64 static void DetectHttpRequestLineRegisterTests(
void);
67 Flow *_f,
const uint8_t _flow_flags,
68 void *txv,
const int list_id);
69 static int g_http_request_line_buffer_id = 0;
127 Flow *_f,
const uint8_t _flow_flags,
128 void *txv,
const int list_id)
132 htp_tx_t *tx = (htp_tx_t *)txv;
133 if (
unlikely(tx->request_line == NULL)) {
136 const uint32_t data_len = bstr_len(tx->request_line);
137 const uint8_t *data = bstr_ptr(tx->request_line);
155 static int DetectHttpRequestLineTest01(
void)
162 "(http_request_line; content:\"GET /\"; sid:1;)");
174 static int DetectHttpRequestLineTest02(
void)
184 "GET /index.html HTTP/1.0\r\n" 185 "Host: www.openinfosecfoundation.org\r\n" 186 "User-Agent: This is dummy message body\r\n" 187 "Content-Type: text/html\r\n" 189 uint32_t http_len =
sizeof(http_buf) - 1;
194 memset(&th_v, 0,
sizeof(th_v));
195 memset(&f, 0,
sizeof(f));
196 memset(&ssn, 0,
sizeof(ssn));
203 f.
proto = IPPROTO_TCP;
220 "(http_request_line; content:\"GET /index.html HTTP/1.0\"; " 247 static int DetectHttpRequestLineWrapper(
const char *sig,
const int expectation)
257 "GET /index.html HTTP/1.0\r\n" 258 "Host: www.openinfosecfoundation.org\r\n" 259 "User-Agent: This is dummy message body\r\n" 260 "Content-Type: text/html\r\n" 262 uint32_t http_len =
sizeof(http_buf) - 1;
267 memset(&th_v, 0,
sizeof(th_v));
268 memset(&f, 0,
sizeof(f));
269 memset(&ssn, 0,
sizeof(ssn));
276 f.
proto = IPPROTO_TCP;
320 static int DetectHttpRequestLineTest03(
void)
322 FAIL_IF_NOT(DetectHttpRequestLineWrapper(
"alert http any any -> any any (http_request_line; bsize:>10; sid:1;)",
true));
323 FAIL_IF_NOT(DetectHttpRequestLineWrapper(
"alert http any any -> any any (http_request_line; bsize:<100; sid:2;)",
true));
324 FAIL_IF_NOT(DetectHttpRequestLineWrapper(
"alert http any any -> any any (http_request_line; bsize:10<>100; sid:3;)",
true));
325 FAIL_IF_NOT(DetectHttpRequestLineWrapper(
"alert http any any -> any any (http_request_line; bsize:>100; sid:3;)",
false));
331 static void DetectHttpRequestLineRegisterTests(
void)
334 UtRegisterTest(
"DetectHttpRequestLineTest01", DetectHttpRequestLineTest01);
335 UtRegisterTest(
"DetectHttpRequestLineTest02", DetectHttpRequestLineTest02);
336 UtRegisterTest(
"DetectHttpRequestLineTest03", DetectHttpRequestLineTest03);
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
#define PASS
Pass the test.
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
void DetectHttpRequestLineRegister(void)
Registers the keyword handlers for the "http_request_line" keyword.
#define FAIL_IF(expr)
Fail a test if expression evaluates to false.
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
#define FLOW_PKT_ESTABLISHED
void StreamTcpFreeConfig(char quiet)
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
void DetectAppLayerMpmRegister2(const char *name, int direction, int priority, int(*PrefilterRegister)(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistery *mpm_reg, int list_id), InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register a MPM engine
main detection engine ctx
int DetectBufferTypeGetByName(const char *name)
#define SIGMATCH_INFO_STICKY_BUFFER
Data structures and function prototypes for keeping state for the detection engine.
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
#define SIG_FLAG_TOSERVER
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
#define FLOW_PKT_TOSERVER
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
int DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistery *mpm_reg, int list_id)
void InspectionBufferSetup(InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
void InspectionBufferApplyTransforms(InspectionBuffer *buffer, const DetectEngineTransforms *transforms)
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
#define FLOW_INITIALIZE(f)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
int DetectBufferSetActiveList(Signature *s, const int list)
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
Per thread variable structure.
AppProto alproto
application level protocol
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself...
void(* RegisterTests)(void)
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
DetectEngineCtx * DetectEngineCtxInit(void)