[Oisf-users] http transaction not logged if http post body > 2KB

Delta Yeh delta.yeh at gmail.com
Mon Jul 9 16:04:43 UTC 2012


sorry, my fault. This is a false alarm,
The request is logged and the body data is processed correctly by the callback.



2012/7/9 Victor Julien <victor at inliniac.net>:
> How are you determining that there is an issue? Both streams in your
> pcap are logged into the http.log for me.
>
> Cheers,
> Victor
>
> On 07/09/2012 05:19 PM, Delta Yeh wrote:
>> And in other tests, the output is:
>>
>>
>>
>> [21364] 9/7/2012 -- 11:14:58 - (app-layer-htp.c:1834) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> ===>HTPCallbackRequestBodyData<====
>> [21364] 9/7/2012 -- 11:14:58 - (app-layer-htp.c:1853) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> !!set up htud for HTPCallbackRequestBodyData!!
>> [21364] 9/7/2012 -- 11:14:58 - (app-layer-htp.c:1905) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> htud->request_body.content_len_so_far 0
>> [21364] 9/7/2012 -- 11:14:58 - (app-layer-htp.c:1906) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> hstate->request_body_limit 0
>> [21364] 9/7/2012 -- 11:14:58 - (app-layer-htp.c:1834) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> ===>HTPCallbackRequestBodyData<====
>> [21364] 9/7/2012 -- 11:14:58 - (app-layer-htp.c:1905) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> htud->request_body.content_len_so_far 1460
>> [21364] 9/7/2012 -- 11:14:58 - (app-layer-htp.c:1906) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> hstate->request_body_limit 0
>> [21364] 9/7/2012 -- 11:14:58 - (app-layer-htp.c:1834) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> ===>HTPCallbackRequestBodyData<====
>> [21364] 9/7/2012 -- 11:14:58 - (app-layer-htp.c:1905) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> htud->request_body.content_len_so_far 2920
>> [21364] 9/7/2012 -- 11:14:58 - (app-layer-htp.c:1906) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> hstate->request_body_limit 0
>> [21364] 9/7/2012 -- 11:14:58 - (app-layer-htp.c:1834) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> ===>HTPCallbackRequestBodyData<====
>> [21364] 9/7/2012 -- 11:14:58 - (app-layer-htp.c:1905) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> htud->request_body.content_len_so_far 4380
>> [21364] 9/7/2012 -- 11:14:58 - (app-layer-htp.c:1906) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> hstate->request_body_limit 0
>> [21364] 9/7/2012 -- 11:14:59 - (app-layer-htp.c:1834) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> ===>HTPCallbackRequestBodyData<====
>> [21364] 9/7/2012 -- 11:14:59 - (app-layer-htp.c:1853) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> !!set up htud for HTPCallbackRequestBodyData!!
>> [21364] 9/7/2012 -- 11:14:59 - (app-layer-htp.c:1905) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> htud->request_body.content_len_so_far 0
>> [21364] 9/7/2012 -- 11:14:59 - (app-layer-htp.c:1906) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> hstate->request_body_limit 0
>> [21364] 9/7/2012 -- 11:14:59 - (app-layer-htp.c:1834) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> ===>HTPCallbackRequestBodyData<====
>> [21364] 9/7/2012 -- 11:14:59 - (app-layer-htp.c:1905) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> htud->request_body.content_len_so_far 1460
>> [21364] 9/7/2012 -- 11:14:59 - (app-layer-htp.c:1906) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> hstate->request_body_limit 0
>> [21364] 9/7/2012 -- 11:14:59 - (app-layer-htp.c:1834) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> ===>HTPCallbackRequestBodyData<====
>> [21364] 9/7/2012 -- 11:14:59 - (app-layer-htp.c:1905) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> htud->request_body.content_len_so_far 2920
>> [21364] 9/7/2012 -- 11:14:59 - (app-layer-htp.c:1906) <Error>
>> (HTPCallbackRequestBodyData) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] -
>> hstate->request_body_limit 0
>>
>>
>> the wget command output is
>>
>> colinux:~/tmp# wget -d http://192.168.1.1/news/search.asp
>> --post-file=/root/tmp/post.txt
>> Setting --post-file (postfile) to /root/tmp/post.txt
>> DEBUG output created by Wget 1.12 on linux-gnu.
>>
>> --2012-07-09 11:14:58--  http://192.168.1.1/news/search.asp
>> Connecting to 192.168.1.1:80... connected.
>> Created socket 3.
>> Releasing 0x080a2ac8 (new refcount 0).
>> Deleting unused 0x080a2ac8.
>>
>> ---request begin---
>> POST /news/search.asp HTTP/1.0
>> User-Agent: Wget/1.12 (linux-gnu)
>> Accept: */*
>> Host: 192.168.1.1
>> Connection: Keep-Alive
>> Content-Type: application/x-www-form-urlencoded
>> Content-Length: 6188
>>
>> ---request end---
>> [writing POST file /root/tmp/post.txt ... done]
>> HTTP request sent, awaiting response... No data received.
>> Closed fd 3
>> Retrying.
>>
>> --2012-07-09 11:14:59--  (try: 2)  http://192.168.1.1/news/search.asp
>> Connecting to 192.168.1.1:80... connected.
>> Created socket 3.
>> Releasing 0x080a2898 (new refcount 0).
>> Deleting unused 0x080a2898.
>>
>> ---request begin---
>> POST /news/search.asp HTTP/1.0
>> User-Agent: Wget/1.12 (linux-gnu)
>> Accept: */*
>> Host: 192.168.1.1
>> Connection: Keep-Alive
>> Content-Type: application/x-www-form-urlencoded
>> Content-Length: 6188
>>
>> ---request end---
>> [writing POST file /root/tmp/post.txt ... done]
>> HTTP request sent, awaiting response...
>> ---response begin---
>> HTTP/1.1 200 Ok
>> Server: micro_httpd
>> Cache-Control: no-cache
>> Date: Mon, 09 Jul 2012 23:14:57 GMT
>> Set-Cookie: Name=; path=/
>> Content-Type: text/html
>> Connection: close
>>
>> ---response end---
>> 200 Ok
>>
>
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
>
>



More information about the Oisf-users mailing list