Merge pull request #2899 in SNORT/snort3 from ~NIHDESAI/snort3:h2_rule_options to...

Squashed commit of the following:

commit eee6084bae7e383f5b2dce1728b324cd2a4dd2e4
Author: Nihal Desai <nihdesai@cisco.com>
Date:   Sun May 16 23:32:05 2021 -0400

    http2_inspect: rule options and doc clean up

diff --git a/doc/user/http2_inspect.txt b/doc/user/http2_inspect.txt
index 85577ee4e79c57ac629b65fd25d26c5297bacead..641b301bac51ae55376b1fcbd0d5e9d17faa3c37 100644 (file)
--- a/doc/user/http2_inspect.txt
+++ b/doc/user/http2_inspect.txt
@@ -6,19 +6,6 @@ You can configure it by adding:
 
 to your snort.lua configuration file.
 
-Everything has a beginning and for http2_inspect this is the beginning of
-the beginning.
-
-Currently http2_inspect will divide an HTTP/2 connection into individual
-frames. Two new rule options are available for looking at HTTP/2 frames:
-http2_frame_header provides the 9-octet frame header.
-
-    alert tcp any any -> any any (msg:"Frame type"; flow:established,
-    to_client; http2_frame_header; content:"|06|", offset 3, depth 1;
-    sid:1; rev:1; )
-
-This will match if the Type byte of the frame header is 6 (PING).
-
 To smooth the transition to inspecting HTTP/2, rules that specify 
 service:http will be treated as if they also specify service:http2. 
 Thus:
@@ -43,6 +30,3 @@ large numbers of existing rules. New rules should explicitly specify
 "service http,http2;" if that is the desired behavior. Eventually 
 support for http implies http2 may be deprecated and removed.
 
-In the future, http2_inspect will be fully integrated with http_inspect to
-provide full inspection of the individual HTTP/1.1 streams.
-

diff --git a/src/service_inspectors/http2_inspect/http2_api.cc b/src/service_inspectors/http2_inspect/http2_api.cc
index 338f45d0d0ee91d21611c690df9504bf8ac3ec19..ab3e8a7312eab1de4abd9b1ff8383caa7f0a9084 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_api.cc
+++ b/src/service_inspectors/http2_inspect/http2_api.cc
@@ -38,9 +38,10 @@ Inspector* Http2Api::http2_ctor(Module* mod)
 
 const char* Http2Api::classic_buffer_names[] =
 {
-    "http2_frame_type",
-    "http2_raw_frame",
+#ifdef REG_TEST
+    "http2_frame_header",
     "http2_decoded_header",
+#endif
     nullptr
 };
 
@@ -72,8 +73,10 @@ const InspectApi Http2Api::http2_api =
     nullptr
 };
 
+#ifdef REG_TEST
 extern const BaseApi* ips_http2_frame_header;
 extern const BaseApi* ips_http2_decoded_header;
+#endif
 
 #ifdef BUILDING_SO
 SO_PUBLIC const BaseApi* snort_plugins[] =
@@ -82,8 +85,10 @@ const BaseApi* sin_http2[] =
 #endif
 {
     &Http2Api::http2_api.base,
+#ifdef REG_TEST
     ips_http2_frame_header,
     ips_http2_decoded_header,
+#endif
     nullptr
 };
 

diff --git a/src/service_inspectors/http2_inspect/http2_enum.h b/src/service_inspectors/http2_inspect/http2_enum.h
index 25d23a75ace9e79d2129191bfaa98778fa008bfa..e4fedee86147cdfba3bf184a71f7ddfda1e4fe09 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_enum.h
+++ b/src/service_inspectors/http2_inspect/http2_enum.h
@@ -45,8 +45,7 @@ enum StreamState { STREAM_EXPECT_HEADERS, STREAM_EXPECT_BODY, STREAM_BODY, STREA
 
 // Message buffers available to clients
 // This enum must remain synchronized with Http2Api::classic_buffer_names[]
-enum HTTP2_BUFFER { HTTP2_BUFFER_FRAME_HEADER = 1, HTTP2_BUFFER_FRAME_DATA,
-    HTTP2_BUFFER_DECODED_HEADER, HTTP2_BUFFER__MAX };
+enum HTTP2_BUFFER { HTTP2_BUFFER_FRAME_HEADER = 1, HTTP2_BUFFER_DECODED_HEADER, HTTP2_BUFFER__MAX };
 
 // Peg counts
 // This enum must remain synchronized with Http2Module::peg_names[] in http2_tables.cc

diff --git a/src/service_inspectors/http2_inspect/http2_frame.cc b/src/service_inspectors/http2_inspect/http2_frame.cc
index 23ef47c8249efb2448b9ec9eb61a0e66aa8b5055..b0843d7e76fc38da70d75be9795030347e3c12de 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_frame.cc
+++ b/src/service_inspectors/http2_inspect/http2_frame.cc
@@ -115,8 +115,6 @@ const Field& Http2Frame::get_buf(unsigned id)
     {
     case HTTP2_BUFFER_FRAME_HEADER:
         return header;
-    case HTTP2_BUFFER_FRAME_DATA:
-        return data;
     default:
         return Field::FIELD_NULL;
     }

diff --git a/src/service_inspectors/http2_inspect/ips_http2.cc b/src/service_inspectors/http2_inspect/ips_http2.cc
index c088a720f0381b2a26faab27636e00e603fcb8dd..8fe824486ea9f5bbdb5c246942b3f3dd30209ad9 100644 (file)
--- a/src/service_inspectors/http2_inspect/ips_http2.cc
+++ b/src/service_inspectors/http2_inspect/ips_http2.cc
@@ -81,6 +81,7 @@ IpsOption::EvalStatus Http2IpsOption::eval(Cursor& c, Packet* p)
     return MATCH;
 }
 
+#ifdef REG_TEST
 //-------------------------------------------------------------------------
 // http2_frame_header
 //-------------------------------------------------------------------------
@@ -120,7 +121,9 @@ static const IpsApi frame_header_api =
     Http2IpsOption::opt_dtor,
     nullptr
 };
+#endif
 
+#ifdef REG_TEST
 //-------------------------------------------------------------------------
 // http2_decoded_header
 //-------------------------------------------------------------------------
@@ -160,11 +163,13 @@ static const IpsApi decoded_header_api =
     Http2IpsOption::opt_dtor,
     nullptr
 };
+#endif
 
 //-------------------------------------------------------------------------
 // plugins
 //-------------------------------------------------------------------------
-
+#ifdef REG_TEST
 const BaseApi* ips_http2_frame_header = &frame_header_api.base;
 const BaseApi* ips_http2_decoded_header = &decoded_header_api.base;
+#endif