From: Victor Julien Date: Sat, 1 Apr 2017 10:13:17 +0000 (+0200) Subject: detect: implement http referer sticky buffer X-Git-Tag: suricata-4.0.0-beta1~199 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5714129e32f4dd26a309c08826037a53dd7a84cc;p=thirdparty%2Fsuricata.git detect: implement http referer sticky buffer --- diff --git a/src/Makefile.am b/src/Makefile.am index 01b1114a17..e4af8bcd07 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -176,6 +176,7 @@ detect-http-method.c detect-http-method.h \ detect-http-protocol.c detect-http-protocol.h \ detect-http-raw-header.c detect-http-raw-header.h \ detect-http-raw-uri.c detect-http-raw-uri.h \ +detect-http-referer.c detect-http-referer.h \ detect-http-request-line.c detect-http-request-line.h \ detect-http-response-line.c detect-http-response-line.h \ detect-http-server-body.c detect-http-server-body.h \ diff --git a/src/detect-http-headers.c b/src/detect-http-headers.c index fda7f53dcf..f22cdf108c 100644 --- a/src/detect-http-headers.c +++ b/src/detect-http-headers.c @@ -16,8 +16,10 @@ */ #include "detect-http-accept.h" +#include "detect-http-referer.h" void DetectHttpHeadersRegister(void) { RegisterHttpHeadersAccept(); + RegisterHttpHeadersReferer(); } diff --git a/src/detect-http-referer.c b/src/detect-http-referer.c new file mode 100644 index 0000000000..edb48c18b9 --- /dev/null +++ b/src/detect-http-referer.c @@ -0,0 +1,46 @@ +/* Copyright (C) 2007-2017 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \ingroup httplayer + * + * @{ + */ + + +/** + * \file + * + * \author Victor Julien + * + * Implements support http_referer sticky buffer + */ + +#define KEYWORD_NAME "http_referer" +#define KEYWORD_DOC "http-keywords#http-referer" +#define BUFFER_NAME "http_referer" +#define BUFFER_DESC "http referer header" +#define HEADER_NAME "Referer" +#define KEYWORD_ID DETECT_AL_HTTP_HEADER_REFERER +#define KEYWORD_TOSERVER 1 + +#include "detect-http-headers-stub.h" + +void RegisterHttpHeadersReferer(void) +{ + DetectHttpHeadersRegisterStub(); +} diff --git a/src/detect-http-referer.h b/src/detect-http-referer.h new file mode 100644 index 0000000000..ae265890a0 --- /dev/null +++ b/src/detect-http-referer.h @@ -0,0 +1,23 @@ +/* Copyright (C) 2007-2017 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +#ifndef __DETECT_HTTP_REFERER_H__ +#define __DETECT_HTTP_REFERER_H__ + +void RegisterHttpHeadersReferer(void); + +#endif /* __DETECT_HTTP_REFERER_H__ */ diff --git a/src/detect.h b/src/detect.h index 672fc1f023..d46dbcd9b4 100644 --- a/src/detect.h +++ b/src/detect.h @@ -1242,6 +1242,7 @@ enum { DETECT_AL_HTTP_HEADER, DETECT_AL_HTTP_HEADER_NAMES, DETECT_AL_HTTP_HEADER_ACCEPT, + DETECT_AL_HTTP_HEADER_REFERER, DETECT_AL_HTTP_RAW_HEADER, DETECT_AL_HTTP_URI, DETECT_AL_HTTP_RAW_URI,