64 static int g_http_header_buffer_id = 0;
65 static int g_keyword_thread_id = 0;
67 #define BUFFER_SIZE_STEP 1024
70 static uint8_t *GetBufferForTX(
82 const htp_headers_t *headers;
83 if (
flags & STREAM_TOSERVER) {
85 HTP_REQUEST_PROGRESS_HEADERS)
87 headers = htp_tx_request_headers(tx);
90 HTP_RESPONSE_PROGRESS_HEADERS)
92 headers = htp_tx_response_headers(tx);
98 size_t no_of_headers = htp_headers_size(headers);
99 for (; i < no_of_headers; i++) {
100 const htp_header_t *h = htp_headers_get_index(headers, i);
101 size_t size1 = htp_header_name_len(h);
102 size_t size2 = htp_header_value_len(h);
104 if (
flags & STREAM_TOSERVER) {
105 if (size1 == 6 && SCMemcmpLowercase(
"cookie", htp_header_name_ptr(h), 6) == 0) {
109 if (size1 == 10 && SCMemcmpLowercase(
"set-cookie", htp_header_name_ptr(h), 10) == 0) {
114 size_t size = size1 + size2 + 4;
116 if (i + 1 == no_of_headers)
119 if (size + buf->
len > buf->
size) {
125 memcpy(buf->
buffer + buf->
len, htp_header_name_ptr(h), htp_header_name_len(h));
126 buf->
len += htp_header_name_len(h);
129 memcpy(buf->
buffer + buf->
len, htp_header_value_ptr(h), htp_header_value_len(h));
130 buf->
len += htp_header_value_len(h);
133 #if 0 // looks like this breaks existing rules
134 if (i + 1 == no_of_headers) {
141 *buffer_len = buf->
len;
152 const uint8_t *b = NULL;
154 if (rs_http2_tx_get_headers(txv, flow_flags, &b, &b_len) != 1)
156 if (b == NULL || b_len == 0)
174 const int list_id = engine->
sm_list;
179 SCLogDebug(
"setting up inspect buffer %d", list_id);
187 uint32_t rawdata_len = 0;
188 uint8_t *rawdata = GetBufferForTX(txv, det_ctx, f,
flags, &rawdata_len);
189 if (rawdata_len == 0) {
198 det_ctx, list_id, buffer, rawdata, rawdata_len, transforms);
202 const uint8_t *data = buffer->
inspect;
243 const int list_id =
ctx->list_id;
246 uint32_t rawdata_len = 0;
247 uint8_t *rawdata = GetBufferForTX(txv, det_ctx, f,
flags, &rawdata_len);
248 if (rawdata_len == 0)
253 det_ctx, list_id, buffer, rawdata, rawdata_len,
ctx->transforms);
257 const uint8_t *data = buffer->
inspect;
262 if (data != NULL && data_len >= mpm_ctx->
minlen) {
264 mpm_ctx, &det_ctx->
mtc, &det_ctx->
pmq, data, data_len);
282 PrefilterMpmHttpHeader(det_ctx, pectx, p, f, txv, idx, _txd,
flags);
286 static void PrefilterMpmHttpHeaderFree(
void *ptr)
305 HTP_REQUEST_PROGRESS_HEADERS, pectx, PrefilterMpmHttpHeaderFree, mpm_reg->
pname);
312 pectx =
SCCalloc(1,
sizeof(*pectx));
320 HTP_REQUEST_PROGRESS_TRAILER, pectx, PrefilterMpmHttpHeaderFree, mpm_reg->
pname);
341 HTP_RESPONSE_PROGRESS_HEADERS, pectx, PrefilterMpmHttpHeaderFree, mpm_reg->
pname);
348 pectx =
SCCalloc(1,
sizeof(*pectx));
356 HTP_RESPONSE_PROGRESS_TRAILER, pectx, PrefilterMpmHttpHeaderFree, mpm_reg->
pname);
408 "content modifier to match only on the HTTP header-buffer";
410 "/rules/http-keywords.html#http-header-and-http-raw-header";
428 HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferHttpHeader, NULL);
434 HTP_RESPONSE_PROGRESS_HEADERS, DetectEngineInspectBufferHttpHeader, NULL);
458 static int g_http_request_header_buffer_id = 0;
459 static int g_http_response_header_buffer_id = 0;
460 static int g_request_header_thread_id = 0;
461 static int g_response_header_thread_id = 0;
477 static void *HttpMultiBufHeaderThreadDataInit(
void *data)
483 SCLogError(
"failed to allocate %" PRIuMAX
" bytes: %s", (uintmax_t)
sizeof(*td),
490 static void HttpMultiBufHeaderThreadDataFree(
void *data)
493 for (
size_t i = 0; i < td->
cap; i++) {
502 int list_id, uint32_t local_id)
513 const uint8_t *b = NULL;
515 if (rs_http2_tx_get_header(txv,
flags, local_id, &b, &b_len) != 1) {
519 if (b == NULL || b_len == 0) {
532 int list_id, uint32_t local_id)
542 if (
flags & STREAM_TOSERVER) {
543 kw_thread_id = g_request_header_thread_id;
545 kw_thread_id = g_response_header_thread_id;
553 htp_tx_t *tx = (htp_tx_t *)txv;
554 const htp_headers_t *headers;
555 if (
flags & STREAM_TOSERVER) {
556 headers = htp_tx_request_headers(tx);
558 headers = htp_tx_response_headers(tx);
560 size_t no_of_headers = htp_headers_size(headers);
565 if (hdr_td->
cap < no_of_headers) {
570 hdr_td->
items = new_buffer;
572 memset(hdr_td->
items + hdr_td->
cap, 0,
574 hdr_td->
cap = no_of_headers;
576 for (
size_t i = 0; i < no_of_headers; i++) {
577 const htp_header_t *h = htp_headers_get_index(headers, i);
578 size_t size1 = htp_header_name_len(h);
579 size_t size2 = htp_header_value_len(h);
580 size_t size = size1 + size2 + 2;
589 memcpy(hdr_td->
items[i].
buffer, htp_header_name_ptr(h), size1);
592 memcpy(hdr_td->
items[i].
buffer + size1 + 2, htp_header_value_ptr(h), size2);
595 hdr_td->
len = no_of_headers;
600 if (local_id < hdr_td->
len) {
626 "sticky buffer to match on only one HTTP header name and value";
633 HTTP2StateOpen, GetHttp2HeaderData, 2, HTTP2StateOpen);
635 HTP_REQUEST_PROGRESS_HEADERS, GetHttp1HeaderData, 2, HTP_REQUEST_PROGRESS_HEADERS);
641 HttpMultiBufHeaderThreadDataInit, NULL, HttpMultiBufHeaderThreadDataFree);
659 "sticky buffer to match on only one HTTP header name and value";
666 HTTP2StateOpen, GetHttp2HeaderData, 2, HTTP2StateOpen);
668 HTP_RESPONSE_PROGRESS_HEADERS, GetHttp1HeaderData, 2, HTP_RESPONSE_PROGRESS_HEADERS);
674 HttpMultiBufHeaderThreadDataInit, NULL, HttpMultiBufHeaderThreadDataFree);