"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/preprocessors/snort_httpinspect.h" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

snort_httpinspect.h  (snort-2.9.16.1):snort_httpinspect.h  (snort-2.9.17)
skipping to change at line 50 skipping to change at line 50
extern MemPool *mime_log_mempool; extern MemPool *mime_log_mempool;
extern DataBuffer HttpDecodeBuf; extern DataBuffer HttpDecodeBuf;
#ifdef PERF_PROFILING #ifdef PERF_PROFILING
extern PreprocStats hi2PerfStats; extern PreprocStats hi2PerfStats;
extern PreprocStats hi2InitPerfStats; extern PreprocStats hi2InitPerfStats;
extern PreprocStats hi2PayloadPerfStats; extern PreprocStats hi2PayloadPerfStats;
extern PreprocStats hi2PseudoPerfStats; extern PreprocStats hi2PseudoPerfStats;
#endif #endif
/** /**
** The definition of the configuration separators in the snort.conf ** The definition of the configuration separators in the snort.conf
** configure line. ** configure line.
*/ */
#define CONF_SEPARATORS " \t\n\r" #define CONF_SEPARATORS " \t\n\r"
#define MAX_METHOD_LEN 256 #define MAX_METHOD_LEN 256
/* /*
** These are the definitions of the parser section delimiting ** These are the definitions of the parser section delimiting
** keywords to configure HttpInspect. When one of these keywords ** keywords to configure HttpInspect. When one of these keywords
skipping to change at line 85 skipping to change at line 86
#define MAX_GZIP_DEPTH 65535 #define MAX_GZIP_DEPTH 65535
#define DEFAULT_COMP_DEPTH 1460 #define DEFAULT_COMP_DEPTH 1460
#define DEFAULT_DECOMP_DEPTH 2920 #define DEFAULT_DECOMP_DEPTH 2920
#define DEFLATE_RAW_WBITS -15 #define DEFLATE_RAW_WBITS -15
#define DEFLATE_WBITS 15 #define DEFLATE_WBITS 15
#define GZIP_WBITS 31 #define GZIP_WBITS 31
#define XFF_MAX_PIPELINE_REQ 255 #define XFF_MAX_PIPELINE_REQ 255
#define CONTENT_NONE 0
#define PARTIAL_CONTENT 1
#define FULL_CONTENT 2
typedef enum _HttpRespCompressType typedef enum _HttpRespCompressType
{ {
HTTP_RESP_COMPRESS_TYPE__GZIP = 0x00000001, HTTP_RESP_COMPRESS_TYPE__GZIP = 0x00000001,
HTTP_RESP_COMPRESS_TYPE__DEFLATE = 0x00000002 HTTP_RESP_COMPRESS_TYPE__DEFLATE = 0x00000002
} _HttpRespCompressType; } _HttpRespCompressType;
typedef enum _DecompressStage typedef enum _DecompressStage
{ {
HTTP_DECOMP_START, HTTP_DECOMP_START,
HTTP_DECOMP_MID, HTTP_DECOMP_MID,
HTTP_DECOMP_FIN HTTP_DECOMP_FIN
} DecompressStage; } DecompressStage;
typedef struct s_DECOMPRESS_STATE typedef struct s_DECOMPRESS_STATE
{ {
uint8_t inflate_init; uint8_t inflate_init;
uint16_t compress_fmt;
uint8_t decompress_data;
int compr_bytes_read; int compr_bytes_read;
int decompr_bytes_read; int decompr_bytes_read;
int compr_depth; int compr_depth;
int decompr_depth; int decompr_depth;
uint16_t compress_fmt;
uint8_t decompress_data;
z_stream d_stream; z_stream d_stream;
MemBucket *bkt; MemBucket *bkt;
bool deflate_initialized; bool deflate_initialized;
DecompressStage stage; DecompressStage stage;
} DECOMPRESS_STATE; } DECOMPRESS_STATE;
typedef enum _ChunkLenState typedef enum _ChunkLenState
{ {
CHUNK_LEN_DEFAULT = 0, CHUNK_LEN_DEFAULT = 0,
CHUNK_LEN_INCOMPLETE CHUNK_LEN_INCOMPLETE
skipping to change at line 132 skipping to change at line 137
uint8_t inspect_body; uint8_t inspect_body;
uint8_t inspect_reassembled; uint8_t inspect_reassembled;
uint8_t last_pkt_contlen; uint8_t last_pkt_contlen;
uint8_t last_pkt_chunked; uint8_t last_pkt_chunked;
uint32_t next_seq; uint32_t next_seq;
uint32_t chunk_remainder; uint32_t chunk_remainder;
int data_extracted; int data_extracted;
uint32_t max_seq; uint32_t max_seq;
bool flow_depth_excd; bool flow_depth_excd;
bool eoh_found; bool eoh_found;
bool look_for_partial_content; uint8_t look_for_partial_content;
uint8_t chunk_len_state; uint8_t chunk_len_state;
}HTTP_RESP_STATE; }HTTP_RESP_STATE;
typedef struct s_HTTP_LOG_STATE typedef struct s_HTTP_LOG_STATE
{ {
uint32_t uri_bytes; uint32_t uri_bytes;
uint32_t hostname_bytes; uint32_t hostname_bytes;
MemBucket *log_bucket; MemBucket *log_bucket;
uint8_t *uri_extracted; uint8_t *uri_extracted;
uint8_t *hostname_extracted; uint8_t *hostname_extracted;
skipping to change at line 162 skipping to change at line 167
typedef struct _HttpSessionData typedef struct _HttpSessionData
{ {
uint64_t event_flags; uint64_t event_flags;
HTTP_RESP_STATE resp_state; HTTP_RESP_STATE resp_state;
DECOMPRESS_STATE *decomp_state; DECOMPRESS_STATE *decomp_state;
HTTP_LOG_STATE *log_state; HTTP_LOG_STATE *log_state;
decode_utf_state_t utf_state; decode_utf_state_t utf_state;
uint8_t log_flags; uint8_t log_flags;
uint8_t cli_small_chunk_count; uint8_t cli_small_chunk_count;
uint8_t srv_small_chunk_count; uint8_t srv_small_chunk_count;
MimeState *mime_ssn;
fd_session_p_t fd_state;
uint8_t http_req_id; uint8_t http_req_id;
uint8_t http_resp_id; uint8_t http_resp_id;
uint8_t is_response; uint8_t is_response;
uint8_t tList_count; uint8_t tList_count;
MimeState *mime_ssn;
fd_session_p_t fd_state;
Transaction *tList_start; Transaction *tList_start;
Transaction *tList_end; Transaction *tList_end;
} HttpSessionData; } HttpSessionData;
typedef struct _HISearch typedef struct _HISearch
{ {
char *name; char *name;
int name_len; int name_len;
} HISearch; } HISearch;
skipping to change at line 240 skipping to change at line 245
void FreeHttpSessionData(void *data); void FreeHttpSessionData(void *data);
int GetHttpTrueIP(void *data, uint8_t **buf, uint32_t *len, uint32_t *type); int GetHttpTrueIP(void *data, uint8_t **buf, uint32_t *len, uint32_t *type);
int GetHttpGzipData(void *data, uint8_t **buf, uint32_t *len, uint32_t *type); int GetHttpGzipData(void *data, uint8_t **buf, uint32_t *len, uint32_t *type);
int GetHttpJSNormData(void *data, uint8_t **buf, uint32_t *len, uint32_t *type); int GetHttpJSNormData(void *data, uint8_t **buf, uint32_t *len, uint32_t *type);
int GetHttpUriData(void *data, uint8_t **buf, uint32_t *len, uint32_t *type); int GetHttpUriData(void *data, uint8_t **buf, uint32_t *len, uint32_t *type);
int GetHttpHostnameData(void *data, uint8_t **buf, uint32_t *len, uint32_t *type ); int GetHttpHostnameData(void *data, uint8_t **buf, uint32_t *len, uint32_t *type );
void HI_SearchInit(void); void HI_SearchInit(void);
void HI_SearchFree(void); void HI_SearchFree(void);
int HI_SearchStrFound(void *, void *, int , void *, void *); int HI_SearchStrFound(void *, void *, int , void *, void *);
int GetHttpFlowDepth(void *, uint32_t); int GetHttpFlowDepth(void *, uint32_t);
bool isHttpRespPartialCont(void *data); uint8_t isHttpRespPartialCont(void *data);
bool GetHttpFastBlockingStatus(); bool GetHttpFastBlockingStatus();
static inline HttpSessionData * GetHttpSessionData(Packet *p) static inline HttpSessionData * GetHttpSessionData(Packet *p)
{ {
if (p->ssnptr == NULL) if (p->ssnptr == NULL)
return NULL; return NULL;
return (HttpSessionData *)session_api->get_application_data(p->ssnptr, PP_HT TPINSPECT); return (HttpSessionData *)session_api->get_application_data(p->ssnptr, PP_HT TPINSPECT);
} }
static inline void freeTransactionNode(Transaction *tPtr) static inline void freeTransactionNode(Transaction *tPtr)
{ {
if(tPtr->true_ip) if(tPtr->true_ip)
sfaddr_free(tPtr->true_ip); sfaddr_free(tPtr->true_ip);
free(tPtr); free(tPtr);
hi_stats.mem_used -= sizeof(Transaction);
} }
static inline void deleteNode_tList(HttpSessionData *hsd) static inline void deleteNode_tList(HttpSessionData *hsd)
{ {
Transaction *tmp = hsd->tList_start; Transaction *tmp = hsd->tList_start;
hsd->tList_start = hsd->tList_start->next; hsd->tList_start = hsd->tList_start->next;
if( hsd->tList_start == NULL ) if( hsd->tList_start == NULL )
hsd->tList_end = NULL; hsd->tList_end = NULL;
freeTransactionNode(tmp); freeTransactionNode(tmp);
} }
 End of changes. 9 change blocks. 
6 lines changed or deleted 12 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)