aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '25f696106c'
${ noResults }
suricata/src/stream-tcp-reassemble.c

582 lines
24 KiB
C
Raw Normal View History Unescape Escape

Pool update. Stream reassembly start.
16 years ago
/* Copyright (c) 2008 Victor Julien <victor@inliniac.net> */
/* TODO:
* - segment insert fasttrack: most pkts are in order
* - OS depended handling of overlaps, retrans, etc
*/
#include <stdio.h>
#include <stdlib.h>
#include <pthread.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
Remove vips references. Rename to eidps.
16 years ago
#include "eidps.h"
Pool update. Stream reassembly start.
16 years ago
#include "debug.h"
#include "detect.h"
#include "flow.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-modules.h"
#include "util-pool.h"
#include "util-unittest.h"
#include "util-print.h"
#include "stream-tcp-private.h"
Stream reassembly update and WIP code for L7 modules.
16 years ago
#include "stream.h"
Pool update. Stream reassembly start.
16 years ago
void *TcpSegmentAlloc(void *payload_len) {
TcpSegment *seg = malloc(sizeof(TcpSegment));
if (seg == NULL)
return NULL;
memset(seg, 0, sizeof(TcpSegment));
seg->pool_size = *((u_int16_t *)payload_len);
seg->payload_len = seg->pool_size;
seg->payload = malloc(seg->payload_len);
if (seg->payload == NULL) {
free(seg);
return NULL;
}
return seg;
}
void TcpSegmentFree(void *ptr) {
if (ptr == NULL)
return;
TcpSegment *seg = (TcpSegment *)ptr;
free(seg->payload);
free(seg);
return;
}
/* We define serveral pools with prealloced segments with fixed size
* payloads. We do this to prevent having to do an malloc call for every
* data segment we receive, which would be a large performance penalty.
* The cost is in memory of course. */
#define segment_pool_num 8
static u_int16_t segment_pool_pktsizes[segment_pool_num] = { 4, 16, 112, 248, 512, 768, 1448, 0xffff };
static u_int16_t segment_pool_poolsizes[segment_pool_num] = { 1024, 1024, 1024, 1024, 4096, 4096, 1024, 128 };
static Pool *segment_pool[segment_pool_num];
static pthread_mutex_t segment_pool_mutex[segment_pool_num];
/* index to the right pool for all packet sizes. */
static u_int16_t segment_pool_idx[65536]; /* O(1) lookups of the pool */
int StreamTcpReassembleInit(void) {
Stream reassembly update and WIP code for L7 modules.
16 years ago
StreamMsgQueuesInit();
Pool update. Stream reassembly start.
16 years ago
u_int16_t u16 = 0;
for (u16 = 0; u16 < segment_pool_num; u16++) {
segment_pool[u16] = PoolInit(segment_pool_poolsizes[u16], segment_pool_poolsizes[u16]/2, TcpSegmentAlloc, (void *)&segment_pool_pktsizes[u16], TcpSegmentFree);
pthread_mutex_init(&segment_pool_mutex[u16], NULL);
}
u_int16_t idx = 0;
u16 = 0;
while (1) {
if (idx <= segment_pool_pktsizes[u16]) {
segment_pool_idx[idx] = u16;
if (segment_pool_pktsizes[u16] == idx)
u16++;
}
if (idx == 0xffff)
break;
idx++;
}
/*
printf("pkt 0 : idx %u\n", segment_pool_idx[0]);
printf("pkt 1 : idx %u\n", segment_pool_idx[1]);
printf("pkt 1200 : idx %u\n", segment_pool_idx[1200]);
printf("pkt 32 : idx %u\n", segment_pool_idx[32]);
printf("pkt 1448 : idx %u\n", segment_pool_idx[1448]);
printf("pkt 1449 : idx %u\n", segment_pool_idx[1449]);
printf("pkt 65534: idx %u\n", segment_pool_idx[65534]);
printf("pkt 65535: idx %u\n", segment_pool_idx[65535]);
*/
return 0;
}
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
static void PrintList (TcpSegment *seg) {
Output more info about sequence gaps.
16 years ago
if (seg == NULL)
return;
u_int32_t next_seq = seg->seq;
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
while (seg != NULL) {
Output more info about sequence gaps.
16 years ago
if (next_seq != seg->seq) {
printf("PrintList: missing segment(s) for %u bytes of data\n", (seg->seq - next_seq));
}
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
printf("PrintList: seg %10u len %u\n", seg->seq, seg->payload_len);
Output more info about sequence gaps.
16 years ago
next_seq = seg->seq + seg->payload_len;
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
seg = seg->next;
}
}
Pool update. Stream reassembly start.
16 years ago
static int ReassembleInsertSegment(TcpStream *stream, TcpSegment *seg) {
TcpSegment *list_seg = stream->seg_list, *prev_seg = NULL;
if (list_seg == NULL) {
printf("ReassembleInsertSegment: empty list, inserting %u, len %u\n", seg->seq, seg->payload_len);
stream->seg_list = seg;
return 0;
}
for ( ; list_seg != NULL; prev_seg = list_seg, list_seg = list_seg->next) {
printf("ReassembleInsertSegment: seg %p, list_seg %p, list_seg->next %p\n", seg, list_seg, list_seg->next);
/* seg is entirely before list_seg */
if (SEQ_LT(seg->seq, list_seg->seq) &&
SEQ_LT((seg->seq + seg->payload_len), list_seg->seq)) {
printf("ReassembleInsertSegment: before list seg: seg->seq %u, list_seg->seq %u, list_seg->payload_len %u\n", seg->seq, list_seg->seq, list_seg->payload_len);
seg->next = list_seg;
if (prev_seg == NULL) stream->seg_list = seg;
else prev_seg->next = seg;
return 0;
/* seg partly overlaps with list_seg, starts before, ends on list seq */
} else if (SEQ_LT(seg->seq, list_seg->seq) &&
SEQ_EQ((seg->seq + seg->payload_len), list_seg->seq)) {
/* XXX depends on target OS */
printf("ReassembleInsertSegment: starts before list seg, ends on list seq: seg->seq %u, list_seg->seq %u, list_seg->payload_len %u\n", seg->seq, list_seg->seq, list_seg->payload_len);
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
seg->next = list_seg;
if (prev_seg == NULL) stream->seg_list = seg;
else prev_seg->next = seg;
return 0;
Pool update. Stream reassembly start.
16 years ago
/* seg partly overlaps with list_seg, starts before, ends inside */
} else if (SEQ_LT(seg->seq, list_seg->seq) &&
SEQ_GT((seg->seq + seg->payload_len), list_seg->seq) &&
SEQ_LT((seg->seq + seg->payload_len),
(list_seg->seq+list_seg->payload_len))) {
/* XXX depends on target OS */
printf("ReassembleInsertSegment: starts before list seg, ends inside list: seg->seq %u, list_seg->seq %u, list_seg->payload_len %u\n", seg->seq, list_seg->seq, list_seg->payload_len);
/* seg fully overlaps list_seg, starts before, at end point */
} else if (SEQ_LT(seg->seq, list_seg->seq) &&
SEQ_EQ((seg->seq + seg->payload_len),
(list_seg->seq + list_seg->payload_len))) {
printf("ReassembleInsertSegment: starts before list seg, ends at list end: seg->seq %u, list_seg->seq %u, list_seg->payload_len %u\n", seg->seq, list_seg->seq, list_seg->payload_len);
/* seg fully overlaps list_seg, starts before, ends after list endpoint */
} else if (SEQ_LT(seg->seq, list_seg->seq) &&
SEQ_GT((seg->seq + seg->payload_len),
(list_seg->seq + list_seg->payload_len))) {
printf("ReassembleInsertSegment: starts before list seg, ends before list end: seg->seq %u, list_seg->seq %u, list_seg->payload_len %u\n", seg->seq, list_seg->seq, list_seg->payload_len);
/* seg starts at seq, but end before list_seg end. */
} else if (SEQ_EQ(seg->seq, list_seg->seq) &&
SEQ_LT((seg->seq + seg->payload_len),
(list_seg->seq + list_seg->payload_len))) {
printf("ReassembleInsertSegment: starts at list seq, ends before list end: seg->seq %u, list_seg->seq %u, list_seg->payload_len %u\n", seg->seq, list_seg->seq, list_seg->payload_len);
/* seg starts at seq, ends at seq, retransmission. */
} else if (SEQ_EQ(seg->seq, list_seg->seq) &&
SEQ_EQ((seg->seq + seg->payload_len),
(list_seg->seq + list_seg->payload_len))) {
/* check csum, ack, other differences? */
printf("ReassembleInsertSegment: (retransmission) starts at list seq, ends at list end: seg->seq %u, list_seg->seq %u, list_seg->payload_len %u\n", seg->seq, list_seg->seq, list_seg->payload_len);
/* seg starts at seq, ends beyond seq. */
} else if (SEQ_EQ(seg->seq, list_seg->seq) &&
SEQ_GT((seg->seq + seg->payload_len),
(list_seg->seq + list_seg->payload_len))) {
printf("ReassembleInsertSegment: starts at list seq, ends beyond list end: seg->seq %u, list_seg->seq %u, list_seg->payload_len %u\n", seg->seq, list_seg->seq, list_seg->payload_len);
/* seg starts after seq, before end, ends before seq. */
} else if (SEQ_GT(seg->seq, list_seg->seq) &&
SEQ_LT((seg->seq + seg->payload_len),
(list_seg->seq + list_seg->payload_len))) {
printf("ReassembleInsertSegment: starts beyond list seq, ends before list end: seg->seq %u, list_seg->seq %u, list_seg->payload_len %u\n", seg->seq, list_seg->seq, list_seg->payload_len);
/* seg starts after seq, before end, ends at seq. */
} else if (SEQ_GT(seg->seq, list_seg->seq) &&
SEQ_EQ((seg->seq + seg->payload_len),
(list_seg->seq + list_seg->payload_len))) {
printf("ReassembleInsertSegment: starts beyond list seq, ends at list end: seg->seq %u, list_seg->seq %u, list_seg->payload_len %u\n", seg->seq, list_seg->seq, list_seg->payload_len);
/* seg starts after seq, before end, ends beyond seq. */
} else if (SEQ_GT(seg->seq, list_seg->seq) &&
SEQ_LT(seg->seq, list_seg->seq + list_seg->payload_len) &&
SEQ_GT((seg->seq + seg->payload_len),
(list_seg->seq + list_seg->payload_len))) {
printf("ReassembleInsertSegment: starts beyond list seq, before list end, ends at list end: seg->seq %u, list_seg->seq %u, list_seg->payload_len %u\n", seg->seq, list_seg->seq, list_seg->payload_len);
/* seg starts on end seq, ends beyond seq. */
} else if (SEQ_EQ(seg->seq, (list_seg->seq + list_seg->payload_len)) &&
SEQ_GT((seg->seq + seg->payload_len),
(list_seg->seq+list_seg->payload_len))) {
if (list_seg->next == NULL) {
printf("ReassembleInsertSegment: (normal insert) starts at list end, ends beyond list end: seg->seq %u, list_seg->seq %u, list_seg->payload_len %u\n", seg->seq, list_seg->seq, list_seg->payload_len);
list_seg->next = seg;
return 0;
} else {
printf("ReassembleInsertSegment: (normal, inspect more of the list) starts at list seq, ends beyond list end: seg->seq %u, list_seg->seq %u, list_seg->payload_len %u\n", seg->seq, list_seg->seq, list_seg->payload_len);
}
/* seg starts beyond end seq, ends beyond seq. */
} else if (SEQ_GT(seg->seq, (list_seg->seq + list_seg->payload_len)) &&
SEQ_GT((seg->seq + seg->payload_len),
(list_seg->seq+list_seg->payload_len))) {
printf("ReassembleInsertSegment: starts beyond list end, ends after list end: seg->seq %u, list_seg->seq %u, list_seg->payload_len %u (%u)\n", seg->seq, list_seg->seq, list_seg->payload_len, list_seg->seq+list_seg->payload_len);
if (list_seg->next == NULL) {
list_seg->next = seg;
return 0;
}
}
}
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
Pool update. Stream reassembly start.
16 years ago
return 0;
}
int StreamTcpReassembleHandleSegmentHandleData (TcpSession *ssn, TcpStream *stream, Packet *p) {
u_int16_t idx = segment_pool_idx[p->payload_len];
//printf("StreamTcpReassembleHandleSegmentHandleData: idx %u for payload_len %u\n", idx, p->payload_len);
mutex_lock(&segment_pool_mutex[idx]);
//printf("StreamTcpReassembleHandleSegmentHandleData: mutex locked, getting data from pool %p\n", segment_pool[idx]);
TcpSegment *seg = (TcpSegment *)PoolGet(segment_pool[idx]);
mutex_unlock(&segment_pool_mutex[idx]);
if (seg == NULL) {
return -1;
}
//printf("StreamTcpReassembleHandleSegmentHandleData: seg %p, seg->pool_size %u\n", seg, seg->pool_size);
memcpy(seg->payload, p->payload, p->payload_len);
seg->payload_len = p->payload_len;
seg->seq = TCP_GET_SEQ(p);
Stream reassembly update and WIP code for L7 modules.
16 years ago
seg->next = NULL;
Pool update. Stream reassembly start.
16 years ago
ReassembleInsertSegment(stream, seg);
return 0;
}
Stream reassembly update and WIP code for L7 modules.
16 years ago
/* initialize the first msg */
static void StreamTcpSetupInitMsg(Packet *p, StreamMsg *smsg) {
smsg->flags |= STREAM_START;
if (p->flowflags & FLOW_PKT_TOSERVER) {
COPY_ADDRESS(&p->flow->src,&smsg->data.src_ip);
COPY_ADDRESS(&p->flow->dst,&smsg->data.dst_ip);
COPY_PORT(p->flow->sp,smsg->data.src_port);
COPY_PORT(p->flow->dp,smsg->data.dst_port);
smsg->flags |= STREAM_TOSERVER;
} else {
COPY_ADDRESS(&p->flow->dst,&smsg->data.src_ip);
COPY_ADDRESS(&p->flow->src,&smsg->data.dst_ip);
COPY_PORT(p->flow->dp,smsg->data.src_port);
COPY_PORT(p->flow->sp,smsg->data.dst_port);
smsg->flags |= STREAM_TOCLIENT;
}
}
Pool update. Stream reassembly start.
16 years ago
int StreamTcpReassembleHandleSegmentUpdateACK (TcpSession *ssn, TcpStream *stream, Packet *p) {
if (stream->seg_list == NULL)
return 0;
Stream reassembly update and WIP code for L7 modules.
16 years ago
printf("StreamTcpReassembleHandleSegmentUpdateACK: start\n");
StreamMsg *smsg = NULL;
Pool update. Stream reassembly start.
16 years ago
char remove = FALSE;
Stream reassembly update and WIP code for L7 modules.
16 years ago
u_int16_t smsg_offset = 0;
u_int16_t payload_offset = 0;
u_int16_t payload_len = 0;
Pool update. Stream reassembly start.
16 years ago
TcpSegment *seg = stream->seg_list;
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
u_int32_t next_seq = seg->seq;;
Stream reassembly update and WIP code for L7 modules.
16 years ago
Updates & cleanups to stream & l7 stuff
16 years ago
/* check if we have enough data to send to L7 */
Stream reassembly update and WIP code for L7 modules.
16 years ago
if (p->flowflags & FLOW_PKT_TOSERVER) {
if (stream->ra_base_seq == stream->isn) {
if (StreamMsgQueueGetMinInitChunkLen(STREAM_TOSERVER) >
(stream->last_ack - stream->ra_base_seq))
return 0;
} else {
if (StreamMsgQueueGetMinChunkLen(STREAM_TOSERVER) >
(stream->last_ack - stream->ra_base_seq))
return 0;
}
} else {
if (stream->ra_base_seq == stream->isn) {
if (StreamMsgQueueGetMinInitChunkLen(STREAM_TOCLIENT) >
(stream->last_ack - stream->ra_base_seq))
return 0;
} else {
if (StreamMsgQueueGetMinChunkLen(STREAM_TOCLIENT) >
(stream->last_ack - stream->ra_base_seq))
return 0;
}
}
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
PrintList(seg);
Updates & cleanups to stream & l7 stuff
16 years ago
/* loop through the segments and fill one or more msgs */
Stream reassembly update and WIP code for L7 modules.
16 years ago
for ( ; seg != NULL && SEQ_LT(seg->seq,stream->last_ack); ) {
printf("StreamTcpReassembleHandleSegmentUpdateACK: seg %p\n", seg);
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
if (next_seq != seg->seq) {
printf("StreamTcpReassembleHandleSegmentUpdateACK: expected next_seq %u, got %u. Seq gap?\n", next_seq, seg->seq);
return -1;
}
Stream reassembly update and WIP code for L7 modules.
16 years ago
/* if the segment ends beyond ra_base_seq we need to consider it */
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
if (SEQ_GT((seg->seq + seg->payload_len),stream->ra_base_seq)) {
printf("StreamTcpReassembleHandleSegmentUpdateACK: seg->seq %u, seg->payload_len %u, stream->ra_base_seq %u\n",
seg->seq, seg->payload_len, stream->ra_base_seq);
Make sure flow isn't freed while stream msgs are still in use.
16 years ago
/* get a message
XXX we need a setup function */
Stream reassembly update and WIP code for L7 modules.
16 years ago
if (smsg == NULL) {
smsg = StreamMsgGetFromPool();
if (smsg == NULL) {
printf("StreamTcpReassembleHandleSegmentUpdateACK: couldn't "
"get a stream msg from the pool\n");
return -1;
}
smsg_offset = 0;
if (stream->ra_base_seq == stream->isn) {
StreamTcpSetupInitMsg(p, smsg);
}
smsg->data.data_len = 0;
smsg->flow = p->flow;
Make sure flow isn't freed while stream msgs are still in use.
16 years ago
if (smsg->flow)
smsg->flow->use_cnt++;
Stream reassembly update and WIP code for L7 modules.
16 years ago
}
/* handle segments partly before ra_base_seq */
Pool update. Stream reassembly start.
16 years ago
if (SEQ_GT(stream->ra_base_seq, seg->seq)) {
Stream reassembly update and WIP code for L7 modules.
16 years ago
payload_offset = stream->ra_base_seq - seg->seq;
Pool update. Stream reassembly start.
16 years ago
if (SEQ_LT(stream->last_ack,(seg->seq + seg->payload_len))) {
Stream reassembly update and WIP code for L7 modules.
16 years ago
payload_len = ((seg->seq + seg->payload_len) - stream->last_ack) - payload_offset;
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
printf("StreamTcpReassembleHandleSegmentUpdateACK: starts "
"before ra_base, ends beyond last_ack, payload_offset %u, "
"payload_len %u\n", payload_offset, payload_len);
Pool update. Stream reassembly start.
16 years ago
} else {
Stream reassembly update and WIP code for L7 modules.
16 years ago
payload_len = seg->payload_len - payload_offset;
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
printf("StreamTcpReassembleHandleSegmentUpdateACK: starts "
"before ra_base, ends normal, payload_offset %u, "
"payload_len %u\n", payload_offset, payload_len);
}
if (payload_offset > seg->payload_len) {
printf("BUG(%u): payload_offset %u > seg->payload_len %u. seg->seq %u, stream->ra_base_seq %u\n",
__LINE__, payload_offset, seg->payload_len, seg->seq, stream->ra_base_seq);
abort();
Pool update. Stream reassembly start.
16 years ago
}
Stream reassembly update and WIP code for L7 modules.
16 years ago
/* handle segments after ra_base_seq */
Pool update. Stream reassembly start.
16 years ago
} else {
Stream reassembly update and WIP code for L7 modules.
16 years ago
payload_offset = 0;
Pool update. Stream reassembly start.
16 years ago
if (SEQ_LT(stream->last_ack,(seg->seq + seg->payload_len))) {
Stream reassembly update and WIP code for L7 modules.
16 years ago
payload_len = stream->last_ack - seg->seq;
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
printf("StreamTcpReassembleHandleSegmentUpdateACK: start "
"fine, ends beyond last_ack, payload_offset %u, "
"payload_len %u\n", payload_offset, payload_len);
Pool update. Stream reassembly start.
16 years ago
} else {
Stream reassembly update and WIP code for L7 modules.
16 years ago
payload_len = seg->payload_len;
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
printf("StreamTcpReassembleHandleSegmentUpdateACK: normal "
"(smsg_offset %u), payload_offset %u, payload_len %u\n",
smsg_offset, payload_offset, payload_len);
Pool update. Stream reassembly start.
16 years ago
}
}
Stream reassembly update and WIP code for L7 modules.
16 years ago
u_int16_t copy_size = sizeof(smsg->data.data) - smsg_offset;
if (copy_size > payload_len) {
copy_size = payload_len;
}
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
if (copy_size > sizeof(smsg->data.data)) {
printf("BUG(%u): copy_size %u > sizeof(smsg->data.data) %u\n", __LINE__, copy_size, sizeof(smsg->data.data));
abort();
}
Updates & cleanups to stream & l7 stuff
16 years ago
printf("StreamTcpReassembleHandleSegmentUpdateACK: copy_size %u "
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
"(payload_len %u, payload_offset %u)\n", copy_size, payload_len, payload_offset);
Stream reassembly update and WIP code for L7 modules.
16 years ago
memcpy(smsg->data.data + smsg_offset, seg->payload + payload_offset, copy_size);
smsg_offset += copy_size;
stream->ra_base_seq += copy_size;
smsg->data.data_len += copy_size;
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
if (smsg->data.data_len == sizeof(smsg->data.data)) {
StreamMsgPutInQueue(smsg);
smsg = NULL;
}
Stream reassembly update and WIP code for L7 modules.
16 years ago
if (copy_size < payload_len) {
printf("StreamTcpReassembleHandleSegmentUpdateACK: "
"copy_size %u < %u\n", copy_size, payload_len);
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
payload_offset += copy_size;
payload_len -= copy_size;
if (payload_offset > seg->payload_len) {
printf("BUG(%u): payload_offset %u > seg->payload_len %u\n", __LINE__, payload_offset, seg->payload_len);
abort();
}
Stream reassembly update and WIP code for L7 modules.
16 years ago
printf("StreamTcpReassembleHandleSegmentUpdateACK: "
"payload_offset %u\n", payload_offset);
/* we need a while loop here as the packets theoretically can be 64k */
while (remove == FALSE) {
printf("StreamTcpReassembleHandleSegmentUpdateACK: "
"new msg at offset %u, payload_len %u\n", payload_offset, payload_len);
Make sure flow isn't freed while stream msgs are still in use.
16 years ago
/* get a new message
XXX we need a setup function */
Stream reassembly update and WIP code for L7 modules.
16 years ago
smsg = StreamMsgGetFromPool();
if (smsg == NULL) {
printf("StreamTcpReassembleHandleSegmentUpdateACK: "
"couldn't get a stream msg from the pool (while loop)\n");
return -1;
}
smsg_offset = 0;
smsg->data.data_len = 0;
smsg->flow = p->flow;
Make sure flow isn't freed while stream msgs are still in use.
16 years ago
if (smsg->flow)
smsg->flow->use_cnt++;
Stream reassembly update and WIP code for L7 modules.
16 years ago
copy_size = sizeof(smsg->data.data) - smsg_offset;
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
if (copy_size > (seg->payload_len - payload_offset)) {
copy_size = (seg->payload_len - payload_offset);
}
if (copy_size > sizeof(smsg->data.data)) {
printf("BUG(%u): copy_size %u > sizeof(smsg->data.data) %u\n", __LINE__, copy_size, sizeof(smsg->data.data));
abort();
Stream reassembly update and WIP code for L7 modules.
16 years ago
}
printf("StreamTcpReassembleHandleSegmentUpdateACK: copy "
"payload_offset %u, smsg_offset %u, copy_size %u\n",
payload_offset, smsg_offset, copy_size);
memcpy(smsg->data.data + smsg_offset, seg->payload + payload_offset, copy_size);
smsg_offset += copy_size;
stream->ra_base_seq += copy_size;
smsg->data.data_len += copy_size;
printf("StreamTcpReassembleHandleSegmentUpdateACK: copied "
"payload_offset %u, smsg_offset %u, copy_size %u\n",
payload_offset, smsg_offset, copy_size);
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
if (smsg->data.data_len == sizeof(smsg->data.data)) {
StreamMsgPutInQueue(smsg);
smsg = NULL;
}
if ((copy_size + payload_offset) < seg->payload_len) {
Stream reassembly update and WIP code for L7 modules.
16 years ago
payload_offset += copy_size;
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
payload_len -= copy_size;
if (payload_offset > seg->payload_len) {
printf("BUG(%u): payload_offset %u > seg->payload_len %u\n", __LINE__, payload_offset, seg->payload_len);
abort();
}
Stream reassembly update and WIP code for L7 modules.
16 years ago
printf("StreamTcpReassembleHandleSegmentUpdateACK: loop not done\n");
} else {
printf("StreamTcpReassembleHandleSegmentUpdateACK: loop done\n");
payload_offset = 0;
remove = TRUE;
}
}
} else {
payload_offset = 0;
remove = TRUE;
}
Pool update. Stream reassembly start.
16 years ago
}
Stream reassembly update and WIP code for L7 modules.
16 years ago
TcpSegment *next_seg = seg->next;
Pool update. Stream reassembly start.
16 years ago
/* done with this segment, return it to the pool */
if (remove == TRUE) {
Fix wrong segment ordering, fix stream messages not being queue'd right.
16 years ago
next_seq = seg->seq + seg->payload_len;
Stream reassembly update and WIP code for L7 modules.
16 years ago
printf("StreamTcpReassembleHandleSegmentUpdateACK: removing seg %p, "
"seg->next %p\n", seg, seg->next);
Pool update. Stream reassembly start.
16 years ago
stream->seg_list = seg->next;
u_int16_t idx = segment_pool_idx[seg->pool_size];
mutex_lock(&segment_pool_mutex[idx]);
//printf("StreamTcpReassembleHandleSegmentHandleData: mutex locked, getting data from pool %p\n", segment_pool[idx]);
PoolReturn(segment_pool[idx], (void *)seg);
mutex_unlock(&segment_pool_mutex[idx]);
remove = FALSE;
}
Stream reassembly update and WIP code for L7 modules.
16 years ago
seg = next_seg;
}
/* put the partly filled smsg in the queue to the l7 handler */
if (smsg != NULL) {
StreamMsgPutInQueue(smsg);
smsg = NULL;
Pool update. Stream reassembly start.
16 years ago
}
return 0;
}
int StreamTcpReassembleHandleSegment (TcpSession *ssn, TcpStream *stream, Packet *p) {
/* handle ack received */
StreamTcpReassembleHandleSegmentUpdateACK(ssn, stream, p);
if (p->payload_len > 0) {
StreamTcpReassembleHandleSegmentHandleData(ssn, stream, p);
}
return 0;
}
Stream reassembly update and WIP code for L7 modules.
16 years ago
/* Initialize the l7data ptr in the TCP session used
* by the L7 Modules for data storage.
*
* ssn = TcpSesssion
* cnt = number of items in the array
*
* XXX use a pool?
*/
void StreamL7DataPtrInit(TcpSession *ssn, u_int8_t cnt) {
if (cnt == 0)
return;
ssn->l7data = (void **)malloc(sizeof(void *) * cnt);
if (ssn->l7data != NULL) {
u_int8_t u;
for (u = 0; u < cnt; u++) {
ssn->l7data[u] = NULL;
}
}
}