aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '25f696106c'
${ noResults }
suricata/src/stream-tcp.c

559 lines
22 KiB
C
Raw Normal View History Unescape Escape

Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
/* Copyright (c) 2008 Victor Julien <victor@inliniac.net> */
#include <stdio.h>
#include <stdlib.h>
#include <pthread.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
Remove vips references. Rename to eidps.
16 years ago
#include "eidps.h"
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
#include "debug.h"
#include "detect.h"
#include "flow.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-modules.h"
#include "util-pool.h"
#include "util-unittest.h"
Pool update. Stream reassembly start.
16 years ago
#include "stream-tcp-private.h"
Remove vips references. Rename to eidps.
16 years ago
#include "stream-tcp-reassemble.h"
Pool update. Stream reassembly start.
16 years ago
Stream reassembly update and WIP code for L7 modules.
16 years ago
#include "stream.h"
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
int StreamTcp (ThreadVars *, Packet *, void *, PacketQueue *);
int StreamTcpThreadInit(ThreadVars *, void *, void **);
int StreamTcpThreadDeinit(ThreadVars *, void *);
void StreamTcpExitPrintStats(ThreadVars *, void *);
Pool update. Stream reassembly start.
16 years ago
void *StreamTcpSessionAlloc(void *null) {
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
void *ptr = malloc(sizeof(TcpSession));
if (ptr == NULL)
return NULL;
memset(ptr, 0, sizeof(TcpSession));
return ptr;
}
#define StreamTcpSessionFree free
static Pool *ssn_pool;
static pthread_mutex_t ssn_pool_mutex;
void TmModuleStreamTcpRegister (void) {
Pool update. Stream reassembly start.
16 years ago
StreamTcpReassembleInit();
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
tmm_modules[TMM_STREAMTCP].name = "StreamTcp";
tmm_modules[TMM_STREAMTCP].Init = StreamTcpThreadInit;
tmm_modules[TMM_STREAMTCP].Func = StreamTcp;
tmm_modules[TMM_STREAMTCP].ExitPrintStats = StreamTcpExitPrintStats;
tmm_modules[TMM_STREAMTCP].Deinit = StreamTcpThreadDeinit;
tmm_modules[TMM_STREAMTCP].RegisterTests = NULL;
Pool update. Stream reassembly start.
16 years ago
ssn_pool = PoolInit(262144, 32768, StreamTcpSessionAlloc, NULL, StreamTcpSessionFree);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (ssn_pool == NULL) {
exit(1);
}
pthread_mutex_init(&ssn_pool_mutex, NULL);
}
Rename all structure definitions in the "typedef struct _SomeStruct" format to "typedef struct SomeStruct_" to make the Doxygen output more useful. Remove the Trie multi pattern matcher code. It wasn't used anymore.
16 years ago
typedef struct StreamTcpThread_ {
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
u_int64_t pkts;
} StreamTcpThread;
/* StreamTcpPacketStateNone
* Handle packets while the session state is None which means a
* newly initialized structure, or a fully closed session.
*/
static int StreamTcpPacketStateNone(ThreadVars *tv, Packet *p, StreamTcpThread *stt) {
switch (p->tcph->th_flags) {
case TH_SYN:
/* get a stream */
mutex_lock(&ssn_pool_mutex);
p->flow->stream = PoolGet(ssn_pool);
mutex_unlock(&ssn_pool_mutex);
TcpSession *ssn = (TcpSession *)p->flow->stream;
if (ssn == NULL)
return -1;
/* set the state */
ssn->state = TCP_SYN_SENT;
printf("StreamTcpPacketStateNone (%p): =~ ssn state is now TCP_SYN_SENT\n", ssn);
/* set the sequence numbers and window */
ssn->client.isn = TCP_GET_SEQ(p);
Pool update. Stream reassembly start.
16 years ago
ssn->client.ra_base_seq = ssn->client.isn;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn->client.next_seq = ssn->client.isn + 1;
ssn->client.window = TCP_GET_WINDOW(p);
//ssn->server.last_ack = ssn->client.isn + 1;
//ssn->server.last_ack = TCP_GET_ACK(p);
printf("StreamTcpPacketStateNone (%p): ssn->client.isn %u, ssn->client.next_seq %u, ssn->SERVER.last_ack %u\n",
ssn, ssn->client.isn, ssn->client.next_seq, ssn->server.last_ack);
if (p->tcpvars.ws != NULL) {
printf("StreamTcpPacketStateNone (%p): p->tcpvars.ws %p, %02x\n", ssn, p->tcpvars.ws, *p->tcpvars.ws->data);
ssn->client.wscale = *p->tcpvars.ws->data;
}
break;
default:
//printf("StreamTcpPacketStateNone: default case\n");
break;
}
return 0;
}
static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p, StreamTcpThread *stt) {
TcpSession *ssn = (TcpSession *)p->flow->stream;
switch (p->tcph->th_flags) {
case TH_SYN:
printf("StreamTcpPacketStateSynSent (%p): SYN packet on state SYN_SENT... resent\n", ssn);
break;
case TH_SYN|TH_ACK:
if (PKT_IS_TOSERVER(p)) {
printf("StreamTcpPacketStateSynSent (%p): SYN/ACK received in the wrong direction\n", ssn);
return -1;
}
/* Check if the SYN/ACK packet ack's the earlier
* received SYN packet. */
if (!(SEQ_EQ(TCP_GET_ACK(p), ssn->client.isn + 1))) {
printf("StreamTcpPacketStateSynSent (%p): ACK mismatch, packet ACK %u != %u from stream\n",
ssn, TCP_GET_ACK(p), ssn->client.isn + 1);
return -1;
}
/* update state */
ssn->state = TCP_SYN_RECV;
printf("StreamTcpPacketStateSynSent (%p): =~ ssn state is now TCP_SYN_RECV\n", ssn);
/* sequence number & window */
ssn->server.isn = TCP_GET_SEQ(p);
Pool update. Stream reassembly start.
16 years ago
ssn->server.ra_base_seq = ssn->server.isn;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn->server.next_seq = ssn->server.isn + 1;
ssn->server.window = TCP_GET_WINDOW(p);
printf("StreamTcpPacketStateSynSent: (%p): window %u\n", ssn, ssn->server.window);
ssn->client.last_ack = TCP_GET_ACK(p);
ssn->server.last_ack = ssn->server.isn + 1;
if (ssn->client.wscale != 0 && p->tcpvars.ws != NULL) {
printf("StreamTcpPacketStateSynSent (%p): p->tcpvars.ws %p, %02x\n", ssn, p->tcpvars.ws, *p->tcpvars.ws->data);
ssn->server.wscale = *p->tcpvars.ws->data;
} else {
ssn->client.wscale = 0;
}
ssn->server.next_win = ssn->server.last_ack + ssn->server.window;
printf("StreamTcpPacketStateSynSent (%p): next_win %u\n", ssn, ssn->server.next_win);
printf("StreamTcpPacketStateSynSent (%p): ssn->server.isn %u, ssn->server.next_seq %u, ssn->CLIENT.last_ack %u\n",
ssn, ssn->server.isn, ssn->server.next_seq, ssn->client.last_ack);
break;
Pool update. Stream reassembly start.
16 years ago
case TH_RST:
/* seq should be 0, win should be 0, ack should be isn +1.
* check Snort's stream4/5 for more security */
break;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
default:
printf("StreamTcpPacketStateSynSent (%p): default case\n", ssn);
break;
}
return 0;
}
static int StreamTcpPacketStateSynRecv(ThreadVars *tv, Packet *p, StreamTcpThread *stt) {
TcpSession *ssn = (TcpSession *)p->flow->stream;
switch (p->tcph->th_flags) {
case TH_SYN:
printf("StreamTcpPacketStateSynRecv (%p): SYN packet on state SYN_RECV... resent\n", ssn);
break;
case TH_SYN|TH_ACK:
printf("StreamTcpPacketStateSynRecv (%p): SYN/ACK packet on state SYN_RECV... resent\n", ssn);
break;
case TH_ACK:
if (PKT_IS_TOCLIENT(p)) {
printf("StreamTcpPacketStateSynRecv (%p): ACK received in the wrong direction\n", ssn);
return -1;
}
if (!(SEQ_EQ(TCP_GET_SEQ(p), ssn->client.next_seq))) {
printf("StreamTcpPacketStateSynRecv (%p): ACK received in the wrong direction\n", ssn);
return -1;
}
printf("StreamTcpPacketStateSynRecv (%p): pkt (%u) is to server: SEQ %u, ACK %u\n",
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
ssn->state = TCP_ESTABLISHED;
printf("StreamTcpPacketStateSynRecv (%p): =~ ssn state is now TCP_ESTABLISHED\n", ssn);
ssn->client.next_seq += p->payload_len;
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
ssn->server.last_ack = TCP_GET_ACK(p);
ssn->client.next_win = ssn->client.last_ack + ssn->client.window;
printf("StreamTcpPacketStateSynRecv (%p): next_win %u\n", ssn, ssn->client.next_win);
break;
default:
printf("StreamTcpPacketStateSynRecv (%p): default case\n", ssn);
break;
}
return 0;
}
static int StreamTcpPacketStateEstablished(ThreadVars *tv, Packet *p, StreamTcpThread *stt) {
TcpSession *ssn = (TcpSession *)p->flow->stream;
switch (p->tcph->th_flags) {
case TH_SYN:
printf("StreamTcpPacketStateEstablished (%p): SYN packet on state ESTABLISED... resent\n", ssn);
break;
case TH_SYN|TH_ACK:
printf("StreamTcpPacketStateEstablished (%p): SYN/ACK packet on state ESTABLISHED... resent\n", ssn);
break;
case TH_ACK:
case TH_ACK|TH_PUSH:
if (PKT_IS_TOSERVER(p)) {
printf("StreamTcpPacketStateEstablished (%p): =+ pkt (%u) is to server: SEQ %u, ACK %u\n",
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
if (SEQ_EQ(ssn->client.next_seq, TCP_GET_SEQ(p))) {
ssn->client.next_seq += p->payload_len;
printf("StreamTcpPacketStateEstablished (%p): ssn->client.next_seq %u\n", ssn, ssn->client.next_seq);
}
if (SEQ_GEQ(TCP_GET_SEQ(p), ssn->client.last_ack) &&
SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->client.next_win)) {
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
if (SEQ_GT(TCP_GET_ACK(p),ssn->server.last_ack))
ssn->server.last_ack = TCP_GET_ACK(p);
if (SEQ_GT(ssn->client.last_ack + ssn->client.window, ssn->client.next_win)) {
ssn->client.next_win = ssn->client.last_ack + ssn->client.window;
printf("StreamTcpPacketStateEstablished (%p): ssn->client.next_win %u\n", ssn, ssn->client.next_win);
}
Pool update. Stream reassembly start.
16 years ago
StreamTcpReassembleHandleSegment(ssn, &ssn->client, p);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
} else {
printf("StreamTcpPacketStateEstablished (%p): !!!!! => SEQ mismatch, packet SEQ %u, payload size %u (%u), last_ack %u, next_win %u\n",
ssn, TCP_GET_SEQ(p), p->payload_len, TCP_GET_SEQ(p) + p->payload_len, ssn->client.last_ack, ssn->client.next_win);
}
printf("StreamTcpPacketStateEstablished (%p): next SEQ %u, last ACK %u, next win %u, win %u\n",
ssn, ssn->client.next_seq, ssn->server.last_ack, ssn->client.next_win, ssn->client.window);
} else { /* implied to client */
printf("StreamTcpPacketStateEstablished (%p): =+ pkt (%u) is to client: SEQ %u, ACK %u\n",
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
if (SEQ_EQ(ssn->server.next_seq, TCP_GET_SEQ(p))) {
ssn->server.next_seq += p->payload_len;
printf("StreamTcpPacketStateEstablished (%p): ssn->server.next_seq %u\n", ssn, ssn->server.next_seq);
}
if (SEQ_GEQ(TCP_GET_SEQ(p), ssn->server.last_ack) &&
SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->server.next_win)) {
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
if (SEQ_GT(TCP_GET_ACK(p),ssn->client.last_ack))
ssn->client.last_ack = TCP_GET_ACK(p);
if (SEQ_GT(ssn->server.last_ack + ssn->server.window, ssn->server.next_win)) {
ssn->server.next_win = ssn->server.last_ack + ssn->server.window;
printf("StreamTcpPacketStateEstablished (%p): ssn->server.next_win %u\n", ssn, ssn->server.next_win);
}
Pool update. Stream reassembly start.
16 years ago
StreamTcpReassembleHandleSegment(ssn, &ssn->server, p);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
} else {
printf("StreamTcpPacketStateEstablished (%p): !!!!! => SEQ mismatch, packet SEQ %u, payload size %u (%u), last_ack %u, next_win %u\n",
ssn, TCP_GET_SEQ(p), p->payload_len, TCP_GET_SEQ(p) + p->payload_len, ssn->server.last_ack, ssn->server.next_win);
}
printf("StreamTcpPacketStateEstablished (%p): next SEQ %u, last ACK %u, next win %u, win %u\n",
ssn, ssn->server.next_seq, ssn->client.last_ack, ssn->server.next_win, ssn->server.window);
}
break;
case TH_FIN:
case TH_FIN|TH_ACK:
case TH_FIN|TH_ACK|TH_PUSH:
if (PKT_IS_TOSERVER(p)) {
printf("StreamTcpPacketStateEstablished (%p): pkt (%u) is to server: SEQ %u, ACK %u\n",
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
if (TCP_GET_SEQ(p) != ssn->client.next_seq) {
printf("StreamTcpPacketStateEstablished (%p): -> SEQ mismatch, packet SEQ %u != %u from stream\n",
ssn, TCP_GET_SEQ(p), ssn->client.next_seq);
return -1;
}
printf("StreamTcpPacketStateEstablished (%p): state changed to TCP_FIN_WAIT1\n", ssn);
ssn->state = TCP_FIN_WAIT1;
ssn->client.next_seq = TCP_GET_ACK(p);
ssn->server.next_seq = TCP_GET_SEQ(p) + p->payload_len + 1;
printf("StreamTcpPacketStateEstablished (%p): ssn->server.next_seq %u\n", ssn, ssn->server.next_seq);
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
if (SEQ_GT(TCP_GET_ACK(p),ssn->server.last_ack))
ssn->server.last_ack = TCP_GET_ACK(p);
Pool update. Stream reassembly start.
16 years ago
StreamTcpReassembleHandleSegment(ssn, &ssn->client, p);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
printf("StreamTcpPacketStateEstablished (%p): =+ next SEQ %u, last ACK %u\n",
ssn, ssn->client.next_seq, ssn->server.last_ack);
} else { /* implied to client */
printf("StreamTcpPacketStateEstablished (%p): pkt (%u) is to client: SEQ %u, ACK %u\n",
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
if (TCP_GET_SEQ(p) != ssn->server.next_seq) {
printf("StreamTcpPacketStateEstablished (%p): -> SEQ mismatch, packet SEQ %u != %u from stream\n",
ssn, TCP_GET_SEQ(p), ssn->server.next_seq);
return -1;
}
printf("StreamTcpPacketStateEstablished (%p): state changed to TCP_FIN_WAIT1\n", ssn);
ssn->state = TCP_FIN_WAIT1;
ssn->server.next_seq = TCP_GET_SEQ(p) + p->payload_len + 1;
ssn->client.next_seq = TCP_GET_ACK(p);
printf("StreamTcpPacketStateEstablished (%p): ssn->server.next_seq %u\n", ssn, ssn->server.next_seq);
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
if (SEQ_GT(TCP_GET_ACK(p),ssn->client.last_ack))
ssn->client.last_ack = TCP_GET_ACK(p);
Pool update. Stream reassembly start.
16 years ago
StreamTcpReassembleHandleSegment(ssn, &ssn->server, p);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
printf("StreamTcpPacketStateEstablished (%p): =+ next SEQ %u, last ACK %u\n",
ssn, ssn->server.next_seq, ssn->client.last_ack);
}
break;
Pool update. Stream reassembly start.
16 years ago
case TH_RST:
break;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
return 0;
}
static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, StreamTcpThread *stt) {
TcpSession *ssn = (TcpSession *)p->flow->stream;
switch (p->tcph->th_flags) {
case TH_FIN:
case TH_FIN|TH_ACK:
case TH_FIN|TH_ACK|TH_PUSH:
if (PKT_IS_TOSERVER(p)) {
printf("StreamTcpPacketStateFinWait1 (%p): pkt (%u) is to server: SEQ %u, ACK %u\n",
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
if (TCP_GET_SEQ(p) != ssn->client.next_seq) {
printf("StreamTcpPacketStateFinWait1 (%p): -> SEQ mismatch, packet SEQ %u != %u from stream\n",
ssn, TCP_GET_SEQ(p), ssn->client.next_seq);
return -1;
}
printf("StreamTcpPacketStateFinWait1 (%p): state changed to TCP_FIN_WAIT2\n", ssn);
ssn->state = TCP_FIN_WAIT2;
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
if (SEQ_GT(TCP_GET_ACK(p),ssn->server.last_ack))
ssn->server.last_ack = TCP_GET_ACK(p);
Pool update. Stream reassembly start.
16 years ago
StreamTcpReassembleHandleSegment(ssn, &ssn->client, p);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
printf("StreamTcpPacketStateFinWait1 (%p): =+ next SEQ %u, last ACK %u\n",
ssn, ssn->client.next_seq, ssn->server.last_ack);
} else { /* implied to client */
printf("StreamTcpPacketStateFinWait1 (%p): pkt (%u) is to client: SEQ %u, ACK %u\n",
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
if (TCP_GET_SEQ(p) != ssn->server.next_seq) {
printf("StreamTcpPacketStateFinWait1 (%p): -> SEQ mismatch, packet SEQ %u != %u from stream\n",
ssn, TCP_GET_SEQ(p), ssn->server.next_seq);
return -1;
}
printf("StreamTcpPacketStateFinWait1 (%p): state changed to TCP_FIN_WAIT2\n", ssn);
ssn->state = TCP_FIN_WAIT2;
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
if (SEQ_GT(TCP_GET_ACK(p),ssn->client.last_ack))
ssn->client.last_ack = TCP_GET_ACK(p);
Pool update. Stream reassembly start.
16 years ago
StreamTcpReassembleHandleSegment(ssn, &ssn->server, p);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
printf("StreamTcpPacketStateFinWait1 (%p): =+ next SEQ %u, last ACK %u\n",
ssn, ssn->server.next_seq, ssn->client.last_ack);
}
break;
}
return 0;
}
static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p, StreamTcpThread *stt) {
TcpSession *ssn = (TcpSession *)p->flow->stream;
switch (p->tcph->th_flags) {
case TH_ACK:
if (PKT_IS_TOSERVER(p)) {
printf("StreamTcpPacketStateFinWait2 (%p): pkt (%u) is to server: SEQ %u, ACK %u\n",
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
if (TCP_GET_SEQ(p) != ssn->client.next_seq) {
printf("StreamTcpPacketStateFinWait2 (%p): -> SEQ mismatch, packet SEQ %u != %u from stream\n",
ssn, TCP_GET_SEQ(p), ssn->client.next_seq);
return -1;
}
printf("StreamTcpPacketStateFinWait2 (%p): state changed to 0\n", ssn);
ssn->state = 0;
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
if (SEQ_GT(TCP_GET_ACK(p),ssn->server.last_ack))
ssn->server.last_ack = TCP_GET_ACK(p);
Pool update. Stream reassembly start.
16 years ago
StreamTcpReassembleHandleSegment(ssn, &ssn->client, p);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
printf("StreamTcpPacketStateFinWait2 (%p): =+ next SEQ %u, last ACK %u\n",
ssn, ssn->client.next_seq, ssn->server.last_ack);
} else { /* implied to client */
printf("StreamTcpPacketStateFinWait2 (%p): pkt (%u) is to client: SEQ %u, ACK %u\n",
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
if (TCP_GET_SEQ(p) != ssn->server.next_seq) {
printf("StreamTcpPacketStateFinWait2 (%p): -> SEQ mismatch, packet SEQ %u != %u from stream\n",
ssn, TCP_GET_SEQ(p), ssn->server.next_seq);
return -1;
}
printf("StreamTcpPacketStateFinWait2 (%p): state changed to 0\n", ssn);
ssn->state = 0;
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
if (SEQ_GT(TCP_GET_ACK(p),ssn->client.last_ack))
ssn->client.last_ack = TCP_GET_ACK(p);
Pool update. Stream reassembly start.
16 years ago
StreamTcpReassembleHandleSegment(ssn, &ssn->server, p);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
printf("StreamTcpPacketStateFinWait2 (%p): =+ next SEQ %u, last ACK %u\n",
ssn, ssn->server.next_seq, ssn->client.last_ack);
}
break;
}
return 0;
}
/* flow is and stays locked */
static int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt) {
TcpSession *ssn = (TcpSession *)p->flow->stream;
if (ssn == NULL || ssn->state == 0) {
StreamTcpPacketStateNone(tv, p, stt);
} else {
switch (ssn->state) {
case TCP_SYN_SENT:
StreamTcpPacketStateSynSent(tv, p, stt);
break;
case TCP_SYN_RECV:
StreamTcpPacketStateSynRecv(tv, p, stt);
break;
case TCP_ESTABLISHED:
StreamTcpPacketStateEstablished(tv, p, stt);
break;
case TCP_FIN_WAIT1:
StreamTcpPacketStateFinWait1(tv, p, stt);
break;
case TCP_FIN_WAIT2:
StreamTcpPacketStateFinWait2(tv, p, stt);
break;
}
}
return 0;
}
int StreamTcp (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
{
StreamTcpThread *stt = (StreamTcpThread *)data;
if (!(PKT_IS_TCP(p)))
return 0;
if (p->flow == NULL)
return 0;
#if 0
printf("StreamTcp: seq %u, ack %u, %s%s%s%s%s%s%s%s: ", TCP_GET_SEQ(p), TCP_GET_ACK(p),
TCP_ISSET_FLAG_FIN(p) ? "FIN " :"",
TCP_ISSET_FLAG_SYN(p) ? "SYN " :"",
TCP_ISSET_FLAG_RST(p) ? "RST " :"",
TCP_ISSET_FLAG_PUSH(p)? "PUSH ":"",
TCP_ISSET_FLAG_ACK(p) ? "ACK " :"",
TCP_ISSET_FLAG_URG(p) ? "URG " :"",
TCP_ISSET_FLAG_RES2(p)? "RES2 ":"",
TCP_ISSET_FLAG_RES1(p)? "RES1 ":"");
#endif
mutex_lock(&p->flow->m);
StreamTcpPacket(tv, p, stt);
mutex_unlock(&p->flow->m);
stt->pkts++;
return 0;
}
int StreamTcpThreadInit(ThreadVars *t, void *initdata, void **data)
{
StreamTcpThread *stt = malloc(sizeof(StreamTcpThread));
if (stt == NULL) {
return -1;
}
memset(stt, 0, sizeof(StreamTcpThread));
/* XXX */
*data = (void *)stt;
return 0;
}
int StreamTcpThreadDeinit(ThreadVars *t, void *data)
{
StreamTcpThread *stt = (StreamTcpThread *)data;
if (stt == NULL) {
return 0;
}
/* XXX */
/* clear memory */
memset(stt, 0, sizeof(StreamTcpThread));
free(stt);
return 0;
}
void StreamTcpExitPrintStats(ThreadVars *tv, void *data) {
StreamTcpThread *stt = (StreamTcpThread *)data;
if (stt == NULL) {
return;
}
printf(" - (%s) Packets %llu.\n", tv->name, stt->pkts);
}