Go to the documentation of this file.
66 static bool DetectHttpHostValidateCallback(
71 Flow *_f,
const uint8_t _flow_flags,
72 void *txv,
const int list_id);
77 static int g_http_raw_host_buffer_id = 0;
81 const uint8_t _flow_flags,
void *txv,
const int list_id);
85 static int g_http_host_buffer_id = 0;
86 static int g_http2_thread_id = 0;
87 static int g_http2_raw_thread_id = 0;
126 DetectHttpHostValidateCallback);
132 "http_host", SCDetectThreadBufDataInit, NULL, SCDetectThreadBufDataFree);
139 "or the raw hostname from the HTTP uri";
166 "http raw host header");
169 "http_raw_host", SCDetectThreadBufDataInit, NULL, SCDetectThreadBufDataFree);
193 static bool DetectHttpHostValidateCallback(
200 for (; sm != NULL; sm = sm->
next) {
204 *sigerror =
"http.host keyword "
205 "specified along with \"nocase\". "
206 "The hostname buffer is normalized "
207 "to lowercase, specifying "
208 "nocase is redundant.";
218 *sigerror =
"A pattern with "
219 "uppercase characters detected for http.host. "
220 "The hostname buffer is normalized to lowercase, "
221 "please specify a lowercase pattern.";
253 const uint8_t _flow_flags,
void *txv,
const int list_id)
257 htp_tx_t *tx = (htp_tx_t *)txv;
259 if (htp_tx_request_hostname(tx) == NULL)
262 const uint32_t data_len = (uint32_t)bstr_len(htp_tx_request_hostname(tx));
263 const uint8_t *data = bstr_ptr(htp_tx_request_hostname(tx));
266 det_ctx, list_id, buffer, data, data_len, transforms);
279 const uint8_t *b = NULL;
281 if (thread_buf == NULL)
283 if (SCHttp2TxGetHostNorm(txv, &b, &b_len, thread_buf) != 1)
285 if (b == NULL || b_len == 0)
301 const uint8_t *b = NULL;
304 if (thread_buf == NULL)
307 if (SCHttp2TxGetHost(txv, &b, &b_len, thread_buf) != 1)
309 if (b == NULL || b_len == 0)
357 const uint8_t _flow_flags,
void *txv,
const int list_id)
361 htp_tx_t *tx = (htp_tx_t *)txv;
363 const uint8_t *data = NULL;
364 uint32_t data_len = 0;
366 if (htp_uri_hostname(htp_tx_parsed_uri(tx)) == NULL) {
367 if (htp_tx_request_headers(tx) == NULL)
370 const htp_header_t *h = htp_tx_request_header(tx,
"Host");
371 if (h == NULL || htp_header_value(h) == NULL)
374 data = htp_header_value_ptr(h);
375 data_len = (uint32_t)htp_header_value_len(h);
377 data = (
const uint8_t *)bstr_ptr(htp_uri_hostname(htp_tx_parsed_uri(tx)));
378 data_len = (uint32_t)bstr_len(htp_uri_hostname(htp_tx_parsed_uri(tx)));
382 det_ctx, list_id, buffer, data, data_len, transforms);
#define DETECT_CONTENT_NOCASE
void DetectHttpHHRegister(void)
Registers the keyword handlers for the "http_host" keyword.
SigTableElmt * sigmatch_table
uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
InspectionBuffer * SCInspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
void * SCDetectThreadCtxGetGlobalKeywordThreadCtx(DetectEngineThreadCtx *det_ctx, int id)
Retrieve thread local keyword ctx by id.
main detection engine ctx
void DetectBufferTypeRegisterValidateCallback(const char *name, bool(*ValidateCallback)(const Signature *, const char **sigerror, const DetectBufferType *))
void SCInspectionBufferSetupAndApplyTransforms(DetectEngineThreadCtx *det_ctx, const int list_id, InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len, const DetectEngineTransforms *transforms)
setup the buffer with our initial data
int SCDetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
int SCDetectSignatureSetAppProto(Signature *s, AppProto alproto)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Handle HTTP host header. HHHD - Http Host Header Data.
void DetectAppLayerMpmRegisterSubState(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, uint8_t sub_state, uint8_t tx_min_progress)
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, uint8_t progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
int DetectBufferTypeGetByName(const char *name)
#define SIG_FLAG_TOSERVER
void DetectHttpHHRegisterTests(void)
int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
#define SCLogWarning(...)
Macro used to log WARNING messages.
#define SIGMATCH_INFO_CONTENT_MODIFIER
int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg, int sm_type, int sm_list, AppProto alproto)
SignatureInitData * init_data
void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, uint8_t tx_min_progress)
register an app layer keyword for mpm
void DetectAppLayerInspectEngineRegisterSubState(const char *name, AppProto alproto, uint32_t dir, uint8_t sub_state, uint8_t progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
register an app inspection engine for a tx type
SignatureInitDataBuffer * buffers
a single match condition for a signature
#define SIGMATCH_INFO_STICKY_BUFFER
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
int SCDetectRegisterThreadCtxGlobalFuncs(const char *name, void *(*InitFunc)(void *), void *data, void(*FreeFunc)(void *))
Register Thread keyword context Funcs (Global)
void(* RegisterTests)(void)