60 static _Bool DetectHttpRawHeaderValidateCallback(
const Signature *s,
const char **sigerror);
61 static int g_http_raw_header_buffer_id = 0;
64 const uint8_t flow_flags,
void *txv,
const int list_id);
66 static int PrefilterMpmHttpHeaderRawRequestRegister(
DetectEngineCtx *de_ctx,
69 static int PrefilterMpmHttpHeaderRawResponseRegister(
DetectEngineCtx *de_ctx,
104 PrefilterMpmHttpHeaderRawRequestRegister, NULL,
ALPROTO_HTTP,
107 PrefilterMpmHttpHeaderRawResponseRegister, NULL,
ALPROTO_HTTP,
114 DetectHttpRawHeaderValidateCallback);
136 g_http_raw_header_buffer_id,
158 static _Bool DetectHttpRawHeaderValidateCallback(
const Signature *s,
const char **sigerror)
161 *sigerror =
"http_raw_header signature " 162 "without a flow direction. Use flow:to_server for " 163 "inspecting request headers or flow:to_client for " 164 "inspecting response headers.";
174 const uint8_t flow_flags,
void *txv,
const int list_id)
178 htp_tx_t *tx = (htp_tx_t *)txv;
185 const uint8_t *data = ts ?
189 const uint8_t data_len = ts ?
216 const uint64_t idx,
const uint8_t
flags)
227 flags, txv, list_id);
232 const uint8_t *data = buffer->
inspect;
237 if (data != NULL && data_len >= mpm_ctx->
minlen) {
239 &det_ctx->
mtcu, &det_ctx->
pmq, data, data_len);
246 const uint64_t idx,
const uint8_t
flags)
258 PrefilterMpmHttpHeaderRaw(det_ctx, pectx, p, f, txv, idx, flags);
262 static void PrefilterMpmHttpHeaderRawFree(
void *ptr)
267 static int PrefilterMpmHttpHeaderRawRequestRegister(
DetectEngineCtx *de_ctx,
282 mpm_reg->
app_v2.alproto, HTP_REQUEST_HEADERS+1,
283 pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->
pname);
290 pectx =
SCCalloc(1,
sizeof(*pectx));
298 mpm_reg->
app_v2.alproto, HTP_REQUEST_TRAILER+1,
299 pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->
pname);
306 static int PrefilterMpmHttpHeaderRawResponseRegister(
DetectEngineCtx *de_ctx,
321 mpm_reg->
app_v2.alproto, HTP_RESPONSE_HEADERS,
322 pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->
pname);
329 pectx =
SCCalloc(1,
sizeof(*pectx));
337 mpm_reg->
app_v2.alproto, HTP_RESPONSE_TRAILER,
338 pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->
pname);
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
uint32_t request_headers_raw_len
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
DetectEngineTransforms transforms
struct DetectBufferMpmRegistery_::@95::@97 app_v2
#define SIGMATCH_INFO_CONTENT_MODIFIER
Container for matching data for a signature group.
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
void DetectAppLayerMpmRegister2(const char *name, int direction, int priority, int(*PrefilterRegister)(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistery *mpm_reg, int list_id), InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register a MPM engine
uint8_t response_has_trailers
uint8_t * request_headers_raw
main detection engine ctx
int DetectBufferTypeGetByName(const char *name)
#define SIG_FLAG_TOCLIENT
#define SIGMATCH_INFO_STICKY_BUFFER
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
one time registration of keywords at start up
#define SIG_FLAG_TOSERVER
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg, int sm_type, int sm_list, AppProto alproto)
int DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
uint8_t request_has_trailers
MpmTableElmt mpm_table[MPM_TABLE_SIZE]
void InspectionBufferSetup(InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
uint8_t * response_headers_raw
void InspectionBufferApplyTransforms(InspectionBuffer *buffer, const DetectEngineTransforms *transforms)
int DetectBufferSetActiveList(Signature *s, const int list)
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
uint32_t response_headers_raw_len
uint32_t(* Search)(const struct MpmCtx_ *, struct MpmThreadCtx_ *, PrefilterRuleStore *, const uint8_t *, uint32_t)
int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, void(*PrefilterTxFunc)(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f, void *tx, const uint64_t idx, const uint8_t flags), AppProto alproto, int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
void DetectBufferTypeRegisterValidateCallback(const char *name, _Bool(*ValidateCallback)(const Signature *, const char **sigerror))
void(* RegisterTests)(void)