bool Http2DataCutter::check_http_state(Http2Stream* const stream)
{
HttpFlowData* const http_flow = stream->get_hi_flow_data();
- if ((http_flow->get_type_expected(source_id) != HttpEnums::SEC_BODY_H2))
+ if ((http_flow->get_type_expected(source_id) != SEC_BODY_H2))
{
stream->set_state(source_id, STREAM_ERROR);
if (data_len > 0)
if ((data_bytes_read == data_len) && (frame_flags & FLAG_END_STREAM))
{
HttpFlowData* const hi_flow = stream->get_hi_flow_data();
- hi_flow->set_h2_body_state(source_id, HttpEnums::H2_BODY_LAST_SEG);
+ hi_flow->set_h2_body_state(source_id, H2_BODY_LAST_SEG);
}
scan_result = session_data->hi_ss[source_id]->scan(&dummy_pkt, data + cur_data_offset,
cur_data, unused, &http_flush_offset);
#include "http2_headers_frame.h"
#include "protocols/packet.h"
-#include "service_inspectors/http_inspect/http_enum.h"
#include "service_inspectors/http_inspect/http_flow_data.h"
#include "service_inspectors/http_inspect/http_inspect.h"
#include "service_inspectors/http_inspect/http_stream_splitter.h"
dummy_pkt.data = stream_buf.data;
dummy_pkt.xtradata_mask = 0;
session_data->hi->eval(&dummy_pkt);
- if (http_flow->get_type_expected(hi_source_id) == HttpEnums::SEC_ABORT)
+ if (http_flow->get_type_expected(hi_source_id) == SEC_ABORT)
{
assert(session_data->is_processing_partial_header());
stream->set_state(hi_source_id, STREAM_ERROR);
#include "http2_headers_frame_header.h"
-#include "service_inspectors/http_inspect/http_enum.h"
#include "service_inspectors/http_inspect/http_flow_data.h"
#include "http2_enum.h"
// if END_STREAM flag set on headers, tell http_inspect not to expect a message body
if (get_flags() & FLAG_END_STREAM)
- stream->get_hi_flow_data()->finish_h2_body(source_id, HttpEnums::H2_BODY_NO_BODY, false);
+ stream->get_hi_flow_data()->finish_h2_body(source_id, H2_BODY_NO_BODY, false);
process_decoded_headers(http_flow, source_id);
}
#include "http2_headers_frame_trailer.h"
#include "protocols/packet.h"
-#include "service_inspectors/http_inspect/http_enum.h"
#include "service_inspectors/http_inspect/http_flow_data.h"
#include "service_inspectors/http_inspect/http_inspect.h"
#include "service_inspectors/http_inspect/http_stream_splitter.h"
assert(http_flow);
const bool valid_headers = http1_header.length() > 0;
- if (http_flow->get_type_expected(source_id) != HttpEnums::SEC_TRAILER)
+ if (http_flow->get_type_expected(source_id) != SEC_TRAILER)
{
// http_inspect is not yet expecting trailers. Flush empty buffer through scan, reassemble,
// and eval to prepare http_inspect for trailers.
- assert(http_flow->get_type_expected(source_id) == HttpEnums::SEC_BODY_H2);
+ assert(http_flow->get_type_expected(source_id) == SEC_BODY_H2);
stream->finish_msg_body(source_id, valid_headers, true); // calls http_inspect scan()
unsigned copied;
dummy_pkt.dsize = stream_buf.length;
dummy_pkt.data = stream_buf.data;
session_data->hi->eval(&dummy_pkt);
- assert (!valid_headers || http_flow->get_type_expected(source_id) == HttpEnums::SEC_TRAILER);
- if (http_flow->get_type_expected(source_id) == HttpEnums::SEC_ABORT)
+ assert (!valid_headers || http_flow->get_type_expected(source_id) == SEC_TRAILER);
+ if (http_flow->get_type_expected(source_id) == SEC_ABORT)
{
stream->set_state(source_id, STREAM_ERROR);
return;
#include "http2_headers_frame_with_startline.h"
#include "protocols/packet.h"
-#include "service_inspectors/http_inspect/http_enum.h"
#include "service_inspectors/http_inspect/http_flow_data.h"
#include "service_inspectors/http_inspect/http_inspect.h"
#include "service_inspectors/http_inspect/http_stream_splitter.h"
dummy_pkt.dsize = stream_buf.length;
dummy_pkt.data = stream_buf.data;
session_data->hi->eval(&dummy_pkt);
- if (http_flow->get_type_expected(hi_source_id) != HttpEnums::SEC_HEADER)
+ if (http_flow->get_type_expected(hi_source_id) != SEC_HEADER)
{
stream->set_state(hi_source_id, STREAM_ERROR);
return false;
#include "http2_push_promise_frame.h"
-#include "service_inspectors/http_inspect/http_enum.h"
#include "service_inspectors/http_inspect/http_flow_data.h"
#include "http2_flow_data.h"
// Push promise cannot have a message body
// FIXIT-E handle bad request lines and cases where a message body is implied
- stream->get_hi_flow_data()->finish_h2_body(SRC_CLIENT, HttpEnums::H2_BODY_NO_BODY, false);
+ stream->get_hi_flow_data()->finish_h2_body(SRC_CLIENT, H2_BODY_NO_BODY, false);
process_decoded_headers(http_flow, SRC_CLIENT);
}
#include "http2_enum.h"
#include "http2_stream.h"
-#include "service_inspectors/http_inspect/http_enum.h"
#include "service_inspectors/http_inspect/http_flow_data.h"
#include "service_inspectors/http_inspect/http_stream_splitter.h"
using namespace HttpCommon;
using namespace Http2Enums;
-using namespace HttpEnums;
Http2Stream::Http2Stream(uint32_t stream_id_, Http2FlowData* session_data_) :
stream_id(stream_id_),
(stream->get_state(source_id) >= STREAM_COMPLETE) ||
(stream->get_hi_flow_data() == nullptr) ||
(stream->get_hi_flow_data()->get_type_expected(source_id)
- != HttpEnums::SEC_BODY_H2) ||
+ != SEC_BODY_H2) ||
(session_data->processing_partial_header &&
(stream->get_stream_id() == session_data->current_stream[source_id])))
{
+set(HTTP_INCLUDES
+ http_field.h
+ http_common.h
+ http_inspect_base.h
+ http_stream_splitter_base.h
+)
set (FILE_LIST
+ ${HTTP_INCLUDES}
ips_http.cc
ips_http.h
- http_buffer_info.h
http_buffer_info.cc
+ http_buffer_info.h
http_inspect.cc
http_inspect.h
http_msg_section.cc
http_transaction.h
http_test_manager.cc
http_test_manager.h
- http_enum.h
http_field.cc
- http_field.h
http_stream_splitter_finish.cc
http_stream_splitter_reassemble.cc
http_stream_splitter_scan.cc
#add_dynamic_module(http_inspect inspectors ${FILE_LIST})
#endif(STATIC_INSPECTORS)
-
+install(FILES ${HTTP_INCLUDES}
+ DESTINATION "${INCLUDE_INSTALL_PATH}/service_inspectors/http_inspect"
+)
add_subdirectory ( test )
// Message originator--client or server
enum SourceId { SRC__NOT_COMPUTE=-14, SRC_CLIENT=0, SRC_SERVER=1 };
+// Type of message section
+enum SectionType { SEC_DISCARD = -19, SEC_ABORT = -18, SEC__NOT_COMPUTE=-14, SEC__NOT_PRESENT=-11,
+ SEC_REQUEST = 2, SEC_STATUS, SEC_HEADER, SEC_BODY_CL, SEC_BODY_CHUNK, SEC_TRAILER,
+ SEC_BODY_OLD, SEC_BODY_H2 };
+
+enum H2BodyState { H2_BODY_NOT_COMPLETE, H2_BODY_LAST_SEG, H2_BODY_COMPLETE,
+ H2_BODY_COMPLETE_EXPECT_TRAILERS, H2_BODY_NO_BODY };
+
} // end namespace HttpCommon
#endif
#include "http_module.h"
using namespace HttpEnums;
+using namespace HttpCommon;
ScanResult HttpStartCutter::cut(const uint8_t* buffer, uint32_t length,
- HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, HttpEnums::H2BodyState)
+ HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, H2BodyState)
{
for (uint32_t k = 0; k < length; k++)
{
}
ScanResult HttpHeaderCutter::cut(const uint8_t* buffer, uint32_t length,
- HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, HttpEnums::H2BodyState)
+ HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, H2BodyState)
{
// Header separators: leading \r\n, leading \n, leading \r\r\n, nonleading \r\n\r\n, nonleading
// \n\r\n, nonleading \r\r\n, nonleading \r\n\n, and nonleading \n\n. The separator itself
}
ScanResult HttpBodyClCutter::cut(const uint8_t* buffer, uint32_t length, HttpInfractions*,
- HttpEventGen*, uint32_t flow_target, bool stretch, HttpEnums::H2BodyState)
+ HttpEventGen*, uint32_t flow_target, bool stretch, H2BodyState)
{
assert(remaining > octets_seen);
}
ScanResult HttpBodyOldCutter::cut(const uint8_t* buffer, uint32_t length, HttpInfractions*,
- HttpEventGen*, uint32_t flow_target, bool stretch, HttpEnums::H2BodyState)
+ HttpEventGen*, uint32_t flow_target, bool stretch, H2BodyState)
{
if (flow_target == 0)
{
ScanResult HttpBodyChunkCutter::cut(const uint8_t* buffer, uint32_t length,
HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target, bool stretch,
- HttpEnums::H2BodyState)
+ H2BodyState)
{
// Are we skipping through the rest of this chunked body to the trailers and the next message?
const bool discard_mode = (flow_target == 0);
{
*infractions += INF_H2_DATA_OVERRUNS_CL;
events->create_event(EVENT_H2_DATA_OVERRUNS_CL);
- expected_body_length = HttpCommon::STAT_NOT_COMPUTE;
+ expected_body_length = STAT_NOT_COMPUTE;
}
else if (state != H2_BODY_NOT_COMPLETE and
((total_octets_scanned + length) < expected_body_length))
#include <cassert>
#include <zlib.h>
+#include "http_common.h"
#include "http_enum.h"
#include "http_event.h"
#include "http_module.h"
virtual ~HttpCutter() = default;
virtual HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,
HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target, bool stretch,
- HttpEnums::H2BodyState state) = 0;
+ HttpCommon::H2BodyState state) = 0;
uint32_t get_num_flush() const { return num_flush; }
uint32_t get_octets_seen() const { return octets_seen; }
uint32_t get_num_excess() const { return num_crlf; }
{
public:
HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,
- HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, HttpEnums::H2BodyState)
+ HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, HttpCommon::H2BodyState)
override;
protected:
{
public:
HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,
- HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, HttpEnums::H2BodyState)
+ HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, HttpCommon::H2BodyState)
override;
uint32_t get_num_head_lines() const override { return num_head_lines; }
remaining(expected_length)
{ assert(remaining > 0); }
HttpEnums::ScanResult cut(const uint8_t*, uint32_t length, HttpInfractions*, HttpEventGen*,
- uint32_t flow_target, bool stretch, HttpEnums::H2BodyState) override;
+ uint32_t flow_target, bool stretch, HttpCommon::H2BodyState) override;
private:
int64_t remaining;
HttpBodyCutter(accelerated_blocking, finder, compression)
{}
HttpEnums::ScanResult cut(const uint8_t*, uint32_t, HttpInfractions*, HttpEventGen*,
- uint32_t flow_target, bool stretch, HttpEnums::H2BodyState) override;
+ uint32_t flow_target, bool stretch, HttpCommon::H2BodyState) override;
};
class HttpBodyChunkCutter : public HttpBodyCutter
{}
HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,
HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target, bool stretch,
- HttpEnums::H2BodyState) override;
+ HttpCommon::H2BodyState) override;
bool get_is_broken_chunk() const override { return curr_state == HttpEnums::CHUNK_BAD; }
uint32_t get_num_good_chunks() const override { return num_good_chunks; }
void soft_reset() override { num_good_chunks = 0; HttpBodyCutter::soft_reset(); }
expected_body_length(expected_length)
{}
HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length, HttpInfractions*,
- HttpEventGen*, uint32_t flow_target, bool stretch, HttpEnums::H2BodyState state) override;
+ HttpEventGen*, uint32_t flow_target, bool stretch, HttpCommon::H2BodyState state) override;
private:
int64_t expected_body_length;
uint32_t total_octets_scanned = 0;
// This can grow into a bitmap for the get_buf() form parameter
static const uint64_t FORM_REQUEST = 0x1;
-// Type of message section
-enum SectionType { SEC_DISCARD = -19, SEC_ABORT = -18, SEC__NOT_COMPUTE=-14, SEC__NOT_PRESENT=-11,
- SEC_REQUEST = 2, SEC_STATUS, SEC_HEADER, SEC_BODY_CL, SEC_BODY_CHUNK, SEC_TRAILER,
- SEC_BODY_OLD, SEC_BODY_H2 };
-
// HTTP rule options.
// Lower numbered portion is message buffers available to clients.
// That part must remain synchronized with HttpApi::classic_buffer_names[]
extern const bool is_print_char[256]; // printable includes SP, tab, CR, LF
extern const bool is_sp_comma[256];
-enum H2BodyState { H2_BODY_NOT_COMPLETE, H2_BODY_LAST_SEG, H2_BODY_COMPLETE,
- H2_BODY_COMPLETE_EXPECT_TRAILERS, H2_BODY_NO_BODY };
-
} // end namespace HttpEnums
#endif
return transaction[source_id]->get_infractions(source_id);
}
-void HttpFlowData::finish_h2_body(HttpCommon::SourceId source_id, HttpEnums::H2BodyState state,
+void HttpFlowData::finish_h2_body(HttpCommon::SourceId source_id, HttpCommon::H2BodyState state,
bool clear_partial_buffer)
{
assert((h2_body_state[source_id] == H2_BODY_NOT_COMPLETE) ||
friend class HttpUnitTestSetup;
#endif
- HttpEnums::SectionType get_type_expected(HttpCommon::SourceId source_id) const
+ HttpCommon::SectionType get_type_expected(HttpCommon::SourceId source_id) const
{ return type_expected[source_id]; }
- void finish_h2_body(HttpCommon::SourceId source_id, HttpEnums::H2BodyState state,
+ void finish_h2_body(HttpCommon::SourceId source_id, HttpCommon::H2BodyState state,
bool clear_partial_buffer);
- void set_h2_body_state(HttpCommon::SourceId source_id, HttpEnums::H2BodyState state)
+ void set_h2_body_state(HttpCommon::SourceId source_id, HttpCommon::H2BodyState state)
{ h2_body_state[source_id] = state; }
uint32_t get_h2_stream_id() const;
bool is_broken_chunk[2] = { false, false };
// *** StreamSplitter => Inspector (facts about the most recent message section)
- HttpEnums::SectionType section_type[2] = { HttpEnums::SEC__NOT_COMPUTE,
- HttpEnums::SEC__NOT_COMPUTE };
+ HttpCommon::SectionType section_type[2] = { HttpCommon::SEC__NOT_COMPUTE,
+ HttpCommon::SEC__NOT_COMPUTE };
int32_t octets_reassembled[2] = { HttpCommon::STAT_NOT_PRESENT, HttpCommon::STAT_NOT_PRESENT };
int32_t num_head_lines[2] = { HttpCommon::STAT_NOT_PRESENT, HttpCommon::STAT_NOT_PRESENT };
bool tcp_close[2] = { false, false };
HttpInfractions* get_infractions(HttpCommon::SourceId source_id);
// *** Inspector => StreamSplitter (facts about the message section that is coming next)
- HttpEnums::SectionType type_expected[2] = { HttpEnums::SEC_REQUEST, HttpEnums::SEC_STATUS };
+ HttpCommon::SectionType type_expected[2] = { HttpCommon::SEC_REQUEST, HttpCommon::SEC_STATUS };
bool last_request_was_connect = false;
z_stream* compress_stream[2] = { nullptr, nullptr };
uint64_t zero_nine_expected = 0;
// *** HTTP/2 handling
bool for_http2 = false;
uint32_t h2_stream_id = 0;
- HttpEnums::H2BodyState h2_body_state[2] = { HttpEnums::H2_BODY_NOT_COMPLETE,
- HttpEnums::H2_BODY_NOT_COMPLETE };
+ HttpCommon::H2BodyState h2_body_state[2] = { HttpCommon::H2_BODY_NOT_COMPLETE,
+ HttpCommon::H2_BODY_NOT_COMPLETE };
#ifdef REG_TEST
static uint64_t instance_count;
return current_section->get_version_id(buffer_info);
}
+HttpCommon::SectionType HttpInspect::get_type_expected(snort::Flow* flow, HttpCommon::SourceId source_id) const
+{
+ HttpFlowData* session_data = http_get_flow_data(flow);
+ return session_data->get_type_expected(source_id);
+}
+
+void HttpInspect::finish_h2_body(snort::Flow* flow, HttpCommon::SourceId source_id, HttpCommon::H2BodyState state,
+ bool clear_partial_buffer) const
+{
+ HttpFlowData* session_data = http_get_flow_data(flow);
+ session_data->finish_h2_body(source_id, state, clear_partial_buffer);
+}
+
+void HttpInspect::set_h2_body_state(snort::Flow* flow, HttpCommon::SourceId source_id, HttpCommon::H2BodyState state) const
+{
+ HttpFlowData* session_data = http_get_flow_data(flow);
+ session_data->set_h2_body_state(source_id, state);
+}
+
bool HttpInspect::get_fp_buf(InspectionBuffer::Type ibt, Packet* p, InspectionBuffer& b)
{
if (get_latest_is(p) == IS_NONE)
#include "http_common.h"
#include "http_enum.h"
#include "http_field.h"
+#include "http_inspect_base.h"
#include "http_module.h"
-#include "http_msg_section.h"
#include "http_stream_splitter.h"
class HttpApi;
class HttpParam;
-class HttpInspect : public snort::Inspector
+class HttpInspect : public HttpInspectBase
{
public:
HttpInspect(const HttpParaList* params_);
int32_t http_get_num_headers(snort::Packet* p, const HttpBufferInfo& buffer_info) const;
HttpEnums::VersionId http_get_version_id(snort::Packet* p,
const HttpBufferInfo& buffer_info) const;
+ HttpCommon::SectionType get_type_expected(snort::Flow* flow, HttpCommon::SourceId source_id) const override;
+ void finish_h2_body(snort::Flow* flow, HttpCommon::SourceId source_id, HttpCommon::H2BodyState state,
+ bool clear_partial_buffer) const override;
+ void set_h2_body_state(snort::Flow* flow, HttpCommon::SourceId source_id, HttpCommon::H2BodyState state) const override;
bool get_fp_buf(snort::InspectionBuffer::Type ibt, snort::Packet* p,
snort::InspectionBuffer& b) override;
bool configure(snort::SnortConfig*) override;
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2022-2022 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+// http_inspect_base.h author Shibin K V <shikv@cisco.com>
+
+#ifndef HTTP_INSPECT_BASE_H
+#define HTTP_INSPECT_BASE_H
+
+#include "flow/flow.h"
+#include "framework/inspector.h"
+#include "main/snort_types.h"
+
+#include "http_common.h"
+
+class SO_PUBLIC HttpInspectBase : public snort::Inspector
+{
+public:
+ virtual ~HttpInspectBase() override = default;
+
+ virtual HttpCommon::SectionType get_type_expected(snort::Flow* flow, HttpCommon::SourceId source_id) const = 0;
+ virtual void finish_h2_body(snort::Flow* flow, HttpCommon::SourceId source_id, HttpCommon::H2BodyState state,
+ bool clear_partial_buffer) const = 0;
+ virtual void set_h2_body_state(snort::Flow* flow, HttpCommon::SourceId source_id, HttpCommon::H2BodyState state) const = 0;
+};
+
+#endif
+
#include "http_msg_body_h2.h"
-using namespace HttpEnums;
+using namespace HttpCommon;
void HttpMsgBodyH2::update_flow()
{
#include <zlib.h>
-#include "stream/stream_splitter.h"
-
#include "http_common.h"
#include "http_enum.h"
#include "http_flow_data.h"
+#include "http_stream_splitter_base.h"
#include "http_test_manager.h"
class HttpInspect;
-class HttpStreamSplitter : public snort::StreamSplitter
+class HttpStreamSplitter : public HttpStreamSplitterBase
{
public:
HttpStreamSplitter(bool is_client_to_server, HttpInspect* my_inspector_) :
- snort::StreamSplitter(is_client_to_server),
+ HttpStreamSplitterBase(is_client_to_server),
my_inspector(my_inspector_),
source_id(is_client_to_server ? HttpCommon::SRC_CLIENT : HttpCommon::SRC_SERVER) {}
Status scan(snort::Packet* pkt, const uint8_t* data, uint32_t length, uint32_t not_used,
const snort::StreamBuffer reassemble(snort::Flow* flow, unsigned total, unsigned, const
uint8_t* data, unsigned len, uint32_t flags, unsigned& copied) override;
bool finish(snort::Flow* flow) override;
- void prep_partial_flush(snort::Flow* flow, uint32_t num_flush);
+ void prep_partial_flush(snort::Flow* flow, uint32_t num_flush) override;
bool is_paf() override { return true; }
static StreamSplitter::Status status_value(StreamSplitter::Status ret_val, bool http2 = false);
void go_away() override {}
private:
- void prepare_flush(HttpFlowData* session_data, uint32_t* flush_offset, HttpEnums::SectionType
+ void prepare_flush(HttpFlowData* session_data, uint32_t* flush_offset, HttpCommon::SectionType
section_type, uint32_t num_flushed, uint32_t num_excess, int32_t num_head_lines,
bool is_broken_chunk, uint32_t num_good_chunks, uint32_t octets_seen)
const;
- HttpCutter* get_cutter(HttpEnums::SectionType type, HttpFlowData* session) const;
+ HttpCutter* get_cutter(HttpCommon::SectionType type, HttpFlowData* session) const;
void chunk_spray(HttpFlowData* session_data, uint8_t* buffer, const uint8_t* data,
unsigned length) const;
void decompress_copy(uint8_t* buffer, uint32_t& offset, const uint8_t* data,
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2022-2022 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+// http_stream_splitter_base.h author Shibin K V <shikv@cisco.com>
+
+#ifndef HTTP_STREAM_SPLITTER_BASE_H
+#define HTTP_STREAM_SPLITTER_BASE_H
+
+#include "main/snort_types.h"
+#include "stream/stream_splitter.h"
+
+class SO_PUBLIC HttpStreamSplitterBase : public snort::StreamSplitter
+{
+public:
+ virtual ~HttpStreamSplitterBase() override = default;
+
+ virtual void prep_partial_flush(snort::Flow* flow, uint32_t num_flush) = 0;
+
+protected:
+ HttpStreamSplitterBase(bool c2s) : StreamSplitter(c2s) { }
+};
+
+#endif
+
#include "config.h"
#endif
+#include "http_stream_splitter.h"
+
#include "file_api/file_flows.h"
#include "pub_sub/http_request_body_event.h"
#include "http_module.h"
#include "http_msg_header.h"
#include "http_msg_request.h"
-#include "http_stream_splitter.h"
#include "http_test_input.h"
using namespace HttpCommon;
#include "config.h"
#endif
+#include "http_stream_splitter.h"
+
#include "protocols/packet.h"
#include "http_inspect.h"
#include "http_module.h"
-#include "http_stream_splitter.h"
#include "http_test_input.h"
+using namespace HttpCommon;
using namespace HttpEnums;
using namespace snort;
#include "config.h"
#endif
+#include "http_stream_splitter.h"
+
#include "packet_io/active.h"
#include "http_common.h"
#include "http_enum.h"
#include "http_inspect.h"
#include "http_module.h"
-#include "http_stream_splitter.h"
+#include "http_msg_section.h"
#include "http_test_input.h"
using namespace snort;
#include "http_common.h"
#include "http_enum.h"
#include "http_inspect.h"
+#include "http_msg_section.h"
#include "http_param.h"
using namespace snort;
projects / thirdparty / snort3.git / commitdiff
