102 const Signature *s,
Flow *f, uint8_t
flags,
void *alstate,
void *txv, uint64_t tx_id);
103 static bool DetectHttp2HeaderValidateCallback(
const Signature *s,
const char **sigerror);
109 static int g_http2_match_buffer_id = 0;
110 static int g_http2_header_name_buffer_id = 0;
111 static int g_http2_header_buffer_id = 0;
193 PrefilterMpmHttp2HeaderNameRegister, NULL,
197 DetectEngineInspectHttp2HeaderName, NULL);
199 PrefilterMpmHttp2HeaderNameRegister, NULL,
203 DetectEngineInspectHttp2HeaderName, NULL);
206 "HTTP2 header name");
216 PrefilterMpmHttp2HeaderRegister, NULL,
220 DetectEngineInspectHttp2Header, NULL);
222 PrefilterMpmHttp2HeaderRegister, NULL,
226 DetectEngineInspectHttp2Header, NULL);
229 "HTTP2 header name and value");
253 uint8_t *detect = (uint8_t *)ctx;
255 return rs_http2_tx_has_frametype(txv,
flags, *detect);
258 static int DetectHTTP2FuncParseFrameType(
const char *
str, uint8_t *ft)
266 int r = rs_http2_parse_frametype(
str);
267 if (r >= 0 && r <= UINT8_MAX) {
292 if (!DetectHTTP2FuncParseFrameType(
str, &frame_type)) {
293 SCLogError(
"Invalid argument \"%s\" supplied to http2.frametype keyword.",
str);
297 uint8_t *http2ft =
SCCalloc(1,
sizeof(uint8_t));
300 *http2ft = frame_type;
337 uint32_t *detect = (uint32_t *)ctx;
339 return rs_http2_tx_has_errorcode(txv,
flags, *detect);
343 static int DetectHTTP2FuncParseErrorCode(
const char *
str, uint32_t *ec)
351 int r = rs_http2_parse_errorcode(
str);
377 if (!DetectHTTP2FuncParseErrorCode(
str, &error_code)) {
378 SCLogError(
"Invalid argument \"%s\" supplied to http2.errorcode keyword.",
str);
382 uint32_t *http2ec =
SCCalloc(1,
sizeof(uint32_t));
385 *http2ec = error_code;
423 int value = rs_http2_tx_get_next_priority(txv,
flags, nb);
430 value = rs_http2_tx_get_next_priority(txv,
flags, nb);
456 rs_detect_u8_free(prio);
475 rs_detect_u8_free(ptr);
490 int value = rs_http2_tx_get_next_window(txv,
flags, nb);
497 value = rs_http2_tx_get_next_window(txv,
flags, nb);
523 rs_detect_u32_free(wu);
542 rs_detect_u32_free(ptr);
556 return rs_http2_detect_sizeupdatectx_match(ctx, txv,
flags);
574 void *su = rs_detect_u64_parse(
str);
599 rs_detect_u64_free(ptr);
613 return rs_http2_detect_settingsctx_match(ctx, txv,
flags);
631 void *http2set = rs_http2_detect_settingsctx_parse(
str);
632 if (http2set == NULL)
656 rs_http2_detect_settingsctx_free(ptr);
670 static void PrefilterMpmHttp2HNameFree(
void *ptr)
689 const uint8_t *b = NULL;
691 if (rs_http2_tx_get_header_name(cbdata->
txv,
flags, cbdata->
local_id, &b, &b_len) != 1)
693 if (b == NULL || b_len == 0)
709 const int list_id = ctx->
list_id;
711 uint32_t local_id = 0;
718 GetHttp2HNameData(det_ctx,
flags, ctx->
transforms, f, &cbdata, list_id);
746 mpm_reg->
app_v2.alproto, mpm_reg->
app_v2.tx_min_progress,
747 pectx, PrefilterMpmHttp2HNameFree, mpm_reg->
name);
765 GetHttp2HNameData(det_ctx,
flags, transforms, f, &cbdata, engine->
sm_list);
767 if (buffer == NULL || buffer->
inspect == NULL)
800 static void PrefilterMpmHttp2HeaderFree(
void *ptr)
819 const uint8_t *b = NULL;
821 if (rs_http2_tx_get_header(cbdata->
txv,
flags, cbdata->
local_id, &b, &b_len) != 1)
823 if (b == NULL || b_len == 0)
838 const int list_id = ctx->
list_id;
847 GetHttp2HeaderData(det_ctx,
flags, ctx->
transforms, f, &cbdata, list_id);
874 mpm_reg->
app_v2.alproto, mpm_reg->
app_v2.tx_min_progress,
875 pectx, PrefilterMpmHttp2HeaderFree, mpm_reg->
name);
892 GetHttp2HeaderData(det_ctx,
flags, transforms, f, &cbdata, engine->
sm_list);
894 if (buffer == NULL || buffer->
inspect == NULL)
916 static bool DetectHttp2HeaderValidateCallback(
const Signature *s,
const char **sigerror)
919 for ( ; sm != NULL; sm = sm->
next) {
923 bool escaped =
false;
924 bool namevaluesep =
false;
929 *sigerror =
"Invalid http2.header string : "
930 "': ' is a special sequence for separation between name and value "
931 " and thus can only be present once";
936 }
else if (cd->
content[i] !=
':') {
937 *sigerror =
"Invalid http2.header string : "
938 "':' is an escaping character for itself, "
939 "or space for the separation between name and value";
944 }
else if(cd->
content[i] ==
':') {
949 *sigerror =
"Invalid http2.header string : "
950 "':' is an escaping character for itself, "
951 "or space for the separation between name and value";