libhtp upgrade to handle responses first
libhtp would be having a feature upgrade/update where it would accept responses, as opposed to the current implementation where it can't handle response before request.
When such an upgrade comes through, we will have to configure our http parser to allow receiving http responses first.
#1 Updated by Anoop Saldanha over 5 years ago
Also we have currently inserted BUG_ON() inside our http parser that would be hit, if we end up seeing a response first. Currently this serves more as a debug to pick up any bugs in suricata's updated protocol detection.
Once the libhtp update comes in, this should go.
#3 Updated by Anoop Saldanha over 5 years ago
We should never go through this code sequence in the first place, i.e.
response gets sent first in case of http. If we do there's a very good
chance that we would segv in detection.
The main reason why I have it in dev branch is to catch any bugs or for
missed corner cases in the new protocol detection code. Makes it easier
to debug than catch a segv later in detection, as confirmed by the bug
reports form bug_989.