Merge pull request #2237 in SNORT/snort3 from ~KAMURTHI/snort3:http2-response-match...

Squashed commit of the following:

commit d3cdafa9cdead598b4719b49d7c0cb5c7c122143
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date:   Sun May 31 22:15:50 2020 -0400

    appid: Match http2 response to request

diff --git a/src/network_inspectors/appid/appid_http_event_handler.cc b/src/network_inspectors/appid/appid_http_event_handler.cc
index a317e1396fc4d28e6be398bc33f1bae8e8c9b0a4..0561153e4455fb30a4fbc73ce9394c8d0ad608f5 100644 (file)
--- a/src/network_inspectors/appid/appid_http_event_handler.cc
+++ b/src/network_inspectors/appid/appid_http_event_handler.cc
@@ -64,13 +64,21 @@ void HttpEventHandler::handle(DataEvent& event, Flow* flow)
     AppIdHttpSession* hsession;
     if (http_event->get_is_http2())
     {
-        if (asd->get_prev_http2_raw_packet() != asd->session_packet_count)
+        if (direction == APP_ID_FROM_INITIATOR)
         {
-            asd->delete_all_http_sessions();
-            asd->set_prev_http2_raw_packet(asd->session_packet_count);
+            if (asd->get_prev_http2_raw_packet() != asd->session_packet_count)
+            {
+                asd->delete_all_http_sessions();
+                asd->set_prev_http2_raw_packet(asd->session_packet_count);
+            }
+            hsession = asd->create_http_session(http_event->get_http2_stream_id());
+        }
+        else
+        {
+            hsession = asd->get_matching_http_session(http_event->get_http2_stream_id());
+            if (!hsession)
+                hsession = asd->create_http_session(http_event->get_http2_stream_id());
         }
-
-        hsession = asd->create_http_session(http_event->get_http2_stream_id());
     }
     else
     {

diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc
index 9a4238d873f6a487ac5af1109f76dfc4228447cf..39c78c35c0adbca1286818f282755d6526c53b29 100644 (file)
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -1018,6 +1018,16 @@ AppIdHttpSession* AppIdSession::get_http_session(uint32_t stream_index)
         return nullptr;
 }
 
+AppIdHttpSession* AppIdSession::get_matching_http_session(uint32_t stream_id)
+{
+    for (uint32_t stream_index=0; stream_index < hsessions.size(); stream_index++)
+    {
+        if(stream_id == hsessions[stream_index]->get_http2_stream_id())
+            return hsessions[stream_index];
+    }
+    return nullptr;
+}
+
 AppIdDnsSession* AppIdSession::create_dns_session()
 {
     if (dsession)

diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h
index 34547c85b3f542ffe8ce8d11173e3d5a2f0563b3..276d3728ff5ccff480e189c51b8258bc31cfe078 100644 (file)
--- a/src/network_inspectors/appid/appid_session.h
+++ b/src/network_inspectors/appid/appid_session.h
@@ -361,6 +361,7 @@ public:
 
     AppIdHttpSession* create_http_session(uint32_t stream_id = 0);
     AppIdHttpSession* get_http_session(uint32_t stream_index = 0);
+    AppIdHttpSession* get_matching_http_session(uint32_t stream_id);
     void delete_all_http_sessions()
     {
         for (auto hsession : hsessions)

diff --git a/src/network_inspectors/appid/test/appid_mock_session.h b/src/network_inspectors/appid/test/appid_mock_session.h
index 52215e22d0d4ded4347784b267b247fd66d04adb..08aa8cf70c873a9f033eb3d40346c9c12f683acf 100644 (file)
--- a/src/network_inspectors/appid/test/appid_mock_session.h
+++ b/src/network_inspectors/appid/test/appid_mock_session.h
@@ -283,6 +283,16 @@ AppIdHttpSession* AppIdSession::get_http_session(uint32_t stream_index)
     return nullptr;
 }
 
+AppIdHttpSession* AppIdSession::get_matching_http_session(uint32_t stream_id)
+{
+    for (uint32_t stream_index=0; stream_index < hsessions.size(); stream_index++)
+    {
+        if(stream_id == hsessions[stream_index]->get_http2_stream_id())
+            return hsessions[stream_index];
+    }
+    return nullptr;
+}
+
 AppIdDnsSession* AppIdSession::create_dns_session()
 {
     if ( !dsession )