Fixing removal of support analyzers, plus some tweaking and cleanup of

CONNECT code. Removal of support analyzers was broken. The code now actually doesn't delete them immediately anymore but instead just flags them as disabled. They'll be destroyed with the parent analyzer later. Also includes a new leak tests exercising the CONNECT code. Lines starting # with '#' will be ignored, and an empty message aborts the commit. # On branch topic/robin/http-connect # Changes to be committed: # modified: scripts/base/protocols/http/main.bro # modified: scripts/base/protocols/ssl/consts.bro # modified: src/analyzer/Analyzer.cc # modified: src/analyzer/Analyzer.h # modified: src/analyzer/protocol/http/HTTP.cc # new file: testing/btest/core/leaks/http-connect.bro # modified: testing/btest/scripts/base/protocols/http/http-connect.bro # # Untracked files: # .tags # changes.txt # conn.log # debug.log # diff # mpls-in-vlan.patch # newfile.pcap # packet_filter.log # reporter.log # src/PktSrc.cc.orig # weird.log #
2025-10-16 13:38:19 +00:00 · 2014-03-02 13:52:32 -08:00 · 2014-03-02 13:52:32 -08:00 · 338d521003
commit 338d521003
parent dd0856a57f
7 changed files with 128 additions and 65 deletions
--- a/src/analyzer/protocol/http/HTTP.cc
+++ b/src/analyzer/protocol/http/HTTP.cc
@ -950,7 +950,7 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)

 	if ( pia )
 		{
-		// There will be a PIA instance if this connection has been identified 
+		// There will be a PIA instance if this connection has been identified
 		// as a connect proxy.
 		ForwardStream(len, data, is_orig);
 		return;
@ -1066,14 +1066,10 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)

 				HTTP_Reply();

-				InitHTTPMessage(content_line,
-						reply_message, is_orig,
-						ExpectReplyMessageBody(),
-						len);
-
 				if ( connect_request && reply_code == 200 )
 					{
 					pia = new pia::PIA_TCP(Conn());
+
 					if ( AddChildAnalyzer(pia) )
 						{
 						pia->FirstPacket(true, 0);
@ -1084,13 +1080,22 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
 						// need to be removed.
 						RemoveSupportAnalyzer(content_line_orig);
 						RemoveSupportAnalyzer(content_line_resp);
+
+						return;
 						}
+
 					else
 						{
+						// Shouldn't really happen.
+						delete pia;
 						pia = 0;
 						}
 					}

+				InitHTTPMessage(content_line,
+						reply_message, is_orig,
+						ExpectReplyMessageBody(),
+						len);
 				}
 			else
 				{
@ -1422,6 +1427,12 @@ void HTTP_Analyzer::HTTP_Request()
 	{
 	ProtocolConfirmation();

+	const char* method = (const char*) request_method->AsString()->Bytes();
+	int method_len = request_method->AsString()->Len();
+
+	if ( strcasecmp_n(method_len, method, "CONNECT") == 0 )
+		connect_request = true;
+
 	if ( http_request )
 		{
 		val_list* vl = new val_list;
@ -1436,9 +1447,6 @@ void HTTP_Analyzer::HTTP_Request()
 		// DEBUG_MSG("%.6f http_request\n", network_time);
 		ConnectionEvent(http_request, vl);
 		}
-
-	if ( strcasecmp_n(request_method->AsString()->Len(), (const char*) (request_method->AsString()->Bytes()), "CONNECT") == 0 )
-		connect_request = true;
 	}

 void HTTP_Analyzer::HTTP_Reply()