From 7bc3c3ac6e003aee4597ba7b1435ee1062802271 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 21 Jun 2018 11:23:27 +0200 Subject: [PATCH] app-layer: pass STREAM_* flags to parser Pass the STREAM_* flags to the app-layer parser functions so that the parser can know more about how it is called. --- rust/src/dhcp/dhcp.rs | 3 ++- rust/src/ikev2/ikev2.rs | 6 ++++-- rust/src/krb/krb5.rs | 16 ++++++++------ rust/src/ntp/ntp.rs | 6 ++++-- rust/src/parser.rs | 3 ++- src/app-layer-dcerpc-udp.c | 2 +- src/app-layer-dcerpc.c | 4 ++-- src/app-layer-dnp3.c | 6 ++++-- src/app-layer-dns-tcp-rust.c | 6 +++--- src/app-layer-dns-tcp.c | 6 +++--- src/app-layer-dns-udp-rust.c | 14 ++++++------ src/app-layer-dns-udp.c | 42 +++++++++++++++++++----------------- src/app-layer-enip.c | 3 ++- src/app-layer-ftp.c | 8 +++---- src/app-layer-htp.c | 4 ++-- src/app-layer-modbus.c | 6 ++++-- src/app-layer-nfs-tcp.c | 5 +++-- src/app-layer-nfs-udp.c | 5 +++-- src/app-layer-parser.c | 5 +++-- src/app-layer-parser.h | 2 +- src/app-layer-smb-tcp-rust.c | 4 ++-- src/app-layer-smb.c | 4 ++-- src/app-layer-smb2.c | 2 +- src/app-layer-smtp.c | 4 ++-- src/app-layer-ssh.c | 4 ++-- src/app-layer-ssl.c | 4 ++-- src/app-layer-template.c | 5 +++-- src/app-layer-tftp.c | 5 +++-- src/stream.h | 1 + 29 files changed, 104 insertions(+), 81 deletions(-) diff --git a/rust/src/dhcp/dhcp.rs b/rust/src/dhcp/dhcp.rs index bcd1fc7154..8bfb3bd367 100644 --- a/rust/src/dhcp/dhcp.rs +++ b/rust/src/dhcp/dhcp.rs @@ -258,7 +258,8 @@ pub extern "C" fn rs_dhcp_parse(_flow: *const core::Flow, _pstate: *mut libc::c_void, input: *const libc::uint8_t, input_len: u32, - _data: *const libc::c_void) -> i8 { + _data: *const libc::c_void, + _flags: u8) -> i8 { let state = cast_pointer!(state, DHCPState); let buf = build_slice!(input, input_len as usize); if state.parse(buf) { diff --git a/rust/src/ikev2/ikev2.rs b/rust/src/ikev2/ikev2.rs index 304f3063c5..908ab57e76 100644 --- a/rust/src/ikev2/ikev2.rs +++ b/rust/src/ikev2/ikev2.rs @@ -443,7 +443,8 @@ pub extern "C" fn rs_ikev2_parse_request(_flow: *const core::Flow, _pstate: *mut libc::c_void, input: *const libc::uint8_t, input_len: u32, - _data: *const libc::c_void) -> i8 { + _data: *const libc::c_void, + _flags: u8) -> i8 { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,IKEV2State); state.parse(buf, STREAM_TOSERVER) @@ -455,7 +456,8 @@ pub extern "C" fn rs_ikev2_parse_response(_flow: *const core::Flow, pstate: *mut libc::c_void, input: *const libc::uint8_t, input_len: u32, - _data: *const libc::c_void) -> i8 { + _data: *const libc::c_void, + _flags: u8) -> i8 { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,IKEV2State); let res = state.parse(buf, STREAM_TOCLIENT); diff --git a/rust/src/krb/krb5.rs b/rust/src/krb/krb5.rs index 43a30eda65..846a5505c0 100644 --- a/rust/src/krb/krb5.rs +++ b/rust/src/krb/krb5.rs @@ -461,7 +461,8 @@ pub extern "C" fn rs_krb5_parse_request(_flow: *const core::Flow, _pstate: *mut libc::c_void, input: *const libc::uint8_t, input_len: u32, - _data: *const libc::c_void) -> i8 { + _data: *const libc::c_void, + _flags: u8) -> i8 { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,KRB5State); state.parse(buf, STREAM_TOSERVER) @@ -473,7 +474,8 @@ pub extern "C" fn rs_krb5_parse_response(_flow: *const core::Flow, _pstate: *mut libc::c_void, input: *const libc::uint8_t, input_len: u32, - _data: *const libc::c_void) -> i8 { + _data: *const libc::c_void, + _flags: u8) -> i8 { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,KRB5State); state.parse(buf, STREAM_TOCLIENT) @@ -485,7 +487,8 @@ pub extern "C" fn rs_krb5_parse_request_tcp(_flow: *const core::Flow, _pstate: *mut libc::c_void, input: *const libc::uint8_t, input_len: u32, - _data: *const libc::c_void) -> i8 { + _data: *const libc::c_void, + _flags: u8) -> i8 { if input_len < 4 { return -1; } let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,KRB5State); @@ -497,7 +500,7 @@ pub extern "C" fn rs_krb5_parse_request_tcp(_flow: *const core::Flow, _ => { // sanity check to avoid memory exhaustion if state.defrag_buf_ts.len() + buf.len() > 100000 { - SCLogDebug!("rs_krb5_parse_response_tcp: TCP buffer exploded {} {}", + SCLogDebug!("rs_krb5_parse_resquest_tcp: TCP buffer exploded {} {}", state.defrag_buf_ts.len(), buf.len()); return 1; } @@ -515,7 +518,7 @@ pub extern "C" fn rs_krb5_parse_request_tcp(_flow: *const core::Flow, cur_i = rem; }, _ => { - SCLogDebug!("rs_krb5_parse_response_tcp: reading record mark failed!"); + SCLogDebug!("rs_krb5_parse_request_tcp: reading record mark failed!"); return 1; } } @@ -542,7 +545,8 @@ pub extern "C" fn rs_krb5_parse_response_tcp(_flow: *const core::Flow, _pstate: *mut libc::c_void, input: *const libc::uint8_t, input_len: u32, - _data: *const libc::c_void) -> i8 { + _data: *const libc::c_void, + _flags: u8) -> i8 { if input_len < 4 { return -1; } let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,KRB5State); diff --git a/rust/src/ntp/ntp.rs b/rust/src/ntp/ntp.rs index 78727414fd..ee6b4a02fb 100644 --- a/rust/src/ntp/ntp.rs +++ b/rust/src/ntp/ntp.rs @@ -195,7 +195,8 @@ pub extern "C" fn rs_ntp_parse_request(_flow: *const core::Flow, _pstate: *mut libc::c_void, input: *const libc::uint8_t, input_len: u32, - _data: *const libc::c_void) -> i8 { + _data: *const libc::c_void, + _flags: u8) -> i8 { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,NTPState); state.parse(buf, 0) @@ -207,7 +208,8 @@ pub extern "C" fn rs_ntp_parse_response(_flow: *const core::Flow, _pstate: *mut libc::c_void, input: *const libc::uint8_t, input_len: u32, - _data: *const libc::c_void) -> i8 { + _data: *const libc::c_void, + _flags: u8) -> i8 { let buf = build_slice!(input,input_len as usize); let state = cast_pointer!(state,NTPState); state.parse(buf, 1) diff --git a/rust/src/parser.rs b/rust/src/parser.rs index 227f3fc938..dce39f827c 100644 --- a/rust/src/parser.rs +++ b/rust/src/parser.rs @@ -123,7 +123,8 @@ pub type ParseFn = extern "C" fn (flow: *const Flow, pstate: *mut c_void, input: *const u8, input_len: u32, - data: *const c_void) -> i8; + data: *const c_void, + flags: u8) -> i8; pub type ProbeFn = extern "C" fn (flow: *const Flow,input:*const u8, input_len: u32, offset: *const u32) -> AppProto; pub type StateAllocFn = extern "C" fn () -> *mut c_void; pub type StateFreeFn = extern "C" fn (*mut c_void); diff --git a/src/app-layer-dcerpc-udp.c b/src/app-layer-dcerpc-udp.c index c721c23cf5..6e845a8c79 100644 --- a/src/app-layer-dcerpc-udp.c +++ b/src/app-layer-dcerpc-udp.c @@ -717,7 +717,7 @@ static int DCERPCUDPParseHeader(Flow *f, void *dcerpcudp_state, static int DCERPCUDPParse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { uint32_t retval = 0; uint32_t parsed = 0; diff --git a/src/app-layer-dcerpc.c b/src/app-layer-dcerpc.c index 60e4950398..a9923e995d 100644 --- a/src/app-layer-dcerpc.c +++ b/src/app-layer-dcerpc.c @@ -1922,7 +1922,7 @@ static int DCERPCParse(Flow *f, void *dcerpc_state, static int DCERPCParseRequest(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { return DCERPCParse(f, dcerpc_state, pstate, input, input_len, local_data, 0); @@ -1931,7 +1931,7 @@ static int DCERPCParseRequest(Flow *f, void *dcerpc_state, static int DCERPCParseResponse(Flow *f, void *dcerpc_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { return DCERPCParse(f, dcerpc_state, pstate, input, input_len, local_data, 1); diff --git a/src/app-layer-dnp3.c b/src/app-layer-dnp3.c index c791fa7802..fe12d77964 100644 --- a/src/app-layer-dnp3.c +++ b/src/app-layer-dnp3.c @@ -1111,7 +1111,8 @@ error: * multiple frames, but not the complete final frame). */ static int DNP3ParseRequest(Flow *f, void *state, AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, void *local_data) + uint8_t *input, uint32_t input_len, void *local_data, + const uint8_t flags) { SCEnter(); DNP3State *dnp3 = (DNP3State *)state; @@ -1250,7 +1251,8 @@ error: * See DNP3ParseResponsePDUs for DNP3 frame handling. */ static int DNP3ParseResponse(Flow *f, void *state, AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, void *local_data) + uint8_t *input, uint32_t input_len, void *local_data, + const uint8_t flags) { SCEnter(); DNP3State *dnp3 = (DNP3State *)state; diff --git a/src/app-layer-dns-tcp-rust.c b/src/app-layer-dns-tcp-rust.c index fa220e5ae3..7739cde506 100644 --- a/src/app-layer-dns-tcp-rust.c +++ b/src/app-layer-dns-tcp-rust.c @@ -36,7 +36,7 @@ static void RustDNSTCPParserRegisterTests(void); static int RustDNSTCPParseRequest(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { SCLogDebug("RustDNSTCPParseRequest"); return rs_dns_parse_request_tcp(f, state, pstate, input, input_len, @@ -45,7 +45,7 @@ static int RustDNSTCPParseRequest(Flow *f, void *state, static int RustDNSTCPParseResponse(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { SCLogDebug("RustDNSTCPParseResponse"); return rs_dns_parse_response_tcp(f, state, pstate, input, input_len, @@ -295,7 +295,7 @@ static int RustDNSTCPParserTestMultiRecord(void) f->alstate = state; FAIL_IF(RustDNSTCPParseRequest(f, f->alstate, NULL, req, reqlen, - NULL) < 0); + NULL, STREAM_START) < 0); FAIL_IF(rs_dns_state_get_tx_count(state) != 20); UTHFreeFlow(f); diff --git a/src/app-layer-dns-tcp.c b/src/app-layer-dns-tcp.c index 74f44012d3..4945123e68 100644 --- a/src/app-layer-dns-tcp.c +++ b/src/app-layer-dns-tcp.c @@ -290,7 +290,7 @@ insufficient_data: static int DNSTCPRequestParse(Flow *f, void *dstate, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { DNSState *dns_state = (DNSState *)dstate; SCLogDebug("starting %u", input_len); @@ -531,7 +531,7 @@ insufficient_data: static int DNSTCPResponseParse(Flow *f, void *dstate, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { DNSState *dns_state = (DNSState *)dstate; @@ -887,7 +887,7 @@ static int DNSTCPParserTestMultiRecord(void) f->alproto = ALPROTO_DNS; f->alstate = state; - FAIL_IF_NOT(DNSTCPRequestParse(f, f->alstate, NULL, req, reqlen, NULL)); + FAIL_IF_NOT(DNSTCPRequestParse(f, f->alstate, NULL, req, reqlen, NULL, STREAM_START)); FAIL_IF(state->transaction_max != 20); UTHFreeFlow(f); diff --git a/src/app-layer-dns-udp-rust.c b/src/app-layer-dns-udp-rust.c index 5c95fb5d31..8c3388e1cd 100644 --- a/src/app-layer-dns-udp-rust.c +++ b/src/app-layer-dns-udp-rust.c @@ -36,7 +36,7 @@ static void RustDNSUDPParserRegisterTests(void); static int RustDNSUDPParseRequest(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { return rs_dns_parse_request(f, state, pstate, input, input_len, local_data); @@ -44,7 +44,7 @@ static int RustDNSUDPParseRequest(Flow *f, void *state, static int RustDNSUDPParseResponse(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { return rs_dns_parse_response(f, state, pstate, input, input_len, local_data); @@ -229,7 +229,7 @@ static int RustDNSUDPParserTest01 (void) FAIL_IF_NULL(f->alstate); FAIL_IF_NOT(RustDNSUDPParseResponse(f, f->alstate, NULL, buf, buflen, - NULL)); + NULL, STREAM_START)); UTHFreeFlow(f); PASS; @@ -260,7 +260,7 @@ static int RustDNSUDPParserTest02 (void) FAIL_IF_NULL(f->alstate); FAIL_IF_NOT(RustDNSUDPParseResponse(f, f->alstate, NULL, buf, buflen, - NULL)); + NULL, STREAM_START)); UTHFreeFlow(f); PASS; @@ -291,7 +291,7 @@ static int RustDNSUDPParserTest03 (void) FAIL_IF_NULL(f->alstate); FAIL_IF_NOT(RustDNSUDPParseResponse(f, f->alstate, NULL, buf, buflen, - NULL)); + NULL, STREAM_START)); UTHFreeFlow(f); PASS; @@ -325,7 +325,7 @@ static int RustDNSUDPParserTest04 (void) FAIL_IF_NULL(f->alstate); FAIL_IF_NOT(RustDNSUDPParseResponse(f, f->alstate, NULL, buf, buflen, - NULL)); + NULL, STREAM_START)); UTHFreeFlow(f); PASS; @@ -359,7 +359,7 @@ static int RustDNSUDPParserTest05 (void) FAIL_IF_NULL(f->alstate); FAIL_IF(RustDNSUDPParseResponse(f, f->alstate, NULL, buf, buflen, - NULL) != -1); + NULL, STREAM_START) != -1); UTHFreeFlow(f); PASS; diff --git a/src/app-layer-dns-udp.c b/src/app-layer-dns-udp.c index 1676dca570..44a2fceb85 100644 --- a/src/app-layer-dns-udp.c +++ b/src/app-layer-dns-udp.c @@ -60,7 +60,7 @@ static int DNSUDPRequestParse(Flow *f, void *dstate, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { DNSState *dns_state = (DNSState *)dstate; @@ -182,7 +182,7 @@ insufficient_data: static int DNSUDPResponseParse(Flow *f, void *dstate, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { DNSState *dns_state = (DNSState *)dstate; @@ -338,7 +338,7 @@ static uint16_t DNSUdpProbingParser(Flow *f, uint8_t *input, uint32_t ilen, return ALPROTO_UNKNOWN; } - if (DNSUDPRequestParse(NULL, NULL, NULL, input, ilen, NULL) == -1) + if (DNSUDPRequestParse(NULL, NULL, NULL, input, ilen, NULL, 0) == -1) return ALPROTO_FAILED; return ALPROTO_DNS; @@ -499,7 +499,7 @@ static int DNSUDPParserTest01 (void) f->alproto = ALPROTO_DNS; f->alstate = DNSStateAlloc(); - FAIL_IF_NOT(DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL)); + FAIL_IF_NOT(DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL, STREAM_START)); UTHFreeFlow(f); PASS; @@ -528,7 +528,7 @@ static int DNSUDPParserTest02 (void) f->alproto = ALPROTO_DNS; f->alstate = DNSStateAlloc(); - FAIL_IF_NOT(DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL)); + FAIL_IF_NOT(DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL, STREAM_START)); UTHFreeFlow(f); PASS; @@ -557,7 +557,7 @@ static int DNSUDPParserTest03 (void) f->alproto = ALPROTO_DNS; f->alstate = DNSStateAlloc(); - FAIL_IF_NOT(DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL)); + FAIL_IF_NOT(DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL, STREAM_START)); UTHFreeFlow(f); PASS; @@ -589,7 +589,7 @@ static int DNSUDPParserTest04 (void) f->alproto = ALPROTO_DNS; f->alstate = DNSStateAlloc(); - FAIL_IF_NOT(DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL)); + FAIL_IF_NOT(DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL, STREAM_START)); UTHFreeFlow(f); PASS; @@ -621,7 +621,7 @@ static int DNSUDPParserTest05 (void) f->alproto = ALPROTO_DNS; f->alstate = DNSStateAlloc(); - FAIL_IF(DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL) != -1); + FAIL_IF(DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL, STREAM_START) != -1); UTHFreeFlow(f); PASS; @@ -691,13 +691,13 @@ static int DNSUDPParserTestDelayedResponse(void) f->alproto = ALPROTO_DNS; f->alstate = state; - /* Send to requests with an incrementing tx id. */ - FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL)); + /* Send two requests with an incrementing tx id. */ + FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL, STREAM_START)); req[1] = 0x02; - FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL)); + FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL, 0)); /* Send response to the first request. */ - FAIL_IF_NOT(DNSUDPResponseParse(f, f->alstate, NULL, res, reslen, NULL)); + FAIL_IF_NOT(DNSUDPResponseParse(f, f->alstate, NULL, res, reslen, NULL, STREAM_START)); DNSTransaction *tx = TAILQ_FIRST(&state->tx_list); FAIL_IF_NULL(tx); FAIL_IF_NOT(tx->replied); @@ -733,19 +733,21 @@ static int DNSUDPParserTestFlood(void) f->alproto = ALPROTO_DNS; f->alstate = state; + uint8_t flags = STREAM_START; uint16_t txid; for (txid = 1; txid <= DNS_CONFIG_DEFAULT_REQUEST_FLOOD + 1; txid++) { req[0] = (txid >> 8) & 0xff; req[1] = txid & 0xff; - FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL)); + FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL, flags)); FAIL_IF(state->givenup); + flags = 0; } /* With one more request we should enter a flooded state. */ txid++; req[0] = (txid >> 8) & 0xff; req[1] = txid & 0xff; - FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL)); + FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL, 0)); FAIL_IF(!state->givenup); /* Also free's state. */ @@ -803,28 +805,28 @@ static int DNSUDPParserTestLostResponse(void) /* First request. */ req[1] = 0x01; - FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL)); + FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL, STREAM_START)); FAIL_IF_NOT(state->transaction_max == 1); FAIL_IF_NOT(state->unreplied_cnt == 1); FAIL_IF_NOT(state->window == 1); /* Second request. */ req[1] = 0x02; - FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL)); + FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL, 0)); FAIL_IF_NOT(state->transaction_max == 2); FAIL_IF_NOT(state->unreplied_cnt == 2); FAIL_IF_NOT(state->window == 2); /* Third request. */ req[1] = 0x03; - FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL)); + FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL, 0)); FAIL_IF_NOT(state->transaction_max == 3); FAIL_IF_NOT(state->unreplied_cnt == 3); FAIL_IF_NOT(state->window == 3); /* Now respond to the second. */ res[1] = 0x02; - FAIL_IF_NOT(DNSUDPResponseParse(f, f->alstate, NULL, res, reslen, NULL)); + FAIL_IF_NOT(DNSUDPResponseParse(f, f->alstate, NULL, res, reslen, NULL, 0)); FAIL_IF_NOT(state->unreplied_cnt == 2); FAIL_IF_NOT(state->window == 3); tx = TAILQ_FIRST(&state->tx_list); @@ -834,14 +836,14 @@ static int DNSUDPParserTestLostResponse(void) /* Send a 4th request. */ req[1] = 0x04; - FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL)); + FAIL_IF_NOT(DNSUDPRequestParse(f, f->alstate, NULL, req, reqlen, NULL, 0)); FAIL_IF_NOT(state->unreplied_cnt == 3); FAIL_IF(state->window != 3); FAIL_IF_NOT(state->transaction_max == 4); /* Response to the third request. */ res[1] = 0x03; - FAIL_IF_NOT(DNSUDPResponseParse(f, f->alstate, NULL, res, reslen, NULL)); + FAIL_IF_NOT(DNSUDPResponseParse(f, f->alstate, NULL, res, reslen, NULL, 0)); FAIL_IF_NOT(state->unreplied_cnt == 2); FAIL_IF_NOT(state->window == 3); tx = TAILQ_FIRST(&state->tx_list); diff --git a/src/app-layer-enip.c b/src/app-layer-enip.c index ca23ad052a..c35dbf764c 100644 --- a/src/app-layer-enip.c +++ b/src/app-layer-enip.c @@ -308,7 +308,8 @@ static void ENIPStateTransactionFree(void *state, uint64_t tx_id) * \retval 1 when the command is parsed, 0 otherwise */ static int ENIPParse(Flow *f, void *state, AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, void *local_data) + uint8_t *input, uint32_t input_len, void *local_data, + const uint8_t flags) { SCEnter(); ENIPState *enip = (ENIPState *) state; diff --git a/src/app-layer-ftp.c b/src/app-layer-ftp.c index 1da11b9f55..d3931a863d 100644 --- a/src/app-layer-ftp.c +++ b/src/app-layer-ftp.c @@ -384,7 +384,7 @@ static void FtpTransferCmdFree(void *data) static int FTPParseRequest(Flow *f, void *ftp_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { SCEnter(); /* PrintRawDataFp(stdout, input,input_len); */ @@ -540,7 +540,7 @@ static int FTPParsePassiveResponseV6(Flow *f, FtpState *state, uint8_t *input, u */ static int FTPParseResponse(Flow *f, void *ftp_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { FtpState *state = (FtpState *)ftp_state; @@ -787,7 +787,7 @@ out: static int FTPDataParseRequest(Flow *f, void *ftp_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { return FTPDataParse(f, ftp_state, pstate, input, input_len, local_data, STREAM_TOSERVER); @@ -796,7 +796,7 @@ static int FTPDataParseRequest(Flow *f, void *ftp_state, static int FTPDataParseResponse(Flow *f, void *ftp_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { return FTPDataParse(f, ftp_state, pstate, input, input_len, local_data, STREAM_TOCLIENT); diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index 9c204c6b0b..2fe57f8738 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -706,7 +706,7 @@ error: static int HTPHandleRequestData(Flow *f, void *htp_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { SCEnter(); int ret = 1; @@ -769,7 +769,7 @@ error: static int HTPHandleResponseData(Flow *f, void *htp_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { SCEnter(); int ret = 1; diff --git a/src/app-layer-modbus.c b/src/app-layer-modbus.c index b39d527d21..e96a9c60c1 100644 --- a/src/app-layer-modbus.c +++ b/src/app-layer-modbus.c @@ -1266,7 +1266,8 @@ static int ModbusParseRequest(Flow *f, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, + const uint8_t flags) { SCEnter(); ModbusState *modbus = (ModbusState *) state; @@ -1330,7 +1331,8 @@ static int ModbusParseResponse(Flow *f, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, + const uint8_t flags) { SCEnter(); ModbusHeader header; diff --git a/src/app-layer-nfs-tcp.c b/src/app-layer-nfs-tcp.c index f27dc4777f..70850af42c 100644 --- a/src/app-layer-nfs-tcp.c +++ b/src/app-layer-nfs-tcp.c @@ -150,7 +150,7 @@ static AppProto NFSTCPProbingParserTC(Flow *f, uint8_t *input, uint32_t input_le static int NFSTCPParseRequest(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { uint16_t file_flags = FileFlowToFlags(f, STREAM_TOSERVER); rs_nfs3_setfileflags(0, state, file_flags); @@ -165,7 +165,8 @@ static int NFSTCPParseRequest(Flow *f, void *state, } static int NFSTCPParseResponse(Flow *f, void *state, AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, void *local_data) + uint8_t *input, uint32_t input_len, void *local_data, + const uint8_t flags) { uint16_t file_flags = FileFlowToFlags(f, STREAM_TOCLIENT); rs_nfs3_setfileflags(1, state, file_flags); diff --git a/src/app-layer-nfs-udp.c b/src/app-layer-nfs-udp.c index 4b5ee21636..07a687836b 100644 --- a/src/app-layer-nfs-udp.c +++ b/src/app-layer-nfs-udp.c @@ -155,7 +155,7 @@ static AppProto NFSProbingParserTC(Flow *f, uint8_t *input, uint32_t input_len, static int NFSParseRequest(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { uint16_t file_flags = FileFlowToFlags(f, STREAM_TOSERVER); rs_nfs3_setfileflags(0, state, file_flags); @@ -164,7 +164,8 @@ static int NFSParseRequest(Flow *f, void *state, } static int NFSParseResponse(Flow *f, void *state, AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, void *local_data) + uint8_t *input, uint32_t input_len, void *local_data, + const uint8_t flags) { uint16_t file_flags = FileFlowToFlags(f, STREAM_TOCLIENT); rs_nfs3_setfileflags(1, state, file_flags); diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 5464a0d38e..a91ad052f5 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -1144,7 +1144,8 @@ int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow /* invoke the parser */ if (p->Parser[(flags & STREAM_TOSERVER) ? 0 : 1](f, alstate, pstate, input, input_len, - alp_tctx->alproto_local_storage[f->protomap][alproto]) < 0) + alp_tctx->alproto_local_storage[f->protomap][alproto], + flags) < 0) { goto error; } @@ -1909,7 +1910,7 @@ typedef struct TestState_ { */ static int TestProtocolParser(Flow *f, void *test_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { SCEnter(); SCReturnInt(-1); diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index 9530f594ac..61d28db610 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -90,7 +90,7 @@ int AppLayerParserConfParserEnabled(const char *ipproto, typedef int (*AppLayerParserFPtr)(Flow *f, void *protocol_state, AppLayerParserState *pstate, uint8_t *buf, uint32_t buf_len, - void *local_storage); + void *local_storage, const uint8_t flags); typedef struct AppLayerGetTxIterTuple { void *tx_ptr; diff --git a/src/app-layer-smb-tcp-rust.c b/src/app-layer-smb-tcp-rust.c index f37edfc68d..e8df01cdb8 100644 --- a/src/app-layer-smb-tcp-rust.c +++ b/src/app-layer-smb-tcp-rust.c @@ -34,7 +34,7 @@ static int RustSMBTCPParseRequest(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { SCLogDebug("RustSMBTCPParseRequest"); uint16_t file_flags = FileFlowToFlags(f, STREAM_TOSERVER); @@ -56,7 +56,7 @@ static int RustSMBTCPParseRequest(Flow *f, void *state, static int RustSMBTCPParseResponse(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { SCLogDebug("RustSMBTCPParseResponse"); uint16_t file_flags = FileFlowToFlags(f, STREAM_TOCLIENT); diff --git a/src/app-layer-smb.c b/src/app-layer-smb.c index f9ab87945b..d036481eb2 100644 --- a/src/app-layer-smb.c +++ b/src/app-layer-smb.c @@ -1392,14 +1392,14 @@ static int SMBParse(Flow *f, void *smb_state, AppLayerParserState *pstate, static int SMBParseRequest(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { return SMBParse(f, smb_state, pstate, input, input_len, local_data, 0); } static int SMBParseResponse(Flow *f, void *smb_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { return SMBParse(f, smb_state, pstate, input, input_len, local_data, 1); } diff --git a/src/app-layer-smb2.c b/src/app-layer-smb2.c index 8e0012ace7..8248690816 100644 --- a/src/app-layer-smb2.c +++ b/src/app-layer-smb2.c @@ -522,7 +522,7 @@ static uint32_t SMB2ParseHeader(void *smb2_state, AppLayerParserState *pstate, static int SMB2Parse(Flow *f, void *smb2_state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { SCEnter(); SMB2State *sstate = (SMB2State *) smb2_state; diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index 7c8c93481c..cc27d06292 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -1268,7 +1268,7 @@ static int SMTPParse(int direction, Flow *f, SMTPState *state, static int SMTPParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { SCEnter(); @@ -1279,7 +1279,7 @@ static int SMTPParseClientRecord(Flow *f, void *alstate, static int SMTPParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { SCEnter(); diff --git a/src/app-layer-ssh.c b/src/app-layer-ssh.c index 11be90d6c1..f7f9abe76d 100644 --- a/src/app-layer-ssh.c +++ b/src/app-layer-ssh.c @@ -417,7 +417,7 @@ static int SSHParseData(SshState *state, SshHeader *header, static int SSHParseRequest(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { SshState *ssh_state = (SshState *)state; SshHeader *ssh_header = &ssh_state->cli_hdr; @@ -442,7 +442,7 @@ static int SSHParseRequest(Flow *f, void *state, AppLayerParserState *pstate, static int SSHParseResponse(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { SshState *ssh_state = (SshState *)state; SshHeader *ssh_header = &ssh_state->srv_hdr; diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index fc227d7bfa..5e4333e19f 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -2242,14 +2242,14 @@ static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserSt static int SSLParseClientRecord(Flow *f, void *alstate, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { return SSLDecode(f, 0 /* toserver */, alstate, pstate, input, input_len); } static int SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { return SSLDecode(f, 1 /* toclient */, alstate, pstate, input, input_len); } diff --git a/src/app-layer-template.c b/src/app-layer-template.c index 8cb0c2b244..26885163c7 100644 --- a/src/app-layer-template.c +++ b/src/app-layer-template.c @@ -210,7 +210,7 @@ static AppProto TemplateProbingParser(Flow *f, uint8_t *input, uint32_t input_le static int TemplateParseRequest(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { TemplateState *echo = state; @@ -278,7 +278,8 @@ end: } static int TemplateParseResponse(Flow *f, void *state, AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, void *local_data) + uint8_t *input, uint32_t input_len, void *local_data, + const uint8_t flags) { TemplateState *echo = state; TemplateTransaction *tx = NULL, *ttx;; diff --git a/src/app-layer-tftp.c b/src/app-layer-tftp.c index f51ac49569..b2a3a17172 100644 --- a/src/app-layer-tftp.c +++ b/src/app-layer-tftp.c @@ -128,7 +128,7 @@ static AppProto TFTPProbingParser(Flow *f, uint8_t *input, uint32_t input_len, static int TFTPParseRequest(Flow *f, void *state, AppLayerParserState *pstate, uint8_t *input, uint32_t input_len, - void *local_data) + void *local_data, const uint8_t flags) { SCLogDebug("Parsing echo request: len=%"PRIu32, input_len); @@ -151,7 +151,8 @@ static int TFTPParseRequest(Flow *f, void *state, * \brief Response parsing is not implemented */ static int TFTPParseResponse(Flow *f, void *state, AppLayerParserState *pstate, - uint8_t *input, uint32_t input_len, void *local_data) + uint8_t *input, uint32_t input_len, void *local_data, + const uint8_t flags) { return 0; } diff --git a/src/stream.h b/src/stream.h index d421c99a70..68cb2dcefc 100644 --- a/src/stream.h +++ b/src/stream.h @@ -32,6 +32,7 @@ #define STREAM_TOCLIENT 0x08 #define STREAM_GAP 0x10 /**< data gap encountered */ #define STREAM_DEPTH 0x20 /**< depth reached */ +#define STREAM_MIDSTREAM 0x40 typedef int (*StreamSegmentCallback)(const Packet *, void *, const uint8_t *, uint32_t); int StreamSegmentForEach(const Packet *p, uint8_t flag, -- 2.47.2