suricata  5.0.3
About: Suricata is a high performance Network Intrusion Detection (IDS) and Prevention (IPS) and Network Security Monitoring engine.
  Fossies Dox: suricata-5.0.3.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

HTTP layer support

Files

file  app-layer-htp-mem.c
 
file  app-layer-htp.c
 
file  app-layer-htp.h
 
file  detect-http-accept-enc.c
 
file  detect-http-accept-lang.c
 
file  detect-http-accept.c
 
file  detect-http-client-body.c
 
file  detect-http-connection.c
 
file  detect-http-content-len.c
 
file  detect-http-content-type.c
 
 
file  detect-http-header-names.c
 
file  detect-http-header.c
 
file  detect-http-host.c
 
file  detect-http-location.c
 
file  detect-http-method.c
 
file  detect-http-protocol.c
 
file  detect-http-raw-header.c
 
file  detect-http-referer.c
 
file  detect-http-request-line.c
 
file  detect-http-response-line.c
 
file  detect-http-server-body.c
 
file  detect-http-server.c
 
file  detect-http-start.c
 
file  detect-http-stat-code.c
 
file  detect-http-stat-msg.c
 
file  detect-http-ua.c
 
file  detect-http-uri.c
 

Data Structures

struct  HTPCfgDir_
 
struct  HTPCfgRec_
 
struct  HtpBodyChunk_
 
struct  HtpBody_
 
struct  HtpTxUserData_
 
struct  HtpState_
 

Macros

#define HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT   4096U
 
#define HTP_CONFIG_DEFAULT_RESPONSE_BODY_LIMIT   4096U
 
#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_MIN_SIZE   32768U
 
#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_WINDOW   4096U
 
#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_MIN_SIZE   32768U
 
#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_WINDOW   4096U
 
#define HTP_CONFIG_DEFAULT_FIELD_LIMIT_SOFT   9000U
 
#define HTP_CONFIG_DEFAULT_FIELD_LIMIT_HARD   18000U
 
#define HTP_CONFIG_DEFAULT_LZMA_MEMLIMIT   1048576U
 
#define HTP_CONFIG_DEFAULT_COMPRESSION_BOMB_LIMIT   1048576U
 
#define HTP_CONFIG_DEFAULT_RANDOMIZE   1
 
#define HTP_CONFIG_DEFAULT_RANDOMIZE_RANGE   10
 
#define HTP_BOUNDARY_MAX   200U
 
#define HTP_FLAG_STATE_CLOSED_TS   0x0002
 
#define HTP_FLAG_STATE_CLOSED_TC   0x0004
 
#define HTP_FLAG_STORE_FILES_TS   0x0040
 
#define HTP_FLAG_STORE_FILES_TC   0x0080
 
#define HTP_FLAG_STORE_FILES_TX_TS   0x0100
 
#define HTP_FLAG_STORE_FILES_TX_TC   0x0200
 
#define HTP_CONTENTTYPE_SET   BIT_U8(0)
 
#define HTP_BOUNDARY_SET   BIT_U8(1)
 
#define HTP_BOUNDARY_OPEN   BIT_U8(2)
 
#define HTP_FILENAME_SET   BIT_U8(3)
 
#define HTP_DONTSTORE   BIT_U8(4)
 
#define HTP_STREAM_DEPTH_SET   BIT_U8(5)
 
#define HTP_REQUIRE_REQUEST_BODY   (1 << 0)
 
#define HTP_REQUIRE_REQUEST_MULTIPART   (1 << 1)
 
#define HTP_REQUIRE_REQUEST_FILE   (1 << 2)
 
#define HTP_REQUIRE_RESPONSE_BODY   (1 << 3)
 

Typedefs

typedef enum HtpSwfCompressType_ HtpSwfCompressType
 
typedef struct HTPCfgDir_ HTPCfgDir
 
typedef struct HTPCfgRec_ HTPCfgRec
 
typedef struct HtpBodyChunk_ HtpBodyChunk
 
typedef struct HtpBody_ HtpBody
 
typedef struct HtpTxUserData_ HtpTxUserData
 
typedef struct HtpState_ HtpState
 

Enumerations

enum  { HTP_BODY_REQUEST_NONE = 0, HTP_BODY_REQUEST_MULTIPART, HTP_BODY_REQUEST_POST, HTP_BODY_REQUEST_PUT }
 
enum  {
  HTTP_DECODER_EVENT_UNKNOWN_ERROR, HTTP_DECODER_EVENT_GZIP_DECOMPRESSION_FAILED, HTTP_DECODER_EVENT_REQUEST_FIELD_MISSING_COLON, HTTP_DECODER_EVENT_RESPONSE_FIELD_MISSING_COLON,
  HTTP_DECODER_EVENT_INVALID_REQUEST_CHUNK_LEN, HTTP_DECODER_EVENT_INVALID_RESPONSE_CHUNK_LEN, HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_REQUEST, HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_RESPONSE,
  HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_REQUEST, HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE, HTTP_DECODER_EVENT_DUPLICATE_CONTENT_LENGTH_FIELD_IN_REQUEST, HTTP_DECODER_EVENT_DUPLICATE_CONTENT_LENGTH_FIELD_IN_RESPONSE,
  HTTP_DECODER_EVENT_100_CONTINUE_ALREADY_SEEN, HTTP_DECODER_EVENT_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST, HTTP_DECODER_EVENT_INVALID_SERVER_PORT_IN_REQUEST, HTTP_DECODER_EVENT_INVALID_AUTHORITY_PORT,
  HTTP_DECODER_EVENT_REQUEST_HEADER_INVALID, HTTP_DECODER_EVENT_RESPONSE_HEADER_INVALID, HTTP_DECODER_EVENT_MISSING_HOST_HEADER, HTTP_DECODER_EVENT_HOST_HEADER_AMBIGUOUS,
  HTTP_DECODER_EVENT_INVALID_REQUEST_FIELD_FOLDING, HTTP_DECODER_EVENT_INVALID_RESPONSE_FIELD_FOLDING, HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG, HTTP_DECODER_EVENT_RESPONSE_FIELD_TOO_LONG,
  HTTP_DECODER_EVENT_REQUEST_SERVER_PORT_TCP_PORT_MISMATCH, HTTP_DECODER_EVENT_URI_HOST_INVALID, HTTP_DECODER_EVENT_HEADER_HOST_INVALID, HTTP_DECODER_EVENT_METHOD_DELIM_NON_COMPLIANT,
  HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT, HTTP_DECODER_EVENT_REQUEST_LINE_LEADING_WHITESPACE, HTTP_DECODER_EVENT_TOO_MANY_ENCODING_LAYERS, HTTP_DECODER_EVENT_ABNORMAL_CE_HEADER,
  HTTP_DECODER_EVENT_AUTH_UNRECOGNIZED, HTTP_DECODER_EVENT_REQUEST_HEADER_REPETITION, HTTP_DECODER_EVENT_RESPONSE_HEADER_REPETITION, HTTP_DECODER_EVENT_RESPONSE_MULTIPART_BYTERANGES,
  HTTP_DECODER_EVENT_RESPONSE_ABNORMAL_TRANSFER_ENCODING, HTTP_DECODER_EVENT_RESPONSE_CHUNKED_OLD_PROTO, HTTP_DECODER_EVENT_RESPONSE_INVALID_PROTOCOL, HTTP_DECODER_EVENT_RESPONSE_INVALID_STATUS,
  HTTP_DECODER_EVENT_REQUEST_LINE_INCOMPLETE, HTTP_DECODER_EVENT_DOUBLE_ENCODED_URI, HTTP_DECODER_EVENT_REQUEST_LINE_INVALID, HTTP_DECODER_EVENT_REQUEST_BODY_UNEXPECTED,
  HTTP_DECODER_EVENT_LZMA_MEMLIMIT_REACHED, HTTP_DECODER_EVENT_COMPRESSION_BOMB, HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR, HTTP_DECODER_EVENT_MULTIPART_NO_FILEDATA,
  HTTP_DECODER_EVENT_MULTIPART_INVALID_HEADER
}
 
enum  HtpSwfCompressType_ { HTTP_SWF_COMPRESSION_NONE = 0, HTTP_SWF_COMPRESSION_ZLIB, HTTP_SWF_COMPRESSION_LZMA, HTTP_SWF_COMPRESSION_BOTH }
 

Functions

void RegisterHTPParsers (void)
 Register the HTTP protocol and state handling functions to APP layer of the engine. More...
 
void HTPParserRegisterTests (void)
 Register the Unit tests for the HTTP protocol. More...
 
void HTPAtExitPrintStats (void)
 Print the stats of the HTTP requests. More...
 
void HTPFreeConfig (void)
 Clears the HTTP server configuration memory used by HTP library. More...
 
void HtpBodyPrint (HtpBody *)
 Print the information and chunks of a Body. More...
 
void HtpBodyFree (HtpBody *)
 Free the information held in the request body. More...
 
void HTPStateFree (void *)
 Function to frees the HTTP state memory and also frees the HTTP connection parser memory which was used by the HTP library. More...
 
void AppLayerHtpEnableRequestBodyCallback (void)
 Sets a flag that informs the HTP app layer that some module in the engine needs the http request body data. \initonly. More...
 
void AppLayerHtpEnableResponseBodyCallback (void)
 Sets a flag that informs the HTP app layer that some module in the engine needs the http request body data. \initonly. More...
 
void AppLayerHtpNeedFileInspection (void)
 Sets a flag that informs the HTP app layer that some module in the engine needs the http request file. More...
 
void AppLayerHtpPrintStats (void)
 
void HTPConfigure (void)
 
void HtpConfigCreateBackup (void)
 
void HtpConfigRestoreBackup (void)
 

Variables

uint32_t htp_config_flags_sc_atomic__
 
pthread_mutex_t htp_config_flags_sc_lock__
 
static int CreateSpace (HttpHeaderThreadData *td, uint64_t size)
 
void * HttpHeaderThreadDataInit (void *data)
 
void HttpHeaderThreadDataFree (void *data)
 
static void Reset (HttpHeaderThreadData *hdrnames, uint64_t tick)
 
int HttpHeaderExpandBuffer (HttpHeaderThreadData *td, HttpHeaderBuffer *buf, uint32_t size)
 
HttpHeaderBufferHttpHeaderGetBufferSpaceForTXID (DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, uint64_t tx_id, const int keyword_id, HttpHeaderThreadData **ret_hdr_td)
 
static int g_buffer_id = 0
 
static int DetectHttpHeadersSetupSticky (DetectEngineCtx *de_ctx, Signature *s, const char *str)
 this function setup the http.header keyword used in the rule More...
 
static void DetectHttpHeadersRegisterStub (void)
 

Detailed Description

Macro Definition Documentation

◆ HTP_BOUNDARY_MAX

#define HTP_BOUNDARY_MAX   200U

a boundary should be smaller in size

Definition at line 63 of file app-layer-htp.h.

◆ HTP_BOUNDARY_OPEN

#define HTP_BOUNDARY_OPEN   BIT_U8(2)

We have a boundary string

Definition at line 198 of file app-layer-htp.h.

◆ HTP_BOUNDARY_SET

#define HTP_BOUNDARY_SET   BIT_U8(1)

We have a boundary string

Definition at line 197 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_COMPRESSION_BOMB_LIMIT

#define HTP_CONFIG_DEFAULT_COMPRESSION_BOMB_LIMIT   1048576U

Definition at line 57 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_FIELD_LIMIT_HARD

#define HTP_CONFIG_DEFAULT_FIELD_LIMIT_HARD   18000U

Definition at line 53 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_FIELD_LIMIT_SOFT

#define HTP_CONFIG_DEFAULT_FIELD_LIMIT_SOFT   9000U

Definition at line 52 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_LZMA_MEMLIMIT

#define HTP_CONFIG_DEFAULT_LZMA_MEMLIMIT   1048576U

Definition at line 56 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_RANDOMIZE

#define HTP_CONFIG_DEFAULT_RANDOMIZE   1

Definition at line 59 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_RANDOMIZE_RANGE

#define HTP_CONFIG_DEFAULT_RANDOMIZE_RANGE   10

Definition at line 60 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT

#define HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT   4096U

Definition at line 46 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_REQUEST_INSPECT_MIN_SIZE

#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_MIN_SIZE   32768U

Definition at line 48 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_REQUEST_INSPECT_WINDOW

#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_WINDOW   4096U

Definition at line 49 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_RESPONSE_BODY_LIMIT

#define HTP_CONFIG_DEFAULT_RESPONSE_BODY_LIMIT   4096U

Definition at line 47 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_MIN_SIZE

#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_MIN_SIZE   32768U

Definition at line 50 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_WINDOW

#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_WINDOW   4096U

Definition at line 51 of file app-layer-htp.h.

◆ HTP_CONTENTTYPE_SET

#define HTP_CONTENTTYPE_SET   BIT_U8(0)

We have the content type

Definition at line 196 of file app-layer-htp.h.

◆ HTP_DONTSTORE

#define HTP_DONTSTORE   BIT_U8(4)

not storing this file

Definition at line 200 of file app-layer-htp.h.

◆ HTP_FILENAME_SET

#define HTP_FILENAME_SET   BIT_U8(3)

filename is registered in the flow

Definition at line 199 of file app-layer-htp.h.

◆ HTP_FLAG_STATE_CLOSED_TC

#define HTP_FLAG_STATE_CLOSED_TC   0x0004

Flag to indicate that HTTP connection is closed

Definition at line 69 of file app-layer-htp.h.

◆ HTP_FLAG_STATE_CLOSED_TS

#define HTP_FLAG_STATE_CLOSED_TS   0x0002

Flag to indicate that HTTP connection is closed

Definition at line 67 of file app-layer-htp.h.

◆ HTP_FLAG_STORE_FILES_TC

#define HTP_FLAG_STORE_FILES_TC   0x0080

Definition at line 71 of file app-layer-htp.h.

◆ HTP_FLAG_STORE_FILES_TS

#define HTP_FLAG_STORE_FILES_TS   0x0040

Definition at line 70 of file app-layer-htp.h.

◆ HTP_FLAG_STORE_FILES_TX_TC

#define HTP_FLAG_STORE_FILES_TX_TC   0x0200

Definition at line 73 of file app-layer-htp.h.

◆ HTP_FLAG_STORE_FILES_TX_TS

#define HTP_FLAG_STORE_FILES_TX_TS   0x0100

Definition at line 72 of file app-layer-htp.h.

◆ HTP_REQUIRE_REQUEST_BODY

#define HTP_REQUIRE_REQUEST_BODY   (1 << 0)

part of the engine needs the request body (e.g. http_client_body keyword)

Definition at line 266 of file app-layer-htp.h.

◆ HTP_REQUIRE_REQUEST_FILE

#define HTP_REQUIRE_REQUEST_FILE   (1 << 2)

part of the engine needs the request file (e.g. log-file module)

Definition at line 271 of file app-layer-htp.h.

◆ HTP_REQUIRE_REQUEST_MULTIPART

#define HTP_REQUIRE_REQUEST_MULTIPART   (1 << 1)

part of the engine needs the request body multipart header (e.g. filename and / or fileext keywords)

Definition at line 269 of file app-layer-htp.h.

◆ HTP_REQUIRE_RESPONSE_BODY

#define HTP_REQUIRE_RESPONSE_BODY   (1 << 3)

part of the engine needs the request body (e.g. file_data keyword)

Definition at line 273 of file app-layer-htp.h.

◆ HTP_STREAM_DEPTH_SET

#define HTP_STREAM_DEPTH_SET   BIT_U8(5)

stream-depth is set

Definition at line 201 of file app-layer-htp.h.

Typedef Documentation

◆ HtpBody

typedef struct HtpBody_ HtpBody

Struct used to hold all the chunks of a body on a request

◆ HtpBodyChunk

typedef struct HtpBodyChunk_ HtpBodyChunk

Definition at line 1 of file app-layer-htp.h.

◆ HTPCfgDir

typedef struct HTPCfgDir_ HTPCfgDir

◆ HTPCfgRec

typedef struct HTPCfgRec_ HTPCfgRec

Need a linked list in order to keep track of these

◆ HtpState

typedef struct HtpState_ HtpState

◆ HtpSwfCompressType

◆ HtpTxUserData

typedef struct HtpTxUserData_ HtpTxUserData

Now the Body Chunks will be stored per transaction, at the tx user data

Enumeration Type Documentation

◆ anonymous enum

anonymous enum
Enumerator
HTP_BODY_REQUEST_NONE 
HTP_BODY_REQUEST_MULTIPART 
HTP_BODY_REQUEST_POST 
HTP_BODY_REQUEST_PUT 

Definition at line 74 of file app-layer-htp.h.

◆ anonymous enum

anonymous enum
Enumerator
HTTP_DECODER_EVENT_UNKNOWN_ERROR 
HTTP_DECODER_EVENT_GZIP_DECOMPRESSION_FAILED 
HTTP_DECODER_EVENT_REQUEST_FIELD_MISSING_COLON 
HTTP_DECODER_EVENT_RESPONSE_FIELD_MISSING_COLON 
HTTP_DECODER_EVENT_INVALID_REQUEST_CHUNK_LEN 
HTTP_DECODER_EVENT_INVALID_RESPONSE_CHUNK_LEN 
HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_REQUEST 
HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_RESPONSE 
HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_REQUEST 
HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE 
HTTP_DECODER_EVENT_DUPLICATE_CONTENT_LENGTH_FIELD_IN_REQUEST 
HTTP_DECODER_EVENT_DUPLICATE_CONTENT_LENGTH_FIELD_IN_RESPONSE 
HTTP_DECODER_EVENT_100_CONTINUE_ALREADY_SEEN 
HTTP_DECODER_EVENT_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST 
HTTP_DECODER_EVENT_INVALID_SERVER_PORT_IN_REQUEST 
HTTP_DECODER_EVENT_INVALID_AUTHORITY_PORT 
HTTP_DECODER_EVENT_REQUEST_HEADER_INVALID 
HTTP_DECODER_EVENT_RESPONSE_HEADER_INVALID 
HTTP_DECODER_EVENT_MISSING_HOST_HEADER 
HTTP_DECODER_EVENT_HOST_HEADER_AMBIGUOUS 
HTTP_DECODER_EVENT_INVALID_REQUEST_FIELD_FOLDING 
HTTP_DECODER_EVENT_INVALID_RESPONSE_FIELD_FOLDING 
HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG 
HTTP_DECODER_EVENT_RESPONSE_FIELD_TOO_LONG 
HTTP_DECODER_EVENT_REQUEST_SERVER_PORT_TCP_PORT_MISMATCH 
HTTP_DECODER_EVENT_URI_HOST_INVALID 
HTTP_DECODER_EVENT_HEADER_HOST_INVALID 
HTTP_DECODER_EVENT_METHOD_DELIM_NON_COMPLIANT 
HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT 
HTTP_DECODER_EVENT_REQUEST_LINE_LEADING_WHITESPACE 
HTTP_DECODER_EVENT_TOO_MANY_ENCODING_LAYERS 
HTTP_DECODER_EVENT_ABNORMAL_CE_HEADER 
HTTP_DECODER_EVENT_AUTH_UNRECOGNIZED 
HTTP_DECODER_EVENT_REQUEST_HEADER_REPETITION 
HTTP_DECODER_EVENT_RESPONSE_HEADER_REPETITION 
HTTP_DECODER_EVENT_RESPONSE_MULTIPART_BYTERANGES 
HTTP_DECODER_EVENT_RESPONSE_ABNORMAL_TRANSFER_ENCODING 
HTTP_DECODER_EVENT_RESPONSE_CHUNKED_OLD_PROTO 
HTTP_DECODER_EVENT_RESPONSE_INVALID_PROTOCOL 
HTTP_DECODER_EVENT_RESPONSE_INVALID_STATUS 
HTTP_DECODER_EVENT_REQUEST_LINE_INCOMPLETE 
HTTP_DECODER_EVENT_DOUBLE_ENCODED_URI 
HTTP_DECODER_EVENT_REQUEST_LINE_INVALID 
HTTP_DECODER_EVENT_REQUEST_BODY_UNEXPECTED 
HTTP_DECODER_EVENT_LZMA_MEMLIMIT_REACHED 
HTTP_DECODER_EVENT_COMPRESSION_BOMB 
HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR 
HTTP_DECODER_EVENT_MULTIPART_NO_FILEDATA 
HTTP_DECODER_EVENT_MULTIPART_INVALID_HEADER 

Definition at line 81 of file app-layer-htp.h.

◆ HtpSwfCompressType_

Enumerator
HTTP_SWF_COMPRESSION_NONE 
HTTP_SWF_COMPRESSION_ZLIB 
HTTP_SWF_COMPRESSION_LZMA 
HTTP_SWF_COMPRESSION_BOTH 

Definition at line 137 of file app-layer-htp.h.

Function Documentation

◆ AppLayerHtpEnableRequestBodyCallback()

void AppLayerHtpEnableRequestBodyCallback ( void  )

Sets a flag that informs the HTP app layer that some module in the engine needs the http request body data. \initonly.

Definition at line 463 of file app-layer-htp.c.

References HTP_REQUIRE_REQUEST_BODY, SC_ATOMIC_OR, SCEnter, and SCReturn.

Referenced by AppLayerHtpNeedFileInspection(), AppLayerHtpNeedMultipartHeader(), DetectHttpClientBodySetupCallback(), and RunUnittests().

◆ AppLayerHtpEnableResponseBodyCallback()

void AppLayerHtpEnableResponseBodyCallback ( void  )

Sets a flag that informs the HTP app layer that some module in the engine needs the http request body data. \initonly.

Definition at line 476 of file app-layer-htp.c.

References HTP_REQUIRE_RESPONSE_BODY, SC_ATOMIC_OR, SCEnter, and SCReturn.

Referenced by AppLayerHtpNeedFileInspection(), and DetectFiledataSetupCallback().

◆ AppLayerHtpNeedFileInspection()

void AppLayerHtpNeedFileInspection ( void  )

Sets a flag that informs the HTP app layer that some module in the engine needs the http request file.

\initonly

Definition at line 505 of file app-layer-htp.c.

References AppLayerHtpEnableRequestBodyCallback(), AppLayerHtpEnableResponseBodyCallback(), AppLayerHtpNeedMultipartHeader(), HTP_REQUIRE_REQUEST_FILE, SC_ATOMIC_OR, SCEnter, and SCReturn.

Referenced by DetectFilestoreSetup(), PostConfLoadedSetup(), RunUnittests(), and SigValidate().

◆ AppLayerHtpPrintStats()

void AppLayerHtpPrintStats ( void  )

Definition at line 2933 of file app-layer-htp.c.

References SCLogPerf, SCMutexLock, and SCMutexUnlock.

Referenced by GlobalsDestroy().

◆ CreateSpace()

◆ DetectHttpHeadersRegisterStub()

◆ DetectHttpHeadersSetupSticky()

static int DetectHttpHeadersSetupSticky ( DetectEngineCtx de_ctx,
Signature s,
const char *  str 
)
static

this function setup the http.header keyword used in the rule

Parameters
de_ctxPointer to the Detection Engine Context
sPointer to the Signature to which the current keyword belongs
strShould hold an empty string always
Return values
0On success

Definition at line 127 of file detect-http-headers-stub.h.

References ALPROTO_HTTP, DetectBufferSetActiveList(), DetectSignatureSetAppProto(), g_buffer_id, and sock_to_gzip_file::s.

Referenced by DetectHttpHeadersRegisterStub().

◆ HTPAtExitPrintStats()

void HTPAtExitPrintStats ( void  )

Print the stats of the HTTP requests.

Definition at line 2049 of file app-layer-htp.c.

References SCEnter, SCLogDebug, SCMutexLock, SCMutexUnlock, and SCReturn.

Referenced by GlobalsDestroy().

◆ HtpBodyFree()

void HtpBodyFree ( HtpBody body)

Free the information held in the request body.

Parameters
bodypointer to the HtpBody holding the list
Return values
none

Definition at line 154 of file app-layer-htp-body.c.

References struct-flags::body, HTPFree(), HtpBodyChunk_::next, SCEnter, SCLogDebug, and StreamingBufferFree().

Referenced by HtpTxUserDataFree().

◆ HtpBodyPrint()

void HtpBodyPrint ( HtpBody body)

Print the information and chunks of a Body.

Parameters
bodypointer to the HtpBody holding the list
Return values
none

Definition at line 126 of file app-layer-htp-body.c.

References struct-flags::body, sock_to_gzip_file::data, HtpBodyChunk_::next, PrintRawDataFp(), HtpBodyChunk_::sbseg, SCEnter, SCLogDebug, SCLogDebugEnabled(), and StreamingBufferSegmentGetData().

◆ HtpConfigCreateBackup()

void HtpConfigCreateBackup ( void  )

◆ HtpConfigRestoreBackup()

void HtpConfigRestoreBackup ( void  )

◆ HTPConfigure()

◆ HTPFreeConfig()

void HTPFreeConfig ( void  )

◆ HTPParserRegisterTests()

void HTPParserRegisterTests ( void  )

Register the Unit tests for the HTTP protocol.

Definition at line 7437 of file app-layer-htp.c.

References HTPFileParserRegisterTests(), and HTPXFFParserRegisterTests().

Referenced by RegisterHTPParsers().

◆ HTPStateFree()

void HTPStateFree ( void *  )

Function to frees the HTTP state memory and also frees the HTTP connection parser memory which was used by the HTP library.

Definition at line 378 of file app-layer-htp.c.

References FileContainerFree(), htp_connp_destroy_all(), htp_tx_get_user_data(), htp_tx_set_user_data(), HTPFree(), HTPStateGetTx(), HTPStateGetTxCnt(), HtpTxUserDataFree(), sock_to_gzip_file::s, SCEnter, SCLogDebug, SCMutexLock, SCMutexUnlock, and SCReturn.

Referenced by RegisterHTPParsers().

◆ HttpHeaderExpandBuffer()

◆ HttpHeaderGetBufferSpaceForTXID()

◆ HttpHeaderThreadDataFree()

◆ HttpHeaderThreadDataInit()

◆ RegisterHTPParsers()

void RegisterHTPParsers ( void  )

Register the HTTP protocol and state handling functions to APP layer of the engine.

HTTP

Definition at line 3163 of file app-layer-htp.c.

References ALPROTO_HTTP, AppLayerHtpSetStreamDepthFlag(), AppLayerParserConfParserEnabled(), AppLayerParserRegisterDetectFlagsFuncs(), AppLayerParserRegisterDetectStateFuncs(), AppLayerParserRegisterGetEventInfo(), AppLayerParserRegisterGetEventInfoById(), AppLayerParserRegisterGetEventsFunc(), AppLayerParserRegisterGetFilesFunc(), AppLayerParserRegisterGetStateProgressCompletionStatus(), AppLayerParserRegisterGetStateProgressFunc(), AppLayerParserRegisterGetTx(), AppLayerParserRegisterGetTxCnt(), AppLayerParserRegisterLoggerFuncs(), AppLayerParserRegisterParser(), AppLayerParserRegisterParserAcceptableDataDirection(), AppLayerParserRegisterSetStreamDepthFlag(), AppLayerParserRegisterStateFuncs(), AppLayerParserRegisterTruncateFunc(), AppLayerParserRegisterTxFreeFunc(), AppLayerProtoDetectConfProtoDetectionEnabled(), AppLayerProtoDetectRegisterProtocol(), HTPConfigure(), HTPGetEvents(), HTPGetTxDetectFlags(), HTPGetTxDetectState(), HTPHandleRequestData(), HTPHandleResponseData(), HTPParserRegisterTests(), HTPRegisterPatternsForProtocolDetection(), HTPSetTxDetectFlags(), HTPSetTxDetectState(), HTPStateAlloc(), HTPStateFree(), HTPStateGetAlstateProgress(), HTPStateGetAlstateProgressCompletionStatus(), HTPStateGetEventInfo(), HTPStateGetEventInfoById(), HTPStateGetFiles(), HTPStateGetTx(), HTPStateGetTxCnt(), HTPStateGetTxLogged(), HTPStateSetTxLogged(), HTPStateTransactionFree(), HTPStateTruncate(), SC_ATOMIC_INIT, SCEnter, SCLogInfo, SCReturn, STREAM_TOCLIENT, and STREAM_TOSERVER.

Referenced by AppLayerParserRegisterProtocolParsers(), and ParseCommandLineAFL().

◆ Reset()

Variable Documentation

◆ g_buffer_id

int g_buffer_id = 0
static

Stub for per HTTP header detection keyword. Meant to be included into a C file.

Definition at line 50 of file detect-http-headers-stub.h.

Referenced by DetectHttpHeadersRegisterStub(), and DetectHttpHeadersSetupSticky().

◆ htp_config_flags_sc_atomic__

uint32_t htp_config_flags_sc_atomic__

Definition at line 90 of file app-layer-htp.c.

◆ htp_config_flags_sc_lock__

pthread_mutex_t htp_config_flags_sc_lock__

Definition at line 90 of file app-layer-htp.c.