From: Tom Peters (thopeter) <thopeter@cisco.com>
Date: Fri, 25 Feb 2022 16:32:26 +0000 (+0000)
Subject: Pull request #3289: http_inspect: remove feature to disable raw detection upon flow... 
X-Git-Tag: 3.1.25.0~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2d333f50299e2bc6b34949a93ac2154564b3ada7;p=thirdparty%2Fsnort3.git

Pull request #3289: http_inspect: remove feature to disable raw detection upon flow depth

Merge in SNORT/snort3 from ~THOPETER/snort3:nhttp162 to master

Squashed commit of the following:

commit 0cdbe45898e0b4302bdf0a012067c591f3a9ba83
Author: Tom Peters <thopeter@cisco.com>
Date:   Wed Feb 2 15:38:52 2022 -0500

    http_inspect: remove feature to disable raw detection upon flow depth
---

diff --git a/src/service_inspectors/http_inspect/http_enum.h b/src/service_inspectors/http_inspect/http_enum.h
index beb11bc03..054ad68a8 100755
--- a/src/service_inspectors/http_inspect/http_enum.h
+++ b/src/service_inspectors/http_inspect/http_enum.h
@@ -53,8 +53,6 @@ enum SectionType { SEC_DISCARD = -19, SEC_ABORT = -18, SEC__NOT_COMPUTE=-14, SEC
     SEC_REQUEST = 2, SEC_STATUS, SEC_HEADER, SEC_BODY_CL, SEC_BODY_CHUNK, SEC_TRAILER,
     SEC_BODY_OLD, SEC_BODY_H2 };
 
-enum DetectionStatus { DET_REACTIVATING = 1, DET_ON, DET_DEACTIVATING, DET_OFF };
-
 // HTTP rule options.
 // Lower portion is message buffers available to clients.
 // That part must remain synchronized with HttpApi::classic_buffer_names[]
diff --git a/src/service_inspectors/http_inspect/http_flow_data.cc b/src/service_inspectors/http_inspect/http_flow_data.cc
index c5b98df68..9b9371053 100644
--- a/src/service_inspectors/http_inspect/http_flow_data.cc
+++ b/src/service_inspectors/http_inspect/http_flow_data.cc
@@ -158,7 +158,6 @@ void HttpFlowData::half_reset(SourceId source_id)
     file_depth_remaining[source_id] = STAT_NOT_PRESENT;
     detect_depth_remaining[source_id] = STAT_NOT_PRESENT;
     publish_depth_remaining[source_id] = STAT_NOT_PRESENT;
-    detection_status[source_id] = DET_REACTIVATING;
 
     compression[source_id] = CMP_NONE;
     gzip_state[source_id] = GZIP_TBD;
@@ -212,7 +211,6 @@ void HttpFlowData::trailer_prep(SourceId source_id)
         delete compress_stream[source_id];
         compress_stream[source_id] = nullptr;
     }
-    detection_status[source_id] = DET_REACTIVATING;
 }
 
 void HttpFlowData::garbage_collect()
diff --git a/src/service_inspectors/http_inspect/http_flow_data.h b/src/service_inspectors/http_inspect/http_flow_data.h
index 2dbea4dbe..1a5d21d85 100644
--- a/src/service_inspectors/http_inspect/http_flow_data.h
+++ b/src/service_inspectors/http_inspect/http_flow_data.h
@@ -151,7 +151,6 @@ private:
     int64_t data_length[2] = { HttpCommon::STAT_NOT_PRESENT, HttpCommon::STAT_NOT_PRESENT };
     uint32_t section_size_target[2] = { 0, 0 };
     HttpEnums::CompressId compression[2] = { HttpEnums::CMP_NONE, HttpEnums::CMP_NONE };
-    HttpEnums::DetectionStatus detection_status[2] = { HttpEnums::DET_ON, HttpEnums::DET_ON };
     bool stretch_section_to_packet[2] = { false, false };
     bool accelerated_blocking[2] = { false, false };
 
diff --git a/src/service_inspectors/http_inspect/http_inspect.cc b/src/service_inspectors/http_inspect/http_inspect.cc
index fbb373d33..51c78e091 100755
--- a/src/service_inspectors/http_inspect/http_inspect.cc
+++ b/src/service_inspectors/http_inspect/http_inspect.cc
@@ -682,23 +682,6 @@ void HttpInspect::clear(Packet* p)
     current_section->clear();
     HttpTransaction* current_transaction = current_section->get_transaction();
 
-    const SourceId source_id = current_section->get_source_id();
-
-    // FIXIT-M This check may not apply to the transaction attached to the packet
-    // in case of offload.
-    if (session_data->detection_status[source_id] == DET_DEACTIVATING)
-    {
-        if (source_id == SRC_CLIENT)
-        {
-            p->flow->set_to_server_detection(false);
-        }
-        else
-        {
-            p->flow->set_to_client_detection(false);
-        }
-        session_data->detection_status[source_id] = DET_OFF;
-    }
-
     current_transaction->garbage_collect();
     session_data->garbage_collect();
 
diff --git a/src/service_inspectors/http_inspect/http_msg_section.cc b/src/service_inspectors/http_inspect/http_msg_section.cc
index 486539b8b..b12cbfff7 100644
--- a/src/service_inspectors/http_inspect/http_msg_section.cc
+++ b/src/service_inspectors/http_inspect/http_msg_section.cc
@@ -92,13 +92,6 @@ void HttpMsgSection::update_depth() const
     const int64_t& detect_depth_remaining = session_data->detect_depth_remaining[source_id];
     const int32_t& publish_depth_remaining = session_data->publish_depth_remaining[source_id];
 
-    if ((detect_depth_remaining <= 0) &&
-        (session_data->detection_status[source_id] == DET_ON) &&
-        !session_data->for_http2)
-    {
-        session_data->detection_status[source_id] = DET_DEACTIVATING;
-    }
-
     const unsigned target_size = (session_data->compression[source_id] == CMP_NONE) ?
         SnortConfig::get_conf()->max_pdu : GZIP_BLOCK_SIZE;
 
diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc
index 422e63577..21ace0227 100644
--- a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc
+++ b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc
@@ -220,19 +220,6 @@ StreamSplitter::Status HttpStreamSplitter::scan(Packet* pkt, const uint8_t* data
 
     HttpModule::increment_peg_counts(PEG_SCAN);
 
-    if (session_data->detection_status[source_id] == DET_REACTIVATING)
-    {
-        if (source_id == SRC_CLIENT)
-        {
-            flow->set_to_server_detection(true);
-        }
-        else
-        {
-            flow->set_to_client_detection(true);
-        }
-        session_data->detection_status[source_id] = DET_ON;
-    }
-
     // Check for 0.9 response message
     if ((type == SEC_STATUS) &&
         (session_data->expected_trans_num[SRC_SERVER] == session_data->zero_nine_expected))