suricata
detect-http-raw-header.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \ingroup httplayer
20  *
21  * @{
22  */
23 
24 
25 /**
26  * \file
27  *
28  * \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
29  *
30  * Implements support for http_raw_header keyword.
31  */
32 
33 #include "suricata-common.h"
34 #include "threads.h"
35 #include "decode.h"
36 
37 #include "detect.h"
38 #include "detect-parse.h"
39 #include "detect-engine.h"
40 #include "detect-engine-mpm.h"
42 #include "detect-content.h"
43 
44 #include "flow.h"
45 #include "flow-var.h"
46 #include "flow-util.h"
47 
48 #include "util-debug.h"
49 #include "util-profiling.h"
50 
51 #include "app-layer.h"
52 #include "app-layer-parser.h"
53 #include "app-layer-htp.h"
54 #include "detect-http-raw-header.h"
55 
56 static int DetectHttpRawHeaderSetup(DetectEngineCtx *, Signature *, const char *);
57 static int DetectHttpRawHeaderSetupSticky(DetectEngineCtx *de_ctx, Signature *s, const char *str);
58 #ifdef UNITTESTS
59 static void DetectHttpRawHeaderRegisterTests(void);
60 #endif
61 static bool DetectHttpRawHeaderValidateCallback(const Signature *s, const char **sigerror);
62 static int g_http_raw_header_buffer_id = 0;
63 static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
64  const DetectEngineTransforms *transforms, Flow *_f,
65  const uint8_t flow_flags, void *txv, const int list_id);
66 static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
67  const DetectEngineTransforms *transforms, Flow *_f, const uint8_t flow_flags, void *txv,
68  const int list_id);
69 
70 static int PrefilterMpmHttpHeaderRawRequestRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
71  MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id);
72 static int PrefilterMpmHttpHeaderRawResponseRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
73  MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id);
74 
75 /**
76  * \brief Registers the keyword handlers for the "http_raw_header" keyword.
77  */
79 {
80  /* http_raw_header content modifier */
81  sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].name = "http_raw_header";
82  sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].desc = "content modifier to match the raw HTTP header buffer";
83  sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].url = "/rules/http-keywords.html#http-header-and-http-raw-header";
84  sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Setup = DetectHttpRawHeaderSetup;
85 #ifdef UNITTESTS
87 #endif
90 
91  /* http.header.raw sticky buffer */
92  sigmatch_table[DETECT_HTTP_RAW_HEADER].name = "http.header.raw";
93  sigmatch_table[DETECT_HTTP_RAW_HEADER].desc = "sticky buffer to match the raw HTTP header buffer";
94  sigmatch_table[DETECT_HTTP_RAW_HEADER].url = "/rules/http-keywords.html#http-header-and-http-raw-header";
95  sigmatch_table[DETECT_HTTP_RAW_HEADER].Setup = DetectHttpRawHeaderSetupSticky;
97 
99  HTP_REQUEST_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData);
101  HTP_RESPONSE_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData);
102 
103  DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOSERVER, 2,
104  PrefilterMpmHttpHeaderRawRequestRegister, NULL, ALPROTO_HTTP1,
105  0); /* progress handled in register */
106  DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOCLIENT, 2,
107  PrefilterMpmHttpHeaderRawResponseRegister, NULL, ALPROTO_HTTP1,
108  0); /* progress handled in register */
109 
111  HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2);
113  HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2);
114 
116  GetData2, ALPROTO_HTTP2, HTTP2StateDataClient);
118  GetData2, ALPROTO_HTTP2, HTTP2StateDataServer);
119 
120  DetectBufferTypeSetDescriptionByName("http_raw_header",
121  "raw http headers");
122 
124  DetectHttpRawHeaderValidateCallback);
125 
126  g_http_raw_header_buffer_id = DetectBufferTypeGetByName("http_raw_header");
127 }
128 
129 /**
130  * \brief The setup function for the http_raw_header keyword for a signature.
131  *
132  * \param de_ctx Pointer to the detection engine context.
133  * \param s Pointer to signature for the current Signature being parsed
134  * from the rules.
135  * \param m Pointer to the head of the SigMatchs for the current rule
136  * being parsed.
137  * \param arg Pointer to the string holding the keyword value.
138  *
139  * \retval 0 On success.
140  * \retval -1 On failure.
141  */
142 int DetectHttpRawHeaderSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
143 {
145  de_ctx, s, arg, DETECT_AL_HTTP_RAW_HEADER, g_http_raw_header_buffer_id, ALPROTO_HTTP1);
146 }
147 
148 /**
149  * \brief this function setup the http.header.raw keyword used in the rule
150  *
151  * \param de_ctx Pointer to the Detection Engine Context
152  * \param s Pointer to the Signature to which the current keyword belongs
153  * \param str Should hold an empty string always
154  *
155  * \retval 0 On success
156  */
157 static int DetectHttpRawHeaderSetupSticky(DetectEngineCtx *de_ctx, Signature *s, const char *str)
158 {
159  if (DetectBufferSetActiveList(de_ctx, s, g_http_raw_header_buffer_id) < 0)
160  return -1;
162  return -1;
163  return 0;
164 }
165 
166 static bool DetectHttpRawHeaderValidateCallback(const Signature *s, const char **sigerror)
167 {
169  *sigerror = "http_raw_header signature "
170  "without a flow direction. Use flow:to_server for "
171  "inspecting request headers or flow:to_client for "
172  "inspecting response headers.";
173 
174  SCLogError("%s", *sigerror);
175  SCReturnInt(false);
176  }
177  return true;
178 }
179 
180 static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
181  const DetectEngineTransforms *transforms, Flow *_f,
182  const uint8_t flow_flags, void *txv, const int list_id)
183 {
184  InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
185  if (buffer->inspect == NULL) {
186  htp_tx_t *tx = (htp_tx_t *)txv;
187 
188  HtpTxUserData *tx_ud = htp_tx_get_user_data(tx);
189  if (tx_ud == NULL)
190  return NULL;
191 
192  const bool ts = ((flow_flags & STREAM_TOSERVER) != 0);
193  const uint8_t *data = ts ?
195  if (data == NULL)
196  return NULL;
197  const uint32_t data_len = ts ?
199 
200  InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
201  InspectionBufferApplyTransforms(buffer, transforms);
202  }
203 
204  return buffer;
205 }
206 
207 static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
208  const DetectEngineTransforms *transforms, Flow *_f, const uint8_t flow_flags, void *txv,
209  const int list_id)
210 {
211  InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
212  if (buffer->inspect == NULL) {
213  uint32_t b_len = 0;
214  const uint8_t *b = NULL;
215 
216  if (rs_http2_tx_get_headers_raw(txv, flow_flags, &b, &b_len) != 1)
217  return NULL;
218  if (b == NULL || b_len == 0)
219  return NULL;
220 
221  InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
222  InspectionBufferApplyTransforms(buffer, transforms);
223  }
224 
225  return buffer;
226 }
227 
229  int list_id;
230  const MpmCtx *mpm_ctx;
233 
234 /** \brief Generic Mpm prefilter callback
235  *
236  * \param det_ctx detection engine thread ctx
237  * \param p packet to inspect
238  * \param f flow to inspect
239  * \param txv tx to inspect
240  * \param pectx inspection context
241  */
242 static void PrefilterMpmHttpHeaderRaw(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p,
243  Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags)
244 {
245  SCEnter();
246 
247  const PrefilterMpmHttpHeaderRawCtx *ctx = pectx;
248  const MpmCtx *mpm_ctx = ctx->mpm_ctx;
249  SCLogDebug("running on list %d", ctx->list_id);
250 
251  const int list_id = ctx->list_id;
252 
253  InspectionBuffer *buffer = GetData(det_ctx, ctx->transforms, f,
254  flags, txv, list_id);
255  if (buffer == NULL)
256  return;
257 
258  const uint32_t data_len = buffer->inspect_len;
259  const uint8_t *data = buffer->inspect;
260 
261  SCLogDebug("mpm'ing buffer:");
262  //PrintRawDataFp(stdout, data, data_len);
263 
264  if (data != NULL && data_len >= mpm_ctx->minlen) {
265  (void)mpm_table[mpm_ctx->mpm_type].Search(
266  mpm_ctx, &det_ctx->mtc, &det_ctx->pmq, data, data_len);
267  PREFILTER_PROFILING_ADD_BYTES(det_ctx, data_len);
268  }
269 }
270 
271 static void PrefilterMpmHttpTrailerRaw(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p,
272  Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags)
273 {
274  SCEnter();
275 
276  htp_tx_t *tx = txv;
277  const HtpTxUserData *htud = (const HtpTxUserData *)htp_tx_get_user_data(tx);
278  /* if the request wasn't flagged as having a trailer, we skip */
279  if (htud && (
280  ((flags & STREAM_TOSERVER) && !htud->request_has_trailers) ||
281  ((flags & STREAM_TOCLIENT) && !htud->response_has_trailers))) {
282  SCReturn;
283  }
284  PrefilterMpmHttpHeaderRaw(det_ctx, pectx, p, f, txv, idx, _txd, flags);
285  SCReturn;
286 }
287 
288 static void PrefilterMpmHttpHeaderRawFree(void *ptr)
289 {
290  SCFree(ptr);
291 }
292 
293 static int PrefilterMpmHttpHeaderRawRequestRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
294  MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
295 {
296  SCEnter();
297 
298  /* header */
299  PrefilterMpmHttpHeaderRawCtx *pectx = SCCalloc(1, sizeof(*pectx));
300  if (pectx == NULL)
301  return -1;
302  pectx->list_id = list_id;
303  pectx->mpm_ctx = mpm_ctx;
304  pectx->transforms = &mpm_reg->transforms;
305 
306  int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeaderRaw,
307  mpm_reg->app_v2.alproto, HTP_REQUEST_HEADERS+1,
308  pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
309  if (r != 0) {
310  SCFree(pectx);
311  return r;
312  }
313 
314  /* trailer */
315  pectx = SCCalloc(1, sizeof(*pectx));
316  if (pectx == NULL)
317  return -1;
318  pectx->list_id = list_id;
319  pectx->mpm_ctx = mpm_ctx;
320  pectx->transforms = &mpm_reg->transforms;
321 
322  r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailerRaw,
323  mpm_reg->app_v2.alproto, HTP_REQUEST_TRAILER+1,
324  pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
325  if (r != 0) {
326  SCFree(pectx);
327  }
328  return r;
329 }
330 
331 static int PrefilterMpmHttpHeaderRawResponseRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
332  MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
333 {
334  SCEnter();
335 
336  /* header */
337  PrefilterMpmHttpHeaderRawCtx *pectx = SCCalloc(1, sizeof(*pectx));
338  if (pectx == NULL)
339  return -1;
340  pectx->list_id = list_id;
341  pectx->mpm_ctx = mpm_ctx;
342  pectx->transforms = &mpm_reg->transforms;
343 
344  int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeaderRaw,
345  mpm_reg->app_v2.alproto, HTP_RESPONSE_HEADERS,
346  pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
347  if (r != 0) {
348  SCFree(pectx);
349  return r;
350  }
351 
352  /* trailer */
353  pectx = SCCalloc(1, sizeof(*pectx));
354  if (pectx == NULL)
355  return -1;
356  pectx->list_id = list_id;
357  pectx->mpm_ctx = mpm_ctx;
358  pectx->transforms = &mpm_reg->transforms;
359 
360  r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailerRaw,
361  mpm_reg->app_v2.alproto, HTP_RESPONSE_TRAILER,
362  pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
363  if (r != 0) {
364  SCFree(pectx);
365  }
366  return r;
367 }
368 
369 /************************************Unittests*********************************/
370 
371 #ifdef UNITTESTS
373 #endif
374 
375 /**
376  * @}
377  */
SigTableElmt_::url
const char * url
Definition: detect.h:1312
DetectSignatureSetAppProto
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
Definition: detect-parse.c:1738
detect-content.h
MpmCtx_::mpm_type
uint8_t mpm_type
Definition: util-mpm.h:90
ts
uint64_t ts
Definition: source-erf-file.c:55
detect-engine.h
SIGMATCH_INFO_STICKY_BUFFER
#define SIGMATCH_INFO_STICKY_BUFFER
Definition: detect.h:1517
PrefilterMpmHttpHeaderRawCtx::list_id
int list_id
Definition: detect-http-raw-header.c:229
SigTableElmt_::desc
const char * desc
Definition: detect.h:1311
sigmatch_table
SigTableElmt * sigmatch_table
Definition: detect-parse.c:128
DetectEngineInspectBufferGeneric
uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:2155
flow-util.h
SIGMATCH_INFO_CONTENT_MODIFIER
#define SIGMATCH_INFO_CONTENT_MODIFIER
Definition: detect.h:1515
HtpTxUserData_::request_headers_raw_len
uint32_t request_headers_raw_len
Definition: app-layer-htp.h:226
SigTableElmt_::name
const char * name
Definition: detect.h:1309
PrefilterMpmHttpHeaderRawCtx::transforms
const DetectEngineTransforms * transforms
Definition: detect-http-raw-header.c:231
DETECT_HTTP_RAW_HEADER
@ DETECT_HTTP_RAW_HEADER
Definition: detect-engine-register.h:172
SigGroupHead_
Container for matching data for a signature group.
Definition: detect.h:1465
DetectEngineTransforms
Definition: detect.h:408
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
DetectBufferSetActiveList
int DetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
Definition: detect-engine.c:1357
InspectionBuffer
Definition: detect.h:373
DetectHttpRawHeaderRegister
void DetectHttpRawHeaderRegister(void)
Registers the keyword handlers for the "http_raw_header" keyword.
Definition: detect-http-raw-header.c:78
DetectHttpRawHeaderRegisterTests
void DetectHttpRawHeaderRegisterTests(void)
Definition: detect-http-raw-header.c:3876
threads.h
Flow_
Flow data structure.
Definition: flow.h:356
DetectEngineThreadCtx_::pmq
PrefilterRuleStore pmq
Definition: detect.h:1205
DetectBufferMpmRegistry_::app_v2
struct DetectBufferMpmRegistry_::@84::@86 app_v2
SigTableElmt_::flags
uint16_t flags
Definition: detect.h:1303
ctx
struct Thresholds ctx
DETECT_AL_HTTP_RAW_HEADER
@ DETECT_AL_HTTP_RAW_HEADER
Definition: detect-engine-register.h:171
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:843
DetectBufferMpmRegistry_
one time registration of keywords at start up
Definition: detect.h:687
PrefilterMpmHttpHeaderRawCtx::mpm_ctx
const MpmCtx * mpm_ctx
Definition: detect-http-raw-header.c:230
SIG_FLAG_TOCLIENT
#define SIG_FLAG_TOCLIENT
Definition: detect.h:268
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1294
detect-http-raw-header.c
Handle HTTP raw header match.
DetectBufferMpmRegistry_::transforms
DetectEngineTransforms transforms
Definition: detect.h:700
detect-engine-prefilter.h
InspectionBufferGet
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
Definition: detect-engine.c:1501
DetectBufferTypeGetByName
int DetectBufferTypeGetByName(const char *name)
Definition: detect-engine.c:1094
SIG_FLAG_TOSERVER
#define SIG_FLAG_TOSERVER
Definition: detect.h:267
app-layer-htp.h
PrefilterMpmHttpHeaderRawCtx
struct PrefilterMpmHttpHeaderRawCtx PrefilterMpmHttpHeaderRawCtx
decode.h
util-debug.h
DetectBufferTypeRegisterValidateCallback
void DetectBufferTypeRegisterValidateCallback(const char *name, bool(*ValidateCallback)(const Signature *, const char **sigerror))
Definition: detect-engine.c:1306
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectEngineThreadCtx_
Definition: detect.h:1098
PrefilterMpmHttpHeaderRawCtx
Definition: detect-http-raw-header.c:228
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
detect-engine-mpm.h
detect.h
HtpTxUserData_::response_has_trailers
uint8_t response_has_trailers
Definition: app-layer-htp.h:212
HtpTxUserData_::request_headers_raw
uint8_t * request_headers_raw
Definition: app-layer-htp.h:224
PrefilterGenericMpmRegister
int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
Definition: detect-engine-prefilter.c:750
SigTableElmt_::alternative
uint16_t alternative
Definition: detect.h:1307
DetectAppLayerMpmRegister
void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register an app layer keyword for mpm
Definition: detect-engine-mpm.c:151
app-layer-parser.h
MpmCtx_::minlen
uint16_t minlen
Definition: util-mpm.h:99
HtpTxUserData_::request_has_trailers
uint8_t request_has_trailers
Definition: app-layer-htp.h:211
util-profiling.h
SCReturn
#define SCReturn
Definition: util-debug.h:273
Signature_::flags
uint32_t flags
Definition: detect.h:604
DetectEngineContentModifierBufferSetup
int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg, int sm_type, int sm_list, AppProto alproto)
Definition: detect-parse.c:195
Packet_
Definition: decode.h:476
ALPROTO_HTTP2
@ ALPROTO_HTTP2
Definition: app-layer-protos.h:64
MpmTableElmt_::Search
uint32_t(* Search)(const struct MpmCtx_ *, struct MpmThreadCtx_ *, PrefilterRuleStore *, const uint8_t *, uint32_t)
Definition: util-mpm.h:168
DetectEngineThreadCtx_::mtc
MpmThreadCtx mtc
Definition: detect.h:1204
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: detect.h:1372
PREFILTER_PROFILING_ADD_BYTES
#define PREFILTER_PROFILING_ADD_BYTES(det_ctx, bytes)
Definition: util-profiling.h:286
flags
uint8_t flags
Definition: decode-gre.h:0
suricata-common.h
HtpTxUserData_::response_headers_raw
uint8_t * response_headers_raw
Definition: app-layer-htp.h:225
InspectionBufferApplyTransforms
void InspectionBufferApplyTransforms(InspectionBuffer *buffer, const DetectEngineTransforms *transforms)
Definition: detect-engine.c:1712
ALPROTO_HTTP1
@ ALPROTO_HTTP1
Definition: app-layer-protos.h:30
PrefilterAppendTxEngine
int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterTxFn PrefilterTxFunc, AppProto alproto, int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
Definition: detect-engine-prefilter.c:273
HtpTxUserData_
Definition: app-layer-htp.h:206
detect-http-raw-header.h
InspectionBuffer::inspect_len
uint32_t inspect_len
Definition: detect.h:376
InspectionBuffer::inspect
const uint8_t * inspect
Definition: detect.h:374
str
#define str(s)
Definition: suricata-common.h:291
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
InspectionBufferSetup
void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id, InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
Definition: detect-engine.c:1596
SCFree
#define SCFree(p)
Definition: util-mem.h:61
detect-parse.h
Signature_
Signature container.
Definition: detect.h:603
ALPROTO_HTTP
@ ALPROTO_HTTP
Definition: app-layer-protos.h:70
mpm_table
MpmTableElmt mpm_table[MPM_TABLE_SIZE]
Definition: util-mpm.c:47
SIGMATCH_NOOPT
#define SIGMATCH_NOOPT
Definition: detect.h:1493
DetectAppLayerInspectEngineRegister
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
Definition: detect-engine.c:240
DetectBufferTypeSetDescriptionByName
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
Definition: detect-engine.c:1191
MpmCtx_
Definition: util-mpm.h:88
HtpTxUserData_::response_headers_raw_len
uint32_t response_headers_raw_len
Definition: app-layer-htp.h:227
flow.h
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
flow-var.h
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1301
app-layer.h
DetectBufferMpmRegistry_::pname
char pname[32]
Definition: detect.h:689