From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Thu, 10 Oct 2019 18:42:18 +0000 (-0400)
Subject: Merge pull request #1784 in SNORT/snort3 from ~DERAMADA/snort3:h2i_discard_conn_prefa... 
X-Git-Tag: 3.0.0-263~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=acd8d3ea80acfa639d95a0ed18bdee57a86c466a;p=thirdparty%2Fsnort3.git

Merge pull request #1784 in SNORT/snort3 from ~DERAMADA/snort3:h2i_discard_conn_preface to master

Squashed commit of the following:

commit a00aa7fc98836c50c94cdac9d6cab856eba2ffb1
Author: deramada <deramada@cisco.com>
Date:   Mon Oct 7 09:07:56 2019 -0400

    http2_inspect: discard connection preface
---

diff --git a/src/service_inspectors/http2_inspect/http2_flow_data.h b/src/service_inspectors/http2_inspect/http2_flow_data.h
index 9191b3c4f..3393851f8 100644
--- a/src/service_inspectors/http2_inspect/http2_flow_data.h
+++ b/src/service_inspectors/http2_inspect/http2_flow_data.h
@@ -112,6 +112,7 @@ protected:
 
     // Scan signals to reassemble
     bool header_coming[2]  = { false, false };
+    bool payload_discard[2] = { false, false };
     uint32_t frames_aggregated[2] = { 0, 0 };
     
     // Internal to reassemble
diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
index b203e5eea..51288c52f 100644
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
@@ -107,39 +107,59 @@ const StreamBuffer Http2StreamSplitter::reassemble(Flow* flow, unsigned total, u
     assert(session_data != nullptr);
 
 #ifdef REG_TEST
-    if (HttpTestManager::use_test_output(HttpTestManager::IN_HTTP2))
+    if (HttpTestManager::use_test_input(HttpTestManager::IN_HTTP2))
     {
-        if (HttpTestManager::use_test_input(HttpTestManager::IN_HTTP2))
+        snort::StreamBuffer http_buf { nullptr, 0 };
+        if (!(flags & PKT_PDU_TAIL))
+        {
+            return http_buf;
+        }
+        bool tcp_close;
+        bool partial_flush;
+        uint8_t* test_buffer;
+        HttpTestManager::get_test_input_source()->reassemble(&test_buffer, len, source_id,
+            tcp_close, partial_flush);
+        if (tcp_close)
+        {
+            finish(flow);
+        }
+        if (partial_flush)
         {
-            snort::StreamBuffer http_buf { nullptr, 0 };
-            if (!(flags & PKT_PDU_TAIL))
-            {
-                return http_buf;
-            }
-            bool tcp_close;
-            bool partial_flush;
-            uint8_t* test_buffer;
-            HttpTestManager::get_test_input_source()->reassemble(&test_buffer, len, source_id,
-                tcp_close, partial_flush);
-            if (tcp_close)
-            {
-                finish(flow);
-            }
-            if (partial_flush)
-            {
-                init_partial_flush(flow);
-            }
-            if (test_buffer == nullptr)
-            {
-                // Source ID does not match test data, no test data was flushed, preparing for a
-                // partial flush, preparing for a TCP connection close, or there is no more test
-                // data
-                return http_buf;
-            }
-            data = test_buffer;
-            total = len;
+            init_partial_flush(flow);
         }
-        else
+        if (test_buffer == nullptr)
+        {
+            // Source ID does not match test data, no test data was flushed, preparing for a
+            // partial flush, preparing for a TCP connection close, or there is no more test
+            // data
+            return http_buf;
+        }
+        data = test_buffer;
+        total = len;
+    }
+#endif
+
+    // FIXIT-P: scan uses this to discard bytes until StreamSplitter:DISCARD
+    // is implemented
+    if (session_data->payload_discard[source_id])
+    {
+        snort::StreamBuffer frame_buf { nullptr, 0 };
+        session_data->payload_discard[source_id] = false;
+
+#ifdef REG_TEST
+        if (HttpTestManager::use_test_output(HttpTestManager::IN_HTTP2))
+        {
+            fprintf(HttpTestManager::get_output_file(), "Discarded %u octets\n\n", len);
+            fflush(HttpTestManager::get_output_file());
+        }
+#endif
+        return frame_buf;
+    }
+
+#ifdef REG_TEST
+    if (HttpTestManager::use_test_output(HttpTestManager::IN_HTTP2))
+    {
+        if (!HttpTestManager::use_test_input(HttpTestManager::IN_HTTP2))
         {
             printf("HTTP/2 reassemble from flow data %" PRIu64
                 " direction %d total %u length %u\n", session_data->seq_num, source_id,
diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
index 890e2e5ec..18fcc4cee 100644
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc
@@ -100,6 +100,7 @@ StreamSplitter::Status implement_scan(Http2FlowData* session_data, const uint8_t
         *flush_offset = 24 - session_data->octets_seen[source_id];
         session_data->header_coming[source_id] = false;
         session_data->preface[source_id] = false;
+        session_data->payload_discard[source_id] = true;
     }
     else if (session_data->leftover_data[source_id] > 0)
     {