Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

isc.sensor.parser
Class AbstractParser

java.lang.Object
  extended by java.lang.Thread
      extended by isc.sensor.parser.AbstractParser
All Implemented Interfaces:
java.lang.Runnable
Direct Known Subclasses:
HttpParser, StaticPortPacketCapture
public abstract class AbstractParser
extends java.lang.Thread

Application pareser super class. This class manages all of the setup, teardown and session state information from the AppLayerMgr classes for the Application Parsers. Each Parser should extend from this class.

Classes derived from this class will be instantiated at runtime by the sensor server if included in the server's config file under the AppLayerMgr section, TCP/UDP respectively. This example will load the HttpParser class for TCP and UDP. Add all other parser classes to this list semicolon seperated.

Parsers will register for ports and events upon initialization

 -------  server's config.cfg file -------------
 !=====================================================================
 ! Define the Application Parser Methods and Classes
 !=====================================================================
 ! Semicolon seperated list of classes to load
 
 AppLayerTCP.Parsers=parser1;parser2;parser3
 AppLayerUDP.Parsers=parser1;parser2;parser3
 ------------------------------------------------

Author:
John Casey
  • DNA_sensor - Aug 12, 2005

    • Nested Class Summary
     class AbstractParser.ParserState
              This structue is used by the ParserMain to manage the complicated state of each session within the threaded envirmonment for the Parsers.
     
    Nested classes/interfaces inherited from class java.lang.Thread
    java.lang.Thread.State, java.lang.Thread.UncaughtExceptionHandler
     
    Field Summary
    protected  long flushCtr
               
    protected static org.apache.log4j.Logger log
               
    protected static java.lang.String PARSER_WORKQUEUE_SZ
               
    protected  java.util.Hashtable parserState
               
    protected  AppProperties props
               
    protected  java.lang.Boolean readyState
               
    static int TCP
               
    static int UDP
               
    protected  java.util.Vector workQueue
               
     
    Fields inherited from class java.lang.Thread
    MAX_PRIORITY, MIN_PRIORITY, NORM_PRIORITY
     
    Constructor Summary
    AbstractParser()
               
     
    Method Summary
     void _addPacketEvent(PacketEvent ev)
              Internal routine called by AppLayerMgr's to send a packet add event to the parser.
     void _flush(SessionBean ses)
              Called by AppLayerMgr to specifiy the event that a session registered to a parser has been completed.
     void _initMgr(java.lang.Object mgr)
              Internal callback routine used by AppLayerMgrs to register their object with the parser main.
    protected  void _notifyProc()
              Notify this thread of an event
    protected  void _processWork()
              Main internal worker routing which processes the state of each event, calling the parser routines if required
     boolean _ready()
              Checks where this Thread is running
     void _setFinish()
              Called by AppLayerMgr to register a shutdown event of the server.
    protected  void _writeSession()
               
    protected abstract  void close()
              Callback method for Parsers to close any open resources before exiting.
    protected abstract  void closeSession(SessionBean ses)
              One of three asyncrhonous callback methods sent to a parser.
    abstract  void init(int protocol)
               
    protected  void initEvents(int[] port, short[] tcpflags)
              Used by Parsers to register for TCP/UDP events.
    protected  boolean isServer(int pPort, int[] sPorts)
              Convenience function for parsers evaluate whether a given port is in the list of ports registered as a server.
    protected abstract  void open()
              Callback method for Parsers used to open any resources necessary for processing.
    protected abstract  void parse(PacketEvent ev)
              One of three asyncrhonous callback methods sent to a parser.
     void run()
               
    protected abstract  void writeSession(java.lang.String key)
              One of three asyncrhonous callback methods sent to a parser.
     
    Methods inherited from class java.lang.Thread
    activeCount, checkAccess, countStackFrames, currentThread, destroy, dumpStack, enumerate, getAllStackTraces, getContextClassLoader, getDefaultUncaughtExceptionHandler, getId, getName, getPriority, getStackTrace, getState, getThreadGroup, getUncaughtExceptionHandler, holdsLock, interrupt, interrupted, isAlive, isDaemon, isInterrupted, join, join, join, resume, setContextClassLoader, setDaemon, setDefaultUncaughtExceptionHandler, setName, setPriority, setUncaughtExceptionHandler, sleep, sleep, start, stop, stop, suspend, toString, yield
     
    Methods inherited from class java.lang.Object
    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
     

    Field Detail

    readyState

    protected volatile java.lang.Boolean readyState

    workQueue

    protected java.util.Vector workQueue

    props

    protected AppProperties props

    parserState

    protected java.util.Hashtable parserState

    flushCtr

    protected volatile long flushCtr

    PARSER_WORKQUEUE_SZ

    protected static final java.lang.String PARSER_WORKQUEUE_SZ
    See Also:
    Constant Field Values

    log

    protected static org.apache.log4j.Logger log

    TCP

    public static final int TCP
    See Also:
    Constant Field Values

    UDP

    public static final int UDP
    See Also:
    Constant Field Values
    Constructor Detail

    AbstractParser

    public AbstractParser()
    Method Detail

    init

    public abstract void init(int protocol)

    run

    public void run()
    Specified by:
    run in interface java.lang.Runnable
    Overrides:
    run in class java.lang.Thread

    _notifyProc

    protected void _notifyProc()
    Notify this thread of an event

    open

    protected abstract void open()
    Callback method for Parsers used to open any resources necessary for processing. Parsers must override this method.

    close

    protected abstract void close()
    Callback method for Parsers to close any open resources before exiting. Parser must override this method.

    writeSession

    protected abstract void writeSession(java.lang.String key)
    One of three asyncrhonous callback methods sent to a parser. writeSession to tells a parser to write out an active session. A parser should be utilizing a hashing mechanism to keep track of in flight sessions.

    Parameters:
    key - The key of the sesssion to be written.
    See Also:
    #parse(PacketEvent)

    isServer

    protected boolean isServer(int pPort,
                           int[] sPorts)
    Convenience function for parsers evaluate whether a given port is in the list of ports registered as a server. Used to determine if a packet source or destination is the server.

    Parameters:
    pPort - Port to check
    sPorts - List of server ports to be check against
    Returns:
    boolean True if the Port is in the list of server Ports

    _addPacketEvent

    public void _addPacketEvent(PacketEvent ev)
    Internal routine called by AppLayerMgr's to send a packet add event to the parser.

    Parameters:
    ev - The packet event to be added

    _ready

    public boolean _ready()
    Checks where this Thread is running

    Returns:
    True if this Thread is running

    _processWork

    protected void _processWork()
    Main internal worker routing which processes the state of each event, calling the parser routines if required

    _flush

    public void _flush(SessionBean ses)
    Called by AppLayerMgr to specifiy the event that a session registered to a parser has been completed. Because of the Asynchronous nature for the threaded environments, this routine could be called before any of the other session station event.

    Parameters:
    ses - The session key that was flushed.

    _setFinish

    public void _setFinish()
    Called by AppLayerMgr to register a shutdown event of the server.

    _writeSession

    protected void _writeSession()

    closeSession

    protected abstract void closeSession(SessionBean ses)
    One of three asyncrhonous callback methods sent to a parser. closeSession event tells a parser that a session has reached a close state, but is not yet ready for writing.

    Parameters:
    ses - The summary bean of closed
    See Also:
    writeSession(String), parse(PacketEvent)

    parse

    protected abstract void parse(PacketEvent ev)
    One of three asyncrhonous callback methods sent to a parser. The parse event tells a parser that a packet event has arrived for this parser.

    Parameters:
    ev - The packet event to be processed
    See Also:
    closeSession(SessionBean), writeSession(String)

    initEvents

    protected void initEvents(int[] port,
                          short[] tcpflags)
    Used by Parsers to register for TCP/UDP events.

    Parameters:
    port - array of server ports the parser is interested in
    tcpflags - array of TCP flags in base 10, the parser is interested in. Data packets usually arrive on 24 (ACK/PSH) and 16 (ACK). For UDP, leave null.

    _initMgr

    public void _initMgr(java.lang.Object mgr)
    Internal callback routine used by AppLayerMgrs to register their object with the parser main.

    Parameters:
    mgr - The object of the AppLayerMgr
    Overview  Package   Class  Tree  Deprecated  Index  Help 
     PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
    SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD