Go to the documentation of this file.
67 #define KEYWORD_NAME "http.protocol"
68 #define KEYWORD_NAME_LEGACY "http_protocol"
69 #define KEYWORD_DOC "http-keywords.html#http-protocol"
70 #define BUFFER_NAME "http_protocol"
71 #define BUFFER_DESC "http protocol"
72 static int g_buffer_id = 0;
87 const uint8_t flow_flags,
void *txv,
const int list_id)
91 const bstr *
str = NULL;
92 htp_tx_t *tx = (htp_tx_t *)txv;
94 if (flow_flags & STREAM_TOSERVER)
95 str = htp_tx_request_protocol(tx);
96 else if (flow_flags & STREAM_TOCLIENT)
97 str = htp_tx_response_protocol(tx);
104 uint32_t data_len = (uint32_t)bstr_size(
str);
105 uint8_t *data = bstr_ptr(
str);
106 if (data == NULL || data_len == 0) {
112 det_ctx, list_id, buffer, data, data_len, transforms);
125 det_ctx, list_id, buffer, (
const uint8_t *)
"HTTP/2", strlen(
"HTTP/2"), transforms);
131 static bool DetectHttpProtocolValidateCallback(
138 for (; sm != NULL; sm = sm->
next) {
144 *sigerror =
"Invalid http.protocol string containing a space";
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define SIGMATCH_INFO_STICKY_BUFFER
SigTableElmt * sigmatch_table
uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
void InspectionBufferSetupAndApplyTransforms(DetectEngineThreadCtx *det_ctx, const int list_id, InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len, const DetectEngineTransforms *transforms)
setup the buffer with our initial data
void DetectHttpProtocolRegister(void)
Registers the keyword handlers for the "http.protocol" keyword.
main detection engine ctx
void DetectBufferTypeRegisterValidateCallback(const char *name, bool(*ValidateCallback)(const Signature *, const char **sigerror, const DetectBufferType *))
int SCDetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
int DetectBufferTypeGetByName(const char *name)
#define SIG_FLAG_TOSERVER
int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
#define SCLogWarning(...)
Macro used to log WARNING messages.
void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register an app layer keyword for mpm
SignatureInitData * init_data
Data structures and function prototypes for keeping state for the detection engine.
SignatureInitDataBuffer * buffers
a single match condition for a signature
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
#define KEYWORD_NAME_LEGACY
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)