app/frames: implement name to id API for frames

rust/src/applayer.rs

@@ -299,6 +299,9 @@ pub struct RustParser {
     /// Function to handle the end of data coming on one of the sides
     /// due to the stream reaching its 'depth' limit.
     pub truncate: Option<TruncateFn>,
+
+    pub get_frame_id_by_name: Option<GetFrameIdByName>,
+    pub get_frame_name_by_id: Option<GetFrameNameById>,
 }
 
 /// Create a slice, given a buffer and a length
@@ -344,6 +347,8 @@ pub type GetTxIteratorFn    = unsafe extern "C" fn (ipproto: u8, alproto: AppPro
 pub type GetTxDataFn = unsafe extern "C" fn(*mut c_void) -> *mut AppLayerTxData;
 pub type ApplyTxConfigFn = unsafe extern "C" fn (*mut c_void, *mut c_void, c_int, AppLayerTxConfig);
 pub type TruncateFn = unsafe extern "C" fn (*mut c_void, u8);
+pub type GetFrameIdByName = unsafe extern "C" fn(*const c_char) -> c_int;
+pub type GetFrameNameById = unsafe extern "C" fn(u8) -> *const c_char;
 
 
 // Defined in app-layer-register.h

rust/src/applayertemplate/template.rs

@@ -453,6 +453,8 @@ pub unsafe extern "C" fn rs_template_register_parser() {
         apply_tx_config: None,
         flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
         truncate: None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("tcp").unwrap();

rust/src/dcerpc/dcerpc.rs

@@ -1372,6 +1372,8 @@ pub unsafe extern "C" fn rs_dcerpc_register_parser() {
         apply_tx_config: None,
         flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
         truncate: None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("tcp").unwrap();

rust/src/dcerpc/dcerpc_udp.rs

@@ -351,6 +351,8 @@ pub unsafe extern "C" fn rs_dcerpc_udp_register_parser() {
         apply_tx_config: None,
         flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
         truncate: None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("udp").unwrap();

rust/src/dhcp/dhcp.rs

@@ -295,6 +295,8 @@ pub unsafe extern "C" fn rs_dhcp_register_parser() {
         apply_tx_config    : None,
         flags              : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
         truncate           : None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("udp").unwrap();

rust/src/dns/dns.rs

@@ -943,6 +943,8 @@ pub unsafe extern "C" fn rs_dns_udp_register_parser() {
         apply_tx_config: Some(rs_dns_apply_tx_config),
         flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
         truncate: None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("udp").unwrap();
@@ -986,6 +988,8 @@ pub unsafe extern "C" fn rs_dns_tcp_register_parser() {
         apply_tx_config: Some(rs_dns_apply_tx_config),
         flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS | APP_LAYER_PARSER_OPT_UNIDIR_TXS,
         truncate: None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("tcp").unwrap();

rust/src/http2/http2.rs

@@ -1193,6 +1193,8 @@ pub unsafe extern "C" fn rs_http2_register_parser() {
         apply_tx_config: None,
         flags: 0,
         truncate: None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("tcp").unwrap();

rust/src/ike/ike.rs

@@ -422,6 +422,8 @@ pub unsafe extern "C" fn rs_ike_register_parser() {
         apply_tx_config    : None,
         flags              : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
         truncate           : None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("udp").unwrap();

rust/src/krb/krb5.rs

@@ -550,6 +550,8 @@ pub unsafe extern "C" fn rs_register_krb5_parser() {
         apply_tx_config    : None,
         flags              : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
         truncate           : None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
     // register UDP parser
     let ip_proto_str = CString::new("udp").unwrap();

rust/src/modbus/modbus.rs

@@ -405,6 +405,8 @@ pub unsafe extern "C" fn rs_modbus_register_parser() {
         apply_tx_config: None,
         flags: 0,
         truncate: None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("tcp").unwrap();

rust/src/mqtt/mqtt.rs

@@ -693,6 +693,8 @@ pub unsafe extern "C" fn rs_mqtt_register_parser(cfg_max_msg_len: u32) {
         apply_tx_config: None,
         flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
         truncate: None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("tcp").unwrap();

rust/src/nfs/nfs.rs

@@ -1863,6 +1863,8 @@ pub unsafe extern "C" fn rs_nfs_register_parser() {
         apply_tx_config: None,
         flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
         truncate: None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("tcp").unwrap();
@@ -1939,6 +1941,8 @@ pub unsafe extern "C" fn rs_nfs_udp_register_parser() {
         apply_tx_config: None,
         flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
         truncate: None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("udp").unwrap();

rust/src/ntp/ntp.rs

@@ -292,6 +292,8 @@ pub unsafe extern "C" fn rs_register_ntp_parser() {
         apply_tx_config    : None,
         flags              : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
         truncate           : None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("udp").unwrap();

rust/src/rdp/rdp.rs

@@ -487,6 +487,8 @@ pub unsafe extern "C" fn rs_rdp_register_parser() {
         apply_tx_config: None,
         flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
         truncate: None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = std::ffi::CString::new("tcp").unwrap();

rust/src/rfb/rfb.rs

@@ -596,6 +596,8 @@ pub unsafe extern "C" fn rs_rfb_register_parser() {
         apply_tx_config: None,
         flags: 0,
         truncate: None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("tcp").unwrap();

rust/src/sip/sip.rs

@@ -289,6 +289,8 @@ pub unsafe extern "C" fn rs_sip_register_parser() {
         apply_tx_config: None,
         flags: APP_LAYER_PARSER_OPT_UNIDIR_TXS,
         truncate: None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("udp").unwrap();

rust/src/smb/smb.rs

@@ -2168,6 +2168,8 @@ pub unsafe extern "C" fn rs_smb_register_parser() {
         apply_tx_config: None,
         flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
         truncate: Some(rs_smb_state_truncate),
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("tcp").unwrap();

rust/src/snmp/snmp.rs

@@ -398,6 +398,8 @@ pub unsafe extern "C" fn rs_register_snmp_parser() {
         apply_tx_config    : None,
         flags              : APP_LAYER_PARSER_OPT_UNIDIR_TXS,
         truncate           : None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
     let ip_proto_str = CString::new("udp").unwrap();
     if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {

rust/src/ssh/ssh.rs

@@ -466,6 +466,8 @@ pub unsafe extern "C" fn rs_ssh_register_parser() {
         apply_tx_config: None,
         flags: 0,
         truncate: None,
+        get_frame_id_by_name: None,
+        get_frame_name_by_id: None,
     };
 
     let ip_proto_str = CString::new("tcp").unwrap();

src/app-layer-parser.c

@@ -122,6 +122,9 @@ typedef struct AppLayerParserProtoCtx_
 
     void (*SetStreamDepthFlag)(void *tx, uint8_t flags);
 
+    AppLayerParserGetFrameIdByNameFn GetFrameIdByName;
+    AppLayerParserGetFrameNameByIdFn GetFrameNameById;
+
     /* each app-layer has its own value */
     uint32_t stream_depth;
 
@@ -535,6 +538,16 @@ void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto,
     SCReturn;
 }
 
+void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto,
+        AppLayerParserGetFrameIdByNameFn GetIdByNameFunc,
+        AppLayerParserGetFrameNameByIdFn GetNameByIdFunc)
+{
+    SCEnter();
+    alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameIdByName = GetIdByNameFunc;
+    alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameNameById = GetNameByIdFunc;
+    SCReturn;
+}
+
 void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto,
     int (*StateGetEventInfo)(const char *event_name, int *event_id,
                              AppLayerEventType *event_type))
@@ -1449,6 +1462,24 @@ void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *s
     SCReturn;
 }
 
+int AppLayerParserGetFrameIdByName(uint8_t ipproto, AppProto alproto, const char *name)
+{
+    if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameIdByName != NULL) {
+        return alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameIdByName(name);
+    } else {
+        return -1;
+    }
+}
+
+const char *AppLayerParserGetFrameNameById(uint8_t ipproto, AppProto alproto, const uint8_t id)
+{
+    if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameNameById != NULL) {
+        return alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].GetFrameNameById(id);
+    } else {
+        return NULL;
+    }
+}
+
 /***** Cleanup *****/
 
 void AppLayerParserStateProtoCleanup(

src/app-layer-parser.h

@@ -154,6 +154,9 @@ typedef AppLayerGetTxIterTuple (*AppLayerGetTxIteratorFunc)
 
 /***** Parser related registration *****/
 
+typedef int (*AppLayerParserGetFrameIdByNameFn)(const char *frame_name);
+typedef const char *(*AppLayerParserGetFrameNameByIdFn)(const uint8_t id);
+
 /**
  * \brief Register app layer parser for the protocol.
  *
@@ -202,6 +205,9 @@ void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto,
 void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto,
     int (*StateGetEventInfoById)(int event_id, const char **event_name,
                                  AppLayerEventType *event_type));
+void AppLayerParserRegisterGetFrameFuncs(uint8_t ipproto, AppProto alproto,
+        AppLayerParserGetFrameIdByNameFn GetFrameIdByName,
+        AppLayerParserGetFrameNameByIdFn GetFrameNameById);
 void AppLayerParserRegisterGetStreamDepth(uint8_t ipproto,
                                           AppProto alproto,
                                           uint32_t (*GetStreamDepth)(void));
@@ -268,6 +274,8 @@ void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t st
 uint32_t AppLayerParserGetStreamDepth(const Flow *f);
 void AppLayerParserSetStreamDepthFlag(uint8_t ipproto, AppProto alproto, void *state, uint64_t tx_id, uint8_t flags);
 int AppLayerParserIsEnabled(AppProto alproto);
+int AppLayerParserGetFrameIdByName(uint8_t ipproto, AppProto alproto, const char *name);
+const char *AppLayerParserGetFrameNameById(uint8_t ipproto, AppProto alproto, const uint8_t id);
 
 /***** Cleanup *****/
 

src/app-layer-register.c

@@ -179,6 +179,11 @@ int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto)
         AppLayerParserRegisterTruncateFunc(p->ip_proto, alproto, p->Truncate);
     }
 
+    if (p->GetFrameIdByName && p->GetFrameNameById) {
+        AppLayerParserRegisterGetFrameFuncs(
+                p->ip_proto, alproto, p->GetFrameIdByName, p->GetFrameNameById);
+    }
+
     return 0;
 }
 

src/app-layer-register.h

@@ -70,6 +70,9 @@ typedef struct AppLayerParser {
 
     void (*Truncate)(void *state, uint8_t direction);
 
+    AppLayerParserGetFrameIdByNameFn GetFrameIdByName;
+    AppLayerParserGetFrameNameByIdFn GetFrameNameById;
+
 } AppLayerParser;
 
 /**