aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bbb385422d'
${ noResults }
suricata/src/stream-tcp.c

2382 lines
88 KiB
C
Raw Normal View History Unescape Escape

Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
/* Copyright (c) 2008 Victor Julien <victor@inliniac.net> */
Target Based Stream Reassembly with comments
16 years ago
/* 2009 Gurvinder Singh <gurvindersinghdahiya@gmail.com>*/
64 bit cleanup part2
16 years ago
#include "eidps-common.h"
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
#include "decode.h"
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
#include "debug.h"
#include "detect.h"
#include "flow.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-modules.h"
#include "util-pool.h"
#include "util-unittest.h"
New function for task3
16 years ago
#include "util-print.h"
Another round of logging api usage updates.
16 years ago
#include "util-debug.h"
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
Pool update. Stream reassembly start.
16 years ago
#include "stream-tcp-private.h"
Remove vips references. Rename to eidps.
16 years ago
#include "stream-tcp-reassemble.h"
New function for task3
16 years ago
#include "stream-tcp.h"
Stream reassembly update and WIP code for L7 modules.
16 years ago
#include "stream.h"
additional support for type qualifier for the stats api
16 years ago
#include "stream-tcp.h"
Stream reassembly update and WIP code for L7 modules.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
#include "app-layer-parser.h"
Fix a number of broken overlap calculations. Add comments exmplaining them all.
16 years ago
//#define DEBUG
Tie app layer parsing to the stream engine.
16 years ago
typedef struct StreamTcpThread_ {
uint64_t pkts;
uint16_t counter_tcp_sessions;
TcpReassemblyThreadCtx *ra_ctx;
} StreamTcpThread;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
int StreamTcp (ThreadVars *, Packet *, void *, PacketQueue *);
int StreamTcpThreadInit(ThreadVars *, void *, void **);
int StreamTcpThreadDeinit(ThreadVars *, void *);
void StreamTcpExitPrintStats(ThreadVars *, void *);
Target Based Stream Reassembly with comments
16 years ago
static int ValidReset(TcpSession * , Packet *);
Tie app layer parsing to the stream engine.
16 years ago
static int StreamTcpHandleFin(StreamTcpThread *, TcpSession *, Packet *);
Small reshuffling of the unittests, fix of a buffer overflow, hide some dbg output in the stream reassembly.
16 years ago
void StreamTcpRegisterTests (void);
New function for task3
16 years ago
void StreamTcpReturnStreamSegments (TcpStream *);
void StreamTcpInitConfig(char);
extern void StreamTcpSegmentReturntoPool(TcpSegment *);
Flow get state protocol specific
16 years ago
int StreamTcpGetFlowState(void *);
timestamp support
16 years ago
static int ValidTimestamp(TcpSession * , Packet *);
New function for task3
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
#define STREAMTCP_DEFAULT_SESSIONS 262144
#define STREAMTCP_DEFAULT_PREALLOC 32768
#define STREAMTCP_NEW_TIMEOUT 60
#define STREAMTCP_EST_TIMEOUT 3600
#define STREAMTCP_CLOSED_TIMEOUT 120
#define STREAMTCP_EMERG_NEW_TIMEOUT 10
#define STREAMTCP_EMERG_EST_TIMEOUT 300
#define STREAMTCP_EMERG_CLOSED_TIMEOUT 20
New function for task3
16 years ago
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
static Pool *ssn_pool = NULL;
New function for task3
16 years ago
static pthread_mutex_t ssn_pool_mutex;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
#ifdef DEBUG
static uint64_t ssn_pool_cnt;
static pthread_mutex_t ssn_pool_cnt_mutex;
#endif
Small reshuffle of the free funcs in the Stream code.
16 years ago
void TmModuleStreamTcpRegister (void) {
tmm_modules[TMM_STREAMTCP].name = "StreamTcp";
Small tm module API rename to reflect that Init/Deinit/ExitPrintStats are per thread calls.
16 years ago
tmm_modules[TMM_STREAMTCP].ThreadInit = StreamTcpThreadInit;
Small reshuffle of the free funcs in the Stream code.
16 years ago
tmm_modules[TMM_STREAMTCP].Func = StreamTcp;
Small tm module API rename to reflect that Init/Deinit/ExitPrintStats are per thread calls.
16 years ago
tmm_modules[TMM_STREAMTCP].ThreadExitPrintStats = StreamTcpExitPrintStats;
tmm_modules[TMM_STREAMTCP].ThreadDeinit = StreamTcpThreadDeinit;
Small reshuffle of the free funcs in the Stream code.
16 years ago
tmm_modules[TMM_STREAMTCP].RegisterTests = StreamTcpRegisterTests;
}
void StreamTcpReturnStreamSegments (TcpStream *stream) {
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
TcpSegment *seg = stream->seg_list;
TcpSegment *next_seg;
if (seg == NULL)
return;
while (seg != NULL) {
next_seg = seg->next;
StreamTcpSegmentReturntoPool(seg);
seg = next_seg;
Small reshuffle of the free funcs in the Stream code.
16 years ago
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
stream->seg_list = NULL;
}
/** \brief Function to return the stream back to the pool. It returns the
* segments in the stream to the segment pool.
*
* \param ssn Void ptr to the ssn.
*/
void StreamTcpSessionClear(void *ssnptr) {
TcpSession *ssn = (TcpSession *)ssnptr;
if (ssn == NULL)
return;
StreamTcpReturnStreamSegments(&ssn->client);
StreamTcpReturnStreamSegments(&ssn->server);
AppLayerParserCleanupState(ssn);
memset(ssn, 0, sizeof(TcpSession));
mutex_lock(&ssn_pool_mutex);
PoolReturn(ssn_pool, ssn);
mutex_unlock(&ssn_pool_mutex);
#ifdef DEBUG
mutex_lock(&ssn_pool_cnt_mutex);
ssn_pool_cnt--;
mutex_unlock(&ssn_pool_cnt_mutex);
#endif
Small reshuffle of the free funcs in the Stream code.
16 years ago
}
/** \brief Function to return the stream back to the pool. It returns the
* segments in the stream to the segment pool.
*
* \param p Packet used to identify the stream.
*/
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
static void StreamTcpSessionPktFree (Packet *p) {
TcpSession *ssn = (TcpSession *)p->flow->protoctx;
Small reshuffle of the free funcs in the Stream code.
16 years ago
if (ssn == NULL)
return;
StreamTcpReturnStreamSegments(&ssn->client);
StreamTcpReturnStreamSegments(&ssn->server);
New function for task3
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
AppLayerParserCleanupState(ssn);
Small reshuffle of the free funcs in the Stream code.
16 years ago
memset(ssn, 0, sizeof(TcpSession));
mutex_lock(&ssn_pool_mutex);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
PoolReturn(ssn_pool, p->flow->protoctx);
Small reshuffle of the free funcs in the Stream code.
16 years ago
mutex_unlock(&ssn_pool_mutex);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
p->flow->protoctx = NULL;
#ifdef DEBUG
mutex_lock(&ssn_pool_cnt_mutex);
ssn_pool_cnt--;
mutex_unlock(&ssn_pool_cnt_mutex);
#endif
Small reshuffle of the free funcs in the Stream code.
16 years ago
}
/** \brief Stream alloc function for the Pool
* \param null NULL ptr (value of null is ignored)
* \retval ptr void ptr to TcpSession structure with all vars set to 0/NULL
*/
New function for task3
16 years ago
void *StreamTcpSessionPoolAlloc(void *null) {
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
void *ptr = malloc(sizeof(TcpSession));
if (ptr == NULL)
return NULL;
memset(ptr, 0, sizeof(TcpSession));
return ptr;
}
Small reshuffle of the free funcs in the Stream code.
16 years ago
/** \brief Pool free function
* \param s Void ptr to TcpSession memory */
void StreamTcpSessionPoolFree(void *s) {
if (s == NULL)
return;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
Small reshuffle of the free funcs in the Stream code.
16 years ago
TcpSession *ssn = (TcpSession *)s;
Pool update. Stream reassembly start.
16 years ago
Small reshuffle of the free funcs in the Stream code.
16 years ago
StreamTcpReturnStreamSegments(&ssn->client);
StreamTcpReturnStreamSegments(&ssn->server);
free(ssn);
New function for task3
16 years ago
}
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
New function for task3
16 years ago
/** \brief To initialize the stream global configuration data
*
* \param quiet It tells the mode of operation, if it is TRUE nothing will
* be get printed.
*/
void StreamTcpInitConfig(char quiet) {
Fix detection of failed thread startup. Cleanup startup output a bit.
16 years ago
//if (quiet == FALSE)
// printf("Initializing Stream:\n");
New function for task3
16 years ago
memset(&stream_config, 0, sizeof(stream_config));
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
Small reshuffle of the free funcs in the Stream code.
16 years ago
/** set config defaults */
New function for task3
16 years ago
stream_config.max_sessions = STREAMTCP_DEFAULT_SESSIONS;
stream_config.prealloc_sessions = STREAMTCP_DEFAULT_PREALLOC;
stream_config.midstream = TRUE;
Small reshuffle of the free funcs in the Stream code.
16 years ago
ssn_pool = PoolInit(stream_config.max_sessions, stream_config.prealloc_sessions, StreamTcpSessionPoolAlloc, NULL, StreamTcpSessionPoolFree);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (ssn_pool == NULL) {
exit(1);
}
Small reshuffle of the free funcs in the Stream code.
16 years ago
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
pthread_mutex_init(&ssn_pool_mutex, NULL);
proto specific free function
16 years ago
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
StreamTcpReassembleInit(quiet);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
/* set the default TCP timeout, free function and flow state function values. */
handle the FLOW_STATE_CLOSED
16 years ago
FlowSetProtoTimeout(IPPROTO_TCP, STREAMTCP_NEW_TIMEOUT, STREAMTCP_EST_TIMEOUT, STREAMTCP_CLOSED_TIMEOUT);
FlowSetProtoEmergencyTimeout(IPPROTO_TCP, STREAMTCP_EMERG_NEW_TIMEOUT, STREAMTCP_EMERG_EST_TIMEOUT, STREAMTCP_EMERG_CLOSED_TIMEOUT);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
FlowSetProtoFreeFunc(IPPROTO_TCP, StreamTcpSessionClear);
handle the FLOW_STATE_CLOSED
16 years ago
FlowSetFlowStateFunc(IPPROTO_TCP, StreamTcpGetFlowState);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
void StreamTcpFreeConfig(char quiet) {
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
StreamTcpReassembleFree(quiet);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
if (ssn_pool != NULL) {
PoolFree(ssn_pool);
ssn_pool = NULL;
} else {
printf("ERROR: ssn_pool is NULL\n");
exit(1);
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
#ifdef DEBUG
Yet more logging api usage changes.
16 years ago
SCLogDebug("ssn_pool_cnt %"PRIu64"", ssn_pool_cnt);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
#endif
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
pthread_mutex_destroy(&ssn_pool_mutex);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
}
Small reshuffle of the free funcs in the Stream code.
16 years ago
/** \brief The function is used to to fetch a TCP session from the
* ssn_pool, when a TCP SYN is received.
New function for task3
16 years ago
*
Small reshuffle of the free funcs in the Stream code.
16 years ago
* \param quiet Packet P, which has been recieved for the new TCP session.
New function for task3
16 years ago
*
* \retval TcpSession A new TCP session with field initilaized to 0/NULL.
*/
TcpSession *StreamTcpNewSession (Packet *p) {
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
TcpSession *ssn = (TcpSession *)p->flow->protoctx;
New function for task3
16 years ago
if (ssn == NULL) {
mutex_lock(&ssn_pool_mutex);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
p->flow->protoctx = PoolGet(ssn_pool);
New function for task3
16 years ago
mutex_unlock(&ssn_pool_mutex);
Small reshuffle of the free funcs in the Stream code.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn = (TcpSession *)p->flow->protoctx;
New function for task3
16 years ago
if (ssn == NULL)
return NULL;
Small reshuffle of the free funcs in the Stream code.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->state = TCP_NONE;
ssn->aldata = NULL;
#ifdef DEBUG
mutex_lock(&ssn_pool_cnt_mutex);
ssn_pool_cnt++;
mutex_unlock(&ssn_pool_cnt_mutex);
#endif
New function for task3
16 years ago
}
return ssn;
}
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
static inline void StreamTcpPacketSetState(Packet *p, TcpSession *ssn, uint8_t state) {
if (state == ssn->state)
return;
ssn->state = state;
FlowUpdateQueue(p->flow);
}
Target Based Stream Reassembly with comments
16 years ago
/**
* \brief Function to handle the TCP_CLOSED or NONE state. The function handles
* packets while the session state is None which means a newly
* initialized structure, or a fully closed session.
*
* \param tv Thread Variable containig input/output queue, cpu affinity etc.
* \param p Packet which has to be handled in this TCP state.
* \param stt Strean Thread module registered to handle the stream handling
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
*/
New function for task3
16 years ago
static int StreamTcpPacketStateNone(ThreadVars *tv, Packet *p, StreamTcpThread *stt, TcpSession *ssn) {
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
switch (p->tcph->th_flags) {
case TH_SYN:
New function for task3
16 years ago
{
if (ssn == NULL) {
ssn = StreamTcpNewSession(p);
if (ssn == NULL)
return -1;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
PerfCounterIncr(stt->counter_tcp_sessions, tv->pca);
New function for task3
16 years ago
}
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
/* set the state */
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_SYN_SENT);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =~ ssn state is now TCP_SYN_SENT", ssn);
Another round of logging api usage updates.
16 years ago
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
/* set the sequence numbers and window */
ssn->client.isn = TCP_GET_SEQ(p);
Pool update. Stream reassembly start.
16 years ago
ssn->client.ra_base_seq = ssn->client.isn;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn->client.next_seq = ssn->client.isn + 1;
timestamp support
16 years ago
fixed unit tests and add the comments
16 years ago
/*Set the stream timestamp value, if packet has timestamp option enabled.*/
timestamp support
16 years ago
if (p->tcpvars.ts != NULL) {
target based paws handling
16 years ago
ssn->client.last_ts = TCP_GET_TSVAL(p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: p->tcpvars.ts %p, %02x", ssn, p->tcpvars.ts, ssn->client.last_ts);
Another round of logging api usage updates.
16 years ago
target based paws handling
16 years ago
if (ssn->client.last_ts == 0)
ssn->client.flags |= STREAMTCP_FLAG_ZERO_TIMESTAMP;
timestamp support
16 years ago
ssn->client.last_pkt_ts = p->ts.tv_sec;
target based paws handling
16 years ago
ssn->client.flags |= STREAMTCP_FLAG_TIMESTAMP;
timestamp support
16 years ago
}
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->server.window = TCP_GET_WINDOW(p);
Add TCP_GET_WSCALE macro for easy access to wscale. Update StreamTcp to use it. Default to wscale 14 (max) in case of midstream as there seems to be no reliable way to predict wscale if we missed it.
16 years ago
if (p->tcpvars.ws != NULL) {
ssn->flags |= STREAMTCP_FLAG_SERVER_WSCALE;
ssn->server.wscale = TCP_GET_WSCALE(p);
}
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->client.isn %" PRIu32 ", ssn->client.next_seq %" PRIu32 ", ssn->client.last_ack %"PRIu32"",
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn, ssn->client.isn, ssn->client.next_seq, ssn->client.last_ack);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
New function for task3
16 years ago
}
case TH_SYN|TH_ACK:
if (stream_config.midstream == FALSE)
break;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
New function for task3
16 years ago
if (ssn == NULL) {
ssn = StreamTcpNewSession(p);
if (ssn == NULL)
return -1;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
PerfCounterIncr(stt->counter_tcp_sessions, tv->pca);
New function for task3
16 years ago
}
/* set the state */
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_SYN_RECV);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =~ midstream picked ssn state is now TCP_SYN_RECV", ssn);
New function for task3
16 years ago
ssn->flags = STREAMTCP_FLAG_MIDSTREAM;
/* sequence number & window */
ssn->server.isn = TCP_GET_SEQ(p);
ssn->server.ra_base_seq = ssn->server.isn;
ssn->server.next_seq = ssn->server.isn + 1;
ssn->server.window = TCP_GET_WINDOW(p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: server window %u", ssn, ssn->server.window);
Another round of logging api usage updates.
16 years ago
New function for task3
16 years ago
ssn->client.isn = TCP_GET_ACK(p) - 1;
ssn->client.ra_base_seq = ssn->client.isn;
ssn->client.next_seq = ssn->client.isn + 1;
ssn->client.last_ack = TCP_GET_ACK(p);
Add TCP_GET_WSCALE macro for easy access to wscale. Update StreamTcp to use it. Default to wscale 14 (max) in case of midstream as there seems to be no reliable way to predict wscale if we missed it.
16 years ago
/** If the client has a wscale option the server had it too,
* so set the wscale for the server to max. Otherwise none
* will have the wscale opt just like it should. */
if (p->tcpvars.ws != NULL) {
ssn->client.wscale = TCP_GET_WSCALE(p);
ssn->server.wscale = TCP_WSCALE_MAX;
}
New function for task3
16 years ago
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->client.isn %"PRIu32", ssn->client.next_seq %"PRIu32", ssn->client.last_ack %"PRIu32"",
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn, ssn->client.isn, ssn->client.next_seq, ssn->client.last_ack);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->server.isn %"PRIu32", ssn->server.next_seq %"PRIu32", ssn->server.last_ack %"PRIu32"",
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn, ssn->server.isn, ssn->server.next_seq, ssn->server.last_ack);
Another round of logging api usage updates.
16 years ago
fixed unit tests and add the comments
16 years ago
/*Set the timestamp value for both streams, if packet has timestamp option enabled.*/
timestamp support
16 years ago
if (p->tcpvars.ts != NULL) {
target based paws handling
16 years ago
ssn->client.last_ts = TCP_GET_TSVAL(p);
ssn->server.last_ts = TCP_GET_TSECR(p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->server.last_ts %" PRIu32" ssn->client.last_ts %" PRIu32"", ssn, ssn->server.last_ts, ssn->client.last_ts);
Another round of logging api usage updates.
16 years ago
fixed unit tests and add the comments
16 years ago
ssn->flags |= STREAMTCP_FLAG_TIMESTAMP;
target based paws handling
16 years ago
timestamp support
16 years ago
ssn->server.last_pkt_ts = p->ts.tv_sec;
target based paws handling
16 years ago
if (ssn->server.last_ts == 0)
ssn->server.flags |= STREAMTCP_FLAG_ZERO_TIMESTAMP;
if (ssn->client.last_ts == 0)
ssn->client.flags |= STREAMTCP_FLAG_ZERO_TIMESTAMP;
timestamp support
16 years ago
} else {
ssn->server.last_ts = 0;
ssn->client.last_ts = 0;
}
New function for task3
16 years ago
break;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
/* Handle SYN/ACK and 3WHS shake missed together as it is almost similar. */
New function for task3
16 years ago
case TH_ACK:
case TH_ACK|TH_PUSH:
if (stream_config.midstream == FALSE)
break;
if (ssn == NULL) {
ssn = StreamTcpNewSession(p);
if (ssn == NULL)
return -1;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
PerfCounterIncr(stt->counter_tcp_sessions, tv->pca);
New function for task3
16 years ago
}
/* set the state */
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_ESTABLISHED);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =~ midstream picked ssn state is now TCP_ESTABLISHED", ssn);
Another round of logging api usage updates.
16 years ago
New function for task3
16 years ago
ssn->flags = STREAMTCP_FLAG_MIDSTREAM;
ssn->flags |= STREAMTCP_FLAG_MIDSTREAM_ESTABLISHED;
/* set the sequence numbers and window */
ssn->client.isn = TCP_GET_SEQ(p) - 1;
ssn->client.ra_base_seq = ssn->client.isn;
ssn->client.next_seq = TCP_GET_SEQ(p) + p->payload_len;
ssn->client.window = TCP_GET_WINDOW(p);
ssn->client.last_ack = TCP_GET_SEQ(p);
ssn->client.next_win = ssn->client.last_ack + ssn->client.window;
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->client.isn %u, ssn->client.next_seq %u",
New function for task3
16 years ago
ssn, ssn->client.isn, ssn->client.next_seq);
Another round of logging api usage updates.
16 years ago
New function for task3
16 years ago
ssn->server.isn = TCP_GET_ACK(p) - 1;
ssn->server.ra_base_seq = ssn->server.isn;
ssn->server.next_seq = ssn->server.isn + 1;
ssn->server.last_ack = TCP_GET_ACK(p);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->server.next_win = ssn->server.last_ack;
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->client.next_win %"PRIu32", ssn->server.next_win %"PRIu32"",
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn, ssn->client.next_win, ssn->server.next_win);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->client.last_ack %"PRIu32", ssn->server.last_ack %"PRIu32"",
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn, ssn->client.last_ack, ssn->server.last_ack);
New function for task3
16 years ago
Add TCP_GET_WSCALE macro for easy access to wscale. Update StreamTcp to use it. Default to wscale 14 (max) in case of midstream as there seems to be no reliable way to predict wscale if we missed it.
16 years ago
/** window scaling for midstream pickups, we can't do much other
* than assume that it's set to the max value: 14 */
ssn->client.wscale = TCP_WSCALE_MAX;
ssn->server.wscale = TCP_WSCALE_MAX;
New function for task3
16 years ago
fixed unit tests and add the comments
16 years ago
/*Set the timestamp value for both streams, if packet has timestamp option enabled.*/
timestamp support
16 years ago
if (p->tcpvars.ts != NULL) {
target based paws handling
16 years ago
ssn->client.last_ts = TCP_GET_TSVAL(p);
ssn->server.last_ts = TCP_GET_TSECR(p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->server.last_ts %" PRIu32" ssn->client.last_ts %" PRIu32"", ssn, ssn->server.last_ts, ssn->client.last_ts);
Another round of logging api usage updates.
16 years ago
fixed unit tests and add the comments
16 years ago
ssn->flags |= STREAMTCP_FLAG_TIMESTAMP;
target based paws handling
16 years ago
timestamp support
16 years ago
ssn->client.last_pkt_ts = p->ts.tv_sec;
target based paws handling
16 years ago
if (ssn->server.last_ts == 0)
ssn->server.flags |= STREAMTCP_FLAG_ZERO_TIMESTAMP;
if (ssn->client.last_ts == 0)
ssn->client.flags |= STREAMTCP_FLAG_ZERO_TIMESTAMP;
timestamp support
16 years ago
} else {
ssn->server.last_ts = 0;
ssn->client.last_ts = 0;
}
initial version to support detection byepass
16 years ago
/*If no stream reassembly/application layer protocol inspection, then simple return*/
function to set packet flags
16 years ago
if (! (ssn->flags & STREAMTCP_FLAG_NOCLIENT_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->client, p);
function to set packet flags
16 years ago
New function for task3
16 years ago
break;
case TH_RST:
case TH_RST|TH_ACK:
case TH_RST|TH_ACK|TH_PUSH:
case TH_FIN:
case TH_FIN|TH_ACK:
case TH_FIN|TH_ACK|TH_PUSH:
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
BUG_ON(p->flow->protoctx != NULL);
More logging API usage changes.
16 years ago
SCLogDebug("FIN or RST packet received, no session setup");
New function for task3
16 years ago
break;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
default:
More logging API usage changes.
16 years ago
SCLogDebug("default case");
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
}
return 0;
}
Target Based Stream Reassembly with comments
16 years ago
/**
* \brief Function to handle the TCP_SYN_SENT state. The function handles
* SYN, SYN/ACK, RSTpackets and correspondingly changes the connection
* state.
*
* \param tv Thread Variable containig input/output queue, cpu affinity etc.
* \param p Packet which has to be handled in this TCP state.
* \param stt Strean Thread module registered to handle the stream handling
*/
New function for task3
16 years ago
static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p, StreamTcpThread *stt, TcpSession *ssn) {
if (ssn == NULL)
return -1;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
switch (p->tcph->th_flags) {
case TH_SYN:
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: SYN packet on state SYN_SENT... resent", ssn);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
case TH_SYN|TH_ACK:
if (PKT_IS_TOSERVER(p)) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: SYN/ACK received in the wrong direction", ssn);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
return -1;
}
/* Check if the SYN/ACK packet ack's the earlier
* received SYN packet. */
if (!(SEQ_EQ(TCP_GET_ACK(p), ssn->client.isn + 1))) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ACK mismatch, packet ACK %" PRIu32 " != %" PRIu32 " from stream",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, TCP_GET_ACK(p), ssn->client.isn + 1);
return -1;
}
/* update state */
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_SYN_RECV);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =~ ssn state is now TCP_SYN_RECV", ssn);
Another round of logging api usage updates.
16 years ago
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
/* sequence number & window */
ssn->server.isn = TCP_GET_SEQ(p);
Pool update. Stream reassembly start.
16 years ago
ssn->server.ra_base_seq = ssn->server.isn;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn->server.next_seq = ssn->server.isn + 1;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->client.window = TCP_GET_WINDOW(p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: window %" PRIu32 "", ssn, ssn->server.window);
Another round of logging api usage updates.
16 years ago
target based paws handling
16 years ago
if ((p->tcpvars.ts != NULL) && (ssn->client.flags & STREAMTCP_FLAG_TIMESTAMP)) {
ssn->server.last_ts = TCP_GET_TSVAL(p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->server.last_ts %" PRIu32" ssn->client.last_ts %" PRIu32"", ssn, ssn->server.last_ts, ssn->client.last_ts);
fixed unit tests and add the comments
16 years ago
ssn->client.flags &= ~STREAMTCP_FLAG_TIMESTAMP;
ssn->flags |= STREAMTCP_FLAG_TIMESTAMP;
timestamp support
16 years ago
ssn->server.last_pkt_ts = p->ts.tv_sec;
target based paws handling
16 years ago
if (ssn->server.last_ts == 0)
ssn->server.flags |= STREAMTCP_FLAG_ZERO_TIMESTAMP;
stream size match function and unittests
16 years ago
} else {
ssn->client.last_ts = 0;
ssn->server.last_ts = 0;
target based paws handling
16 years ago
ssn->client.flags &= ~STREAMTCP_FLAG_TIMESTAMP;
ssn->client.flags &= ~STREAMTCP_FLAG_ZERO_TIMESTAMP;
stream size match function and unittests
16 years ago
}
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn->client.last_ack = TCP_GET_ACK(p);
ssn->server.last_ack = ssn->server.isn + 1;
Add TCP_GET_WSCALE macro for easy access to wscale. Update StreamTcp to use it. Default to wscale 14 (max) in case of midstream as there seems to be no reliable way to predict wscale if we missed it.
16 years ago
/** check for the presense of the ws ptr to determine if we
* support wscale at all */
if (ssn->flags & STREAMTCP_FLAG_SERVER_WSCALE && p->tcpvars.ws != NULL) {
ssn->client.wscale = TCP_GET_WSCALE(p);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
} else {
ssn->client.wscale = 0;
}
ssn->server.next_win = ssn->server.last_ack + ssn->server.window;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->client.next_win = ssn->client.last_ack + ssn->client.window;
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->server.next_win %" PRIu32 "", ssn, ssn->server.next_win);
SCLogDebug("ssn %p: ssn->client.next_win %" PRIu32 "", ssn, ssn->client.next_win);
SCLogDebug("ssn %p: ssn->server.isn %" PRIu32 ", ssn->server.next_seq %" PRIu32 ", ssn->server.last_ack %" PRIu32 " (ssn->client.last_ack %" PRIu32 ")",
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn, ssn->server.isn, ssn->server.next_seq, ssn->server.last_ack, ssn->client.last_ack);
initial version to support detection byepass
16 years ago
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
Pool update. Stream reassembly start.
16 years ago
case TH_RST:
Target Based Stream Reassembly with comments
16 years ago
case TH_RST|TH_ACK:
if(ValidReset(ssn, p)){
if(SEQ_EQ(TCP_GET_SEQ(p), ssn->client.isn) && SEQ_EQ(TCP_GET_WINDOW(p), 0) && SEQ_EQ(TCP_GET_ACK(p), (ssn->client.isn + 1))) {
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_CLOSED);
Target Based Stream Reassembly with comments
16 years ago
}
} else
return -1;
Pool update. Stream reassembly start.
16 years ago
break;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
default:
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: default case", ssn);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
}
return 0;
}
Target Based Stream Reassembly with comments
16 years ago
/**
* \brief Function to handle the TCP_SYN_RECV state. The function handles
* SYN, SYN/ACK, ACK, FIN, RST packets and correspondingly changes
* the connection state.
*
* \param tv Thread Variable containig input/output queue, cpu affinity etc.
* \param p Packet which has to be handled in this TCP state.
* \param stt Strean Thread module registered to handle the stream handling
*/
New function for task3
16 years ago
static int StreamTcpPacketStateSynRecv(ThreadVars *tv, Packet *p, StreamTcpThread *stt, TcpSession *ssn) {
if (ssn == NULL)
return -1;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
switch (p->tcph->th_flags) {
case TH_SYN:
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: SYN packet on state SYN_RECV... resent", ssn);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
case TH_SYN|TH_ACK:
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: SYN/ACK packet on state SYN_RECV... resent", ssn);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
case TH_ACK:
Another round of logging api usage updates.
16 years ago
/* If the timestamp option is enabled for both the streams, then validate the received packet
timestamp value against the stream->last_ts. If the timestamp is valid then process the packet normally
otherwise the drop the packet (RFC 1323)*/
fixed unit tests and add the comments
16 years ago
if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {
small performance enhancement
16 years ago
if (!ValidTimestamp(ssn, p))
return -1;
target based paws handling
16 years ago
}
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (PKT_IS_TOCLIENT(p)) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ACK received in the wrong direction", ssn);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
return -1;
}
if (!(SEQ_EQ(TCP_GET_SEQ(p), ssn->client.next_seq))) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: wrong seq nr on packet", ssn);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
return -1;
}
New function for task3
16 years ago
ssn->server.last_ack = TCP_GET_ACK(p);
if (ssn->flags & STREAMTCP_FLAG_MIDSTREAM) {
ssn->client.window = TCP_GET_WINDOW(p);
ssn->server.next_win = ssn->server.last_ack + ssn->server.window;
Add TCP_GET_WSCALE macro for easy access to wscale. Update StreamTcp to use it. Default to wscale 14 (max) in case of midstream as there seems to be no reliable way to predict wscale if we missed it.
16 years ago
/** window scaling for midstream pickups, we can't do much other
* than assume that it's set to the max value: 14 */
ssn->server.wscale = TCP_WSCALE_MAX;
ssn->client.wscale = TCP_WSCALE_MAX;
New function for task3
16 years ago
}
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to server: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
Another round of logging api usage updates.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_ESTABLISHED);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =~ ssn state is now TCP_ESTABLISHED", ssn);
Another round of logging api usage updates.
16 years ago
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn->client.next_seq += p->payload_len;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->server.next_win = ssn->server.last_ack + ssn->server.window;
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->server.next_win %" PRIu32 ", ssn->server.last_ack %"PRIu32"", ssn, ssn->server.next_win, ssn->server.last_ack);
initial version to support detection byepass
16 years ago
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
Target Based Stream Reassembly with comments
16 years ago
case TH_RST:
case TH_RST|TH_ACK:
if(ValidReset(ssn, p)) {
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_CLOSED);
Target Based Stream Reassembly with comments
16 years ago
} else
return -1;
break;
case TH_FIN:
/*FIN is handled in the same way as in TCP_ESTABLISHED case */;
fixed unit tests and add the comments
16 years ago
if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {
small performance enhancement
16 years ago
if (!ValidTimestamp(ssn, p))
return -1;
target based paws handling
16 years ago
}
Tie app layer parsing to the stream engine.
16 years ago
if((StreamTcpHandleFin(stt, ssn, p)) == -1)
Target Based Stream Reassembly with comments
16 years ago
return -1;
break;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
default:
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: default case", ssn);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
}
return 0;
}
Target Based Stream Reassembly with comments
16 years ago
/**
* \brief Function to handle the TCP_ESTABLISHED state. The function handles
* ACK, FIN, RST packets and correspondingly changes the connection
* state. The function handles the data inside packets and call
* StreamTcpReassembleHandleSegment() to handle the reassembling.
*
* \param tv Thread Variable containig input/output queue, cpu affinity etc.
* \param p Packet which has to be handled in this TCP state.
* \param stt Strean Thread module registered to handle the stream handling
*/
New function for task3
16 years ago
static int StreamTcpPacketStateEstablished(ThreadVars *tv, Packet *p, StreamTcpThread *stt, TcpSession *ssn) {
if (ssn == NULL)
return -1;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
switch (p->tcph->th_flags) {
case TH_SYN:
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: SYN packet on state ESTABLISED... resent", ssn);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
case TH_SYN|TH_ACK:
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: SYN/ACK packet on state ESTABLISHED... resent", ssn);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
case TH_ACK:
case TH_ACK|TH_PUSH:
Another round of logging api usage updates.
16 years ago
/* If the timestamp option is enabled for both the streams, then validate the received packet
timestamp value against the stream->last_ts. If the timestamp is valid then process the packet normally
otherwise the drop the packet (RFC 1323) */
fixed unit tests and add the comments
16 years ago
if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {
small performance enhancement
16 years ago
if (!ValidTimestamp(ssn, p))
return -1;
PAWS support and one unittest
16 years ago
}
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (PKT_IS_TOSERVER(p)) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ pkt (%" PRIu32 ") is to server: SEQ %" PRIu32 ", ACK %" PRIu32 ", WIN %"PRIu16"",
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p), TCP_GET_WINDOW(p));
Another round of logging api usage updates.
16 years ago
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (SEQ_EQ(ssn->client.next_seq, TCP_GET_SEQ(p))) {
ssn->client.next_seq += p->payload_len;
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->client.next_seq %" PRIu32 "", ssn, ssn->client.next_seq);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (SEQ_GEQ(TCP_GET_SEQ(p), ssn->client.last_ack)) {
if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->client.next_win) ||
ssn->flags & STREAMTCP_FLAG_MIDSTREAM) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->client.next_win %" PRIu32 "", ssn, TCP_GET_SEQ(p), ssn->client.next_win);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->server.window %"PRIu32"", ssn, ssn->server.window);
Add seg_list integrity testing to reassemly. Remove all debug output but some. Better deal with packets before the point that we already reassembled.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->server.last_ack))
ssn->server.last_ack = TCP_GET_ACK(p);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (SEQ_GT((ssn->server.last_ack + ssn->server.window), ssn->server.next_win)) {
ssn->server.next_win = ssn->server.last_ack + ssn->server.window;
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: seq %"PRIu32", updated ssn->server.next_win %" PRIu32 " (win %"PRIu32")", ssn, TCP_GET_SEQ(p), ssn->server.next_win, ssn->server.window);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
}
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
initial version to support detection byepass
16 years ago
/*If no stream reassembly/application layer protocol inspection, then simple return*/
function to set packet flags
16 years ago
if (!(ssn->flags & STREAMTCP_FLAG_NOCLIENT_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->client, p);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
} else {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: server => SEQ out of window, packet SEQ %" PRIu32 ", payload size %" PRIu32 " (%" PRIu32 "), ssn->client.last_ack %" PRIu32 ", ssn->client.next_win %" PRIu32 "(%"PRIu32") (ssn->client.ra_base_seq %"PRIu32")", ssn, TCP_GET_SEQ(p), p->payload_len, TCP_GET_SEQ(p) + p->payload_len, ssn->client.last_ack, ssn->client.next_win, TCP_GET_SEQ(p) + p->payload_len - ssn->client.next_win, ssn->client.ra_base_seq);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
} else {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: server => SEQ before last_ack, packet SEQ %" PRIu32 ", payload size %" PRIu32 " (%" PRIu32 "), ssn->client.last_ack %" PRIu32 ", ssn->client.next_win %" PRIu32 "(%"PRIu32") (ssn->client.ra_base_seq %"PRIu32")", ssn, TCP_GET_SEQ(p), p->payload_len, TCP_GET_SEQ(p) + p->payload_len, ssn->client.last_ack, ssn->client.next_win, TCP_GET_SEQ(p) + p->payload_len - ssn->client.next_win, ssn->client.ra_base_seq);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
New function for task3
16 years ago
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: next SEQ %" PRIu32 ", last ACK %" PRIu32 ", next win %" PRIu32 ", win %" PRIu32 "",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, ssn->client.next_seq, ssn->server.last_ack, ssn->client.next_win, ssn->client.window);
} else { /* implied to client */
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ pkt (%" PRIu32 ") is to client: SEQ %" PRIu32 ", ACK %" PRIu32 ", WIN %"PRIu16"",
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p), TCP_GET_WINDOW(p));
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
/* To get the server window value from the servers packet, when connection
Another round of logging api usage updates.
16 years ago
is picked up as midstream */
New function for task3
16 years ago
if ((ssn->flags & STREAMTCP_FLAG_MIDSTREAM) && (ssn->flags & STREAMTCP_FLAG_MIDSTREAM_ESTABLISHED)) {
ssn->server.window = TCP_GET_WINDOW(p);
ssn->server.next_win = ssn->server.last_ack + ssn->server.window;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->flags &= ~STREAMTCP_FLAG_MIDSTREAM_ESTABLISHED;
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: adjusted midstream ssn->server.next_win to %" PRIu32 "", ssn, ssn->server.next_win);
New function for task3
16 years ago
}
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (SEQ_EQ(ssn->server.next_seq, TCP_GET_SEQ(p))) {
ssn->server.next_seq += p->payload_len;
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->server.next_seq %" PRIu32 "", ssn, ssn->server.next_seq);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (SEQ_GEQ(TCP_GET_SEQ(p), ssn->server.last_ack)) {
if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->server.next_win) ||
ssn->flags & STREAMTCP_FLAG_MIDSTREAM) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->server.next_win %" PRIu32 "", ssn, TCP_GET_SEQ(p), ssn->server.next_win);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->client.window %"PRIu32"", ssn, ssn->client.window);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->client.last_ack))
ssn->client.last_ack = TCP_GET_ACK(p);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (SEQ_GT((ssn->client.last_ack + ssn->client.window), ssn->client.next_win)) {
ssn->client.next_win = ssn->client.last_ack + ssn->client.window;
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: seq %"PRIu32", updated ssn->client.next_win %" PRIu32 " (win %"PRIu32")", ssn, TCP_GET_SEQ(p), ssn->client.next_win, ssn->client.window);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
} else {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: seq %"PRIu32", keeping ssn->client.next_win %" PRIu32 " the same (win %"PRIu32")", ssn, TCP_GET_SEQ(p), ssn->client.next_win, ssn->client.window);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
}
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
initial version to support detection byepass
16 years ago
/*If no stream reassembly/application layer protocol inspection, then simple return*/
function to set packet flags
16 years ago
if (!(ssn->flags & STREAMTCP_FLAG_NOSERVER_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->server, p);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
} else {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: client => SEQ out of window, packet SEQ %" PRIu32 ", payload size %" PRIu32 " (%" PRIu32 "), ssn->server.last_ack %" PRIu32 ", ssn->server.next_win %" PRIu32 "(%"PRIu32") (ssn->server.ra_base_seq %"PRIu32")", ssn, TCP_GET_SEQ(p), p->payload_len, TCP_GET_SEQ(p) + p->payload_len, ssn->server.last_ack, ssn->server.next_win, TCP_GET_SEQ(p) + p->payload_len - ssn->server.next_win, ssn->server.ra_base_seq);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
} else {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: client => SEQ before last ack, packet SEQ %" PRIu32 ", payload size %" PRIu32 " (%" PRIu32 "), ssn->server.last_ack %" PRIu32 ", ssn->server.next_win %" PRIu32 "(%"PRIu32") (ssn->server.ra_base_seq %"PRIu32")", ssn, TCP_GET_SEQ(p), p->payload_len, TCP_GET_SEQ(p) + p->payload_len, ssn->server.last_ack, ssn->server.next_win, TCP_GET_SEQ(p) + p->payload_len - ssn->server.next_win, ssn->server.ra_base_seq);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: next SEQ %" PRIu32 ", last ACK %" PRIu32 ", next win %" PRIu32 ", win %" PRIu32 "",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, ssn->server.next_seq, ssn->client.last_ack, ssn->server.next_win, ssn->server.window);
}
break;
case TH_FIN:
case TH_FIN|TH_ACK:
case TH_FIN|TH_ACK|TH_PUSH:
target based paws handling
16 years ago
fixed unit tests and add the comments
16 years ago
if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {
small performance enhancement
16 years ago
if (!ValidTimestamp(ssn, p))
return -1;
PAWS support and one unittest
16 years ago
}
More logging API usage changes.
16 years ago
SCLogDebug("StreamTcpPacketStateEstablished (%p): FIN received SEQ %" PRIu32 ", last ACK %" PRIu32 ", next win %" PRIu32 ", win %" PRIu32 "",
Another round of logging api usage updates.
16 years ago
ssn, ssn->server.next_seq, ssn->client.last_ack, ssn->server.next_win, ssn->server.window);
Tie app layer parsing to the stream engine.
16 years ago
if((StreamTcpHandleFin(stt, ssn, p)) == -1)
Target Based Stream Reassembly with comments
16 years ago
return -1;
break;
case TH_RST:
case TH_RST|TH_ACK:
if(ValidReset(ssn, p)) {
if(PKT_IS_TOSERVER(p)) {
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_CLOSED);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: Reset received and state changed to TCP_CLOSED", ssn);
Another round of logging api usage updates.
16 years ago
Target Based Stream Reassembly with comments
16 years ago
ssn->client.next_seq = TCP_GET_ACK(p);
ssn->server.next_seq = TCP_GET_SEQ(p) + p->payload_len + 1;
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->server.next_seq %" PRIu32 "", ssn, ssn->server.next_seq);
Target Based Stream Reassembly with comments
16 years ago
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
if (SEQ_GT(TCP_GET_ACK(p),ssn->server.last_ack))
ssn->server.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (! (ssn->flags & STREAMTCP_FLAG_NOCLIENT_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->client, p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, ssn->client.next_seq, ssn->server.last_ack);
} else {
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_CLOSED);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: Reset received and state changed to TCP_CLOSED", ssn);
Another round of logging api usage updates.
16 years ago
Target Based Stream Reassembly with comments
16 years ago
ssn->server.next_seq = TCP_GET_SEQ(p) + p->payload_len + 1;
ssn->client.next_seq = TCP_GET_ACK(p);
Another round of logging api usage updates.
16 years ago
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->server.next_seq %" PRIu32 "", ssn, ssn->server.next_seq);
Target Based Stream Reassembly with comments
16 years ago
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
if (SEQ_GT(TCP_GET_ACK(p),ssn->client.last_ack))
ssn->client.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (!(ssn->flags & STREAMTCP_FLAG_NOSERVER_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->server, p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, ssn->server.next_seq, ssn->client.last_ack);
}
} else
return -1;
break;
default:
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: default case", ssn);
Target Based Stream Reassembly with comments
16 years ago
break;
}
return 0;
}
/**
* \brief Function to handle the FIN packets for states TCP_SYN_RECV and
* TCP_ESTABLISHED and changes to another TCP state as required.
*
* \param tv Thread Variable containig input/output queue, cpu affinity etc.
* \param p Packet which has to be handled in this TCP state.
* \param stt Strean Thread module registered to handle the stream handling
*/
Tie app layer parsing to the stream engine.
16 years ago
static int StreamTcpHandleFin(StreamTcpThread *stt, TcpSession *ssn, Packet *p) {
Target Based Stream Reassembly with comments
16 years ago
if (PKT_IS_TOSERVER(p)) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to server: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
if (SEQ_LT(TCP_GET_SEQ(p), ssn->client.next_seq) || SEQ_GT(TCP_GET_SEQ(p), (ssn->client.last_ack + ssn->client.window))) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 " != %" PRIu32 " from stream",
Target Based Stream Reassembly with comments
16 years ago
ssn, TCP_GET_SEQ(p), ssn->client.next_seq);
return -1;
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_CLOSE_WAIT);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_CLOSE_WAIT", ssn);
Another round of logging api usage updates.
16 years ago
Target Based Stream Reassembly with comments
16 years ago
ssn->client.next_seq = TCP_GET_ACK(p);
ssn->server.next_seq = TCP_GET_SEQ(p) + p->payload_len + 1;
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->server.next_seq %" PRIu32 "", ssn, ssn->server.next_seq);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
Target Based Stream Reassembly with comments
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->server.last_ack))
ssn->server.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (! (ssn->flags & STREAMTCP_FLAG_NOCLIENT_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->client, p);
Target Based Stream Reassembly with comments
16 years ago
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, ssn->client.next_seq, ssn->server.last_ack);
} else { /* implied to client */
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to client: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
if (SEQ_LT(TCP_GET_SEQ(p), ssn->server.next_seq) || SEQ_GT(TCP_GET_SEQ(p), (ssn->server.last_ack + ssn->server.window))) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 " != %" PRIu32 " from stream",
Target Based Stream Reassembly with comments
16 years ago
ssn, TCP_GET_SEQ(p), ssn->server.next_seq);
return -1;
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_FIN_WAIT1);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_FIN_WAIT1", ssn);
Another round of logging api usage updates.
16 years ago
Target Based Stream Reassembly with comments
16 years ago
ssn->server.next_seq = TCP_GET_SEQ(p) + p->payload_len + 1;
ssn->client.next_seq = TCP_GET_ACK(p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: ssn->server.next_seq %" PRIu32 "", ssn, ssn->server.next_seq);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
Target Based Stream Reassembly with comments
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->client.last_ack))
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->client.last_ack = TCP_GET_ACK(p);
Target Based Stream Reassembly with comments
16 years ago
function to set packet flags
16 years ago
if (!(ssn->flags & STREAMTCP_FLAG_NOSERVER_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->server, p);
Target Based Stream Reassembly with comments
16 years ago
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, ssn->server.next_seq, ssn->client.last_ack);
}
return 0;
}
/**
* \brief Function to handle the TCP_FIN_WAIT1 state. The function handles
* ACK, FIN, RST packets and correspondingly changes the connection
* state.
*
* \param tv Thread Variable containig input/output queue, cpu affinity etc.
* \param p Packet which has to be handled in this TCP state.
* \param stt Strean Thread module registered to handle the stream handling
*/
New function for task3
16 years ago
static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, StreamTcpThread *stt, TcpSession *ssn) {
if (ssn == NULL)
return -1;
Target Based Stream Reassembly with comments
16 years ago
switch (p->tcph->th_flags) {
case TH_ACK:
PAWS support and one unittest
16 years ago
fixed unit tests and add the comments
16 years ago
if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {
small performance enhancement
16 years ago
if (!ValidTimestamp(ssn, p))
return -1;
PAWS support and one unittest
16 years ago
}
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (PKT_IS_TOSERVER(p)) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to server: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
Another round of logging api usage updates.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_FIN_WAIT2);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_FIN_WAIT2", ssn);
Target Based Stream Reassembly with comments
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
Target Based Stream Reassembly with comments
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->server.last_ack))
ssn->server.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (! (ssn->flags & STREAMTCP_FLAG_NOCLIENT_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->client, p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, ssn->client.next_seq, ssn->server.last_ack);
} else { /* implied to client */
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to client: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_FIN_WAIT2);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_FIN_WAIT2", ssn);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
Target Based Stream Reassembly with comments
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->client.last_ack))
ssn->client.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (!(ssn->flags & STREAMTCP_FLAG_NOSERVER_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->server, p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, ssn->server.next_seq, ssn->client.last_ack);
}
break;
case TH_FIN:
case TH_FIN|TH_ACK:
case TH_FIN|TH_ACK|TH_PUSH:
PAWS support and one unittest
16 years ago
fixed unit tests and add the comments
16 years ago
if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {
small performance enhancement
16 years ago
if (!ValidTimestamp(ssn, p))
return -1;
PAWS support and one unittest
16 years ago
}
Target Based Stream Reassembly with comments
16 years ago
if (PKT_IS_TOSERVER(p)) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to server: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
Another round of logging api usage updates.
16 years ago
Target Based Stream Reassembly with comments
16 years ago
if (SEQ_LT(TCP_GET_SEQ(p), ssn->client.next_seq || SEQ_GT(TCP_GET_SEQ(p), (ssn->client.last_ack + ssn->client.window)))) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 " != %" PRIu32 " from stream",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, TCP_GET_SEQ(p), ssn->client.next_seq);
return -1;
}
Another round of logging api usage updates.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_TIME_WAIT);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_TIME_WAIT", ssn);
Target Based Stream Reassembly with comments
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->server.last_ack))
ssn->server.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (! (ssn->flags & STREAMTCP_FLAG_NOCLIENT_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->client, p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, ssn->client.next_seq, ssn->server.last_ack);
} else { /* implied to client */
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to client: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
Another round of logging api usage updates.
16 years ago
Target Based Stream Reassembly with comments
16 years ago
if (SEQ_LT(TCP_GET_SEQ(p), ssn->server.next_seq) || SEQ_GT(TCP_GET_SEQ(p), (ssn->server.last_ack + ssn->server.window))) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 " != %" PRIu32 " from stream",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, TCP_GET_SEQ(p), ssn->server.next_seq);
return -1;
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_TIME_WAIT);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_TIME_WAIT", ssn);
Another round of logging api usage updates.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->client.last_ack))
ssn->client.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (!(ssn->flags & STREAMTCP_FLAG_NOSERVER_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->server, p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, ssn->server.next_seq, ssn->client.last_ack);
}
break;
Pool update. Stream reassembly start.
16 years ago
case TH_RST:
Target Based Stream Reassembly with comments
16 years ago
case TH_RST|TH_ACK:
if(ValidReset(ssn, p)) {
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_CLOSED);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: Reset received state changed to TCP_CLOSED", ssn);
Target Based Stream Reassembly with comments
16 years ago
}
else
return -1;
break;
default:
More logging API usage changes.
16 years ago
SCLogDebug("ssn (%p): default case", ssn);
Pool update. Stream reassembly start.
16 years ago
break;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
return 0;
}
Target Based Stream Reassembly with comments
16 years ago
/**
* \brief Function to handle the TCP_FIN_WAIT2 state. The function handles
* ACK, RST, FIN packets and correspondingly changes the connection
* state.
*
* \param tv Thread Variable containig input/output queue, cpu affinity etc.
* \param p Packet which has to be handled in this TCP state.
* \param stt Strean Thread module registered to handle the stream handling
*/
New function for task3
16 years ago
static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p, StreamTcpThread *stt, TcpSession *ssn) {
if (ssn == NULL)
return -1;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
switch (p->tcph->th_flags) {
Target Based Stream Reassembly with comments
16 years ago
case TH_ACK:
PAWS support and one unittest
16 years ago
fixed unit tests and add the comments
16 years ago
if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {
small performance enhancement
16 years ago
if (!ValidTimestamp(ssn, p))
return -1;
PAWS support and one unittest
16 years ago
}
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (PKT_IS_TOSERVER(p)) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to server: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
if (TCP_GET_SEQ(p) != ssn->client.next_seq) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 " != %" PRIu32 " from stream",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, TCP_GET_SEQ(p), ssn->client.next_seq);
return -1;
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_TIME_WAIT);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_TIME_WAIT", ssn);
Another round of logging api usage updates.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->server.last_ack))
ssn->server.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (! (ssn->flags & STREAMTCP_FLAG_NOCLIENT_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->client, p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, ssn->client.next_seq, ssn->server.last_ack);
} else { /* implied to client */
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to client: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
Another round of logging api usage updates.
16 years ago
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (TCP_GET_SEQ(p) != ssn->server.next_seq) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 " != %" PRIu32 " from stream",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, TCP_GET_SEQ(p), ssn->server.next_seq);
return -1;
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_TIME_WAIT);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_TIME_WAIT", ssn);
Another round of logging api usage updates.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->client.last_ack))
ssn->client.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (!(ssn->flags & STREAMTCP_FLAG_NOSERVER_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->server, p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, ssn->server.next_seq, ssn->client.last_ack);
}
break;
Target Based Stream Reassembly with comments
16 years ago
case TH_RST:
case TH_RST|TH_ACK:
if(ValidReset(ssn, p)) {
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_CLOSED);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: Reset received state changed to TCP_CLOSED", ssn);
Target Based Stream Reassembly with comments
16 years ago
}
else
return -1;
break;
case TH_FIN:
PAWS support and one unittest
16 years ago
fixed unit tests and add the comments
16 years ago
if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {
small performance enhancement
16 years ago
if (!ValidTimestamp(ssn, p))
return -1;
PAWS support and one unittest
16 years ago
}
Target Based Stream Reassembly with comments
16 years ago
if (PKT_IS_TOSERVER(p)) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to server: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
Another round of logging api usage updates.
16 years ago
Target Based Stream Reassembly with comments
16 years ago
if (SEQ_LT(TCP_GET_SEQ(p), ssn->client.next_seq || SEQ_GT(TCP_GET_SEQ(p), (ssn->client.last_ack + ssn->client.window)))) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 " != %" PRIu32 " from stream",
Target Based Stream Reassembly with comments
16 years ago
ssn, TCP_GET_SEQ(p), ssn->client.next_seq);
return -1;
}
Another round of logging api usage updates.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_TIME_WAIT);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_TIME_WAIT", ssn);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
Target Based Stream Reassembly with comments
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->server.last_ack))
ssn->server.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (! (ssn->flags & STREAMTCP_FLAG_NOCLIENT_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->client, p);
Target Based Stream Reassembly with comments
16 years ago
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, ssn->client.next_seq, ssn->server.last_ack);
} else { /* implied to client */
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to client: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
if (SEQ_LT(TCP_GET_SEQ(p), ssn->server.next_seq) || SEQ_GT(TCP_GET_SEQ(p), (ssn->server.last_ack + ssn->server.window))) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 " != %" PRIu32 " from stream",
Target Based Stream Reassembly with comments
16 years ago
ssn, TCP_GET_SEQ(p), ssn->server.next_seq);
return -1;
}
Another round of logging api usage updates.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_TIME_WAIT);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_TIME_WAIT", ssn);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
Target Based Stream Reassembly with comments
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->client.last_ack))
ssn->client.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (!(ssn->flags & STREAMTCP_FLAG_NOSERVER_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->server, p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, ssn->server.next_seq, ssn->client.last_ack);
}
break;
default:
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: default case", ssn);
Target Based Stream Reassembly with comments
16 years ago
break;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
return 0;
}
Target Based Stream Reassembly with comments
16 years ago
/**
* \brief Function to handle the TCP_CLOSING state. Upon arrival of ACK
* the connection goes to TCP_TIME_WAIT state. The state has been
* reached as both end application has been closed.
*
* \param tv Thread Variable containig input/output queue, cpu affinity etc.
* \param p Packet which has to be handled in this TCP state.
* \param stt Strean Thread module registered to handle the stream handling
*/
New function for task3
16 years ago
static int StreamTcpPacketStateClosing(ThreadVars *tv, Packet *p, StreamTcpThread *stt, TcpSession *ssn) {
if (ssn == NULL)
return -1;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
Target Based Stream Reassembly with comments
16 years ago
switch(p->tcph->th_flags) {
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
case TH_ACK:
PAWS support and one unittest
16 years ago
fixed unit tests and add the comments
16 years ago
if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {
small performance enhancement
16 years ago
if (!ValidTimestamp(ssn, p))
return -1;
PAWS support and one unittest
16 years ago
}
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (PKT_IS_TOSERVER(p)) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to server: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
if (TCP_GET_SEQ(p) != ssn->client.next_seq) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 " != %" PRIu32 " from stream",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, TCP_GET_SEQ(p), ssn->client.next_seq);
return -1;
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_TIME_WAIT);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_TIME_WAIT", ssn);
Another round of logging api usage updates.
16 years ago
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
if (SEQ_GT(TCP_GET_ACK(p),ssn->server.last_ack))
ssn->server.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (! (ssn->flags & STREAMTCP_FLAG_NOCLIENT_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->client, p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, ssn->client.next_seq, ssn->server.last_ack);
} else { /* implied to client */
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to client: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
if (TCP_GET_SEQ(p) != ssn->server.next_seq) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 " != %" PRIu32 " from stream",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, TCP_GET_SEQ(p), ssn->server.next_seq);
return -1;
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_TIME_WAIT);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_TIME_WAIT", ssn);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->client.last_ack))
ssn->client.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (!(ssn->flags & STREAMTCP_FLAG_NOSERVER_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->server, p);
More logging API usage changes.
16 years ago
SCLogDebug("StreamTcpPacketStateClosing (%p): =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
ssn, ssn->server.next_seq, ssn->client.last_ack);
}
break;
Target Based Stream Reassembly with comments
16 years ago
default:
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: default case", ssn);
Target Based Stream Reassembly with comments
16 years ago
break;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
Target Based Stream Reassembly with comments
16 years ago
return 0;
}
/**
* \brief Function to handle the TCP_CLOSE_WAIT state. Upon arrival of FIN
* packet from server the connection goes to TCP_LAST_ACK state.
* The state is possible only for server host.
*
* \param tv Thread Variable containig input/output queue, cpu affinity etc.
* \param p Packet which has to be handled in this TCP state.
* \param stt Strean Thread module registered to handle the stream handling
*/
New function for task3
16 years ago
static int StreamTcpPacketStateCloseWait(ThreadVars *tv, Packet *p, StreamTcpThread *stt, TcpSession *ssn) {
if (ssn == NULL)
return -1;
Target Based Stream Reassembly with comments
16 years ago
switch(p->tcph->th_flags) {
case TH_FIN:
PAWS support and one unittest
16 years ago
fixed unit tests and add the comments
16 years ago
if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {
small performance enhancement
16 years ago
if (!ValidTimestamp(ssn, p))
return -1;
PAWS support and one unittest
16 years ago
}
Target Based Stream Reassembly with comments
16 years ago
if (PKT_IS_TOCLIENT(p)) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to client: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
if (SEQ_LT(TCP_GET_SEQ(p), ssn->server.next_seq) || SEQ_GT(TCP_GET_SEQ(p), (ssn->server.last_ack + ssn->server.window))) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 " != %" PRIu32 " from stream",
Target Based Stream Reassembly with comments
16 years ago
ssn, TCP_GET_SEQ(p), ssn->server.next_seq);
return -1;
}
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_LAST_ACK);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_LAST_ACK", ssn);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
Target Based Stream Reassembly with comments
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->client.last_ack))
ssn->client.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (!(ssn->flags & STREAMTCP_FLAG_NOSERVER_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->server, p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, ssn->server.next_seq, ssn->client.last_ack);
}
break;
default:
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: default case", ssn);
Target Based Stream Reassembly with comments
16 years ago
break;
}
return 0;
}
/**
* \brief Function to handle the TCP_LAST_ACK state. Upon arrival of ACK
* the connection goes to TCP_CLOSED state and stream memory is
* returned back to pool. The state is possible only for server host.
*
* \param tv Thread Variable containig input/output queue, cpu affinity etc.
* \param p Packet which has to be handled in this TCP state.
* \param stt Strean Thread module registered to handle the stream handling
*/
New function for task3
16 years ago
static int StreamTcpPakcetStateLastAck(ThreadVars *tv, Packet *p, StreamTcpThread *stt, TcpSession *ssn) {
if (ssn == NULL)
return -1;
Target Based Stream Reassembly with comments
16 years ago
switch(p->tcph->th_flags) {
case TH_ACK:
PAWS support and one unittest
16 years ago
fixed unit tests and add the comments
16 years ago
if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {
small performance enhancement
16 years ago
if (!ValidTimestamp(ssn, p))
return -1;
PAWS support and one unittest
16 years ago
}
Target Based Stream Reassembly with comments
16 years ago
if (PKT_IS_TOSERVER(p)) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to server: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
Another round of logging api usage updates.
16 years ago
Target Based Stream Reassembly with comments
16 years ago
if (TCP_GET_SEQ(p) != ssn->client.next_seq) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 " != %" PRIu32 " from stream",
Target Based Stream Reassembly with comments
16 years ago
ssn, TCP_GET_SEQ(p), ssn->client.next_seq);
return -1;
}
Another round of logging api usage updates.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_CLOSED);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_CLOSED", ssn);
Another round of logging api usage updates.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
Target Based Stream Reassembly with comments
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->server.last_ack))
ssn->server.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (! (ssn->flags & STREAMTCP_FLAG_NOCLIENT_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->client, p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, ssn->client.next_seq, ssn->server.last_ack);
}
break;
default:
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: default case", ssn);
Target Based Stream Reassembly with comments
16 years ago
break;
}
return 0;
}
/**
* \brief Function to handle the TCP_TIME_WAIT state. Upon arrival of ACK
* the connection goes to TCP_CLOSED state and stream memory is
* returned back to pool.
*
* \param tv Thread Variable containig input/output queue, cpu affinity etc.
* \param p Packet which has to be handled in this TCP state.
* \param stt Strean Thread module registered to handle the stream handling
*/
New function for task3
16 years ago
static int StreamTcpPacketStateTimeWait(ThreadVars *tv, Packet *p, StreamTcpThread *stt, TcpSession *ssn) {
if (ssn == NULL)
return -1;
Target Based Stream Reassembly with comments
16 years ago
switch(p->tcph->th_flags) {
case TH_ACK:
PAWS support and one unittest
16 years ago
fixed unit tests and add the comments
16 years ago
if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {
small performance enhancement
16 years ago
if (!ValidTimestamp(ssn, p))
return -1;
PAWS support and one unittest
16 years ago
}
Target Based Stream Reassembly with comments
16 years ago
if (PKT_IS_TOSERVER(p)) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to server: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
Another round of logging api usage updates.
16 years ago
Target Based Stream Reassembly with comments
16 years ago
if (TCP_GET_SEQ(p) != ssn->client.next_seq) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 " != %" PRIu32 " from stream",
Target Based Stream Reassembly with comments
16 years ago
ssn, TCP_GET_SEQ(p), ssn->client.next_seq);
return -1;
}
Another round of logging api usage updates.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_CLOSED);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_CLOSED", ssn);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
Target Based Stream Reassembly with comments
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->server.last_ack))
ssn->server.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (! (ssn->flags & STREAMTCP_FLAG_NOCLIENT_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->client, p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, ssn->client.next_seq, ssn->server.last_ack);
} else {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to client: SEQ %" PRIu32 ", ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, p->payload_len, TCP_GET_SEQ(p), TCP_GET_ACK(p));
Another round of logging api usage updates.
16 years ago
Target Based Stream Reassembly with comments
16 years ago
if (TCP_GET_SEQ(p) != ssn->server.next_seq) {
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 " != %" PRIu32 " from stream",
Target Based Stream Reassembly with comments
16 years ago
ssn, TCP_GET_SEQ(p), ssn->server.next_seq);
return -1;
}
Another round of logging api usage updates.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
StreamTcpPacketSetState(p, ssn, TCP_CLOSED);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: state changed to TCP_CLOSED", ssn);
Target Based Stream Reassembly with comments
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
Target Based Stream Reassembly with comments
16 years ago
if (SEQ_GT(TCP_GET_ACK(p),ssn->client.last_ack))
ssn->client.last_ack = TCP_GET_ACK(p);
function to set packet flags
16 years ago
if (!(ssn->flags & STREAMTCP_FLAG_NOSERVER_REASSEMBLY))
initial version to support detection byepass
16 years ago
StreamTcpReassembleHandleSegment(stt->ra_ctx, ssn, &ssn->server, p);
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "",
Target Based Stream Reassembly with comments
16 years ago
ssn, ssn->server.next_seq, ssn->client.last_ack);
}
break;
default:
More logging API usage changes.
16 years ago
SCLogDebug("ssn %p: default case", ssn);
Target Based Stream Reassembly with comments
16 years ago
break;
}
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
return 0;
}
/* flow is and stays locked */
static int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt) {
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
TcpSession *ssn = (TcpSession *)p->flow->protoctx;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (ssn == NULL || ssn->state == TCP_NONE) {
New function for task3
16 years ago
if (StreamTcpPacketStateNone(tv, p, stt, ssn) == -1)
return -1;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
} else {
switch (ssn->state) {
case TCP_SYN_SENT:
New function for task3
16 years ago
if(StreamTcpPacketStateSynSent(tv, p, stt, ssn))
return -1;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
case TCP_SYN_RECV:
New function for task3
16 years ago
if(StreamTcpPacketStateSynRecv(tv, p, stt, ssn))
return -1;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
case TCP_ESTABLISHED:
New function for task3
16 years ago
if(StreamTcpPacketStateEstablished(tv, p, stt, ssn))
return -1;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
case TCP_FIN_WAIT1:
New function for task3
16 years ago
if(StreamTcpPacketStateFinWait1(tv, p, stt, ssn))
return -1;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
case TCP_FIN_WAIT2:
New function for task3
16 years ago
if(StreamTcpPacketStateFinWait2(tv, p, stt, ssn))
return -1;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
break;
Target Based Stream Reassembly with comments
16 years ago
case TCP_CLOSING:
New function for task3
16 years ago
if(StreamTcpPacketStateClosing(tv, p, stt, ssn))
return -1;
Target Based Stream Reassembly with comments
16 years ago
break;
case TCP_CLOSE_WAIT:
New function for task3
16 years ago
if(StreamTcpPacketStateCloseWait(tv, p, stt, ssn))
return -1;
Target Based Stream Reassembly with comments
16 years ago
break;
case TCP_LAST_ACK:
New function for task3
16 years ago
if(StreamTcpPakcetStateLastAck(tv, p, stt, ssn))
return -1;
Target Based Stream Reassembly with comments
16 years ago
break;
case TCP_TIME_WAIT:
New function for task3
16 years ago
if(StreamTcpPacketStateTimeWait(tv, p, stt, ssn))
return -1;
Target Based Stream Reassembly with comments
16 years ago
break;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
case TCP_CLOSED:
//printf("StreamTcpPacket: packet received on closed state\n");
break;
default:
//printf("StreamTcpPacket: packet received on default state\n");
break;
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
}
Fix segv in reassembly. Fix sequence gap handling tests.
16 years ago
/* Process stream smsgs we may have in queue */
StreamTcpReassembleProcessAppLayer(stt->ra_ctx);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
return 0;
}
int StreamTcp (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
{
StreamTcpThread *stt = (StreamTcpThread *)data;
if (!(PKT_IS_TCP(p)))
return 0;
if (p->flow == NULL)
return 0;
mutex_lock(&p->flow->m);
StreamTcpPacket(tv, p, stt);
mutex_unlock(&p->flow->m);
stt->pkts++;
return 0;
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
int StreamTcpThreadInit(ThreadVars *tv, void *initdata, void **data)
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
{
StreamTcpThread *stt = malloc(sizeof(StreamTcpThread));
if (stt == NULL) {
return -1;
}
memset(stt, 0, sizeof(StreamTcpThread));
*data = (void *)stt;
additional support for type qualifier for the stats api
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
stt->counter_tcp_sessions = PerfTVRegisterCounter("tcp.sessions", tv, TYPE_UINT64, "NULL");
tv->pca = PerfGetAllCountersArray(&tv->pctx);
PerfAddToClubbedTMTable(tv->name, &tv->pctx);
additional support for type qualifier for the stats api
16 years ago
Tie app layer parsing to the stream engine.
16 years ago
/* init reassembly ctx */
stt->ra_ctx = StreamTcpReassembleInitThreadCtx();
if (stt->ra_ctx == NULL)
return -1;
More logging API usage changes.
16 years ago
SCLogDebug("StreamTcp thread specific ctx online at %p, reassembly ctx %p", stt, stt->ra_ctx);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
return 0;
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
int StreamTcpThreadDeinit(ThreadVars *tv, void *data)
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
{
StreamTcpThread *stt = (StreamTcpThread *)data;
if (stt == NULL) {
return 0;
}
/* XXX */
Tie app layer parsing to the stream engine.
16 years ago
/* free reassembly ctx */
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
/* clear memory */
memset(stt, 0, sizeof(StreamTcpThread));
free(stt);
return 0;
}
void StreamTcpExitPrintStats(ThreadVars *tv, void *data) {
StreamTcpThread *stt = (StreamTcpThread *)data;
if (stt == NULL) {
return;
}
More logging API usage. Changed logging macro's slightly so the vars inside them won't conflict with vars used by the calling function.
16 years ago
SCLogInfo("(%s) Packets %" PRIu64 "", tv->name, stt->pkts);
Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update.
16 years ago
}
Target Based Stream Reassembly with comments
16 years ago
/**
* \brief Function to check the validity of the RST packets based on the target
* OS of the given packet.
*
* \param ssn TCP session to which the given packet belongs
* \param p Packet which has to be checked for its validity
*/
static int ValidReset(TcpSession *ssn, Packet *p) {
64 bit cleanup part2
16 years ago
uint8_t os_policy;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
fixed unit tests and add the comments
16 years ago
if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {
small performance enhancement
16 years ago
if (!ValidTimestamp(ssn, p))
return -1;
PAWS support and one unittest
16 years ago
}
Target Based Stream Reassembly with comments
16 years ago
if (PKT_IS_TOSERVER(p))
os_policy = ssn->server.os_policy;
else
os_policy = ssn->client.os_policy;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
PAWS support and one unittest
16 years ago
switch (os_policy) {
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
case OS_POLICY_HPUX11:
Target Based Stream Reassembly with comments
16 years ago
if(PKT_IS_TOSERVER(p)){
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if(SEQ_GEQ(TCP_GET_SEQ(p), ssn->client.next_seq)) {
More logging API usage changes.
16 years ago
SCLogDebug("reset is Valid! Packet SEQ: %" PRIu32 "", TCP_GET_SEQ(p));
Target Based Stream Reassembly with comments
16 years ago
return 1;
} else {
More logging API usage changes.
16 years ago
SCLogDebug("reset is not Valid! Packet SEQ: %" PRIu32 " and server SEQ: %" PRIu32 "", TCP_GET_SEQ(p), ssn->client.next_seq);
Target Based Stream Reassembly with comments
16 years ago
return 0;
}
} else { /* implied to client */
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if(SEQ_GEQ(TCP_GET_SEQ(p), ssn->server.next_seq)) {
More logging API usage changes.
16 years ago
SCLogDebug("reset is valid! Packet SEQ: %" PRIu32 "", TCP_GET_SEQ(p));
Target Based Stream Reassembly with comments
16 years ago
return 1;
} else {
More logging API usage changes.
16 years ago
SCLogDebug("reset is not valid! Packet SEQ: %" PRIu32 " and client SEQ: %" PRIu32 "", TCP_GET_SEQ(p), ssn->server.next_seq);
Target Based Stream Reassembly with comments
16 years ago
return 0;
}
}
break;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
case OS_POLICY_OLD_LINUX:
case OS_POLICY_LINUX:
case OS_POLICY_SOLARIS:
Target Based Stream Reassembly with comments
16 years ago
if(PKT_IS_TOSERVER(p)){
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if(SEQ_GEQ((TCP_GET_SEQ(p)+p->payload_len), ssn->client.last_ack)) { /*window base is needed !!*/
if(SEQ_LT(TCP_GET_SEQ(p), (ssn->client.next_seq + ssn->client.window))) {
More logging API usage changes.
16 years ago
SCLogDebug("reset is Valid! Packet SEQ: %" PRIu32 "", TCP_GET_SEQ(p));
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
return 1;
}
Target Based Stream Reassembly with comments
16 years ago
} else {
More logging API usage changes.
16 years ago
SCLogDebug("reset is not valid! Packet SEQ: %" PRIu32 " and server SEQ: %" PRIu32 "", TCP_GET_SEQ(p), ssn->client.next_seq);
Target Based Stream Reassembly with comments
16 years ago
return 0;
}
} else { /* implied to client */
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if(SEQ_GEQ((TCP_GET_SEQ(p) + p->payload_len), ssn->server.last_ack)) { /*window base is needed !!*/
if(SEQ_LT(TCP_GET_SEQ(p), (ssn->server.next_seq + ssn->server.window))) {
More logging API usage changes.
16 years ago
SCLogDebug("reset is Valid! Packet SEQ: %" PRIu32 "", TCP_GET_SEQ(p));
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
return 1;
}
Target Based Stream Reassembly with comments
16 years ago
} else {
More logging API usage changes.
16 years ago
SCLogDebug("reset is not valid! Packet SEQ: %" PRIu32 " and client SEQ: %" PRIu32 "", TCP_GET_SEQ(p), ssn->server.next_seq);
Target Based Stream Reassembly with comments
16 years ago
return 0;
}
}
break;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
default:
case OS_POLICY_BSD:
case OS_POLICY_FIRST:
case OS_POLICY_HPUX10:
case OS_POLICY_IRIX:
case OS_POLICY_MACOS:
case OS_POLICY_LAST:
case OS_POLICY_WINDOWS:
case OS_POLICY_WINDOWS2K3:
case OS_POLICY_VISTA:
Another round of logging api usage updates.
16 years ago
if(PKT_IS_TOSERVER(p)) {
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if(SEQ_EQ(TCP_GET_SEQ(p), ssn->client.next_seq)) {
More logging API usage changes.
16 years ago
SCLogDebug("reset is valid! Packet SEQ: %" PRIu32 "", TCP_GET_SEQ(p));
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
return 1;
Target Based Stream Reassembly with comments
16 years ago
} else {
More logging API usage changes.
16 years ago
SCLogDebug("reset is not valid! Packet SEQ: %" PRIu32 " and server SEQ: %" PRIu32 "", TCP_GET_SEQ(p), ssn->client.next_seq);
Target Based Stream Reassembly with comments
16 years ago
return 0;
}
} else { /* implied to client */
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if(SEQ_EQ(TCP_GET_SEQ(p), ssn->server.next_seq)) {
More logging API usage changes.
16 years ago
SCLogDebug("reset is valid! Packet SEQ: %" PRIu32 "", TCP_GET_SEQ(p));
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
return 1;
Target Based Stream Reassembly with comments
16 years ago
} else {
More logging API usage changes.
16 years ago
SCLogDebug("reset is not valid! Packet SEQ: %" PRIu32 " and client SEQ: %" PRIu32 "", TCP_GET_SEQ(p), ssn->server.next_seq);
Target Based Stream Reassembly with comments
16 years ago
return 0;
}
}
break;
}
return 0;
}
fixed unit tests and add the comments
16 years ago
/**
* \brief Function to return the FLOW state depending upon the TCP session state.
*
* \param s TCP session of which the state has to be returned
* \retval The FLOW_STATE_ depends upon the TCP sesison state, default is FLOW_STATE_CLOSED
*/
Flow get state protocol specific
16 years ago
int StreamTcpGetFlowState(void *s) {
TcpSession *ssn = (TcpSession *)s;
Small flow updates.
16 years ago
if (ssn == NULL)
return FLOW_STATE_CLOSED;
Flow get state protocol specific
16 years ago
switch(ssn->state) {
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
case TCP_NONE:
Flow get state protocol specific
16 years ago
case TCP_SYN_SENT:
case TCP_SYN_RECV:
case TCP_LISTEN:
return FLOW_STATE_NEW;
case TCP_ESTABLISHED:
return FLOW_STATE_ESTABLISHED;
case TCP_FIN_WAIT1:
case TCP_FIN_WAIT2:
case TCP_CLOSING:
case TCP_LAST_ACK:
case TCP_TIME_WAIT:
case TCP_CLOSE_WAIT:
case TCP_CLOSED:
return FLOW_STATE_CLOSED;
}
return FLOW_STATE_CLOSED;
}
fixed unit tests and add the comments
16 years ago
/**
* \brief Function to check the validity of the received timestamp based on the target
* OS of the given stream.
*
* \param ssn TCP session to which the given packet belongs
* \param p Packet which has to be checked for its validity
* \retval If timestamp is valid, function returns 1 otherwise 0
*/
timestamp support
16 years ago
static int ValidTimestamp (TcpSession *ssn, Packet *p) {
target based paws handling
16 years ago
TcpStream *sender_stream;
TcpStream *receiver_stream;
PAWS support and one unittest
16 years ago
uint8_t ret = 1;
target based paws handling
16 years ago
uint8_t check_ts = 1;
PAWS support and one unittest
16 years ago
target based paws handling
16 years ago
if (PKT_IS_TOSERVER(p)) {
sender_stream = &ssn->client;
receiver_stream = &ssn->server;
} else {
sender_stream = &ssn->server;
receiver_stream = &ssn->client;
timestamp support
16 years ago
}
target based paws handling
16 years ago
small performance enhancement
16 years ago
if (p->tcpvars.ts != NULL) {
uint32_t ts = TCP_GET_TSVAL(p);
if (sender_stream->flags & STREAMTCP_FLAG_ZERO_TIMESTAMP) {
fixed unit tests and add the comments
16 years ago
/*The 3whs used the timestamp with 0 value. */
small performance enhancement
16 years ago
switch (receiver_stream->os_policy) {
case OS_POLICY_LINUX:
case OS_POLICY_WINDOWS2K3:
fixed unit tests and add the comments
16 years ago
/*Linux and windows 2003 does not allow the use of 0 as timestamp
in the 3whs. */
ssn->flags &= ~STREAMTCP_FLAG_TIMESTAMP;
small performance enhancement
16 years ago
check_ts = 0;
break;
target based paws handling
16 years ago
small performance enhancement
16 years ago
case OS_POLICY_OLD_LINUX:
case OS_POLICY_WINDOWS:
case OS_POLICY_VISTA:
sender_stream->flags &= ~STREAMTCP_FLAG_ZERO_TIMESTAMP;
if (SEQ_EQ(sender_stream->next_seq, TCP_GET_SEQ(p))) {
sender_stream->last_ts = ts;
fixed unit tests and add the comments
16 years ago
check_ts = 0; /*next packet will be checked for validity
and stream TS has been updated with this one.*/
small performance enhancement
16 years ago
}
break;
default:
break;
target based paws handling
16 years ago
}
small performance enhancement
16 years ago
}
target based paws handling
16 years ago
small performance enhancement
16 years ago
if (receiver_stream->os_policy == OS_POLICY_HPUX11) {
fixed unit tests and add the comments
16 years ago
/*HPUX11 igoners the timestamp of out of order packets*/
small performance enhancement
16 years ago
if (!SEQ_EQ(sender_stream->next_seq, TCP_GET_SEQ(p)))
check_ts = 0;
}
target based paws handling
16 years ago
small performance enhancement
16 years ago
if (ts == 0) {
switch (receiver_stream->os_policy) {
case OS_POLICY_OLD_LINUX:
case OS_POLICY_WINDOWS:
case OS_POLICY_WINDOWS2K3:
case OS_POLICY_VISTA:
case OS_POLICY_SOLARIS:
/*Old Linux and windows allowed packet with 0 timestamp.*/
break;
default:
fixed unit tests and add the comments
16 years ago
/* other OS simply drop the pakcet with 0 timestamp, when 3whs
has valid timestamp*/
small performance enhancement
16 years ago
return 0;
target based paws handling
16 years ago
}
small performance enhancement
16 years ago
}
target based paws handling
16 years ago
small performance enhancement
16 years ago
if (check_ts) {
int32_t result = 0;
target based paws handling
16 years ago
small performance enhancement
16 years ago
if (receiver_stream->os_policy == OS_POLICY_LINUX) {
result = (int32_t) ((ts - sender_stream->last_ts) + 1); /* Linux accepts TS which are off by one.*/
} else {
result = (int32_t) (ts - sender_stream->last_ts);
}
target based paws handling
16 years ago
small performance enhancement
16 years ago
if (sender_stream->last_pkt_ts == 0 && (ssn->flags & STREAMTCP_FLAG_MIDSTREAM))
sender_stream->last_pkt_ts = p->ts.tv_sec;
target based paws handling
16 years ago
small performance enhancement
16 years ago
if (result < 0) {
More logging API usage changes.
16 years ago
SCLogDebug("timestamp is not valid sender_stream->last_ts %" PRIu32 " p->tcpvars->ts %" PRIu32 " result %" PRId32 "", sender_stream->last_ts, ts, result);
small performance enhancement
16 years ago
ret = 0;
} else if ((sender_stream->last_ts != 0) && (((uint32_t) p->ts.tv_sec) > sender_stream->last_pkt_ts + PAWS_24DAYS)) {
More logging API usage changes.
16 years ago
SCLogDebug("packet is not valid sender_stream->last_pkt_ts %" PRIu32 " p->ts.tv_sec %" PRIu32 "", sender_stream->last_pkt_ts, (uint32_t) p->ts.tv_sec);
small performance enhancement
16 years ago
ret = 0;
}
target based paws handling
16 years ago
small performance enhancement
16 years ago
if (ret == 1) {
fixed unit tests and add the comments
16 years ago
/*Update the timestamp and last seen packet time for this stream.*/
small performance enhancement
16 years ago
if (SEQ_EQ(sender_stream->next_seq, TCP_GET_SEQ(p)))
sender_stream->last_ts = ts;
sender_stream->last_pkt_ts = p->ts.tv_sec;
}
target based paws handling
16 years ago
small performance enhancement
16 years ago
if (ret == 0) {
fixed unit tests and add the comments
16 years ago
/*if the timestamp of packet is not valid then, check if the current
stream timestamp is not so old. if so then we need to accept the packet
and update the stream->last_ts (RFC 1323)*/
small performance enhancement
16 years ago
if ((SEQ_EQ(sender_stream->next_seq, TCP_GET_SEQ(p)))
&& (((uint32_t) p->ts.tv_sec > (sender_stream->last_pkt_ts + PAWS_24DAYS)))) {
sender_stream->last_ts = ts;
sender_stream->last_pkt_ts = p->ts.tv_sec;
ret = 1;
target based paws handling
16 years ago
}
}
PAWS support and one unittest
16 years ago
}
small performance enhancement
16 years ago
} else {
fixed unit tests and add the comments
16 years ago
/* Solaris stops using timestamps if a packet is received
without a timestamp and timestamps were used on that stream. */
small performance enhancement
16 years ago
if (receiver_stream->os_policy == OS_POLICY_SOLARIS)
fixed unit tests and add the comments
16 years ago
ssn->flags &= ~STREAMTCP_FLAG_TIMESTAMP;
PAWS support and one unittest
16 years ago
}
small performance enhancement
16 years ago
PAWS support and one unittest
16 years ago
return ret;
timestamp support
16 years ago
}
Flow get state protocol specific
16 years ago
Fix compilation without unittests enabled.
16 years ago
#ifdef UNITTESTS
New function for task3
16 years ago
/**
* \test Test the allocation of TCP session for a given packet from the
* ssn_pool.
*
* \retval On success it returns 1 and on failure 0.
*/
static int StreamTcpTest01 (void) {
Packet p;
Flow f;
memset (&p, 0, sizeof(Packet));
memset (&f, 0, sizeof(Flow));
p.flow = &f;
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
int ret = 0;
New function for task3
16 years ago
Flow get state protocol specific
16 years ago
StreamTcpInitConfig(TRUE);
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
New function for task3
16 years ago
TcpSession *ssn = StreamTcpNewSession(&p);
if (ssn == NULL) {
printf("Session can not be allocated \n");
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
}
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
f.protoctx = ssn;
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (ssn->aldata != NULL) {
printf("AppLayer field not set to NULL \n");
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
}
if (ssn->state != 0) {
printf("TCP state field not set to 0 \n");
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
}
Small reshuffle of the free funcs in the Stream code.
16 years ago
StreamTcpSessionPktFree(&p);
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
ret = 1;
end:
StreamTcpFreeConfig(TRUE);
return ret;
New function for task3
16 years ago
}
/**
* \test Test the deallocation of TCP session for a given packet and return
* the memory back to ssn_pool and corresponding segments to segment
* pool.
*
* \retval On success it returns 1 and on failure 0.
*/
Target Based Stream Reassembly with comments
16 years ago
New function for task3
16 years ago
static int StreamTcpTest02 (void) {
Packet p;
Flow f;
ThreadVars tv;
StreamTcpThread stt;
u_int8_t payload[4];
TCPHdr tcph;
memset (&p, 0, sizeof(Packet));
memset (&f, 0, sizeof(Flow));
memset(&tv, 0, sizeof (ThreadVars));
memset(&stt, 0, sizeof (StreamTcpThread));
memset(&tcph, 0, sizeof (TCPHdr));
p.flow = &f;
tcph.th_win = htons(5480);
tcph.th_flags = TH_SYN;
p.tcph = &tcph;
p.flowflags = FLOW_PKT_TOSERVER;
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
int ret = 0;
StreamTcpInitConfig(TRUE);
New function for task3
16 years ago
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
p.tcph->th_ack = htonl(1);
p.tcph->th_flags = TH_SYN | TH_ACK;
p.flowflags = FLOW_PKT_TOCLIENT;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
p.tcph->th_ack = htonl(1);
p.tcph->th_seq = htonl(1);
p.tcph->th_flags = TH_ACK;
p.flowflags = FLOW_PKT_TOSERVER;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
p.tcph->th_ack = htonl(1);
p.tcph->th_seq = htonl(2);
p.tcph->th_flags = TH_PUSH | TH_ACK;
p.flowflags = FLOW_PKT_TOSERVER;
StreamTcpCreateTestPacket(payload, 0x41, 3); /*AAA*/
p.payload = payload;
p.payload_len = 3;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
p.flowflags = FLOW_PKT_TOCLIENT;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
p.tcph->th_ack = htonl(1);
p.tcph->th_seq = htonl(6);
p.tcph->th_flags = TH_PUSH | TH_ACK;
p.flowflags = FLOW_PKT_TOSERVER;
StreamTcpCreateTestPacket(payload, 0x42, 3); /*BBB*/
p.payload = payload;
p.payload_len = 3;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
p.flowflags = FLOW_PKT_TOCLIENT;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
Small reshuffle of the free funcs in the Stream code.
16 years ago
StreamTcpSessionPktFree(&p);
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (p.flow->protoctx != NULL)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
ret = 1;
end:
StreamTcpFreeConfig(TRUE);
return ret;
New function for task3
16 years ago
}
/**
* \test Test the setting up a TCP session when we missed the intial
* SYN packet of the session. The session is setup only if midstream
* sessions are allowed to setup.
*
* \retval On success it returns 1 and on failure 0.
*/
static int StreamTcpTest03 (void) {
Target Based Stream Reassembly with comments
16 years ago
Packet p;
New function for task3
16 years ago
Flow f;
Target Based Stream Reassembly with comments
16 years ago
ThreadVars tv;
New function for task3
16 years ago
StreamTcpThread stt;
TCPHdr tcph;
memset (&p, 0, sizeof(Packet));
memset (&f, 0, sizeof(Flow));
memset(&tv, 0, sizeof (ThreadVars));
memset(&stt, 0, sizeof (StreamTcpThread));
memset(&tcph, 0, sizeof (TCPHdr));
p.flow = &f;
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
StreamTcpInitConfig(TRUE);
New function for task3
16 years ago
tcph.th_win = htons(5480);
tcph.th_seq = htonl(10);
tcph.th_ack = htonl(20);
tcph.th_flags = TH_SYN|TH_ACK;
p.tcph = &tcph;
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
int ret = 0;
New function for task3
16 years ago
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
p.tcph->th_seq = htonl(20);
p.tcph->th_ack = htonl(11);
p.tcph->th_flags = TH_ACK;
p.flowflags = FLOW_PKT_TOSERVER;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
p.tcph->th_seq = htonl(19);
p.tcph->th_ack = htonl(11);
p.tcph->th_flags = TH_ACK|TH_PUSH;
p.flowflags = FLOW_PKT_TOSERVER;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
if (stream_config.midstream != TRUE) {
ret = 1;
goto end;
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (((TcpSession *)(p.flow->protoctx))->state != TCP_ESTABLISHED)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (((TcpSession *)(p.flow->protoctx))->client.next_seq != 20 ||
((TcpSession *)(p.flow->protoctx))->server.next_seq != 11)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
Small reshuffle of the free funcs in the Stream code.
16 years ago
StreamTcpSessionPktFree(&p);
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
ret = 1;
end:
StreamTcpFreeConfig(TRUE);
return ret;
New function for task3
16 years ago
}
/**
* \test Test the setting up a TCP session when we missed the intial
* SYN/ACK packet of the session. The session is setup only if
* midstream sessions are allowed to setup.
*
* \retval On success it returns 1 and on failure 0.
*/
static int StreamTcpTest04 (void) {
Packet p;
Target Based Stream Reassembly with comments
16 years ago
Flow f;
New function for task3
16 years ago
ThreadVars tv;
Target Based Stream Reassembly with comments
16 years ago
StreamTcpThread stt;
TCPHdr tcph;
New function for task3
16 years ago
memset (&p, 0, sizeof(Packet));
memset (&f, 0, sizeof(Flow));
memset(&tv, 0, sizeof (ThreadVars));
memset(&stt, 0, sizeof (StreamTcpThread));
memset(&tcph, 0, sizeof (TCPHdr));
p.flow = &f;
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
StreamTcpInitConfig(TRUE);
New function for task3
16 years ago
tcph.th_win = htons(5480);
Target Based Stream Reassembly with comments
16 years ago
tcph.th_seq = htonl(10);
New function for task3
16 years ago
tcph.th_ack = htonl(20);
tcph.th_flags = TH_ACK;
p.tcph = &tcph;
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
int ret = 0;
New function for task3
16 years ago
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
p.tcph->th_seq = htonl(9);
p.tcph->th_ack = htonl(19);
p.tcph->th_flags = TH_ACK|TH_PUSH;
p.flowflags = FLOW_PKT_TOSERVER;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
if (stream_config.midstream != TRUE) {
ret = 1;
goto end;
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (((TcpSession *)(p.flow->protoctx))->state != TCP_ESTABLISHED)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (((TcpSession *)(p.flow->protoctx))->client.next_seq != 10 ||
((TcpSession *)(p.flow->protoctx))->server.next_seq != 20)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
Small reshuffle of the free funcs in the Stream code.
16 years ago
StreamTcpSessionPktFree(&p);
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
ret = 1;
end:
StreamTcpFreeConfig(TRUE);
return ret;
New function for task3
16 years ago
}
/**
* \test Test the setting up a TCP session when we missed the intial
* 3WHS packet of the session. The session is setup only if
* midstream sessions are allowed to setup.
*
* \retval On success it returns 1 and on failure 0.
*/
static int StreamTcpTest05 (void) {
Packet p;
Flow f;
ThreadVars tv;
StreamTcpThread stt;
TCPHdr tcph;
u_int8_t payload[4];
memset (&p, 0, sizeof(Packet));
memset (&f, 0, sizeof(Flow));
memset(&tv, 0, sizeof (ThreadVars));
memset(&stt, 0, sizeof (StreamTcpThread));
memset(&tcph, 0, sizeof (TCPHdr));
p.flow = &f;
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
int ret = 0;
StreamTcpInitConfig(TRUE);
New function for task3
16 years ago
Handling of IDS missed packets and its unitests
16 years ago
/* prevent L7 from kicking in */
StreamMsgQueueSetMinInitChunkLen(FLOW_PKT_TOSERVER, 4096);
StreamMsgQueueSetMinInitChunkLen(FLOW_PKT_TOCLIENT, 4096);
StreamMsgQueueSetMinChunkLen(FLOW_PKT_TOSERVER, 4096);
StreamMsgQueueSetMinChunkLen(FLOW_PKT_TOCLIENT, 4096);
New function for task3
16 years ago
tcph.th_win = htons(5480);
tcph.th_seq = htonl(10);
tcph.th_ack = htonl(20);
tcph.th_flags = TH_ACK|TH_PUSH;
Target Based Stream Reassembly with comments
16 years ago
p.tcph = &tcph;
New function for task3
16 years ago
StreamTcpCreateTestPacket(payload, 0x41, 3); /*AAA*/
p.payload = payload;
p.payload_len = 3;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
p.tcph->th_seq = htonl(20);
p.tcph->th_ack = htonl(13);
p.tcph->th_flags = TH_ACK|TH_PUSH;
p.flowflags = FLOW_PKT_TOCLIENT;
StreamTcpCreateTestPacket(payload, 0x42, 3); /*BBB*/
p.payload = payload;
p.payload_len = 3;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
p.tcph->th_seq = htonl(13);
p.tcph->th_ack = htonl(23);
p.tcph->th_flags = TH_ACK|TH_PUSH;
Target Based Stream Reassembly with comments
16 years ago
p.flowflags = FLOW_PKT_TOSERVER;
New function for task3
16 years ago
StreamTcpCreateTestPacket(payload, 0x43, 3); /*CCC*/
p.payload = payload;
p.payload_len = 3;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
p.tcph->th_seq = htonl(19);
p.tcph->th_ack = htonl(16);
p.tcph->th_flags = TH_ACK|TH_PUSH;
p.flowflags = FLOW_PKT_TOCLIENT;
StreamTcpCreateTestPacket(payload, 0x44, 3); /*DDD*/
p.payload = payload;
p.payload_len = 3;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
if (stream_config.midstream != TRUE) {
ret = 1;
goto end;
}
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (((TcpSession *)(p.flow->protoctx))->state != TCP_ESTABLISHED)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (((TcpSession *)(p.flow->protoctx))->client.next_seq != 16 ||
((TcpSession *)(p.flow->protoctx))->server.next_seq != 23)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
Small reshuffle of the free funcs in the Stream code.
16 years ago
StreamTcpSessionPktFree(&p);
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
ret = 1;
end:
StreamTcpFreeConfig(TRUE);
return ret;
New function for task3
16 years ago
}
/**
* \test Test the setting up a TCP session when we have seen only the
* FIN, RST packets packet of the session. The session is setup only if
* midstream sessions are allowed to setup.
*
* \retval On success it returns 1 and on failure 0.
*/
static int StreamTcpTest06 (void) {
Packet p;
Flow f;
TcpSession ssn;
ThreadVars tv;
StreamTcpThread stt;
TCPHdr tcph;
memset (&p, 0, sizeof(Packet));
memset (&f, 0, sizeof(Flow));
memset(&ssn, 0, sizeof (TcpSession));
memset(&tv, 0, sizeof (ThreadVars));
memset(&stt, 0, sizeof (StreamTcpThread));
memset(&tcph, 0, sizeof (TCPHdr));
Target Based Stream Reassembly with comments
16 years ago
p.flow = &f;
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
int ret = 0;
StreamTcpInitConfig(TRUE);
Fix reassembly unittests.
16 years ago
New function for task3
16 years ago
tcph.th_flags = TH_FIN;
p.tcph = &tcph;
Target Based Stream Reassembly with comments
16 years ago
New function for task3
16 years ago
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (((TcpSession *)(p.flow->protoctx)) != NULL)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
Target Based Stream Reassembly with comments
16 years ago
New function for task3
16 years ago
p.tcph->th_flags = TH_RST;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
New function for task3
16 years ago
Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.
16 years ago
if (((TcpSession *)(p.flow->protoctx)) != NULL)
Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.
16 years ago
goto end;
ret = 1;
end:
StreamTcpFreeConfig(TRUE);
return ret;
Target Based Stream Reassembly with comments
16 years ago
}
Small reshuffling of the unittests, fix of a buffer overflow, hide some dbg output in the stream reassembly.
16 years ago
PAWS support and one unittest
16 years ago
/**
* \test Test the working on PAWS. The packet will be dropped by stream, as
* its timestamp is old, although the segment is in the window.
*
* \retval On success it returns 1 and on failure 0.
*/
static int StreamTcpTest07 (void) {
Packet p;
Flow f;
ThreadVars tv;
StreamTcpThread stt;
TCPHdr tcph;
u_int8_t payload[1] = {0x42};
TCPVars tcpvars;
TCPOpt ts;
fixed unit tests and add the comments
16 years ago
uint32_t data[2];
PAWS support and one unittest
16 years ago
memset (&p, 0, sizeof(Packet));
memset (&f, 0, sizeof(Flow));
memset(&tv, 0, sizeof (ThreadVars));
memset(&stt, 0, sizeof(StreamTcpThread));
memset(&tcph, 0, sizeof(TCPHdr));
memset(&tcpvars, 0, sizeof(TCPVars));
memset(&ts, 0, sizeof(TCPOpt));
p.flow = &f;
int ret = 0;
StreamTcpInitConfig(TRUE);
/* prevent L7 from kicking in */
StreamMsgQueueSetMinInitChunkLen(FLOW_PKT_TOSERVER, 4096);
StreamMsgQueueSetMinInitChunkLen(FLOW_PKT_TOCLIENT, 4096);
StreamMsgQueueSetMinChunkLen(FLOW_PKT_TOSERVER, 4096);
StreamMsgQueueSetMinChunkLen(FLOW_PKT_TOCLIENT, 4096);
tcph.th_win = htons(5480);
tcph.th_seq = htonl(10);
tcph.th_ack = htonl(20);
tcph.th_flags = TH_ACK|TH_PUSH;
p.tcph = &tcph;
fixed unit tests and add the comments
16 years ago
data[0] = htonl(10);
data[1] = htonl(11);
PAWS support and one unittest
16 years ago
ts.type = TCP_OPT_TS;
fixed unit tests and add the comments
16 years ago
ts.len = 10;
ts.data = (uint8_t *)data;
PAWS support and one unittest
16 years ago
tcpvars.ts = &ts;
p.tcpvars = tcpvars;
p.payload = payload;
p.payload_len = 1;
if (StreamTcpPacket(&tv, &p, &stt) == -1)
goto end;
p.tcph->th_seq = htonl(11);
p.tcph->th_ack = htonl(23);
p.tcph->th_flags = TH_ACK|TH_PUSH;
p.flowflags = FLOW_PKT_TOSERVER;
fixed unit tests and add the comments
16 years ago
data[0] = htonl(2);
p.tcpc.ts1 = 0;
p.tcpc.ts2 = 0;
p.tcpvars.ts->data = (uint8_t *)data;
if (StreamTcpPacket(&tv, &p, &stt) == -1) {
if (((TcpSession *) (p.flow->protoctx))->client.next_seq != 11) {
printf("the timestamp values are client %"PRIu32" server %" PRIu32 " seq %" PRIu32 "\n", TCP_GET_TSVAL(&p), TCP_GET_TSECR(&p), ((TcpSession *) (p.flow->protoctx))->client.next_seq);
goto end;
}
StreamTcpSessionPktFree(&p);
ret = 1;
}
end:
StreamTcpFreeConfig(TRUE);
return ret;
}
/**
* \test Test the working on PAWS. The packet will be accpeted by engine as
* the timestamp is valid and it is in window.
*
* \retval On success it returns 1 and on failure 0.
*/
static int StreamTcpTest08 (void) {
Packet p;
Flow f;
ThreadVars tv;
StreamTcpThread stt;
TCPHdr tcph;
u_int8_t payload[1] = {0x42};
TCPVars tcpvars;
TCPOpt ts;
uint32_t data[2];
memset (&p, 0, sizeof(Packet));
memset (&f, 0, sizeof(Flow));
memset(&tv, 0, sizeof (ThreadVars));
memset(&stt, 0, sizeof(StreamTcpThread));
memset(&tcph, 0, sizeof(TCPHdr));
memset(&tcpvars, 0, sizeof(TCPVars));
memset(&ts, 0, sizeof(TCPOpt));
p.flow = &f;
int ret = 0;
StreamTcpInitConfig(TRUE);
/* prevent L7 from kicking in */
StreamMsgQueueSetMinInitChunkLen(FLOW_PKT_TOSERVER, 4096);
StreamMsgQueueSetMinInitChunkLen(FLOW_PKT_TOCLIENT, 4096);
StreamMsgQueueSetMinChunkLen(FLOW_PKT_TOSERVER, 4096);
StreamMsgQueueSetMinChunkLen(FLOW_PKT_TOCLIENT, 4096);
tcph.th_win = htons(5480);
tcph.th_seq = htonl(10);
tcph.th_ack = htonl(20);
tcph.th_flags = TH_ACK|TH_PUSH;
p.tcph = &tcph;
data[0] = htonl(10);
data[1] = htonl(11);
ts.type = TCP_OPT_TS;
ts.len = 10;
ts.data = (uint8_t *)data;
tcpvars.ts = &ts;
p.tcpvars = tcpvars;
p.payload = payload;
p.payload_len = 1;
PAWS support and one unittest
16 years ago
if (StreamTcpPacket(&tv, &p, &stt) == -1)
goto end;
fixed unit tests and add the comments
16 years ago
p.tcph->th_seq = htonl(11);
p.tcph->th_ack = htonl(23);
p.tcph->th_flags = TH_ACK|TH_PUSH;
p.flowflags = FLOW_PKT_TOSERVER;
data[0] = htonl(12);
p.tcpc.ts1 = 0;
p.tcpc.ts2 = 0;
p.tcpvars.ts->data = (uint8_t *)data;
PAWS support and one unittest
16 years ago
fixed unit tests and add the comments
16 years ago
if (StreamTcpPacket(&tv, &p, &stt) == -1)
PAWS support and one unittest
16 years ago
goto end;
fixed unit tests and add the comments
16 years ago
if (((TcpSession *) (p.flow->protoctx))->client.next_seq != 12) {
printf("the timestamp values are client %"PRIu32" server %" PRIu32 " seq %" PRIu32 "\n", TCP_GET_TSVAL(&p), TCP_GET_TSECR(&p), ((TcpSession *) (p.flow->protoctx))->client.next_seq);
goto end;
}
PAWS support and one unittest
16 years ago
StreamTcpSessionPktFree(&p);
ret = 1;
end:
StreamTcpFreeConfig(TRUE);
return ret;
}
Fix compilation without unittests enabled.
16 years ago
#endif /* UNITTESTS */
Small reshuffling of the unittests, fix of a buffer overflow, hide some dbg output in the stream reassembly.
16 years ago
void StreamTcpRegisterTests (void) {
#ifdef UNITTESTS
New function for task3
16 years ago
UtRegisterTest("StreamTcpTest01 -- TCP session allocation", StreamTcpTest01, 1);
UtRegisterTest("StreamTcpTest02 -- TCP session deallocation", StreamTcpTest02, 1);
UtRegisterTest("StreamTcpTest03 -- SYN missed MidStream session", StreamTcpTest03, 1);
UtRegisterTest("StreamTcpTest04 -- SYN/ACK missed MidStream session", StreamTcpTest04, 1);
UtRegisterTest("StreamTcpTest05 -- 3WHS missed MidStream session", StreamTcpTest05, 1);
UtRegisterTest("StreamTcpTest06 -- FIN, RST message MidStream session", StreamTcpTest06, 1);
fixed unit tests and add the comments
16 years ago
UtRegisterTest("StreamTcpTest07 -- PAWS invalid timestamp", StreamTcpTest07, 1);
UtRegisterTest("StreamTcpTest08 -- PAWS valid timestamp", StreamTcpTest08, 1);
Small reshuffling of the unittests, fix of a buffer overflow, hide some dbg output in the stream reassembly.
16 years ago
/* set up the reassembly tests as well */
StreamTcpReassembleRegisterTests();
#endif /* UNITTESTS */
}
Target Based Stream Reassembly with comments
16 years ago