#include "payload_injector/payload_injector_module.h"
#include "profiler/profiler.h"
#include "protocols/packet.h"
+#include "service_inspectors/http2_inspect/http2_flow_data.h"
#include "utils/util.h"
#include "utils/util_cstring.h"
using namespace snort;
+using namespace HttpCommon;
+using namespace Http2Enums;
#define s_name "react"
{
if ( page.empty())
{
- resp_buf = DEFAULT_HTTP + std::to_string(sizeof(DEFAULT_HTML));
+ resp_buf = DEFAULT_HTTP + std::to_string(strlen(DEFAULT_HTML));
resp_buf.append("\r\n\r\n");
resp_buf.append(DEFAULT_HTML);
}
InjectionControl control;
control.http_page = (const uint8_t*)config->get_resp_buf();
control.http_page_len = config->get_buf_len();
+ if (p->flow && p->flow->gadget &&
+ (strcmp(p->flow->gadget->get_name(), "http2_inspect") == 0))
+ {
+ Http2FlowData* const session_data =
+ (Http2FlowData*)p->flow->get_flow_data(Http2FlowData::inspector_id);
+ assert(session_data != nullptr);
+ const SourceId source_id = p->is_from_client() ? SRC_CLIENT : SRC_SERVER;
+ if (session_data != nullptr)
+ {
+ control.stream_id = session_data->get_current_stream_id(source_id);
+ assert(control.stream_id != NO_STREAM_ID);
+ }
+ }
InjectionReturnStatus status = PayloadInjectorModule::inject_http_payload(p, control);
#ifdef DEBUG_MSGS
if (status != INJECTION_SUCCESS)
{ ERR_TRANSLATED_HDRS_SIZE,
"HTTP/2 translated header size is bigger than expected. Update max size." },
{ ERR_HTTP2_BODY_SIZE, "HTTP/2 body is > 16k. Currently not supported." },
- { ERR_HTTP2_EVEN_STREAM_ID, "HTTP/2 - injection to server initiated stream" }
+ { ERR_HTTP2_EVEN_STREAM_ID, "HTTP/2 - injection to server initiated stream" },
+ { ERR_PKT_FROM_SERVER, "Packet is from server" }
};
bool PayloadInjectorModule::configured = false;
if (configured)
{
- EncodeFlags df = (p->packet_flags & PKT_FROM_SERVER) ? ENC_FLAG_FWD : 0;
- df |= ENC_FLAG_RST_SRVR; // Send RST to server.
-
- if (p->packet_flags & PKT_STREAM_EST)
+ if (p->packet_flags & PKT_FROM_SERVER)
+ status = ERR_PKT_FROM_SERVER;
+ else
{
- if (!p->flow)
- status = ERR_UNIDENTIFIED_PROTOCOL;
- else if (!p->flow->gadget || strcmp(p->flow->gadget->get_name(),"http_inspect") == 0)
+ EncodeFlags df = ENC_FLAG_RST_SRVR; // Send RST to server.
+
+ if (p->packet_flags & PKT_STREAM_EST)
{
- payload_injector_stats.http_injects++;
- p->active->send_data(p, df, control.http_page, control.http_page_len);
+ if (!p->flow)
+ status = ERR_UNIDENTIFIED_PROTOCOL;
+ else if (!p->flow->gadget || strcmp(p->flow->gadget->get_name(),"http_inspect") ==
+ 0)
+ {
+ payload_injector_stats.http_injects++;
+ p->active->send_data(p, df, control.http_page, control.http_page_len);
+ }
+ else if (strcmp(p->flow->gadget->get_name(),"http2_inspect") == 0)
+ status = inject_http2_payload(p, control, df);
+ else
+ status = ERR_UNIDENTIFIED_PROTOCOL;
}
- else if (strcmp(p->flow->gadget->get_name(),"http2_inspect") == 0)
- status = inject_http2_payload(p, control, df);
else
- status = ERR_UNIDENTIFIED_PROTOCOL;
+ status = ERR_STREAM_NOT_ESTABLISHED;
}
- else
- status = ERR_STREAM_NOT_ESTABLISHED;
}
else
status = ERR_INJECTOR_NOT_CONFIGURED;
ERR_HTTP2_MID_FRAME = -6,
ERR_TRANSLATED_HDRS_SIZE = -7,
ERR_HTTP2_BODY_SIZE = -8,
- ERR_HTTP2_EVEN_STREAM_ID = -9
+ ERR_HTTP2_EVEN_STREAM_ID = -9,
+ ERR_PKT_FROM_SERVER = -10,
// Update InjectionErrorToString when adding/removing error codes
};
delete flow.gadget;
}
+TEST(payload_injector_test, http2_pkt_from_srvr)
+{
+ mod.set_configured(true);
+ Packet p(false);
+ p.packet_flags = PKT_FROM_SERVER;
+ flow.gadget = new MockInspector();
+ p.flow = &flow;
+ InjectionReturnStatus status = mod.inject_http_payload(&p, control);
+ CHECK(status == ERR_PKT_FROM_SERVER);
+ CHECK(flow.flow_state == Flow::FlowState::BLOCK);
+ delete flow.gadget;
+}
+
TEST_GROUP(payload_injector_translate_err_test)
{
PayloadInjectorModule mod;
class HttpInspect;
class HttpStreamSplitter;
-class Http2FlowData : public snort::FlowData
+class SO_PUBLIC Http2FlowData : public snort::FlowData
{
public:
Http2FlowData(snort::Flow* flow_);
projects / thirdparty / snort3.git / commitdiff
