#include <stdlib.h>
#include "hi_si.h"
#include "hi_eo.h"
#include "hi_util_xmalloc.h"
#include "hi_return_codes.h"
Go to the source code of this file.
Functions | |
| int | hi_eo_anom_server_event_log (HI_SESSION *Session, int iEvent, void *data, void(*free_data)(void *)) |
| int | hi_eo_client_event_log (HI_SESSION *Session, int iEvent, void *data, void(*free_data)(void *)) |
Variables | |
| static HI_EVENT_INFO | client_event_info [HI_EO_CLIENT_EVENT_NUM] |
| static HI_EVENT_INFO | anom_server_event_info [HI_EO_ANOM_SERVER_EVENT_NUM] |
Logging Events: Since the object behind this is no memset()s, we have to rely on the stack interface to make sure we don't log the same event twice. So if there are events in the stack we cycle through to make sure that there are none available before we add a new event and increment the stack count. Then to reset the event queue, we just need to set the stack count back to zero.
NOTES:
Definition in file hi_eo_log.c.
|
||||||||||||||||||||
|
This routine logs anomalous server events to the event queue.
Definition at line 90 of file hi_eo_log.c. References s_HI_SESSION::anom_server, s_HI_EVENT::count, s_HI_EVENT::data, s_HI_EVENT::event_info, s_HI_ANOM_SERVER::event_list, s_HI_ANOM_SERVER_EVENTS::events, s_HI_EVENT::free_data, HI_EO_ANOM_SERVER_EVENT_NUM, HI_INVALID_ARG, HI_SUCCESS, s_HI_ANOM_SERVER_EVENTS::stack, and s_HI_ANOM_SERVER_EVENTS::stack_count. Referenced by hi_server_anomaly_detection(). |
|
||||||||||||||||||||
|
This function logs client events during HttpInspect processing. The idea behind this event logging is modularity, but at the same time performance. We accomplish this utilizing an optimized stack as an index into the client event array, instead of walking a list for already logged events. The problem here is that we can't just log every event that we've already seen, because this opens us up to a DOS. So by using this method, we can quickly check if an event has already been logged and deal appropriately.
Definition at line 166 of file hi_eo_log.c. References s_HI_SESSION::client, s_HI_EVENT::count, s_HI_EVENT::data, s_HI_EVENT::event_info, s_HI_CLIENT::event_list, s_HI_CLIENT_EVENTS::events, s_HI_EVENT::free_data, HI_EO_CLIENT_EVENT_NUM, HI_INVALID_ARG, HI_SUCCESS, s_HI_CLIENT_EVENTS::stack, and s_HI_CLIENT_EVENTS::stack_count. Referenced by CheckChunkEncoding(), CheckLongDir(), DirNorm(), DirTrav(), DoubleDecode(), find_non_rfc_delimiter(), GetChar(), GetDecodedByte(), hi_norm_uri(), InspectUriChar(), NextNonWhiteSpace(), PercentDecode(), StatelessInspection(), UDecode(), and UTF8Decode(). |
|
|
Initial value: Definition at line 70 of file hi_eo_log.c. |
|
|
Definition at line 38 of file hi_eo_log.c. |
1.4.2