Go to the documentation of this file.
70 static int g_http_client_body_buffer_id = 0;
105 HTP_REQUEST_BODY, DetectEngineInspectBufferHttpBody, NULL);
108 PrefilterMpmHttpRequestBodyRegister, NULL,
ALPROTO_HTTP1, HTP_REQUEST_BODY);
111 "http request body");
114 DetectHttpClientBodySetupCallback);
166 static inline HtpBody *GetRequestBody(htp_tx_t *tx)
184 static void PrefilterMpmHttpRequestBodyFree(
void *ptr)
205 const int list_id,
const int base_id)
210 if (base_id != list_id && buffer->
inspect != NULL)
211 return HttpRequestBodyXformsGetDataCallback(det_ctx, transforms, list_id, buffer);
212 else if (buffer->
inspect != NULL)
217 const uint8_t
flags = flow_flags;
219 HtpBody *body = GetRequestBody(tx);
232 SCLogDebug(
"No http chunks to inspect for this transaction");
236 SCLogDebug(
"request.body_limit %u request_body.content_len_so_far %" PRIu64
237 ", request.inspect_min_size %" PRIu32
", EOF %s, progress > body? %s",
253 !(
flags & STREAM_EOF)) {
254 SCLogDebug(
"we still haven't seen the entire request body. "
255 "Let's defer body inspection till we see the "
271 SCLogDebug(
"inspect_win %"PRIu64, inspect_win);
272 if (inspect_win < htp_state->cfg->request.inspect_window) {
287 &data, &data_len,
offset);
293 if (base_id != list_id) {
294 buffer = HttpRequestBodyXformsGetDataCallback(det_ctx, transforms, list_id, buffer);
307 if (buffer == NULL || buffer->
inspect == NULL) {
312 const uint8_t *data = buffer->
inspect;
317 ci_flags |= buffer->
flags;
331 if (
flags & STREAM_TOSERVER) {
360 const int list_id = ctx->
list_id;
387 mpm_reg->
app_v2.tx_min_progress, pectx, PrefilterMpmHttpRequestBodyFree,
const struct HTPCfgRec_ * cfg
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define SIGMATCH_INFO_STICKY_BUFFER
@ DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE
#define DETECT_CI_FLAGS_START
#define SIGMATCH_INFO_CONTENT_MODIFIER
Container for matching data for a signature group.
void DetectHttpClientBodyRegisterTests(void)
#define SIG_FLAG_INIT_NEED_FLUSH
@ DETECT_AL_HTTP_CLIENT_BODY
DetectEngineTransforms transforms
int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto, void *alstate, uint8_t flags)
get the progress value for a tx/protocol
void DetectBufferTypeRegisterSetupCallback(const char *name, void(*SetupCallback)(const DetectEngineCtx *, Signature *))
struct DetectBufferMpmRegistery_::@87::@89 app_v2
main detection engine ctx
one time registration of keywords at start up
int StreamingBufferGetDataAtOffset(const StreamingBuffer *sb, const uint8_t **data, uint32_t *data_len, uint64_t offset)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
struct DetectEngineAppInspectionEngine_::@84 v2
struct PrefilterMpmHttpRequestBody PrefilterMpmHttpRequestBody
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
@ DETECT_HTTP_REQUEST_BODY
int DetectBufferTypeGetByName(const char *name)
uint64_t content_len_so_far
#define SIG_FLAG_TOSERVER
const DetectEngineTransforms * transforms
uint32_t inspect_min_size
void AppLayerHtpEnableRequestBodyCallback(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request body...
Handle HTTP request body match corresponding to http_client_body keyword.
#define DETECT_ENGINE_INSPECT_SIG_MATCH
int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg, int sm_type, int sm_list, AppProto alproto)
#define DETECT_CI_FLAGS_END
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
SignatureInitData * init_data
#define SCReturnPtr(x, type)
Data structures and function prototypes for keeping state for the detection engine.
uint32_t(* Search)(const struct MpmCtx_ *, struct MpmThreadCtx_ *, PrefilterRuleStore *, const uint8_t *, uint32_t)
#define DETECT_ENGINE_INSPECT_SIG_CANT_MATCH
uint16_t discontinue_matching
uint8_t DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const uint8_t *buffer, uint32_t buffer_len, uint32_t stream_start_offset, uint8_t flags, uint8_t inspection_mode)
Run the actual payload match functions.
void DetectAppLayerMpmRegister2(const char *name, int direction, int priority, int(*PrefilterRegister)(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistery *mpm_reg, int list_id), InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register a MPM engine
struct AppLayerTxData AppLayerTxData
#define PREFILTER_PROFILING_ADD_BYTES(det_ctx, bytes)
void InspectionBufferApplyTransforms(InspectionBuffer *buffer, const DetectEngineTransforms *transforms)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
int inspection_recursion_counter
void DetectHttpClientBodyRegister(void)
Registers the keyword handlers for the "http_client_body" keyword.
int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterTxFn PrefilterTxFunc, AppProto alproto, int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
#define DETECT_ENGINE_INSPECT_SIG_NO_MATCH
void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id, InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
const DetectEngineTransforms * transforms
MpmTableElmt mpm_table[MPM_TABLE_SIZE]
int DetectBufferSetActiveList(Signature *s, const int list)
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
AppProto alproto
application level protocol
void(* RegisterTests)(void)