From: Danylo Kyrylov -X (dkyrylov - SOFTSERVE INC at Cisco) Date: Mon, 1 Apr 2024 12:00:53 +0000 (+0000) Subject: Pull request #4261: http_inspect: add file_data to buffer list X-Git-Tag: 3.1.84.0~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=95a0d33ea4a4acf1be0ab4740d3160e58c94c73a;p=thirdparty%2Fsnort3.git Pull request #4261: http_inspect: add file_data to buffer list Merge in SNORT/snort3 from ~DKYRYLOV/snort3:nhi_add_file_data to master Squashed commit of the following: commit 4d97b856566e56a3496d3602edf661c6f4ba0c0e Author: dkyrylov Date: Mon Mar 25 14:31:42 2024 +0200 http_inspect: add file_data to buffer list --- diff --git a/src/detection/fp_utils.cc b/src/detection/fp_utils.cc index 83f6f28b5..022aa63c0 100644 --- a/src/detection/fp_utils.cc +++ b/src/detection/fp_utils.cc @@ -142,9 +142,6 @@ void update_buffer_map(const char** bufs, const char* svc) for ( int i = 0; bufs[i]; ++i ) buffer_map[bufs[i]].push_back(svc); - - if ( !strcmp(svc, "http") ) - buffer_map["file_data"].push_back("http"); } void add_default_services(SnortConfig* sc, const std::string& buf, OptTreeNode* otn) diff --git a/src/service_inspectors/http_inspect/http_api.cc b/src/service_inspectors/http_inspect/http_api.cc index 387079a89..27d9309e1 100644 --- a/src/service_inspectors/http_inspect/http_api.cc +++ b/src/service_inspectors/http_inspect/http_api.cc @@ -49,6 +49,7 @@ void HttpApi::http_init() const char* HttpApi::classic_buffer_names[] = { + "file_data", "http_client_body", "http_cookie", "http_header", diff --git a/src/service_inspectors/http_inspect/http_enum.h b/src/service_inspectors/http_inspect/http_enum.h index cb78e6f29..73a3fae1f 100755 --- a/src/service_inspectors/http_inspect/http_enum.h +++ b/src/service_inspectors/http_inspect/http_enum.h @@ -46,7 +46,9 @@ static const uint64_t FORM_REQUEST = 0x1; // HTTP rule options. // Lower numbered portion is message buffers available to clients. // That part must remain synchronized with HttpApi::classic_buffer_names[] -enum HTTP_RULE_OPT { HTTP_BUFFER_CLIENT_BODY = 1, HTTP_BUFFER_COOKIE, HTTP_BUFFER_HEADER, +// Enum value 1 is kept for file_data, which is provided by http_inspect but +// is not obtained through its facilities +enum HTTP_RULE_OPT { HTTP_BUFFER_CLIENT_BODY = 2, HTTP_BUFFER_COOKIE, HTTP_BUFFER_HEADER, HTTP_BUFFER_METHOD, HTTP_BUFFER_PARAM, HTTP_BUFFER_RAW_BODY, HTTP_BUFFER_RAW_COOKIE, HTTP_BUFFER_RAW_HEADER, HTTP_BUFFER_RAW_REQUEST, HTTP_BUFFER_RAW_STATUS, HTTP_BUFFER_RAW_TRAILER, HTTP_BUFFER_RAW_URI, HTTP_BUFFER_STAT_CODE, HTTP_BUFFER_STAT_MSG,