From 07f7ba55b88a78a3a53f32e6f8769747e1aa2abf Mon Sep 17 00:00:00 2001 From: Gurvinder Singh Date: Sat, 21 Nov 2009 15:59:59 +0530 Subject: [PATCH] initial support for HTP module init --- config.h.in | 3 - configure.in | 20 +++- src/Makefile.am | 3 +- src/app-layer-htp.c | 222 +++++++++++++++++++++++++++++++++++++++++++ src/app-layer-htp.h | 36 +++++++ src/app-layer-http.c | 4 +- src/eidps.c | 7 +- 7 files changed, 286 insertions(+), 9 deletions(-) create mode 100644 src/app-layer-htp.c create mode 100644 src/app-layer-htp.h diff --git a/config.h.in b/config.h.in index b570a556ff..83df21570d 100644 --- a/config.h.in +++ b/config.h.in @@ -130,9 +130,6 @@ /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME -/* Define to the home page for this package. */ -#undef PACKAGE_URL - /* Define to the version of this package. */ #undef PACKAGE_VERSION diff --git a/configure.in b/configure.in index 1177dea1fd..c71b45156f 100644 --- a/configure.in +++ b/configure.in @@ -23,7 +23,7 @@ AC_INIT(configure.in) exit 1 ]) - CFLAGS="$CFLAGS -Wall -fno-strict-aliasing" + CFLAGS="$CFLAGS -Wall -fno-strict-aliasing -lhtp" # Checks for programs. AC_PROG_AWK @@ -427,6 +427,24 @@ AC_CHECK_HEADER(pcap.h,,[AC_ERROR(pcap.h not found ...)]) CFLAGS="${CFLAGS} -DDEBUG" fi +#libhtp + AC_ARG_WITH(libhtp_includes, + [ --with-libhtp-includes=DIR libhtp include directory], + [with_libhtp_includes="$withval"],[with_libhtp_includes=no]) + AC_ARG_WITH(libhtp_libraries, + [ --with-libhtp-libraries=DIR libhtp library directory], + [with_libhtp_libraries="$withval"],[with_libhtp_libraries="no"]) + + if test "$with_libhtp_includes" != "no"; then + CPPFLAGS="${CPPFLAGS} -I${with_libhtp_includes}" + fi + + AC_CHECK_HEADER(htp/htp.h,,LIBHTP="no") + + if test "$with_libhtp_libraries" != "no"; then + LDFLAGS="${LDFLAGS} -L${with_libhtp_libraries}" + fi + AC_SUBST(CFLAGS) AC_SUBST(LDFLAGS) AC_SUBST(CPPFLAGS) diff --git a/src/Makefile.am b/src/Makefile.am index b9dc82697b..7e36f19d6d 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -137,7 +137,8 @@ app-layer-protos.h \ conf.c conf.h \ conf-yaml-loader.c conf-yaml-loader.h \ util-fix_checksum.c util-fix_checksum.h \ -defrag.c defrag.h +defrag.c defrag.h \ +app-layer-htp.c app-layer-htp.h # set the include path found by configure INCLUDES= $(all_includes) diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c new file mode 100644 index 0000000000..01670e5d01 --- /dev/null +++ b/src/app-layer-htp.c @@ -0,0 +1,222 @@ +/* Copyright (c) 2009 Open Information Security Foundation */ + +/** + * \file This file provides a HTTP protocol support for the engine using + * HTP library. + * + * \author Gurvinder Singh + * + */ + +#include "eidps-common.h" +#include "debug.h" +#include "decode.h" +#include "threads.h" +#include + +#include "util-print.h" +#include "util-pool.h" + +#include "stream-tcp-private.h" +#include "stream-tcp-reassemble.h" +#include "stream.h" + +#include "app-layer-protos.h" +#include "app-layer-parser.h" + +#include "util-binsearch.h" +#include "util-unittest.h" +#include "util-debug.h" +#include "app-layer-htp.h" + +#ifdef DEBUG +static pthread_mutex_t htp_state_mem_lock = PTHREAD_MUTEX_INITIALIZER; +static uint64_t htp_state_memuse = 0; +static uint64_t htp_state_memcnt = 0; +#endif + +/** \brief Function to allocates the HTTP state memory and also creates the HTTP + * connection parser to be used by the HTP library + */ +static void *HTPStateAlloc(void) +{ + void *s = malloc(sizeof(HtpState)); + if (s == NULL) + return NULL; + + memset(s, 0, sizeof(HtpState)); + + /* create the connection parser structure to be used by HTP library */ + ((HtpState *)(s))->connp = htp_connp_create(cfg); + +#ifdef DEBUG + mutex_lock(&htp_state_mem_lock); + htp_state_memcnt++; + htp_state_memuse+=sizeof(HtpState); + mutex_unlock(&htp_state_mem_lock); +#endif + return s; +} + +/** \brief Function to frees the HTTP state memory and also frees the HTTP + * connection parser memory which was used by the HTP library + */ +static void HTPStateFree(void *s) +{ + /* free the connection parser memory used by HTP library */ + if (s != NULL) + if (((HtpState *)(s))->connp != NULL) + htp_connp_destroy(((HtpState *)(s))->connp); + + free(s); +#ifdef DEBUG + mutex_lock(&htp_state_mem_lock); + htp_state_memcnt--; + htp_state_memuse-=sizeof(HtpState); + mutex_unlock(&htp_state_mem_lock); +#endif +} + +/** + * \brief Function to handle the reassembled data from client and feed it to + * the HTP library to process it. + * + * \param htp_state Pointer the state in which the parsed value to be stored + * \param pstate Application layer parser state for this session + * \param input Pointer the received HTTP client data + * \param input_len Length in bytes of the received data + * \param output Pointer to the output (not used in this function) + * + * \retval On success returns 1 or on failure returns the HTTP error codes + */ +static int HTPHandleRequestData(void *htp_state, AppLayerParserState *pstate, + uint8_t *input, uint32_t input_len, + AppLayerParserResult *output) +{ + HtpState *hstate = (HtpState *)htp_state; + struct timeval tv; + + gettimeofday(&tv, NULL); + + if (htp_connp_req_data(hstate->connp, tv.tv_usec, input, input_len) == + HTP_ERROR) + { + return -101; + } + + return 1; +} + +/** + * \brief Function to handle the reassembled data from server and feed it to + * the HTP library to process it. + * + * \param htp_state Pointer the state in which the parsed value to be stored + * \param pstate Application layer parser state for this session + * \param input Pointer the received HTTP server data + * \param input_len Length in bytes of the received data + * \param output Pointer to the output (not used in this function) + * + * \retval On success returns 1 or on failure returns the HTTP error codes + */ +static int HTPHandleResponseData(void *htp_state, AppLayerParserState *pstate, + uint8_t *input, uint32_t input_len, + AppLayerParserResult *output) +{ + HtpState *hstate = (HtpState *)htp_state; + struct timeval tv; + + gettimeofday(&tv, NULL); + + if (htp_connp_res_data(hstate->connp, tv.tv_usec, input, input_len) == + HTP_ERROR) + { + return -102; + } + + return 1; +} + +/** + * \brief Register the HTTP protocol and state handling functions to APP layer + * of the engine. + */ +void RegisterHTPParsers(void) +{ + + AppLayerRegisterStateFuncs(ALPROTO_HTTP, HTPStateAlloc, HTPStateFree); + + AppLayerRegisterProto("http", ALPROTO_HTTP, STREAM_TOSERVER, + HTPHandleRequestData); + AppLayerRegisterProto("http", ALPROTO_HTTP, STREAM_TOCLIENT, + HTPHandleResponseData); + + cfg = htp_config_create(); +} + +/** \test Test case where chunks are sent in smaller chunks and check the + * response of the parser from HTP library. */ +int HTPParserTest01(void) { + int result = 1; + Flow f; + uint8_t httpbuf1[] = "POST / HTTP/1.1\r\nUser-Agent: Victor/1.0\r\n\r\nPost" + " Data is c0oL!"; + uint32_t httplen1 = sizeof(httpbuf1) - 1; /* minus the \0 */ + TcpSession ssn; + int r = 0; + memset(&f, 0, sizeof(f)); + memset(&ssn, 0, sizeof(ssn)); + StreamL7DataPtrInit(&ssn,StreamL7GetStorageSize()); + f.protoctx = (void *)&ssn; + + uint32_t u; + for (u = 0; u < httplen1; u++) { + uint8_t flags = 0; + + if (u == 0) flags = STREAM_TOSERVER|STREAM_START; + else if (u == (httplen1 - 1)) flags = STREAM_TOSERVER|STREAM_EOF; + else flags = STREAM_TOSERVER; + + r = AppLayerParse(&f, ALPROTO_HTTP, flags, &httpbuf1[u], 1, FALSE); + if (r != 0) { + printf("toserver chunk %" PRIu32 " returned %" PRId32 ", expected" + " 0: ", u, r); + result = 0; + goto end; + } + } + + HtpState *htp_state = ssn.aldata[AlpGetStateIdx(ALPROTO_HTTP)]; + if (htp_state == NULL) { + printf("no http state: "); + result = 0; + goto end; + } + + htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0); + + bstr *key = NULL; + htp_header_t *h = NULL; + table_iterator_reset(tx->request_headers); + key = table_iterator_next(tx->request_headers, (void **) & h); + + if (htp_state->connp == NULL || strcmp(bstr_tocstr(h->value), "Victor/1.0")) + { + printf("expected Victor/1.0 and got %s: \n", bstr_tocstr(h->value)); + result = 0; + goto end; + } + +end: + return result; +} + +/** + * \brief Register the Unit tests for the HTTP protocol + */ +void HTPParserRegisterTests(void) { +#ifdef UNITTESTS + UtRegisterTest("HTPParserTest01", HTPParserTest01, 1); +#endif /* UNITTESTS */ +} + diff --git a/src/app-layer-htp.h b/src/app-layer-htp.h new file mode 100644 index 0000000000..58fcfcb9c6 --- /dev/null +++ b/src/app-layer-htp.h @@ -0,0 +1,36 @@ +/* + * \file: app-layer-htp.h + * \author Gurvinder Singh + * + * Created on November 14, 2009, 12:48 AM + */ + +#ifndef _APP_LAYER_HTP_H +#define _APP_LAYER_HTP_H + +#include + +typedef enum { + HTTP_METHOD_UNKNOWN = 0, + HTTP_METHOD_GET, + HTTP_METHOD_POST, + /** \todo more.. */ +} HtpRequestMethod; + +typedef uint16_t HtpResponseCode; + +typedef struct HtpState_ { + HtpRequestMethod method; + + HtpResponseCode response_code; + + htp_connp_t *connp; /**< Connection parser structure for each connection */ + +} HtpState; + +htp_cfg_t *cfg; /**< Config structure for HTP library */ + +void RegisterHTPParsers(void); +void HTPParserRegisterTests(void); +#endif /* _APP_LAYER_HTP_H */ + diff --git a/src/app-layer-http.c b/src/app-layer-http.c index f3c5d2ac65..46f086ff60 100644 --- a/src/app-layer-http.c +++ b/src/app-layer-http.c @@ -407,7 +407,7 @@ static void HTTPStateFree(void *s) { #endif } -void RegisterHTTPParsers(void) { +/* void RegisterHTTPParsers(void) { AppLayerRegisterProto("http", ALPROTO_HTTP, STREAM_TOSERVER, HTTPParseRequest); AppLayerRegisterProto("http", ALPROTO_HTTP, STREAM_TOCLIENT, HTTPParseResponse); @@ -418,7 +418,7 @@ void RegisterHTTPParsers(void) { AppLayerRegisterParser("http.response.code", ALPROTO_HTTP, HTTP_FIELD_RESPONSE_CODE, HTTPParseResponseCode, "http.response_line"); AppLayerRegisterStateFuncs(ALPROTO_HTTP, HTTPStateAlloc, HTTPStateFree); -} +}*/ void HTTPAtExitPrintStats(void) { #ifdef DEBUG diff --git a/src/eidps.c b/src/eidps.c index 8a05972e65..70bd9b9ce3 100644 --- a/src/eidps.c +++ b/src/eidps.c @@ -62,6 +62,7 @@ #include "app-layer-tls.h" #include "app-layer-smb.h" #include "app-layer-dcerpc.h" +#include "app-layer-htp.h" #include "util-radix-tree.h" #include "util-host-os-info.h" @@ -398,7 +399,8 @@ int main(int argc, char **argv) /** \todo we need an api for these */ AppLayerDetectProtoThreadInit(); RegisterAppLayerParsers(); - RegisterHTTPParsers(); + //RegisterHTTPParsers(); + RegisterHTPParsers(); RegisterTLSParsers(); RegisterSMBParsers(); RegisterDCERPCParsers(); @@ -448,7 +450,8 @@ int main(int argc, char **argv) FlowBitRegisterTests(); SCPerfRegisterTests(); DecodePPPRegisterTests(); - HTTPParserRegisterTests(); + //HTTPParserRegisterTests(); + HTPParserRegisterTests(); TLSParserRegisterTests(); SMBParserRegisterTests(); DCERPCParserRegisterTests();