diff --git a/src/app-layer-htp-libhtp.h b/src/app-layer-htp-libhtp.h index fa9a9ecc3b25..3e5dfa63f20d 100644 --- a/src/app-layer-htp-libhtp.h +++ b/src/app-layer-htp-libhtp.h @@ -48,6 +48,54 @@ #include "suricata-common.h" +// Temporary alias definitions before switching to libhtp rust +#define HTP_STATUS_OK HTP_OK +#define HTP_STATUS_ERROR HTP_ERROR + +#define HTP_SERVER_PERSONALITY_APACHE_2 HTP_SERVER_APACHE_2 +#define HTP_SERVER_PERSONALITY_MINIMAL HTP_SERVER_MINIMAL +#define HTP_SERVER_PERSONALITY_GENERIC HTP_SERVER_GENERIC +#define HTP_SERVER_PERSONALITY_IDS HTP_SERVER_IDS +#define HTP_SERVER_PERSONALITY_IIS_4_0 HTP_SERVER_IIS_4_0 +#define HTP_SERVER_PERSONALITY_IIS_5_0 HTP_SERVER_IIS_5_0 +#define HTP_SERVER_PERSONALITY_IIS_5_1 HTP_SERVER_IIS_5_1 +#define HTP_SERVER_PERSONALITY_IIS_6_0 HTP_SERVER_IIS_6_0 +#define HTP_SERVER_PERSONALITY_IIS_7_0 HTP_SERVER_IIS_7_0 +#define HTP_SERVER_PERSONALITY_IIS_7_5 HTP_SERVER_IIS_7_5 + +#define HTP_FLAGS_REQUEST_INVALID_T_E HTP_REQUEST_INVALID_T_E +#define HTP_FLAGS_REQUEST_INVALID_C_L HTP_REQUEST_INVALID_C_L +#define HTP_FLAGS_HOST_MISSING HTP_HOST_MISSING +#define HTP_FLAGS_HOST_AMBIGUOUS HTP_HOST_AMBIGUOUS +#define HTP_FLAGS_HOSTU_INVALID HTP_HOSTU_INVALID +#define HTP_FLAGS_HOSTH_INVALID HTP_HOSTH_INVALID + +#define HTP_AUTH_TYPE_UNRECOGNIZED HTP_AUTH_UNRECOGNIZED + +#define HTP_METHOD_UNKNOWN HTP_M_UNKNOWN +#define HTP_METHOD_GET HTP_M_GET +#define HTP_METHOD_POST HTP_M_POST +#define HTP_METHOD_PUT HTP_M_PUT +#define HTP_METHOD_CONNECT HTP_M_CONNECT + +#define HTP_STREAM_STATE_ERROR HTP_STREAM_ERROR +#define HTP_STREAM_STATE_TUNNEL HTP_STREAM_TUNNEL + +#define HTP_PROTOCOL_V1_1 HTP_PROTOCOL_1_1 +#define HTP_PROTOCOL_V1_0 HTP_PROTOCOL_1_0 +#define HTP_PROTOCOL_V0_9 HTP_PROTOCOL_0_9 + +#define HTP_REQUEST_PROGRESS_LINE HTP_REQUEST_LINE +#define HTP_REQUEST_PROGRESS_HEADERS HTP_REQUEST_HEADERS +#define HTP_REQUEST_PROGRESS_BODY HTP_REQUEST_BODY +#define HTP_REQUEST_PROGRESS_TRAILER HTP_REQUEST_TRAILER +#define HTP_REQUEST_PROGRESS_COMPLETE HTP_REQUEST_COMPLETE +#define HTP_RESPONSE_PROGRESS_LINE HTP_RESPONSE_LINE +#define HTP_RESPONSE_PROGRESS_HEADERS HTP_RESPONSE_HEADERS +#define HTP_RESPONSE_PROGRESS_BODY HTP_RESPONSE_BODY +#define HTP_RESPONSE_PROGRESS_TRAILER HTP_RESPONSE_TRAILER +#define HTP_RESPONSE_PROGRESS_COMPLETE HTP_RESPONSE_COMPLETE + bstr *SCHTPGenerateNormalizedUri(htp_tx_t *tx, htp_uri_t *uri, bool uri_include_all); #endif /* SURICATA_APP_LAYER_HTP_LIBHTP__H */ diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index 328a10b72cb8..7375c315a437 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -242,8 +242,9 @@ static inline uint64_t HtpGetActiveResponseTxID(HtpState *s) */ static const char *HTPLookupPersonalityString(int p) { -#define CASE_HTP_PERSONALITY_STRING(p) \ - case HTP_SERVER_ ## p: return #p +#define CASE_HTP_PERSONALITY_STRING(p) \ + case HTP_SERVER_PERSONALITY_##p: \ + return #p switch (p) { CASE_HTP_PERSONALITY_STRING(MINIMAL); @@ -271,8 +272,9 @@ static const char *HTPLookupPersonalityString(int p) */ static int HTPLookupPersonality(const char *str) { -#define IF_HTP_PERSONALITY_NUM(p) \ - if (strcasecmp(#p, str) == 0) return HTP_SERVER_ ## p +#define IF_HTP_PERSONALITY_NUM(p) \ + if (strcasecmp(#p, str) == 0) \ + return HTP_SERVER_PERSONALITY_##p IF_HTP_PERSONALITY_NUM(MINIMAL); IF_HTP_PERSONALITY_NUM(GENERIC); @@ -296,7 +298,7 @@ static int HTPLookupPersonality(const char *str) "longer supported by libhtp, failing back to " "Apache2 personality.", str); - return HTP_SERVER_APACHE_2; + return HTP_SERVER_PERSONALITY_APACHE_2; } return -1; @@ -451,12 +453,10 @@ static void HTPStateTransactionFree(void *state, uint64_t id) * free it here. htp_tx_destroy however, will refuse to do this. * As htp_tx_destroy_incomplete isn't available in the public API, * we hack around it here. */ - if (unlikely(!( - tx->request_progress == HTP_REQUEST_COMPLETE && - tx->response_progress == HTP_RESPONSE_COMPLETE))) - { - tx->request_progress = HTP_REQUEST_COMPLETE; - tx->response_progress = HTP_RESPONSE_COMPLETE; + if (unlikely(!(tx->request_progress == HTP_REQUEST_PROGRESS_COMPLETE && + tx->response_progress == HTP_RESPONSE_PROGRESS_COMPLETE))) { + tx->request_progress = HTP_REQUEST_PROGRESS_COMPLETE; + tx->response_progress = HTP_RESPONSE_PROGRESS_COMPLETE; } // replaces tx in the s->conn->transactions list by NULL htp_tx_destroy(tx); @@ -562,23 +562,34 @@ struct { const char *msg; uint8_t de; } htp_errors[] = { - { "GZip decompressor: inflateInit2 failed", HTTP_DECODER_EVENT_GZIP_DECOMPRESSION_FAILED}, - { "Request field invalid: colon missing", HTTP_DECODER_EVENT_REQUEST_FIELD_MISSING_COLON}, - { "Response field invalid: missing colon", HTTP_DECODER_EVENT_RESPONSE_FIELD_MISSING_COLON}, - { "Request chunk encoding: Invalid chunk length", HTTP_DECODER_EVENT_INVALID_REQUEST_CHUNK_LEN}, - { "Response chunk encoding: Invalid chunk length", HTTP_DECODER_EVENT_INVALID_RESPONSE_CHUNK_LEN}, -/* { "Invalid T-E value in request", HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_REQUEST}, <- tx flag HTP_REQUEST_INVALID_T_E - { "Invalid T-E value in response", HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_RESPONSE}, <- nothing to replace it */ -/* { "Invalid C-L field in request", HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_REQUEST}, <- tx flag HTP_REQUEST_INVALID_C_L */ - { "Invalid C-L field in response", HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE}, - { "Already seen 100-Continue", HTTP_DECODER_EVENT_100_CONTINUE_ALREADY_SEEN}, - { "Unable to match response to request", HTTP_DECODER_EVENT_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST}, - { "Invalid server port information in request", HTTP_DECODER_EVENT_INVALID_SERVER_PORT_IN_REQUEST}, -/* { "Invalid authority port", HTTP_DECODER_EVENT_INVALID_AUTHORITY_PORT}, htp no longer returns this error */ - { "Request buffer over", HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG}, - { "Response buffer over", HTTP_DECODER_EVENT_RESPONSE_FIELD_TOO_LONG}, - { "C-T multipart/byteranges in responses not supported", HTTP_DECODER_EVENT_RESPONSE_MULTIPART_BYTERANGES}, - { "Compression bomb:", HTTP_DECODER_EVENT_COMPRESSION_BOMB}, + { "GZip decompressor: inflateInit2 failed", HTTP_DECODER_EVENT_GZIP_DECOMPRESSION_FAILED }, + { "Request field invalid: colon missing", HTTP_DECODER_EVENT_REQUEST_FIELD_MISSING_COLON }, + { "Response field invalid: missing colon", HTTP_DECODER_EVENT_RESPONSE_FIELD_MISSING_COLON }, + { "Request chunk encoding: Invalid chunk length", + HTTP_DECODER_EVENT_INVALID_REQUEST_CHUNK_LEN }, + { "Response chunk encoding: Invalid chunk length", + HTTP_DECODER_EVENT_INVALID_RESPONSE_CHUNK_LEN }, + /* { "Invalid T-E value in request", + HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_REQUEST}, <- tx flag + HTP_FLAGS_REQUEST_INVALID_T_E { "Invalid T-E value in response", + HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_RESPONSE}, <- nothing to replace it */ + /* { "Invalid C-L field in request", + HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_REQUEST}, <- tx flag + HTP_FLAGS_REQUEST_INVALID_C_L */ + { "Invalid C-L field in response", + HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE }, + { "Already seen 100-Continue", HTTP_DECODER_EVENT_100_CONTINUE_ALREADY_SEEN }, + { "Unable to match response to request", + HTTP_DECODER_EVENT_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST }, + { "Invalid server port information in request", + HTTP_DECODER_EVENT_INVALID_SERVER_PORT_IN_REQUEST }, + /* { "Invalid authority port", HTTP_DECODER_EVENT_INVALID_AUTHORITY_PORT}, htp no longer + returns this error */ + { "Request buffer over", HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG }, + { "Response buffer over", HTTP_DECODER_EVENT_RESPONSE_FIELD_TOO_LONG }, + { "C-T multipart/byteranges in responses not supported", + HTTP_DECODER_EVENT_RESPONSE_MULTIPART_BYTERANGES }, + { "Compression bomb:", HTTP_DECODER_EVENT_COMPRESSION_BOMB }, }; struct { @@ -591,8 +602,9 @@ struct { { "Request header name is not a token", HTTP_DECODER_EVENT_REQUEST_HEADER_INVALID }, { "Response header name is not a token", HTTP_DECODER_EVENT_RESPONSE_HEADER_INVALID }, /* { "Host information in request headers required by HTTP/1.1", - HTTP_DECODER_EVENT_MISSING_HOST_HEADER}, <- tx flag HTP_HOST_MISSING { "Host information - ambiguous", HTTP_DECODER_EVENT_HOST_HEADER_AMBIGUOUS}, <- tx flag HTP_HOST_AMBIGUOUS */ + HTTP_DECODER_EVENT_MISSING_HOST_HEADER}, <- tx flag HTP_FLAGS_HOST_MISSING { "Host + information ambiguous", HTTP_DECODER_EVENT_HOST_HEADER_AMBIGUOUS}, <- tx flag + HTP_FLAGS_HOST_AMBIGUOUS */ { "Invalid request field folding", HTTP_DECODER_EVENT_INVALID_REQUEST_FIELD_FOLDING }, { "Invalid response field folding", HTTP_DECODER_EVENT_INVALID_RESPONSE_FIELD_FOLDING }, /* line is now: htp_log(connp, HTP_LOG_MARK, HTP_LOG_ERROR, 0, "Request server port=%d number @@ -744,43 +756,42 @@ static inline void HTPErrorCheckTxRequestFlags(HtpState *s, htp_tx_t *tx) #ifdef DEBUG BUG_ON(s == NULL || tx == NULL); #endif - if (tx->flags & ( HTP_REQUEST_INVALID_T_E|HTP_REQUEST_INVALID_C_L| - HTP_HOST_MISSING|HTP_HOST_AMBIGUOUS|HTP_HOSTU_INVALID| - HTP_HOSTH_INVALID)) - { + if (tx->flags & (HTP_FLAGS_REQUEST_INVALID_T_E | HTP_FLAGS_REQUEST_INVALID_C_L | + HTP_FLAGS_HOST_MISSING | HTP_FLAGS_HOST_AMBIGUOUS | + HTP_FLAGS_HOSTU_INVALID | HTP_FLAGS_HOSTH_INVALID)) { HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); if (htud == NULL) return; - if (tx->flags & HTP_REQUEST_INVALID_T_E) + if (tx->flags & HTP_FLAGS_REQUEST_INVALID_T_E) HTPSetEvent(s, htud, STREAM_TOSERVER, HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_REQUEST); - if (tx->flags & HTP_REQUEST_INVALID_C_L) + if (tx->flags & HTP_FLAGS_REQUEST_INVALID_C_L) HTPSetEvent(s, htud, STREAM_TOSERVER, HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_REQUEST); - if (tx->flags & HTP_HOST_MISSING) + if (tx->flags & HTP_FLAGS_HOST_MISSING) HTPSetEvent(s, htud, STREAM_TOSERVER, HTTP_DECODER_EVENT_MISSING_HOST_HEADER); - if (tx->flags & HTP_HOST_AMBIGUOUS) + if (tx->flags & HTP_FLAGS_HOST_AMBIGUOUS) HTPSetEvent(s, htud, STREAM_TOSERVER, HTTP_DECODER_EVENT_HOST_HEADER_AMBIGUOUS); - if (tx->flags & HTP_HOSTU_INVALID) + if (tx->flags & HTP_FLAGS_HOSTU_INVALID) HTPSetEvent(s, htud, STREAM_TOSERVER, HTTP_DECODER_EVENT_URI_HOST_INVALID); - if (tx->flags & HTP_HOSTH_INVALID) + if (tx->flags & HTP_FLAGS_HOSTH_INVALID) HTPSetEvent(s, htud, STREAM_TOSERVER, HTTP_DECODER_EVENT_HEADER_HOST_INVALID); } - if (tx->request_auth_type == HTP_AUTH_UNRECOGNIZED) { + if (tx->request_auth_type == HTP_AUTH_TYPE_UNRECOGNIZED) { HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); if (htud == NULL) return; HTPSetEvent(s, htud, STREAM_TOSERVER, HTTP_DECODER_EVENT_AUTH_UNRECOGNIZED); } - if (tx->is_protocol_0_9 && tx->request_method_number == HTP_M_UNKNOWN && - (tx->request_protocol_number == HTP_PROTOCOL_INVALID || - tx->request_protocol_number == HTP_PROTOCOL_UNKNOWN)) { + if (tx->is_protocol_0_9 && tx->request_method_number == HTP_METHOD_UNKNOWN && + (tx->request_protocol_number == HTP_PROTOCOL_INVALID || + tx->request_protocol_number == HTP_PROTOCOL_UNKNOWN)) { HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); if (htud == NULL) return; @@ -889,7 +900,7 @@ static AppLayerResult HTPHandleRequestData(Flow *f, void *htp_state, AppLayerPar if (input_len > 0) { const int r = htp_connp_req_data(hstate->connp, &ts, input, input_len); switch (r) { - case HTP_STREAM_ERROR: + case HTP_STREAM_STATE_ERROR: ret = -1; break; default: @@ -957,10 +968,10 @@ static AppLayerResult HTPHandleResponseData(Flow *f, void *htp_state, AppLayerPa if (input_len > 0) { const int r = htp_connp_res_data(hstate->connp, &ts, input, input_len); switch (r) { - case HTP_STREAM_ERROR: + case HTP_STREAM_STATE_ERROR: ret = -1; break; - case HTP_STREAM_TUNNEL: + case HTP_STREAM_STATE_TUNNEL: tx = htp_connp_get_out_tx(hstate->connp); if (tx != NULL && tx->response_status_number == 101) { htp_header_t *h = @@ -975,7 +986,7 @@ static AppLayerResult HTPHandleResponseData(Flow *f, void *htp_state, AppLayerPa consumed = (uint32_t)htp_connp_res_data_consumed(hstate->connp); if (bstr_cmp_c(h->value, "h2c") == 0) { if (AppLayerProtoDetectGetProtoName(ALPROTO_HTTP2) == NULL) { - // if HTTP2 is disabled, keep the HTP_STREAM_TUNNEL mode + // if HTTP2 is disabled, keep the HTP_STREAM_STATE_TUNNEL mode break; } hstate->slice = NULL; @@ -991,7 +1002,7 @@ static AppLayerResult HTPHandleResponseData(Flow *f, void *htp_state, AppLayerPa SCReturnStruct(APP_LAYER_OK); } else if (bstr_cmp_c_nocase(h->value, "WebSocket") == 0) { if (AppLayerProtoDetectGetProtoName(ALPROTO_WEBSOCKET) == NULL) { - // if WS is disabled, keep the HTP_STREAM_TUNNEL mode + // if WS is disabled, keep the HTP_STREAM_STATE_TUNNEL mode break; } hstate->slice = NULL; @@ -1183,7 +1194,7 @@ static int HtpRequestBodyHandleMultipart(HtpState *hstate, HtpTxUserData *htud, // libhtp will not call us back too late // should libhtp send a callback eof for 0 chunked ? DEBUG_VALIDATE_BUG_ON(AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, - STREAM_TOSERVER) >= HTP_REQUEST_COMPLETE); + STREAM_TOSERVER) >= HTP_REQUEST_PROGRESS_COMPLETE); const uint8_t *cur_buf = chunks_buffer; uint32_t cur_buf_len = chunks_buffer_len; @@ -1419,17 +1430,17 @@ static int HtpResponseBodyHandle(HtpState *hstate, HtpTxUserData *htud, /** * \brief Function callback to append chunks for Requests * \param d pointer to the htp_tx_data_t structure (a chunk from htp lib) - * \retval int HTP_OK if all goes well + * \retval int HTP_STATUS_OK if all goes well */ static int HTPCallbackRequestBodyData(htp_tx_data_t *d) { SCEnter(); if (!(SC_ATOMIC_GET(htp_config_flags) & HTP_REQUIRE_REQUEST_BODY)) - SCReturnInt(HTP_OK); + SCReturnInt(HTP_STATUS_OK); if (d->len == 0) - SCReturnInt(HTP_OK); + SCReturnInt(HTP_STATUS_OK); #ifdef PRINT printf("HTPBODY START: \n"); @@ -1439,7 +1450,7 @@ static int HTPCallbackRequestBodyData(htp_tx_data_t *d) HtpState *hstate = htp_connp_get_user_data(d->tx->connp); if (hstate == NULL) { - SCReturnInt(HTP_ERROR); + SCReturnInt(HTP_STATUS_ERROR); } SCLogDebug("New request body data available at %p -> %p -> %p, bodylen " @@ -1447,7 +1458,7 @@ static int HTPCallbackRequestBodyData(htp_tx_data_t *d) HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(d->tx); if (tx_ud == NULL) { - SCReturnInt(HTP_OK); + SCReturnInt(HTP_STATUS_OK); } tx_ud->tx_data.updated_ts = true; SCTxDataUpdateFileFlags(&tx_ud->tx_data, hstate->state_data.file_flags); @@ -1455,7 +1466,7 @@ static int HTPCallbackRequestBodyData(htp_tx_data_t *d) if (!tx_ud->response_body_init) { tx_ud->response_body_init = 1; - if (d->tx->request_method_number == HTP_M_POST) { + if (d->tx->request_method_number == HTP_METHOD_POST) { SCLogDebug("POST"); int r = HtpRequestBodySetupMultipart(d->tx, tx_ud); if (r == 1) { @@ -1464,7 +1475,7 @@ static int HTPCallbackRequestBodyData(htp_tx_data_t *d) tx_ud->request_body_type = HTP_BODY_REQUEST_POST; SCLogDebug("not multipart"); } - } else if (d->tx->request_method_number == HTP_M_PUT) { + } else if (d->tx->request_method_number == HTP_METHOD_PUT) { tx_ud->request_body_type = HTP_BODY_REQUEST_PUT; } } @@ -1551,27 +1562,27 @@ static int HTPCallbackRequestBodyData(htp_tx_data_t *d) StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOSERVER, 0); } } - SCReturnInt(HTP_OK); + SCReturnInt(HTP_STATUS_OK); } /** * \brief Function callback to append chunks for Responses * \param d pointer to the htp_tx_data_t structure (a chunk from htp lib) - * \retval int HTP_OK if all goes well + * \retval int HTP_STATUS_OK if all goes well */ static int HTPCallbackResponseBodyData(htp_tx_data_t *d) { SCEnter(); if (!(SC_ATOMIC_GET(htp_config_flags) & HTP_REQUIRE_RESPONSE_BODY)) - SCReturnInt(HTP_OK); + SCReturnInt(HTP_STATUS_OK); if (d->len == 0) - SCReturnInt(HTP_OK); + SCReturnInt(HTP_STATUS_OK); HtpState *hstate = htp_connp_get_user_data(d->tx->connp); if (hstate == NULL) { - SCReturnInt(HTP_ERROR); + SCReturnInt(HTP_STATUS_ERROR); } SCLogDebug("New response body data available at %p -> %p -> %p, bodylen " @@ -1579,7 +1590,7 @@ static int HTPCallbackResponseBodyData(htp_tx_data_t *d) HtpTxUserData *tx_ud = (HtpTxUserData *) htp_tx_get_user_data(d->tx); if (tx_ud == NULL) { - SCReturnInt(HTP_OK); + SCReturnInt(HTP_STATUS_OK); } tx_ud->tx_data.updated_tc = true; SCTxDataUpdateFileFlags(&tx_ud->tx_data, hstate->state_data.file_flags); @@ -1641,7 +1652,7 @@ static int HTPCallbackResponseBodyData(htp_tx_data_t *d) StreamTcpReassemblySetMinInspectDepth(hstate->f->protoctx, STREAM_TOCLIENT, 0); } } - SCReturnInt(HTP_OK); + SCReturnInt(HTP_STATUS_OK); } /** @@ -1691,7 +1702,7 @@ static int HTPCallbackRequestHasTrailer(htp_tx_t *tx) htud->tx_data.updated_ts = true; htud->request_has_trailers = 1; } - return HTP_OK; + return HTP_STATUS_OK; } static int HTPCallbackResponseHasTrailer(htp_tx_t *tx) @@ -1701,7 +1712,7 @@ static int HTPCallbackResponseHasTrailer(htp_tx_t *tx) htud->tx_data.updated_tc = true; htud->response_has_trailers = 1; } - return HTP_OK; + return HTP_STATUS_OK; } /**\internal @@ -1712,7 +1723,7 @@ static int HTPCallbackRequestStart(htp_tx_t *tx) { HtpState *hstate = htp_connp_get_user_data(tx->connp); if (hstate == NULL) { - SCReturnInt(HTP_ERROR); + SCReturnInt(HTP_STATUS_ERROR); } uint64_t consumed = hstate->slice->offset + htp_connp_req_data_consumed(hstate->connp); @@ -1737,14 +1748,14 @@ static int HTPCallbackRequestStart(htp_tx_t *tx) if (tx_ud == NULL) { tx_ud = HTPCalloc(1, sizeof(HtpTxUserData)); if (unlikely(tx_ud == NULL)) { - SCReturnInt(HTP_OK); + SCReturnInt(HTP_STATUS_OK); } tx_ud->tx_data.file_tx = STREAM_TOSERVER | STREAM_TOCLIENT; // each http tx may xfer files htp_tx_set_user_data(tx, tx_ud); } else { tx_ud->tx_data.updated_ts = true; } - SCReturnInt(HTP_OK); + SCReturnInt(HTP_STATUS_OK); } /**\internal @@ -1755,7 +1766,7 @@ static int HTPCallbackResponseStart(htp_tx_t *tx) { HtpState *hstate = htp_connp_get_user_data(tx->connp); if (hstate == NULL) { - SCReturnInt(HTP_ERROR); + SCReturnInt(HTP_STATUS_ERROR); } uint64_t consumed = hstate->slice->offset + htp_connp_res_data_consumed(hstate->connp); @@ -1778,7 +1789,7 @@ static int HTPCallbackResponseStart(htp_tx_t *tx) if (tx_ud == NULL) { tx_ud = HTPCalloc(1, sizeof(HtpTxUserData)); if (unlikely(tx_ud == NULL)) { - SCReturnInt(HTP_OK); + SCReturnInt(HTP_STATUS_OK); } tx_ud->tx_data.file_tx = STREAM_TOCLIENT; // each http tx may xfer files. Toserver already missed. @@ -1786,7 +1797,7 @@ static int HTPCallbackResponseStart(htp_tx_t *tx) } else { tx_ud->tx_data.updated_tc = true; } - SCReturnInt(HTP_OK); + SCReturnInt(HTP_STATUS_OK); } /** @@ -1800,12 +1811,12 @@ static int HTPCallbackRequestComplete(htp_tx_t *tx) SCEnter(); if (tx == NULL) { - SCReturnInt(HTP_ERROR); + SCReturnInt(HTP_STATUS_ERROR); } HtpState *hstate = htp_connp_get_user_data(tx->connp); if (hstate == NULL) { - SCReturnInt(HTP_ERROR); + SCReturnInt(HTP_STATUS_ERROR); } const uint64_t abs_right_edge = @@ -1852,7 +1863,7 @@ static int HTPCallbackRequestComplete(htp_tx_t *tx) /* request done, do raw reassembly now to inspect state and stream * at the same time. */ AppLayerParserTriggerRawStreamReassembly(hstate->f, STREAM_TOSERVER); - SCReturnInt(HTP_OK); + SCReturnInt(HTP_STATUS_OK); } /** @@ -1867,7 +1878,7 @@ static int HTPCallbackResponseComplete(htp_tx_t *tx) HtpState *hstate = htp_connp_get_user_data(tx->connp); if (hstate == NULL) { - SCReturnInt(HTP_ERROR); + SCReturnInt(HTP_STATUS_ERROR); } /* we have one whole transaction now */ @@ -1905,7 +1916,7 @@ static int HTPCallbackResponseComplete(htp_tx_t *tx) AppLayerParserTriggerRawStreamReassembly(hstate->f, STREAM_TOCLIENT); /* handle HTTP CONNECT */ - if (tx->request_method_number == HTP_M_CONNECT) { + if (tx->request_method_number == HTP_METHOD_CONNECT) { /* any 2XX status response implies that the connection will become a tunnel immediately after this packet (RFC 7230, 3.3.3). */ if ((tx->response_status_number >= 200) && @@ -1920,13 +1931,13 @@ static int HTPCallbackResponseComplete(htp_tx_t *tx) HTPSetEvent( hstate, htud, STREAM_TOCLIENT, HTTP_DECODER_EVENT_FAILED_PROTOCOL_CHANGE); } - tx->request_progress = HTP_REQUEST_COMPLETE; - tx->response_progress = HTP_RESPONSE_COMPLETE; + tx->request_progress = HTP_REQUEST_PROGRESS_COMPLETE; + tx->response_progress = HTP_RESPONSE_PROGRESS_COMPLETE; } } hstate->last_response_data_stamp = abs_right_edge; - SCReturnInt(HTP_OK); + SCReturnInt(HTP_STATUS_OK); } static int HTPCallbackRequestLine(htp_tx_t *tx) @@ -1938,12 +1949,12 @@ static int HTPCallbackRequestLine(htp_tx_t *tx) request_uri_normalized = SCHTPGenerateNormalizedUri(tx, tx->parsed_uri, cfg->uri_include_all); if (request_uri_normalized == NULL) - return HTP_OK; + return HTP_STATUS_OK; tx_ud = htp_tx_get_user_data(tx); if (unlikely(tx_ud == NULL)) { bstr_free(request_uri_normalized); - return HTP_OK; + return HTP_STATUS_OK; } if (unlikely(tx_ud->request_uri_normalized != NULL)) bstr_free(tx_ud->request_uri_normalized); @@ -1952,36 +1963,36 @@ static int HTPCallbackRequestLine(htp_tx_t *tx) if (tx->flags) { HTPErrorCheckTxRequestFlags(hstate, tx); } - return HTP_OK; + return HTP_STATUS_OK; } static int HTPCallbackDoubleDecodeUriPart(htp_tx_t *tx, bstr *part) { if (part == NULL) - return HTP_OK; + return HTP_STATUS_OK; uint64_t flags = 0; size_t prevlen = bstr_len(part); htp_status_t res = htp_urldecode_inplace(tx->cfg, HTP_DECODER_URLENCODED, part, &flags); // shorter string means that uri was encoded - if (res == HTP_OK && prevlen > bstr_len(part)) { + if (res == HTP_STATUS_OK && prevlen > bstr_len(part)) { HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); if (htud == NULL) - return HTP_OK; + return HTP_STATUS_OK; HtpState *s = htp_connp_get_user_data(tx->connp); if (s == NULL) - return HTP_OK; + return HTP_STATUS_OK; HTPSetEvent(s, htud, STREAM_TOSERVER, HTTP_DECODER_EVENT_DOUBLE_ENCODED_URI); } - return HTP_OK; + return HTP_STATUS_OK; } static int HTPCallbackDoubleDecodeQuery(htp_tx_t *tx) { if (tx->parsed_uri == NULL) - return HTP_OK; + return HTP_STATUS_OK; return HTPCallbackDoubleDecodeUriPart(tx, tx->parsed_uri->query); } @@ -1989,7 +2000,7 @@ static int HTPCallbackDoubleDecodeQuery(htp_tx_t *tx) static int HTPCallbackDoubleDecodePath(htp_tx_t *tx) { if (tx->parsed_uri == NULL) - return HTP_OK; + return HTP_STATUS_OK; return HTPCallbackDoubleDecodeUriPart(tx, tx->parsed_uri->path); } @@ -1998,17 +2009,17 @@ static int HTPCallbackRequestHeaderData(htp_tx_data_t *tx_data) { void *ptmp; if (tx_data->len == 0 || tx_data->tx == NULL) - return HTP_OK; + return HTP_STATUS_OK; HtpTxUserData *tx_ud = htp_tx_get_user_data(tx_data->tx); if (tx_ud == NULL) { - return HTP_OK; + return HTP_STATUS_OK; } ptmp = HTPRealloc(tx_ud->request_headers_raw, tx_ud->request_headers_raw_len, tx_ud->request_headers_raw_len + tx_data->len); if (ptmp == NULL) { - return HTP_OK; + return HTP_STATUS_OK; } tx_ud->request_headers_raw = ptmp; tx_ud->tx_data.updated_ts = true; @@ -2021,25 +2032,25 @@ static int HTPCallbackRequestHeaderData(htp_tx_data_t *tx_data) HtpState *hstate = htp_connp_get_user_data(tx_data->tx->connp); HTPErrorCheckTxRequestFlags(hstate, tx_data->tx); } - return HTP_OK; + return HTP_STATUS_OK; } static int HTPCallbackResponseHeaderData(htp_tx_data_t *tx_data) { void *ptmp; if (tx_data->len == 0 || tx_data->tx == NULL) - return HTP_OK; + return HTP_STATUS_OK; HtpTxUserData *tx_ud = htp_tx_get_user_data(tx_data->tx); if (tx_ud == NULL) { - return HTP_OK; + return HTP_STATUS_OK; } tx_ud->tx_data.updated_tc = true; ptmp = HTPRealloc(tx_ud->response_headers_raw, tx_ud->response_headers_raw_len, tx_ud->response_headers_raw_len + tx_data->len); if (ptmp == NULL) { - return HTP_OK; + return HTP_STATUS_OK; } tx_ud->response_headers_raw = ptmp; @@ -2047,7 +2058,7 @@ static int HTPCallbackResponseHeaderData(htp_tx_data_t *tx_data) tx_data->data, tx_data->len); tx_ud->response_headers_raw_len += tx_data->len; - return HTP_OK; + return HTP_STATUS_OK; } /* @@ -2225,7 +2236,8 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s, struct HT if (personality >= 0) { SCLogDebug("LIBHTP default: %s=%s (%d)", p->name, p->val, personality); - if (htp_config_set_server_personality(cfg_prec->cfg, personality) == HTP_ERROR){ + if (htp_config_set_server_personality(cfg_prec->cfg, personality) == + HTP_STATUS_ERROR) { SCLogWarning("LIBHTP Failed adding " "personality \"%s\", ignoring", p->val); @@ -2838,7 +2850,7 @@ void RegisterHTPParsers(void) AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetTx); AppLayerParserRegisterStateProgressCompletionStatus( - ALPROTO_HTTP1, HTP_REQUEST_COMPLETE, HTP_RESPONSE_COMPLETE); + ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_COMPLETE, HTP_RESPONSE_PROGRESS_COMPLETE); AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetEventInfo); AppLayerParserRegisterGetEventInfoById( IPPROTO_TCP, ALPROTO_HTTP1, HTPStateGetEventInfoById); @@ -2936,8 +2948,8 @@ static int HTPParserTest01(void) FAIL_IF_NULL(h); FAIL_IF(strcmp(bstr_util_strdup_to_c(h->value), "Victor/1.0")); - FAIL_IF(tx->request_method_number != HTP_M_POST); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_0); + FAIL_IF(tx->request_method_number != HTP_METHOD_POST); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V1_0); AppLayerParserThreadCtxFree(alp_tctx); StreamTcpFreeConfig(true); @@ -2980,8 +2992,8 @@ static int HTPParserTest01b(void) FAIL_IF_NULL(h); FAIL_IF(strcmp(bstr_util_strdup_to_c(h->value), "Victor/1.0")); - FAIL_IF(tx->request_method_number != HTP_M_POST); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_0); + FAIL_IF(tx->request_method_number != HTP_METHOD_POST); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V1_0); AppLayerParserThreadCtxFree(alp_tctx); StreamTcpFreeConfig(true); @@ -3035,8 +3047,8 @@ static int HTPParserTest01c(void) FAIL_IF_NULL(h); FAIL_IF(strcmp(bstr_util_strdup_to_c(h->value), "Victor/1.0")); - FAIL_IF(tx->request_method_number != HTP_M_POST); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_0); + FAIL_IF(tx->request_method_number != HTP_METHOD_POST); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V1_0); AppLayerParserThreadCtxFree(alp_tctx); StreamTcpFreeConfig(true); @@ -3091,8 +3103,8 @@ static int HTPParserTest01a(void) FAIL_IF_NULL(h); FAIL_IF(strcmp(bstr_util_strdup_to_c(h->value), "Victor/1.0")); - FAIL_IF(tx->request_method_number != HTP_M_POST); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_0); + FAIL_IF(tx->request_method_number != HTP_METHOD_POST); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V1_0); AppLayerParserThreadCtxFree(alp_tctx); StreamTcpFreeConfig(true); @@ -3185,8 +3197,8 @@ static int HTPParserTest03(void) htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); FAIL_IF_NOT_NULL(h); - FAIL_IF(tx->request_method_number != HTP_M_UNKNOWN); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_0); + FAIL_IF(tx->request_method_number != HTP_METHOD_UNKNOWN); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V1_0); AppLayerParserThreadCtxFree(alp_tctx); StreamTcpFreeConfig(true); @@ -3227,8 +3239,8 @@ static int HTPParserTest04(void) htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); FAIL_IF_NOT_NULL(h); - FAIL_IF(tx->request_method_number != HTP_M_UNKNOWN); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_0_9); + FAIL_IF(tx->request_method_number != HTP_METHOD_UNKNOWN); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V0_9); AppLayerParserThreadCtxFree(alp_tctx); StreamTcpFreeConfig(true); @@ -3295,8 +3307,8 @@ static int HTPParserTest05(void) htp_tx_t *tx = HTPStateGetTx(http_state, 0); FAIL_IF_NULL(tx); - FAIL_IF_NOT(tx->request_method_number == HTP_M_POST); - FAIL_IF_NOT(tx->request_protocol_number == HTP_PROTOCOL_1_0); + FAIL_IF_NOT(tx->request_method_number == HTP_METHOD_POST); + FAIL_IF_NOT(tx->request_protocol_number == HTP_PROTOCOL_V1_0); htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); FAIL_IF_NULL(h); @@ -3383,11 +3395,11 @@ static int HTPParserTest06(void) htp_tx_t *tx = HTPStateGetTx(http_state, 0); FAIL_IF_NULL(tx); - FAIL_IF(tx->request_method_number != HTP_M_GET); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); + FAIL_IF(tx->request_method_number != HTP_METHOD_GET); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V1_1); FAIL_IF(tx->response_status_number != 200); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V1_1); htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); FAIL_IF_NULL(h); @@ -5156,8 +5168,8 @@ libhtp:\n\ htp_tx_t *tx = HTPStateGetTx(htp_state, 0); FAIL_IF_NULL(tx); - FAIL_IF(tx->request_method_number != HTP_M_GET); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); + FAIL_IF(tx->request_method_number != HTP_METHOD_GET); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V1_1); void *txtmp = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP1, f->alstate, 0); AppLayerDecoderEvents *decoder_events = @@ -5257,8 +5269,8 @@ libhtp:\n\ htp_tx_t *tx = HTPStateGetTx(htp_state, 0); FAIL_IF_NULL(tx); - FAIL_IF(tx->request_method_number != HTP_M_GET); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); + FAIL_IF(tx->request_method_number != HTP_METHOD_GET); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V1_1); void *txtmp = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP1, f->alstate, 0); AppLayerDecoderEvents *decoder_events = @@ -5314,8 +5326,8 @@ static int HTPParserTest16(void) htp_tx_t *tx = HTPStateGetTx(htp_state, 0); FAIL_IF_NULL(tx); - FAIL_IF(tx->request_method_number != HTP_M_GET); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); + FAIL_IF(tx->request_method_number != HTP_METHOD_GET); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V1_1); #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION //these events are disabled during fuzzing as they are too noisy and consume much resource @@ -5382,8 +5394,8 @@ static int HTPParserTest20(void) htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); FAIL_IF_NULL(h); - FAIL_IF(tx->request_method_number != HTP_M_GET); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); + FAIL_IF(tx->request_method_number != HTP_METHOD_GET); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V1_1); FAIL_IF(tx->response_status_number != 0); FAIL_IF(tx->response_protocol_number != -1); @@ -5441,8 +5453,8 @@ static int HTPParserTest21(void) htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); FAIL_IF_NULL(h); - FAIL_IF(tx->request_method_number != HTP_M_GET); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); + FAIL_IF(tx->request_method_number != HTP_METHOD_GET); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V1_1); FAIL_IF(tx->response_status_number != 0); FAIL_IF(tx->response_protocol_number != -1); @@ -5495,8 +5507,8 @@ static int HTPParserTest22(void) htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); FAIL_IF_NULL(h); - FAIL_IF(tx->request_method_number != HTP_M_GET); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); + FAIL_IF(tx->request_method_number != HTP_METHOD_GET); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V1_1); FAIL_IF(tx->response_status_number != -0); FAIL_IF(tx->response_protocol_number != -1); @@ -5549,8 +5561,8 @@ static int HTPParserTest23(void) htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); FAIL_IF_NULL(h); - FAIL_IF(tx->request_method_number != HTP_M_GET); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); + FAIL_IF(tx->request_method_number != HTP_METHOD_GET); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V1_1); FAIL_IF(tx->response_status_number != -1); FAIL_IF(tx->response_protocol_number != -2); @@ -5603,11 +5615,11 @@ static int HTPParserTest24(void) htp_header_t *h = htp_table_get_index(tx->request_headers, 0, NULL); FAIL_IF_NULL(h); - FAIL_IF(tx->request_method_number != HTP_M_GET); - FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_1_1); + FAIL_IF(tx->request_method_number != HTP_METHOD_GET); + FAIL_IF(tx->request_protocol_number != HTP_PROTOCOL_V1_1); FAIL_IF(tx->response_status_number != -1); - FAIL_IF(tx->response_protocol_number != HTP_PROTOCOL_1_0); + FAIL_IF(tx->response_protocol_number != HTP_PROTOCOL_V1_0); AppLayerParserThreadCtxFree(alp_tctx); StreamTcpFreeConfig(true); diff --git a/src/detect-file-data.c b/src/detect-file-data.c index e15db5b20731..2281dafb6c42 100644 --- a/src/detect-file-data.c +++ b/src/detect-file-data.c @@ -40,6 +40,7 @@ #include "app-layer.h" #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "app-layer-smtp.h" #include "flow.h" @@ -260,7 +261,7 @@ static InspectionBuffer *FiledataGetDataCallback(DetectEngineThreadCtx *det_ctx, ips = htp_state->cfg->http_body_inline; const bool body_done = AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, - flow_flags) > HTP_RESPONSE_BODY; + flow_flags) > HTP_RESPONSE_PROGRESS_BODY; SCLogDebug("response.body_limit %u file_size %" PRIu64 ", cur_file->inspect_min_size %" PRIu32 ", EOF %s, progress > body? %s", diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c index 7747b61b858b..7748bb4338a0 100644 --- a/src/detect-http-client-body.c +++ b/src/detect-http-client-body.c @@ -58,6 +58,7 @@ #include "app-layer.h" #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "detect-http-client-body.h" #include "stream-tcp.h" #include "util-profiling.h" @@ -104,10 +105,10 @@ void DetectHttpClientBodyRegister(void) sigmatch_table[DETECT_HTTP_REQUEST_BODY].flags |= SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister("http_client_body", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_BODY, DetectEngineInspectBufferHttpBody, NULL); + HTP_REQUEST_PROGRESS_BODY, DetectEngineInspectBufferHttpBody, NULL); DetectAppLayerMpmRegister("http_client_body", SIG_FLAG_TOSERVER, 2, - PrefilterMpmHttpRequestBodyRegister, NULL, ALPROTO_HTTP1, HTP_REQUEST_BODY); + PrefilterMpmHttpRequestBodyRegister, NULL, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_BODY); DetectAppLayerInspectEngineRegister("http_client_body", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectFiledata, NULL); @@ -245,7 +246,7 @@ static InspectionBuffer *HttpRequestBodyGetDataCallback(DetectEngineThreadCtx *d htp_state->cfg->request.body_limit, body->content_len_so_far, htp_state->cfg->request.inspect_min_size, flags & STREAM_EOF ? "true" : "false", (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) > - HTP_REQUEST_BODY) + HTP_REQUEST_PROGRESS_BODY) ? "true" : "false"); @@ -256,7 +257,7 @@ static InspectionBuffer *HttpRequestBodyGetDataCallback(DetectEngineThreadCtx *d body->content_len_so_far < htp_state->cfg->request.body_limit) && body->content_len_so_far < htp_state->cfg->request.inspect_min_size && !(AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) > - HTP_REQUEST_BODY) && + HTP_REQUEST_PROGRESS_BODY) && !(flags & STREAM_EOF)) { SCLogDebug("we still haven't seen the entire request body. " "Let's defer body inspection till we see the " @@ -336,11 +337,11 @@ static uint8_t DetectEngineInspectBufferHttpBody(DetectEngineCtx *de_ctx, if (flags & STREAM_TOSERVER) { if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, txv, flags) > - HTP_REQUEST_BODY) + HTP_REQUEST_PROGRESS_BODY) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; } else { if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, txv, flags) > - HTP_RESPONSE_BODY) + HTP_RESPONSE_PROGRESS_BODY) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; } return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c index 5f4898285460..30af774c9169 100644 --- a/src/detect-http-cookie.c +++ b/src/detect-http-cookie.c @@ -57,6 +57,7 @@ #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "detect-http-cookie.h" #include "stream-tcp.h" @@ -107,14 +108,14 @@ void DetectHttpCookieRegister(void) sigmatch_table[DETECT_HTTP_COOKIE].flags |= SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRequestData); + HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetRequestData); DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, - HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetResponseData); + HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetResponseData); DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, - GetRequestData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); + GetRequestData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS); DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, - GetResponseData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); + GetResponseData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS); DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRequestData2); diff --git a/src/detect-http-header-names.c b/src/detect-http-header-names.c index 66bc73d44c80..d052b4086764 100644 --- a/src/detect-http-header-names.c +++ b/src/detect-http-header-names.c @@ -60,6 +60,7 @@ #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "detect-http-header.h" #include "stream-tcp.h" @@ -89,12 +90,12 @@ static uint8_t *GetBufferForTX( htp_table_t *headers; if (flags & STREAM_TOSERVER) { if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) <= - HTP_REQUEST_HEADERS) + HTP_REQUEST_PROGRESS_HEADERS) return NULL; headers = tx->request_headers; } else { if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) <= - HTP_RESPONSE_HEADERS) + HTP_RESPONSE_PROGRESS_HEADERS) return NULL; headers = tx->response_headers; } @@ -220,14 +221,14 @@ void DetectHttpHeaderNamesRegister(void) /* http1 */ DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, - GetBuffer1ForTX, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); + GetBuffer1ForTX, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, - GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS); + GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_HEADERS); DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); + HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, - HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); + HTP_RESPONSE_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); /* http2 */ DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-http-header.c b/src/detect-http-header.c index 22a487583ae7..09d90849a490 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -54,6 +54,7 @@ #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "detect-http-header.h" #include "detect-http-header-common.h" @@ -82,12 +83,12 @@ static uint8_t *GetBufferForTX( htp_table_t *headers; if (flags & STREAM_TOSERVER) { if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) <= - HTP_REQUEST_HEADERS) + HTP_REQUEST_PROGRESS_HEADERS) return NULL; headers = tx->request_headers; } else { if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) <= - HTP_RESPONSE_HEADERS) + HTP_RESPONSE_PROGRESS_HEADERS) return NULL; headers = tx->response_headers; } @@ -304,9 +305,8 @@ static int PrefilterMpmHttpHeaderRequestRegister(DetectEngineCtx *de_ctx, SigGro pectx->mpm_ctx = mpm_ctx; pectx->transforms = &mpm_reg->transforms; - int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeader, - mpm_reg->app_v2.alproto, HTP_REQUEST_HEADERS, - pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname); + int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeader, mpm_reg->app_v2.alproto, + HTP_REQUEST_PROGRESS_HEADERS, pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname); if (r != 0) { SCFree(pectx); return r; @@ -320,9 +320,8 @@ static int PrefilterMpmHttpHeaderRequestRegister(DetectEngineCtx *de_ctx, SigGro pectx->mpm_ctx = mpm_ctx; pectx->transforms = &mpm_reg->transforms; - r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailer, - mpm_reg->app_v2.alproto, HTP_REQUEST_TRAILER, - pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname); + r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailer, mpm_reg->app_v2.alproto, + HTP_REQUEST_PROGRESS_TRAILER, pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname); if (r != 0) { SCFree(pectx); } @@ -342,9 +341,8 @@ static int PrefilterMpmHttpHeaderResponseRegister(DetectEngineCtx *de_ctx, SigGr pectx->mpm_ctx = mpm_ctx; pectx->transforms = &mpm_reg->transforms; - int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeader, - mpm_reg->app_v2.alproto, HTP_RESPONSE_HEADERS, - pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname); + int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeader, mpm_reg->app_v2.alproto, + HTP_RESPONSE_PROGRESS_HEADERS, pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname); if (r != 0) { SCFree(pectx); return r; @@ -358,9 +356,8 @@ static int PrefilterMpmHttpHeaderResponseRegister(DetectEngineCtx *de_ctx, SigGr pectx->mpm_ctx = mpm_ctx; pectx->transforms = &mpm_reg->transforms; - r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailer, - mpm_reg->app_v2.alproto, HTP_RESPONSE_TRAILER, - pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname); + r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailer, mpm_reg->app_v2.alproto, + HTP_RESPONSE_PROGRESS_TRAILER, pectx, PrefilterMpmHttpHeaderFree, mpm_reg->pname); if (r != 0) { SCFree(pectx); } @@ -430,13 +427,13 @@ void DetectHttpHeaderRegister(void) sigmatch_table[DETECT_HTTP_HEADER].flags |= SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_HEADERS, DetectEngineInspectBufferHttpHeader, NULL); + HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferHttpHeader, NULL); DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttpHeaderRequestRegister, NULL, ALPROTO_HTTP1, 0); /* not used, registered twice: HEADERS/TRAILER */ DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, - HTP_RESPONSE_HEADERS, DetectEngineInspectBufferHttpHeader, NULL); + HTP_RESPONSE_PROGRESS_HEADERS, DetectEngineInspectBufferHttpHeader, NULL); DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttpHeaderResponseRegister, NULL, ALPROTO_HTTP1, 0); /* not used, registered twice: HEADERS/TRAILER */ @@ -637,7 +634,7 @@ void DetectHttpRequestHeaderRegister(void) DetectAppLayerMultiRegister("http_request_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateOpen, GetHttp2HeaderData, 2, HTTP2StateOpen); DetectAppLayerMultiRegister("http_request_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_HEADERS, GetHttp1HeaderData, 2, HTP_REQUEST_HEADERS); + HTP_REQUEST_PROGRESS_HEADERS, GetHttp1HeaderData, 2, HTP_REQUEST_PROGRESS_HEADERS); DetectBufferTypeSetDescriptionByName("http_request_header", "HTTP header name and value"); g_http_request_header_buffer_id = DetectBufferTypeGetByName("http_request_header"); @@ -670,7 +667,7 @@ void DetectHttpResponseHeaderRegister(void) DetectAppLayerMultiRegister("http_response_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateOpen, GetHttp2HeaderData, 2, HTTP2StateOpen); DetectAppLayerMultiRegister("http_response_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, - HTP_RESPONSE_HEADERS, GetHttp1HeaderData, 2, HTP_RESPONSE_HEADERS); + HTP_RESPONSE_PROGRESS_HEADERS, GetHttp1HeaderData, 2, HTP_RESPONSE_PROGRESS_HEADERS); DetectBufferTypeSetDescriptionByName("http_response_header", "HTTP header name and value"); g_http_response_header_buffer_id = DetectBufferTypeGetByName("http_response_header"); diff --git a/src/detect-http-headers-stub.h b/src/detect-http-headers-stub.h index 82d5f543d7a9..2a07a9ab9e21 100644 --- a/src/detect-http-headers-stub.h +++ b/src/detect-http-headers-stub.h @@ -30,6 +30,7 @@ #include "flow.h" #include +#include "app-layer-htp-libhtp.h" #include "detect.h" #include "detect-parse.h" @@ -187,25 +188,25 @@ static void DetectHttpHeadersRegisterStub(void) #ifdef KEYWORD_TOSERVER DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, - GetRequestData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); + GetRequestData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRequestData2, ALPROTO_HTTP2, HTTP2StateDataClient); #endif #ifdef KEYWORD_TOCLIENT DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, - GetResponseData, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS); + GetResponseData, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_HEADERS); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetResponseData2, ALPROTO_HTTP2, HTTP2StateDataServer); #endif #ifdef KEYWORD_TOSERVER DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRequestData); + HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetRequestData); DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRequestData2); #endif #ifdef KEYWORD_TOCLIENT DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, - HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetResponseData); + HTP_RESPONSE_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetResponseData); DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetResponseData2); #endif diff --git a/src/detect-http-host.c b/src/detect-http-host.c index fe36a261e6cc..d650bb8cf422 100644 --- a/src/detect-http-host.c +++ b/src/detect-http-host.c @@ -55,6 +55,7 @@ #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "stream-tcp.h" #include "detect-http-host.h" @@ -106,10 +107,10 @@ void DetectHttpHHRegister(void) sigmatch_table[DETECT_HTTP_HOST].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister("http_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetData); + HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, - GetData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); + GetData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS); DetectAppLayerInspectEngineRegister("http_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); @@ -141,10 +142,10 @@ void DetectHttpHHRegister(void) sigmatch_table[DETECT_HTTP_HOST_RAW].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister("http_raw_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRawData); + HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetRawData); DetectAppLayerMpmRegister("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, - GetRawData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); + GetRawData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS); DetectAppLayerInspectEngineRegister("http_raw_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRawData2); diff --git a/src/detect-http-method.c b/src/detect-http-method.c index 8d08f0369e90..2fbedad49317 100644 --- a/src/detect-http-method.c +++ b/src/detect-http-method.c @@ -55,6 +55,7 @@ #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "detect-http-method.h" #include "stream-tcp.h" @@ -98,10 +99,10 @@ void DetectHttpMethodRegister(void) sigmatch_table[DETECT_HTTP_METHOD].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister("http_method", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); + HTP_REQUEST_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister, - GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); + GetData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_LINE); DetectAppLayerInspectEngineRegister("http_method", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); diff --git a/src/detect-http-protocol.c b/src/detect-http-protocol.c index 6214c80513be..56f858f64489 100644 --- a/src/detect-http-protocol.c +++ b/src/detect-http-protocol.c @@ -60,6 +60,7 @@ #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "detect-http-header.h" #include "stream-tcp.h" @@ -165,13 +166,13 @@ void DetectHttpProtocolRegister(void) sigmatch_table[DETECT_AL_HTTP_PROTOCOL].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, - GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); + GetData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_LINE); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, - GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); + GetData, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_LINE); DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); + HTP_REQUEST_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, - HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); + HTP_RESPONSE_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); diff --git a/src/detect-http-raw-header.c b/src/detect-http-raw-header.c index 0bb834b7726a..9b1951f57c30 100644 --- a/src/detect-http-raw-header.c +++ b/src/detect-http-raw-header.c @@ -51,6 +51,7 @@ #include "app-layer.h" #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "detect-http-raw-header.h" static int DetectHttpRawHeaderSetup(DetectEngineCtx *, Signature *, const char *); @@ -96,9 +97,9 @@ void DetectHttpRawHeaderRegister(void) sigmatch_table[DETECT_HTTP_RAW_HEADER].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData); + HTP_REQUEST_PROGRESS_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, - HTP_RESPONSE_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData); + HTP_RESPONSE_PROGRESS_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttpHeaderRawRequestRegister, NULL, ALPROTO_HTTP1, @@ -303,9 +304,8 @@ static int PrefilterMpmHttpHeaderRawRequestRegister(DetectEngineCtx *de_ctx, Sig pectx->mpm_ctx = mpm_ctx; pectx->transforms = &mpm_reg->transforms; - int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeaderRaw, - mpm_reg->app_v2.alproto, HTP_REQUEST_HEADERS+1, - pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname); + int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeaderRaw, mpm_reg->app_v2.alproto, + HTP_REQUEST_PROGRESS_HEADERS + 1, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname); if (r != 0) { SCFree(pectx); return r; @@ -319,9 +319,8 @@ static int PrefilterMpmHttpHeaderRawRequestRegister(DetectEngineCtx *de_ctx, Sig pectx->mpm_ctx = mpm_ctx; pectx->transforms = &mpm_reg->transforms; - r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailerRaw, - mpm_reg->app_v2.alproto, HTP_REQUEST_TRAILER+1, - pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname); + r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailerRaw, mpm_reg->app_v2.alproto, + HTP_REQUEST_PROGRESS_TRAILER + 1, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname); if (r != 0) { SCFree(pectx); } @@ -341,9 +340,8 @@ static int PrefilterMpmHttpHeaderRawResponseRegister(DetectEngineCtx *de_ctx, Si pectx->mpm_ctx = mpm_ctx; pectx->transforms = &mpm_reg->transforms; - int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeaderRaw, - mpm_reg->app_v2.alproto, HTP_RESPONSE_HEADERS, - pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname); + int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpHeaderRaw, mpm_reg->app_v2.alproto, + HTP_RESPONSE_PROGRESS_HEADERS, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname); if (r != 0) { SCFree(pectx); return r; @@ -357,9 +355,8 @@ static int PrefilterMpmHttpHeaderRawResponseRegister(DetectEngineCtx *de_ctx, Si pectx->mpm_ctx = mpm_ctx; pectx->transforms = &mpm_reg->transforms; - r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailerRaw, - mpm_reg->app_v2.alproto, HTP_RESPONSE_TRAILER, - pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname); + r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmHttpTrailerRaw, mpm_reg->app_v2.alproto, + HTP_RESPONSE_PROGRESS_TRAILER, pectx, PrefilterMpmHttpHeaderRawFree, mpm_reg->pname); if (r != 0) { SCFree(pectx); } diff --git a/src/detect-http-request-line.c b/src/detect-http-request-line.c index 886e643a3eda..daaceede84c1 100644 --- a/src/detect-http-request-line.c +++ b/src/detect-http-request-line.c @@ -57,6 +57,7 @@ #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "stream-tcp.h" #include "detect-http-request-line.h" @@ -110,10 +111,10 @@ void DetectHttpRequestLineRegister(void) sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister("http_request_line", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); + HTP_REQUEST_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_request_line", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); + PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_LINE); DetectAppLayerInspectEngineRegister("http_request_line", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); diff --git a/src/detect-http-response-line.c b/src/detect-http-response-line.c index 69ee8c2709ab..421e3f841900 100644 --- a/src/detect-http-response-line.c +++ b/src/detect-http-response-line.c @@ -57,6 +57,7 @@ #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "stream-tcp.h" #include "detect-http-response-line.h" @@ -109,10 +110,10 @@ void DetectHttpResponseLineRegister(void) sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister("http_response_line", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, - HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); + HTP_RESPONSE_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_response_line", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); + PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_LINE); DetectAppLayerInspectEngineRegister("http_response_line", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); diff --git a/src/detect-http-start.c b/src/detect-http-start.c index e88ac3cdf68f..255501963319 100644 --- a/src/detect-http-start.c +++ b/src/detect-http-start.c @@ -59,6 +59,7 @@ #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "detect-http-header.h" #include "stream-tcp.h" @@ -89,13 +90,13 @@ static uint8_t *GetBufferForTX( htp_table_t *headers; if (flags & STREAM_TOSERVER) { if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) <= - HTP_REQUEST_HEADERS) + HTP_REQUEST_PROGRESS_HEADERS) return NULL; line = tx->request_line; headers = tx->request_headers; } else { if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP1, tx, flags) <= - HTP_RESPONSE_HEADERS) + HTP_RESPONSE_PROGRESS_HEADERS) return NULL; headers = tx->response_headers; line = tx->response_line; @@ -189,14 +190,14 @@ void DetectHttpStartRegister(void) sigmatch_table[DETECT_AL_HTTP_START].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, - GetBuffer1ForTX, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); + GetBuffer1ForTX, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, - GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS); + GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_HEADERS); DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); + HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, - HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); + HTP_RESPONSE_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-http-stat-code.c b/src/detect-http-stat-code.c index 37dfb2efbdcc..b0638c3ed5a8 100644 --- a/src/detect-http-stat-code.c +++ b/src/detect-http-stat-code.c @@ -58,6 +58,7 @@ #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "detect-http-stat-code.h" #include "stream-tcp-private.h" #include "stream-tcp.h" @@ -99,10 +100,10 @@ void DetectHttpStatCodeRegister (void) sigmatch_table[DETECT_HTTP_STAT_CODE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister("http_stat_code", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, - HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); + HTP_RESPONSE_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, - GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); + GetData, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_LINE); DetectAppLayerInspectEngineRegister("http_stat_code", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); diff --git a/src/detect-http-stat-msg.c b/src/detect-http-stat-msg.c index b1a485d7a933..52b4b6830767 100644 --- a/src/detect-http-stat-msg.c +++ b/src/detect-http-stat-msg.c @@ -58,6 +58,7 @@ #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "detect-http-stat-msg.h" #include "stream-tcp-private.h" #include "stream-tcp.h" @@ -109,10 +110,10 @@ void DetectHttpStatMsgRegister (void) sigmatch_table[DETECT_HTTP_STAT_MSG].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister("http_stat_msg", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, - HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); + HTP_RESPONSE_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_stat_msg", SIG_FLAG_TOCLIENT, 3, PrefilterGenericMpmRegister, - GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); + GetData, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_LINE); DetectAppLayerInspectEngineRegister("http_stat_msg", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); diff --git a/src/detect-http-ua.c b/src/detect-http-ua.c index 8babd9adcb50..7e5ba0d7efce 100644 --- a/src/detect-http-ua.c +++ b/src/detect-http-ua.c @@ -56,6 +56,7 @@ #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "stream-tcp.h" #include "detect-http-ua.h" @@ -99,10 +100,10 @@ void DetectHttpUARegister(void) sigmatch_table[DETECT_HTTP_UA].flags |= SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister("http_user_agent", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetData); + HTP_REQUEST_PROGRESS_HEADERS, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, - GetData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); + GetData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_HEADERS); DetectAppLayerInspectEngineRegister("http_user_agent", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); diff --git a/src/detect-http-uri.c b/src/detect-http-uri.c index 12c6f8788549..e9c3b50e7a9c 100644 --- a/src/detect-http-uri.c +++ b/src/detect-http-uri.c @@ -53,6 +53,7 @@ #include "app-layer.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "detect-http-uri.h" #include "stream-tcp.h" @@ -108,10 +109,10 @@ void DetectHttpUriRegister (void) sigmatch_table[DETECT_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister("http_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); + HTP_REQUEST_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, - GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); + GetData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_LINE); DetectAppLayerInspectEngineRegister("http_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); @@ -146,10 +147,10 @@ void DetectHttpUriRegister (void) sigmatch_table[DETECT_HTTP_URI_RAW].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister("http_raw_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetRawData); + HTP_REQUEST_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetRawData); DetectAppLayerMpmRegister("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, - GetRawData, ALPROTO_HTTP1, HTP_REQUEST_LINE); + GetRawData, ALPROTO_HTTP1, HTP_REQUEST_PROGRESS_LINE); // no difference between raw and decoded uri for HTTP2 DetectAppLayerInspectEngineRegister("http_raw_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, diff --git a/src/detect-parse.c b/src/detect-parse.c index 10e9903e80af..477d5eeafbdd 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -61,6 +61,7 @@ #include "app-layer-protos.h" #include "app-layer-parser.h" #include "app-layer-htp.h" +#include "app-layer-htp-libhtp.h" #include "util-classification-config.h" #include "util-unittest.h" @@ -96,8 +97,8 @@ DetectFileHandlerProtocol_t al_protocols[ALPROTO_WITHFILES_MAX] = { { .alproto = ALPROTO_FTPDATA, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT }, { .alproto = ALPROTO_HTTP1, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT, - .to_client_progress = HTP_RESPONSE_BODY, - .to_server_progress = HTP_REQUEST_BODY }, + .to_client_progress = HTP_RESPONSE_PROGRESS_BODY, + .to_server_progress = HTP_REQUEST_PROGRESS_BODY }, { .alproto = ALPROTO_HTTP2, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT, .to_client_progress = HTTP2StateDataServer,