#include "main/snort_config.h"
#include "main/snort_debug.h"
#include "packet_io/active.h"
-#include "payload_injector/payload_injector_module.h"
+#include "payload_injector/payload_injector.h"
#include "profiler/profiler.h"
#include "protocols/packet.h"
#include "service_inspectors/http2_inspect/http2_flow_data.h"
assert(control.stream_id != NO_STREAM_ID);
}
}
- InjectionReturnStatus status = PayloadInjectorModule::inject_http_payload(p, control);
+ InjectionReturnStatus status = PayloadInjector::inject_http_payload(p, control);
#ifdef DEBUG_MSGS
if (status != INJECTION_SUCCESS)
debug_logf(react_trace, nullptr, "Injection error: %s\n",
- PayloadInjectorModule::get_err_string(status));
+ PayloadInjector::get_err_string(status));
#else
UNUSED(status);
#endif
#include "packet_io/sfdaq_config.h"
#include "parser/parser.h"
#include "parser/vars.h"
+#include "payload_injector/payload_injector_config.h"
#include "ports/rule_port_tables.h"
#include "profiler/profiler.h"
#include "protocols/packet.h"
delete so_rules;
if ( plugins )
delete plugins;
+ delete payload_injector_config;
clear_reload_resource_tuner_list();
trim_heap();
struct IpsActionsConfig;
struct LatencyConfig;
struct MemoryConfig;
+struct PayloadInjectorConfig;
struct Plugins;
struct PORT_RULE_MAP;
struct RateFilterConfig;
// various modules
FastPatternConfig* fast_pattern_config = nullptr;
EventQueueConfig* event_queue_config = nullptr;
+ PayloadInjectorConfig* payload_injector_config = nullptr;
/* policy specific? */
ThresholdConfig* threshold_config = nullptr;
set (PAYLOAD_INJECTOR_INCLUDES
- payload_injector_module.h
+ payload_injector.h
)
add_library ( payload_injector OBJECT
${PAYLOAD_INJECTOR_INCLUDES}
+ payload_injector.cc
+ payload_injector_config.h
payload_injector_module.cc
+ payload_injector_module.h
payload_injector_translate_page.cc
)
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2020-2020 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+
+// payload_injector.cc author Maya Dagon <mdagon@cisco.com>
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "payload_injector.h"
+
+#include "detection/detection_engine.h"
+#include "packet_io/active.h"
+#include "protocols/packet.h"
+#include "service_inspectors/http2_inspect/http2_flow_data.h"
+#include "utils/util.h"
+
+#include "payload_injector_config.h"
+#include "payload_injector_module.h"
+
+using namespace snort;
+
+// Should have an entry for each error in InjectionReturnStatus
+static const std::map <InjectionReturnStatus, const char*> InjectionErrorToString =
+{
+ { ERR_INJECTOR_NOT_CONFIGURED, "Payload injector is not configured" },
+ { ERR_STREAM_NOT_ESTABLISHED, "TCP stream not established" },
+ { ERR_UNIDENTIFIED_PROTOCOL, "Unidentified protocol" },
+ { ERR_HTTP2_STREAM_ID_0, "HTTP/2 - injection to stream 0" },
+ { ERR_PAGE_TRANSLATION, "Error in translating HTTP block page to HTTP/2. "
+ "Unsupported or bad format." },
+ { ERR_HTTP2_MID_FRAME, "HTTP/2 - attempt to inject mid frame. Currently not supported." },
+ { ERR_TRANSLATED_HDRS_SIZE,
+ "HTTP/2 translated header size is bigger than expected. Update max size." },
+ { ERR_HTTP2_EVEN_STREAM_ID, "HTTP/2 - injection to server initiated stream" },
+ { ERR_PKT_FROM_SERVER, "Packet is from server" }
+};
+
+InjectionReturnStatus PayloadInjector::inject_http2_payload(Packet* p,
+ const InjectionControl& control, EncodeFlags df)
+{
+ InjectionReturnStatus status;
+
+ if (control.stream_id == 0)
+ status = ERR_HTTP2_STREAM_ID_0;
+ else if (control.stream_id % 2 == 0)
+ {
+ // Don't inject against server initiated streams
+ status = ERR_HTTP2_EVEN_STREAM_ID;
+ }
+ else
+ {
+ // Check if mid frame
+ Http2FlowData* const session_data =
+ (Http2FlowData*)p->flow->get_flow_data(Http2FlowData::inspector_id);
+ if (!session_data || session_data->is_mid_frame())
+ {
+ payload_injector_stats.http2_mid_frame++;
+ // FIXIT-E mid-frame injection not supported
+ status = ERR_HTTP2_MID_FRAME;
+ }
+ else
+ {
+ uint8_t* http2_payload;
+ uint32_t payload_len;
+ status = get_http2_payload(control, http2_payload, payload_len);
+ if (status == INJECTION_SUCCESS)
+ {
+ p->active->send_data(p, df, http2_payload, payload_len);
+ snort_free(http2_payload);
+ payload_injector_stats.http2_injects++;
+ return INJECTION_SUCCESS;
+ }
+ else
+ payload_injector_stats.http2_translate_err++;
+ }
+ }
+
+ // If we got here, shouldn't inject the page
+ p->active->send_data(p, df, nullptr, 0);
+ return status;
+}
+
+InjectionReturnStatus PayloadInjector::inject_http_payload(Packet* p,
+ const InjectionControl& control)
+{
+ InjectionReturnStatus status = INJECTION_SUCCESS;
+
+ assert(p != nullptr);
+
+ const PayloadInjectorConfig* conf = p->context->conf->payload_injector_config;
+ if (conf)
+ {
+ if (p->packet_flags & PKT_FROM_SERVER)
+ status = ERR_PKT_FROM_SERVER;
+ else
+ {
+ EncodeFlags df = ENC_FLAG_RST_SRVR; // Send RST to server.
+
+ if (p->packet_flags & PKT_STREAM_EST)
+ {
+ if (!p->flow)
+ status = ERR_UNIDENTIFIED_PROTOCOL;
+ else if (!p->flow->gadget || strcmp(p->flow->gadget->get_name(),"http_inspect") ==
+ 0)
+ {
+ payload_injector_stats.http_injects++;
+ p->active->send_data(p, df, control.http_page, control.http_page_len);
+ }
+ else if (strcmp(p->flow->gadget->get_name(),"http2_inspect") == 0)
+ status = inject_http2_payload(p, control, df);
+ else
+ status = ERR_UNIDENTIFIED_PROTOCOL;
+ }
+ else
+ status = ERR_STREAM_NOT_ESTABLISHED;
+ }
+ }
+ else
+ status = ERR_INJECTOR_NOT_CONFIGURED;
+
+ p->active->block_session(p, true);
+
+ DetectionEngine::disable_all(p);
+
+ if ( p->flow )
+ p->flow->set_state(Flow::FlowState::BLOCK);
+
+ return status;
+}
+
+const char* PayloadInjector::get_err_string(InjectionReturnStatus status)
+{
+ auto iter = InjectionErrorToString.find(status);
+ assert (iter != InjectionErrorToString.end());
+ return iter->second;
+}
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2020-2020 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+
+// payload_injector.h author Maya Dagon <mdagon@cisco.com>
+
+#ifndef PAYLOAD_INJECTOR_H
+#define PAYLOAD_INJECTOR_H
+
+#include "framework/codec.h"
+
+namespace snort
+{
+struct Packet;
+}
+
+enum InjectionReturnStatus : int8_t
+{
+ INJECTION_SUCCESS = 1,
+ ERR_INJECTOR_NOT_CONFIGURED = -1,
+ ERR_STREAM_NOT_ESTABLISHED = -2,
+ ERR_UNIDENTIFIED_PROTOCOL = -3,
+ ERR_HTTP2_STREAM_ID_0 = -4,
+ ERR_PAGE_TRANSLATION = -5,
+ ERR_HTTP2_MID_FRAME = -6,
+ ERR_TRANSLATED_HDRS_SIZE = -7,
+ ERR_HTTP2_EVEN_STREAM_ID = -8,
+ ERR_PKT_FROM_SERVER = -9,
+ // Update InjectionErrorToString when adding/removing error codes
+};
+
+struct InjectionControl
+{
+ const uint8_t* http_page = nullptr;
+ uint32_t http_page_len = 0;
+ uint32_t stream_id = 0;
+};
+
+class SO_PUBLIC PayloadInjector
+{
+public:
+ static InjectionReturnStatus inject_http_payload(snort::Packet* p, const
+ InjectionControl& control);
+
+ static const char* get_err_string(InjectionReturnStatus status);
+
+private:
+ static InjectionReturnStatus inject_http2_payload(snort::Packet* p, const
+ InjectionControl& control, snort::EncodeFlags df);
+
+#ifdef UNIT_TEST
+
+public:
+#endif
+ static InjectionReturnStatus get_http2_payload(InjectionControl control, uint8_t*& http2_payload, uint32_t& payload_len);
+};
+
+#ifdef UNIT_TEST
+InjectionReturnStatus write_7_bit_prefix_int(uint32_t val, uint8_t*& out, uint32_t& out_free_space);
+#endif
+
+#endif
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2020-2020 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+
+// payload_injector_config.h author Maya Dagon <mdagon@cisco.com>
+
+#ifndef PAYLOAD_INJECTOR_CONFIG_H
+#define PAYLOAD_INJECTOR_CONFIG_H
+
+struct PayloadInjectorConfig
+{
+};
+
+#endif
#include "payload_injector_module.h"
-#include "detection/detection_engine.h"
-#include "packet_io/active.h"
-#include "protocols/packet.h"
-#include "service_inspectors/http2_inspect/http2_flow_data.h"
-#include "utils/util.h"
+#include "main/snort_config.h"
+
+#include "payload_injector_config.h"
#define s_name "payload_injector"
#define s_help \
{ CountType::END, nullptr, nullptr }
};
-// Should have an entry for each error in InjectionReturnStatus
-static const std::map <InjectionReturnStatus, const char*> InjectionErrorToString =
-{
- { ERR_INJECTOR_NOT_CONFIGURED, "Payload injector is not configured" },
- { ERR_STREAM_NOT_ESTABLISHED, "TCP stream not established" },
- { ERR_UNIDENTIFIED_PROTOCOL, "Unidentified protocol" },
- { ERR_HTTP2_STREAM_ID_0, "HTTP/2 - injection to stream 0" },
- { ERR_PAGE_TRANSLATION, "Error in translating HTTP block page to HTTP/2. "
- "Unsupported or bad format." },
- { ERR_HTTP2_MID_FRAME, "HTTP/2 - attempt to inject mid frame. Currently not supported." },
- { ERR_TRANSLATED_HDRS_SIZE,
- "HTTP/2 translated header size is bigger than expected. Update max size." },
- { ERR_HTTP2_EVEN_STREAM_ID, "HTTP/2 - injection to server initiated stream" },
- { ERR_PKT_FROM_SERVER, "Packet is from server" }
-};
-
-bool PayloadInjectorModule::configured = false;
-
PayloadInjectorModule::PayloadInjectorModule() :
Module(s_name, s_help)
{ }
PegCount* PayloadInjectorModule::get_counts() const
{ return (PegCount*)&payload_injector_stats; }
-bool PayloadInjectorModule::end(const char*, int, SnortConfig*)
+bool PayloadInjectorModule::end(const char*, int, SnortConfig* sc)
{
- configured = true;
+ assert(sc->payload_injector_config == nullptr);
+ sc->payload_injector_config = new PayloadInjectorConfig;
return true;
}
-
-InjectionReturnStatus PayloadInjectorModule::inject_http2_payload(Packet* p,
- const InjectionControl& control, EncodeFlags df)
-{
- InjectionReturnStatus status;
-
- if (control.stream_id == 0)
- status = ERR_HTTP2_STREAM_ID_0;
- else if (control.stream_id % 2 == 0)
- {
- // Don't inject against server initiated streams
- status = ERR_HTTP2_EVEN_STREAM_ID;
- }
- else
- {
- // Check if mid frame
- Http2FlowData* const session_data =
- (Http2FlowData*)p->flow->get_flow_data(Http2FlowData::inspector_id);
- if (!session_data || session_data->is_mid_frame())
- {
- payload_injector_stats.http2_mid_frame++;
- // FIXIT-E mid-frame injection not supported
- status = ERR_HTTP2_MID_FRAME;
- }
- else
- {
- uint8_t* http2_payload;
- uint32_t payload_len;
- status = get_http2_payload(control, http2_payload, payload_len);
- if (status == INJECTION_SUCCESS)
- {
- p->active->send_data(p, df, http2_payload, payload_len);
- snort_free(http2_payload);
- payload_injector_stats.http2_injects++;
- return INJECTION_SUCCESS;
- }
- else
- payload_injector_stats.http2_translate_err++;
- }
- }
-
- // If we got here, shouldn't inject the page
- p->active->send_data(p, df, nullptr, 0);
- return status;
-}
-
-InjectionReturnStatus PayloadInjectorModule::inject_http_payload(Packet* p,
- const InjectionControl& control)
-{
- InjectionReturnStatus status = INJECTION_SUCCESS;
-
- assert(p != nullptr);
-
- if (configured)
- {
- if (p->packet_flags & PKT_FROM_SERVER)
- status = ERR_PKT_FROM_SERVER;
- else
- {
- EncodeFlags df = ENC_FLAG_RST_SRVR; // Send RST to server.
-
- if (p->packet_flags & PKT_STREAM_EST)
- {
- if (!p->flow)
- status = ERR_UNIDENTIFIED_PROTOCOL;
- else if (!p->flow->gadget || strcmp(p->flow->gadget->get_name(),"http_inspect") ==
- 0)
- {
- payload_injector_stats.http_injects++;
- p->active->send_data(p, df, control.http_page, control.http_page_len);
- }
- else if (strcmp(p->flow->gadget->get_name(),"http2_inspect") == 0)
- status = inject_http2_payload(p, control, df);
- else
- status = ERR_UNIDENTIFIED_PROTOCOL;
- }
- else
- status = ERR_STREAM_NOT_ESTABLISHED;
- }
- }
- else
- status = ERR_INJECTOR_NOT_CONFIGURED;
-
- p->active->block_session(p, true);
-
- DetectionEngine::disable_all(p);
-
- if ( p->flow )
- p->flow->set_state(Flow::FlowState::BLOCK);
-
- return status;
-}
-
-const char* PayloadInjectorModule::get_err_string(InjectionReturnStatus status)
-{
- auto iter = InjectionErrorToString.find(status);
- assert (iter != InjectionErrorToString.end());
- return iter->second;
-}
-
#ifndef PAYLOAD_INJECTOR_MODULE_H
#define PAYLOAD_INJECTOR_MODULE_H
-#include "framework/codec.h"
#include "framework/module.h"
-namespace snort
-{
-struct Packet;
-}
-
struct PayloadInjectorCounts
{
PegCount http_injects;
PegCount http2_mid_frame;
};
-extern THREAD_LOCAL PayloadInjectorCounts payload_injection_stats;
-
-enum InjectionReturnStatus : int8_t
-{
- INJECTION_SUCCESS = 1,
- ERR_INJECTOR_NOT_CONFIGURED = -1,
- ERR_STREAM_NOT_ESTABLISHED = -2,
- ERR_UNIDENTIFIED_PROTOCOL = -3,
- ERR_HTTP2_STREAM_ID_0 = -4,
- ERR_PAGE_TRANSLATION = -5,
- ERR_HTTP2_MID_FRAME = -6,
- ERR_TRANSLATED_HDRS_SIZE = -7,
- ERR_HTTP2_EVEN_STREAM_ID = -8,
- ERR_PKT_FROM_SERVER = -9,
- // Update InjectionErrorToString when adding/removing error codes
-};
-
-struct InjectionControl
-{
- const uint8_t* http_page = nullptr;
- uint32_t http_page_len = 0;
- uint32_t stream_id = 0;
-};
+extern THREAD_LOCAL PayloadInjectorCounts payload_injector_stats;
class SO_PUBLIC PayloadInjectorModule : public snort::Module
{
{ return GLOBAL; }
bool end(const char*, int, snort::SnortConfig*) override;
-
- static InjectionReturnStatus inject_http_payload(snort::Packet* p, const
- InjectionControl& control);
-
- static const char* get_err_string(InjectionReturnStatus status);
-
-#ifdef UNIT_TEST
- void set_configured(bool val) { configured = val; }
-#endif
-
-private:
- static bool configured;
-
- static InjectionReturnStatus inject_http2_payload(snort::Packet* p, const
- InjectionControl& control, snort::EncodeFlags df);
-
-#ifdef UNIT_TEST
-
-public:
-#endif
- static InjectionReturnStatus get_http2_payload(InjectionControl control, uint8_t*& http2_payload, uint32_t& payload_len);
};
-#ifdef UNIT_TEST
-InjectionReturnStatus write_7_bit_prefix_int(uint32_t val, uint8_t*& out, uint32_t& out_free_space);
-#endif
-
#endif
#include "config.h"
#endif
-#include "payload_injector_module.h"
+#include "payload_injector.h"
#include "service_inspectors/http2_inspect/http2_enum.h"
#include "utils/util.h"
out += Http2Enums::FRAME_HEADER_LENGTH;
}
-InjectionReturnStatus PayloadInjectorModule::get_http2_payload(InjectionControl control,
+InjectionReturnStatus PayloadInjector::get_http2_payload(InjectionControl control,
uint8_t*& http2_payload, uint32_t& payload_len)
{
if (control.http_page == nullptr || control.http_page_len == 0)
add_cpputest (payload_injector_test
SOURCES
+ ../payload_injector.cc
../payload_injector_module.cc
../../framework/module.cc
)
#include "config.h"
#endif
+#include "payload_injector/payload_injector.h"
#include "payload_injector/payload_injector_module.h"
#include "detection/detection_engine.h"
#include "service_inspectors/http_inspect/http_enum.h"
#include "service_inspectors/http2_inspect/http2_flow_data.h"
+#include "payload_injector/payload_injector_config.h"
+
#include <CppUTest/CommandLineTestRunner.h>
#include <CppUTest/TestHarness.h>
gadget = nullptr;
flow_state = Flow::FlowState::SETUP;
}
+
Flow::~Flow() { }
-Packet::Packet(bool) { packet_flags = 0; flow = nullptr; }
+IpsContext::IpsContext(unsigned int) { }
+IpsContext::~IpsContext() { }
+SnortConfig::SnortConfig(snort::SnortConfig const*) { }
+SnortConfig::~SnortConfig() { }
+
+IpsContext ips_context;
+SnortConfig conf;
+PayloadInjectorConfig pi_conf;
+Packet::Packet(bool)
+{
+ packet_flags = 0;
+ flow = nullptr;
+ context = &ips_context;
+ context->conf = &conf;
+}
+
+static void set_not_configured() { conf.payload_injector_config = nullptr; }
+static void set_configured() { conf.payload_injector_config = &pi_conf; }
+
Packet::~Packet() { }
int DetectionEngine::queue_event(unsigned int, unsigned int, snort::Actions::Type) { return 0; }
FlowData::~FlowData() { }
// Mocks for PayloadInjectorModule::get_http2_payload
static InjectionReturnStatus translation_status = INJECTION_SUCCESS;
-InjectionReturnStatus PayloadInjectorModule::get_http2_payload(InjectionControl,
+InjectionReturnStatus PayloadInjector::get_http2_payload(InjectionControl,
uint8_t*& http2_payload, uint32_t& payload_len)
{
if (translation_status == INJECTION_SUCCESS)
Http2HpackDecoder(this, SRC_CLIENT, events[SRC_CLIENT], infractions[SRC_CLIENT]),
Http2HpackDecoder(this, SRC_SERVER, events[SRC_SERVER], infractions[SRC_SERVER])
},
- data_cutter { Http2DataCutter(this, SRC_CLIENT), Http2DataCutter(this, SRC_SERVER) }
- { }
+ data_cutter {Http2DataCutter(this, SRC_CLIENT), Http2DataCutter(this, SRC_SERVER)}
+{ }
Http2FlowData::~Http2FlowData() { }
Http2FlowData http2_flow_data(nullptr);
void Http2FlowData::set_mid_frame(bool val) { continuation_expected[SRC_SERVER] = val; }
TEST(payload_injector_test, not_configured_stream_not_established)
{
- mod.set_configured(false);
Packet p(false);
+ set_not_configured();
p.flow = &flow;
- InjectionReturnStatus status = mod.inject_http_payload(&p, control);
+ InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
CHECK(counts->http_injects == 0);
CHECK(status == ERR_INJECTOR_NOT_CONFIGURED);
CHECK(flow.flow_state == Flow::FlowState::BLOCK);
- const char* err_string = mod.get_err_string(status);
+ const char* err_string = PayloadInjector::get_err_string(status);
CHECK(strcmp(err_string, "Payload injector is not configured") == 0);
}
TEST(payload_injector_test, not_configured_stream_established)
{
- mod.set_configured(false);
Packet p(false);
+ set_not_configured();
p.packet_flags = PKT_STREAM_EST;
p.flow = &flow;
- InjectionReturnStatus status = mod.inject_http_payload(&p, control);
+ InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
CHECK(counts->http_injects == 0);
CHECK(status == ERR_INJECTOR_NOT_CONFIGURED);
CHECK(flow.flow_state == Flow::FlowState::BLOCK);
TEST(payload_injector_test, configured_stream_not_established)
{
- mod.set_configured(true);
Packet p(false);
+ set_configured();
p.flow = &flow;
- InjectionReturnStatus status = mod.inject_http_payload(&p, control);
+ InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
CHECK(counts->http_injects == 0);
CHECK(status == ERR_STREAM_NOT_ESTABLISHED);
- const char* err_string = mod.get_err_string(status);
+ const char* err_string = PayloadInjector::get_err_string(status);
CHECK(strcmp(err_string, "TCP stream not established") == 0);
CHECK(flow.flow_state == Flow::FlowState::BLOCK);
}
TEST(payload_injector_test, configured_stream_established)
{
- mod.set_configured(true);
Packet p(false);
+ set_configured();
p.packet_flags = PKT_STREAM_EST;
mock_api.base.name = "http_inspect";
flow.gadget = new MockInspector();
p.flow = &flow;
p.active = &active;
- InjectionReturnStatus status = mod.inject_http_payload(&p, control);
+ InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
CHECK(counts->http_injects == 1);
CHECK(status == INJECTION_SUCCESS);
CHECK(flow.flow_state == Flow::FlowState::BLOCK);
TEST(payload_injector_test, http2_stream0)
{
- mod.set_configured(true);
Packet p(false);
+ set_configured();
p.packet_flags = PKT_STREAM_EST;
mock_api.base.name = "http2_inspect";
flow.gadget = new MockInspector();
p.flow = &flow;
- InjectionReturnStatus status = mod.inject_http_payload(&p, control);
+ InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
CHECK(counts->http2_injects == 0);
CHECK(status == ERR_HTTP2_STREAM_ID_0);
CHECK(flow.flow_state == Flow::FlowState::BLOCK);
- const char* err_string = mod.get_err_string(status);
+ const char* err_string = PayloadInjector::get_err_string(status);
CHECK(strcmp(err_string, "HTTP/2 - injection to stream 0") == 0);
delete flow.gadget;
}
TEST(payload_injector_test, http2_even_stream_id)
{
- mod.set_configured(true);
Packet p(false);
+ set_configured();
p.packet_flags = PKT_STREAM_EST;
mock_api.base.name = "http2_inspect";
flow.gadget = new MockInspector();
p.flow = &flow;
control.stream_id = 2;
- InjectionReturnStatus status = mod.inject_http_payload(&p, control);
+ InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
CHECK(counts->http2_injects == 0);
CHECK(status == ERR_HTTP2_EVEN_STREAM_ID);
CHECK(flow.flow_state == Flow::FlowState::BLOCK);
- const char* err_string = mod.get_err_string(status);
+ const char* err_string = PayloadInjector::get_err_string(status);
CHECK(strcmp(err_string, "HTTP/2 - injection to server initiated stream") == 0);
delete flow.gadget;
}
TEST(payload_injector_test, http2_success)
{
- mod.set_configured(true);
Packet p(false);
+ set_configured();
p.packet_flags = PKT_STREAM_EST;
mock_api.base.name = "http2_inspect";
flow.gadget = new MockInspector();
p.flow = &flow;
p.active = &active;
control.stream_id = 1;
- InjectionReturnStatus status = mod.inject_http_payload(&p, control);
+ InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
CHECK(counts->http2_injects == 1);
CHECK(status == INJECTION_SUCCESS);
CHECK(flow.flow_state == Flow::FlowState::BLOCK);
TEST(payload_injector_test, unidentified_gadget_is_null)
{
- mod.set_configured(true);
Packet p(false);
+ set_configured();
p.packet_flags = PKT_STREAM_EST;
p.flow = &flow;
p.active = &active;
- InjectionReturnStatus status = mod.inject_http_payload(&p, control);
+ InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
CHECK(counts->http_injects == 1);
CHECK(status == INJECTION_SUCCESS);
CHECK(flow.flow_state == Flow::FlowState::BLOCK);
TEST(payload_injector_test, unidentified_gadget_name)
{
- mod.set_configured(true);
Packet p(false);
+ set_configured();
p.packet_flags = PKT_STREAM_EST;
mock_api.base.name = "inspector";
flow.gadget = new MockInspector();
p.flow = &flow;
- InjectionReturnStatus status = mod.inject_http_payload(&p, control);
+ InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
CHECK(status == ERR_UNIDENTIFIED_PROTOCOL);
CHECK(flow.flow_state == Flow::FlowState::BLOCK);
delete flow.gadget;
TEST(payload_injector_test, http2_mid_frame)
{
- mod.set_configured(true);
Packet p(false);
+ set_configured();
p.packet_flags = PKT_STREAM_EST;
mock_api.base.name = "http2_inspect";
flow.gadget = new MockInspector();
p.flow = &flow;
control.stream_id = 1;
http2_flow_data.set_mid_frame(true);
- InjectionReturnStatus status = mod.inject_http_payload(&p, control);
+ InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
CHECK(counts->http2_mid_frame == 1);
CHECK(status == ERR_HTTP2_MID_FRAME);
CHECK(flow.flow_state == Flow::FlowState::BLOCK);
- const char* err_string = mod.get_err_string(status);
+ const char* err_string = PayloadInjector::get_err_string(status);
CHECK(strcmp(err_string, "HTTP/2 - attempt to inject mid frame. Currently not supported.")
== 0);
delete flow.gadget;
TEST(payload_injector_test, http2_continuation_expected)
{
- mod.set_configured(true);
Packet p(false);
+ set_configured();
p.packet_flags = PKT_STREAM_EST;
mock_api.base.name = "http2_inspect";
flow.gadget = new MockInspector();
p.flow = &flow;
control.stream_id = 1;
http2_flow_data.set_mid_frame(true);
- InjectionReturnStatus status = mod.inject_http_payload(&p, control);
+ InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
CHECK(counts->http2_mid_frame == 1);
CHECK(status == ERR_HTTP2_MID_FRAME);
CHECK(flow.flow_state == Flow::FlowState::BLOCK);
TEST(payload_injector_test, http2_pkt_from_srvr)
{
- mod.set_configured(true);
Packet p(false);
+ set_configured();
p.packet_flags = PKT_FROM_SERVER;
flow.gadget = new MockInspector();
p.flow = &flow;
- InjectionReturnStatus status = mod.inject_http_payload(&p, control);
+ InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
CHECK(status == ERR_PKT_FROM_SERVER);
CHECK(flow.flow_state == Flow::FlowState::BLOCK);
delete flow.gadget;
TEST(payload_injector_test, flow_is_null)
{
- mod.set_configured(true);
Packet p(false);
+ set_configured();
p.packet_flags = PKT_STREAM_EST;
- InjectionReturnStatus status = mod.inject_http_payload(&p, control);
+ InjectionReturnStatus status = PayloadInjector::inject_http_payload(&p, control);
CHECK(counts->http_injects == 0);
CHECK(status == ERR_UNIDENTIFIED_PROTOCOL);
- const char* err_string = mod.get_err_string(status);
+ const char* err_string = PayloadInjector::get_err_string(status);
CHECK(strcmp(err_string, "Unidentified protocol") == 0);
}
control.http_page_len = 4;
flow.set_state(Flow::FlowState::INSPECT);
http2_flow_data.set_mid_frame(false);
- mod.set_configured(true);
mock_api.base.name = "http2_inspect";
flow.gadget = new MockInspector();
control.stream_id = 1;
TEST(payload_injector_translate_err_test, http2_page_translation_err)
{
Packet p(false);
+ set_configured();
p.packet_flags = PKT_STREAM_EST;
p.flow = &flow;
translation_status = ERR_PAGE_TRANSLATION;
- status = mod.inject_http_payload(&p, control);
- const char* err_string = mod.get_err_string(status);
+ status = PayloadInjector::inject_http_payload(&p, control);
+ const char* err_string = PayloadInjector::get_err_string(status);
CHECK(strcmp(err_string, "Error in translating HTTP block page to HTTP/2. "
"Unsupported or bad format.") == 0);
}
TEST(payload_injector_translate_err_test, http2_hdrs_size)
{
Packet p(false);
+ set_configured();
p.packet_flags = PKT_STREAM_EST;
p.flow = &flow;
translation_status = ERR_TRANSLATED_HDRS_SIZE;
- status = mod.inject_http_payload(&p, control);
- const char* err_string = mod.get_err_string(status);
+ status = PayloadInjector::inject_http_payload(&p, control);
+ const char* err_string = PayloadInjector::get_err_string(status);
CHECK(strcmp(err_string,
"HTTP/2 translated header size is bigger than expected. Update max size.") == 0);
}
#include "config.h"
#endif
-#include "payload_injector/payload_injector_module.h"
+#include "payload_injector/payload_injector.h"
#include "utils/util.h"
control.stream_id = 1;
control.http_page = (uint8_t*)http_page;
control.http_page_len = strlen(http_page);
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == INJECTION_SUCCESS);
uint8_t out[] =
control.stream_id = 1;
control.http_page = (uint8_t*)http_page;
control.http_page_len = strlen(http_page);
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == INJECTION_SUCCESS);
control.stream_id = 1;
control.http_page = (uint8_t*)http_page;
control.http_page_len = strlen(http_page);
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == INJECTION_SUCCESS);
control.stream_id = 1;
control.http_page = (uint8_t*)http_page;
control.http_page_len = strlen(http_page);
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == INJECTION_SUCCESS);
control.stream_id = 1;
control.http_page = (uint8_t*)http_page;
control.http_page_len = strlen(http_page);
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == ERR_PAGE_TRANSLATION);
}
control.stream_id = 1;
control.http_page = (uint8_t*)http_page;
control.http_page_len = strlen(http_page);
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == ERR_PAGE_TRANSLATION);
}
control.stream_id = 1;
control.http_page = (uint8_t*)http_page;
control.http_page_len = strlen(http_page);
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == ERR_PAGE_TRANSLATION);
}
control.stream_id = 1;
control.http_page = (uint8_t*)http_page;
control.http_page_len = strlen(http_page);
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == ERR_PAGE_TRANSLATION);
}
control.stream_id = 1;
control.http_page = (uint8_t*)http_page;
control.http_page_len = strlen(http_page);
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == ERR_PAGE_TRANSLATION);
}
control.stream_id = 1;
control.http_page = (uint8_t*)http_page;
control.http_page_len = strlen(http_page);
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == ERR_PAGE_TRANSLATION);
}
control.stream_id = 1;
control.http_page = (uint8_t*)http_page;
control.http_page_len = strlen(http_page);
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == ERR_PAGE_TRANSLATION);
}
control.stream_id = 1;
control.http_page = (uint8_t*)http_page;
control.http_page_len = strlen(http_page);
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == ERR_PAGE_TRANSLATION);
}
control.stream_id = 1;
control.http_page = (uint8_t*)http_page;
control.http_page_len = strlen(http_page);
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == ERR_PAGE_TRANSLATION);
}
control.stream_id = 1;
control.http_page = http_page;
control.http_page_len = size;
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == INJECTION_SUCCESS);
control.stream_id = 1;
control.http_page = http_page;
control.http_page_len = size;
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == INJECTION_SUCCESS);
uint8_t out[] =
control.stream_id = 1;
control.http_page = http_page;
control.http_page_len = size;
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == INJECTION_SUCCESS);
control.http_page = http_page;
control.http_page_len = size;
control.stream_id = 0xf000;
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == INJECTION_SUCCESS);
CHECK(payload_len == 2019);
control.stream_id = 1;
control.http_page = http_page;
control.http_page_len = size;
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == ERR_TRANSLATED_HDRS_SIZE);
}
control.stream_id = 1;
control.http_page = http_page;
control.http_page_len = size;
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == ERR_TRANSLATED_HDRS_SIZE);
}
control.stream_id = 1;
control.http_page = http_page;
control.http_page_len = size;
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == ERR_TRANSLATED_HDRS_SIZE);
}
control.stream_id = 1;
control.http_page = http_page;
control.http_page_len = size;
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == ERR_TRANSLATED_HDRS_SIZE);
}
control.stream_id = 1;
control.http_page = http_page;
control.http_page_len = size;
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == INJECTION_SUCCESS);
// Headers frame header + status ok + data frame header
uint8_t out[] = { 0, 0, 1, 1, 4, 0, 0, 0, 1, 0x88, 0, 0x40, 0, 0, 1, 0, 0, 0, 1 };
control.stream_id = 1;
control.http_page = http_page;
control.http_page_len = size;
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == INJECTION_SUCCESS);
// Headers frame header + status ok + data frame header
uint8_t out[] = { 0, 0, 1, 1, 4, 0, 0, 0, 1, 0x88, 0, 0x40, 0, 0, 0, 0, 0, 0, 1 };
InjectionControl control;
control.http_page = nullptr;
control.http_page_len = 1;
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == ERR_PAGE_TRANSLATION);
}
InjectionControl control;
control.http_page = http_page;
control.http_page_len = 0;
- status = PayloadInjectorModule::get_http2_payload(control, http2_payload, payload_len);
+ status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len);
CHECK(status == ERR_PAGE_TRANSLATION);
}
projects / thirdparty / snort3.git / commitdiff
