Go to the documentation of this file.
32 #include "htp/htp_rs.h"
43 static int g_buffer_id = 0;
45 #ifdef KEYWORD_TOSERVER
48 const uint8_t _flow_flags,
void *txv,
const int list_id)
54 htp_tx_t *tx = (htp_tx_t *)txv;
56 if (htp_tx_request_headers(tx) == NULL)
59 const htp_header_t *h = htp_tx_request_header(tx,
HEADER_NAME);
60 if (h == NULL || htp_header_value(h) == NULL) {
61 SCLogDebug(
"HTTP %s header not present in this request",
66 const uint32_t data_len = htp_header_value_len(h);
67 const uint8_t *data = htp_header_value_ptr(h);
70 det_ctx, list_id, buffer, data, data_len, transforms);
85 const uint8_t *b = NULL;
87 if (rs_http2_tx_get_header_value(txv, STREAM_TOSERVER,
HEADER_NAME, &b, &b_len) != 1)
89 if (b == NULL || b_len == 0)
99 #ifdef KEYWORD_TOCLIENT
102 const uint8_t _flow_flags,
void *txv,
const int list_id)
108 htp_tx_t *tx = (htp_tx_t *)txv;
110 if (htp_tx_response_headers(tx) == NULL)
113 const htp_header_t *h = htp_tx_response_header(tx,
HEADER_NAME);
114 if (h == NULL || htp_header_value(h) == NULL) {
115 SCLogDebug(
"HTTP %s header not present in this request",
120 const uint32_t data_len = htp_header_value_len(h);
121 const uint8_t *data = htp_header_value_ptr(h);
124 det_ctx, list_id, buffer, data, data_len, transforms);
139 const uint8_t *b = NULL;
141 if (rs_http2_tx_get_header_value(txv, STREAM_TOCLIENT,
HEADER_NAME, &b, &b_len) != 1)
143 if (b == NULL || b_len == 0)
181 static void DetectHttpHeadersRegisterStub(
void)
184 #ifdef KEYWORD_NAME_LEGACY
190 #if defined(KEYWORD_TOSERVER) && defined(KEYWORD_TOSERVER)
196 #ifdef KEYWORD_TOSERVER
198 GetRequestData,
ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS);
202 #ifdef KEYWORD_TOCLIENT
204 GetResponseData,
ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_HEADERS);
208 #ifdef KEYWORD_TOSERVER
214 #ifdef KEYWORD_TOCLIENT
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define SIGMATCH_INFO_STICKY_BUFFER
SigTableElmt * sigmatch_table
uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
void InspectionBufferSetupAndApplyTransforms(DetectEngineThreadCtx *det_ctx, const int list_id, InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len, const DetectEngineTransforms *transforms)
setup the buffer with our initial data
int DetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
main detection engine ctx
#define SIG_FLAG_INIT_FORCE_TOCLIENT
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
int DetectBufferTypeGetByName(const char *name)
#define SIG_FLAG_TOSERVER
int DetectSetupDirection(Signature *s, const char *str)
Parse and setup a direction.
int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register an app layer keyword for mpm
SignatureInitData * init_data
#define KEYWORD_NAME_LEGACY
#define SIG_FLAG_INIT_FORCE_TOSERVER
#define SIGMATCH_OPTIONAL_OPT
#define SCLogError(...)
Macro used to log ERROR messages.
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)