return rcvd_full_req_body;
}
+ void set_tunnel(bool tunnel)
+ {
+ is_tunnel = tunnel;
+ }
+
+ bool get_tunnel()
+ {
+ return is_tunnel;
+ }
protected:
void init_chp_match_descriptor(ChpMatchDescriptor& cmd);
uint32_t http2_stream_id = 0;
bool is_payload_processed = false;
bool rcvd_full_req_body = false;
+ bool is_tunnel = false;
};
#endif
if (tp_payload_app_id != APP_ID_HTTP_TUNNEL or get_session_flags(APPID_SESSION_HTTP_TUNNEL))
return;
+ AppIdHttpSession* hsession = get_http_session();
+ if (!hsession or !hsession->get_tunnel())
+ return;
+
if (appidDebug->is_active())
LogMessage("AppIdDbg %s Found HTTP Tunnel, restarting app Detection\n",
appidDebug->get_debug_session());
tmp_id = api.hsessions[0]->payload.get_id();
if (tmp_id > APP_ID_NONE)
{
- if (tmp_id == APP_ID_HTTP_TUNNEL and tp_payload_app_id > APP_ID_NONE)
- return tp_payload_app_id;
+ if (tmp_id == APP_ID_HTTP_TUNNEL)
+ {
+ if (api.payload.get_id() > APP_ID_NONE)
+ return api.payload.get_id();
+ else if (tp_payload_app_id > APP_ID_NONE)
+ return tp_payload_app_id;
+ }
else
return tmp_id;
}
#include "tp_appid_utils.h"
#include "tp_lib_handler.h"
+#define HTTP_CONNECT_RESPONSE_LEN 13
+
using namespace std;
using namespace snort;
hsession->process_http_packet(direction, change_bits, asd.get_odp_ctxt().get_http_matchers());
+ if (!hsession->get_tunnel() and (direction == APP_ID_FROM_RESPONDER)
+ and asd.get_tp_payload_app_id() == APP_ID_HTTP_TUNNEL)
+ {
+ if ((p->dsize >= HTTP_CONNECT_RESPONSE_LEN) and
+ !strncasecmp((const char*)p->data, "HTTP/1.1 200 ", HTTP_CONNECT_RESPONSE_LEN))
+ hsession->set_tunnel(true);
+ }
+
if (asd.get_tp_app_id() == APP_ID_HTTP and
!asd.get_session_flags(APPID_SESSION_APP_REINSPECT) and
asd.is_tp_appid_available())
projects / thirdparty / snort3.git / commitdiff
