#include <string.h>#include <sys/types.h>#include "decode.h"#include "plugbase.h"#include "debug.h"#include "util.h"#include "hi_ui_config.h"#include "hi_client.h"#include "hi_norm.h"#include "snort_httpinspect.h"Go to the source code of this file.
Defines | |
| #define | GLOBAL_KEYWORD "http_inspect" |
| #define | SERVER_KEYWORD "http_inspect_server" |
| #define | ERRSTRLEN 1000 |
Functions | |
| static void | HttpInspect (Packet *p, void *context) |
| static void | HttpInspectInit (u_char *args) |
| void | SetupHttpInspect () |
Variables | |
| char * | file_name |
| char * | file_line |
| HttpUri | UriBufs [URI_COUNT] |
| HTTPINSPECT_GLOBAL_CONF | GlobalConf |
|
|
The length of the error string buffer. Definition at line 48 of file spp_httpinspect.c. Referenced by HttpInspectInit(), and XLINK2STATE_ParseArgs(). |
|
|
snort.conf preprocessor keyword Definition at line 42 of file spp_httpinspect.c. Referenced by SetupHttpInspect(). |
|
|
Definition at line 43 of file spp_httpinspect.c. Referenced by SetupHttpInspect(). |
|
||||||||||||
|
This function wraps the functionality in the generic HttpInspect processing. We get a Packet structure and pass this into the HttpInspect module where the first stage in HttpInspect is the Session Inspection stage where most of the other Snortisms are taken care of. After that, the modules should be fairly generic, and that's what we're trying to do here.
Definition at line 84 of file spp_httpinspect.c. References _Packet::data, _HttpUri::decode_flags, _Packet::dsize, _Packet::iph, PP_HTTPINSPECT, _Packet::preprocessors, SnortHttpInspect(), _Packet::tcph, and _Packet::uri_count. Referenced by HttpInspectInit(). |
|
|
This function initializes HttpInspect with a user configuration. The function is called when HttpInspect is configured in snort.conf. It gets passed a string of arguments, which gets parsed into configuration constructs that HttpInspect understands. This function gets called for every HttpInspect configure line. We use this characteristic to split up the configuration, so each line is a configuration construct. We need to keep track of what part of the configuration has been configured, so we don't configure one part, then configure it again. Any upfront memory is allocated here (if necessary).
Definition at line 143 of file spp_httpinspect.c. References AddFuncToPreprocList(), ErrorMessage(), ERRSTRLEN, FatalError(), file_line, file_name, hi_client_init(), hi_norm_init(), hi_ui_config_default(), hi_ui_config_init_global_conf(), HttpInspect(), HttpInspectSnortConf(), and snprintf. Referenced by SetupHttpInspect(). |
|
|
This function initializes HttpInspect as a Snort preprocessor. It registers the preprocessor keyword for use in the snort.conf and sets up the initialization module for the preprocessor, in case it is configured. This function must be called in InitPreprocessors() in plugbase.c in order to be recognized by Snort.
Definition at line 277 of file spp_httpinspect.c. References DEBUG_HTTPINSPECT, DEBUG_WRAP, GLOBAL_KEYWORD, HttpInspectInit(), RegisterPreprocessor(), and SERVER_KEYWORD. Referenced by InitPreprocessors(). |
|
|
|
|
|
|
|
|
Definition at line 65 of file spp_httpinspect.c. Referenced by hi_client_inspection(), and hi_server_anomaly_detection(). |
|
|
Definition at line 44 of file decode.c. Referenced by fpEvalHeaderSW(), SnortHttpInspect(), and SnortPcre(). |
1.4.2