aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/suricata/src/app-layer-htp.h
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/suricata/src/app-layer-htp.h')
-rw-r--r--framework/src/suricata/src/app-layer-htp.h294
1 files changed, 0 insertions, 294 deletions
diff --git a/framework/src/suricata/src/app-layer-htp.h b/framework/src/suricata/src/app-layer-htp.h
deleted file mode 100644
index 275bc4b7..00000000
--- a/framework/src/suricata/src/app-layer-htp.h
+++ /dev/null
@@ -1,294 +0,0 @@
-/* Copyright (C) 2007-2011 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \defgroup httplayer HTTP layer support
- *
- * @{
- */
-
-/**
- * \file
- *
- * \author Gurvinder Singh <gurvindersinghdahiya@gmail.com>
- * \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
- *
- * This file provides a HTTP protocol support for the engine using HTP library.
- */
-
-#ifndef __APP_LAYER_HTP_H__
-#define __APP_LAYER_HTP_H__
-
-#include "util-radix-tree.h"
-#include "util-file.h"
-#include "app-layer-htp-mem.h"
-#include "detect-engine-state.h"
-
-#include <htp/htp.h>
-
-/* default request body limit */
-#define HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT 4096U
-#define HTP_CONFIG_DEFAULT_RESPONSE_BODY_LIMIT 4096U
-#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_MIN_SIZE 32768U
-#define HTP_CONFIG_DEFAULT_REQUEST_INSPECT_WINDOW 4096U
-#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_MIN_SIZE 32768U
-#define HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_WINDOW 4096U
-#define HTP_CONFIG_DEFAULT_FIELD_LIMIT_SOFT 9000U
-#define HTP_CONFIG_DEFAULT_FIELD_LIMIT_HARD 18000U
-
-#define HTP_CONFIG_DEFAULT_RANDOMIZE 1
-#define HTP_CONFIG_DEFAULT_RANDOMIZE_RANGE 10
-
-/** a boundary should be smaller in size */
-#define HTP_BOUNDARY_MAX 200U
-
-#define HTP_FLAG_STATE_OPEN 0x0001 /**< Flag to indicate that HTTP
- connection is open */
-#define HTP_FLAG_STATE_CLOSED_TS 0x0002 /**< Flag to indicate that HTTP
- connection is closed */
-#define HTP_FLAG_STATE_CLOSED_TC 0x0004 /**< Flag to indicate that HTTP
- connection is closed */
-#define HTP_FLAG_STATE_DATA 0x0008 /**< Flag to indicate that HTTP
- connection needs more data */
-#define HTP_FLAG_STATE_ERROR 0x0010 /**< Flag to indicate that an error
- has been occured on HTTP
- connection */
-#define HTP_FLAG_NEW_BODY_SET 0x0020 /**< Flag to indicate that HTTP
- has parsed a new body (for
- pcre) */
-#define HTP_FLAG_STORE_FILES_TS 0x0040
-#define HTP_FLAG_STORE_FILES_TC 0x0080
-#define HTP_FLAG_STORE_FILES_TX_TS 0x0100
-#define HTP_FLAG_STORE_FILES_TX_TC 0x0200
-/** flag the state that a new file has been set in this tx */
-#define HTP_FLAG_NEW_FILE_TX_TS 0x0400
-/** flag the state that a new file has been set in this tx */
-#define HTP_FLAG_NEW_FILE_TX_TC 0x0800
-
-enum {
- HTP_BODY_NONE = 0, /**< Flag to indicate the current
- operation */
- HTP_BODY_REQUEST, /**< Flag to indicate that the
- current operation is a request */
- HTP_BODY_RESPONSE /**< Flag to indicate that the current
- * operation is a response */
-};
-
-enum {
- HTP_BODY_REQUEST_NONE = 0,
- HTP_BODY_REQUEST_MULTIPART, /* POST, MP */
- HTP_BODY_REQUEST_POST, /* POST, no MP */
- HTP_BODY_REQUEST_PUT,
-};
-
-enum {
- /* libhtp errors/warnings */
- HTTP_DECODER_EVENT_UNKNOWN_ERROR,
- HTTP_DECODER_EVENT_GZIP_DECOMPRESSION_FAILED,
- HTTP_DECODER_EVENT_REQUEST_FIELD_MISSING_COLON,
- HTTP_DECODER_EVENT_RESPONSE_FIELD_MISSING_COLON,
- HTTP_DECODER_EVENT_INVALID_REQUEST_CHUNK_LEN,
- HTTP_DECODER_EVENT_INVALID_RESPONSE_CHUNK_LEN,
- HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_REQUEST,
- HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_RESPONSE,
- HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_REQUEST,
- HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE,
- HTTP_DECODER_EVENT_100_CONTINUE_ALREADY_SEEN,
- HTTP_DECODER_EVENT_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST,
- HTTP_DECODER_EVENT_INVALID_SERVER_PORT_IN_REQUEST,
- HTTP_DECODER_EVENT_INVALID_AUTHORITY_PORT,
- HTTP_DECODER_EVENT_REQUEST_HEADER_INVALID,
- HTTP_DECODER_EVENT_RESPONSE_HEADER_INVALID,
- HTTP_DECODER_EVENT_MISSING_HOST_HEADER,
- HTTP_DECODER_EVENT_HOST_HEADER_AMBIGUOUS,
- HTTP_DECODER_EVENT_INVALID_REQUEST_FIELD_FOLDING,
- HTTP_DECODER_EVENT_INVALID_RESPONSE_FIELD_FOLDING,
- HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG,
- HTTP_DECODER_EVENT_RESPONSE_FIELD_TOO_LONG,
- HTTP_DECODER_EVENT_REQUEST_SERVER_PORT_TCP_PORT_MISMATCH,
- HTTP_DECODER_EVENT_URI_HOST_INVALID,
- HTTP_DECODER_EVENT_HEADER_HOST_INVALID,
- HTTP_DECODER_EVENT_METHOD_DELIM_NON_COMPLIANT,
- HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT,
- HTTP_DECODER_EVENT_REQUEST_LINE_LEADING_WHITESPACE,
-
- /* suricata errors/warnings */
- HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR,
- HTTP_DECODER_EVENT_MULTIPART_NO_FILEDATA,
- HTTP_DECODER_EVENT_MULTIPART_INVALID_HEADER,
-};
-
-#define HTP_PCRE_NONE 0x00 /**< No pcre executed yet */
-#define HTP_PCRE_DONE 0x01 /**< Flag to indicate that pcre has
- done some inspection in the
- chunks */
-#define HTP_PCRE_HAS_MATCH 0x02 /**< Flag to indicate that the chunks
- matched on some rule */
-
-/** Need a linked list in order to keep track of these */
-typedef struct HTPCfgRec_ {
- htp_cfg_t *cfg;
- struct HTPCfgRec_ *next;
-
- int uri_include_all; /**< use all info in uri (bool) */
-
- /** max size of the client body we inspect */
- uint32_t request_body_limit;
- uint32_t response_body_limit;
-
- uint32_t request_inspect_min_size;
- uint32_t request_inspect_window;
-
- uint32_t response_inspect_min_size;
- uint32_t response_inspect_window;
- int randomize;
- int randomize_range;
- int http_body_inline;
-} HTPCfgRec;
-
-/** Struct used to hold chunks of a body on a request */
-struct HtpBodyChunk_ {
- uint8_t *data; /**< Pointer to the data of the chunk */
- struct HtpBodyChunk_ *next; /**< Pointer to the next chunk */
- uint64_t stream_offset;
- uint32_t len; /**< Length of the chunk */
- int logged;
-} __attribute__((__packed__));
-typedef struct HtpBodyChunk_ HtpBodyChunk;
-
-/** Struct used to hold all the chunks of a body on a request */
-typedef struct HtpBody_ {
- HtpBodyChunk *first; /**< Pointer to the first chunk */
- HtpBodyChunk *last; /**< Pointer to the last chunk */
-
- /* Holds the length of the htp request body seen so far */
- uint64_t content_len_so_far;
- /* parser tracker */
- uint64_t body_parsed;
- /* inspection tracker */
- uint64_t body_inspected;
-} HtpBody;
-
-#define HTP_CONTENTTYPE_SET 0x01 /**< We have the content type */
-#define HTP_BOUNDARY_SET 0x02 /**< We have a boundary string */
-#define HTP_BOUNDARY_OPEN 0x04 /**< We have a boundary string */
-#define HTP_FILENAME_SET 0x08 /**< filename is registered in the flow */
-#define HTP_DONTSTORE 0x10 /**< not storing this file */
-
-#define HTP_TX_HAS_FILE 0x01
-#define HTP_TX_HAS_FILENAME 0x02 /**< filename is known at this time */
-#define HTP_TX_HAS_TYPE 0x04
-#define HTP_TX_HAS_FILECONTENT 0x08 /**< file has content so we can do type detect */
-
-#define HTP_RULE_NEED_FILE HTP_TX_HAS_FILE
-#define HTP_RULE_NEED_FILENAME HTP_TX_HAS_FILENAME
-#define HTP_RULE_NEED_TYPE HTP_TX_HAS_TYPE
-#define HTP_RULE_NEED_FILECONTENT HTP_TX_HAS_FILECONTENT
-
-/** Now the Body Chunks will be stored per transaction, at
- * the tx user data */
-typedef struct HtpTxUserData_ {
- /* Body of the request (if any) */
- uint8_t request_body_init;
- uint8_t response_body_init;
- HtpBody request_body;
- HtpBody response_body;
-
- bstr *request_uri_normalized;
-
- uint8_t *request_headers_raw;
- uint8_t *response_headers_raw;
- uint32_t request_headers_raw_len;
- uint32_t response_headers_raw_len;
-
- AppLayerDecoderEvents *decoder_events; /**< per tx events */
-
- /** Holds the boundary identificator string if any (used on
- * multipart/form-data only)
- */
- uint8_t *boundary;
- uint8_t boundary_len;
-
- uint8_t tsflags;
- uint8_t tcflags;
-
- int16_t operation;
-
- uint8_t request_body_type;
- uint8_t response_body_type;
-
- DetectEngineState *de_state;
-} HtpTxUserData;
-
-typedef struct HtpState_ {
-
- /* Connection parser structure for each connection */
- htp_connp_t *connp;
- /* Connection structure for each connection */
- htp_conn_t *conn;
- Flow *f; /**< Needed to retrieve the original flow when usin HTPLib callbacks */
- uint64_t transaction_cnt;
- uint64_t store_tx_id;
- FileContainer *files_ts;
- FileContainer *files_tc;
- struct HTPCfgRec_ *cfg;
- uint16_t flags;
- uint16_t events;
- uint16_t htp_messages_offset; /**< offset into conn->messages list */
- uint64_t tx_with_detect_state_cnt;
-} HtpState;
-
-/** part of the engine needs the request body (e.g. http_client_body keyword) */
-#define HTP_REQUIRE_REQUEST_BODY (1 << 0)
-/** part of the engine needs the request body multipart header (e.g. filename
- * and / or fileext keywords) */
-#define HTP_REQUIRE_REQUEST_MULTIPART (1 << 1)
-/** part of the engine needs the request file (e.g. log-file module) */
-#define HTP_REQUIRE_REQUEST_FILE (1 << 2)
-/** part of the engine needs the request body (e.g. file_data keyword) */
-#define HTP_REQUIRE_RESPONSE_BODY (1 << 3)
-
-SC_ATOMIC_DECLARE(uint32_t, htp_config_flags);
-
-void RegisterHTPParsers(void);
-void HTPParserRegisterTests(void);
-void HTPAtExitPrintStats(void);
-void HTPFreeConfig(void);
-
-htp_tx_t *HTPTransactionMain(const HtpState *);
-
-int HTPCallbackRequestBodyData(htp_tx_data_t *);
-int HtpTransactionGetLoggableId(Flow *);
-void HtpBodyPrint(HtpBody *);
-void HtpBodyFree(HtpBody *);
-/* To free the state from unittests using app-layer-htp */
-void HTPStateFree(void *);
-void AppLayerHtpEnableRequestBodyCallback(void);
-void AppLayerHtpEnableResponseBodyCallback(void);
-void AppLayerHtpNeedFileInspection(void);
-void AppLayerHtpPrintStats(void);
-
-void HTPConfigure(void);
-
-void HtpConfigCreateBackup(void);
-void HtpConfigRestoreBackup(void);
-
-#endif /* __APP_LAYER_HTP_H__ */
-
-/**
- * @}
- */