diff --git a/rust/src/applayertemplate/template.rs b/rust/src/applayertemplate/template.rs index b0fc89bf97..6312316413 100644 --- a/rust/src/applayertemplate/template.rs +++ b/rust/src/applayertemplate/template.rs @@ -416,14 +416,10 @@ pub extern "C" fn rs_template_tx_set_logged( #[no_mangle] pub extern "C" fn rs_template_state_get_events( - state: *mut libc::c_void, - tx_id: u64, + tx: *mut libc::c_void ) -> *mut core::AppLayerDecoderEvents { - let state = cast_pointer!(state, TemplateState); - match state.get_tx(tx_id) { - Some(tx) => tx.events, - _ => std::ptr::null_mut(), - } + let tx = cast_pointer!(tx, TemplateTransaction); + return tx.events; } #[no_mangle] diff --git a/rust/src/dhcp/dhcp.rs b/rust/src/dhcp/dhcp.rs index 13441e5021..4ac17c1624 100644 --- a/rust/src/dhcp/dhcp.rs +++ b/rust/src/dhcp/dhcp.rs @@ -328,15 +328,11 @@ pub extern "C" fn rs_dhcp_tx_set_logged(_state: *mut libc::c_void, } #[no_mangle] -pub extern "C" fn rs_dhcp_state_get_events(state: *mut libc::c_void, - tx_id: u64) +pub extern "C" fn rs_dhcp_state_get_events(tx: *mut libc::c_void) -> *mut core::AppLayerDecoderEvents { - let state = cast_pointer!(state, DHCPState); - match state.get_tx(tx_id) { - Some(tx) => tx.events, - _ => std::ptr::null_mut(), - } + let tx = cast_pointer!(tx, DHCPTransaction); + return tx.events; } #[no_mangle] diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 67f6ceb8fd..20dea35ba7 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -745,18 +745,11 @@ pub extern "C" fn rs_dns_state_get_tx_detect_state( } #[no_mangle] -pub extern "C" fn rs_dns_state_get_events(state: &mut DNSState, - tx_id: u64) +pub extern "C" fn rs_dns_state_get_events(tx: *mut libc::c_void) -> *mut core::AppLayerDecoderEvents { - match state.get_tx(tx_id) { - Some(tx) => { - return tx.events; - } - _ => { - return std::ptr::null_mut(); - } - } + let tx = cast_pointer!(tx, DNSTransaction); + return tx.events; } #[no_mangle] diff --git a/rust/src/ikev2/ikev2.rs b/rust/src/ikev2/ikev2.rs index c8b8b3d2e8..00ffdb8851 100644 --- a/rust/src/ikev2/ikev2.rs +++ b/rust/src/ikev2/ikev2.rs @@ -571,15 +571,11 @@ pub extern "C" fn rs_ikev2_state_get_tx_detect_state( #[no_mangle] -pub extern "C" fn rs_ikev2_state_get_events(state: *mut libc::c_void, - tx_id: u64) +pub extern "C" fn rs_ikev2_state_get_events(tx: *mut libc::c_void) -> *mut core::AppLayerDecoderEvents { - let state = cast_pointer!(state,IKEV2State); - match state.get_tx_by_id(tx_id) { - Some(tx) => tx.events, - _ => std::ptr::null_mut(), - } + let tx = cast_pointer!(tx, IKEV2Transaction); + return tx.events; } #[no_mangle] diff --git a/rust/src/krb/krb5.rs b/rust/src/krb/krb5.rs index ed551497bb..d408949e24 100644 --- a/rust/src/krb/krb5.rs +++ b/rust/src/krb/krb5.rs @@ -367,15 +367,11 @@ pub extern "C" fn rs_krb5_state_get_tx_detect_state( #[no_mangle] -pub extern "C" fn rs_krb5_state_get_events(state: *mut libc::c_void, - tx_id: u64) +pub extern "C" fn rs_krb5_state_get_events(tx: *mut libc::c_void) -> *mut core::AppLayerDecoderEvents { - let state = cast_pointer!(state,KRB5State); - match state.get_tx_by_id(tx_id) { - Some(tx) => tx.events, - _ => std::ptr::null_mut(), - } + let tx = cast_pointer!(tx, KRB5Transaction); + return tx.events; } #[no_mangle] diff --git a/rust/src/nfs/nfs.rs b/rust/src/nfs/nfs.rs index 2edae59305..fdea7008fb 100644 --- a/rust/src/nfs/nfs.rs +++ b/rust/src/nfs/nfs.rs @@ -1589,18 +1589,11 @@ pub extern "C" fn rs_nfs_tx_get_detect_flags( } #[no_mangle] -pub extern "C" fn rs_nfs_state_get_events(state: &mut NFSState, - tx_id: u64) +pub extern "C" fn rs_nfs_state_get_events(tx: *mut libc::c_void) -> *mut AppLayerDecoderEvents { - match state.get_tx_by_id(tx_id) { - Some(tx) => { - return tx.events; - } - _ => { - return std::ptr::null_mut(); - } - } + let tx = cast_pointer!(tx, NFSTransaction); + return tx.events; } #[no_mangle] diff --git a/rust/src/ntp/ntp.rs b/rust/src/ntp/ntp.rs index 7b681b7b87..2af9e288bd 100644 --- a/rust/src/ntp/ntp.rs +++ b/rust/src/ntp/ntp.rs @@ -304,15 +304,11 @@ pub extern "C" fn rs_ntp_state_get_tx_detect_state( #[no_mangle] -pub extern "C" fn rs_ntp_state_get_events(state: *mut libc::c_void, - tx_id: u64) +pub extern "C" fn rs_ntp_state_get_events(tx: *mut libc::c_void) -> *mut core::AppLayerDecoderEvents { - let state = cast_pointer!(state,NTPState); - match state.get_tx_by_id(tx_id) { - Some(tx) => tx.events, - _ => std::ptr::null_mut(), - } + let tx = cast_pointer!(tx, NTPTransaction); + return tx.events; } #[no_mangle] diff --git a/rust/src/parser.rs b/rust/src/parser.rs index e304dead23..6a760323dc 100644 --- a/rust/src/parser.rs +++ b/rust/src/parser.rs @@ -137,7 +137,7 @@ pub type StateGetProgressFn = extern "C" fn (*mut c_void, u8) -> c_int; pub type GetDetectStateFn = extern "C" fn (*mut c_void) -> *mut DetectEngineState; pub type SetDetectStateFn = extern "C" fn (*mut c_void, &mut DetectEngineState) -> c_int; pub type GetEventInfoFn = extern "C" fn (*const c_char, *mut c_int, *mut AppLayerEventType) -> c_int; -pub type GetEventsFn = extern "C" fn (*mut c_void, u64) -> *mut AppLayerDecoderEvents; +pub type GetEventsFn = extern "C" fn (*mut c_void) -> *mut AppLayerDecoderEvents; pub type GetTxLoggedFn = extern "C" fn (*mut c_void, *mut c_void) -> u32; pub type SetTxLoggedFn = extern "C" fn (*mut c_void, *mut c_void, u32); pub type LocalStorageNewFn = extern "C" fn () -> *mut c_void; diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index 35239d6174..ad3dd4ee91 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -2104,18 +2104,11 @@ pub extern "C" fn rs_smb_state_truncate( } #[no_mangle] -pub extern "C" fn rs_smb_state_get_events(state: &mut SMBState, - tx_id: u64) +pub extern "C" fn rs_smb_state_get_events(tx: *mut libc::c_void) -> *mut AppLayerDecoderEvents { - match state.get_tx_by_id(tx_id) { - Some(tx) => { - return tx.events; - } - _ => { - return std::ptr::null_mut(); - } - } + let tx = cast_pointer!(tx, SMBTransaction); + return tx.events; } #[no_mangle] diff --git a/src/app-layer-dnp3.c b/src/app-layer-dnp3.c index b1cf55f4d4..74997ed957 100644 --- a/src/app-layer-dnp3.c +++ b/src/app-layer-dnp3.c @@ -1309,23 +1309,9 @@ error: SCReturnInt(-1); } -static AppLayerDecoderEvents *DNP3GetEvents(void *state, uint64_t tx_id) +static AppLayerDecoderEvents *DNP3GetEvents(void *tx) { - DNP3State *dnp3 = state; - DNP3Transaction *tx; - uint64_t tx_num = tx_id + 1; - - if (dnp3->curr && dnp3->curr->tx_num == tx_num) { - return dnp3->curr->decoder_events; - } - - TAILQ_FOREACH(tx, &dnp3->tx_list, next) { - if (tx->tx_num == tx_num) { - return tx->decoder_events; - } - } - - return NULL; + return ((DNP3Transaction *) tx)->decoder_events; } static void *DNP3GetTx(void *alstate, uint64_t tx_id) diff --git a/src/app-layer-dns-tcp-rust.c b/src/app-layer-dns-tcp-rust.c index 85e4c61a30..a402e7ccc6 100644 --- a/src/app-layer-dns-tcp-rust.c +++ b/src/app-layer-dns-tcp-rust.c @@ -110,9 +110,9 @@ static int RustDNSSetTxDetectState(void *tx, return 0; } -static AppLayerDecoderEvents *RustDNSGetEvents(void *state, uint64_t id) +static AppLayerDecoderEvents *RustDNSGetEvents(void *tx) { - return rs_dns_state_get_events(state, id); + return rs_dns_state_get_events(tx); } void RegisterRustDNSTCPParsers(void) @@ -170,6 +170,7 @@ void RegisterRustDNSTCPParsers(void) AppLayerParserRegisterGetStateProgressCompletionStatus(ALPROTO_DNS, rs_dns_state_progress_completion_status); DNSAppLayerRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_DNS); + DNSAppLayerRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_DNS); /* This parser accepts gaps. */ AppLayerParserRegisterOptionFlags(IPPROTO_TCP, ALPROTO_DNS, diff --git a/src/app-layer-dns-udp-rust.c b/src/app-layer-dns-udp-rust.c index b3e5c08ab2..dba6bce3ac 100644 --- a/src/app-layer-dns-udp-rust.c +++ b/src/app-layer-dns-udp-rust.c @@ -116,9 +116,9 @@ static uint64_t RustDNSGetDetectFlags(void *tx, uint8_t dir) return rs_dns_tx_get_detect_flags(tx, dir); } -static AppLayerDecoderEvents *RustDNSGetEvents(void *state, uint64_t id) +static AppLayerDecoderEvents *RustDNSGetEvents(void *tx) { - return rs_dns_state_get_events(state, id); + return rs_dns_state_get_events(tx); } void RegisterRustDNSUDPParsers(void) @@ -183,6 +183,7 @@ void RegisterRustDNSUDPParsers(void) rs_dns_state_progress_completion_status); DNSAppLayerRegisterGetEventInfo(IPPROTO_UDP, ALPROTO_DNS); + DNSAppLayerRegisterGetEventInfoById(IPPROTO_UDP, ALPROTO_DNS); #if 0 DNSUDPConfigure(); diff --git a/src/app-layer-enip.c b/src/app-layer-enip.c index c4d27b4ea7..3a46ecfca9 100644 --- a/src/app-layer-enip.c +++ b/src/app-layer-enip.c @@ -112,20 +112,9 @@ static uint64_t ENIPGetTxCnt(void *alstate) return ((uint64_t) ((ENIPState *) alstate)->transaction_max); } -static AppLayerDecoderEvents *ENIPGetEvents(void *state, uint64_t id) +static AppLayerDecoderEvents *ENIPGetEvents(void *tx) { - ENIPState *enip = (ENIPState *) state; - ENIPTransaction *tx; - - if (enip->curr && enip->curr->tx_num == (id + 1)) - return enip->curr->decoder_events; - - TAILQ_FOREACH(tx, &enip->tx_list, next) { - if (tx->tx_num == (id+1)) - return tx->decoder_events; - } - - return NULL; + return ((ENIPTransaction *)tx)->decoder_events; } static int ENIPStateGetEventInfo(const char *event_name, int *event_id, AppLayerEventType *event_type) diff --git a/src/app-layer-htp-file.c b/src/app-layer-htp-file.c index 6e7cc6f029..a04196a74a 100644 --- a/src/app-layer-htp-file.c +++ b/src/app-layer-htp-file.c @@ -1264,7 +1264,8 @@ static int HTPFileParserTest08(void) } FLOWLOCK_WRLOCK(f); - AppLayerDecoderEvents *decoder_events = AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0); + void *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0); + AppLayerDecoderEvents *decoder_events = AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP, tx); if (decoder_events == NULL) { printf("no app events: "); FLOWLOCK_UNLOCK(f); @@ -1386,7 +1387,8 @@ static int HTPFileParserTest09(void) } FLOWLOCK_WRLOCK(f); - AppLayerDecoderEvents *decoder_events = AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0); + void *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0); + AppLayerDecoderEvents *decoder_events = AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP, tx); if (decoder_events == NULL) { printf("no app events: "); FLOWLOCK_UNLOCK(f); @@ -1506,7 +1508,8 @@ static int HTPFileParserTest10(void) } FLOWLOCK_WRLOCK(f); - AppLayerDecoderEvents *decoder_events = AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0); + void *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0); + AppLayerDecoderEvents *decoder_events = AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP, tx); if (decoder_events != NULL) { printf("app events: "); FLOWLOCK_UNLOCK(f); @@ -1644,7 +1647,8 @@ static int HTPFileParserTest11(void) } FLOWLOCK_WRLOCK(f); - AppLayerDecoderEvents *decoder_events = AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0); + void *txtmp = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0); + AppLayerDecoderEvents *decoder_events = AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP, txtmp); if (decoder_events != NULL) { printf("app events: "); FLOWLOCK_UNLOCK(f); diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index 6c75c0e6d9..539570a169 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -287,19 +287,16 @@ static void HTPSetEvent(HtpState *s, HtpTxUserData *htud, uint8_t e) SCLogDebug("couldn't set event %u", e); } -static AppLayerDecoderEvents *HTPGetEvents(void *state, uint64_t tx_id) +static AppLayerDecoderEvents *HTPGetEvents(void *tx) { - SCLogDebug("get HTTP events for TX %"PRIu64, tx_id); + SCLogDebug("get HTTP events for TX %p", tx); - HtpState *s = (HtpState *)state; - htp_tx_t *tx = HTPStateGetTx(s, tx_id); - if (tx != NULL) { - HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); - if (htud != NULL) { - SCLogDebug("has htud, htud->decoder_events %p", htud->decoder_events); - return htud->decoder_events; - } + HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); + if (htud != NULL) { + SCLogDebug("has htud, htud->decoder_events %p", htud->decoder_events); + return htud->decoder_events; } + return NULL; } @@ -6139,7 +6136,8 @@ libhtp:\n\ FAIL_IF(tx->request_method_number != HTP_M_GET); FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); - AppLayerDecoderEvents *decoder_events = AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0); + void *txtmp = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0); + AppLayerDecoderEvents *decoder_events = AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP, txtmp); FAIL_IF_NULL(decoder_events); FAIL_IF(decoder_events->events[0] != HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG); @@ -6256,7 +6254,8 @@ libhtp:\n\ } FLOWLOCK_WRLOCK(f); - AppLayerDecoderEvents *decoder_events = AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0); + void *txtmp = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0); + AppLayerDecoderEvents *decoder_events = AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP, txtmp); if (decoder_events != NULL) { printf("app events: "); FLOWLOCK_UNLOCK(f); @@ -6338,7 +6337,8 @@ static int HTPParserTest16(void) } FLOWLOCK_WRLOCK(f); - AppLayerDecoderEvents *decoder_events = AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0); + void *txtmp = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0); + AppLayerDecoderEvents *decoder_events = AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP, txtmp); if (decoder_events == NULL) { printf("no app events: "); FLOWLOCK_UNLOCK(f); diff --git a/src/app-layer-modbus.c b/src/app-layer-modbus.c index 3a5d9276f8..5c55614f7b 100644 --- a/src/app-layer-modbus.c +++ b/src/app-layer-modbus.c @@ -214,20 +214,9 @@ static void ModbusSetEvent(ModbusState *modbus, uint8_t e) SCLogDebug("couldn't set event %u", e); } -static AppLayerDecoderEvents *ModbusGetEvents(void *state, uint64_t id) +static AppLayerDecoderEvents *ModbusGetEvents(void *tx) { - ModbusState *modbus = (ModbusState *) state; - ModbusTransaction *tx; - - if (modbus->curr && modbus->curr->tx_num == (id + 1)) - return modbus->curr->decoder_events; - - TAILQ_FOREACH(tx, &modbus->tx_list, next) { - if (tx->tx_num == (id+1)) - return tx->decoder_events; - } - - return NULL; + return ((ModbusTransaction *)tx)->decoder_events; } static int ModbusGetAlstateProgress(void *modbus_tx, uint8_t direction) diff --git a/src/app-layer-nfs-tcp.c b/src/app-layer-nfs-tcp.c index 1fe61e2cb2..ffa81a2a07 100644 --- a/src/app-layer-nfs-tcp.c +++ b/src/app-layer-nfs-tcp.c @@ -101,9 +101,17 @@ static int NFSTCPStateGetEventInfo(const char *event_name, int *event_id, return rs_nfs_state_get_event_info(event_name, event_id, event_type); } -static AppLayerDecoderEvents *NFSTCPGetEvents(void *state, uint64_t id) +static int NFSTCPStateGetEventInfoById(int event_id, const char **event_name, + AppLayerEventType *event_type) { - return rs_nfs_state_get_events(state, id); + *event_name = "NFS TCP event name (generic)"; + *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; + return 0; +} + +static AppLayerDecoderEvents *NFSTCPGetEvents(void *tx) +{ + return rs_nfs_state_get_events(tx); } /** @@ -378,6 +386,10 @@ void RegisterNFSTCPParsers(void) AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_NFS, NFSTCPStateGetEventInfo); + + AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_NFS, + NFSTCPStateGetEventInfoById); + AppLayerParserRegisterGetEventsFunc(IPPROTO_TCP, ALPROTO_NFS, NFSTCPGetEvents); diff --git a/src/app-layer-nfs-udp.c b/src/app-layer-nfs-udp.c index 5cc58965a3..3ae3118090 100644 --- a/src/app-layer-nfs-udp.c +++ b/src/app-layer-nfs-udp.c @@ -98,9 +98,17 @@ static int NFSStateGetEventInfo(const char *event_name, int *event_id, return rs_nfs_state_get_event_info(event_name, event_id, event_type); } -static AppLayerDecoderEvents *NFSGetEvents(void *state, uint64_t id) +static int NFSStateGetEventInfoById(int event_id, const char **event_name, + AppLayerEventType *event_type) { - return rs_nfs_state_get_events(state, id); + *event_name = "NFS UDP event name (generic)"; + *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; + return 0; +} + +static AppLayerDecoderEvents *NFSGetEvents(void *tx) +{ + return rs_nfs_state_get_events(tx); } /** @@ -338,6 +346,10 @@ void RegisterNFSUDPParsers(void) AppLayerParserRegisterGetEventInfo(IPPROTO_UDP, ALPROTO_NFS, NFSStateGetEventInfo); + + AppLayerParserRegisterGetEventInfoById(IPPROTO_UDP, ALPROTO_NFS, + NFSStateGetEventInfoById); + AppLayerParserRegisterGetEventsFunc(IPPROTO_UDP, ALPROTO_NFS, NFSGetEvents); diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index dcca37ff1b..988bdef911 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -103,7 +103,7 @@ typedef struct AppLayerParserProtoCtx_ void (*Truncate)(void *, uint8_t); FileContainer *(*StateGetFiles)(void *, uint8_t); - AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t); + AppLayerDecoderEvents *(*StateGetEvents)(void *); int (*StateGetProgress)(void *alstate, uint8_t direction); uint64_t (*StateGetTxCnt)(void *alstate); @@ -433,7 +433,7 @@ void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto, } void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto alproto, - AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t)) + AppLayerDecoderEvents *(*StateGetEvents)(void *)) { SCEnter(); @@ -844,7 +844,7 @@ void AppLayerParserSetDecoderEvents(AppLayerParserState *pstate, AppLayerDecoder } AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto, - void *alstate, uint64_t tx_id) + void *tx) { SCEnter(); @@ -854,7 +854,7 @@ AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alp StateGetEvents != NULL) { ptr = alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto]. - StateGetEvents(alstate, tx_id); + StateGetEvents(tx); } SCReturnPtr(ptr, "AppLayerDecoderEvents *"); diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index 74320b1726..6f67b0b881 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -138,7 +138,7 @@ void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto proto, void AppLayerParserRegisterGetFilesFunc(uint8_t ipproto, AppProto alproto, FileContainer *(*StateGetFiles)(void *, uint8_t)); void AppLayerParserRegisterGetEventsFunc(uint8_t ipproto, AppProto proto, - AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t)); + AppLayerDecoderEvents *(*StateGetEvents)(void *) __attribute__((nonnull))); void AppLayerParserRegisterLoggerFuncs(uint8_t ipproto, AppProto alproto, LoggerId (*StateGetTxLogged)(void *, void *), void (*StateSetTxLogged)(void *, void *, LoggerId)); @@ -200,8 +200,7 @@ void AppLayerParserSetTransactionInspectId(const Flow *f, AppLayerParserState *p AppLayerDecoderEvents *AppLayerParserGetDecoderEvents(AppLayerParserState *pstate); void AppLayerParserSetDecoderEvents(AppLayerParserState *pstate, AppLayerDecoderEvents *devents); -AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto, void *alstate, - uint64_t tx_id); +AppLayerDecoderEvents *AppLayerParserGetEventsByTx(uint8_t ipproto, AppProto alproto, void *tx); FileContainer *AppLayerParserGetFiles(uint8_t ipproto, AppProto alproto, void *alstate, uint8_t direction); int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto, diff --git a/src/app-layer-register.h b/src/app-layer-register.h index c7bb7d4e39..647da56c1b 100644 --- a/src/app-layer-register.h +++ b/src/app-layer-register.h @@ -54,7 +54,7 @@ typedef struct AppLayerParser { DetectEngineState *(*GetTxDetectState)(void *tx); int (*SetTxDetectState)(void *tx, DetectEngineState *); - AppLayerDecoderEvents *(*StateGetEvents)(void *, uint64_t); + AppLayerDecoderEvents *(*StateGetEvents)(void *); int (*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type); diff --git a/src/app-layer-smb.c b/src/app-layer-smb.c index 5146d59262..95d5a58926 100644 --- a/src/app-layer-smb.c +++ b/src/app-layer-smb.c @@ -186,9 +186,17 @@ static FileContainer *SMBGetFiles(void *state, uint8_t direction) return rs_smb_getfiles(direction, state); } -static AppLayerDecoderEvents *SMBGetEvents(void *state, uint64_t id) +static AppLayerDecoderEvents *SMBGetEvents(void *tx) { - return rs_smb_state_get_events(state, id); + return rs_smb_state_get_events(tx); +} + +static int SMBGetEventInfoById(int event_id, const char **event_name, + AppLayerEventType *event_type) +{ + *event_name = "SMB event name (generic)"; + *event_type = APP_LAYER_EVENT_TYPE_TRANSACTION; + return 0; } static int SMBGetEventInfo(const char *event_name, int *event_id, @@ -302,6 +310,8 @@ void RegisterSMBParsers(void) SMBGetEvents); AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_SMB, SMBGetEventInfo); + AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_SMB, + SMBGetEventInfoById); AppLayerParserRegisterDetectStateFuncs(IPPROTO_TCP, ALPROTO_SMB, SMBGetTxDetectState, SMBSetTxDetectState); diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index f7525b24f8..73ad7141d0 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -1705,15 +1705,11 @@ static void SMTPStateTruncate(void *state, uint8_t direction) } } -static AppLayerDecoderEvents *SMTPGetEvents(void *state, uint64_t tx_id) +static AppLayerDecoderEvents *SMTPGetEvents(void *tx) { - SCLogDebug("get SMTP events for TX %"PRIu64, tx_id); + SCLogDebug("get SMTP events for TX %p", tx); - SMTPTransaction *tx = SMTPStateGetTx(state, tx_id); - if (tx != NULL) { - return tx->decoder_events; - } - return NULL; + return ((SMTPTransaction *)tx)->decoder_events; } static DetectEngineState *SMTPGetTxDetectState(void *vtx) diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 03fa785c65..ea384c8d1e 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -164,9 +164,10 @@ void SSLSetEvent(SSLState *ssl_state, uint8_t event) ssl_state->events++; } -static AppLayerDecoderEvents *SSLGetEvents(void *state, uint64_t id) +static AppLayerDecoderEvents *SSLGetEvents(void *tx) { - SSLState *ssl_state = (SSLState *)state; + /* for TLS, TX == state, see GetTx */ + SSLState *ssl_state = (SSLState *)tx; return ssl_state->decoder_events; } diff --git a/src/app-layer-template.c b/src/app-layer-template.c index 9e8cfeadf6..dd0fd203d7 100644 --- a/src/app-layer-template.c +++ b/src/app-layer-template.c @@ -190,18 +190,9 @@ static int TemplateStateGetEventInfoById(int event_id, const char **event_name, return 0; } -static AppLayerDecoderEvents *TemplateGetEvents(void *statev, uint64_t tx_id) +static AppLayerDecoderEvents *TemplateGetEvents(void *tx) { - TemplateState *state = statev; - TemplateTransaction *tx; - - TAILQ_FOREACH(tx, &state->tx_list, next) { - if (tx->tx_id == tx_id) { - return tx->decoder_events; - } - } - - return NULL; + return ((TemplateTransaction *)tx)->decoder_events; } /** diff --git a/src/app-layer-tftp.c b/src/app-layer-tftp.c index 22ce1d2992..bac605d467 100644 --- a/src/app-layer-tftp.c +++ b/src/app-layer-tftp.c @@ -72,7 +72,7 @@ static int TFTPStateGetEventInfo(const char *event_name, int *event_id, return -1; } -static AppLayerDecoderEvents *TFTPGetEvents(void *state, uint64_t tx_id) +static AppLayerDecoderEvents *TFTPGetEvents(void *tx) { return NULL; } diff --git a/src/detect-app-layer-event.c b/src/detect-app-layer-event.c index 37c01bdaec..092ab0bc1f 100644 --- a/src/detect-app-layer-event.c +++ b/src/detect-app-layer-event.c @@ -95,7 +95,7 @@ static int DetectEngineAptEventInspect(ThreadVars *tv, DetectAppLayerEventData *aled = NULL; alproto = f->alproto; - decoder_events = AppLayerParserGetEventsByTx(f->proto, alproto, alstate, tx_id); + decoder_events = AppLayerParserGetEventsByTx(f->proto, alproto, tx); if (decoder_events == NULL) goto end; diff --git a/src/output-json-anomaly.c b/src/output-json-anomaly.c index 0a9f7f92a6..e9b64af5b3 100644 --- a/src/output-json-anomaly.c +++ b/src/output-json-anomaly.c @@ -137,7 +137,7 @@ static int AnomalyDecodeEventJson(ThreadVars *tv, JsonAnomalyLogThread *aft, static int AnomalyAppLayerDecoderEventJson(JsonAnomalyLogThread *aft, const Packet *p, AppLayerDecoderEvents *decoder_events, - bool is_applayer, const char *layer, uint64_t tx_id) + bool is_pktlayer, const char *layer, uint64_t tx_id) { const char *alprotoname = AppLayerGetProtoName(p->flow->alproto); @@ -168,28 +168,20 @@ static int AnomalyAppLayerDecoderEventJson(JsonAnomalyLogThread *aft, JsonAddCommonOptions(&aft->json_output_ctx->cfg, p, p->flow, js); - /* Use app layer proto name if available */ - if (alprotoname) { - json_object_set_new(ajs, "alproto", json_string(alprotoname)); - } else { - json_object_set_new(ajs, "alproto", - p->flow ? json_integer(p->flow->alproto) : json_string("unknown")); - } + json_object_set_new(js, "app_proto", json_string(alprotoname)); const char *event_name = NULL; uint8_t event_code = decoder_events->events[i]; AppLayerEventType event_type; int r; - if (is_applayer) { + if (is_pktlayer) { r = AppLayerGetEventInfoById(event_code, &event_name, &event_type); } else { r = AppLayerParserGetEventInfoById(p->flow->proto, p->flow->alproto, event_code, &event_name, &event_type); } if (r == 0) { - json_object_set_new(ajs, "type", - json_string(event_type == APP_LAYER_EVENT_TYPE_TRANSACTION ? - "transaction" : "packet")); + json_object_set_new(ajs, "type", json_string("applayer")); json_object_set_new(ajs, "event", json_string(event_name)); } else { json_object_set_new(ajs, "type", json_string("unknown")); @@ -220,15 +212,13 @@ static int AnomalyAppLayerDecoderEventJson(JsonAnomalyLogThread *aft, static int JsonAnomalyTxLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id) { - JsonAnomalyLogThread *aft = thread_data; - uint8_t proto = f->proto; - AppProto alproto = f->alproto; AppLayerDecoderEvents *decoder_events; - decoder_events = AppLayerParserGetEventsByTx(proto, alproto, state, tx_id); - if (decoder_events && (decoder_events->event_last_logged < decoder_events->cnt)) { + decoder_events = AppLayerParserGetEventsByTx(f->proto, f->alproto, tx); + if (decoder_events && decoder_events->event_last_logged < decoder_events->cnt) { SCLogDebug("state %p, tx: %p, tx_id: %"PRIu64, state, tx, tx_id); + JsonAnomalyLogThread *aft = thread_data; AnomalyAppLayerDecoderEventJson(aft, p, decoder_events, false, - "applayer_parser", tx_id); + "proto_parser", tx_id); } return TM_ECODE_OK; } @@ -239,6 +229,11 @@ static inline bool AnomalyHasParserEvents(const Packet *p) AppLayerParserHasDecoderEvents(p->flow->alparser)); } +static inline bool AnomalyHasPacketAppLayerEvents(const Packet *p) +{ + return p->app_layer_events && p->app_layer_events->cnt; +} + static int AnomalyJson(ThreadVars *tv, JsonAnomalyLogThread *aft, const Packet *p) { @@ -249,9 +244,9 @@ static int AnomalyJson(ThreadVars *tv, JsonAnomalyLogThread *aft, const Packet * } /* app layer events */ - if (rc == TM_ECODE_OK && p->app_layer_events && p->app_layer_events->cnt) { + if (rc == TM_ECODE_OK && AnomalyHasPacketAppLayerEvents(p)) { rc = AnomalyAppLayerDecoderEventJson(aft, p, p->app_layer_events, - true, "app_layer", TX_ID_UNUSED); + true, "proto_detect", TX_ID_UNUSED); } /* parser state events */ @@ -275,7 +270,9 @@ static int JsonAnomalyLogger(ThreadVars *tv, void *thread_data, const Packet *p) static int JsonAnomalyLogCondition(ThreadVars *tv, const Packet *p) { - return p->events.cnt > 0 || p->app_layer_events || AnomalyHasParserEvents(p); + return p->events.cnt > 0 || + (p->app_layer_events && p->app_layer_events->cnt > 0) || + AnomalyHasParserEvents(p); } #define OUTPUT_BUFFER_SIZE 65535 @@ -323,16 +320,6 @@ static TmEcode JsonAnomalyLogThreadDeinit(ThreadVars *t, void *data) return TM_ECODE_OK; } -static void JsonAnomalyLogDeInitCtx(OutputCtx *output_ctx) -{ - AnomalyJsonOutputCtx *json_output_ctx = (AnomalyJsonOutputCtx *) output_ctx->data; - if (json_output_ctx != NULL) { - LogFileFreeCtx(json_output_ctx->file_ctx); - SCFree(json_output_ctx); - } - SCFree(output_ctx); -} - static void JsonAnomalyLogDeInitCtxSub(OutputCtx *output_ctx) { SCLogDebug("cleaning up sub output_ctx %p", output_ctx); @@ -369,50 +356,6 @@ static void JsonAnomalyLogConf(AnomalyJsonOutputCtx *json_output_ctx, json_output_ctx->flags |= flags; } -/** - * \brief Create a new LogFileCtx for "fast" output style. - * \param conf The configuration node for this output. - * \return A LogFileCtx pointer on success, NULL on failure. - */ -static OutputInitResult JsonAnomalyLogInitCtx(ConfNode *conf) -{ - OutputInitResult result = { NULL, false }; - AnomalyJsonOutputCtx *json_output_ctx = NULL; - LogFileCtx *logfile_ctx = LogFileNewCtx(); - if (logfile_ctx == NULL) { - SCLogDebug("JsonAnomalyLogInitCtx: Could not create new LogFileCtx"); - return result; - } - - if (SCConfLogOpenGeneric(conf, logfile_ctx, DEFAULT_LOG_FILENAME, 1) < 0) { - LogFileFreeCtx(logfile_ctx); - return result; - } - - OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); - if (unlikely(output_ctx == NULL)) { - LogFileFreeCtx(logfile_ctx); - return result; - } - - json_output_ctx = SCCalloc(1, sizeof(AnomalyJsonOutputCtx)); - if (unlikely(json_output_ctx == NULL)) { - LogFileFreeCtx(logfile_ctx); - SCFree(output_ctx); - return result; - } - - json_output_ctx->file_ctx = logfile_ctx; - JsonAnomalyLogConf(json_output_ctx, conf); - - output_ctx->data = json_output_ctx; - output_ctx->DeInit = JsonAnomalyLogDeInitCtx; - - result.ctx = output_ctx; - result.ok = true; - return result; -} - /** * \brief Create a new LogFileCtx for "fast" output style. * \param conf The configuration node for this output. @@ -452,10 +395,6 @@ error: void JsonAnomalyLogRegister (void) { - OutputRegisterPacketModule(LOGGER_JSON_ANOMALY, MODULE_NAME, "anomaly-json-log", - JsonAnomalyLogInitCtx, JsonAnomalyLogger, JsonAnomalyLogCondition, - JsonAnomalyLogThreadInit, JsonAnomalyLogThreadDeinit, NULL); - OutputRegisterPacketSubModule(LOGGER_JSON_ANOMALY, "eve-log", MODULE_NAME, "eve-log.anomaly", JsonAnomalyLogInitCtxSub, JsonAnomalyLogger, JsonAnomalyLogCondition, JsonAnomalyLogThreadInit, JsonAnomalyLogThreadDeinit,