aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

http: body pruning update

Browse Source 
Take inspect limits into account. Consider per direction inspect settings.
pull/1559/head
Victor Julien 10 years ago
parent 8f1998e35f
commit 79d34f4575
3 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File

28
src/app-layer-htp-body.c
Unescape Escape View File

@ -195,11 +195,13 @@ void HtpBodyFree(HtpBody *body)
/** /**
* \brief Free request body chunks that are already fully parsed. * \brief Free request body chunks that are already fully parsed.
* *
* \param htud pointer to the HtpTxUserData holding the body * \param state htp_state, with reference to our config
* \param body the body to prune
* \param direction STREAM_TOSERVER (request), STREAM_TOCLIENT (response)
* *
* \retval none * \retval none
*/ */
void HtpBodyPrune(HtpState *state, HtpBody *body) void HtpBodyPrune(HtpState *state, HtpBody *body, int direction)
{ {
SCEnter(); SCEnter();
@ -211,7 +213,16 @@ void HtpBodyPrune(HtpState *state, HtpBody *body)
SCReturn; SCReturn;
} }
if (body->body_inspected < state->cfg->response_inspect_min_size) { /* get the configured inspect sizes. Default to response values */
uint32_t min_size = state->cfg->response_inspect_min_size;
uint32_t window = state->cfg->response_inspect_window;
if (direction == STREAM_TOSERVER) {
min_size = state->cfg->request_inspect_min_size;
window = state->cfg->request_inspect_window;
}
if (body->body_inspected < (min_size > window) ? min_size : window) {
SCReturn; SCReturn;
} }
@ -226,12 +237,13 @@ void HtpBodyPrune(HtpState *state, HtpBody *body)
"body->body_parsed %"PRIu64, cur->stream_offset, cur->len, "body->body_parsed %"PRIu64, cur->stream_offset, cur->len,
cur->stream_offset + cur->len, body->body_parsed); cur->stream_offset + cur->len, body->body_parsed);
uint64_t left_edge = 0; uint64_t left_edge = body->body_inspected;
if (state->cfg->response_inspect_window < body->body_inspected) { if (left_edge <= min_size || left_edge <= window)
left_edge = body->body_inspected - state->cfg->response_inspect_window; left_edge = 0;
} if (left_edge)
left_edge -= window;
if (cur->stream_offset >= left_edge) { if (cur->stream_offset + cur->len > left_edge) {
break; break;
} }

2
src/app-layer-htp-body.h
Unescape Escape View File

@ -31,6 +31,6 @@
int HtpBodyAppendChunk(HtpTxUserData *, HtpBody *, uint8_t *, uint32_t); int HtpBodyAppendChunk(HtpTxUserData *, HtpBody *, uint8_t *, uint32_t);
void HtpBodyPrint(HtpBody *); void HtpBodyPrint(HtpBody *);
void HtpBodyFree(HtpBody *); void HtpBodyFree(HtpBody *);
void HtpBodyPrune(HtpState *, HtpBody *); void HtpBodyPrune(HtpState *, HtpBody *, int);
#endif /* __APP_LAYER_HTP_BODY_H__ */ #endif /* __APP_LAYER_HTP_BODY_H__ */

4
src/app-layer-htp.c
Unescape Escape View File

@ -1848,7 +1848,7 @@ int HTPCallbackRequestBodyData(htp_tx_data_t *d)
end: end:
/* see if we can get rid of htp body chunks */ /* see if we can get rid of htp body chunks */
HtpBodyPrune(hstate, &tx_ud->request_body); HtpBodyPrune(hstate, &tx_ud->request_body, STREAM_TOSERVER);
/* set the new chunk flag */ /* set the new chunk flag */
hstate->flags |= HTP_FLAG_NEW_BODY_SET; hstate->flags |= HTP_FLAG_NEW_BODY_SET;
@ -1917,7 +1917,7 @@ int HTPCallbackResponseBodyData(htp_tx_data_t *d)
} }
/* see if we can get rid of htp body chunks */ /* see if we can get rid of htp body chunks */
HtpBodyPrune(hstate, &tx_ud->response_body); HtpBodyPrune(hstate, &tx_ud->response_body, STREAM_TOCLIENT);
/* set the new chunk flag */ /* set the new chunk flag */
hstate->flags |= HTP_FLAG_NEW_BODY_SET; hstate->flags |= HTP_FLAG_NEW_BODY_SET;

Write Preview
Loading…
Cancel
Save