From 001f91056e6a10cfdac0e30c716ba3f76ba6cc09 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Thu, 11 Nov 2010 11:35:21 +0100
Subject: [PATCH] Add http_raw_header as an alias to the http_header keyword as
 that actually inspects the raw headers (see issue #243). Closes issue #242.

---
 src/detect-http-header.c | 19 +++++++++++++++++++
 src/detect-http-header.h |  1 +
 src/detect.c             |  1 +
 src/detect.h             |  1 +
 4 files changed, 22 insertions(+)

diff --git a/src/detect-http-header.c b/src/detect-http-header.c
index e3446c5a26..215f97e4d4 100644
--- a/src/detect-http-header.c
+++ b/src/detect-http-header.c
@@ -21,6 +21,8 @@
  * \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
  *
  * Implements support for the http_header keyword
+ *
+ * \todo this is actually the raw match
  */
 
 #include "suricata-common.h"
@@ -74,6 +76,23 @@ void DetectHttpHeaderRegister(void)
     sigmatch_table[DETECT_AL_HTTP_HEADER].flags |= SIGMATCH_PAYLOAD ;
 }
 
+/**
+ * \brief Registers the keyword handlers for the "http_raw_header" keyword.
+ */
+void DetectHttpRawHeaderRegister(void)
+{
+    sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].name = "http_raw_header";
+    sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Match = NULL;
+    sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].AppLayerMatch = DetectHttpHeaderMatch;
+    sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].alproto = ALPROTO_HTTP;
+    sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Setup = DetectHttpHeaderSetup;
+    sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Free  = DetectHttpHeaderFree;
+    //sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].RegisterTests = DetectHttpHeaderRegisterTests;
+    sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].RegisterTests = NULL;
+
+    sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].flags |= SIGMATCH_PAYLOAD ;
+}
+
 /**
  * \brief App layer match function for the "http_header" keyword.
  *
diff --git a/src/detect-http-header.h b/src/detect-http-header.h
index 6044515654..26f91ead34 100644
--- a/src/detect-http-header.h
+++ b/src/detect-http-header.h
@@ -38,5 +38,6 @@ typedef struct DetectHttpHeaderData_ {
 } DetectHttpHeaderData;
 
 void DetectHttpHeaderRegister(void);
+void DetectHttpRawHeaderRegister(void);
 
 #endif /* __DETECT_HTTP_HEADER_H__ */
diff --git a/src/detect.c b/src/detect.c
index 9b438094da..215b3141fc 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -3718,6 +3718,7 @@ void SigTableSetup(void) {
     DetectUrilenRegister();
     DetectDetectionFilterRegister();
     DetectHttpHeaderRegister();
+    DetectHttpRawHeaderRegister();
     DetectHttpClientBodyRegister();
     DetectHttpUriRegister();
     DetectAsn1Register();
diff --git a/src/detect.h b/src/detect.h
index 8e0092732e..6eb39b5ea4 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -876,6 +876,7 @@ enum {
     DETECT_AL_URILEN,
     DETECT_AL_HTTP_CLIENT_BODY,
     DETECT_AL_HTTP_HEADER,
+    DETECT_AL_HTTP_RAW_HEADER,
     DETECT_AL_HTTP_URI,
     DETECT_AL_HTTP_STAT_MSG,
     DETECT_AL_HTTP_STAT_CODE,