suricata
app-layer-htp.c File Reference
#include "suricata.h"
#include "suricata-common.h"
#include "conf.h"
#include "debug.h"
#include "decode.h"
#include "threads.h"
#include "counters.h"
#include "util-print.h"
#include "util-pool.h"
#include "util-radix-tree.h"
#include "util-file.h"
#include "stream-tcp-private.h"
#include "stream-tcp-reassemble.h"
#include "stream-tcp.h"
#include "stream.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer.h"
#include "app-layer-htp.h"
#include "app-layer-htp-body.h"
#include "app-layer-htp-file.h"
#include "app-layer-htp-libhtp.h"
#include "app-layer-htp-xff.h"
#include "util-spm.h"
#include "util-debug.h"
#include "util-time.h"
#include "util-misc.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "flow-util.h"
#include "detect-engine.h"
#include "detect-engine-state.h"
#include "detect-parse.h"
#include "decode-events.h"
#include "util-memcmp.h"
#include "util-random.h"
#include "util-validate.h"
#include "conf-yaml-loader.h"
Include dependency graph for app-layer-htp.c:

Go to the source code of this file.

Macros

#define IF_HTP_PERSONALITY_NUM(p)   if (strcasecmp(#p, str) == 0) return HTP_SERVER_ ## p
 
#define HTP_ERROR_MAX   (sizeof(htp_errors) / sizeof(htp_errors[0]))
 
#define HTP_WARNING_MAX   (sizeof(htp_warnings) / sizeof(htp_warnings[0]))
 
#define C_D_HDR   "content-disposition:"
 
#define C_D_HDR_LEN   20
 
#define C_T_HDR   "content-type:"
 
#define C_T_HDR_LEN   13
 
SCEnumCharMap http_decoder_event_table []
 
struct {
   const char *   msg
 
   int   de
 
htp_errors []
 
struct {
   const char *   msg
 
   int   de
 
htp_warnings []
 
void HTPStateFree (void *state)
 Function to frees the HTTP state memory and also frees the HTTP connection parser memory which was used by the HTP library. More...
 
void AppLayerHtpEnableRequestBodyCallback (void)
 Sets a flag that informs the HTP app layer that some module in the engine needs the http request body data. . More...
 
void AppLayerHtpEnableResponseBodyCallback (void)
 Sets a flag that informs the HTP app layer that some module in the engine needs the http request body data. . More...
 
void AppLayerHtpNeedFileInspection (void)
 Sets a flag that informs the HTP app layer that some module in the engine needs the http request file. More...
 
void HTPAtExitPrintStats (void)
 Print the stats of the HTTP requests. More...
 
void HTPFreeConfig (void)
 Clears the HTTP server configuration memory used by HTP library. More...
 
void HTPConfigure (void)
 
void AppLayerHtpPrintStats (void)
 
void RegisterHTPParsers (void)
 Register the HTTP protocol and state handling functions to APP layer of the engine. More...
 
void HtpConfigCreateBackup (void)
 
void HtpConfigRestoreBackup (void)
 
void HTPParserRegisterTests (void)
 Register the Unit tests for the HTTP protocol. More...
 

Detailed Description

Macro Definition Documentation

#define C_D_HDR   "content-disposition:"

Definition at line 1094 of file app-layer-htp.c.

#define C_D_HDR_LEN   20

Definition at line 1095 of file app-layer-htp.c.

#define C_T_HDR   "content-type:"

Definition at line 1096 of file app-layer-htp.c.

#define C_T_HDR_LEN   13

Definition at line 1097 of file app-layer-htp.c.

#define HTP_ERROR_MAX   (sizeof(htp_errors) / sizeof(htp_errors[0]))

Definition at line 546 of file app-layer-htp.c.

#define HTP_WARNING_MAX   (sizeof(htp_warnings) / sizeof(htp_warnings[0]))

Definition at line 547 of file app-layer-htp.c.

#define IF_HTP_PERSONALITY_NUM (   p)    if (strcasecmp(#p, str) == 0) return HTP_SERVER_ ## p

Variable Documentation

struct { ... } htp_errors[]
Initial value:
= {
{ "GZip decompressor: inflateInit2 failed", HTTP_DECODER_EVENT_GZIP_DECOMPRESSION_FAILED},
{ "Request field invalid: colon missing", HTTP_DECODER_EVENT_REQUEST_FIELD_MISSING_COLON},
{ "Response field invalid: missing colon", HTTP_DECODER_EVENT_RESPONSE_FIELD_MISSING_COLON},
{ "Request chunk encoding: Invalid chunk length", HTTP_DECODER_EVENT_INVALID_REQUEST_CHUNK_LEN},
{ "Response chunk encoding: Invalid chunk length", HTTP_DECODER_EVENT_INVALID_RESPONSE_CHUNK_LEN},
{ "Already seen 100-Continue", HTTP_DECODER_EVENT_100_CONTINUE_ALREADY_SEEN},
{ "Unable to match response to request", HTTP_DECODER_EVENT_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST},
{ "Invalid server port information in request", HTTP_DECODER_EVENT_INVALID_SERVER_PORT_IN_REQUEST},
{ "Request buffer over", HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG},
{ "Response buffer over", HTTP_DECODER_EVENT_RESPONSE_FIELD_TOO_LONG},
{ "C-T multipart/byteranges in responses not supported", HTTP_DECODER_EVENT_RESPONSE_MULTIPART_BYTERANGES},
}
struct { ... } htp_warnings[]
Initial value:
= {
{ "Request field invalid", HTTP_DECODER_EVENT_REQUEST_HEADER_INVALID},
{ "Response field invalid", HTTP_DECODER_EVENT_RESPONSE_HEADER_INVALID},
{ "Request header name is not a token", HTTP_DECODER_EVENT_REQUEST_HEADER_INVALID},
{ "Response header name is not a token", HTTP_DECODER_EVENT_RESPONSE_HEADER_INVALID},
{ "Invalid request field folding", HTTP_DECODER_EVENT_INVALID_REQUEST_FIELD_FOLDING},
{ "Invalid response field folding", HTTP_DECODER_EVENT_INVALID_RESPONSE_FIELD_FOLDING},
{ "Request line: URI contains non-compliant delimiter", HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT},
{ "Request line: non-compliant delimiter between Method and URI", HTTP_DECODER_EVENT_METHOD_DELIM_NON_COMPLIANT},
{ "Request line: leading whitespace", HTTP_DECODER_EVENT_REQUEST_LINE_LEADING_WHITESPACE},
{ "Too many response content encoding layers", HTTP_DECODER_EVENT_TOO_MANY_ENCODING_LAYERS},
{ "C-E gzip has abnormal value", HTTP_DECODER_EVENT_ABNORMAL_CE_HEADER},
{ "C-E deflate has abnormal value", HTTP_DECODER_EVENT_ABNORMAL_CE_HEADER},
{ "C-E unknown setting", HTTP_DECODER_EVENT_ABNORMAL_CE_HEADER},
{ "Excessive request header repetitions", HTTP_DECODER_EVENT_REQUEST_HEADER_REPETITION},
{ "Excessive response header repetitions", HTTP_DECODER_EVENT_RESPONSE_HEADER_REPETITION},
{ "Transfer-encoding has abnormal chunked value", HTTP_DECODER_EVENT_RESPONSE_ABNORMAL_TRANSFER_ENCODING},
{ "Chunked transfer-encoding on HTTP/0.9 or HTTP/1.0", HTTP_DECODER_EVENT_RESPONSE_CHUNKED_OLD_PROTO},
{ "Invalid response line: invalid protocol", HTTP_DECODER_EVENT_RESPONSE_INVALID_PROTOCOL},
{ "Invalid response line: invalid response status", HTTP_DECODER_EVENT_RESPONSE_INVALID_STATUS},
{ "Request line incomplete", HTTP_DECODER_EVENT_REQUEST_LINE_INCOMPLETE},
{ "Unexpected request body", HTTP_DECODER_EVENT_REQUEST_BODY_UNEXPECTED},
}
SCEnumCharMap http_decoder_event_table[]

Definition at line 96 of file app-layer-htp.c.

const char* msg