aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updates & cleanups to stream & l7 stuff

Browse Source
remotes/origin/master-1.0.x
Victor Julien 16 years ago
parent 76581ef967
commit c957dc7775
4 changed files with 64 additions and 37 deletions
Show Stats Download Patch File Download Diff File

40
src/l7-app-detect.c
Unescape Escape View File

@ -1,3 +1,5 @@
/* Copyright (c) 2009 Victor Julien */
#include "eidps.h" #include "eidps.h"
#include "debug.h" #include "debug.h"
#include "decode.h" #include "decode.h"
@ -16,12 +18,9 @@
#define PROTO_FTP 2 #define PROTO_FTP 2
#define PROTO_SMTP 3 #define PROTO_SMTP 3
#define TYPE_PROTO 0 static u_int8_t l7_proto_id = 0;
#define TYPE_BUF 1
/* XXX type can be 1 bit, 7 bit for proto */
typedef struct _L7AppDetectDataProto { typedef struct _L7AppDetectDataProto {
u_int8_t type;
u_int8_t proto; u_int8_t proto;
} L7AppDetectDataProto; } L7AppDetectDataProto;
@ -33,15 +32,14 @@ void *L7AppDetectProtoAlloc(void *null) {
return NULL; return NULL;
} }
d->type = TYPE_PROTO;
d->proto = PROTO_UNKNOWN; d->proto = PROTO_UNKNOWN;
return d; return d;
} }
#define L7AppDetectProtoFree free #define L7AppDetectProtoFree free
void L7AppDetectThreadInit(void) { void L7AppDetectThreadInit(void) {
/* allocate 2 pools, 1 for proto objects, 1 for bufs. Normal stream will l7_proto_id = StreamL7RegisterModule();
* jump straigth to protos so we alloc a lot less bufs */
l7appdetect_proto_pool = PoolInit(262144, 32768, L7AppDetectProtoAlloc, NULL, L7AppDetectProtoFree); l7appdetect_proto_pool = PoolInit(262144, 32768, L7AppDetectProtoAlloc, NULL, L7AppDetectProtoFree);
if (l7appdetect_proto_pool == NULL) { if (l7appdetect_proto_pool == NULL) {
exit(1); exit(1);
@ -61,17 +59,17 @@ void *L7AppDetectThread(void *td)
{ {
ThreadVars *tv = (ThreadVars *)td; ThreadVars *tv = (ThreadVars *)td;
char run = TRUE; char run = TRUE;
u_int8_t l7_data_id = 0;
/* get the stream msg queue for this thread */ /* get the stream msg queue for this thread */
StreamMsgQueue *stream_q = StreamMsgQueueGetByPort(0); StreamMsgQueue *stream_q = StreamMsgQueueGetByPort(0);
StreamMsgQueueSetMinInitChunkLen(stream_q, INSPECT_BYTES); /* set the minimum size we expect */
StreamMsgQueueSetMinInitChunkLen(stream_q, FLOW_PKT_TOSERVER, INSPECT_BYTES);
StreamMsgQueueSetMinInitChunkLen(stream_q, FLOW_PKT_TOCLIENT, INSPECT_BYTES);
/* main loop */
while(run) { while(run) {
/* grab a msg, can return NULL on signals */ /* grab a msg, can return NULL on signals */
StreamMsg *smsg = StreamMsgGetFromQueue(stream_q); StreamMsg *smsg = StreamMsgGetFromQueue(stream_q);
//printf("L7AppDetectThread: smsg %p\n", smsg);
if (smsg != NULL) { if (smsg != NULL) {
/* keep the flow locked during operation. /* keep the flow locked during operation.
* XXX we may be better off adding a mutex * XXX we may be better off adding a mutex
@ -81,10 +79,11 @@ void *L7AppDetectThread(void *td)
TcpSession *ssn = smsg->flow->stream; TcpSession *ssn = smsg->flow->stream;
if (ssn != NULL) { if (ssn != NULL) {
if (ssn->l7data == NULL) { if (ssn->l7data == NULL) {
StreamL7DataPtrInit(ssn,1); /* XXX we can use a pool here, /* XXX we can use a pool here,
or make it part of the stream setup */ or make it part of the stream setup */
StreamL7DataPtrInit(ssn,StreamL7GetStorageSize());
} }
void *l7_data_ptr = ssn->l7data[l7_data_id]; void *l7_data_ptr = ssn->l7data[l7_proto_id];
if (smsg->flags & STREAM_START) { if (smsg->flags & STREAM_START) {
//printf("L7AppDetectThread: stream initializer (len %u (%u))\n", smsg->init.data_len, MSG_INIT_DATA_SIZE); //printf("L7AppDetectThread: stream initializer (len %u (%u))\n", smsg->init.data_len, MSG_INIT_DATA_SIZE);
@ -96,15 +95,19 @@ void *L7AppDetectThread(void *td)
if (l7_data_ptr == NULL) { if (l7_data_ptr == NULL) {
L7AppDetectDataProto *l7proto = (L7AppDetectDataProto *)PoolGet(l7appdetect_proto_pool); L7AppDetectDataProto *l7proto = (L7AppDetectDataProto *)PoolGet(l7appdetect_proto_pool);
if (l7proto != NULL) { if (l7proto != NULL) {
l7proto->type = TYPE_PROTO;
l7proto->proto = L7AppDetectGetProto(smsg->data.data, smsg->data.data_len); l7proto->proto = L7AppDetectGetProto(smsg->data.data, smsg->data.data_len);
ssn->l7data[l7_data_id] = (void *)l7proto; /* store */
ssn->l7data[l7_proto_id] = (void *)l7proto;
} }
} }
} else { } else {
//printf("L7AppDetectThread: stream data (len %u (%u))\n", smsg->data.data_len, MSG_DATA_SIZE); //printf("L7AppDetectThread: stream data (len %u (%u))\n", smsg->data.data_len, MSG_DATA_SIZE);
//printf("=> Stream Data -- start\n");
//PrintRawDataFp(stdout, smsg->data.data, smsg->data.data_len);
//printf("=> Stream Data -- end\n");
/* if we don't have a data object here we are not getting it /* if we don't have a data object here we are not getting it
* a start msg should have gotten us one */ * a start msg should have gotten us one */
if (l7_data_ptr != NULL) { if (l7_data_ptr != NULL) {
@ -113,13 +116,12 @@ void *L7AppDetectThread(void *td)
} else { } else {
printf("L7AppDetectThread: smsg not start, but no l7 data? Weird\n"); printf("L7AppDetectThread: smsg not start, but no l7 data? Weird\n");
} }
//printf("=> Stream Data -- start\n");
//PrintRawDataFp(stdout, smsg->data.data, smsg->data.data_len);
//printf("=> Stream Data -- end\n");
} }
mutex_unlock(&smsg->flow->m); mutex_unlock(&smsg->flow->m);
} }
/* return the used message to the queue */
StreamMsgReturnToPool(smsg); StreamMsgReturnToPool(smsg);
} }

31
src/stream-tcp-reassemble.c
Unescape Escape View File

@ -290,7 +290,7 @@ int StreamTcpReassembleHandleSegmentUpdateACK (TcpSession *ssn, TcpStream *strea
u_int16_t payload_len = 0; u_int16_t payload_len = 0;
TcpSegment *seg = stream->seg_list; TcpSegment *seg = stream->seg_list;
/* check if we have enough data to send to l7 */ /* check if we have enough data to send to L7 */
if (p->flowflags & FLOW_PKT_TOSERVER) { if (p->flowflags & FLOW_PKT_TOSERVER) {
if (stream->ra_base_seq == stream->isn) { if (stream->ra_base_seq == stream->isn) {
if (StreamMsgQueueGetMinInitChunkLen(STREAM_TOSERVER) > if (StreamMsgQueueGetMinInitChunkLen(STREAM_TOSERVER) >
@ -313,6 +313,7 @@ int StreamTcpReassembleHandleSegmentUpdateACK (TcpSession *ssn, TcpStream *strea
} }
} }
/* loop through the segments and fill one or more msgs */
for ( ; seg != NULL && SEQ_LT(seg->seq,stream->last_ack); ) { for ( ; seg != NULL && SEQ_LT(seg->seq,stream->last_ack); ) {
printf("StreamTcpReassembleHandleSegmentUpdateACK: seg %p\n", seg); printf("StreamTcpReassembleHandleSegmentUpdateACK: seg %p\n", seg);
@ -342,14 +343,14 @@ int StreamTcpReassembleHandleSegmentUpdateACK (TcpSession *ssn, TcpStream *strea
if (SEQ_LT(stream->last_ack,(seg->seq + seg->payload_len))) { if (SEQ_LT(stream->last_ack,(seg->seq + seg->payload_len))) {
payload_len = ((seg->seq + seg->payload_len) - stream->last_ack) - payload_offset; payload_len = ((seg->seq + seg->payload_len) - stream->last_ack) - payload_offset;
printf("StreamTcpReassembleHandleSegmentUpdateACK: starts " //printf("StreamTcpReassembleHandleSegmentUpdateACK: starts "
"before ra_base, ends beyond last_ack, payload_offset %u, " // "before ra_base, ends beyond last_ack, payload_offset %u, "
"payload_len %u\n", payload_offset, payload_len); // "payload_len %u\n", payload_offset, payload_len);
} else { } else {
payload_len = seg->payload_len - payload_offset; payload_len = seg->payload_len - payload_offset;
printf("StreamTcpReassembleHandleSegmentUpdateACK: starts " //printf("StreamTcpReassembleHandleSegmentUpdateACK: starts "
"before ra_base, ends normal, payload_offset %u, " // "before ra_base, ends normal, payload_offset %u, "
"payload_len %u\n", payload_offset, payload_len); // "payload_len %u\n", payload_offset, payload_len);
} }
/* handle segments after ra_base_seq */ /* handle segments after ra_base_seq */
} else { } else {
@ -357,14 +358,14 @@ int StreamTcpReassembleHandleSegmentUpdateACK (TcpSession *ssn, TcpStream *strea
if (SEQ_LT(stream->last_ack,(seg->seq + seg->payload_len))) { if (SEQ_LT(stream->last_ack,(seg->seq + seg->payload_len))) {
payload_len = stream->last_ack - seg->seq; payload_len = stream->last_ack - seg->seq;
printf("StreamTcpReassembleHandleSegmentUpdateACK: start " //printf("StreamTcpReassembleHandleSegmentUpdateACK: start "
"fine, ends beyond last_ack, payload_offset %u, " // "fine, ends beyond last_ack, payload_offset %u, "
"payload_len %u\n", payload_offset, payload_len); // "payload_len %u\n", payload_offset, payload_len);
} else { } else {
payload_len = seg->payload_len; payload_len = seg->payload_len;
printf("StreamTcpReassembleHandleSegmentUpdateACK: normal " //printf("StreamTcpReassembleHandleSegmentUpdateACK: normal "
"(smsg_offset %u), payload_offset %u, payload_len %u\n", // "(smsg_offset %u), payload_offset %u, payload_len %u\n",
smsg_offset, payload_offset, payload_len); // smsg_offset, payload_offset, payload_len);
} }
} }
@ -372,8 +373,8 @@ int StreamTcpReassembleHandleSegmentUpdateACK (TcpSession *ssn, TcpStream *strea
if (copy_size > payload_len) { if (copy_size > payload_len) {
copy_size = payload_len; copy_size = payload_len;
} }
printf("StreamTcpReassembleHandleSegmentUpdateACK: normal -- " printf("StreamTcpReassembleHandleSegmentUpdateACK: copy_size %u "
"copy_size %u (payload %u)\n", copy_size, payload_len); "(payload %u)\n", copy_size, payload_len);
memcpy(smsg->data.data + smsg_offset, seg->payload + payload_offset, copy_size); memcpy(smsg->data.data + smsg_offset, seg->payload + payload_offset, copy_size);

23
src/stream.c
Unescape Escape View File

@ -9,6 +9,7 @@
#include "util-pool.h" #include "util-pool.h"
static StreamMsgQueue stream_q; static StreamMsgQueue stream_q;
/* per queue setting */
static u_int16_t toserver_min_init_chunk_len = 0; static u_int16_t toserver_min_init_chunk_len = 0;
static u_int16_t toserver_min_chunk_len = 0; static u_int16_t toserver_min_chunk_len = 0;
static u_int16_t toclient_min_init_chunk_len = 0; static u_int16_t toclient_min_init_chunk_len = 0;
@ -144,8 +145,12 @@ void StreamMsgSignalQueueHack(void) {
pthread_cond_signal(&stream_q.cond_q); pthread_cond_signal(&stream_q.cond_q);
} }
void StreamMsgQueueSetMinInitChunkLen(u_int8_t dir, u_int16_t len) { void StreamMsgQueueSetMinInitChunkLen(StreamMsgQueue *q, u_int8_t dir, u_int16_t len) {
if (dir == FLOW_PKT_TOSERVER) {
toserver_min_init_chunk_len = len;
} else {
toclient_min_init_chunk_len = len;
}
} }
u_int16_t StreamMsgQueueGetMinInitChunkLen(u_int8_t dir) { u_int16_t StreamMsgQueueGetMinInitChunkLen(u_int8_t dir) {
@ -154,7 +159,6 @@ u_int16_t StreamMsgQueueGetMinInitChunkLen(u_int8_t dir) {
} else { } else {
return toclient_min_init_chunk_len; return toclient_min_init_chunk_len;
} }
} }
u_int16_t StreamMsgQueueGetMinChunkLen(u_int8_t dir) { u_int16_t StreamMsgQueueGetMinChunkLen(u_int8_t dir) {
@ -165,3 +169,16 @@ u_int16_t StreamMsgQueueGetMinChunkLen(u_int8_t dir) {
} }
} }
/* StreamL7RegisterModule
*/
static u_int8_t l7_module_id = 0;
u_int8_t StreamL7RegisterModule(void) {
u_int8_t id = l7_module_id;
l7_module_id++;
return id;
}
u_int8_t StreamL7GetStorageSize(void) {
return l7_module_id;
}

7
src/stream.h
Unescape Escape View File

@ -57,5 +57,12 @@ void StreamMsgPutInQueue(StreamMsg *);
StreamMsgQueue *StreamMsgQueueGetByPort(u_int16_t); StreamMsgQueue *StreamMsgQueueGetByPort(u_int16_t);
void StreamMsgQueueSetMinInitChunkLen(StreamMsgQueue *q, u_int8_t, u_int16_t);
u_int16_t StreamMsgQueueGetMinInitChunkLen(u_int8_t);
u_int16_t StreamMsgQueueGetMinChunkLen(u_int8_t);
u_int8_t StreamL7RegisterModule(void);
u_int8_t StreamL7GetStorageSize(void);
#endif /* __STREAM_H__ */ #endif /* __STREAM_H__ */

Write Preview
Loading…
Cancel
Save