http: Use libhtp-rs.

Ticket: OISF#2696 There are a lot of changes here, which are described below. In general these changes are renaming constants to conform to the libhtp-rs versions (which are generated by cbindgen); making all htp types opaque and changing struct->member references to htp_struct_member() function calls; and a handful of changes to offload functionality onto libhtp-rs from suricata, such as URI normalization and transaction cleanup. Constants renamed to correspond to cbindgen generated names: HTP_OK => HTP_STATUS_OK HTP_ERROR => HTP_STATUS_ERROR HTP_SERVER_* => HTP_SERVER_PERSONALITY_* HTP_REQUEST_INVALID_T_E => HTP_FLAGS_REQUEST_INVALID_T_E HTP_REQUEST_INVALID_C_L => HTP_FLAGS_REQUEST_INVALID_C_L HTP_HOST_MISSING => HTP_FLAGS_HOST_MISSING HTP_HOST_AMBIGUOUS => HTP_FLAGS_HOST_AMBIGUOUS HTP_HOSTU_INVALID => HTP_FLAGS_HOSTU_INVALID HTP_HOSTH_INVALID => HTP_FLAGS_HOSTH_INVALID HTP_AUTH_UNRECOGNIZED => HTP_AUTH_TYPE_UNRECOGNIZED HTP_M_UNKNOWN => HTP_METHOD_UNKNOWN HTP_M_GET => HTP_METHOD_GET HTP_M_POST => HTP_METHOD_POST HTP_M_PUT => HTP_METHOD_PUT HTP_M_CONNECT => HTP_METHOD_CONNECT HTP_STREAM_ERROR => HTP_STREAM_STATE_ERROR HTP_STREAM_TUNNEL => HTP_STREAM_STATE_TUNNEL HTP_REQUEST_LINE => HTP_REQUEST_PROGRESS_LINE HTP_REQUEST_HEADERS => HTP_REQUEST_PROGRESS_HEADERS HTP_REQUEST_BODY => HTP_REQUEST_PROGRESS_BODY HTP_REQUEST_TRAILER => HTP_REQUEST_PROGRESS_TRAILER HTP_REQUEST_COMPLETE => HTP_REQUEST_PROGRESS_COMPLETE HTP_RESPONSE_LINE => HTP_RESPONSE_PROGRESS_LINE HTP_RESPONSE_HEADERS => HTP_RESPONSE_PROGRESS_HEADERS HTP_RESPONSE_BODY => HTP_RESPONSE_PROGRESS_BODY HTP_RESPONSE_TRAILER => HTP_RESPONSE_PROGRESS_TRAILER HTP_RESPONSE_COMPLETE => HTP_RESPONSE_PROGRESS_COMPLETE HTP_PROTOCOL_1_1 => HTP_PROTOCOL_V1_1 HTP_PROTOCOL_1_0 => HTP_PROTOCOL_V1_0 HTP_PROTOCOL_0_9 => HTP_PROTOCOL_V0_9 Functions introduced to handle opaque htp_tx_t: - tx->cfg => htp_tx_cfg(tx) - tx->flags => htp_tx_flags(tx) - tx->is_protocol_0_9 => htp_tx_is_protocol_0_9(tx) - tx->parsed_uri => htp_tx_parsed_uri(tx) - tx->parsed_uri->path => htp_uri_path(htp_tx_parsed_uri(tx) - tx->parsed_uri->hostname => htp_uri_hostname(htp_tx_parsed_uri(tx)) - tx->request_auth_type => htp_tx_request_auth_type(tx) - tx->request_headers => htp_tx_request_headers(tx) - tx->request_hostname => htp_tx_request_hostname(tx) - tx->request_line => htp_tx_request_line(tx) - tx->request_message_len => htp_tx_request_message_len(tx) - tx->request_method => htp_tx_request_method(tx) - tx->request_method_number => htp_tx_request_method_number(tx) - tx->request_port_number => htp_tx_request_port_number(tx) - tx->request_progress => htp_tx_request_progress(tx) - tx->request_protocol => htp_tx_request_protocol(tx) - tx->request_protocol_number => htp_tx_request_protocol_number(tx) - tx->request_uri => htp_tx_request_uri(tx) - tx->response_headers => htp_tx_response_headers(tx) - tx->response_line => htp_tx_response_line(tx) - tx->response_message => htp_tx_response_message(tx) - tx->response_message_len => htp_tx_response_message_len(tx) - tx->response_status => htp_tx_response_status(tx) - tx->response_status_number => htp_tx_response_status_number(tx) - tx->response_progress => htp_tx_response_progress(tx) - tx->response_protocol_number => htp_tx_response_protocol_number(tx) - htp_tx_get_user_data() => htp_tx_user_data(tx) - htp_table_get_c(tx->request_headers, header) => htp_tx_request_header(tx, header) - htp_table_get_c(tx->response_headers, header) => htp_tx_response_header(tx, header) - htp_table_get_index(tx->request_headers, index) => htp_tx_request_header_index(tx, index) - htp_table_size(tx->request_headers) => htp_tx_request_headers_size(tx) - htp_tx_is_http_2_upgrade(tx) convenience function introduced to detect response status 101 and “Upgrade: h2c" header. Functions introduced to handle opaque htp_header_t: - header->name => htp_header_name(header) - bstr_ptr(header->name) => htp_header_name_ptr(header) - bstr_len(header->name) => htp_header_name_len(header) - header->value => htp_header_value(header) - bstr_len(header->value) => htp_header_value_len(header) - bstr_ptr(header->value) => htp_header_value_ptr(header) Functions introduced to handle opaque htp_headers_t: - htp_table_size(headers) => htp_headers_size(headers) - htp_table_get_index(headers, index) => htp_headers_get_index(headers, index) Functions introduced to handle opaque htp_tx_data_t: - d->len => htp_tx_data_len() - d->data => htp_tx_data_data() - htp_tx_data_tx(data) function to get the htp_tx_t from the htp_tx_data_t - htp_tx_data_is_empty(data) convenience function introduced to test if the data is empty. Functions introduced to handle opaque htp_connp_t: - htp_list_get(connp->transactions, txid) => htp_connp_tx(connp, txid) - htp_list_size(http_state->conn->transactions) => htp_connp_tx_size(connp) - htp_connp_get_connection(connp) => htp_connp_connection(connp) - htp_connp_req_data(connp) => htp_connp_request_data(connp) - htp_connp_req_close(connp) => htp_connp_request_close(connp) - htp_connp_res_data(connp) => htp_connp_response_data(connp) - htp_connp_get_jn_tx(connp) => htp_connp_get_request_tx(connp) - htp_connp_get_out_tx(connp) => htp_connp_get_response_tx(connp) - htp_connp_req_data_consumed(connp) => htp_connp_request_data_consumed(connp) - htp_connp_res_data_consumed(connp) => htp_connp_response_data_consumed(connp) - htp_connp_get_user_data(connp) => htp_connp_user_data(connp) Functions introduced to handle opaque htp_conn_t: - conn->in_data_counter => htp_conn_request_data_counter(conn) - conn->out_data_counter => htp_conn_response_data_counter(conn) Other changes: Build libhtp-rs as a crate inside rust. Update autoconf to no longer use libhtp as an external dependency. Remove HAVE_HTP feature defines since they are no longer needed. Make function arguments and return values const where possible htp_tx_destroy(tx) will now free an incomplete transaction htp_time_t replaced with standard struct timeval Callbacks from libhtp now provide the htp_connp_t and the htp_tx_data_t as separate arguments. This means the connection parser is no longer fetched from the transaction inside callbacks. SCHTPGenerateNormalizedUri() functionality moved inside libhtp-rs, which now provides normalized URI values. The normalized URI is available with accessor function: htp_tx_normalized_uri() Configuration settings added to control the behaviour of the URI normalization: - htp_config_set_normalized_uri_include_all() - htp_config_set_plusspace_decode() - htp_config_set_convert_lowercase() - htp_config_set_double_decode_normalized_query() - htp_config_set_double_decode_normalized_path() - htp_config_set_backslash_convert_slashes() - htp_config_set_bestfit_replacement_byte() - htp_config_set_convert_lowercase() - htp_config_set_nul_encoded_terminates() - htp_config_set_nul_raw_terminates() - htp_config_set_path_separators_compress() - htp_config_set_path_separators_decode() - htp_config_set_u_encoding_decode() - htp_config_set_url_encoding_invalid_handling() - htp_config_set_utf8_convert_bestfit() - htp_config_set_normalized_uri_include_all() - htp_config_set_plusspace_decode() Constants related to configuring uri normalization: - HTP_URL_DECODE_PRESERVE_PERCENT => HTP_URL_ENCODING_HANDLING_PRESERVE_PERCENT - HTP_URL_DECODE_REMOVE_PERCENT => HTP_URL_ENCODING_HANDLING_REMOVE_PERCENT - HTP_URL_DECODE_PROCESS_INVALID => HTP_URL_ENCODING_HANDLING_PROCESS_INVALID htp_config_set_field_limits(soft_limit, hard_limit) changed to htp_config_set_field_limit(limit) because libhtp didn't implement soft limits. libhtp logging API updated to provide HTP_LOG_CODE constants along with the message. This eliminates the need to perform string matching on message text to map log messages to HTTP_DECODER_EVENT values, and the HTP_LOG_CODE values can be used directly. In support of this, HTP_DECODER_EVENT values are mapped to their corresponding HTP_LOG_CODE values: HTTP_DECODER_EVENT_UNKNOWN_ERROR => HTP_LOG_CODE_UNKNOWN HTTP_DECODER_EVENT_GZIP_DECOMPRESSION_FAILED => HTP_LOG_CODE_GZIP_DECOMPRESSION_FAILED HTTP_DECODER_EVENT_REQUEST_FIELD_MISSING_COLON => HTP_LOG_CODE_REQUEST_FIELD_MISSING_COLON HTTP_DECODER_EVENT_RESPONSE_FIELD_MISSING_COLON => HTP_LOG_CODE_RESPONSE_FIELD_MISSING_COLON HTTP_DECODER_EVENT_INVALID_REQUEST_CHUNK_LEN => HTP_LOG_CODE_INVALID_REQUEST_CHUNK_LEN HTTP_DECODER_EVENT_INVALID_RESPONSE_CHUNK_LEN => HTP_LOG_CODE_INVALID_RESPONSE_CHUNK_LEN HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_REQUEST => HTP_LOG_CODE_INVALID_TRANSFER_ENCODING_VALUE_IN_REQUEST HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_RESPONSE => HTP_LOG_CODE_INVALID_TRANSFER_ENCODING_VALUE_IN_RESPONSE HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_REQUEST => HTP_LOG_CODE_INVALID_CONTENT_LENGTH_FIELD_IN_REQUEST HTTP_DECODER_EVENT_INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE => HTP_LOG_CODE_INVALID_CONTENT_LENGTH_FIELD_IN_RESPONSE HTTP_DECODER_EVENT_DUPLICATE_CONTENT_LENGTH_FIELD_IN_REQUEST => HTP_LOG_CODE_DUPLICATE_CONTENT_LENGTH_FIELD_IN_REQUEST HTTP_DECODER_EVENT_DUPLICATE_CONTENT_LENGTH_FIELD_IN_RESPONSE => HTP_LOG_CODE_DUPLICATE_CONTENT_LENGTH_FIELD_IN_RESPONSE HTTP_DECODER_EVENT_100_CONTINUE_ALREADY_SEEN => HTP_LOG_CODE_CONTINUE_ALREADY_SEEN HTTP_DECODER_EVENT_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST => HTP_LOG_CODE_UNABLE_TO_MATCH_RESPONSE_TO_REQUEST HTTP_DECODER_EVENT_INVALID_SERVER_PORT_IN_REQUEST => HTP_LOG_CODE_INVALID_SERVER_PORT_IN_REQUEST HTTP_DECODER_EVENT_INVALID_AUTHORITY_PORT => HTP_LOG_CODE_INVALID_AUTHORITY_PORT HTTP_DECODER_EVENT_REQUEST_HEADER_INVALID => HTP_LOG_CODE_REQUEST_HEADER_INVALID HTTP_DECODER_EVENT_RESPONSE_HEADER_INVALID => HTP_LOG_CODE_RESPONSE_HEADER_INVALID HTTP_DECODER_EVENT_MISSING_HOST_HEADER => HTP_LOG_CODE_MISSING_HOST_HEADER HTTP_DECODER_EVENT_HOST_HEADER_AMBIGUOUS => HTP_LOG_CODE_HOST_HEADER_AMBIGUOUS HTTP_DECODER_EVENT_INVALID_REQUEST_FIELD_FOLDING => HTP_LOG_CODE_INVALID_REQUEST_FIELD_FOLDING HTTP_DECODER_EVENT_INVALID_RESPONSE_FIELD_FOLDING => HTP_LOG_CODE_INVALID_RESPONSE_FIELD_FOLDING HTTP_DECODER_EVENT_REQUEST_FIELD_TOO_LONG => HTP_LOG_CODE_REQUEST_FIELD_TOO_LONG HTTP_DECODER_EVENT_RESPONSE_FIELD_TOO_LONG => HTP_LOG_CODE_RESPONSE_FIELD_TOO_LONG HTTP_DECODER_EVENT_FILE_NAME_TOO_LONG => HTP_LOG_CODE_REQUEST_LINE_INVALID HTTP_DECODER_EVENT_REQUEST_LINE_INVALID => HTP_LOG_CODE_REQUEST_BODY_UNEXPECTED HTTP_DECODER_EVENT_REQUEST_BODY_UNEXPECTED => HTP_LOG_CODE_RESPONSE_BODY_UNEXPECTED HTTP_DECODER_EVENT_REQUEST_SERVER_PORT_TCP_PORT_MISMATCH => HTP_LOG_CODE_REQUEST_SERVER_PORT_TCP_PORT_MISMATCH HTTP_DECODER_EVENT_URI_HOST_INVALID => HTP_LOG_CODE_URI_HOST_INVALID HTTP_DECODER_EVENT_HEADER_HOST_INVALID => HTP_LOG_CODE_HEADER_HOST_INVALID HTTP_DECODER_EVENT_AUTH_UNRECOGNIZED => HTP_LOG_CODE_AUTH_UNRECOGNIZED HTTP_DECODER_EVENT_REQUEST_HEADER_REPETITION => HTP_LOG_CODE_REQUEST_HEADER_REPETITION HTTP_DECODER_EVENT_RESPONSE_HEADER_REPETITION => HTP_LOG_CODE_RESPONSE_HEADER_REPETITION HTTP_DECODER_EVENT_DOUBLE_ENCODED_URI => HTP_LOG_CODE_DOUBLE_ENCODED_URI HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT => HTP_LOG_CODE_URI_DELIM_NON_COMPLIANT HTTP_DECODER_EVENT_METHOD_DELIM_NON_COMPLIANT => HTP_LOG_CODE_METHOD_DELIM_NON_COMPLIANT HTTP_DECODER_EVENT_REQUEST_LINE_LEADING_WHITESPACE => HTP_LOG_CODE_REQUEST_LINE_LEADING_WHITESPACE HTTP_DECODER_EVENT_TOO_MANY_ENCODING_LAYERS => HTP_LOG_CODE_TOO_MANY_ENCODING_LAYERS HTTP_DECODER_EVENT_ABNORMAL_CE_HEADER => HTP_LOG_CODE_ABNORMAL_CE_HEADER HTTP_DECODER_EVENT_RESPONSE_MULTIPART_BYTERANGES => HTP_LOG_CODE_RESPONSE_MULTIPART_BYTERANGES HTTP_DECODER_EVENT_RESPONSE_ABNORMAL_TRANSFER_ENCODING => HTP_LOG_CODE_RESPONSE_ABNORMAL_TRANSFER_ENCODING HTTP_DECODER_EVENT_RESPONSE_CHUNKED_OLD_PROTO => HTP_LOG_CODE_RESPONSE_CHUNKED_OLD_PROTO HTTP_DECODER_EVENT_RESPONSE_INVALID_PROTOCOL => HTP_LOG_CODE_RESPONSE_INVALID_PROTOCOL HTTP_DECODER_EVENT_RESPONSE_INVALID_STATUS => HTP_LOG_CODE_RESPONSE_INVALID_STATUS HTTP_DECODER_EVENT_REQUEST_LINE_INCOMPLETE => HTP_LOG_CODE_REQUEST_LINE_INCOMPLETE HTTP_DECODER_EVENT_LZMA_MEMLIMIT_REACHED => HTP_LOG_CODE_LZMA_MEMLIMIT_REACHED HTTP_DECODER_EVENT_COMPRESSION_BOMB => HTP_LOG_CODE_COMPRESSION_BOMB New log events to describe additional anomalies: HTP_LOG_CODE_REQUEST_TOO_MANY_LZMA_LAYERS HTP_LOG_CODE_RESPONSE_TOO_MANY_LZMA_LAYERS HTP_LOG_CODE_PROTOCOL_CONTAINS_EXTRA_DATA HTP_LOG_CODE_CONTENT_LENGTH_EXTRA_DATA_START HTP_LOG_CODE_CONTENT_LENGTH_EXTRA_DATA_END HTP_LOG_CODE_SWITCHING_PROTO_WITH_CONTENT_LENGTH HTP_LOG_CODE_DEFORMED_EOL HTP_LOG_CODE_PARSER_STATE_ERROR HTP_LOG_CODE_MISSING_OUTBOUND_TRANSACTION_DATA HTP_LOG_CODE_MISSING_INBOUND_TRANSACTION_DATA HTP_LOG_CODE_ZERO_LENGTH_DATA_CHUNKS HTP_LOG_CODE_REQUEST_LINE_UNKNOWN_METHOD HTP_LOG_CODE_REQUEST_LINE_UNKNOWN_METHOD_NO_PROTOCOL HTP_LOG_CODE_REQUEST_LINE_UNKNOWN_METHOD_INVALID_PROTOCOL HTP_LOG_CODE_REQUEST_LINE_NO_PROTOCOL HTP_LOG_CODE_RESPONSE_LINE_INVALID_PROTOCOL HTP_LOG_CODE_RESPONSE_LINE_INVALID_RESPONSE_STATUS HTP_LOG_CODE_RESPONSE_BODY_INTERNAL_ERROR HTP_LOG_CODE_REQUEST_BODY_DATA_CALLBACK_ERROR HTP_LOG_CODE_RESPONSE_INVALID_EMPTY_NAME HTP_LOG_CODE_REQUEST_INVALID_EMPTY_NAME HTP_LOG_CODE_RESPONSE_INVALID_LWS_AFTER_NAME HTP_LOG_CODE_RESPONSE_HEADER_NAME_NOT_TOKEN HTP_LOG_CODE_REQUEST_INVALID_LWS_AFTER_NAME HTP_LOG_CODE_LZMA_DECOMPRESSION_DISABLED HTP_LOG_CODE_CONNECTION_ALREADY_OPEN HTP_LOG_CODE_COMPRESSION_BOMB_DOUBLE_LZMA HTP_LOG_CODE_INVALID_CONTENT_ENCODING HTP_LOG_CODE_INVALID_GAP HTP_LOG_CODE_ERROR The new htp_log API supports consuming log messages more easily than walking a list and tracking the current offset. Internally, libhtp-rs now provides log messages as a queue of htp_log_t, which means the application can simply call htp_conn_next_log() to fetch the next log message until the queue is empty. Once the application is done with a log message, they can call htp_log_free() to dispose of it. Functions supporting htp_log_t: htp_conn_next_log(conn) - Get the next log message htp_log_message(log) - To get the text of the message htp_log_code(log) - To get the HTP_LOG_CODE value htp_log_free(log) - To free the htp_log_t
cccs-rtmorti · Feb 6, 2023 · 481594f · 481594f
1 parent d9e6301
commit 481594f
Show file tree

Hide file tree

Showing 64 changed files with 1,182 additions and 1,911 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -17,6 +17,3 @@ Describe changes:
 #suricata-update-pr:
 #suricata-update-repo:
 #suricata-update-branch:
-#libhtp-pr:
-#libhtp-repo:
-#libhtp-branch:
diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml
@@ -7,10 +7,6 @@ on:
 permissions: read-all
 
 env:
-  DEFAULT_LIBHTP_REPO: https://github.com/OISF/libhtp
-  DEFAULT_LIBHTP_BRANCH: 0.5.x
-  DEFAULT_LIBHTP_PR:
-
   DEFAULT_SU_REPO: https://github.com/OISF/suricata-update
   DEFAULT_SU_BRANCH: master
   DEFAULT_SU_PR:
@@ -54,10 +50,6 @@ jobs:
               echo "Parsing branch and PR info from:"
               echo "${body}"
 
-              libhtp_repo=$(echo "${body}" | awk '/^libhtp-repo/ { print $2 }')
-              libhtp_branch=$(echo "${body}" | awk '/^libhtp-branch/ { print $2 }')
-              libhtp_pr=$(echo "${body}" | awk '/^libhtp-pr/ { print $2 }')
-
               su_repo=$(echo "${body}" | awk '/^suricata-update-repo/ { print $2 }')
               su_branch=$(echo "${body}" | awk '/^suricata-update-branch/ { print $2 }')
               su_pr=$(echo "${body}" | awk '/^suricata-update-pr/ { print $2 }')
@@ -68,10 +60,6 @@ jobs:
           else
               echo "PR_HREF is empty"
           fi
-          echo "libhtp_repo=${libhtp_repo:-${DEFAULT_LIBHTP_REPO}}" >> $GITHUB_ENV
-          echo "libhtp_branch=${libhtp_branch:-${DEFAULT_LIBHTP_BRANCH}}" >> $GITHUB_ENV
-          echo "libhtp_pr=${libhtp_pr:-${DEFAULT_LIBHTP_PR}}" >> $GITHUB_ENV
-
           echo "su_repo=${su_repo:-${DEFAULT_SU_REPO}}" >> $GITHUB_ENV
           echo "su_branch=${su_branch:-${DEFAULT_SU_BRANCH}}" >> $GITHUB_ENV
           echo "su_pr=${su_pr:-${DEFAULT_SU_PR}}" >> $GITHUB_ENV
@@ -81,25 +69,12 @@ jobs:
           echo "sv_pr=${sv_pr:-${DEFAULT_SV_PR}}" >> $GITHUB_ENV
       - name: Annotate output
         run: |
-          echo "::notice:: LIBHTP_REPO=${libhtp_repo}"
-          echo "::notice:: LIBHTP_BRANCH=${libhtp_branch}"
-          echo "::notice:: LIBHTP_PR=${libhtp_pr}"
           echo "::notice:: SU_REPO=${su_repo}"
           echo "::notice:: SU_BRANCH=${su_branch}"
           echo "::notice:: SU_PR=${su_pr}"
           echo "::notice:: SV_REPO=${sv_repo}"
           echo "::notice:: SV_BRANCH=${sv_branch}"
           echo "::notice:: SV_PR=${sv_pr}"
-      - name: Fetching libhtp
-        run: |
-          git clone --depth 1 ${libhtp_repo} -b ${libhtp_branch} libhtp
-          if [[ "${libhtp_pr}" != "" ]]; then
-              cd libhtp
-              git fetch origin pull/${libhtp_pr}/head:prep
-              git checkout prep
-              cd ..
-          fi
-          tar zcf libhtp.tar.gz libhtp
       - name: Fetching suricata-update
         run: |
           git clone --depth 1 ${su_repo} -b ${su_branch} suricata-update
@@ -124,7 +99,7 @@ jobs:
           fi
           tar zcf suricata-verify.tar.gz suricata-verify
       - name: Cleaning up
-        run: rm -rf libhtp suricata-update suricata-verify
+        run: rm -rf suricata-update suricata-verify
       - name: Uploading prep archive
         uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
         with:
@@ -183,7 +158,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xvf prep/libhtp.tar.gz
       - run: tar xvf prep/suricata-update.tar.gz
       - run: tar xvf prep/suricata-verify.tar.gz
       - name: Setup cbindgen
@@ -297,7 +271,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xvf prep/libhtp.tar.gz
       - run: tar xvf prep/suricata-update.tar.gz
       - run: tar xvf prep/suricata-verify.tar.gz
       - name: Install system packages
@@ -398,7 +371,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xvf prep/libhtp.tar.gz
       - run: tar xvf prep/suricata-update.tar.gz
       - run: tar xvf prep/suricata-verify.tar.gz
       - name: Setup cbindgen
@@ -638,7 +610,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - run: tar xf prep/suricata-update.tar.gz
       - name: Setup cbindgen
         run: |
@@ -733,7 +704,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - run: tar xf prep/suricata-update.tar.gz
       - name: Setup cbindgen
         run: |
@@ -820,7 +790,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - run: tar xf prep/suricata-update.tar.gz
       - run: tar xf prep/suricata-verify.tar.gz
       - run: mkdir /home/suricata/suricata
@@ -901,7 +870,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - run: tar xf prep/suricata-update.tar.gz
       - name: Setup cbindgen
         run: |
@@ -996,7 +964,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - name: Setup cbindgen
         run: |
           mkdir -p $HOME/.cargo/bin
@@ -1074,7 +1041,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - name: Setup cbindgen
         run: |
           mkdir -p $HOME/.cargo/bin
@@ -1115,14 +1081,6 @@ jobs:
           CARGO_INCREMENTAL: 0
       - run: llvm-profdata-14 merge -o ct.profdata /tmp/ct.profraw
       - run: llvm-cov-14 show $(find rust/target/debug/deps/ -type f -regex 'rust/target/debug/deps/suricata\-[a-z0-9]+$') -instr-profile=ct.profdata --show-instantiations --ignore-filename-regex="^/root/.*" >> coverage.txt
-      - run: |
-          cd libhtp
-          make test
-          cd ..
-        env:
-          LLVM_PROFILE_FILE: "/tmp/htp-test.profraw"
-      - run: llvm-profdata-14 merge -o htp-test.profdata /tmp/htp-test.profraw
-      - run: llvm-cov-14 show libhtp/test/test_all -instr-profile=htp-test.profdata --show-instantiations --ignore-filename-regex="^/root/.*" >> coverage.txt
       - name: Upload coverage to Codecov
         uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
         with:
@@ -1194,7 +1152,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - name: Setup cbindgen
         run: |
           mkdir -p $HOME/.cargo/bin
@@ -1282,7 +1239,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - run: tar xf prep/suricata-update.tar.gz
       - name: Setup cbindgen
         run: |
@@ -1429,7 +1385,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - name: Setup cbindgen
         run: |
           mkdir -p $HOME/.cargo/bin
@@ -1515,7 +1470,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - name: Setup cbindgen
         run: |
           mkdir -p $HOME/.cargo/bin
@@ -1593,7 +1547,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - name: Setup cbindgen
         run: |
           mkdir -p $HOME/.cargo/bin
@@ -1690,7 +1643,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - name: Setup cbindgen
         run: |
           mkdir -p $HOME/.cargo/bin
@@ -1758,7 +1710,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - run: tar xf prep/suricata-update.tar.gz
       - name: Setup cbindgen
         run: |
@@ -1828,7 +1779,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - run: tar xf prep/suricata-update.tar.gz
       - name: Setup cbindgen
         run: |
@@ -1884,13 +1834,11 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xvf prep/libhtp.tar.gz
       - run: tar xvf prep/suricata-update.tar.gz
       - run: ./autogen.sh
       - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests
       - run: make -j2
-      # somehow it gets included by some C++ stdlib header (case unsensitive)
-      - run: rm libhtp/VERSION && make check
+      - run: make check
       - run: tar xf prep/suricata-verify.tar.gz
       - name: Running suricata-verify
         run: python3 ./suricata-verify/run.py -q
@@ -1926,7 +1874,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - run: tar xf prep/suricata-update.tar.gz
       - name: Npcap DLL
         run: |
@@ -1982,7 +1929,6 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
       - run: tar xf prep/suricata-update.tar.gz
       - run: tar xf prep/suricata-verify.tar.gz
       - name: Build

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -43,7 +43,6 @@ jobs:
        sudo apt-get install libjansson-dev
        sudo apt-get install libpcap-dev
        sudo apt-get install libnuma-dev
-       git clone --depth 1 https://github.com/OISF/libhtp.git
        cargo install cbindgen
        export PATH=/opt/work/.cargo/bin:$PATH
         chmod +x autogen.sh

diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml
@@ -77,7 +77,6 @@ jobs:
       # The action above is supposed to do this for us, but it doesn't appear to stick.
       - run: /usr/bin/git config --global --add safe.directory /__w/suricata/suricata
       - run: git fetch
-      - run: git clone https://github.com/OISF/libhtp -b 0.5.x
       - name: Building all commits
         run: |
           echo "Building commits from ${GITHUB_BASE_REF}."

diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml
@@ -125,7 +125,6 @@ jobs:
               echo "No github merge commit found"
           fi
         shell: bash {0}
-      - run: git clone https://github.com/OISF/libhtp -b 0.5.x
       - run: ./autogen.sh
       - run: ./configure --enable-unittests
       - name: Check formatting

diff --git a/.lgtm.yml b/.lgtm.yml
@@ -11,10 +11,9 @@ extraction:
         - libnuma-dev
         - libpcap-dev
     after_prepare:
-      - git clone --depth 1 https://github.com/OISF/libhtp.git
       - cargo install cbindgen
       - export PATH=/opt/work/.cargo/bin:$PATH
       - chmod +x autogen.sh
       - ./autogen.sh
       - ./configure
-      - make
+      - make
diff --git a/Makefile.am b/Makefile.am
@@ -47,7 +47,7 @@ endif
 	@echo "You can now start suricata by running as root something like:"
 	@echo "  $(DESTDIR)$(bindir)/suricata -c $(DESTDIR)$(e_sysconfdir)suricata.yaml -i eth0"
 	@echo ""
-	@echo "If a library like libhtp.so is not found, you can run suricata with:"
+	@echo "If a shared library is not found, you can add library paths with:"
 	@echo "  LD_LIBRARY_PATH="$(DESTDIR)$(prefix)/lib" "$(DESTDIR)$(bindir)/suricata" -c "$(DESTDIR)$(e_sysconfdir)suricata.yaml" -i eth0"
 	@echo ""
 	@echo "The Emerging Threats Open rules are now installed. Rules can be"