http: body pruning update

Take inspect limits into account. Consider per direction inspect settings.

diff --git a/src/app-layer-htp-body.c b/src/app-layer-htp-body.c
index 0ee1f72bf45920edf0042ac9573f1c0ff6fe8ff0..6454fe1c8c3e7467cd52802fad0630492d3d523b 100644 (file)
--- a/src/app-layer-htp-body.c
+++ b/src/app-layer-htp-body.c
@@ -195,11 +195,13 @@ void HtpBodyFree(HtpBody *body)
 /**
  * \brief Free request body chunks that are already fully parsed.
  *
- * \param htud pointer to the HtpTxUserData holding the body
+ * \param state htp_state, with reference to our config
+ * \param body the body to prune
+ * \param direction STREAM_TOSERVER (request), STREAM_TOCLIENT (response)
  *
  * \retval none
  */
-void HtpBodyPrune(HtpState *state, HtpBody *body)
+void HtpBodyPrune(HtpState *state, HtpBody *body, int direction)
 {
     SCEnter();
 
@@ -211,7 +213,16 @@ void HtpBodyPrune(HtpState *state, HtpBody *body)
         SCReturn;
     }
 
-    if (body->body_inspected < state->cfg->response_inspect_min_size) {
+    /* get the configured inspect sizes. Default to response values */
+    uint32_t min_size = state->cfg->response_inspect_min_size;
+    uint32_t window = state->cfg->response_inspect_window;
+
+    if (direction == STREAM_TOSERVER) {
+        min_size = state->cfg->request_inspect_min_size;
+        window = state->cfg->request_inspect_window;
+    }
+
+    if (body->body_inspected < (min_size > window) ? min_size : window) {
         SCReturn;
     }
 
@@ -226,12 +237,13 @@ void HtpBodyPrune(HtpState *state, HtpBody *body)
                 "body->body_parsed %"PRIu64, cur->stream_offset, cur->len,
                 cur->stream_offset + cur->len, body->body_parsed);
 
-        uint64_t left_edge = 0;
-        if (state->cfg->response_inspect_window < body->body_inspected) {
-            left_edge = body->body_inspected - state->cfg->response_inspect_window;
-        }
+        uint64_t left_edge = body->body_inspected;
+        if (left_edge <= min_size || left_edge <= window)
+            left_edge = 0;
+        if (left_edge)
+            left_edge -= window;
 
-        if (cur->stream_offset >= left_edge) {
+        if (cur->stream_offset + cur->len > left_edge) {
             break;
         }
 

diff --git a/src/app-layer-htp-body.h b/src/app-layer-htp-body.h
index 950b520e5f21ceac5fec2d6999b615aedfe333b2..6d54f0d5f8b2629c4a3b9976d0ab1455d56c6726 100644 (file)
--- a/src/app-layer-htp-body.h
+++ b/src/app-layer-htp-body.h
@@ -31,6 +31,6 @@
 int HtpBodyAppendChunk(HtpTxUserData *, HtpBody *, uint8_t *, uint32_t);
 void HtpBodyPrint(HtpBody *);
 void HtpBodyFree(HtpBody *);
-void HtpBodyPrune(HtpState *, HtpBody *);
+void HtpBodyPrune(HtpState *, HtpBody *, int);
 
 #endif /* __APP_LAYER_HTP_BODY_H__ */

diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c
index 3fd009f57302407d212d44c669236b42e1d59a86..c6a6e412beacf0d851118edbe0dce4ccb1e210df 100644 (file)
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@@ -1848,7 +1848,7 @@ int HTPCallbackRequestBodyData(htp_tx_data_t *d)
 
 end:
     /* see if we can get rid of htp body chunks */
-    HtpBodyPrune(hstate, &tx_ud->request_body);
+    HtpBodyPrune(hstate, &tx_ud->request_body, STREAM_TOSERVER);
 
     /* set the new chunk flag */
     hstate->flags |= HTP_FLAG_NEW_BODY_SET;
@@ -1917,7 +1917,7 @@ int HTPCallbackResponseBodyData(htp_tx_data_t *d)
     }
 
     /* see if we can get rid of htp body chunks */
-    HtpBodyPrune(hstate, &tx_ud->response_body);
+    HtpBodyPrune(hstate, &tx_ud->response_body, STREAM_TOCLIENT);
 
     /* set the new chunk flag */
     hstate->flags |= HTP_FLAG_NEW_BODY_SET;