if (DetectBufferSetActiveList(de_ctx, s, g_buffer_id) < 0)
return -1;
- if (DetectSignatureSetAppProto(s, ALPROTO_HTTP1) < 0)
+ if (DetectSignatureSetAppProto(s, ALPROTO_HTTP) < 0)
return -1;
return 0;
return buffer;
}
+static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
+ const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv,
+ const int list_id)
+{
+ InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
+ if (buffer->inspect == NULL) {
+ InspectionBufferSetup(
+ det_ctx, list_id, buffer, (const uint8_t *)"HTTP/2", strlen("HTTP/2"));
+ InspectionBufferApplyTransforms(buffer, transforms);
+ }
+
+ return buffer;
+}
+
/**
* \brief Registers the keyword handlers for the "http.protocol" keyword.
*/
DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,
HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData);
+ DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
+ HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2);
+ DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
+ GetData2, ALPROTO_HTTP2, HTTP2StateDataClient);
+ DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT,
+ HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2);
+ DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister,
+ GetData2, ALPROTO_HTTP2, HTTP2StateDataServer);
+
DetectBufferTypeSetDescriptionByName(BUFFER_NAME,
BUFFER_DESC);