Make sure a stream that has a failing app layer inspection module no longer stops reassembly, but only app layer inspection. This way we can continue to inspect the reassembled stream.

remotes/origin/master-1.0.x
Victor Julien 15 years ago
parent 81f2499834
commit 9f95ab7441

@ -794,8 +794,7 @@ int AppLayerParse(Flow *f, uint8_t proto, uint8_t flags, uint8_t *input,
SCLogDebug("No App Layer Data");
/* Nothing is there to clean up, so just return from here after setting
* up the no reassembly flags */
StreamTcpSetSessionNoReassemblyFlag(ssn, flags & STREAM_TOCLIENT ? 1 : 0);
StreamTcpSetSessionNoReassemblyFlag(ssn, flags & STREAM_TOSERVER ? 1 : 0);
StreamTcpSetSessionNoApplayerInspectionFlag(ssn);
SCReturnInt(-1);
}
@ -870,10 +869,9 @@ int AppLayerParse(Flow *f, uint8_t proto, uint8_t flags, uint8_t *input,
/* Set the no reassembly flag for both the stream in this TcpSession */
if (parser_state->flags & APP_LAYER_PARSER_NO_REASSEMBLY) {
StreamTcpSetSessionNoReassemblyFlag(ssn,
flags & STREAM_TOCLIENT ? 1 : 0);
StreamTcpSetSessionNoReassemblyFlag(ssn,
flags & STREAM_TOSERVER ? 1 : 0);
StreamTcpSetSessionNoReassemblyFlag(ssn, flags & STREAM_TOCLIENT ? 1 : 0);
StreamTcpSetSessionNoReassemblyFlag(ssn, flags & STREAM_TOSERVER ? 1 : 0);
StreamTcpSetSessionNoApplayerInspectionFlag(ssn);
}
}
@ -893,8 +891,7 @@ int AppLayerParse(Flow *f, uint8_t proto, uint8_t flags, uint8_t *input,
error:
if (ssn != NULL) {
/* Set the no reassembly flag for both the stream in this TcpSession */
StreamTcpSetSessionNoReassemblyFlag(ssn, flags & STREAM_TOCLIENT ? 1 : 0);
StreamTcpSetSessionNoReassemblyFlag(ssn, flags & STREAM_TOSERVER ? 1 : 0);
StreamTcpSetSessionNoApplayerInspectionFlag(ssn);
if (f->src.family == AF_INET) {
char src[16];
@ -1302,7 +1299,7 @@ static void TestProtocolStateFree(void *s)
*/
static int AppLayerParserTest01 (void)
{
int result = 1;
int result = 0;
Flow f;
uint8_t testbuf[] = { 0x11 };
uint32_t testlen = sizeof(testbuf);
@ -1344,19 +1341,17 @@ static int AppLayerParserTest01 (void)
int r = AppLayerParse(&f, ALPROTO_TEST, STREAM_TOSERVER|STREAM_EOF, testbuf,
testlen);
if (r != -1) {
printf("returned %" PRId32 ", expected -1: \n", r);
result = 0;
printf("returned %" PRId32 ", expected -1: ", r);
goto end;
}
if (!(ssn.flags & STREAMTCP_FLAG_NOSERVER_REASSEMBLY) ||
!(ssn.flags & STREAMTCP_FLAG_NOCLIENT_REASSEMBLY))
if (!(ssn.flags & STREAMTCP_FLAG_NO_APPLAYER_INSPECTION))
{
printf("flags should be set, but they are not !\n");
result = 0;
printf("flag should have been set, but is not: ");
goto end;
}
result = 1;
end:
StreamL7DataPtrFree(&ssn);
StreamTcpFreeConfig(TRUE);

@ -124,6 +124,7 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg)
if (ssn != NULL) {
alproto = ssn->alproto;
if (!(ssn->flags & STREAMTCP_FLAG_NO_APPLAYER_INSPECTION)) {
/* if we don't know the proto yet and we have received a stream
* initializer message, we run proto detection.
* We receive 2 stream init msgs (one for each direction) but we
@ -179,6 +180,7 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg)
SCLogDebug(" smsg not start, but no l7 data? Weird");
}
}
}
/* put the smsg in the stream list */
if (ssn->smsg_head == NULL) {

@ -125,6 +125,12 @@ enum
reassembly / app layer
inspection for the
client stream.*/
#define STREAMTCP_FLAG_NO_APPLAYER_INSPECTION 0x2000 /**< don't send any more
data to the app layer
parser, but still
reassemble for raw
reassembled data
inspection */
#define SEGMENTTCP_FLAG_PROCESSED 0x01 /**< Flag to indicate
that the current

@ -69,7 +69,9 @@ void StreamTcpCreateTestPacket(uint8_t *, uint8_t, uint8_t, uint8_t);
void StreamL7DataPtrInit(TcpSession *);
void StreamL7DataPtrFree(TcpSession *);
void StreamTcpSetSessionNoApplayerInspectionFlag(TcpSession *);
void StreamTcpSetSessionNoReassemblyFlag (TcpSession *, char );
void StreamTcpSetOSPolicy(TcpStream *, Packet *);
void StreamTcpReassemblePause (TcpSession *, char );
void StreamTcpReassembleUnPause (TcpSession *, char );

@ -2926,13 +2926,21 @@ static int ValidTimestamp (TcpSession *ssn, Packet *p)
* \param ssn TCP Session to set the flag in
* \param direction direction to set the flag in: 0 toserver, 1 toclient
*/
void StreamTcpSetSessionNoReassemblyFlag (TcpSession *ssn, char direction)
{
direction ? (ssn->flags |= STREAMTCP_FLAG_NOSERVER_REASSEMBLY) :
(ssn->flags |= STREAMTCP_FLAG_NOCLIENT_REASSEMBLY);
}
/** \brief Set the No applayer inspection flag for the TCP session.
*
* \param ssn TCP Session to set the flag in
*/
void StreamTcpSetSessionNoApplayerInspectionFlag (TcpSession *ssn)
{
ssn->flags |= STREAMTCP_FLAG_NO_APPLAYER_INSPECTION;
}
#ifdef UNITTESTS
/**

Loading…
Cancel
Save