suricata
app-layer-htp.c File Reference
#include "suricata.h"
#include "suricata-common.h"
#include "conf.h"
#include "decode.h"
#include "util-print.h"
#include "util-byte.h"
#include "stream-tcp.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer.h"
#include "app-layer-detect-proto.h"
#include "app-layer-frames.h"
#include "app-layer-htp.h"
#include "app-layer-htp-body.h"
#include "app-layer-htp-file.h"
#include "app-layer-htp-libhtp.h"
#include "app-layer-htp-xff.h"
#include "app-layer-htp-range.h"
#include "app-layer-htp-mem.h"
#include "util-debug.h"
#include "util-misc.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "flow-util.h"
#include "detect-engine.h"
#include "detect-engine-build.h"
#include "detect-engine-state.h"
#include "detect-parse.h"
#include "util-memcmp.h"
#include "util-random.h"
#include "util-validate.h"
#include "detect-engine-alert.h"
#include "conf-yaml-loader.h"
Include dependency graph for app-layer-htp.c:

Go to the source code of this file.

Data Structures

struct  HTPConfigTree
 

Macros

#define IF_HTP_PERSONALITY_NUM(p)
 
#define HTP_MAX_MESSAGES   512
 
#define HTP_ERROR_MAX   (sizeof(htp_errors) / sizeof(htp_errors[0]))
 
#define HTP_WARNING_MAX   (sizeof(htp_warnings) / sizeof(htp_warnings[0]))
 
enum  HttpFrameTypes { HTTP_FRAME_REQUEST, HTTP_FRAME_RESPONSE }
 
SCRadix4Config htp_radix4_cfg = { NULL, NULL }
 
SCRadix6Config htp_radix6_cfg = { NULL, NULL }
 
StreamingBufferConfig htp_sbcfg = STREAMING_BUFFER_CONFIG_INITIALIZER
 
SCEnumCharMap http_decoder_event_table []
 
SCEnumCharMap http_frame_table []
 
struct {
   const char *   msg
 
   uint8_t   de
 
htp_errors []
 
struct {
   const char *   msg
 
   uint8_t   de
 
htp_warnings []
 
 SC_ATOMIC_DECLARE (uint32_t, htp_config_flags)
 
void HTPStateFree (void *state)
 Function to frees the HTTP state memory and also frees the HTTP connection parser memory which was used by the HTP library. More...
 
void AppLayerHtpEnableRequestBodyCallback (void)
 Sets a flag that informs the HTP app layer that some module in the engine needs the http request body data. \initonly. More...
 
void AppLayerHtpEnableResponseBodyCallback (void)
 Sets a flag that informs the HTP app layer that some module in the engine needs the http request body data. \initonly. More...
 
void AppLayerHtpNeedFileInspection (void)
 Sets a flag that informs the HTP app layer that some module in the engine needs the http request file. More...
 
void HTPAtExitPrintStats (void)
 Print the stats of the HTTP requests. More...
 
void HTPFreeConfig (void)
 Clears the HTTP server configuration memory used by HTP library. More...
 
void HTPConfigure (void)
 
void AppLayerHtpPrintStats (void)
 
void * HtpGetTxForH2 (void *alstate)
 
void RegisterHTPParsers (void)
 Register the HTTP protocol and state handling functions to APP layer of the engine. More...
 
void HtpConfigCreateBackup (void)
 
void HtpConfigRestoreBackup (void)
 

Detailed Description

Macro Definition Documentation

◆ HTP_ERROR_MAX

#define HTP_ERROR_MAX   (sizeof(htp_errors) / sizeof(htp_errors[0]))

Definition at line 636 of file app-layer-htp.c.

◆ HTP_MAX_MESSAGES

#define HTP_MAX_MESSAGES   512

Limit to the number of libhtp messages that can be handled

Definition at line 96 of file app-layer-htp.c.

◆ HTP_WARNING_MAX

#define HTP_WARNING_MAX   (sizeof(htp_warnings) / sizeof(htp_warnings[0]))

Definition at line 637 of file app-layer-htp.c.

◆ IF_HTP_PERSONALITY_NUM

#define IF_HTP_PERSONALITY_NUM (   p)
Value:
if (strcasecmp(#p, str) == 0) \
return HTP_SERVER_PERSONALITY_##p

Enumeration Type Documentation

◆ HttpFrameTypes

Enumerator
HTTP_FRAME_REQUEST 
HTTP_FRAME_RESPONSE 

Definition at line 180 of file app-layer-htp.c.

Function Documentation

◆ SC_ATOMIC_DECLARE()

SC_ATOMIC_DECLARE ( uint32_t  ,
htp_config_flags   
)

Variable Documentation

◆ de

◆ htp_errors

struct { ... } htp_errors[]
Initial value:
= {
{ "GZip decompressor: inflateInit2 failed", HTP_LOG_CODE_GZIP_DECOMPRESSION_FAILED },
{ "Request field invalid: colon missing", HTP_LOG_CODE_REQUEST_FIELD_MISSING_COLON },
{ "Response field invalid: missing colon", HTP_LOG_CODE_RESPONSE_FIELD_MISSING_COLON },
{ "Request chunk encoding: Invalid chunk length", HTP_LOG_CODE_INVALID_REQUEST_CHUNK_LEN },
{ "Response chunk encoding: Invalid chunk length", HTP_LOG_CODE_INVALID_RESPONSE_CHUNK_LEN },
{ "Invalid C-L field in response", HTP_LOG_CODE_INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE },
{ "Already seen 100-Continue", HTP_LOG_CODE_CONTINUE_ALREADY_SEEN },
{ "Unable to match response to request", HTP_LOG_CODE_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST },
{ "Invalid server port information in request", HTP_LOG_CODE_INVALID_SERVER_PORT_IN_REQUEST },
{ "Request buffer over", HTP_LOG_CODE_REQUEST_FIELD_TOO_LONG },
{ "Response buffer over", HTP_LOG_CODE_RESPONSE_FIELD_TOO_LONG },
{ "C-T multipart/byteranges in responses not supported",
{ "Compression bomb:", HTP_LOG_CODE_COMPRESSION_BOMB },
}

◆ htp_radix4_cfg

SCRadix4Config htp_radix4_cfg = { NULL, NULL }

Definition at line 86 of file app-layer-htp.c.

◆ htp_radix6_cfg

SCRadix6Config htp_radix6_cfg = { NULL, NULL }

Definition at line 87 of file app-layer-htp.c.

◆ htp_sbcfg

◆ htp_warnings

struct { ... } htp_warnings[]

◆ http_decoder_event_table

SCEnumCharMap http_decoder_event_table[]

Definition at line 105 of file app-layer-htp.c.

◆ http_frame_table

SCEnumCharMap http_frame_table[]
Initial value:
= {
{
"request",
},
{
"response",
},
{ NULL, -1 },
}

Definition at line 185 of file app-layer-htp.c.

◆ msg

const char* msg

Definition at line 559 of file app-layer-htp.c.

Referenced by LuaCallbackError(), SCLog(), and SCLogErr().

HTP_LOG_CODE_RESPONSE_FIELD_MISSING_COLON
#define HTP_LOG_CODE_RESPONSE_FIELD_MISSING_COLON
Definition: app-layer-htp-libhtp.h:102
HTP_LOG_CODE_CONTINUE_ALREADY_SEEN
#define HTP_LOG_CODE_CONTINUE_ALREADY_SEEN
Definition: app-layer-htp-libhtp.h:117
HTP_LOG_CODE_INVALID_SERVER_PORT_IN_REQUEST
#define HTP_LOG_CODE_INVALID_SERVER_PORT_IN_REQUEST
Definition: app-layer-htp-libhtp.h:120
HTP_LOG_CODE_REQUEST_FIELD_TOO_LONG
#define HTP_LOG_CODE_REQUEST_FIELD_TOO_LONG
Definition: app-layer-htp-libhtp.h:130
HTP_LOG_CODE_REQUEST_FIELD_MISSING_COLON
#define HTP_LOG_CODE_REQUEST_FIELD_MISSING_COLON
Definition: app-layer-htp-libhtp.h:101
HTP_LOG_CODE_INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE
#define HTP_LOG_CODE_INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE
Definition: app-layer-htp-libhtp.h:111
HTP_LOG_CODE_GZIP_DECOMPRESSION_FAILED
#define HTP_LOG_CODE_GZIP_DECOMPRESSION_FAILED
Definition: app-layer-htp-libhtp.h:100
HTP_LOG_CODE_RESPONSE_FIELD_TOO_LONG
#define HTP_LOG_CODE_RESPONSE_FIELD_TOO_LONG
Definition: app-layer-htp-libhtp.h:131
HTP_LOG_CODE_INVALID_REQUEST_CHUNK_LEN
#define HTP_LOG_CODE_INVALID_REQUEST_CHUNK_LEN
Definition: app-layer-htp-libhtp.h:103
HTP_LOG_CODE_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST
#define HTP_LOG_CODE_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST
Definition: app-layer-htp-libhtp.h:118
HTP_LOG_CODE_INVALID_RESPONSE_CHUNK_LEN
#define HTP_LOG_CODE_INVALID_RESPONSE_CHUNK_LEN
Definition: app-layer-htp-libhtp.h:104
HTTP_FRAME_RESPONSE
@ HTTP_FRAME_RESPONSE
Definition: app-layer-htp.c:182
str
#define str(s)
Definition: suricata-common.h:300
HTTP_FRAME_REQUEST
@ HTTP_FRAME_REQUEST
Definition: app-layer-htp.c:181
HTP_LOG_CODE_COMPRESSION_BOMB
#define HTP_LOG_CODE_COMPRESSION_BOMB
Definition: app-layer-htp-libhtp.h:157
HTP_LOG_CODE_RESPONSE_MULTIPART_BYTERANGES
#define HTP_LOG_CODE_RESPONSE_MULTIPART_BYTERANGES
Definition: app-layer-htp-libhtp.h:149