hi_eo_log.h File Reference

#include "hi_include.h"
#include "hi_si.h"
#include "hi_return_codes.h"

Go to the source code of this file.

Functions
static INLINE int	hi_eo_generate_event (HI_SESSION *Session, int iAlert)
int	hi_eo_client_event_log (HI_SESSION *Session, int iEvent, void *data, void(*free_data)(void *))
int	hi_eo_anom_server_event_log (HI_SESSION *Session, int iEvent, void *data, void(*free_data)(void *))

---

Function Documentation

int hi_eo_anom_server_event_log (  HI_SESSION *  Session, int  iEvent, void *  data, void(*)(void *)  free_data )

This routine logs anomalous server events to the event queue. Parameters: Session  pointer to the HttpInspect session iEvent  the event id for the client data  pointer to the user data of the event free_data  pointer to a function to free the user data Returns: integer Return values: HI_SUCCESS  function successful HI_INVALID_ARG  invalid arguments Definition at line 90 of file hi_eo_log.c. References s_HI_SESSION::anom_server, s_HI_EVENT::count, s_HI_EVENT::data, s_HI_EVENT::event_info, s_HI_ANOM_SERVER::event_list, s_HI_ANOM_SERVER_EVENTS::events, s_HI_EVENT::free_data, HI_EO_ANOM_SERVER_EVENT_NUM, HI_INVALID_ARG, HI_SUCCESS, s_HI_ANOM_SERVER_EVENTS::stack, and s_HI_ANOM_SERVER_EVENTS::stack_count. Referenced by hi_server_anomaly_detection().

int hi_eo_client_event_log (  HI_SESSION *  Session, int  iEvent, void *  data, void(*)(void *)  free_data )

This function logs client events during HttpInspect processing. The idea behind this event logging is modularity, but at the same time performance. We accomplish this utilizing an optimized stack as an index into the client event array, instead of walking a list for already logged events. The problem here is that we can't just log every event that we've already seen, because this opens us up to a DOS. So by using this method, we can quickly check if an event has already been logged and deal appropriately. Parameters: Session  pointer to the HttpInspect session iEvent  the event id for the client data  pointer to the user data of the event free_data  pointer to a function to free the user data Returns: integer Return values: HI_SUCCESS  function successful HI_INVALID_ARG  invalid arguments Definition at line 166 of file hi_eo_log.c. References s_HI_SESSION::client, s_HI_EVENT::count, s_HI_EVENT::data, s_HI_EVENT::event_info, s_HI_CLIENT::event_list, s_HI_CLIENT_EVENTS::events, s_HI_EVENT::free_data, HI_EO_CLIENT_EVENT_NUM, HI_INVALID_ARG, HI_SUCCESS, s_HI_CLIENT_EVENTS::stack, and s_HI_CLIENT_EVENTS::stack_count. Referenced by CheckChunkEncoding(), CheckLongDir(), DirNorm(), DirTrav(), DoubleDecode(), find_non_rfc_delimiter(), GetChar(), GetDecodedByte(), hi_norm_uri(), InspectUriChar(), NextNonWhiteSpace(), PercentDecode(), StatelessInspection(), UDecode(), and UTF8Decode().

static INLINE int hi_eo_generate_event (  HI_SESSION *  Session, int  iAlert )  [static]

Definition at line 8 of file hi_eo_log.h. References HI_BOOL_FALSE, HI_BOOL_TRUE, s_HTTPINSPECT_CONF::no_alerts, and s_HI_SESSION::server_conf. Referenced by CheckChunkEncoding(), CheckLongDir(), DirNorm(), DirTrav(), DoubleDecode(), find_non_rfc_delimiter(), GetChar(), GetDecodedByte(), hi_norm_uri(), InspectUriChar(), NextNonWhiteSpace(), PercentDecode(), StatelessInspection(), UDecode(), and UTF8Decode().

---