61 static bool DetectHttpRawHeaderValidateCallback(
63 static int g_http_raw_header_buffer_id = 0;
66 const uint8_t flow_flags,
void *txv,
const int list_id);
84 "content modifier to match the raw HTTP header buffer";
86 "/rules/http-keywords.html#http-header-and-http-raw-header";
108 PrefilterMpmHttpHeaderRawRequestRegister, NULL,
ALPROTO_HTTP1,
111 PrefilterMpmHttpHeaderRawResponseRegister, NULL,
ALPROTO_HTTP1,
128 DetectHttpRawHeaderValidateCallback);
170 static bool DetectHttpRawHeaderValidateCallback(
174 *sigerror =
"http_raw_header signature "
175 "without a flow direction. Use flow:to_server for "
176 "inspecting request headers or flow:to_client for "
177 "inspecting response headers.";
187 const uint8_t flow_flags,
void *txv,
const int list_id)
191 htp_tx_t *tx = (htp_tx_t *)txv;
197 const bool ts = ((flow_flags & STREAM_TOSERVER) != 0);
198 const uint8_t *data =
ts ?
202 const uint32_t data_len =
ts ?
206 det_ctx, list_id, buffer, data, data_len, transforms);
219 const uint8_t *b = NULL;
221 if (rs_http2_tx_get_headers_raw(txv, flow_flags, &b, &b_len) != 1)
223 if (b == NULL || b_len == 0)
255 const int list_id =
ctx->list_id;
258 flags, txv, list_id);
263 const uint8_t *data = buffer->
inspect;
268 if (data != NULL && data_len >= mpm_ctx->
minlen) {
270 mpm_ctx, &det_ctx->
mtc, &det_ctx->
pmq, data, data_len);
288 PrefilterMpmHttpHeaderRaw(det_ctx, pectx, p, f, txv, idx, _txd,
flags);
292 static void PrefilterMpmHttpHeaderRawFree(
void *ptr)
311 HTP_REQUEST_PROGRESS_HEADERS + 1, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->
pname);
318 pectx =
SCCalloc(1,
sizeof(*pectx));
326 HTP_REQUEST_PROGRESS_TRAILER + 1, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->
pname);
347 HTP_RESPONSE_PROGRESS_HEADERS, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->
pname);
354 pectx =
SCCalloc(1,
sizeof(*pectx));
362 HTP_RESPONSE_PROGRESS_TRAILER, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->
pname);