Merge pull request #3032 in SNORT/snort3 from ~THOPETER/snort3:nhttp158 to master

Squashed commit of the following:

commit dc970325178f3d16227e3c1f44f22a32ccb1fa70
Author: Tom Peters <thopeter@cisco.com>
Date:   Thu Aug 19 17:23:25 2021 -0400

    http_inspect: support more infractions and events

diff --git a/src/framework/base_api.h b/src/framework/base_api.h
index 45a3a8873d765b46440a663dad61e3744f258813..e416771bedce148d4fe3eaa22cd4efb816f49a14 100644 (file)
--- a/src/framework/base_api.h
+++ b/src/framework/base_api.h
@@ -29,7 +29,7 @@
 
 // this is the current version of the base api
 // must be prefixed to subtype version
-#define BASE_API_VERSION 5
+#define BASE_API_VERSION 6
 
 // set options to API_OPTIONS to ensure compatibility
 #ifndef API_OPTIONS

diff --git a/src/service_inspectors/http_inspect/http_event.h b/src/service_inspectors/http_inspect/http_event.h
index b11b4e30f4fd16a1cf70d0b4d294e8172b58bde2..16044e3b314d3fba390b352e346a4625a24b2495 100644 (file)
--- a/src/service_inspectors/http_inspect/http_event.h
+++ b/src/service_inspectors/http_inspect/http_event.h
@@ -52,6 +52,9 @@ public:
     uint64_t get_raw3() const { return
        ((events_generated >> BASE_2XX_EVENTS) & bitmask).to_ulong(); }
 
+    uint64_t get_raw4() const { return
+       ((events_generated >> (BASE_2XX_EVENTS + 64)) & bitmask).to_ulong(); }
+
 private:
     static const unsigned BASE_1XX_EVENTS = 100;
     static const unsigned BASE_2XX_EVENTS = 200;

diff --git a/src/service_inspectors/http_inspect/http_msg_section.cc b/src/service_inspectors/http_inspect/http_msg_section.cc
index e31e5718b9096e9aa8b8c59fbdbb893a55dd33ff..1c7ae7741bc494c9cc6778c20b557cce35e418b1 100644 (file)
--- a/src/service_inspectors/http_inspect/http_msg_section.cc
+++ b/src/service_inspectors/http_inspect/http_msg_section.cc
@@ -421,10 +421,12 @@ void HttpMsgSection::print_section_title(FILE* output, const char* title) const
 
 void HttpMsgSection::print_section_wrapup(FILE* output) const
 {
-    fprintf(output, "Infractions: %016" PRIx64 " %016" PRIx64 ", Events: %016" PRIx64 " %016"
-        PRIx64 " %016" PRIx64 ", TCP Close: %s\n\n",
+    fprintf(output, "Infractions: %016" PRIx64 " %016" PRIx64 " %016" PRIx64 ", Events: %016"
+        PRIx64 " %016" PRIx64 " %016" PRIx64 " %016" PRIx64 ", TCP Close: %s\n\n",
+        transaction->get_infractions(source_id)->get_raw3(),
         transaction->get_infractions(source_id)->get_raw2(),
         transaction->get_infractions(source_id)->get_raw(),
+        session_data->events[source_id]->get_raw4(),
         session_data->events[source_id]->get_raw3(),
         session_data->events[source_id]->get_raw2(),
         session_data->events[source_id]->get_raw(),

diff --git a/src/utils/infractions.h b/src/utils/infractions.h
index d4d8d2139d6744df48f43128238aef7cc1ab3f9a..2cd1979c03f8513b52d35d4a3694a0ce73653464 100644 (file)
--- a/src/utils/infractions.h
+++ b/src/utils/infractions.h
@@ -52,6 +52,8 @@ public:
         (infractions & std::bitset<MAX>(0xFFFFFFFFFFFFFFFF)).to_ulong(); }
     uint64_t get_raw2() const { return
         ((infractions >> 64) & std::bitset<MAX>(0xFFFFFFFFFFFFFFFF)).to_ulong(); }
+    uint64_t get_raw3() const { return
+        ((infractions >> 128) & std::bitset<MAX>(0xFFFFFFFFFFFFFFFF)).to_ulong(); }
 
 private:
     std::bitset<MAX> infractions = 0;