdateLogId(p->flow);
+ AppLayerParserSetTransactionLogId(p->flow->alparser);
if (hlog->flags & LOG_TLS_EXTENDED) {
LogTlsLogExtended(aft, ssl_state);
SCLogDebug("TLS log output initialized");
/* enable the logger for the app layer */
- AppLayerRegisterLogger(ALPROTO_TLS);
+ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
return output_ctx;
MpmCudaEnvironmentSetup();
#endif
- AppLayerDetectProtoThreadInit();
- AppLayerParsersInitPostProcess();
+ AppLayerSetup();
/* hardcoded initialization code */
SigTableSetup(); /* load the rule keywords */
SSHParserRegisterTests();
#endif
SMBParserRegisterTests();
- DCERPCParserRegisterTests();
- DCERPCUDPParserRegisterTests();
FTPParserRegisterTests();
DecodeRawRegisterTests();
DecodePPPOERegisterTests();
DecodeUDPV4RegisterTests();
DecodeGRERegisterTests();
DecodeAsn1RegisterTests();
- AlpDetectRegisterTests();
+ AppLayerProtoDetectUnittestsRegister();
ConfRegisterTests();
ConfYamlRegisterTests();
TmqhFlowRegisterTests();
SigGroupHeadRegisterTests();
SCHInfoRegisterTests();
SCRuleVarsRegisterTests();
- AppLayerParserRegisterTests();
+ AppLayerParserRegisterUnittests();
ThreadMacrosRegisterTests();
UtilSpmSearchRegistertests();
UtilActionRegisterTests();
#ifdef __SC_CUDA_SUPPORT__
CudaBufferRegisterUnittests();
#endif
- AppLayerRegisterUnittests();
+ AppLayerUnittestsRegister();
if (list_unittests) {
UtListTests(regex_arg);
} else {
}
#ifdef DEBUG
-extern uint32_t applayererrors;
-extern uint32_t applayerhttperrors;
static uint32_t dbg_app_layer_gap;
static uint32_t dbg_app_layer_gap_candidate;
#endif
SCLogDebug("segment_pool_memcnt %"PRIu64"", segment_pool_memcnt);
SCMutexDestroy(&segment_pool_memuse_mutex);
SCMutexDestroy(&segment_pool_cnt_mutex);
- SCLogInfo("applayererrors %u", applayererrors);
- SCLogInfo("applayerhttperrors %u", applayerhttperrors);
SCLogInfo("dbg_app_layer_gap %u", dbg_app_layer_gap);
SCLogInfo("dbg_app_layer_gap_candidate %u", dbg_app_layer_gap_candidate);
#endif
memset(ra_ctx, 0x00, sizeof(TcpReassemblyThreadCtx));
ra_ctx->stream_q = StreamMsgQueueGetNew();
- AlpProtoFinalize2Thread(&ra_ctx->dp_ctx);
+ ra_ctx->app_tctx = AppLayerGetCtxThread();
+
SCReturnPtr(ra_ctx, "TcpReassemblyThreadCtx");
}
}
ra_ctx->stream_q = NULL;
- AlpProtoDeFinalize2Thread(&ra_ctx->dp_ctx);
+ AppLayerDestroyCtxThread(ra_ctx->app_tctx);
SCFree(ra_ctx);
SCReturn;
}
SCLogDebug("sending empty eof message");
/* send EOF to app layer */
STREAM_SET_INLINE_FLAGS(ssn, stream, p, flags);
- AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream,
- NULL, 0, p, flags);
+ AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
+ NULL, 0, flags);
PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p);
} else {
STREAM_SET_INLINE_FLAGS(ssn, stream, p, flags);
/* process what we have so far */
- AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream,
- data, data_len, p, flags);
+ AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
+ data, data_len, flags);
PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p);
data_sent += data_len;
/* send gap signal */
STREAM_SET_INLINE_FLAGS(ssn, stream, p, flags);
- AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream,
- NULL, 0, p, flags|STREAM_GAP);
+ AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
+ NULL, 0, flags|STREAM_GAP);
PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p);
data_len = 0;
/* process what we have so far */
STREAM_SET_INLINE_FLAGS(ssn, stream, p, flags);
BUG_ON(data_len > sizeof(data));
- AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream,
- data, data_len, p, flags);
+ AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
+ data, data_len, flags);
PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p);
data_sent += data_len;
data_len = 0;
/* process what we have so far */
STREAM_SET_INLINE_FLAGS(ssn, stream, p, flags);
BUG_ON(data_len > sizeof(data));
- AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream,
- data, data_len, p, flags);
+ AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
+ data, data_len, flags);
PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p);
data_sent += data_len;
data_len = 0;
/* process what we have so far */
STREAM_SET_INLINE_FLAGS(ssn, stream, p, flags);
BUG_ON(data_len > sizeof(data));
- AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream,
- data, data_len, p, flags);
+ AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
+ data, data_len, flags);
PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p);
data_sent += data_len;
}
SCLogDebug("sending empty eof message");
/* send EOF to app layer */
STREAM_SET_INLINE_FLAGS(ssn, stream, p, flags);
- AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream,
- NULL, 0, p, flags);
+ AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
+ NULL, 0, flags);
PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p);
}
SCLogDebug("sending empty eof message");
/* send EOF to app layer */
STREAM_SET_FLAGS(ssn, stream, p, flags);
- AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream,
- NULL, 0, p, flags);
+ AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
+ NULL, 0, flags);
PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p);
SCReturnInt(0);
STREAM_SET_FLAGS(ssn, stream, p, flags);
/* process what we have so far */
- AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream,
- data, data_len, p, flags);
+ AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
+ data, data_len, flags);
PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p);
data_len = 0;
}
/* send gap signal */
STREAM_SET_FLAGS(ssn, stream, p, flags);
- AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream,
- NULL, 0, p, flags|STREAM_GAP);
+ AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
+ NULL, 0, flags|STREAM_GAP);
PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p);
data_len = 0;
/* process what we have so far */
STREAM_SET_FLAGS(ssn, stream, p, flags);
BUG_ON(data_len > sizeof(data));
- AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream,
- data, data_len, p, flags);
+ AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
+ data, data_len, flags);
PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p);
data_len = 0;
/* process what we have so far */
STREAM_SET_FLAGS(ssn, stream, p, flags);
BUG_ON(data_len > sizeof(data));
- AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream,
- data, data_len, p, flags);
+ AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
+ data, data_len, flags);
PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p);
data_len = 0;
/* process what we have so far */
STREAM_SET_FLAGS(ssn, stream, p, flags);
BUG_ON(data_len > sizeof(data));
- AppLayerHandleTCPData(tv, ra_ctx, p->flow, ssn, stream,
- data, data_len, p, flags);
+ AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
+ data, data_len, flags);
PACKET_PROFILING_APP_STORE(&ra_ctx->dp_ctx, p);
}
/* Handle the stream msg. No need to use locking, flow is
* already locked at this point. Don't break out of the
* loop if we encounter an error. */
- if (AppLayerHandleTCPMsg(&ra_ctx->dp_ctx, smsg) != 0)
+ if (AppLayerHandleTCPMsg(smsg) != 0)
r = -1;
}
memset(&tv, 0, sizeof (ThreadVars));
FLOW_INITIALIZE(&f);
f.protoctx = &ssn;
+ f.proto = IPPROTO_TCP;
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->proto = IPPROTO_TCP;
memset(&tv, 0, sizeof (ThreadVars));
FLOW_INITIALIZE(&f);
f.protoctx = &ssn;
+ f.proto = IPPROTO_TCP;
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->proto = IPPROTO_TCP;
memset(&tv, 0, sizeof (ThreadVars));
FLOW_INITIALIZE(&f);
f.protoctx = &ssn;
+ f.proto = IPPROTO_TCP;
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->proto = IPPROTO_TCP;
memset(&tv, 0, sizeof (ThreadVars));
FLOW_INITIALIZE(&f);
f.protoctx = &ssn;
+ f.proto = IPPROTO_TCP;
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->proto = IPPROTO_TCP;
f.sp = sp;
f.dp = dp;
f.protoctx = ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
tcph.th_win = htons(5480);
memset(&tv, 0, sizeof (ThreadVars));
FLOW_INITIALIZE(&f);
f.protoctx = &ssn;
+ f.proto = IPPROTO_TCP;
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->proto = IPPROTO_TCP;
memset(&tv, 0, sizeof (ThreadVars));
FLOW_INITIALIZE(&f);
f.protoctx = &ssn;
+ f.proto = IPPROTO_TCP;
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->proto = IPPROTO_TCP;
memset(&tv, 0, sizeof (ThreadVars));
FLOW_INITIALIZE(&f);
f.protoctx = &ssn;
+ f.proto = IPPROTO_TCP;
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->proto = IPPROTO_TCP;
memset(&tv, 0, sizeof (ThreadVars));
FLOW_INITIALIZE(&f);
f.protoctx = &ssn;
+ f.proto = IPPROTO_TCP;
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->proto = IPPROTO_TCP;
memset(&tv, 0, sizeof (ThreadVars));
FLOW_INITIALIZE(&f);
f.protoctx = &ssn;
+ f.proto = IPPROTO_TCP;
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->proto = IPPROTO_TCP;
FLOW_INITIALIZE(&f);
f.protoctx = &ssn;
+ f.proto = IPPROTO_TCP;
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->proto = IPPROTO_TCP;
f.sp = sp;
f.dp = dp;
f.protoctx = &ssn;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
tcph.th_win = htons(5480);
memset(&tcph, 0, sizeof (TCPHdr));
f.flags = FLOW_IPV4;
+ f.proto = IPPROTO_TCP;
p->flow = &f;
p->tcph = &tcph;
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
p->flow = f;
tcph.th_win = htons(5480);
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
p->flow = f;
tcph.th_win = htons(5480);
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
p->flow = f;
tcph.th_win = htons(5480);
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
p->flow = f;
tcph.th_win = htons(5480);
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
p->flow = f;
tcph.th_win = htons(5480);
if (f == NULL)
goto end;
f->protoctx = &ssn;
+ f->proto = IPPROTO_TCP;
uint8_t stream_payload1[] = "GE";
uint8_t stream_payload2[] = "T /";
typedef struct TcpReassemblyThreadCtx_ {
StreamMsgQueue *stream_q;
- AlpProtoDetectThreadCtx dp_ctx; /**< proto detection thread data */
+ void *app_tctx;
/** TCP segments which are not being reassembled due to memcap was reached */
uint16_t counter_tcp_segment_memcap;
/** number of streams that stop reassembly because their depth is reached */
StreamTcpSackFreeList(&ssn->client);
StreamTcpSackFreeList(&ssn->server);
/* reset the app layer state */
- AppLayerParserCleanupState(p->flow);
+ FlowCleanupAppLayer(p->flow);
ssn->state = 0;
ssn->flags = 0;
#include "host.h"
#include "unix-manager.h"
+#include "app-layer.h"
#include "app-layer-htp.h"
#include "util-radix-tree.h"
break;
}
- AppLayerDetectProtoThreadInit();
- AppLayerParsersInitPostProcess();
+ AppLayerSetup();
/* Check for the existance of the default logging directory which we pick
* from suricata.yaml. If not found, shut the engine down */
SCReturnInt(TM_ECODE_OK);
}
-
int main(int argc, char **argv)
{
SCInstance suri;
if (global_de_ctx) {
DetectEngineCtxFree(global_de_ctx);
}
- AlpProtoDestroy();
+ AppLayerDeSetup();
TagDestroyCtx();
CASE_CODE (SC_ERR_DNS_CONFIG);
CASE_CODE (SC_ERR_CONF_YAML_ERROR);
CASE_CODE (SC_ERR_CONF_NAME_TOO_LONG);
+ CASE_CODE (SC_ERR_APP_LAYER_PROTOCOL_DETECTION);
}
return "UNKNOWN_ERROR";
SC_ERR_DNS_CONFIG,
SC_ERR_CONF_YAML_ERROR,
SC_ERR_CONF_NAME_TOO_LONG,
+ SC_ERR_APP_LAYER_PROTOCOL_DETECTION,
} SCError;
const char *SCErrorToString(SCError);
else
f->flags |= FLOW_FILE_NO_STORE_TC;
- FileContainer *ffc = AppLayerGetFilesFromFlow(f, direction);
+ FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction);
if (ffc != NULL) {
for (ptr = ffc->head; ptr != NULL; ptr = ptr->next) {
/* if we're already storing, we'll continue */
else
f->flags |= FLOW_FILE_NO_MAGIC_TC;
- FileContainer *ffc = AppLayerGetFilesFromFlow(f, direction);
+ FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction);
if (ffc != NULL) {
for (ptr = ffc->head; ptr != NULL; ptr = ptr->next) {
SCLogDebug("disabling magic for file %p from direction %s",
else
f->flags |= FLOW_FILE_NO_MD5_TC;
- FileContainer *ffc = AppLayerGetFilesFromFlow(f, direction);
+ FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction);
if (ffc != NULL) {
for (ptr = ffc->head; ptr != NULL; ptr = ptr->next) {
SCLogDebug("disabling md5 for file %p from direction %s",
else
f->flags |= FLOW_FILE_NO_SIZE_TC;
- FileContainer *ffc = AppLayerGetFilesFromFlow(f, direction);
+ FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction);
if (ffc != NULL) {
for (ptr = ffc->head; ptr != NULL; ptr = ptr->next) {
SCLogDebug("disabling size tracking for file %p from direction %s",
SCEnter();
- FileContainer *ffc = AppLayerGetFilesFromFlow(f, direction);
+ FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction);
if (ffc != NULL) {
for (ptr = ffc->head; ptr != NULL; ptr = ptr->next) {
if (ptr->txid == tx_id) {
#include <nmmintrin.h>
+/* No SIMD support, fall back to plain memcmp and a home grown lowercase one */
+
static inline int SCMemcmp(void *s1, void *s2, size_t n)
{
__m128i b1, b2;
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abce", 4, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"bcde", 4, 0, 0, 1, 0, 0);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghj", 4, 0, 0, 2, 0, 0);
- PmqSetup(&pmq, 0, 3);
+ PmqSetup(&pmq, 3);
SCACBSPreparePatterns(&mpm_ctx);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"bcdegh", 6, 0, 0, 1, 0, 0);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghjxyz", 7, 0, 0, 2, 0, 0);
- PmqSetup(&pmq, 0, 3);
+ PmqSetup(&pmq, 3);
SCACBSPreparePatterns(&mpm_ctx);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"ABCD", 4, 0, 0, 0, 0, 0);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"bCdEfG", 6, 0, 0, 1, 0, 0);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghJikl", 7, 0, 0, 2, 0, 0);
- PmqSetup(&pmq, 0, 3);
+ PmqSetup(&pmq, 3);
SCACBSPreparePatterns(&mpm_ctx);
SCACBSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx, 0);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
30, 0, 0, 5, 0, 0);
- PmqSetup(&pmq, 0, 6);
+ PmqSetup(&pmq, 6);
/* total matches: 135 */
SCACBSPreparePatterns(&mpm_ctx);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ab", 2, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcdefgh", 8, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
goto end;
if (MpmAddPatternCS(&mpm_ctx, (uint8_t *)"hers", 4, 0, 0, 4, 0, 0) == -1)
goto end;
- PmqSetup(&pmq, 0, 5);
+ PmqSetup(&pmq, 5);
if (SCACBSPreparePatterns(&mpm_ctx) == -1)
goto end;
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"wxyz", 4, 0, 0, 0, 0, 0);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"vwxyz", 5, 0, 0, 1, 0, 0);
- PmqSetup(&pmq, 0, 2);
+ PmqSetup(&pmq, 2);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcdefghijklmnopqrstuvwxyzABCD";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcdefghijklmnopqrstuvwxyzABCDE";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcdefghijklmnopqrstuvwxyzABCDEF";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcdefghijklmnopqrstuvwxyzABC";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcdefghijklmnopqrstuvwxyzAB";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcde""fghij""klmno""pqrst""uvwxy""z";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 */
char *pat = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 */
char *pat = "AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AA";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcde", 5, 0, 0, 1, 0, 0);
- PmqSetup(&pmq, 0, 2);
+ PmqSetup(&pmq, 2);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 */
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"ABCD", 4, 0, 0, 0, 0, 0);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"bCdEfG", 6, 0, 0, 1, 0, 0);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghiJkl", 7, 0, 0, 2, 0, 0);
- PmqSetup(&pmq, 0, 3);
+ PmqSetup(&pmq, 3);
SCACBSPreparePatterns(&mpm_ctx);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"Works", 5, 0, 0, 0, 0, 0);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"Works", 5, 0, 0, 1, 0, 0);
- PmqSetup(&pmq, 0, 2);
+ PmqSetup(&pmq, 2);
SCACBSPreparePatterns(&mpm_ctx);
/* 0 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ONE", 3, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
/* 0 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"one", 3, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACBSPreparePatterns(&mpm_ctx);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"bcdef", 5, 0, 0, 1, 0, 0);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"cdefg", 5, 0, 0, 3, 0, 0);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"defgh", 5, 0, 0, 4, 0, 0);
- PmqSetup(&pmq, 0, 4);
+ PmqSetup(&pmq, 4);
SCACBSPreparePatterns(&mpm_ctx);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abce", 4, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"bcde", 4, 0, 0, 1, 0, 0);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghj", 4, 0, 0, 2, 0, 0);
- PmqSetup(&pmq, 0, 3);
+ PmqSetup(&pmq, 3);
SCACGfbsPreparePatterns(&mpm_ctx);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"bcdegh", 6, 0, 0, 1, 0, 0);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghjxyz", 7, 0, 0, 2, 0, 0);
- PmqSetup(&pmq, 0, 3);
+ PmqSetup(&pmq, 3);
SCACGfbsPreparePatterns(&mpm_ctx);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"ABCD", 4, 0, 0, 0, 0, 0);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"bCdEfG", 6, 0, 0, 1, 0, 0);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghJikl", 7, 0, 0, 2, 0, 0);
- PmqSetup(&pmq, 0, 3);
+ PmqSetup(&pmq, 3);
SCACGfbsPreparePatterns(&mpm_ctx);
SCACGfbsInitThreadCtx(&mpm_ctx, &mpm_thread_ctx, 0);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
30, 0, 0, 5, 0, 0);
/* total matches: 135 */
- PmqSetup(&pmq, 0, 6);
+ PmqSetup(&pmq, 6);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ab", 2, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcdefgh", 8, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
goto end;
if (MpmAddPatternCS(&mpm_ctx, (uint8_t *)"hers", 4, 0, 0, 4, 0, 0) == -1)
goto end;
- PmqSetup(&pmq, 0, 4);
+ PmqSetup(&pmq, 4);
if (SCACGfbsPreparePatterns(&mpm_ctx) == -1)
goto end;
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"wxyz", 4, 0, 0, 0, 0, 0);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"vwxyz", 5, 0, 0, 1, 0, 0);
- PmqSetup(&pmq, 0, 2);
+ PmqSetup(&pmq, 2);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcdefghijklmnopqrstuvwxyzABCD";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcdefghijklmnopqrstuvwxyzABCDE";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcdefghijklmnopqrstuvwxyzABCDEF";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcdefghijklmnopqrstuvwxyzABC";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcdefghijklmnopqrstuvwxyzAB";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcde""fghij""klmno""pqrst""uvwxy""z";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 */
char *pat = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 */
char *pat = "AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AA";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcde", 5, 0, 0, 1, 0, 0);
- PmqSetup(&pmq, 0, 2);
+ PmqSetup(&pmq, 2);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 */
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"ABCD", 4, 0, 0, 0, 0, 0);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"bCdEfG", 6, 0, 0, 1, 0, 0);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghiJkl", 7, 0, 0, 2, 0, 0);
- PmqSetup(&pmq, 0, 3);
+ PmqSetup(&pmq, 3);
SCACGfbsPreparePatterns(&mpm_ctx);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"Works", 5, 0, 0, 0, 0, 0);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"Works", 5, 0, 0, 1, 0, 0);
- PmqSetup(&pmq, 0, 2);
+ PmqSetup(&pmq, 2);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 0 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ONE", 3, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 0 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"one", 3, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACGfbsPreparePatterns(&mpm_ctx);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abce", 4, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"bcde", 4, 0, 0, 1, 0, 0);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghj", 4, 0, 0, 2, 0, 0);
- PmqSetup(&pmq, 0, 3);
+ PmqSetup(&pmq, 3);
SCACPreparePatterns(&mpm_ctx);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"bcdegh", 6, 0, 0, 1, 0, 0);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghjxyz", 7, 0, 0, 2, 0, 0);
- PmqSetup(&pmq, 0, 3);
+ PmqSetup(&pmq, 3);
SCACPreparePatterns(&mpm_ctx);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"ABCD", 4, 0, 0, 0, 0, 0);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"bCdEfG", 6, 0, 0, 1, 0, 0);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghJikl", 7, 0, 0, 2, 0, 0);
- PmqSetup(&pmq, 0, 3);
+ PmqSetup(&pmq, 3);
SCACPreparePatterns(&mpm_ctx);
SCACInitThreadCtx(&mpm_ctx, &mpm_thread_ctx, 0);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
/* 1 */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
30, 0, 0, 5, 0, 0);
- PmqSetup(&pmq, 0, 6);
+ PmqSetup(&pmq, 6);
/* total matches: 135 */
SCACPreparePatterns(&mpm_ctx);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ab", 2, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcdefgh", 8, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
goto end;
if (MpmAddPatternCS(&mpm_ctx, (uint8_t *)"hers", 4, 0, 0, 4, 0, 0) == -1)
goto end;
- PmqSetup(&pmq, 0, 5);
+ PmqSetup(&pmq, 5);
if (SCACPreparePatterns(&mpm_ctx) == -1)
goto end;
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"wxyz", 4, 0, 0, 0, 0, 0);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"vwxyz", 5, 0, 0, 1, 0, 0);
- PmqSetup(&pmq, 0, 2);
+ PmqSetup(&pmq, 2);
SCACPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcdefghijklmnopqrstuvwxyzABCD";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcdefghijklmnopqrstuvwxyzABCDE";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcdefghijklmnopqrstuvwxyzABCDEF";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcdefghijklmnopqrstuvwxyzABC";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcdefghijklmnopqrstuvwxyzAB";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
/* 1 match */
char *pat = "abcde""fghij""klmno""pqrst""uvwxy""z";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
/* 1 */
char *pat = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
/* 1 */
char *pat = "AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AA";
MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, strlen(pat), 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
/* 1 */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0);
/* 1 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcde", 5, 0, 0, 1, 0, 0);
- PmqSetup(&pmq, 0, 2);
+ PmqSetup(&pmq, 2);
SCACPreparePatterns(&mpm_ctx);
/* 1 */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
/* 1 */
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"ABCD", 4, 0, 0, 0, 0, 0);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"bCdEfG", 6, 0, 0, 1, 0, 0);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghiJkl", 7, 0, 0, 2, 0, 0);
- PmqSetup(&pmq, 0, 3);
+ PmqSetup(&pmq, 3);
SCACPreparePatterns(&mpm_ctx);
MpmAddPatternCI(&mpm_ctx, (uint8_t *)"Works", 5, 0, 0, 0, 0, 0);
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"Works", 5, 0, 0, 1, 0, 0);
- PmqSetup(&pmq, 0, 2);
+ PmqSetup(&pmq, 2);
SCACPreparePatterns(&mpm_ctx);
/* 0 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ONE", 3, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
/* 0 match */
MpmAddPatternCS(&mpm_ctx, (uint8_t *)"one", 3, 0, 0, 0, 0, 0);
- PmqSetup(&pmq, 0, 1);
+ PmqSetup(&pmq, 1);
SCACPreparePatterns(&mpm_ctx);
* \retval -1 error
* \retval 0 ok
*/
-int PmqSetup(PatternMatcherQueue *pmq, uint32_t sig_maxid, uint32_t patmaxid) {
+int PmqSetup(PatternMatcherQueue *pmq, uint32_t patmaxid) {
SCEnter();
- SCLogDebug("sig_maxid %u, patmaxid %u", sig_maxid, patmaxid);
+ SCLogDebug("patmaxid %u", patmaxid);
if (pmq == NULL) {
SCReturnInt(-1);
void MpmFactoryDeRegisterAllMpmCtxProfiles(struct DetectEngineCtx_ *);
int32_t MpmFactoryIsMpmCtxAvailable(struct DetectEngineCtx_ *, MpmCtx *);
-int PmqSetup(PatternMatcherQueue *, uint32_t, uint32_t);
+int PmqSetup(PatternMatcherQueue *, uint32_t);
void PmqMerge(PatternMatcherQueue *src, PatternMatcherQueue *dst);
void PmqReset(PatternMatcherQueue *);
void PmqCleanup(PatternMatcherQueue *);
#include "suricata-common.h"
#include "config.h"
#include "app-layer-detect-proto.h"
+#include "app-layer.h"
#include "util-cuda.h"
#include "util-unittest.h"
int ListAppLayerProtocols()
{
MpmTableSetup();
- AppLayerDetectProtoThreadInit();
+ AppLayerSetup();
AppLayerListSupportedProtocols();
+
exit(EXIT_SUCCESS);
}
tls:
enabled: yes
detection-ports:
- tcp:
- toserver: 443
+ toserver: 443
#no-reassemble: yes
dcerpc:
smb:
enabled: yes
detection-ports:
- tcp:
- toserver: 139
+ toserver: 139
# smb2 detection is disabled internally inside the engine.
#smb2:
# enabled: yes
- dnstcp:
- enabled: yes
- detection-ports:
- tcp:
- toserver: 53
- dnsudp:
- enabled: yes
- detection-ports:
- udp:
- toserver: 53
+ dns:
+ tcp:
+ enabled: yes
+ detection-ports:
+ toserver: 53
+ udp:
+ enabled: yes
+ detection-ports:
+ toserver: 53
http:
enabled: yes
projects / thirdparty / suricata.git / commitdiff
