Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src / preprocessors / HttpInspect / mode_inspection

hi_mi.c

Go to the documentation of this file.
00001 /**
00002 **  @file       hi_mi.c
00003 **
00004 **  @author     Daniel Roelker <droelker@sourcefire.com>
00005 **
00006 **  @brief      This file contains functions that deal with the logic of
00007 **              selecting the appropriate mode inspection (client, server,
00008 **              or anomalous server detection).
00009 **
00010 **  Not too much more to say about this file, it's really just one function
00011 **  that wraps which mode gets called.
00012 **
00013 **  NOTES:
00014 **    - 3.2.03:  Initial development.  DJR
00015 */
00016 
00017 #include "sys/types.h"
00018 
00019 #include "hi_si.h"
00020 #include "hi_client.h"
00021 #include "hi_server.h"
00022 #include "hi_ad.h"
00023 #include "hi_return_codes.h"
00024 
00025 /*
00026 **  NAME
00027 **    hi_mi_mode_inspection::
00028 */
00029 /**
00030 **  Wrap the logic that HttpInspect uses for which mode to inspect.
00031 **
00032 **  This function just uses logic to decide which type of inspection to
00033 **  do depending on the inspection mode.  Not much to it.
00034 **
00035 **  @param Session      pointer to the session inspection structure
00036 **  @param iInspectMode the type of inspection to perform
00037 **  @param data         the packet payload
00038 **  @param dsize        the size of the data
00039 **
00040 **  @return integer
00041 **
00042 **  @retval HI_SUCCESS      function successful
00043 **  @retval HI_NONFATAL_ERR the inspection mode is unknown
00044 **  @retval HI_INVALID_ARG  argument(s) was invalid or NULL
00045 */
00046 
00047 int hi_mi_mode_inspection(HI_SESSION *Session, int iInspectMode, 
00048         u_char *data, int dsize)
00049 {
00050     int iRet;
00051 
00052     
00053     if(!Session || !data || dsize < 0)
00054     {
00055         return HI_INVALID_ARG;
00056     }
00057 
00058     /*
00059     **  Depending on the mode, we inspect the packet differently.
00060     **  
00061     **  HI_SI_NO_MODE:
00062     **    This means that the packet is neither an HTTP client or server,
00063     **    so we can do what we want with the packet, like look for rogue
00064     **    HTTP servers or HTTP tunneling.
00065     **
00066     **  HI_SI_CLIENT_MODE:
00067     **    Inspect for HTTP client communication.
00068     **
00069     **  HI_SI_SERVER_MODE:
00070     **    Inspect for HTTP server communication.
00071     */
00072     if(iInspectMode == HI_SI_NO_MODE)
00073     {
00074         /*
00075         **  Let's look for rogue HTTP servers and stuff
00076         */
00077         if((iRet = hi_server_anomaly_detection(Session, data, dsize)))
00078         {
00079             return iRet;
00080         }
00081     }
00082     else if(iInspectMode == HI_SI_CLIENT_MODE)
00083     {
00084         if((iRet = hi_client_inspection((void *)Session, data, dsize)))
00085         {
00086             return iRet;
00087         }
00088     }
00089     else if(iInspectMode == HI_SI_SERVER_MODE)
00090     {
00091         if((iRet = hi_server_inspection((void *)Session, data, dsize)))
00092         {
00093             return iRet;
00094         }
00095     }
00096     else
00097     {
00098         /*
00099         **  We only get here if the inspection mode is different, then
00100         **  the defines, which we should never get here.  In case we do
00101         **  then we return non-fatal error.
00102         */
00103         return HI_NONFATAL_ERR;
00104     }
00105 
00106     return HI_SUCCESS;
00107 }
Generated on Sun May 14 14:51:15 2006 by  doxygen 1.4.2