"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/src/preprocessors/HttpInspect/include/hi_client.h" (16 Oct 2020, 6109 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "hi_client.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.9.16.1_vs_2.9.17.

    1 /* $Id$ */
    2 /****************************************************************************
    3  *
    4  * Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
    5  * Copyright (C) 2003-2013 Sourcefire, Inc.
    6  *
    7  * This program is free software; you can redistribute it and/or modify
    8  * it under the terms of the GNU General Public License Version 2 as
    9  * published by the Free Software Foundation.  You may not use, modify or
   10  * distribute this program under any other version of the GNU General
   11  * Public License.
   12  *
   13  * This program is distributed in the hope that it will be useful,
   14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   16  * GNU General Public License for more details.
   17  *
   18  * You should have received a copy of the GNU General Public License
   19  * along with this program; if not, write to the Free Software
   20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   21  *
   22  ****************************************************************************/
   23 
   24 #ifndef __HI_CLIENT_H__
   25 #define __HI_CLIENT_H__
   26 
   27 
   28 #ifdef HAVE_CONFIG_H
   29 #include "config.h"
   30 #endif
   31 
   32 #include <sys/types.h>
   33 
   34 #include "snort_httpinspect.h"
   35 #include "hi_include.h"
   36 #include "hi_eo.h"
   37 #include "hi_eo_events.h"
   38 #define URI_END  99
   39 #define POST_END 100
   40 #define NO_URI   101
   41 
   42 #define XFF_MODE_MASK      (0x000f)
   43 #define XFF_EXFF_MASK      (0x000c)
   44 
   45 #define TRUE_CLIENT_IP_HDR (0x01)
   46 #define XFF_HDR            (0x02)
   47 #define HDRS_BOTH          (0x03)
   48 #define XFF_HEADERS        (0x04)  // Using xff_headers list
   49 #define XFF_HEADERS_ACTIVE (0x08)  // Looking for highest precedence xff header
   50 #define XFF_INIT (XFF_HEADERS | XFF_HEADERS_ACTIVE)
   51 
   52 #define XFF_TOP_PRECEDENCE (1)
   53 #define XFF_BOT_PRECEDENCE (255)
   54 
   55 #define HTTP_RANGE_NONE                  0
   56 #define HTTP_RANGE_WITH_FULL_CONTENT_REQ 1
   57 #define RANGE_WITH_PARTIAL_CONTENT_REQ   2
   58 #define RANGE_WITH_REQ_ERROR             3
   59 
   60 typedef struct s_COOKIE_PTR
   61 {
   62     const u_char *cookie;
   63     const u_char *cookie_end;
   64     struct s_COOKIE_PTR *next;
   65 } COOKIE_PTR;
   66 
   67 
   68 typedef struct s_CONTLEN_PTR
   69 {
   70     const u_char *cont_len_start;
   71     const u_char *cont_len_end;
   72     uint32_t len;
   73 }CONTLEN_PTR;
   74 
   75 typedef struct s_CONT_ENCODING_PTR
   76 {
   77     const u_char *cont_encoding_start;
   78     const u_char *cont_encoding_end;
   79     uint16_t compress_fmt;
   80 }CONT_ENCODING_PTR;
   81 
   82 typedef struct s_HEADER_FIELD_PTR
   83 {
   84     COOKIE_PTR *cookie;
   85     CONTLEN_PTR *content_len;
   86     CONT_ENCODING_PTR *content_encoding;
   87 } HEADER_FIELD_PTR;
   88 
   89 /* These numbers were chosen to avoid conflicting with
   90  * the return codes in hi_return_codes.h */
   91 
   92 /**
   93  **  This structure holds pointers to the different sections of an HTTP
   94  **  request.  We need to track where whitespace begins and ends, so we
   95  **  can evaluate the placement of the URI correctly.
   96  **
   97  **  For example,
   98  **
   99  **  GET     / HTTP/1.0
  100  **     ^   ^
  101  **   start end
  102  **
  103  **  The end space pointers are set to NULL if there is space until the end
  104  **  of the buffer.
  105  */
  106 
  107 typedef struct s_URI_PTR
  108 {
  109     const u_char *uri;                /* the beginning of the URI */
  110     const u_char *uri_end;            /* the end of the URI */
  111     const u_char *norm;               /* ptr to first normalization occurence */
  112     const u_char *ident;              /* ptr to beginning of the HTTP identifier */
  113     const u_char *first_sp_start;     /* beginning of first space delimiter */
  114     const u_char *first_sp_end;       /* end of first space delimiter */
  115     const u_char *second_sp_start;    /* beginning of second space delimiter */
  116     const u_char *second_sp_end;      /* end of second space delimiter */
  117     const u_char *param;              /* '?' (beginning of parameter field) */
  118     const u_char *delimiter;          /* HTTP URI delimiter (\r\n\) */
  119     const u_char *last_dir;           /* ptr to last dir, so we catch long dirs */
  120     const u_char *proxy;              /* ptr to the absolute URI */
  121 }  URI_PTR;
  122 
  123 typedef struct s_HEADER_PTR
  124 {
  125     URI_PTR header;
  126     COOKIE_PTR cookie;
  127     CONTLEN_PTR content_len;
  128     CONT_ENCODING_PTR content_encoding;
  129     uint8_t range_flag;
  130     bool is_chunked;
  131 #if defined(FEAT_OPEN_APPID)
  132     HEADER_LOCATION userAgent, referer, method, via, responseCode, server, xWorkingWith, contentType;
  133 #endif /* defined(FEAT_OPEN_APPID) */
  134 } HEADER_PTR;
  135 
  136 
  137 typedef struct s_HI_CLIENT_REQ
  138 {
  139     /*
  140     u_char *method;
  141     int  method_size;
  142     */
  143 
  144     const u_char *uri;
  145     const u_char *uri_norm;
  146     const u_char *post_raw;
  147     const u_char *post_norm;
  148     const u_char *header_raw;
  149     const u_char *header_norm;
  150     COOKIE_PTR cookie;
  151     const u_char *cookie_norm;
  152     const u_char *method_raw;
  153 
  154     u_int uri_size;
  155     u_int uri_norm_size;
  156     u_int post_raw_size;
  157     u_int post_norm_size;
  158     u_int header_raw_size;
  159     u_int header_norm_size;
  160     u_int cookie_norm_size;
  161     u_int method_size;
  162 
  163     /*
  164     u_char *param;
  165     u_int  param_size;
  166     u_int  param_norm;
  167     */
  168 
  169     /*
  170     u_char *ver;
  171     u_int  ver_size;
  172 
  173     u_char *hdr;
  174     u_int  hdr_size;
  175 
  176     u_char *payload;
  177     u_int  payload_size;
  178     */
  179 
  180     const u_char *pipeline_req;
  181     u_char method;
  182     uint16_t uri_encode_type;
  183     uint16_t header_encode_type;
  184     uint16_t cookie_encode_type;
  185     uint16_t post_encode_type;
  186     const u_char *content_type;
  187     const u_char *content_disp;
  188     uint8_t range_flag;
  189 
  190 }  HI_CLIENT_REQ;
  191 
  192 typedef struct s_HI_CLIENT
  193 {
  194     HI_CLIENT_REQ request;
  195     int (*state)(void *, unsigned char, int);
  196     HI_CLIENT_EVENTS event_list;
  197 
  198 }  HI_CLIENT;
  199 
  200 typedef struct s_HI_CLIENT_HDR_ARGS
  201 {
  202     HEADER_PTR *hdr_ptr;
  203     HEADER_FIELD_PTR *hdr_field_ptr;
  204     HttpSessionData *sd; 
  205     int strm_ins; 
  206     int hst_name_hdr;
  207     uint8_t true_clnt_xff;
  208     uint8_t prev_true_clnt_xff;
  209     uint8_t top_precedence;
  210     uint8_t new_precedence;
  211 } HI_CLIENT_HDR_ARGS;
  212 
  213 int hi_client_inspection(Packet *p, void *Session, HttpSessionData *hsd, int stream_ins);
  214 int hi_client_init(HTTPINSPECT_GLOBAL_CONF *GlobalConf);
  215 
  216 char **hi_client_get_field_names();
  217 
  218 extern const u_char *proxy_start;
  219 extern const u_char *proxy_end;
  220 
  221 #endif