From: Victor Julien <victor@inliniac.net>
Date: Mon, 1 Jun 2015 09:00:36 +0000 (+0200)
Subject: http: improve body pruning
X-Git-Tag: suricata-3.0RC1~336
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1528%2Fhead;p=thirdparty%2Fsuricata.git

http: improve body pruning

Take inspect window into account.
---

diff --git a/src/app-layer-htp-body.c b/src/app-layer-htp-body.c
index 393336a40d..0ee1f72bf4 100644
--- a/src/app-layer-htp-body.c
+++ b/src/app-layer-htp-body.c
@@ -199,7 +199,7 @@ void HtpBodyFree(HtpBody *body)
  *
  * \retval none
  */
-void HtpBodyPrune(HtpBody *body)
+void HtpBodyPrune(HtpState *state, HtpBody *body)
 {
     SCEnter();
 
@@ -211,6 +211,10 @@ void HtpBodyPrune(HtpBody *body)
         SCReturn;
     }
 
+    if (body->body_inspected < state->cfg->response_inspect_min_size) {
+        SCReturn;
+    }
+
     SCLogDebug("Pruning chunks of Body %p; data %p, len %"PRIu32, body,
             body->last->data, (uint32_t)body->last->len);
 
@@ -222,7 +226,12 @@ void HtpBodyPrune(HtpBody *body)
                 "body->body_parsed %"PRIu64, cur->stream_offset, cur->len,
                 cur->stream_offset + cur->len, body->body_parsed);
 
-        if (cur->stream_offset >= body->body_inspected) {
+        uint64_t left_edge = 0;
+        if (state->cfg->response_inspect_window < body->body_inspected) {
+            left_edge = body->body_inspected - state->cfg->response_inspect_window;
+        }
+
+        if (cur->stream_offset >= left_edge) {
             break;
         }
 
diff --git a/src/app-layer-htp-body.h b/src/app-layer-htp-body.h
index 82d92a4860..950b520e5f 100644
--- a/src/app-layer-htp-body.h
+++ b/src/app-layer-htp-body.h
@@ -31,6 +31,6 @@
 int HtpBodyAppendChunk(HtpTxUserData *, HtpBody *, uint8_t *, uint32_t);
 void HtpBodyPrint(HtpBody *);
 void HtpBodyFree(HtpBody *);
-void HtpBodyPrune(HtpBody *);
+void HtpBodyPrune(HtpState *, HtpBody *);
 
 #endif /* __APP_LAYER_HTP_BODY_H__ */
diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c
index ac97d408b6..2817332551 100644
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@@ -1848,7 +1848,7 @@ int HTPCallbackRequestBodyData(htp_tx_data_t *d)
 
 end:
     /* see if we can get rid of htp body chunks */
-    HtpBodyPrune(&tx_ud->request_body);
+    HtpBodyPrune(hstate, &tx_ud->request_body);
 
     /* set the new chunk flag */
     hstate->flags |= HTP_FLAG_NEW_BODY_SET;
@@ -1917,7 +1917,7 @@ int HTPCallbackResponseBodyData(htp_tx_data_t *d)
     }
 
     /* see if we can get rid of htp body chunks */
-    HtpBodyPrune(&tx_ud->response_body);
+    HtpBodyPrune(hstate, &tx_ud->response_body);
 
     /* set the new chunk flag */
     hstate->flags |= HTP_FLAG_NEW_BODY_SET;