appid_ha.h
appid_http_session.cc
appid_http_session.h
- appid_http2_req_body_event_handler.h
+ appid_httpx_req_body_event_handler.h
appid_opportunistic_tls_event_handler.h
appid_peg_counts.h
appid_peg_counts.cc
protocol = IpProtocol::TCP;
else if (p->is_udp())
protocol = IpProtocol::UDP;
- else if (p->is_ip4() || p->is_ip6())
+ else if (p->is_ip4() or p->is_ip6())
{
protocol = p->get_ip_proto_next();
if (p->num_layers > 3)
if (p->ptrs.tcph and !asd->get_session_flags(APPID_SESSION_OOO))
{
- if ((p->packet_flags & PKT_STREAM_ORDER_BAD) ||
- (p->dsize && !(p->packet_flags & (PKT_STREAM_ORDER_OK | PKT_REBUILT_STREAM))))
+ if ((p->packet_flags & PKT_STREAM_ORDER_BAD) or
+ (p->dsize and !(p->packet_flags & (PKT_STREAM_ORDER_OK | PKT_REBUILT_STREAM))))
{
asd->set_session_flags(APPID_SESSION_OOO | APPID_SESSION_OOO_CHECK_TP);
if (appidDebug->is_active())
// Shut off service/client discoveries, since they skip not-ok data packets and
// may keep failing on subsequent data packets causing performance degradation
- if (!asd->get_session_flags(APPID_SESSION_MID) ||
- (p->ptrs.sp != 21 && p->ptrs.dp != 21)) // exception for ftp-control
+ if (!asd->get_session_flags(APPID_SESSION_MID) or
+ (p->ptrs.sp != 21 and p->ptrs.dp != 21)) // exception for ftp-control
{
asd->service_disco_state = APPID_DISCO_STATE_FINISHED;
if (asd->get_payload_id() == APP_ID_NONE and
else
{
const auto* tcph = p->ptrs.tcph;
- if (tcph->is_rst() && asd->previous_tcp_flags == TH_SYN)
+ if (tcph->is_rst() and asd->previous_tcp_flags == TH_SYN)
{
uint16_t port = 0;
const SfIp* ip = nullptr;
asd.get_odp_ctxt().is_host_port_app_cache_runtime)
check_dynamic = true;
- if (!(check_static || check_dynamic))
+ if (!(check_static or check_dynamic))
return false;
uint16_t port;
}
// Third party detection
- // Skip third-party detection for http2
- if (tp_appid_ctxt and ((service_id = asd.pick_service_app_id()) != APP_ID_HTTP2))
+ // Skip third-party detection for http2 and http3
+ if (tp_appid_ctxt and ((service_id = asd.pick_service_app_id()) != APP_ID_HTTP2 and service_id != APP_ID_HTTP3))
{
// Skip third-party inspection for sessions using old config
if (asd.tpsession and asd.tpsession->get_ctxt_version() != tp_appid_ctxt->get_version())
}
}
// FIXIT-M - snort 2.x has added a check for midstream pickup to this, do we need that?
- else if (protocol != IpProtocol::TCP || (p->packet_flags & PKT_STREAM_ORDER_OK))
+ else if (protocol != IpProtocol::TCP or (p->packet_flags & PKT_STREAM_ORDER_OK))
{
if (asd.service_disco_state != APPID_DISCO_STATE_FINISHED)
is_discovery_done =
bool is_http_tunnel = false;
if (hsession)
- is_http_tunnel = ((hsession->payload.get_id() == APP_ID_HTTP_TUNNEL) ||
+ is_http_tunnel = ((hsession->payload.get_id() == APP_ID_HTTP_TUNNEL) or
(hsession->payload.get_id() == APP_ID_HTTP_SSL_TUNNEL)) ? true : false;
if (is_check_host_cache_valid(asd, service_id, client_id, payload_id, misc_id) or
{
if (direction == APP_ID_FROM_INITIATOR)
{
- if (asd->get_prev_http2_raw_packet() != asd->session_packet_count)
+ if (asd->get_prev_httpx_raw_packet() != asd->session_packet_count)
{
asd->delete_all_http_sessions();
- asd->set_prev_http2_raw_packet(asd->session_packet_count);
+ asd->set_prev_httpx_raw_packet(asd->session_packet_count);
}
hsession = asd->create_http_session(http_event->get_httpx_stream_id());
}
hsession->set_field(MISC_SERVER_FID, header_start, header_length, change_bits);
int32_t responseCodeNum = http_event->get_response_code();
- if (responseCodeNum > 0 && responseCodeNum < 700)
+ if (responseCodeNum > 0 and responseCodeNum < 700)
{
unsigned int ret;
char tmpstr[32];
if (http_event->get_is_httpx())
{
AppId http_app_id = flow->stream_intf->get_appid_from_stream(flow);
- assert((http_app_id == APP_ID_HTTP2) || (http_app_id == APP_ID_HTTP3));
+ assert((http_app_id == APP_ID_HTTP2) or (http_app_id == APP_ID_HTTP3));
asd->set_service_id(http_app_id, asd->get_odp_ctxt());
}
hsession->process_http_packet(direction, change_bits,
asd->get_odp_ctxt().get_http_matchers());
- if (asd->get_service_id() != APP_ID_HTTP2)
+ if (!http_event->get_is_httpx())
asd->set_ss_application_ids(asd->pick_service_app_id(), asd->pick_ss_client_app_id(),
asd->pick_ss_payload_app_id(), asd->pick_ss_misc_app_id(),
asd->pick_ss_referred_payload_app_id(), change_bits);
else
- asd->set_application_ids_service(APP_ID_HTTP2, change_bits);
+ asd->set_application_ids_service(asd->get_service_id(), change_bits);
asd->publish_appid_event(change_bits, *p, http_event->get_is_httpx(),
asd->get_api().get_hsessions_size() - 1);
void AppIdHttpSession::set_tun_dest()
{
assert(meta_data[REQ_URI_FID]);
- char *host = nullptr, *host_start, *host_end = nullptr, *url_end;
- char *port_str = nullptr;
+ char* host = nullptr, *host_start, *host_end = nullptr, *url_end;
+ char* port_str = nullptr;
uint16_t port = 0;
int is_IPv6 = 0;
char* url = strdup(meta_data[REQ_URI_FID]->c_str());
{
is_IPv6 = 1;
port_str = strchr(url, ']');
- if (port_str && port_str < url_end)
+ if (port_str and port_str < url_end)
{
if (*(++port_str) != ':')
{
}
}
}
- else if(isdigit(url[0]))
+ else if (isdigit(url[0]))
{
port_str = strrchr(url, ':');
}
- if (port_str && port_str < url_end )
+ if (port_str and port_str < url_end )
{
host_end = port_str;
if (*(++port_str) != '\0')
{
- char *end = nullptr;
+ char* end = nullptr;
long ret = strtol(port_str, &end, 10);
- if (end != port_str && *end == '\0' && ret >= 1 && ret <= PORT_MAX)
+ if (end != port_str and *end == '\0' and ret >= 1 and ret <= PORT_MAX)
{
port = (uint16_t)ret;
}
}
if (host)
{
- if(tun_dest)
+ if (tun_dest)
delete tun_dest;
tun_dest= new TunnelDest(host, port);
free(host);
}
- free(url );
+ free(url);
}
bool AppIdHttpSession::initial_chp_sweep(ChpMatchDescriptor& cmd, HttpPatternMatchers& http_matchers)
for (unsigned i = 0; i <= MAX_KEY_PATTERN; i++)
{
- if (cmd.buffer[i] && cmd.length[i])
+ if (cmd.buffer[i] and cmd.length[i])
{
cmd.cur_ptype = (HttpFieldIds)i;
http_matchers.scan_key_chp(cmd);
{
ptype_scan_counts[i] = cah->ptype_scan_counts[i];
ptype_req_counts[i] = cah->ptype_req_counts[i] + cah->ptype_rewrite_insert_used[i];
- if (i > 3 && !cah->ptype_scan_counts[i]
- && !asd.get_session_flags(APPID_SESSION_SPDY_SESSION))
+ if (i > 3 and !cah->ptype_scan_counts[i]
+ and !asd.get_session_flags(APPID_SESSION_SPDY_SESSION))
{
asd.clear_session_flags(APPID_SESSION_CHP_INSPECTING);
if (asd.tpsession)
if ( !ptype_scan_counts[i] )
continue;
- if ( cmd.buffer[i] && cmd.length[i] )
+ if ( cmd.buffer[i] and cmd.length[i] )
{
int num_found = 0;
cmd.cur_ptype = (HttpFieldIds)i;
AppId ret = http_matchers.scan_chp(cmd, &version, &user, &num_found, this, asd.get_odp_ctxt());
total_found += num_found;
- if (!ret || num_found < ptype_req_counts[i])
+ if (!ret or num_found < ptype_req_counts[i])
{
// No match at all or the required matches for the field was NOT made
if (!num_matches)
// we finished the last scan
// either the num_matches value was zero and we failed early-on or we need to check
// for the min.
- if (num_matches && total_found < num_matches)
+ if (num_matches and total_found < num_matches)
{
// There was a minimum scans match count (num_matches != 0)
// And we did not reach that minimum
assert(asd.flow);
if (asd.flow->ha_state)
asd.flow->ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR);
- if (asd.get_service_id() == APP_ID_HTTP2)
+ if (asd.get_service_id() == APP_ID_HTTP2 or asd.get_service_id() == APP_ID_HTTP3)
AppIdPegCounts::inc_client_count(app_id);
if (version)
if (appidDebug->is_active())
{
- const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
+ const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
LogMessage("AppIdDbg %s %s is client %s (%d)\n", appidDebug->get_debug_session(),
type, app_name ? app_name : "unknown", app_id);
}
assert(asd.flow);
if (asd.flow->ha_state)
asd.flow->ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR);
- if (asd.get_service_id() == APP_ID_HTTP2)
+ if (asd.get_service_id() == APP_ID_HTTP2 or asd.get_service_id() == APP_ID_HTTP3)
AppIdPegCounts::inc_payload_count(app_id);
payload.set_version(version);
if (appidDebug->is_active())
{
- const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
- if(app_id == APP_ID_UNKNOWN)
+ const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
+ if (app_id == APP_ID_UNKNOWN)
LogMessage("AppIdDbg %s Payload is Unknown (%d)\n", appidDebug->get_debug_session(),
app_id);
else
return;
referred_payload_app_id = app_id;
- if (asd.get_service_id() == APP_ID_HTTP2)
+ if (asd.get_service_id() == APP_ID_HTTP2 or asd.get_service_id() == APP_ID_HTTP3)
AppIdPegCounts::inc_referred_count(app_id);
change_bits.set(APPID_REFERRED_BIT);
if (appidDebug->is_active())
{
- const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
+ const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
LogMessage("AppIdDbg %s URL is referred %s (%d)\n", appidDebug->get_debug_session(),
app_name ? app_name : "unknown", app_id);
}
// For fragmented HTTP headers, do not process if none of the fields are set.
// These fields will get set when the HTTP header is reassembled.
- if ( !useragent && !host && !referer && !uri )
+ if ( !useragent and !host and !referer and !uri )
{
if (!skip_simple_detect)
asd.clear_http_flags();
return 0;
}
- if ( direction == APP_ID_FROM_RESPONDER &&
+ if ( direction == APP_ID_FROM_RESPONDER and
!asd.get_session_flags(APPID_SESSION_RESPONSE_CODE_CHECKED) )
{
const std::string* response_code;
#endif
}
- if (asd.get_service_id() == APP_ID_NONE or asd.get_service_id() == APP_ID_HTTP2)
+ if (asd.get_service_id() == APP_ID_NONE or asd.get_service_id() == APP_ID_HTTP2 or
+ asd.get_service_id() == APP_ID_HTTP3)
{
if (asd.get_service_id() == APP_ID_NONE)
asd.set_service_id(APP_ID_HTTP, asd.get_odp_ctxt());
asd.service_disco_state = APPID_DISCO_STATE_FINISHED;
}
- if (!chp_finished || chp_hold_flow)
+ if (!chp_finished or chp_hold_flow)
process_chp_buffers(change_bits, http_matchers);
if (skip_simple_detect) // true if process_chp_buffers() found match
const std::string* server = meta_data[MISC_SERVER_FID];
if ( (asd.scan_flags & SCAN_HTTP_VENDOR_FLAG) and server)
{
- if ( asd.get_service_id() == APP_ID_NONE or asd.get_service_id() == APP_ID_HTTP or
- asd.get_service_id() == APP_ID_HTTP2)
+ if (asd.get_service_id() == APP_ID_NONE or asd.get_service_id() == APP_ID_HTTP or
+ asd.get_service_id() == APP_ID_HTTP2 or asd.get_service_id() == APP_ID_HTTP3)
{
char* vendorVersion = nullptr;
char* vendor = nullptr;
http_matchers.get_server_vendor_version(server->c_str(), server->size(),
&vendorVersion, &vendor, &subtype);
- if (vendor || vendorVersion)
+ if (vendor or vendorVersion)
{
asd.set_service_vendor(vendor, change_bits);
asd.set_service_version(vendorVersion, change_bits);
if (service_id > APP_ID_NONE and service_id != APP_ID_HTTP and
asd.get_service_id() != service_id)
{
- const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id);
+ const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id);
LogMessage("AppIdDbg %s User Agent is service %s (%d)\n",
appidDebug->get_debug_session(), app_name ? app_name : "unknown", service_id);
}
asd.set_service_appid_data(app_id, change_bits, version);
if (appidDebug->is_active())
{
- const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
+ const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
LogMessage("AppIdDbg %s X service %s (%d)\n", appidDebug->get_debug_session(),
app_name ? app_name : "unknown", app_id);
}
// Scan Content-Type Header for multimedia types and scan contents
const std::string* content_type = meta_data[RSP_CONTENT_TYPE_FID];
if ( (asd.scan_flags & SCAN_HTTP_CONTENT_TYPE_FLAG)
- and content_type and !asd.get_tp_payload_app_id() and payload.get_id() <= APP_ID_NONE)
+ and content_type and !asd.get_tp_payload_app_id() and payload.get_id() <= APP_ID_NONE)
{
AppId payload_id = http_matchers.get_appid_by_content_type(content_type->c_str(),
content_type->size());
if (asd.get_service_id() <= APP_ID_NONE)
{
- if (appidDebug->is_active() && service_id > APP_ID_NONE && service_id !=
- APP_ID_HTTP && asd.get_service_id() != service_id)
+ if (appidDebug->is_active() and service_id > APP_ID_NONE and service_id !=
+ APP_ID_HTTP and asd.get_service_id() != service_id)
{
- const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id);
+ const char* app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id);
LogMessage("AppIdDbg %s URL is service %s (%d)\n",
appidDebug->get_debug_session(),
app_name ? app_name : "unknown",
{
entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_payload_app_id);
// only move tpPayloadAppId to client if client app id is valid
- if (entry && entry->clientId > APP_ID_NONE)
+ if (entry and entry->clientId > APP_ID_NONE)
{
misc_app_id = client.get_id();
client.set_id(tp_payload_app_id);
{
entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(payload.get_id());
// only move payload_app_id to client if it has a ClientAppid
- if (entry && entry->clientId > APP_ID_NONE)
+ if (entry and entry->clientId > APP_ID_NONE)
{
misc_app_id = client.get_id();
client.set_id(payload.get_id());
}
}
if (payload.get_id() <= APP_ID_NONE and is_payload_processed and
- (asd.get_service_id() == APP_ID_HTTP2 or (asd.get_service_id() == APP_ID_HTTP and
- asd.is_tp_appid_available())))
+ (asd.get_service_id() == APP_ID_HTTP2 or asd.get_service_id() == APP_ID_HTTP3 or
+ (asd.get_service_id() == APP_ID_HTTP and
+ asd.is_tp_appid_available())))
set_payload(APP_ID_UNKNOWN, change_bits);
asd.clear_http_flags();
meta_data[id] = new std::string((const char*)str, len);
else
{
- std::string *req_body = new std::string(*meta_data[id]);
+ std::string* req_body = new std::string(*meta_data[id]);
delete meta_data[id];
req_body->append((const char*)str);
meta_data[id] = req_body;
print_field(id, meta_data[id]);
}
}
+
void AppIdHttpSession::print_field(HttpFieldIds id, const std::string* field)
{
string field_name;
if (asd.get_session_flags(APPID_SESSION_SPDY_SESSION))
field_name = "SPDY ";
else if (asd.get_session_flags(APPID_SESSION_HTTP_SESSION))
- field_name = "HTTP ";
+ field_name = "HTTP ";
else
// This could be RTMP session; not printing RTMP fields for now
return;
LogMessage("AppIdDbg %s %s is %s\n", appidDebug->get_debug_session(),
field_name.c_str(), field->c_str());
}
+
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// appid_http2_req_body_event_handler.h
+// appid_httpx_req_body_event_handler.h
// author Kani<kamurthi@cisco.com>
-#ifndef APPID_HTTP2_REQ_BODY_EVENT_HANDLER_H
-#define APPID_HTTP2_REQ_BODY_EVENT_HANDLER_H
+#ifndef APPID_HTTPX_REQ_BODY_EVENT_HANDLER_H
+#define APPID_HTTPX_REQ_BODY_EVENT_HANDLER_H
#include "pub_sub/http_request_body_event.h"
-class AppIdHttp2ReqBodyEventHandler : public snort::DataHandler
+class AppIdHttpXReqBodyEventHandler : public snort::DataHandler
{
public:
- AppIdHttp2ReqBodyEventHandler() : DataHandler(MOD_NAME){ }
+ AppIdHttpXReqBodyEventHandler() : DataHandler(MOD_NAME){ }
void handle(snort::DataEvent& event, snort::Flow* flow) override
{
if (!pkt_thread_odp_ctxt)
return;
snort::HttpRequestBodyEvent* http_req_body = (snort::HttpRequestBodyEvent*)&event;
AppIdHttpSession* hsession = asd->get_matching_http_session(
- http_req_body->get_http2_stream_id());
+ http_req_body->get_httpx_stream_id());
if (!hsession)
return;
#include "appid_eve_process_event_handler.h"
#include "appid_ha.h"
#include "appid_http_event_handler.h"
-#include "appid_http2_req_body_event_handler.h"
+#include "appid_httpx_req_body_event_handler.h"
#include "appid_opportunistic_tls_event_handler.h"
#include "appid_peg_counts.h"
#include "appid_service_event_handler.h"
{
AppIdSession* session = appid_api.get_appid_session(flow);
// Skip sessions using old odp context after odp reload
- if (!session || (session->get_odp_ctxt_version() != odp_context.get_version()))
+ if (!session or (session->get_odp_ctxt_version() != odp_context.get_version()))
return;
AppId service_id, client_id, payload_id, misc_id;
DataBus::subscribe_global(HTTP_RESPONSE_HEADER_EVENT_KEY, new HttpEventHandler(
HttpEventHandler::RESPONSE_EVENT, *this), *sc);
- DataBus::subscribe_global(HTTP2_REQUEST_BODY_EVENT_KEY, new AppIdHttp2ReqBodyEventHandler(), *sc);
+ DataBus::subscribe_global(HTTPX_REQUEST_BODY_EVENT_KEY, new AppIdHttpXReqBodyEventHandler(), *sc);
DataBus::subscribe_global(DATA_DECRYPT_EVENT, new DataDecryptEventHandler(), *sc);
{
if (p->is_ip4())
{
- if (p->is_udp() && ((p->ptrs.sp == 68 && p->ptrs.dp == 67)
- || (p->ptrs.sp == 67 && p->ptrs.dp == 68)))
+ if (p->is_udp() and ((p->ptrs.sp == 68 and p->ptrs.dp == 67)
+ or (p->ptrs.sp == 67 and p->ptrs.dp == 68)))
{
return true;
}
const SfIp* ip = (direction == APP_ID_FROM_INITIATOR)
? p->ptrs.ip_api.get_src() : p->ptrs.ip_api.get_dst();
- if ((proto == IpProtocol::TCP || proto == IpProtocol::UDP) &&
+ if ((proto == IpProtocol::TCP or proto == IpProtocol::UDP) and
(p->ptrs.sp != p->ptrs.dp))
port = (direction == APP_ID_FROM_INITIATOR) ? p->ptrs.sp : p->ptrs.dp;
char dst_ip[INET6_ADDRSTRLEN];
AppIdInspector* inspector = (AppIdInspector*)ctrlPkt->flow->flow_data->get_handler();
- if ((inspector == nullptr) || strcmp(inspector->get_name(), MOD_NAME))
+ if ((inspector == nullptr) or strcmp(inspector->get_name(), MOD_NAME))
inspector = (AppIdInspector*)InspectorManager::get_inspector(MOD_NAME, true);
// FIXIT-RC - port parameter passed in as 0 since we may not know client port, verify
// 1. Start off as SSL - captured with isSsl flag, OR
// 2. It could start off as a non-SSL session and later change to SSL. For example, FTP->FTPS.
// In this case APPID_SESSION_ENCRYPTED flag is set by the protocol state machine.
- if (get_session_flags(APPID_SESSION_ENCRYPTED) || isSsl)
+ if (get_session_flags(APPID_SESSION_ENCRYPTED) or isSsl)
{
set_session_flags(APPID_SESSION_DECRYPTED);
encrypted.service_id = service_id;
switch (service_id)
{
case APP_ID_HTTP:
- if (misc_app_id == APP_ID_NSIIOPS ||
- misc_app_id == APP_ID_DDM_SSL ||
- misc_app_id == APP_ID_MSFT_GC_SSL ||
+ if (misc_app_id == APP_ID_NSIIOPS or
+ misc_app_id == APP_ID_DDM_SSL or
+ misc_app_id == APP_ID_MSFT_GC_SSL or
misc_app_id == APP_ID_SF_APPLIANCE_MGMT)
{
break;
const char* referer = hsession->get_cfield(REQ_REFERER_FID);
if ((http_matchers.get_appid_from_url(nullptr, url, &version,
referer, &client_id, &service_id, &payload_id,
- &referred_payload_id, true, odp_ctxt)) ||
+ &referred_payload_id, true, odp_ctxt)) or
(http_matchers.get_appid_from_url(nullptr, url, &version,
referer, &client_id, &service_id, &payload_id,
&referred_payload_id, false, odp_ctxt)))
void AppIdSession::set_client_appid_data(AppId id, AppidChangeBits& change_bits, char* version)
{
- if (id <= APP_ID_NONE || id == APP_ID_HTTP)
+ if (id <= APP_ID_NONE or id == APP_ID_HTTP)
return;
AppId cur_id = api.client.get_id();
bool AppIdSession::is_svc_taking_too_much_time() const
{
- return (init_pkts_without_reply > odp_ctxt.max_packet_service_fail_ignore_bytes ||
- (init_pkts_without_reply > odp_ctxt.max_packet_before_service_fail &&
+ return (init_pkts_without_reply > odp_ctxt.max_packet_service_fail_ignore_bytes or
+ (init_pkts_without_reply > odp_ctxt.max_packet_before_service_fail and
init_bytes_without_reply > odp_ctxt.max_bytes_before_service_fail));
}
void AppIdSession::free_flow_data_by_mask(unsigned mask)
{
for (AppIdFlowDataIter it = flow_data.cbegin(); it != flow_data.cend();)
- if (!mask || (it->second->fd_id & mask))
+ if (!mask or (it->second->fd_id & mask))
{
delete it->second;
it = flow_data.erase(it);
{
if (is_service_detected())
{
- bool deferred = api.service.get_deferred() || tp_app_id_deferred;
+ bool deferred = api.service.get_deferred() or tp_app_id_deferred;
- if (api.service.get_id() > APP_ID_NONE && !deferred)
+ if (api.service.get_id() > APP_ID_NONE and !deferred)
return api.service.get_id();
if (is_tp_appid_available())
{
AppId AppIdSession::pick_ss_misc_app_id() const
{
- if (api.service.get_id() == APP_ID_HTTP2)
+ if (api.service.get_id() == APP_ID_HTTP2 or api.service.get_id() == APP_ID_HTTP3)
return APP_ID_NONE;
if (misc_app_id > APP_ID_NONE)
AppId AppIdSession::pick_ss_client_app_id() const
{
- if (api.service.get_id() == APP_ID_HTTP2)
+ if (api.service.get_id() == APP_ID_HTTP2 or api.service.get_id() == APP_ID_HTTP3)
return APP_ID_NONE;
AppId tmp_id = APP_ID_NONE;
AppId AppIdSession::pick_ss_payload_app_id(AppId service_id) const
{
- if (service_id == APP_ID_HTTP2)
+ if (service_id == APP_ID_HTTP2 or service_id == APP_ID_HTTP3)
return APP_ID_NONE;
if (tp_payload_app_id_deferred)
AppId AppIdSession::pick_ss_referred_payload_app_id() const
{
- if (api.service.get_id() == APP_ID_HTTP2)
+ if (api.service.get_id() == APP_ID_HTTP2 or api.service.get_id() == APP_ID_HTTP3)
return APP_ID_NONE;
AppId tmp_id = APP_ID_NONE;
return false;
unsigned state = tpsession->get_state();
- return (state == TP_STATE_CLASSIFIED || state == TP_STATE_TERMINATED ||
+ return (state == TP_STATE_CLASSIFIED or state == TP_STATE_TERMINATED or
state == TP_STATE_HA);
}
bool AppIdSession::is_tp_processing_done() const
{
- if (!get_session_flags(APPID_SESSION_NO_TPI) &&
- (!is_tp_appid_done() ||
+ if (!get_session_flags(APPID_SESSION_NO_TPI) and
+ (!is_tp_appid_done() or
get_session_flags(APPID_SESSION_APP_REINSPECT | APPID_SESSION_APP_REINSPECT_SSL)))
return false;
unsigned state = tpsession->get_state();
- return (state == TP_STATE_CLASSIFIED || state == TP_STATE_TERMINATED ||
+ return (state == TP_STATE_CLASSIFIED or state == TP_STATE_TERMINATED or
state == TP_STATE_MONITORING);
}
AppId pick_service_app_id() const;
// pick_ss_* and set_ss_* methods below are for application protocols that support only a single
- // stream in a flow. They should not be used for HTTP2 sessions which can have multiple
+ // stream in a flow. They should not be used for HTTP2/HTTP3 sessions which can have multiple
// streams within a single flow
AppId pick_ss_misc_app_id() const;
AppId pick_ss_client_app_id() const;
inferred_svcs_ver++;
}
- uint16_t get_prev_http2_raw_packet() const
+ uint16_t get_prev_httpx_raw_packet() const
{
- return prev_http2_raw_packet;
+ return prev_httpx_raw_packet;
}
- void set_prev_http2_raw_packet(uint16_t packet_num)
+ void set_prev_httpx_raw_packet(uint16_t packet_num)
{
- prev_http2_raw_packet = packet_num;
+ prev_httpx_raw_packet = packet_num;
}
const snort::AppIdSessionApi& get_api() const
}
private:
- uint16_t prev_http2_raw_packet = 0;
+ uint16_t prev_httpx_raw_packet = 0;
void reinit_session_data(AppidChangeBits& change_bits, ThirdPartyAppIdContext* tp_appid_ctxt);
void delete_session_data();
AppId AppIdSessionApi::get_misc_app_id(uint32_t stream_index) const
{
- if (get_service_app_id() == APP_ID_HTTP2)
+ if (get_service_app_id() == APP_ID_HTTP2 or get_service_app_id() == APP_ID_HTTP3)
{
- if (stream_index >= get_hsessions_size())
+ if ((stream_index != 0) and (stream_index >= get_hsessions_size()))
return APP_ID_NONE;
else if (AppIdHttpSession* hsession = get_hsession(stream_index))
return hsession->misc_app_id;
+ else if ((get_service_app_id() == APP_ID_HTTP3) and (stream_index == 0))
+ return application_ids[APP_PROTOID_MISC];
}
else if (stream_index == 0)
return application_ids[APP_PROTOID_MISC];
AppId AppIdSessionApi::get_client_app_id(uint32_t stream_index) const
{
- if (get_service_app_id() == APP_ID_HTTP2)
+ if (get_service_app_id() == APP_ID_HTTP2 or get_service_app_id() == APP_ID_HTTP3)
{
- if (stream_index >= get_hsessions_size())
+ if ((stream_index != 0) and (stream_index >= get_hsessions_size()))
return APP_ID_NONE;
else if (AppIdHttpSession* hsession = get_hsession(stream_index))
return hsession->client.get_id();
+ else if ((get_service_app_id() == APP_ID_HTTP3) and (stream_index == 0))
+ return application_ids[APP_PROTOID_CLIENT];
}
else if (stream_index == 0)
return application_ids[APP_PROTOID_CLIENT];
AppId AppIdSessionApi::get_payload_app_id(uint32_t stream_index) const
{
- if (get_service_app_id() == APP_ID_HTTP2)
+ if (get_service_app_id() == APP_ID_HTTP2 or get_service_app_id() == APP_ID_HTTP3)
{
- if (stream_index >= get_hsessions_size())
+ if ((stream_index != 0) and (stream_index >= get_hsessions_size()))
return APP_ID_NONE;
else if (AppIdHttpSession* hsession = get_hsession(stream_index))
return hsession->payload.get_id();
+ else if ((get_service_app_id() == APP_ID_HTTP3) and (stream_index == 0))
+ return application_ids[APP_PROTOID_PAYLOAD];
}
else if (stream_index == 0)
return application_ids[APP_PROTOID_PAYLOAD];
AppId AppIdSessionApi::get_referred_app_id(uint32_t stream_index) const
{
- if (get_service_app_id() == APP_ID_HTTP2)
+ if (get_service_app_id() == APP_ID_HTTP2 or get_service_app_id() == APP_ID_HTTP3)
{
if ((stream_index != 0) and (stream_index >= get_hsessions_size()))
return APP_ID_UNKNOWN;
void AppIdSessionApi::get_app_id(AppId& service, AppId& client,
AppId& payload, AppId& misc, AppId& referred, uint32_t stream_index) const
{
- if (get_service_app_id() == APP_ID_HTTP2)
+ if (get_service_app_id() == APP_ID_HTTP2 or get_service_app_id() == APP_ID_HTTP3)
{
if ((stream_index != 0) and (stream_index >= get_hsessions_size()))
{
void AppIdSessionApi::get_app_id(AppId* service, AppId* client,
AppId* payload, AppId* misc, AppId* referred, uint32_t stream_index) const
{
- if (get_service_app_id() == APP_ID_HTTP2)
+ if (get_service_app_id() == APP_ID_HTTP2 or get_service_app_id() == APP_ID_HTTP3)
{
if ((stream_index != 0) and (stream_index >= get_hsessions_size()))
{
{
if (!asd)
return false;
- if (service.get_id() == APP_ID_HTTP2)
+ if (service.get_id() == APP_ID_HTTP2 or service.get_id() == APP_ID_HTTP3)
return (get_payload_app_id(stream_index) != APP_ID_NONE);
else
- return ( (service.get_id() != APP_ID_NONE ||
- payload.get_id() != APP_ID_NONE) &&
- (asd->is_tp_appid_available() ||
+ return ( (service.get_id() != APP_ID_NONE or
+ payload.get_id() != APP_ID_NONE) and
+ (asd->is_tp_appid_available() or
asd->get_session_flags(APPID_SESSION_NO_TPI)) );
}
}
}
+// For HTTP3, mercury can identify client,payload and misc. So check for them
+// even if no hsession is present, but prefer appid stored in hsession.
void AppIdSessionApi::get_first_stream_app_ids(AppId& service_id, AppId& client_id,
AppId& payload_id, AppId& misc_id) const
{
service_id = application_ids[APP_PROTOID_SERVICE];
- if (service_id != APP_ID_HTTP2)
+ if (service_id != APP_ID_HTTP2 and service_id != APP_ID_HTTP3)
{
client_id = application_ids[APP_PROTOID_CLIENT];
payload_id = application_ids[APP_PROTOID_PAYLOAD];
payload_id = hsession->payload.get_id();
misc_id = hsession->misc_app_id;
}
+ else if (service_id == APP_ID_HTTP3)
+ {
+ client_id = application_ids[APP_PROTOID_CLIENT];
+ payload_id = application_ids[APP_PROTOID_PAYLOAD];
+ misc_id = application_ids[APP_PROTOID_MISC];
+ }
else
{
client_id = APP_ID_NONE;
AppId& payload_id) const
{
service_id = application_ids[APP_PROTOID_SERVICE];
- if (service_id != APP_ID_HTTP2)
+ if (service_id != APP_ID_HTTP2 and service_id != APP_ID_HTTP3)
{
client_id = application_ids[APP_PROTOID_CLIENT];
payload_id = application_ids[APP_PROTOID_PAYLOAD];
client_id = hsession->client.get_id();
payload_id = hsession->payload.get_id();
}
+ else if (service_id == APP_ID_HTTP3)
+ {
+ client_id = application_ids[APP_PROTOID_CLIENT];
+ payload_id = application_ids[APP_PROTOID_PAYLOAD];
+ }
else
{
client_id = APP_ID_NONE;
const char* get_netbios_domain() const;
ClientAppDetectType get_client_app_detect_type() const;
- // For protocols such as HTTP2 which can have multiple streams within a single flow,
+ // For protocols such as HTTP2/HTTP3 which can have multiple streams within a single flow,
// get_first_stream_* methods return the appids in the first stream seen in a packet.
void get_first_stream_app_ids(AppId& service, AppId& client, AppId& payload, AppId& misc) const;
void get_first_stream_app_ids(AppId& service, AppId& client, AppId& payload) const;
AppId service_id = session->get_api().get_service_app_id();
OdpContext& odp_ctxt = session->get_odp_ctxt();
- if (service_id != APP_ID_HTTP2)
+ if (service_id != APP_ID_HTTP2 and service_id != APP_ID_HTTP3)
{
AppId app_ids[APP_PROTOID_MAX];
return last_piece;
}
-uint32_t HttpRequestBodyEvent::get_http2_stream_id() const
+int64_t HttpRequestBodyEvent::get_httpx_stream_id() const
{
return http_flow_data->get_hx_stream_id();
}
#include "service_inspectors/http_inspect/http_msg_body.h"
// These are common values between the HTTP inspector and the subscribers.
-#define HTTP2_REQUEST_BODY_EVENT_KEY "http2_request_body_event"
+#define HTTPX_REQUEST_BODY_EVENT_KEY "httpx_request_body_event"
class HttpFlowData;
const uint8_t* get_request_body_data(int32_t& length, int32_t& offset);
bool is_last_request_body_piece();
- uint32_t get_http2_stream_id() const;
+ int64_t get_httpx_stream_id() const;
private:
const HttpMsgBody* const http_msg_body;
CHECK(memcmp(data, msg.data(), length) == 0);
CHECK(length == msg_len);
CHECK(offset == 0);
- CHECK(event.get_http2_stream_id() == stream_id);
+ CHECK(event.get_httpx_stream_id() == stream_id);
CHECK_FALSE(event.is_last_request_body_piece());
delete body;
}
CHECK(memcmp(data, msg.data(), length) == 0);
CHECK(length == msg_len);
CHECK(offset == 1500);
- CHECK(event.get_http2_stream_id() == stream_id);
+ CHECK(event.get_httpx_stream_id() == stream_id);
CHECK(event.is_last_request_body_piece());
delete body;
}
CHECK(data == nullptr);
CHECK(length == 0);
CHECK(offset == 1500);
- CHECK(event.get_http2_stream_id() == stream_id);
+ CHECK(event.get_httpx_stream_id() == stream_id);
CHECK(event.is_last_request_body_piece());
}
HttpRequestBodyEvent http_request_body_event(this, publish_octets, last_piece, session_data);
- DataBus::publish(HTTP2_REQUEST_BODY_EVENT_KEY, http_request_body_event, flow);
+ DataBus::publish(HTTPX_REQUEST_BODY_EVENT_KEY, http_request_body_event, flow);
publish_octets += publish_length;
#ifdef REG_TEST
if (HttpTestManager::use_test_output(HttpTestManager::IN_HTTP))
{
HttpRequestBodyEvent http_request_body_event(nullptr,
session_data->publish_octets[source_id], true, session_data);
- DataBus::publish(HTTP2_REQUEST_BODY_EVENT_KEY, http_request_body_event, flow);
+ DataBus::publish(HTTPX_REQUEST_BODY_EVENT_KEY, http_request_body_event, flow);
#ifdef REG_TEST
if (HttpTestManager::use_test_output(HttpTestManager::IN_HTTP))
{
projects / thirdparty / snort3.git / commitdiff
