[people/ms/suricata.git] / src / app-layer-htp.h

/**
 * Copyright (c) 2009 Open Information Security Foundation
 *
 * \file:   app-layer-htp.h
 *
 * \author Gurvinder Singh <gurvindersinghdahiya@gmail.com>
 * \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
 *
 * Created on November 14, 2009, 12:48 AM
 */

#ifndef __APP_LAYER_HTP_H__
#define __APP_LAYER_HTP_H__

#include "util-radix-tree.h"

#include <htp/htp.h>

#define HTP_FLAG_STATE_OPEN         0x01    /**< Flag to indicate that HTTP
                                             connection is open */
#define HTP_FLAG_STATE_CLOSED       0x02    /**< Flag to indicate that HTTP
                                             connection is closed */
#define HTP_FLAG_STATE_DATA         0x04    /**< Flag to indicate that HTTP
                                             connection needs more data */
#define HTP_FLAG_STATE_ERROR        0x08    /**< Flag to indicate that an error
                                             has been occured on HTTP
                                             connection */
#define HTP_FLAG_NEW_BODY_SET       0x10    /**< Flag to indicate that HTTP
                                             has parsed a new body (for
                                             pcre) */
#define HTP_FLAG_NEW_REQUEST        0x20    /**< Flag to indicate that we have
                                                 a new HTTP requesta and we
                                                 need to log it */


enum {
    HTP_BODY_NONE,                      /**< Flag to indicate the current
                                             operation */
    HTP_BODY_REQUEST,                   /**< Flag to indicate that the
                                             current operation is a request */
    HTP_BODY_RESPONSE                   /**< Flag to indicate that the current
                                          * operation is a response */
};

#define HTP_PCRE_NONE           0x00    /**< No pcre executed yet */
#define HTP_PCRE_DONE           0x01    /**< Flag to indicate that pcre has
                                             done some inspection in the
                                             chunks */
#define HTP_PCRE_HAS_MATCH      0x02    /**< Flag to indicate that the chunks
                                             matched on some rule */

/** Struct used to hold chunks of a body on a request */
typedef struct HtpBodyChunk_ {
    uint8_t *data;              /**< Pointer to the data of the chunk */
    uint32_t len;               /**< Length of the chunk */
    struct HtpBodyChunk_ *next; /**< Pointer to the next chunk */
    uint32_t id;                /**< number of chunk of the current body */
} HtpBodyChunk;

/** Struct used to hold all the chunks of a body on a request */
typedef struct HtpBody_ {
    HtpBodyChunk *first; /**< Pointer to the first chunk */
    HtpBodyChunk *last;  /**< Pointer to the last chunk */
    uint32_t nchunks;    /**< Number of chunks in the current operation */
    uint8_t operation;   /**< This flag indicate if it's a request
                              or a response */
    uint8_t pcre_flags;  /**< This flag indicate if no chunk matched
                              any pcre (so we can free() without waiting) */
} HtpBody;

typedef struct HtpState_ {

    htp_connp_t *connp;     /**< Connection parser structure for
                                 each connection */
    HtpBody body;           /**< Body of the request (if any) */
    size_t new_in_tx_index; /**< Index to indicate that after this we have
                                 new requests to log */
    uint8_t flags;
} HtpState;

void RegisterHTPParsers(void);
void HTPParserRegisterTests(void);
void HTPAtExitPrintStats(void);
void HTPFreeConfig(void);

htp_tx_t *HTPTransactionMain(const HtpState *);

int HTPCallbackRequestBodyData(htp_tx_data_t *);
void HtpBodyPrint(HtpBody *);
void HtpBodyFree(HtpBody *);
void AppLayerHtpRegisterExtraCallbacks(void);
/* To free the state from unittests using app-layer-htp */
void HTPStateFree(void *);
void AppLayerHtpEnableRequestBodyCallback(void);

#endif	/* __APP_LAYER_HTP_H__ */
Commit	Line	Data
0165b3f0 PR	1	/**
	2	* Copyright (c) 2009 Open Information Security Foundation
	3	*
07f7ba55	4	* \file: app-layer-htp.h
0165b3f0	5	*
07f7ba55	6	* \author Gurvinder Singh <gurvindersinghdahiya@gmail.com>
0165b3f0	7	* \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
07f7ba55 GS	8	*
	9	* Created on November 14, 2009, 12:48 AM
	10	*/
	11
48248687 VJ	12	#ifndef __APP_LAYER_HTP_H__
48248687 VJ	13	#define __APP_LAYER_HTP_H__
07f7ba55	14
a9cdd2bb BR	15	#include "util-radix-tree.h"
a9cdd2bb BR	16
07f7ba55 GS	17	#include <htp/htp.h>
07f7ba55 GS	18
50f7d0a8	19	#define HTP_FLAG_STATE_OPEN 0x01 /**< Flag to indicate that HTTP
0165b3f0	20	connection is open */
50f7d0a8	21	#define HTP_FLAG_STATE_CLOSED 0x02 /**< Flag to indicate that HTTP
0165b3f0	22	connection is closed */
50f7d0a8	23	#define HTP_FLAG_STATE_DATA 0x04 /**< Flag to indicate that HTTP
0165b3f0	24	connection needs more data */
50f7d0a8	25	#define HTP_FLAG_STATE_ERROR 0x08 /**< Flag to indicate that an error
0165b3f0 PR	26	has been occured on HTTP
0165b3f0 PR	27	connection */
50f7d0a8	28	#define HTP_FLAG_NEW_BODY_SET 0x10 /**< Flag to indicate that HTTP
0165b3f0 PR	29	has parsed a new body (for
0165b3f0 PR	30	pcre) */
50f7d0a8 GS	31	#define HTP_FLAG_NEW_REQUEST 0x20 /**< Flag to indicate that we have
	32	a new HTTP requesta and we
	33	need to log it */
0165b3f0 PR	34
	35
	36	enum {
	37	HTP_BODY_NONE, /**< Flag to indicate the current
	38	operation */
	39	HTP_BODY_REQUEST, /**< Flag to indicate that the
	40	current operation is a request */
	41	HTP_BODY_RESPONSE /**< Flag to indicate that the current
	42	* operation is a response */
	43	};
	44
	45	#define HTP_PCRE_NONE 0x00 /*< No pcre executed yet /
	46	#define HTP_PCRE_DONE 0x01 /**< Flag to indicate that pcre has
	47	done some inspection in the
	48	chunks */
	49	#define HTP_PCRE_HAS_MATCH 0x02 /**< Flag to indicate that the chunks
	50	matched on some rule */
	51
	52	/** Struct used to hold chunks of a body on a request */
7a8cd61f	53	typedef struct HtpBodyChunk_ {
0165b3f0 PR	54	uint8_t data; /< Pointer to the data of the chunk /
0165b3f0 PR	55	uint32_t len; /*< Length of the chunk /
7a8cd61f	56	struct HtpBodyChunk_ next; /< Pointer to the next chunk /
0165b3f0	57	uint32_t id; /*< number of chunk of the current body /
7a8cd61f	58	} HtpBodyChunk;
0165b3f0 PR	59
0165b3f0 PR	60	/** Struct used to hold all the chunks of a body on a request */
7a8cd61f VJ	61	typedef struct HtpBody_ {
	62	HtpBodyChunk first; /< Pointer to the first chunk /
	63	HtpBodyChunk last; /< Pointer to the last chunk /
0165b3f0 PR	64	uint32_t nchunks; /*< Number of chunks in the current operation /
	65	uint8_t operation; /**< This flag indicate if it's a request
	66	or a response */
	67	uint8_t pcre_flags; /**< This flag indicate if no chunk matched
	68	any pcre (so we can free() without waiting) */
	69	} HtpBody;
fc2f7f29	70
07f7ba55	71	typedef struct HtpState_ {
07f7ba55	72
7a8cd61f VJ	73	htp_connp_t connp; /*< Connection parser structure for
	74	each connection */
	75	HtpBody body; /*< Body of the request (if any) /
	76	size_t new_in_tx_index; /**< Index to indicate that after this we have
	77	new requests to log */
fc2f7f29	78	uint8_t flags;
07f7ba55 GS	79	} HtpState;
07f7ba55 GS	80
07f7ba55 GS	81	void RegisterHTPParsers(void);
07f7ba55 GS	82	void HTPParserRegisterTests(void);
fc2f7f29 GS	83	void HTPAtExitPrintStats(void);
fc2f7f29 GS	84	void HTPFreeConfig(void);
48248687	85
0165b3f0 PR	86	htp_tx_t HTPTransactionMain(const HtpState );
	87
	88	int HTPCallbackRequestBodyData(htp_tx_data_t *);
	89	void HtpBodyPrint(HtpBody *);
	90	void HtpBodyFree(HtpBody *);
	91	void AppLayerHtpRegisterExtraCallbacks(void);
25a3a5c6 PR	92	/* To free the state from unittests using app-layer-htp */
25a3a5c6 PR	93	void HTPStateFree(void *);
97d49d8f	94	void AppLayerHtpEnableRequestBodyCallback(void);
0165b3f0	95
48248687	96	#endif /* __APP_LAYER_HTP_H__ */
07f7ba55	97