// Internal to scan()
bool preface[2] = { true, false };
+ uint32_t preface_octets_seen = 0;
bool continuation_expected[2] = { false, false };
uint8_t scan_frame_header[2][Http2Enums::FRAME_HEADER_LENGTH];
uint32_t scan_remaining_frame_octets[2] = { 0, 0 };
- uint32_t scan_octets_seen[2] = { 0, 0 };
+ uint32_t header_octets_seen[2] = { 0, 0 };
uint8_t padding_length[2] = { 0, 0 };
uint8_t remaining_data_padding[2] = { 0, 0 };
Http2Enums::ScanState scan_state[2] =
// Scan signals to reassemble()
bool payload_discard[2] = { false, false };
- uint32_t total_bytes_in_split[2] = { 0, 0 };
// Used by scan, reassemble and eval to communicate
uint8_t frame_type[2] = { Http2Enums::FT__NONE, Http2Enums::FT__NONE };
if (frame_length == 0)
{
*flush_offset = data_offset;
+ session_data->header_octets_seen[source_id] = 0;
session_data->scan_state[source_id] = SCAN_FRAME_HEADER;
return StreamSplitter::FLUSH;
}
return StreamSplitter::ABORT;
}
- session_data->total_bytes_in_split[source_id] += FRAME_HEADER_LENGTH +
- frame_length;
-
return StreamSplitter::SEARCH;
}
data_offset += session_data->scan_remaining_frame_octets[source_id];
*flush_offset = data_offset;
- session_data->scan_octets_seen[source_id] = 0;
+ session_data->header_octets_seen[source_id] = 0;
session_data->scan_remaining_frame_octets[source_id] = 0;
session_data->scan_state[source_id] = SCAN_FRAME_HEADER;
return status;
// The first nine bytes are the frame header. But all nine might not all be
// present in the first TCP segment we receive.
const uint32_t remaining_header = FRAME_HEADER_LENGTH -
- session_data->scan_octets_seen[source_id];
+ session_data->header_octets_seen[source_id];
const uint32_t remaining_header_in_data = remaining_header > length - data_offset ?
length - data_offset : remaining_header;
memcpy(session_data->scan_frame_header[source_id] +
- session_data->scan_octets_seen[source_id], data + data_offset,
+ session_data->header_octets_seen[source_id], data + data_offset,
remaining_header_in_data);
- session_data->scan_octets_seen[source_id] += remaining_header_in_data;
+ session_data->header_octets_seen[source_id] += remaining_header_in_data;
data_offset += remaining_header_in_data;
- if (session_data->scan_octets_seen[source_id] < FRAME_HEADER_LENGTH)
+ if (session_data->header_octets_seen[source_id] < FRAME_HEADER_LENGTH)
return false;
return true;
{
// 24-byte preface, not a real frame, no frame header
// Verify preface is correct, else generate loss of sync event and abort
- switch (validate_preface(data, length, session_data->scan_octets_seen[source_id]))
+ switch (validate_preface(data, length, session_data->preface_octets_seen))
{
case V_GOOD:
- *flush_offset = 24 - session_data->scan_octets_seen[source_id];
+ *flush_offset = 24 - session_data->preface_octets_seen;
session_data->preface[source_id] = false;
session_data->payload_discard[source_id] = true;
- session_data->scan_octets_seen[source_id] = 0;
return StreamSplitter::FLUSH;
case V_BAD:
session_data->events[source_id]->create_event(EVENT_PREFACE_MATCH_FAILURE);
return StreamSplitter::ABORT;
case V_TBD:
- session_data->scan_octets_seen[source_id] += length;
- assert(session_data->scan_octets_seen[source_id] < 24);
+ session_data->preface_octets_seen += length;
+ assert(session_data->preface_octets_seen < 24);
*flush_offset = length;
session_data->payload_discard[source_id] = true;
return StreamSplitter::FLUSH;
if (flags & PKT_PDU_TAIL)
{
- session_data->total_bytes_in_split[source_id] = 0;
- session_data->scan_octets_seen[source_id] = 0;
-
if (session_data->frame_type[source_id] != FT_DATA)
{
session_data->frame_data[source_id] = session_data->frame_reassemble[source_id];
projects / thirdparty / snort3.git / commitdiff
