#include "threadvars.h"#include "decode.h"#include "flow.h"#include "stream-tcp-private.h"#include "stream-tcp-reassemble.h"#include "rust.h"
Go to the source code of this file.
Macros | |
| #define | APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER (~STREAM_TOSERVER & ~STREAM_TOCLIENT) |
| #define | AppLayerProfilingReset(app_tctx) AppLayerProfilingResetInternal(app_tctx) |
| #define | AppLayerProfilingStore(app_tctx, p) AppLayerProfilingStoreInternal(app_tctx, p) |
Functions | |
| int | AppLayerHandleTCPData (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, Packet *p, Flow *f, TcpSession *ssn, TcpStream **stream, uint8_t *data, uint32_t data_len, uint8_t flags, enum StreamUpdateDir dir) |
| Handles reassembled tcp stream. | |
| int | AppLayerHandleUdp (ThreadVars *tv, AppLayerThreadCtx *app_tctx, Packet *p, Flow *f) |
| Handles an udp chunk. | |
| AppProto | AppLayerGetProtoByName (const char *alproto_name) |
| Given a protocol string, returns the corresponding internal protocol id. | |
| const char * | AppLayerGetProtoName (AppProto alproto) |
| Given the internal protocol id, returns a string representation of the protocol. | |
| void | AppLayerListSupportedProtocols (void) |
| int | AppLayerSetup (void) |
| Setup the app layer. | |
| int | AppLayerDeSetup (void) |
| De initializes the app layer. | |
| AppLayerThreadCtx * | AppLayerGetCtxThread (void) |
| Creates a new app layer thread context. | |
| void | AppLayerDestroyCtxThread (AppLayerThreadCtx *tctx) |
| Destroys the context created by AppLayerGetCtxThread(). | |
| void | AppLayerRegisterThreadCounters (ThreadVars *tv) |
| Registers per flow counters for all protocols. | |
| void | AppLayerProfilingResetInternal (AppLayerThreadCtx *app_tctx) |
| void | AppLayerProfilingStoreInternal (AppLayerThreadCtx *app_tctx, Packet *p) |
| void | AppLayerRegisterGlobalCounters (void) |
| HACK to work around our broken unix manager (re)init loop. | |
| void | AppLayerUnittestsRegister (void) |
| void | AppLayerIncTxCounter (ThreadVars *tv, Flow *f, uint64_t step) |
| void | AppLayerIncGapErrorCounter (ThreadVars *tv, Flow *f) |
| void | AppLayerIncAllocErrorCounter (ThreadVars *tv, Flow *f) |
| void | AppLayerIncParserErrorCounter (ThreadVars *tv, Flow *f) |
| void | AppLayerIncInternalErrorCounter (ThreadVars *tv, Flow *f) |
Detailed Description
Application layer handling and protocols implementation
Definition in file app-layer.h.
Macro Definition Documentation
◆ APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER
| #define APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER (~STREAM_TOSERVER & ~STREAM_TOCLIENT) |
Definition at line 40 of file app-layer.h.
◆ AppLayerProfilingReset
| #define AppLayerProfilingReset | ( | app_tctx | ) | AppLayerProfilingResetInternal(app_tctx) |
Definition at line 127 of file app-layer.h.
◆ AppLayerProfilingStore
| #define AppLayerProfilingStore | ( | app_tctx, | |
| p | |||
| ) | AppLayerProfilingStoreInternal(app_tctx, p) |
Definition at line 128 of file app-layer.h.
Function Documentation
◆ AppLayerDeSetup()
| int AppLayerDeSetup | ( | void | ) |
De initializes the app layer.
Includes de initializing protocol detection and the protocol parser.
Definition at line 1095 of file app-layer.c.
References AppLayerDeSetupCounters(), AppLayerParserDeSetup(), AppLayerProtoDetectDeSetup(), FrameConfigDeInit(), SCEnter, and SCReturnInt.
Referenced by GlobalsDestroy().
◆ AppLayerDestroyCtxThread()
| void AppLayerDestroyCtxThread | ( | AppLayerThreadCtx * | tctx | ) |
Destroys the context created by AppLayerGetCtxThread().
- Parameters
-
tctx Pointer to the thread context to destroy.
Definition at line 1129 of file app-layer.c.
References AppLayerThreadCtx_::alp_tctx, AppLayerThreadCtx_::alpd_tctx, AppLayerParserThreadCtxFree(), AppLayerProtoDetectDestroyCtxThread(), SCEnter, SCFree, and SCReturn.
Referenced by AppLayerGetCtxThread(), DecodeThreadVarsFree(), and StreamTcpReassembleFreeThreadCtx().
◆ AppLayerGetCtxThread()
| AppLayerThreadCtx * AppLayerGetCtxThread | ( | void | ) |
Creates a new app layer thread context.
- Return values
-
Pointer to the newly create thread context, on success; NULL, on failure.
Definition at line 1108 of file app-layer.c.
References AppLayerThreadCtx_::alp_tctx, AppLayerThreadCtx_::alpd_tctx, AppLayerDestroyCtxThread(), AppLayerParserThreadCtxAlloc(), AppLayerProtoDetectGetCtxThread(), SCCalloc, SCEnter, and SCReturnPtr.
Referenced by DecodeThreadVarsAlloc(), and StreamTcpReassembleInitThreadCtx().
◆ AppLayerGetProtoByName()
| AppProto AppLayerGetProtoByName | ( | const char * | alproto_name | ) |
Given a protocol string, returns the corresponding internal protocol id.
- Parameters
-
The internal protocol id.
Definition at line 1002 of file app-layer.c.
References AppLayerProtoDetectGetProtoByName(), SCEnter, and SCReturnCT.
◆ AppLayerGetProtoName()
| const char * AppLayerGetProtoName | ( | AppProto | alproto | ) |
Given the internal protocol id, returns a string representation of the protocol.
- Parameters
-
alproto The internal protocol id.
- Return values
-
String representation of the protocol.
Definition at line 1009 of file app-layer.c.
References AppLayerProtoDetectGetProtoName(), SCEnter, and SCReturnCT.
Referenced by AppLayerListSupportedProtocols(), AppLayerParserParse(), and AppLayerSetupCounters().
◆ AppLayerHandleTCPData()
| int AppLayerHandleTCPData | ( | ThreadVars * | tv, |
| TcpReassemblyThreadCtx * | ra_ctx, | ||
| Packet * | p, | ||
| Flow * | f, | ||
| TcpSession * | ssn, | ||
| TcpStream ** | stream, | ||
| uint8_t * | data, | ||
| uint32_t | data_len, | ||
| uint8_t | flags, | ||
| enum StreamUpdateDir | app_update_dir | ||
| ) |
Handles reassembled tcp stream.
Handles reassembled tcp stream.
First run protocol detection and then when the protocol is known invoke the app layer parser.
- Parameters
-
stream ptr-to-ptr to stream object. Might change if flow dir is reversed.
Definition at line 711 of file app-layer.c.
References AppLayerThreadCtx_::alp_tctx, Flow_::alparser, Flow_::alproto, Flow_::alproto_expect, Flow_::alproto_orig, Flow_::alproto_tc, ALPROTO_TLS, Flow_::alproto_ts, ALPROTO_UNKNOWN, Flow_::alstate, Packet_::app_layer_events, TcpReassemblyThreadCtx_::app_tctx, Packet_::app_update_direction, APPLAYER_NO_TLS_AFTER_STARTTLS, APPLAYER_UNEXPECTED_PROTOCOL, AppLayerDecoderEventsSetEventRaw(), AppLayerParserParse(), AppLayerParserStateProtoCleanup(), AppLayerProtoDetectReset(), AppProtoToString(), TcpSession_::client, DEBUG_ASSERT_FLOW_LOCKED, DEBUG_VALIDATE_BUG_ON, ExceptionPolicyApply(), flags, TcpSession_::flags, FlowChangeProto(), FlowUnsetChangeProtoFlag(), g_applayerparser_error_policy, PACKET_PROFILING_APP_END, PACKET_PROFILING_APP_START, PKT_DROP_REASON_APPLAYER_ERROR, PrintRawDataFp(), Flow_::protomap, SCEnter, SCLogDebug, SCReturnInt, TcpSession_::server, STREAMTCP_FLAG_APP_LAYER_DISABLED, StreamTcpResetStreamFlagAppProtoDetectionCompleted, StreamTcpSetStreamFlagAppProtoDetectionCompleted, StreamTcpUpdateAppLayerProgress(), and tv.
Referenced by StreamTcpReassembleAppLayer().
◆ AppLayerHandleUdp()
| int AppLayerHandleUdp | ( | ThreadVars * | tv, |
| AppLayerThreadCtx * | tctx, | ||
| Packet * | p, | ||
| Flow * | f | ||
| ) |
Handles an udp chunk.
Handles an udp chunk.
If the protocol is yet unknown, the proto detection code is run first.
- Parameters
-
dp_ctx Thread app layer detect context f locked flow p UDP packet
- Return values
-
0 ok -1 error
Definition at line 878 of file app-layer.c.
References AppLayerThreadCtx_::alp_tctx, AppLayerThreadCtx_::alpd_tctx, Flow_::alproto, ALPROTO_FAILED, Flow_::alproto_tc, Flow_::alproto_ts, ALPROTO_UNKNOWN, Packet_::app_layer_events, Packet_::app_update_direction, APPLAYER_MISMATCH_PROTOCOL_BOTH_DIRECTIONS, AppLayerDecoderEventsSetEventRaw(), AppLayerParserParse(), AppLayerProfilingReset, AppLayerProtoDetectGetProto(), ExceptionPolicyApply(), flags, FLOW_PKT_TOSERVER, Packet_::flowflags, FlowSwap(), g_applayerparser_error_policy, PACKET_PROFILING_APP_END, PACKET_PROFILING_APP_PD_END, PACKET_PROFILING_APP_PD_START, PACKET_PROFILING_APP_START, PACKET_PROFILING_APP_STORE, PacketSwap(), Packet_::payload, Packet_::payload_len, PKT_DROP_REASON_APPLAYER_ERROR, SCEnter, SCLogDebug, SCReturnInt, SWAP_FLAGS, tv, and UPDATE_DIR_PACKET.
◆ AppLayerIncAllocErrorCounter()
| void AppLayerIncAllocErrorCounter | ( | ThreadVars * | tv, |
| Flow * | f | ||
| ) |
Definition at line 171 of file app-layer.c.
References AppLayerCounters_::alloc_error_id, Flow_::alproto, applayer_counters, likely, Flow_::protomap, StatsIncr(), and tv.
Referenced by AppLayerParserParse().
◆ AppLayerIncGapErrorCounter()
| void AppLayerIncGapErrorCounter | ( | ThreadVars * | tv, |
| Flow * | f | ||
| ) |
Definition at line 163 of file app-layer.c.
References Flow_::alproto, applayer_counters, AppLayerCounters_::gap_error_id, likely, Flow_::protomap, StatsIncr(), and tv.
Referenced by AppLayerParserParse().
◆ AppLayerIncInternalErrorCounter()
| void AppLayerIncInternalErrorCounter | ( | ThreadVars * | tv, |
| Flow * | f | ||
| ) |
Definition at line 187 of file app-layer.c.
References Flow_::alproto, applayer_counters, AppLayerCounters_::internal_error_id, likely, Flow_::protomap, StatsIncr(), and tv.
Referenced by AppLayerParserParse().
◆ AppLayerIncParserErrorCounter()
| void AppLayerIncParserErrorCounter | ( | ThreadVars * | tv, |
| Flow * | f | ||
| ) |
Definition at line 179 of file app-layer.c.
References Flow_::alproto, applayer_counters, likely, AppLayerCounters_::parser_error_id, Flow_::protomap, StatsIncr(), and tv.
Referenced by AppLayerParserParse().
◆ AppLayerIncTxCounter()
| void AppLayerIncTxCounter | ( | ThreadVars * | tv, |
| Flow * | f, | ||
| uint64_t | step | ||
| ) |
Definition at line 155 of file app-layer.c.
References Flow_::alproto, applayer_counters, AppLayerCounters_::counter_tx_id, likely, Flow_::protomap, StatsAddUI64(), and tv.
Referenced by AppLayerParserParse().
◆ AppLayerListSupportedProtocols()
| void AppLayerListSupportedProtocols | ( | void | ) |
Definition at line 1016 of file app-layer.c.
References AppLayerGetProtoName(), AppLayerProtoDetectSupportedAppProtocols(), g_alproto_max, SCEnter, and SCReturn.
Referenced by ListAppLayerProtocols().
◆ AppLayerProfilingResetInternal()
| void AppLayerProfilingResetInternal | ( | AppLayerThreadCtx * | app_tctx | ) |
Definition at line 1146 of file app-layer.c.
References PACKET_PROFILING_APP_RESET.
◆ AppLayerProfilingStoreInternal()
| void AppLayerProfilingStoreInternal | ( | AppLayerThreadCtx * | app_tctx, |
| Packet * | p | ||
| ) |
Definition at line 1151 of file app-layer.c.
References PACKET_PROFILING_APP_STORE.
◆ AppLayerRegisterGlobalCounters()
| void AppLayerRegisterGlobalCounters | ( | void | ) |
HACK to work around our broken unix manager (re)init loop.
Definition at line 1159 of file app-layer.c.
References ExpectationGetCounter(), FTPMemcapGlobalCounter(), FTPMemuseGlobalCounter(), HostGetMemcap(), HostGetMemuse(), HTPByteRangeMemcapGlobalCounter(), HTPByteRangeMemuseGlobalCounter(), HTPMemcapGlobalCounter(), HTPMemuseGlobalCounter(), IPPairGetMemuse(), and StatsRegisterGlobalCounter().
Referenced by PreRunInit().
◆ AppLayerRegisterThreadCounters()
| void AppLayerRegisterThreadCounters | ( | ThreadVars * | tv | ) |
Registers per flow counters for all protocols.
Definition at line 1307 of file app-layer.c.
References AppLayerCounters_::alloc_error_id, ALPROTO_FAILED, app_layer_error_eps_stats, applayer_counter_names, applayer_counters, AppLayerProtoDetectSupportedAppProtocols(), AppLayerCounters_::counter_id, AppLayerCounters_::counter_tx_id, AppLayerCounters_::eps_error, eps_error_summary, ExceptionPolicyCounters_::eps_id, ExceptionPolicyStatsSetts_::eps_name, EXCEPTION_POLICY_MAX, EXCEPTION_POLICY_NOT_SET, FLOW_PROTO_APPLAYER_MAX, FlowGetProtoMapping(), g_alproto_max, g_applayerparser_error_policy, g_stats_eps_per_app_proto_errors, AppLayerCounters_::gap_error_id, AppLayerCounters_::internal_error_id, name, AppLayerCounters_::parser_error_id, StatsRegisterCounter(), and tv.
◆ AppLayerSetup()
| int AppLayerSetup | ( | void | ) |
Setup the app layer.
Includes protocol detection setup and the protocol parser setup.
- Return values
-
0 On success. -1 On failure.
Definition at line 1078 of file app-layer.c.
References AppLayerParserRegisterProtocolParsers(), AppLayerParserSetup(), AppLayerProtoDetectPrepareState(), AppLayerProtoDetectSetup(), AppLayerSetupCounters(), FrameConfigInit(), SCEnter, and SCReturnInt.
Referenced by ListAppLayerHooks(), ListAppLayerProtocols(), ListKeywords(), LLVMFuzzerTestOneInput(), PostConfLoadedSetup(), and RunUnittests().
◆ AppLayerUnittestsRegister()
| void AppLayerUnittestsRegister | ( | void | ) |
Definition at line 2891 of file app-layer.c.
References SCEnter, SCReturn, and UtRegisterTest().
