#define HTP_PROTOCOL_V1_0 HTP_PROTOCOL_1_0
#define HTP_PROTOCOL_V0_9 HTP_PROTOCOL_0_9
+#define HTP_REQUEST_PROGRESS_LINE HTP_REQUEST_LINE
+#define HTP_REQUEST_PROGRESS_HEADERS HTP_REQUEST_HEADERS
+#define HTP_REQUEST_PROGRESS_BODY HTP_REQUEST_BODY
+#define HTP_REQUEST_PROGRESS_TRAILER HTP_REQUEST_TRAILER
+#define HTP_REQUEST_PROGRESS_COMPLETE HTP_REQUEST_COMPLETE
+#define HTP_RESPONSE_PROGRESS_LINE HTP_RESPONSE_LINE
+#define HTP_RESPONSE_PROGRESS_HEADERS HTP_RESPONSE_HEADERS
+#define HTP_RESPONSE_PROGRESS_BODY HTP_RESPONSE_BODY
+#define HTP_RESPONSE_PROGRESS_TRAILER HTP_RESPONSE_TRAILER
+#define HTP_RESPONSE_PROGRESS_COMPLETE HTP_RESPONSE_COMPLETE
+
bstr *SCHTPGenerateNormalizedUri(htp_tx_t *tx, htp_uri_t *uri, bool uri_include_all);
#endif /* SURICATA_APP_LAYER_HTP_LIBHTP__H */
* free it here. htp_tx_destroy however, will refuse to do this.
* As htp_tx_destroy_incomplete isn't available in the public API,
* we hack around it here. */
- if (unlikely(!(
- tx->request_progress == HTP_REQUEST_COMPLETE &&
- tx->response_progress == HTP_RESPONSE_COMPLETE)))
- {
- tx->request_progress = HTP_REQUEST_COMPLETE;
- tx->response_progress = HTP_RESPONSE_COMPLETE;
+ if (unlikely(!(tx->request_progress == HTP_REQUEST_PROGRESS_COMPLETE &&
+ tx->response_progress == HTP_RESPONSE_PROGRESS_COMPLETE))) {
+ tx->request_progress = HTP_REQUEST_PROGRESS_COMPLETE;
+ tx->response_progress = HTP_RESPONSE_PROGRESS_COMPLETE;
}
// replaces tx in the s->conn->transactions list by NULL
htp_tx_destroy(tx);
// libhtp will not call us back too late
// should libhtp send a callback eof for 0 chunked ?
DEBUG_VALIDATE_BUG_ON(AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx,
- STREAM_TOSERVER) >= HTP_REQUEST_COMPLETE);
+ STREAM_TOSERVER) >= HTP_REQUEST_PROGRESS_COMPLETE);
const uint8_t *cur_buf = chunks_buffer;
uint32_t cur_buf_len = chunks_buffer_len;
HTPSetEvent(
hstate, htud, STREAM_TOCLIENT, HTTP_DECODER_EVENT_FAILED_PROTOCOL_CHANGE);
}
- tx->request_progress = HTP_REQUEST_COMPLETE;
- tx->response_progress = HTP_RESPONSE_COMPLETE;
+ tx->request_progress = HTP_REQUEST_PROGRESS_COMPLETE;
+ tx->response_progress = HTP_RESPONSE_PROGRESS_COMPLETE;
}
}
AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetTx);
AppLayerParserRegisterStateProgressCompletionStatus(
- ALPROTO_HTTP1, HTP_REQUEST_COMPLETE, HTP_RESPONSE_COMPLETE);
+ ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_COMPLETE, HTP_RESPONSE_PROGRESS_COMPLETE);
AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetEventInfo);
AppLayerParserRegisterGetEventInfoById(
IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetEventInfoById);
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "app-layer-smtp.h"
#include "flow.h"
ips = htp_state->cfg->http_body_inline;
const bool body_done = AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx,
- flow_flags) > HTP_RESPONSE_BODY;
+ flow_flags) > HTP_RESPONSE_PROGRESS_BODY;
SCLogDebug("response.body_limit %u file_size %" PRIu64
", cur_file->inspect_min_size %" PRIu32 ", EOF %s, progress > body? %s",
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "detect-http-client-body.h"
#include "stream-tcp.h"
#include "util-profiling.h"
sigmatch_table[DETECT_HTTP_REQUEST_BODY].flags |= SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("http_client_body", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_BODY, DetectEngineInspectBufferHttpBody, NULL);
+ HTP_REQUEST_PROGRESS_BODY, DetectEngineInspectBufferHttpBody, NULL);
DetectAppLayerMpmRegister("http_client_body", SIG_FLAG_TOSERVER, 2,
- PrefilterMpmHttpRequestBodyRegister, NULL, ALPROTO_HTTP1, HTP_REQUEST_BODY);
+ PrefilterMpmHttpRequestBodyRegister, NULL, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_BODY);
DetectAppLayerInspectEngineRegister("http_client_body", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
HTTP2StateDataClient, DetectEngineInspectFiledata, NULL);
htp_state->cfg->request.body_limit, body->content_len_so_far,
htp_state->cfg->request.inspect_min_size, flags & STREAM_EOF ? "true" : "false",
(AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) >
- HTP_REQUEST_BODY)
+ HTP_REQUEST_PROGRESS_BODY)
? "true"
: "false");
body->content_len_so_far < htp_state->cfg->request.body_limit) &&
body->content_len_so_far < htp_state->cfg->request.inspect_min_size &&
!(AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) >
- HTP_REQUEST_BODY) &&
+ HTP_REQUEST_PROGRESS_BODY) &&
!(flags & STREAM_EOF)) {
SCLogDebug("we still haven't seen the entire request body. "
"Let's defer body inspection till we see the "
if (flags & STREAM_TOSERVER) {
if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, txv, flags) >
- HTP_REQUEST_BODY)
+ HTP_REQUEST_PROGRESS_BODY)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
} else {
if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, txv, flags) >
- HTP_RESPONSE_BODY)
+ HTP_RESPONSE_PROGRESS_BODY)
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
}
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "detect-http-cookie.h"
#include "stream-tcp.h"
sigmatch_table[DETECT_HTTP_COOKIE].flags |= SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRequestData);
+ HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetRequestData);
DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,
- HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetResponseData);
+ HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetResponseData);
DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
- GetRequestData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS);
+ GetRequestData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS);
DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister,
- GetResponseData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS);
+ GetResponseData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS);
DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRequestData2);
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "detect-http-header.h"
#include "stream-tcp.h"
htp_table_t *headers;
if (flags & STREAM_TOSERVER) {
if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) <=
- HTP_REQUEST_HEADERS)
+ HTP_REQUEST_PROGRESS_HEADERS)
return NULL;
headers = tx->request_headers;
} else {
if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) <=
- HTP_RESPONSE_HEADERS)
+ HTP_RESPONSE_PROGRESS_HEADERS)
return NULL;
headers = tx->response_headers;
}
/* http1 */
DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
- GetBuffer1ForTX, ALPROTO_HTTP1, HTP_REQUEST_HEADERS);
+ GetBuffer1ForTX, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS);
DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister,
- GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS);
+ GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_HEADERS);
DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX);
+ HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX);
DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,
- HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX);
+ HTP_RESPONSE_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX);
/* http2 */
DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "detect-http-header.h"
#include "detect-http-header-common.h"
htp_table_t *headers;
if (flags & STREAM_TOSERVER) {
if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) <=
- HTP_REQUEST_HEADERS)
+ HTP_REQUEST_PROGRESS_HEADERS)
return NULL;
headers = tx->request_headers;
} else {
if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) <=
- HTP_RESPONSE_HEADERS)
+ HTP_RESPONSE_PROGRESS_HEADERS)
return NULL;
headers = tx->response_headers;
}
pectx->mpm_ctx = mpm_ctx;
pectx->transforms = &mpm_reg->transforms;
- int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeader,
- mpm_reg->app_v2.alproto, HTP_REQUEST_HEADERS,
- pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname);
+ int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeader, mpm_reg->app_v2.alproto,
+ HTP_REQUEST_PROGRESS_HEADERS, pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname);
if (r != 0) {
SCFree(pectx);
return r;
pectx->mpm_ctx = mpm_ctx;
pectx->transforms = &mpm_reg->transforms;
- r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailer,
- mpm_reg->app_v2.alproto, HTP_REQUEST_TRAILER,
- pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname);
+ r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailer, mpm_reg->app_v2.alproto,
+ HTP_REQUEST_PROGRESS_TRAILER, pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname);
if (r != 0) {
SCFree(pectx);
}
pectx->mpm_ctx = mpm_ctx;
pectx->transforms = &mpm_reg->transforms;
- int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeader,
- mpm_reg->app_v2.alproto, HTP_RESPONSE_HEADERS,
- pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname);
+ int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeader, mpm_reg->app_v2.alproto,
+ HTP_RESPONSE_PROGRESS_HEADERS, pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname);
if (r != 0) {
SCFree(pectx);
return r;
pectx->mpm_ctx = mpm_ctx;
pectx->transforms = &mpm_reg->transforms;
- r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailer,
- mpm_reg->app_v2.alproto, HTP_RESPONSE_TRAILER,
- pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname);
+ r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailer, mpm_reg->app_v2.alproto,
+ HTP_RESPONSE_PROGRESS_TRAILER, pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname);
if (r != 0) {
SCFree(pectx);
}
sigmatch_table[DETECT_HTTP_HEADER].flags |= SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_HEADERS, DetectEngineInspectBufferHttpHeader, NULL);
+ HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferHttpHeader, NULL);
DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOSERVER, 2,
PrefilterMpmHttpHeaderRequestRegister, NULL, ALPROTO_HTTP1,
0); /* not used, registered twice: HEADERS/TRAILER */
DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,
- HTP_RESPONSE_HEADERS, DetectEngineInspectBufferHttpHeader, NULL);
+ HTP_RESPONSE_PROGRESS_HEADERS, DetectEngineInspectBufferHttpHeader, NULL);
DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOCLIENT, 2,
PrefilterMpmHttpHeaderResponseRegister, NULL, ALPROTO_HTTP1,
0); /* not used, registered twice: HEADERS/TRAILER */
DetectAppLayerMultiRegister("http_request_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
HTTP2StateOpen, GetHttp2HeaderData, 2, HTTP2StateOpen);
DetectAppLayerMultiRegister("http_request_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_HEADERS, GetHttp1HeaderData, 2, HTP_REQUEST_HEADERS);
+ HTP_REQUEST_PROGRESS_HEADERS, GetHttp1HeaderData, 2, HTP_REQUEST_PROGRESS_HEADERS);
DetectBufferTypeSetDescriptionByName("http_request_header", "HTTP header name and value");
g_http_request_header_buffer_id = DetectBufferTypeGetByName("http_request_header");
DetectAppLayerMultiRegister("http_response_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT,
HTTP2StateOpen, GetHttp2HeaderData, 2, HTTP2StateOpen);
DetectAppLayerMultiRegister("http_response_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,
- HTP_RESPONSE_HEADERS, GetHttp1HeaderData, 2, HTP_RESPONSE_HEADERS);
+ HTP_RESPONSE_PROGRESS_HEADERS, GetHttp1HeaderData, 2, HTP_RESPONSE_PROGRESS_HEADERS);
DetectBufferTypeSetDescriptionByName("http_response_header", "HTTP header name and value");
g_http_response_header_buffer_id = DetectBufferTypeGetByName("http_response_header");
#include "flow.h"
#include <htp/htp.h>
+#include "app-layer-htp-libhtp.h"
#include "detect.h"
#include "detect-parse.h"
#ifdef KEYWORD_TOSERVER
DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
- GetRequestData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS);
+ GetRequestData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS);
DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
GetRequestData2, ALPROTO_HTTP2, HTTP2StateDataClient);
#endif
#ifdef KEYWORD_TOCLIENT
DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister,
- GetResponseData, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS);
+ GetResponseData, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_HEADERS);
DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister,
GetResponseData2, ALPROTO_HTTP2, HTTP2StateDataServer);
#endif
#ifdef KEYWORD_TOSERVER
DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRequestData);
+ HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetRequestData);
DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRequestData2);
#endif
#ifdef KEYWORD_TOCLIENT
DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,
- HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetResponseData);
+ HTP_RESPONSE_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetResponseData);
DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT,
HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetResponseData2);
#endif
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "stream-tcp.h"
#include "detect-http-host.h"
sigmatch_table[DETECT_HTTP_HOST].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("http_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetData);
+ HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
- GetData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS);
+ GetData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS);
DetectAppLayerInspectEngineRegister("http_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2);
sigmatch_table[DETECT_HTTP_HOST_RAW].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("http_raw_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRawData);
+ HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetRawData);
DetectAppLayerMpmRegister("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
- GetRawData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS);
+ GetRawData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS);
DetectAppLayerInspectEngineRegister("http_raw_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRawData2);
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "detect-http-method.h"
#include "stream-tcp.h"
sigmatch_table[DETECT_HTTP_METHOD].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("http_method", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData);
+ HTP_REQUEST_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister,
- GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE);
+ GetData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_LINE);
DetectAppLayerInspectEngineRegister("http_method", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2);
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "detect-http-header.h"
#include "stream-tcp.h"
sigmatch_table[DETECT_AL_HTTP_PROTOCOL].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT;
DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
- GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE);
+ GetData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_LINE);
DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister,
- GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE);
+ GetData, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_LINE);
DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData);
+ HTP_REQUEST_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,
- HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData);
+ HTP_RESPONSE_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2);
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "detect-http-raw-header.h"
static int DetectHttpRawHeaderSetup(DetectEngineCtx *, Signature *, const char *);
sigmatch_table[DETECT_HTTP_RAW_HEADER].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData);
+ HTP_REQUEST_PROGRESS_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,
- HTP_RESPONSE_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData);
+ HTP_RESPONSE_PROGRESS_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOSERVER, 2,
PrefilterMpmHttpHeaderRawRequestRegister, NULL, ALPROTO_HTTP1,
pectx->mpm_ctx = mpm_ctx;
pectx->transforms = &mpm_reg->transforms;
- int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeaderRaw,
- mpm_reg->app_v2.alproto, HTP_REQUEST_HEADERS+1,
- pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
+ int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeaderRaw, mpm_reg->app_v2.alproto,
+ HTP_REQUEST_PROGRESS_HEADERS + 1, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
if (r != 0) {
SCFree(pectx);
return r;
pectx->mpm_ctx = mpm_ctx;
pectx->transforms = &mpm_reg->transforms;
- r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailerRaw,
- mpm_reg->app_v2.alproto, HTP_REQUEST_TRAILER+1,
- pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
+ r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailerRaw, mpm_reg->app_v2.alproto,
+ HTP_REQUEST_PROGRESS_TRAILER + 1, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
if (r != 0) {
SCFree(pectx);
}
pectx->mpm_ctx = mpm_ctx;
pectx->transforms = &mpm_reg->transforms;
- int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeaderRaw,
- mpm_reg->app_v2.alproto, HTP_RESPONSE_HEADERS,
- pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
+ int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeaderRaw, mpm_reg->app_v2.alproto,
+ HTP_RESPONSE_PROGRESS_HEADERS, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
if (r != 0) {
SCFree(pectx);
return r;
pectx->mpm_ctx = mpm_ctx;
pectx->transforms = &mpm_reg->transforms;
- r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailerRaw,
- mpm_reg->app_v2.alproto, HTP_RESPONSE_TRAILER,
- pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
+ r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailerRaw, mpm_reg->app_v2.alproto,
+ HTP_RESPONSE_PROGRESS_TRAILER, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname);
if (r != 0) {
SCFree(pectx);
}
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "stream-tcp.h"
#include "detect-http-request-line.h"
sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("http_request_line", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData);
+ HTP_REQUEST_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("http_request_line", SIG_FLAG_TOSERVER, 2,
- PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE);
+ PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_LINE);
DetectAppLayerInspectEngineRegister("http_request_line", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2);
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "stream-tcp.h"
#include "detect-http-response-line.h"
sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("http_response_line", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,
- HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData);
+ HTP_RESPONSE_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("http_response_line", SIG_FLAG_TOCLIENT, 2,
- PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE);
+ PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_LINE);
DetectAppLayerInspectEngineRegister("http_response_line", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT,
HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2);
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "detect-http-header.h"
#include "stream-tcp.h"
htp_table_t *headers;
if (flags & STREAM_TOSERVER) {
if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) <=
- HTP_REQUEST_HEADERS)
+ HTP_REQUEST_PROGRESS_HEADERS)
return NULL;
line = tx->request_line;
headers = tx->request_headers;
} else {
if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) <=
- HTP_RESPONSE_HEADERS)
+ HTP_RESPONSE_PROGRESS_HEADERS)
return NULL;
headers = tx->response_headers;
line = tx->response_line;
sigmatch_table[DETECT_AL_HTTP_START].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
- GetBuffer1ForTX, ALPROTO_HTTP1, HTP_REQUEST_HEADERS);
+ GetBuffer1ForTX, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS);
DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister,
- GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS);
+ GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_HEADERS);
DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX);
+ HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX);
DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,
- HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX);
+ HTP_RESPONSE_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX);
DetectBufferTypeSetDescriptionByName(BUFFER_NAME,
BUFFER_DESC);
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "detect-http-stat-code.h"
#include "stream-tcp-private.h"
#include "stream-tcp.h"
sigmatch_table[DETECT_HTTP_STAT_CODE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("http_stat_code", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,
- HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData);
+ HTP_RESPONSE_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister,
- GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE);
+ GetData, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_LINE);
DetectAppLayerInspectEngineRegister("http_stat_code", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT,
HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2);
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "detect-http-stat-msg.h"
#include "stream-tcp-private.h"
#include "stream-tcp.h"
sigmatch_table[DETECT_HTTP_STAT_MSG].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("http_stat_msg", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,
- HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData);
+ HTP_RESPONSE_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("http_stat_msg", SIG_FLAG_TOCLIENT, 3, PrefilterGenericMpmRegister,
- GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE);
+ GetData, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_LINE);
DetectAppLayerInspectEngineRegister("http_stat_msg", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT,
HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2);
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "stream-tcp.h"
#include "detect-http-ua.h"
sigmatch_table[DETECT_HTTP_UA].flags |= SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("http_user_agent", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetData);
+ HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
- GetData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS);
+ GetData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS);
DetectAppLayerInspectEngineRegister("http_user_agent", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2);
#include "app-layer.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "detect-http-uri.h"
#include "stream-tcp.h"
sigmatch_table[DETECT_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("http_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData);
+ HTP_REQUEST_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
- GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE);
+ GetData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_LINE);
DetectAppLayerInspectEngineRegister("http_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2);
sigmatch_table[DETECT_HTTP_URI_RAW].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerInspectEngineRegister("http_raw_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
- HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetRawData);
+ HTP_REQUEST_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetRawData);
DetectAppLayerMpmRegister("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
- GetRawData, ALPROTO_HTTP1, HTP_REQUEST_LINE);
+ GetRawData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_LINE);
// no difference between raw and decoded uri for HTTP2
DetectAppLayerInspectEngineRegister("http_raw_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer-htp.h"
+#include "app-layer-htp-libhtp.h"
#include "util-classification-config.h"
#include "util-unittest.h"
{ .alproto = ALPROTO_FTPDATA, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT },
{ .alproto = ALPROTO_HTTP1,
.direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT,
- .to_client_progress = HTP_RESPONSE_BODY,
- .to_server_progress = HTP_REQUEST_BODY },
+ .to_client_progress = HTP_RESPONSE_PROGRESS_BODY,
+ .to_server_progress = HTP_REQUEST_PROGRESS_BODY },
{ .alproto = ALPROTO_HTTP2,
.direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT,
.to_client_progress = HTTP2StateDataServer,
projects / thirdparty / suricata.git / commitdiff
