reorg: modular file reorganization of C source code - v10

.gitignore

@@ -21,7 +21,6 @@ autom4te.cache/
 build/*
 compile
 config.guess
-config.h
 config.log
 config.status
 config.sub
@@ -59,6 +58,7 @@ src/*.orig
 src/*.plist/*
 src/TAGS
 src/suricata
+src/**/*.dirstamp
 stamp-h1
 src/build-info.h
 test.sh

doc/userguide/capture-hardware/ebpf-xdp.rst

@@ -413,13 +413,13 @@ Confirm you have the XDP filter engaged in the output (example)::
 
  ...
  ...
- (runmode-af-packet.c:220) <Config> (ParseAFPConfig) -- Enabling locked memory for mmap on iface eth3
- (runmode-af-packet.c:231) <Config> (ParseAFPConfig) -- Enabling tpacket v3 capture on iface eth3
- (runmode-af-packet.c:326) <Config> (ParseAFPConfig) -- Using queue based cluster mode for AF_PACKET (iface eth3)
- (runmode-af-packet.c:424) <Info> (ParseAFPConfig) -- af-packet will use '/usr/libexec/suricata/ebpf/xdp_filter.bpf' as XDP filter file
- (runmode-af-packet.c:429) <Config> (ParseAFPConfig) -- Using bypass kernel functionality for AF_PACKET (iface eth3)
- (runmode-af-packet.c:609) <Config> (ParseAFPConfig) -- eth3: enabling zero copy mode by using data release call
- (util-runmodes.c:296) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 8 thread(s)
+ (source/af-packet/runmode-af-packet.c:220) <Config> (ParseAFPConfig) -- Enabling locked memory for mmap on iface eth3
+ (source/af-packet/runmode-af-packet.c:231) <Config> (ParseAFPConfig) -- Enabling tpacket v3 capture on iface eth3
+ (source/af-packet/runmode-af-packet.c:326) <Config> (ParseAFPConfig) -- Using queue based cluster mode for AF_PACKET (iface eth3)
+ (source/af-packet/runmode-af-packet.c:424) <Info> (ParseAFPConfig) -- af-packet will use '/usr/libexec/suricata/ebpf/xdp_filter.bpf' as XDP filter file
+ (source/af-packet/runmode-af-packet.c:429) <Config> (ParseAFPConfig) -- Using bypass kernel functionality for AF_PACKET (iface eth3)
+ (source/af-packet/runmode-af-packet.c:609) <Config> (ParseAFPConfig) -- eth3: enabling zero copy mode by using data release call
+ (util/runmodes.c:296) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 8 thread(s)
  ...
  ...
 

doc/userguide/capture-hardware/endace-dag.rst

@@ -38,5 +38,5 @@ Started up!
 ::
 
 
-  [5570] 10/7/2012 -- 13:52:30 - (source-erf-dag.c:262) <Info> (ReceiveErfDagThreadInit) -- Attached and started stream: 0 on DAG: /dev/dag0
-  [5570] 10/7/2012 -- 13:52:30 - (source-erf-dag.c:288) <Info> (ReceiveErfDagThreadInit) -- Starting processing packets from stream: 0 on DAG: /dev/dag0
+  [5570] 10/7/2012 -- 13:52:30 - (source/endace/source-erf-dag.c:262) <Info> (ReceiveErfDagThreadInit) -- Attached and started stream: 0 on DAG: /dev/dag0
+  [5570] 10/7/2012 -- 13:52:30 - (source/endace/source-erf-dag.c:288) <Info> (ReceiveErfDagThreadInit) -- Starting processing packets from stream: 0 on DAG: /dev/dag0

doc/userguide/devguide/codebase/code-style.rst

@@ -539,9 +539,9 @@ File names
 
 File names are all lowercase and have a .c. .h  or .rs (Rust) extension.
 
-Most files have a _subsystem_ prefix, e.g. ``detect-dsize.c, util-ip.c``
+Most files have a _subsystem_ prefix, e.g. ``detect-dsize.c, util/ip.c``
 
-Some cases have a multi-layer prefix, e.g. ``util-mpm-ac.c``
+Some cases have a multi-layer prefix, e.g. ``util/mpm/mpm-ac.c``
 
 Enums
 ~~~~~

doc/userguide/devguide/codebase/unittests-c.rst

@@ -117,7 +117,7 @@ From ``conf-yaml-loader.c``:
         PASS;
     }
 
-In ``detect-ike-chosen-sa.c``, it is possible to see the freeing of resources (``DetectIkeChosenSaFree``) and the
+In ``app-layer/ike/detect-chosen-sa.c``, it is possible to see the freeing of resources (``DetectIkeChosenSaFree``) and the
 function that should group all the ``UtRegisterTest`` calls:
 
 .. code-block:: c

doc/userguide/devguide/extending/app-layer/app-layer-frames.rst

@@ -159,32 +159,32 @@ Implementing Frame support in C involves a bit more manual work, as one cannot m
 
 Defining the frame types with the enum means:
 
-.. literalinclude:: ../../../../../src/app-layer-htp.c
-    :caption: src/app-layer-htp.c
+.. literalinclude:: ../../../../../src/app-layer/http/parser.c
+    :caption: src/app-layer/http/parser.c
     :start-after: /* app-layer-frame-documentation tag start: HttpFrameTypes
     :end-before: /* app-layer-frame-documentation tag end: HttpFrameTypes
     :lines: 1-16
 
 The HTTP parser uses the Frame registration functions from the C API (``app-layer-frames.c``) directly for registering request Frames. Here we also don't know the length yet. The ``0`` indicates flow direction: ``toserver``, and ``1`` would be used for ``toclient``:
 
-.. literalinclude:: ../../../../../src/app-layer-htp.c
-    :caption: src/app-layer-htp.c
+.. literalinclude:: ../../../../../src/app-layer/http/parser.c
+    :caption: src/app-layer/http/parser.c
     :start-after: /* app-layer-frame-documentation tag start: frame registration http request
     :end-before: /* app-layer-frame-documentation tag end: frame registration http request
     :dedent: 4
 
 Updating ``frame->len`` later:
 
-.. literalinclude:: ../../../../../src/app-layer-htp.c
-    :caption: src/app-layer-htp.c
+.. literalinclude:: ../../../../../src/app-layer/http/parser.c
+    :caption: src/app-layer/http/parser.c
     :start-after: /* app-layer-frame-documentation tag start: updating frame->len
     :end-before: /* app-layer-frame-documentation tag end: updating frame->len
     :dedent: 4
 
 Register relevant callbacks (note that the actual functions will also have to be written, for C):
 
-.. literalinclude:: ../../../../../src/app-layer-htp.c
-    :caption: src/app-layer-htp.c
+.. literalinclude:: ../../../../../src/app-layer/http/parser.c
+    :caption: src/app-layer/http/parser.c
     :language: c
     :start-after: /* app-layer-frame-documentation tag start: registering relevant callbacks
     :end-before: /* app-layer-frame-documentation tag end: registering relevant callbacks

doc/userguide/devguide/extending/app-layer/transactions.rst

@@ -28,7 +28,7 @@ likely happen once per transaction, by the time of its completion. In other case
 
 In ``OutputTxLog``, the engine will compare current state with the value defined for the logging to happen, per flow
 direction (``logger->tc_log_progress``, ``logger->ts_log_progress``). If state is less than that value, the engine skips to
-the next logger. Code snippet from: suricata/src/output-tx.c:
+the next logger. Code snippet from: suricata/src/output/output-tx.c:
 
 .. code-block:: c
 
@@ -144,7 +144,7 @@ Code snippet from: rust/src/ssh/ssh.rs:
         SshStateFinished = 3,
     }
 
-From src/app-layer-ftp.h:
+From src/app-layer/ftp/parser.h:
 
 .. code-block:: c
 
@@ -154,7 +154,7 @@ From src/app-layer-ftp.h:
         FTP_STATE_FINISHED,
     };
 
-From src/app-layer-ssl.h:
+From src/app-layer/ssl/parser.h:
 
 .. code-block:: c
 
@@ -218,7 +218,7 @@ src/app-layer-dcerpc.c:
 
     AppLayerParserRegisterStateProgressCompletionStatus(ALPROTO_DCERPC, 1, 1);
 
-src/app-layer-ftp.c:
+src/app-layer/ftp/parser.c:
 
 .. code-block:: c
 

doc/userguide/rules/fast-pattern-explained.rst

@@ -111,7 +111,7 @@ fast pattern match for Suricata 2.0.7 but registration order does.
 Appendix C - Pattern Strength Algorithm
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-From detect-engine-mpm.c. Basically the Pattern Strength "score"
+From detect/engine/mpm.c. Basically the Pattern Strength "score"
 starts at zero and looks at each character/byte in the passed in byte
 array from left to right. If the character/byte has not been seen
 before in the array, it adds 3 to the score if it is an alpha

doc/userguide/rules/file-keywords.rst

@@ -177,10 +177,10 @@ info on the line it is ignored.
 
 Output from md5sum is fine::
 
-  2f8d0355f0032c3e6311c6408d7c2dc2  util-path.c
-  b9cf5cf347a70e02fde975fc4e117760  util-pidfile.c
-  02aaa6c3f4dbae65f5889eeb8f2bbb8d  util-pool.c
-  dd5fc1ee7f2f96b5f12d1a854007a818  util-print.c
+  2f8d0355f0032c3e6311c6408d7c2dc2  util/path.c
+  b9cf5cf347a70e02fde975fc4e117760  util/pidfile.c
+  02aaa6c3f4dbae65f5889eeb8f2bbb8d  util/pool.c
+  dd5fc1ee7f2f96b5f12d1a854007a818  util/print.c
 
 Just MD5's are good as well::
 

examples/plugins/c-json-filetype/filetype.c

@@ -17,8 +17,8 @@
 
 #include "suricata-common.h"
 #include "suricata-plugin.h"
-#include "util-mem.h"
-#include "util-debug.h"
+#include "util/mem.h"
+#include "util/debug.h"
 
 #define FILETYPE_NAME "json-filetype-plugin"
 

rust/derive/src/applayerevent.rs

@@ -51,7 +51,9 @@ pub fn derive_app_layer_event(input: TokenStream) -> TokenStream {
     // "crate", but if we're being used by a library or plugin user we need to reference the
     // Suricata name space as "suricata". Check the CARGO_PKG_NAME environment variable to
     // determine what identifier to setup.
-    let is_suricata = std::env::var("CARGO_PKG_NAME").map(|var| var == "suricata").unwrap_or(false);
+    let is_suricata = std::env::var("CARGO_PKG_NAME")
+        .map(|var| var == "suricata")
+        .unwrap_or(false);
     let crate_id = if is_suricata {
         syn::Ident::new("crate", proc_macro2::Span::call_site())
     } else {

rust/rustfmt.toml

@@ -1,4 +1,5 @@
 # Rust format configuration file. If empty, then this is a message that
 # we expect the default formatting rules to be used.
 
-fn_args_layout = "compressed"
+fn_params_layout = "compressed"
+force_explicit_abi = false