Merge pull request #1880 in SNORT/snort3 from ~NIHDESAI/snort3:limit_detained_ins...

Squashed commit of the following:

commit de16cdefb4d6587f116b42a8b992154e059f387b
Author: Nihal Desai <nihdesai@cisco.com>
Date:   Thu Dec 5 03:51:54 2019 -0500

    http_inspect: support limited response depth

diff --git a/doc/http_inspect.txt b/doc/http_inspect.txt
index bad2c291a469158dbfb598fb75dab969983cedda..526cf11731d4b8fdfbf855baaf88fd0954970b9b 100644 (file)
--- a/doc/http_inspect.txt
+++ b/doc/http_inspect.txt
@@ -106,9 +106,6 @@ It enables Snort to more quickly detect and block response messages
 containing malicious JavaScript. As this feature involves actively blocking
 traffic it is designed for use with inline mode operation (-Q).
 
-This feature only functions with response_depth = -1 (unlimited). This
-limitation will be removed in a future version.
-
 This feature is off by default. detained_inspection = true will activate
 it.
 

diff --git a/src/service_inspectors/http_inspect/http_msg_header.cc b/src/service_inspectors/http_inspect/http_msg_header.cc
index 5ff10d2858be17cd9767f1add4405f764cfc4b00..86799351f4e1cf4df3c56940f5617da864ab1db7 100644 (file)
--- a/src/service_inspectors/http_inspect/http_msg_header.cc
+++ b/src/service_inspectors/http_inspect/http_msg_header.cc
@@ -303,8 +303,7 @@ void HttpMsgHeader::prepare_body()
     update_depth();
     // Limitations on detained inspection will be lifted as the feature is built out
     session_data->detained_inspection[source_id] = params->detained_inspection &&
-        (source_id == SRC_SERVER) && (session_data->compression[source_id] == CMP_NONE) &&
-        (params->request_depth == -1);
+        (source_id == SRC_SERVER) && (session_data->compression[source_id] == CMP_NONE);
     if (source_id == SRC_CLIENT)
     {
         HttpModule::increment_peg_counts(PEG_REQUEST_BODY);