64 static int g_http_header_buffer_id = 0;
65 static int g_keyword_thread_id = 0;
67 #define BUFFER_SIZE_STEP 1024
70 static uint8_t *GetBufferForTX(
83 if (
flags & STREAM_TOSERVER) {
87 headers = tx->request_headers;
92 headers = tx->response_headers;
98 size_t no_of_headers = htp_table_size(headers);
99 for (; i < no_of_headers; i++) {
100 htp_header_t *h = htp_table_get_index(headers, i, NULL);
101 size_t size1 = bstr_size(h->name);
102 size_t size2 = bstr_size(h->value);
104 if (
flags & STREAM_TOSERVER) {
106 SCMemcmpLowercase(
"cookie", bstr_ptr(h->name), 6) == 0) {
111 SCMemcmpLowercase(
"set-cookie", bstr_ptr(h->name), 10) == 0) {
116 size_t size = size1 + size2 + 4;
118 if (i + 1 == no_of_headers)
121 if (size + buf->
len > buf->
size) {
127 memcpy(buf->
buffer + buf->
len, bstr_ptr(h->name), bstr_size(h->name));
128 buf->
len += bstr_size(h->name);
131 memcpy(buf->
buffer + buf->
len, bstr_ptr(h->value), bstr_size(h->value));
132 buf->
len += bstr_size(h->value);
135 #if 0 // looks like this breaks existing rules
136 if (i + 1 == no_of_headers) {
143 *buffer_len = buf->
len;
154 const uint8_t *b = NULL;
156 if (rs_http2_tx_get_headers(txv, flow_flags, &b, &b_len) != 1)
158 if (b == NULL || b_len == 0)
177 const int list_id = engine->
sm_list;
180 SCLogDebug(
"setting up inspect buffer %d", list_id);
188 uint32_t rawdata_len = 0;
189 uint8_t *rawdata = GetBufferForTX(txv, det_ctx, f,
flags, &rawdata_len);
190 if (rawdata_len == 0) {
200 const uint8_t *data = buffer->
inspect;
212 if (
flags & STREAM_TOSERVER) {
218 HTP_RESPONSE_HEADERS)
247 const int list_id = ctx->
list_id;
250 uint32_t rawdata_len = 0;
251 uint8_t *rawdata = GetBufferForTX(txv, det_ctx, f,
flags, &rawdata_len);
252 if (rawdata_len == 0)
261 const uint8_t *data = buffer->
inspect;
266 if (data != NULL && data_len >= mpm_ctx->
minlen) {
268 mpm_ctx, &det_ctx->
mtc, &det_ctx->
pmq, data, data_len);
286 PrefilterMpmHttpHeader(det_ctx, pectx, p, f, txv, idx, _txd,
flags);
290 static void PrefilterMpmHttpHeaderFree(
void *ptr)
309 mpm_reg->
app_v2.alproto, HTP_REQUEST_HEADERS,
310 pectx, PrefilterMpmHttpHeaderFree, mpm_reg->
pname);
317 pectx =
SCCalloc(1,
sizeof(*pectx));
325 mpm_reg->
app_v2.alproto, HTP_REQUEST_TRAILER,
326 pectx, PrefilterMpmHttpHeaderFree, mpm_reg->
pname);
347 mpm_reg->
app_v2.alproto, HTP_RESPONSE_HEADERS,
348 pectx, PrefilterMpmHttpHeaderFree, mpm_reg->
pname);
355 pectx =
SCCalloc(1,
sizeof(*pectx));
363 mpm_reg->
app_v2.alproto, HTP_RESPONSE_TRAILER,
364 pectx, PrefilterMpmHttpHeaderFree, mpm_reg->
pname);
434 HTP_REQUEST_HEADERS, DetectEngineInspectBufferHttpHeader, NULL);
440 HTP_RESPONSE_HEADERS, DetectEngineInspectBufferHttpHeader, NULL);
464 static int g_http_request_header_buffer_id = 0;
465 static int g_http_response_header_buffer_id = 0;
466 static int g_request_header_thread_id = 0;
467 static int g_response_header_thread_id = 0;
483 const uint8_t *b = NULL;
485 if (rs_http2_tx_get_header(cbdata->
txv,
flags, cbdata->
local_id, &b, &b_len) != 1) {
489 if (b == NULL || b_len == 0) {
506 const int list_id = ctx->
list_id;
508 uint32_t local_id = 0;
515 GetHttp2HeaderData(det_ctx,
flags, ctx->
transforms, f, &cbdata, list_id);
546 GetHttp2HeaderData(det_ctx,
flags, transforms, f, &cbdata, engine->
sm_list);
547 if (buffer == NULL || buffer->
inspect == NULL)
573 mpm_reg->
app_v2.tx_min_progress, pectx, PrefilterMpmHttpHeaderFree, mpm_reg->
name);
590 static void *HttpMultiBufHeaderThreadDataInit(
void *data)
596 SCLogError(
"failed to allocate %" PRIuMAX
" bytes: %s", (uintmax_t)
sizeof(*td),
603 static void HttpMultiBufHeaderThreadDataFree(
void *data)
606 for (
size_t i = 0; i < td->
cap; i++) {
627 if (
flags & STREAM_TOSERVER) {
628 kw_thread_id = g_request_header_thread_id;
630 kw_thread_id = g_response_header_thread_id;
638 htp_tx_t *tx = (htp_tx_t *)cbdata->
txv;
639 htp_table_t *headers;
640 if (
flags & STREAM_TOSERVER) {
641 headers = tx->request_headers;
643 headers = tx->response_headers;
645 size_t no_of_headers = htp_table_size(headers);
650 if (hdr_td->
cap < no_of_headers) {
655 hdr_td->
items = new_buffer;
657 memset(hdr_td->
items + hdr_td->
cap, 0,
659 hdr_td->
cap = no_of_headers;
661 for (
size_t i = 0; i < no_of_headers; i++) {
662 htp_header_t *h = htp_table_get_index(headers, i, NULL);
663 size_t size1 = bstr_size(h->name);
664 size_t size2 = bstr_size(h->value);
665 size_t size = size1 + size2 + 2;
674 memcpy(hdr_td->
items[i].
buffer, bstr_ptr(h->name), size1);
677 memcpy(hdr_td->
items[i].
buffer + size1 + 2, bstr_ptr(h->value), size2);
680 hdr_td->
len = no_of_headers;
702 const int list_id = ctx->
list_id;
704 uint32_t local_id = 0;
711 GetHttp1HeaderData(det_ctx,
flags, ctx->
transforms, f, &cbdata, list_id);
736 mpm_reg->
app_v2.tx_min_progress, pectx, PrefilterMpmHttpHeaderFree, mpm_reg->
name);
756 GetHttp1HeaderData(det_ctx,
flags, transforms, f, &cbdata, engine->
sm_list);
757 if (buffer == NULL || buffer->
inspect == NULL)
787 "sticky buffer to match on only one HTTP header name and value";
794 PrefilterMpmHttp2HeaderRegister, NULL,
ALPROTO_HTTP2, HTTP2StateOpen);
796 HTTP2StateOpen, DetectEngineInspectHttp2Header, NULL);
800 HTP_REQUEST_HEADERS, DetectEngineInspectHttp1Header, NULL);
806 HttpMultiBufHeaderThreadDataInit, NULL, HttpMultiBufHeaderThreadDataFree);
824 "sticky buffer to match on only one HTTP header name and value";
831 PrefilterMpmHttp2HeaderRegister, NULL,
ALPROTO_HTTP2, HTTP2StateOpen);
833 HTTP2StateOpen, DetectEngineInspectHttp2Header, NULL);
837 HTP_RESPONSE_HEADERS, DetectEngineInspectHttp1Header, NULL);
843 HttpMultiBufHeaderThreadDataInit, NULL, HttpMultiBufHeaderThreadDataFree);