set ( DP_APPID_SOURCES
detector_plugins/detector_dns.cc
detector_plugins/detector_dns.h
- detector_plugins/detector_http.cc
- detector_plugins/detector_http.h
detector_plugins/detector_imap.cc
detector_plugins/detector_imap.h
detector_plugins/detector_kerberos.cc
if (asd->service.get_id() == APP_ID_HTTP)
{
+ if (http_event->get_is_http2() && http_event->get_http2_stream_id() != 0)
+ {
+ asd->service.set_id(APP_ID_HTTP2, asd->ctxt.get_odp_ctxt());
+ }
asd->set_application_ids(asd->pick_service_app_id(), asd->pick_client_app_id(),
asd->pick_payload_app_id(), asd->pick_misc_app_id(), change_bits);
}
#include "client_app_timbuktu.h"
#include "client_app_tns.h"
#include "client_app_vnc.h"
-#include "detector_plugins/detector_http.h"
#include "detector_plugins/detector_imap.h"
#include "detector_plugins/detector_kerberos.h"
#include "detector_plugins/detector_pattern.h"
new AimClientDetector(this);
new BitClientDetector(this);
new BitTrackerClientDetector(this);
- new HttpClientDetector(this);
new ImapClientDetector(this);
new KerberosClientDetector(this);
new MsnClientDetector(this);
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
-// Copyright (C) 2005-2013 Sourcefire, Inc.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-
-// detector_http.cc author Sourcefire Inc.
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "detector_http.h"
-
-// Start of HTTP/2 detection logic.
-//
-// This is intended to simply detect the presence of HTTP version 2 as a
-// service protocol if it is seen (unencrypted) on non-std ports. That way, we
-// can notify Snort for future reference. this covers the "with prior
-// knowledge" case for HTTP/2 (i.e., the client knows the server supports
-// HTTP/2 and jumps right in with the preface).
-
-static const char HTTP2_PREFACE[] = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n";
-#define HTTP2_PREFACE_LEN (sizeof(HTTP2_PREFACE) - 1)
-#define HTTP2_PREFACE_MAXPOS (sizeof(HTTP2_PREFACE)-2)
-
-static HttpServiceDetector* http_service_detector;
-
-HttpClientDetector::HttpClientDetector(ClientDiscovery* cdm)
-{
- handler = cdm;
- name = "HTTP";
- proto = IpProtocol::TCP;
- minimum_matches = 1;
-
- tcp_patterns =
- {
- { (const uint8_t*)HTTP2_PREFACE, HTTP2_PREFACE_LEN, 0, 0, APP_ID_HTTP }
- };
-
- appid_registry =
- {
- { APP_ID_HTTP, 0 }
- };
-
- handler->register_detector(name, this, proto);
-}
-
-
-int HttpClientDetector::validate(AppIdDiscoveryArgs& args)
-{
- add_app(args.asd, APP_ID_HTTP, APP_ID_HTTP + GENERIC_APP_OFFSET, nullptr, args.change_bits);
- args.asd.client_disco_state = APPID_DISCO_STATE_FINISHED;
- http_service_detector->add_service(args.change_bits, args.asd, args.pkt,
- args.dir, APP_ID_HTTP);
- args.asd.service_disco_state = APPID_DISCO_STATE_FINISHED;
- args.asd.set_session_flags(APPID_SESSION_CLIENT_DETECTED | APPID_SESSION_SERVICE_DETECTED);
- args.asd.clear_session_flags(APPID_SESSION_CONTINUE);
- args.asd.is_http2 = true;
-
- return APPID_SUCCESS;
-}
-
-HttpServiceDetector::HttpServiceDetector(ServiceDiscovery* sd)
-{
- http_service_detector = this;
-
- handler = sd;
- name = "HTTP";
- proto = IpProtocol::TCP;
- detectorType = DETECTOR_TYPE_DECODER;
-
- appid_registry =
- {
- { APP_ID_HTTP, 0 }
- };
-
- handler->register_detector(name, this, proto);
-}
-
-
-int HttpServiceDetector::validate(AppIdDiscoveryArgs&)
-{
- return APPID_INPROCESS;
-}
-
-// End of HTTP/2 detection logic.
-
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
-// Copyright (C) 2005-2013 Sourcefire, Inc.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-
-// detector_http.h author Sourcefire Inc.
-
-#ifndef DETECTOR_HTTP_H
-#define DETECTOR_HTTP_H
-
-#include "client_plugins/client_detector.h"
-#include "service_plugins/service_detector.h"
-
-class HttpClientDetector : public ClientDetector
-{
-public:
- HttpClientDetector(ClientDiscovery*);
-
- int validate(AppIdDiscoveryArgs&) override;
-};
-
-class HttpServiceDetector : public ServiceDetector
-{
-public:
- HttpServiceDetector(ServiceDiscovery*);
-
- int validate(AppIdDiscoveryArgs&) override;
-};
-
-#endif
-
#include "appid_inspector.h"
#include "client_plugins/client_discovery.h"
#include "detector_plugins/detector_dns.h"
-#include "detector_plugins/detector_http.h"
#include "detector_plugins/detector_pattern.h"
#include "detector_plugins/detector_sip.h"
#include "detector_plugins/http_url_patterns.h"
#include "lua_detector_util.h"
#include "lua_detector_api.h"
#include "lua_detector_flow_api.h"
-#include "detector_plugins/detector_http.h"
#include "utils/util.h"
#include "utils/sflsq.h"
#include "log/messages.h"
#include "appid_dns_session.h"
#include "appid_session.h"
#include "detector_plugins/detector_dns.h"
-#include "detector_plugins/detector_http.h"
#include "detector_plugins/detector_imap.h"
#include "detector_plugins/detector_kerberos.h"
#include "detector_plugins/detector_pattern.h"
new DnsUdpServiceDetector(this);
new FlapServiceDetector(this);
new FtpServiceDetector(this);
- new HttpServiceDetector(this);
new ImapServiceDetector(this);
new IrcServiceDetector(this);
new KerberosServiceDetector(this);
return true;
}
+bool HttpEvent::get_is_http2() const
+{
+ return false;
+}
+
+uint32_t HttpEvent::get_http2_stream_id() const
+{
+ return 0;
+}
+
Flow* flow = nullptr;
AppIdSession* mock_session = nullptr;
projects / thirdparty / snort3.git / commitdiff
