1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2016-2021 Cisco and/or its affiliates. All rights reserved. 3 // 4 // This program is free software; you can redistribute it and/or modify it 5 // under the terms of the GNU General Public License Version 2 as published 6 // by the Free Software Foundation. You may not use, modify or distribute 7 // this program under any other version of the GNU General Public License. 8 // 9 // This program is distributed in the hope that it will be useful, but 10 // WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 // General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License along 15 // with this program; if not, write to the Free Software Foundation, Inc., 16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 17 //-------------------------------------------------------------------------- 18 19 // http_events.h author Steve Chew <stechew@cisco.com> 20 // Inspection events published by the Http Inspector. Modules can subscribe 21 // to receive the events. 22 23 #ifndef HTTP_EVENTS_H 24 #define HTTP_EVENTS_H 25 26 #include "framework/data_bus.h" 27 28 // These are common values between the HTTP inspector and the subscribers. 29 #define HTTP_REQUEST_HEADER_EVENT_KEY "http_request_header_event" 30 #define HTTP_RESPONSE_HEADER_EVENT_KEY "http_response_header_event" 31 32 class HttpMsgHeader; 33 34 namespace snort 35 { 36 class SO_PUBLIC HttpEvent : public snort::DataEvent 37 { 38 public: HttpEvent(HttpMsgHeader * http_msg_header_,bool http2,uint32_t stream_id)39 HttpEvent(HttpMsgHeader* http_msg_header_, bool http2, uint32_t stream_id) : 40 http_msg_header(http_msg_header_), is_http2(http2), http2_stream_id(stream_id) { } 41 42 43 const uint8_t* get_content_type(int32_t &length); 44 const uint8_t* get_cookie(int32_t &length); 45 const uint8_t* get_authority(int32_t &length); 46 const uint8_t* get_uri_host(int32_t &length); 47 const uint8_t* get_location(int32_t &length); 48 const uint8_t* get_referer(int32_t &length); 49 const uint8_t* get_server(int32_t &length); 50 const uint8_t* get_trueip_addr(int32_t& length); 51 const uint8_t* get_uri(int32_t &length); 52 const uint8_t* get_user_agent(int32_t &length); 53 const uint8_t* get_via(int32_t &length); 54 const uint8_t* get_x_working_with(int32_t &length); 55 int32_t get_response_code(); 56 bool contains_webdav_method(); 57 bool get_is_http2() const; 58 uint32_t get_http2_stream_id() const; 59 60 private: 61 HttpMsgHeader* const http_msg_header; 62 bool is_http2 = false; 63 uint32_t http2_stream_id = 0; 64 65 const uint8_t* get_header(unsigned, uint64_t, int32_t&); 66 67 }; 68 } 69 #endif 70