From: Adrian Mamolea (admamole) <admamole@cisco.com>
Date: Tue, 8 Jul 2025 13:30:49 +0000 (+0000)
Subject: Pull request #4796: http_inspect: parameter name change from partial_depth to partial... 
X-Git-Tag: 3.9.2.0~7
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=8b70a729574392c7771f251ed843c69fe08a5f8c;p=thirdparty%2Fsnort3.git

Pull request #4796: http_inspect: parameter name change from partial_depth to partial_depth_body

Merge in SNORT/snort3 from ~ADMAMOLE/snort3:partial_depth_body to master

Squashed commit of the following:

commit d65792a48f9eeff6d36f159085c367f3fd63e39a
Author: Adrian Mamolea <admamole@cisco.com>
Date:   Thu Jul 3 15:14:45 2025 -0400

    http_inspect: parameter name change from partial_depth to partial_depth_body
---

diff --git a/doc/user/http_inspect.txt b/doc/user/http_inspect.txt
index 4557a13c3..e80f6ea99 100755
--- a/doc/user/http_inspect.txt
+++ b/doc/user/http_inspect.txt
@@ -148,20 +148,20 @@ more of the sensor's resources.
 
 This feature is off by default. script_detection = true will activate it.
 
-===== partial_depth
+===== partial_depth_body
 
 Partial depth detection is a feature that enables Snort to more quickly detect
-and block malicious requests. It is configured by the partial_depth parameter
+and block malicious requests. It is configured by the partial_depth_body parameter
 which can take values in the range -1-16384 bytes. The feature is enabled by
-setting partial_depth to some non zero value. When the feature is enabled and
+setting partial_depth_body to some non zero value. When the feature is enabled and
 either, the number of bytes received in the request body is below the value
-specified by partial_depth, or partial_depth is set to -1, unlimited; it
+specified by partial_depth_body, or partial_depth_body is set to -1, unlimited; it
 immediately forwards the available part of the message body for early detection.
 This enables earlier threat detection but consumes somewhat more of the sensor's
 resources.
 
-This feature is turned off by default by setting partial_depth = 0. To activate
-it, set partial_depth to the desired value.
+This feature is turned off by default by setting partial_depth_body = 0. To activate
+it, set partial_depth_body to the desired value.
 
 ===== gzip
 
diff --git a/src/service_inspectors/http_inspect/dev_notes_partial_inspection.txt b/src/service_inspectors/http_inspect/dev_notes_partial_inspection.txt
index ef70bbe0d..7ac69a63a 100644
--- a/src/service_inspectors/http_inspect/dev_notes_partial_inspection.txt
+++ b/src/service_inspectors/http_inspect/dev_notes_partial_inspection.txt
@@ -38,9 +38,10 @@ to unzip one time in scan() and store the result for eventual use by reassemble(
 lost by storing partial message sections in HI while waiting for reassemble() would be more than
 compensated for by not having two instances of zlib.
 
-For request bodies, when partial_depth parameter is set to a non zero value, a partial body will
-be subjected to partial inspection if its length is below partial_depth value. When the partial_depth
-parameter is set to -1, the entire body will be subjected to inspection regardless of its length.
+For request bodies, when partial_depth_body parameter is set to a non zero value, a partial body
+will be subjected to partial inspection if its length is below partial_depth_body value. When
+the partial_depth_body parameter is set to -1, the entire body will be subjected to inspection
+regardless of its length.
 
 The http_inspect partial inspection mechanism is invoked by http2_inspect on frame boundaries.
 
diff --git a/src/service_inspectors/http_inspect/http_inspect.cc b/src/service_inspectors/http_inspect/http_inspect.cc
index ad8da1c47..8901d06cc 100755
--- a/src/service_inspectors/http_inspect/http_inspect.cc
+++ b/src/service_inspectors/http_inspect/http_inspect.cc
@@ -158,7 +158,7 @@ void HttpInspect::show(const SnortConfig*) const
 
     ConfigLogger::log_limit("request_depth", params->request_depth, -1);
     ConfigLogger::log_limit("response_depth", params->response_depth, -1);
-    ConfigLogger::log_limit("partial_depth", params->partial_depth, -1, 0);
+    ConfigLogger::log_limit("partial_depth_body", params->partial_depth_body, -1, 0);
     ConfigLogger::log_flag("unzip", params->unzip);
     ConfigLogger::log_flag("normalize_utf", params->normalize_utf);
     ConfigLogger::log_flag("decompress_pdf", params->decompress_pdf);
diff --git a/src/service_inspectors/http_inspect/http_module.cc b/src/service_inspectors/http_inspect/http_module.cc
index a9749d9fa..551d29f59 100755
--- a/src/service_inspectors/http_inspect/http_module.cc
+++ b/src/service_inspectors/http_inspect/http_module.cc
@@ -52,7 +52,7 @@ const Parameter HttpModule::http_params[] =
     { "response_depth", Parameter::PT_INT, "-1:max53", "-1",
       "maximum response message body bytes to examine (-1 no limit)" },
 
-    { "partial_depth", Parameter::PT_INT, "-1:16384", "0",
+    { "partial_depth_body", Parameter::PT_INT, "-1:16384", "0",
       "maximum request body to send to early detection (0 disabled, -1 no limit)" },
 
     { "unzip", Parameter::PT_BOOL, nullptr, "true",
@@ -212,9 +212,9 @@ bool HttpModule::set(const char*, Value& val, SnortConfig*)
     {
         params->response_depth = val.get_int64();
     }
-    else if (val.is("partial_depth"))
+    else if (val.is("partial_depth_body"))
     {
-        params->partial_depth = val.get_int64();
+        params->partial_depth_body = val.get_int64();
     }
     else if (val.is("unzip"))
     {
diff --git a/src/service_inspectors/http_inspect/http_module.h b/src/service_inspectors/http_inspect/http_module.h
index c333a424e..546ce481b 100755
--- a/src/service_inspectors/http_inspect/http_module.h
+++ b/src/service_inspectors/http_inspect/http_module.h
@@ -49,7 +49,7 @@ public:
     ~HttpParaList();
     int64_t request_depth = -1;
     int64_t response_depth = -1;
-    int64_t partial_depth = 0;
+    int64_t partial_depth_body = 0;
 
     bool unzip = true;
     bool normalize_utf = true;
diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc
index 9db07ecef..2462a3bcf 100644
--- a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc
+++ b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc
@@ -218,8 +218,8 @@ StreamSplitter::Status HttpStreamSplitter::call_cutter(Flow* flow, HttpFlowData*
         }
 
         if (is_body(type) && source_id == SRC_CLIENT &&
-            (my_inspector->params->partial_depth == -1 ||
-             (cutter->get_octets_seen() < my_inspector->params->partial_depth && cutter->get_num_flush() == 0)))
+            (my_inspector->params->partial_depth_body == -1 ||
+             (cutter->get_octets_seen() < my_inspector->params->partial_depth_body && cutter->get_num_flush() == 0)))
         {
             static const uint64_t MAX_PARTIAL_FLUSH_COUNTER = 20;
             if (++session_data->partial_flush_counter == MAX_PARTIAL_FLUSH_COUNTER)