Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src / preprocessors / HttpInspect / include

hi_ui_config.h

Go to the documentation of this file.
00001 /**
00002 **  @file       hi_ui_config.h
00003 **  
00004 **  @author     Daniel Roelker <droelker@sourcefire.com>
00005 **
00006 **  @brief      This file contains the internal configuration structures
00007 **              for HttpInspect.
00008 **
00009 **  This file holds the configuration constructs for the HttpInspect global
00010 **  configuration and the server configurations.  It also contains the function
00011 **  prototypes for accessing server configurations.
00012 */
00013 
00014 #ifndef __HI_UI_CONFIG_H__
00015 #define __HI_UI_CONFIG_H__
00016 
00017 #include "hi_include.h"
00018 #include "hi_util_kmap.h"
00019 
00020 /*
00021 **  Defines
00022 */
00023 #define HI_UI_CONFIG_STATELESS 0
00024 #define HI_UI_CONFIG_STATEFUL  1
00025 #define HI_UI_CONFIG_MAX_PIPE  20
00026 
00027 /**
00028 **  Defines a search type for the server configurations in the
00029 **  global configuration.  We want this generic so we can change
00030 **  it easily if we change the search type.
00031 */
00032 typedef KMAP SERVER_LOOKUP;
00033 
00034 /**
00035 **  This structure simply holds a value for on/off and whether
00036 **  alert is on/off.  Should be used for many configure options.
00037 */
00038 typedef struct s_HTTPINSPECT_CONF_OPT
00039 {
00040 
00041     int on;     /**< if true, configuration option is on */
00042     int alert;  /**< if true, alert if option is found */
00043 
00044 }  HTTPINSPECT_CONF_OPT;
00045 
00046 /**
00047 **  This is the configuration construct that holds the specific
00048 **  options for a server.  Each unique server has it's own structure
00049 **  and there is a global structure for servers that don't have
00050 **  a unique configuration.
00051 */
00052 typedef struct s_HTTPINSPECT_CONF
00053 {
00054     int  port_count;
00055     char ports[65536];
00056     int  flow_depth;
00057 
00058     /*
00059     **  Unicode mapping for IIS servers
00060     */
00061     int  *iis_unicode_map;
00062     char *iis_unicode_map_filename;
00063     int  iis_unicode_codepage;
00064 
00065     int  long_dir;
00066     int  uri_only;
00067     int  no_alerts;
00068     
00069     /*
00070     **  Chunk encoding anomaly detection
00071     */
00072     int  chunk_length;
00073 
00074     /*
00075     **  pipeline requests
00076     */
00077     int no_pipeline;
00078 
00079     /*
00080     **  Enable non-strict (apache) URI handling.  This allows us to catch the
00081     **  non-standard URI parsing that apache does.
00082     */
00083     int non_strict;
00084 
00085     /*
00086     **  Allow proxy use for this server.
00087     */
00088     int allow_proxy;
00089 
00090     /*
00091     **  Handle tab char (0x09) as a URI delimiter.  Apache honors this, IIS does not.
00092     */
00093     int tab_uri_delimiter;
00094 
00095     /*
00096     **  These are the URI encoding configurations
00097     */
00098     HTTPINSPECT_CONF_OPT ascii;
00099     HTTPINSPECT_CONF_OPT double_decoding;
00100     HTTPINSPECT_CONF_OPT u_encoding;
00101     HTTPINSPECT_CONF_OPT bare_byte;
00102     HTTPINSPECT_CONF_OPT base36;
00103     HTTPINSPECT_CONF_OPT utf_8;
00104     HTTPINSPECT_CONF_OPT iis_unicode;
00105     int                  non_rfc_chars[256];
00106 
00107     /*
00108     **  These are the URI normalization configurations
00109     */
00110     HTTPINSPECT_CONF_OPT multiple_slash;
00111     HTTPINSPECT_CONF_OPT iis_backslash;
00112     HTTPINSPECT_CONF_OPT directory;
00113     HTTPINSPECT_CONF_OPT webroot;
00114     HTTPINSPECT_CONF_OPT apache_whitespace;
00115     HTTPINSPECT_CONF_OPT iis_delimiter;
00116     
00117 }  HTTPINSPECT_CONF;
00118 
00119 /**
00120 **  This is the configuration for the global HttpInspect
00121 **  configuration.  It contains the global aspects of the
00122 **  configuration, a standard global default configuration,
00123 **  and server configurations.
00124 */
00125 typedef struct s_HTTPINSPECT_GLOBAL_CONF
00126 {
00127     int              max_pipeline_requests;
00128     int              inspection_type;
00129     int              anomalous_servers;
00130     int              proxy_alert;
00131 
00132     /*
00133     **  These variables are for tracking the IIS
00134     **  Unicode Map configuration.
00135     */
00136     int              *iis_unicode_map;
00137     char             *iis_unicode_map_filename;
00138     int              iis_unicode_codepage;
00139 
00140     HTTPINSPECT_CONF global_server;
00141     SERVER_LOOKUP    *server_lookup;
00142 
00143 }  HTTPINSPECT_GLOBAL_CONF;    
00144 
00145 /*
00146 **  Functions
00147 */
00148 int hi_ui_config_init_global_conf(HTTPINSPECT_GLOBAL_CONF *GlobalConf);
00149 int hi_ui_config_default(HTTPINSPECT_GLOBAL_CONF *GlobalConf);
00150 int hi_ui_config_reset_global(HTTPINSPECT_GLOBAL_CONF *GlobalConf);
00151 int hi_ui_config_reset_server(HTTPINSPECT_CONF *ServerConf);
00152 
00153 int hi_ui_config_add_server(HTTPINSPECT_GLOBAL_CONF *GlobalConf,
00154                             unsigned long ServerIP, 
00155                             HTTPINSPECT_CONF *ServerConf);
00156 
00157 int hi_ui_config_set_profile_apache(HTTPINSPECT_CONF *GlobalConf);
00158 int hi_ui_config_set_profile_iis(HTTPINSPECT_CONF *GlobalConf, int *);
00159 int hi_ui_config_set_profile_all(HTTPINSPECT_CONF *GlobalConf, int *);
00160 
00161 #endif
Generated on Sun May 14 14:51:15 2006 by  doxygen 1.4.2