Merge in SNORT/snort3 from ~THOPETER/snort3:nhttp162 to master
Squashed commit of the following:
commit
0cdbe45898e0b4302bdf0a012067c591f3a9ba83
Author: Tom Peters <thopeter@cisco.com>
Date: Wed Feb 2 15:38:52 2022 -0500
http_inspect: remove feature to disable raw detection upon flow depth
SEC_REQUEST = 2, SEC_STATUS, SEC_HEADER, SEC_BODY_CL, SEC_BODY_CHUNK, SEC_TRAILER,
SEC_BODY_OLD, SEC_BODY_H2 };
-enum DetectionStatus { DET_REACTIVATING = 1, DET_ON, DET_DEACTIVATING, DET_OFF };
-
// HTTP rule options.
// Lower portion is message buffers available to clients.
// That part must remain synchronized with HttpApi::classic_buffer_names[]
file_depth_remaining[source_id] = STAT_NOT_PRESENT;
detect_depth_remaining[source_id] = STAT_NOT_PRESENT;
publish_depth_remaining[source_id] = STAT_NOT_PRESENT;
- detection_status[source_id] = DET_REACTIVATING;
compression[source_id] = CMP_NONE;
gzip_state[source_id] = GZIP_TBD;
delete compress_stream[source_id];
compress_stream[source_id] = nullptr;
}
- detection_status[source_id] = DET_REACTIVATING;
}
void HttpFlowData::garbage_collect()
int64_t data_length[2] = { HttpCommon::STAT_NOT_PRESENT, HttpCommon::STAT_NOT_PRESENT };
uint32_t section_size_target[2] = { 0, 0 };
HttpEnums::CompressId compression[2] = { HttpEnums::CMP_NONE, HttpEnums::CMP_NONE };
- HttpEnums::DetectionStatus detection_status[2] = { HttpEnums::DET_ON, HttpEnums::DET_ON };
bool stretch_section_to_packet[2] = { false, false };
bool accelerated_blocking[2] = { false, false };
current_section->clear();
HttpTransaction* current_transaction = current_section->get_transaction();
- const SourceId source_id = current_section->get_source_id();
-
- // FIXIT-M This check may not apply to the transaction attached to the packet
- // in case of offload.
- if (session_data->detection_status[source_id] == DET_DEACTIVATING)
- {
- if (source_id == SRC_CLIENT)
- {
- p->flow->set_to_server_detection(false);
- }
- else
- {
- p->flow->set_to_client_detection(false);
- }
- session_data->detection_status[source_id] = DET_OFF;
- }
-
current_transaction->garbage_collect();
session_data->garbage_collect();
const int64_t& detect_depth_remaining = session_data->detect_depth_remaining[source_id];
const int32_t& publish_depth_remaining = session_data->publish_depth_remaining[source_id];
- if ((detect_depth_remaining <= 0) &&
- (session_data->detection_status[source_id] == DET_ON) &&
- !session_data->for_http2)
- {
- session_data->detection_status[source_id] = DET_DEACTIVATING;
- }
-
const unsigned target_size = (session_data->compression[source_id] == CMP_NONE) ?
SnortConfig::get_conf()->max_pdu : GZIP_BLOCK_SIZE;
HttpModule::increment_peg_counts(PEG_SCAN);
- if (session_data->detection_status[source_id] == DET_REACTIVATING)
- {
- if (source_id == SRC_CLIENT)
- {
- flow->set_to_server_detection(true);
- }
- else
- {
- flow->set_to_client_detection(true);
- }
- session_data->detection_status[source_id] = DET_ON;
- }
-
// Check for 0.9 response message
if ((type == SEC_STATUS) &&
(session_data->expected_trans_num[SRC_SERVER] == session_data->zero_nine_expected))
projects / thirdparty / snort3.git / commitdiff
