From 6c6e6321fcba84725a5237178e81b450b2bf1a82 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 7 Jun 2010 12:19:29 +0200 Subject: [PATCH] Fix HTTP HEAD detection code. --- src/app-layer-detect-proto.c | 8 ++++---- src/log-httplog.c | 17 ++--------------- 2 files changed, 6 insertions(+), 19 deletions(-) diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c index f381fb8820..dbe5af434f 100644 --- a/src/app-layer-detect-proto.c +++ b/src/app-layer-detect-proto.c @@ -338,8 +338,8 @@ void AppLayerDetectProtoThreadInit(void) { AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "PUT|09|", 4, 0, STREAM_TOSERVER); AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "POST|20|", 5, 0, STREAM_TOSERVER); AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "POST|09|", 5, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|20|", 4, 0, STREAM_TOSERVER); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|09|", 4, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|20|", 5, 0, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|09|", 5, 0, STREAM_TOSERVER); AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "TRACE|20|", 6, 0, STREAM_TOSERVER); AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "TRACE|09|", 6, 0, STREAM_TOSERVER); AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS|20|", 8, 0, STREAM_TOSERVER); @@ -406,8 +406,8 @@ void AppLayerDetectProtoThreadInit(void) { AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER); /** SMB2 */ - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe 53 4d 42|", 4, 4, STREAM_TOCLIENT); - AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe 53 4d 42|", 4, 4, STREAM_TOSERVER); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 4, 4, STREAM_TOCLIENT); + AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 4, 4, STREAM_TOSERVER); /** DCERPC */ AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_DCERPC, "|05 00|", 2, 0, STREAM_TOCLIENT); diff --git a/src/log-httplog.c b/src/log-httplog.c index 84c76f97bb..a05bffa9e3 100644 --- a/src/log-httplog.c +++ b/src/log-httplog.c @@ -151,18 +151,12 @@ TmEcode LogHttpLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, P CreateTimeString(&p->ts, timebuf, sizeof(timebuf)); char srcip[16], dstip[16]; - Port sp; - Port dp; if ((PKT_IS_TOSERVER(p))) { inet_ntop(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip)); inet_ntop(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip)); - sp = p->sp; - dp = p->dp; } else { inet_ntop(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), srcip, sizeof(srcip)); inet_ntop(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), dstip, sizeof(dstip)); - sp = p->dp; - dp = p->sp; } SCMutexLock(&aft->file_ctx->fp_mutex); @@ -210,7 +204,7 @@ TmEcode LogHttpLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, P /* ip/tcp header info */ fprintf(aft->file_ctx->fp, " [**] %s:%" PRIu32 " -> %s:%" PRIu32 "\n", - srcip, sp, dstip, dp); + srcip, p->sp, dstip, p->dp); aft->uri_cnt ++; @@ -268,19 +262,12 @@ TmEcode LogHttpLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, P CreateTimeString(&p->ts, timebuf, sizeof(timebuf)); char srcip[46], dstip[46]; - Port sp; - Port dp; - if ((PKT_IS_TOSERVER(p))) { inet_ntop(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip)); inet_ntop(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip)); - sp = p->sp; - dp = p->dp; } else { inet_ntop(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip)); inet_ntop(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip)); - sp = p->dp; - dp = p->sp; } SCMutexLock(&aft->file_ctx->fp_mutex); for (idx = logged; idx < loggable; idx++) @@ -327,7 +314,7 @@ TmEcode LogHttpLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, P /* ip/tcp header info */ fprintf(aft->file_ctx->fp, " [**] %s:%" PRIu32 " -> %s:%" PRIu32 "\n", - srcip, sp, dstip, dp); + srcip, p->sp, dstip, p->dp); aft->uri_cnt++;