static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
const DetectEngineTransforms *transforms, Flow *_f,
const uint8_t _flow_flags, void *txv, const int list_id);
+static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
+ const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv,
+ const int list_id);
/**
* \brief Registration function for keyword: http_stat_code
DetectAppLayerMpmRegister2("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister,
GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE);
+ DetectAppLayerInspectEngineRegister2("http_stat_code", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT,
+ HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2);
+
+ DetectAppLayerMpmRegister2("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister,
+ GetData2, ALPROTO_HTTP2, HTTP2StateDataServer);
+
DetectBufferTypeSetDescriptionByName("http_stat_code",
"http response status code");
{
if (DetectBufferSetActiveList(s, g_http_stat_code_buffer_id) < 0)
return -1;
- if (DetectSignatureSetAppProto(s, ALPROTO_HTTP1) < 0)
+ if (DetectSignatureSetAppProto(s, ALPROTO_HTTP) < 0)
return -1;
return 0;
}
return buffer;
}
+static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
+ const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv,
+ const int list_id)
+{
+ SCEnter();
+
+ InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
+ if (buffer->inspect == NULL) {
+ uint32_t b_len = 0;
+ const uint8_t *b = NULL;
+
+ if (rs_http2_tx_get_status(txv, &b, &b_len) != 1)
+ return NULL;
+ if (b == NULL || b_len == 0)
+ return NULL;
+
+ InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
+ InspectionBufferApplyTransforms(buffer, transforms);
+ }
+
+ return buffer;
+}
+
#ifdef UNITTESTS
#include "tests/detect-http-stat-code.c"
#endif /* UNITTESTS */
projects / thirdparty / suricata.git / commitdiff
