HTP
0.5
|
#include <htp.h>
Represents a single HTTP transaction, which is a combination of a request and a response.
htp_cfg_t* htp_tx_t::cfg |
The configuration structure associated with this transaction.
htp_conn_t* htp_tx_t::conn |
The connection to which this transaction belongs.
htp_connp_t* htp_tx_t::connp |
The connection parser associated with this transaction.
uint64_t htp_tx_t::flags |
Parsing flags; a combination of: HTP_REQUEST_INVALID_T_E, HTP_INVALID_FOLDING, HTP_REQUEST_SMUGGLING, HTP_MULTI_PACKET_HEAD, and HTP_FIELD_UNPARSEABLE.
htp_hook_t* htp_tx_t::hook_request_body_data |
Transaction-specific REQUEST_BODY_DATA hook. Behaves as the configuration hook with the same name.
htp_hook_t* htp_tx_t::hook_response_body_data |
Transaction-specific RESPONSE_BODY_DATA hook. Behaves as the configuration hook with the same name.
size_t htp_tx_t::index |
Transaction index on the connection.
int htp_tx_t::is_config_shared |
Is the configuration structure shared with other transactions or connections? If this field is set to HTP_CONFIG_PRIVATE, the transaction owns the configuration.
int htp_tx_t::is_protocol_0_9 |
Is this request using HTTP/0.9? We need a separate field for this purpose because the protocol version alone is not sufficient to determine if HTTP/0.9 is used. For example, if you submit "GET / HTTP/0.9" to Apache, it will not treat the request as HTTP/0.9.
htp_uri_t* htp_tx_t::parsed_uri |
This structure holds the individual components parsed out of the request URI, with appropriate normalization and transformation applied, per configuration. No information is added. In extreme cases when no URI is provided on the request line, all fields will be NULL. (Well, except for port_number, which will be -1.) To inspect raw data, use htp_tx_t::request_uri or htp_tx_t::parsed_uri_raw.
htp_uri_t* htp_tx_t::parsed_uri_raw |
This structure holds the individual components parsed out of the request URI, but without any modification. The purpose of this field is to allow you to look at the data as it was supplied on the request line. Fields can be NULL, depending on what data was supplied. The port_number field is always -1.
bstr* htp_tx_t::request_auth_password |
Authentication password. Available only when htp_tx_t::request_auth_type is HTP_AUTH_BASIC.
enum htp_auth_type_t htp_tx_t::request_auth_type |
Authentication type used in the request.
bstr* htp_tx_t::request_auth_username |
Authentication username.
enum htp_content_encoding_t htp_tx_t::request_content_encoding |
Request body compression.
int64_t htp_tx_t::request_content_length |
Contains the value specified in the Content-Length header. The value of this field will be -1 from the beginning of the transaction and until request headers are processed. It will stay -1 if the C-L header was not provided, or if the value in it cannot be parsed.
bstr* htp_tx_t::request_content_type |
This field contain the request content type when that information is available in request headers. The contents of the field will be converted to lowercase and any parameters (e.g., character set information) removed.
htp_table_t* htp_tx_t::request_cookies |
Request cookies
int64_t htp_tx_t::request_entity_len |
The length of the request entity-body. In most cases, this value will be the same as request_message_len. The values will be different if request compression or chunking were applied. In that case, request_message_len contains the length of the request body as it has been seen over TCP; request_entity_len contains length after de-chunking and decompression.
htp_table_t* htp_tx_t::request_headers |
Parsed request headers.
bstr* htp_tx_t::request_hostname |
Request hostname. Per the RFC, the hostname will be taken from the Host header when available. If the host information is also available in the URI, it is used instead of whatever might be in the Host header. Can be NULL. This field does not contain port information.
unsigned int htp_tx_t::request_ignored_lines |
Contains a count of how many empty lines were skipped before the request line.
bstr* htp_tx_t::request_line |
The first line of this request.
int64_t htp_tx_t::request_message_len |
The length of the request message-body. In most cases, this value will be the same as request_entity_len. The values will be different if request compression or chunking were applied. In that case, request_message_len contains the length of the request body as it has been seen over TCP; request_entity_len contains length after de-chunking and decompression.
bstr* htp_tx_t::request_method |
Request method.
enum htp_method_t htp_tx_t::request_method_number |
Request method, as number. Available only if we were able to recognize the request method.
htp_mpartp_t* htp_tx_t::request_mpartp |
Request body MULTIPART parser. Available only when the body is in the multipart/form-data format and the parser was configured to run.
htp_table_t* htp_tx_t::request_params |
Request parameters.
int htp_tx_t::request_port_number |
Request port number, if presented. The rules for htp_tx_t::request_host apply. Set to -1 by default.
enum htp_tx_req_progress_t htp_tx_t::request_progress |
Request progress.
bstr* htp_tx_t::request_protocol |
Request protocol, as text. Can be NULL if no protocol was specified.
int htp_tx_t::request_protocol_number |
Protocol version as a number. Multiply the high version number by 100, then add the low version number. You should prefer to work the pre-defined HTP_PROTOCOL_* constants.
enum htp_transfer_coding_t htp_tx_t::request_transfer_coding |
Request transfer coding. Can be one of HTP_CODING_UNKNOWN (body presence not determined yet), HTP_CODING_IDENTITY, HTP_CODING_CHUNKED, HTP_CODING_NO_BODY, and HTP_CODING_UNRECOGNIZED.
bstr* htp_tx_t::request_uri |
Request URI, raw, as given to us on the request line. This field can take different forms, for example authority for CONNECT methods, absolute URIs for proxy requests, and the query string when one is provided. Use htp_tx_t::parsed_uri if you need to access to specific URI elements. Can be NULL if the request line contains only a request method (which is an extreme case of HTTP/0.9, but passes in practice.
htp_urlenp_t* htp_tx_t::request_urlenp_body |
Request body URLENCODED parser. Available only when the request body is in the application/x-www-form-urlencoded format and the parser was configured to run.
htp_urlenp_t* htp_tx_t::request_urlenp_query |
Query string URLENCODED parser. Available only when the query string is not NULL and not empty.
enum htp_content_encoding_t htp_tx_t::response_content_encoding |
Response body compression, which indicates if compression is used for the response body. This field is an interpretation of the information available in response headers.
enum htp_content_encoding_t htp_tx_t::response_content_encoding_processing |
Response body compression processing information, which is related to how the library is going to process (or has processed) a response body. Changing this field mid-processing can influence library actions. For example, setting this field to HTP_COMPRESSION_NONE in a RESPONSE_HEADERS callback will prevent decompression.
int64_t htp_tx_t::response_content_length |
Contains the value specified in the Content-Length header. The value of this field will be -1 from the beginning of the transaction and until response headers are processed. It will stay -1 if the C-L header was not provided, or if the value in it cannot be parsed.
bstr* htp_tx_t::response_content_type |
This field will contain the response content type when that information is available in response headers. The contents of the field will be converted to lowercase and any parameters (e.g., character set information) removed.
int64_t htp_tx_t::response_entity_len |
The length of the response entity-body. In most cases, this value will be the same as response_message_len. The values will be different if request compression or chunking were applied. In that case, response_message_len contains the length of the response body as it has been seen over TCP; response_entity_len contains length after de-chunking and decompression.
htp_table_t* htp_tx_t::response_headers |
Parsed response headers. Contains instances of htp_header_t.
unsigned int htp_tx_t::response_ignored_lines |
How many empty lines did we ignore before reaching the status line?
bstr* htp_tx_t::response_line |
Response line.
bstr* htp_tx_t::response_message |
The message associated with the response status code. Can be NULL.
int64_t htp_tx_t::response_message_len |
The length of the response message-body. In most cases, this value will be the same as response_entity_len. The values will be different if response compression or chunking were applied. In that case, response_message_len contains the length of the response body as it has been seen over TCP; response_entity_len contains the length after de-chunking and decompression.
enum htp_tx_res_progress_t htp_tx_t::response_progress |
Response progress.
bstr* htp_tx_t::response_protocol |
Response protocol, as text. Can be NULL.
int htp_tx_t::response_protocol_number |
Response protocol as number. Available only if we were able to parse the protocol version, HTP_PROTOCOL_INVALID otherwise. HTP_PROTOCOL_UNKNOWN until parsing is attempted.
bstr* htp_tx_t::response_status |
Response status code, as text. Starts as NULL and can remain NULL on an invalid response that does not specify status code.
int htp_tx_t::response_status_expected_number |
This field is set by the protocol decoder with it thinks that the backend server will reject a request with a particular status code.
int htp_tx_t::response_status_number |
Response status code, available only if we were able to parse it, HTP_STATUS_INVALID otherwise. HTP_STATUS_UNKNOWN until parsing is attempted.
enum htp_transfer_coding_t htp_tx_t::response_transfer_coding |
Response transfer coding, which indicates if there is a response body, and how it is transported (e.g., as-is, or chunked).
int htp_tx_t::seen_100continue |
Have we seen the server respond with a 100 response?
void* htp_tx_t::user_data |
The user data associated with this transaction.