suricata
Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
app-layer-htp.h File Reference
HTTP layer support
#include "util-radix-tree.h"
#include "util-file.h"
#include "app-layer-htp-mem.h"
#include "detect-engine-state.h"
#include "util-streaming-buffer.h"
#include <htp/htp.h>
Include dependency graph for app-layer-htp.h:

Go to the source code of this file.

Data Structures

struct  HTPCfgDir_
 
struct  HTPCfgRec_
 
struct  HtpBodyChunk_
 
struct  HtpBody_
 
struct  HtpTxUserData_
 
struct  HtpState_
 

Macros

#define HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT   4096U
 
#define HTP_CONFIG_DEFAULT_RESPONSE_BODY_LIMIT   4096U
 
#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_MIN_SIZE   32768U
 
#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_WINDOW   4096U
 
#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_MIN_SIZE   32768U
 
#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_WINDOW   4096U
 
#define HTP_CONFIG_DEFAULT_FIELD_LIMIT_SOFT   9000U
 
#define HTP_CONFIG_DEFAULT_FIELD_LIMIT_HARD   18000U
 
#define HTP_CONFIG_DEFAULT_LZMA_MEMLIMIT   1048576U
 
#define HTP_CONFIG_DEFAULT_COMPRESSION_BOMB_LIMIT   1048576U
 
#define HTP_CONFIG_DEFAULT_RANDOMIZE   1
 
#define HTP_CONFIG_DEFAULT_RANDOMIZE_RANGE   10
 
#define HTP_BOUNDARY_MAX   200U
 
#define HTP_FLAG_STATE_CLOSED_TS   0x0002
 
#define HTP_FLAG_STATE_CLOSED_TC   0x0004
 
#define HTP_FLAG_STORE_FILES_TS   0x0040
 
#define HTP_FLAG_STORE_FILES_TC   0x0080
 
#define HTP_FLAG_STORE_FILES_TX_TS   0x0100
 
#define HTP_FLAG_STORE_FILES_TX_TC   0x0200
 
#define HTP_CONTENTTYPE_SET   BIT_U8(0)
 
#define HTP_BOUNDARY_SET   BIT_U8(1)
 
#define HTP_BOUNDARY_OPEN   BIT_U8(2)
 
#define HTP_FILENAME_SET   BIT_U8(3)
 
#define HTP_DONTSTORE   BIT_U8(4)
 
#define HTP_STREAM_DEPTH_SET   BIT_U8(5)
 
#define HTP_REQUIRE_REQUEST_BODY   (1 << 0)
 
#define HTP_REQUIRE_REQUEST_MULTIPART   (1 << 1)
 
#define HTP_REQUIRE_REQUEST_FILE   (1 << 2)
 
#define HTP_REQUIRE_RESPONSE_BODY   (1 << 3)
 

Typedefs

typedef enum HtpSwfCompressType_ HtpSwfCompressType
 
typedef struct HTPCfgDir_ HTPCfgDir
 
typedef struct HTPCfgRec_ HTPCfgRec
 
typedef struct HtpBodyChunk_ HtpBodyChunk
 
typedef struct HtpBody_ HtpBody
 
typedef struct HtpTxUserData_ HtpTxUserData
 
typedef struct HtpState_ HtpState
 

Enumerations

enum  { HTP_BODY_REQUEST_NONE = 0, HTP_BODY_REQUEST_MULTIPART, HTP_BODY_REQUEST_POST, HTP_BODY_REQUEST_PUT }
 
enum  {
  HTTP_DECODER_EVENT_UNKNOWN_ERROR, HTTP_DECODER_EVENT_GZIP_DECOMPRESSION_FAILED, HTTP_DECODER_EVENT_REQUEST_FIELD_MISSING_COLON, HTTP_DECODER_EVENT_RESPONSE_FIELD_MISSING_COLON,
  HTTP_DECODER_EVENT_INVALID_REQUEST_CHUNK_LEN, HTTP_DECODER_EVENT_INVALID_RESPONSE_CHUNK_LEN, HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_REQUEST, HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_RESPONSE,
  HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_REQUEST, HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE, HTTP_DECODER_EVENT_DUPLICATE_CONTENT_LENGTH_FIELD_IN_REQUEST, HTTP_DECODER_EVENT_DUPLICATE_CONTENT_LENGTH_FIELD_IN_RESPONSE,
  HTTP_DECODER_EVENT_100_CONTINUE_ALREADY_SEEN, HTTP_DECODER_EVENT_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST, HTTP_DECODER_EVENT_INVALID_SERVER_PORT_IN_REQUEST, HTTP_DECODER_EVENT_INVALID_AUTHORITY_PORT,
  HTTP_DECODER_EVENT_REQUEST_HEADER_INVALID, HTTP_DECODER_EVENT_RESPONSE_HEADER_INVALID, HTTP_DECODER_EVENT_MISSING_HOST_HEADER, HTTP_DECODER_EVENT_HOST_HEADER_AMBIGUOUS,
  HTTP_DECODER_EVENT_INVALID_REQUEST_FIELD_FOLDING, HTTP_DECODER_EVENT_INVALID_RESPONSE_FIELD_FOLDING, HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG, HTTP_DECODER_EVENT_RESPONSE_FIELD_TOO_LONG,
  HTTP_DECODER_EVENT_REQUEST_SERVER_PORT_TCP_PORT_MISMATCH, HTTP_DECODER_EVENT_URI_HOST_INVALID, HTTP_DECODER_EVENT_HEADER_HOST_INVALID, HTTP_DECODER_EVENT_METHOD_DELIM_NON_COMPLIANT,
  HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT, HTTP_DECODER_EVENT_REQUEST_LINE_LEADING_WHITESPACE, HTTP_DECODER_EVENT_TOO_MANY_ENCODING_LAYERS, HTTP_DECODER_EVENT_ABNORMAL_CE_HEADER,
  HTTP_DECODER_EVENT_AUTH_UNRECOGNIZED, HTTP_DECODER_EVENT_REQUEST_HEADER_REPETITION, HTTP_DECODER_EVENT_RESPONSE_HEADER_REPETITION, HTTP_DECODER_EVENT_RESPONSE_MULTIPART_BYTERANGES,
  HTTP_DECODER_EVENT_RESPONSE_ABNORMAL_TRANSFER_ENCODING, HTTP_DECODER_EVENT_RESPONSE_CHUNKED_OLD_PROTO, HTTP_DECODER_EVENT_RESPONSE_INVALID_PROTOCOL, HTTP_DECODER_EVENT_RESPONSE_INVALID_STATUS,
  HTTP_DECODER_EVENT_REQUEST_LINE_INCOMPLETE, HTTP_DECODER_EVENT_DOUBLE_ENCODED_URI, HTTP_DECODER_EVENT_REQUEST_LINE_INVALID, HTTP_DECODER_EVENT_REQUEST_BODY_UNEXPECTED,
  HTTP_DECODER_EVENT_LZMA_MEMLIMIT_REACHED, HTTP_DECODER_EVENT_COMPRESSION_BOMB, HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR, HTTP_DECODER_EVENT_MULTIPART_NO_FILEDATA,
  HTTP_DECODER_EVENT_MULTIPART_INVALID_HEADER
}
 
enum  HtpSwfCompressType_ { HTTP_SWF_COMPRESSION_NONE = 0, HTTP_SWF_COMPRESSION_ZLIB, HTTP_SWF_COMPRESSION_LZMA, HTTP_SWF_COMPRESSION_BOTH }
 

Functions

struct HtpBodyChunk_ __attribute__ ((__packed__))
 DNP3 link header. More...
 
 SC_ATOMIC_DECLARE (uint32_t, htp_config_flags)
 
void RegisterHTPParsers (void)
 Register the HTTP protocol and state handling functions to APP layer of the engine. More...
 
void HTPParserRegisterTests (void)
 Register the Unit tests for the HTTP protocol. More...
 
void HTPAtExitPrintStats (void)
 Print the stats of the HTTP requests. More...
 
void HTPFreeConfig (void)
 Clears the HTTP server configuration memory used by HTP library. More...
 
void HtpBodyPrint (HtpBody *)
 Print the information and chunks of a Body. More...
 
void HtpBodyFree (HtpBody *)
 Free the information held in the request body. More...
 
void HTPStateFree (void *)
 Function to frees the HTTP state memory and also frees the HTTP connection parser memory which was used by the HTP library. More...
 
void AppLayerHtpEnableRequestBodyCallback (void)
 Sets a flag that informs the HTP app layer that some module in the engine needs the http request body data. . More...
 
void AppLayerHtpEnableResponseBodyCallback (void)
 Sets a flag that informs the HTP app layer that some module in the engine needs the http request body data. . More...
 
void AppLayerHtpNeedFileInspection (void)
 Sets a flag that informs the HTP app layer that some module in the engine needs the http request file. More...
 
void AppLayerHtpPrintStats (void)
 
void HTPConfigure (void)
 
void HtpConfigCreateBackup (void)
 
void HtpConfigRestoreBackup (void)
 

Variables

struct HtpBodyChunk_next
 
int logged
 
StreamingBufferSegment sbseg
 

Detailed Description

Author
Gurvinder Singh gurvi.nosp@m.nder.nosp@m.singh.nosp@m.dahi.nosp@m.ya@gm.nosp@m.ail..nosp@m.com
Pablo Rincon pablo.nosp@m..rin.nosp@m.con.c.nosp@m.resp.nosp@m.o@gma.nosp@m.il.c.nosp@m.om

This file provides a HTTP protocol support for the engine using HTP library.

Definition in file app-layer-htp.h.

Variable Documentation

int logged

Definition at line 588 of file app-layer-htp.h.

Referenced by OutputRegisterTxLogger(), SMTPStateAlloc(), and SSLSetEvent().

struct HtpBodyChunk_* next

Pointer to the next chunk

Definition at line 587 of file app-layer-htp.h.

Referenced by ActionInitConfig(), AddVariableToResolveList(), AffinitySetupLoadFromConfig(), AFPPeersListCheck(), AFPPeersListClean(), AppLayerParserTransactionsCleanup(), BuildCpusetWithCallback(), CleanupPcapFileDirectoryVars(), CleanVariableResolveList(), ConfFindDeviceConfig(), ConfGetNode(), ConfNodeDump(), ConfNodeFree(), ConfNodeIsSequence(), ConfNodeLookupChild(), ConfNodeLookupKeyValue(), ConfNodePrune(), ConfNodeRemove(), ConfYamlLoadFileWithPrefix(), DatasetsDestroy(), DatasetsInit(), DatasetsSave(), DCERPCUuidListFree(), DecodeCIPRequestPathPDU(), DefragPolicyGetHostTimeout(), DefragPolicyLoadFromConfig(), DefragRbFragCompare(), DetectAddressCleanupList(), DetectAddressTestConfVars(), DetectDatarepBufferMatch(), DetectDatasetBufferMatch(), DetectDceIfaceRegister(), DetectEngineAppInspectionEngine2Signature(), DetectEngineAppInspectionEngineSignatureFree(), DetectEngineCtxFree(), DetectEngineCtxInitWithPrefix(), DetectEngineMoveToFreeList(), DetectEngineMultiTenantSetup(), DetectEnginePruneFreeList(), DetectEngineReloadTenantBlocking(), DetectLoaderQueueTask(), DetectMetadataHashFree(), DetectParseFreeRegexes(), DetectPortCleanupList(), DetectPortTestConfVars(), DetectRunPrefilterTx(), DetectTlsCertsRegister(), DetectVarProcessListInternal(), DNP3FreeObjectPointList(), FileContainerFree(), FileContainerRecycle(), FileForceHashParseCfg(), FlowDisableFlowManagerThread(), FTPMemcapGlobalCounter(), HtpBodyPrune(), HtpConfigRestoreBackup(), HTPConfigure(), HTPFreeConfig(), InspectionBufferApplyTransforms(), IPOnlyCIDRListFree(), JsonDNSLogAnswer(), JsonTlsLogJSONExtended(), LiveBuildDeviceListCustom(), LiveDeviceFinalize(), LiveDeviceForEach(), LiveDeviceListClean(), LiveGetDevice(), LiveGetDeviceCount(), LiveGetDeviceName(), LiveGetDeviceNameCount(), LiveGetDeviceNameName(), LiveRegisterDevice(), LiveRegisterDeviceName(), NapatechGetStreamConfig(), NapatechSetupTraffic(), NoWinDivertSupportExit(), OutputEmailInitConf(), OutputUnregisterFileRotationFlag(), PacketCreateMask(), PcapDetermineDirectoryOrFile(), PostRunDeinit(), PrefilterFreeEnginesList(), printUUID(), RegisterDCERPCParsers(), RegisterDCERPCUDPParsers(), ROHashInitFinalize(), ROHashInitQueueValue(), RunModeInitializeOutputs(), RunModeShutDown(), RunModeUnixSocketGetDefaultMode(), SCHInfoLoadFromConfig(), SCLogLoadConfig(), SigLoadSignatures(), SigMatchSignaturesGetSgh(), SigStringAppend(), SMTPProcessDataChunk(), SMTPStateAlloc(), SRepInit(), SSLVersionToString(), StorageCleanup(), StorageFinalize(), StreamingBufferFree(), StreamTcpSackUpdatePacket(), TcpSegmentCompare(), and TmModuleDecodeNetmapRegister().

StreamingBufferSegment sbseg

Definition at line 589 of file app-layer-htp.h.