suricata
HTTP layer support

Files

file  app-layer-htp-mem.c
 
file  app-layer-htp.c
 
file  app-layer-htp.h
 
file  detect-http-accept-enc.c
 
file  detect-http-accept-lang.c
 
file  detect-http-accept.c
 
file  detect-http-client-body.c
 
file  detect-http-connection.c
 
file  detect-http-content-len.c
 
file  detect-http-content-type.c
 
 
file  detect-http-header-names.c
 
file  detect-http-header.c
 
file  detect-http-host.c
 
file  detect-http-location.c
 
file  detect-http-method.c
 
file  detect-http-protocol.c
 
file  detect-http-raw-header.c
 
file  detect-http-referer.c
 
file  detect-http-request-line.c
 
file  detect-http-response-line.c
 
file  detect-http-server-body.c
 
file  detect-http-server.c
 
file  detect-http-start.c
 
file  detect-http-stat-code.c
 
file  detect-http-stat-msg.c
 
file  detect-http-ua.c
 
file  detect-http-uri.c
 
file  detect-http-client-body.c
 Handle HTTP request body match corresponding to http_client_body keyword.
 
 
file  detect-http-header.c
 
file  detect-http-host.c
 Handle HTTP host header. HHHD - Http Host Header Data.
 
file  detect-http-method.c
 Handle HTTP method match.
 
file  detect-http-raw-header.c
 Handle HTTP raw header match.
 
file  detect-http-stat-code.c
 
file  detect-http-stat-msg.c
 
file  detect-http-user-agent.c
 Handle HTTP user agent match.
 

Data Structures

struct  HTPCfgDir_
 
struct  HTPCfgRec_
 
struct  HtpBodyChunk_
 
struct  HtpBody_
 
struct  HtpTxUserData_
 
struct  HtpState_
 

Macros

#define HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT   4096U
 
#define HTP_CONFIG_DEFAULT_RESPONSE_BODY_LIMIT   4096U
 
#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_MIN_SIZE   32768U
 
#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_WINDOW   4096U
 
#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_MIN_SIZE   32768U
 
#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_WINDOW   4096U
 
#define HTP_CONFIG_DEFAULT_FIELD_LIMIT   18000U
 
#define HTP_CONFIG_DEFAULT_LZMA_LAYERS   0U
 
#define HTP_CONFIG_DEFAULT_LZMA_MEMLIMIT   1048576U
 
#define HTP_CONFIG_DEFAULT_COMPRESSION_BOMB_LIMIT   1048576U
 
#define HTP_CONFIG_DEFAULT_COMPRESSION_TIME_LIMIT   100000
 
#define HTP_CONFIG_DEFAULT_RANDOMIZE   1
 
#define HTP_CONFIG_DEFAULT_RANDOMIZE_RANGE   10
 
#define HTP_FLAG_STATE_CLOSED_TS   0x0002
 
#define HTP_FLAG_STATE_CLOSED_TC   0x0004
 
#define HTP_BOUNDARY_SET   BIT_U8(1)
 
#define HTP_FILENAME_SET   BIT_U8(3)
 
#define HTP_DONTSTORE   BIT_U8(4)
 
#define HTP_STREAM_DEPTH_SET   BIT_U8(5)
 
#define HTP_REQUIRE_REQUEST_BODY   (1 << 0)
 
#define HTP_REQUIRE_REQUEST_FILE   (1 << 2)
 
#define HTP_REQUIRE_RESPONSE_BODY   (1 << 3)
 

Typedefs

typedef enum HtpSwfCompressType_ HtpSwfCompressType
 
typedef struct HTPCfgDir_ HTPCfgDir
 
typedef struct HTPCfgRec_ HTPCfgRec
 
typedef struct HtpBodyChunk_ HtpBodyChunk
 
typedef struct HtpBody_ HtpBody
 
typedef struct HtpTxUserData_ HtpTxUserData
 
typedef struct HtpState_ HtpState
 

Enumerations

enum  { HTP_BODY_REQUEST_NONE = 0, HTP_BODY_REQUEST_MULTIPART, HTP_BODY_REQUEST_POST, HTP_BODY_REQUEST_PUT }
 
enum  {
  HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR = 200, HTTP_DECODER_EVENT_MULTIPART_NO_FILEDATA = 201, HTTP_DECODER_EVENT_MULTIPART_INVALID_HEADER = 202, HTTP_DECODER_EVENT_TOO_MANY_WARNINGS = 203,
  HTTP_DECODER_EVENT_RANGE_INVALID = 204, HTTP_DECODER_EVENT_FILE_NAME_TOO_LONG = 205, HTTP_DECODER_EVENT_FAILED_PROTOCOL_CHANGE = 206
}
 
enum  HtpSwfCompressType_ { HTTP_SWF_COMPRESSION_NONE = 0, HTTP_SWF_COMPRESSION_ZLIB, HTTP_SWF_COMPRESSION_LZMA, HTTP_SWF_COMPRESSION_BOTH }
 

Functions

struct HtpBodyChunk_ __attribute__ ((__packed__))
 DNP3 link header. More...
 
 SC_ATOMIC_EXTERN (uint32_t, htp_config_flags)
 
void RegisterHTPParsers (void)
 Register the HTTP protocol and state handling functions to APP layer of the engine. More...
 
void HTPAtExitPrintStats (void)
 Print the stats of the HTTP requests. More...
 
void HTPFreeConfig (void)
 Clears the HTTP server configuration memory used by HTP library. More...
 
void HTPStateFree (void *)
 Function to frees the HTTP state memory and also frees the HTTP connection parser memory which was used by the HTP library. More...
 
void AppLayerHtpEnableRequestBodyCallback (void)
 Sets a flag that informs the HTP app layer that some module in the engine needs the http request body data. \initonly. More...
 
void AppLayerHtpEnableResponseBodyCallback (void)
 Sets a flag that informs the HTP app layer that some module in the engine needs the http request body data. \initonly. More...
 
void AppLayerHtpNeedFileInspection (void)
 Sets a flag that informs the HTP app layer that some module in the engine needs the http request file. More...
 
void AppLayerHtpPrintStats (void)
 
void HTPConfigure (void)
 
void HtpConfigCreateBackup (void)
 
void HtpConfigRestoreBackup (void)
 
void * HtpGetTxForH2 (void *)
 
void * HttpHeaderThreadDataInit (void *data)
 
void HttpHeaderThreadDataFree (void *data)
 
int HttpHeaderExpandBuffer (HttpHeaderThreadData *td, HttpHeaderBuffer *buf, uint32_t size)
 
HttpHeaderBufferHttpHeaderGetBufferSpace (DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, const int keyword_id, HttpHeaderThreadData **ret_hdr_td)
 

Detailed Description

Macro Definition Documentation

◆ HTP_BOUNDARY_SET

#define HTP_BOUNDARY_SET   BIT_U8(1)

We have a boundary string

Definition at line 145 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_COMPRESSION_BOMB_LIMIT

#define HTP_CONFIG_DEFAULT_COMPRESSION_BOMB_LIMIT   1048576U

Definition at line 54 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_COMPRESSION_TIME_LIMIT

#define HTP_CONFIG_DEFAULT_COMPRESSION_TIME_LIMIT   100000

Definition at line 56 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_FIELD_LIMIT

#define HTP_CONFIG_DEFAULT_FIELD_LIMIT   18000U

Definition at line 49 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_LZMA_LAYERS

#define HTP_CONFIG_DEFAULT_LZMA_LAYERS   0U

Definition at line 51 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_LZMA_MEMLIMIT

#define HTP_CONFIG_DEFAULT_LZMA_MEMLIMIT   1048576U

Definition at line 53 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_RANDOMIZE

#define HTP_CONFIG_DEFAULT_RANDOMIZE   1

Definition at line 58 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_RANDOMIZE_RANGE

#define HTP_CONFIG_DEFAULT_RANDOMIZE_RANGE   10

Definition at line 59 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT

#define HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT   4096U

Definition at line 43 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_REQUEST_INSPECT_MIN_SIZE

#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_MIN_SIZE   32768U

Definition at line 45 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_REQUEST_INSPECT_WINDOW

#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_WINDOW   4096U

Definition at line 46 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_RESPONSE_BODY_LIMIT

#define HTP_CONFIG_DEFAULT_RESPONSE_BODY_LIMIT   4096U

Definition at line 44 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_MIN_SIZE

#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_MIN_SIZE   32768U

Definition at line 47 of file app-layer-htp.h.

◆ HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_WINDOW

#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_WINDOW   4096U

Definition at line 48 of file app-layer-htp.h.

◆ HTP_DONTSTORE

#define HTP_DONTSTORE   BIT_U8(4)

not storing this file

Definition at line 147 of file app-layer-htp.h.

◆ HTP_FILENAME_SET

#define HTP_FILENAME_SET   BIT_U8(3)

filename is registered in the flow

Definition at line 146 of file app-layer-htp.h.

◆ HTP_FLAG_STATE_CLOSED_TC

#define HTP_FLAG_STATE_CLOSED_TC   0x0004

Flag to indicate that HTTP \ connection is closed

Definition at line 67 of file app-layer-htp.h.

◆ HTP_FLAG_STATE_CLOSED_TS

#define HTP_FLAG_STATE_CLOSED_TS   0x0002

Flag to indicate that HTTP \ connection is closed

Definition at line 64 of file app-layer-htp.h.

◆ HTP_REQUIRE_REQUEST_BODY

#define HTP_REQUIRE_REQUEST_BODY   (1 << 0)

part of the engine needs the request body (e.g. http_client_body keyword)

Definition at line 203 of file app-layer-htp.h.

◆ HTP_REQUIRE_REQUEST_FILE

#define HTP_REQUIRE_REQUEST_FILE   (1 << 2)

part of the engine needs the request file (e.g. log-file module)

Definition at line 205 of file app-layer-htp.h.

◆ HTP_REQUIRE_RESPONSE_BODY

#define HTP_REQUIRE_RESPONSE_BODY   (1 << 3)

part of the engine needs the request body (e.g. file_data keyword)

Definition at line 207 of file app-layer-htp.h.

◆ HTP_STREAM_DEPTH_SET

#define HTP_STREAM_DEPTH_SET   BIT_U8(5)

stream-depth is set

Definition at line 148 of file app-layer-htp.h.

Typedef Documentation

◆ HtpBody

typedef struct HtpBody_ HtpBody

Struct used to hold all the chunks of a body on a request

◆ HtpBodyChunk

typedef struct HtpBodyChunk_ HtpBodyChunk

Definition at line 1 of file app-layer-htp.h.

◆ HTPCfgDir

typedef struct HTPCfgDir_ HTPCfgDir

◆ HTPCfgRec

typedef struct HTPCfgRec_ HTPCfgRec

Need a linked list in order to keep track of these

◆ HtpState

typedef struct HtpState_ HtpState

◆ HtpSwfCompressType

◆ HtpTxUserData

typedef struct HtpTxUserData_ HtpTxUserData

Now the Body Chunks will be stored per transaction, at the tx user data

Enumeration Type Documentation

◆ anonymous enum

anonymous enum
Enumerator
HTP_BODY_REQUEST_NONE 
HTP_BODY_REQUEST_MULTIPART 
HTP_BODY_REQUEST_POST 
HTP_BODY_REQUEST_PUT 

Definition at line 68 of file app-layer-htp.h.

◆ anonymous enum

anonymous enum
Enumerator
HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR 
HTTP_DECODER_EVENT_MULTIPART_NO_FILEDATA 
HTTP_DECODER_EVENT_MULTIPART_INVALID_HEADER 
HTTP_DECODER_EVENT_TOO_MANY_WARNINGS 
HTTP_DECODER_EVENT_RANGE_INVALID 
HTTP_DECODER_EVENT_FILE_NAME_TOO_LONG 
HTTP_DECODER_EVENT_FAILED_PROTOCOL_CHANGE 

Definition at line 75 of file app-layer-htp.h.

◆ HtpSwfCompressType_

Enumerator
HTTP_SWF_COMPRESSION_NONE 
HTTP_SWF_COMPRESSION_ZLIB 
HTTP_SWF_COMPRESSION_LZMA 
HTTP_SWF_COMPRESSION_BOTH 

Definition at line 87 of file app-layer-htp.h.

Function Documentation

◆ __attribute__()

struct HtpBodyChunk_ __attribute__ ( (__packed__)  )

DNP3 link header.

DNP3 internal indicators.

DNP3 application header.

Part of the application header for responses only.

core flowbit data structure: map a flowbit id to the signatures that need inspecting after it is found. Part of a rb-tree.

Definition at line 54 of file decode-vlan.c.

◆ AppLayerHtpEnableRequestBodyCallback()

void AppLayerHtpEnableRequestBodyCallback ( void  )

Sets a flag that informs the HTP app layer that some module in the engine needs the http request body data. \initonly.

Definition at line 551 of file app-layer-htp.c.

References HTP_REQUIRE_REQUEST_BODY, SC_ATOMIC_OR, SCEnter, and SCReturn.

Referenced by AppLayerHtpNeedFileInspection(), and RunUnittests().

Here is the caller graph for this function:

◆ AppLayerHtpEnableResponseBodyCallback()

void AppLayerHtpEnableResponseBodyCallback ( void  )

Sets a flag that informs the HTP app layer that some module in the engine needs the http request body data. \initonly.

Definition at line 564 of file app-layer-htp.c.

References HTP_REQUIRE_RESPONSE_BODY, SC_ATOMIC_OR, SCEnter, and SCReturn.

Referenced by AppLayerHtpNeedFileInspection().

Here is the caller graph for this function:

◆ AppLayerHtpNeedFileInspection()

void AppLayerHtpNeedFileInspection ( void  )

Sets a flag that informs the HTP app layer that some module in the engine needs the http request file.

\initonly

Definition at line 578 of file app-layer-htp.c.

References AppLayerHtpEnableRequestBodyCallback(), AppLayerHtpEnableResponseBodyCallback(), HTP_REQUIRE_REQUEST_FILE, SC_ATOMIC_OR, SCEnter, and SCReturn.

Referenced by RunUnittests().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ AppLayerHtpPrintStats()

void AppLayerHtpPrintStats ( void  )

Definition at line 2428 of file app-layer-htp.c.

References SCLogPerf, SCMutexLock, and SCMutexUnlock.

Referenced by GlobalsDestroy().

Here is the caller graph for this function:

◆ HTPAtExitPrintStats()

void HTPAtExitPrintStats ( void  )

Print the stats of the HTTP requests.

Definition at line 1583 of file app-layer-htp.c.

References SCEnter, SCLogDebug, SCMutexLock, SCMutexUnlock, and SCReturn.

Referenced by GlobalsDestroy().

Here is the caller graph for this function:

◆ HtpConfigCreateBackup()

void HtpConfigCreateBackup ( void  )

Definition at line 2665 of file app-layer-htp.c.

◆ HtpConfigRestoreBackup()

void HtpConfigRestoreBackup ( void  )

Definition at line 2670 of file app-layer-htp.c.

◆ HTPConfigure()

void HTPConfigure ( void  )

Definition at line 2357 of file app-layer-htp.c.

References SCEnter.

◆ HTPFreeConfig()

void HTPFreeConfig ( void  )

Clears the HTTP server configuration memory used by HTP library.

Definition at line 1596 of file app-layer-htp.c.

References AppLayerParserConfParserEnabled(), AppLayerProtoDetectConfProtoDetectionEnabled(), SCEnter, and SCReturn.

Referenced by GlobalsDestroy().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ HtpGetTxForH2()

void* HtpGetTxForH2 ( void *  )

Definition at line 2489 of file app-layer-htp.c.

References HtpState_::connp.

Referenced by HTTP2MimicHttp1Request().

Here is the caller graph for this function:

◆ HTPStateFree()

void HTPStateFree ( void *  )

Function to frees the HTTP state memory and also frees the HTTP connection parser memory which was used by the HTP library.

Definition at line 500 of file app-layer-htp.c.

References HtpState_::connp, HTPFree(), SCEnter, SCLogDebug, SCMutexLock, SCMutexUnlock, and SCReturn.

Here is the call graph for this function:

◆ HttpHeaderExpandBuffer()

int HttpHeaderExpandBuffer ( HttpHeaderThreadData td,
HttpHeaderBuffer buf,
uint32_t  size 
)

◆ HttpHeaderGetBufferSpace()

HttpHeaderBuffer* HttpHeaderGetBufferSpace ( DetectEngineThreadCtx det_ctx,
Flow f,
uint8_t  flags,
const int  keyword_id,
HttpHeaderThreadData **  ret_hdr_td 
)

Definition at line 100 of file detect-http-header-common.c.

References HttpHeaderThreadData_::buffer, DetectThreadCtxGetGlobalKeywordThreadCtx(), and HttpHeaderBuffer_::len.

Here is the call graph for this function:

◆ HttpHeaderThreadDataFree()

void HttpHeaderThreadDataFree ( void *  data)

◆ HttpHeaderThreadDataInit()

void* HttpHeaderThreadDataInit ( void *  data)

◆ RegisterHTPParsers()

void RegisterHTPParsers ( void  )

Register the HTTP protocol and state handling functions to APP layer of the engine.

HTTP

Definition at line 2594 of file app-layer-htp.c.

References ALPROTO_HTTP1, AppLayerProtoDetectConfProtoDetectionEnabled(), AppLayerProtoDetectRegisterProtocol(), and SCEnter.

Here is the call graph for this function:

◆ SC_ATOMIC_EXTERN()

SC_ATOMIC_EXTERN ( uint32_t  ,
htp_config_flags   
)