return 0;
}
+#[no_mangle]
+pub unsafe extern "C" fn rs_http2_tx_get_status(
+ tx: &mut HTTP2Transaction, buffer: *mut *const u8, buffer_len: *mut u32,
+) -> u8 {
+ if let Ok(value) = http2_frames_get_header_value(&tx.frames_tc, ":status") {
+ *buffer = value.as_ptr(); //unsafe
+ *buffer_len = value.len() as u32;
+ return 1;
+ }
+ return 0;
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn rs_http2_tx_get_cookie(
+ tx: &mut HTTP2Transaction, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
+) -> u8 {
+ if direction == STREAM_TOSERVER {
+ if let Ok(value) = http2_frames_get_header_value(&tx.frames_ts, "cookie") {
+ *buffer = value.as_ptr(); //unsafe
+ *buffer_len = value.len() as u32;
+ return 1;
+ }
+ } else {
+ if let Ok(value) = http2_frames_get_header_value(&tx.frames_tc, "set-cookie") {
+ *buffer = value.as_ptr(); //unsafe
+ *buffer_len = value.len() as u32;
+ return 1;
+ }
+ }
+ return 0;
+}
+
#[no_mangle]
pub unsafe extern "C" fn rs_http2_tx_get_header_value(
tx: &mut HTTP2Transaction, direction: u8, strname: *const std::os::raw::c_char,
const DetectEngineTransforms *transforms,
Flow *_f, const uint8_t _flow_flags,
void *txv, const int list_id);
-
+static InspectionBuffer *GetRequestData2(DetectEngineThreadCtx *det_ctx,
+ const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv,
+ const int list_id);
+static InspectionBuffer *GetResponseData2(DetectEngineThreadCtx *det_ctx,
+ const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv,
+ const int list_id);
/**
* \brief Registration function for keyword: http_cookie
*/
PrefilterGenericMpmRegister, GetResponseData, ALPROTO_HTTP,
HTP_REQUEST_HEADERS);
+ DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
+ HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRequestData2);
+ DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT,
+ HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetResponseData2);
+
+ DetectAppLayerMpmRegister2("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
+ GetRequestData2, ALPROTO_HTTP2, HTTP2StateDataClient);
+ DetectAppLayerMpmRegister2("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister,
+ GetResponseData2, ALPROTO_HTTP2, HTTP2StateDataServer);
+
DetectBufferTypeSetDescriptionByName("http_cookie",
"http cookie header");
return buffer;
}
+static InspectionBuffer *GetRequestData2(DetectEngineThreadCtx *det_ctx,
+ const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv,
+ const int list_id)
+{
+ InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
+ if (buffer->inspect == NULL) {
+ uint32_t b_len = 0;
+ const uint8_t *b = NULL;
+
+ if (rs_http2_tx_get_cookie(txv, STREAM_TOSERVER, &b, &b_len) != 1)
+ return NULL;
+ if (b == NULL || b_len == 0)
+ return NULL;
+
+ InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
+ InspectionBufferApplyTransforms(buffer, transforms);
+ }
+
+ return buffer;
+}
+
+static InspectionBuffer *GetResponseData2(DetectEngineThreadCtx *det_ctx,
+ const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv,
+ const int list_id)
+{
+ InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
+ if (buffer->inspect == NULL) {
+ uint32_t b_len = 0;
+ const uint8_t *b = NULL;
+
+ if (rs_http2_tx_get_cookie(txv, STREAM_TOCLIENT, &b, &b_len) != 1)
+ return NULL;
+ if (b == NULL || b_len == 0)
+ return NULL;
+
+ InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
+ InspectionBufferApplyTransforms(buffer, transforms);
+ }
+
+ return buffer;
+}
+
/******************************** UNITESTS **********************************/
#ifdef UNITTESTS
projects / thirdparty / suricata.git / commitdiff
