suricata
app-layer-htp.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \defgroup httplayer HTTP layer support
20  *
21  * @{
22  */
23 
24 /**
25  * \file
26  *
27  * \author Gurvinder Singh <gurvindersinghdahiya@gmail.com>
28  * \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
29  *
30  * This file provides a HTTP protocol support for the engine using HTP library.
31  */
32 
33 #ifndef SURICATA_APP_LAYER_HTP_H
34 #define SURICATA_APP_LAYER_HTP_H
35 
36 #include "rust.h"
37 #include "app-layer-frames.h"
38 
39 #include "htp/htp_rs.h"
40 
41 /* default request body limit */
42 #define HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT 4096U
43 #define HTP_CONFIG_DEFAULT_RESPONSE_BODY_LIMIT 4096U
44 #define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_MIN_SIZE 32768U
45 #define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_WINDOW 4096U
46 #define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_MIN_SIZE 32768U
47 #define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_WINDOW 4096U
48 #define HTP_CONFIG_DEFAULT_FIELD_LIMIT 18000U
49 
50 #define HTP_CONFIG_DEFAULT_LZMA_LAYERS 0U
51 /* default libhtp lzma limit, taken from libhtp. */
52 #define HTP_CONFIG_DEFAULT_LZMA_MEMLIMIT 1048576U
53 #define HTP_CONFIG_DEFAULT_COMPRESSION_BOMB_LIMIT 1048576U
54 // 100000 usec is 0.1 sec
55 #define HTP_CONFIG_DEFAULT_COMPRESSION_TIME_LIMIT 100000
56 
57 #define HTP_CONFIG_DEFAULT_RANDOMIZE 1
58 #define HTP_CONFIG_DEFAULT_RANDOMIZE_RANGE 10
59 
60 // 0x0001 not used
61 #define HTP_FLAG_STATE_CLOSED_TS \
62  0x0002 /**< Flag to indicate that HTTP \
63  connection is closed */
64 #define HTP_FLAG_STATE_CLOSED_TC \
65  0x0004 /**< Flag to indicate that HTTP \
66  connection is closed */
67 
68 enum {
71  HTP_BODY_REQUEST_POST, /* POST, no MP */
73 };
74 
75 enum {
76  /* suricata errors/warnings */
80 
85 };
86 
87 typedef enum HtpSwfCompressType_ {
93 
94 typedef struct HTPCfgDir_ {
95  uint32_t body_limit;
96  uint32_t inspect_min_size;
97  uint32_t inspect_window;
99 
100 /** Need a linked list in order to keep track of these */
101 typedef struct HTPCfgRec_ {
102  htp_cfg_t *cfg;
103  struct HTPCfgRec_ *next;
104 
105  /** max size of the client body we inspect */
109 
114 
117 
118  bool uri_include_all; /**< use all info in uri (bool) */
120 
121 /** Struct used to hold chunks of a body on a request */
123  struct HtpBodyChunk_ *next; /**< Pointer to the next chunk */
124  int logged;
125  StreamingBufferSegment sbseg;
126 } __attribute__((__packed__));
127 typedef struct HtpBodyChunk_ HtpBodyChunk;
128 
129 /** Struct used to hold all the chunks of a body on a request */
130 typedef struct HtpBody_ {
131  HtpBodyChunk *first; /**< Pointer to the first chunk */
132  HtpBodyChunk *last; /**< Pointer to the last chunk */
133 
135 
136  /* Holds the length of the htp request body seen so far */
138  /* parser tracker */
139  uint64_t body_parsed;
140  /* inspection tracker */
141  uint64_t body_inspected;
143 
144 #define HTP_BOUNDARY_SET BIT_U8(1) /**< We have a boundary string */
145 #define HTP_FILENAME_SET BIT_U8(3) /**< filename is registered in the flow */
146 #define HTP_DONTSTORE BIT_U8(4) /**< not storing this file */
147 #define HTP_STREAM_DEPTH_SET BIT_U8(5) /**< stream-depth is set */
148 
149 /** Now the Body Chunks will be stored per transaction, at
150  * the tx user data */
151 typedef struct HtpTxUserData_ {
152  /* Body of the request (if any) */
155 
158 
159  uint8_t tsflags;
160  uint8_t tcflags;
161 
163 
166 
171 
172  MimeStateHTTP *mime_state;
173 
174  HttpRangeContainerBlock *file_range; /**< used to assign track ids to range file */
175 
180 
181 typedef struct HtpState_ {
182  /* Connection parser structure for each connection */
183  htp_connp_t *connp;
184  /* Connection structure for each connection */
185  htp_conn_t *conn;
186  Flow *f; /**< Needed to retrieve the original flow when using HTPLib callbacks */
187  uint64_t transaction_cnt;
188  const struct HTPCfgRec_ *cfg;
189  uint16_t flags;
190  uint16_t events;
191  uint16_t htp_messages_count; /**< Number of already logged messages */
192  uint32_t file_track_id; /**< used to assign file track ids to files */
195  StreamSlice *slice;
198  AppLayerStateData state_data;
200 
201 /** part of the engine needs the request body (e.g. http_client_body keyword) */
202 #define HTP_REQUIRE_REQUEST_BODY (1 << 0)
203 /** part of the engine needs the request file (e.g. log-file module) */
204 #define HTP_REQUIRE_REQUEST_FILE (1 << 2)
205 /** part of the engine needs the request body (e.g. file_data keyword) */
206 #define HTP_REQUIRE_RESPONSE_BODY (1 << 3)
207 
208 SC_ATOMIC_EXTERN(uint32_t, htp_config_flags);
209 
210 void RegisterHTPParsers(void);
211 void HTPAtExitPrintStats(void);
212 void HTPFreeConfig(void);
213 
214 /* To free the state from unittests using app-layer-htp */
215 void HTPStateFree(void *);
219 void AppLayerHtpPrintStats(void);
220 
221 void HTPConfigure(void);
222 
223 void HtpConfigCreateBackup(void);
224 void HtpConfigRestoreBackup(void);
225 
226 void *HtpGetTxForH2(void *);
227 
228 #endif /* SURICATA_APP_LAYER_HTP_H */
229 
230 /**
231  * @}
232  */
HtpState
struct HtpState_ HtpState
HtpState_::cfg
const struct HTPCfgRec_ * cfg
Definition: app-layer-htp.h:188
FileContainer_
Definition: util-file.h:113
HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR
@ HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR
Definition: app-layer-htp.h:77
HTP_BODY_REQUEST_POST
@ HTP_BODY_REQUEST_POST
Definition: app-layer-htp.h:71
AppLayerHtpNeedFileInspection
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
Definition: app-layer-htp.c:597
HtpState_::slice
StreamSlice * slice
Definition: app-layer-htp.h:195
HtpTxUserData_::request_headers_raw_len
uint32_t request_headers_raw_len
Definition: app-layer-htp.h:169
HTPCfgDir_
Definition: app-layer-htp.h:94
HtpBody_::sb
StreamingBuffer * sb
Definition: app-layer-htp.h:134
HtpTxUserData_::files_tc
FileContainer files_tc
Definition: app-layer-htp.h:178
HTPCfgRec_::response
HTPCfgDir response
Definition: app-layer-htp.h:116
HtpTxUserData
struct HtpTxUserData_ HtpTxUserData
AppLayerHtpPrintStats
void AppLayerHtpPrintStats(void)
Definition: app-layer-htp.c:2479
HTPCfgDir_::body_limit
uint32_t body_limit
Definition: app-layer-htp.h:95
HtpSwfCompressType_
HtpSwfCompressType_
Definition: app-layer-htp.h:87
HtpTxUserData_::mime_state
MimeStateHTTP * mime_state
Definition: app-layer-htp.h:172
Flow_
Flow data structure.
Definition: flow.h:356
HtpGetTxForH2
void * HtpGetTxForH2(void *)
Definition: app-layer-htp.c:2542
HtpState_::flags
uint16_t flags
Definition: app-layer-htp.h:189
HtpState_::f
Flow * f
Definition: app-layer-htp.h:186
HtpBody_::last
HtpBodyChunk * last
Definition: app-layer-htp.h:132
HtpTxUserData_::request_body
HtpBody request_body
Definition: app-layer-htp.h:164
HtpSwfCompressType
enum HtpSwfCompressType_ HtpSwfCompressType
rust.h
HTTP_SWF_COMPRESSION_ZLIB
@ HTTP_SWF_COMPRESSION_ZLIB
Definition: app-layer-htp.h:89
HTP_BODY_REQUEST_PUT
@ HTP_BODY_REQUEST_PUT
Definition: app-layer-htp.h:72
HtpState_::transaction_cnt
uint64_t transaction_cnt
Definition: app-layer-htp.h:187
HTPCfgRec_::swf_compress_depth
uint32_t swf_compress_depth
Definition: app-layer-htp.h:113
HTPStateFree
void HTPStateFree(void *)
Function to frees the HTTP state memory and also frees the HTTP connection parser memory which was us...
Definition: app-layer-htp.c:501
HTTP_DECODER_EVENT_FILE_NAME_TOO_LONG
@ HTTP_DECODER_EVENT_FILE_NAME_TOO_LONG
Definition: app-layer-htp.h:83
HTPCfgDir_::inspect_window
uint32_t inspect_window
Definition: app-layer-htp.h:97
HTPConfigure
void HTPConfigure(void)
Definition: app-layer-htp.c:2408
HTTP_DECODER_EVENT_TOO_MANY_WARNINGS
@ HTTP_DECODER_EVENT_TOO_MANY_WARNINGS
Definition: app-layer-htp.h:81
HtpBody_::first
HtpBodyChunk * first
Definition: app-layer-htp.h:131
HtpState_
Definition: app-layer-htp.h:181
HtpBody_::content_len_so_far
uint64_t content_len_so_far
Definition: app-layer-htp.h:137
__attribute__
struct HtpBodyChunk_ __attribute__((__packed__))
DNP3 link header.
Definition: decode-vlan.c:102
HttpRangeContainerBlock
Definition: app-layer-htp-range.h:90
HtpState_::response_frame_id
FrameId response_frame_id
Definition: app-layer-htp.h:197
HtpTxUserData_::file_range
HttpRangeContainerBlock * file_range
Definition: app-layer-htp.h:174
HtpState_::last_request_data_stamp
uint64_t last_request_data_stamp
Definition: app-layer-htp.h:193
HtpBody_::body_parsed
uint64_t body_parsed
Definition: app-layer-htp.h:139
HTPCfgRec_::http_body_inline
int http_body_inline
Definition: app-layer-htp.h:108
HTPCfgRec_::randomize_range
int randomize_range
Definition: app-layer-htp.h:107
HTTP_SWF_COMPRESSION_NONE
@ HTTP_SWF_COMPRESSION_NONE
Definition: app-layer-htp.h:88
HtpConfigCreateBackup
void HtpConfigCreateBackup(void)
Definition: app-layer-htp.c:2721
HtpState_::file_track_id
uint32_t file_track_id
Definition: app-layer-htp.h:192
HTPCfgRec_::randomize
int randomize
Definition: app-layer-htp.h:106
HTPCfgDir_::inspect_min_size
uint32_t inspect_min_size
Definition: app-layer-htp.h:96
AppLayerHtpEnableRequestBodyCallback
void AppLayerHtpEnableRequestBodyCallback(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request body...
Definition: app-layer-htp.c:570
HtpTxUserData_::response_has_trailers
uint8_t response_has_trailers
Definition: app-layer-htp.h:157
HtpTxUserData_::request_headers_raw
uint8_t * request_headers_raw
Definition: app-layer-htp.h:167
HtpState_::conn
htp_conn_t * conn
Definition: app-layer-htp.h:185
HTPCfgRec_::swf_decompress_depth
uint32_t swf_decompress_depth
Definition: app-layer-htp.h:112
HTPCfgRec_::swf_decompression_enabled
int swf_decompression_enabled
Definition: app-layer-htp.h:110
HtpTxUserData_::tx_data
AppLayerTxData tx_data
Definition: app-layer-htp.h:176
HtpState_::state_data
AppLayerStateData state_data
Definition: app-layer-htp.h:198
FrameId
int64_t FrameId
Definition: app-layer-frames.h:34
HTPAtExitPrintStats
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
Definition: app-layer-htp.c:1613
HTTP_DECODER_EVENT_RANGE_INVALID
@ HTTP_DECODER_EVENT_RANGE_INVALID
Definition: app-layer-htp.h:82
HtpTxUserData_::request_has_trailers
uint8_t request_has_trailers
Definition: app-layer-htp.h:156
HTPCfgRec
struct HTPCfgRec_ HTPCfgRec
HTPCfgRec_::uri_include_all
bool uri_include_all
Definition: app-layer-htp.h:118
HtpState_::htp_messages_count
uint16_t htp_messages_count
Definition: app-layer-htp.h:191
HtpBody
struct HtpBody_ HtpBody
AppLayerHtpEnableResponseBodyCallback
void AppLayerHtpEnableResponseBodyCallback(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request body...
Definition: app-layer-htp.c:583
HTPCfgRec_::swf_compression_type
HtpSwfCompressType swf_compression_type
Definition: app-layer-htp.h:111
HtpTxUserData_::response_body
HtpBody response_body
Definition: app-layer-htp.h:165
HtpBodyChunk_::logged
int logged
Definition: app-layer-htp.h:124
HTTP_DECODER_EVENT_FAILED_PROTOCOL_CHANGE
@ HTTP_DECODER_EVENT_FAILED_PROTOCOL_CHANGE
Definition: app-layer-htp.h:84
HTPCfgRec_::next
struct HTPCfgRec_ * next
Definition: app-layer-htp.h:103
StreamingBuffer_
Definition: util-streaming-buffer.h:108
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: detect.h:1466
HtpTxUserData_::request_body_type
uint8_t request_body_type
Definition: app-layer-htp.h:162
HTPCfgRec_::cfg
htp_cfg_t * cfg
Definition: app-layer-htp.h:102
app-layer-frames.h
HtpBody_
Definition: app-layer-htp.h:130
HTTP_DECODER_EVENT_MULTIPART_NO_FILEDATA
@ HTTP_DECODER_EVENT_MULTIPART_NO_FILEDATA
Definition: app-layer-htp.h:78
HTPCfgRec_::request
HTPCfgDir request
Definition: app-layer-htp.h:115
HtpTxUserData_::response_headers_raw
uint8_t * response_headers_raw
Definition: app-layer-htp.h:168
HtpBodyChunk_
Definition: app-layer-htp.h:122
HtpState_::connp
htp_connp_t * connp
Definition: app-layer-htp.h:183
HtpTxUserData_::tcflags
uint8_t tcflags
Definition: app-layer-htp.h:160
HTTP_DECODER_EVENT_MULTIPART_INVALID_HEADER
@ HTTP_DECODER_EVENT_MULTIPART_INVALID_HEADER
Definition: app-layer-htp.h:79
SC_ATOMIC_EXTERN
SC_ATOMIC_EXTERN(uint32_t, htp_config_flags)
HtpTxUserData_
Definition: app-layer-htp.h:151
HtpState_::last_response_data_stamp
uint64_t last_response_data_stamp
Definition: app-layer-htp.h:194
HtpConfigRestoreBackup
void HtpConfigRestoreBackup(void)
Definition: app-layer-htp.c:2726
HTP_BODY_REQUEST_NONE
@ HTP_BODY_REQUEST_NONE
Definition: app-layer-htp.h:69
HtpState_::events
uint16_t events
Definition: app-layer-htp.h:190
HtpBodyChunk_::next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:123
HtpTxUserData_::response_body_init
uint8_t response_body_init
Definition: app-layer-htp.h:154
HTTP_SWF_COMPRESSION_BOTH
@ HTTP_SWF_COMPRESSION_BOTH
Definition: app-layer-htp.h:91
HTPCfgRec_
Definition: app-layer-htp.h:101
RegisterHTPParsers
void RegisterHTPParsers(void)
Register the HTTP protocol and state handling functions to APP layer of the engine.
Definition: app-layer-htp.c:2650
HTTP_SWF_COMPRESSION_LZMA
@ HTTP_SWF_COMPRESSION_LZMA
Definition: app-layer-htp.h:90
HtpState_::request_frame_id
FrameId request_frame_id
Definition: app-layer-htp.h:196
HTP_BODY_REQUEST_MULTIPART
@ HTP_BODY_REQUEST_MULTIPART
Definition: app-layer-htp.h:70
HTPCfgDir
struct HTPCfgDir_ HTPCfgDir
HtpTxUserData_::files_ts
FileContainer files_ts
Definition: app-layer-htp.h:177
HTPFreeConfig
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
Definition: app-layer-htp.c:1626
HtpTxUserData_::response_headers_raw_len
uint32_t response_headers_raw_len
Definition: app-layer-htp.h:170
HtpTxUserData_::request_body_init
uint8_t request_body_init
Definition: app-layer-htp.h:153
HtpBodyChunk_::sbseg
StreamingBufferSegment sbseg
Definition: app-layer-htp.h:125
HtpTxUserData_::tsflags
uint8_t tsflags
Definition: app-layer-htp.h:159
HtpBody_::body_inspected
uint64_t body_inspected
Definition: app-layer-htp.h:141