aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

stream/config: turn async_oneside into bool

Browse Source
pull/8546/head
Victor Julien 3 years ago
parent 0a831b5ea2
commit 23dd34dd8a
3 changed files with 18 additions and 21 deletions
Show Stats Download Patch File Download Diff File

29
src/stream-tcp.c
Unescape Escape View File

@ -419,7 +419,9 @@ void StreamTcpInitConfig(bool quiet)
SCLogConfig("stream \"midstream\" session pickups: %s", stream_config.midstream ? "enabled" : "disabled"); SCLogConfig("stream \"midstream\" session pickups: %s", stream_config.midstream ? "enabled" : "disabled");
} }
(void)ConfGetBool("stream.async-oneside", &stream_config.async_oneside); int async_oneside;
(void)ConfGetBool("stream.async-oneside", &async_oneside);
stream_config.async_oneside = async_oneside != 0;
if (!quiet) { if (!quiet) {
SCLogConfig("stream \"async-oneside\": %s", stream_config.async_oneside ? "enabled" : "disabled"); SCLogConfig("stream \"async-oneside\": %s", stream_config.async_oneside ? "enabled" : "disabled");
@ -1033,7 +1035,7 @@ static int StreamTcpPacketStateNone(
/* Drop reason will only be used if midstream policy is set to fail closed */ /* Drop reason will only be used if midstream policy is set to fail closed */
ExceptionPolicyApply(p, stream_config.midstream_policy, PKT_DROP_REASON_STREAM_MIDSTREAM); ExceptionPolicyApply(p, stream_config.midstream_policy, PKT_DROP_REASON_STREAM_MIDSTREAM);
if (!stream_config.midstream && stream_config.async_oneside == FALSE) { if (!stream_config.midstream && !stream_config.async_oneside) {
SCLogDebug("Midstream not enabled, so won't pick up a session"); SCLogDebug("Midstream not enabled, so won't pick up a session");
return 0; return 0;
} }
@ -1804,7 +1806,7 @@ static int StreamTcpPacketStateSynSent(
/* Handle the asynchronous stream, when we receive a SYN packet /* Handle the asynchronous stream, when we receive a SYN packet
and now instead of receiving a SYN/ACK we receive a ACK from the and now instead of receiving a SYN/ACK we receive a ACK from the
same host, which sent the SYN, this suggests the ASYNC streams.*/ same host, which sent the SYN, this suggests the ASYNC streams.*/
if (stream_config.async_oneside == FALSE) if (!stream_config.async_oneside)
return 0; return 0;
/* we are in AYNC (one side) mode now. */ /* we are in AYNC (one side) mode now. */
@ -2145,9 +2147,7 @@ static int StreamTcpPacketStateSynRecv(
/* If asynchronous stream handling is allowed then set the session, /* If asynchronous stream handling is allowed then set the session,
if packet's seq number is equal the expected seq no.*/ if packet's seq number is equal the expected seq no.*/
} else if (stream_config.async_oneside == TRUE && } else if (stream_config.async_oneside && (SEQ_EQ(TCP_GET_SEQ(p), ssn->server.next_seq))) {
(SEQ_EQ(TCP_GET_SEQ(p), ssn->server.next_seq)))
{
/*set the ASYNC flag used to indicate the session as async stream /*set the ASYNC flag used to indicate the session as async stream
and helps in relaxing the windows checks.*/ and helps in relaxing the windows checks.*/
ssn->flags |= STREAMTCP_FLAG_ASYNC; ssn->flags |= STREAMTCP_FLAG_ASYNC;
@ -2185,7 +2185,7 @@ static int StreamTcpPacketStateSynRecv(
ACK number, it causes the other end to send RST. But some target ACK number, it causes the other end to send RST. But some target
system (Linux & solaris) does not RST the connection, so it is system (Linux & solaris) does not RST the connection, so it is
likely to avoid the detection */ likely to avoid the detection */
} else if (SEQ_EQ(TCP_GET_SEQ(p), ssn->client.next_seq)){ } else if (SEQ_EQ(TCP_GET_SEQ(p), ssn->client.next_seq)) {
ssn->flags |= STREAMTCP_FLAG_DETECTION_EVASION_ATTEMPT; ssn->flags |= STREAMTCP_FLAG_DETECTION_EVASION_ATTEMPT;
SCLogDebug("ssn %p: wrong ack nr on packet, possible evasion!!", SCLogDebug("ssn %p: wrong ack nr on packet, possible evasion!!",
ssn); ssn);
@ -2339,9 +2339,8 @@ static int HandleEstablishedPacketToServer(
* async and other stream is not updating it anymore :( */ * async and other stream is not updating it anymore :( */
StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_SEQ(p)); StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_SEQ(p));
} else if (SEQ_EQ(ssn->client.next_seq, TCP_GET_SEQ(p)) && } else if (SEQ_EQ(ssn->client.next_seq, TCP_GET_SEQ(p)) && stream_config.async_oneside &&
(stream_config.async_oneside == TRUE) && (ssn->flags & STREAMTCP_FLAG_MIDSTREAM)) {
(ssn->flags & STREAMTCP_FLAG_MIDSTREAM)) {
SCLogDebug("ssn %p: server => Asynchronous stream, packet SEQ." SCLogDebug("ssn %p: server => Asynchronous stream, packet SEQ."
" %" PRIu32 ", payload size %" PRIu32 " (%" PRIu32 "), " " %" PRIu32 ", payload size %" PRIu32 " (%" PRIu32 "), "
"ssn->client.last_ack %" PRIu32 ", ssn->client.next_win " "ssn->client.last_ack %" PRIu32 ", ssn->client.next_win "
@ -2357,8 +2356,7 @@ static int HandleEstablishedPacketToServer(
ssn->flags |= STREAMTCP_FLAG_ASYNC; ssn->flags |= STREAMTCP_FLAG_ASYNC;
} else if (SEQ_EQ(ssn->client.last_ack, (ssn->client.isn + 1)) && } else if (SEQ_EQ(ssn->client.last_ack, (ssn->client.isn + 1)) &&
(stream_config.async_oneside == TRUE) && stream_config.async_oneside && (ssn->flags & STREAMTCP_FLAG_MIDSTREAM)) {
(ssn->flags & STREAMTCP_FLAG_MIDSTREAM)) {
SCLogDebug("ssn %p: server => Asynchronous stream, packet SEQ" SCLogDebug("ssn %p: server => Asynchronous stream, packet SEQ"
" %" PRIu32 ", payload size %" PRIu32 " (%" PRIu32 "), " " %" PRIu32 ", payload size %" PRIu32 " (%" PRIu32 "), "
"ssn->client.last_ack %" PRIu32 ", ssn->client.next_win " "ssn->client.last_ack %" PRIu32 ", ssn->client.next_win "
@ -2377,8 +2375,7 @@ static int HandleEstablishedPacketToServer(
* In this case we do accept the data before last_ack if it is (partly) * In this case we do accept the data before last_ack if it is (partly)
* beyond next seq */ * beyond next seq */
} else if (SEQ_GT(ssn->client.last_ack, ssn->client.next_seq) && } else if (SEQ_GT(ssn->client.last_ack, ssn->client.next_seq) &&
SEQ_GT((TCP_GET_SEQ(p)+p->payload_len),ssn->client.next_seq)) SEQ_GT((TCP_GET_SEQ(p) + p->payload_len), ssn->client.next_seq)) {
{
SCLogDebug("ssn %p: PKT SEQ %"PRIu32" payload_len %"PRIu16 SCLogDebug("ssn %p: PKT SEQ %"PRIu32" payload_len %"PRIu16
" before last_ack %"PRIu32", after next_seq %"PRIu32":" " before last_ack %"PRIu32", after next_seq %"PRIu32":"
" acked data that we haven't seen before", " acked data that we haven't seen before",
@ -5230,7 +5227,7 @@ static int TcpSessionPacketIsStreamStarter(const Packet *p)
return 1; return 1;
} }
if (stream_config.midstream || stream_config.async_oneside == TRUE) { if (stream_config.midstream || stream_config.async_oneside) {
if (p->tcph->th_flags == (TH_SYN|TH_ACK)) { if (p->tcph->th_flags == (TH_SYN|TH_ACK)) {
SCLogDebug("packet %"PRIu64" is a midstream stream starter: %02x", p->pcap_cnt, p->tcph->th_flags); SCLogDebug("packet %"PRIu64" is a midstream stream starter: %02x", p->pcap_cnt, p->tcph->th_flags);
return 1; return 1;
@ -5345,7 +5342,7 @@ static int TcpSessionReuseDoneEnough(const Packet *p, const Flow *f, const TcpSe
return TcpSessionReuseDoneEnoughSyn(p, f, ssn); return TcpSessionReuseDoneEnoughSyn(p, f, ssn);
} }
if (stream_config.midstream || stream_config.async_oneside == TRUE) { if (stream_config.midstream || stream_config.async_oneside) {
if (p->tcph->th_flags == (TH_SYN|TH_ACK)) { if (p->tcph->th_flags == (TH_SYN|TH_ACK)) {
return TcpSessionReuseDoneEnoughSynAck(p, f, ssn); return TcpSessionReuseDoneEnoughSynAck(p, f, ssn);
} }

2
src/stream-tcp.h
Unescape Escape View File

@ -57,7 +57,7 @@ typedef struct TcpStreamCnf_ {
uint32_t prealloc_sessions; /**< ssns to prealloc per stream thread */ uint32_t prealloc_sessions; /**< ssns to prealloc per stream thread */
uint32_t prealloc_segments; /**< segments to prealloc per stream thread */ uint32_t prealloc_segments; /**< segments to prealloc per stream thread */
bool midstream; bool midstream;
int async_oneside; bool async_oneside;
uint32_t reassembly_depth; /**< Depth until when we reassemble the stream */ uint32_t reassembly_depth; /**< Depth until when we reassemble the stream */
uint16_t reassembly_toserver_chunk_size; uint16_t reassembly_toserver_chunk_size;

8
src/tests/stream-tcp.c
Unescape Escape View File

@ -664,7 +664,7 @@ static int StreamTcpTest10(void)
p->flow = &f; p->flow = &f;
StreamTcpUTInit(&stt.ra_ctx); StreamTcpUTInit(&stt.ra_ctx);
stream_config.async_oneside = TRUE; stream_config.async_oneside = true;
tcph.th_win = htons(5480); tcph.th_win = htons(5480);
tcph.th_seq = htonl(10); tcph.th_seq = htonl(10);
@ -742,7 +742,7 @@ static int StreamTcpTest11(void)
p->flow = &f; p->flow = &f;
StreamTcpUTInit(&stt.ra_ctx); StreamTcpUTInit(&stt.ra_ctx);
stream_config.async_oneside = TRUE; stream_config.async_oneside = true;
tcph.th_win = htons(5480); tcph.th_win = htons(5480);
tcph.th_seq = htonl(10); tcph.th_seq = htonl(10);
@ -856,7 +856,7 @@ static int StreamTcpTest12(void)
if (StreamTcpPacket(&tv, p, &stt, &pq) == -1) if (StreamTcpPacket(&tv, p, &stt, &pq) == -1)
goto end; goto end;
if (stream_config.async_oneside != TRUE) { if (!stream_config.async_oneside) {
ret = 1; ret = 1;
goto end; goto end;
} }
@ -950,7 +950,7 @@ static int StreamTcpTest13(void)
if (StreamTcpPacket(&tv, p, &stt, &pq) == -1) if (StreamTcpPacket(&tv, p, &stt, &pq) == -1)
goto end; goto end;
if (stream_config.async_oneside != TRUE) { if (!stream_config.async_oneside) {
ret = 1; ret = 1;
goto end; goto end;
} }

Write Preview
Loading…
Cancel
Save