From: Victor Julien Date: Sun, 15 Nov 2015 12:20:14 +0000 (+0100) Subject: http: move body settings into per dir struct X-Git-Tag: suricata-3.1RC1~118 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=24a2f51569e59b5e9506fe746cb263a5e0e1a460;p=thirdparty%2Fsuricata.git http: move body settings into per dir struct --- diff --git a/src/app-layer-htp-body.c b/src/app-layer-htp-body.c index 65ce30ad39..b4ba2ffbea 100644 --- a/src/app-layer-htp-body.c +++ b/src/app-layer-htp-body.c @@ -205,12 +205,12 @@ void HtpBodyPrune(HtpState *state, HtpBody *body, int direction) } /* get the configured inspect sizes. Default to response values */ - uint32_t min_size = state->cfg->response_inspect_min_size; - uint32_t window = state->cfg->response_inspect_window; + uint32_t min_size = state->cfg->response.inspect_min_size; + uint32_t window = state->cfg->response.inspect_window; if (direction == STREAM_TOSERVER) { - min_size = state->cfg->request_inspect_min_size; - window = state->cfg->request_inspect_window; + min_size = state->cfg->request.inspect_min_size; + window = state->cfg->request.inspect_window; } uint64_t max_window = ((min_size > window) ? min_size : window); diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index 00d39365de..b40e2ed9bd 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -1750,17 +1750,17 @@ int HTPCallbackRequestBodyData(htp_tx_data_t *d) HtpBodyPrune(hstate, &tx_ud->request_body, STREAM_TOSERVER); SCLogDebug("tx_ud->request_body.content_len_so_far %"PRIu64, tx_ud->request_body.content_len_so_far); - SCLogDebug("hstate->cfg->request_body_limit %u", hstate->cfg->request_body_limit); + SCLogDebug("hstate->cfg->request.body_limit %u", hstate->cfg->request.body_limit); /* within limits, add the body chunk to the state. */ - if (hstate->cfg->request_body_limit == 0 || tx_ud->request_body.content_len_so_far < hstate->cfg->request_body_limit) + if (hstate->cfg->request.body_limit == 0 || tx_ud->request_body.content_len_so_far < hstate->cfg->request.body_limit) { uint32_t len = (uint32_t)d->len; - if (hstate->cfg->request_body_limit > 0 && - (tx_ud->request_body.content_len_so_far + len) > hstate->cfg->request_body_limit) + if (hstate->cfg->request.body_limit > 0 && + (tx_ud->request_body.content_len_so_far + len) > hstate->cfg->request.body_limit) { - len = hstate->cfg->request_body_limit - tx_ud->request_body.content_len_so_far; + len = hstate->cfg->request.body_limit - tx_ud->request_body.content_len_so_far; BUG_ON(len > (uint32_t)d->len); } SCLogDebug("len %u", len); @@ -1846,17 +1846,17 @@ int HTPCallbackResponseBodyData(htp_tx_data_t *d) HtpBodyPrune(hstate, &tx_ud->response_body, STREAM_TOCLIENT); SCLogDebug("tx_ud->response_body.content_len_so_far %"PRIu64, tx_ud->response_body.content_len_so_far); - SCLogDebug("hstate->cfg->response_body_limit %u", hstate->cfg->response_body_limit); + SCLogDebug("hstate->cfg->response.body_limit %u", hstate->cfg->response.body_limit); /* within limits, add the body chunk to the state. */ - if (hstate->cfg->response_body_limit == 0 || tx_ud->response_body.content_len_so_far < hstate->cfg->response_body_limit) + if (hstate->cfg->response.body_limit == 0 || tx_ud->response_body.content_len_so_far < hstate->cfg->response.body_limit) { uint32_t len = (uint32_t)d->len; - if (hstate->cfg->response_body_limit > 0 && - (tx_ud->response_body.content_len_so_far + len) > hstate->cfg->response_body_limit) + if (hstate->cfg->response.body_limit > 0 && + (tx_ud->response_body.content_len_so_far + len) > hstate->cfg->response.body_limit) { - len = hstate->cfg->response_body_limit - tx_ud->response_body.content_len_so_far; + len = hstate->cfg->response.body_limit - tx_ud->response_body.content_len_so_far; BUG_ON(len > (uint32_t)d->len); } SCLogDebug("len %u", len); @@ -2124,12 +2124,12 @@ static int HTPCallbackResponseHeaderData(htp_tx_data_t *tx_data) static void HTPConfigSetDefaultsPhase1(HTPCfgRec *cfg_prec) { cfg_prec->uri_include_all = FALSE; - cfg_prec->request_body_limit = HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT; - cfg_prec->response_body_limit = HTP_CONFIG_DEFAULT_RESPONSE_BODY_LIMIT; - cfg_prec->request_inspect_min_size = HTP_CONFIG_DEFAULT_REQUEST_INSPECT_MIN_SIZE; - cfg_prec->request_inspect_window = HTP_CONFIG_DEFAULT_REQUEST_INSPECT_WINDOW; - cfg_prec->response_inspect_min_size = HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_MIN_SIZE; - cfg_prec->response_inspect_window = HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_WINDOW; + cfg_prec->request.body_limit = HTP_CONFIG_DEFAULT_REQUEST_BODY_LIMIT; + cfg_prec->response.body_limit = HTP_CONFIG_DEFAULT_RESPONSE_BODY_LIMIT; + cfg_prec->request.inspect_min_size = HTP_CONFIG_DEFAULT_REQUEST_INSPECT_MIN_SIZE; + cfg_prec->request.inspect_window = HTP_CONFIG_DEFAULT_REQUEST_INSPECT_WINDOW; + cfg_prec->response.inspect_min_size = HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_MIN_SIZE; + cfg_prec->response.inspect_window = HTP_CONFIG_DEFAULT_RESPONSE_INSPECT_WINDOW; #ifndef AFLFUZZ_NO_RANDOM cfg_prec->randomize = HTP_CONFIG_DEFAULT_RANDOMIZE; #else @@ -2178,40 +2178,40 @@ static void HTPConfigSetDefaultsPhase2(char *name, HTPCfgRec *cfg_prec) if (cfg_prec->randomize) { int rdrange = cfg_prec->randomize_range; - cfg_prec->request_inspect_min_size += - (int) (cfg_prec->request_inspect_min_size * + cfg_prec->request.inspect_min_size += + (int) (cfg_prec->request.inspect_min_size * (random() * 1.0 / RAND_MAX - 0.5) * rdrange / 100); - cfg_prec->request_inspect_window += - (int) (cfg_prec->request_inspect_window * + cfg_prec->request.inspect_window += + (int) (cfg_prec->request.inspect_window * (random() * 1.0 / RAND_MAX - 0.5) * rdrange / 100); SCLogInfo("'%s' server has 'request-body-minimal-inspect-size' set to" " %d and 'request-body-inspect-window' set to %d after" " randomization.", name, - cfg_prec->request_inspect_min_size, - cfg_prec->request_inspect_window); + cfg_prec->request.inspect_min_size, + cfg_prec->request.inspect_window); - cfg_prec->response_inspect_min_size += - (int) (cfg_prec->response_inspect_min_size * + cfg_prec->response.inspect_min_size += + (int) (cfg_prec->response.inspect_min_size * (random() * 1.0 / RAND_MAX - 0.5) * rdrange / 100); - cfg_prec->response_inspect_window += - (int) (cfg_prec->response_inspect_window * + cfg_prec->response.inspect_window += + (int) (cfg_prec->response.inspect_window * (random() * 1.0 / RAND_MAX - 0.5) * rdrange / 100); SCLogInfo("'%s' server has 'response-body-minimal-inspect-size' set to" " %d and 'response-body-inspect-window' set to %d after" " randomization.", name, - cfg_prec->response_inspect_min_size, - cfg_prec->response_inspect_window); + cfg_prec->response.inspect_min_size, + cfg_prec->response.inspect_window); } htp_config_register_request_line(cfg_prec->cfg, HTPCallbackRequestLine); cfg_prec->request.sbcfg.flags = 0; - cfg_prec->request.sbcfg.buf_size = cfg_prec->request_inspect_window ? - cfg_prec->request_inspect_window : 256; + cfg_prec->request.sbcfg.buf_size = cfg_prec->request.inspect_window ? + cfg_prec->request.inspect_window : 256; cfg_prec->request.sbcfg.buf_slide = 0; cfg_prec->request.sbcfg.Malloc = HTPMalloc; cfg_prec->request.sbcfg.Calloc = HTPCalloc; @@ -2219,8 +2219,8 @@ static void HTPConfigSetDefaultsPhase2(char *name, HTPCfgRec *cfg_prec) cfg_prec->request.sbcfg.Free = HTPFree; cfg_prec->response.sbcfg.flags = 0; - cfg_prec->response.sbcfg.buf_size = cfg_prec->response_inspect_window ? - cfg_prec->response_inspect_window : 256; + cfg_prec->response.sbcfg.buf_size = cfg_prec->response.inspect_window ? + cfg_prec->response.inspect_window : 256; cfg_prec->response.sbcfg.buf_slide = 0; cfg_prec->response.sbcfg.Malloc = HTPMalloc; cfg_prec->response.sbcfg.Calloc = HTPCalloc; @@ -2295,28 +2295,28 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s, } else if (strcasecmp("request-body-limit", p->name) == 0 || strcasecmp("request_body_limit", p->name) == 0) { - if (ParseSizeStringU32(p->val, &cfg_prec->request_body_limit) < 0) { + if (ParseSizeStringU32(p->val, &cfg_prec->request.body_limit) < 0) { SCLogError(SC_ERR_SIZE_PARSE, "Error parsing request-body-limit " "from conf file - %s. Killing engine", p->val); exit(EXIT_FAILURE); } } else if (strcasecmp("response-body-limit", p->name) == 0) { - if (ParseSizeStringU32(p->val, &cfg_prec->response_body_limit) < 0) { + if (ParseSizeStringU32(p->val, &cfg_prec->response.body_limit) < 0) { SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-limit " "from conf file - %s. Killing engine", p->val); exit(EXIT_FAILURE); } } else if (strcasecmp("request-body-minimal-inspect-size", p->name) == 0) { - if (ParseSizeStringU32(p->val, &cfg_prec->request_inspect_min_size) < 0) { + if (ParseSizeStringU32(p->val, &cfg_prec->request.inspect_min_size) < 0) { SCLogError(SC_ERR_SIZE_PARSE, "Error parsing request-body-minimal-inspect-size " "from conf file - %s. Killing engine", p->val); exit(EXIT_FAILURE); } } else if (strcasecmp("request-body-inspect-window", p->name) == 0) { - if (ParseSizeStringU32(p->val, &cfg_prec->request_inspect_window) < 0) { + if (ParseSizeStringU32(p->val, &cfg_prec->request.inspect_window) < 0) { SCLogError(SC_ERR_SIZE_PARSE, "Error parsing request-body-inspect-window " "from conf file - %s. Killing engine", p->val); exit(EXIT_FAILURE); @@ -2335,14 +2335,14 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s, } } else if (strcasecmp("response-body-minimal-inspect-size", p->name) == 0) { - if (ParseSizeStringU32(p->val, &cfg_prec->response_inspect_min_size) < 0) { + if (ParseSizeStringU32(p->val, &cfg_prec->response.inspect_min_size) < 0) { SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-minimal-inspect-size " "from conf file - %s. Killing engine", p->val); exit(EXIT_FAILURE); } } else if (strcasecmp("response-body-inspect-window", p->name) == 0) { - if (ParseSizeStringU32(p->val, &cfg_prec->response_inspect_window) < 0) { + if (ParseSizeStringU32(p->val, &cfg_prec->response.inspect_window) < 0) { SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-inspect-window " "from conf file - %s. Killing engine", p->val); exit(EXIT_FAILURE); diff --git a/src/app-layer-htp.h b/src/app-layer-htp.h index 039b1cfe8e..123609dee2 100644 --- a/src/app-layer-htp.h +++ b/src/app-layer-htp.h @@ -141,6 +141,9 @@ enum { matched on some rule */ typedef struct HTPCfgDir_ { + uint32_t body_limit; + uint32_t inspect_min_size; + uint32_t inspect_window; StreamingBufferConfig sbcfg; } HTPCfgDir; @@ -152,14 +155,6 @@ typedef struct HTPCfgRec_ { int uri_include_all; /**< use all info in uri (bool) */ /** max size of the client body we inspect */ - uint32_t request_body_limit; - uint32_t response_body_limit; - - uint32_t request_inspect_min_size; - uint32_t request_inspect_window; - - uint32_t response_inspect_min_size; - uint32_t response_inspect_window; int randomize; int randomize_range; int http_body_inline; diff --git a/src/detect-engine-hcbd.c b/src/detect-engine-hcbd.c index 1b4b1534a3..deaaa8a14a 100644 --- a/src/detect-engine-hcbd.c +++ b/src/detect-engine-hcbd.c @@ -159,9 +159,9 @@ static const uint8_t *DetectEngineHCBDGetBufferForTX(htp_tx_t *tx, uint64_t tx_i /* inspect the body if the transfer is complete or we have hit * our body size limit */ - if ((htp_state->cfg->request_body_limit == 0 || - htud->request_body.content_len_so_far < htp_state->cfg->request_body_limit) && - htud->request_body.content_len_so_far < htp_state->cfg->request_inspect_min_size && + if ((htp_state->cfg->request.body_limit == 0 || + htud->request_body.content_len_so_far < htp_state->cfg->request.body_limit) && + htud->request_body.content_len_so_far < htp_state->cfg->request.inspect_min_size && !(AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, flags) > HTP_REQUEST_BODY) && !(flags & STREAM_EOF)) { SCLogDebug("we still haven't seen the entire request body. " diff --git a/src/detect-engine-hsbd.c b/src/detect-engine-hsbd.c index 3918c6e094..8ef2c17a5a 100644 --- a/src/detect-engine-hsbd.c +++ b/src/detect-engine-hsbd.c @@ -155,20 +155,20 @@ static const uint8_t *DetectEngineHSBDGetBufferForTX(htp_tx_t *tx, uint64_t tx_i goto end; } - SCLogDebug("response_body_limit %u response_body.content_len_so_far %"PRIu64 - ", response_inspect_min_size %"PRIu32", EOF %s, progress > body? %s", - htp_state->cfg->response_body_limit, + SCLogDebug("response.body_limit %u response_body.content_len_so_far %"PRIu64 + ", response.inspect_min_size %"PRIu32", EOF %s, progress > body? %s", + htp_state->cfg->response.body_limit, htud->response_body.content_len_so_far, - htp_state->cfg->response_inspect_min_size, + htp_state->cfg->response.inspect_min_size, flags & STREAM_EOF ? "true" : "false", (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, flags) > HTP_RESPONSE_BODY) ? "true" : "false"); if (!htp_state->cfg->http_body_inline) { /* inspect the body if the transfer is complete or we have hit * our body size limit */ - if ((htp_state->cfg->response_body_limit == 0 || - htud->response_body.content_len_so_far < htp_state->cfg->response_body_limit) && - htud->response_body.content_len_so_far < htp_state->cfg->response_inspect_min_size && + if ((htp_state->cfg->response.body_limit == 0 || + htud->response_body.content_len_so_far < htp_state->cfg->response.body_limit) && + htud->response_body.content_len_so_far < htp_state->cfg->response.inspect_min_size && !(AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, tx, flags) > HTP_RESPONSE_BODY) && !(flags & STREAM_EOF)) { SCLogDebug("we still haven't seen the entire response body. "