From: Victor Julien Date: Mon, 6 Dec 2021 07:31:25 +0000 (+0100) Subject: app-layer: use StreamSlice as input to parsers X-Git-Tag: suricata-7.0.0-beta1~1087 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F6763%2Fhead;p=thirdparty%2Fsuricata.git app-layer: use StreamSlice as input to parsers Remove input, input_len and flags in favor of stream slice. --- diff --git a/rust/src/applayer.rs b/rust/src/applayer.rs index 6129f6703b..23d2bac27a 100644 --- a/rust/src/applayer.rs +++ b/rust/src/applayer.rs @@ -317,10 +317,7 @@ pub type ParseFn = unsafe extern "C" fn (flow: *const Flow, state: *mut c_void, pstate: *mut c_void, stream_slice: StreamSlice, - input: *const u8, - input_len: u32, - data: *const c_void, - flags: u8) -> AppLayerResult; + data: *const c_void) -> AppLayerResult; pub type ProbeFn = unsafe extern "C" fn (flow: *const Flow, flags: u8, input:*const u8, input_len: u32, rdir: *mut u8) -> AppProto; pub type StateAllocFn = extern "C" fn (*mut c_void, AppProto) -> *mut c_void; pub type StateFreeFn = unsafe extern "C" fn (*mut c_void); diff --git a/rust/src/applayertemplate/template.rs b/rust/src/applayertemplate/template.rs index 065d5f5c4a..8e185edba0 100644 --- a/rust/src/applayertemplate/template.rs +++ b/rust/src/applayertemplate/template.rs @@ -285,11 +285,8 @@ pub unsafe extern "C" fn rs_template_parse_request( _flow: *const Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, - _data: *const std::os::raw::c_void, - _flags: u8, + stream_slice: StreamSlice, + _data: *const std::os::raw::c_void ) -> AppLayerResult { let eof = if AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0 { true @@ -304,13 +301,13 @@ pub unsafe extern "C" fn rs_template_parse_request( let state = cast_pointer!(state, TemplateState); - if input.is_null() && input_len > 0 { + if stream_slice.is_gap() { // Here we have a gap signaled by the input being null, but a greater // than 0 input_len which provides the size of the gap. - state.on_request_gap(input_len); + state.on_request_gap(stream_slice.gap_size()); AppLayerResult::ok() } else { - let buf = build_slice!(input, input_len as usize); + let buf = stream_slice.as_slice(); state.parse_request(buf) } } @@ -320,11 +317,8 @@ pub unsafe extern "C" fn rs_template_parse_response( _flow: *const Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, - _data: *const std::os::raw::c_void, - _flags: u8, + stream_slice: StreamSlice, + _data: *const std::os::raw::c_void ) -> AppLayerResult { let _eof = if AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0 { true @@ -333,13 +327,13 @@ pub unsafe extern "C" fn rs_template_parse_response( }; let state = cast_pointer!(state, TemplateState); - if input.is_null() && input_len > 0 { + if stream_slice.is_gap() { // Here we have a gap signaled by the input being null, but a greater // than 0 input_len which provides the size of the gap. - state.on_response_gap(input_len); + state.on_response_gap(stream_slice.gap_size()); AppLayerResult::ok() } else { - let buf = build_slice!(input, input_len as usize); + let buf = stream_slice.as_slice(); state.parse_response(buf) } } diff --git a/rust/src/dcerpc/dcerpc.rs b/rust/src/dcerpc/dcerpc.rs index ce36f882a4..c4ecd5e012 100644 --- a/rust/src/dcerpc/dcerpc.rs +++ b/rust/src/dcerpc/dcerpc.rs @@ -1129,23 +1129,24 @@ pub extern "C" fn rs_parse_dcerpc_response_gap( #[no_mangle] pub unsafe extern "C" fn rs_dcerpc_parse_request( flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, flags: u8, + stream_slice: StreamSlice, + _data: *const std::os::raw::c_void, ) -> AppLayerResult { let state = cast_pointer!(state, DCERPCState); - SCLogDebug!("Handling request: input {:p} input_len {} flags {:x} EOF {}", - input, input_len, flags, flags & core::STREAM_EOF != 0); - if flags & core::STREAM_EOF != 0 && input_len == 0 { + let flags = stream_slice.flags(); + + SCLogDebug!("Handling request: input_len {} flags {:x} EOF {}", + stream_slice.len(), flags, flags & core::STREAM_EOF != 0); + if flags & core::STREAM_EOF != 0 && stream_slice.len() == 0 { return AppLayerResult::ok(); } /* START with MIDSTREAM set: record might be starting the middle. */ if flags & (core::STREAM_START|core::STREAM_MIDSTREAM) == (core::STREAM_START|core::STREAM_MIDSTREAM) { state.ts_gap = true; } - if input_len > 0 && !input.is_null() { - let buf = build_slice!(input, input_len as usize); + if !stream_slice.is_gap() { state.flow = Some(flow); - return state.handle_input_data(buf, Direction::ToServer); + return state.handle_input_data(stream_slice.as_slice(), Direction::ToServer); } AppLayerResult::err() } @@ -1153,23 +1154,22 @@ pub unsafe extern "C" fn rs_dcerpc_parse_request( #[no_mangle] pub unsafe extern "C" fn rs_dcerpc_parse_response( flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, flags: u8, + stream_slice: StreamSlice, + _data: *const std::os::raw::c_void, ) -> AppLayerResult { let state = cast_pointer!(state, DCERPCState); - if flags & core::STREAM_EOF != 0 && input_len == 0 { + let flags = stream_slice.flags(); + + if flags & core::STREAM_EOF != 0 && stream_slice.len() == 0 { return AppLayerResult::ok(); } /* START with MIDSTREAM set: record might be starting the middle. */ if flags & (core::STREAM_START|core::STREAM_MIDSTREAM) == (core::STREAM_START|core::STREAM_MIDSTREAM) { state.tc_gap = true; } - if input_len > 0 { - if !input.is_null() { - let buf = build_slice!(input, input_len as usize); - state.flow = Some(flow); - return state.handle_input_data(buf, Direction::ToClient); - } + if !stream_slice.is_gap() { + state.flow = Some(flow); + return state.handle_input_data(stream_slice.as_slice(), Direction::ToClient); } AppLayerResult::err() } diff --git a/rust/src/dcerpc/dcerpc_udp.rs b/rust/src/dcerpc/dcerpc_udp.rs index 156a8db7b6..c3d827df9a 100644 --- a/rust/src/dcerpc/dcerpc_udp.rs +++ b/rust/src/dcerpc/dcerpc_udp.rs @@ -207,13 +207,12 @@ impl DCERPCUDPState { #[no_mangle] pub unsafe extern "C" fn rs_dcerpc_udp_parse( _flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, + stream_slice: StreamSlice, + _data: *const std::os::raw::c_void, ) -> AppLayerResult { let state = cast_pointer!(state, DCERPCUDPState); - if input_len > 0 && !input.is_null() { - let buf = build_slice!(input, input_len as usize); - return state.handle_input_data(buf); + if !stream_slice.is_gap() { + return state.handle_input_data(stream_slice.as_slice()); } AppLayerResult::err() } diff --git a/rust/src/dhcp/dhcp.rs b/rust/src/dhcp/dhcp.rs index 076b601797..bc8bd05872 100644 --- a/rust/src/dhcp/dhcp.rs +++ b/rust/src/dhcp/dhcp.rs @@ -228,14 +228,11 @@ pub unsafe extern "C" fn rs_dhcp_state_get_tx_count(state: *mut std::os::raw::c_ pub unsafe extern "C" fn rs_dhcp_parse(_flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8) -> AppLayerResult { + ) -> AppLayerResult { let state = cast_pointer!(state, DHCPState); - let buf = build_slice!(input, input_len as usize); - if state.parse(buf) { + if state.parse(stream_slice.as_slice()) { return AppLayerResult::ok(); } return AppLayerResult::err(); diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 69e98a3225..3bea3d711d 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -668,15 +668,12 @@ pub unsafe extern "C" fn rs_dns_state_tx_free(state: *mut std::os::raw::c_void, pub unsafe extern "C" fn rs_dns_parse_request(_flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8) + ) -> AppLayerResult { let state = cast_pointer!(state, DNSState); - let buf = std::slice::from_raw_parts(input, input_len as usize); - if state.parse_request(buf) { + if state.parse_request(stream_slice.as_slice()) { AppLayerResult::ok() } else { AppLayerResult::err() @@ -687,15 +684,12 @@ pub unsafe extern "C" fn rs_dns_parse_request(_flow: *const core::Flow, pub unsafe extern "C" fn rs_dns_parse_response(_flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8) + ) -> AppLayerResult { let state = cast_pointer!(state, DNSState); - let buf = std::slice::from_raw_parts(input, input_len as usize); - if state.parse_response(buf) { + if state.parse_response(stream_slice.as_slice()) { AppLayerResult::ok() } else { AppLayerResult::err() @@ -707,19 +701,15 @@ pub unsafe extern "C" fn rs_dns_parse_response(_flow: *const core::Flow, pub unsafe extern "C" fn rs_dns_parse_request_tcp(_flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8) + ) -> AppLayerResult { let state = cast_pointer!(state, DNSState); - if input_len > 0 { - if !input.is_null() { - let buf = std::slice::from_raw_parts(input, input_len as usize); - return state.parse_request_tcp(buf); - } - state.request_gap(input_len); + if stream_slice.is_gap() { + state.request_gap(stream_slice.gap_size()); + } else if stream_slice.len() > 0 { + return state.parse_request_tcp(stream_slice.as_slice()); } AppLayerResult::ok() } @@ -728,19 +718,15 @@ pub unsafe extern "C" fn rs_dns_parse_request_tcp(_flow: *const core::Flow, pub unsafe extern "C" fn rs_dns_parse_response_tcp(_flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8) + ) -> AppLayerResult { let state = cast_pointer!(state, DNSState); - if input_len > 0 { - if !input.is_null() { - let buf = std::slice::from_raw_parts(input, input_len as usize); - return state.parse_response_tcp(buf); - } - state.response_gap(input_len); + if stream_slice.is_gap() { + state.response_gap(stream_slice.gap_size()); + } else if stream_slice.len() > 0 { + return state.parse_response_tcp(stream_slice.as_slice()); } AppLayerResult::ok() } diff --git a/rust/src/http2/http2.rs b/rust/src/http2/http2.rs index 45d799ea83..ba5b44e7f0 100644 --- a/rust/src/http2/http2.rs +++ b/rust/src/http2/http2.rs @@ -1087,11 +1087,11 @@ pub unsafe extern "C" fn rs_http2_state_tx_free(state: *mut std::os::raw::c_void #[no_mangle] pub unsafe extern "C" fn rs_http2_parse_ts( flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, + stream_slice: StreamSlice, + _data: *const std::os::raw::c_void ) -> AppLayerResult { let state = cast_pointer!(state, HTTP2State); - let buf = build_slice!(input, input_len as usize); + let buf = stream_slice.as_slice(); state.files.flags_ts = FileFlowToFlags(flow, Direction::ToServer.into()); state.files.flags_ts = state.files.flags_ts | FILE_USE_DETECT; @@ -1101,11 +1101,11 @@ pub unsafe extern "C" fn rs_http2_parse_ts( #[no_mangle] pub unsafe extern "C" fn rs_http2_parse_tc( flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, + stream_slice: StreamSlice, + _data: *const std::os::raw::c_void ) -> AppLayerResult { let state = cast_pointer!(state, HTTP2State); - let buf = build_slice!(input, input_len as usize); + let buf = stream_slice.as_slice(); state.files.flags_tc = FileFlowToFlags(flow, Direction::ToClient.into()); state.files.flags_tc = state.files.flags_tc | FILE_USE_DETECT; return state.parse_tc(buf, flow); diff --git a/rust/src/ike/ike.rs b/rust/src/ike/ike.rs index e0a368255e..40d44167c9 100644 --- a/rust/src/ike/ike.rs +++ b/rust/src/ike/ike.rs @@ -316,24 +316,21 @@ pub unsafe extern "C" fn rs_ike_state_tx_free(state: *mut std::os::raw::c_void, #[no_mangle] pub unsafe extern "C" fn rs_ike_parse_request( _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, + stream_slice: StreamSlice, + _data: *const std::os::raw::c_void, ) -> AppLayerResult { let state = cast_pointer!(state, IKEState); - let buf = build_slice!(input, input_len as usize); - - return state.handle_input(buf, Direction::ToServer); + return state.handle_input(stream_slice.as_slice(), Direction::ToServer); } #[no_mangle] pub unsafe extern "C" fn rs_ike_parse_response( _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, + stream_slice: StreamSlice, + _data: *const std::os::raw::c_void, ) -> AppLayerResult { let state = cast_pointer!(state, IKEState); - let buf = build_slice!(input, input_len as usize); - return state.handle_input(buf, Direction::ToClient); + return state.handle_input(stream_slice.as_slice(), Direction::ToClient); } #[no_mangle] diff --git a/rust/src/krb/krb5.rs b/rust/src/krb/krb5.rs index f96e99b77f..9e11c4c2d4 100644 --- a/rust/src/krb/krb5.rs +++ b/rust/src/krb/krb5.rs @@ -373,12 +373,10 @@ pub unsafe extern "C" fn rs_krb5_probing_parser_tcp(_flow: *const Flow, pub unsafe extern "C" fn rs_krb5_parse_request(_flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8) -> AppLayerResult { - let buf = build_slice!(input,input_len as usize); + ) -> AppLayerResult { + let buf = stream_slice.as_slice(); let state = cast_pointer!(state,KRB5State); if state.parse(buf, Direction::ToServer) < 0 { return AppLayerResult::err(); @@ -390,12 +388,10 @@ pub unsafe extern "C" fn rs_krb5_parse_request(_flow: *const core::Flow, pub unsafe extern "C" fn rs_krb5_parse_response(_flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8) -> AppLayerResult { - let buf = build_slice!(input,input_len as usize); + ) -> AppLayerResult { + let buf = stream_slice.as_slice(); let state = cast_pointer!(state,KRB5State); if state.parse(buf, Direction::ToClient) < 0 { return AppLayerResult::err(); @@ -407,13 +403,11 @@ pub unsafe extern "C" fn rs_krb5_parse_response(_flow: *const core::Flow, pub unsafe extern "C" fn rs_krb5_parse_request_tcp(_flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8) -> AppLayerResult { - let buf = build_slice!(input,input_len as usize); + ) -> AppLayerResult { let state = cast_pointer!(state,KRB5State); + let buf = stream_slice.as_slice(); let mut v : Vec; let tcp_buffer = match state.record_ts { @@ -467,13 +461,11 @@ pub unsafe extern "C" fn rs_krb5_parse_request_tcp(_flow: *const core::Flow, pub unsafe extern "C" fn rs_krb5_parse_response_tcp(_flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8) -> AppLayerResult { - let buf = build_slice!(input,input_len as usize); + ) -> AppLayerResult { let state = cast_pointer!(state,KRB5State); + let buf = stream_slice.as_slice(); let mut v : Vec; let tcp_buffer = match state.record_tc { diff --git a/rust/src/modbus/modbus.rs b/rust/src/modbus/modbus.rs index 094db4fce8..ffdcffa60f 100644 --- a/rust/src/modbus/modbus.rs +++ b/rust/src/modbus/modbus.rs @@ -306,10 +306,11 @@ pub unsafe extern "C" fn rs_modbus_state_tx_free(state: *mut std::os::raw::c_voi #[no_mangle] pub unsafe extern "C" fn rs_modbus_parse_request( _flow: *const core::Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, + stream_slice: StreamSlice, + _data: *const std::os::raw::c_void, ) -> AppLayerResult { - if input_len == 0 { + let buf = stream_slice.as_slice(); + if buf.len() == 0 { if AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) > 0 { return AppLayerResult::ok(); } else { @@ -318,18 +319,17 @@ pub unsafe extern "C" fn rs_modbus_parse_request( } let state = cast_pointer!(state, ModbusState); - let buf = std::slice::from_raw_parts(input, input_len as usize); - state.parse(buf, Direction::ToServer) } #[no_mangle] pub unsafe extern "C" fn rs_modbus_parse_response( _flow: *const core::Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, + stream_slice: StreamSlice, + _data: *const std::os::raw::c_void, ) -> AppLayerResult { - if input_len == 0 { + let buf = stream_slice.as_slice(); + if buf.len() == 0 { if AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC) > 0 { return AppLayerResult::ok(); } else { @@ -338,8 +338,6 @@ pub unsafe extern "C" fn rs_modbus_parse_response( } let state = cast_pointer!(state, ModbusState); - let buf = std::slice::from_raw_parts(input, input_len as usize); - state.parse(buf, Direction::ToClient) } diff --git a/rust/src/mqtt/mqtt.rs b/rust/src/mqtt/mqtt.rs index 1b688ed72a..10682cc1c5 100644 --- a/rust/src/mqtt/mqtt.rs +++ b/rust/src/mqtt/mqtt.rs @@ -565,15 +565,11 @@ pub unsafe extern "C" fn rs_mqtt_parse_request( _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8, ) -> AppLayerResult { let state = cast_pointer!(state, MQTTState); - let buf = build_slice!(input, input_len as usize); - return state.parse_request(buf); + return state.parse_request(stream_slice.as_slice()); } #[no_mangle] @@ -581,15 +577,11 @@ pub unsafe extern "C" fn rs_mqtt_parse_response( _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8, ) -> AppLayerResult { let state = cast_pointer!(state, MQTTState); - let buf = build_slice!(input, input_len as usize); - return state.parse_response(buf); + return state.parse_response(stream_slice.as_slice()); } #[no_mangle] diff --git a/rust/src/nfs/nfs.rs b/rust/src/nfs/nfs.rs index 1cc2a567fc..278d2cc518 100644 --- a/rust/src/nfs/nfs.rs +++ b/rust/src/nfs/nfs.rs @@ -1377,11 +1377,8 @@ pub extern "C" fn rs_nfs_state_free(state: *mut std::os::raw::c_void) { pub unsafe extern "C" fn rs_nfs_parse_request(flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8, ) -> AppLayerResult { let state = cast_pointer!(state, NFSState); @@ -1389,14 +1386,13 @@ pub unsafe extern "C" fn rs_nfs_parse_request(flow: *const Flow, let file_flags = FileFlowToFlags(flow, Direction::ToServer.into()); rs_nfs_setfileflags(Direction::ToServer.into(), state, file_flags); - if input.is_null() == true && input_len > 0 { - return rs_nfs_parse_request_tcp_gap(state, input_len); + if stream_slice.is_gap() { + return rs_nfs_parse_request_tcp_gap(state, stream_slice.gap_size()); } - let buf = std::slice::from_raw_parts(input, input_len as usize); - SCLogDebug!("parsing {} bytes of request data", input_len); + SCLogDebug!("parsing {} bytes of request data", stream_slice.len()); state.update_ts(flow.get_last_time().as_secs()); - state.parse_tcp_data_ts(buf) + state.parse_tcp_data_ts(stream_slice.as_slice()) } #[no_mangle] @@ -1412,11 +1408,8 @@ pub extern "C" fn rs_nfs_parse_request_tcp_gap( pub unsafe extern "C" fn rs_nfs_parse_response(flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8, ) -> AppLayerResult { let state = cast_pointer!(state, NFSState); @@ -1424,14 +1417,13 @@ pub unsafe extern "C" fn rs_nfs_parse_response(flow: *const Flow, let file_flags = FileFlowToFlags(flow, Direction::ToClient.into()); rs_nfs_setfileflags(Direction::ToClient.into(), state, file_flags); - if input.is_null() == true && input_len > 0 { - return rs_nfs_parse_response_tcp_gap(state, input_len); + if stream_slice.is_gap() { + return rs_nfs_parse_response_tcp_gap(state, stream_slice.gap_size()); } - SCLogDebug!("parsing {} bytes of response data", input_len); - let buf = std::slice::from_raw_parts(input, input_len as usize); + SCLogDebug!("parsing {} bytes of response data", stream_slice.len()); state.update_ts(flow.get_last_time().as_secs()); - state.parse_tcp_data_tc(buf) + state.parse_tcp_data_tc(stream_slice.as_slice()) } #[no_mangle] @@ -1448,37 +1440,31 @@ pub extern "C" fn rs_nfs_parse_response_tcp_gap( pub unsafe extern "C" fn rs_nfs_parse_request_udp(f: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8) -> AppLayerResult + ) -> AppLayerResult { let state = cast_pointer!(state, NFSState); let file_flags = FileFlowToFlags(f, Direction::ToServer.into()); rs_nfs_setfileflags(Direction::ToServer.into(), state, file_flags); - let buf = std::slice::from_raw_parts(input, input_len as usize); - SCLogDebug!("parsing {} bytes of request data", input_len); - state.parse_udp_ts(buf) + SCLogDebug!("parsing {} bytes of request data", stream_slice.len()); + state.parse_udp_ts(stream_slice.as_slice()) } #[no_mangle] pub unsafe extern "C" fn rs_nfs_parse_response_udp(f: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8) -> AppLayerResult + ) -> AppLayerResult { let state = cast_pointer!(state, NFSState); let file_flags = FileFlowToFlags(f, Direction::ToClient.into()); rs_nfs_setfileflags(Direction::ToClient.into(), state, file_flags); - SCLogDebug!("parsing {} bytes of response data", input_len); - let buf = std::slice::from_raw_parts(input, input_len as usize); - state.parse_udp_tc(buf) + SCLogDebug!("parsing {} bytes of response data", stream_slice.len()); + state.parse_udp_tc(stream_slice.as_slice()) } #[no_mangle] diff --git a/rust/src/ntp/ntp.rs b/rust/src/ntp/ntp.rs index fd3571e128..f8c888d130 100644 --- a/rust/src/ntp/ntp.rs +++ b/rust/src/ntp/ntp.rs @@ -170,14 +170,11 @@ pub extern "C" fn rs_ntp_state_free(state: *mut std::os::raw::c_void) { pub unsafe extern "C" fn rs_ntp_parse_request(_flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8) -> AppLayerResult { - let buf = build_slice!(input,input_len as usize); + ) -> AppLayerResult { let state = cast_pointer!(state,NTPState); - if state.parse(buf, 0) < 0 { + if state.parse(stream_slice.as_slice(), 0) < 0 { return AppLayerResult::err(); } AppLayerResult::ok() @@ -187,14 +184,11 @@ pub unsafe extern "C" fn rs_ntp_parse_request(_flow: *const core::Flow, pub unsafe extern "C" fn rs_ntp_parse_response(_flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8) -> AppLayerResult { - let buf = build_slice!(input,input_len as usize); + ) -> AppLayerResult { let state = cast_pointer!(state,NTPState); - if state.parse(buf, 1) < 0 { + if state.parse(stream_slice.as_slice(), 1) < 0 { return AppLayerResult::err(); } AppLayerResult::ok() diff --git a/rust/src/rdp/rdp.rs b/rust/src/rdp/rdp.rs index bc28c8a142..835a13029b 100644 --- a/rust/src/rdp/rdp.rs +++ b/rust/src/rdp/rdp.rs @@ -427,11 +427,11 @@ fn probe_tls_handshake(input: &[u8]) -> bool { #[no_mangle] pub unsafe extern "C" fn rs_rdp_parse_ts( _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, + stream_slice: StreamSlice, + _data: *const std::os::raw::c_void ) -> AppLayerResult { let state = cast_pointer!(state, RdpState); - let buf = build_slice!(input, input_len as usize); + let buf = stream_slice.as_slice(); // attempt to parse bytes as `rdp` protocol return state.parse_ts(buf); } @@ -439,11 +439,11 @@ pub unsafe extern "C" fn rs_rdp_parse_ts( #[no_mangle] pub unsafe extern "C" fn rs_rdp_parse_tc( _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, + stream_slice: StreamSlice, + _data: *const std::os::raw::c_void ) -> AppLayerResult { let state = cast_pointer!(state, RdpState); - let buf = build_slice!(input, input_len as usize); + let buf = stream_slice.as_slice(); // attempt to parse bytes as `rdp` protocol return state.parse_tc(buf); } diff --git a/rust/src/rfb/rfb.rs b/rust/src/rfb/rfb.rs index d84720b4da..b07d2321ec 100644 --- a/rust/src/rfb/rfb.rs +++ b/rust/src/rfb/rfb.rs @@ -506,15 +506,11 @@ pub unsafe extern "C" fn rs_rfb_parse_request( _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8, ) -> AppLayerResult { let state = cast_pointer!(state, RFBState); - let buf = build_slice!(input, input_len as usize); - return state.parse_request(buf); + return state.parse_request(stream_slice.as_slice()); } #[no_mangle] @@ -522,15 +518,11 @@ pub unsafe extern "C" fn rs_rfb_parse_response( _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8, ) -> AppLayerResult { let state = cast_pointer!(state, RFBState); - let buf = build_slice!(input, input_len as usize); - return state.parse_response(buf); + return state.parse_response(stream_slice.as_slice()); } #[no_mangle] diff --git a/rust/src/sip/sip.rs b/rust/src/sip/sip.rs index a85ce5d0dd..50ddec0ae9 100755 --- a/rust/src/sip/sip.rs +++ b/rust/src/sip/sip.rs @@ -235,15 +235,11 @@ pub unsafe extern "C" fn rs_sip_parse_request( _flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8, ) -> AppLayerResult { - let buf = build_slice!(input, input_len as usize); let state = cast_pointer!(state, SIPState); - state.parse_request(buf).into() + state.parse_request(stream_slice.as_slice()).into() } #[no_mangle] @@ -251,15 +247,11 @@ pub unsafe extern "C" fn rs_sip_parse_response( _flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8, ) -> AppLayerResult { - let buf = build_slice!(input, input_len as usize); let state = cast_pointer!(state, SIPState); - state.parse_response(buf).into() + state.parse_response(stream_slice.as_slice()).into() } export_tx_data_get!(rs_sip_get_tx_data, SIPTransaction); diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index 1bcf92d651..c9d9aa3be7 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -1793,30 +1793,29 @@ pub extern "C" fn rs_smb_state_free(state: *mut std::os::raw::c_void) { pub unsafe extern "C" fn rs_smb_parse_request_tcp(flow: *const Flow, state: *mut ffi::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - flags: u8) + ) -> AppLayerResult { - let buf = std::slice::from_raw_parts(input, input_len as usize); let mut state = cast_pointer!(state, SMBState); let flow = cast_pointer!(flow, Flow); let file_flags = FileFlowToFlags(flow, Direction::ToServer as u8); rs_smb_setfileflags(Direction::ToServer as u8, state, file_flags|FILE_USE_DETECT); - SCLogDebug!("parsing {} bytes of request data", input_len); - if input.is_null() && input_len > 0 { - return rs_smb_parse_request_tcp_gap(state, input_len); + if stream_slice.is_gap() { + return rs_smb_parse_request_tcp_gap(state, stream_slice.gap_size()); } + + SCLogDebug!("parsing {} bytes of request data", stream_slice.len()); + /* START with MISTREAM set: record might be starting the middle. */ - if flags & (STREAM_START|STREAM_MIDSTREAM) == (STREAM_START|STREAM_MIDSTREAM) { + if stream_slice.flags() & (STREAM_START|STREAM_MIDSTREAM) == (STREAM_START|STREAM_MIDSTREAM) { state.ts_gap = true; } state.update_ts(flow.get_last_time().as_secs()); - state.parse_tcp_data_ts(buf) + state.parse_tcp_data_ts(stream_slice.as_slice()) } #[no_mangle] @@ -1833,11 +1832,9 @@ pub extern "C" fn rs_smb_parse_request_tcp_gap( pub unsafe extern "C" fn rs_smb_parse_response_tcp(flow: *const Flow, state: *mut ffi::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const ffi::c_void, - flags: u8) + ) -> AppLayerResult { let mut state = cast_pointer!(state, SMBState); @@ -1845,19 +1842,18 @@ pub unsafe extern "C" fn rs_smb_parse_response_tcp(flow: *const Flow, let file_flags = FileFlowToFlags(flow, Direction::ToClient as u8); rs_smb_setfileflags(Direction::ToClient as u8, state, file_flags|FILE_USE_DETECT); - if input.is_null() && input_len > 0 { - return rs_smb_parse_response_tcp_gap(state, input_len); + if stream_slice.is_gap() { + return rs_smb_parse_response_tcp_gap(state, stream_slice.gap_size()); } - SCLogDebug!("parsing {} bytes of response data", input_len); - let buf = std::slice::from_raw_parts(input, input_len as usize); + SCLogDebug!("parsing {} bytes of response data", stream_slice.len()); /* START with MISTREAM set: record might be starting the middle. */ - if flags & (STREAM_START|STREAM_MIDSTREAM) == (STREAM_START|STREAM_MIDSTREAM) { + if stream_slice.flags() & (STREAM_START|STREAM_MIDSTREAM) == (STREAM_START|STREAM_MIDSTREAM) { state.tc_gap = true; } state.update_ts(flow.get_last_time().as_secs()); - state.parse_tcp_data_tc(buf) + state.parse_tcp_data_tc(stream_slice.as_slice()) } #[no_mangle] diff --git a/rust/src/snmp/snmp.rs b/rust/src/snmp/snmp.rs index 386c7db4d6..976d2590be 100644 --- a/rust/src/snmp/snmp.rs +++ b/rust/src/snmp/snmp.rs @@ -265,28 +265,22 @@ pub extern "C" fn rs_snmp_state_free(state: *mut std::os::raw::c_void) { pub unsafe extern "C" fn rs_snmp_parse_request(_flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8) -> AppLayerResult { - let buf = build_slice!(input,input_len as usize); + ) -> AppLayerResult { let state = cast_pointer!(state,SNMPState); - state.parse(buf, Direction::ToServer).into() + state.parse(stream_slice.as_slice(), Direction::ToServer).into() } #[no_mangle] pub unsafe extern "C" fn rs_snmp_parse_response(_flow: *const core::Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, - input_len: u32, + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, - _flags: u8) -> AppLayerResult { - let buf = build_slice!(input,input_len as usize); + ) -> AppLayerResult { let state = cast_pointer!(state,SNMPState); - state.parse(buf, Direction::ToClient).into() + state.parse(stream_slice.as_slice(), Direction::ToClient).into() } #[no_mangle] diff --git a/rust/src/ssh/ssh.rs b/rust/src/ssh/ssh.rs index 5c8ec34e27..c5a4fc62d5 100644 --- a/rust/src/ssh/ssh.rs +++ b/rust/src/ssh/ssh.rs @@ -353,11 +353,11 @@ pub extern "C" fn rs_ssh_state_tx_free(_state: *mut std::os::raw::c_void, _tx_id #[no_mangle] pub unsafe extern "C" fn rs_ssh_parse_request( _flow: *const Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, + stream_slice: StreamSlice, + _data: *const std::os::raw::c_void ) -> AppLayerResult { let state = &mut cast_pointer!(state, SSHState); - let buf = build_slice!(input, input_len as usize); + let buf = stream_slice.as_slice(); let hdr = &mut state.transaction.cli_hdr; if hdr.flags < SSHConnectionState::SshStateBannerDone { return state.parse_banner(buf, false, pstate); @@ -369,11 +369,11 @@ pub unsafe extern "C" fn rs_ssh_parse_request( #[no_mangle] pub unsafe extern "C" fn rs_ssh_parse_response( _flow: *const Flow, state: *mut std::os::raw::c_void, pstate: *mut std::os::raw::c_void, - _stream_slice: StreamSlice, - input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, + stream_slice: StreamSlice, + _data: *const std::os::raw::c_void ) -> AppLayerResult { let state = &mut cast_pointer!(state, SSHState); - let buf = build_slice!(input, input_len as usize); + let buf = stream_slice.as_slice(); let hdr = &mut state.transaction.srv_hdr; if hdr.flags < SSHConnectionState::SshStateBannerDone { return state.parse_banner(buf, true, pstate); diff --git a/src/app-layer-dnp3.c b/src/app-layer-dnp3.c index 1be6fa4536..88c3a16150 100644 --- a/src/app-layer-dnp3.c +++ b/src/app-layer-dnp3.c @@ -23,6 +23,7 @@ #include "util-print.h" +#include "app-layer.h" #include "app-layer-protos.h" #include "app-layer-parser.h" #include "app-layer-detect-proto.h" @@ -1131,14 +1132,16 @@ error: * multiple frames, but not the complete final frame). */ static AppLayerResult DNP3ParseRequest(Flow *f, void *state, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { SCEnter(); DNP3State *dnp3 = (DNP3State *)state; DNP3Buffer *buffer = &dnp3->request_buffer; int processed = 0; + const uint8_t *input = StreamSliceGetData(&stream_slice); + uint32_t input_len = StreamSliceGetDataLen(&stream_slice); + if (input_len == 0) { SCReturnStruct(APP_LAYER_OK); } @@ -1271,8 +1274,7 @@ error: * See DNP3ParseResponsePDUs for DNP3 frame handling. */ static AppLayerResult DNP3ParseResponse(Flow *f, void *state, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { SCEnter(); @@ -1280,6 +1282,9 @@ static AppLayerResult DNP3ParseResponse(Flow *f, void *state, AppLayerParserStat DNP3Buffer *buffer = &dnp3->response_buffer; int processed; + const uint8_t *input = StreamSliceGetData(&stream_slice); + uint32_t input_len = StreamSliceGetDataLen(&stream_slice); + if (buffer->len) { if (!DNP3BufferAdd(buffer, input, input_len)) { SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate memory to buffer " diff --git a/src/app-layer-enip.c b/src/app-layer-enip.c index 2ad0e326f9..cc814bc808 100644 --- a/src/app-layer-enip.c +++ b/src/app-layer-enip.c @@ -34,6 +34,7 @@ #include "stream.h" +#include "app-layer.h" #include "app-layer-protos.h" #include "app-layer-parser.h" #include "app-layer-enip.h" @@ -290,13 +291,15 @@ static void ENIPStateTransactionFree(void *state, uint64_t tx_id) * \retval 1 when the command is parsed, 0 otherwise */ static AppLayerResult ENIPParse(Flow *f, void *state, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { SCEnter(); ENIPState *enip = (ENIPState *) state; ENIPTransaction *tx; + const uint8_t *input = StreamSliceGetData(&stream_slice); + uint32_t input_len = StreamSliceGetDataLen(&stream_slice); + if (input == NULL && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS|APP_LAYER_PARSER_EOF_TC)) { diff --git a/src/app-layer-ftp.c b/src/app-layer-ftp.c index e017fa9dc8..2cb03025a5 100644 --- a/src/app-layer-ftp.c +++ b/src/app-layer-ftp.c @@ -539,16 +539,12 @@ static uint32_t CopyCommandLine(uint8_t **dest, const uint8_t *src, uint32_t len /** * \brief This function is called to retrieve a ftp request * \param ftp_state the ftp state structure for the parser - * \param input input line of the command - * \param input_len length of the request - * \param output the resulting output * * \retval APP_LAYER_OK when input was process successfully * \retval APP_LAYER_ERROR when a unrecoverable error was encountered */ static AppLayerResult FTPParseRequest(Flow *f, void *ftp_state, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { FTPThreadCtx *thread_data = local_data; @@ -558,6 +554,9 @@ static AppLayerResult FTPParseRequest(Flow *f, void *ftp_state, AppLayerParserSt FtpState *state = (FtpState *)ftp_state; void *ptmp; + const uint8_t *input = StreamSliceGetData(&stream_slice); + uint32_t input_len = StreamSliceGetDataLen(&stream_slice); + if (input == NULL && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) { SCReturnStruct(APP_LAYER_OK); } else if (input == NULL || input_len == 0) { @@ -732,11 +731,13 @@ static inline bool FTPIsPPR(const uint8_t *input, uint32_t input_len) * \retval 1 when the command is parsed, 0 otherwise */ static AppLayerResult FTPParseResponse(Flow *f, void *ftp_state, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { FtpState *state = (FtpState *)ftp_state; + const uint8_t *input = StreamSliceGetData(&stream_slice); + uint32_t input_len = StreamSliceGetDataLen(&stream_slice); + if (unlikely(input_len == 0)) { SCReturnStruct(APP_LAYER_OK); } @@ -1021,19 +1022,18 @@ static StreamingBufferConfig sbcfg = STREAMING_BUFFER_CONFIG_INITIALIZER; /** * \brief This function is called to retrieve a ftp request * \param ftp_state the ftp state structure for the parser - * \param input input line of the command - * \param input_len length of the request * \param output the resulting output * * \retval 1 when the command is parsed, 0 otherwise */ static AppLayerResult FTPDataParse(Flow *f, FtpDataState *ftpdata_state, - AppLayerParserState *pstate, - const uint8_t *input, uint32_t input_len, - void *local_data, int direction) + AppLayerParserState *pstate, StreamSlice stream_slice, void *local_data, int direction) { + const uint8_t *input = StreamSliceGetData(&stream_slice); + uint32_t input_len = StreamSliceGetDataLen(&stream_slice); uint16_t flags = FileFlowToFlags(f, direction); int ret = 0; + /* we depend on detection engine for file pruning */ flags |= FILE_USE_DETECT; if (ftpdata_state->files == NULL) { @@ -1113,19 +1113,15 @@ out: } static AppLayerResult FTPDataParseRequest(Flow *f, void *ftp_state, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { - return FTPDataParse(f, ftp_state, pstate, input, input_len, - local_data, STREAM_TOSERVER); + return FTPDataParse(f, ftp_state, pstate, stream_slice, local_data, STREAM_TOSERVER); } static AppLayerResult FTPDataParseResponse(Flow *f, void *ftp_state, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { - return FTPDataParse(f, ftp_state, pstate, input, input_len, - local_data, STREAM_TOCLIENT); + return FTPDataParse(f, ftp_state, pstate, stream_slice, local_data, STREAM_TOCLIENT); } #ifdef DEBUG diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index dbe0b5658d..bd169e10c0 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -808,15 +808,11 @@ error: * \param flow Pointer to the flow the data belong to * \param htp_state Pointer the state in which the parsed value to be stored * \param pstate Application layer parser state for this session - * \param input Pointer the received HTTP client data - * \param input_len Length in bytes of the received data - * \param output Pointer to the output (not used in this function) * * \retval On success returns 1 or on failure returns -1. */ static AppLayerResult HTPHandleRequestData(Flow *f, void *htp_state, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { SCEnter(); int ret = 0; @@ -833,6 +829,9 @@ static AppLayerResult HTPHandleRequestData(Flow *f, void *htp_state, AppLayerPar } DEBUG_VALIDATE_BUG_ON(hstate->connp == NULL); + const uint8_t *input = StreamSliceGetData(&stream_slice); + uint32_t input_len = StreamSliceGetDataLen(&stream_slice); + htp_time_t ts = { f->lastts.tv_sec, f->lastts.tv_usec }; /* pass the new data to the htp parser */ if (input_len > 0) { @@ -878,13 +877,15 @@ static AppLayerResult HTPHandleRequestData(Flow *f, void *htp_state, AppLayerPar * \retval On success returns 1 or on failure returns -1 */ static AppLayerResult HTPHandleResponseData(Flow *f, void *htp_state, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { SCEnter(); int ret = 0; HtpState *hstate = (HtpState *)htp_state; + const uint8_t *input = StreamSliceGetData(&stream_slice); + uint32_t input_len = StreamSliceGetDataLen(&stream_slice); + /* On the first invocation, create the connection parser structure to * be used by HTP library. This is looked up via IP in the radix * tree. Failing that, the default HTP config is used. diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 54633abff5..4c6734fdc2 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -1238,8 +1238,8 @@ int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow Setup(f, flags & (STREAM_TOSERVER | STREAM_TOCLIENT), input, input_len, flags, &stream_slice); /* invoke the parser */ - AppLayerResult res = p->Parser[direction](f, alstate, pstate, stream_slice, input, - input_len, alp_tctx->alproto_local_storage[f->protomap][alproto], flags); + AppLayerResult res = p->Parser[direction](f, alstate, pstate, stream_slice, + alp_tctx->alproto_local_storage[f->protomap][alproto]); if (res.status < 0) { goto error; } else if (res.status > 0) { @@ -1666,8 +1666,7 @@ typedef struct TestState_ { * parser of occurence of an error. */ static AppLayerResult TestProtocolParser(Flow *f, void *test_state, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { SCEnter(); SCReturnStruct(APP_LAYER_ERROR); diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index 78dc457319..357c5153eb 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -137,8 +137,7 @@ int AppLayerParserConfParserEnabled(const char *ipproto, /** \brief Prototype for parsing functions */ typedef AppLayerResult (*AppLayerParserFPtr)(Flow *f, void *protocol_state, - AppLayerParserState *pstate, StreamSlice stream_slice, const uint8_t *buf, uint32_t buf_len, - void *local_storage, const uint8_t flags); + AppLayerParserState *pstate, StreamSlice stream_slice, void *local_storage); typedef struct AppLayerGetTxIterState { union { diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index 3f74a935fa..d0f946272c 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -1379,12 +1379,13 @@ static int SMTPProcessRequest(SMTPState *state, Flow *f, } static AppLayerResult SMTPParse(int direction, Flow *f, SMTPState *state, - AppLayerParserState *pstate, const uint8_t *input, - uint32_t input_len, - SMTPThreadCtx *thread_data) + AppLayerParserState *pstate, StreamSlice stream_slice, SMTPThreadCtx *thread_data) { SCEnter(); + const uint8_t *input = StreamSliceGetData(&stream_slice); + uint32_t input_len = StreamSliceGetDataLen(&stream_slice); + if (input == NULL && ((direction == 0 && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) || (direction == 1 && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TC)))) { @@ -1416,23 +1417,21 @@ static AppLayerResult SMTPParse(int direction, Flow *f, SMTPState *state, } static AppLayerResult SMTPParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { SCEnter(); /* first arg 0 is toserver */ - return SMTPParse(0, f, alstate, pstate, input, input_len, local_data); + return SMTPParse(0, f, alstate, pstate, stream_slice, local_data); } static AppLayerResult SMTPParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { SCEnter(); /* first arg 1 is toclient */ - return SMTPParse(1, f, alstate, pstate, input, input_len, local_data); + return SMTPParse(1, f, alstate, pstate, stream_slice, local_data); } /** diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 2f52bdb0fe..fbab51ab34 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -2459,8 +2459,6 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state, * \param direction 0 for toserver, 1 for toclient. * \param alstate Pointer to the state. * \param pstate Application layer parser state for this session. - * \param input Pointer the received input data. - * \param input_len Length in bytes of the received data. * \param output Pointer to the list of parsed output elements. * * \todo On reaching an inconsistent state, check if the input has @@ -2468,13 +2466,14 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state, * * \retval >=0 On success. */ -static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserState *pstate, - const uint8_t *input, uint32_t ilen) +static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate, + AppLayerParserState *pstate, StreamSlice stream_slice) { SSLState *ssl_state = (SSLState *)alstate; uint32_t counter = 0; - int32_t input_len = (int32_t)ilen; ssl_state->f = f; + const uint8_t *input = StreamSliceGetData(&stream_slice); + int32_t input_len = (int32_t)StreamSliceGetDataLen(&stream_slice); if (input == NULL && ((direction == 0 && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS)) || @@ -2593,17 +2592,15 @@ static AppLayerResult SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLa } static AppLayerResult SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { - return SSLDecode(f, 0 /* toserver */, alstate, pstate, input, input_len); + return SSLDecode(f, 0 /* toserver */, alstate, pstate, stream_slice); } static AppLayerResult SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { - return SSLDecode(f, 1 /* toclient */, alstate, pstate, input, input_len); + return SSLDecode(f, 1 /* toclient */, alstate, pstate, stream_slice); } /** diff --git a/src/app-layer-template.c b/src/app-layer-template.c index f091599267..68fafeb2d7 100644 --- a/src/app-layer-template.c +++ b/src/app-layer-template.c @@ -36,6 +36,7 @@ #include "suricata-common.h" #include "stream.h" #include "conf.h" +#include "app-layer.h" #include "app-layer-detect-proto.h" #include "app-layer-parser.h" #include "app-layer-template.h" @@ -233,10 +234,12 @@ static AppProto TemplateProbingParserTc(Flow *f, uint8_t direction, } static AppLayerResult TemplateParseRequest(Flow *f, void *statev, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { TemplateState *state = statev; + const uint8_t *input = StreamSliceGetData(&stream_slice); + uint32_t input_len = StreamSliceGetDataLen(&stream_slice); + const uint8_t flags = StreamSliceGetFlags(&stream_slice); SCLogNotice("Parsing template request: len=%"PRIu32, input_len); @@ -306,11 +309,12 @@ end: } static AppLayerResult TemplateParseResponse(Flow *f, void *statev, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { TemplateState *state = statev; TemplateTransaction *tx = NULL, *ttx; + const uint8_t *input = StreamSliceGetData(&stream_slice); + uint32_t input_len = StreamSliceGetDataLen(&stream_slice); SCLogNotice("Parsing Template response."); diff --git a/src/app-layer-tftp.c b/src/app-layer-tftp.c index ba560ea820..7c8ea7cce6 100644 --- a/src/app-layer-tftp.c +++ b/src/app-layer-tftp.c @@ -31,6 +31,7 @@ #include "util-unittest.h" +#include "app-layer.h" #include "app-layer-detect-proto.h" #include "app-layer-parser.h" @@ -92,9 +93,11 @@ static AppProto TFTPProbingParser(Flow *f, uint8_t direction, } static AppLayerResult TFTPParseRequest(Flow *f, void *state, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { + const uint8_t *input = StreamSliceGetData(&stream_slice); + uint32_t input_len = StreamSliceGetDataLen(&stream_slice); + SCLogDebug("Parsing tftp request: len=%" PRIu32, input_len); /* Likely connection closed, we can just return here. */ @@ -120,8 +123,7 @@ static AppLayerResult TFTPParseRequest(Flow *f, void *state, AppLayerParserState * \brief Response parsing is not implemented */ static AppLayerResult TFTPParseResponse(Flow *f, void *state, AppLayerParserState *pstate, - StreamSlice stream_slice, const uint8_t *input, uint32_t input_len, void *local_data, - const uint8_t flags) + StreamSlice stream_slice, void *local_data) { SCReturnStruct(APP_LAYER_OK); }