/src/suricata7/src/app-layer-events.h
Line | Count | Source |
1 | | /* Copyright (C) 2014-2022 Open Information Security Foundation |
2 | | * |
3 | | * You can copy, redistribute or modify this Program under the terms of |
4 | | * the GNU General Public License version 2 as published by the Free |
5 | | * Software Foundation. |
6 | | * |
7 | | * This program is distributed in the hope that it will be useful, |
8 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
9 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
10 | | * GNU General Public License for more details. |
11 | | * |
12 | | * You should have received a copy of the GNU General Public License |
13 | | * version 2 along with this program; if not, write to the Free Software |
14 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
15 | | * 02110-1301, USA. |
16 | | */ |
17 | | |
18 | | /** |
19 | | * \file |
20 | | * |
21 | | * \author Victor Julien <victor@inliniac.net> |
22 | | * \author Anoop Saldanha <anoopsaldanha@gmail.com> |
23 | | */ |
24 | | |
25 | | #ifndef __APP_LAYER_EVENTS_H__ |
26 | | #define __APP_LAYER_EVENTS_H__ |
27 | | |
28 | | /* contains fwd declaration of AppLayerDecoderEvents_ */ |
29 | | #include "decode.h" |
30 | | #include "rust.h" |
31 | | |
32 | | /** |
33 | | * \brief Data structure to store app layer decoder events. |
34 | | */ |
35 | | struct AppLayerDecoderEvents_ { |
36 | | /* array of events */ |
37 | | uint8_t *events; |
38 | | /* number of events in the above buffer */ |
39 | | uint8_t cnt; |
40 | | /* current event buffer size */ |
41 | | uint8_t events_buffer_size; |
42 | | /* last logged */ |
43 | | uint8_t event_last_logged; |
44 | | }; |
45 | | |
46 | | /* app layer pkt level events */ |
47 | | enum { |
48 | | APPLAYER_MISMATCH_PROTOCOL_BOTH_DIRECTIONS, |
49 | | APPLAYER_WRONG_DIRECTION_FIRST_DATA, |
50 | | APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION, |
51 | | APPLAYER_PROTO_DETECTION_SKIPPED, |
52 | | APPLAYER_NO_TLS_AFTER_STARTTLS, |
53 | | APPLAYER_UNEXPECTED_PROTOCOL, |
54 | | }; |
55 | | |
56 | | int AppLayerGetPktEventInfo(const char *event_name, int *event_id); |
57 | | |
58 | | int AppLayerGetEventInfoById(int event_id, const char **event_name, |
59 | | AppLayerEventType *event_type); |
60 | | void AppLayerDecoderEventsSetEventRaw(AppLayerDecoderEvents **sevents, uint8_t event); |
61 | | |
62 | | static inline int AppLayerDecoderEventsIsEventSet(AppLayerDecoderEvents *devents, |
63 | | uint8_t event) |
64 | 32.7k | { |
65 | 32.7k | if (devents == NULL) |
66 | 13.2k | return 0; |
67 | | |
68 | 19.5k | int i; |
69 | 19.5k | int cnt = devents->cnt; |
70 | 82.7k | for (i = 0; i < cnt; i++) { |
71 | 63.8k | if (devents->events[i] == event) |
72 | 653 | return 1; |
73 | 63.8k | } |
74 | | |
75 | 18.8k | return 0; |
76 | 19.5k | } Unexecuted instantiation: fuzz_applayerparserparse.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-parser.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-rdp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-rfb.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-smb.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-smtp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-snmp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-ssh.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-ssl.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-tftp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-engine-state.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: flow.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: flow-hash.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: flow-manager.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: flow-timeout.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-file.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-filedata.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: runmodes.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: stream-tcp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: stream-tcp-reassemble.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: suricata.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: util-exception-policy.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: util-file.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: util-running-modes.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-detect-proto.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-dnp3.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-enip.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-events.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-ftp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-frames.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-htp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-htp-file.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-http2.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-ike.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-krb5.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-modbus.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-quic.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-mqtt.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-nfs-tcp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-nfs-udp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-ntp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-engine-build.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-engine.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-engine-frame.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-engine-prefilter.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-engine-proto.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-file-data.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-filemagic.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-filename.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-filestore.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-flowbits.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-frame.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ftpbounce.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-hostbits.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-client-body.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-cookie.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-header.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-header-common.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-header-names.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-host.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-method.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-protocol.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-raw-header.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-request-line.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-response-line.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-server-body.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-start.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-stat-code.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-stat-msg.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-http-ua.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ike-exch-type.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ike-spi.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ike-vendor.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ike-chosen-sa.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ike-key-exchange-payload-length.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ike-nonce-payload-length.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ike-nonce-payload.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ike-key-exchange-payload.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-iprep.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-lua.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-mqtt-subscribe-topic.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-mqtt-unsubscribe-topic.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-nfs-procedure.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-nfs-version.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-parse.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-pcre.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-rfb-name.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-rfb-sectype.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-sip-method.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-sip-protocol.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-sip-request-line.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-sip-response-line.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-sip-stat-code.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-sip-stat-msg.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-sip-uri.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-snmp-community.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-snmp-pdu_type.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-snmp-version.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ssh-hassh.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ssh-hassh-server.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ssh-hassh-server-string.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ssh-hassh-string.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ssh-proto.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ssh-proto-version.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ssh-software.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ssh-software-version.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ssl-state.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-ssl-version.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-tag.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-template-rust-buffer.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-tls-version.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-uricontent.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-xbits.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: flow-worker.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-alert.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-anomaly.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-bittorrent-dht.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-dcerpc.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-dhcp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-dnp3.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-dns.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-email-common.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-file.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-frame.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-ftp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-http2.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-http.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-ike.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-krb5.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-metadata.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-modbus.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-quic.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-mqtt.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-nfs.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-pgsql.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-rdp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-rfb.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-sip.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-smb.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-smtp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-snmp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-ssh.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-template.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-tftp.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-json-tls.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-streaming.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: output-tx.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: rust-context.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-htp-xff.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: app-layer-register.c:AppLayerDecoderEventsIsEventSet detect-app-layer-event.c:AppLayerDecoderEventsIsEventSet Line | Count | Source | 64 | 32.7k | { | 65 | 32.7k | if (devents == NULL) | 66 | 13.2k | return 0; | 67 | | | 68 | 19.5k | int i; | 69 | 19.5k | int cnt = devents->cnt; | 70 | 82.7k | for (i = 0; i < cnt; i++) { | 71 | 63.8k | if (devents->events[i] == event) | 72 | 653 | return 1; | 73 | 63.8k | } | 74 | | | 75 | 18.8k | return 0; | 76 | 19.5k | } |
Unexecuted instantiation: detect-app-layer-protocol.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-bypass.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-bytemath.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-config.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-dce-stub-data.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-dns-query.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: detect-engine-file.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: log-httplog.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: log-tlslog.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: log-tlsstore.c:AppLayerDecoderEventsIsEventSet Unexecuted instantiation: fuzz_applayerprotodetectgetproto.c:AppLayerDecoderEventsIsEventSet |
77 | | |
78 | | void AppLayerDecoderEventsResetEvents(AppLayerDecoderEvents *events); |
79 | | void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events); |
80 | | int DetectEngineGetEventInfo(const char *event_name, int *event_id, AppLayerEventType *event_type); |
81 | | |
82 | | #endif /* __APP_LAYER_EVENTS_H__ */ |
83 | | |