64 static int g_http_header_buffer_id = 0;
65 static int g_keyword_thread_id = 0;
67 #define BUFFER_SIZE_STEP 1024
70 static uint8_t *GetBufferForTX(
83 if (
flags & STREAM_TOSERVER) {
87 headers = tx->request_headers;
92 headers = tx->response_headers;
98 size_t no_of_headers = htp_table_size(headers);
99 for (; i < no_of_headers; i++) {
100 htp_header_t *h = htp_table_get_index(headers, i, NULL);
101 size_t size1 = bstr_size(h->name);
102 size_t size2 = bstr_size(h->value);
104 if (
flags & STREAM_TOSERVER) {
106 SCMemcmpLowercase(
"cookie", bstr_ptr(h->name), 6) == 0) {
111 SCMemcmpLowercase(
"set-cookie", bstr_ptr(h->name), 10) == 0) {
116 size_t size = size1 + size2 + 4;
118 if (i + 1 == no_of_headers)
121 if (size + buf->
len > buf->
size) {
127 memcpy(buf->
buffer + buf->
len, bstr_ptr(h->name), bstr_size(h->name));
128 buf->
len += bstr_size(h->name);
131 memcpy(buf->
buffer + buf->
len, bstr_ptr(h->value), bstr_size(h->value));
132 buf->
len += bstr_size(h->value);
135 #if 0 // looks like this breaks existing rules
136 if (i + 1 == no_of_headers) {
143 *buffer_len = buf->
len;
154 const uint8_t *b = NULL;
156 if (rs_http2_tx_get_headers(txv, flow_flags, &b, &b_len) != 1)
158 if (b == NULL || b_len == 0)
177 const int list_id = engine->
sm_list;
182 SCLogDebug(
"setting up inspect buffer %d", list_id);
190 uint32_t rawdata_len = 0;
191 uint8_t *rawdata = GetBufferForTX(txv, det_ctx, f,
flags, &rawdata_len);
192 if (rawdata_len == 0) {
205 const uint8_t *data = buffer->
inspect;
246 const int list_id =
ctx->list_id;
249 uint32_t rawdata_len = 0;
250 uint8_t *rawdata = GetBufferForTX(txv, det_ctx, f,
flags, &rawdata_len);
251 if (rawdata_len == 0)
260 const uint8_t *data = buffer->
inspect;
265 if (data != NULL && data_len >= mpm_ctx->
minlen) {
267 mpm_ctx, &det_ctx->
mtc, &det_ctx->
pmq, data, data_len);
285 PrefilterMpmHttpHeader(det_ctx, pectx, p, f, txv, idx, _txd,
flags);
289 static void PrefilterMpmHttpHeaderFree(
void *ptr)
308 mpm_reg->
app_v2.alproto, HTP_REQUEST_HEADERS,
309 pectx, PrefilterMpmHttpHeaderFree, mpm_reg->
pname);
316 pectx =
SCCalloc(1,
sizeof(*pectx));
324 mpm_reg->
app_v2.alproto, HTP_REQUEST_TRAILER,
325 pectx, PrefilterMpmHttpHeaderFree, mpm_reg->
pname);
346 mpm_reg->
app_v2.alproto, HTP_RESPONSE_HEADERS,
347 pectx, PrefilterMpmHttpHeaderFree, mpm_reg->
pname);
354 pectx =
SCCalloc(1,
sizeof(*pectx));
362 mpm_reg->
app_v2.alproto, HTP_RESPONSE_TRAILER,
363 pectx, PrefilterMpmHttpHeaderFree, mpm_reg->
pname);
433 HTP_REQUEST_HEADERS, DetectEngineInspectBufferHttpHeader, NULL);
439 HTP_RESPONSE_HEADERS, DetectEngineInspectBufferHttpHeader, NULL);
463 static int g_http_request_header_buffer_id = 0;
464 static int g_http_response_header_buffer_id = 0;
465 static int g_request_header_thread_id = 0;
466 static int g_response_header_thread_id = 0;
482 static void *HttpMultiBufHeaderThreadDataInit(
void *data)
488 SCLogError(
"failed to allocate %" PRIuMAX
" bytes: %s", (uintmax_t)
sizeof(*td),
495 static void HttpMultiBufHeaderThreadDataFree(
void *data)
498 for (
size_t i = 0; i < td->
cap; i++) {
507 int list_id, uint32_t local_id)
518 const uint8_t *b = NULL;
520 if (rs_http2_tx_get_header(txv,
flags, local_id, &b, &b_len) != 1) {
524 if (b == NULL || b_len == 0) {
537 int list_id, uint32_t local_id)
547 if (
flags & STREAM_TOSERVER) {
548 kw_thread_id = g_request_header_thread_id;
550 kw_thread_id = g_response_header_thread_id;
558 htp_tx_t *tx = (htp_tx_t *)txv;
559 htp_table_t *headers;
560 if (
flags & STREAM_TOSERVER) {
561 headers = tx->request_headers;
563 headers = tx->response_headers;
565 size_t no_of_headers = htp_table_size(headers);
570 if (hdr_td->
cap < no_of_headers) {
575 hdr_td->
items = new_buffer;
577 memset(hdr_td->
items + hdr_td->
cap, 0,
579 hdr_td->
cap = no_of_headers;
581 for (
size_t i = 0; i < no_of_headers; i++) {
582 htp_header_t *h = htp_table_get_index(headers, i, NULL);
583 size_t size1 = bstr_size(h->name);
584 size_t size2 = bstr_size(h->value);
585 size_t size = size1 + size2 + 2;
594 memcpy(hdr_td->
items[i].
buffer, bstr_ptr(h->name), size1);
597 memcpy(hdr_td->
items[i].
buffer + size1 + 2, bstr_ptr(h->value), size2);
600 hdr_td->
len = no_of_headers;
605 if (local_id < hdr_td->
len) {
631 "sticky buffer to match on only one HTTP header name and value";
638 HTTP2StateOpen, GetHttp2HeaderData, 2, HTTP2StateOpen);
640 HTP_REQUEST_HEADERS, GetHttp1HeaderData, 2, HTP_REQUEST_HEADERS);
646 HttpMultiBufHeaderThreadDataInit, NULL, HttpMultiBufHeaderThreadDataFree);
664 "sticky buffer to match on only one HTTP header name and value";
671 HTTP2StateOpen, GetHttp2HeaderData, 2, HTTP2StateOpen);
673 HTP_RESPONSE_HEADERS, GetHttp1HeaderData, 2, HTP_RESPONSE_HEADERS);
679 HttpMultiBufHeaderThreadDataInit, NULL, HttpMultiBufHeaderThreadDataFree);