suricata
detect-http-raw-header.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \ingroup httplayer
20  *
21  * @{
22  */
23 
24 
25 /**
26  * \file
27  *
28  * \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
29  *
30  * Implements support for http_raw_header keyword.
31  */
32 
33 #include "suricata-common.h"
34 #include "threads.h"
35 #include "decode.h"
36 
37 #include "detect.h"
38 #include "detect-parse.h"
39 #include "detect-engine.h"
40 #include "detect-engine-mpm.h"
42 #include "detect-content.h"
43 
44 #include "flow.h"
45 #include "flow-var.h"
46 #include "flow-util.h"
47 
48 #include "util-debug.h"
49 #include "util-profiling.h"
50 
51 #include "app-layer.h"
52 #include "app-layer-parser.h"
53 #include "app-layer-htp.h"
54 #include "detect-http-raw-header.h"
55 
56 static int DetectHttpRawHeaderSetup(DetectEngineCtx *, Signature *, const char *);
57 static int DetectHttpRawHeaderSetupSticky(DetectEngineCtx *de_ctx, Signature *s, const char *str);
58 #ifdef UNITTESTS
59 static void DetectHttpRawHeaderRegisterTests(void);
60 #endif
61 static bool DetectHttpRawHeaderValidateCallback(
62  const Signature *s, const char **sigerror, const DetectBufferType *dbt);
63 static int g_http_raw_header_buffer_id = 0;
64 static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
65  const DetectEngineTransforms *transforms, Flow *_f,
66  const uint8_t flow_flags, void *txv, const int list_id);
67 static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
68  const DetectEngineTransforms *transforms, Flow *_f, const uint8_t flow_flags, void *txv,
69  const int list_id);
70 
71 static int PrefilterMpmHttpHeaderRawRequestRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
72  MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id);
73 static int PrefilterMpmHttpHeaderRawResponseRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
74  MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id);
75 
76 /**
77  * \brief Registers the keyword handlers for the "http_raw_header" keyword.
78  */
80 {
81  /* http_raw_header content modifier */
82  sigmatch_table[DETECT_HTTP_RAW_HEADER_CM].name = "http_raw_header";
84  "content modifier to match the raw HTTP header buffer";
86  "/rules/http-keywords.html#http-header-and-http-raw-header";
87  sigmatch_table[DETECT_HTTP_RAW_HEADER_CM].Setup = DetectHttpRawHeaderSetup;
88 #ifdef UNITTESTS
90 #endif
94 
95  /* http.header.raw sticky buffer */
96  sigmatch_table[DETECT_HTTP_RAW_HEADER].name = "http.header.raw";
97  sigmatch_table[DETECT_HTTP_RAW_HEADER].desc = "sticky buffer to match the raw HTTP header buffer";
98  sigmatch_table[DETECT_HTTP_RAW_HEADER].url = "/rules/http-keywords.html#http-header-and-http-raw-header";
99  sigmatch_table[DETECT_HTTP_RAW_HEADER].Setup = DetectHttpRawHeaderSetupSticky;
101 
103  HTP_REQUEST_PROGRESS_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData);
105  HTP_RESPONSE_PROGRESS_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData);
106 
107  DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOSERVER, 2,
108  PrefilterMpmHttpHeaderRawRequestRegister, NULL, ALPROTO_HTTP1,
109  0); /* progress handled in register */
110  DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOCLIENT, 2,
111  PrefilterMpmHttpHeaderRawResponseRegister, NULL, ALPROTO_HTTP1,
112  0); /* progress handled in register */
113 
115  HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2);
117  HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2);
118 
120  GetData2, ALPROTO_HTTP2, HTTP2StateDataClient);
122  GetData2, ALPROTO_HTTP2, HTTP2StateDataServer);
123 
124  DetectBufferTypeSetDescriptionByName("http_raw_header",
125  "raw http headers");
126 
128  DetectHttpRawHeaderValidateCallback);
129 
130  g_http_raw_header_buffer_id = DetectBufferTypeGetByName("http_raw_header");
131 }
132 
133 /**
134  * \brief The setup function for the http_raw_header keyword for a signature.
135  *
136  * \param de_ctx Pointer to the detection engine context.
137  * \param s Pointer to signature for the current Signature being parsed
138  * from the rules.
139  * \param m Pointer to the head of the SigMatchs for the current rule
140  * being parsed.
141  * \param arg Pointer to the string holding the keyword value.
142  *
143  * \retval 0 On success.
144  * \retval -1 On failure.
145  */
146 int DetectHttpRawHeaderSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
147 {
149  de_ctx, s, arg, DETECT_HTTP_RAW_HEADER_CM, g_http_raw_header_buffer_id, ALPROTO_HTTP1);
150 }
151 
152 /**
153  * \brief this function setup the http.header.raw keyword used in the rule
154  *
155  * \param de_ctx Pointer to the Detection Engine Context
156  * \param s Pointer to the Signature to which the current keyword belongs
157  * \param str Should hold an empty string always
158  *
159  * \retval 0 On success
160  */
161 static int DetectHttpRawHeaderSetupSticky(DetectEngineCtx *de_ctx, Signature *s, const char *str)
162 {
163  if (DetectBufferSetActiveList(de_ctx, s, g_http_raw_header_buffer_id) < 0)
164  return -1;
166  return -1;
167  return 0;
168 }
169 
170 static bool DetectHttpRawHeaderValidateCallback(
171  const Signature *s, const char **sigerror, const DetectBufferType *dbt)
172 {
174  *sigerror = "http_raw_header signature "
175  "without a flow direction. Use flow:to_server for "
176  "inspecting request headers or flow:to_client for "
177  "inspecting response headers.";
178 
179  SCLogError("%s", *sigerror);
180  SCReturnInt(false);
181  }
182  return true;
183 }
184 
185 static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
186  const DetectEngineTransforms *transforms, Flow *_f,
187  const uint8_t flow_flags, void *txv, const int list_id)
188 {
189  InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
190  if (buffer->inspect == NULL) {
191  htp_tx_t *tx = (htp_tx_t *)txv;
192 
193  HtpTxUserData *tx_ud = htp_tx_get_user_data(tx);
194  if (tx_ud == NULL)
195  return NULL;
196 
197  const bool ts = ((flow_flags & STREAM_TOSERVER) != 0);
198  const uint8_t *data = ts ?
200  if (data == NULL)
201  return NULL;
202  const uint32_t data_len = ts ?
204 
206  det_ctx, list_id, buffer, data, data_len, transforms);
207  }
208 
209  return buffer;
210 }
211 
212 static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
213  const DetectEngineTransforms *transforms, Flow *_f, const uint8_t flow_flags, void *txv,
214  const int list_id)
215 {
216  InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
217  if (buffer->inspect == NULL) {
218  uint32_t b_len = 0;
219  const uint8_t *b = NULL;
220 
221  if (rs_http2_tx_get_headers_raw(txv, flow_flags, &b, &b_len) != 1)
222  return NULL;
223  if (b == NULL || b_len == 0)
224  return NULL;
225 
226  InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
227  }
228 
229  return buffer;
230 }
231 
233  int list_id;
234  const MpmCtx *mpm_ctx;
237 
238 /** \brief Generic Mpm prefilter callback
239  *
240  * \param det_ctx detection engine thread ctx
241  * \param p packet to inspect
242  * \param f flow to inspect
243  * \param txv tx to inspect
244  * \param pectx inspection context
245  */
246 static void PrefilterMpmHttpHeaderRaw(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p,
247  Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags)
248 {
249  SCEnter();
250 
251  const PrefilterMpmHttpHeaderRawCtx *ctx = pectx;
252  const MpmCtx *mpm_ctx = ctx->mpm_ctx;
253  SCLogDebug("running on list %d", ctx->list_id);
254 
255  const int list_id = ctx->list_id;
256 
257  InspectionBuffer *buffer = GetData(det_ctx, ctx->transforms, f,
258  flags, txv, list_id);
259  if (buffer == NULL)
260  return;
261 
262  const uint32_t data_len = buffer->inspect_len;
263  const uint8_t *data = buffer->inspect;
264 
265  SCLogDebug("mpm'ing buffer:");
266  //PrintRawDataFp(stdout, data, data_len);
267 
268  if (data != NULL && data_len >= mpm_ctx->minlen) {
269  (void)mpm_table[mpm_ctx->mpm_type].Search(
270  mpm_ctx, &det_ctx->mtc, &det_ctx->pmq, data, data_len);
271  PREFILTER_PROFILING_ADD_BYTES(det_ctx, data_len);
272  }
273 }
274 
275 static void PrefilterMpmHttpTrailerRaw(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p,
276  Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags)
277 {
278  SCEnter();
279 
280  htp_tx_t *tx = txv;
281  const HtpTxUserData *htud = (const HtpTxUserData *)htp_tx_get_user_data(tx);
282  /* if the request wasn't flagged as having a trailer, we skip */
283  if (htud && (
284  ((flags & STREAM_TOSERVER) && !htud->request_has_trailers) ||
285  ((flags & STREAM_TOCLIENT) && !htud->response_has_trailers))) {
286  SCReturn;
287  }
288  PrefilterMpmHttpHeaderRaw(det_ctx, pectx, p, f, txv, idx, _txd, flags);
289  SCReturn;
290 }
291 
292 static void PrefilterMpmHttpHeaderRawFree(void *ptr)
293 {
294  SCFree(ptr);
295 }
296 
297 static int PrefilterMpmHttpHeaderRawRequestRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
298  MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
299 {
300  SCEnter();
301 
302  /* header */
303  PrefilterMpmHttpHeaderRawCtx *pectx = SCCalloc(1, sizeof(*pectx));
304  if (pectx == NULL)
305  return -1;
306  pectx->list_id = list_id;
307  pectx->mpm_ctx = mpm_ctx;
308  pectx->transforms = &mpm_reg->transforms;
309 
310  int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeaderRaw, mpm_reg->app_v2.alproto,
311  HTP_REQUEST_PROGRESS_HEADERS + 1, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
312  if (r != 0) {
313  SCFree(pectx);
314  return r;
315  }
316 
317  /* trailer */
318  pectx = SCCalloc(1, sizeof(*pectx));
319  if (pectx == NULL)
320  return -1;
321  pectx->list_id = list_id;
322  pectx->mpm_ctx = mpm_ctx;
323  pectx->transforms = &mpm_reg->transforms;
324 
325  r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailerRaw, mpm_reg->app_v2.alproto,
326  HTP_REQUEST_PROGRESS_TRAILER + 1, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
327  if (r != 0) {
328  SCFree(pectx);
329  }
330  return r;
331 }
332 
333 static int PrefilterMpmHttpHeaderRawResponseRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
334  MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
335 {
336  SCEnter();
337 
338  /* header */
339  PrefilterMpmHttpHeaderRawCtx *pectx = SCCalloc(1, sizeof(*pectx));
340  if (pectx == NULL)
341  return -1;
342  pectx->list_id = list_id;
343  pectx->mpm_ctx = mpm_ctx;
344  pectx->transforms = &mpm_reg->transforms;
345 
346  int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeaderRaw, mpm_reg->app_v2.alproto,
347  HTP_RESPONSE_PROGRESS_HEADERS, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
348  if (r != 0) {
349  SCFree(pectx);
350  return r;
351  }
352 
353  /* trailer */
354  pectx = SCCalloc(1, sizeof(*pectx));
355  if (pectx == NULL)
356  return -1;
357  pectx->list_id = list_id;
358  pectx->mpm_ctx = mpm_ctx;
359  pectx->transforms = &mpm_reg->transforms;
360 
361  r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailerRaw, mpm_reg->app_v2.alproto,
362  HTP_RESPONSE_PROGRESS_TRAILER, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
363  if (r != 0) {
364  SCFree(pectx);
365  }
366  return r;
367 }
368 
369 /************************************Unittests*********************************/
370 
371 #ifdef UNITTESTS
373 #endif
374 
375 /**
376  * @}
377  */
SigTableElmt_::url
const char * url
Definition: detect.h:1405
DetectSignatureSetAppProto
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
Definition: detect-parse.c:2218
detect-content.h
MpmCtx_::mpm_type
uint8_t mpm_type
Definition: util-mpm.h:95
ts
uint64_t ts
Definition: source-erf-file.c:55
detect-engine.h
SIGMATCH_INFO_STICKY_BUFFER
#define SIGMATCH_INFO_STICKY_BUFFER
Definition: detect.h:1616
PrefilterMpmHttpHeaderRawCtx::list_id
int list_id
Definition: detect-http-raw-header.c:233
SigTableElmt_::desc
const char * desc
Definition: detect.h:1404
sigmatch_table
SigTableElmt * sigmatch_table
Definition: detect-parse.c:155
DetectEngineInspectBufferGeneric
uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:2252
flow-util.h
SIGMATCH_INFO_CONTENT_MODIFIER
#define SIGMATCH_INFO_CONTENT_MODIFIER
Definition: detect.h:1614
HtpTxUserData_::request_headers_raw_len
uint32_t request_headers_raw_len
Definition: app-layer-htp.h:169
SigTableElmt_::name
const char * name
Definition: detect.h:1402
InspectionBufferSetupAndApplyTransforms
void InspectionBufferSetupAndApplyTransforms(DetectEngineThreadCtx *det_ctx, const int list_id, InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len, const DetectEngineTransforms *transforms)
setup the buffer with our initial data
Definition: detect-engine.c:1719
PrefilterMpmHttpHeaderRawCtx::transforms
const DetectEngineTransforms * transforms
Definition: detect-http-raw-header.c:235
DETECT_HTTP_RAW_HEADER
@ DETECT_HTTP_RAW_HEADER
Definition: detect-engine-register.h:172
SigGroupHead_
Container for matching data for a signature group.
Definition: detect.h:1570
DetectEngineTransforms
Definition: detect.h:415
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
DetectBufferSetActiveList
int DetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
Definition: detect-engine.c:1422
InspectionBuffer
Definition: detect.h:380
DetectHttpRawHeaderRegister
void DetectHttpRawHeaderRegister(void)
Registers the keyword handlers for the "http_raw_header" keyword.
Definition: detect-http-raw-header.c:79
DetectHttpRawHeaderRegisterTests
void DetectHttpRawHeaderRegisterTests(void)
Definition: detect-http-raw-header.c:3876
threads.h
Flow_
Flow data structure.
Definition: flow.h:356
DetectEngineThreadCtx_::pmq
PrefilterRuleStore pmq
Definition: detect.h:1298
SigTableElmt_::flags
uint16_t flags
Definition: detect.h:1396
ctx
struct Thresholds ctx
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:920
DetectBufferTypeRegisterValidateCallback
void DetectBufferTypeRegisterValidateCallback(const char *name, bool(*ValidateCallback)(const Signature *, const char **sigerror, const DetectBufferType *))
Definition: detect-engine.c:1369
DetectBufferMpmRegistry_
one time registration of keywords at start up
Definition: detect.h:763
PrefilterMpmHttpHeaderRawCtx::mpm_ctx
const MpmCtx * mpm_ctx
Definition: detect-http-raw-header.c:234
DetectBufferType_
Definition: detect.h:463
SIG_FLAG_TOCLIENT
#define SIG_FLAG_TOCLIENT
Definition: detect.h:271
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1387
detect-http-raw-header.c
Handle HTTP raw header match.
DetectBufferMpmRegistry_::transforms
DetectEngineTransforms transforms
Definition: detect.h:776
detect-engine-prefilter.h
InspectionBufferGet
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
Definition: detect-engine.c:1578
DetectBufferTypeGetByName
int DetectBufferTypeGetByName(const char *name)
Definition: detect-engine.c:1157
SIG_FLAG_TOSERVER
#define SIG_FLAG_TOSERVER
Definition: detect.h:270
app-layer-htp.h
PrefilterMpmHttpHeaderRawCtx
struct PrefilterMpmHttpHeaderRawCtx PrefilterMpmHttpHeaderRawCtx
decode.h
util-debug.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:18
DetectEngineThreadCtx_
Definition: detect.h:1197
PrefilterMpmHttpHeaderRawCtx
Definition: detect-http-raw-header.c:232
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
detect-engine-mpm.h
detect.h
HtpTxUserData_::response_has_trailers
uint8_t response_has_trailers
Definition: app-layer-htp.h:157
HtpTxUserData_::request_headers_raw
uint8_t * request_headers_raw
Definition: app-layer-htp.h:167
DetectBufferMpmRegistry_::app_v2
struct DetectBufferMpmRegistry_::@87::@89 app_v2
PrefilterGenericMpmRegister
int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
Definition: detect-engine-prefilter.c:1547
SigTableElmt_::alternative
uint16_t alternative
Definition: detect.h:1400
DetectAppLayerMpmRegister
void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register an app layer keyword for mpm
Definition: detect-engine-mpm.c:151
app-layer-parser.h
MpmCtx_::minlen
uint16_t minlen
Definition: util-mpm.h:104
HtpTxUserData_::request_has_trailers
uint8_t request_has_trailers
Definition: app-layer-htp.h:156
util-profiling.h
SCReturn
#define SCReturn
Definition: util-debug.h:273
Signature_::flags
uint32_t flags
Definition: detect.h:670
DetectEngineContentModifierBufferSetup
int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg, int sm_type, int sm_list, AppProto alproto)
Definition: detect-parse.c:222
Packet_
Definition: decode.h:484
ALPROTO_HTTP2
@ ALPROTO_HTTP2
Definition: app-layer-protos.h:69
MpmTableElmt_::Search
uint32_t(* Search)(const struct MpmCtx_ *, struct MpmThreadCtx_ *, PrefilterRuleStore *, const uint8_t *, uint32_t)
Definition: util-mpm.h:177
DetectEngineThreadCtx_::mtc
MpmThreadCtx mtc
Definition: detect.h:1294
DETECT_HTTP_RAW_HEADER_CM
@ DETECT_HTTP_RAW_HEADER_CM
Definition: detect-engine-register.h:171
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: detect.h:1466
PREFILTER_PROFILING_ADD_BYTES
#define PREFILTER_PROFILING_ADD_BYTES(det_ctx, bytes)
Definition: util-profiling.h:286
flags
uint8_t flags
Definition: decode-gre.h:0
suricata-common.h
HtpTxUserData_::response_headers_raw
uint8_t * response_headers_raw
Definition: app-layer-htp.h:168
ALPROTO_HTTP1
@ ALPROTO_HTTP1
Definition: app-layer-protos.h:36
PrefilterAppendTxEngine
int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterTxFn PrefilterTxFunc, AppProto alproto, int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
Definition: detect-engine-prefilter.c:352
HtpTxUserData_
Definition: app-layer-htp.h:151
detect-http-raw-header.h
InspectionBuffer::inspect_len
uint32_t inspect_len
Definition: detect.h:383
InspectionBuffer::inspect
const uint8_t * inspect
Definition: detect.h:381
str
#define str(s)
Definition: suricata-common.h:300
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
detect-parse.h
Signature_
Signature container.
Definition: detect.h:669
ALPROTO_HTTP
@ ALPROTO_HTTP
Definition: app-layer-protos.h:75
mpm_table
MpmTableElmt mpm_table[MPM_TABLE_SIZE]
Definition: util-mpm.c:47
SIGMATCH_NOOPT
#define SIGMATCH_NOOPT
Definition: detect.h:1592
DetectAppLayerInspectEngineRegister
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
Definition: detect-engine.c:245
DetectBufferTypeSetDescriptionByName
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
Definition: detect-engine.c:1254
MpmCtx_
Definition: util-mpm.h:93
HtpTxUserData_::response_headers_raw_len
uint32_t response_headers_raw_len
Definition: app-layer-htp.h:170
flow.h
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
flow-var.h
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1394
app-layer.h
DetectBufferMpmRegistry_::pname
char pname[32]
Definition: detect.h:765