]>
Commit | Line | Data |
---|---|---|
a0ee6ade | 1 | /* Copyright (C) 2007-2011 Open Information Security Foundation |
ce019275 WM |
2 | * |
3 | * You can copy, redistribute or modify this Program under the terms of | |
4 | * the GNU General Public License version 2 as published by the Free | |
5 | * Software Foundation. | |
6 | * | |
7 | * This program is distributed in the hope that it will be useful, | |
8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | * GNU General Public License for more details. | |
0165b3f0 | 11 | * |
ce019275 WM |
12 | * You should have received a copy of the GNU General Public License |
13 | * version 2 along with this program; if not, write to the Free Software | |
14 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
15 | * 02110-1301, USA. | |
16 | */ | |
17 | ||
60a99915 EL |
18 | /** |
19 | * \defgroup httplayer HTTP layer support | |
20 | * | |
21 | * @{ | |
22 | */ | |
23 | ||
ce019275 WM |
24 | /** |
25 | * \file | |
0165b3f0 | 26 | * |
07f7ba55 | 27 | * \author Gurvinder Singh <gurvindersinghdahiya@gmail.com> |
0165b3f0 | 28 | * \author Pablo Rincon <pablo.rincon.crespo@gmail.com> |
07f7ba55 | 29 | * |
ce019275 | 30 | * This file provides a HTTP protocol support for the engine using HTP library. |
07f7ba55 GS |
31 | */ |
32 | ||
48248687 VJ |
33 | #ifndef __APP_LAYER_HTP_H__ |
34 | #define __APP_LAYER_HTP_H__ | |
07f7ba55 | 35 | |
a9cdd2bb | 36 | #include "util-radix-tree.h" |
e1022ee5 | 37 | #include "util-file.h" |
a9cdd2bb | 38 | |
07f7ba55 GS |
39 | #include <htp/htp.h> |
40 | ||
6ebe7b7c | 41 | /* default request body limit */ |
a0ee6ade VJ |
42 | #define HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT 4096U |
43 | ||
44 | /** a boundary should be smaller in size */ | |
45 | #define HTP_BOUNDARY_MAX 200U | |
6ebe7b7c | 46 | |
50f7d0a8 | 47 | #define HTP_FLAG_STATE_OPEN 0x01 /**< Flag to indicate that HTTP |
0165b3f0 | 48 | connection is open */ |
50f7d0a8 | 49 | #define HTP_FLAG_STATE_CLOSED 0x02 /**< Flag to indicate that HTTP |
0165b3f0 | 50 | connection is closed */ |
50f7d0a8 | 51 | #define HTP_FLAG_STATE_DATA 0x04 /**< Flag to indicate that HTTP |
0165b3f0 | 52 | connection needs more data */ |
50f7d0a8 | 53 | #define HTP_FLAG_STATE_ERROR 0x08 /**< Flag to indicate that an error |
0165b3f0 PR |
54 | has been occured on HTTP |
55 | connection */ | |
50f7d0a8 | 56 | #define HTP_FLAG_NEW_BODY_SET 0x10 /**< Flag to indicate that HTTP |
0165b3f0 PR |
57 | has parsed a new body (for |
58 | pcre) */ | |
0165b3f0 | 59 | enum { |
23e01d23 | 60 | HTP_BODY_NONE = 0, /**< Flag to indicate the current |
0165b3f0 PR |
61 | operation */ |
62 | HTP_BODY_REQUEST, /**< Flag to indicate that the | |
63 | current operation is a request */ | |
64 | HTP_BODY_RESPONSE /**< Flag to indicate that the current | |
65 | * operation is a response */ | |
66 | }; | |
67 | ||
23e01d23 VJ |
68 | enum { |
69 | HTP_BODY_REQUEST_NONE = 0, | |
70 | HTP_BODY_REQUEST_MULTIPART, | |
71 | HTP_BODY_REQUEST_PUT, | |
72 | }; | |
73 | ||
0165b3f0 PR |
74 | #define HTP_PCRE_NONE 0x00 /**< No pcre executed yet */ |
75 | #define HTP_PCRE_DONE 0x01 /**< Flag to indicate that pcre has | |
76 | done some inspection in the | |
77 | chunks */ | |
78 | #define HTP_PCRE_HAS_MATCH 0x02 /**< Flag to indicate that the chunks | |
79 | matched on some rule */ | |
80 | ||
81 | /** Struct used to hold chunks of a body on a request */ | |
7a8cd61f | 82 | typedef struct HtpBodyChunk_ { |
0165b3f0 PR |
83 | uint8_t *data; /**< Pointer to the data of the chunk */ |
84 | uint32_t len; /**< Length of the chunk */ | |
0165b3f0 | 85 | uint32_t id; /**< number of chunk of the current body */ |
a0ee6ade VJ |
86 | struct HtpBodyChunk_ *next; /**< Pointer to the next chunk */ |
87 | uint64_t stream_offset; | |
7a8cd61f | 88 | } HtpBodyChunk; |
0165b3f0 PR |
89 | |
90 | /** Struct used to hold all the chunks of a body on a request */ | |
7a8cd61f VJ |
91 | typedef struct HtpBody_ { |
92 | HtpBodyChunk *first; /**< Pointer to the first chunk */ | |
93 | HtpBodyChunk *last; /**< Pointer to the last chunk */ | |
0165b3f0 PR |
94 | uint32_t nchunks; /**< Number of chunks in the current operation */ |
95 | uint8_t operation; /**< This flag indicate if it's a request | |
96 | or a response */ | |
23e01d23 | 97 | uint8_t type; |
a0ee6ade VJ |
98 | |
99 | /* pahole: padding: 3 */ | |
0165b3f0 | 100 | } HtpBody; |
fc2f7f29 | 101 | |
a0ee6ade VJ |
102 | #define HTP_BODY_COMPLETE 0x01 /**< body is complete or limit is reached, |
103 | either way, this is it. */ | |
104 | #define HTP_CONTENTTYPE_SET 0x02 /**< We have the content type */ | |
105 | #define HTP_BOUNDARY_SET 0x04 /**< We have a boundary string */ | |
106 | #define HTP_BOUNDARY_OPEN 0x08 /**< We have a boundary string */ | |
107 | #define HTP_FILENAME_SET 0x10 /**< filename is registered in the flow */ | |
23e01d23 VJ |
108 | #define HTP_DONTSTORE 0x20 /**< not storing this file */ |
109 | ||
110 | #define HTP_TX_HAS_FILE 0x01 | |
111 | #define HTP_TX_HAS_FILENAME 0x02 /**< filename is known at this time */ | |
112 | #define HTP_TX_HAS_TYPE 0x04 | |
113 | #define HTP_TX_HAS_FILECONTENT 0x08 /**< file has content so we can do type detect */ | |
114 | ||
115 | #define HTP_RULE_NEED_FILE HTP_TX_HAS_FILE | |
116 | #define HTP_RULE_NEED_FILENAME HTP_TX_HAS_FILENAME | |
117 | #define HTP_RULE_NEED_TYPE HTP_TX_HAS_TYPE | |
118 | #define HTP_RULE_NEED_FILECONTENT HTP_TX_HAS_FILECONTENT | |
6ebe7b7c | 119 | |
06a65cb4 PR |
120 | /** Now the Body Chunks will be stored per transaction, at |
121 | * the tx user data */ | |
122 | typedef struct SCHtpTxUserData_ { | |
5c6a65dc AS |
123 | /* Body of the request (if any) */ |
124 | HtpBody body; | |
a0ee6ade | 125 | |
5c6a65dc | 126 | /* Holds the length of the htp request body */ |
a0ee6ade | 127 | uint64_t content_len; |
5c6a65dc | 128 | /* Holds the length of the htp request body seen so far */ |
a0ee6ade VJ |
129 | uint64_t content_len_so_far; |
130 | ||
131 | uint64_t body_parsed; | |
132 | ||
133 | /** Holds the boundary identificator string if any (used on | |
134 | * multipart/form-data only) | |
135 | */ | |
6d60b3a7 | 136 | uint8_t *boundary; |
a0ee6ade | 137 | uint8_t boundary_len; |
6d60b3a7 | 138 | |
6ebe7b7c | 139 | uint8_t flags; |
06a65cb4 PR |
140 | } SCHtpTxUserData; |
141 | ||
07f7ba55 | 142 | typedef struct HtpState_ { |
07f7ba55 | 143 | |
7a8cd61f VJ |
144 | htp_connp_t *connp; /**< Connection parser structure for |
145 | each connection */ | |
6d60b3a7 | 146 | Flow *f; /**< Needed to retrieve the original flow when usin HTPLib callbacks */ |
fc2f7f29 | 147 | uint8_t flags; |
70b32f73 VJ |
148 | uint16_t transaction_cnt; |
149 | uint16_t transaction_done; | |
6ebe7b7c | 150 | uint32_t request_body_limit; |
e1022ee5 | 151 | FileContainer *files; |
07f7ba55 GS |
152 | } HtpState; |
153 | ||
07f7ba55 GS |
154 | void RegisterHTPParsers(void); |
155 | void HTPParserRegisterTests(void); | |
fc2f7f29 GS |
156 | void HTPAtExitPrintStats(void); |
157 | void HTPFreeConfig(void); | |
48248687 | 158 | |
0165b3f0 PR |
159 | htp_tx_t *HTPTransactionMain(const HtpState *); |
160 | ||
161 | int HTPCallbackRequestBodyData(htp_tx_data_t *); | |
4e44073c | 162 | int HtpTransactionGetLoggableId(Flow *); |
0165b3f0 PR |
163 | void HtpBodyPrint(HtpBody *); |
164 | void HtpBodyFree(HtpBody *); | |
165 | void AppLayerHtpRegisterExtraCallbacks(void); | |
25a3a5c6 PR |
166 | /* To free the state from unittests using app-layer-htp */ |
167 | void HTPStateFree(void *); | |
97d49d8f | 168 | void AppLayerHtpEnableRequestBodyCallback(void); |
6d60b3a7 | 169 | void AppLayerHtpNeedFileInspection(void); |
6fca55e0 | 170 | void AppLayerHtpPrintStats(void); |
0165b3f0 | 171 | |
48248687 | 172 | #endif /* __APP_LAYER_HTP_H__ */ |
07f7ba55 | 173 | |
60a99915 EL |
174 | /** |
175 | * @} | |
176 | */ |