Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src / preprocessors

snort_httpinspect.h File Reference

Go to the source code of this file.

Functions

int HttpInspectSnortConf (HTTPINSPECT_GLOBAL_CONF *GlobalConf, char *args, int iGlobal, char *ErrorString, int ErrStrLen)
int SnortHttpInspect (HTTPINSPECT_GLOBAL_CONF *GlobalConf, Packet *p)

Function Documentation

int HttpInspectSnortConf HTTPINSPECT_GLOBAL_CONF GlobalConf,
char *  args,
int  iGlobal,
char *  ErrorString,
int  ErrStrLen
 

This function takes the HttpInspect configuration line from the snort.conf and creats an HttpInspect configuration.

This routine takes care of the snort specific configuration processing and calls the generic routines to add specific server configurations. It sets the configuration structure elements in this routine.

The ErrorString is passed in as a pointer, and the ErrStrLen tells us the length of the pointer.

Parameters:
GlobalConf a pointer to the global configuration.
args a pointer to argument string.
iGlobal whether this is the global configuration or a server
ErrorString a pointer for an error string.
ErrStrLen the length of the error string.
Returns:
an error code integer (0 = success, >0 = non-fatal error, <0 = fatal error)
Return values:
0 success
1 generic non-fatal error
-1 generic fatal error
-2 ErrorString is undefined

Definition at line 1808 of file snort_httpinspect.c.

References CONF_SEPARATORS, GLOBAL, s_HTTPINSPECT_GLOBAL_CONF::global_server, hi_ui_config_reset_global(), hi_ui_config_reset_server(), NULL, PrintGlobalConf(), ProcessGlobalConf(), ProcessUniqueServerConf(), SERVER, and snprintf.

Referenced by HttpInspectInit().

int SnortHttpInspect HTTPINSPECT_GLOBAL_CONF GlobalConf,
Packet p
 

This function calls the HttpInspect function that processes an HTTP session.

We need to instantiate a pointer for the HI_SESSION that HttpInspect fills in. Right now stateless processing fills in this session, which we then normalize, and eventually detect. We'll have to handle separately the normalization events, etc.

This function is where we can see from the highest level what the HttpInspect flow looks like.

Parameters:
GlobalConf pointer to the global configuration
p pointer to the Packet structure
Returns:
integer
Return values:
0 function successful
<0 fatal error
>0 non-fatal error

Definition at line 2171 of file snort_httpinspect.c.

References s_HI_SESSION::anom_server, s_HI_SESSION::client, _Packet::data, _HttpUri::decode_flags, Detect(), do_detect, _Packet::dsize, s_HI_ANOM_SERVER::event_list, s_HTTPINSPECT_CONF::flow_depth, s_HI_SERVER::header_size, hi_mi_mode_inspection(), hi_normalization(), HI_SI_CLIENT_MODE, HI_SI_SERVER_MODE, hi_si_session_inspection(), HTTPURI_PIPELINE_REQ, _Packet::iph, _HttpUri::length, LogEvents(), NULL, otn_tmp, _Packet::packet_flags, s_HI_CLIENT_REQ::pipeline_req, PKT_HTTP_DECODE, PP_PORTSCAN, PP_STREAM4, _Packet::preprocessors, s_HI_CLIENT::request, s_HI_SESSION::server, s_HI_SESSION::server_conf, SetSiInput(), s_HI_ANOM_SERVER_EVENTS::stack_count, _Packet::tcph, s_HI_CLIENT_REQ::uri, _HttpUri::uri, _Packet::uri_count, URI_COUNT, s_HI_CLIENT_REQ::uri_norm, s_HI_CLIENT_REQ::uri_norm_size, s_HTTPINSPECT_CONF::uri_only, s_HI_CLIENT_REQ::uri_size, and UriBufs.

Referenced by HttpInspect().

Generated on Sun May 14 14:51:25 2006 by  doxygen 1.4.2