suricata
Data Structures | Macros | Typedefs | Functions
app-layer-htp-xff.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  HttpXFFCfg_
 

Macros

#define XFF_DISABLED   1
 
#define XFF_EXTRADATA   2
 
#define XFF_OVERWRITE   4
 
#define XFF_REVERSE   8
 
#define XFF_FORWARD   16
 
#define XFF_MAXLEN   46
 

Typedefs

typedef struct HttpXFFCfg_ HttpXFFCfg
 

Functions

void HttpXFFGetCfg (SCConfNode *conf, HttpXFFCfg *result)
 Function to return XFF configuration from a configuration node. More...
 
int HttpXFFGetIPFromTx (const Flow *f, uint64_t tx_id, HttpXFFCfg *xff_cfg, char *dstbuf, int dstbuflen)
 Function to return XFF IP if any in the selected transaction. The caller needs to lock the flow. More...
 
int HttpXFFGetIP (const Flow *f, HttpXFFCfg *xff_cfg, char *dstbuf, int dstbuflen)
 Function to return XFF IP if any. The caller needs to lock the flow. More...
 
void HTPXFFParserRegisterTests (void)
 

Detailed Description

Author
Ignacio Sanchez sanch.nosp@m.ezma.nosp@m.rtin..nosp@m.ji@g.nosp@m.mail..nosp@m.com
Duarte Silva duart.nosp@m.e.si.nosp@m.lva@s.nosp@m.eria.nosp@m.lizin.nosp@m.g.me

Definition in file app-layer-htp-xff.h.

Macro Definition Documentation

◆ XFF_DISABLED

#define XFF_DISABLED   1

XFF is disabled

Definition at line 30 of file app-layer-htp-xff.h.

◆ XFF_EXTRADATA

#define XFF_EXTRADATA   2

XFF extra data mode

Definition at line 32 of file app-layer-htp-xff.h.

◆ XFF_FORWARD

#define XFF_FORWARD   16

XFF is to be used in a forward proxy deployment

Definition at line 38 of file app-layer-htp-xff.h.

◆ XFF_MAXLEN

#define XFF_MAXLEN   46

Single XFF IP maximum length (default value based on IPv6 address length)

Definition at line 40 of file app-layer-htp-xff.h.

◆ XFF_OVERWRITE

#define XFF_OVERWRITE   4

XFF overwrite mode

Definition at line 34 of file app-layer-htp-xff.h.

◆ XFF_REVERSE

#define XFF_REVERSE   8

XFF is to be used in a reverse proxy deployment

Definition at line 36 of file app-layer-htp-xff.h.

Typedef Documentation

◆ HttpXFFCfg

typedef struct HttpXFFCfg_ HttpXFFCfg

Function Documentation

◆ HTPXFFParserRegisterTests()

void HTPXFFParserRegisterTests ( void  )

Definition at line 332 of file app-layer-htp-xff.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ HttpXFFGetCfg()

void HttpXFFGetCfg ( SCConfNode conf,
HttpXFFCfg result 
)

Function to return XFF configuration from a configuration node.

Definition at line 202 of file app-layer-htp-xff.c.

References BUG_ON, HttpXFFCfg_::flags, HttpXFFCfg_::header, SCConfNodeChildValueIsTrue(), SCConfNodeLookupChild(), SCConfNodeLookupChildValue(), SCLogWarning, XFF_DEFAULT, XFF_DISABLED, XFF_EXTRADATA, XFF_FORWARD, XFF_OVERWRITE, and XFF_REVERSE.

Here is the call graph for this function:

◆ HttpXFFGetIP()

int HttpXFFGetIP ( const Flow f,
HttpXFFCfg xff_cfg,
char *  dstbuf,
int  dstbuflen 
)

Function to return XFF IP if any. The caller needs to lock the flow.

Return values
1if the IP has been found and returned in dstbuf
0if the IP has not being found or error

Definition at line 177 of file app-layer-htp-xff.c.

◆ HttpXFFGetIPFromTx()

int HttpXFFGetIPFromTx ( const Flow f,
uint64_t  tx_id,
HttpXFFCfg xff_cfg,
char *  dstbuf,
int  dstbuflen 
)

Function to return XFF IP if any in the selected transaction. The caller needs to lock the flow.

Return values
1if the IP has been found and returned in dstbuf
0if the IP has not being found or error

Get the last IP address from the chain

Get the first IP address from the chain

Definition at line 116 of file app-layer-htp-xff.c.

References XFF_CHAIN_MAXLEN.