Merge pull request #2680 in SNORT/snort3 from ~MDAGON/snort3:stretch2 to master

author Mike Stepanek (mstepane) <mstepane@cisco.com>

Tue, 22 Dec 2020 14:37:09 +0000 (14:37 +0000)

committer Mike Stepanek (mstepane) <mstepane@cisco.com>

Tue, 22 Dec 2020 14:37:09 +0000 (14:37 +0000)
author Mike Stepanek (mstepane) <mstepane@cisco.com>
Tue, 22 Dec 2020 14:37:09 +0000 (14:37 +0000)
committer Mike Stepanek (mstepane) <mstepane@cisco.com>
Tue, 22 Dec 2020 14:37:09 +0000 (14:37 +0000)
diff --git a/src/service_inspectors/http_inspect/http_cutter.cc b/src/service_inspectors/http_inspect/http_cutter.cc

index 595994be2f1920dbffca5a1ed1f873442e2426e6..c8fa2c49b10e46b9424bfd6abf6768998a349fe3 100644 (file)
--- a/src/service_inspectors/http_inspect/http_cutter.cc
+++ b/src/service_inspectors/http_inspect/http_cutter.cc
@@ -717,12 +717,9 @@ ScanResult HttpBodyChunkCutter::cut(const uint8_t* buffer, uint32_t length,
  }
  
  ScanResult HttpBodyH2Cutter::cut(const uint8_t* buffer, uint32_t length,
-    HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target, bool /*stretch*/,
+    HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target, bool stretch,
      H2BodyState state)
  {
-    // FIXIT-E accelerated blocking not yet supported for HTTP/2
-    // FIXIT-E stretch not yet supported for HTTP/2 message bodies
-
      // If the headers included a content length header (expected length >= 0), check it against the
      // actual message body length. Alert if it does not match at the end of the message body or if
      // it overflows during the body (alert once then stop computing).
@@ -761,7 +758,10 @@ ScanResult HttpBodyH2Cutter::cut(const uint8_t* buffer, uint32_t length,
          }
          else
          {
-            num_flush = flow_target - octets_seen;
+            if (stretch && (octets_seen + length <= flow_target + MAX_SECTION_STRETCH))
+                num_flush = length;
+            else
+                num_flush = flow_target - octets_seen;
              total_octets_scanned += num_flush;
              need_accelerated_blocking(buffer, num_flush);
              return SCAN_FOUND_PIECE;
@@ -769,7 +769,8 @@ ScanResult HttpBodyH2Cutter::cut(const uint8_t* buffer, uint32_t length,
      }
      else if (state == H2_BODY_LAST_SEG)
      {
-        if (octets_seen + length <= flow_target)
+        const uint32_t adjusted_target = stretch ? MAX_SECTION_STRETCH + flow_target : flow_target;
+        if (octets_seen + length <= adjusted_target)
              num_flush = length;
          else
              num_flush = flow_target - octets_seen;
diff --git a/src/service_inspectors/http_inspect/http_msg_body_h2.cc b/src/service_inspectors/http_inspect/http_msg_body_h2.cc

index 8dd8ea9fdced7915302b720c42a512f18a523331..5f7dc9086b482c4d7ac6837dec85379938e0497d 100644 (file)
--- a/src/service_inspectors/http_inspect/http_msg_body_h2.cc
+++ b/src/service_inspectors/http_inspect/http_msg_body_h2.cc
@@ -28,7 +28,8 @@ using namespace HttpEnums;
  void HttpMsgBodyH2::update_flow()
  {
      session_data->body_octets[source_id] = body_octets;
-    if (session_data->h2_body_state[source_id] == H2_BODY_NOT_COMPLETE)
+    if (session_data->h2_body_state[source_id] == H2_BODY_NOT_COMPLETE ||
+        session_data->h2_body_state[source_id] == H2_BODY_LAST_SEG)
          update_depth();
      else if (session_data->h2_body_state[source_id] == H2_BODY_COMPLETE_EXPECT_TRAILERS)
          session_data->trailer_prep(source_id);
author	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Tue, 22 Dec 2020 14:37:09 +0000 (14:37 +0000)
committer	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Tue, 22 Dec 2020 14:37:09 +0000 (14:37 +0000)
src/service_inspectors/http_inspect/http_cutter.cc		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_msg_body_h2.cc		patch \| blob \| blame \| history