suricata.8.0.0/app-layer-frames_8h_source.html

/* Copyright (C) 2021 Open Information Security Foundation

 *

 * You can copy, redistribute or modify this Program under the terms of

 * the GNU General Public License version 2 as published by the Free

 * Software Foundation.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * version 2 along with this program; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

 * 02110-1301, USA.

 */


/**

 * \file

 *

 * \author Victor Julien <victor@inliniac.net>

 */


#ifndef SURICATA_APP_LAYER_FRAMES_H

#define SURICATA_APP_LAYER_FRAMES_H


#include "rust.h"


/** special value for matching any type */

#define FRAME_ANY_TYPE 62

/** max 63 to fit the 64 bit per protocol space */

#define FRAME_STREAM_TYPE 63


typedef int64_t FrameId;


enum {

    FRAME_FLAGE_TX_ID_SET,

#define FRAME_FLAG_TX_ID_SET BIT_U8(FRAME_FLAGE_TX_ID_SET)

    FRAME_FLAGE_ENDS_AT_EOF,

#define FRAME_FLAG_ENDS_AT_EOF BIT_U8(FRAME_FLAGE_ENDS_AT_EOF)

    FRAME_FLAGE_LOGGED,

#define FRAME_FLAG_LOGGED BIT_U8(FRAME_FLAGE_LOGGED)

};


typedef struct Frame {

    uint8_t type;  /**< protocol specific field type. E.g. NBSS.HDR or SMB.DATA */

    uint8_t flags; /**< frame flags: FRAME_FLAG_* */

    uint8_t event_cnt;

    // TODO one event per frame enough?

    uint8_t events[4];  /**< per frame store for events */

    uint64_t offset;    /**< offset from the start of the stream */

    int64_t len;

    int64_t id;

    uint64_t tx_id; /**< tx_id to match this frame. UINT64T_MAX if not used. */

    uint64_t inspect_progress; /**< inspection tracker relative to the start of the frame */

} Frame;


#define FRAMES_STATIC_CNT 3


typedef struct Frames {

    uint16_t cnt;

    uint16_t dyn_size;     /**< size in elements of `dframes` */

    uint32_t left_edge_rel;

    uint64_t base_id;

    Frame sframes[FRAMES_STATIC_CNT]; /**< static frames */

    Frame *dframes;                   /**< dynamically allocated space for more frames */

#ifdef DEBUG

    uint8_t ipproto;

    AppProto alproto;

#endif

} Frames;


typedef struct FramesContainer {

    Frames toserver;

    Frames toclient;

} FramesContainer;


void FramesFree(Frames *frames);

void FramesPrune(Flow *f, Packet *p);


Frame *AppLayerFrameNewByPointer(Flow *f, const StreamSlice *stream_slice,

        const uint8_t *frame_start, const int64_t len, int dir, uint8_t frame_type);

Frame *AppLayerFrameNewByRelativeOffset(Flow *f, const StreamSlice *stream_slice,

        const uint32_t frame_start_rel, const int64_t len, int dir, uint8_t frame_type);

Frame *AppLayerFrameNewByAbsoluteOffset(Flow *f, const StreamSlice *stream_slice,

        const uint64_t frame_start, const int64_t len, int dir, uint8_t frame_type);

void AppLayerFrameDump(Flow *f);


Frame *FrameGetByIndex(Frames *frames, const uint32_t idx);

Frame *FrameGetById(Frames *frames, const int64_t id);

Frame *FrameGetLastOpenByType(Frames *frames, const uint8_t frame_type);


Frame *AppLayerFrameGetById(Flow *f, const int direction, const FrameId frame_id);

Frame *AppLayerFrameGetLastOpenByType(Flow *f, const int direction, const uint8_t frame_type);


FrameId AppLayerFrameGetId(Frame *r);


void AppLayerFrameAddEvent(Frame *frame, uint8_t e);

void AppLayerFrameAddEventById(Flow *f, const int dir, const FrameId id, uint8_t e);

void AppLayerFrameSetLength(Frame *frame, int64_t len);

void AppLayerFrameSetLengthById(Flow *f, const int dir, const FrameId id, int64_t len);

void AppLayerFrameSetTxId(Frame *r, uint64_t tx_id);

void AppLayerFrameSetTxIdById(Flow *f, const int dir, const FrameId id, uint64_t tx_id);


void AppLayerFramesSlide(Flow *f, const uint32_t slide, const uint8_t direction);


FramesContainer *AppLayerFramesGetContainer(Flow *f);

FramesContainer *AppLayerFramesSetupContainer(Flow *f);


void FrameConfigInit(void);

void FrameConfigDeInit(void);

void FrameConfigEnableAll(void);

void FrameConfigEnable(const AppProto p, const uint8_t type);


#endif

len
uint8_t len
Definition app-layer-dnp3.h:2

AppLayerFrameSetLength
void AppLayerFrameSetLength(Frame *frame, int64_t len)
Definition app-layer-frames.c:671

AppLayerFrameAddEvent
void AppLayerFrameAddEvent(Frame *frame, uint8_t e)
Definition app-layer-frames.c:646

AppLayerFramesSetupContainer
FramesContainer * AppLayerFramesSetupContainer(Flow *f)
Definition app-layer-parser.c:191

FrameGetById
Frame * FrameGetById(Frames *frames, const int64_t id)
Definition app-layer-frames.c:124

FrameConfigEnable
void FrameConfigEnable(const AppProto p, const uint8_t type)
Definition app-layer-frames.c:64

AppLayerFrameSetTxId
void AppLayerFrameSetTxId(Frame *r, uint64_t tx_id)
Definition app-layer-frames.c:685

AppLayerFrameNewByAbsoluteOffset
Frame * AppLayerFrameNewByAbsoluteOffset(Flow *f, const StreamSlice *stream_slice, const uint64_t frame_start, const int64_t len, int dir, uint8_t frame_type)
create new frame using the absolute offset from the start of the stream
Definition app-layer-frames.c:604

AppLayerFrameSetTxIdById
void AppLayerFrameSetTxIdById(Flow *f, const int dir, const FrameId id, uint64_t tx_id)
Definition app-layer-frames.c:694

AppLayerFramesSlide
void AppLayerFramesSlide(Flow *f, const uint32_t slide, const uint8_t direction)
Definition app-layer-frames.c:408

FrameId
int64_t FrameId
Definition app-layer-frames.h:34

AppLayerFrameSetLengthById
void AppLayerFrameSetLengthById(Flow *f, const int dir, const FrameId id, int64_t len)
Definition app-layer-frames.c:679

AppLayerFramesGetContainer
FramesContainer * AppLayerFramesGetContainer(Flow *f)
Definition app-layer-parser.c:184

AppLayerFrameDump
void AppLayerFrameDump(Flow *f)
Definition app-layer-frames.c:589

AppLayerFrameNewByPointer
Frame * AppLayerFrameNewByPointer(Flow *f, const StreamSlice *stream_slice, const uint8_t *frame_start, const int64_t len, int dir, uint8_t frame_type)
create new frame using a pointer to start of the frame
Definition app-layer-frames.c:463

AppLayerFrameGetLastOpenByType
Frame * AppLayerFrameGetLastOpenByType(Flow *f, const int direction, const uint8_t frame_type)
Definition app-layer-frames.c:718

FramesPrune
void FramesPrune(Flow *f, Packet *p)
Definition app-layer-frames.c:840

AppLayerFrameNewByRelativeOffset
Frame * AppLayerFrameNewByRelativeOffset(Flow *f, const StreamSlice *stream_slice, const uint32_t frame_start_rel, const int64_t len, int dir, uint8_t frame_type)
create new frame using a relative offset from the start of the stream slice
Definition app-layer-frames.c:542

FRAMES_STATIC_CNT
#define FRAMES_STATIC_CNT
Definition app-layer-frames.h:58

AppLayerFrameGetId
FrameId AppLayerFrameGetId(Frame *r)
Definition app-layer-frames.c:662

AppLayerFrameAddEventById
void AppLayerFrameAddEventById(Flow *f, const int dir, const FrameId id, uint8_t e)
Definition app-layer-frames.c:656

AppLayerFrameGetById
Frame * AppLayerFrameGetById(Flow *f, const int direction, const FrameId frame_id)
Definition app-layer-frames.c:700

FrameConfigEnableAll
void FrameConfigEnableAll(void)
Definition app-layer-frames.c:55

FrameConfigDeInit
void FrameConfigDeInit(void)
Definition app-layer-frames.c:50

FRAME_FLAGE_ENDS_AT_EOF
@ FRAME_FLAGE_ENDS_AT_EOF
Definition app-layer-frames.h:39

FRAME_FLAGE_TX_ID_SET
@ FRAME_FLAGE_TX_ID_SET
Definition app-layer-frames.h:37

FRAME_FLAGE_LOGGED
@ FRAME_FLAGE_LOGGED
Definition app-layer-frames.h:41

FrameConfigInit
void FrameConfigInit(void)
Definition app-layer-frames.c:39

FrameGetLastOpenByType
Frame * FrameGetLastOpenByType(Frames *frames, const uint8_t frame_type)
Definition app-layer-frames.c:101

FramesFree
void FramesFree(Frames *frames)
Definition app-layer-frames.c:453

FrameGetByIndex
Frame * FrameGetByIndex(Frames *frames, const uint32_t idx)
Definition app-layer-frames.c:144

StreamSlice
struct StreamSlice StreamSlice
Definition app-layer-parser.h:38

AppProto
uint16_t AppProto
Definition app-layer-protos.h:86

type
uint16_t type
Definition decode-vlan.c:106

rust.h

Flow_
Flow data structure.
Definition flow.h:356

Frame
Definition app-layer-frames.h:45

Frame::event_cnt
uint8_t event_cnt
Definition app-layer-frames.h:48

Frame::id
int64_t id
Definition app-layer-frames.h:53

Frame::tx_id
uint64_t tx_id
Definition app-layer-frames.h:54

Frame::type
uint8_t type
Definition app-layer-frames.h:46

Frame::len
int64_t len
Definition app-layer-frames.h:52

Frame::events
uint8_t events[4]
Definition app-layer-frames.h:50

Frame::offset
uint64_t offset
Definition app-layer-frames.h:51

Frame::flags
uint8_t flags
Definition app-layer-frames.h:47

Frame::inspect_progress
uint64_t inspect_progress
Definition app-layer-frames.h:55

FramesContainer
Definition app-layer-frames.h:73

FramesContainer::toserver
Frames toserver
Definition app-layer-frames.h:74

FramesContainer::toclient
Frames toclient
Definition app-layer-frames.h:75

Frames
Definition app-layer-frames.h:60

Frames::cnt
uint16_t cnt
Definition app-layer-frames.h:61

Frames::base_id
uint64_t base_id
Definition app-layer-frames.h:64

Frames::dframes
Frame * dframes
Definition app-layer-frames.h:66

Frames::left_edge_rel
uint32_t left_edge_rel
Definition app-layer-frames.h:63

Frames::dyn_size
uint16_t dyn_size
Definition app-layer-frames.h:62

Frames::sframes
Frame sframes[FRAMES_STATIC_CNT]
Definition app-layer-frames.h:65

Packet_
Definition decode.h:501