From: Tom Peters (thopeter) Date: Fri, 9 Apr 2021 19:14:00 +0000 (+0000) Subject: Merge pull request #2834 in SNORT/snort3 from ~MDAGON/snort3:goaway to master X-Git-Tag: 3.1.4.0~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a2d4de68afaa01790c1847c4837586bad8ff8310;p=thirdparty%2Fsnort3.git Merge pull request #2834 in SNORT/snort3 from ~MDAGON/snort3:goaway to master Squashed commit of the following: commit 184702db041232b8f7f1dda1c1bd61e7f5774fa3 Author: Maya Dagon Date: Wed Mar 24 11:12:18 2021 -0400 payload_injector: send go away frame --- diff --git a/src/payload_injector/payload_injector_translate_page.cc b/src/payload_injector/payload_injector_translate_page.cc index d4d239ae4..f206a7d21 100644 --- a/src/payload_injector/payload_injector_translate_page.cc +++ b/src/payload_injector/payload_injector_translate_page.cc @@ -55,6 +55,10 @@ static const uint32_t max_hdr_size = 2000; // Empty settings frame static const uint8_t empty_settings_frame[] = { 0, 0, 0, FT_SETTINGS, 0, 0, 0, 0, 0 }; +// Goaway frame header +static const uint8_t goaway_frame_len = 8; // 4 bytes stream id + 4 bytes error code +static const uint8_t goaway_frame_header[] = { 0, 0, goaway_frame_len, FT_GOAWAY, 0, 0, 0, 0, 0}; + static InjectionReturnStatus write_translation(uint8_t*& out, uint32_t& out_free_space, const uint8_t* translation, uint32_t size) { @@ -244,7 +248,18 @@ static void write_frame_hdr(uint8_t*& out, uint32_t len, uint8_t type, uint8_t f out[4] = flags; stream_id = htonl(stream_id); memcpy(out+5, &stream_id, 4); - out += Http2Enums::FRAME_HEADER_LENGTH; + out += FRAME_HEADER_LENGTH; +} + +static void write_goaway_frame(uint8_t*& out, uint32_t stream_id) +{ + memcpy(out, goaway_frame_header, FRAME_HEADER_LENGTH); + out += FRAME_HEADER_LENGTH; + stream_id = htonl(stream_id); + memcpy(out, &stream_id, 4); + const uint32_t error_code = 0; + memcpy(out+4, &error_code, 4); + out += goaway_frame_len; } InjectionReturnStatus PayloadInjector::get_http2_payload(InjectionControl control, @@ -265,7 +280,8 @@ InjectionReturnStatus PayloadInjector::get_http2_payload(InjectionControl contro uint32_t num_data_frames = body_len / (1<<14); if (body_len % (1<<14) != 0) num_data_frames++; - payload_len = FRAME_HEADER_LENGTH*(num_data_frames + 1) + hdr_len + body_len; + payload_len = FRAME_HEADER_LENGTH*(num_data_frames + 1) + hdr_len + body_len; // block page + payload_len += FRAME_HEADER_LENGTH + goaway_frame_len; // goaway frame if (send_settings) payload_len += sizeof(empty_settings_frame); http2_payload = (uint8_t*)snort_alloc(payload_len); @@ -290,6 +306,7 @@ InjectionReturnStatus PayloadInjector::get_http2_payload(InjectionControl contro http2_payload_cur += cur_len; http_body_cur += cur_len; } + write_goaway_frame(http2_payload_cur, control.stream_id); assert((http2_payload_cur - http2_payload) == payload_len); return INJECTION_SUCCESS; } diff --git a/src/payload_injector/test/payload_injector_translate_test.cc b/src/payload_injector/test/payload_injector_translate_test.cc index 27ef79ea2..e3dce6dea 100644 --- a/src/payload_injector/test/payload_injector_translate_test.cc +++ b/src/payload_injector/test/payload_injector_translate_test.cc @@ -61,7 +61,8 @@ TEST(payload_injector_translate_test, basic_hdr_translation) 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x74, 0x79, 0x70, 0x65, 0x22, 0x20, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x3d, 0x22, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x3b, 0x20, 0x63, 0x68, 0x61, 0x72, 0x73, 0x65, 0x74, 0x3d, 0x55, - 0x54, 0x46, 0x2d, 0x38, 0x22, 0x20, 0x2f, 0x3e, 0xa + 0x54, 0x46, 0x2d, 0x38, 0x22, 0x20, 0x2f, 0x3e, 0xa, 0x0, 0x0, 0x8, 0x7, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0 }; CHECK(payload_len == sizeof(out)); CHECK(memcmp(http2_payload, out, payload_len) == 0); @@ -89,7 +90,8 @@ TEST(payload_injector_translate_test, basic_hdr_translation2) 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0xf, 0x28, 0x1b, 0x30, 0x34, 0x66, 0x32, 0x3b, 0x20, 0x4d, 0x61, 0x78, 0x2d, 0x41, 0x67, 0x65, 0x3a, 0x20, 0x36, 0x30, 0x30, 0x3b, 0x20, 0x70, 0x61, 0x74, 0x68, 0x3d, 0x2f, 0x3b, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, - 0x1, 0x42, 0x6f, 0x64, 0x79, 0xa + 0x1, 0x42, 0x6f, 0x64, 0x79, 0xa, 0x0, 0x0, 0x8, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0 }; CHECK(payload_len == sizeof(out)); CHECK(memcmp(http2_payload, out, payload_len) == 0); @@ -118,7 +120,8 @@ TEST(payload_injector_translate_test, basic_hdr_translation3) 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0xf, 0x28, 0x1b, 0x30, 0x34, 0x66, 0x32, 0x3b, 0x20, 0x4d, 0x61, 0x78, 0x2d, 0x41, 0x67, 0x65, 0x3a, 0x20, 0x36, 0x30, 0x30, 0x3b, 0x20, 0x70, 0x61, 0x74, 0x68, 0x3d, 0x2f, 0x3b, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, - 0x1, 0x42, 0x6f, 0x64, 0x79, 0xa + 0x1, 0x42, 0x6f, 0x64, 0x79, 0xa, 0x0, 0x0, 0x8, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0 }; CHECK(payload_len == sizeof(out)); CHECK(memcmp(http2_payload, out, payload_len) == 0); @@ -148,7 +151,7 @@ TEST(payload_injector_translate_test, mix_n_and_rn) 0x2f, 0x3b, 0xf, 0x10, 0x18, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x3b, 0x20, 0x63, 0x68, 0x61, 0x72, 0x73, 0x65, 0x74, 0x3d, 0x55, 0x54, 0x46, 0x2d, 0x38, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, - 0x62 + 0x62, 0x0, 0x0, 0x8, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0 }; CHECK(payload_len == sizeof(out)); CHECK(memcmp(http2_payload, out, payload_len) == 0); @@ -309,7 +312,8 @@ TEST(payload_injector_translate_test, val_len1) 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x0, 0x0, 0x4, - 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x62, 0x6f, 0x64, 0x79 + 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x62, 0x6f, 0x64, 0x79, 0x0, 0x0, 0x8, 0x7, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0 }; CHECK(payload_len == sizeof(out)); CHECK(memcmp(http2_payload, out, payload_len) == 0); @@ -345,7 +349,8 @@ TEST(payload_injector_translate_test, val_len2) 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x0, 0x0, 0x4, 0x0, - 0x1, 0x0, 0x0, 0x0, 0x1, 0x62, 0x6f, 0x64, 0x79 + 0x1, 0x0, 0x0, 0x0, 0x1, 0x62, 0x6f, 0x64, 0x79, 0x0, 0x0, 0x8, 0x7, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0 }; CHECK(payload_len == sizeof(out)); CHECK(memcmp(http2_payload, out, payload_len) == 0); @@ -410,7 +415,8 @@ TEST(payload_injector_translate_test, val_len3) 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, - 0x1, 0x62, 0x6f, 0x64, 0x79 + 0x1, 0x62, 0x6f, 0x64, 0x79, 0x0, 0x0, 0x8, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0 }; CHECK(payload_len == sizeof(out)); CHECK(memcmp(http2_payload, out, payload_len) == 0); @@ -443,7 +449,7 @@ TEST(payload_injector_translate_test, http2_hdr_is_max) status = PayloadInjector::get_http2_payload(control, http2_payload, payload_len, false); CHECK(status == INJECTION_SUCCESS); - CHECK(payload_len == 2019); + CHECK(payload_len == 2036); uint8_t hdr[] = { 0x0, 0x7, 0xd0, 0x1, 0x4, 0x0, 0x0, 0xf0, 0x0 }; CHECK(memcmp(http2_payload, hdr, sizeof(hdr))==0); uint8_t body[] = { 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0xf0, 0x0, 'b' };