68 #define KEYWORD_NAME "http_protocol" 69 #define KEYWORD_DOC "http-keywords.html#http-protocol" 70 #define BUFFER_NAME "http_protocol" 71 #define BUFFER_DESC "http protocol" 72 static int g_buffer_id = 0;
85 const uint64_t idx,
const uint8_t
flags)
90 htp_tx_t *tx = (htp_tx_t *)txv;
92 if (tx->request_protocol == NULL)
95 uint32_t buffer_len = bstr_size(tx->request_protocol);
96 const uint8_t *buffer = bstr_ptr(tx->request_protocol);
98 if (buffer_len >= mpm_ctx->
minlen) {
100 &det_ctx->
mtcu, &det_ctx->
pmq, buffer, buffer_len);
104 static int PrefilterTxHttpRequestProtocolRegister(
DetectEngineCtx *de_ctx,
126 const uint64_t idx,
const uint8_t
flags)
131 htp_tx_t *tx = (htp_tx_t *)txv;
133 if (tx->response_protocol == NULL)
136 uint32_t buffer_len = bstr_size(tx->response_protocol);
137 const uint8_t *buffer = bstr_ptr(tx->response_protocol);
139 if (buffer_len >= mpm_ctx->
minlen) {
141 &det_ctx->
mtcu, &det_ctx->
pmq, buffer, buffer_len);
145 static int PrefilterTxHttpResponseProtocolRegister(
DetectEngineCtx *de_ctx,
156 static int InspectEngineHttpProtocol(
ThreadVars *tv,
162 htp_tx_t *http_tx = tx;
165 str = http_tx->request_protocol;
167 str = http_tx->response_protocol;
172 uint32_t buffer_len = bstr_size(str);
173 uint8_t *buffer = bstr_ptr(str);
174 if (buffer == NULL ||buffer_len == 0)
189 if (
flags & STREAM_TOSERVER) {
218 PrefilterTxHttpRequestProtocolRegister);
220 PrefilterTxHttpResponseProtocolRegister);
224 InspectEngineHttpProtocol);
227 InspectEngineHttpProtocol);
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
SignatureInitData * init_data
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
uint16_t discontinue_matching
void DetectAppLayerMpmRegister(const char *name, int direction, int priority, int(*PrefilterRegister)(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx))
register an app layer keyword for mpm
int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto, void *alstate, uint8_t flags)
get the progress value for a tx/protocol
Container for matching data for a signature group.
main detection engine ctx
int DetectBufferTypeGetByName(const char *name)
#define SIG_FLAG_TOCLIENT
#define DETECT_ENGINE_INSPECT_SIG_MATCH
Data structures and function prototypes for keeping state for the detection engine.
#define SIG_FLAG_TOSERVER
void DetectHttpProtocolRegister(void)
Registers the keyword handlers for the "http_header" keyword.
#define DETECT_ENGINE_INSPECT_SIG_CANT_MATCH
#define DETECT_ENGINE_INSPECT_SIG_NO_MATCH
MpmTableElmt mpm_table[MPM_TABLE_SIZE]
int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, uint8_t *buffer, uint32_t buffer_len, uint32_t stream_start_offset, uint8_t flags, uint8_t inspection_mode, void *data)
Run the actual payload match functions.
int inspection_recursion_counter
#define DETECT_CI_FLAGS_SINGLE
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
uint32_t(* Search)(const struct MpmCtx_ *, struct MpmThreadCtx_ *, PrefilterRuleStore *, const uint8_t *, uint32_t)
int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, void(*PrefilterTxFunc)(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f, void *tx, const uint64_t idx, const uint8_t flags), AppProto alproto, int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
Per thread variable structure.
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback)
register inspect engine at start up time