From a0e44ebb17b6424f0959ef639ae7ef090475dd77 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Sun, 19 Jan 2025 21:32:01 +0100 Subject: [PATCH] http: use even more aliases for htp opaque htp_tx_t For request and response headers In preparation of libhtp rust --- src/app-layer-htp-libhtp.h | 3 +++ src/app-layer-htp-xff.c | 2 +- src/app-layer-htp.c | 11 ++++------- src/detect-http-cookie.c | 5 ++--- src/detect-http-headers-stub.h | 4 ++-- src/detect-http-host.c | 2 +- src/detect-http-ua.c | 2 +- src/log-httplog.c | 12 ++++++------ src/output-json-http.c | 14 ++++++-------- 9 files changed, 26 insertions(+), 29 deletions(-) diff --git a/src/app-layer-htp-libhtp.h b/src/app-layer-htp-libhtp.h index eb97479c11..7e4e57f52e 100644 --- a/src/app-layer-htp-libhtp.h +++ b/src/app-layer-htp-libhtp.h @@ -121,6 +121,9 @@ #define htp_tx_response_progress(tx) tx->response_progress #define htp_tx_response_protocol_number(tx) tx->response_protocol_number +#define htp_tx_request_header(tx, header) htp_table_get_c(tx->request_headers, header) +#define htp_tx_response_header(tx, header) htp_table_get_c(tx->response_headers, header) + bstr *SCHTPGenerateNormalizedUri(htp_tx_t *tx, htp_uri_t *uri, bool uri_include_all); #endif /* SURICATA_APP_LAYER_HTP_LIBHTP__H */ diff --git a/src/app-layer-htp-xff.c b/src/app-layer-htp-xff.c index 4c0265212a..0fe5ebc9c6 100644 --- a/src/app-layer-htp-xff.c +++ b/src/app-layer-htp-xff.c @@ -141,7 +141,7 @@ int HttpXFFGetIPFromTx(const Flow *f, uint64_t tx_id, HttpXFFCfg *xff_cfg, htp_header_t *h_xff = NULL; if (htp_tx_request_headers(tx) != NULL) { - h_xff = htp_table_get_c(htp_tx_request_headers(tx), xff_cfg->header); + h_xff = htp_tx_request_header(tx, xff_cfg->header); } if (h_xff != NULL && bstr_len(h_xff->value) >= XFF_CHAIN_MINLEN && diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index 2448c2b272..e1e4031a1b 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -974,8 +974,7 @@ static AppLayerResult HTPHandleResponseData(Flow *f, void *htp_state, AppLayerPa case HTP_STREAM_STATE_TUNNEL: tx = htp_connp_get_out_tx(hstate->connp); if (tx != NULL && htp_tx_response_status_number(tx) == 101) { - htp_header_t *h = - (htp_header_t *)htp_table_get_c(htp_tx_response_headers(tx), "Upgrade"); + htp_header_t *h = (htp_header_t *)htp_tx_response_header(tx, "Upgrade"); if (h == NULL) { break; } @@ -1141,7 +1140,7 @@ static int HTTPParseContentDispositionHeader(uint8_t *name, size_t name_len, */ static int HtpRequestBodySetupMultipart(htp_tx_t *tx, HtpTxUserData *htud) { - htp_header_t *h = (htp_header_t *)htp_table_get_c(htp_tx_request_headers(tx), "Content-Type"); + htp_header_t *h = (htp_header_t *)htp_tx_request_header(tx, "Content-Type"); if (h != NULL && bstr_len(h->value) > 0) { htud->mime_state = SCMimeStateInit(bstr_ptr(h->value), (uint32_t)bstr_len(h->value)); if (htud->mime_state) { @@ -1362,8 +1361,7 @@ static int HtpResponseBodyHandle(HtpState *hstate, HtpTxUserData *htud, size_t filename_len = 0; /* try Content-Disposition header first */ - htp_header_t *h = - (htp_header_t *)htp_table_get_c(htp_tx_response_headers(tx), "Content-Disposition"); + htp_header_t *h = (htp_header_t *)htp_tx_response_header(tx, "Content-Disposition"); if (h != NULL && bstr_len(h->value) > 0) { /* parse content-disposition */ (void)HTTPParseContentDispositionHeader((uint8_t *)"filename=", 9, @@ -1381,8 +1379,7 @@ static int HtpResponseBodyHandle(HtpState *hstate, HtpTxUserData *htud, if (filename != NULL) { // set range if present - htp_header_t *h_content_range = - htp_table_get_c(htp_tx_response_headers(tx), "content-range"); + htp_header_t *h_content_range = htp_tx_response_header(tx, "content-range"); if (filename_len > SC_FILENAME_MAX) { // explicitly truncate the file name if too long filename_len = SC_FILENAME_MAX; diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c index f390ce8284..1f6ac77b67 100644 --- a/src/detect-http-cookie.c +++ b/src/detect-http-cookie.c @@ -181,7 +181,7 @@ static InspectionBuffer *GetRequestData(DetectEngineThreadCtx *det_ctx, if (htp_tx_request_headers(tx) == NULL) return NULL; - htp_header_t *h = (htp_header_t *)htp_table_get_c(htp_tx_request_headers(tx), "Cookie"); + htp_header_t *h = (htp_header_t *)htp_tx_request_header(tx, "Cookie"); if (h == NULL || h->value == NULL) { SCLogDebug("HTTP cookie header not present in this request"); return NULL; @@ -208,8 +208,7 @@ static InspectionBuffer *GetResponseData(DetectEngineThreadCtx *det_ctx, if (htp_tx_response_headers(tx) == NULL) return NULL; - htp_header_t *h = - (htp_header_t *)htp_table_get_c(htp_tx_response_headers(tx), "Set-Cookie"); + htp_header_t *h = (htp_header_t *)htp_tx_response_header(tx, "Set-Cookie"); if (h == NULL || h->value == NULL) { SCLogDebug("HTTP cookie header not present in this request"); return NULL; diff --git a/src/detect-http-headers-stub.h b/src/detect-http-headers-stub.h index b32194108f..a4679fbf24 100644 --- a/src/detect-http-headers-stub.h +++ b/src/detect-http-headers-stub.h @@ -57,7 +57,7 @@ static InspectionBuffer *GetRequestData(DetectEngineThreadCtx *det_ctx, if (htp_tx_request_headers(tx) == NULL) return NULL; - htp_header_t *h = (htp_header_t *)htp_table_get_c(htp_tx_request_headers(tx), HEADER_NAME); + htp_header_t *h = (htp_header_t *)htp_tx_request_header(tx, HEADER_NAME); if (h == NULL || h->value == NULL) { SCLogDebug("HTTP %s header not present in this request", HEADER_NAME); @@ -112,7 +112,7 @@ static InspectionBuffer *GetResponseData(DetectEngineThreadCtx *det_ctx, if (htp_tx_response_headers(tx) == NULL) return NULL; - htp_header_t *h = (htp_header_t *)htp_table_get_c(htp_tx_response_headers(tx), HEADER_NAME); + htp_header_t *h = (htp_header_t *)htp_tx_response_header(tx, HEADER_NAME); if (h == NULL || h->value == NULL) { SCLogDebug("HTTP %s header not present in this request", HEADER_NAME); diff --git a/src/detect-http-host.c b/src/detect-http-host.c index ed061b3921..a723900c5c 100644 --- a/src/detect-http-host.c +++ b/src/detect-http-host.c @@ -352,7 +352,7 @@ static InspectionBuffer *GetRawData(DetectEngineThreadCtx *det_ctx, if (htp_tx_request_headers(tx) == NULL) return NULL; - htp_header_t *h = (htp_header_t *)htp_table_get_c(htp_tx_request_headers(tx), "Host"); + htp_header_t *h = (htp_header_t *)htp_tx_request_header(tx, "Host"); if (h == NULL || h->value == NULL) return NULL; diff --git a/src/detect-http-ua.c b/src/detect-http-ua.c index 9fe6236271..bd479fdefd 100644 --- a/src/detect-http-ua.c +++ b/src/detect-http-ua.c @@ -165,7 +165,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, if (htp_tx_request_headers(tx) == NULL) return NULL; - htp_header_t *h = (htp_header_t *)htp_table_get_c(htp_tx_request_headers(tx), "User-Agent"); + htp_header_t *h = (htp_header_t *)htp_tx_request_header(tx, "User-Agent"); if (h == NULL || h->value == NULL) { SCLogDebug("HTTP UA header not present in this request"); return NULL; diff --git a/src/log-httplog.c b/src/log-httplog.c index 6622fb4009..308cb3e9cb 100644 --- a/src/log-httplog.c +++ b/src/log-httplog.c @@ -229,7 +229,7 @@ static void LogHttpLogCustom(LogHttpLogThread *aft, htp_tx_t *tx, const SCTime_t case LOG_HTTP_CF_REQUEST_HEADER: /* REQUEST HEADER */ if (htp_tx_request_headers(tx) != NULL) { - h_request_hdr = htp_table_get_c(htp_tx_request_headers(tx), node->data); + h_request_hdr = htp_tx_request_header(tx, node->data); } if (h_request_hdr != NULL) { datalen = node->maxlen; @@ -246,7 +246,7 @@ static void LogHttpLogCustom(LogHttpLogThread *aft, htp_tx_t *tx, const SCTime_t case LOG_HTTP_CF_REQUEST_COOKIE: /* REQUEST COOKIE */ if (htp_tx_request_headers(tx) != NULL) { - h_request_hdr = htp_table_get_c(htp_tx_request_headers(tx), "Cookie"); + h_request_hdr = htp_tx_request_header(tx, "Cookie"); if (h_request_hdr != NULL) { cvalue_len = GetCookieValue((uint8_t *)bstr_ptr(h_request_hdr->value), (uint32_t)bstr_len(h_request_hdr->value), (char *)node->data, &cvalue); @@ -281,7 +281,7 @@ static void LogHttpLogCustom(LogHttpLogThread *aft, htp_tx_t *tx, const SCTime_t case LOG_HTTP_CF_RESPONSE_HEADER: /* RESPONSE HEADER */ if (htp_tx_response_headers(tx) != NULL) { - h_response_hdr = htp_table_get_c(htp_tx_response_headers(tx), node->data); + h_response_hdr = htp_tx_response_header(tx, node->data); } if (h_response_hdr != NULL) { datalen = node->maxlen; @@ -317,7 +317,7 @@ static void LogHttpLogExtended(LogHttpLogThread *aft, htp_tx_t *tx) /* referer */ htp_header_t *h_referer = NULL; if (htp_tx_request_headers(tx) != NULL) { - h_referer = htp_table_get_c(htp_tx_request_headers(tx), "referer"); + h_referer = htp_tx_request_header(tx, "referer"); } if (h_referer != NULL) { PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size, @@ -355,7 +355,7 @@ static void LogHttpLogExtended(LogHttpLogThread *aft, htp_tx_t *tx) /* Redirect? */ if ((htp_tx_response_status_number(tx) > 300) && ((htp_tx_response_status_number(tx)) < 303)) { - htp_header_t *h_location = htp_table_get_c(htp_tx_response_headers(tx), "location"); + htp_header_t *h_location = htp_tx_response_header(tx, "location"); if (h_location != NULL) { MemBufferWriteString(aft->buffer, " => "); @@ -450,7 +450,7 @@ static TmEcode LogHttpLogIPWrapper(ThreadVars *tv, void *data, const Packet *p, /* user agent */ htp_header_t *h_user_agent = NULL; if (htp_tx_request_headers(tx) != NULL) { - h_user_agent = htp_table_get_c(htp_tx_request_headers(tx), "user-agent"); + h_user_agent = htp_tx_request_header(tx, "user-agent"); } if (h_user_agent != NULL) { PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size, diff --git a/src/output-json-http.c b/src/output-json-http.c index 9c6630460f..4d8c03c957 100644 --- a/src/output-json-http.c +++ b/src/output-json-http.c @@ -220,15 +220,14 @@ static void EveHttpLogJSONBasic(JsonBuilder *js, htp_tx_t *tx) if (htp_tx_request_headers(tx) != NULL) { /* user agent */ - htp_header_t *h_user_agent = htp_table_get_c(htp_tx_request_headers(tx), "user-agent"); + htp_header_t *h_user_agent = htp_tx_request_header(tx, "user-agent"); if (h_user_agent != NULL) { jb_set_string_from_bytes(js, "http_user_agent", bstr_ptr(h_user_agent->value), (uint32_t)bstr_len(h_user_agent->value)); } /* x-forwarded-for */ - htp_header_t *h_x_forwarded_for = - htp_table_get_c(htp_tx_request_headers(tx), "x-forwarded-for"); + htp_header_t *h_x_forwarded_for = htp_tx_request_header(tx, "x-forwarded-for"); if (h_x_forwarded_for != NULL) { jb_set_string_from_bytes(js, "xff", bstr_ptr(h_x_forwarded_for->value), (uint32_t)bstr_len(h_x_forwarded_for->value)); @@ -237,7 +236,7 @@ static void EveHttpLogJSONBasic(JsonBuilder *js, htp_tx_t *tx) /* content-type */ if (htp_tx_response_headers(tx) != NULL) { - htp_header_t *h_content_type = htp_table_get_c(htp_tx_response_headers(tx), "content-type"); + htp_header_t *h_content_type = htp_tx_response_header(tx, "content-type"); if (h_content_type != NULL) { const size_t size = bstr_len(h_content_type->value) * 2 + 1; char string[size]; @@ -247,8 +246,7 @@ static void EveHttpLogJSONBasic(JsonBuilder *js, htp_tx_t *tx) *p = '\0'; jb_set_string(js, "http_content_type", string); } - htp_header_t *h_content_range = - htp_table_get_c(htp_tx_response_headers(tx), "content-range"); + htp_header_t *h_content_range = htp_tx_response_header(tx, "content-range"); if (h_content_range != NULL) { jb_open_object(js, "content_range"); jb_set_string_from_bytes(js, "raw", bstr_ptr(h_content_range->value), @@ -272,7 +270,7 @@ static void EveHttpLogJSONExtended(JsonBuilder *js, htp_tx_t *tx) /* referer */ htp_header_t *h_referer = NULL; if (htp_tx_request_headers(tx) != NULL) { - h_referer = htp_table_get_c(htp_tx_request_headers(tx), "referer"); + h_referer = htp_tx_request_header(tx, "referer"); } if (h_referer != NULL) { jb_set_string_from_bytes( @@ -302,7 +300,7 @@ static void EveHttpLogJSONExtended(JsonBuilder *js, htp_tx_t *tx) (uint32_t)bstr_len(htp_tx_response_status(tx))); } - htp_header_t *h_location = htp_table_get_c(htp_tx_response_headers(tx), "location"); + htp_header_t *h_location = htp_tx_response_header(tx, "location"); if (h_location != NULL) { jb_set_string_from_bytes( js, "redirect", bstr_ptr(h_location->value), (uint32_t)bstr_len(h_location->value)); -- 2.47.2