aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

app-layer: include decoder events in app-layer tx data

Browse Source 
As most parsers use an events structure we can include it in the
tx_data structure to reduce some boilerplate/housekeeping code
in app-layer parsers.
pull/6642/head
Jason Ish 4 years ago committed by Victor Julien
parent 0caaf6bd23
commit 7732efbec2
39 changed files with 64 additions and 508 deletions
Show Stats Download Patch File Download Diff File

14
rust/src/applayer.rs
Unescape Escape View File

@ -18,7 +18,7 @@
//! Parser registration functions and common interface
use std;
use crate::core::{self,DetectEngineState,Flow,AppLayerEventType,AppLayerDecoderEvents,AppProto};
use crate::core::{self,DetectEngineState,Flow,AppLayerEventType,AppProto};
use crate::filecontainer::FileContainer;
use crate::applayer;
use std::os::raw::{c_void,c_char,c_int};
@ -69,6 +69,7 @@ pub struct AppLayerTxData {
detect_flags_tc: u64,
de_state: *mut DetectEngineState,
pub events: *mut core::AppLayerDecoderEvents,
}
impl Default for AppLayerTxData {
@ -82,6 +83,9 @@ impl Drop for AppLayerTxData {
if self.de_state != std::ptr::null_mut() {
core::sc_detect_engine_state_free(self.de_state);
}
if self.events != std::ptr::null_mut() {
core::sc_app_layer_decoder_events_free_events(&mut self.events);
}
}
}
@ -96,6 +100,7 @@ impl AppLayerTxData {
detect_flags_ts: 0,
detect_flags_tc: 0,
de_state: std::ptr::null_mut(),
events: std::ptr::null_mut(),
}
}
pub fn init_files_opened(&mut self) {
@ -104,6 +109,10 @@ impl AppLayerTxData {
pub fn incr_files_opened(&mut self) {
self.files_opened += 1;
}
pub fn set_event(&mut self, event: u8) {
core::sc_app_layer_decoder_events_set_event_raw(&mut self.events, event as u8);
}
}
#[macro_export]
@ -227,8 +236,6 @@ pub struct RustParser {
/// Function returning the current transaction progress
pub tx_get_progress: StateGetProgressFn,
/// Function to get events
pub get_events: Option<GetEventsFn>,
/// Function to get an event id from a description
pub get_eventinfo: Option<GetEventInfoFn>,
/// Function to get an event description from an event id
@ -292,7 +299,6 @@ pub type StateGetTxCntFn = unsafe extern "C" fn (*mut c_void) -> u64;
pub type StateGetProgressFn = unsafe extern "C" fn (*mut c_void, u8) -> c_int;
pub type GetEventInfoFn = unsafe extern "C" fn (*const c_char, *mut c_int, *mut AppLayerEventType) -> c_int;
pub type GetEventInfoByIdFn = unsafe extern "C" fn (c_int, *mut *const c_char, *mut AppLayerEventType) -> i8;
pub type GetEventsFn = unsafe extern "C" fn (*mut c_void) -> *mut AppLayerDecoderEvents;
pub type LocalStorageNewFn = extern "C" fn () -> *mut c_void;
pub type LocalStorageFreeFn = extern "C" fn (*mut c_void);
pub type GetFilesFn = unsafe

30
rust/src/applayertemplate/template.rs
Unescape Escape View File

@ -16,7 +16,7 @@
*/
use std;
use crate::core::{self, ALPROTO_UNKNOWN, AppProto, Flow, IPPROTO_TCP};
use crate::core::{ALPROTO_UNKNOWN, AppProto, Flow, IPPROTO_TCP};
use crate::applayer::{self, *};
use std::ffi::CString;
use nom;
@ -32,8 +32,6 @@ pub struct TemplateTransaction {
pub request: Option<String>,
pub response: Option<String>,
de_state: Option<*mut core::DetectEngineState>,
events: *mut core::AppLayerDecoderEvents,
tx_data: AppLayerTxData,
}
@ -43,20 +41,9 @@ impl TemplateTransaction {
tx_id: 0,
request: None,
response: None,
de_state: None,
events: std::ptr::null_mut(),
tx_data: AppLayerTxData::new(),
}
}
pub fn free(&mut self) {
if !self.events.is_null() {
core::sc_app_layer_decoder_events_free_events(&mut self.events);
}
if let Some(state) = self.de_state {
core::sc_detect_engine_state_free(state);
}
}
}
impl Transaction for TemplateTransaction {
@ -65,12 +52,6 @@ impl Transaction for TemplateTransaction {
}
}
impl Drop for TemplateTransaction {
fn drop(&mut self) {
self.free();
}
}
pub struct TemplateState {
tx_id: u64,
transactions: Vec<TemplateTransaction>,
@ -399,14 +380,6 @@ pub unsafe extern "C" fn rs_template_tx_get_alstate_progress(
return 0;
}
#[no_mangle]
pub unsafe extern "C" fn rs_template_state_get_events(
tx: *mut std::os::raw::c_void
) -> *mut core::AppLayerDecoderEvents {
let tx = cast_pointer!(tx, TemplateTransaction);
return tx.events;
}
/// Get the request buffer for a transaction from C.
///
/// No required for parsing, but an example function for retrieving a
@ -474,7 +447,6 @@ pub unsafe extern "C" fn rs_template_register_parser() {
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_template_tx_get_alstate_progress,
get_events: Some(rs_template_state_get_events),
get_eventinfo: Some(TemplateEvent::get_event_info),
get_eventinfo_byid : Some(TemplateEvent::get_event_info_by_id),
localstorage_new: None,

1
rust/src/dcerpc/dcerpc.rs
Unescape Escape View File

@ -1360,7 +1360,6 @@ pub unsafe extern "C" fn rs_dcerpc_register_parser() {
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_dcerpc_get_alstate_progress,
get_events: None,
get_eventinfo: None,
get_eventinfo_byid : None,
localstorage_new: None,

1
rust/src/dcerpc/dcerpc_udp.rs
Unescape Escape View File

@ -341,7 +341,6 @@ pub unsafe extern "C" fn rs_dcerpc_udp_register_parser() {
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_dcerpc_get_alstate_progress,
get_events: None,
get_eventinfo: None,
get_eventinfo_byid: None,
localstorage_new: None,

28
rust/src/dhcp/dhcp.rs
Unescape Escape View File

@ -18,7 +18,6 @@
use crate::applayer::{self, *};
use crate::core;
use crate::core::{ALPROTO_UNKNOWN, AppProto, Flow, IPPROTO_UDP};
use crate::core::sc_app_layer_decoder_events_free_events;
use crate::dhcp::parser::*;
use std;
use std::ffi::CString;
@ -79,7 +78,6 @@ pub enum DHCPEvent {
pub struct DHCPTransaction {
tx_id: u64,
pub message: DHCPMessage,
events: *mut core::AppLayerDecoderEvents,
tx_data: applayer::AppLayerTxData,
}
@ -88,17 +86,9 @@ impl DHCPTransaction {
DHCPTransaction {
tx_id: id,
message: message,
events: std::ptr::null_mut(),
tx_data: applayer::AppLayerTxData::new(),
}
}
pub fn free(&mut self) {
if !self.events.is_null() {
sc_app_layer_decoder_events_free_events(&mut self.events);
}
}
}
impl Transaction for DHCPTransaction {
@ -107,12 +97,6 @@ impl Transaction for DHCPTransaction {
}
}
impl Drop for DHCPTransaction {
fn drop(&mut self) {
self.free();
}
}
#[derive(Default)]
pub struct DHCPState {
// Internal transaction ID.
@ -185,8 +169,7 @@ impl DHCPState {
fn set_event(&mut self, event: DHCPEvent) {
if let Some(tx) = self.transactions.last_mut() {
core::sc_app_layer_decoder_events_set_event_raw(
&mut tx.events, event as u8);
tx.tx_data.set_event(event as u8);
self.events += 1;
}
}
@ -278,14 +261,6 @@ pub unsafe extern "C" fn rs_dhcp_state_free(state: *mut std::os::raw::c_void) {
std::mem::drop(Box::from_raw(state as *mut DHCPState));
}
#[no_mangle]
pub unsafe extern "C" fn rs_dhcp_state_get_events(tx: *mut std::os::raw::c_void)
-> *mut core::AppLayerDecoderEvents
{
let tx = cast_pointer!(tx, DHCPTransaction);
return tx.events;
}
export_tx_data_get!(rs_dhcp_get_tx_data, DHCPTransaction);
const PARSER_NAME: &'static [u8] = b"dhcp\0";
@ -312,7 +287,6 @@ pub unsafe extern "C" fn rs_dhcp_register_parser() {
tx_comp_st_ts : 1,
tx_comp_st_tc : 1,
tx_get_progress : rs_dhcp_tx_get_alstate_progress,
get_events : Some(rs_dhcp_state_get_events),
get_eventinfo : Some(DHCPEvent::get_event_info),
get_eventinfo_byid : Some(DHCPEvent::get_event_info_by_id),
localstorage_new : None,

27
rust/src/dns/dns.rs
Unescape Escape View File

@ -231,7 +231,6 @@ pub struct DNSTransaction {
pub id: u64,
pub request: Option<DNSRequest>,
pub response: Option<DNSResponse>,
pub events: *mut core::AppLayerDecoderEvents,
pub tx_data: AppLayerTxData,
}
@ -248,17 +247,10 @@ impl DNSTransaction {
id: 0,
request: None,
response: None,
events: std::ptr::null_mut(),
tx_data: AppLayerTxData::new(),
}
}
pub fn free(&mut self) {
if !self.events.is_null() {
core::sc_app_layer_decoder_events_free_events(&mut self.events);
}
}
/// Get the DNS transactions ID (not the internal tracking ID).
pub fn tx_id(&self) -> u16 {
if let &Some(ref request) = &self.request {
@ -283,12 +275,6 @@ impl DNSTransaction {
}
impl Drop for DNSTransaction {
fn drop(&mut self) {
self.free();
}
}
struct ConfigTracker {
map: HashMap<u16, AppLayerTxConfig>,
queue: VecDeque<u16>,
@ -394,8 +380,7 @@ impl DNSState {
}
let tx = &mut self.transactions[len - 1];
core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events,
event as u8);
tx.tx_data.set_event(event as u8);
self.events += 1;
}
@ -798,14 +783,6 @@ pub extern "C" fn rs_dns_tx_is_response(tx: &mut DNSTransaction) -> bool {
tx.response.is_some()
}
#[no_mangle]
pub unsafe extern "C" fn rs_dns_state_get_events(tx: *mut std::os::raw::c_void)
-> *mut core::AppLayerDecoderEvents
{
let tx = cast_pointer!(tx, DNSTransaction);
return tx.events;
}
pub unsafe extern "C" fn rs_dns_state_get_tx_data(
tx: *mut std::os::raw::c_void)
-> *mut AppLayerTxData
@ -962,7 +939,6 @@ pub unsafe extern "C" fn rs_dns_udp_register_parser() {
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_dns_tx_get_alstate_progress,
get_events: Some(rs_dns_state_get_events),
get_eventinfo: Some(DNSEvent::get_event_info),
get_eventinfo_byid: Some(DNSEvent::get_event_info_by_id),
localstorage_new: None,
@ -1006,7 +982,6 @@ pub unsafe extern "C" fn rs_dns_tcp_register_parser() {
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_dns_tx_get_alstate_progress,
get_events: Some(rs_dns_state_get_events),
get_eventinfo: Some(DNSEvent::get_event_info),
get_eventinfo_byid: Some(DNSEvent::get_event_info_by_id),
localstorage_new: None,

22
rust/src/http2/http2.rs
Unescape Escape View File

@ -21,7 +21,7 @@ use super::parser;
use super::range;
use crate::applayer::{self, *};
use crate::core::{self, *};
use crate::core::*;
use crate::filecontainer::*;
use crate::filetracker::*;
use nom;
@ -131,7 +131,6 @@ pub struct HTTP2Transaction {
decoder: decompression::HTTP2Decoder,
pub file_range: *mut HttpRangeContainerBlock,
events: *mut core::AppLayerDecoderEvents,
tx_data: AppLayerTxData,
pub ft_tc: FileTransferTracker,
ft_ts: FileTransferTracker,
@ -158,7 +157,6 @@ impl HTTP2Transaction {
frames_ts: Vec::new(),
decoder: decompression::HTTP2Decoder::new(),
file_range: std::ptr::null_mut(),
events: std::ptr::null_mut(),
tx_data: AppLayerTxData::new(),
ft_tc: FileTransferTracker::new(),
ft_ts: FileTransferTracker::new(),
@ -167,9 +165,6 @@ impl HTTP2Transaction {
}
pub fn free(&mut self) {
if !self.events.is_null() {
core::sc_app_layer_decoder_events_free_events(&mut self.events);
}
if !self.file_range.is_null() {
match unsafe { SC } {
None => panic!("BUG no suricata_config"),
@ -190,8 +185,7 @@ impl HTTP2Transaction {
}
pub fn set_event(&mut self, event: HTTP2Event) {
let ev = event as u8;
core::sc_app_layer_decoder_events_set_event_raw(&mut self.events, ev);
self.tx_data.set_event(event as u8);
}
fn handle_headers(&mut self, blocks: &Vec<parser::HTTP2FrameHeaderBlock>, dir: Direction) {
@ -456,8 +450,7 @@ impl HTTP2State {
return;
}
let tx = &mut self.transactions[len - 1];
let ev = event as u8;
core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, ev);
tx.tx_data.set_event(event as u8);
}
// Free a transaction by ID.
@ -1152,14 +1145,6 @@ pub unsafe extern "C" fn rs_http2_tx_get_alstate_progress(
return rs_http2_tx_get_state(tx) as i32;
}
#[no_mangle]
pub unsafe extern "C" fn rs_http2_state_get_events(
tx: *mut std::os::raw::c_void,
) -> *mut core::AppLayerDecoderEvents {
let tx = cast_pointer!(tx, HTTP2Transaction);
return tx.events;
}
#[no_mangle]
pub unsafe extern "C" fn rs_http2_getfiles(
state: *mut std::os::raw::c_void, direction: u8,
@ -1196,7 +1181,6 @@ pub unsafe extern "C" fn rs_http2_register_parser() {
tx_comp_st_ts: HTTP2TransactionState::HTTP2StateClosed as i32,
tx_comp_st_tc: HTTP2TransactionState::HTTP2StateClosed as i32,
tx_get_progress: rs_http2_tx_get_alstate_progress,
get_events: Some(rs_http2_state_get_events),
get_eventinfo: Some(HTTP2Event::get_event_info),
get_eventinfo_byid: Some(HTTP2Event::get_event_info_by_id),
localstorage_new: None,

29
rust/src/ike/ike.rs
Unescape Escape View File

@ -105,7 +105,6 @@ pub struct IKETransaction {
pub errors: u32,
logged: LoggerFlags,
events: *mut core::AppLayerDecoderEvents,
tx_data: applayer::AppLayerTxData,
}
@ -124,28 +123,14 @@ impl IKETransaction {
payload_types: Default::default(),
notify_types: vec![],
logged: LoggerFlags::new(),
events: std::ptr::null_mut(),
tx_data: applayer::AppLayerTxData::new(),
errors: 0,
}
}
pub fn free(&mut self) {
if !self.events.is_null() {
core::sc_app_layer_decoder_events_free_events(&mut self.events);
}
}
/// Set an event.
pub fn set_event(&mut self, event: IkeEvent) {
let ev = event as u8;
core::sc_app_layer_decoder_events_set_event_raw(&mut self.events, ev);
}
}
impl Drop for IKETransaction {
fn drop(&mut self) {
self.free();
self.tx_data.set_event(event as u8);
}
}
@ -196,8 +181,7 @@ impl IKEState {
/// Set an event. The event is set on the most recent transaction.
pub fn set_event(&mut self, event: IkeEvent) {
if let Some(tx) = self.transactions.last_mut() {
let ev = event as u8;
core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, ev);
tx.set_event(event);
} else {
SCLogDebug!(
"IKE: trying to set event {} on non-existing transaction",
@ -400,14 +384,6 @@ pub unsafe extern "C" fn rs_ike_tx_set_logged(
tx.logged.set(logged);
}
#[no_mangle]
pub unsafe extern "C" fn rs_ike_state_get_events(
tx: *mut std::os::raw::c_void,
) -> *mut core::AppLayerDecoderEvents {
let tx = cast_pointer!(tx, IKETransaction);
return tx.events;
}
static mut ALPROTO_IKE : AppProto = ALPROTO_UNKNOWN;
// Parser name as a C style string.
@ -437,7 +413,6 @@ pub unsafe extern "C" fn rs_ike_register_parser() {
tx_comp_st_ts : 1,
tx_comp_st_tc : 1,
tx_get_progress : rs_ike_tx_get_alstate_progress,
get_events : Some(rs_ike_state_get_events),
get_eventinfo : Some(IkeEvent::get_event_info),
get_eventinfo_byid : Some(IkeEvent::get_event_info_by_id),
localstorage_new : None,

24
rust/src/krb/krb5.rs
Unescape Escape View File

@ -77,9 +77,6 @@ pub struct KRB5Transaction {
/// The internal transaction id
id: u64,
/// The events associated with this transaction
events: *mut core::AppLayerDecoderEvents,
tx_data: applayer::AppLayerTxData,
}
@ -219,8 +216,7 @@ impl KRB5State {
/// Set an event. The event is set on the most recent transaction.
fn set_event(&mut self, event: KRB5Event) {
if let Some(tx) = self.transactions.last_mut() {
let ev = event as u8;
core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, ev);
tx.tx_data.set_event(event as u8);
}
}
}
@ -235,20 +231,11 @@ impl KRB5Transaction {
etype: None,
error_code: None,
id: id,
events: std::ptr::null_mut(),
tx_data: applayer::AppLayerTxData::new(),
}
}
}
impl Drop for KRB5Transaction {
fn drop(&mut self) {
if !self.events.is_null() {
core::sc_app_layer_decoder_events_free_events(&mut self.events);
}
}
}
/// Return true if Kerberos `EncryptionType` is weak
pub fn test_weak_encryption(alg:EncryptionType) -> bool {
match alg {
@ -318,14 +305,6 @@ pub extern "C" fn rs_krb5_tx_get_alstate_progress(_tx: *mut std::os::raw::c_void
1
}
#[no_mangle]
pub unsafe extern "C" fn rs_krb5_state_get_events(tx: *mut std::os::raw::c_void)
-> *mut core::AppLayerDecoderEvents
{
let tx = cast_pointer!(tx, KRB5Transaction);
return tx.events;
}
static mut ALPROTO_KRB5 : AppProto = ALPROTO_UNKNOWN;
#[no_mangle]
@ -565,7 +544,6 @@ pub unsafe extern "C" fn rs_register_krb5_parser() {
tx_comp_st_ts : 1,
tx_comp_st_tc : 1,
tx_get_progress : rs_krb5_tx_get_alstate_progress,
get_events : Some(rs_krb5_state_get_events),
get_eventinfo : Some(KRB5Event::get_event_info),
get_eventinfo_byid : Some(KRB5Event::get_event_info_by_id),
localstorage_new : None,

21
rust/src/modbus/modbus.rs
Unescape Escape View File

@ -47,7 +47,6 @@ pub struct ModbusTransaction {
pub request: Option<Message>,
pub response: Option<Message>,
pub events: *mut core::AppLayerDecoderEvents,
pub tx_data: AppLayerTxData,
}
@ -63,13 +62,12 @@ impl ModbusTransaction {
id,
request: None,
response: None,
events: std::ptr::null_mut(),
tx_data: AppLayerTxData::new(),
}
}
fn set_event(&mut self, event: ModbusEvent) {
core::sc_app_layer_decoder_events_set_event_raw(&mut self.events, event as u8);
self.tx_data.set_event(event as u8);
}
fn set_events_from_flags(&mut self, flags: &Flags<ErrorFlags>) {
@ -91,14 +89,6 @@ impl ModbusTransaction {
}
}
impl Drop for ModbusTransaction {
fn drop(&mut self) {
if !self.events.is_null() {
core::sc_app_layer_decoder_events_free_events(&mut self.events);
}
}
}
pub struct ModbusState {
pub transactions: Vec<ModbusTransaction>,
tx_id: u64,
@ -376,14 +366,6 @@ pub unsafe extern "C" fn rs_modbus_tx_get_alstate_progress(
tx.response.is_some() as std::os::raw::c_int
}
#[no_mangle]
pub unsafe extern "C" fn rs_modbus_state_get_events(
tx: *mut std::os::raw::c_void,
) -> *mut core::AppLayerDecoderEvents {
let tx = cast_pointer!(tx, ModbusTransaction);
tx.events
}
#[no_mangle]
pub unsafe extern "C" fn rs_modbus_state_get_tx_data(
tx: *mut std::os::raw::c_void,
@ -413,7 +395,6 @@ pub unsafe extern "C" fn rs_modbus_register_parser() {
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_modbus_tx_get_alstate_progress,
get_events: Some(rs_modbus_state_get_events),
get_eventinfo: Some(ModbusEvent::get_event_info),
get_eventinfo_byid: Some(ModbusEvent::get_event_info_by_id),
localstorage_new: None,

28
rust/src/mqtt/mqtt.rs
Unescape Escape View File

@ -21,7 +21,7 @@ use super::mqtt_message::*;
use super::parser::*;
use crate::applayer::{self, LoggerFlags};
use crate::applayer::*;
use crate::core::{self, *};
use crate::core::*;
use nom7::Err;
use std;
use std::ffi::CString;
@ -60,7 +60,6 @@ pub struct MQTTTransaction {
toserver: bool,
logged: LoggerFlags,
events: *mut core::AppLayerDecoderEvents,
tx_data: applayer::AppLayerTxData,
}
@ -74,24 +73,11 @@ impl MQTTTransaction {
msg: Vec::new(),
toclient: false,
toserver: false,
events: std::ptr::null_mut(),
tx_data: applayer::AppLayerTxData::new(),
};
m.msg.push(msg);
return m;
}
pub fn free(&mut self) {
if !self.events.is_null() {
core::sc_app_layer_decoder_events_free_events(&mut self.events);
}
}
}
impl Drop for MQTTTransaction {
fn drop(&mut self) {
self.free();
}
}
impl Transaction for MQTTTransaction {
@ -524,8 +510,7 @@ impl MQTTState {
}
fn set_event(tx: &mut MQTTTransaction, event: MQTTEvent) {
let ev = event as u8;
core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, ev);
tx.tx_data.set_event(event as u8);
}
}
@ -675,14 +660,6 @@ pub unsafe extern "C" fn rs_mqtt_tx_set_logged(
tx.logged.set(logged);
}
#[no_mangle]
pub unsafe extern "C" fn rs_mqtt_state_get_events(
tx: *mut std::os::raw::c_void,
) -> *mut core::AppLayerDecoderEvents {
let tx = cast_pointer!(tx, MQTTTransaction);
return tx.events;
}
// Parser name as a C style string.
const PARSER_NAME: &'static [u8] = b"mqtt\0";
@ -711,7 +688,6 @@ pub unsafe extern "C" fn rs_mqtt_register_parser(cfg_max_msg_len: u32) {
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_mqtt_tx_get_alstate_progress,
get_events: Some(rs_mqtt_state_get_events),
get_eventinfo: Some(MQTTEvent::get_event_info),
get_eventinfo_byid: Some(MQTTEvent::get_event_info_by_id),
localstorage_new: None,

18
rust/src/nfs/nfs.rs
Unescape Escape View File

@ -179,8 +179,6 @@ pub struct NFSTransaction {
/// attempt failed.
pub type_data: Option<NFSTransactionTypeData>,
pub events: *mut AppLayerDecoderEvents,
pub tx_data: AppLayerTxData,
}
@ -207,7 +205,6 @@ impl NFSTransaction {
file_tx_direction: Direction::ToServer,
file_handle:Vec::new(),
type_data: None,
events: std::ptr::null_mut(),
tx_data: AppLayerTxData::new(),
}
}
@ -215,9 +212,6 @@ impl NFSTransaction {
pub fn free(&mut self) {
debug_validate_bug_on!(self.tx_data.files_opened > 1);
debug_validate_bug_on!(self.tx_data.files_logged > 1);
if !self.events.is_null() {
sc_app_layer_decoder_events_free_events(&mut self.events);
}
}
}
@ -419,7 +413,7 @@ impl NFSState {
}
let tx = &mut self.transactions[len - 1];
sc_app_layer_decoder_events_set_event_raw(&mut tx.events, event as u8);
tx.tx_data.set_event(event as u8);
self.events += 1;
}
@ -1543,14 +1537,6 @@ pub unsafe extern "C" fn rs_nfs_get_tx_data(
return &mut tx.tx_data;
}
#[no_mangle]
pub unsafe extern "C" fn rs_nfs_state_get_events(tx: *mut std::os::raw::c_void)
-> *mut AppLayerDecoderEvents
{
let tx = cast_pointer!(tx, NFSTransaction);
return tx.events;
}
#[no_mangle]
pub unsafe extern "C" fn rs_nfs_state_get_event_info_by_id(event_id: std::os::raw::c_int,
event_name: *mut *const std::os::raw::c_char,
@ -1877,7 +1863,6 @@ pub unsafe extern "C" fn rs_nfs_register_parser() {
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_nfs_tx_get_alstate_progress,
get_events: Some(rs_nfs_state_get_events),
get_eventinfo: Some(rs_nfs_state_get_event_info),
get_eventinfo_byid : Some(rs_nfs_state_get_event_info_by_id),
localstorage_new: None,
@ -1954,7 +1939,6 @@ pub unsafe extern "C" fn rs_nfs_udp_register_parser() {
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_nfs_tx_get_alstate_progress,
get_events: Some(rs_nfs_state_get_events),
get_eventinfo: Some(rs_nfs_state_get_event_info),
get_eventinfo_byid : None,
localstorage_new: None,

28
rust/src/ntp/ntp.rs
Unescape Escape View File

@ -54,9 +54,6 @@ pub struct NTPTransaction {
/// The internal transaction id
id: u64,
/// The events associated with this transaction
events: *mut core::AppLayerDecoderEvents,
tx_data: applayer::AppLayerTxData,
}
@ -137,8 +134,7 @@ impl NTPState {
/// Set an event. The event is set on the most recent transaction.
pub fn set_event(&mut self, event: NTPEvent) {
if let Some(tx) = self.transactions.last_mut() {
let ev = event as u8;
core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, ev);
tx.tx_data.set_event(event as u8);
self.events += 1;
}
}
@ -149,22 +145,9 @@ impl NTPTransaction {
NTPTransaction {
xid: 0,
id: id,
events: std::ptr::null_mut(),
tx_data: applayer::AppLayerTxData::new(),
}
}
fn free(&mut self) {
if !self.events.is_null() {
core::sc_app_layer_decoder_events_free_events(&mut self.events);
}
}
}
impl Drop for NTPTransaction {
fn drop(&mut self) {
self.free();
}
}
/// Returns *mut NTPState
@ -251,14 +234,6 @@ pub extern "C" fn rs_ntp_tx_get_alstate_progress(_tx: *mut std::os::raw::c_void,
1
}
#[no_mangle]
pub unsafe extern "C" fn rs_ntp_state_get_events(tx: *mut std::os::raw::c_void)
-> *mut core::AppLayerDecoderEvents
{
let tx = cast_pointer!(tx, NTPTransaction);
return tx.events;
}
static mut ALPROTO_NTP : AppProto = ALPROTO_UNKNOWN;
#[no_mangle]
@ -311,7 +286,6 @@ pub unsafe extern "C" fn rs_register_ntp_parser() {
tx_comp_st_ts : 1,
tx_comp_st_tc : 1,
tx_get_progress : rs_ntp_tx_get_alstate_progress,
get_events : Some(rs_ntp_state_get_events),
get_eventinfo : Some(NTPEvent::get_event_info),
get_eventinfo_byid : Some(NTPEvent::get_event_info_by_id),
localstorage_new : None,

1
rust/src/rdp/rdp.rs
Unescape Escape View File

@ -475,7 +475,6 @@ pub unsafe extern "C" fn rs_rdp_register_parser() {
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_rdp_tx_get_progress,
get_events: None,
get_eventinfo: None,
get_eventinfo_byid: None,
localstorage_new: None,

25
rust/src/rfb/rfb.rs
Unescape Escape View File

@ -19,7 +19,7 @@
use std;
use std::ffi::CString;
use crate::core::{self, ALPROTO_UNKNOWN, AppProto, Flow, IPPROTO_TCP};
use crate::core::{ALPROTO_UNKNOWN, AppProto, Flow, IPPROTO_TCP};
use crate::applayer;
use crate::applayer::*;
use nom;
@ -44,7 +44,6 @@ pub struct RFBTransaction {
pub tc_failure_reason: Option<parser::FailureReason>,
pub tc_server_init: Option<parser::ServerInit>,
events: *mut core::AppLayerDecoderEvents,
tx_data: applayer::AppLayerTxData,
}
@ -73,22 +72,9 @@ impl RFBTransaction {
tc_failure_reason: None,
tc_server_init: None,
events: std::ptr::null_mut(),
tx_data: applayer::AppLayerTxData::new(),
}
}
pub fn free(&mut self) {
if !self.events.is_null() {
core::sc_app_layer_decoder_events_free_events(&mut self.events);
}
}
}
impl Drop for RFBTransaction {
fn drop(&mut self) {
self.free();
}
}
pub struct RFBState {
@ -581,14 +567,6 @@ pub unsafe extern "C" fn rs_rfb_tx_get_alstate_progress(
return 0;
}
#[no_mangle]
pub unsafe extern "C" fn rs_rfb_state_get_events(
tx: *mut std::os::raw::c_void
) -> *mut core::AppLayerDecoderEvents {
let tx = cast_pointer!(tx, RFBTransaction);
return tx.events;
}
// Parser name as a C style string.
const PARSER_NAME: &'static [u8] = b"rfb\0";
@ -614,7 +592,6 @@ pub unsafe extern "C" fn rs_rfb_register_parser() {
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_rfb_tx_get_alstate_progress,
get_events: Some(rs_rfb_state_get_events),
get_eventinfo: None,
get_eventinfo_byid: None,
localstorage_new: None,

22
rust/src/sip/sip.rs
Unescape Escape View File

@ -48,7 +48,6 @@ pub struct SIPTransaction {
pub response: Option<Response>,
pub request_line: Option<String>,
pub response_line: Option<String>,
events: *mut core::AppLayerDecoderEvents,
tx_data: applayer::AppLayerTxData,
}
@ -92,8 +91,7 @@ impl SIPState {
fn set_event(&mut self, event: SIPEvent) {
if let Some(tx) = self.transactions.last_mut() {
let ev = event as u8;
core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, ev);
tx.tx_data.set_event(event as u8);
}
}
@ -150,20 +148,11 @@ impl SIPTransaction {
response: None,
request_line: None,
response_line: None,
events: std::ptr::null_mut(),
tx_data: applayer::AppLayerTxData::new(),
}
}
}
impl Drop for SIPTransaction {
fn drop(&mut self) {
if !self.events.is_null() {
core::sc_app_layer_decoder_events_free_events(&mut self.events);
}
}
}
#[no_mangle]
pub extern "C" fn rs_sip_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
let state = SIPState::new();
@ -209,14 +198,6 @@ pub extern "C" fn rs_sip_tx_get_alstate_progress(
1
}
#[no_mangle]
pub unsafe extern "C" fn rs_sip_state_get_events(
tx: *mut std::os::raw::c_void,
) -> *mut core::AppLayerDecoderEvents {
let tx = cast_pointer!(tx, SIPTransaction);
return tx.events;
}
static mut ALPROTO_SIP: AppProto = ALPROTO_UNKNOWN;
#[no_mangle]
@ -304,7 +285,6 @@ pub unsafe extern "C" fn rs_sip_register_parser() {
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_sip_tx_get_alstate_progress,
get_events: Some(rs_sip_state_get_events),
get_eventinfo: Some(SIPEvent::get_event_info),
get_eventinfo_byid: Some(SIPEvent::get_event_info_by_id),
localstorage_new: None,

6
rust/src/smb/events.rs
Unescape Escape View File

@ -15,7 +15,6 @@
* 02110-1301, USA.
*/
use crate::core::*;
use crate::smb::smb::*;
#[derive(AppLayerEvent)]
@ -33,13 +32,13 @@ pub enum SMBEvent {
impl SMBTransaction {
/// Set event.
pub fn set_event(&mut self, e: SMBEvent) {
sc_app_layer_decoder_events_set_event_raw(&mut self.events, e as u8);
self.tx_data.set_event(e as u8);
}
/// Set events from vector of events.
pub fn set_events(&mut self, events: Vec<SMBEvent>) {
for e in events {
sc_app_layer_decoder_events_set_event_raw(&mut self.events, e as u8);
self.tx_data.set_event(e as u8);
}
}
}
@ -54,6 +53,5 @@ impl SMBState {
let tx = &mut self.transactions[len - 1];
tx.set_event(event);
//sc_app_layer_decoder_events_set_event_raw(&mut tx.events, event as u8);
}
}

14
rust/src/smb/smb.rs
Unescape Escape View File

@ -536,7 +536,6 @@ pub struct SMBTransaction {
/// Command specific data
pub type_data: Option<SMBTransactionTypeData>,
pub events: *mut AppLayerDecoderEvents,
pub tx_data: AppLayerTxData,
}
@ -555,7 +554,6 @@ impl SMBTransaction {
request_done: false,
response_done: false,
type_data: None,
events: std::ptr::null_mut(),
tx_data: AppLayerTxData::new(),
}
}
@ -572,9 +570,6 @@ impl SMBTransaction {
pub fn free(&mut self) {
debug_validate_bug_on!(self.tx_data.files_opened > 1);
debug_validate_bug_on!(self.tx_data.files_logged > 1);
if !self.events.is_null() {
sc_app_layer_decoder_events_free_events(&mut self.events);
}
}
}
@ -2064,14 +2059,6 @@ pub unsafe extern "C" fn rs_smb_state_truncate(
}
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_state_get_events(tx: *mut std::os::raw::c_void)
-> *mut AppLayerDecoderEvents
{
let tx = cast_pointer!(tx, SMBTransaction);
return tx.events;
}
#[no_mangle]
pub unsafe extern "C" fn rs_smb_state_get_event_info_by_id(
event_id: std::os::raw::c_int,
@ -2171,7 +2158,6 @@ pub unsafe extern "C" fn rs_smb_register_parser() {
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_smb_tx_get_alstate_progress,
get_events: Some(rs_smb_state_get_events),
get_eventinfo: Some(rs_smb_state_get_event_info),
get_eventinfo_byid : Some(rs_smb_state_get_event_info_by_id),
localstorage_new: None,

35
rust/src/snmp/snmp.rs
Unescape Escape View File

@ -77,9 +77,6 @@ pub struct SNMPTransaction<'a> {
/// The internal transaction id
id: u64,
/// The events associated with this transaction
events: *mut core::AppLayerDecoderEvents,
tx_data: applayer::AppLayerTxData,
}
@ -224,14 +221,13 @@ impl<'a> SNMPState<'a> {
/// Set an event. The event is set on the most recent transaction.
fn set_event(&mut self, event: SNMPEvent) {
if let Some(tx) = self.transactions.last_mut() {
let ev = event as u8;
core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, ev);
tx.tx_data.set_event(event as u8);
}
}
/// Set an event on a specific transaction.
fn set_event_tx(&self, tx: &mut SNMPTransaction, event: SNMPEvent) {
core::sc_app_layer_decoder_events_set_event_raw(&mut tx.events, event as u8);
tx.tx_data.set_event(event as u8);
}
}
@ -244,29 +240,11 @@ impl<'a> SNMPTransaction<'a> {
usm: None,
encrypted: false,
id: id,
events: std::ptr::null_mut(),
tx_data: applayer::AppLayerTxData::new(),
}
}
fn free(&mut self) {
if !self.events.is_null() {
core::sc_app_layer_decoder_events_free_events(&mut self.events);
}
}
}
impl<'a> Drop for SNMPTransaction<'a> {
fn drop(&mut self) {
self.free();
}
}
/// Returns *mut SNMPState
#[no_mangle]
pub extern "C" fn rs_snmp_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
@ -345,14 +323,6 @@ pub extern "C" fn rs_snmp_tx_get_alstate_progress(_tx: *mut std::os::raw::c_void
1
}
#[no_mangle]
pub unsafe extern "C" fn rs_snmp_state_get_events(tx: *mut std::os::raw::c_void)
-> *mut core::AppLayerDecoderEvents
{
let tx = cast_pointer!(tx, SNMPTransaction);
return tx.events;
}
static mut ALPROTO_SNMP : AppProto = ALPROTO_UNKNOWN;
// Read PDU sequence and extract version, if similar to SNMP definition
@ -422,7 +392,6 @@ pub unsafe extern "C" fn rs_register_snmp_parser() {
tx_comp_st_ts : 1,
tx_comp_st_tc : 1,
tx_get_progress : rs_snmp_tx_get_alstate_progress,
get_events : Some(rs_snmp_state_get_events),
get_eventinfo : Some(SNMPEvent::get_event_info),
get_eventinfo_byid : Some(SNMPEvent::get_event_info_by_id),
localstorage_new : None,

28
rust/src/ssh/ssh.rs
Unescape Escape View File

@ -17,7 +17,7 @@
use super::parser;
use crate::applayer::*;
use crate::core::{self, *};
use crate::core::*;
use nom7::Err;
use std::ffi::CString;
use std::sync::atomic::{AtomicBool, Ordering};
@ -82,7 +82,6 @@ pub struct SSHTransaction {
pub srv_hdr: SshHeader,
pub cli_hdr: SshHeader,
events: *mut core::AppLayerDecoderEvents,
tx_data: AppLayerTxData,
}
@ -91,22 +90,9 @@ impl SSHTransaction {
SSHTransaction {
srv_hdr: SshHeader::new(),
cli_hdr: SshHeader::new(),
events: std::ptr::null_mut(),
tx_data: AppLayerTxData::new(),
}
}
pub fn free(&mut self) {
if !self.events.is_null() {
core::sc_app_layer_decoder_events_free_events(&mut self.events);
}
}
}
impl Drop for SSHTransaction {
fn drop(&mut self) {
self.free();
}
}
pub struct SSHState {
@ -121,8 +107,7 @@ impl SSHState {
}
fn set_event(&mut self, event: SSHEvent) {
let ev = event as u8;
core::sc_app_layer_decoder_events_set_event_raw(&mut self.transaction.events, ev);
self.transaction.tx_data.set_event(event as u8);
}
fn parse_record(
@ -348,14 +333,6 @@ impl SSHState {
export_tx_data_get!(rs_ssh_get_tx_data, SSHTransaction);
#[no_mangle]
pub unsafe extern "C" fn rs_ssh_state_get_events(
tx: *mut std::os::raw::c_void,
) -> *mut core::AppLayerDecoderEvents {
let tx = cast_pointer!(tx, SSHTransaction);
return tx.events;
}
#[no_mangle]
pub extern "C" fn rs_ssh_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
let state = SSHState::new();
@ -477,7 +454,6 @@ pub unsafe extern "C" fn rs_ssh_register_parser() {
tx_comp_st_ts: SSHConnectionState::SshStateFinished as i32,
tx_comp_st_tc: SSHConnectionState::SshStateFinished as i32,
tx_get_progress: rs_ssh_tx_get_alstate_progress,
get_events: Some(rs_ssh_state_get_events),
get_eventinfo: Some(SSHEvent::get_event_info),
get_eventinfo_byid: Some(SSHEvent::get_event_info_by_id),
localstorage_new: None,

23
src/app-layer-dnp3.c
Unescape Escape View File

@ -466,7 +466,7 @@ static void *DNP3StateAlloc(void *orig_state, AppProto proto_orig)
static void DNP3SetEvent(DNP3State *dnp3, uint8_t event)
{
if (dnp3 && dnp3->curr) {
AppLayerDecoderEventsSetEventRaw(&dnp3->curr->decoder_events, event);
AppLayerDecoderEventsSetEventRaw(&dnp3->curr->tx_data.events, event);
dnp3->events++;
}
else {
@ -479,7 +479,7 @@ static void DNP3SetEvent(DNP3State *dnp3, uint8_t event)
*/
static void DNP3SetEventTx(DNP3Transaction *tx, uint8_t event)
{
AppLayerDecoderEventsSetEventRaw(&tx->decoder_events, event);
AppLayerDecoderEventsSetEventRaw(&tx->tx_data.events, event);
tx->dnp3->events++;
}
@ -1329,11 +1329,6 @@ error:
SCReturnStruct(APP_LAYER_ERROR);
}
static AppLayerDecoderEvents *DNP3GetEvents(void *tx)
{
return ((DNP3Transaction *) tx)->decoder_events;
}
static void *DNP3GetTx(void *alstate, uint64_t tx_id)
{
SCEnter();
@ -1390,7 +1385,7 @@ static void DNP3TxFree(DNP3Transaction *tx)
SCFree(tx->response_buffer);
}
AppLayerDecoderEventsFreeEvents(&tx->decoder_events);
AppLayerDecoderEventsFreeEvents(&tx->tx_data.events);
if (tx->tx_data.de_state != NULL) {
DetectEngineStateFree(tx->tx_data.de_state);
@ -1426,11 +1421,10 @@ static void DNP3StateTxFree(void *state, uint64_t tx_id)
dnp3->curr = NULL;
}
if (tx->decoder_events != NULL) {
if (tx->decoder_events->cnt <= dnp3->events) {
dnp3->events -= tx->decoder_events->cnt;
}
else {
if (tx->tx_data.events != NULL) {
if (tx->tx_data.events->cnt <= dnp3->events) {
dnp3->events -= tx->tx_data.events->cnt;
} else {
dnp3->events = 0;
}
}
@ -1601,9 +1595,6 @@ void RegisterDNP3Parsers(void)
AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_DNP3,
DNP3StateAlloc, DNP3StateFree);
AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_DNP3,
DNP3GetEvents);
AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_DNP3, DNP3GetTx);
AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_DNP3, DNP3GetTxCnt);
AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_DNP3,

3
src/app-layer-dnp3.h
Unescape Escape View File

@ -243,9 +243,6 @@ typedef struct DNP3Transaction_ {
* we do not know. */
DNP3ObjectList response_objects;
AppLayerDecoderEvents *decoder_events; /**< Per transcation
* decoder events. */
TAILQ_ENTRY(DNP3Transaction_) next;
} DNP3Transaction;

2
src/app-layer-enip-common.h
Unescape Escape View File

@ -206,8 +206,6 @@ typedef struct ENIPTransaction_
TAILQ_HEAD(, CIPServiceEntry_) service_list; /**< list for CIP */
AppLayerDecoderEvents *decoder_events; /**< per tx events */
TAILQ_ENTRY(ENIPTransaction_) next;
AppLayerTxData tx_data;
} ENIPTransaction;

20
src/app-layer-enip.c
Unescape Escape View File

@ -96,11 +96,6 @@ static uint64_t ENIPGetTxCnt(void *alstate)
return ((ENIPState *)alstate)->transaction_max;
}
static AppLayerDecoderEvents *ENIPGetEvents(void *tx)
{
return ((ENIPTransaction *)tx)->decoder_events;
}
static int ENIPStateGetEventInfo(const char *event_name, int *event_id, AppLayerEventType *event_type)
{
*event_id = SCMapEnumNameToValue(event_name, enip_decoder_event_table);
@ -181,7 +176,7 @@ static void ENIPTransactionFree(ENIPTransaction *tx, ENIPState *state)
SCFree(svc);
}
AppLayerDecoderEventsFreeEvents(&tx->decoder_events);
AppLayerDecoderEventsFreeEvents(&tx->tx_data.events);
if (tx->tx_data.de_state != NULL) {
DetectEngineStateFree(tx->tx_data.de_state);
@ -270,12 +265,11 @@ static void ENIPStateTransactionFree(void *state, uint64_t tx_id)
if (tx == enip_state->curr)
enip_state->curr = NULL;
if (tx->decoder_events != NULL)
{
if (tx->decoder_events->cnt <= enip_state->events)
enip_state->events -= tx->decoder_events->cnt;
if (tx->tx_data.events != NULL) {
if (tx->tx_data.events->cnt <= enip_state->events)
enip_state->events -= tx->tx_data.events->cnt;
else
enip_state->events = 0;
enip_state->events = 0;
}
TAILQ_REMOVE(&enip_state->tx_list, tx, next);
@ -497,8 +491,6 @@ void RegisterENIPUDPParsers(void)
AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_ENIP,
ENIPStateAlloc, ENIPStateFree);
AppLayerParserRegisterGetEventsFunc(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetEvents);
AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetTxData);
AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetTxCnt);
@ -572,8 +564,6 @@ void RegisterENIPTCPParsers(void)
AppLayerParserRegisterStateFuncs(IPPROTO_TCP, ALPROTO_ENIP,
ENIPStateAlloc, ENIPStateFree);
AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetEvents);
AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetTxData);
AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetTxCnt);

2
src/app-layer-ftp.c
Unescape Escape View File

@ -863,8 +863,6 @@ static void FTPStateFree(void *s)
if (fstate->line_state[1].db)
FTPFree(fstate->line_state[1].db, fstate->line_state[1].db_len);
//AppLayerDecoderEventsFreeEvents(&s->decoder_events);
FTPTransaction *tx = NULL;
while ((tx = TAILQ_FIRST(&fstate->tx_list))) {
TAILQ_REMOVE(&fstate->tx_list, tx, next);

4
src/app-layer-htp-file.c
Unescape Escape View File

@ -180,7 +180,7 @@ static int HTPParseAndCheckContentRange(
{
int r = HTPParseContentRange(rawvalue, range);
if (r != 0) {
AppLayerDecoderEventsSetEventRaw(&htud->decoder_events, HTTP_DECODER_EVENT_RANGE_INVALID);
AppLayerDecoderEventsSetEventRaw(&htud->tx_data.events, HTTP_DECODER_EVENT_RANGE_INVALID);
s->events++;
SCLogDebug("parsing range failed, going back to normal file");
return r;
@ -197,7 +197,7 @@ static int HTPParseAndCheckContentRange(
SCLogDebug("range without all information");
return -3;
} else if (range->start > range->end) {
AppLayerDecoderEventsSetEventRaw(&htud->decoder_events, HTTP_DECODER_EVENT_RANGE_INVALID);
AppLayerDecoderEventsSetEventRaw(&htud->tx_data.events, HTTP_DECODER_EVENT_RANGE_INVALID);
s->events++;
SCLogDebug("invalid range");
return -4;

20
src/app-layer-htp.c
Unescape Escape View File

@ -262,7 +262,7 @@ static void HTPSetEvent(HtpState *s, HtpTxUserData *htud,
SCLogDebug("setting event %u", e);
if (htud) {
AppLayerDecoderEventsSetEventRaw(&htud->decoder_events, e);
AppLayerDecoderEventsSetEventRaw(&htud->tx_data.events, e);
s->events++;
return;
}
@ -276,7 +276,7 @@ static void HTPSetEvent(HtpState *s, HtpTxUserData *htud,
if (tx != NULL) {
htud = (HtpTxUserData *) htp_tx_get_user_data(tx);
if (htud != NULL) {
AppLayerDecoderEventsSetEventRaw(&htud->decoder_events, e);
AppLayerDecoderEventsSetEventRaw(&htud->tx_data.events, e);
s->events++;
return;
}
@ -284,19 +284,6 @@ static void HTPSetEvent(HtpState *s, HtpTxUserData *htud,
SCLogDebug("couldn't set event %u", e);
}
static AppLayerDecoderEvents *HTPGetEvents(void *tx)
{
SCLogDebug("get HTTP events for TX %p", tx);
HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx);
if (htud != NULL) {
SCLogDebug("has htud, htud->decoder_events %p", htud->decoder_events);
return htud->decoder_events;
}
return NULL;
}
/** \brief Function to allocates the HTTP state memory and also creates the HTTP
* connection parser to be used by the HTP library
*/
@ -332,7 +319,7 @@ static void HtpTxUserDataFree(HtpState *state, HtpTxUserData *htud)
HTPFree(htud->request_headers_raw, htud->request_headers_raw_len);
if (htud->response_headers_raw)
HTPFree(htud->response_headers_raw, htud->response_headers_raw_len);
AppLayerDecoderEventsFreeEvents(&htud->decoder_events);
AppLayerDecoderEventsFreeEvents(&htud->tx_data.events);
if (htud->boundary)
HTPFree(htud->boundary, htud->boundary_len);
if (htud->tx_data.de_state != NULL) {
@ -3089,7 +3076,6 @@ void RegisterHTPParsers(void)
AppLayerParserRegisterStateProgressCompletionStatus(
ALPROTO_HTTP1, HTP_REQUEST_COMPLETE, HTP_RESPONSE_COMPLETE);
AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_HTTP1, HTPGetEvents);
AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetEventInfo);
AppLayerParserRegisterGetEventInfoById(
IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetEventInfoById);

2
src/app-layer-htp.h
Unescape Escape View File

@ -228,8 +228,6 @@ typedef struct HtpTxUserData_ {
uint32_t request_headers_raw_len;
uint32_t response_headers_raw_len;
AppLayerDecoderEvents *decoder_events; /**< per tx events */
/** Holds the boundary identification string if any (used on
* multipart/form-data only)
*/

23
src/app-layer-parser.c
Unescape Escape View File

@ -105,7 +105,6 @@ typedef struct AppLayerParserProtoCtx_
void (*Truncate)(void *, uint8_t);
FileContainer *(*StateGetFiles)(void *, uint8_t);
AppLayerDecoderEvents *(*StateGetEvents)(void *);
int (*StateGetProgress)(void *alstate, uint8_t direction);
uint64_t (*StateGetTxCnt)(void *alstate);
@ -429,17 +428,6 @@ void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto,
SCReturn;
}
void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto alproto,
AppLayerDecoderEvents *(*StateGetEvents)(void *))
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateGetEvents =
StateGetEvents;
SCReturn;
}
void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits)
{
SCEnter();
@ -833,11 +821,10 @@ AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alp
AppLayerDecoderEvents *ptr = NULL;
if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetEvents != NULL)
{
ptr = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateGetEvents(tx);
/* Access events via the tx_data. */
AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
if (txd != NULL && txd->events != NULL) {
ptr = txd->events;
}
SCReturnPtr(ptr, "AppLayerDecoderEvents *");
@ -1487,7 +1474,7 @@ static void ValidateParserProtoDump(AppProto alproto, uint8_t ipproto)
printf("- StateGetProgress %p\n", ctx->StateGetProgress);
printf("Optional:\n");
printf("- LocalStorageAlloc %p LocalStorageFree %p\n", ctx->LocalStorageAlloc, ctx->LocalStorageFree);
printf("- StateGetEvents %p StateGetEventInfo %p StateGetEventInfoById %p\n", ctx->StateGetEvents, ctx->StateGetEventInfo,
printf("- StateGetEventInfo %p StateGetEventInfoById %p\n", ctx->StateGetEventInfo,
ctx->StateGetEventInfoById);
}

4
src/app-layer-parser.h
Unescape Escape View File

@ -177,8 +177,8 @@ void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto proto,
void (*LocalStorageFree)(void *));
void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto,
FileContainer *(*StateGetFiles)(void *, uint8_t));
void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto proto,
AppLayerDecoderEvents *(*StateGetEvents)(void *) __attribute__((nonnull)));
// void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto proto,
// AppLayerDecoderEvents *(*StateGetEvents)(void *) __attribute__((nonnull)));
void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto,
LoggerId (*StateGetTxLogged)(void *, void *),
void (*StateSetTxLogged)(void *, void *, LoggerId));

4
src/app-layer-register.c
Unescape Escape View File

@ -145,10 +145,6 @@ int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto)
AppLayerParserRegisterGetEventInfoById(p->ip_proto, alproto,
p->StateGetEventInfoById);
}
if (p->StateGetEvents) {
AppLayerParserRegisterGetEventsFunc(p->ip_proto, alproto,
p->StateGetEvents);
}
if (p->LocalStorageAlloc && p->LocalStorageFree) {
AppLayerParserRegisterLocalStorageFunc(p->ip_proto, alproto,
p->LocalStorageAlloc, p->LocalStorageFree);

1
src/app-layer-register.h
Unescape Escape View File

@ -49,7 +49,6 @@ typedef struct AppLayerParser {
const int complete_tc;
int (*StateGetProgress)(void *alstate, uint8_t direction);
AppLayerDecoderEvents *(*StateGetEvents)(void *);
int (*StateGetEventInfo)(const char *event_name,
int *event_id, AppLayerEventType *event_type);
int (*StateGetEventInfoById)(int event_id, const char **event_name,

22
src/app-layer-smtp.c
Unescape Escape View File

@ -353,8 +353,8 @@ static void SMTPSetEvent(SMTPState *s, uint8_t e)
SCLogDebug("setting event %u", e);
if (s->curr_tx != NULL) {
AppLayerDecoderEventsSetEventRaw(&s->curr_tx->decoder_events, e);
// s->events++;
AppLayerDecoderEventsSetEventRaw(&s->curr_tx->tx_data.events, e);
// s->events++;
return;
}
SCLogDebug("couldn't set event %u", e);
@ -1530,8 +1530,8 @@ static void SMTPTransactionFree(SMTPTransaction *tx, SMTPState *state)
/* Free list of MIME message recursively */
MimeDecFreeEntity(tx->msg_head);
if (tx->decoder_events != NULL)
AppLayerDecoderEventsFreeEvents(&tx->decoder_events);
if (tx->tx_data.events != NULL)
AppLayerDecoderEventsFreeEvents(&tx->tx_data.events);
if (tx->tx_data.de_state != NULL)
DetectEngineStateFree(tx->tx_data.de_state);
@ -1544,12 +1544,6 @@ static void SMTPTransactionFree(SMTPTransaction *tx, SMTPState *state)
TAILQ_REMOVE(&tx->rcpt_to_list, str, next);
SMTPStringFree(str);
}
#if 0
if (tx->decoder_events->cnt <= smtp_state->events)
smtp_state->events -= tx->decoder_events->cnt;
else
smtp_state->events = 0;
#endif
SCFree(tx);
}
@ -1755,13 +1749,6 @@ static void SMTPStateTruncate(void *state, uint8_t direction)
}
}
static AppLayerDecoderEvents *SMTPGetEvents(void *tx)
{
SCLogDebug("get SMTP events for TX %p", tx);
return ((SMTPTransaction *)tx)->decoder_events;
}
static AppLayerTxData *SMTPGetTxData(void *vtx)
{
SMTPTransaction *tx = (SMTPTransaction *)vtx;
@ -1795,7 +1782,6 @@ void RegisterSMTPParsers(void)
AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateGetEventInfo);
AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateGetEventInfoById);
AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPGetEvents);
AppLayerParserRegisterLocalStorageFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPLocalStorageAlloc,
SMTPLocalStorageFree);

2
src/app-layer-smtp.h
Unescape Escape View File

@ -79,8 +79,6 @@ typedef struct SMTPTransaction_ {
/** the mime decoding parser state */
MimeDecParseState *mime_state;
AppLayerDecoderEvents *decoder_events; /**< per tx events */
/* MAIL FROM parameters */
uint8_t *mail_from;
uint16_t mail_from_len;

13
src/app-layer-ssl.c
Unescape Escape View File

@ -240,17 +240,10 @@ void SSLSetEvent(SSLState *ssl_state, uint8_t event)
return;
}
AppLayerDecoderEventsSetEventRaw(&ssl_state->decoder_events, event);
AppLayerDecoderEventsSetEventRaw(&ssl_state->tx_data.events, event);
ssl_state->events++;
}
static AppLayerDecoderEvents *SSLGetEvents(void *tx)
{
/* for TLS, TX == state, see GetTx */
SSLState *ssl_state = (SSLState *)tx;
return ssl_state->decoder_events;
}
static void *SSLGetTx(void *state, uint64_t tx_id)
{
SSLState *ssl_state = (SSLState *)state;
@ -2678,7 +2671,7 @@ static void SSLStateFree(void *p)
if (ssl_state->server_connp.ja3_hash)
SCFree(ssl_state->server_connp.ja3_hash);
AppLayerDecoderEventsFreeEvents(&ssl_state->decoder_events);
AppLayerDecoderEventsFreeEvents(&ssl_state->tx_data.events);
if (ssl_state->tx_data.de_state != NULL) {
DetectEngineStateFree(ssl_state->tx_data.de_state);
@ -2953,8 +2946,6 @@ void RegisterSSLParsers(void)
AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_TLS, SSLStateTransactionFree);
AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetEvents);
AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData);

2
src/app-layer-ssl.h
Unescape Escape View File

@ -249,8 +249,6 @@ typedef struct SSLState_ {
SSLStateConnp client_connp;
SSLStateConnp server_connp;
AppLayerDecoderEvents *decoder_events;
} SSLState;
void RegisterSSLParsers(void);

12
src/app-layer-template.c
Unescape Escape View File

@ -100,7 +100,7 @@ static void TemplateTxFree(void *txv)
SCFree(tx->response_buffer);
}
AppLayerDecoderEventsFreeEvents(&tx->decoder_events);
AppLayerDecoderEventsFreeEvents(&tx->tx_data.events);
SCFree(tx);
}
@ -190,11 +190,6 @@ static int TemplateStateGetEventInfoById(int event_id, const char **event_name,
return 0;
}
static AppLayerDecoderEvents *TemplateGetEvents(void *tx)
{
return ((TemplateTransaction *)tx)->decoder_events;
}
/**
* \brief Probe the input to server to see if it looks like template.
*
@ -303,8 +298,7 @@ static AppLayerResult TemplateParseRequest(Flow *f, void *statev,
if ((input_len == 1 && tx->request_buffer[0] == '\n') ||
(input_len == 2 && tx->request_buffer[0] == '\r')) {
SCLogNotice("Creating event for empty message.");
AppLayerDecoderEventsSetEventRaw(&tx->decoder_events,
TEMPLATE_DECODER_EVENT_EMPTY_MESSAGE);
AppLayerDecoderEventsSetEventRaw(&tx->tx_data.events, TEMPLATE_DECODER_EVENT_EMPTY_MESSAGE);
}
end:
@ -529,8 +523,6 @@ void RegisterTemplateParsers(void)
TemplateStateGetEventInfo);
AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_TEMPLATE,
TemplateStateGetEventInfoById);
AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_TEMPLATE,
TemplateGetEvents);
/* Leave this is if your parser can handle gaps, otherwise
* remove. */

4
src/app-layer-template.h
Unescape Escape View File

@ -38,10 +38,6 @@ typedef struct TemplateTransaction
/** Internal transaction ID. */
uint64_t tx_id;
/** Application layer events that occurred
* while parsing this transaction. */
AppLayerDecoderEvents *decoder_events;
uint8_t *request_buffer;
uint32_t request_buffer_len;

7
src/app-layer-tftp.c
Unescape Escape View File

@ -71,11 +71,6 @@ static int TFTPStateGetEventInfo(const char *event_name, int *event_id,
return -1;
}
static AppLayerDecoderEvents *TFTPGetEvents(void *tx)
{
return NULL;
}
/**
* \brief Probe the input to see if it looks like tftp.
*
@ -233,8 +228,6 @@ void RegisterTFTPParsers(void)
AppLayerParserRegisterGetEventInfo(IPPROTO_UDP, ALPROTO_TFTP,
TFTPStateGetEventInfo);
AppLayerParserRegisterGetEventsFunc(IPPROTO_UDP, ALPROTO_TFTP,
TFTPGetEvents);
AppLayerParserRegisterTxDataFunc(IPPROTO_UDP, ALPROTO_TFTP,
rs_tftp_get_tx_data);

Write Preview
Loading…
Cancel
Save