60 static bool DetectHttpRawHeaderValidateCallback(
const Signature *s,
const char **sigerror);
61 static int g_http_raw_header_buffer_id = 0;
64 const uint8_t flow_flags,
void *txv,
const int list_id);
105 PrefilterMpmHttpHeaderRawRequestRegister, NULL,
ALPROTO_HTTP1,
108 PrefilterMpmHttpHeaderRawResponseRegister, NULL,
ALPROTO_HTTP1,
125 DetectHttpRawHeaderValidateCallback);
167 static bool DetectHttpRawHeaderValidateCallback(
const Signature *s,
const char **sigerror)
170 *sigerror =
"http_raw_header signature "
171 "without a flow direction. Use flow:to_server for "
172 "inspecting request headers or flow:to_client for "
173 "inspecting response headers.";
183 const uint8_t flow_flags,
void *txv,
const int list_id)
187 htp_tx_t *tx = (htp_tx_t *)txv;
193 const bool ts = ((flow_flags & STREAM_TOSERVER) != 0);
194 const uint8_t *data =
ts ?
198 const uint32_t data_len =
ts ?
215 const uint8_t *b = NULL;
217 if (rs_http2_tx_get_headers_raw(txv, flow_flags, &b, &b_len) != 1)
219 if (b == NULL || b_len == 0)
246 const uint64_t idx,
const uint8_t
flags)
254 const int list_id = ctx->
list_id;
257 flags, txv, list_id);
262 const uint8_t *data = buffer->
inspect;
267 if (data != NULL && data_len >= mpm_ctx->
minlen) {
269 &det_ctx->
mtcu, &det_ctx->
pmq, data, data_len);
276 const uint64_t idx,
const uint8_t
flags)
288 PrefilterMpmHttpHeaderRaw(det_ctx, pectx, p, f, txv, idx,
flags);
292 static void PrefilterMpmHttpHeaderRawFree(
void *ptr)
312 mpm_reg->
app_v2.alproto, HTP_REQUEST_HEADERS+1,
313 pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->
pname);
320 pectx =
SCCalloc(1,
sizeof(*pectx));
328 mpm_reg->
app_v2.alproto, HTP_REQUEST_TRAILER+1,
329 pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->
pname);
351 mpm_reg->
app_v2.alproto, HTP_RESPONSE_HEADERS,
352 pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->
pname);
359 pectx =
SCCalloc(1,
sizeof(*pectx));
367 mpm_reg->
app_v2.alproto, HTP_RESPONSE_TRAILER,
368 pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->
pname);