~ubuntu-branches/ubuntu/precise/suricata/precise-proposed

« back to all changes in this revision

Viewing changes to src/detect-http-header.c

Committer: Bazaar Package Importer
Author(s): Pierre Chifflier
Date: 2010-06-19 17:39:14 UTC
mfrom: (1.1.3 upstream)
Revision ID: james.westby@ubuntu.com-20100619173914-5vkjfgz24mbia29z

Tags: 0.9.2-1

Imported Upstream version 0.9.2

files added:
doc/INSTALL.PF_RING

doc/INSTALL.WINDOWS

libhtp/m4

libhtp/m4/libtool.m4

libhtp/m4/ltoptions.m4

libhtp/m4/ltsugar.m4

libhtp/m4/ltversion.m4

libhtp/m4/lt~obsolete.m4

src/detect-engine-dcepayload.c

src/detect-engine-dcepayload.h

src/detect-http-uri.c

src/detect-http-uri.h

src/source-erf-dag.c

src/source-erf-dag.h

src/tmqh-ringbuffer.c

src/tmqh-ringbuffer.h

src/util-atomic.h

src/util-ringbuffer.c

src/util-ringbuffer.h

src/win32-service.c

src/win32-service.h

files modified:
Makefile.am

Makefile.in

configure

configure.in

debian/changelog

debian/rules

doc/INSTALL

libhtp/Makefile.am

libhtp/Makefile.in

libhtp/aclocal.m4

libhtp/configure

libhtp/htp/Makefile.in

libhtp/test/Makefile.in

src/Makefile.am

src/Makefile.in

src/alert-debuglog.c

src/alert-fastlog.c

src/alert-prelude.c

src/alert-unified-alert.c

src/alert-unified-log.c

src/alert-unified2-alert.c

src/app-layer-dcerpc-common.h

src/app-layer-dcerpc.c

src/app-layer-detect-proto.c

src/app-layer-detect-proto.h

src/app-layer-ftp.c

src/app-layer-htp.c

src/app-layer-parser.c

src/app-layer-parser.h

src/app-layer-smb.c

src/app-layer-smb2.c

src/app-layer-ssl.c

src/app-layer-tls.c

src/app-layer.c

src/app-layer.h

src/conf.c

src/conf.h

src/counters.c

src/decode-events.h

src/decode-ipv4.c

src/decode-ipv6.c

src/decode-udp.c

src/decode.c

src/decode.h

src/detect-asn1.c

src/detect-bytejump.c

src/detect-bytejump.h

src/detect-bytetest.c

src/detect-bytetest.h

src/detect-classtype.c

src/detect-content.c

src/detect-dce-iface.c

src/detect-dce-opnum.c

src/detect-dce-stub-data.c

src/detect-decode-event.c

src/detect-depth.c

src/detect-detection-filter.c

src/detect-detection-filter.h

src/detect-distance.c

src/detect-engine-alert.c

src/detect-engine-iponly.c

src/detect-engine-mpm.c

src/detect-engine-mpm.h

src/detect-engine-payload.c

src/detect-engine-payload.h

src/detect-engine-port.c

src/detect-engine-proto.c

src/detect-engine-siggroup.c

src/detect-engine-siggroup.h

src/detect-engine-sigorder.c

src/detect-engine-state.c

src/detect-engine-state.h

src/detect-engine-threshold.c

src/detect-engine-threshold.h

src/detect-engine-uri.c

src/detect-engine-uri.h

src/detect-engine.c

src/detect-fast-pattern.c

src/detect-flags.c

src/detect-flow.c

src/detect-flowbits.c

src/detect-fragbits.c

src/detect-ftpbounce.c

src/detect-http-client-body.c

src/detect-http-cookie.c

src/detect-http-header.c

src/detect-http-method.c

src/detect-isdataat.c

src/detect-offset.c

src/detect-parse.c

src/detect-parse.h

src/detect-pcre.c

src/detect-pcre.h

src/detect-threshold.c

src/detect-threshold.h

src/detect-tls-version.c

src/detect-uricontent.c

src/detect-uricontent.h

src/detect-urilen.c

src/detect-within.c

src/detect.c

src/detect.h

src/flow-bit.c

src/flow-hash.c

src/flow-private.h

src/flow-queue.c

src/flow-queue.h

src/flow-util.c

src/flow-util.h

src/flow.c

src/flow.h

src/host.c

src/log-httplog.c

src/respond-reject.c

src/respond-reject.h

src/runmodes.c

src/runmodes.h

src/source-erf-file.c

src/source-ipfw.c

src/source-nfq.c

src/source-pcap-file.c

src/source-pcap.c

src/source-pfring.c

src/stream-tcp-private.h

src/stream-tcp-reassemble.c

src/stream-tcp-reassemble.h

src/stream-tcp.c

src/stream-tcp.h

src/stream.c

src/stream.h

src/suricata-common.h

src/suricata.c

src/suricata.h

src/threadvars.h

src/tm-modules.h

src/tm-queuehandlers.c

src/tm-queuehandlers.h

src/tm-threads.c

src/tmqh-packetpool.c

src/tmqh-simple.c

src/util-classification-config.c

src/util-classification-config.h

src/util-debug.c

src/util-error.c

src/util-error.h

src/util-fmemopen.c

src/util-host-os-info.c

src/util-mpm-b2g.c

src/util-mpm-b2g.h

src/util-mpm.c

src/util-mpm.h

src/util-profiling.c

src/util-profiling.h

src/util-radix-tree.c

src/util-spm-bm.c

src/util-spm-bm.h

src/util-threshold-config.c

src/util-unittest-helper.c

src/util-unittest-helper.h

suricata.yaml

Show diffs side-by-side

added added

removed removed

src/detect-http-header.c

#include "detect-parse.h"

#include "detect-engine.h"

#include "detect-engine-mpm.h"

#include "detect-engine-state.h"

#include "detect-content.h"

#include "flow.h"

#include "flow-var.h"

#include "flow-util.h"

#include "util-debug.h"

#include "util-unittest.h"

SigMatch *m);

int DetectHttpHeaderSetup(DetectEngineCtx *, Signature *, char *);

void DetectHttpHeaderRegisterTests(void);

void DetectHttpHeaderFree(void *);

/**

* \brief Registers the keyword handlers for the "http_header" keyword.

sigmatch_table[DETECT_AL_HTTP_HEADER].AppLayerMatch = DetectHttpHeaderMatch;

sigmatch_table[DETECT_AL_HTTP_HEADER].alproto = ALPROTO_HTTP;

sigmatch_table[DETECT_AL_HTTP_HEADER].Setup = DetectHttpHeaderSetup;

sigmatch_table[DETECT_AL_HTTP_HEADER].Free = NULL;

sigmatch_table[DETECT_AL_HTTP_HEADER].Free = DetectHttpHeaderFree;

sigmatch_table[DETECT_AL_HTTP_HEADER].RegisterTests = DetectHttpHeaderRegisterTests;

sigmatch_table[DETECT_AL_HTTP_HEADER].flags |= SIGMATCH_PAYLOAD ;

142

145

}

143

146

144

147

/**

148

* \brief this function clears the memory of http_header modifier keyword

149

150

* \param ptr Pointer to the Detection Header Data

151

152

void DetectHttpHeaderFree(void *ptr)

153

{

154

DetectHttpHeaderData *hd = (DetectHttpHeaderData *)ptr;

155

if (hd == NULL)

156

return;

157

if (hd->content != NULL)

158

SCFree(hd->content);

159

SCFree(hd);

160

}

161

162

/**

145

163

* \brief The setup function for the http_header keyword for a signature.

146

164

147

165

* \param de_ctx Pointer to the detection engine context.

226

244

227

245

/* free the old content sigmatch, the content pattern memory

228

246

* is taken over by the new sigmatch */

247

BoyerMooreCtxDeInit(((DetectContentData *)sm->ctx)->bm_ctx);

229

248

SCFree(sm->ctx);

230

249

SCFree(sm);

231

250

238

257

return 0;

239

258

240

259

error:

241

if (hcbd != NULL) {

242

if (hcbd->content != NULL)

243

SCFree(hcbd->content);

244

SCFree(hcbd);

245

}

260

if (hcbd != NULL)

261

DetectHttpHeaderFree(hcbd);

246

262

if(nm != NULL)

247

263

SCFree(sm);

248

264

453

469

p.payload_len = 0;

454

470

p.proto = IPPROTO_TCP;

455

471

472

FLOW_INITIALIZE(&f);

456

473

f.protoctx = (void *)&ssn;

457

474

f.src.family = AF_INET;

458

475

f.dst.family = AF_INET;

459

476

p.flow = &f;

460

477

p.flowflags |= FLOW_PKT_TOSERVER;

461

ssn.alproto = ALPROTO_HTTP;

478

p.flowflags |= FLOW_PKT_ESTABLISHED;

479

f.alproto = ALPROTO_HTTP;

462

480

463

481

StreamTcpInitConfig(TRUE);

464

StreamL7DataPtrInit(&ssn);

482

FlowL7DataPtrInit(&f);

465

483

466

484

de_ctx = DetectEngineCtxInit();

467

485

if (de_ctx == NULL)

486

504

goto end;

487

505

}

488

506

489

http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

507

http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

490

508

if (http_state == NULL) {

491

509

printf("no http state: ");

492

510

result = 0;

510

528

if (de_ctx != NULL)

511

529

DetectEngineCtxFree(de_ctx);

512

530

513

StreamL7DataPtrFree(&ssn);

531

FlowL7DataPtrFree(&f);

514

532

StreamTcpFreeConfig(TRUE);

533

FLOW_DESTROY(&f);

515

534

return result;

516

535

}

517

536

561

580

p2.payload_len = 0;

562

581

p2.proto = IPPROTO_TCP;

563

582

583

FLOW_INITIALIZE(&f);

564

584

f.protoctx = (void *)&ssn;

565

585

f.src.family = AF_INET;

566

586

f.dst.family = AF_INET;

567

587

p1.flow = &f;

568

588

p1.flowflags |= FLOW_PKT_TOSERVER;

589

p1.flowflags |= FLOW_PKT_ESTABLISHED;

569

590

p2.flow = &f;

570

591

p2.flowflags |= FLOW_PKT_TOSERVER;

571

ssn.alproto = ALPROTO_HTTP;

592

p2.flowflags |= FLOW_PKT_ESTABLISHED;

593

f.alproto = ALPROTO_HTTP;

572

594

573

595

StreamTcpInitConfig(TRUE);

574

StreamL7DataPtrInit(&ssn);

596

FlowL7DataPtrInit(&f);

575

597

576

598

de_ctx = DetectEngineCtxInit();

577

599

if (de_ctx == NULL)

596

618

goto end;

597

619

}

598

620

599

http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

621

http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

600

622

if (http_state == NULL) {

601

623

printf("no http state: ");

602

624

result = 0;

635

657

if (de_ctx != NULL)

636

658

DetectEngineCtxFree(de_ctx);

637

659

638

StreamL7DataPtrFree(&ssn);

660

FlowL7DataPtrFree(&f);

639

661

StreamTcpFreeConfig(TRUE);

662

FLOW_DESTROY(&f);

640

663

return result;

641

664

}

642

665

685

708

p2.payload_len = 0;

686

709

p2.proto = IPPROTO_TCP;

687

710

711

FLOW_INITIALIZE(&f);

688

712

f.protoctx = (void *)&ssn;

689

713

f.src.family = AF_INET;

690

714

f.dst.family = AF_INET;

691

715

p1.flow = &f;

692

716

p1.flowflags |= FLOW_PKT_TOSERVER;

717

p1.flowflags |= FLOW_PKT_ESTABLISHED;

693

718

p2.flow = &f;

694

719

p2.flowflags |= FLOW_PKT_TOSERVER;

695

ssn.alproto = ALPROTO_HTTP;

720

p2.flowflags |= FLOW_PKT_ESTABLISHED;

721

f.alproto = ALPROTO_HTTP;

696

722

697

723

StreamTcpInitConfig(TRUE);

698

StreamL7DataPtrInit(&ssn);

724

FlowL7DataPtrInit(&f);

699

725

700

726

de_ctx = DetectEngineCtxInit();

701

727

if (de_ctx == NULL)

720

746

goto end;

721

747

}

722

748

723

http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

749

http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

724

750

if (http_state == NULL) {

725

751

printf("no http state: ");

726

752

result = 0;

759

785

if (de_ctx != NULL)

760

786

DetectEngineCtxFree(de_ctx);

761

787

762

StreamL7DataPtrFree(&ssn);

788

FlowL7DataPtrFree(&f);

763

789

StreamTcpFreeConfig(TRUE);

790

FLOW_DESTROY(&f);

764

791

return result;

765

792

}

766

793

810

837

p2.payload_len = 0;

811

838

p2.proto = IPPROTO_TCP;

812

839

840

FLOW_INITIALIZE(&f);

813

841

f.protoctx = (void *)&ssn;

814

842

f.src.family = AF_INET;

815

843

f.dst.family = AF_INET;

816

844

p1.flow = &f;

817

845

p1.flowflags |= FLOW_PKT_TOSERVER;

846

p1.flowflags |= FLOW_PKT_ESTABLISHED;

818

847

p2.flow = &f;

819

848

p2.flowflags |= FLOW_PKT_TOSERVER;

820

ssn.alproto = ALPROTO_HTTP;

849

p2.flowflags |= FLOW_PKT_ESTABLISHED;

850

f.alproto = ALPROTO_HTTP;

821

851

822

852

StreamTcpInitConfig(TRUE);

823

StreamL7DataPtrInit(&ssn);

853

FlowL7DataPtrInit(&f);

824

854

825

855

de_ctx = DetectEngineCtxInit();

826

856

if (de_ctx == NULL)

845

875

goto end;

846

876

}

847

877

848

http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

878

http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

849

879

if (http_state == NULL) {

850

880

printf("no http state: ");

851

881

result = 0;

884

914

if (de_ctx != NULL)

885

915

DetectEngineCtxFree(de_ctx);

886

916

887

StreamL7DataPtrFree(&ssn);

917

FlowL7DataPtrFree(&f);

888

918

StreamTcpFreeConfig(TRUE);

919

FLOW_DESTROY(&f);

889

920

return result;

890

921

}

891

922

935

966

p2.payload_len = 0;

936

967

p2.proto = IPPROTO_TCP;

937

968

969

FLOW_INITIALIZE(&f);

938

970

f.protoctx = (void *)&ssn;

939

971

f.src.family = AF_INET;

940

972

f.dst.family = AF_INET;

941

973

p1.flow = &f;

942

974

p1.flowflags |= FLOW_PKT_TOSERVER;

975

p1.flowflags |= FLOW_PKT_ESTABLISHED;

943

976

p2.flow = &f;

944

977

p2.flowflags |= FLOW_PKT_TOSERVER;

945

ssn.alproto = ALPROTO_HTTP;

978

p2.flowflags |= FLOW_PKT_ESTABLISHED;

979

f.alproto = ALPROTO_HTTP;

946

980

947

981

StreamTcpInitConfig(TRUE);

948

StreamL7DataPtrInit(&ssn);

982

FlowL7DataPtrInit(&f);

949

983

950

984

de_ctx = DetectEngineCtxInit();

951

985

if (de_ctx == NULL)

970

1004

goto end;

971

1005

}

972

1006

973

http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

1007

http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

974

1008

if (http_state == NULL) {

975

1009

printf("no http state: ");

976

1010

result = 0;

1009

1043

if (de_ctx != NULL)

1010

1044

DetectEngineCtxFree(de_ctx);

1011

1045

1012

StreamL7DataPtrFree(&ssn);

1046

FlowL7DataPtrFree(&f);

1013

1047

StreamTcpFreeConfig(TRUE);

1048

FLOW_DESTROY(&f);

1014

1049

return result;

1015

1050

}

1016

1051

1050

1085

p.payload_len = 0;

1051

1086

p.proto = IPPROTO_TCP;

1052

1087

1088

FLOW_INITIALIZE(&f);

1053

1089

f.protoctx = (void *)&ssn;

1054

1090

f.src.family = AF_INET;

1055

1091

f.dst.family = AF_INET;

1056

1092

p.flow = &f;

1057

1093

p.flowflags |= FLOW_PKT_TOSERVER;

1058

ssn.alproto = ALPROTO_HTTP;

1094

p.flowflags |= FLOW_PKT_ESTABLISHED;

1095

f.alproto = ALPROTO_HTTP;

1059

1096

1060

1097

StreamTcpInitConfig(TRUE);

1061

StreamL7DataPtrInit(&ssn);

1098

FlowL7DataPtrInit(&f);

1062

1099

1063

1100

de_ctx = DetectEngineCtxInit();

1064

1101

if (de_ctx == NULL)

1083

1120

goto end;

1084

1121

}

1085

1122

1086

http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

1123

http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

1087

1124

if (http_state == NULL) {

1088

1125

printf("no http state: ");

1089

1126

result = 0;

1107

1144

if (de_ctx != NULL)

1108

1145

DetectEngineCtxFree(de_ctx);

1109

1146

1110

StreamL7DataPtrFree(&ssn);

1147

FlowL7DataPtrFree(&f);

1111

1148

StreamTcpFreeConfig(TRUE);

1149

FLOW_DESTROY(&f);

1112

1150

return result;

1113

1151

}

1114

1152

1148

1186

p.payload_len = 0;

1149

1187

p.proto = IPPROTO_TCP;

1150

1188

1189

FLOW_INITIALIZE(&f);

1151

1190

f.protoctx = (void *)&ssn;

1152

1191

f.src.family = AF_INET;

1153

1192

f.dst.family = AF_INET;

1154

1193

p.flow = &f;

1155

1194

p.flowflags |= FLOW_PKT_TOSERVER;

1156

ssn.alproto = ALPROTO_HTTP;

1195

p.flowflags |= FLOW_PKT_ESTABLISHED;

1196

f.alproto = ALPROTO_HTTP;

1157

1197

1158

1198

StreamTcpInitConfig(TRUE);

1159

StreamL7DataPtrInit(&ssn);

1199

FlowL7DataPtrInit(&f);

1160

1200

1161

1201

de_ctx = DetectEngineCtxInit();

1162

1202

if (de_ctx == NULL)

1181

1221

goto end;

1182

1222

}

1183

1223

1184

http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

1224

http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

1185

1225

if (http_state == NULL) {

1186

1226

printf("no http state: ");

1187

1227

result = 0;

1205

1245

if (de_ctx != NULL)

1206

1246

DetectEngineCtxFree(de_ctx);

1207

1247

1208

StreamL7DataPtrFree(&ssn);

1248

FlowL7DataPtrFree(&f);

1209

1249

StreamTcpFreeConfig(TRUE);

1250

FLOW_DESTROY(&f);

1210

1251

return result;

1211

1252

}

1212

1253

1246

1287

p.payload_len = 0;

1247

1288

p.proto = IPPROTO_TCP;

1248

1289

1290

FLOW_INITIALIZE(&f);

1249

1291

f.protoctx = (void *)&ssn;

1250

1292

f.src.family = AF_INET;

1251

1293

f.dst.family = AF_INET;

1252

1294

1253

1295

p.flow = &f;

1254

1296

p.flowflags |= FLOW_PKT_TOSERVER;

1255

ssn.alproto = ALPROTO_HTTP;

1297

p.flowflags |= FLOW_PKT_ESTABLISHED;

1298

f.alproto = ALPROTO_HTTP;

1256

1299

1257

1300

StreamTcpInitConfig(TRUE);

1258

StreamL7DataPtrInit(&ssn);

1301

FlowL7DataPtrInit(&f);

1259

1302

1260

1303

de_ctx = DetectEngineCtxInit();

1261

1304

if (de_ctx == NULL)

1280

1323

goto end;

1281

1324

}

1282

1325

1283

http_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

1326

http_state = f.aldata[AlpGetStateIdx(ALPROTO_HTTP)];

1284

1327

if (http_state == NULL) {

1285

1328

printf("no http state: ");

1286

1329

result = 0;

1304

1347

if (de_ctx != NULL)

1305

1348

DetectEngineCtxFree(de_ctx);

1306

1349

1307

StreamL7DataPtrFree(&ssn);

1350

FlowL7DataPtrFree(&f);

1308

1351

StreamTcpFreeConfig(TRUE);

1352

FLOW_DESTROY(&f);

1309

1353

return result;

1310

1354

}

1311

1355

Older »