From: Jason Ish Date: Tue, 16 Nov 2021 22:43:57 +0000 (-0600) Subject: app-layer: include decoder events in app-layer tx data X-Git-Tag: suricata-7.0.0-beta1~1150 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7732efbec2a35db5c9a9b73f8c373d99813f3a14;p=thirdparty%2Fsuricata.git app-layer: include decoder events in app-layer tx data As most parsers use an events structure we can include it in the tx_data structure to reduce some boilerplate/housekeeping code in app-layer parsers. --- diff --git a/rust/src/applayer.rs b/rust/src/applayer.rs index d9e6354755..88eff7fff3 100644 --- a/rust/src/applayer.rs +++ b/rust/src/applayer.rs @@ -18,7 +18,7 @@ //! Parser registration functions and common interface use std; -use crate::core::{self,DetectEngineState,Flow,AppLayerEventType,AppLayerDecoderEvents,AppProto}; +use crate::core::{self,DetectEngineState,Flow,AppLayerEventType,AppProto}; use crate::filecontainer::FileContainer; use crate::applayer; use std::os::raw::{c_void,c_char,c_int}; @@ -69,6 +69,7 @@ pub struct AppLayerTxData { detect_flags_tc: u64, de_state: *mut DetectEngineState, + pub events: *mut core::AppLayerDecoderEvents, } impl Default for AppLayerTxData { @@ -82,6 +83,9 @@ impl Drop for AppLayerTxData { if self.de_state != std::ptr::null_mut() { core::sc_detect_engine_state_free(self.de_state); } + if self.events != std::ptr::null_mut() { + core::sc_app_layer_decoder_events_free_events(&mut self.events); + } } } @@ -96,6 +100,7 @@ impl AppLayerTxData { detect_flags_ts: 0, detect_flags_tc: 0, de_state: std::ptr::null_mut(), + events: std::ptr::null_mut(), } } pub fn init_files_opened(&mut self) { @@ -104,6 +109,10 @@ impl AppLayerTxData { pub fn incr_files_opened(&mut self) { self.files_opened += 1; } + + pub fn set_event(&mut self, event: u8) { + core::sc_app_layer_decoder_events_set_event_raw(&mut self.events, event as u8); + } } #[macro_export] @@ -227,8 +236,6 @@ pub struct RustParser { /// Function returning the current transaction progress pub tx_get_progress: StateGetProgressFn, - /// Function to get events - pub get_events: Option, /// Function to get an event id from a description pub get_eventinfo: Option, /// Function to get an event description from an event id @@ -292,7 +299,6 @@ pub type StateGetTxCntFn = unsafe extern "C" fn (*mut c_void) -> u64; pub type StateGetProgressFn = unsafe extern "C" fn (*mut c_void, u8) -> c_int; pub type GetEventInfoFn = unsafe extern "C" fn (*const c_char, *mut c_int, *mut AppLayerEventType) -> c_int; pub type GetEventInfoByIdFn = unsafe extern "C" fn (c_int, *mut *const c_char, *mut AppLayerEventType) -> i8; -pub type GetEventsFn = unsafe extern "C" fn (*mut c_void) -> *mut AppLayerDecoderEvents; pub type LocalStorageNewFn = extern "C" fn () -> *mut c_void; pub type LocalStorageFreeFn = extern "C" fn (*mut c_void); pub type GetFilesFn = unsafe diff --git a/rust/src/applayertemplate/template.rs b/rust/src/applayertemplate/template.rs index 1025b57f0f..8db24866e2 100644 --- a/rust/src/applayertemplate/template.rs +++ b/rust/src/applayertemplate/template.rs @@ -16,7 +16,7 @@ */ use std; -use crate::core::{self, ALPROTO_UNKNOWN, AppProto, Flow, IPPROTO_TCP}; +use crate::core::{ALPROTO_UNKNOWN, AppProto, Flow, IPPROTO_TCP}; use crate::applayer::{self, *}; use std::ffi::CString; use nom; @@ -32,8 +32,6 @@ pub struct TemplateTransaction { pub request: Option, pub response: Option, - de_state: Option<*mut core::DetectEngineState>, - events: *mut core::AppLayerDecoderEvents, tx_data: AppLayerTxData, } @@ -43,20 +41,9 @@ impl TemplateTransaction { tx_id: 0, request: None, response: None, - de_state: None, - events: std::ptr::null_mut(), tx_data: AppLayerTxData::new(), } } - - pub fn free(&mut self) { - if !self.events.is_null() { - core::sc_app_layer_decoder_events_free_events(&mut self.events); - } - if let Some(state) = self.de_state { - core::sc_detect_engine_state_free(state); - } - } } impl Transaction for TemplateTransaction { @@ -65,12 +52,6 @@ impl Transaction for TemplateTransaction { } } -impl Drop for TemplateTransaction { - fn drop(&mut self) { - self.free(); - } -} - pub struct TemplateState { tx_id: u64, transactions: Vec, @@ -399,14 +380,6 @@ pub unsafe extern "C" fn rs_template_tx_get_alstate_progress( return 0; } -#[no_mangle] -pub unsafe extern "C" fn rs_template_state_get_events( - tx: *mut std::os::raw::c_void -) -> *mut core::AppLayerDecoderEvents { - let tx = cast_pointer!(tx, TemplateTransaction); - return tx.events; -} - /// Get the request buffer for a transaction from C. /// /// No required for parsing, but an example function for retrieving a @@ -474,7 +447,6 @@ pub unsafe extern "C" fn rs_template_register_parser() { tx_comp_st_ts: 1, tx_comp_st_tc: 1, tx_get_progress: rs_template_tx_get_alstate_progress, - get_events: Some(rs_template_state_get_events), get_eventinfo: Some(TemplateEvent::get_event_info), get_eventinfo_byid : Some(TemplateEvent::get_event_info_by_id), localstorage_new: None, diff --git a/rust/src/dcerpc/dcerpc.rs b/rust/src/dcerpc/dcerpc.rs index dae73128ff..20ead2529b 100644 --- a/rust/src/dcerpc/dcerpc.rs +++ b/rust/src/dcerpc/dcerpc.rs @@ -1360,7 +1360,6 @@ pub unsafe extern "C" fn rs_dcerpc_register_parser() { tx_comp_st_ts: 1, tx_comp_st_tc: 1, tx_get_progress: rs_dcerpc_get_alstate_progress, - get_events: None, get_eventinfo: None, get_eventinfo_byid : None, localstorage_new: None, diff --git a/rust/src/dcerpc/dcerpc_udp.rs b/rust/src/dcerpc/dcerpc_udp.rs index cdd0d2c6a2..276361cb44 100644 --- a/rust/src/dcerpc/dcerpc_udp.rs +++ b/rust/src/dcerpc/dcerpc_udp.rs @@ -341,7 +341,6 @@ pub unsafe extern "C" fn rs_dcerpc_udp_register_parser() { tx_comp_st_ts: 1, tx_comp_st_tc: 1, tx_get_progress: rs_dcerpc_get_alstate_progress, - get_events: None, get_eventinfo: None, get_eventinfo_byid: None, localstorage_new: None, diff --git a/rust/src/dhcp/dhcp.rs b/rust/src/dhcp/dhcp.rs index 9fd1878b23..45e5fb2c30 100644 --- a/rust/src/dhcp/dhcp.rs +++ b/rust/src/dhcp/dhcp.rs @@ -18,7 +18,6 @@ use crate::applayer::{self, *}; use crate::core; use crate::core::{ALPROTO_UNKNOWN, AppProto, Flow, IPPROTO_UDP}; -use crate::core::sc_app_layer_decoder_events_free_events; use crate::dhcp::parser::*; use std; use std::ffi::CString; @@ -79,7 +78,6 @@ pub enum DHCPEvent { pub struct DHCPTransaction { tx_id: u64, pub message: DHCPMessage, - events: *mut core::AppLayerDecoderEvents, tx_data: applayer::AppLayerTxData, } @@ -88,17 +86,9 @@ impl DHCPTransaction { DHCPTransaction { tx_id: id, message: message, - events: std::ptr::null_mut(), tx_data: applayer::AppLayerTxData::new(), } } - - pub fn free(&mut self) { - if !self.events.is_null() { - sc_app_layer_decoder_events_free_events(&mut self.events); - } - } - } impl Transaction for DHCPTransaction { @@ -107,12 +97,6 @@ impl Transaction for DHCPTransaction { } } -impl Drop for DHCPTransaction { - fn drop(&mut self) { - self.free(); - } -} - #[derive(Default)] pub struct DHCPState { // Internal transaction ID. @@ -185,8 +169,7 @@ impl DHCPState { fn set_event(&mut self, event: DHCPEvent) { if let Some(tx) = self.transactions.last_mut() { - core::sc_app_layer_decoder_events_set_event_raw( - &mut tx.events, event as u8); + tx.tx_data.set_event(event as u8); self.events += 1; } } @@ -278,14 +261,6 @@ pub unsafe extern "C" fn rs_dhcp_state_free(state: *mut std::os::raw::c_void) { std::mem::drop(Box::from_raw(state as *mut DHCPState)); } -#[no_mangle] -pub unsafe extern "C" fn rs_dhcp_state_get_events(tx: *mut std::os::raw::c_void) - -> *mut core::AppLayerDecoderEvents -{ - let tx = cast_pointer!(tx, DHCPTransaction); - return tx.events; -} - export_tx_data_get!(rs_dhcp_get_tx_data, DHCPTransaction); const PARSER_NAME: &'static [u8] = b"dhcp\0"; @@ -312,7 +287,6 @@ pub unsafe extern "C" fn rs_dhcp_register_parser() { tx_comp_st_ts : 1, tx_comp_st_tc : 1, tx_get_progress : rs_dhcp_tx_get_alstate_progress, - get_events : Some(rs_dhcp_state_get_events), get_eventinfo : Some(DHCPEvent::get_event_info), get_eventinfo_byid : Some(DHCPEvent::get_event_info_by_id), localstorage_new : None, diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 42504fcec0..3697208bce 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -231,7 +231,6 @@ pub struct DNSTransaction { pub id: u64, pub request: Option, pub response: Option, - pub events: *mut core::AppLayerDecoderEvents, pub tx_data: AppLayerTxData, } @@ -248,17 +247,10 @@ impl DNSTransaction { id: 0, request: None, response: None, - events: std::ptr::null_mut(), tx_data: AppLayerTxData::new(), } } - pub fn free(&mut self) { - if !self.events.is_null() { - core::sc_app_layer_decoder_events_free_events(&mut self.events); - } - } - /// Get the DNS transactions ID (not the internal tracking ID). pub fn tx_id(&self) -> u16 { if let &Some(ref request) = &self.request { @@ -283,12 +275,6 @@ impl DNSTransaction { } -impl Drop for DNSTransaction { - fn drop(&mut self) { - self.free(); - } -} - struct ConfigTracker { map: HashMap, queue: VecDeque, @@ -394,8 +380,7 @@ impl DNSState { } let tx = &mut self.transactions[len - 1]; - core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, - event as u8); + tx.tx_data.set_event(event as u8); self.events += 1; } @@ -798,14 +783,6 @@ pub extern "C" fn rs_dns_tx_is_response(tx: &mut DNSTransaction) -> bool { tx.response.is_some() } -#[no_mangle] -pub unsafe extern "C" fn rs_dns_state_get_events(tx: *mut std::os::raw::c_void) - -> *mut core::AppLayerDecoderEvents -{ - let tx = cast_pointer!(tx, DNSTransaction); - return tx.events; -} - pub unsafe extern "C" fn rs_dns_state_get_tx_data( tx: *mut std::os::raw::c_void) -> *mut AppLayerTxData @@ -962,7 +939,6 @@ pub unsafe extern "C" fn rs_dns_udp_register_parser() { tx_comp_st_ts: 1, tx_comp_st_tc: 1, tx_get_progress: rs_dns_tx_get_alstate_progress, - get_events: Some(rs_dns_state_get_events), get_eventinfo: Some(DNSEvent::get_event_info), get_eventinfo_byid: Some(DNSEvent::get_event_info_by_id), localstorage_new: None, @@ -1006,7 +982,6 @@ pub unsafe extern "C" fn rs_dns_tcp_register_parser() { tx_comp_st_ts: 1, tx_comp_st_tc: 1, tx_get_progress: rs_dns_tx_get_alstate_progress, - get_events: Some(rs_dns_state_get_events), get_eventinfo: Some(DNSEvent::get_event_info), get_eventinfo_byid: Some(DNSEvent::get_event_info_by_id), localstorage_new: None, diff --git a/rust/src/http2/http2.rs b/rust/src/http2/http2.rs index 37232c8491..291bd3b377 100644 --- a/rust/src/http2/http2.rs +++ b/rust/src/http2/http2.rs @@ -21,7 +21,7 @@ use super::parser; use super::range; use crate::applayer::{self, *}; -use crate::core::{self, *}; +use crate::core::*; use crate::filecontainer::*; use crate::filetracker::*; use nom; @@ -131,7 +131,6 @@ pub struct HTTP2Transaction { decoder: decompression::HTTP2Decoder, pub file_range: *mut HttpRangeContainerBlock, - events: *mut core::AppLayerDecoderEvents, tx_data: AppLayerTxData, pub ft_tc: FileTransferTracker, ft_ts: FileTransferTracker, @@ -158,7 +157,6 @@ impl HTTP2Transaction { frames_ts: Vec::new(), decoder: decompression::HTTP2Decoder::new(), file_range: std::ptr::null_mut(), - events: std::ptr::null_mut(), tx_data: AppLayerTxData::new(), ft_tc: FileTransferTracker::new(), ft_ts: FileTransferTracker::new(), @@ -167,9 +165,6 @@ impl HTTP2Transaction { } pub fn free(&mut self) { - if !self.events.is_null() { - core::sc_app_layer_decoder_events_free_events(&mut self.events); - } if !self.file_range.is_null() { match unsafe { SC } { None => panic!("BUG no suricata_config"), @@ -190,8 +185,7 @@ impl HTTP2Transaction { } pub fn set_event(&mut self, event: HTTP2Event) { - let ev = event as u8; - core::sc_app_layer_decoder_events_set_event_raw(&mut self.events, ev); + self.tx_data.set_event(event as u8); } fn handle_headers(&mut self, blocks: &Vec, dir: Direction) { @@ -456,8 +450,7 @@ impl HTTP2State { return; } let tx = &mut self.transactions[len - 1]; - let ev = event as u8; - core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, ev); + tx.tx_data.set_event(event as u8); } // Free a transaction by ID. @@ -1152,14 +1145,6 @@ pub unsafe extern "C" fn rs_http2_tx_get_alstate_progress( return rs_http2_tx_get_state(tx) as i32; } -#[no_mangle] -pub unsafe extern "C" fn rs_http2_state_get_events( - tx: *mut std::os::raw::c_void, -) -> *mut core::AppLayerDecoderEvents { - let tx = cast_pointer!(tx, HTTP2Transaction); - return tx.events; -} - #[no_mangle] pub unsafe extern "C" fn rs_http2_getfiles( state: *mut std::os::raw::c_void, direction: u8, @@ -1196,7 +1181,6 @@ pub unsafe extern "C" fn rs_http2_register_parser() { tx_comp_st_ts: HTTP2TransactionState::HTTP2StateClosed as i32, tx_comp_st_tc: HTTP2TransactionState::HTTP2StateClosed as i32, tx_get_progress: rs_http2_tx_get_alstate_progress, - get_events: Some(rs_http2_state_get_events), get_eventinfo: Some(HTTP2Event::get_event_info), get_eventinfo_byid: Some(HTTP2Event::get_event_info_by_id), localstorage_new: None, diff --git a/rust/src/ike/ike.rs b/rust/src/ike/ike.rs index e29edf1d0f..89cb3a0886 100644 --- a/rust/src/ike/ike.rs +++ b/rust/src/ike/ike.rs @@ -105,7 +105,6 @@ pub struct IKETransaction { pub errors: u32, logged: LoggerFlags, - events: *mut core::AppLayerDecoderEvents, tx_data: applayer::AppLayerTxData, } @@ -124,28 +123,14 @@ impl IKETransaction { payload_types: Default::default(), notify_types: vec![], logged: LoggerFlags::new(), - events: std::ptr::null_mut(), tx_data: applayer::AppLayerTxData::new(), errors: 0, } } - pub fn free(&mut self) { - if !self.events.is_null() { - core::sc_app_layer_decoder_events_free_events(&mut self.events); - } - } - /// Set an event. pub fn set_event(&mut self, event: IkeEvent) { - let ev = event as u8; - core::sc_app_layer_decoder_events_set_event_raw(&mut self.events, ev); - } -} - -impl Drop for IKETransaction { - fn drop(&mut self) { - self.free(); + self.tx_data.set_event(event as u8); } } @@ -196,8 +181,7 @@ impl IKEState { /// Set an event. The event is set on the most recent transaction. pub fn set_event(&mut self, event: IkeEvent) { if let Some(tx) = self.transactions.last_mut() { - let ev = event as u8; - core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, ev); + tx.set_event(event); } else { SCLogDebug!( "IKE: trying to set event {} on non-existing transaction", @@ -400,14 +384,6 @@ pub unsafe extern "C" fn rs_ike_tx_set_logged( tx.logged.set(logged); } -#[no_mangle] -pub unsafe extern "C" fn rs_ike_state_get_events( - tx: *mut std::os::raw::c_void, -) -> *mut core::AppLayerDecoderEvents { - let tx = cast_pointer!(tx, IKETransaction); - return tx.events; -} - static mut ALPROTO_IKE : AppProto = ALPROTO_UNKNOWN; // Parser name as a C style string. @@ -437,7 +413,6 @@ pub unsafe extern "C" fn rs_ike_register_parser() { tx_comp_st_ts : 1, tx_comp_st_tc : 1, tx_get_progress : rs_ike_tx_get_alstate_progress, - get_events : Some(rs_ike_state_get_events), get_eventinfo : Some(IkeEvent::get_event_info), get_eventinfo_byid : Some(IkeEvent::get_event_info_by_id), localstorage_new : None, diff --git a/rust/src/krb/krb5.rs b/rust/src/krb/krb5.rs index 6798693252..61e8ee642a 100644 --- a/rust/src/krb/krb5.rs +++ b/rust/src/krb/krb5.rs @@ -77,9 +77,6 @@ pub struct KRB5Transaction { /// The internal transaction id id: u64, - /// The events associated with this transaction - events: *mut core::AppLayerDecoderEvents, - tx_data: applayer::AppLayerTxData, } @@ -219,8 +216,7 @@ impl KRB5State { /// Set an event. The event is set on the most recent transaction. fn set_event(&mut self, event: KRB5Event) { if let Some(tx) = self.transactions.last_mut() { - let ev = event as u8; - core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, ev); + tx.tx_data.set_event(event as u8); } } } @@ -235,20 +231,11 @@ impl KRB5Transaction { etype: None, error_code: None, id: id, - events: std::ptr::null_mut(), tx_data: applayer::AppLayerTxData::new(), } } } -impl Drop for KRB5Transaction { - fn drop(&mut self) { - if !self.events.is_null() { - core::sc_app_layer_decoder_events_free_events(&mut self.events); - } - } -} - /// Return true if Kerberos `EncryptionType` is weak pub fn test_weak_encryption(alg:EncryptionType) -> bool { match alg { @@ -318,14 +305,6 @@ pub extern "C" fn rs_krb5_tx_get_alstate_progress(_tx: *mut std::os::raw::c_void 1 } -#[no_mangle] -pub unsafe extern "C" fn rs_krb5_state_get_events(tx: *mut std::os::raw::c_void) - -> *mut core::AppLayerDecoderEvents -{ - let tx = cast_pointer!(tx, KRB5Transaction); - return tx.events; -} - static mut ALPROTO_KRB5 : AppProto = ALPROTO_UNKNOWN; #[no_mangle] @@ -565,7 +544,6 @@ pub unsafe extern "C" fn rs_register_krb5_parser() { tx_comp_st_ts : 1, tx_comp_st_tc : 1, tx_get_progress : rs_krb5_tx_get_alstate_progress, - get_events : Some(rs_krb5_state_get_events), get_eventinfo : Some(KRB5Event::get_event_info), get_eventinfo_byid : Some(KRB5Event::get_event_info_by_id), localstorage_new : None, diff --git a/rust/src/modbus/modbus.rs b/rust/src/modbus/modbus.rs index a22cf5fe0a..514cdd0263 100644 --- a/rust/src/modbus/modbus.rs +++ b/rust/src/modbus/modbus.rs @@ -47,7 +47,6 @@ pub struct ModbusTransaction { pub request: Option, pub response: Option, - pub events: *mut core::AppLayerDecoderEvents, pub tx_data: AppLayerTxData, } @@ -63,13 +62,12 @@ impl ModbusTransaction { id, request: None, response: None, - events: std::ptr::null_mut(), tx_data: AppLayerTxData::new(), } } fn set_event(&mut self, event: ModbusEvent) { - core::sc_app_layer_decoder_events_set_event_raw(&mut self.events, event as u8); + self.tx_data.set_event(event as u8); } fn set_events_from_flags(&mut self, flags: &Flags) { @@ -91,14 +89,6 @@ impl ModbusTransaction { } } -impl Drop for ModbusTransaction { - fn drop(&mut self) { - if !self.events.is_null() { - core::sc_app_layer_decoder_events_free_events(&mut self.events); - } - } -} - pub struct ModbusState { pub transactions: Vec, tx_id: u64, @@ -376,14 +366,6 @@ pub unsafe extern "C" fn rs_modbus_tx_get_alstate_progress( tx.response.is_some() as std::os::raw::c_int } -#[no_mangle] -pub unsafe extern "C" fn rs_modbus_state_get_events( - tx: *mut std::os::raw::c_void, -) -> *mut core::AppLayerDecoderEvents { - let tx = cast_pointer!(tx, ModbusTransaction); - tx.events -} - #[no_mangle] pub unsafe extern "C" fn rs_modbus_state_get_tx_data( tx: *mut std::os::raw::c_void, @@ -413,7 +395,6 @@ pub unsafe extern "C" fn rs_modbus_register_parser() { tx_comp_st_ts: 1, tx_comp_st_tc: 1, tx_get_progress: rs_modbus_tx_get_alstate_progress, - get_events: Some(rs_modbus_state_get_events), get_eventinfo: Some(ModbusEvent::get_event_info), get_eventinfo_byid: Some(ModbusEvent::get_event_info_by_id), localstorage_new: None, diff --git a/rust/src/mqtt/mqtt.rs b/rust/src/mqtt/mqtt.rs index 3627e57f5e..700ba77f16 100644 --- a/rust/src/mqtt/mqtt.rs +++ b/rust/src/mqtt/mqtt.rs @@ -21,7 +21,7 @@ use super::mqtt_message::*; use super::parser::*; use crate::applayer::{self, LoggerFlags}; use crate::applayer::*; -use crate::core::{self, *}; +use crate::core::*; use nom7::Err; use std; use std::ffi::CString; @@ -60,7 +60,6 @@ pub struct MQTTTransaction { toserver: bool, logged: LoggerFlags, - events: *mut core::AppLayerDecoderEvents, tx_data: applayer::AppLayerTxData, } @@ -74,24 +73,11 @@ impl MQTTTransaction { msg: Vec::new(), toclient: false, toserver: false, - events: std::ptr::null_mut(), tx_data: applayer::AppLayerTxData::new(), }; m.msg.push(msg); return m; } - - pub fn free(&mut self) { - if !self.events.is_null() { - core::sc_app_layer_decoder_events_free_events(&mut self.events); - } - } -} - -impl Drop for MQTTTransaction { - fn drop(&mut self) { - self.free(); - } } impl Transaction for MQTTTransaction { @@ -524,8 +510,7 @@ impl MQTTState { } fn set_event(tx: &mut MQTTTransaction, event: MQTTEvent) { - let ev = event as u8; - core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, ev); + tx.tx_data.set_event(event as u8); } } @@ -675,14 +660,6 @@ pub unsafe extern "C" fn rs_mqtt_tx_set_logged( tx.logged.set(logged); } -#[no_mangle] -pub unsafe extern "C" fn rs_mqtt_state_get_events( - tx: *mut std::os::raw::c_void, -) -> *mut core::AppLayerDecoderEvents { - let tx = cast_pointer!(tx, MQTTTransaction); - return tx.events; -} - // Parser name as a C style string. const PARSER_NAME: &'static [u8] = b"mqtt\0"; @@ -711,7 +688,6 @@ pub unsafe extern "C" fn rs_mqtt_register_parser(cfg_max_msg_len: u32) { tx_comp_st_ts: 1, tx_comp_st_tc: 1, tx_get_progress: rs_mqtt_tx_get_alstate_progress, - get_events: Some(rs_mqtt_state_get_events), get_eventinfo: Some(MQTTEvent::get_event_info), get_eventinfo_byid: Some(MQTTEvent::get_event_info_by_id), localstorage_new: None, diff --git a/rust/src/nfs/nfs.rs b/rust/src/nfs/nfs.rs index 9b6db86a5f..299325bd61 100644 --- a/rust/src/nfs/nfs.rs +++ b/rust/src/nfs/nfs.rs @@ -179,8 +179,6 @@ pub struct NFSTransaction { /// attempt failed. pub type_data: Option, - pub events: *mut AppLayerDecoderEvents, - pub tx_data: AppLayerTxData, } @@ -207,7 +205,6 @@ impl NFSTransaction { file_tx_direction: Direction::ToServer, file_handle:Vec::new(), type_data: None, - events: std::ptr::null_mut(), tx_data: AppLayerTxData::new(), } } @@ -215,9 +212,6 @@ impl NFSTransaction { pub fn free(&mut self) { debug_validate_bug_on!(self.tx_data.files_opened > 1); debug_validate_bug_on!(self.tx_data.files_logged > 1); - if !self.events.is_null() { - sc_app_layer_decoder_events_free_events(&mut self.events); - } } } @@ -419,7 +413,7 @@ impl NFSState { } let tx = &mut self.transactions[len - 1]; - sc_app_layer_decoder_events_set_event_raw(&mut tx.events, event as u8); + tx.tx_data.set_event(event as u8); self.events += 1; } @@ -1543,14 +1537,6 @@ pub unsafe extern "C" fn rs_nfs_get_tx_data( return &mut tx.tx_data; } -#[no_mangle] -pub unsafe extern "C" fn rs_nfs_state_get_events(tx: *mut std::os::raw::c_void) - -> *mut AppLayerDecoderEvents -{ - let tx = cast_pointer!(tx, NFSTransaction); - return tx.events; -} - #[no_mangle] pub unsafe extern "C" fn rs_nfs_state_get_event_info_by_id(event_id: std::os::raw::c_int, event_name: *mut *const std::os::raw::c_char, @@ -1877,7 +1863,6 @@ pub unsafe extern "C" fn rs_nfs_register_parser() { tx_comp_st_ts: 1, tx_comp_st_tc: 1, tx_get_progress: rs_nfs_tx_get_alstate_progress, - get_events: Some(rs_nfs_state_get_events), get_eventinfo: Some(rs_nfs_state_get_event_info), get_eventinfo_byid : Some(rs_nfs_state_get_event_info_by_id), localstorage_new: None, @@ -1954,7 +1939,6 @@ pub unsafe extern "C" fn rs_nfs_udp_register_parser() { tx_comp_st_ts: 1, tx_comp_st_tc: 1, tx_get_progress: rs_nfs_tx_get_alstate_progress, - get_events: Some(rs_nfs_state_get_events), get_eventinfo: Some(rs_nfs_state_get_event_info), get_eventinfo_byid : None, localstorage_new: None, diff --git a/rust/src/ntp/ntp.rs b/rust/src/ntp/ntp.rs index 4b1ba34198..7de4187397 100644 --- a/rust/src/ntp/ntp.rs +++ b/rust/src/ntp/ntp.rs @@ -54,9 +54,6 @@ pub struct NTPTransaction { /// The internal transaction id id: u64, - /// The events associated with this transaction - events: *mut core::AppLayerDecoderEvents, - tx_data: applayer::AppLayerTxData, } @@ -137,8 +134,7 @@ impl NTPState { /// Set an event. The event is set on the most recent transaction. pub fn set_event(&mut self, event: NTPEvent) { if let Some(tx) = self.transactions.last_mut() { - let ev = event as u8; - core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, ev); + tx.tx_data.set_event(event as u8); self.events += 1; } } @@ -149,22 +145,9 @@ impl NTPTransaction { NTPTransaction { xid: 0, id: id, - events: std::ptr::null_mut(), tx_data: applayer::AppLayerTxData::new(), } } - - fn free(&mut self) { - if !self.events.is_null() { - core::sc_app_layer_decoder_events_free_events(&mut self.events); - } - } -} - -impl Drop for NTPTransaction { - fn drop(&mut self) { - self.free(); - } } /// Returns *mut NTPState @@ -251,14 +234,6 @@ pub extern "C" fn rs_ntp_tx_get_alstate_progress(_tx: *mut std::os::raw::c_void, 1 } -#[no_mangle] -pub unsafe extern "C" fn rs_ntp_state_get_events(tx: *mut std::os::raw::c_void) - -> *mut core::AppLayerDecoderEvents -{ - let tx = cast_pointer!(tx, NTPTransaction); - return tx.events; -} - static mut ALPROTO_NTP : AppProto = ALPROTO_UNKNOWN; #[no_mangle] @@ -311,7 +286,6 @@ pub unsafe extern "C" fn rs_register_ntp_parser() { tx_comp_st_ts : 1, tx_comp_st_tc : 1, tx_get_progress : rs_ntp_tx_get_alstate_progress, - get_events : Some(rs_ntp_state_get_events), get_eventinfo : Some(NTPEvent::get_event_info), get_eventinfo_byid : Some(NTPEvent::get_event_info_by_id), localstorage_new : None, diff --git a/rust/src/rdp/rdp.rs b/rust/src/rdp/rdp.rs index 4e60e7b389..1b78c5996a 100644 --- a/rust/src/rdp/rdp.rs +++ b/rust/src/rdp/rdp.rs @@ -475,7 +475,6 @@ pub unsafe extern "C" fn rs_rdp_register_parser() { tx_comp_st_ts: 1, tx_comp_st_tc: 1, tx_get_progress: rs_rdp_tx_get_progress, - get_events: None, get_eventinfo: None, get_eventinfo_byid: None, localstorage_new: None, diff --git a/rust/src/rfb/rfb.rs b/rust/src/rfb/rfb.rs index 3b7ba127ce..5594a094a4 100644 --- a/rust/src/rfb/rfb.rs +++ b/rust/src/rfb/rfb.rs @@ -19,7 +19,7 @@ use std; use std::ffi::CString; -use crate::core::{self, ALPROTO_UNKNOWN, AppProto, Flow, IPPROTO_TCP}; +use crate::core::{ALPROTO_UNKNOWN, AppProto, Flow, IPPROTO_TCP}; use crate::applayer; use crate::applayer::*; use nom; @@ -44,7 +44,6 @@ pub struct RFBTransaction { pub tc_failure_reason: Option, pub tc_server_init: Option, - events: *mut core::AppLayerDecoderEvents, tx_data: applayer::AppLayerTxData, } @@ -73,22 +72,9 @@ impl RFBTransaction { tc_failure_reason: None, tc_server_init: None, - events: std::ptr::null_mut(), tx_data: applayer::AppLayerTxData::new(), } } - - pub fn free(&mut self) { - if !self.events.is_null() { - core::sc_app_layer_decoder_events_free_events(&mut self.events); - } - } -} - -impl Drop for RFBTransaction { - fn drop(&mut self) { - self.free(); - } } pub struct RFBState { @@ -581,14 +567,6 @@ pub unsafe extern "C" fn rs_rfb_tx_get_alstate_progress( return 0; } -#[no_mangle] -pub unsafe extern "C" fn rs_rfb_state_get_events( - tx: *mut std::os::raw::c_void -) -> *mut core::AppLayerDecoderEvents { - let tx = cast_pointer!(tx, RFBTransaction); - return tx.events; -} - // Parser name as a C style string. const PARSER_NAME: &'static [u8] = b"rfb\0"; @@ -614,7 +592,6 @@ pub unsafe extern "C" fn rs_rfb_register_parser() { tx_comp_st_ts: 1, tx_comp_st_tc: 1, tx_get_progress: rs_rfb_tx_get_alstate_progress, - get_events: Some(rs_rfb_state_get_events), get_eventinfo: None, get_eventinfo_byid: None, localstorage_new: None, diff --git a/rust/src/sip/sip.rs b/rust/src/sip/sip.rs index fd9230294c..4125198a8a 100755 --- a/rust/src/sip/sip.rs +++ b/rust/src/sip/sip.rs @@ -48,7 +48,6 @@ pub struct SIPTransaction { pub response: Option, pub request_line: Option, pub response_line: Option, - events: *mut core::AppLayerDecoderEvents, tx_data: applayer::AppLayerTxData, } @@ -92,8 +91,7 @@ impl SIPState { fn set_event(&mut self, event: SIPEvent) { if let Some(tx) = self.transactions.last_mut() { - let ev = event as u8; - core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, ev); + tx.tx_data.set_event(event as u8); } } @@ -150,20 +148,11 @@ impl SIPTransaction { response: None, request_line: None, response_line: None, - events: std::ptr::null_mut(), tx_data: applayer::AppLayerTxData::new(), } } } -impl Drop for SIPTransaction { - fn drop(&mut self) { - if !self.events.is_null() { - core::sc_app_layer_decoder_events_free_events(&mut self.events); - } - } -} - #[no_mangle] pub extern "C" fn rs_sip_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void { let state = SIPState::new(); @@ -209,14 +198,6 @@ pub extern "C" fn rs_sip_tx_get_alstate_progress( 1 } -#[no_mangle] -pub unsafe extern "C" fn rs_sip_state_get_events( - tx: *mut std::os::raw::c_void, -) -> *mut core::AppLayerDecoderEvents { - let tx = cast_pointer!(tx, SIPTransaction); - return tx.events; -} - static mut ALPROTO_SIP: AppProto = ALPROTO_UNKNOWN; #[no_mangle] @@ -304,7 +285,6 @@ pub unsafe extern "C" fn rs_sip_register_parser() { tx_comp_st_ts: 1, tx_comp_st_tc: 1, tx_get_progress: rs_sip_tx_get_alstate_progress, - get_events: Some(rs_sip_state_get_events), get_eventinfo: Some(SIPEvent::get_event_info), get_eventinfo_byid: Some(SIPEvent::get_event_info_by_id), localstorage_new: None, diff --git a/rust/src/smb/events.rs b/rust/src/smb/events.rs index 8fb27a0cc6..f8b3055ede 100644 --- a/rust/src/smb/events.rs +++ b/rust/src/smb/events.rs @@ -15,7 +15,6 @@ * 02110-1301, USA. */ -use crate::core::*; use crate::smb::smb::*; #[derive(AppLayerEvent)] @@ -33,13 +32,13 @@ pub enum SMBEvent { impl SMBTransaction { /// Set event. pub fn set_event(&mut self, e: SMBEvent) { - sc_app_layer_decoder_events_set_event_raw(&mut self.events, e as u8); + self.tx_data.set_event(e as u8); } /// Set events from vector of events. pub fn set_events(&mut self, events: Vec) { for e in events { - sc_app_layer_decoder_events_set_event_raw(&mut self.events, e as u8); + self.tx_data.set_event(e as u8); } } } @@ -54,6 +53,5 @@ impl SMBState { let tx = &mut self.transactions[len - 1]; tx.set_event(event); - //sc_app_layer_decoder_events_set_event_raw(&mut tx.events, event as u8); } } diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index dfaad32588..2fedf97e2b 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -536,7 +536,6 @@ pub struct SMBTransaction { /// Command specific data pub type_data: Option, - pub events: *mut AppLayerDecoderEvents, pub tx_data: AppLayerTxData, } @@ -555,7 +554,6 @@ impl SMBTransaction { request_done: false, response_done: false, type_data: None, - events: std::ptr::null_mut(), tx_data: AppLayerTxData::new(), } } @@ -572,9 +570,6 @@ impl SMBTransaction { pub fn free(&mut self) { debug_validate_bug_on!(self.tx_data.files_opened > 1); debug_validate_bug_on!(self.tx_data.files_logged > 1); - if !self.events.is_null() { - sc_app_layer_decoder_events_free_events(&mut self.events); - } } } @@ -2064,14 +2059,6 @@ pub unsafe extern "C" fn rs_smb_state_truncate( } } -#[no_mangle] -pub unsafe extern "C" fn rs_smb_state_get_events(tx: *mut std::os::raw::c_void) - -> *mut AppLayerDecoderEvents -{ - let tx = cast_pointer!(tx, SMBTransaction); - return tx.events; -} - #[no_mangle] pub unsafe extern "C" fn rs_smb_state_get_event_info_by_id( event_id: std::os::raw::c_int, @@ -2171,7 +2158,6 @@ pub unsafe extern "C" fn rs_smb_register_parser() { tx_comp_st_ts: 1, tx_comp_st_tc: 1, tx_get_progress: rs_smb_tx_get_alstate_progress, - get_events: Some(rs_smb_state_get_events), get_eventinfo: Some(rs_smb_state_get_event_info), get_eventinfo_byid : Some(rs_smb_state_get_event_info_by_id), localstorage_new: None, diff --git a/rust/src/snmp/snmp.rs b/rust/src/snmp/snmp.rs index 88b974373f..33a42890a5 100644 --- a/rust/src/snmp/snmp.rs +++ b/rust/src/snmp/snmp.rs @@ -77,9 +77,6 @@ pub struct SNMPTransaction<'a> { /// The internal transaction id id: u64, - /// The events associated with this transaction - events: *mut core::AppLayerDecoderEvents, - tx_data: applayer::AppLayerTxData, } @@ -224,14 +221,13 @@ impl<'a> SNMPState<'a> { /// Set an event. The event is set on the most recent transaction. fn set_event(&mut self, event: SNMPEvent) { if let Some(tx) = self.transactions.last_mut() { - let ev = event as u8; - core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, ev); + tx.tx_data.set_event(event as u8); } } /// Set an event on a specific transaction. fn set_event_tx(&self, tx: &mut SNMPTransaction, event: SNMPEvent) { - core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, event as u8); + tx.tx_data.set_event(event as u8); } } @@ -244,29 +240,11 @@ impl<'a> SNMPTransaction<'a> { usm: None, encrypted: false, id: id, - events: std::ptr::null_mut(), tx_data: applayer::AppLayerTxData::new(), } } - - fn free(&mut self) { - if !self.events.is_null() { - core::sc_app_layer_decoder_events_free_events(&mut self.events); - } - } } -impl<'a> Drop for SNMPTransaction<'a> { - fn drop(&mut self) { - self.free(); - } -} - - - - - - /// Returns *mut SNMPState #[no_mangle] pub extern "C" fn rs_snmp_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void { @@ -345,14 +323,6 @@ pub extern "C" fn rs_snmp_tx_get_alstate_progress(_tx: *mut std::os::raw::c_void 1 } -#[no_mangle] -pub unsafe extern "C" fn rs_snmp_state_get_events(tx: *mut std::os::raw::c_void) - -> *mut core::AppLayerDecoderEvents -{ - let tx = cast_pointer!(tx, SNMPTransaction); - return tx.events; -} - static mut ALPROTO_SNMP : AppProto = ALPROTO_UNKNOWN; // Read PDU sequence and extract version, if similar to SNMP definition @@ -422,7 +392,6 @@ pub unsafe extern "C" fn rs_register_snmp_parser() { tx_comp_st_ts : 1, tx_comp_st_tc : 1, tx_get_progress : rs_snmp_tx_get_alstate_progress, - get_events : Some(rs_snmp_state_get_events), get_eventinfo : Some(SNMPEvent::get_event_info), get_eventinfo_byid : Some(SNMPEvent::get_event_info_by_id), localstorage_new : None, diff --git a/rust/src/ssh/ssh.rs b/rust/src/ssh/ssh.rs index 035fa67066..4a286d09bf 100644 --- a/rust/src/ssh/ssh.rs +++ b/rust/src/ssh/ssh.rs @@ -17,7 +17,7 @@ use super::parser; use crate::applayer::*; -use crate::core::{self, *}; +use crate::core::*; use nom7::Err; use std::ffi::CString; use std::sync::atomic::{AtomicBool, Ordering}; @@ -82,7 +82,6 @@ pub struct SSHTransaction { pub srv_hdr: SshHeader, pub cli_hdr: SshHeader, - events: *mut core::AppLayerDecoderEvents, tx_data: AppLayerTxData, } @@ -91,22 +90,9 @@ impl SSHTransaction { SSHTransaction { srv_hdr: SshHeader::new(), cli_hdr: SshHeader::new(), - events: std::ptr::null_mut(), tx_data: AppLayerTxData::new(), } } - - pub fn free(&mut self) { - if !self.events.is_null() { - core::sc_app_layer_decoder_events_free_events(&mut self.events); - } - } -} - -impl Drop for SSHTransaction { - fn drop(&mut self) { - self.free(); - } } pub struct SSHState { @@ -121,8 +107,7 @@ impl SSHState { } fn set_event(&mut self, event: SSHEvent) { - let ev = event as u8; - core::sc_app_layer_decoder_events_set_event_raw(&mut self.transaction.events, ev); + self.transaction.tx_data.set_event(event as u8); } fn parse_record( @@ -348,14 +333,6 @@ impl SSHState { export_tx_data_get!(rs_ssh_get_tx_data, SSHTransaction); -#[no_mangle] -pub unsafe extern "C" fn rs_ssh_state_get_events( - tx: *mut std::os::raw::c_void, -) -> *mut core::AppLayerDecoderEvents { - let tx = cast_pointer!(tx, SSHTransaction); - return tx.events; -} - #[no_mangle] pub extern "C" fn rs_ssh_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void { let state = SSHState::new(); @@ -477,7 +454,6 @@ pub unsafe extern "C" fn rs_ssh_register_parser() { tx_comp_st_ts: SSHConnectionState::SshStateFinished as i32, tx_comp_st_tc: SSHConnectionState::SshStateFinished as i32, tx_get_progress: rs_ssh_tx_get_alstate_progress, - get_events: Some(rs_ssh_state_get_events), get_eventinfo: Some(SSHEvent::get_event_info), get_eventinfo_byid: Some(SSHEvent::get_event_info_by_id), localstorage_new: None, diff --git a/src/app-layer-dnp3.c b/src/app-layer-dnp3.c index e1ff4d1dba..7f75d9f1ed 100644 --- a/src/app-layer-dnp3.c +++ b/src/app-layer-dnp3.c @@ -466,7 +466,7 @@ static void *DNP3StateAlloc(void *orig_state, AppProto proto_orig) static void DNP3SetEvent(DNP3State *dnp3, uint8_t event) { if (dnp3 && dnp3->curr) { - AppLayerDecoderEventsSetEventRaw(&dnp3->curr->decoder_events, event); + AppLayerDecoderEventsSetEventRaw(&dnp3->curr->tx_data.events, event); dnp3->events++; } else { @@ -479,7 +479,7 @@ static void DNP3SetEvent(DNP3State *dnp3, uint8_t event) */ static void DNP3SetEventTx(DNP3Transaction *tx, uint8_t event) { - AppLayerDecoderEventsSetEventRaw(&tx->decoder_events, event); + AppLayerDecoderEventsSetEventRaw(&tx->tx_data.events, event); tx->dnp3->events++; } @@ -1329,11 +1329,6 @@ error: SCReturnStruct(APP_LAYER_ERROR); } -static AppLayerDecoderEvents *DNP3GetEvents(void *tx) -{ - return ((DNP3Transaction *) tx)->decoder_events; -} - static void *DNP3GetTx(void *alstate, uint64_t tx_id) { SCEnter(); @@ -1390,7 +1385,7 @@ static void DNP3TxFree(DNP3Transaction *tx) SCFree(tx->response_buffer); } - AppLayerDecoderEventsFreeEvents(&tx->decoder_events); + AppLayerDecoderEventsFreeEvents(&tx->tx_data.events); if (tx->tx_data.de_state != NULL) { DetectEngineStateFree(tx->tx_data.de_state); @@ -1426,11 +1421,10 @@ static void DNP3StateTxFree(void *state, uint64_t tx_id) dnp3->curr = NULL; } - if (tx->decoder_events != NULL) { - if (tx->decoder_events->cnt <= dnp3->events) { - dnp3->events -= tx->decoder_events->cnt; - } - else { + if (tx->tx_data.events != NULL) { + if (tx->tx_data.events->cnt <= dnp3->events) { + dnp3->events -= tx->tx_data.events->cnt; + } else { dnp3->events = 0; } } @@ -1601,9 +1595,6 @@ void RegisterDNP3Parsers(void) AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_DNP3, DNP3StateAlloc, DNP3StateFree); - AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_DNP3, - DNP3GetEvents); - AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_DNP3, DNP3GetTx); AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_DNP3, DNP3GetTxCnt); AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_DNP3, diff --git a/src/app-layer-dnp3.h b/src/app-layer-dnp3.h index 5c6ee568ef..bf74e27aa9 100644 --- a/src/app-layer-dnp3.h +++ b/src/app-layer-dnp3.h @@ -243,9 +243,6 @@ typedef struct DNP3Transaction_ { * we do not know. */ DNP3ObjectList response_objects; - AppLayerDecoderEvents *decoder_events; /**< Per transcation - * decoder events. */ - TAILQ_ENTRY(DNP3Transaction_) next; } DNP3Transaction; diff --git a/src/app-layer-enip-common.h b/src/app-layer-enip-common.h index d8b5a0a7e1..90c744af03 100644 --- a/src/app-layer-enip-common.h +++ b/src/app-layer-enip-common.h @@ -206,8 +206,6 @@ typedef struct ENIPTransaction_ TAILQ_HEAD(, CIPServiceEntry_) service_list; /**< list for CIP */ - AppLayerDecoderEvents *decoder_events; /**< per tx events */ - TAILQ_ENTRY(ENIPTransaction_) next; AppLayerTxData tx_data; } ENIPTransaction; diff --git a/src/app-layer-enip.c b/src/app-layer-enip.c index cac76412f6..e77624bd4c 100644 --- a/src/app-layer-enip.c +++ b/src/app-layer-enip.c @@ -96,11 +96,6 @@ static uint64_t ENIPGetTxCnt(void *alstate) return ((ENIPState *)alstate)->transaction_max; } -static AppLayerDecoderEvents *ENIPGetEvents(void *tx) -{ - return ((ENIPTransaction *)tx)->decoder_events; -} - static int ENIPStateGetEventInfo(const char *event_name, int *event_id, AppLayerEventType *event_type) { *event_id = SCMapEnumNameToValue(event_name, enip_decoder_event_table); @@ -181,7 +176,7 @@ static void ENIPTransactionFree(ENIPTransaction *tx, ENIPState *state) SCFree(svc); } - AppLayerDecoderEventsFreeEvents(&tx->decoder_events); + AppLayerDecoderEventsFreeEvents(&tx->tx_data.events); if (tx->tx_data.de_state != NULL) { DetectEngineStateFree(tx->tx_data.de_state); @@ -270,12 +265,11 @@ static void ENIPStateTransactionFree(void *state, uint64_t tx_id) if (tx == enip_state->curr) enip_state->curr = NULL; - if (tx->decoder_events != NULL) - { - if (tx->decoder_events->cnt <= enip_state->events) - enip_state->events -= tx->decoder_events->cnt; + if (tx->tx_data.events != NULL) { + if (tx->tx_data.events->cnt <= enip_state->events) + enip_state->events -= tx->tx_data.events->cnt; else - enip_state->events = 0; + enip_state->events = 0; } TAILQ_REMOVE(&enip_state->tx_list, tx, next); @@ -497,8 +491,6 @@ void RegisterENIPUDPParsers(void) AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_ENIP, ENIPStateAlloc, ENIPStateFree); - AppLayerParserRegisterGetEventsFunc(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetEvents); - AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetTx); AppLayerParserRegisterTxDataFunc(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetTxData); AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetTxCnt); @@ -572,8 +564,6 @@ void RegisterENIPTCPParsers(void) AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_ENIP, ENIPStateAlloc, ENIPStateFree); - AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetEvents); - AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetTx); AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetTxData); AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetTxCnt); diff --git a/src/app-layer-ftp.c b/src/app-layer-ftp.c index 0a14e01437..ae1b42d581 100644 --- a/src/app-layer-ftp.c +++ b/src/app-layer-ftp.c @@ -863,8 +863,6 @@ static void FTPStateFree(void *s) if (fstate->line_state[1].db) FTPFree(fstate->line_state[1].db, fstate->line_state[1].db_len); - //AppLayerDecoderEventsFreeEvents(&s->decoder_events); - FTPTransaction *tx = NULL; while ((tx = TAILQ_FIRST(&fstate->tx_list))) { TAILQ_REMOVE(&fstate->tx_list, tx, next); diff --git a/src/app-layer-htp-file.c b/src/app-layer-htp-file.c index 2195ec764a..4051d1811c 100644 --- a/src/app-layer-htp-file.c +++ b/src/app-layer-htp-file.c @@ -180,7 +180,7 @@ static int HTPParseAndCheckContentRange( { int r = HTPParseContentRange(rawvalue, range); if (r != 0) { - AppLayerDecoderEventsSetEventRaw(&htud->decoder_events, HTTP_DECODER_EVENT_RANGE_INVALID); + AppLayerDecoderEventsSetEventRaw(&htud->tx_data.events, HTTP_DECODER_EVENT_RANGE_INVALID); s->events++; SCLogDebug("parsing range failed, going back to normal file"); return r; @@ -197,7 +197,7 @@ static int HTPParseAndCheckContentRange( SCLogDebug("range without all information"); return -3; } else if (range->start > range->end) { - AppLayerDecoderEventsSetEventRaw(&htud->decoder_events, HTTP_DECODER_EVENT_RANGE_INVALID); + AppLayerDecoderEventsSetEventRaw(&htud->tx_data.events, HTTP_DECODER_EVENT_RANGE_INVALID); s->events++; SCLogDebug("invalid range"); return -4; diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index 730dce8b46..28b10c21d3 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -262,7 +262,7 @@ static void HTPSetEvent(HtpState *s, HtpTxUserData *htud, SCLogDebug("setting event %u", e); if (htud) { - AppLayerDecoderEventsSetEventRaw(&htud->decoder_events, e); + AppLayerDecoderEventsSetEventRaw(&htud->tx_data.events, e); s->events++; return; } @@ -276,7 +276,7 @@ static void HTPSetEvent(HtpState *s, HtpTxUserData *htud, if (tx != NULL) { htud = (HtpTxUserData *) htp_tx_get_user_data(tx); if (htud != NULL) { - AppLayerDecoderEventsSetEventRaw(&htud->decoder_events, e); + AppLayerDecoderEventsSetEventRaw(&htud->tx_data.events, e); s->events++; return; } @@ -284,19 +284,6 @@ static void HTPSetEvent(HtpState *s, HtpTxUserData *htud, SCLogDebug("couldn't set event %u", e); } -static AppLayerDecoderEvents *HTPGetEvents(void *tx) -{ - SCLogDebug("get HTTP events for TX %p", tx); - - HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); - if (htud != NULL) { - SCLogDebug("has htud, htud->decoder_events %p", htud->decoder_events); - return htud->decoder_events; - } - - return NULL; -} - /** \brief Function to allocates the HTTP state memory and also creates the HTTP * connection parser to be used by the HTP library */ @@ -332,7 +319,7 @@ static void HtpTxUserDataFree(HtpState *state, HtpTxUserData *htud) HTPFree(htud->request_headers_raw, htud->request_headers_raw_len); if (htud->response_headers_raw) HTPFree(htud->response_headers_raw, htud->response_headers_raw_len); - AppLayerDecoderEventsFreeEvents(&htud->decoder_events); + AppLayerDecoderEventsFreeEvents(&htud->tx_data.events); if (htud->boundary) HTPFree(htud->boundary, htud->boundary_len); if (htud->tx_data.de_state != NULL) { @@ -3089,7 +3076,6 @@ void RegisterHTPParsers(void) AppLayerParserRegisterStateProgressCompletionStatus( ALPROTO_HTTP1, HTP_REQUEST_COMPLETE, HTP_RESPONSE_COMPLETE); - AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_HTTP1, HTPGetEvents); AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetEventInfo); AppLayerParserRegisterGetEventInfoById( IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetEventInfoById); diff --git a/src/app-layer-htp.h b/src/app-layer-htp.h index 8932fc32f7..e23b08fc1d 100644 --- a/src/app-layer-htp.h +++ b/src/app-layer-htp.h @@ -228,8 +228,6 @@ typedef struct HtpTxUserData_ { uint32_t request_headers_raw_len; uint32_t response_headers_raw_len; - AppLayerDecoderEvents *decoder_events; /**< per tx events */ - /** Holds the boundary identification string if any (used on * multipart/form-data only) */ diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index d93494c4cf..af5ca0726f 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -105,7 +105,6 @@ typedef struct AppLayerParserProtoCtx_ void (*Truncate)(void *, uint8_t); FileContainer *(*StateGetFiles)(void *, uint8_t); - AppLayerDecoderEvents *(*StateGetEvents)(void *); int (*StateGetProgress)(void *alstate, uint8_t direction); uint64_t (*StateGetTxCnt)(void *alstate); @@ -429,17 +428,6 @@ void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto, SCReturn; } -void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto alproto, - AppLayerDecoderEvents *(*StateGetEvents)(void *)) -{ - SCEnter(); - - alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetEvents = - StateGetEvents; - - SCReturn; -} - void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits) { SCEnter(); @@ -833,11 +821,10 @@ AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alp AppLayerDecoderEvents *ptr = NULL; - if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. - StateGetEvents != NULL) - { - ptr = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. - StateGetEvents(tx); + /* Access events via the tx_data. */ + AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx); + if (txd != NULL && txd->events != NULL) { + ptr = txd->events; } SCReturnPtr(ptr, "AppLayerDecoderEvents *"); @@ -1487,7 +1474,7 @@ static void ValidateParserProtoDump(AppProto alproto, uint8_t ipproto) printf("- StateGetProgress %p\n", ctx->StateGetProgress); printf("Optional:\n"); printf("- LocalStorageAlloc %p LocalStorageFree %p\n", ctx->LocalStorageAlloc, ctx->LocalStorageFree); - printf("- StateGetEvents %p StateGetEventInfo %p StateGetEventInfoById %p\n", ctx->StateGetEvents, ctx->StateGetEventInfo, + printf("- StateGetEventInfo %p StateGetEventInfoById %p\n", ctx->StateGetEventInfo, ctx->StateGetEventInfoById); } diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index d7558c5d13..a51f10cb16 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -177,8 +177,8 @@ void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto proto, void (*LocalStorageFree)(void *)); void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto, FileContainer *(*StateGetFiles)(void *, uint8_t)); -void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto proto, - AppLayerDecoderEvents *(*StateGetEvents)(void *) __attribute__((nonnull))); +// void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto proto, +// AppLayerDecoderEvents *(*StateGetEvents)(void *) __attribute__((nonnull))); void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto, LoggerId (*StateGetTxLogged)(void *, void *), void (*StateSetTxLogged)(void *, void *, LoggerId)); diff --git a/src/app-layer-register.c b/src/app-layer-register.c index 65f7d4ddbf..83df3e3557 100644 --- a/src/app-layer-register.c +++ b/src/app-layer-register.c @@ -145,10 +145,6 @@ int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto) AppLayerParserRegisterGetEventInfoById(p->ip_proto, alproto, p->StateGetEventInfoById); } - if (p->StateGetEvents) { - AppLayerParserRegisterGetEventsFunc(p->ip_proto, alproto, - p->StateGetEvents); - } if (p->LocalStorageAlloc && p->LocalStorageFree) { AppLayerParserRegisterLocalStorageFunc(p->ip_proto, alproto, p->LocalStorageAlloc, p->LocalStorageFree); diff --git a/src/app-layer-register.h b/src/app-layer-register.h index ec37f34fc0..b470761c35 100644 --- a/src/app-layer-register.h +++ b/src/app-layer-register.h @@ -49,7 +49,6 @@ typedef struct AppLayerParser { const int complete_tc; int (*StateGetProgress)(void *alstate, uint8_t direction); - AppLayerDecoderEvents *(*StateGetEvents)(void *); int (*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type); int (*StateGetEventInfoById)(int event_id, const char **event_name, diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index e3be620d83..f2a809bf36 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -353,8 +353,8 @@ static void SMTPSetEvent(SMTPState *s, uint8_t e) SCLogDebug("setting event %u", e); if (s->curr_tx != NULL) { - AppLayerDecoderEventsSetEventRaw(&s->curr_tx->decoder_events, e); -// s->events++; + AppLayerDecoderEventsSetEventRaw(&s->curr_tx->tx_data.events, e); + // s->events++; return; } SCLogDebug("couldn't set event %u", e); @@ -1530,8 +1530,8 @@ static void SMTPTransactionFree(SMTPTransaction *tx, SMTPState *state) /* Free list of MIME message recursively */ MimeDecFreeEntity(tx->msg_head); - if (tx->decoder_events != NULL) - AppLayerDecoderEventsFreeEvents(&tx->decoder_events); + if (tx->tx_data.events != NULL) + AppLayerDecoderEventsFreeEvents(&tx->tx_data.events); if (tx->tx_data.de_state != NULL) DetectEngineStateFree(tx->tx_data.de_state); @@ -1544,12 +1544,6 @@ static void SMTPTransactionFree(SMTPTransaction *tx, SMTPState *state) TAILQ_REMOVE(&tx->rcpt_to_list, str, next); SMTPStringFree(str); } -#if 0 - if (tx->decoder_events->cnt <= smtp_state->events) - smtp_state->events -= tx->decoder_events->cnt; - else - smtp_state->events = 0; -#endif SCFree(tx); } @@ -1755,13 +1749,6 @@ static void SMTPStateTruncate(void *state, uint8_t direction) } } -static AppLayerDecoderEvents *SMTPGetEvents(void *tx) -{ - SCLogDebug("get SMTP events for TX %p", tx); - - return ((SMTPTransaction *)tx)->decoder_events; -} - static AppLayerTxData *SMTPGetTxData(void *vtx) { SMTPTransaction *tx = (SMTPTransaction *)vtx; @@ -1795,7 +1782,6 @@ void RegisterSMTPParsers(void) AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateGetEventInfo); AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateGetEventInfoById); - AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPGetEvents); AppLayerParserRegisterLocalStorageFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPLocalStorageAlloc, SMTPLocalStorageFree); diff --git a/src/app-layer-smtp.h b/src/app-layer-smtp.h index 530f4a275a..649cf4852c 100644 --- a/src/app-layer-smtp.h +++ b/src/app-layer-smtp.h @@ -79,8 +79,6 @@ typedef struct SMTPTransaction_ { /** the mime decoding parser state */ MimeDecParseState *mime_state; - AppLayerDecoderEvents *decoder_events; /**< per tx events */ - /* MAIL FROM parameters */ uint8_t *mail_from; uint16_t mail_from_len; diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 5f54356144..3fa5bb0550 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -240,17 +240,10 @@ void SSLSetEvent(SSLState *ssl_state, uint8_t event) return; } - AppLayerDecoderEventsSetEventRaw(&ssl_state->decoder_events, event); + AppLayerDecoderEventsSetEventRaw(&ssl_state->tx_data.events, event); ssl_state->events++; } -static AppLayerDecoderEvents *SSLGetEvents(void *tx) -{ - /* for TLS, TX == state, see GetTx */ - SSLState *ssl_state = (SSLState *)tx; - return ssl_state->decoder_events; -} - static void *SSLGetTx(void *state, uint64_t tx_id) { SSLState *ssl_state = (SSLState *)state; @@ -2678,7 +2671,7 @@ static void SSLStateFree(void *p) if (ssl_state->server_connp.ja3_hash) SCFree(ssl_state->server_connp.ja3_hash); - AppLayerDecoderEventsFreeEvents(&ssl_state->decoder_events); + AppLayerDecoderEventsFreeEvents(&ssl_state->tx_data.events); if (ssl_state->tx_data.de_state != NULL) { DetectEngineStateFree(ssl_state->tx_data.de_state); @@ -2953,8 +2946,6 @@ void RegisterSSLParsers(void) AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TLS, SSLStateTransactionFree); - AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetEvents); - AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx); AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData); diff --git a/src/app-layer-ssl.h b/src/app-layer-ssl.h index a5d9c2d0ff..f5ded77ac4 100644 --- a/src/app-layer-ssl.h +++ b/src/app-layer-ssl.h @@ -249,8 +249,6 @@ typedef struct SSLState_ { SSLStateConnp client_connp; SSLStateConnp server_connp; - - AppLayerDecoderEvents *decoder_events; } SSLState; void RegisterSSLParsers(void); diff --git a/src/app-layer-template.c b/src/app-layer-template.c index 911e98e53d..84812848f6 100644 --- a/src/app-layer-template.c +++ b/src/app-layer-template.c @@ -100,7 +100,7 @@ static void TemplateTxFree(void *txv) SCFree(tx->response_buffer); } - AppLayerDecoderEventsFreeEvents(&tx->decoder_events); + AppLayerDecoderEventsFreeEvents(&tx->tx_data.events); SCFree(tx); } @@ -190,11 +190,6 @@ static int TemplateStateGetEventInfoById(int event_id, const char **event_name, return 0; } -static AppLayerDecoderEvents *TemplateGetEvents(void *tx) -{ - return ((TemplateTransaction *)tx)->decoder_events; -} - /** * \brief Probe the input to server to see if it looks like template. * @@ -303,8 +298,7 @@ static AppLayerResult TemplateParseRequest(Flow *f, void *statev, if ((input_len == 1 && tx->request_buffer[0] == '\n') || (input_len == 2 && tx->request_buffer[0] == '\r')) { SCLogNotice("Creating event for empty message."); - AppLayerDecoderEventsSetEventRaw(&tx->decoder_events, - TEMPLATE_DECODER_EVENT_EMPTY_MESSAGE); + AppLayerDecoderEventsSetEventRaw(&tx->tx_data.events, TEMPLATE_DECODER_EVENT_EMPTY_MESSAGE); } end: @@ -529,8 +523,6 @@ void RegisterTemplateParsers(void) TemplateStateGetEventInfo); AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_TEMPLATE, TemplateStateGetEventInfoById); - AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_TEMPLATE, - TemplateGetEvents); /* Leave this is if your parser can handle gaps, otherwise * remove. */ diff --git a/src/app-layer-template.h b/src/app-layer-template.h index fcd20915c3..461a7e46db 100644 --- a/src/app-layer-template.h +++ b/src/app-layer-template.h @@ -38,10 +38,6 @@ typedef struct TemplateTransaction /** Internal transaction ID. */ uint64_t tx_id; - /** Application layer events that occurred - * while parsing this transaction. */ - AppLayerDecoderEvents *decoder_events; - uint8_t *request_buffer; uint32_t request_buffer_len; diff --git a/src/app-layer-tftp.c b/src/app-layer-tftp.c index 211528a7ea..8721a02165 100644 --- a/src/app-layer-tftp.c +++ b/src/app-layer-tftp.c @@ -71,11 +71,6 @@ static int TFTPStateGetEventInfo(const char *event_name, int *event_id, return -1; } -static AppLayerDecoderEvents *TFTPGetEvents(void *tx) -{ - return NULL; -} - /** * \brief Probe the input to see if it looks like tftp. * @@ -233,8 +228,6 @@ void RegisterTFTPParsers(void) AppLayerParserRegisterGetEventInfo(IPPROTO_UDP, ALPROTO_TFTP, TFTPStateGetEventInfo); - AppLayerParserRegisterGetEventsFunc(IPPROTO_UDP, ALPROTO_TFTP, - TFTPGetEvents); AppLayerParserRegisterTxDataFunc(IPPROTO_UDP, ALPROTO_TFTP, rs_tftp_get_tx_data);