projects / people / ms / suricata.git / blame
| Commit | Line | Data |
|---|---|---|
| ce019275 WM |
1 | /* Copyright (C) 2007-2010 Open Information Security Foundation |
| 2 | * | |
| 3 | * You can copy, redistribute or modify this Program under the terms of | |
| 4 | * the GNU General Public License version 2 as published by the Free | |
| 5 | * Software Foundation. | |
| 6 | * | |
| 7 | * This program is distributed in the hope that it will be useful, | |
| 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 10 | * GNU General Public License for more details. | |
| 0165b3f0 | 11 | * |
| ce019275 WM |
12 | * You should have received a copy of the GNU General Public License |
| 13 | * version 2 along with this program; if not, write to the Free Software | |
| 14 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
| 15 | * 02110-1301, USA. | |
| 16 | */ | |
| 17 | ||
| 18 | /** | |
| 19 | * \file | |
| 0165b3f0 | 20 | * |
| 07f7ba55 | 21 | * \author Gurvinder Singh <gurvindersinghdahiya@gmail.com> |
| 0165b3f0 | 22 | * \author Pablo Rincon <pablo.rincon.crespo@gmail.com> |
| 07f7ba55 | 23 | * |
| ce019275 | 24 | * This file provides a HTTP protocol support for the engine using HTP library. |
| 07f7ba55 GS |
25 | */ |
| 26 | ||
| 48248687 VJ |
27 | #ifndef __APP_LAYER_HTP_H__ |
| 28 | #define __APP_LAYER_HTP_H__ | |
| 07f7ba55 | 29 | |
| a9cdd2bb BR |
30 | #include "util-radix-tree.h" |
| 31 | ||
| 07f7ba55 GS |
32 | #include <htp/htp.h> |
| 33 | ||
| 6ebe7b7c VJ |
34 | /* default request body limit */ |
| 35 | #define HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT 4096U | |
| 36 | ||
| 50f7d0a8 | 37 | #define HTP_FLAG_STATE_OPEN 0x01 /**< Flag to indicate that HTTP |
| 0165b3f0 | 38 | connection is open */ |
| 50f7d0a8 | 39 | #define HTP_FLAG_STATE_CLOSED 0x02 /**< Flag to indicate that HTTP |
| 0165b3f0 | 40 | connection is closed */ |
| 50f7d0a8 | 41 | #define HTP_FLAG_STATE_DATA 0x04 /**< Flag to indicate that HTTP |
| 0165b3f0 | 42 | connection needs more data */ |
| 50f7d0a8 | 43 | #define HTP_FLAG_STATE_ERROR 0x08 /**< Flag to indicate that an error |
| 0165b3f0 PR |
44 | has been occured on HTTP |
| 45 | connection */ | |
| 50f7d0a8 | 46 | #define HTP_FLAG_NEW_BODY_SET 0x10 /**< Flag to indicate that HTTP |
| 0165b3f0 PR |
47 | has parsed a new body (for |
| 48 | pcre) */ | |
| 50f7d0a8 GS |
49 | #define HTP_FLAG_NEW_REQUEST 0x20 /**< Flag to indicate that we have |
| 50 | a new HTTP requesta and we | |
| 51 | need to log it */ | |
| 0165b3f0 | 52 | |
| 0165b3f0 PR |
53 | enum { |
| 54 | HTP_BODY_NONE, /**< Flag to indicate the current | |
| 55 | operation */ | |
| 56 | HTP_BODY_REQUEST, /**< Flag to indicate that the | |
| 57 | current operation is a request */ | |
| 58 | HTP_BODY_RESPONSE /**< Flag to indicate that the current | |
| 59 | * operation is a response */ | |
| 60 | }; | |
| 61 | ||
| 62 | #define HTP_PCRE_NONE 0x00 /**< No pcre executed yet */ | |
| 63 | #define HTP_PCRE_DONE 0x01 /**< Flag to indicate that pcre has | |
| 64 | done some inspection in the | |
| 65 | chunks */ | |
| 66 | #define HTP_PCRE_HAS_MATCH 0x02 /**< Flag to indicate that the chunks | |
| 67 | matched on some rule */ | |
| 68 | ||
| 69 | /** Struct used to hold chunks of a body on a request */ | |
| 7a8cd61f | 70 | typedef struct HtpBodyChunk_ { |
| 0165b3f0 PR |
71 | uint8_t *data; /**< Pointer to the data of the chunk */ |
| 72 | uint32_t len; /**< Length of the chunk */ | |
| 7a8cd61f | 73 | struct HtpBodyChunk_ *next; /**< Pointer to the next chunk */ |
| 0165b3f0 | 74 | uint32_t id; /**< number of chunk of the current body */ |
| 7a8cd61f | 75 | } HtpBodyChunk; |
| 0165b3f0 PR |
76 | |
| 77 | /** Struct used to hold all the chunks of a body on a request */ | |
| 7a8cd61f VJ |
78 | typedef struct HtpBody_ { |
| 79 | HtpBodyChunk *first; /**< Pointer to the first chunk */ | |
| 80 | HtpBodyChunk *last; /**< Pointer to the last chunk */ | |
| 0165b3f0 PR |
81 | uint32_t nchunks; /**< Number of chunks in the current operation */ |
| 82 | uint8_t operation; /**< This flag indicate if it's a request | |
| 83 | or a response */ | |
| 0165b3f0 | 84 | } HtpBody; |
| fc2f7f29 | 85 | |
| 6ebe7b7c VJ |
86 | #define HTP_BODY_COMPLETE 0x01 /* body is complete or limit is reached, |
| 87 | either way, this is it. */ | |
| 88 | ||
| 06a65cb4 PR |
89 | /** Now the Body Chunks will be stored per transaction, at |
| 90 | * the tx user data */ | |
| 91 | typedef struct SCHtpTxUserData_ { | |
| 5c6a65dc AS |
92 | /* Body of the request (if any) */ |
| 93 | HtpBody body; | |
| 94 | /* Holds the length of the htp request body */ | |
| 95 | uint32_t content_len; | |
| 96 | /* Holds the length of the htp request body seen so far */ | |
| 97 | uint32_t content_len_so_far; | |
| 6ebe7b7c | 98 | uint8_t flags; |
| 06a65cb4 PR |
99 | } SCHtpTxUserData; |
| 100 | ||
| 07f7ba55 | 101 | typedef struct HtpState_ { |
| 07f7ba55 | 102 | |
| 7a8cd61f VJ |
103 | htp_connp_t *connp; /**< Connection parser structure for |
| 104 | each connection */ | |
| fc2f7f29 | 105 | uint8_t flags; |
| 70b32f73 VJ |
106 | uint16_t transaction_cnt; |
| 107 | uint16_t transaction_done; | |
| 6ebe7b7c | 108 | uint32_t request_body_limit; |
| 07f7ba55 GS |
109 | } HtpState; |
| 110 | ||
| 07f7ba55 GS |
111 | void RegisterHTPParsers(void); |
| 112 | void HTPParserRegisterTests(void); | |
| fc2f7f29 GS |
113 | void HTPAtExitPrintStats(void); |
| 114 | void HTPFreeConfig(void); | |
| 48248687 | 115 | |
| 0165b3f0 PR |
116 | htp_tx_t *HTPTransactionMain(const HtpState *); |
| 117 | ||
| 118 | int HTPCallbackRequestBodyData(htp_tx_data_t *); | |
| 119 | void HtpBodyPrint(HtpBody *); | |
| 120 | void HtpBodyFree(HtpBody *); | |
| 121 | void AppLayerHtpRegisterExtraCallbacks(void); | |
| 25a3a5c6 PR |
122 | /* To free the state from unittests using app-layer-htp */ |
| 123 | void HTPStateFree(void *); | |
| 97d49d8f | 124 | void AppLayerHtpEnableRequestBodyCallback(void); |
| 0165b3f0 | 125 | |
| 48248687 | 126 | #endif /* __APP_LAYER_HTP_H__ */ |
| 07f7ba55 | 127 |