window = state->cfg->request_inspect_window;
}
- if (body->body_inspected < ((min_size > window) ? min_size : window)) {
+ uint64_t max_window = ((min_size > window) ? min_size : window);
+ uint64_t in_flight = body->content_len_so_far - body->body_inspected;
+
+ /* Special case. If body_inspected is not being updated, we make sure that
+ * we prune the body. We allow for some extra size/room as we may be called
+ * multiple times on uninspected body chunk additions if a large block of
+ * data was ack'd at once. Want to avoid pruning before inspection. */
+ if (in_flight > (max_window * 3)) {
+ body->body_inspected = body->content_len_so_far - max_window;
+ } else if (body->body_inspected < max_window) {
SCReturn;
}
}
}
+ /* see if we can get rid of htp body chunks */
+ HtpBodyPrune(hstate, &tx_ud->request_body, STREAM_TOSERVER);
+
SCLogDebug("tx_ud->request_body.content_len_so_far %"PRIu64, tx_ud->request_body.content_len_so_far);
SCLogDebug("hstate->cfg->request_body_limit %u", hstate->cfg->request_body_limit);
}
end:
- /* see if we can get rid of htp body chunks */
- HtpBodyPrune(hstate, &tx_ud->request_body, STREAM_TOSERVER);
-
/* set the new chunk flag */
hstate->flags |= HTP_FLAG_NEW_BODY_SET;
tx_ud->operation = HTP_BODY_RESPONSE;
}
+ /* see if we can get rid of htp body chunks */
+ HtpBodyPrune(hstate, &tx_ud->response_body, STREAM_TOCLIENT);
+
SCLogDebug("tx_ud->response_body.content_len_so_far %"PRIu64, tx_ud->response_body.content_len_so_far);
SCLogDebug("hstate->cfg->response_body_limit %u", hstate->cfg->response_body_limit);
HtpResponseBodyHandle(hstate, tx_ud, d->tx, (uint8_t *)d->data, (uint32_t)d->len);
}
- /* see if we can get rid of htp body chunks */
- HtpBodyPrune(hstate, &tx_ud->response_body, STREAM_TOCLIENT);
-
/* set the new chunk flag */
hstate->flags |= HTP_FLAG_NEW_BODY_SET;
projects / thirdparty / suricata.git / commitdiff
