hi_ui_config.h File Reference

This file contains the internal configuration structures for HttpInspect. More...

#include "hi_include.h"
#include "hi_util_kmap.h"

Go to the source code of this file.

Defines
#define	HI_UI_CONFIG_STATELESS   0
#define	HI_UI_CONFIG_STATEFUL   1
#define	HI_UI_CONFIG_MAX_PIPE   20
Typedefs
typedef KMAP	SERVER_LOOKUP
typedef s_HTTPINSPECT_CONF_OPT	HTTPINSPECT_CONF_OPT
typedef s_HTTPINSPECT_CONF	HTTPINSPECT_CONF
typedef s_HTTPINSPECT_GLOBAL_CONF	HTTPINSPECT_GLOBAL_CONF
Functions
int	hi_ui_config_init_global_conf (HTTPINSPECT_GLOBAL_CONF *GlobalConf)
int	hi_ui_config_default (HTTPINSPECT_GLOBAL_CONF *GlobalConf)
int	hi_ui_config_reset_global (HTTPINSPECT_GLOBAL_CONF *GlobalConf)
int	hi_ui_config_reset_server (HTTPINSPECT_CONF *ServerConf)
int	hi_ui_config_add_server (HTTPINSPECT_GLOBAL_CONF *GlobalConf, unsigned long ServerIP, HTTPINSPECT_CONF *ServerConf)
int	hi_ui_config_set_profile_apache (HTTPINSPECT_CONF *GlobalConf)
int	hi_ui_config_set_profile_iis (HTTPINSPECT_CONF *GlobalConf, int *)
int	hi_ui_config_set_profile_all (HTTPINSPECT_CONF *GlobalConf, int *)

---

Detailed Description

This file contains the internal configuration structures for HttpInspect.

Author:

Daniel Roelker <droelker@sourcefire.com>

This file holds the configuration constructs for the HttpInspect global configuration and the server configurations. It also contains the function prototypes for accessing server configurations.

Definition in file hi_ui_config.h.

---

Define Documentation

#define HI_UI_CONFIG_MAX_PIPE   20

Definition at line 25 of file hi_ui_config.h. Referenced by ProcessMaxPipeline().

#define HI_UI_CONFIG_STATEFUL   1

Definition at line 24 of file hi_ui_config.h. Referenced by hi_client_init(), hi_client_inspection(), hi_si_session_inspection(), and ProcessInspectType().

#define HI_UI_CONFIG_STATELESS   0

Definition at line 23 of file hi_ui_config.h. Referenced by hi_ui_config_default(), and ProcessInspectType().

---

Typedef Documentation

typedef struct s_HTTPINSPECT_CONF HTTPINSPECT_CONF

This is the configuration construct that holds the specific options for a server. Each unique server has it's own structure and there is a global structure for servers that don't have a unique configuration.

typedef struct s_HTTPINSPECT_CONF_OPT HTTPINSPECT_CONF_OPT

This structure simply holds a value for on/off and whether alert is on/off. Should be used for many configure options.

typedef struct s_HTTPINSPECT_GLOBAL_CONF HTTPINSPECT_GLOBAL_CONF

This is the configuration for the global HttpInspect configuration. It contains the global aspects of the configuration, a standard global default configuration, and server configurations.

typedef KMAP SERVER_LOOKUP

Defines a search type for the server configurations in the global configuration. We want this generic so we can change it easily if we change the search type. Definition at line 32 of file hi_ui_config.h.

---

Function Documentation

int hi_ui_config_add_server (  HTTPINSPECT_GLOBAL_CONF *  GlobalConf, unsigned long  ServerIP, HTTPINSPECT_CONF *  ServerConf )

Add a server config to the HttpInspect configuration. This function takes an IP address of a server and an HttpInspect configuration, and assigns the configuration to the IP address in a lookup table. Parameters: GlobalConf  pointer to the global configuration ServerIp  the IP address of the server (in network byte order) ServerConf  pointer to the server configuration Returns: integer Return values: HI_SUCCESS  function successful HI_MEM_ALLOC_FAIL  could not allocate memory HI_NON_FATAL_ERR  server has already been added Definition at line 376 of file hi_ui_config.c. References HI_SUCCESS, hi_ui_server_lookup_add(), and s_HTTPINSPECT_GLOBAL_CONF::server_lookup. Referenced by ProcessUniqueServerConf().

int hi_ui_config_default (  HTTPINSPECT_GLOBAL_CONF *  GlobalConf  )

This function sets the global and the global_server default configuration. In order to change the default configuration of HttpInspect, you must change this function. Parameters: GlobalConf  pointer to the global configuration structure Returns: integer Return values: HI_INVALID_ARG  Fatal Error. Undefined pointer to GlobalConf HI_MEM_ALLOC_FAIL  Fatal Error. Memory Allocation Failed Definition at line 81 of file hi_ui_config.c. References s_HTTPINSPECT_CONF_OPT::alert, s_HTTPINSPECT_CONF::apache_whitespace, s_HTTPINSPECT_CONF::ascii, s_HTTPINSPECT_CONF::chunk_length, s_HTTPINSPECT_CONF::directory, s_HTTPINSPECT_CONF::flow_depth, s_HTTPINSPECT_GLOBAL_CONF::global_server, HI_INVALID_ARG, HI_SUCCESS, HI_UI_CONFIG_STATELESS, s_HTTPINSPECT_CONF::iis_delimiter, s_HTTPINSPECT_GLOBAL_CONF::inspection_type, s_HTTPINSPECT_CONF::multiple_slash, s_HTTPINSPECT_CONF::non_strict, NULL, s_HTTPINSPECT_CONF_OPT::on, s_HTTPINSPECT_CONF::port_count, s_HTTPINSPECT_CONF::ports, s_HTTPINSPECT_CONF::utf_8, and s_HTTPINSPECT_CONF::webroot. Referenced by HttpInspectInit().

int hi_ui_config_init_global_conf (  HTTPINSPECT_GLOBAL_CONF *  GlobalConf  )

Initialize the HttpInspect global configuration. The main point of this function is to initialize the server lookup type. We also do things like memset, etc. Parameters: GlobalConf  pointer to the global configuration Returns: integer Return values: HI_SUCCESS  function successful HI_MEM_ALLOC_FAIL  could not allocate memory Definition at line 50 of file hi_ui_config.c. References HI_SUCCESS, hi_ui_server_lookup_init(), memset, and s_HTTPINSPECT_GLOBAL_CONF::server_lookup. Referenced by HttpInspectInit().

int hi_ui_config_reset_global (  HTTPINSPECT_GLOBAL_CONF *  GlobalConf  )

This function resets the global parameters, THIS IS NOT THE GLOBAL SERVER CONFIGURATION. Parameters: GlobalConf  pointer to the global configuration structure Returns: integer HI_SUCCESS function successful Definition at line 137 of file hi_ui_config.c. References HI_SUCCESS, s_HTTPINSPECT_GLOBAL_CONF::iis_unicode_map, and s_HTTPINSPECT_GLOBAL_CONF::inspection_type. Referenced by HttpInspectSnortConf().

int hi_ui_config_reset_server (  HTTPINSPECT_CONF *  ServerConf  )

This function resets a server construct. Parameters: ServerConf  pointer to the HTTPINSPECT_CONF structure Returns: integer HI_SUCCESS function successful Definition at line 158 of file hi_ui_config.c. References HI_SUCCESS, and memset. Referenced by hi_ui_config_set_profile_all(), hi_ui_config_set_profile_apache(), hi_ui_config_set_profile_iis(), HttpInspectSnortConf(), and ProcessUniqueServerConf().

int hi_ui_config_set_profile_all (  HTTPINSPECT_CONF *  ServerConf, int *  iis_unicode_map )

Set an HTTPINSPECT_CONF to catch all attacks and evasions. This basically turns on all the tricks and most of the alerts, so you won't miss anything that HttpInspect does. Parameters: ServerConf  pointer to structure HTTPINSPECT_CONF Returns: integer Return values: HI_SUCCESS  function successful HI_MEM_ALLOC_FAIL  memory allocation failed Definition at line 302 of file hi_ui_config.c. References s_HTTPINSPECT_CONF_OPT::alert, s_HTTPINSPECT_CONF::apache_whitespace, s_HTTPINSPECT_CONF::ascii, s_HTTPINSPECT_CONF::bare_byte, s_HTTPINSPECT_CONF::chunk_length, s_HTTPINSPECT_CONF::directory, s_HTTPINSPECT_CONF::double_decoding, s_HTTPINSPECT_CONF::flow_depth, HI_INVALID_ARG, HI_SUCCESS, hi_ui_config_reset_server(), s_HTTPINSPECT_CONF::iis_backslash, s_HTTPINSPECT_CONF::iis_delimiter, s_HTTPINSPECT_CONF::iis_unicode, s_HTTPINSPECT_CONF::iis_unicode_map, s_HTTPINSPECT_CONF::multiple_slash, s_HTTPINSPECT_CONF::non_strict, NULL, s_HTTPINSPECT_CONF_OPT::on, s_HTTPINSPECT_CONF::tab_uri_delimiter, s_HTTPINSPECT_CONF::u_encoding, and s_HTTPINSPECT_CONF::webroot. Referenced by ProcessProfile().

int hi_ui_config_set_profile_apache (  HTTPINSPECT_CONF *  ServerConf  )

Set an HTTPINSPECT_CONF to mimic apache configuration. This sets a server configuration to imitate an apache web server, and should reduce false positives against systems on which certain attacks or evasions do not work. We hope to still log an event, but one that is less priority. Parameters: ServerConf  pointer to structure HTTPINSPECT_CONF Returns: integer Return values: HI_SUCCESS  function successful HI_MEM_ALLOC_FAIL  memory allocation failed Definition at line 184 of file hi_ui_config.c. References s_HTTPINSPECT_CONF_OPT::alert, s_HTTPINSPECT_CONF::apache_whitespace, s_HTTPINSPECT_CONF::ascii, s_HTTPINSPECT_CONF::chunk_length, s_HTTPINSPECT_CONF::directory, s_HTTPINSPECT_CONF::flow_depth, HI_SUCCESS, hi_ui_config_reset_server(), s_HTTPINSPECT_CONF::multiple_slash, s_HTTPINSPECT_CONF::non_strict, s_HTTPINSPECT_CONF_OPT::on, s_HTTPINSPECT_CONF::tab_uri_delimiter, s_HTTPINSPECT_CONF::utf_8, and s_HTTPINSPECT_CONF::webroot. Referenced by ProcessProfile().

int hi_ui_config_set_profile_iis (  HTTPINSPECT_CONF *  ServerConf, int *  iis_unicode_map )

Set an HTTPINSPECT_CONF to mimic IIS configuration. This sets a server configuration to imitate an IIS web server, and should reduce false positives against systems on which certain attacks or evasions do not work. We hope to still log an event, but one that is less priority. Parameters: ServerConf  pointer to structure HTTPINSPECT_CONF Returns: integer Return values: HI_SUCCESS  function successful HI_MEM_ALLOC_FAIL  memory allocation failed Definition at line 234 of file hi_ui_config.c. References s_HTTPINSPECT_CONF_OPT::alert, s_HTTPINSPECT_CONF::apache_whitespace, s_HTTPINSPECT_CONF::ascii, s_HTTPINSPECT_CONF::bare_byte, s_HTTPINSPECT_CONF::chunk_length, s_HTTPINSPECT_CONF::directory, s_HTTPINSPECT_CONF::double_decoding, s_HTTPINSPECT_CONF::flow_depth, HI_INVALID_ARG, HI_SUCCESS, hi_ui_config_reset_server(), s_HTTPINSPECT_CONF::iis_backslash, s_HTTPINSPECT_CONF::iis_delimiter, s_HTTPINSPECT_CONF::iis_unicode, s_HTTPINSPECT_CONF::iis_unicode_map, s_HTTPINSPECT_CONF::multiple_slash, s_HTTPINSPECT_CONF::non_strict, NULL, s_HTTPINSPECT_CONF_OPT::on, s_HTTPINSPECT_CONF::u_encoding, and s_HTTPINSPECT_CONF::webroot. Referenced by ProcessProfile().

---