int hi_mi_mode_inspection(HI_SESSION *Session, int iInspectMode, Packet *p, HttpSessionData *hsd) { int iRet; if (!Session || !p->data || (p->dsize == 0)) return HI_INVALID_ARG; /* ** Depending on the mode, we inspect the packet differently. ** ** HI_SI_CLIENT_MODE: ** Inspect for HTTP client communication. ** ** HI_SI_SERVER_MODE: ** Inspect for HTTP server communication. */ if(iInspectMode == HI_SI_CLIENT_MODE) { #ifdef ENABLE_PAF if ( ScPafEnabled() ) iRet = hi_client_inspection((void *)Session, p->data, p->dsize, hsd, !PacketHasStartOfPDU(p)); else #endif iRet = hi_client_inspection((void *)Session, p->data, p->dsize, hsd, p->packet_flags & PKT_STREAM_INSERT); if (iRet) return iRet; } else if( hsd && iInspectMode == HI_SI_SERVER_MODE ) { iRet = hi_server_inspection((void *)Session, p, hsd); if (iRet) return iRet; } else { /* ** We only get here if the inspection mode is different, then ** the defines, which we should never get here. In case we do ** then we return non-fatal error. */ return HI_NONFATAL_ERR; } return HI_SUCCESS; }
int hi_mi_mode_inspection(HI_SESSION *Session, int iInspectMode, u_char *data, int dsize) { int iRet; if(!Session || !data || dsize < 0) { return HI_INVALID_ARG; } /* ** Depending on the mode, we inspect the packet differently. ** ** HI_SI_NO_MODE: ** This means that the packet is neither an HTTP client or server, ** so we can do what we want with the packet, like look for rogue ** HTTP servers or HTTP tunneling. ** ** HI_SI_CLIENT_MODE: ** Inspect for HTTP client communication. ** ** HI_SI_SERVER_MODE: ** Inspect for HTTP server communication. */ if(iInspectMode == HI_SI_NO_MODE) { /* ** Let's look for rogue HTTP servers and stuff */ if((iRet = hi_server_anomaly_detection(Session, data, dsize))) { return iRet; } } else if(iInspectMode == HI_SI_CLIENT_MODE) { if((iRet = hi_client_inspection((void *)Session, data, dsize))) { return iRet; } } else if(iInspectMode == HI_SI_SERVER_MODE) { if((iRet = hi_server_inspection((void *)Session, data, dsize))) { return iRet; } } else { /* ** We only get here if the inspection mode is different, then ** the defines, which we should never get here. In case we do ** then we return non-fatal error. */ return HI_NONFATAL_ERR; } return HI_SUCCESS; }