aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

app-layer: introduce common AppLayerStateData API

Browse Source 
Add per state structure for storing flags and other variables.
pull/7954/head
Victor Julien 5 years ago committed by Victor Julien
parent 96b642c32d
commit c27df6304d
45 changed files with 257 additions and 18 deletions
Show Stats Download Patch File Download Diff File

1
rust/cbindgen.toml
Unescape Escape View File

@ -73,6 +73,7 @@ documentation_style = "doxy"
# default: [] # default: []
include = [ include = [
"StreamSlice", "StreamSlice",
"AppLayerStateData",
"AppLayerGetTxIterTuple", "AppLayerGetTxIterTuple",
"RdpState", "RdpState",
"SIPState", "SIPState",

32
rust/src/applayer.rs
Unescape Escape View File

@ -173,6 +173,36 @@ macro_rules!export_tx_data_get {
} }
} }
#[repr(C)]
#[derive(Default,Debug,PartialEq,Copy,Clone)]
pub struct AppLayerStateData {
pub file_flags: u16,
}
impl AppLayerStateData {
pub fn new() -> Self {
Self {
file_flags: 0,
}
}
pub fn update_file_flags(&mut self, flags: u16) {
self.file_flags |= flags;
}
}
#[macro_export]
macro_rules!export_state_data_get {
($name:ident, $type:ty) => {
#[no_mangle]
pub unsafe extern "C" fn $name(state: *mut std::os::raw::c_void)
-> *mut crate::applayer::AppLayerStateData
{
let state = &mut *(state as *mut $type);
&mut state.state_data
}
}
}
#[repr(C)] #[repr(C)]
#[derive(Default,Debug,PartialEq,Copy,Clone)] #[derive(Default,Debug,PartialEq,Copy,Clone)]
pub struct AppLayerResult { pub struct AppLayerResult {
@ -297,6 +327,7 @@ pub struct RustParser {
/// Function to get the TX iterator /// Function to get the TX iterator
pub get_tx_iterator: Option<GetTxIteratorFn>, pub get_tx_iterator: Option<GetTxIteratorFn>,
pub get_state_data: GetStateDataFn,
pub get_tx_data: GetTxDataFn, pub get_tx_data: GetTxDataFn,
// Function to apply config to a TX. Optional. Normal (bidirectional) // Function to apply config to a TX. Optional. Normal (bidirectional)
@ -356,6 +387,7 @@ pub type GetTxIteratorFn = unsafe extern "C" fn (ipproto: u8, alproto: AppPro
istate: &mut u64) istate: &mut u64)
-> AppLayerGetTxIterTuple; -> AppLayerGetTxIterTuple;
pub type GetTxDataFn = unsafe extern "C" fn(*mut c_void) -> *mut AppLayerTxData; pub type GetTxDataFn = unsafe extern "C" fn(*mut c_void) -> *mut AppLayerTxData;
pub type GetStateDataFn = unsafe extern "C" fn(*mut c_void) -> *mut AppLayerStateData;
pub type ApplyTxConfigFn = unsafe extern "C" fn (*mut c_void, *mut c_void, c_int, AppLayerTxConfig); pub type ApplyTxConfigFn = unsafe extern "C" fn (*mut c_void, *mut c_void, c_int, AppLayerTxConfig);
pub type TruncateFn = unsafe extern "C" fn (*mut c_void, u8); pub type TruncateFn = unsafe extern "C" fn (*mut c_void, u8);
pub type GetFrameIdByName = unsafe extern "C" fn(*const c_char) -> c_int; pub type GetFrameIdByName = unsafe extern "C" fn(*const c_char) -> c_int;

4
rust/src/applayertemplate/template.rs
Unescape Escape View File

@ -54,6 +54,7 @@ impl Transaction for TemplateTransaction {
} }
pub struct TemplateState { pub struct TemplateState {
state_data: AppLayerStateData,
tx_id: u64, tx_id: u64,
transactions: VecDeque<TemplateTransaction>, transactions: VecDeque<TemplateTransaction>,
request_gap: bool, request_gap: bool,
@ -73,6 +74,7 @@ impl State<TemplateTransaction> for TemplateState {
impl TemplateState { impl TemplateState {
pub fn new() -> Self { pub fn new() -> Self {
Self { Self {
state_data: AppLayerStateData::new(),
tx_id: 0, tx_id: 0,
transactions: VecDeque::new(), transactions: VecDeque::new(),
request_gap: false, request_gap: false,
@ -423,6 +425,7 @@ pub unsafe extern "C" fn rs_template_get_response_buffer(
} }
export_tx_data_get!(rs_template_get_tx_data, TemplateTransaction); export_tx_data_get!(rs_template_get_tx_data, TemplateTransaction);
export_state_data_get!(rs_template_get_state_data, TemplateState);
// Parser name as a C style string. // Parser name as a C style string.
const PARSER_NAME: &'static [u8] = b"template-rust\0"; const PARSER_NAME: &'static [u8] = b"template-rust\0";
@ -455,6 +458,7 @@ pub unsafe extern "C" fn rs_template_register_parser() {
get_files: None, get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<TemplateState, TemplateTransaction>), get_tx_iterator: Some(applayer::state_get_tx_iterator::<TemplateState, TemplateTransaction>),
get_tx_data: rs_template_get_tx_data, get_tx_data: rs_template_get_tx_data,
get_state_data: rs_template_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS, flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
truncate: None, truncate: None,

3
rust/src/dcerpc/dcerpc.rs
Unescape Escape View File

@ -321,6 +321,7 @@ pub struct DCERPCState {
pub ts_ssn_trunc: bool, /// true if Truncated in this direction pub ts_ssn_trunc: bool, /// true if Truncated in this direction
pub tc_ssn_trunc: bool, pub tc_ssn_trunc: bool,
pub flow: Option<*const core::Flow>, pub flow: Option<*const core::Flow>,
state_data: AppLayerStateData,
} }
impl State<DCERPCTransaction> for DCERPCState { impl State<DCERPCTransaction> for DCERPCState {
@ -1337,6 +1338,7 @@ fn register_pattern_probe() -> i8 {
0 0
} }
export_state_data_get!(rs_dcerpc_get_state_data, DCERPCState);
// Parser name as a C style string. // Parser name as a C style string.
pub const PARSER_NAME: &'static [u8] = b"dcerpc\0"; pub const PARSER_NAME: &'static [u8] = b"dcerpc\0";
@ -1368,6 +1370,7 @@ pub unsafe extern "C" fn rs_dcerpc_register_parser() {
get_files: None, get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<DCERPCState, DCERPCTransaction>), get_tx_iterator: Some(applayer::state_get_tx_iterator::<DCERPCState, DCERPCTransaction>),
get_tx_data: rs_dcerpc_get_tx_data, get_tx_data: rs_dcerpc_get_tx_data,
get_state_data: rs_dcerpc_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS, flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
truncate: None, truncate: None,

4
rust/src/dcerpc/dcerpc_udp.rs
Unescape Escape View File

@ -55,6 +55,7 @@ pub struct DCERPCHdrUdp {
#[derive(Default, Debug)] #[derive(Default, Debug)]
pub struct DCERPCUDPState { pub struct DCERPCUDPState {
state_data: AppLayerStateData,
pub tx_id: u64, pub tx_id: u64,
pub transactions: VecDeque<DCERPCTransaction>, pub transactions: VecDeque<DCERPCTransaction>,
} }
@ -333,6 +334,8 @@ fn register_pattern_probe() -> i8 {
0 0
} }
export_state_data_get!(rs_dcerpc_udp_get_state_data, DCERPCUDPState);
#[no_mangle] #[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_udp_register_parser() { pub unsafe extern "C" fn rs_dcerpc_udp_register_parser() {
let parser = RustParser { let parser = RustParser {
@ -360,6 +363,7 @@ pub unsafe extern "C" fn rs_dcerpc_udp_register_parser() {
get_files: None, get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<DCERPCUDPState, DCERPCTransaction>), get_tx_iterator: Some(applayer::state_get_tx_iterator::<DCERPCUDPState, DCERPCTransaction>),
get_tx_data: rs_dcerpc_udp_get_tx_data, get_tx_data: rs_dcerpc_udp_get_tx_data,
get_state_data: rs_dcerpc_udp_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS, flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None, truncate: None,

6
rust/src/dhcp/dhcp.rs
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2018-2020 Open Information Security Foundation /* Copyright (C) 2018-2021 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -99,6 +99,8 @@ impl Transaction for DHCPTransaction {
#[derive(Default)] #[derive(Default)]
pub struct DHCPState { pub struct DHCPState {
state_data: AppLayerStateData,
// Internal transaction ID. // Internal transaction ID.
tx_id: u64, tx_id: u64,
@ -264,6 +266,7 @@ pub unsafe extern "C" fn rs_dhcp_state_free(state: *mut std::os::raw::c_void) {
} }
export_tx_data_get!(rs_dhcp_get_tx_data, DHCPTransaction); export_tx_data_get!(rs_dhcp_get_tx_data, DHCPTransaction);
export_state_data_get!(rs_dhcp_get_state_data, DHCPState);
const PARSER_NAME: &'static [u8] = b"dhcp\0"; const PARSER_NAME: &'static [u8] = b"dhcp\0";
@ -296,6 +299,7 @@ pub unsafe extern "C" fn rs_dhcp_register_parser() {
get_files : None, get_files : None,
get_tx_iterator : Some(applayer::state_get_tx_iterator::<DHCPState, DHCPTransaction>), get_tx_iterator : Some(applayer::state_get_tx_iterator::<DHCPState, DHCPTransaction>),
get_tx_data : rs_dhcp_get_tx_data, get_tx_data : rs_dhcp_get_tx_data,
get_state_data : rs_dhcp_get_state_data,
apply_tx_config : None, apply_tx_config : None,
flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS, flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate : None, truncate : None,

6
rust/src/dns/dns.rs
Unescape Escape View File

@ -315,6 +315,8 @@ impl ConfigTracker {
#[derive(Default)] #[derive(Default)]
pub struct DNSState { pub struct DNSState {
state_data: AppLayerStateData,
// Internal transaction ID. // Internal transaction ID.
pub tx_id: u64, pub tx_id: u64,
@ -824,6 +826,8 @@ pub unsafe extern "C" fn rs_dns_state_get_tx_data(
return &mut tx.tx_data; return &mut tx.tx_data;
} }
export_state_data_get!(rs_dns_get_state_data, DNSState);
#[no_mangle] #[no_mangle]
pub unsafe extern "C" fn rs_dns_tx_get_query_name(tx: &mut DNSTransaction, pub unsafe extern "C" fn rs_dns_tx_get_query_name(tx: &mut DNSTransaction,
i: u32, i: u32,
@ -979,6 +983,7 @@ pub unsafe extern "C" fn rs_dns_udp_register_parser() {
get_files: None, get_files: None,
get_tx_iterator: Some(crate::applayer::state_get_tx_iterator::<DNSState, DNSTransaction>), get_tx_iterator: Some(crate::applayer::state_get_tx_iterator::<DNSState, DNSTransaction>),
get_tx_data: rs_dns_state_get_tx_data, get_tx_data: rs_dns_state_get_tx_data,
get_state_data: rs_dns_get_state_data,
apply_tx_config: Some(rs_dns_apply_tx_config), apply_tx_config: Some(rs_dns_apply_tx_config),
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS, flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None, truncate: None,
@ -1024,6 +1029,7 @@ pub unsafe extern "C" fn rs_dns_tcp_register_parser() {
get_files: None, get_files: None,
get_tx_iterator: Some(crate::applayer::state_get_tx_iterator::<DNSState, DNSTransaction>), get_tx_iterator: Some(crate::applayer::state_get_tx_iterator::<DNSState, DNSTransaction>),
get_tx_data: rs_dns_state_get_tx_data, get_tx_data: rs_dns_state_get_tx_data,
get_state_data: rs_dns_get_state_data,
apply_tx_config: Some(rs_dns_apply_tx_config), apply_tx_config: Some(rs_dns_apply_tx_config),
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS | APP_LAYER_PARSER_OPT_UNIDIR_TXS, flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS | APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None, truncate: None,

4
rust/src/http2/http2.rs
Unescape Escape View File

@ -393,6 +393,7 @@ impl HTTP2DynTable {
} }
pub struct HTTP2State { pub struct HTTP2State {
state_data: AppLayerStateData,
tx_id: u64, tx_id: u64,
request_frame_size: u32, request_frame_size: u32,
response_frame_size: u32, response_frame_size: u32,
@ -416,6 +417,7 @@ impl State<HTTP2Transaction> for HTTP2State {
impl HTTP2State { impl HTTP2State {
pub fn new() -> Self { pub fn new() -> Self {
Self { Self {
state_data: AppLayerStateData::new(),
tx_id: 0, tx_id: 0,
request_frame_size: 0, request_frame_size: 0,
response_frame_size: 0, response_frame_size: 0,
@ -1042,6 +1044,7 @@ impl HTTP2State {
// C exports. // C exports.
export_tx_data_get!(rs_http2_get_tx_data, HTTP2Transaction); export_tx_data_get!(rs_http2_get_tx_data, HTTP2Transaction);
export_state_data_get!(rs_http2_get_state_data, HTTP2State);
/// C entry point for a probing parser. /// C entry point for a probing parser.
#[no_mangle] #[no_mangle]
@ -1214,6 +1217,7 @@ pub unsafe extern "C" fn rs_http2_register_parser() {
get_files: Some(rs_http2_getfiles), get_files: Some(rs_http2_getfiles),
get_tx_iterator: Some(applayer::state_get_tx_iterator::<HTTP2State, HTTP2Transaction>), get_tx_iterator: Some(applayer::state_get_tx_iterator::<HTTP2State, HTTP2Transaction>),
get_tx_data: rs_http2_get_tx_data, get_tx_data: rs_http2_get_tx_data,
get_state_data: rs_http2_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: 0, flags: 0,
truncate: None, truncate: None,

5
rust/src/ike/ike.rs
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2020 Open Information Security Foundation /* Copyright (C) 2020-2021 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -138,6 +138,7 @@ impl IKETransaction {
#[derive(Default)] #[derive(Default)]
pub struct IKEState { pub struct IKEState {
state_data: AppLayerStateData,
tx_id: u64, tx_id: u64,
pub transactions: Vec<IKETransaction>, pub transactions: Vec<IKETransaction>,
@ -394,6 +395,7 @@ const PARSER_NAME: &'static [u8] = b"ike\0";
const PARSER_ALIAS: &'static [u8] = b"ikev2\0"; const PARSER_ALIAS: &'static [u8] = b"ikev2\0";
export_tx_data_get!(rs_ike_get_tx_data, IKETransaction); export_tx_data_get!(rs_ike_get_tx_data, IKETransaction);
export_state_data_get!(rs_ike_get_state_data, IKEState);
#[no_mangle] #[no_mangle]
pub unsafe extern "C" fn rs_ike_register_parser() { pub unsafe extern "C" fn rs_ike_register_parser() {
@ -423,6 +425,7 @@ pub unsafe extern "C" fn rs_ike_register_parser() {
get_files: None, get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<IKEState, IKETransaction>), get_tx_iterator: Some(applayer::state_get_tx_iterator::<IKEState, IKETransaction>),
get_tx_data: rs_ike_get_tx_data, get_tx_data: rs_ike_get_tx_data,
get_state_data: rs_ike_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS, flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None, truncate: None,

7
rust/src/krb/krb5.rs
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2017-2020 Open Information Security Foundation /* Copyright (C) 2017-2021 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -36,6 +36,8 @@ pub enum KRB5Event {
} }
pub struct KRB5State { pub struct KRB5State {
state_data: AppLayerStateData,
pub req_id: u8, pub req_id: u8,
pub record_ts: usize, pub record_ts: usize,
@ -103,6 +105,7 @@ pub fn to_hex_string(bytes: &[u8]) -> String {
impl KRB5State { impl KRB5State {
pub fn new() -> KRB5State { pub fn new() -> KRB5State {
KRB5State{ KRB5State{
state_data: AppLayerStateData::new(),
req_id: 0, req_id: 0,
record_ts: 0, record_ts: 0,
defrag_buf_ts: Vec::new(), defrag_buf_ts: Vec::new(),
@ -525,6 +528,7 @@ pub unsafe extern "C" fn rs_krb5_parse_response_tcp(_flow: *const core::Flow,
} }
export_tx_data_get!(rs_krb5_get_tx_data, KRB5Transaction); export_tx_data_get!(rs_krb5_get_tx_data, KRB5Transaction);
export_state_data_get!(rs_krb5_get_state_data, KRB5State);
const PARSER_NAME : &'static [u8] = b"krb5\0"; const PARSER_NAME : &'static [u8] = b"krb5\0";
@ -556,6 +560,7 @@ pub unsafe extern "C" fn rs_register_krb5_parser() {
get_files : None, get_files : None,
get_tx_iterator : Some(applayer::state_get_tx_iterator::<KRB5State, KRB5Transaction>), get_tx_iterator : Some(applayer::state_get_tx_iterator::<KRB5State, KRB5Transaction>),
get_tx_data : rs_krb5_get_tx_data, get_tx_data : rs_krb5_get_tx_data,
get_state_data : rs_krb5_get_state_data,
apply_tx_config : None, apply_tx_config : None,
flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS, flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate : None, truncate : None,

5
rust/src/modbus/modbus.rs
Unescape Escape View File

@ -90,6 +90,7 @@ impl ModbusTransaction {
} }
pub struct ModbusState { pub struct ModbusState {
state_data: AppLayerStateData,
pub transactions: Vec<ModbusTransaction>, pub transactions: Vec<ModbusTransaction>,
tx_id: u64, tx_id: u64,
givenup: bool, // Indicates flood givenup: bool, // Indicates flood
@ -108,6 +109,7 @@ impl State<ModbusTransaction> for ModbusState {
impl ModbusState { impl ModbusState {
pub fn new() -> Self { pub fn new() -> Self {
Self { Self {
state_data: AppLayerStateData::new(),
transactions: Vec::new(), transactions: Vec::new(),
tx_id: 0, tx_id: 0,
givenup: false, givenup: false,
@ -378,6 +380,8 @@ pub unsafe extern "C" fn rs_modbus_state_get_tx_data(
&mut tx.tx_data &mut tx.tx_data
} }
export_state_data_get!(rs_modbus_get_state_data, ModbusState);
#[no_mangle] #[no_mangle]
pub unsafe extern "C" fn rs_modbus_register_parser() { pub unsafe extern "C" fn rs_modbus_register_parser() {
let default_port = std::ffi::CString::new("[502]").unwrap(); let default_port = std::ffi::CString::new("[502]").unwrap();
@ -406,6 +410,7 @@ pub unsafe extern "C" fn rs_modbus_register_parser() {
get_files: None, get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<ModbusState, ModbusTransaction>), get_tx_iterator: Some(applayer::state_get_tx_iterator::<ModbusState, ModbusTransaction>),
get_tx_data: rs_modbus_state_get_tx_data, get_tx_data: rs_modbus_state_get_tx_data,
get_state_data: rs_modbus_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: 0, flags: 0,
truncate: None, truncate: None,

4
rust/src/mqtt/mqtt.rs
Unescape Escape View File

@ -97,6 +97,7 @@ impl Transaction for MQTTTransaction {
} }
pub struct MQTTState { pub struct MQTTState {
state_data: AppLayerStateData,
tx_id: u64, tx_id: u64,
pub protocol_version: u8, pub protocol_version: u8,
transactions: VecDeque<MQTTTransaction>, transactions: VecDeque<MQTTTransaction>,
@ -120,6 +121,7 @@ impl State<MQTTTransaction> for MQTTState {
impl MQTTState { impl MQTTState {
pub fn new() -> Self { pub fn new() -> Self {
Self { Self {
state_data: AppLayerStateData::new(),
tx_id: 0, tx_id: 0,
protocol_version: 0, protocol_version: 0,
transactions: VecDeque::new(), transactions: VecDeque::new(),
@ -722,6 +724,7 @@ pub unsafe extern "C" fn rs_mqtt_tx_set_logged(
const PARSER_NAME: &'static [u8] = b"mqtt\0"; const PARSER_NAME: &'static [u8] = b"mqtt\0";
export_tx_data_get!(rs_mqtt_get_tx_data, MQTTTransaction); export_tx_data_get!(rs_mqtt_get_tx_data, MQTTTransaction);
export_state_data_get!(rs_mqtt_get_state_data, MQTTState);
#[no_mangle] #[no_mangle]
pub unsafe extern "C" fn rs_mqtt_register_parser(cfg_max_msg_len: u32) { pub unsafe extern "C" fn rs_mqtt_register_parser(cfg_max_msg_len: u32) {
@ -753,6 +756,7 @@ pub unsafe extern "C" fn rs_mqtt_register_parser(cfg_max_msg_len: u32) {
get_files: None, get_files: None,
get_tx_iterator: Some(crate::applayer::state_get_tx_iterator::<MQTTState, MQTTTransaction>), get_tx_iterator: Some(crate::applayer::state_get_tx_iterator::<MQTTState, MQTTTransaction>),
get_tx_data: rs_mqtt_get_tx_data, get_tx_data: rs_mqtt_get_tx_data,
get_state_data: rs_mqtt_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS, flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None, truncate: None,

9
rust/src/nfs/nfs.rs
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2017 Open Information Security Foundation /* Copyright (C) 2017-2021 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -281,6 +281,8 @@ pub fn filetracker_newchunk(ft: &mut FileTransferTracker, files: &mut FileContai
#[derive(Debug)] #[derive(Debug)]
pub struct NFSState { pub struct NFSState {
state_data: AppLayerStateData,
/// map xid to procedure so replies can lookup the procedure /// map xid to procedure so replies can lookup the procedure
pub requestmap: HashMap<u32, NFSRequestXidMap>, pub requestmap: HashMap<u32, NFSRequestXidMap>,
@ -338,6 +340,7 @@ impl NFSState {
/// Allocation function for a new TLS parser instance /// Allocation function for a new TLS parser instance
pub fn new() -> NFSState { pub fn new() -> NFSState {
NFSState { NFSState {
state_data: AppLayerStateData::new(),
requestmap:HashMap::new(), requestmap:HashMap::new(),
namemap:HashMap::new(), namemap:HashMap::new(),
transactions: Vec::new(), transactions: Vec::new(),
@ -1686,6 +1689,8 @@ pub unsafe extern "C" fn rs_nfs_get_tx_data(
return &mut tx.tx_data; return &mut tx.tx_data;
} }
export_state_data_get!(rs_nfs_get_state_data, NFSState);
/// return procedure(s) in the tx. At 0 return the main proc, /// return procedure(s) in the tx. At 0 return the main proc,
/// otherwise get procs from the 'file_additional_procs'. /// otherwise get procs from the 'file_additional_procs'.
/// Keep calling until 0 is returned. /// Keep calling until 0 is returned.
@ -1974,6 +1979,7 @@ pub unsafe extern "C" fn rs_nfs_register_parser() {
get_files: Some(rs_nfs_getfiles), get_files: Some(rs_nfs_getfiles),
get_tx_iterator: Some(applayer::state_get_tx_iterator::<NFSState, NFSTransaction>), get_tx_iterator: Some(applayer::state_get_tx_iterator::<NFSState, NFSTransaction>),
get_tx_data: rs_nfs_get_tx_data, get_tx_data: rs_nfs_get_tx_data,
get_state_data: rs_nfs_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS, flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
truncate: None, truncate: None,
@ -2052,6 +2058,7 @@ pub unsafe extern "C" fn rs_nfs_udp_register_parser() {
get_files: Some(rs_nfs_getfiles), get_files: Some(rs_nfs_getfiles),
get_tx_iterator: Some(applayer::state_get_tx_iterator::<NFSState, NFSTransaction>), get_tx_iterator: Some(applayer::state_get_tx_iterator::<NFSState, NFSTransaction>),
get_tx_data: rs_nfs_get_tx_data, get_tx_data: rs_nfs_get_tx_data,
get_state_data: rs_nfs_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS, flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None, truncate: None,

9
rust/src/ntp/ntp.rs
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2017-2020 Open Information Security Foundation /* Copyright (C) 2017-2021 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -36,6 +36,8 @@ pub enum NTPEvent {
} }
pub struct NTPState { pub struct NTPState {
state_data: AppLayerStateData,
/// List of transactions for this session /// List of transactions for this session
transactions: Vec<NTPTransaction>, transactions: Vec<NTPTransaction>,
@ -65,7 +67,8 @@ impl Transaction for NTPTransaction {
impl NTPState { impl NTPState {
pub fn new() -> NTPState { pub fn new() -> NTPState {
NTPState{ NTPState {
state_data: AppLayerStateData::new(),
transactions: Vec::new(), transactions: Vec::new(),
events: 0, events: 0,
tx_id: 0, tx_id: 0,
@ -263,6 +266,7 @@ pub extern "C" fn ntp_probing_parser(_flow: *const Flow,
} }
export_tx_data_get!(rs_ntp_get_tx_data, NTPTransaction); export_tx_data_get!(rs_ntp_get_tx_data, NTPTransaction);
export_state_data_get!(rs_ntp_get_state_data, NTPState);
const PARSER_NAME : &'static [u8] = b"ntp\0"; const PARSER_NAME : &'static [u8] = b"ntp\0";
@ -294,6 +298,7 @@ pub unsafe extern "C" fn rs_register_ntp_parser() {
get_files : None, get_files : None,
get_tx_iterator : Some(applayer::state_get_tx_iterator::<NTPState, NTPTransaction>), get_tx_iterator : Some(applayer::state_get_tx_iterator::<NTPState, NTPTransaction>),
get_tx_data : rs_ntp_get_tx_data, get_tx_data : rs_ntp_get_tx_data,
get_state_data : rs_ntp_get_state_data,
apply_tx_config : None, apply_tx_config : None,
flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS, flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate : None, truncate : None,

4
rust/src/pgsql/pgsql.rs
Unescape Escape View File

@ -119,6 +119,7 @@ pub enum PgsqlStateProgress {
#[derive(Debug)] #[derive(Debug)]
pub struct PgsqlState { pub struct PgsqlState {
state_data: AppLayerStateData,
tx_id: u64, tx_id: u64,
transactions: VecDeque<PgsqlTransaction>, transactions: VecDeque<PgsqlTransaction>,
request_gap: bool, request_gap: bool,
@ -142,6 +143,7 @@ impl State<PgsqlTransaction> for PgsqlState {
impl PgsqlState { impl PgsqlState {
pub fn new() -> Self { pub fn new() -> Self {
Self { Self {
state_data: AppLayerStateData::new(),
tx_id: 0, tx_id: 0,
transactions: VecDeque::new(), transactions: VecDeque::new(),
request_gap: false, request_gap: false,
@ -696,6 +698,7 @@ pub extern "C" fn rs_pgsql_tx_get_alstate_progress(
} }
export_tx_data_get!(rs_pgsql_get_tx_data, PgsqlTransaction); export_tx_data_get!(rs_pgsql_get_tx_data, PgsqlTransaction);
export_state_data_get!(rs_pgsql_get_state_data, PgsqlState);
// Parser name as a C style string. // Parser name as a C style string.
const PARSER_NAME: &'static [u8] = b"pgsql\0"; const PARSER_NAME: &'static [u8] = b"pgsql\0";
@ -731,6 +734,7 @@ pub unsafe extern "C" fn rs_pgsql_register_parser() {
crate::applayer::state_get_tx_iterator::<PgsqlState, PgsqlTransaction>, crate::applayer::state_get_tx_iterator::<PgsqlState, PgsqlTransaction>,
), ),
get_tx_data: rs_pgsql_get_tx_data, get_tx_data: rs_pgsql_get_tx_data,
get_state_data: rs_pgsql_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS, flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
truncate: None, truncate: None,

4
rust/src/quic/quic.rs
Unescape Escape View File

@ -86,6 +86,7 @@ impl QuicTransaction {
} }
pub struct QuicState { pub struct QuicState {
state_data: AppLayerStateData,
max_tx_id: u64, max_tx_id: u64,
keys: Option<QuicKeys>, keys: Option<QuicKeys>,
hello_tc: bool, hello_tc: bool,
@ -96,6 +97,7 @@ pub struct QuicState {
impl Default for QuicState { impl Default for QuicState {
fn default() -> Self { fn default() -> Self {
Self { Self {
state_data: AppLayerStateData::new(),
max_tx_id: 0, max_tx_id: 0,
keys: None, keys: None,
hello_tc: false, hello_tc: false,
@ -441,6 +443,7 @@ pub unsafe extern "C" fn rs_quic_state_get_tx_iterator(
} }
export_tx_data_get!(rs_quic_get_tx_data, QuicTransaction); export_tx_data_get!(rs_quic_get_tx_data, QuicTransaction);
export_state_data_get!(rs_quic_get_state_data, QuicState);
// Parser name as a C style string. // Parser name as a C style string.
const PARSER_NAME: &[u8] = b"quic\0"; const PARSER_NAME: &[u8] = b"quic\0";
@ -473,6 +476,7 @@ pub unsafe extern "C" fn rs_quic_register_parser() {
get_files: None, get_files: None,
get_tx_iterator: Some(rs_quic_state_get_tx_iterator), get_tx_iterator: Some(rs_quic_state_get_tx_iterator),
get_tx_data: rs_quic_get_tx_data, get_tx_data: rs_quic_get_tx_data,
get_state_data: rs_quic_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS, flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None, truncate: None,

4
rust/src/rdp/rdp.rs
Unescape Escape View File

@ -107,6 +107,7 @@ pub extern "C" fn rs_rdp_tx_get_progress(
#[derive(Debug, PartialEq)] #[derive(Debug, PartialEq)]
pub struct RdpState { pub struct RdpState {
state_data: AppLayerStateData,
next_id: u64, next_id: u64,
transactions: VecDeque<RdpTransaction>, transactions: VecDeque<RdpTransaction>,
tls_parsing: bool, tls_parsing: bool,
@ -126,6 +127,7 @@ impl State<RdpTransaction> for RdpState {
impl RdpState { impl RdpState {
fn new() -> Self { fn new() -> Self {
Self { Self {
state_data: AppLayerStateData::new(),
next_id: 0, next_id: 0,
transactions: VecDeque::new(), transactions: VecDeque::new(),
tls_parsing: false, tls_parsing: false,
@ -454,6 +456,7 @@ pub unsafe extern "C" fn rs_rdp_parse_tc(
} }
export_tx_data_get!(rs_rdp_get_tx_data, RdpTransaction); export_tx_data_get!(rs_rdp_get_tx_data, RdpTransaction);
export_state_data_get!(rs_rdp_get_state_data, RdpState);
// //
// registration // registration
@ -489,6 +492,7 @@ pub unsafe extern "C" fn rs_rdp_register_parser() {
get_files: None, get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<RdpState, RdpTransaction>), get_tx_iterator: Some(applayer::state_get_tx_iterator::<RdpState, RdpTransaction>),
get_tx_data: rs_rdp_get_tx_data, get_tx_data: rs_rdp_get_tx_data,
get_state_data: rs_rdp_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS, flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None, truncate: None,

6
rust/src/rfb/rfb.rs
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2020 Open Information Security Foundation /* Copyright (C) 2020-2021 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -78,6 +78,7 @@ impl RFBTransaction {
} }
pub struct RFBState { pub struct RFBState {
state_data: AppLayerStateData,
tx_id: u64, tx_id: u64,
transactions: Vec<RFBTransaction>, transactions: Vec<RFBTransaction>,
state: parser::RFBGlobalState state: parser::RFBGlobalState
@ -97,6 +98,7 @@ impl State<RFBTransaction> for RFBState {
impl RFBState { impl RFBState {
pub fn new() -> Self { pub fn new() -> Self {
Self { Self {
state_data: AppLayerStateData::new(),
tx_id: 0, tx_id: 0,
transactions: Vec::new(), transactions: Vec::new(),
state: parser::RFBGlobalState::TCServerProtocolVersion state: parser::RFBGlobalState::TCServerProtocolVersion
@ -570,6 +572,7 @@ pub unsafe extern "C" fn rs_rfb_tx_get_alstate_progress(
const PARSER_NAME: &'static [u8] = b"rfb\0"; const PARSER_NAME: &'static [u8] = b"rfb\0";
export_tx_data_get!(rs_rfb_get_tx_data, RFBTransaction); export_tx_data_get!(rs_rfb_get_tx_data, RFBTransaction);
export_state_data_get!(rs_rfb_get_state_data, RFBState);
#[no_mangle] #[no_mangle]
pub unsafe extern "C" fn rs_rfb_register_parser() { pub unsafe extern "C" fn rs_rfb_register_parser() {
@ -598,6 +601,7 @@ pub unsafe extern "C" fn rs_rfb_register_parser() {
get_files: None, get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<RFBState, RFBTransaction>), get_tx_iterator: Some(applayer::state_get_tx_iterator::<RFBState, RFBTransaction>),
get_tx_data: rs_rfb_get_tx_data, get_tx_data: rs_rfb_get_tx_data,
get_state_data: rs_rfb_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: 0, flags: 0,
truncate: None, truncate: None,

4
rust/src/sip/sip.rs
Unescape Escape View File

@ -46,6 +46,7 @@ pub enum SIPEvent {
} }
pub struct SIPState { pub struct SIPState {
state_data: AppLayerStateData,
transactions: Vec<SIPTransaction>, transactions: Vec<SIPTransaction>,
tx_id: u64, tx_id: u64,
} }
@ -78,6 +79,7 @@ impl Transaction for SIPTransaction {
impl SIPState { impl SIPState {
pub fn new() -> SIPState { pub fn new() -> SIPState {
SIPState { SIPState {
state_data: AppLayerStateData::new(),
transactions: Vec::new(), transactions: Vec::new(),
tx_id: 0, tx_id: 0,
} }
@ -339,6 +341,7 @@ pub unsafe extern "C" fn rs_sip_parse_response(
} }
export_tx_data_get!(rs_sip_get_tx_data, SIPTransaction); export_tx_data_get!(rs_sip_get_tx_data, SIPTransaction);
export_state_data_get!(rs_sip_get_state_data, SIPState);
const PARSER_NAME: &'static [u8] = b"sip\0"; const PARSER_NAME: &'static [u8] = b"sip\0";
@ -370,6 +373,7 @@ pub unsafe extern "C" fn rs_sip_register_parser() {
get_files: None, get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<SIPState, SIPTransaction>), get_tx_iterator: Some(applayer::state_get_tx_iterator::<SIPState, SIPTransaction>),
get_tx_data: rs_sip_get_tx_data, get_tx_data: rs_sip_get_tx_data,
get_state_data: rs_sip_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS, flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate: None, truncate: None,

6
rust/src/smb/smb.rs
Unescape Escape View File

@ -752,6 +752,8 @@ pub fn u32_as_bytes(i: u32) -> [u8;4] {
#[derive(Default, Debug)] #[derive(Default, Debug)]
pub struct SMBState<> { pub struct SMBState<> {
pub state_data: AppLayerStateData,
/// map ssn/tree/msgid to vec (guid/name/share) /// map ssn/tree/msgid to vec (guid/name/share)
pub ssn2vec_map: HashMap<SMBCommonHdr, Vec<u8>>, pub ssn2vec_map: HashMap<SMBCommonHdr, Vec<u8>>,
/// map guid to filename /// map guid to filename
@ -826,6 +828,7 @@ impl SMBState {
/// Allocation function for a new TLS parser instance /// Allocation function for a new TLS parser instance
pub fn new() -> Self { pub fn new() -> Self {
Self { Self {
state_data:AppLayerStateData::new(),
ssn2vec_map:HashMap::new(), ssn2vec_map:HashMap::new(),
guid2name_map:HashMap::new(), guid2name_map:HashMap::new(),
ssn2vecoffset_map:HashMap::new(), ssn2vecoffset_map:HashMap::new(),
@ -2292,6 +2295,8 @@ pub unsafe extern "C" fn rs_smb_tx_get_alstate_progress(tx: *mut ffi::c_void,
} }
export_state_data_get!(rs_smb_get_state_data, SMBState);
#[no_mangle] #[no_mangle]
pub unsafe extern "C" fn rs_smb_get_tx_data( pub unsafe extern "C" fn rs_smb_get_tx_data(
tx: *mut std::os::raw::c_void) tx: *mut std::os::raw::c_void)
@ -2424,6 +2429,7 @@ pub unsafe extern "C" fn rs_smb_register_parser() {
get_files: Some(rs_smb_getfiles), get_files: Some(rs_smb_getfiles),
get_tx_iterator: Some(applayer::state_get_tx_iterator::<SMBState, SMBTransaction>), get_tx_iterator: Some(applayer::state_get_tx_iterator::<SMBState, SMBTransaction>),
get_tx_data: rs_smb_get_tx_data, get_tx_data: rs_smb_get_tx_data,
get_state_data: rs_smb_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS, flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
truncate: Some(rs_smb_state_truncate), truncate: Some(rs_smb_state_truncate),

7
rust/src/snmp/snmp.rs
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2017-2020 Open Information Security Foundation /* Copyright (C) 2017-2021 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -37,6 +37,8 @@ pub enum SNMPEvent {
} }
pub struct SNMPState<'a> { pub struct SNMPState<'a> {
state_data: AppLayerStateData,
/// SNMP protocol version /// SNMP protocol version
pub version: u32, pub version: u32,
@ -88,6 +90,7 @@ impl<'a> Transaction for SNMPTransaction<'a> {
impl<'a> SNMPState<'a> { impl<'a> SNMPState<'a> {
pub fn new() -> SNMPState<'a> { pub fn new() -> SNMPState<'a> {
SNMPState{ SNMPState{
state_data: AppLayerStateData::new(),
version: 0, version: 0,
transactions: Vec::new(), transactions: Vec::new(),
tx_id: 0, tx_id: 0,
@ -367,6 +370,7 @@ pub unsafe extern "C" fn rs_snmp_probing_parser(_flow: *const Flow,
} }
export_tx_data_get!(rs_snmp_get_tx_data, SNMPTransaction); export_tx_data_get!(rs_snmp_get_tx_data, SNMPTransaction);
export_state_data_get!(rs_snmp_get_state_data, SNMPState);
const PARSER_NAME : &'static [u8] = b"snmp\0"; const PARSER_NAME : &'static [u8] = b"snmp\0";
@ -398,6 +402,7 @@ pub unsafe extern "C" fn rs_register_snmp_parser() {
get_files : None, get_files : None,
get_tx_iterator : Some(applayer::state_get_tx_iterator::<SNMPState, SNMPTransaction>), get_tx_iterator : Some(applayer::state_get_tx_iterator::<SNMPState, SNMPTransaction>),
get_tx_data : rs_snmp_get_tx_data, get_tx_data : rs_snmp_get_tx_data,
get_state_data : rs_snmp_get_state_data,
apply_tx_config : None, apply_tx_config : None,
flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS, flags : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
truncate : None, truncate : None,

4
rust/src/ssh/ssh.rs
Unescape Escape View File

@ -96,12 +96,14 @@ impl SSHTransaction {
} }
pub struct SSHState { pub struct SSHState {
state_data: AppLayerStateData,
transaction: SSHTransaction, transaction: SSHTransaction,
} }
impl SSHState { impl SSHState {
pub fn new() -> Self { pub fn new() -> Self {
Self { Self {
state_data: AppLayerStateData::new(),
transaction: SSHTransaction::new(), transaction: SSHTransaction::new(),
} }
} }
@ -332,6 +334,7 @@ impl SSHState {
// C exports. // C exports.
export_tx_data_get!(rs_ssh_get_tx_data, SSHTransaction); export_tx_data_get!(rs_ssh_get_tx_data, SSHTransaction);
export_state_data_get!(rs_ssh_get_state_data, SSHState);
#[no_mangle] #[no_mangle]
pub extern "C" fn rs_ssh_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void { pub extern "C" fn rs_ssh_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
@ -463,6 +466,7 @@ pub unsafe extern "C" fn rs_ssh_register_parser() {
get_files: None, get_files: None,
get_tx_iterator: None, get_tx_iterator: None,
get_tx_data: rs_ssh_get_tx_data, get_tx_data: rs_ssh_get_tx_data,
get_state_data: rs_ssh_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: 0, flags: 0,
truncate: None, truncate: None,

4
rust/src/telnet/telnet.rs
Unescape Escape View File

@ -66,6 +66,7 @@ pub enum TelnetProtocolState {
} }
pub struct TelnetState { pub struct TelnetState {
state_data: AppLayerStateData,
tx_id: u64, tx_id: u64,
transactions: Vec<TelnetTransaction>, transactions: Vec<TelnetTransaction>,
request_gap: bool, request_gap: bool,
@ -94,6 +95,7 @@ impl State<TelnetTransaction> for TelnetState {
impl TelnetState { impl TelnetState {
pub fn new() -> Self { pub fn new() -> Self {
Self { Self {
state_data: AppLayerStateData::new(),
tx_id: 0, tx_id: 0,
transactions: Vec::new(), transactions: Vec::new(),
request_gap: false, request_gap: false,
@ -518,6 +520,7 @@ pub unsafe extern "C" fn rs_telnet_tx_get_alstate_progress(
} }
export_tx_data_get!(rs_telnet_get_tx_data, TelnetTransaction); export_tx_data_get!(rs_telnet_get_tx_data, TelnetTransaction);
export_state_data_get!(rs_telnet_get_state_data, TelnetState);
// Parser name as a C style string. // Parser name as a C style string.
const PARSER_NAME: &'static [u8] = b"telnet\0"; const PARSER_NAME: &'static [u8] = b"telnet\0";
@ -550,6 +553,7 @@ pub unsafe extern "C" fn rs_telnet_register_parser() {
get_files: None, get_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<TelnetState, TelnetTransaction>), get_tx_iterator: Some(applayer::state_get_tx_iterator::<TelnetState, TelnetTransaction>),
get_tx_data: rs_telnet_get_tx_data, get_tx_data: rs_telnet_get_tx_data,
get_state_data: rs_telnet_get_state_data,
apply_tx_config: None, apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS, flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
truncate: None, truncate: None,

16
rust/src/tftp/tftp.rs
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2017-2020 Open Information Security Foundation /* Copyright (C) 2017-2021 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -24,7 +24,7 @@ use nom7::combinator::map_res;
use nom7::bytes::streaming::{tag, take_while}; use nom7::bytes::streaming::{tag, take_while};
use nom7::number::streaming::be_u8; use nom7::number::streaming::be_u8;
use crate::applayer::AppLayerTxData; use crate::applayer::{AppLayerTxData,AppLayerStateData};
const READREQUEST: u8 = 1; const READREQUEST: u8 = 1;
const WRITEREQUEST: u8 = 2; const WRITEREQUEST: u8 = 2;
@ -42,6 +42,7 @@ pub struct TFTPTransaction {
} }
pub struct TFTPState { pub struct TFTPState {
state_data: AppLayerStateData,
pub transactions : Vec<TFTPTransaction>, pub transactions : Vec<TFTPTransaction>,
/// tx counter for assigning incrementing id's to tx's /// tx counter for assigning incrementing id's to tx's
tx_id: u64, tx_id: u64,
@ -87,7 +88,7 @@ impl TFTPTransaction {
#[no_mangle] #[no_mangle]
pub extern "C" fn rs_tftp_state_alloc() -> *mut std::os::raw::c_void { pub extern "C" fn rs_tftp_state_alloc() -> *mut std::os::raw::c_void {
let state = TFTPState { transactions : Vec::new(), tx_id: 0, }; let state = TFTPState { state_data: AppLayerStateData::new(), transactions : Vec::new(), tx_id: 0, };
let boxed = Box::new(state); let boxed = Box::new(state);
return Box::into_raw(boxed) as *mut _; return Box::into_raw(boxed) as *mut _;
} }
@ -180,6 +181,15 @@ pub unsafe extern "C" fn rs_tftp_get_tx_data(
return &mut tx.tx_data; return &mut tx.tx_data;
} }
#[no_mangle]
pub unsafe extern "C" fn rs_tftp_get_state_data(
state: *mut std::os::raw::c_void)
-> *mut AppLayerStateData
{
let state = cast_pointer!(state, TFTPState);
return &mut state.state_data;
}
#[cfg(test)] #[cfg(test)]
mod test { mod test {
use super::*; use super::*;

7
src/app-layer-dnp3.c
Unescape Escape View File

@ -1543,6 +1543,12 @@ static AppLayerTxData *DNP3GetTxData(void *vtx)
return &tx->tx_data; return &tx->tx_data;
} }
static AppLayerStateData *DNP3GetStateData(void *vstate)
{
DNP3State *state = (DNP3State *)vstate;
return &state->state_data;
}
/** /**
* \brief Check if the prefix code is a size prefix. * \brief Check if the prefix code is a size prefix.
* *
@ -1619,6 +1625,7 @@ void RegisterDNP3Parsers(void)
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_DNP3, AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_DNP3,
DNP3GetTxData); DNP3GetTxData);
AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_DNP3, DNP3GetStateData);
} }
else { else {
SCLogConfig("Parser disabled for protocol %s. " SCLogConfig("Parser disabled for protocol %s. "

1
src/app-layer-dnp3.h
Unescape Escape View File

@ -249,6 +249,7 @@ TAILQ_HEAD(TxListHead, DNP3Transaction_);
* \brief Per flow DNP3 state. * \brief Per flow DNP3 state.
*/ */
typedef struct DNP3State_ { typedef struct DNP3State_ {
AppLayerStateData state_data;
TAILQ_HEAD(, DNP3Transaction_) tx_list; TAILQ_HEAD(, DNP3Transaction_) tx_list;
DNP3Transaction *curr; /**< Current transaction. */ DNP3Transaction *curr; /**< Current transaction. */
uint64_t transaction_max; uint64_t transaction_max;

1
src/app-layer-enip-common.h
Unescape Escape View File

@ -210,6 +210,7 @@ typedef struct ENIPTransaction_
/** \brief Per flow ENIP state container */ /** \brief Per flow ENIP state container */
typedef struct ENIPState_ typedef struct ENIPState_
{ {
AppLayerStateData state_data;
TAILQ_HEAD(, ENIPTransaction_) tx_list; /**< transaction list */ TAILQ_HEAD(, ENIPTransaction_) tx_list; /**< transaction list */
ENIPTransaction *curr; /**< ptr to current tx */ ENIPTransaction *curr; /**< ptr to current tx */
ENIPTransaction *iter; ENIPTransaction *iter;

8
src/app-layer-enip.c
Unescape Escape View File

@ -73,6 +73,12 @@ static AppLayerTxData *ENIPGetTxData(void *vtx)
return &tx->tx_data; return &tx->tx_data;
} }
static AppLayerStateData *ENIPGetStateData(void *vstate)
{
ENIPState *state = (ENIPState *)vstate;
return &state->state_data;
}
static void *ENIPGetTx(void *alstate, uint64_t tx_id) static void *ENIPGetTx(void *alstate, uint64_t tx_id)
{ {
ENIPState *enip = (ENIPState *) alstate; ENIPState *enip = (ENIPState *) alstate;
@ -493,6 +499,7 @@ void RegisterENIPUDPParsers(void)
AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetTx); AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetTxData); AppLayerParserRegisterTxDataFunc(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetTxData);
AppLayerParserRegisterStateDataFunc(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetStateData);
AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetTxCnt); AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_ENIP, ENIPGetTxCnt);
AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_ENIP, ENIPStateTransactionFree); AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_ENIP, ENIPStateTransactionFree);
@ -566,6 +573,7 @@ void RegisterENIPTCPParsers(void)
AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetTx); AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetTxData); AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetTxData);
AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetStateData);
AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetTxCnt); AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_ENIP, ENIPGetTxCnt);
AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_ENIP, ENIPStateTransactionFree); AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_ENIP, ENIPStateTransactionFree);

14
src/app-layer-ftp.c
Unescape Escape View File

@ -999,6 +999,12 @@ static AppLayerTxData *FTPGetTxData(void *vtx)
return &tx->tx_data; return &tx->tx_data;
} }
static AppLayerStateData *FTPGetStateData(void *vstate)
{
FtpState *s = (FtpState *)vstate;
return &s->state_data;
}
static void FTPStateTransactionFree(void *state, uint64_t tx_id) static void FTPStateTransactionFree(void *state, uint64_t tx_id)
{ {
FtpState *ftp_state = state; FtpState *ftp_state = state;
@ -1261,6 +1267,12 @@ static AppLayerTxData *FTPDataGetTxData(void *vtx)
return &ftp_state->tx_data; return &ftp_state->tx_data;
} }
static AppLayerStateData *FTPDataGetStateData(void *vstate)
{
FtpDataState *ftp_state = (FtpDataState *)vstate;
return &ftp_state->state_data;
}
static void FTPDataStateTransactionFree(void *state, uint64_t tx_id) static void FTPDataStateTransactionFree(void *state, uint64_t tx_id)
{ {
/* do nothing */ /* do nothing */
@ -1396,6 +1408,7 @@ void RegisterFTPParsers(void)
AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_FTP, FTPGetTx); AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_FTP, FTPGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_FTP, FTPGetTxData); AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_FTP, FTPGetTxData);
AppLayerParserRegisterGetTxIterator(IPPROTO_TCP, ALPROTO_FTP, FTPGetTxIterator); AppLayerParserRegisterGetTxIterator(IPPROTO_TCP, ALPROTO_FTP, FTPGetTxIterator);
AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_FTP, FTPGetStateData);
AppLayerParserRegisterLocalStorageFunc(IPPROTO_TCP, ALPROTO_FTP, FTPLocalStorageAlloc, AppLayerParserRegisterLocalStorageFunc(IPPROTO_TCP, ALPROTO_FTP, FTPLocalStorageAlloc,
FTPLocalStorageFree); FTPLocalStorageFree);
@ -1419,6 +1432,7 @@ void RegisterFTPParsers(void)
AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_FTPDATA, FTPDataGetTx); AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_FTPDATA, FTPDataGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_FTPDATA, FTPDataGetTxData); AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_FTPDATA, FTPDataGetTxData);
AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_FTPDATA, FTPDataGetStateData);
AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_FTPDATA, FTPDataGetTxCnt); AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_FTPDATA, FTPDataGetTxCnt);

4
src/app-layer-ftp.h
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2020 Open Information Security Foundation /* Copyright (C) 2007-2021 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -187,6 +187,7 @@ typedef struct FtpState_ {
/* specifies which loggers are done logging */ /* specifies which loggers are done logging */
uint32_t logged; uint32_t logged;
AppLayerStateData state_data;
} FtpState; } FtpState;
enum { enum {
@ -205,6 +206,7 @@ typedef struct FtpDataState_ {
uint8_t state; uint8_t state;
uint8_t direction; uint8_t direction;
AppLayerTxData tx_data; AppLayerTxData tx_data;
AppLayerStateData state_data;
} FtpDataState; } FtpDataState;
void RegisterFTPParsers(void); void RegisterFTPParsers(void);

7
src/app-layer-htp.c
Unescape Escape View File

@ -3110,6 +3110,12 @@ static AppLayerTxData *HTPGetTxData(void *vtx)
return NULL; return NULL;
} }
static AppLayerStateData *HTPGetStateData(void *vstate)
{
HtpState *s = vstate;
return &s->state_data;
}
static int HTPRegisterPatternsForProtocolDetection(void) static int HTPRegisterPatternsForProtocolDetection(void)
{ {
const char *methods[] = { "GET", "PUT", "POST", "HEAD", "TRACE", "OPTIONS", const char *methods[] = { "GET", "PUT", "POST", "HEAD", "TRACE", "OPTIONS",
@ -3196,6 +3202,7 @@ void RegisterHTPParsers(void)
AppLayerParserRegisterTruncateFunc(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateTruncate); AppLayerParserRegisterTruncateFunc(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateTruncate);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_HTTP1, HTPGetTxData); AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_HTTP1, HTPGetTxData);
AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_HTTP1, HTPGetStateData);
AppLayerParserRegisterSetStreamDepthFlag( AppLayerParserRegisterSetStreamDepthFlag(
IPPROTO_TCP, ALPROTO_HTTP1, AppLayerHtpSetStreamDepthFlag); IPPROTO_TCP, ALPROTO_HTTP1, AppLayerHtpSetStreamDepthFlag);

1
src/app-layer-htp.h
Unescape Escape View File

@ -264,6 +264,7 @@ typedef struct HtpState_ {
StreamSlice *slice; StreamSlice *slice;
FrameId request_frame_id; FrameId request_frame_id;
FrameId response_frame_id; FrameId response_frame_id;
AppLayerStateData state_data;
} HtpState; } HtpState;
/** part of the engine needs the request body (e.g. http_client_body keyword) */ /** part of the engine needs the request body (e.g. http_client_body keyword) */

2
src/app-layer-nfs-tcp.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2015-2020 Open Information Security Foundation /* Copyright (C) 2015-2021 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free

2
src/app-layer-nfs-udp.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2015-2020 Open Information Security Foundation /* Copyright (C) 2015-2021 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free

26
src/app-layer-parser.c
Unescape Escape View File

@ -125,6 +125,7 @@ typedef struct AppLayerParserProtoCtx_
int (*StateGetEventInfo)(const char *event_name, int (*StateGetEventInfo)(const char *event_name,
int *event_id, AppLayerEventType *event_type); int *event_id, AppLayerEventType *event_type);
AppLayerStateData *(*GetStateData)(void *state);
AppLayerTxData *(*GetTxData)(void *tx); AppLayerTxData *(*GetTxData)(void *tx);
bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig); bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig);
@ -618,6 +619,16 @@ void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto,
SCReturn; SCReturn;
} }
void AppLayerParserRegisterStateDataFunc(
uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state))
{
SCEnter();
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetStateData = GetStateData;
SCReturn;
}
void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto, void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto,
bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig)) bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig))
{ {
@ -1199,6 +1210,17 @@ AppLayerTxData *AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void
SCReturnPtr(d, "AppLayerTxData"); SCReturnPtr(d, "AppLayerTxData");
} }
AppLayerStateData *AppLayerParserGetStateData(uint8_t ipproto, AppProto alproto, void *state)
{
SCEnter();
if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetStateData) {
AppLayerStateData *d =
alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetStateData(state);
SCReturnPtr(d, "AppLayerStateData");
}
SCReturnPtr(NULL, "AppLayerStateData");
}
void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto, void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto,
void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig config) void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig config)
{ {
@ -1593,6 +1615,7 @@ static void ValidateParserProtoDump(AppProto alproto, uint8_t ipproto)
printf("- StateGetTx %p StateGetTxCnt %p StateTransactionFree %p\n", printf("- StateGetTx %p StateGetTxCnt %p StateTransactionFree %p\n",
ctx->StateGetTx, ctx->StateGetTxCnt, ctx->StateTransactionFree); ctx->StateGetTx, ctx->StateGetTxCnt, ctx->StateTransactionFree);
printf("- GetTxData %p\n", ctx->GetTxData); printf("- GetTxData %p\n", ctx->GetTxData);
printf("- GetStateData %p\n", ctx->GetStateData);
printf("- StateGetProgress %p\n", ctx->StateGetProgress); printf("- StateGetProgress %p\n", ctx->StateGetProgress);
printf("Optional:\n"); printf("Optional:\n");
printf("- LocalStorageAlloc %p LocalStorageFree %p\n", ctx->LocalStorageAlloc, ctx->LocalStorageFree); printf("- LocalStorageAlloc %p LocalStorageFree %p\n", ctx->LocalStorageAlloc, ctx->LocalStorageFree);
@ -1632,6 +1655,9 @@ static void ValidateParserProto(AppProto alproto, uint8_t ipproto)
if (ctx->GetTxData == NULL) { if (ctx->GetTxData == NULL) {
goto bad; goto bad;
} }
if (ctx->GetStateData == NULL) {
goto bad;
}
return; return;
bad: bad:
ValidateParserProtoDump(alproto, ipproto); ValidateParserProtoDump(alproto, ipproto);

3
src/app-layer-parser.h
Unescape Escape View File

@ -216,6 +216,8 @@ void AppLayerParserRegisterTxDataFunc(uint8_t ipproto, AppProto alproto,
AppLayerTxData *(*GetTxData)(void *tx)); AppLayerTxData *(*GetTxData)(void *tx));
void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto, void AppLayerParserRegisterApplyTxConfigFunc(uint8_t ipproto, AppProto alproto,
bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig)); bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig));
void AppLayerParserRegisterStateDataFunc(
uint8_t ipproto, AppProto alproto, AppLayerStateData *(*GetStateData)(void *state));
/***** Get and transaction functions *****/ /***** Get and transaction functions *****/
@ -256,6 +258,7 @@ uint8_t AppLayerParserGetFirstDataDir(uint8_t ipproto, AppProto alproto);
int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto); int AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto);
AppLayerTxData *AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx); AppLayerTxData *AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx);
AppLayerStateData *AppLayerParserGetStateData(uint8_t ipproto, AppProto alproto, void *state);
void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto, void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto,
void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig); void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig);

4
src/app-layer-register.c
Unescape Escape View File

@ -165,6 +165,10 @@ int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto)
p->GetTxData); p->GetTxData);
} }
if (p->GetStateData) {
AppLayerParserRegisterStateDataFunc(p->ip_proto, alproto, p->GetStateData);
}
if (p->ApplyTxConfig) { if (p->ApplyTxConfig) {
AppLayerParserRegisterApplyTxConfigFunc(p->ip_proto, alproto, AppLayerParserRegisterApplyTxConfigFunc(p->ip_proto, alproto,
p->ApplyTxConfig); p->ApplyTxConfig);

1
src/app-layer-register.h
Unescape Escape View File

@ -65,6 +65,7 @@ typedef struct AppLayerParser {
const AppProto alproto, void *alstate, uint64_t min_tx_id, const AppProto alproto, void *alstate, uint64_t min_tx_id,
uint64_t max_tx_id, AppLayerGetTxIterState *istate); uint64_t max_tx_id, AppLayerGetTxIterState *istate);
AppLayerStateData *(*GetStateData)(void *state);
AppLayerTxData *(*GetTxData)(void *tx); AppLayerTxData *(*GetTxData)(void *tx);
bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig); bool (*ApplyTxConfig)(void *state, void *tx, int mode, AppLayerTxConfig);

7
src/app-layer-smtp.c
Unescape Escape View File

@ -1738,6 +1738,12 @@ static AppLayerTxData *SMTPGetTxData(void *vtx)
return &tx->tx_data; return &tx->tx_data;
} }
static AppLayerStateData *SMTPGetStateData(void *vstate)
{
SMTPState *state = (SMTPState *)vstate;
return &state->state_data;
}
/** /**
* \brief Register the SMTP Protocol parser. * \brief Register the SMTP Protocol parser.
*/ */
@ -1775,6 +1781,7 @@ void RegisterSMTPParsers(void)
AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateGetTxCnt); AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateGetTxCnt);
AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateGetTx); AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPGetTxData); AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPGetTxData);
AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPGetStateData);
AppLayerParserRegisterStateProgressCompletionStatus(ALPROTO_SMTP, 1, 1); AppLayerParserRegisterStateProgressCompletionStatus(ALPROTO_SMTP, 1, 1);
AppLayerParserRegisterTruncateFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateTruncate); AppLayerParserRegisterTruncateFunc(IPPROTO_TCP, ALPROTO_SMTP, SMTPStateTruncate);
} else { } else {

3
src/app-layer-smtp.h
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation /* Copyright (C) 2007-2021 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -103,6 +103,7 @@ typedef struct SMTPConfig {
} SMTPConfig; } SMTPConfig;
typedef struct SMTPState_ { typedef struct SMTPState_ {
AppLayerStateData state_data;
SMTPTransaction *curr_tx; SMTPTransaction *curr_tx;
TAILQ_HEAD(, SMTPTransaction_) tx_list; /**< transaction list */ TAILQ_HEAD(, SMTPTransaction_) tx_list; /**< transaction list */
uint64_t tx_cnt; uint64_t tx_cnt;

7
src/app-layer-ssl.c
Unescape Escape View File

@ -331,6 +331,12 @@ static AppLayerTxData *SSLGetTxData(void *vtx)
return &ssl_state->tx_data; return &ssl_state->tx_data;
} }
static AppLayerStateData *SSLGetStateData(void *vstate)
{
SSLState *ssl_state = (SSLState *)vstate;
return &ssl_state->state_data;
}
void SSLVersionToString(uint16_t version, char *buffer) void SSLVersionToString(uint16_t version, char *buffer)
{ {
buffer[0] = '\0'; buffer[0] = '\0';
@ -3007,6 +3013,7 @@ void RegisterSSLParsers(void)
AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx); AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_TLS, SSLGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData); AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxData);
AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_TLS, SSLGetStateData);
AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxCnt); AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_TLS, SSLGetTxCnt);

1
src/app-layer-ssl.h
Unescape Escape View File

@ -288,6 +288,7 @@ typedef struct SSLStateConnp_ {
typedef struct SSLState_ { typedef struct SSLState_ {
Flow *f; Flow *f;
AppLayerStateData state_data;
AppLayerTxData tx_data; AppLayerTxData tx_data;
/* holds some state flags we need */ /* holds some state flags we need */

12
src/app-layer-template.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2015-2020 Open Information Security Foundation /* Copyright (C) 2015-2021 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -446,6 +446,15 @@ static AppLayerTxData *TemplateGetTxData(void *vtx)
return &tx->tx_data; return &tx->tx_data;
} }
/**
* \brief retrieve the state data
*/
static AppLayerStateData *TemplateGetStateData(void *vstate)
{
TemplateState *state = vstate;
return &state->state_data;
}
void RegisterTemplateParsers(void) void RegisterTemplateParsers(void)
{ {
const char *proto_name = "template"; const char *proto_name = "template";
@ -523,6 +532,7 @@ void RegisterTemplateParsers(void)
TemplateGetTx); TemplateGetTx);
AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TEMPLATE, AppLayerParserRegisterTxDataFunc(IPPROTO_TCP, ALPROTO_TEMPLATE,
TemplateGetTxData); TemplateGetTxData);
AppLayerParserRegisterStateDataFunc(IPPROTO_TCP, ALPROTO_TEMPLATE, TemplateGetStateData);
AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TEMPLATE, AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_TEMPLATE,
TemplateStateGetEventInfo); TemplateStateGetEventInfo);

3
src/app-layer-template.h
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2015-2018 Open Information Security Foundation /* Copyright (C) 2015-2021 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -52,6 +52,7 @@ typedef struct TemplateTransaction
} TemplateTransaction; } TemplateTransaction;
typedef struct TemplateState { typedef struct TemplateState {
AppLayerStateData state_data;
/** List of Template transactions associated with this /** List of Template transactions associated with this
* state. */ * state. */

3
src/app-layer-tftp.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2017-2020 Open Information Security Foundation /* Copyright (C) 2017-2021 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -234,6 +234,7 @@ void RegisterTFTPParsers(void)
AppLayerParserRegisterTxDataFunc(IPPROTO_UDP, ALPROTO_TFTP, AppLayerParserRegisterTxDataFunc(IPPROTO_UDP, ALPROTO_TFTP,
rs_tftp_get_tx_data); rs_tftp_get_tx_data);
AppLayerParserRegisterStateDataFunc(IPPROTO_UDP, ALPROTO_TFTP, rs_tftp_get_state_data);
} }
else { else {
SCLogDebug("TFTP protocol parsing disabled."); SCLogDebug("TFTP protocol parsing disabled.");

Write Preview
Loading…
Cancel
Save