git.ipfire.org Git - people/ms/suricata.git/commit

author	Victor Julien <victor@inliniac.net>
	Fri, 17 Aug 2018 15:53:16 +0000 (17:53 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 18 Sep 2018 06:11:42 +0000 (08:11 +0200)
commit	e02b74dee783b4434c0b9885fc8d499155498b66
tree	9c4b06cdb0d2580dee4c3f9ff12655e3cefe983c	tree
parent	7186ce7b99887d5986ee611583b36837e164e021	commit \| diff

http: implement min size stream logic

Update HTTP parser to set the min inspect depth per transaction. This
allows for signatures to have their fast_pattern in the HTTP body,
while still being able to inspect the raw stream reliably with it.

The inspect depth is set per transaction as it:
- depends on the per personality config for min inspect size
- is set to the size of the actual body if it is smaller

After the initial inspection is done, it is set to 0 which disables
the feature for the rest of the transaction.

This removes the rescanning flush logic in commit
7e004f52c60c5e4d7cd8f5ed09491291d18f42d2 and provides an alternative
fix for bug #2522. The old approach caused too much rescanning of
HTTP body data leading to a performance degradation.

Bug #2522

src/app-layer-htp.c		diff \| blob \| blame \| history
src/app-layer-htp.h		diff \| blob \| blame \| history
src/detect-engine-hcbd.c		diff \| blob \| blame \| history
src/detect-engine-hsbd.c		diff \| blob \| blame \| history