app-layer-htp: add http_body_inline setting

author Giuseppe Longo <giuseppelng@gmail.com>

Thu, 28 May 2015 11:42:28 +0000 (13:42 +0200)

committer Victor Julien <victor@inliniac.net>

Thu, 18 Jun 2015 06:56:38 +0000 (08:56 +0200)
author Giuseppe Longo <giuseppelng@gmail.com>
Thu, 28 May 2015 11:42:28 +0000 (13:42 +0200)
committer Victor Julien <victor@inliniac.net>
Thu, 18 Jun 2015 06:56:38 +0000 (08:56 +0200)
diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c

index 2817332551322c090d9be893aff3ea5e049d2bc2..3fd009f57302407d212d44c669236b42e1d59a86 100644 (file)
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@@ -2468,6 +2468,21 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
                  exit(EXIT_FAILURE);
              }
              cfg_prec->randomize_range = range;
+        } else if (strcasecmp("http-body-inline", p->name) == 0) {
+            if (ConfValIsTrue(p->val)) {
+                cfg_prec->http_body_inline = 1;
+            } else if (ConfValIsFalse(p->val)) {
+                cfg_prec->http_body_inline = 0;
+            } else {
+                if (strcmp("auto", p->val) != 0) {
+                    WarnInvalidConfEntry("http_body_inline", "%s", "auto");
+                }
+                if (EngineModeIsIPS()) {
+                    cfg_prec->http_body_inline = 1;
+                } else {
+                    cfg_prec->http_body_inline = 0;
+                }
+            }
          } else {
              SCLogWarning(SC_ERR_UNKNOWN_VALUE, "LIBHTP Ignoring unknown "
                           "default config: %s", p->name);
diff --git a/src/app-layer-htp.h b/src/app-layer-htp.h

index 50b95d66d1a01d7b42b546ca3dc19ffea44d7e01..275bc4b7efbdbfa60f55fec44363fd3b78bd283e 100644 (file)
--- a/src/app-layer-htp.h
+++ b/src/app-layer-htp.h
@@ -157,6 +157,7 @@ typedef struct HTPCfgRec_ {
      uint32_t            response_inspect_window;
      int                 randomize;
      int                 randomize_range;
+    int                 http_body_inline;
  } HTPCfgRec;
  
  /** Struct used to hold chunks of a body on a request */
diff --git a/suricata.yaml.in b/suricata.yaml.in

index d4883c4236da2ff0b6f0dc45758b4101bdcbf3f0..a4c7ab5aab3270a7aad86f57e62d80debdcb3201 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1366,6 +1366,10 @@ app-layer:
             request-body-inspect-window: 4kb
             response-body-minimal-inspect-size: 32kb
             response-body-inspect-window: 4kb
+
+           # auto will use http-body-inline mode in IPS mode, yes or no set it statically
+           http-body-inline: auto
+
             # Take a random value for inspection sizes around the specified value.
             # This lower the risk of some evasion technics but could lead
             # detection change between runs. It is set to 'yes' by default.
author	Giuseppe Longo <giuseppelng@gmail.com>
	Thu, 28 May 2015 11:42:28 +0000 (13:42 +0200)
committer	Victor Julien <victor@inliniac.net>
	Thu, 18 Jun 2015 06:56:38 +0000 (08:56 +0200)
src/app-layer-htp.c		patch \| blob \| blame \| history
src/app-layer-htp.h		patch \| blob \| blame \| history
suricata.yaml.in		patch \| blob \| blame \| history