suricata
detect-http-raw-header.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \ingroup httplayer
20  *
21  * @{
22  */
23 
24 
25 /**
26  * \file
27  *
28  * \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
29  *
30  * Implements support for http_raw_header keyword.
31  */
32 
33 #include "suricata-common.h"
34 #include "threads.h"
35 #include "decode.h"
36 
37 #include "detect.h"
38 #include "detect-parse.h"
39 #include "detect-engine.h"
40 #include "detect-engine-mpm.h"
42 #include "detect-content.h"
43 
44 #include "flow.h"
45 #include "flow-var.h"
46 #include "flow-util.h"
47 
48 #include "util-debug.h"
49 #include "util-profiling.h"
50 
51 #include "app-layer.h"
52 #include "app-layer-parser.h"
53 #include "app-layer-htp.h"
54 #include "detect-http-raw-header.h"
55 
56 static int DetectHttpRawHeaderSetup(DetectEngineCtx *, Signature *, const char *);
57 static int DetectHttpRawHeaderSetupSticky(DetectEngineCtx *de_ctx, Signature *s, const char *str);
58 #ifdef UNITTESTS
59 static void DetectHttpRawHeaderRegisterTests(void);
60 #endif
61 static bool DetectHttpRawHeaderValidateCallback(const Signature *s, const char **sigerror);
62 static int g_http_raw_header_buffer_id = 0;
63 static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
64  const DetectEngineTransforms *transforms, Flow *_f,
65  const uint8_t flow_flags, void *txv, const int list_id);
66 static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
67  const DetectEngineTransforms *transforms, Flow *_f, const uint8_t flow_flags, void *txv,
68  const int list_id);
69 
70 static int PrefilterMpmHttpHeaderRawRequestRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
71  MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id);
72 static int PrefilterMpmHttpHeaderRawResponseRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
73  MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id);
74 
75 /**
76  * \brief Registers the keyword handlers for the "http_raw_header" keyword.
77  */
79 {
80  /* http_raw_header content modifier */
81  sigmatch_table[DETECT_HTTP_RAW_HEADER_CM].name = "http_raw_header";
83  "content modifier to match the raw HTTP header buffer";
85  "/rules/http-keywords.html#http-header-and-http-raw-header";
86  sigmatch_table[DETECT_HTTP_RAW_HEADER_CM].Setup = DetectHttpRawHeaderSetup;
87 #ifdef UNITTESTS
89 #endif
93 
94  /* http.header.raw sticky buffer */
95  sigmatch_table[DETECT_HTTP_RAW_HEADER].name = "http.header.raw";
96  sigmatch_table[DETECT_HTTP_RAW_HEADER].desc = "sticky buffer to match the raw HTTP header buffer";
97  sigmatch_table[DETECT_HTTP_RAW_HEADER].url = "/rules/http-keywords.html#http-header-and-http-raw-header";
98  sigmatch_table[DETECT_HTTP_RAW_HEADER].Setup = DetectHttpRawHeaderSetupSticky;
100 
105 
106  DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOSERVER, 2,
107  PrefilterMpmHttpHeaderRawRequestRegister, NULL, ALPROTO_HTTP1,
108  0); /* progress handled in register */
109  DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOCLIENT, 2,
110  PrefilterMpmHttpHeaderRawResponseRegister, NULL, ALPROTO_HTTP1,
111  0); /* progress handled in register */
112 
114  HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2);
116  HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2);
117 
119  GetData2, ALPROTO_HTTP2, HTTP2StateDataClient);
121  GetData2, ALPROTO_HTTP2, HTTP2StateDataServer);
122 
123  DetectBufferTypeSetDescriptionByName("http_raw_header",
124  "raw http headers");
125 
127  DetectHttpRawHeaderValidateCallback);
128 
129  g_http_raw_header_buffer_id = DetectBufferTypeGetByName("http_raw_header");
130 }
131 
132 /**
133  * \brief The setup function for the http_raw_header keyword for a signature.
134  *
135  * \param de_ctx Pointer to the detection engine context.
136  * \param s Pointer to signature for the current Signature being parsed
137  * from the rules.
138  * \param m Pointer to the head of the SigMatchs for the current rule
139  * being parsed.
140  * \param arg Pointer to the string holding the keyword value.
141  *
142  * \retval 0 On success.
143  * \retval -1 On failure.
144  */
145 int DetectHttpRawHeaderSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
146 {
148  de_ctx, s, arg, DETECT_HTTP_RAW_HEADER_CM, g_http_raw_header_buffer_id, ALPROTO_HTTP1);
149 }
150 
151 /**
152  * \brief this function setup the http.header.raw keyword used in the rule
153  *
154  * \param de_ctx Pointer to the Detection Engine Context
155  * \param s Pointer to the Signature to which the current keyword belongs
156  * \param str Should hold an empty string always
157  *
158  * \retval 0 On success
159  */
160 static int DetectHttpRawHeaderSetupSticky(DetectEngineCtx *de_ctx, Signature *s, const char *str)
161 {
162  if (DetectBufferSetActiveList(de_ctx, s, g_http_raw_header_buffer_id) < 0)
163  return -1;
165  return -1;
166  return 0;
167 }
168 
169 static bool DetectHttpRawHeaderValidateCallback(const Signature *s, const char **sigerror)
170 {
172  *sigerror = "http_raw_header signature "
173  "without a flow direction. Use flow:to_server for "
174  "inspecting request headers or flow:to_client for "
175  "inspecting response headers.";
176 
177  SCLogError("%s", *sigerror);
178  SCReturnInt(false);
179  }
180  return true;
181 }
182 
183 static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
184  const DetectEngineTransforms *transforms, Flow *_f,
185  const uint8_t flow_flags, void *txv, const int list_id)
186 {
187  InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
188  if (buffer->inspect == NULL) {
189  htp_tx_t *tx = (htp_tx_t *)txv;
190 
191  HtpTxUserData *tx_ud = htp_tx_get_user_data(tx);
192  if (tx_ud == NULL)
193  return NULL;
194 
195  const bool ts = ((flow_flags & STREAM_TOSERVER) != 0);
196  const uint8_t *data = ts ?
198  if (data == NULL)
199  return NULL;
200  const uint32_t data_len = ts ?
202 
204  det_ctx, list_id, buffer, data, data_len, transforms);
205  }
206 
207  return buffer;
208 }
209 
210 static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
211  const DetectEngineTransforms *transforms, Flow *_f, const uint8_t flow_flags, void *txv,
212  const int list_id)
213 {
214  InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
215  if (buffer->inspect == NULL) {
216  uint32_t b_len = 0;
217  const uint8_t *b = NULL;
218 
219  if (rs_http2_tx_get_headers_raw(txv, flow_flags, &b, &b_len) != 1)
220  return NULL;
221  if (b == NULL || b_len == 0)
222  return NULL;
223 
224  InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
225  }
226 
227  return buffer;
228 }
229 
231  int list_id;
232  const MpmCtx *mpm_ctx;
235 
236 /** \brief Generic Mpm prefilter callback
237  *
238  * \param det_ctx detection engine thread ctx
239  * \param p packet to inspect
240  * \param f flow to inspect
241  * \param txv tx to inspect
242  * \param pectx inspection context
243  */
244 static void PrefilterMpmHttpHeaderRaw(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p,
245  Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags)
246 {
247  SCEnter();
248 
249  const PrefilterMpmHttpHeaderRawCtx *ctx = pectx;
250  const MpmCtx *mpm_ctx = ctx->mpm_ctx;
251  SCLogDebug("running on list %d", ctx->list_id);
252 
253  const int list_id = ctx->list_id;
254 
255  InspectionBuffer *buffer = GetData(det_ctx, ctx->transforms, f,
256  flags, txv, list_id);
257  if (buffer == NULL)
258  return;
259 
260  const uint32_t data_len = buffer->inspect_len;
261  const uint8_t *data = buffer->inspect;
262 
263  SCLogDebug("mpm'ing buffer:");
264  //PrintRawDataFp(stdout, data, data_len);
265 
266  if (data != NULL && data_len >= mpm_ctx->minlen) {
267  (void)mpm_table[mpm_ctx->mpm_type].Search(
268  mpm_ctx, &det_ctx->mtc, &det_ctx->pmq, data, data_len);
269  PREFILTER_PROFILING_ADD_BYTES(det_ctx, data_len);
270  }
271 }
272 
273 static void PrefilterMpmHttpTrailerRaw(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p,
274  Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags)
275 {
276  SCEnter();
277 
278  htp_tx_t *tx = txv;
279  const HtpTxUserData *htud = (const HtpTxUserData *)htp_tx_get_user_data(tx);
280  /* if the request wasn't flagged as having a trailer, we skip */
281  if (htud && (
282  ((flags & STREAM_TOSERVER) && !htud->request_has_trailers) ||
283  ((flags & STREAM_TOCLIENT) && !htud->response_has_trailers))) {
284  SCReturn;
285  }
286  PrefilterMpmHttpHeaderRaw(det_ctx, pectx, p, f, txv, idx, _txd, flags);
287  SCReturn;
288 }
289 
290 static void PrefilterMpmHttpHeaderRawFree(void *ptr)
291 {
292  SCFree(ptr);
293 }
294 
295 static int PrefilterMpmHttpHeaderRawRequestRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
296  MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
297 {
298  SCEnter();
299 
300  /* header */
301  PrefilterMpmHttpHeaderRawCtx *pectx = SCCalloc(1, sizeof(*pectx));
302  if (pectx == NULL)
303  return -1;
304  pectx->list_id = list_id;
305  pectx->mpm_ctx = mpm_ctx;
306  pectx->transforms = &mpm_reg->transforms;
307 
308  int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeaderRaw, mpm_reg->app_v2.alproto,
309  HTP_REQUEST_PROGRESS_HEADERS + 1, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
310  if (r != 0) {
311  SCFree(pectx);
312  return r;
313  }
314 
315  /* trailer */
316  pectx = SCCalloc(1, sizeof(*pectx));
317  if (pectx == NULL)
318  return -1;
319  pectx->list_id = list_id;
320  pectx->mpm_ctx = mpm_ctx;
321  pectx->transforms = &mpm_reg->transforms;
322 
323  r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailerRaw, mpm_reg->app_v2.alproto,
324  HTP_REQUEST_PROGRESS_TRAILER + 1, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
325  if (r != 0) {
326  SCFree(pectx);
327  }
328  return r;
329 }
330 
331 static int PrefilterMpmHttpHeaderRawResponseRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
332  MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
333 {
334  SCEnter();
335 
336  /* header */
337  PrefilterMpmHttpHeaderRawCtx *pectx = SCCalloc(1, sizeof(*pectx));
338  if (pectx == NULL)
339  return -1;
340  pectx->list_id = list_id;
341  pectx->mpm_ctx = mpm_ctx;
342  pectx->transforms = &mpm_reg->transforms;
343 
344  int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeaderRaw, mpm_reg->app_v2.alproto,
345  HTP_RESPONSE_PROGRESS_HEADERS, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
346  if (r != 0) {
347  SCFree(pectx);
348  return r;
349  }
350 
351  /* trailer */
352  pectx = SCCalloc(1, sizeof(*pectx));
353  if (pectx == NULL)
354  return -1;
355  pectx->list_id = list_id;
356  pectx->mpm_ctx = mpm_ctx;
357  pectx->transforms = &mpm_reg->transforms;
358 
359  r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailerRaw, mpm_reg->app_v2.alproto,
360  HTP_RESPONSE_PROGRESS_TRAILER, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
361  if (r != 0) {
362  SCFree(pectx);
363  }
364  return r;
365 }
366 
367 /************************************Unittests*********************************/
368 
369 #ifdef UNITTESTS
371 #endif
372 
373 /**
374  * @}
375  */
SigTableElmt_::url
const char * url
Definition: detect.h:1329
DetectSignatureSetAppProto
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
Definition: detect-parse.c:1870
detect-content.h
MpmCtx_::mpm_type
uint8_t mpm_type
Definition: util-mpm.h:95
ts
uint64_t ts
Definition: source-erf-file.c:55
detect-engine.h
SIGMATCH_INFO_STICKY_BUFFER
#define SIGMATCH_INFO_STICKY_BUFFER
Definition: detect.h:1534
PrefilterMpmHttpHeaderRawCtx::list_id
int list_id
Definition: detect-http-raw-header.c:231
SigTableElmt_::desc
const char * desc
Definition: detect.h:1328
sigmatch_table
SigTableElmt * sigmatch_table
Definition: detect-parse.c:153
DetectEngineInspectBufferGeneric
uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:2195
flow-util.h
SIGMATCH_INFO_CONTENT_MODIFIER
#define SIGMATCH_INFO_CONTENT_MODIFIER
Definition: detect.h:1532
HtpTxUserData_::request_headers_raw_len
uint32_t request_headers_raw_len
Definition: app-layer-htp.h:232
SigTableElmt_::name
const char * name
Definition: detect.h:1326
InspectionBufferSetupAndApplyTransforms
void InspectionBufferSetupAndApplyTransforms(DetectEngineThreadCtx *det_ctx, const int list_id, InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len, const DetectEngineTransforms *transforms)
setup the buffer with our initial data
Definition: detect-engine.c:1662
PrefilterMpmHttpHeaderRawCtx::transforms
const DetectEngineTransforms * transforms
Definition: detect-http-raw-header.c:233
DETECT_HTTP_RAW_HEADER
@ DETECT_HTTP_RAW_HEADER
Definition: detect-engine-register.h:173
SigGroupHead_
Container for matching data for a signature group.
Definition: detect.h:1482
DetectEngineTransforms
Definition: detect.h:409
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
HTP_RESPONSE_PROGRESS_HEADERS
#define HTP_RESPONSE_PROGRESS_HEADERS
Definition: app-layer-htp-libhtp.h:94
DetectBufferSetActiveList
int DetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
Definition: detect-engine.c:1377
InspectionBuffer
Definition: detect.h:374
DetectHttpRawHeaderRegister
void DetectHttpRawHeaderRegister(void)
Registers the keyword handlers for the "http_raw_header" keyword.
Definition: detect-http-raw-header.c:78
DetectHttpRawHeaderRegisterTests
void DetectHttpRawHeaderRegisterTests(void)
Definition: detect-http-raw-header.c:3876
threads.h
Flow_
Flow data structure.
Definition: flow.h:354
DetectEngineThreadCtx_::pmq
PrefilterRuleStore pmq
Definition: detect.h:1222
SigTableElmt_::flags
uint16_t flags
Definition: detect.h:1320
ctx
struct Thresholds ctx
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:860
DetectBufferMpmRegistry_
one time registration of keywords at start up
Definition: detect.h:703
PrefilterMpmHttpHeaderRawCtx::mpm_ctx
const MpmCtx * mpm_ctx
Definition: detect-http-raw-header.c:232
SIG_FLAG_TOCLIENT
#define SIG_FLAG_TOCLIENT
Definition: detect.h:270
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1311
detect-http-raw-header.c
Handle HTTP raw header match.
DetectBufferMpmRegistry_::transforms
DetectEngineTransforms transforms
Definition: detect.h:716
detect-engine-prefilter.h
HTP_REQUEST_PROGRESS_TRAILER
#define HTP_REQUEST_PROGRESS_TRAILER
Definition: app-layer-htp-libhtp.h:91
InspectionBufferGet
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
Definition: detect-engine.c:1521
DetectBufferTypeGetByName
int DetectBufferTypeGetByName(const char *name)
Definition: detect-engine.c:1114
SIG_FLAG_TOSERVER
#define SIG_FLAG_TOSERVER
Definition: detect.h:269
app-layer-htp.h
PrefilterMpmHttpHeaderRawCtx
struct PrefilterMpmHttpHeaderRawCtx PrefilterMpmHttpHeaderRawCtx
decode.h
util-debug.h
DetectBufferTypeRegisterValidateCallback
void DetectBufferTypeRegisterValidateCallback(const char *name, bool(*ValidateCallback)(const Signature *, const char **sigerror))
Definition: detect-engine.c:1326
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:18
DetectEngineThreadCtx_
Definition: detect.h:1116
PrefilterMpmHttpHeaderRawCtx
Definition: detect-http-raw-header.c:230
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
detect-engine-mpm.h
detect.h
HtpTxUserData_::response_has_trailers
uint8_t response_has_trailers
Definition: app-layer-htp.h:218
HtpTxUserData_::request_headers_raw
uint8_t * request_headers_raw
Definition: app-layer-htp.h:230
PrefilterGenericMpmRegister
int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
Definition: detect-engine-prefilter.c:761
SigTableElmt_::alternative
uint16_t alternative
Definition: detect.h:1324
DetectAppLayerMpmRegister
void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register an app layer keyword for mpm
Definition: detect-engine-mpm.c:151
app-layer-parser.h
MpmCtx_::minlen
uint16_t minlen
Definition: util-mpm.h:104
HtpTxUserData_::request_has_trailers
uint8_t request_has_trailers
Definition: app-layer-htp.h:217
util-profiling.h
SCReturn
#define SCReturn
Definition: util-debug.h:273
Signature_::flags
uint32_t flags
Definition: detect.h:619
DetectEngineContentModifierBufferSetup
int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg, int sm_type, int sm_list, AppProto alproto)
Definition: detect-parse.c:220
Packet_
Definition: decode.h:476
DetectBufferMpmRegistry_::app_v2
struct DetectBufferMpmRegistry_::@82::@84 app_v2
ALPROTO_HTTP2
@ ALPROTO_HTTP2
Definition: app-layer-protos.h:70
MpmTableElmt_::Search
uint32_t(* Search)(const struct MpmCtx_ *, struct MpmThreadCtx_ *, PrefilterRuleStore *, const uint8_t *, uint32_t)
Definition: util-mpm.h:177
DetectEngineThreadCtx_::mtc
MpmThreadCtx mtc
Definition: detect.h:1221
DETECT_HTTP_RAW_HEADER_CM
@ DETECT_HTTP_RAW_HEADER_CM
Definition: detect-engine-register.h:172
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: detect.h:1389
PREFILTER_PROFILING_ADD_BYTES
#define PREFILTER_PROFILING_ADD_BYTES(det_ctx, bytes)
Definition: util-profiling.h:286
flags
uint8_t flags
Definition: decode-gre.h:0
suricata-common.h
HtpTxUserData_::response_headers_raw
uint8_t * response_headers_raw
Definition: app-layer-htp.h:231
ALPROTO_HTTP1
@ ALPROTO_HTTP1
Definition: app-layer-protos.h:36
HTP_REQUEST_PROGRESS_HEADERS
#define HTP_REQUEST_PROGRESS_HEADERS
Definition: app-layer-htp-libhtp.h:89
PrefilterAppendTxEngine
int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterTxFn PrefilterTxFunc, AppProto alproto, int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
Definition: detect-engine-prefilter.c:284
HtpTxUserData_
Definition: app-layer-htp.h:212
detect-http-raw-header.h
InspectionBuffer::inspect_len
uint32_t inspect_len
Definition: detect.h:377
InspectionBuffer::inspect
const uint8_t * inspect
Definition: detect.h:375
str
#define str(s)
Definition: suricata-common.h:300
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
detect-parse.h
Signature_
Signature container.
Definition: detect.h:618
ALPROTO_HTTP
@ ALPROTO_HTTP
Definition: app-layer-protos.h:76
mpm_table
MpmTableElmt mpm_table[MPM_TABLE_SIZE]
Definition: util-mpm.c:47
HTP_RESPONSE_PROGRESS_TRAILER
#define HTP_RESPONSE_PROGRESS_TRAILER
Definition: app-layer-htp-libhtp.h:96
SIGMATCH_NOOPT
#define SIGMATCH_NOOPT
Definition: detect.h:1510
DetectAppLayerInspectEngineRegister
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
Definition: detect-engine.c:245
DetectBufferTypeSetDescriptionByName
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
Definition: detect-engine.c:1211
MpmCtx_
Definition: util-mpm.h:93
HtpTxUserData_::response_headers_raw_len
uint32_t response_headers_raw_len
Definition: app-layer-htp.h:233
flow.h
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
flow-var.h
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1318
app-layer.h
DetectBufferMpmRegistry_::pname
char pname[32]
Definition: detect.h:705