Merge pull request #1784 in SNORT/snort3 from ~DERAMADA/snort3:h2i_discard_conn_prefa...

author Mike Stepanek (mstepane) <mstepane@cisco.com>

Thu, 10 Oct 2019 18:42:18 +0000 (14:42 -0400)

committer Mike Stepanek (mstepane) <mstepane@cisco.com>

Thu, 10 Oct 2019 18:42:18 +0000 (14:42 -0400)
author Mike Stepanek (mstepane) <mstepane@cisco.com>
Thu, 10 Oct 2019 18:42:18 +0000 (14:42 -0400)
committer Mike Stepanek (mstepane) <mstepane@cisco.com>
Thu, 10 Oct 2019 18:42:18 +0000 (14:42 -0400)
diff --git a/src/service_inspectors/http2_inspect/http2_flow_data.h b/src/service_inspectors/http2_inspect/http2_flow_data.h

index 9191b3c4f1bb6df7e24b83099286854852469a2a..3393851f896a99e579e399f1d459a186801ec49f 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_flow_data.h
+++ b/src/service_inspectors/http2_inspect/http2_flow_data.h
@@ -112,6 +112,7 @@ protected:
  
      // Scan signals to reassemble
      bool header_coming[2]  = { false, false };
+    bool payload_discard[2] = { false, false };
      uint32_t frames_aggregated[2] = { 0, 0 };
      
      // Internal to reassemble
diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc

index b203e5eeafc7440cae7afe194ae93d3838899064..51288c52f8213fc80bc9febc28d080f75496da10 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
@@ -107,39 +107,59 @@ const StreamBuffer Http2StreamSplitter::reassemble(Flow* flow, unsigned total, u
      assert(session_data != nullptr);
  
  #ifdef REG_TEST
-    if (HttpTestManager::use_test_output(HttpTestManager::IN_HTTP2))
+    if (HttpTestManager::use_test_input(HttpTestManager::IN_HTTP2))
      {
-        if (HttpTestManager::use_test_input(HttpTestManager::IN_HTTP2))
+        snort::StreamBuffer http_buf { nullptr, 0 };
+        if (!(flags & PKT_PDU_TAIL))
+        {
+            return http_buf;
+        }
+        bool tcp_close;
+        bool partial_flush;
+        uint8_t* test_buffer;
+        HttpTestManager::get_test_input_source()->reassemble(&test_buffer, len, source_id,
+            tcp_close, partial_flush);
+        if (tcp_close)
+        {
+            finish(flow);
+        }
+        if (partial_flush)
          {
-            snort::StreamBuffer http_buf { nullptr, 0 };
-            if (!(flags & PKT_PDU_TAIL))
-            {
-                return http_buf;
-            }
-            bool tcp_close;
-            bool partial_flush;
-            uint8_t* test_buffer;
-            HttpTestManager::get_test_input_source()->reassemble(&test_buffer, len, source_id,
-                tcp_close, partial_flush);
-            if (tcp_close)
-            {
-                finish(flow);
-            }
-            if (partial_flush)
-            {
-                init_partial_flush(flow);
-            }
-            if (test_buffer == nullptr)
-            {
-                // Source ID does not match test data, no test data was flushed, preparing for a
-                // partial flush, preparing for a TCP connection close, or there is no more test
-                // data
-                return http_buf;
-            }
-            data = test_buffer;
-            total = len;
+            init_partial_flush(flow);
          }
-        else
+        if (test_buffer == nullptr)
+        {
+            // Source ID does not match test data, no test data was flushed, preparing for a
+            // partial flush, preparing for a TCP connection close, or there is no more test
+            // data
+            return http_buf;
+        }
+        data = test_buffer;
+        total = len;
+    }
+#endif
+
+    // FIXIT-P: scan uses this to discard bytes until StreamSplitter:DISCARD
+    // is implemented
+    if (session_data->payload_discard[source_id])
+    {
+        snort::StreamBuffer frame_buf { nullptr, 0 };
+        session_data->payload_discard[source_id] = false;
+
+#ifdef REG_TEST
+        if (HttpTestManager::use_test_output(HttpTestManager::IN_HTTP2))
+        {
+            fprintf(HttpTestManager::get_output_file(), "Discarded %u octets\n\n", len);
+            fflush(HttpTestManager::get_output_file());
+        }
+#endif
+        return frame_buf;
+    }
+
+#ifdef REG_TEST
+    if (HttpTestManager::use_test_output(HttpTestManager::IN_HTTP2))
+    {
+        if (!HttpTestManager::use_test_input(HttpTestManager::IN_HTTP2))
          {
              printf("HTTP/2 reassemble from flow data %" PRIu64
                  " direction %d total %u length %u\n", session_data->seq_num, source_id,
diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc

index 890e2e5ec6423ba5f854495a778b47fecf5f9bd3..18fcc4cee5ad95bfc109e06f5941a97365112d84 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
@@ -100,6 +100,7 @@ StreamSplitter::Status implement_scan(Http2FlowData* session_data, const uint8_t
          *flush_offset = 24 - session_data->octets_seen[source_id];
          session_data->header_coming[source_id] = false;
          session_data->preface[source_id] = false;
+        session_data->payload_discard[source_id] = true;
      }
      else if (session_data->leftover_data[source_id] > 0)
      {
author	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Thu, 10 Oct 2019 18:42:18 +0000 (14:42 -0400)
committer	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Thu, 10 Oct 2019 18:42:18 +0000 (14:42 -0400)
src/service_inspectors/http2_inspect/http2_flow_data.h		patch \| blob \| blame \| history
src/service_inspectors/http2_inspect/http2_stream_splitter.cc		patch \| blob \| blame \| history
src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc		patch \| blob \| blame \| history