[people/ms/suricata.git] / src / app-layer-htp.h

/* Copyright (C) 2007-2011 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \defgroup httplayer HTTP layer support
 *
 * @{
 */

/**
 * \file
 *
 * \author Gurvinder Singh <gurvindersinghdahiya@gmail.com>
 * \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
 *
 * This file provides a HTTP protocol support for the engine using HTP library.
 */

#ifndef __APP_LAYER_HTP_H__
#define __APP_LAYER_HTP_H__

#include "util-radix-tree.h"
#include "util-file.h"

#include <htp/htp.h>

/* default request body limit */
#define HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT           4096U
#define HTP_CONFIG_DEFAULT_RESPONSE_BODY_LIMIT          4096U
#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_MIN_SIZE     32768U
#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_WINDOW       4096U
#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_MIN_SIZE    32768U
#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_WINDOW      4096U
#define HTP_CONFIG_DEFAULT_FIELD_LIMIT_SOFT             9000U
#define HTP_CONFIG_DEFAULT_FIELD_LIMIT_HARD             18000U

#define HTP_CONFIG_DEFAULT_RANDOMIZE                    1
#define HTP_CONFIG_DEFAULT_RANDOMIZE_RANGE              10

/** a boundary should be smaller in size */
#define HTP_BOUNDARY_MAX                            200U

#define HTP_FLAG_STATE_OPEN         0x0001    /**< Flag to indicate that HTTP
                                             connection is open */
#define HTP_FLAG_STATE_CLOSED_TS    0x0002    /**< Flag to indicate that HTTP
                                             connection is closed */
#define HTP_FLAG_STATE_CLOSED_TC    0x0004    /**< Flag to indicate that HTTP
                                             connection is closed */
#define HTP_FLAG_STATE_DATA         0x0008    /**< Flag to indicate that HTTP
                                             connection needs more data */
#define HTP_FLAG_STATE_ERROR        0x0010    /**< Flag to indicate that an error
                                             has been occured on HTTP
                                             connection */
#define HTP_FLAG_NEW_BODY_SET       0x0020    /**< Flag to indicate that HTTP
                                             has parsed a new body (for
                                             pcre) */
#define HTP_FLAG_STORE_FILES_TS     0x0040
#define HTP_FLAG_STORE_FILES_TC     0x0080
#define HTP_FLAG_STORE_FILES_TX_TS  0x0100
#define HTP_FLAG_STORE_FILES_TX_TC  0x0200
/** flag the state that a new file has been set in this tx */
#define HTP_FLAG_NEW_FILE_TX_TS     0x0400
/** flag the state that a new file has been set in this tx */
#define HTP_FLAG_NEW_FILE_TX_TC     0x0800

enum {
    HTP_BODY_NONE = 0,                  /**< Flag to indicate the current
                                             operation */
    HTP_BODY_REQUEST,                   /**< Flag to indicate that the
                                             current operation is a request */
    HTP_BODY_RESPONSE                   /**< Flag to indicate that the current
                                          * operation is a response */
};

enum {
    HTP_BODY_REQUEST_NONE = 0,
    HTP_BODY_REQUEST_MULTIPART, /* POST, MP */
    HTP_BODY_REQUEST_POST,      /* POST, no MP */
    HTP_BODY_REQUEST_PUT,
};

enum {
    /* libhtp errors/warnings */
    HTTP_DECODER_EVENT_UNKNOWN_ERROR,
    HTTP_DECODER_EVENT_GZIP_DECOMPRESSION_FAILED,
    HTTP_DECODER_EVENT_REQUEST_FIELD_MISSING_COLON,
    HTTP_DECODER_EVENT_RESPONSE_FIELD_MISSING_COLON,
    HTTP_DECODER_EVENT_INVALID_REQUEST_CHUNK_LEN,
    HTTP_DECODER_EVENT_INVALID_RESPONSE_CHUNK_LEN,
    HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_REQUEST,
    HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_RESPONSE,
    HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_REQUEST,
    HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE,
    HTTP_DECODER_EVENT_100_CONTINUE_ALREADY_SEEN,
    HTTP_DECODER_EVENT_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST,
    HTTP_DECODER_EVENT_INVALID_SERVER_PORT_IN_REQUEST,
    HTTP_DECODER_EVENT_INVALID_AUTHORITY_PORT,
    HTTP_DECODER_EVENT_REQUEST_HEADER_INVALID,
    HTTP_DECODER_EVENT_RESPONSE_HEADER_INVALID,
    HTTP_DECODER_EVENT_MISSING_HOST_HEADER,
    HTTP_DECODER_EVENT_HOST_HEADER_AMBIGUOUS,
    HTTP_DECODER_EVENT_INVALID_REQUEST_FIELD_FOLDING,
    HTTP_DECODER_EVENT_INVALID_RESPONSE_FIELD_FOLDING,
    HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG,
    HTTP_DECODER_EVENT_RESPONSE_FIELD_TOO_LONG,
    HTTP_DECODER_EVENT_REQUEST_SERVER_PORT_TCP_PORT_MISMATCH,
    HTTP_DECODER_EVENT_URI_HOST_INVALID,
    HTTP_DECODER_EVENT_HEADER_HOST_INVALID,

    /* suricata errors/warnings */
    HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR,
    HTTP_DECODER_EVENT_MULTIPART_NO_FILEDATA,
    HTTP_DECODER_EVENT_MULTIPART_INVALID_HEADER,
};

#define HTP_PCRE_NONE           0x00    /**< No pcre executed yet */
#define HTP_PCRE_DONE           0x01    /**< Flag to indicate that pcre has
                                             done some inspection in the
                                             chunks */
#define HTP_PCRE_HAS_MATCH      0x02    /**< Flag to indicate that the chunks
                                             matched on some rule */

/** Need a linked list in order to keep track of these */
typedef struct HTPCfgRec_ {
    htp_cfg_t           *cfg;
    struct HTPCfgRec_   *next;

    int                 uri_include_all; /**< use all info in uri (bool) */

    /** max size of the client body we inspect */
    uint32_t            request_body_limit;
    uint32_t            response_body_limit;

    uint32_t            request_inspect_min_size;
    uint32_t            request_inspect_window;

    uint32_t            response_inspect_min_size;
    uint32_t            response_inspect_window;
    int                 randomize;
    int                 randomize_range;
} HTPCfgRec;

/** Struct used to hold chunks of a body on a request */
struct HtpBodyChunk_ {
    uint8_t *data;              /**< Pointer to the data of the chunk */
    struct HtpBodyChunk_ *next; /**< Pointer to the next chunk */
    uint64_t stream_offset;
    uint32_t len;               /**< Length of the chunk */
} __attribute__((__packed__));
typedef struct HtpBodyChunk_ HtpBodyChunk;

/** Struct used to hold all the chunks of a body on a request */
typedef struct HtpBody_ {
    HtpBodyChunk *first; /**< Pointer to the first chunk */
    HtpBodyChunk *last;  /**< Pointer to the last chunk */

    /* Holds the length of the htp request body */
    uint64_t content_len;
    /* Holds the length of the htp request body seen so far */
    uint64_t content_len_so_far;
    /* parser tracker */
    uint64_t body_parsed;
    /* inspection tracker */
    uint64_t body_inspected;
} HtpBody;

#define HTP_CONTENTTYPE_SET     0x01    /**< We have the content type */
#define HTP_BOUNDARY_SET        0x02    /**< We have a boundary string */
#define HTP_BOUNDARY_OPEN       0x04    /**< We have a boundary string */
#define HTP_FILENAME_SET        0x08   /**< filename is registered in the flow */
#define HTP_DONTSTORE           0x10    /**< not storing this file */

#define HTP_TX_HAS_FILE             0x01
#define HTP_TX_HAS_FILENAME         0x02    /**< filename is known at this time */
#define HTP_TX_HAS_TYPE             0x04
#define HTP_TX_HAS_FILECONTENT      0x08    /**< file has content so we can do type detect */

#define HTP_RULE_NEED_FILE          HTP_TX_HAS_FILE
#define HTP_RULE_NEED_FILENAME      HTP_TX_HAS_FILENAME
#define HTP_RULE_NEED_TYPE          HTP_TX_HAS_TYPE
#define HTP_RULE_NEED_FILECONTENT   HTP_TX_HAS_FILECONTENT

/** Now the Body Chunks will be stored per transaction, at
  * the tx user data */
typedef struct HtpTxUserData_ {
    /* Body of the request (if any) */
    uint8_t request_body_init;
    uint8_t response_body_init;
    HtpBody request_body;
    HtpBody response_body;

    bstr *request_uri_normalized;

    uint8_t *request_headers_raw;
    uint8_t *response_headers_raw;
    uint32_t request_headers_raw_len;
    uint32_t response_headers_raw_len;

    /** Holds the boundary identificator string if any (used on
     *  multipart/form-data only)
     */
    uint8_t *boundary;
    uint8_t boundary_len;

    uint8_t tsflags;
    uint8_t tcflags;

    int16_t operation;

    uint8_t request_body_type;
    uint8_t response_body_type;

} HtpTxUserData;

typedef struct HtpState_ {

    /* Connection parser structure for each connection */
    htp_connp_t *connp;
    /* Connection structure for each connection */
    htp_conn_t *conn;
    Flow *f;                /**< Needed to retrieve the original flow when usin HTPLib callbacks */
    uint64_t transaction_cnt;
    uint64_t store_tx_id;
    FileContainer *files_ts;
    FileContainer *files_tc;
    struct HTPCfgRec_ *cfg;
    uint16_t flags;
} HtpState;

/** part of the engine needs the request body (e.g. http_client_body keyword) */
#define HTP_REQUIRE_REQUEST_BODY        (1 << 0)
/** part of the engine needs the request body multipart header (e.g. filename
 *  and / or fileext keywords) */
#define HTP_REQUIRE_REQUEST_MULTIPART   (1 << 1)
/** part of the engine needs the request file (e.g. log-file module) */
#define HTP_REQUIRE_REQUEST_FILE        (1 << 2)
/** part of the engine needs the request body (e.g. file_data keyword) */
#define HTP_REQUIRE_RESPONSE_BODY       (1 << 3)

SC_ATOMIC_DECLARE(uint32_t, htp_config_flags);

void RegisterHTPParsers(void);
void HTPParserRegisterTests(void);
void HTPAtExitPrintStats(void);
void HTPFreeConfig(void);

htp_tx_t *HTPTransactionMain(const HtpState *);

int HTPCallbackRequestBodyData(htp_tx_data_t *);
int HtpTransactionGetLoggableId(Flow *);
void HtpBodyPrint(HtpBody *);
void HtpBodyFree(HtpBody *);
/* To free the state from unittests using app-layer-htp */
void HTPStateFree(void *);
void AppLayerHtpEnableRequestBodyCallback(void);
void AppLayerHtpEnableResponseBodyCallback(void);
void AppLayerHtpNeedFileInspection(void);
void AppLayerHtpPrintStats(void);

void HTPConfigure(void);

void HtpConfigCreateBackup(void);
void HtpConfigRestoreBackup(void);

#endif	/* __APP_LAYER_HTP_H__ */

/**
 * @}
 */
Commit	Line	Data
a0ee6ade	1	/* Copyright (C) 2007-2011 Open Information Security Foundation
ce019275 WM	2	*
	3	* You can copy, redistribute or modify this Program under the terms of
	4	* the GNU General Public License version 2 as published by the Free
	5	* Software Foundation.
	6	*
	7	* This program is distributed in the hope that it will be useful,
	8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	10	* GNU General Public License for more details.
0165b3f0	11	*
ce019275 WM	12	* You should have received a copy of the GNU General Public License
	13	* version 2 along with this program; if not, write to the Free Software
	14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
	15	* 02110-1301, USA.
	16	*/
	17
60a99915 EL	18	/**
	19	* \defgroup httplayer HTTP layer support
	20	*
	21	* @{
	22	*/
	23
ce019275 WM	24	/**
ce019275 WM	25	* \file
0165b3f0	26	*
07f7ba55	27	* \author Gurvinder Singh <gurvindersinghdahiya@gmail.com>
0165b3f0	28	* \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
07f7ba55	29	*
ce019275	30	* This file provides a HTTP protocol support for the engine using HTP library.
07f7ba55 GS	31	*/
07f7ba55 GS	32
48248687 VJ	33	#ifndef __APP_LAYER_HTP_H__
48248687 VJ	34	#define __APP_LAYER_HTP_H__
07f7ba55	35
a9cdd2bb	36	#include "util-radix-tree.h"
e1022ee5	37	#include "util-file.h"
a9cdd2bb	38
07f7ba55 GS	39	#include <htp/htp.h>
07f7ba55 GS	40
6ebe7b7c	41	/* default request body limit */
2763a612 VJ	42	#define HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT 4096U
	43	#define HTP_CONFIG_DEFAULT_RESPONSE_BODY_LIMIT 4096U
	44	#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_MIN_SIZE 32768U
	45	#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_WINDOW 4096U
	46	#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_MIN_SIZE 32768U
	47	#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_WINDOW 4096U
fb496791 VJ	48	#define HTP_CONFIG_DEFAULT_FIELD_LIMIT_SOFT 9000U
fb496791 VJ	49	#define HTP_CONFIG_DEFAULT_FIELD_LIMIT_HARD 18000U
a0ee6ade	50
ff784075 EL	51	#define HTP_CONFIG_DEFAULT_RANDOMIZE 1
	52	#define HTP_CONFIG_DEFAULT_RANDOMIZE_RANGE 10
	53
a0ee6ade VJ	54	/** a boundary should be smaller in size */
a0ee6ade VJ	55	#define HTP_BOUNDARY_MAX 200U
6ebe7b7c	56
9878eca0	57	#define HTP_FLAG_STATE_OPEN 0x0001 /**< Flag to indicate that HTTP
0165b3f0	58	connection is open */
64625675	59	#define HTP_FLAG_STATE_CLOSED_TS 0x0002 /**< Flag to indicate that HTTP
0165b3f0	60	connection is closed */
64625675 AS	61	#define HTP_FLAG_STATE_CLOSED_TC 0x0004 /**< Flag to indicate that HTTP
	62	connection is closed */
	63	#define HTP_FLAG_STATE_DATA 0x0008 /**< Flag to indicate that HTTP
0165b3f0	64	connection needs more data */
64625675	65	#define HTP_FLAG_STATE_ERROR 0x0010 /**< Flag to indicate that an error
0165b3f0 PR	66	has been occured on HTTP
0165b3f0 PR	67	connection */
64625675	68	#define HTP_FLAG_NEW_BODY_SET 0x0020 /**< Flag to indicate that HTTP
0165b3f0 PR	69	has parsed a new body (for
0165b3f0 PR	70	pcre) */
64625675 AS	71	#define HTP_FLAG_STORE_FILES_TS 0x0040
	72	#define HTP_FLAG_STORE_FILES_TC 0x0080
	73	#define HTP_FLAG_STORE_FILES_TX_TS 0x0100
	74	#define HTP_FLAG_STORE_FILES_TX_TC 0x0200
c2c53994	75	/** flag the state that a new file has been set in this tx */
64625675	76	#define HTP_FLAG_NEW_FILE_TX_TS 0x0400
c2c53994	77	/** flag the state that a new file has been set in this tx */
64625675	78	#define HTP_FLAG_NEW_FILE_TX_TC 0x0800
9878eca0	79
0165b3f0	80	enum {
23e01d23	81	HTP_BODY_NONE = 0, /**< Flag to indicate the current
0165b3f0 PR	82	operation */
	83	HTP_BODY_REQUEST, /**< Flag to indicate that the
	84	current operation is a request */
	85	HTP_BODY_RESPONSE /**< Flag to indicate that the current
	86	* operation is a response */
	87	};
	88
23e01d23 VJ	89	enum {
23e01d23 VJ	90	HTP_BODY_REQUEST_NONE = 0,
3702a33a VJ	91	HTP_BODY_REQUEST_MULTIPART, /* POST, MP */
3702a33a VJ	92	HTP_BODY_REQUEST_POST, /* POST, no MP */
23e01d23 VJ	93	HTP_BODY_REQUEST_PUT,
	94	};
	95
f713b653	96	enum {
e21d8cdf	97	/* libhtp errors/warnings */
f713b653 VJ	98	HTTP_DECODER_EVENT_UNKNOWN_ERROR,
	99	HTTP_DECODER_EVENT_GZIP_DECOMPRESSION_FAILED,
	100	HTTP_DECODER_EVENT_REQUEST_FIELD_MISSING_COLON,
93d121bf	101	HTTP_DECODER_EVENT_RESPONSE_FIELD_MISSING_COLON,
f713b653 VJ	102	HTTP_DECODER_EVENT_INVALID_REQUEST_CHUNK_LEN,
	103	HTTP_DECODER_EVENT_INVALID_RESPONSE_CHUNK_LEN,
	104	HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_REQUEST,
	105	HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_RESPONSE,
	106	HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_REQUEST,
	107	HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE,
	108	HTTP_DECODER_EVENT_100_CONTINUE_ALREADY_SEEN,
	109	HTTP_DECODER_EVENT_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST,
	110	HTTP_DECODER_EVENT_INVALID_SERVER_PORT_IN_REQUEST,
	111	HTTP_DECODER_EVENT_INVALID_AUTHORITY_PORT,
	112	HTTP_DECODER_EVENT_REQUEST_HEADER_INVALID,
93d121bf	113	HTTP_DECODER_EVENT_RESPONSE_HEADER_INVALID,
f713b653 VJ	114	HTTP_DECODER_EVENT_MISSING_HOST_HEADER,
	115	HTTP_DECODER_EVENT_HOST_HEADER_AMBIGUOUS,
	116	HTTP_DECODER_EVENT_INVALID_REQUEST_FIELD_FOLDING,
	117	HTTP_DECODER_EVENT_INVALID_RESPONSE_FIELD_FOLDING,
	118	HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG,
	119	HTTP_DECODER_EVENT_RESPONSE_FIELD_TOO_LONG,
9f519e95	120	HTTP_DECODER_EVENT_REQUEST_SERVER_PORT_TCP_PORT_MISMATCH,
cb150003 VJ	121	HTTP_DECODER_EVENT_URI_HOST_INVALID,
cb150003 VJ	122	HTTP_DECODER_EVENT_HEADER_HOST_INVALID,
e21d8cdf VJ	123
	124	/* suricata errors/warnings */
	125	HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR,
	126	HTTP_DECODER_EVENT_MULTIPART_NO_FILEDATA,
	127	HTTP_DECODER_EVENT_MULTIPART_INVALID_HEADER,
f713b653 VJ	128	};
f713b653 VJ	129
0165b3f0 PR	130	#define HTP_PCRE_NONE 0x00 /*< No pcre executed yet /
	131	#define HTP_PCRE_DONE 0x01 /**< Flag to indicate that pcre has
	132	done some inspection in the
	133	chunks */
	134	#define HTP_PCRE_HAS_MATCH 0x02 /**< Flag to indicate that the chunks
	135	matched on some rule */
	136
2763a612 VJ	137	/** Need a linked list in order to keep track of these */
	138	typedef struct HTPCfgRec_ {
	139	htp_cfg_t *cfg;
	140	struct HTPCfgRec_ *next;
	141
a8b971c7 VJ	142	int uri_include_all; /*< use all info in uri (bool) /
a8b971c7 VJ	143
2763a612 VJ	144	/** max size of the client body we inspect */
	145	uint32_t request_body_limit;
	146	uint32_t response_body_limit;
	147
	148	uint32_t request_inspect_min_size;
	149	uint32_t request_inspect_window;
	150
	151	uint32_t response_inspect_min_size;
	152	uint32_t response_inspect_window;
ff784075 EL	153	int randomize;
ff784075 EL	154	int randomize_range;
2763a612 VJ	155	} HTPCfgRec;
2763a612 VJ	156
0165b3f0	157	/** Struct used to hold chunks of a body on a request */
d378b76c	158	struct HtpBodyChunk_ {
0165b3f0	159	uint8_t data; /< Pointer to the data of the chunk /
a0ee6ade VJ	160	struct HtpBodyChunk_ next; /< Pointer to the next chunk /
a0ee6ade VJ	161	uint64_t stream_offset;
d378b76c VJ	162	uint32_t len; /*< Length of the chunk /
	163	} __attribute__((__packed__));
	164	typedef struct HtpBodyChunk_ HtpBodyChunk;
0165b3f0 PR	165
0165b3f0 PR	166	/** Struct used to hold all the chunks of a body on a request */
7a8cd61f VJ	167	typedef struct HtpBody_ {
	168	HtpBodyChunk first; /< Pointer to the first chunk /
	169	HtpBodyChunk last; /< Pointer to the last chunk /
a0ee6ade	170
b402d971 VJ	171	/* Holds the length of the htp request body */
	172	uint64_t content_len;
	173	/* Holds the length of the htp request body seen so far */
	174	uint64_t content_len_so_far;
d378b76c	175	/* parser tracker */
b402d971	176	uint64_t body_parsed;
d378b76c VJ	177	/* inspection tracker */
d378b76c VJ	178	uint64_t body_inspected;
0165b3f0	179	} HtpBody;
fc2f7f29	180
94e25276 AS	181	#define HTP_CONTENTTYPE_SET 0x01 /*< We have the content type /
	182	#define HTP_BOUNDARY_SET 0x02 /*< We have a boundary string /
	183	#define HTP_BOUNDARY_OPEN 0x04 /*< We have a boundary string /
	184	#define HTP_FILENAME_SET 0x08 /*< filename is registered in the flow /
	185	#define HTP_DONTSTORE 0x10 /*< not storing this file /
23e01d23 VJ	186
	187	#define HTP_TX_HAS_FILE 0x01
	188	#define HTP_TX_HAS_FILENAME 0x02 /*< filename is known at this time /
	189	#define HTP_TX_HAS_TYPE 0x04
	190	#define HTP_TX_HAS_FILECONTENT 0x08 /*< file has content so we can do type detect /
	191
	192	#define HTP_RULE_NEED_FILE HTP_TX_HAS_FILE
	193	#define HTP_RULE_NEED_FILENAME HTP_TX_HAS_FILENAME
	194	#define HTP_RULE_NEED_TYPE HTP_TX_HAS_TYPE
	195	#define HTP_RULE_NEED_FILECONTENT HTP_TX_HAS_FILECONTENT
6ebe7b7c	196
06a65cb4 PR	197	/** Now the Body Chunks will be stored per transaction, at
06a65cb4 PR	198	* the tx user data */
66a3cd96	199	typedef struct HtpTxUserData_ {
5c6a65dc	200	/* Body of the request (if any) */
48cf0585 AS	201	uint8_t request_body_init;
48cf0585 AS	202	uint8_t response_body_init;
66a3cd96	203	HtpBody request_body;
b402d971	204	HtpBody response_body;
a0ee6ade	205
48cf0585 AS	206	bstr *request_uri_normalized;
	207
	208	uint8_t *request_headers_raw;
	209	uint8_t *response_headers_raw;
	210	uint32_t request_headers_raw_len;
	211	uint32_t response_headers_raw_len;
	212
a0ee6ade VJ	213	/** Holds the boundary identificator string if any (used on
	214	* multipart/form-data only)
	215	*/
6d60b3a7	216	uint8_t *boundary;
a0ee6ade	217	uint8_t boundary_len;
6d60b3a7	218
43c7fd75 VJ	219	uint8_t tsflags;
43c7fd75 VJ	220	uint8_t tcflags;
b402d971 VJ	221
b402d971 VJ	222	int16_t operation;
d378b76c VJ	223
	224	uint8_t request_body_type;
	225	uint8_t response_body_type;
	226
66a3cd96	227	} HtpTxUserData;
06a65cb4	228
07f7ba55	229	typedef struct HtpState_ {
07f7ba55	230
48cf0585 AS	231	/* Connection parser structure for each connection */
	232	htp_connp_t *connp;
	233	/* Connection structure for each connection */
	234	htp_conn_t *conn;
6d60b3a7	235	Flow f; /< Needed to retrieve the original flow when usin HTPLib callbacks /
d4d18e31	236	uint64_t transaction_cnt;
d4d18e31	237	uint64_t store_tx_id;
d59ca75e VJ	238	FileContainer *files_ts;
d59ca75e VJ	239	FileContainer *files_tc;
2763a612	240	struct HTPCfgRec_ *cfg;
d4d18e31	241	uint16_t flags;
07f7ba55 GS	242	} HtpState;
07f7ba55 GS	243
6fa46d75	244	/** part of the engine needs the request body (e.g. http_client_body keyword) */
92679442	245	#define HTP_REQUIRE_REQUEST_BODY (1 << 0)
6fa46d75 AS	246	/** part of the engine needs the request body multipart header (e.g. filename
6fa46d75 AS	247	* and / or fileext keywords) */
92679442	248	#define HTP_REQUIRE_REQUEST_MULTIPART (1 << 1)
6fa46d75	249	/** part of the engine needs the request file (e.g. log-file module) */
92679442	250	#define HTP_REQUIRE_REQUEST_FILE (1 << 2)
6fa46d75	251	/** part of the engine needs the request body (e.g. file_data keyword) */
92679442 EL	252	#define HTP_REQUIRE_RESPONSE_BODY (1 << 3)
	253
	254	SC_ATOMIC_DECLARE(uint32_t, htp_config_flags);
6fa46d75	255
07f7ba55 GS	256	void RegisterHTPParsers(void);
07f7ba55 GS	257	void HTPParserRegisterTests(void);
fc2f7f29 GS	258	void HTPAtExitPrintStats(void);
fc2f7f29 GS	259	void HTPFreeConfig(void);
48248687	260
0165b3f0 PR	261	htp_tx_t HTPTransactionMain(const HtpState );
	262
	263	int HTPCallbackRequestBodyData(htp_tx_data_t *);
4e44073c	264	int HtpTransactionGetLoggableId(Flow *);
0165b3f0 PR	265	void HtpBodyPrint(HtpBody *);
0165b3f0 PR	266	void HtpBodyFree(HtpBody *);
25a3a5c6 PR	267	/* To free the state from unittests using app-layer-htp */
25a3a5c6 PR	268	void HTPStateFree(void *);
97d49d8f	269	void AppLayerHtpEnableRequestBodyCallback(void);
b402d971	270	void AppLayerHtpEnableResponseBodyCallback(void);
6d60b3a7	271	void AppLayerHtpNeedFileInspection(void);
6fca55e0	272	void AppLayerHtpPrintStats(void);
0165b3f0	273
ab4b15c2 AS	274	void HTPConfigure(void);
	275
	276	void HtpConfigCreateBackup(void);
	277	void HtpConfigRestoreBackup(void);
	278
48248687	279	#endif /* __APP_LAYER_HTP_H__ */
07f7ba55	280
60a99915 EL	281	/**
	282	* @}
	283	*/