From 656cddcf65abcff098409dccc41dd51a74f49247 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 3 Apr 2023 10:09:25 +0200 Subject: [PATCH] detect: http_client_body for HTTP2 By using the file.data logic Ticket: #4067 --- src/detect-file-data.c | 12 +----------- src/detect-file-data.h | 13 +++++++++++++ src/detect-http-client-body.c | 9 ++++++++- 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/src/detect-file-data.c b/src/detect-file-data.c index a210afd3b2..7b1d06f622 100644 --- a/src/detect-file-data.c +++ b/src/detect-file-data.c @@ -66,9 +66,6 @@ static int PrefilterMpmHTTPFiledataRegister(DetectEngineCtx *de_ctx, SigGroupHea MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id); /* file API */ -static uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, - void *alstate, void *txv, uint64_t tx_id); int PrefilterMpmFiledataRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id); @@ -240,13 +237,6 @@ static void DetectFiledataSetupCallback(const DetectEngineCtx *de_ctx, /* common */ -typedef struct PrefilterMpmFiledata { - int list_id; - int base_list_id; - const MpmCtx *mpm_ctx; - const DetectEngineTransforms *transforms; -} PrefilterMpmFiledata; - static void PrefilterMpmFiledataFree(void *ptr) { SCFree(ptr); @@ -588,7 +578,7 @@ static InspectionBuffer *FiledataGetDataCallback(DetectEngineThreadCtx *det_ctx, } } -static uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, +uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { diff --git a/src/detect-file-data.h b/src/detect-file-data.h index 41cdd734b4..1be9b40010 100644 --- a/src/detect-file-data.h +++ b/src/detect-file-data.h @@ -27,4 +27,17 @@ /* prototypes */ void DetectFiledataRegister (void); +typedef struct PrefilterMpmFiledata { + int list_id; + int base_list_id; + const MpmCtx *mpm_ctx; + const DetectEngineTransforms *transforms; +} PrefilterMpmFiledata; + +uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, + void *alstate, void *txv, uint64_t tx_id); +int PrefilterMpmFiledataRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, + const DetectBufferMpmRegistry *mpm_reg, int list_id); + #endif /* __DETECT_FILEDATA_H__ */ diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c index e983c3447f..41b2552e9b 100644 --- a/src/detect-http-client-body.c +++ b/src/detect-http-client-body.c @@ -43,6 +43,8 @@ #include "detect-engine-content-inspection.h" #include "detect-content.h" #include "detect-pcre.h" +// PrefilterMpmFiledata +#include "detect-file-data.h" #include "flow.h" #include "flow-var.h" @@ -107,6 +109,11 @@ void DetectHttpClientBodyRegister(void) DetectAppLayerMpmRegister2("http_client_body", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttpRequestBodyRegister, NULL, ALPROTO_HTTP1, HTP_REQUEST_BODY); + DetectAppLayerInspectEngineRegister2("http_client_body", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + HTTP2StateDataClient, DetectEngineInspectFiledata, NULL); + DetectAppLayerMpmRegister2("http_client_body", SIG_FLAG_TOSERVER, 2, + PrefilterMpmFiledataRegister, NULL, ALPROTO_HTTP2, HTTP2StateDataClient); + DetectBufferTypeSetDescriptionByName("http_client_body", "http request body"); @@ -158,7 +165,7 @@ static int DetectHttpClientBodySetupSticky(DetectEngineCtx *de_ctx, Signature *s { if (DetectBufferSetActiveList(de_ctx, s, g_http_client_body_buffer_id) < 0) return -1; - if (DetectSignatureSetAppProto(s, ALPROTO_HTTP1) < 0) + if (DetectSignatureSetAppProto(s, ALPROTO_HTTP) < 0) return -1; return 0; }