From: Victor Julien Date: Sun, 8 Mar 2020 21:17:58 +0000 (+0100) Subject: app-layer: update API to return more details X-Git-Tag: suricata-6.0.0-beta1~645 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=44d3f264bfe4b09d3628d886dd2421066f96e8aa;p=thirdparty%2Fsuricata.git app-layer: update API to return more details Add AppLayerResult struct as the Parser return type in preparation of allowing returning 'Incomplete(size)' similar to what nom in Rust allows. --- diff --git a/rust/src/applayertemplate/template.rs b/rust/src/applayertemplate/template.rs index b4fb74aa4b..385afd96e4 100644 --- a/rust/src/applayertemplate/template.rs +++ b/rust/src/applayertemplate/template.rs @@ -302,7 +302,7 @@ pub extern "C" fn rs_template_parse_request( input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, -) -> i32 { +) -> AppLayerResult { let eof = unsafe { if AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF) > 0 { true @@ -317,10 +317,10 @@ pub extern "C" fn rs_template_parse_request( let state = cast_pointer!(state, TemplateState); let buf = build_slice!(input, input_len as usize); - if state.parse_request(buf) { - return 1; + if !state.parse_request(buf) { + return AppLayerResult::err(); } - return -1; + AppLayerResult::ok() } #[no_mangle] @@ -332,7 +332,7 @@ pub extern "C" fn rs_template_parse_response( input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, -) -> i32 { +) -> AppLayerResult { let _eof = unsafe { if AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF) > 0 { true @@ -342,10 +342,10 @@ pub extern "C" fn rs_template_parse_response( }; let state = cast_pointer!(state, TemplateState); let buf = build_slice!(input, input_len as usize); - if state.parse_response(buf) { - return 1; + if !state.parse_response(buf) { + return AppLayerResult::err(); } - return -1; + AppLayerResult::ok() } #[no_mangle] diff --git a/rust/src/dhcp/dhcp.rs b/rust/src/dhcp/dhcp.rs index 107d1f37b0..9ffefc19ec 100644 --- a/rust/src/dhcp/dhcp.rs +++ b/rust/src/dhcp/dhcp.rs @@ -289,13 +289,13 @@ pub extern "C" fn rs_dhcp_parse(_flow: *const core::Flow, input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, - _flags: u8) -> i32 { + _flags: u8) -> AppLayerResult { let state = cast_pointer!(state, DHCPState); let buf = build_slice!(input, input_len as usize); if state.parse(buf) { - return 0; + return AppLayerResult::ok(); } - return -1; + return AppLayerResult::err(); } #[no_mangle] diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 69f1fd6304..69ebf0d5fd 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -664,13 +664,13 @@ pub extern "C" fn rs_dns_parse_request(_flow: *const core::Flow, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8) - -> std::os::raw::c_int { + -> AppLayerResult { let state = cast_pointer!(state, DNSState); let buf = unsafe{std::slice::from_raw_parts(input, input_len as usize)}; if state.parse_request(buf) { - 0 + AppLayerResult::ok() } else { - -1 + AppLayerResult::err() } } @@ -682,13 +682,13 @@ pub extern "C" fn rs_dns_parse_response(_flow: *const core::Flow, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8) - -> std::os::raw::c_int { + -> AppLayerResult { let state = cast_pointer!(state, DNSState); let buf = unsafe{std::slice::from_raw_parts(input, input_len as usize)}; if state.parse_response(buf) { - 0 + AppLayerResult::ok() } else { - -1 + AppLayerResult::err() } } @@ -701,17 +701,18 @@ pub extern "C" fn rs_dns_parse_request_tcp(_flow: *const core::Flow, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8) - -> std::os::raw::c_int { + -> AppLayerResult { let state = cast_pointer!(state, DNSState); if input_len > 0 { if input != std::ptr::null_mut() { let buf = unsafe{ std::slice::from_raw_parts(input, input_len as usize)}; - return state.parse_request_tcp(buf) as std::os::raw::c_int; + let _ = state.parse_request_tcp(buf); + return AppLayerResult::ok(); } state.request_gap(input_len); } - return 0; + AppLayerResult::ok() } #[no_mangle] @@ -722,17 +723,18 @@ pub extern "C" fn rs_dns_parse_response_tcp(_flow: *const core::Flow, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8) - -> std::os::raw::c_int { + -> AppLayerResult { let state = cast_pointer!(state, DNSState); if input_len > 0 { if input != std::ptr::null_mut() { let buf = unsafe{ std::slice::from_raw_parts(input, input_len as usize)}; - return state.parse_response_tcp(buf) as std::os::raw::c_int; + let _ = state.parse_response_tcp(buf); + return AppLayerResult::ok(); } state.response_gap(input_len); } - return 0; + AppLayerResult::ok() } #[no_mangle] diff --git a/rust/src/ikev2/ikev2.rs b/rust/src/ikev2/ikev2.rs index a0f78a39e8..eb3dfc8088 100644 --- a/rust/src/ikev2/ikev2.rs +++ b/rust/src/ikev2/ikev2.rs @@ -470,14 +470,13 @@ pub extern "C" fn rs_ikev2_parse_request(_flow: *const core::Flow, input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, - _flags: u8) -> i32 { + _flags: u8) -> AppLayerResult { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,IKEV2State); - let res = state.parse(buf, STREAM_TOSERVER); - if res < 0 { - return res; + if state.parse(buf, STREAM_TOSERVER) < 0 { + return AppLayerResult::err(); } - 0 + return AppLayerResult::ok(); } #[no_mangle] @@ -487,7 +486,7 @@ pub extern "C" fn rs_ikev2_parse_response(_flow: *const core::Flow, input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, - _flags: u8) -> i32 { + _flags: u8) -> AppLayerResult { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,IKEV2State); let res = state.parse(buf, STREAM_TOCLIENT); @@ -499,9 +498,9 @@ pub extern "C" fn rs_ikev2_parse_response(_flow: *const core::Flow, }; } if res < 0 { - return res; + return AppLayerResult::err(); } - 0 + return AppLayerResult::ok(); } #[no_mangle] diff --git a/rust/src/krb/krb5.rs b/rust/src/krb/krb5.rs index 78e54af139..bd28d48060 100644 --- a/rust/src/krb/krb5.rs +++ b/rust/src/krb/krb5.rs @@ -116,12 +116,12 @@ impl KRB5State { /// Parse a Kerberos request message /// - /// Returns The number of messages parsed, or -1 on error + /// Returns 0 in case of success, or -1 on error fn parse(&mut self, i: &[u8], _direction: u8) -> i32 { match der_read_element_header(i) { Ok((_rem,hdr)) => { // Kerberos messages start with an APPLICATION header - if hdr.class != 0b01 { return 1; } + if hdr.class != 0b01 { return 0; } match hdr.tag.0 { 10 => { self.req_id = 10; @@ -501,10 +501,13 @@ pub extern "C" fn rs_krb5_parse_request(_flow: *const core::Flow, input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, - _flags: u8) -> i32 { + _flags: u8) -> AppLayerResult { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,KRB5State); - state.parse(buf, STREAM_TOSERVER) + if state.parse(buf, STREAM_TOSERVER) < 0 { + return AppLayerResult::err(); + } + AppLayerResult::ok() } #[no_mangle] @@ -514,10 +517,13 @@ pub extern "C" fn rs_krb5_parse_response(_flow: *const core::Flow, input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, - _flags: u8) -> i32 { + _flags: u8) -> AppLayerResult { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,KRB5State); - state.parse(buf, STREAM_TOCLIENT) + if state.parse(buf, STREAM_TOCLIENT) < 0 { + return AppLayerResult::err(); + } + AppLayerResult::ok() } #[no_mangle] @@ -527,12 +533,11 @@ pub extern "C" fn rs_krb5_parse_request_tcp(_flow: *const core::Flow, input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, - _flags: u8) -> i32 { + _flags: u8) -> AppLayerResult { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,KRB5State); let mut v : Vec; - let mut status = 0; let tcp_buffer = match state.record_ts { 0 => buf, _ => { @@ -540,7 +545,7 @@ pub extern "C" fn rs_krb5_parse_request_tcp(_flow: *const core::Flow, if state.defrag_buf_ts.len() + buf.len() > 100000 { SCLogDebug!("rs_krb5_parse_request_tcp: TCP buffer exploded {} {}", state.defrag_buf_ts.len(), buf.len()); - return 1; + return AppLayerResult::err(); } v = state.defrag_buf_ts.split_off(0); v.extend_from_slice(buf); @@ -557,28 +562,27 @@ pub extern "C" fn rs_krb5_parse_request_tcp(_flow: *const core::Flow, }, Err(nom::Err::Incomplete(_)) => { state.defrag_buf_ts.extend_from_slice(cur_i); - return 0; + return AppLayerResult::ok(); } _ => { SCLogDebug!("rs_krb5_parse_request_tcp: reading record mark failed!"); - return 1; + return AppLayerResult::err(); } } } if cur_i.len() >= state.record_ts { - status = state.parse(cur_i, STREAM_TOSERVER); - if status != 0 { - return status; + if state.parse(cur_i, STREAM_TOSERVER) < 0 { + return AppLayerResult::err(); } state.record_ts = 0; cur_i = &cur_i[state.record_ts..]; } else { // more fragments required state.defrag_buf_ts.extend_from_slice(cur_i); - return 0; + return AppLayerResult::ok(); } } - status + AppLayerResult::ok() } #[no_mangle] @@ -588,12 +592,11 @@ pub extern "C" fn rs_krb5_parse_response_tcp(_flow: *const core::Flow, input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, - _flags: u8) -> i32 { + _flags: u8) -> AppLayerResult { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,KRB5State); let mut v : Vec; - let mut status = 0; let tcp_buffer = match state.record_tc { 0 => buf, _ => { @@ -601,7 +604,7 @@ pub extern "C" fn rs_krb5_parse_response_tcp(_flow: *const core::Flow, if state.defrag_buf_tc.len() + buf.len() > 100000 { SCLogDebug!("rs_krb5_parse_response_tcp: TCP buffer exploded {} {}", state.defrag_buf_tc.len(), buf.len()); - return 1; + return AppLayerResult::err(); } v = state.defrag_buf_tc.split_off(0); v.extend_from_slice(buf); @@ -618,28 +621,27 @@ pub extern "C" fn rs_krb5_parse_response_tcp(_flow: *const core::Flow, }, Err(nom::Err::Incomplete(_)) => { state.defrag_buf_tc.extend_from_slice(cur_i); - return 0; + return AppLayerResult::ok(); } _ => { SCLogDebug!("reading record mark failed!"); - return 1; + return AppLayerResult::ok(); } } } if cur_i.len() >= state.record_tc { - status = state.parse(cur_i, STREAM_TOCLIENT); - if status != 0 { - return status; + if state.parse(cur_i, STREAM_TOCLIENT) < 0 { + return AppLayerResult::err(); } state.record_tc = 0; cur_i = &cur_i[state.record_tc..]; } else { // more fragments required state.defrag_buf_tc.extend_from_slice(cur_i); - return 0; + return AppLayerResult::ok(); } } - status + AppLayerResult::ok() } export_tx_detect_flags_set!(rs_krb5_tx_detect_flags_set, KRB5Transaction); diff --git a/rust/src/ntp/ntp.rs b/rust/src/ntp/ntp.rs index 24f3dfe493..76118da32c 100644 --- a/rust/src/ntp/ntp.rs +++ b/rust/src/ntp/ntp.rs @@ -93,7 +93,7 @@ impl NTPState { impl NTPState { /// Parse an NTP request message /// - /// Returns The number of messages parsed, or -1 on error + /// Returns 0 if successful, or -1 on error fn parse(&mut self, i: &[u8], _direction: u8) -> i32 { match parse_ntp(i) { Ok((_,ref msg)) => { @@ -205,10 +205,13 @@ pub extern "C" fn rs_ntp_parse_request(_flow: *const core::Flow, input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, - _flags: u8) -> i32 { + _flags: u8) -> AppLayerResult { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,NTPState); - state.parse(buf, 0) + if state.parse(buf, 0) < 0 { + return AppLayerResult::err(); + } + AppLayerResult::ok() } #[no_mangle] @@ -218,10 +221,13 @@ pub extern "C" fn rs_ntp_parse_response(_flow: *const core::Flow, input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, - _flags: u8) -> i32 { + _flags: u8) -> AppLayerResult { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,NTPState); - state.parse(buf, 1) + if state.parse(buf, 1) < 0 { + return AppLayerResult::err(); + } + AppLayerResult::ok() } #[no_mangle] diff --git a/rust/src/parser.rs b/rust/src/parser.rs index 20dd8d8fd4..321474fa04 100644 --- a/rust/src/parser.rs +++ b/rust/src/parser.rs @@ -26,6 +26,30 @@ use crate::applayer; use std::os::raw::{c_void,c_char,c_int}; use crate::applayer::{AppLayerGetTxIterTuple}; +#[repr(C)] +pub struct AppLayerResult { + pub status: i32, + pub consumed: u32, + pub needed: u32, +} + +impl AppLayerResult { + pub fn ok() -> AppLayerResult { + return AppLayerResult { + status: 0, + consumed: 0, + needed: 0, + }; + } + pub fn err() -> AppLayerResult { + return AppLayerResult { + status: -1, + consumed: 0, + needed: 0, + }; + } +} + /// Rust parser declaration #[repr(C)] pub struct RustParser { @@ -133,7 +157,7 @@ pub type ParseFn = extern "C" fn (flow: *const Flow, input: *const u8, input_len: u32, data: *const c_void, - flags: u8) -> i32; + flags: u8) -> AppLayerResult; pub type ProbeFn = extern "C" fn (flow: *const Flow,direction: u8,input:*const u8, input_len: u32, rdir: *mut u8) -> AppProto; pub type StateAllocFn = extern "C" fn () -> *mut c_void; pub type StateFreeFn = extern "C" fn (*mut c_void); diff --git a/rust/src/rdp/rdp.rs b/rust/src/rdp/rdp.rs index 7f8dd81049..36533cb0c0 100644 --- a/rust/src/rdp/rdp.rs +++ b/rust/src/rdp/rdp.rs @@ -461,15 +461,16 @@ pub extern "C" fn rs_rdp_parse_ts( input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, -) -> i32 { +) -> AppLayerResult { let state = cast_pointer!(state, RdpState); let buf = build_slice!(input, input_len as usize); // attempt to parse bytes as `rdp` protocol if state.parse_ts(buf) { - return 0; + AppLayerResult::ok() + } else { + // no need for further parsing + AppLayerResult::err() } - // no need for further parsing - return -1; } #[no_mangle] @@ -481,15 +482,16 @@ pub extern "C" fn rs_rdp_parse_tc( input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, -) -> i32 { +) -> AppLayerResult { let state = cast_pointer!(state, RdpState); let buf = build_slice!(input, input_len as usize); // attempt to parse bytes as `rdp` protocol if state.parse_tc(buf) { - return 0; + AppLayerResult::ok() + } else { + // no need for further parsing + AppLayerResult::err() } - // no need for further parsing - return -1; } // diff --git a/rust/src/sip/sip.rs b/rust/src/sip/sip.rs index 855bed23ac..a8e4299f50 100755 --- a/rust/src/sip/sip.rs +++ b/rust/src/sip/sip.rs @@ -358,14 +358,13 @@ pub extern "C" fn rs_sip_parse_request( input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, -) -> i32 { +) -> AppLayerResult { let buf = build_slice!(input, input_len as usize); let state = cast_pointer!(state, SIPState); - if state.parse_request(buf) { - 0 - } else { - -1 + if !state.parse_request(buf) { + return AppLayerResult::err(); } + AppLayerResult::ok() } #[no_mangle] @@ -377,14 +376,13 @@ pub extern "C" fn rs_sip_parse_response( input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, -) -> i32 { +) -> AppLayerResult { let buf = build_slice!(input, input_len as usize); let state = cast_pointer!(state, SIPState); - if state.parse_response(buf) { - 0 - } else { - -1 + if !state.parse_response(buf) { + return AppLayerResult::err(); } + AppLayerResult::ok() } const PARSER_NAME: &'static [u8] = b"sip\0"; diff --git a/rust/src/snmp/snmp.rs b/rust/src/snmp/snmp.rs index 36e30345d0..b8b1d9be2d 100644 --- a/rust/src/snmp/snmp.rs +++ b/rust/src/snmp/snmp.rs @@ -186,7 +186,7 @@ impl SNMPState { /// Parse an SNMP request message /// - /// Returns The number of messages parsed, or -1 on error + /// Returns 0 if successful, or -1 on error fn parse(&mut self, i: &[u8], direction: u8) -> i32 { if self.version == 0 { match parse_pdu_enveloppe_version(i) { @@ -323,10 +323,13 @@ pub extern "C" fn rs_snmp_parse_request(_flow: *const core::Flow, input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, - _flags: u8) -> i32 { + _flags: u8) -> AppLayerResult { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,SNMPState); - state.parse(buf, STREAM_TOSERVER) + if state.parse(buf, STREAM_TOSERVER) < 0 { + return AppLayerResult::err(); + } + AppLayerResult::ok() } #[no_mangle] @@ -336,10 +339,13 @@ pub extern "C" fn rs_snmp_parse_response(_flow: *const core::Flow, input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, - _flags: u8) -> i32 { + _flags: u8) -> AppLayerResult { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,SNMPState); - state.parse(buf, STREAM_TOCLIENT) + if state.parse(buf, STREAM_TOCLIENT) < 0 { + return AppLayerResult::err(); + } + AppLayerResult::ok() } #[no_mangle] diff --git a/src/app-layer-dcerpc-udp.c b/src/app-layer-dcerpc-udp.c index 27f7d242ba..6474456daa 100644 --- a/src/app-layer-dcerpc-udp.c +++ b/src/app-layer-dcerpc-udp.c @@ -715,7 +715,7 @@ static int DCERPCUDPParseHeader(Flow *f, void *dcerpcudp_state, SCReturnInt((p - input)); } -static int DCERPCUDPParse(Flow *f, void *dcerpc_state, +static AppLayerResult DCERPCUDPParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { @@ -725,9 +725,9 @@ static int DCERPCUDPParse(Flow *f, void *dcerpc_state, SCEnter(); if (input == NULL && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) { - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } else if (input == NULL || input_len == 0) { - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } DCERPCUDPState *sstate = (DCERPCUDPState *) dcerpc_state; @@ -736,7 +736,7 @@ static int DCERPCUDPParse(Flow *f, void *dcerpc_state, input_len); if (hdrretval == -1 || hdrretval > (int32_t)input_len) { sstate->bytesprocessed = 0; - SCReturnInt(hdrretval); + SCReturnStruct(APP_LAYER_ERROR); } else { parsed += hdrretval; input_len -= hdrretval; @@ -779,9 +779,9 @@ static int DCERPCUDPParse(Flow *f, void *dcerpc_state, sstate->bytesprocessed = 0; } if (pstate == NULL) - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } static void *DCERPCUDPStateAlloc(void) diff --git a/src/app-layer-dcerpc.c b/src/app-layer-dcerpc.c index 23bf3ff412..f9002824da 100644 --- a/src/app-layer-dcerpc.c +++ b/src/app-layer-dcerpc.c @@ -1886,7 +1886,7 @@ int32_t DCERPCParser(DCERPC *dcerpc, const uint8_t *input, uint32_t input_len) SCReturnInt(parsed); } -static int DCERPCParse(Flow *f, void *dcerpc_state, +static AppLayerResult DCERPCParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, int dir) @@ -1897,29 +1897,29 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, DCERPCState *sstate = (DCERPCState *) dcerpc_state; if (input == NULL && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) { - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } else if (input == NULL || input_len == 0) { - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } if (sstate->dcerpc.bytesprocessed != 0 && sstate->data_needed_for_dir != dir) { - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } retval = DCERPCParser(&sstate->dcerpc, input, input_len); if (retval == -1) { - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } sstate->data_needed_for_dir = dir; if (pstate == NULL) - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } -static int DCERPCParseRequest(Flow *f, void *dcerpc_state, +static AppLayerResult DCERPCParseRequest(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) @@ -1928,7 +1928,7 @@ static int DCERPCParseRequest(Flow *f, void *dcerpc_state, local_data, 0); } -static int DCERPCParseResponse(Flow *f, void *dcerpc_state, +static AppLayerResult DCERPCParseResponse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) diff --git a/src/app-layer-dnp3.c b/src/app-layer-dnp3.c index 3b7c97c2ca..8fc43f2afc 100644 --- a/src/app-layer-dnp3.c +++ b/src/app-layer-dnp3.c @@ -1111,7 +1111,7 @@ error: * date if a segment does not contain a complete frame (or contains * multiple frames, but not the complete final frame). */ -static int DNP3ParseRequest(Flow *f, void *state, AppLayerParserState *pstate, +static AppLayerResult DNP3ParseRequest(Flow *f, void *state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { @@ -1121,7 +1121,7 @@ static int DNP3ParseRequest(Flow *f, void *state, AppLayerParserState *pstate, int processed = 0; if (input_len == 0) { - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } if (buffer->len) { @@ -1159,12 +1159,12 @@ static int DNP3ParseRequest(Flow *f, void *state, AppLayerParserState *pstate, } } - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); error: /* Reset the buffer. */ DNP3BufferReset(buffer); - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } /** @@ -1251,7 +1251,7 @@ error: * * See DNP3ParseResponsePDUs for DNP3 frame handling. */ -static int DNP3ParseResponse(Flow *f, void *state, AppLayerParserState *pstate, +static AppLayerResult DNP3ParseResponse(Flow *f, void *state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { @@ -1300,13 +1300,13 @@ static int DNP3ParseResponse(Flow *f, void *state, AppLayerParserState *pstate, } done: - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); error: /* An error occurred while processing DNP3 frames. Dump the * buffer as we can't be assured that they are valid anymore. */ DNP3BufferReset(buffer); - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } static AppLayerDecoderEvents *DNP3GetEvents(void *tx) diff --git a/src/app-layer-enip.c b/src/app-layer-enip.c index f7fcc18904..446878f3ed 100644 --- a/src/app-layer-enip.c +++ b/src/app-layer-enip.c @@ -332,7 +332,7 @@ static void ENIPStateTransactionFree(void *state, uint64_t tx_id) * * \retval 1 when the command is parsed, 0 otherwise */ -static int ENIPParse(Flow *f, void *state, AppLayerParserState *pstate, +static AppLayerResult ENIPParse(Flow *f, void *state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { @@ -343,20 +343,20 @@ static int ENIPParse(Flow *f, void *state, AppLayerParserState *pstate, if (input == NULL && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) { - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } else if (input == NULL && input_len != 0) { // GAP - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } else if (input == NULL || input_len == 0) { - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } while (input_len > 0) { tx = ENIPTransactionAlloc(enip); if (tx == NULL) - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); SCLogDebug("ENIPParse input len %d", input_len); DecodeENIPPDU(input, input_len, tx); @@ -379,7 +379,7 @@ static int ENIPParse(Flow *f, void *state, AppLayerParserState *pstate, } } - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } diff --git a/src/app-layer-ftp.c b/src/app-layer-ftp.c index 9fbcc10ab6..0c17e48db0 100644 --- a/src/app-layer-ftp.c +++ b/src/app-layer-ftp.c @@ -550,7 +550,7 @@ static uint32_t CopyCommandLine(uint8_t **dest, const uint8_t *src, uint32_t len * \retval APP_LAYER_OK when input was process successfully * \retval APP_LAYER_ERROR when a unrecoverable error was encountered */ -static int FTPParseRequest(Flow *f, void *ftp_state, +static AppLayerResult FTPParseRequest(Flow *f, void *ftp_state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) @@ -564,9 +564,9 @@ static int FTPParseRequest(Flow *f, void *ftp_state, void *ptmp; if (input == NULL && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) { - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } else if (input == NULL || input_len == 0) { - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } state->input = input; @@ -589,7 +589,7 @@ static int FTPParseRequest(Flow *f, void *ftp_state, FTPTransaction *tx = FTPTransactionCreate(state); if (unlikely(tx == NULL)) - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); state->curr_tx = tx; tx->command_descriptor = cmd_descriptor; @@ -610,7 +610,7 @@ static int FTPParseRequest(Flow *f, void *ftp_state, state->port_line = NULL; state->port_line_size = 0; } - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } state->port_line = ptmp; state->port_line_size = state->current_line_len; @@ -630,17 +630,17 @@ static int FTPParseRequest(Flow *f, void *ftp_state, * name -- need more than 5 chars: cmd [4], space, */ if (state->dyn_port == 0 || state->current_line_len < 6) { - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } struct FtpTransferCmd *data = FTPCalloc(1, sizeof(struct FtpTransferCmd)); if (data == NULL) - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); data->DFree = FtpTransferCmdFree; /* Min size has been checked in FTPParseRequestCommand */ data->file_name = FTPCalloc(state->current_line_len - 4, sizeof(char)); if (data->file_name == NULL) { FtpTransferCmdFree(data); - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } data->file_name[state->current_line_len - 5] = 0; data->file_len = state->current_line_len - 5; @@ -653,7 +653,7 @@ static int FTPParseRequest(Flow *f, void *ftp_state, if (ret == -1) { FtpTransferCmdFree(data); SCLogDebug("No expectation created."); - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } else { SCLogDebug("Expectation created [direction: %s, dynamic port %"PRIu16"].", state->active ? "to server" : "to client", @@ -671,7 +671,7 @@ static int FTPParseRequest(Flow *f, void *ftp_state, } } - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } static int FTPParsePassiveResponse(Flow *f, FtpState *state, const uint8_t *input, uint32_t input_len) @@ -727,14 +727,14 @@ static inline bool FTPIsPPR(const uint8_t *input, uint32_t input_len) * * \retval 1 when the command is parsed, 0 otherwise */ -static int FTPParseResponse(Flow *f, void *ftp_state, AppLayerParserState *pstate, +static AppLayerResult FTPParseResponse(Flow *f, void *ftp_state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { FtpState *state = (FtpState *)ftp_state; if (unlikely(input_len == 0)) { - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } FTPTransaction *tx = FTPGetOldestTx(state); @@ -742,7 +742,7 @@ static int FTPParseResponse(Flow *f, void *ftp_state, AppLayerParserState *pstat tx = FTPTransactionCreate(state); } if (unlikely(tx == NULL)) { - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } if (state->command == FTP_COMMAND_UNKNOWN || tx->command_descriptor == NULL) { /* unknown */ @@ -804,12 +804,12 @@ static int FTPParseResponse(Flow *f, void *ftp_state, AppLayerParserState *pstat /* Handle preliminary replies -- keep tx open */ if (FTPIsPPR(input, input_len)) { - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } tx_complete: tx->done = true; - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } @@ -1045,7 +1045,7 @@ static StreamingBufferConfig sbcfg = STREAMING_BUFFER_CONFIG_INITIALIZER; * * \retval 1 when the command is parsed, 0 otherwise */ -static int FTPDataParse(Flow *f, FtpDataState *ftpdata_state, +static AppLayerResult FTPDataParse(Flow *f, FtpDataState *ftpdata_state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, int direction) @@ -1057,13 +1057,13 @@ static int FTPDataParse(Flow *f, FtpDataState *ftpdata_state, if (ftpdata_state->files == NULL) { struct FtpTransferCmd *data = (struct FtpTransferCmd *)FlowGetStorageById(f, AppLayerExpectationGetDataId()); if (data == NULL) { - SCReturnInt(-1); + SCReturnStruct(APP_LAYER_ERROR); } ftpdata_state->files = FileContainerAlloc(); if (ftpdata_state->files == NULL) { FlowFreeStorageById(f, AppLayerExpectationGetDataId()); - SCReturnInt(-1); + SCReturnStruct(APP_LAYER_ERROR); } ftpdata_state->file_name = data->file_name; @@ -1119,7 +1119,10 @@ static int FTPDataParse(Flow *f, FtpDataState *ftpdata_state, } out: - return ret; + if (ret < 0) { + SCReturnStruct(APP_LAYER_ERROR); + } + SCReturnStruct(APP_LAYER_OK); } static void FTPStateSetTxLogged(void *state, void *vtx, LoggerId logged) @@ -1133,7 +1136,7 @@ static LoggerId FTPStateGetTxLogged(void *state, void *vtx) FTPTransaction *tx = vtx; return tx->logged; } -static int FTPDataParseRequest(Flow *f, void *ftp_state, +static AppLayerResult FTPDataParseRequest(Flow *f, void *ftp_state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) @@ -1142,7 +1145,7 @@ static int FTPDataParseRequest(Flow *f, void *ftp_state, local_data, STREAM_TOSERVER); } -static int FTPDataParseResponse(Flow *f, void *ftp_state, +static AppLayerResult FTPDataParseResponse(Flow *f, void *ftp_state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index ceeb9accf6..eb1ef119f9 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -841,7 +841,7 @@ error: * * \retval On success returns 1 or on failure returns -1. */ -static int HTPHandleRequestData(Flow *f, void *htp_state, +static AppLayerResult HTPHandleRequestData(Flow *f, void *htp_state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) @@ -856,7 +856,7 @@ static int HTPHandleRequestData(Flow *f, void *htp_state, */ if (NULL == hstate->conn) { if (Setup(f, hstate) != 0) { - goto error; + SCReturnStruct(APP_LAYER_ERROR); } } DEBUG_VALIDATE_BUG_ON(hstate->connp == NULL); @@ -885,10 +885,11 @@ static int HTPHandleRequestData(Flow *f, void *htp_state, } SCLogDebug("hstate->connp %p", hstate->connp); - SCReturnInt(ret); -error: - SCReturnInt(-1); + if (ret < 0) { + SCReturnStruct(APP_LAYER_ERROR); + } + SCReturnStruct(APP_LAYER_OK); } /** @@ -904,7 +905,7 @@ error: * * \retval On success returns 1 or on failure returns -1 */ -static int HTPHandleResponseData(Flow *f, void *htp_state, +static AppLayerResult HTPHandleResponseData(Flow *f, void *htp_state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) @@ -919,7 +920,7 @@ static int HTPHandleResponseData(Flow *f, void *htp_state, */ if (NULL == hstate->conn) { if (Setup(f, hstate) != 0) { - goto error; + SCReturnStruct(APP_LAYER_ERROR); } } DEBUG_VALIDATE_BUG_ON(hstate->connp == NULL); @@ -946,9 +947,11 @@ static int HTPHandleResponseData(Flow *f, void *htp_state, } SCLogDebug("hstate->connp %p", hstate->connp); - SCReturnInt(ret); -error: - SCReturnInt(-1); + + if (ret < 0) { + SCReturnStruct(APP_LAYER_ERROR); + } + SCReturnStruct(APP_LAYER_OK); } /** diff --git a/src/app-layer-modbus.c b/src/app-layer-modbus.c index b4ce99e6f8..515295514e 100644 --- a/src/app-layer-modbus.c +++ b/src/app-layer-modbus.c @@ -1285,9 +1285,9 @@ static int ModbusParseHeader(ModbusState *modbus, * \param input Input line of the command * \param input_len Length of the request * - * \retval 1 when the command is parsed, 0 otherwise + * \retval AppLayerResult APP_LAYER_OK or APP_LAYER_ERROR */ -static int ModbusParseRequest(Flow *f, +static AppLayerResult ModbusParseRequest(Flow *f, void *state, AppLayerParserState *pstate, const uint8_t *input, @@ -1301,9 +1301,9 @@ static int ModbusParseRequest(Flow *f, ModbusHeader header; if (input == NULL && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) { - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } else if (input == NULL || input_len == 0) { - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } while (input_len > 0) { @@ -1312,17 +1312,17 @@ static int ModbusParseRequest(Flow *f, /* Extract MODBUS Header */ if (ModbusParseHeader(modbus, &header, adu, adu_len)) - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); /* Update ADU length with length in Modbus header. */ adu_len = (uint32_t) sizeof(ModbusHeader) + (uint32_t) header.length - 1; if (adu_len > input_len) - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); /* Allocate a Transaction Context and add it to Transaction list */ tx = ModbusTxAlloc(modbus); if (tx == NULL) - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); /* Check MODBUS Header */ ModbusCheckHeader(modbus, &header); @@ -1340,7 +1340,7 @@ static int ModbusParseRequest(Flow *f, input_len -= adu_len; } - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } /** \internal @@ -1350,9 +1350,9 @@ static int ModbusParseRequest(Flow *f, * \param input Input line of the command * \param input_len Length of the request * - * \retval 1 when the command is parsed, 0 otherwise + * \retval AppLayerResult APP_LAYER_OK or APP_LAYER_ERROR */ -static int ModbusParseResponse(Flow *f, +static AppLayerResult ModbusParseResponse(Flow *f, void *state, AppLayerParserState *pstate, const uint8_t *input, @@ -1366,9 +1366,9 @@ static int ModbusParseResponse(Flow *f, ModbusTransaction *tx; if (input == NULL && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) { - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } else if (input == NULL || input_len == 0) { - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } while (input_len > 0) { @@ -1377,12 +1377,12 @@ static int ModbusParseResponse(Flow *f, /* Extract MODBUS Header */ if (ModbusParseHeader(modbus, &header, adu, adu_len)) - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); /* Update ADU length with length in Modbus header. */ adu_len = (uint32_t) sizeof(ModbusHeader) + (uint32_t) header.length - 1; if (adu_len > input_len) - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); /* Find the transaction context thanks to transaction ID (and function code) */ tx = ModbusTxFindByTransaction(modbus, header.transactionId); @@ -1391,7 +1391,7 @@ static int ModbusParseResponse(Flow *f, /* and add it to Transaction list */ tx = ModbusTxAlloc(modbus); if (tx == NULL) - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); SCLogDebug("MODBUS_DECODER_EVENT_UNSOLICITED_RESPONSE"); ModbusSetEvent(modbus, MODBUS_DECODER_EVENT_UNSOLICITED_RESPONSE); @@ -1414,7 +1414,7 @@ static int ModbusParseResponse(Flow *f, input_len -= adu_len; } - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } /** \internal diff --git a/src/app-layer-nfs-tcp.c b/src/app-layer-nfs-tcp.c index 08a0b51391..b7432596f9 100644 --- a/src/app-layer-nfs-tcp.c +++ b/src/app-layer-nfs-tcp.c @@ -156,7 +156,7 @@ static AppProto NFSTCPProbingParser(Flow *f, return ALPROTO_UNKNOWN; } -static int NFSTCPParseRequest(Flow *f, void *state, +static AppLayerResult NFSTCPParseRequest(Flow *f, void *state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { @@ -169,10 +169,13 @@ static int NFSTCPParseRequest(Flow *f, void *state, } else { res = rs_nfs_parse_request(f, state, pstate, input, input_len, local_data); } - return res; + if (res < 0) { + SCReturnStruct(APP_LAYER_ERROR); + } + SCReturnStruct(APP_LAYER_OK); } -static int NFSTCPParseResponse(Flow *f, void *state, AppLayerParserState *pstate, +static AppLayerResult NFSTCPParseResponse(Flow *f, void *state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { @@ -185,7 +188,10 @@ static int NFSTCPParseResponse(Flow *f, void *state, AppLayerParserState *pstate } else { res = rs_nfs_parse_response(f, state, pstate, input, input_len, local_data); } - return res; + if (res < 0) { + SCReturnStruct(APP_LAYER_ERROR); + } + SCReturnStruct(APP_LAYER_OK); } static uint64_t NFSTCPGetTxCnt(void *state) diff --git a/src/app-layer-nfs-udp.c b/src/app-layer-nfs-udp.c index 31b68d5d58..2b923177fe 100644 --- a/src/app-layer-nfs-udp.c +++ b/src/app-layer-nfs-udp.c @@ -136,24 +136,32 @@ static AppProto NFSProbingParser(Flow *f, uint8_t direction, return ALPROTO_UNKNOWN; } -static int NFSParseRequest(Flow *f, void *state, +static AppLayerResult NFSParseRequest(Flow *f, void *state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { uint16_t file_flags = FileFlowToFlags(f, STREAM_TOSERVER); rs_nfs_setfileflags(0, state, file_flags); - return rs_nfs_parse_request_udp(f, state, pstate, input, input_len, local_data); + int res = rs_nfs_parse_request_udp(f, state, pstate, input, input_len, local_data); + if (res < 0) { + SCReturnStruct(APP_LAYER_ERROR); + } + SCReturnStruct(APP_LAYER_OK); } -static int NFSParseResponse(Flow *f, void *state, AppLayerParserState *pstate, +static AppLayerResult NFSParseResponse(Flow *f, void *state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { uint16_t file_flags = FileFlowToFlags(f, STREAM_TOCLIENT); rs_nfs_setfileflags(1, state, file_flags); - return rs_nfs_parse_response_udp(f, state, pstate, input, input_len, local_data); + int res = rs_nfs_parse_response_udp(f, state, pstate, input, input_len, local_data); + if (res < 0) { + SCReturnStruct(APP_LAYER_ERROR); + } + SCReturnStruct(APP_LAYER_OK); } static uint64_t NFSGetTxCnt(void *state) diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 089472c63d..80c7ecdd83 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -1233,11 +1233,11 @@ int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow /* invoke the recursive parser, but only on data. We may get empty msgs on EOF */ if (input_len > 0 || (flags & STREAM_EOF)) { /* invoke the parser */ - int parse_res = p->Parser[(flags & STREAM_TOSERVER) ? 0 : 1](f, alstate, pstate, + AppLayerResult res = p->Parser[(flags & STREAM_TOSERVER) ? 0 : 1](f, alstate, pstate, input, input_len, alp_tctx->alproto_local_storage[f->protomap][alproto], flags); - if (parse_res < 0) + if (res.status < 0) { goto error; } @@ -1988,12 +1988,12 @@ typedef struct TestState_ { * \brief Test parser function to test the memory deallocation of app layer * parser of occurence of an error. */ -static int TestProtocolParser(Flow *f, void *test_state, AppLayerParserState *pstate, +static AppLayerResult TestProtocolParser(Flow *f, void *test_state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { SCEnter(); - SCReturnInt(-1); + SCReturnStruct(APP_LAYER_ERROR); } /** \brief Function to allocates the Test protocol state memory diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index 7b3f81fe2d..f69a1acc77 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -51,8 +51,8 @@ * completely inspected */ #define APP_LAYER_TX_PREFILTER_MASK ~APP_LAYER_TX_INSPECTED_FLAG -#define APP_LAYER_OK 0 -#define APP_LAYER_ERROR -1 +#define APP_LAYER_OK (AppLayerResult) { 0, 0, 0 } +#define APP_LAYER_ERROR (AppLayerResult) { -1, 0, 0 } int AppLayerParserProtoIsRegistered(uint8_t ipproto, AppProto alproto); @@ -93,7 +93,7 @@ int AppLayerParserConfParserEnabled(const char *ipproto, const char *alproto_name); /** \brief Prototype for parsing functions */ -typedef int (*AppLayerParserFPtr)(Flow *f, void *protocol_state, +typedef AppLayerResult (*AppLayerParserFPtr)(Flow *f, void *protocol_state, AppLayerParserState *pstate, const uint8_t *buf, uint32_t buf_len, void *local_storage, const uint8_t flags); diff --git a/src/app-layer-smb.c b/src/app-layer-smb.c index ba19933423..234738d4b4 100644 --- a/src/app-layer-smb.c +++ b/src/app-layer-smb.c @@ -30,7 +30,7 @@ #define MIN_REC_SIZE 32+4 // SMB hdr + nbss hdr -static int SMBTCPParseRequest(Flow *f, void *state, +static AppLayerResult SMBTCPParseRequest(Flow *f, void *state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { @@ -48,11 +48,12 @@ static int SMBTCPParseRequest(Flow *f, void *state, if (res != 0) { SCLogDebug("SMB request%s of %u bytes, retval %d", (input == NULL && input_len > 0) ? " is GAP" : "", input_len, res); + SCReturnStruct(APP_LAYER_ERROR); } - return res; + SCReturnStruct(APP_LAYER_OK); } -static int SMBTCPParseResponse(Flow *f, void *state, +static AppLayerResult SMBTCPParseResponse(Flow *f, void *state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { @@ -71,8 +72,9 @@ static int SMBTCPParseResponse(Flow *f, void *state, if (res != 0) { SCLogDebug("SMB response%s of %u bytes, retval %d", (input == NULL && input_len > 0) ? " is GAP" : "", input_len, res); + SCReturnStruct(APP_LAYER_ERROR); } - return res; + SCReturnStruct(APP_LAYER_OK); } static uint16_t SMBTCPProbe(Flow *f, uint8_t direction, diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index 7acab8405d..8e8f1c01fd 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -1353,7 +1353,7 @@ static int SMTPProcessRequest(SMTPState *state, Flow *f, } } -static int SMTPParse(int direction, Flow *f, SMTPState *state, +static AppLayerResult SMTPParse(int direction, Flow *f, SMTPState *state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, SMTPThreadCtx *thread_data) @@ -1361,9 +1361,9 @@ static int SMTPParse(int direction, Flow *f, SMTPState *state, SCEnter(); if (input == NULL && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) { - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } else if (input == NULL || input_len == 0) { - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } state->input = input; @@ -1374,21 +1374,21 @@ static int SMTPParse(int direction, Flow *f, SMTPState *state, if (direction == 0) { while (SMTPGetLine(state) >= 0) { if (SMTPProcessRequest(state, f, pstate) == -1) - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } /* toclient */ } else { while (SMTPGetLine(state) >= 0) { if (SMTPProcessReply(state, f, pstate, thread_data) == -1) - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } } - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } -static int SMTPParseClientRecord(Flow *f, void *alstate, +static AppLayerResult SMTPParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) @@ -1399,7 +1399,7 @@ static int SMTPParseClientRecord(Flow *f, void *alstate, return SMTPParse(0, f, alstate, pstate, input, input_len, local_data); } -static int SMTPParseServerRecord(Flow *f, void *alstate, +static AppLayerResult SMTPParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) diff --git a/src/app-layer-ssh.c b/src/app-layer-ssh.c index 53d790b1f9..910803f4ab 100644 --- a/src/app-layer-ssh.c +++ b/src/app-layer-ssh.c @@ -420,7 +420,7 @@ static int SSHParseData(SshState *state, SshHeader *header, return 0; } -static int SSHParseRequest(Flow *f, void *state, AppLayerParserState *pstate, +static AppLayerResult SSHParseRequest(Flow *f, void *state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { @@ -428,9 +428,9 @@ static int SSHParseRequest(Flow *f, void *state, AppLayerParserState *pstate, SshHeader *ssh_header = &ssh_state->cli_hdr; if (input == NULL && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) { - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } else if (input == NULL || input_len == 0) { - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } int r = SSHParseData(ssh_state, ssh_header, input, input_len); @@ -443,12 +443,12 @@ static int SSHParseRequest(Flow *f, void *state, AppLayerParserState *pstate, } if (r < 0) { - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } -static int SSHParseResponse(Flow *f, void *state, AppLayerParserState *pstate, +static AppLayerResult SSHParseResponse(Flow *f, void *state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { @@ -456,9 +456,9 @@ static int SSHParseResponse(Flow *f, void *state, AppLayerParserState *pstate, SshHeader *ssh_header = &ssh_state->srv_hdr; if (input == NULL && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) { - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } else if (input == NULL || input_len == 0) { - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } int r = SSHParseData(ssh_state, ssh_header, input, input_len); @@ -471,9 +471,9 @@ static int SSHParseResponse(Flow *f, void *state, AppLayerParserState *pstate, } if (r < 0) { - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } /** \brief Function to allocates the SSH state memory diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 61469d4736..f38346adc2 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -2395,7 +2395,7 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state, * * \retval >=0 On success. */ -static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserState *pstate, +static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserState *pstate, const uint8_t *input, uint32_t ilen) { SSLState *ssl_state = (SSLState *)alstate; @@ -2410,9 +2410,9 @@ static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserSt AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) { /* flag session as finished if APP_LAYER_PARSER_EOF is set */ ssl_state->flags |= SSL_AL_FLAG_STATE_FINISHED; - SCReturnInt(APP_LAYER_OK); + SCReturnStruct(APP_LAYER_OK); } else if (input == NULL || input_len == 0) { - SCReturnInt(APP_LAYER_ERROR); + SCReturnStruct(APP_LAYER_ERROR); } if (direction == 0) @@ -2544,14 +2544,14 @@ static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserSt return APP_LAYER_OK; } -static int SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate, +static AppLayerResult SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { return SSLDecode(f, 0 /* toserver */, alstate, pstate, input, input_len); } -static int SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate, +static AppLayerResult SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { diff --git a/src/app-layer-template.c b/src/app-layer-template.c index b425875c2c..829235b341 100644 --- a/src/app-layer-template.c +++ b/src/app-layer-template.c @@ -237,7 +237,7 @@ static AppProto TemplateProbingParserTc(Flow *f, uint8_t direction, return ALPROTO_UNKNOWN; } -static int TemplateParseRequest(Flow *f, void *statev, +static AppLayerResult TemplateParseRequest(Flow *f, void *statev, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { @@ -248,13 +248,13 @@ static int TemplateParseRequest(Flow *f, void *statev, /* Likely connection closed, we can just return here. */ if ((input == NULL || input_len == 0) && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) { - return 0; + SCReturnStruct(APP_LAYER_OK); } /* Probably don't want to create a transaction in this case * either. */ if (input == NULL || input_len == 0) { - return 0; + SCReturnStruct(APP_LAYER_OK); } /* Normally you would parse out data here and store it in the @@ -302,10 +302,10 @@ static int TemplateParseRequest(Flow *f, void *statev, } end: - return 0; + SCReturnStruct(APP_LAYER_OK); } -static int TemplateParseResponse(Flow *f, void *statev, AppLayerParserState *pstate, +static AppLayerResult TemplateParseResponse(Flow *f, void *statev, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { @@ -317,13 +317,13 @@ static int TemplateParseResponse(Flow *f, void *statev, AppLayerParserState *pst /* Likely connection closed, we can just return here. */ if ((input == NULL || input_len == 0) && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) { - return 0; + SCReturnStruct(APP_LAYER_OK); } /* Probably don't want to create a transaction in this case * either. */ if (input == NULL || input_len == 0) { - return 0; + SCReturnStruct(APP_LAYER_OK); } /* Look up the existing transaction for this response. In the case @@ -371,7 +371,7 @@ static int TemplateParseResponse(Flow *f, void *statev, AppLayerParserState *pst tx->response_done = 1; end: - return 0; + SCReturnStruct(APP_LAYER_OK); } static uint64_t TemplateGetTxCnt(void *statev) diff --git a/src/app-layer-tftp.c b/src/app-layer-tftp.c index 95891371bf..c22163a5a6 100644 --- a/src/app-layer-tftp.c +++ b/src/app-layer-tftp.c @@ -96,7 +96,7 @@ static AppProto TFTPProbingParser(Flow *f, uint8_t direction, return ALPROTO_UNKNOWN; } -static int TFTPParseRequest(Flow *f, void *state, +static AppLayerResult TFTPParseRequest(Flow *f, void *state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { @@ -105,26 +105,30 @@ static int TFTPParseRequest(Flow *f, void *state, /* Likely connection closed, we can just return here. */ if ((input == NULL || input_len == 0) && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) { - return 0; + SCReturnStruct(APP_LAYER_OK); } /* Probably don't want to create a transaction in this case * either. */ if (input == NULL || input_len == 0) { - return 0; + SCReturnStruct(APP_LAYER_OK); } - return rs_tftp_request(state, input, input_len); + int res = rs_tftp_request(state, input, input_len); + if (res < 0) { + SCReturnStruct(APP_LAYER_ERROR); + } + SCReturnStruct(APP_LAYER_OK); } /** * \brief Response parsing is not implemented */ -static int TFTPParseResponse(Flow *f, void *state, AppLayerParserState *pstate, +static AppLayerResult TFTPParseResponse(Flow *f, void *state, AppLayerParserState *pstate, const uint8_t *input, uint32_t input_len, void *local_data, const uint8_t flags) { - return 0; + SCReturnStruct(APP_LAYER_OK); } static uint64_t TFTPGetTxCnt(void *state) diff --git a/src/util-debug.h b/src/util-debug.h index 8b352f9535..3f361e35cb 100644 --- a/src/util-debug.h +++ b/src/util-debug.h @@ -354,6 +354,8 @@ extern int sc_log_module_cleaned; #define SCReturnBool(x) return x +#define SCReturnStruct(x) return x + /* Please use it only for debugging purposes */ #else @@ -554,6 +556,14 @@ extern int sc_log_module_cleaned; return x; \ } while(0) +#define SCReturnStruct(x) do { \ + if (sc_log_global_log_level >= SC_LOG_DEBUG) { \ + SCLogDebug("Returning: ... <<"); \ + SCLogCheckFDFilterExit(__FUNCTION__); \ + } \ + return x; \ + } while(0) + #endif /* DEBUG */ #define FatalError(x, ...) do { \