detect: http_client_body for HTTP2

By using the file.data logic Ticket: #4067
2 years ago · 656cddcf65
parent 6b32bc459b
commit 656cddcf65
3 changed files with 22 additions and 12 deletions
--- a/src/detect-file-data.c
+++ b/src/detect-file-data.c
@ -66,9 +66,6 @@ static int PrefilterMpmHTTPFiledataRegister(DetectEngineCtx *de_ctx, SigGroupHea
        MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id);

 /* file API */
-static uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
-        void *alstate, void *txv, uint64_t tx_id);
 int PrefilterMpmFiledataRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx,
        const DetectBufferMpmRegistry *mpm_reg, int list_id);

@ -240,13 +237,6 @@ static void DetectFiledataSetupCallback(const DetectEngineCtx *de_ctx,

 /* common */

-typedef struct PrefilterMpmFiledata {
-    int list_id;
-    int base_list_id;
-    const MpmCtx *mpm_ctx;
-    const DetectEngineTransforms *transforms;
-} PrefilterMpmFiledata;
-
 static void PrefilterMpmFiledataFree(void *ptr)
 {
    SCFree(ptr);
@ -588,7 +578,7 @@ static InspectionBuffer *FiledataGetDataCallback(DetectEngineThreadCtx *det_ctx,
    }
 }

-static uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
        void *alstate, void *txv, uint64_t tx_id)
 {
--- a/src/detect-file-data.h
+++ b/src/detect-file-data.h
@ -27,4 +27,17 @@
 /* prototypes */
 void DetectFiledataRegister (void);

+typedef struct PrefilterMpmFiledata {
+    int list_id;
+    int base_list_id;
+    const MpmCtx *mpm_ctx;
+    const DetectEngineTransforms *transforms;
+} PrefilterMpmFiledata;
+
+uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+        const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+        void *alstate, void *txv, uint64_t tx_id);
+int PrefilterMpmFiledataRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx,
+        const DetectBufferMpmRegistry *mpm_reg, int list_id);
+
 #endif /* __DETECT_FILEDATA_H__ */
--- a/src/detect-http-client-body.c
+++ b/src/detect-http-client-body.c
@ -43,6 +43,8 @@
 #include "detect-engine-content-inspection.h"
 #include "detect-content.h"
 #include "detect-pcre.h"
+// PrefilterMpmFiledata
+#include "detect-file-data.h"

 #include "flow.h"
 #include "flow-var.h"
@ -107,6 +109,11 @@ void DetectHttpClientBodyRegister(void)
    DetectAppLayerMpmRegister2("http_client_body", SIG_FLAG_TOSERVER, 2,
            PrefilterMpmHttpRequestBodyRegister, NULL, ALPROTO_HTTP1, HTP_REQUEST_BODY);

+    DetectAppLayerInspectEngineRegister2("http_client_body", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
+            HTTP2StateDataClient, DetectEngineInspectFiledata, NULL);
+    DetectAppLayerMpmRegister2("http_client_body", SIG_FLAG_TOSERVER, 2,
+            PrefilterMpmFiledataRegister, NULL, ALPROTO_HTTP2, HTTP2StateDataClient);
+
    DetectBufferTypeSetDescriptionByName("http_client_body",
            "http request body");

@ -158,7 +165,7 @@ static int DetectHttpClientBodySetupSticky(DetectEngineCtx *de_ctx, Signature *s
 {
    if (DetectBufferSetActiveList(de_ctx, s, g_http_client_body_buffer_id) < 0)
        return -1;
-    if (DetectSignatureSetAppProto(s, ALPROTO_HTTP1) < 0)
+    if (DetectSignatureSetAppProto(s, ALPROTO_HTTP) < 0)
        return -1;
    return 0;
 }