{
switch (stream->get_state(source_id))
{
- case STATE_OPEN:
+ case STREAM_EXPECT_BODY:
if (data_length > 0)
{
session_data->concurrent_files += 1;
- stream->set_state(source_id, STATE_OPEN_DATA);
+ stream->set_state(source_id, STREAM_BODY);
if (session_data->concurrent_files >
Http2Module::get_peg_counts(PEG_MAX_CONCURRENT_FILES))
{
}
}
if (stream->is_end_stream_on_data_flush(source_id))
- stream->set_state(source_id, STATE_CLOSED);
+ stream->set_state(source_id, STREAM_COMPLETE);
break;
- case STATE_OPEN_DATA:
+ case STREAM_BODY:
if (stream->is_end_stream_on_data_flush(source_id))
{
assert(session_data->concurrent_files > 0);
session_data->concurrent_files -= 1;
- stream->set_state(source_id, STATE_CLOSED);
+ stream->set_state(source_id, STREAM_COMPLETE);
}
break;
default:
+ // FIXIT-E build this out
// Stream state is idle or closed - this is caught in scan so should not get here
assert(false);
}
FT_PUSH_PROMISE=5, FT_PING=6, FT_GOAWAY=7, FT_WINDOW_UPDATE=8, FT_CONTINUATION=9, FT__ABORT=254,
FT__NONE=255 };
-enum StreamState { STATE_IDLE, STATE_OPEN, STATE_OPEN_DATA, STATE_CLOSED };
+enum StreamState { STREAM_EXPECT_HEADERS, STREAM_EXPECT_BODY, STREAM_BODY, STREAM_IMPLIED_COMPLETE,
+ STREAM_COMPLETE, STREAM_ERROR };
// Message buffers available to clients
// This enum must remain synchronized with Http2Api::classic_buffer_names[]
switch(session_data->frame_type[source_id])
{
case FT_HEADERS:
- if (stream->get_state(source_id) == STATE_IDLE)
- return new Http2HeadersFrameHeader(header, header_len, data, data_len, session_data,
- source_id, stream);
+ if (stream->get_state(source_id) == STREAM_EXPECT_HEADERS)
+ return new Http2HeadersFrameHeader(header, header_len, data, data_len,
+ session_data, source_id, stream);
else
return new Http2HeadersFrameTrailer(header, header_len, data, data_len,
session_data, source_id, stream);
return new Http2DataFrame(header, header_len, data, data_len, session_data, source_id,
stream);
default:
- return new Http2Frame(header, header_len, data, data_len, session_data, source_id, stream);
+ return new Http2Frame(header, header_len, data, data_len, session_data, source_id,
+ stream);
}
}
#include "service_inspectors/http_inspect/http_common.h"
#include "service_inspectors/http_inspect/http_field.h"
-/* This class is called Http2Frame, but an object of this class may not represent exactly one HTTP/2
- * frame as received on the wire. For HEADERS frames, the Http2Frame object contains the initial
- * HEADERS frame plus any following CONTINUATION frames grouped together. For DATA frames, the
- * Http2Frame object represents approximately 16kb of data to be inspected. This may consist of
- * part of a larger DATA frame cut into 16kb-sized pieces, or several smaller DATA frames aggregated
- * together.
+/* This class is called Http2Frame, but an object of this class may not represent exactly one
+ * HTTP/2 frame as received on the wire. For HEADERS frames, the Http2Frame object contains the
+ * initial HEADERS frame plus any following CONTINUATION frames grouped together. For DATA frames,
+ * the Http2Frame object represents approximately 16kb of data to be inspected. This may consist
+ * of part of a larger DATA frame cut into 16kb-sized pieces, or several smaller DATA frames
+ * aggregated together.
*/
class Http2FlowData;
session_data->hi->clear(&dummy_pkt);
}
-
-
void Http2HeadersFrame::process_decoded_headers(HttpFlowData* http_flow)
{
if (error_during_decode)
// Return: continue processing frame
bool Http2HeadersFrame::check_frame_validity()
{
- if (stream->get_state(source_id) == STATE_CLOSED)
+ if (stream->get_state(source_id) == STREAM_COMPLETE)
{
*session_data->infractions[source_id] += INF_TRAILERS_AFTER_END_STREAM;
session_data->events[source_id]->create_event(EVENT_FRAME_SEQUENCE);
return false;
}
- else if ((stream->get_state(source_id) != STATE_IDLE) and !(get_flags() & END_STREAM))
+ else if ((stream->get_state(source_id) != STREAM_EXPECT_HEADERS) and
+ !(get_flags() & END_STREAM))
{
// Trailers without END_STREAM flag set. Alert but continue to process.
*session_data->infractions[source_id] += INF_FRAME_SEQUENCE;
{
switch (stream->get_state(source_id))
{
- case STATE_IDLE:
+ case STREAM_EXPECT_HEADERS:
if (get_flags() & END_STREAM)
- stream->set_state(source_id, STATE_CLOSED);
+ stream->set_state(source_id, STREAM_COMPLETE);
else
- stream->set_state(source_id, STATE_OPEN);
+ stream->set_state(source_id, STREAM_EXPECT_BODY);
break;
- case STATE_OPEN:
+ case STREAM_EXPECT_BODY:
// fallthrough
- case STATE_OPEN_DATA:
+ case STREAM_BODY:
// Any trailing headers frame will be processed as trailers regardless of whether the
// END_STREAM flag is set
- if (stream->get_state(source_id) == STATE_OPEN_DATA)
+ if (stream->get_state(source_id) == STREAM_BODY)
session_data->concurrent_files -= 1;
- stream->set_state(source_id, STATE_CLOSED);
+ stream->set_state(source_id, STREAM_COMPLETE);
break;
- case STATE_CLOSED:
+ case STREAM_COMPLETE:
// FIXIT-E frame validity should be checked before creating frame so we should not get
// here
break;
+ default:
+ // FIXIT-E build this out
+ break;
}
}
-
#ifdef REG_TEST
void Http2HeadersFrame::print_frame(FILE* output)
{
if (session_data == nullptr)
return;
+ // FIXIT-E precaution against spurious clear() calls
+ if (!session_data->frame_in_detection)
+ {
+ assert(session_data->stream_in_hi == NO_STREAM_ID);
+ return;
+ }
+
session_data->frame_in_detection = false;
const SourceId source_id = p->is_from_client() ? SRC_CLIENT : SRC_SERVER;
void Http2Stream::eval_frame(const uint8_t* header_buffer, int32_t header_len,
const uint8_t* data_buffer, int32_t data_len, SourceId source_id)
{
- delete current_frame;
+ assert(current_frame == nullptr);
current_frame = Http2Frame::new_frame(header_buffer, header_len, data_buffer,
data_len, session_data, source_id, this);
current_frame->update_stream_state();
void Http2Stream::clear_frame()
{
- if (current_frame != nullptr) // FIXIT-M why is this needed?
- current_frame->clear();
+ assert(current_frame != nullptr);
+ current_frame->clear();
delete current_frame;
current_frame = nullptr;
}
+void Http2Stream::set_state(HttpCommon::SourceId source_id, StreamState new_state)
+{
+ assert((STREAM_EXPECT_HEADERS <= new_state) && (new_state <= STREAM_ERROR));
+ assert(state[source_id] < new_state);
+ state[source_id] = new_state;
+}
+
void Http2Stream::set_hi_flow_data(HttpFlowData* flow_data)
{
assert(hi_flow_data == nullptr);
bool Http2Stream::is_open(HttpCommon::SourceId source_id)
{
- return (state[source_id] == STATE_OPEN) || (state[source_id] == STATE_OPEN_DATA);
+ return (state[source_id] == STREAM_EXPECT_BODY) || (state[source_id] == STREAM_BODY);
}
void Http2Stream::finish_msg_body(HttpCommon::SourceId source_id, bool expect_trailers,
bool is_partial_buf_pending(HttpCommon::SourceId source_id)
{ return partial_buf_pending[source_id]; }
- void set_state(HttpCommon::SourceId source_id, Http2Enums::StreamState new_state)
- { state[source_id] = new_state; }
- Http2Enums::StreamState get_state(HttpCommon::SourceId source_id) { return state[source_id]; }
+ void set_state(HttpCommon::SourceId source_id, Http2Enums::StreamState new_state);
+ Http2Enums::StreamState get_state(HttpCommon::SourceId source_id) const
+ { return state[source_id]; }
bool is_open(HttpCommon::SourceId source_id);
void set_end_stream_on_data_flush(HttpCommon::SourceId source_id)
{ end_stream_on_data_flush[source_id] = true; }
Http2DataCutter* data_cutter[2] = { nullptr, nullptr};
bool partial_buf_pending[2] = { false, false }; // used to indicate a partial buffer
bool end_stream_on_data_flush[2] = { false, false };
- Http2Enums::StreamState state[2] = { Http2Enums::STATE_IDLE, Http2Enums::STATE_IDLE };
+ Http2Enums::StreamState state[2] =
+ { Http2Enums::STREAM_EXPECT_HEADERS, Http2Enums::STREAM_EXPECT_HEADERS };
};
#endif
for (const Http2FlowData::StreamInfo& stream_info : session_data->streams)
{
if ((stream_info.id == 0) ||
- (stream_info.stream->get_state(source_id) == STATE_CLOSED) ||
+ (stream_info.stream->get_state(source_id) == STREAM_COMPLETE) ||
(stream_info.stream->get_hi_flow_data() == nullptr) ||
(stream_info.stream->get_hi_flow_data()->get_type_expected(source_id)
!= HttpEnums::SEC_BODY_H2))
projects / thirdparty / snort3.git / commitdiff
