From a85fa38f396c15f4377dca29fc2af8425da877bc Mon Sep 17 00:00:00 2001 From: "Mike Stepanek (mstepane)" Date: Fri, 6 Nov 2020 16:04:32 +0000 Subject: [PATCH] Merge pull request #2601 in SNORT/snort3 from ~THOPETER/snort3:h2i15 to master Squashed commit of the following: commit f35d413cb1bb34ade07ef07468708568e2b8d8e4 Author: Tom Peters Date: Mon Nov 2 17:49:48 2020 -0500 http2_inspect: refactoring scan() --- .../http2_inspect/http2_data_cutter.cc | 2 +- .../http2_inspect/http2_flow_data.cc | 2 +- .../http2_inspect/http2_flow_data.h | 4 +-- .../http2_stream_splitter_impl.cc | 26 +++++++------------ 4 files changed, 14 insertions(+), 20 deletions(-) diff --git a/src/service_inspectors/http2_inspect/http2_data_cutter.cc b/src/service_inspectors/http2_inspect/http2_data_cutter.cc index 8e3ef843d..642244e21 100644 --- a/src/service_inspectors/http2_inspect/http2_data_cutter.cc +++ b/src/service_inspectors/http2_inspect/http2_data_cutter.cc @@ -104,7 +104,7 @@ StreamSplitter::Status Http2DataCutter::http_scan(const uint8_t* data, uint32_t* if (data_bytes_read == data_len) { // Done with this frame, cleanup - session_data->scan_octets_seen[source_id] = 0; + session_data->header_octets_seen[source_id] = 0; session_data->scan_remaining_frame_octets[source_id] = 0; session_data->scan_state[source_id] = SCAN_FRAME_HEADER; frame_bytes_seen = 0; diff --git a/src/service_inspectors/http2_inspect/http2_flow_data.cc b/src/service_inspectors/http2_inspect/http2_flow_data.cc index b4fb63084..ef616fba3 100644 --- a/src/service_inspectors/http2_inspect/http2_flow_data.cc +++ b/src/service_inspectors/http2_inspect/http2_flow_data.cc @@ -197,7 +197,7 @@ void Http2FlowData::deallocate_hi_memory() bool Http2FlowData::is_mid_frame() const { - return (scan_octets_seen[SRC_SERVER] != 0) || (remaining_data_padding[SRC_SERVER] != 0) || + return (header_octets_seen[SRC_SERVER] != 0) || (remaining_data_padding[SRC_SERVER] != 0) || continuation_expected[SRC_SERVER]; } diff --git a/src/service_inspectors/http2_inspect/http2_flow_data.h b/src/service_inspectors/http2_inspect/http2_flow_data.h index 87a05c712..72b11bcb9 100644 --- a/src/service_inspectors/http2_inspect/http2_flow_data.h +++ b/src/service_inspectors/http2_inspect/http2_flow_data.h @@ -152,10 +152,11 @@ protected: // Internal to scan() bool preface[2] = { true, false }; + uint32_t preface_octets_seen = 0; bool continuation_expected[2] = { false, false }; uint8_t scan_frame_header[2][Http2Enums::FRAME_HEADER_LENGTH]; uint32_t scan_remaining_frame_octets[2] = { 0, 0 }; - uint32_t scan_octets_seen[2] = { 0, 0 }; + uint32_t header_octets_seen[2] = { 0, 0 }; uint8_t padding_length[2] = { 0, 0 }; uint8_t remaining_data_padding[2] = { 0, 0 }; Http2Enums::ScanState scan_state[2] = @@ -166,7 +167,6 @@ protected: // Scan signals to reassemble() bool payload_discard[2] = { false, false }; - uint32_t total_bytes_in_split[2] = { 0, 0 }; // Used by scan, reassemble and eval to communicate uint8_t frame_type[2] = { Http2Enums::FT__NONE, Http2Enums::FT__NONE }; diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc index e765d4f79..4c4ab301b 100644 --- a/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc +++ b/src/service_inspectors/http2_inspect/http2_stream_splitter_impl.cc @@ -91,6 +91,7 @@ StreamSplitter::Status Http2StreamSplitter::data_frame_header_checks(Http2FlowDa if (frame_length == 0) { *flush_offset = data_offset; + session_data->header_octets_seen[source_id] = 0; session_data->scan_state[source_id] = SCAN_FRAME_HEADER; return StreamSplitter::FLUSH; } @@ -126,9 +127,6 @@ StreamSplitter::Status Http2StreamSplitter::non_data_frame_header_checks( return StreamSplitter::ABORT; } - session_data->total_bytes_in_split[source_id] += FRAME_HEADER_LENGTH + - frame_length; - return StreamSplitter::SEARCH; } @@ -157,7 +155,7 @@ StreamSplitter::Status Http2StreamSplitter::non_data_scan(Http2FlowData* session data_offset += session_data->scan_remaining_frame_octets[source_id]; *flush_offset = data_offset; - session_data->scan_octets_seen[source_id] = 0; + session_data->header_octets_seen[source_id] = 0; session_data->scan_remaining_frame_octets[source_id] = 0; session_data->scan_state[source_id] = SCAN_FRAME_HEADER; return status; @@ -169,16 +167,16 @@ bool Http2StreamSplitter::read_frame_hdr(Http2FlowData* session_data, const uint // The first nine bytes are the frame header. But all nine might not all be // present in the first TCP segment we receive. const uint32_t remaining_header = FRAME_HEADER_LENGTH - - session_data->scan_octets_seen[source_id]; + session_data->header_octets_seen[source_id]; const uint32_t remaining_header_in_data = remaining_header > length - data_offset ? length - data_offset : remaining_header; memcpy(session_data->scan_frame_header[source_id] + - session_data->scan_octets_seen[source_id], data + data_offset, + session_data->header_octets_seen[source_id], data + data_offset, remaining_header_in_data); - session_data->scan_octets_seen[source_id] += remaining_header_in_data; + session_data->header_octets_seen[source_id] += remaining_header_in_data; data_offset += remaining_header_in_data; - if (session_data->scan_octets_seen[source_id] < FRAME_HEADER_LENGTH) + if (session_data->header_octets_seen[source_id] < FRAME_HEADER_LENGTH) return false; return true; @@ -191,20 +189,19 @@ StreamSplitter::Status Http2StreamSplitter::implement_scan(Http2FlowData* sessio { // 24-byte preface, not a real frame, no frame header // Verify preface is correct, else generate loss of sync event and abort - switch (validate_preface(data, length, session_data->scan_octets_seen[source_id])) + switch (validate_preface(data, length, session_data->preface_octets_seen)) { case V_GOOD: - *flush_offset = 24 - session_data->scan_octets_seen[source_id]; + *flush_offset = 24 - session_data->preface_octets_seen; session_data->preface[source_id] = false; session_data->payload_discard[source_id] = true; - session_data->scan_octets_seen[source_id] = 0; return StreamSplitter::FLUSH; case V_BAD: session_data->events[source_id]->create_event(EVENT_PREFACE_MATCH_FAILURE); return StreamSplitter::ABORT; case V_TBD: - session_data->scan_octets_seen[source_id] += length; - assert(session_data->scan_octets_seen[source_id] < 24); + session_data->preface_octets_seen += length; + assert(session_data->preface_octets_seen < 24); *flush_offset = length; session_data->payload_discard[source_id] = true; return StreamSplitter::FLUSH; @@ -490,9 +487,6 @@ const StreamBuffer Http2StreamSplitter::implement_reassemble(Http2FlowData* sess if (flags & PKT_PDU_TAIL) { - session_data->total_bytes_in_split[source_id] = 0; - session_data->scan_octets_seen[source_id] = 0; - if (session_data->frame_type[source_id] != FT_DATA) { session_data->frame_data[source_id] = session_data->frame_reassemble[source_id]; -- 2.47.3