return 0;
}
-/*
-** DESCRIPTION
-** This function does a set-wise match on content, and walks an otn list
-** for non-content. The otn list search will eventually be redone for
-** for performance purposes.
-**
-** FORMAL INPUTS
-** PortGroup * - the port group to inspect
-** Packet * - the packet to inspect
-** int - whether src/dst ports should be checked (udp/tcp or icmp)
-** char - whether the rule is an IP rule (change the packet payload pointer)
-**
-** FORMAL OUTPUTS
-** int - 0 for failed pattern match
-** 1 for successful pattern match
-*/
+// This function does a set-wise match on content, and walks an otn list
+// for non-content. The otn list search will eventually be redone for
+// for performance purposes.
+
static inline int fpEvalHeaderSW(PortGroup* port_group, Packet* p,
int check_ports, char ip_rule, int type, OtnxMatchData* omd)
{
+ if ( p->flow and !p->flow->is_detection_enabled(p->packet_flags & PKT_FROM_CLIENT) )
+ return 0;
+
const uint8_t* tmp_payload = nullptr;
int8_t curr_ip_layer = 0;
bool repeat = false;
#define SSNFLAG_CLIENT_SWAPPED 0x00400000
#define SSNFLAG_PROXIED 0x01000000
+#define SSNFLAG_NO_DETECT_TO_CLIENT 0x02000000
+#define SSNFLAG_NO_DETECT_TO_SERVER 0x04000000
#define SSNFLAG_ABORT_CLIENT 0x10000000
#define SSNFLAG_ABORT_SERVER 0x20000000
uint32_t clear_session_flags(uint32_t flags)
{ return ssn_state.session_flags &= ~flags; }
+ void set_to_client_detection(bool enable);
+ void set_to_server_detection(bool enable);
+ bool is_detection_enabled(bool to_server);
+
int get_ignore_direction()
{ return ssn_state.ignore_direction; }
void clean();
};
+inline void Flow::set_to_client_detection(bool enable)
+{
+ if ( enable )
+ ssn_state.session_flags &= ~SSNFLAG_NO_DETECT_TO_CLIENT;
+ else
+ ssn_state.session_flags |= SSNFLAG_NO_DETECT_TO_CLIENT;
+}
+
+inline void Flow::set_to_server_detection(bool enable)
+{
+ if ( enable )
+ ssn_state.session_flags &= ~SSNFLAG_NO_DETECT_TO_SERVER;
+ else
+ ssn_state.session_flags |= SSNFLAG_NO_DETECT_TO_SERVER;
+}
+
+inline bool Flow::is_detection_enabled(bool to_server)
+{
+ if ( to_server )
+ return !(ssn_state.session_flags & SSNFLAG_NO_DETECT_TO_SERVER);
+
+ return !(ssn_state.session_flags & SSNFLAG_NO_DETECT_TO_CLIENT);
+}
+
#endif
SEC_REQUEST = 2, SEC_STATUS, SEC_HEADER, SEC_BODY_CL, SEC_BODY_CHUNK, SEC_TRAILER,
SEC_BODY_OLD };
+enum DetectionStatus { DET_REACTIVATING = 1, DET_ON, DET_DEACTIVATING, DET_OFF };
+
// Message buffers available to clients
// This enum must remain synchronized with HttpApi::classic_buffer_names[]
enum HTTP_BUFFER { HTTP_BUFFER_CLIENT_BODY = 1, HTTP_BUFFER_COOKIE, HTTP_BUFFER_HEADER,
section_size_max[source_id] = 0;
file_depth_remaining[source_id] = STAT_NOT_PRESENT;
detect_depth_remaining[source_id] = STAT_NOT_PRESENT;
+ detection_status[source_id] = DET_REACTIVATING;
+
compression[source_id] = CMP_NONE;
if (compress_stream[source_id] != nullptr)
{
delete compress_stream[source_id];
compress_stream[source_id] = nullptr;
}
+ detection_status[source_id] = DET_REACTIVATING;
}
bool HttpFlowData::add_to_pipeline(HttpTransaction* latest)
z_stream* compress_stream[2] = { nullptr, nullptr };
uint64_t zero_nine_expected = 0;
+ HttpEnums::DetectionStatus detection_status[2] = { HttpEnums::DET_ON, HttpEnums::DET_ON };
+
// *** Inspector's internal data about the current message
HttpEnums::VersionId version_id[2] = { HttpEnums::VERS__NOT_PRESENT,
HttpEnums::VERS__NOT_PRESENT };
const SourceId source_id = (p->is_from_client()) ? SRC_CLIENT : SRC_SERVER;
+ if (session_data->detection_status[source_id] == DET_DEACTIVATING)
+ {
+ if (source_id == SRC_CLIENT)
+ {
+ p->flow->set_to_server_detection(false);
+ }
+ else
+ {
+ p->flow->set_to_client_detection(false);
+ }
+ session_data->detection_status[source_id] = DET_OFF;
+ }
+
if (session_data->transaction[source_id] == nullptr)
return;
void HttpMsgSection::update_depth() const
{
+ if ((session_data->detect_depth_remaining[source_id] <= 0) &&
+ (session_data->detection_status[source_id] == DET_ON))
+ {
+ session_data->detection_status[source_id] = DET_DEACTIVATING;
+ }
+
if ((session_data->file_depth_remaining[source_id] <= 0) &&
(session_data->detect_depth_remaining[source_id] <= 0))
{
HttpModule::increment_peg_counts(PEG_SCAN);
+ if (session_data->detection_status[source_id] == DET_REACTIVATING)
+ {
+ if (source_id == SRC_CLIENT)
+ {
+ flow->set_to_server_detection(true);
+ }
+ else
+ {
+ flow->set_to_client_detection(true);
+ }
+ session_data->detection_status[source_id] = DET_ON;
+ }
+
// Check for 0.9 response message
if ((type == SEC_STATUS) &&
(session_data->expected_trans_num[SRC_SERVER] == session_data->zero_nine_expected))
projects / thirdparty / snort3.git / commitdiff
