"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/service_inspectors/http_inspect/http_cutter.h" between
snort3-3.1.28.0.tar.gz and snort3-3.1.29.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

http_cutter.h  (snort3-3.1.28.0):http_cutter.h  (snort3-3.1.29.0)
skipping to change at line 26 skipping to change at line 26
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// http_cutter.h author Tom Peters <thopeter@cisco.com> // http_cutter.h author Tom Peters <thopeter@cisco.com>
#ifndef HTTP_CUTTER_H #ifndef HTTP_CUTTER_H
#define HTTP_CUTTER_H #define HTTP_CUTTER_H
#include <cassert> #include <cassert>
#include <zlib.h> #include <zlib.h>
#include "http_common.h"
#include "http_enum.h" #include "http_enum.h"
#include "http_event.h" #include "http_event.h"
#include "http_module.h" #include "http_module.h"
class HttpFlowData; class HttpFlowData;
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
// HttpCutter class and subclasses // HttpCutter class and subclasses
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
class HttpCutter class HttpCutter
{ {
public: public:
virtual ~HttpCutter() = default; virtual ~HttpCutter() = default;
virtual HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length, virtual HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,
HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target , bool stretch, HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target , bool stretch,
HttpEnums::H2BodyState state) = 0; HttpCommon::H2BodyState state) = 0;
uint32_t get_num_flush() const { return num_flush; } uint32_t get_num_flush() const { return num_flush; }
uint32_t get_octets_seen() const { return octets_seen; } uint32_t get_octets_seen() const { return octets_seen; }
uint32_t get_num_excess() const { return num_crlf; } uint32_t get_num_excess() const { return num_crlf; }
virtual uint32_t get_num_head_lines() const { return 0; } virtual uint32_t get_num_head_lines() const { return 0; }
virtual bool get_is_broken_chunk() const { return false; } virtual bool get_is_broken_chunk() const { return false; }
virtual uint32_t get_num_good_chunks() const { return 0; } virtual uint32_t get_num_good_chunks() const { return 0; }
virtual void soft_reset() {} virtual void soft_reset() {}
protected: protected:
// number of octets processed by previous cut() calls that returned NOT_FOUN D // number of octets processed by previous cut() calls that returned NOT_FOUN D
uint32_t octets_seen = 0; uint32_t octets_seen = 0;
uint32_t num_crlf = 0; uint32_t num_crlf = 0;
uint32_t num_flush = 0; uint32_t num_flush = 0;
}; };
class HttpStartCutter : public HttpCutter class HttpStartCutter : public HttpCutter
{ {
public: public:
HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length, HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,
HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, Http Enums::H2BodyState) HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, Http Common::H2BodyState)
override; override;
protected: protected:
enum ValidationResult { V_GOOD, V_BAD, V_TBD }; enum ValidationResult { V_GOOD, V_BAD, V_TBD };
private: private:
static const int MAX_LEADING_WHITESPACE = 20; static const int MAX_LEADING_WHITESPACE = 20;
virtual ValidationResult validate(uint8_t octet, HttpInfractions*, HttpEvent Gen*) = 0; virtual ValidationResult validate(uint8_t octet, HttpInfractions*, HttpEvent Gen*) = 0;
bool validated = false; bool validated = false;
}; };
skipping to change at line 93 skipping to change at line 94
{ {
private: private:
uint32_t octets_checked = 0; uint32_t octets_checked = 0;
ValidationResult validate(uint8_t octet, HttpInfractions*, HttpEventGen*) ov erride; ValidationResult validate(uint8_t octet, HttpInfractions*, HttpEventGen*) ov erride;
}; };
class HttpHeaderCutter : public HttpCutter class HttpHeaderCutter : public HttpCutter
{ {
public: public:
HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length, HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,
HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, Http Enums::H2BodyState) HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, Http Common::H2BodyState)
override; override;
uint32_t get_num_head_lines() const override { return num_head_lines; } uint32_t get_num_head_lines() const override { return num_head_lines; }
private: private:
enum LineEndState { ZERO, HALF, ONE, THREEHALF }; enum LineEndState { ZERO, HALF, ONE, THREEHALF };
LineEndState state = ONE; LineEndState state = ONE;
int32_t num_head_lines = 0; int32_t num_head_lines = 0;
}; };
class HttpBodyCutter : public HttpCutter class HttpBodyCutter : public HttpCutter
skipping to change at line 140 skipping to change at line 141
{ {
public: public:
HttpBodyClCutter(int64_t expected_length, HttpBodyClCutter(int64_t expected_length,
bool accelerated_blocking, bool accelerated_blocking,
ScriptFinder* finder, ScriptFinder* finder,
HttpEnums::CompressId compression) : HttpEnums::CompressId compression) :
HttpBodyCutter(accelerated_blocking, finder, compression), HttpBodyCutter(accelerated_blocking, finder, compression),
remaining(expected_length) remaining(expected_length)
{ assert(remaining > 0); } { assert(remaining > 0); }
HttpEnums::ScanResult cut(const uint8_t*, uint32_t length, HttpInfractions*, HttpEventGen*, HttpEnums::ScanResult cut(const uint8_t*, uint32_t length, HttpInfractions*, HttpEventGen*,
uint32_t flow_target, bool stretch, HttpEnums::H2BodyState) override; uint32_t flow_target, bool stretch, HttpCommon::H2BodyState) override;
private: private:
int64_t remaining; int64_t remaining;
}; };
class HttpBodyOldCutter : public HttpBodyCutter class HttpBodyOldCutter : public HttpBodyCutter
{ {
public: public:
HttpBodyOldCutter(bool accelerated_blocking, ScriptFinder* finder, HttpBodyOldCutter(bool accelerated_blocking, ScriptFinder* finder,
HttpEnums::CompressId compression) : HttpEnums::CompressId compression) :
HttpBodyCutter(accelerated_blocking, finder, compression) HttpBodyCutter(accelerated_blocking, finder, compression)
{} {}
HttpEnums::ScanResult cut(const uint8_t*, uint32_t, HttpInfractions*, HttpEv entGen*, HttpEnums::ScanResult cut(const uint8_t*, uint32_t, HttpInfractions*, HttpEv entGen*,
uint32_t flow_target, bool stretch, HttpEnums::H2BodyState) override; uint32_t flow_target, bool stretch, HttpCommon::H2BodyState) override;
}; };
class HttpBodyChunkCutter : public HttpBodyCutter class HttpBodyChunkCutter : public HttpBodyCutter
{ {
public: public:
HttpBodyChunkCutter(int64_t maximum_chunk_length_, bool accelerated_blocking , HttpBodyChunkCutter(int64_t maximum_chunk_length_, bool accelerated_blocking ,
ScriptFinder* finder, HttpEnums::CompressId compression) : ScriptFinder* finder, HttpEnums::CompressId compression) :
HttpBodyCutter(accelerated_blocking, finder, compression), HttpBodyCutter(accelerated_blocking, finder, compression),
maximum_chunk_length(maximum_chunk_length_) maximum_chunk_length(maximum_chunk_length_)
{} {}
HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length, HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,
HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target , bool stretch, HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target , bool stretch,
HttpEnums::H2BodyState) override; HttpCommon::H2BodyState) override;
bool get_is_broken_chunk() const override { return curr_state == HttpEnums:: CHUNK_BAD; } bool get_is_broken_chunk() const override { return curr_state == HttpEnums:: CHUNK_BAD; }
uint32_t get_num_good_chunks() const override { return num_good_chunks; } uint32_t get_num_good_chunks() const override { return num_good_chunks; }
void soft_reset() override { num_good_chunks = 0; HttpBodyCutter::soft_reset (); } void soft_reset() override { num_good_chunks = 0; HttpBodyCutter::soft_reset (); }
private: private:
void transition_to_chunk_bad(bool& accelerate_this_packet); void transition_to_chunk_bad(bool& accelerate_this_packet);
const int64_t maximum_chunk_length; const int64_t maximum_chunk_length;
uint32_t data_seen = 0; uint32_t data_seen = 0;
skipping to change at line 196 skipping to change at line 197
class HttpBodyH2Cutter : public HttpBodyCutter class HttpBodyH2Cutter : public HttpBodyCutter
{ {
public: public:
HttpBodyH2Cutter(int64_t expected_length, bool accelerated_blocking, ScriptF inder* finder, HttpBodyH2Cutter(int64_t expected_length, bool accelerated_blocking, ScriptF inder* finder,
HttpEnums::CompressId compression) : HttpEnums::CompressId compression) :
HttpBodyCutter(accelerated_blocking, finder, compression), HttpBodyCutter(accelerated_blocking, finder, compression),
expected_body_length(expected_length) expected_body_length(expected_length)
{} {}
HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length, HttpInfrac tions*, HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length, HttpInfrac tions*,
HttpEventGen*, uint32_t flow_target, bool stretch, HttpEnums::H2BodyStat e state) override; HttpEventGen*, uint32_t flow_target, bool stretch, HttpCommon::H2BodySta te state) override;
private: private:
int64_t expected_body_length; int64_t expected_body_length;
uint32_t total_octets_scanned = 0; uint32_t total_octets_scanned = 0;
}; };
#endif #endif
 End of changes. 8 change blocks. 
7 lines changed or deleted 8 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)