70 static SCMutex segment_pool_memuse_mutex;
71 static uint64_t segment_pool_memuse = 0;
72 static uint64_t segment_pool_memcnt = 0;
116 BUG_ON(presize > UINT_MAX);
125 BUG_ON(postsize > presize);
149 if (memcapcopy == 0 ||
150 (uint64_t)((uint64_t)size +
SC_ATOMIC_GET(ra_memuse)) <= memcapcopy)
162 if (size == 0 || (uint64_t)
SC_ATOMIC_GET(ra_memuse) < size) {
186 static void *ReassembleMalloc(
size_t size)
200 static void *ReassembleCalloc(
size_t n,
size_t size)
214 static void *ReassembleRealloc(
void *optr,
size_t orig_size,
size_t size)
216 if (size > orig_size) {
224 if (size > orig_size) {
235 static void ReassembleFree(
void *ptr,
size_t size)
242 static void *TcpSegmentPoolAlloc(
void)
256 static int TcpSegmentPoolInit(
void *data,
void *initdata)
271 segment_pool_memcnt++;
272 SCLogDebug(
"segment_pool_memcnt %"PRIu64
"", segment_pool_memcnt);
281 static void TcpSegmentPoolCleanup(
void *ptr)
291 segment_pool_memcnt--;
292 SCLogDebug(
"segment_pool_memcnt %"PRIu64
"", segment_pool_memcnt);
330 if (seg->
sbseg.stream_offset + seg->
sbseg.segment_len <= offset)
358 static int StreamTcpReassemblyConfig(
char quiet)
360 uint32_t segment_prealloc = 2048;
363 uint32_t prealloc = 0;
367 "%s is invalid", seg->
val);
370 segment_prealloc = prealloc;
373 SCLogConfig(
"stream.reassembly \"segment-prealloc\": %u", segment_prealloc);
376 int overlap_diff_data = 0;
377 ConfGetBool(
"stream.reassembly.check-overlap-different-data", &overlap_diff_data);
378 if (overlap_diff_data) {
400 if (StreamTcpReassemblyConfig(quiet) < 0)
414 if (segment_thread_pool != NULL) {
416 segment_thread_pool = NULL;
422 SCLogInfo(
"segment_pool_memuse %"PRIu64
"", segment_pool_memuse);
423 SCLogInfo(
"segment_pool_memcnt %"PRIu64
"", segment_pool_memcnt);
440 if (segment_thread_pool == NULL) {
446 TcpSegmentPoolInit, NULL,
447 TcpSegmentPoolCleanup, NULL);
449 SCLogDebug(
"pool size %d, thread segment_thread_pool_id %d",
459 TcpSegmentPoolInit, NULL,
460 TcpSegmentPoolCleanup, NULL);
461 SCLogDebug(
"pool size %d, thread segment_thread_pool_id %d",
520 uint32_t
seq, uint32_t size)
538 SCLogDebug(
"segment entirely before base_seq, weird: base %u, seq %u, re %u",
552 SCLogDebug(
"seq + size %u, base %u, seg_depth %"PRIu64
" limit %u", (
seq + size),
557 SCLogDebug(
"STREAMTCP_STREAM_FLAG_DEPTH_REACHED");
561 SCLogDebug(
"NOT STREAMTCP_STREAM_FLAG_DEPTH_REACHED");
564 SCLogDebug(
"full depth not yet reached: %"PRIu64
" <= %"PRIu32,
565 (stream->base_seq_offset + stream->
base_seq + size),
618 SCLogDebug(
"ssn %p: both app and raw reassembly disabled, not reassembling", ssn);
625 SCLogDebug(
"ssn %p: check depth returned %"PRIu32, ssn, size);
632 SCLogDebug(
"ssn %p: depth reached, not reassembling", ssn);
659 SCLogDebug(
"StreamTcpReassembleInsertSegment failed");
712 static int StreamTcpReassembleRawCheckLimit(
const TcpSession *ssn,
718 #define STREAMTCP_STREAM_FLAG_FLUSH_FLAGS \ 719 ( STREAMTCP_STREAM_FLAG_DEPTH_REACHED \ 720 | STREAMTCP_STREAM_FLAG_TRIGGER_RAW \ 721 | STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED) 725 SCLogDebug(
"reassembling now as STREAMTCP_STREAM_FLAG_DEPTH_REACHED " 726 "is set, so not expecting any new data segments");
729 SCLogDebug(
"reassembling now as STREAMTCP_STREAM_FLAG_TRIGGER_RAW is set");
732 SCLogDebug(
"reassembling now as STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED is set, " 733 "so no new segments will be considered");
737 #undef STREAMTCP_STREAM_FLAG_FLUSH_FLAGS 748 if (STREAM_LASTACK_GT_BASESEQ(stream)) {
757 SCLogDebug(
"toserver min chunk len not yet reached: " 758 "last_ack %"PRIu32
", ra_raw_base_seq %"PRIu32
", %"PRIu32
" < " 766 if (STREAM_LASTACK_GT_BASESEQ(stream)) {
776 SCLogDebug(
"toclient min chunk len not yet reached: " 777 "last_ack %"PRIu32
", base_seq %"PRIu32
", %"PRIu32
" < " 796 const char *dirstr = NULL;
827 SCLogDebug(
"%s: app %"PRIu64
" (use: %s), raw %"PRIu64
" (use: %s). Stream right edge: %"PRIu64,
834 SCLogDebug(
"%s: STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION", dirstr);
840 SCLogDebug(
"%s: STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION", dirstr);
845 SCLogDebug(
"%s: STREAM_HAS_UNPROCESSED_SEGMENTS_NONE", dirstr);
850 static uint64_t GetStreamSize(
TcpStream *stream)
862 SCLogDebug(
"size %"PRIu64
", cnt %"PRIu32, size, cnt);
872 size = GetStreamSize(&ssn->
client);
873 size += GetStreamSize(&ssn->
server);
888 static void GetAppBuffer(
TcpStream *stream,
const uint8_t **data, uint32_t *data_len, uint64_t
offset)
890 const uint8_t *mydata;
899 *data_len = mydata_len;
903 if (blk->
offset > offset) {
904 SCLogDebug(
"gap, want data at offset %"PRIu64
", " 905 "got data at %"PRIu64
". GAP of size %"PRIu64,
910 }
else if (offset >= (blk->
offset + blk->
len)) {
914 *data_len = nblk ? nblk->
offset - offset : 0;
916 SCLogDebug(
"gap, want data at offset %"PRIu64
", " 917 "got data at %"PRIu64
". GAP of size %"PRIu64,
921 }
else if (offset > blk->
offset && offset < (blk->
offset + blk->
len)) {
922 SCLogDebug(
"get data from offset %"PRIu64
". SBB %"PRIu64
"/%u",
925 SCLogDebug(
"data %p, data_len %u", *data, *data_len);
942 if (STREAM_LASTACK_GT_BASESEQ(stream)) {
947 last_ack_abs += delta;
950 last_ack_abs -= ackadded;
957 if (last_ack_abs > app_progress) {
964 "next_seq %u < last_ack %u, but no data in list",
970 if (blk->
offset > next_seq_abs && blk->
offset < last_ack_abs) {
973 "next_seq %u < last_ack %u, but ACK'd data beyond gap.",
981 "last_ack_abs %"PRIu64
" > app_progress %"PRIu64
", " 982 "but we have no data.",
983 p->
pcap_cnt, last_ack_abs, app_progress);
988 "last_ack_abs %"PRIu64
" <= app_progress %"PRIu64,
989 p->
pcap_cnt, last_ack_abs, app_progress);
997 static int ReassembleUpdateAppLayer (
ThreadVars *tv,
1004 SCLogDebug(
"app progress %"PRIu64, app_progress);
1007 const uint8_t *mydata;
1008 uint32_t mydata_len;
1011 GetAppBuffer(stream, &mydata, &mydata_len, app_progress);
1012 if (mydata == NULL && mydata_len > 0 && CheckGap(ssn, stream, p)) {
1013 SCLogDebug(
"sending GAP to app-layer (size: %u)", mydata_len);
1017 StreamGetAppLayerFlags(ssn, stream, p, dir)|
STREAM_GAP);
1018 AppLayerProfilingStore(ra_ctx->
app_tctx, p);
1024 app_progress += mydata_len;
1029 }
else if (mydata == NULL || mydata_len == 0) {
1039 SCLogDebug(
"stream %p data in buffer %p of len %u and offset %"PRIu64,
1040 stream, &stream->
sb, mydata_len, app_progress);
1047 uint64_t last_ack_abs = app_progress;
1048 if (STREAM_LASTACK_GT_BASESEQ(stream)) {
1053 last_ack_abs += delta;
1057 if (app_progress + mydata_len > last_ack_abs) {
1058 uint32_t check = mydata_len;
1059 mydata_len = last_ack_abs - app_progress;
1060 BUG_ON(mydata_len > check);
1061 SCLogDebug(
"data len adjusted to %u to make sure only ACK'd " 1062 "data is considered", mydata_len);
1069 (uint8_t *)mydata, mydata_len,
1070 StreamGetAppLayerFlags(ssn, stream, p, dir));
1071 AppLayerProfilingStore(ra_ctx->
app_tctx, p);
1074 if (r == 0 && mydata_len > 0 &&
1077 SCLogDebug(
"app progress %"PRIu64
" increasing with data len %u to %"PRIu64,
1078 app_progress, mydata_len, app_progress + mydata_len);
1083 SCLogDebug(
"NOT UPDATED app progress still %"PRIu64, app_progress);
1111 SCLogDebug(
"stream no reassembly flag set or app-layer disabled.");
1117 GetSessionSize(ssn, p);
1130 StreamGetAppLayerFlags(ssn, stream, p, dir));
1131 AppLayerProfilingStore(ra_ctx->
app_tctx, p);
1138 return ReassembleUpdateAppLayer(tv, ra_ctx, ssn, stream, p, dir);
1144 static int GetRawBuffer(
TcpStream *stream,
const uint8_t **data, uint32_t *data_len,
1147 const uint8_t *mydata;
1148 uint32_t mydata_len;
1152 uint64_t roffset =
offset;
1160 *data_len = mydata_len;
1161 *data_offset = roffset;
1163 SCLogDebug(
"multiblob %s. Want offset %"PRIu64,
1164 *iter == NULL ?
"starting" :
"continuing",
offset);
1165 if (*iter == NULL) {
1170 if (*iter == NULL) {
1177 SCLogDebug(
"getting multiple blobs. Iter %p, %"PRIu64
"/%u", *iter, (*iter)->
offset, (*iter)->len);
1182 if ((*iter)->offset <
offset) {
1183 uint64_t delta =
offset - (*iter)->offset;
1184 if (delta < mydata_len) {
1185 *data = mydata + delta;
1186 *data_len = mydata_len - delta;
1197 *data_len = mydata_len;
1198 *data_offset = (*iter)->offset;
1201 *iter = SBB_RB_NEXT(*iter);
1235 if (StreamTcpReassembleRawCheckLimit(ssn, stream, p) == 1) {
1273 }
else if (progress == 0 &&
1287 uint64_t tcp_window = stream->
window;
1297 }
else if (progress == 0) {
1298 uint64_t tcp_window = stream->
window;
1300 if (tcp_window < stream_right_edge) {
1301 uint64_t new_raw = stream_right_edge - tcp_window;
1310 SCLogDebug(
"p->pcap_cnt %"PRIu64
": progress %"PRIu64
" app %"PRIu64
" raw %"PRIu64
" tcp win %"PRIu32,
1319 SCLogDebug(
"ssn %p: STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED set, " 1320 "now that detect ran also set STREAMTCP_STREAM_FLAG_DISABLE_RAW", ssn);
1366 SCLogDebug(
"packet payload len %u, so chunk_size adjusted to %u",
1368 }
else if (((chunk_size / 3 ) * 2) < p->
payload_len) {
1370 SCLogDebug(
"packet payload len %u, so chunk_size adjusted to %u",
1375 uint64_t packet_rightedge_abs = packet_leftedge_abs + p->
payload_len;
1376 SCLogDebug(
"packet_leftedge_abs %"PRIu64
", rightedge %"PRIu64,
1377 packet_leftedge_abs, packet_rightedge_abs);
1379 const uint8_t *mydata = NULL;
1380 uint32_t mydata_len = 0;
1381 uint64_t mydata_offset = 0;
1383 bool return_progress =
false;
1388 return_progress =
true;
1391 SCLogDebug(
"finding our SBB from offset %"PRIu64, packet_leftedge_abs);
1398 mydata_offset = sbb->
offset;
1403 if (mydata == NULL || mydata_len == 0) {
1404 SCLogDebug(
"no data: %p/%u", mydata, mydata_len);
1408 if (mydata_offset >= packet_rightedge_abs ||
1409 (packet_leftedge_abs >= (mydata_offset + mydata_len))) {
1410 SCLogDebug(
"no data overlap: %p/%u", mydata, mydata_len);
1417 uint64_t mydata_rightedge_abs = mydata_offset + mydata_len;
1418 SCLogDebug(
"chunk_size %u mydata_len %u", chunk_size, mydata_len);
1419 if (mydata_len > chunk_size) {
1420 uint32_t excess = mydata_len - chunk_size;
1421 SCLogDebug(
"chunk_size %u mydata_len %u excess %u", chunk_size, mydata_len, excess);
1423 if (mydata_rightedge_abs == packet_rightedge_abs) {
1425 mydata_len -= excess;
1426 mydata_offset += excess;
1427 SCLogDebug(
"cutting front of the buffer with %u", excess);
1428 }
else if (mydata_offset == packet_leftedge_abs) {
1429 mydata_len -= excess;
1430 SCLogDebug(
"cutting tail of the buffer with %u", excess);
1432 uint32_t before = (uint32_t)(packet_leftedge_abs - mydata_offset);
1433 uint32_t after = (uint32_t)(mydata_rightedge_abs - packet_rightedge_abs);
1434 SCLogDebug(
"before %u after %u", before, after);
1439 if (before >= (chunk_size - p->
payload_len) / 2) {
1441 before = after = (chunk_size - p->
payload_len) / 2;
1450 if (before >= (chunk_size - p->
payload_len) / 2) {
1458 uint32_t skip = (uint32_t)(packet_leftedge_abs - mydata_offset) - before;
1459 uint32_t cut = (uint32_t)(mydata_rightedge_abs - packet_rightedge_abs) - after;
1464 mydata_len -= (skip + cut);
1465 mydata_offset += skip;
1470 r = Callback(cb_data, mydata, mydata_len);
1473 if (return_progress) {
1474 *progress_out = (mydata_offset + mydata_len);
1482 if (STREAM_LASTACK_GT_BASESEQ(stream)) {
1486 last_ack_abs += delta;
1488 SCLogDebug(
"last_ack_abs %"PRIu64, last_ack_abs);
1491 if (mydata_offset > last_ack_abs) {
1493 *progress_out = last_ack_abs;
1495 *progress_out = (mydata_offset + mydata_len);
1537 const uint64_t progress_in,
1538 uint64_t *progress_out,
bool eof,
1539 bool respect_inspect_depth)
1545 uint64_t progress = progress_in;
1552 if (respect_inspect_depth &&
1562 SCLogDebug(
"applied min inspect depth due to STREAMTCP_STREAM_FLAG_TRIGGER_RAW: progress %"PRIu64, progress);
1570 if (STREAM_LASTACK_GT_BASESEQ(stream)) {
1575 last_ack_abs += delta;
1576 SCLogDebug(
"last_ack_abs %"PRIu64, last_ack_abs);
1582 const uint8_t *mydata;
1583 uint32_t mydata_len;
1584 uint64_t mydata_offset = 0;
1586 GetRawBuffer(stream, &mydata, &mydata_len, &iter, progress, &mydata_offset);
1587 if (mydata_len == 0) {
1593 SCLogDebug(
"raw progress %"PRIu64, progress);
1594 SCLogDebug(
"stream %p data in buffer %p of len %u and offset %"PRIu64,
1595 stream, &stream->
sb, mydata_len, progress);
1600 if (last_ack_abs < progress) {
1605 SCLogDebug(
"last_ack_abs %"PRIu64
", raw_progress %"PRIu64, last_ack_abs, progress);
1606 SCLogDebug(
"raw_progress + mydata_len %"PRIu64
", last_ack_abs %"PRIu64, progress + mydata_len, last_ack_abs);
1609 if (progress + mydata_len > last_ack_abs) {
1610 uint32_t check = mydata_len;
1611 mydata_len = last_ack_abs - progress;
1612 BUG_ON(check < mydata_len);
1613 SCLogDebug(
"data len adjusted to %u to make sure only ACK'd " 1614 "data is considered", mydata_len);
1618 if (mydata_len == 0)
1621 SCLogDebug(
"data %p len %u", mydata, mydata_len);
1624 r = Callback(cb_data, mydata, mydata_len);
1627 if (mydata_offset == progress) {
1628 SCLogDebug(
"progress %"PRIu64
" increasing with data len %u to %"PRIu64,
1629 progress, mydata_len, progress_in + mydata_len);
1631 progress += mydata_len;
1632 SCLogDebug(
"raw progress now %"PRIu64, progress);
1635 }
else if (mydata_offset > progress && mydata_offset < last_ack_abs) {
1636 SCLogDebug(
"GAP: data is missing from %"PRIu64
" (%u bytes), setting to first data we have: %"PRIu64, progress, (uint32_t)(mydata_offset - progress), mydata_offset);
1637 SCLogDebug(
"last_ack_abs %"PRIu64, last_ack_abs);
1638 progress = mydata_offset;
1639 SCLogDebug(
"raw progress now %"PRIu64, progress);
1642 SCLogDebug(
"not increasing progress, data gap => mydata_offset " 1643 "%"PRIu64
" != progress %"PRIu64, mydata_offset, progress);
1646 if (iter == NULL || r == 1)
1650 *progress_out = progress;
1656 uint64_t *progress_out,
bool respect_inspect_depth)
1660 return StreamReassembleRawInline(ssn, p, Callback, cb_data, progress_out);
1671 StreamTcpReassembleRawCheckLimit(ssn, stream, p) == 0)
1677 return StreamReassembleRawDo(ssn, stream, Callback, cb_data,
1684 uint64_t progress_in,
1685 uint64_t *progress_out,
bool eof)
1690 return StreamReassembleRawDo(ssn, stream, Callback, cb_data,
1691 progress_in, progress_out, eof,
false);
1699 static int StreamTcpReassembleHandleSegmentUpdateACK (
ThreadVars *tv,
1718 SCLogDebug(
"ssn %p, stream %p, p %p, p->payload_len %"PRIu16
"",
1724 if (stream == &ssn->
client) {
1725 opposing_stream = &ssn->
server;
1727 opposing_stream = &ssn->
client;
1747 StreamTcpReassembleHandleSegmentUpdateACK(tv, ra_ctx, ssn, opposing_stream, p) != 0)
1749 SCLogDebug(
"StreamTcpReassembleHandleSegmentUpdateACK error");
1755 SCLogDebug(
"calling StreamTcpReassembleHandleSegmentHandleData");
1758 SCLogDebug(
"StreamTcpReassembleHandleSegmentHandleData error");
1765 SCLogDebug(
"ssn %p / stream %p: not calling StreamTcpReassembleHandleSegmentHandleData:" 1766 " p->payload_len %u, STREAMTCP_STREAM_FLAG_NOREASSEMBLY %s",
1777 if ((stream->
flags &
1781 SCLogDebug(
"STREAMTCP_STREAM_FLAG_DEPTH_REACHED, truncate applayer");
1783 SCLogDebug(
"override: direction now UPDATE_DIR_PACKET so we " 1784 "can trigger Truncate");
1792 SCLogDebug(
"inline (%s) or PKT_PSEUDO_STREAM_END (%s)",
1848 SCLogDebug(
"flagged ssn %p for immediate raw reassembly", ssn);
1861 SCLogDebug(
"ssn %p: set client.min_inspect_depth to %u", ssn, depth);
1864 SCLogDebug(
"ssn %p: set server.min_inspect_depth to %u", ssn, depth);
1872 #define SET_ISN(stream, setseq) \ 1873 (stream)->isn = (setseq); \ 1874 (stream)->base_seq = (setseq) + 1 1892 for (; i <
len; i++)
1913 static int VALIDATE(
TcpStream *stream, uint8_t *data, uint32_t data_len)
1916 data, data_len) == 0)
1925 #define MISSED_START(isn) \ 1926 TcpReassemblyThreadCtx *ra_ctx = NULL; \ 1929 memset(&tv, 0, sizeof(tv)); \ 1931 StreamTcpUTInit(&ra_ctx); \ 1933 StreamTcpUTSetupSession(&ssn); \ 1934 StreamTcpUTSetupStream(&ssn.server, (isn)); \ 1935 StreamTcpUTSetupStream(&ssn.client, (isn)); \ 1937 TcpStream *stream = &ssn.client; 1939 #define MISSED_END \ 1940 StreamTcpUTClearSession(&ssn); \ 1941 StreamTcpUTDeinit(ra_ctx); \ 1944 #define MISSED_STEP(seq, seg, seglen, buf, buflen) \ 1945 StreamTcpUTAddPayload(&tv, ra_ctx, &ssn, stream, (seq), (uint8_t *)(seg), (seglen)); \ 1946 FAIL_IF(!(VALIDATE(stream, (uint8_t *)(buf), (buflen)))); 1955 static int StreamTcpReassembleTest25 (
void)
1971 static int StreamTcpReassembleTest26 (
void)
1987 static int StreamTcpReassembleTest27 (
void)
2004 static int StreamTcpReassembleTest28 (
void)
2022 static int StreamTcpReassembleTest29 (
void)
2031 static int StreamTcpReassembleTest33(
void)
2040 uint8_t packet[1460] =
"";
2047 memset(&f, 0,
sizeof (
Flow));
2048 memset(&tcph, 0,
sizeof (TCPHdr));
2053 f.
proto = IPPROTO_TCP;
2056 p->
proto = IPPROTO_TCP;
2064 p->
tcph->th_seq = htonl(10);
2065 p->
tcph->th_ack = htonl(31);
2070 p->
tcph->th_seq = htonl(20);
2071 p->
tcph->th_ack = htonl(31);
2076 p->
tcph->th_seq = htonl(40);
2077 p->
tcph->th_ack = htonl(31);
2082 p->
tcph->th_seq = htonl(5);
2083 p->
tcph->th_ack = htonl(31);
2094 static int StreamTcpReassembleTest34(
void)
2103 uint8_t packet[1460] =
"";
2109 memset(&f, 0,
sizeof (
Flow));
2110 memset(&tcph, 0,
sizeof (TCPHdr));
2115 f.
proto = IPPROTO_TCP;
2118 p->
proto = IPPROTO_TCP;
2127 p->
tcph->th_seq = htonl(857961230);
2128 p->
tcph->th_ack = htonl(31);
2133 p->
tcph->th_seq = htonl(857961534);
2134 p->
tcph->th_ack = htonl(31);
2139 p->
tcph->th_seq = htonl(857963582);
2140 p->
tcph->th_ack = htonl(31);
2145 p->
tcph->th_seq = htonl(857960946);
2146 p->
tcph->th_ack = htonl(31);
2158 static int StreamTcpReassembleTest37(
void)
2164 uint8_t packet[1460] =
"";
2174 memset(&f, 0,
sizeof (
Flow));
2175 memset(&tcph, 0,
sizeof (TCPHdr));
2180 f.
proto = IPPROTO_TCP;
2183 p->
proto = IPPROTO_TCP;
2192 p->
tcph->th_seq = htonl(3061088537UL);
2193 p->
tcph->th_ack = htonl(1729548549UL);
2201 p->
tcph->th_seq = htonl(3061089928UL);
2202 p->
tcph->th_ack = htonl(1729548549UL);
2208 p->
tcph->th_seq = htonl(3061091319UL);
2209 p->
tcph->th_ack = htonl(1729548549UL);
2229 static int StreamTcpReassembleTest39 (
void)
2239 memset (&f, 0,
sizeof(
Flow));
2241 memset(&stt, 0,
sizeof (stt));
2242 memset(&tcph, 0,
sizeof (TCPHdr));
2246 f.
proto = IPPROTO_TCP;
2253 tcph.th_win = htons(5480);
2278 p->
tcph->th_ack = htonl(1);
2299 p->
tcph->th_ack = htonl(1);
2300 p->
tcph->th_seq = htonl(1);
2321 uint8_t request1[] = { 0x47, 0x45, };
2322 p->
tcph->th_ack = htonl(1);
2323 p->
tcph->th_seq = htonl(1);
2345 p->
tcph->th_ack = htonl(3);
2346 p->
tcph->th_seq = htonl(1);
2368 uint8_t request2[] = {
2369 0x54, 0x20, 0x2f, 0x69, 0x6e, 0x64,
2370 0x65, 0x78, 0x2e, 0x68, 0x74, 0x6d, 0x6c, 0x20,
2371 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30,
2372 0x0d, 0x0a, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x20,
2373 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73,
2374 0x74, 0x0d, 0x0a, 0x55, 0x73, 0x65, 0x72, 0x2d,
2375 0x41, 0x67, 0x65, 0x6e, 0x74, 0x3a, 0x20, 0x41,
2376 0x70, 0x61, 0x63, 0x68, 0x65, 0x42, 0x65, 0x6e,
2377 0x63, 0x68, 0x2f, 0x32, 0x2e, 0x33, 0x0d, 0x0a,
2378 0x41, 0x63, 0x63, 0x65, 0x70, 0x74, 0x3a, 0x20,
2379 0x2a, 0x2f, 0x2a, 0x0d, 0x0a, 0x0d, 0x0a };
2380 p->
tcph->th_ack = htonl(1);
2381 p->
tcph->th_seq = htonl(3);
2404 uint8_t response[] = {
2405 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x31,
2406 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
2407 0x0a, 0x44, 0x61, 0x74, 0x65, 0x3a, 0x20, 0x46,
2408 0x72, 0x69, 0x2c, 0x20, 0x32, 0x33, 0x20, 0x53,
2409 0x65, 0x70, 0x20, 0x32, 0x30, 0x31, 0x31, 0x20,
2410 0x30, 0x36, 0x3a, 0x32, 0x39, 0x3a, 0x33, 0x39,
2411 0x20, 0x47, 0x4d, 0x54, 0x0d, 0x0a, 0x53, 0x65,
2412 0x72, 0x76, 0x65, 0x72, 0x3a, 0x20, 0x41, 0x70,
2413 0x61, 0x63, 0x68, 0x65, 0x2f, 0x32, 0x2e, 0x32,
2414 0x2e, 0x31, 0x35, 0x20, 0x28, 0x55, 0x6e, 0x69,
2415 0x78, 0x29, 0x20, 0x44, 0x41, 0x56, 0x2f, 0x32,
2416 0x0d, 0x0a, 0x4c, 0x61, 0x73, 0x74, 0x2d, 0x4d,
2417 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x64, 0x3a,
2418 0x20, 0x54, 0x68, 0x75, 0x2c, 0x20, 0x30, 0x34,
2419 0x20, 0x4e, 0x6f, 0x76, 0x20, 0x32, 0x30, 0x31,
2420 0x30, 0x20, 0x31, 0x35, 0x3a, 0x30, 0x34, 0x3a,
2421 0x34, 0x36, 0x20, 0x47, 0x4d, 0x54, 0x0d, 0x0a,
2422 0x45, 0x54, 0x61, 0x67, 0x3a, 0x20, 0x22, 0x61,
2423 0x62, 0x38, 0x39, 0x36, 0x35, 0x2d, 0x32, 0x63,
2424 0x2d, 0x34, 0x39, 0x34, 0x33, 0x62, 0x37, 0x61,
2425 0x37, 0x66, 0x37, 0x66, 0x38, 0x30, 0x22, 0x0d,
2426 0x0a, 0x41, 0x63, 0x63, 0x65, 0x70, 0x74, 0x2d,
2427 0x52, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x3a, 0x20,
2428 0x62, 0x79, 0x74, 0x65, 0x73, 0x0d, 0x0a, 0x43,
2429 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x4c,
2430 0x65, 0x6e, 0x67, 0x74, 0x68, 0x3a, 0x20, 0x34,
2431 0x34, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
2432 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x20, 0x63,
2433 0x6c, 0x6f, 0x73, 0x65, 0x0d, 0x0a, 0x43, 0x6f,
2434 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79,
2435 0x70, 0x65, 0x3a, 0x20, 0x74, 0x65, 0x78, 0x74,
2436 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x58,
2437 0x2d, 0x50, 0x61, 0x64, 0x3a, 0x20, 0x61, 0x76,
2438 0x6f, 0x69, 0x64, 0x20, 0x62, 0x72, 0x6f, 0x77,
2439 0x73, 0x65, 0x72, 0x20, 0x62, 0x75, 0x67, 0x0d,
2440 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x74, 0x6d, 0x6c,
2441 0x3e, 0x3c, 0x62, 0x6f, 0x64, 0x79, 0x3e, 0x3c,
2442 0x68, 0x31, 0x3e, 0x49, 0x74, 0x20, 0x77, 0x6f,
2443 0x72, 0x6b, 0x73, 0x21, 0x3c, 0x2f, 0x68, 0x31,
2444 0x3e, 0x3c, 0x2f, 0x62, 0x6f, 0x64, 0x79, 0x3e,
2445 0x3c, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x3e };
2446 p->
tcph->th_ack = htonl(88);
2447 p->
tcph->th_seq = htonl(1);
2471 p->
tcph->th_ack = htonl(328);
2472 p->
tcph->th_seq = htonl(88);
2496 p->
tcph->th_ack = htonl(88);
2497 p->
tcph->th_seq = htonl(328);
2521 p->
tcph->th_ack = htonl(328);
2522 p->
tcph->th_seq = htonl(88);
2545 p->
tcph->th_ack = htonl(88);
2546 p->
tcph->th_seq = htonl(328);
2571 p->
tcph->th_ack = htonl(328);
2572 p->
tcph->th_seq = htonl(88);
2596 p->
tcph->th_ack = htonl(90);
2597 p->
tcph->th_seq = htonl(328);
2622 p->
tcph->th_ack = htonl(328);
2623 p->
tcph->th_seq = htonl(90);
2648 p->
tcph->th_ack = htonl(175);
2649 p->
tcph->th_seq = htonl(328);
2675 p->
tcph->th_ack = htonl(175);
2676 p->
tcph->th_seq = htonl(328);
2692 p->
tcph->th_ack = htonl(328);
2693 p->
tcph->th_seq = htonl(175);
2713 static int StreamTcpReassembleTest40 (
void)
2724 memset(&tcph, 0,
sizeof (TCPHdr));
2733 uint8_t httpbuf1[] =
"P";
2734 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2735 uint8_t httpbuf3[] =
"O";
2736 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
2737 uint8_t httpbuf4[] =
"S";
2738 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
2739 uint8_t httpbuf5[] =
"T \r\n";
2740 uint32_t httplen5 =
sizeof(httpbuf5) - 1;
2742 uint8_t httpbuf2[] =
"HTTP/1.0 200 OK\r\nServer: VictorServer/1.0\r\n\r\n";
2743 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2750 f =
UTHBuildFlow(AF_INET,
"1.2.3.4",
"1.2.3.5", 200, 220);
2754 f->
proto = IPPROTO_TCP;
2757 tcph.th_win = htons(5480);
2758 tcph.th_seq = htonl(10);
2759 tcph.th_ack = htonl(10);
2773 printf(
"failed in segments reassembly, while processing toserver packet (1): ");
2779 tcph.th_seq = htonl(10);
2780 tcph.th_ack = htonl(11);
2785 printf(
"failed in segments reassembly, while processing toserver packet (3): ");
2792 tcph.th_seq = htonl(11);
2793 tcph.th_ack = htonl(55);
2798 printf(
"failed in segments reassembly, while processing toserver packet (5): ");
2805 tcph.th_seq = htonl(55);
2806 tcph.th_ack = htonl(12);
2811 printf(
"failed in segments reassembly, while processing toserver packet (6): ");
2823 tcph.th_seq = htonl(12);
2824 tcph.th_ack = htonl(100);
2829 printf(
"failed in segments reassembly, while processing toserver packet (10): ");
2836 tcph.th_seq = htonl(100);
2837 tcph.th_ack = htonl(13);
2842 printf(
"failed in segments reassembly, while processing toserver packet (11): ");
2849 tcph.th_seq = htonl(13);
2850 tcph.th_ack = htonl(145);
2855 printf(
"failed in segments reassembly, while processing toserver packet (14): ");
2862 tcph.th_seq = htonl(145);
2863 tcph.th_ack = htonl(16);
2868 printf(
"failed in segments reassembly, while processing toserver packet (15): ");
2872 printf(
"app layer proto has not been detected (18): ");
2888 static int StreamTcpReassembleTest44(
void)
2909 static int StreamTcpReassembleTest45 (
void)
2914 memset(&tv, 0,
sizeof(tv));
2915 uint8_t payload[100] = {0};
2916 uint16_t payload_size = 100;
2947 static int StreamTcpReassembleTest46 (
void)
2953 memset(&tv, 0,
sizeof(tv));
2954 uint8_t payload[100] = {0};
2955 uint16_t payload_size = 100;
2968 printf(
"STREAMTCP_STREAM_FLAG_NOREASSEMBLY set: ");
2976 printf(
"STREAMTCP_STREAM_FLAG_NOREASSEMBLY set: ");
2996 static int StreamTcpReassembleTest47 (
void)
3006 memset(&tcph, 0,
sizeof (TCPHdr));
3012 uint8_t httpbuf1[] =
"GET /EVILSUFF HTTP/1.1\r\n\r\n";
3013 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
3021 f =
UTHBuildFlow(AF_INET,
"1.2.3.4",
"1.2.3.5", 200, 220);
3024 f->
proto = IPPROTO_TCP;
3027 tcph.th_win = htons(5480);
3032 for (cnt=0; cnt < httplen1; cnt++) {
3033 tcph.th_seq = htonl(ssn.
client.
isn + 1 + cnt);
3034 tcph.th_ack = htonl(572799782UL);
3047 tcph.th_seq = htonl(572799782UL);
3048 tcph.th_ack = htonl(ssn.
client.
isn + 1 + cnt);
3067 static int StreamTcpReassembleInlineTest01(
void)
3075 memset(&tv, 0x00,
sizeof(tv));
3083 uint8_t payload[] = {
'C',
'C',
'C',
'C',
'C' };
3086 printf(
"couldn't get a packet: ");
3089 p->
tcph->th_seq = htonl(12);
3094 printf(
"failed to add segment 1: ");
3098 printf(
"failed to add segment 2: ");
3102 printf(
"failed to add segment 3: ");
3119 static int StreamTcpReassembleInlineTest02(
void)
3127 memset(&tv, 0x00,
sizeof(tv));
3135 uint8_t payload[] = {
'C',
'C',
'C',
'C',
'C' };
3138 printf(
"couldn't get a packet: ");
3141 p->
tcph->th_seq = htonl(12);
3146 printf(
"failed to add segment 1: ");
3150 printf(
"failed to add segment 2: ");
3154 printf(
"failed to add segment 3: ");
3159 printf(
"failed to add segment 4: ");
3177 static int StreamTcpReassembleInlineTest03(
void)
3185 memset(&tv, 0x00,
sizeof(tv));
3195 uint8_t payload[] = {
'C',
'C',
'C',
'C',
'C' };
3198 printf(
"couldn't get a packet: ");
3201 p->
tcph->th_seq = htonl(12);
3207 printf(
"failed to add segment 1: ");
3211 printf(
"failed to add segment 2: ");
3215 printf(
"failed to add segment 3: ");
3220 printf(
"failed to add segment 4: ");
3225 p->
tcph->th_seq = htonl(17);
3240 static int StreamTcpReassembleInlineTest04(
void)
3248 memset(&tv, 0x00,
sizeof(tv));
3258 uint8_t payload[] = {
'C',
'C',
'C',
'C',
'C' };
3261 printf(
"couldn't get a packet: ");
3264 p->
tcph->th_seq = htonl(12);
3270 printf(
"failed to add segment 1: ");
3274 printf(
"failed to add segment 2: ");
3278 printf(
"failed to add segment 3: ");
3283 printf(
"failed to add segment 4: ");
3288 p->
tcph->th_seq = htonl(17);
3304 static int StreamTcpReassembleInlineTest08(
void)
3308 memset(&tv, 0x00,
sizeof(tv));
3321 uint8_t payload[] = {
'C',
'C',
'C',
'C',
'C' };
3324 p->
tcph->th_seq = htonl(12);
3334 p->
tcph->th_seq = htonl(17);
3353 static int StreamTcpReassembleInlineTest09(
void)
3361 memset(&tv, 0x00,
sizeof(tv));
3372 uint8_t payload[] = {
'C',
'C',
'C',
'C',
'C' };
3375 printf(
"couldn't get a packet: ");
3378 p->
tcph->th_seq = htonl(17);
3384 printf(
"failed to add segment 1: ");
3388 printf(
"failed to add segment 2: ");
3392 printf(
"failed to add segment 3: ");
3400 printf(
"failed to add segment 4: ");
3405 p->
tcph->th_seq = htonl(12);
3423 static int StreamTcpReassembleInlineTest10(
void)
3432 memset(&tv, 0x00,
sizeof(tv));
3443 f =
UTHBuildFlow(AF_INET,
"1.1.1.1",
"2.2.2.2", 1024, 80);
3447 f->
proto = IPPROTO_TCP;
3449 uint8_t stream_payload1[] =
"GE";
3450 uint8_t stream_payload2[] =
"T /";
3451 uint8_t stream_payload3[] =
"HTTP/1.0\r\n\r\n";
3453 p =
UTHBuildPacketReal(stream_payload3, 12, IPPROTO_TCP,
"1.1.1.1",
"2.2.2.2", 1024, 80);
3455 printf(
"couldn't get a packet: ");
3458 p->
tcph->th_seq = htonl(7);
3464 printf(
"failed to add segment 1: ");
3471 printf(
"StreamTcpReassembleAppLayer failed: ");
3477 printf(
"expected ra_app_base_seq 1, got %u: ", ssn.
client.
base_seq);
3482 printf(
"failed to add segment 2: ");
3486 printf(
"failed to add segment 3: ");
3493 printf(
"StreamTcpReassembleAppLayer failed: ");
3511 static int StreamTcpReassembleInsertTest01(
void)
3518 memset(&tv, 0x00,
sizeof(tv));
3526 uint8_t payload[] = {
'C',
'C',
'C',
'C',
'C' };
3529 p->
tcph->th_seq = htonl(12);
3548 static int StreamTcpReassembleInsertTest02(
void)
3555 memset(&tv, 0x00,
sizeof(tv));
3562 for (i = 2; i < 10; i++) {
3573 printf(
"failed to add segment 1: ");
3578 printf(
"failed to add segment 2: ");
3591 static int StreamTcpReassembleInsertTest03(
void)
3598 memset(&tv, 0x00,
sizeof(tv));
3605 printf(
"failed to add segment 2: ");
3610 for (i = 2; i < 10; i++) {
3621 printf(
"failed to add segment 2: ");
3642 UtRegisterTest(
"StreamTcpReassembleTest25 -- Gap at Start Reassembly Test",
3643 StreamTcpReassembleTest25);
3644 UtRegisterTest(
"StreamTcpReassembleTest26 -- Gap at middle Reassembly Test",
3645 StreamTcpReassembleTest26);
3646 UtRegisterTest(
"StreamTcpReassembleTest27 -- Gap at after Reassembly Test",
3647 StreamTcpReassembleTest27);
3648 UtRegisterTest(
"StreamTcpReassembleTest28 -- Gap at Start IDS missed packet Reassembly Test",
3649 StreamTcpReassembleTest28);
3650 UtRegisterTest(
"StreamTcpReassembleTest29 -- Gap at Middle IDS missed packet Reassembly Test",
3651 StreamTcpReassembleTest29);
3653 StreamTcpReassembleTest33);
3655 StreamTcpReassembleTest34);
3657 StreamTcpReassembleTest37);
3659 StreamTcpReassembleTest39);
3661 StreamTcpReassembleTest40);
3663 StreamTcpReassembleTest44);
3665 StreamTcpReassembleTest45);
3667 StreamTcpReassembleTest46);
3668 UtRegisterTest(
"StreamTcpReassembleTest47 -- TCP Sequence Wraparound Test",
3669 StreamTcpReassembleTest47);
3671 UtRegisterTest(
"StreamTcpReassembleInlineTest01 -- inline RAW ra",
3672 StreamTcpReassembleInlineTest01);
3673 UtRegisterTest(
"StreamTcpReassembleInlineTest02 -- inline RAW ra 2",
3674 StreamTcpReassembleInlineTest02);
3675 UtRegisterTest(
"StreamTcpReassembleInlineTest03 -- inline RAW ra 3",
3676 StreamTcpReassembleInlineTest03);
3677 UtRegisterTest(
"StreamTcpReassembleInlineTest04 -- inline RAW ra 4",
3678 StreamTcpReassembleInlineTest04);
3679 UtRegisterTest(
"StreamTcpReassembleInlineTest08 -- inline RAW ra 8 cleanup",
3680 StreamTcpReassembleInlineTest08);
3681 UtRegisterTest(
"StreamTcpReassembleInlineTest09 -- inline RAW ra 9 GAP cleanup",
3682 StreamTcpReassembleInlineTest09);
3684 UtRegisterTest(
"StreamTcpReassembleInlineTest10 -- inline APP ra 10",
3685 StreamTcpReassembleInlineTest10);
3687 UtRegisterTest(
"StreamTcpReassembleInsertTest01 -- insert with overlap",
3688 StreamTcpReassembleInsertTest01);
3689 UtRegisterTest(
"StreamTcpReassembleInsertTest02 -- insert with overlap",
3690 StreamTcpReassembleInsertTest02);
3691 UtRegisterTest(
"StreamTcpReassembleInsertTest03 -- insert with overlap",
3692 StreamTcpReassembleInsertTest03);
3697 StreamTcpReassembleRawRegisterTests();
TcpSegment * StreamTcpGetSegment(ThreadVars *tv, TcpReassemblyThreadCtx *)
get a segment from the pool
StreamingBufferSegment sbseg
int StreamingBufferCompareRawData(const StreamingBuffer *sb, const uint8_t *rawdata, uint32_t rawdata_len)
void StreamTcpUTInit(TcpReassemblyThreadCtx **ra_ctx)
void *(* Malloc)(size_t size)
int StreamTcpAppLayerIsDisabled(Flow *f)
#define SCMutexDestroy(x)
void StreamingBufferSBBGetData(const StreamingBuffer *sb, const StreamingBufferBlock *sbb, const uint8_t **data, uint32_t *data_len)
get the data for one SBB
uint64_t StreamTcpReassembleGetMemcap()
Return memcap value.
#define MISSED_STEP(seq, seg, seglen, buf, buflen)
AppLayerDecoderEvents * app_layer_events
#define STREAM_BASE_OFFSET(stream)
int StreamTcpReassembleInit(char quiet)
int StreamNeedsReassembly(const TcpSession *ssn, uint8_t direction)
see what if any work the TCP session still needs
TcpStreamCnf stream_config
#define RB_FOREACH(x, name, head)
#define FLOWLOCK_UNLOCK(fb)
#define PASS
Pass the test.
int StreamingBufferGetDataAtOffset(const StreamingBuffer *sb, const uint8_t **data, uint32_t *data_len, uint64_t offset)
void StreamingBufferSBBGetDataAtOffset(const StreamingBuffer *sb, const StreamingBufferBlock *sbb, const uint8_t **data, uint32_t *data_len, uint64_t offset)
get the data for one SBB
#define STREAMTCP_STREAM_FLAG_GAP
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as an boolen.
void StreamReassembleRawUpdateProgress(TcpSession *ssn, Packet *p, uint64_t progress)
update stream engine after detection
void StreamTcpListRegisterTests(void)
#define STREAMTCP_STREAM_FLAG_DEPTH_REACHED
void StreamTcpSetOSPolicy(TcpStream *, Packet *)
Function to set the OS policy for the given stream based on the destination of the received packet...
int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, Packet *p, Flow *f, TcpSession *ssn, TcpStream *stream, uint8_t *data, uint32_t data_len, uint8_t flags)
handle TCP data for the app-layer.
void StreamTcpDisableAppLayer(Flow *f)
#define STREAMING_BUFFER_NOFLAGS
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
#define FAIL_IF(expr)
Fail a test if expression evaluates to false.
#define STREAMTCP_FLAG_APP_LAYER_DISABLED
int(* StreamReassembleRawFunc)(void *data, const uint8_t *input, const uint32_t input_len)
void StreamTcpReassembleTriggerRawReassembly(TcpSession *ssn, int direction)
Trigger RAW stream reassembly.
void AppLayerDecoderEventsSetEventRaw(AppLayerDecoderEvents **sevents, uint8_t event)
Set an app layer decoder event.
#define STREAMTCP_STREAM_FLAG_APPPROTO_DETECTION_COMPLETED
int ByteExtractStringUint32(uint32_t *res, int base, uint16_t len, const char *str)
bool StreamReassembleRawHasDataReady(TcpSession *ssn, Packet *p)
does the stream engine have data to inspect?
void StreamTcpCreateTestPacket(uint8_t *, uint8_t, uint8_t, uint8_t)
The Function to create the packet with given payload, which is used to test the reassembly of the eng...
void StreamTcpFreeConfig(char quiet)
#define FLOWLOCK_WRLOCK(fb)
#define STREAM_RAW_PROGRESS(stream)
void StreamTcpReassembleInitMemuse(void)
#define SC_ATOMIC_SUB(name, val)
sub a value from our atomic variable
#define STREAMTCP_STREAM_FLAG_APPPROTO_DETECTION_SKIPPED
StreamingBufferBlock * SBB_RB_FIND_INCLUSIVE(struct SBB *head, StreamingBufferBlock *elm)
StreamingBufferBlock * head
#define STREAMTCP_FLAG_MIDSTREAM
void *(* Calloc)(size_t n, size_t size)
void StreamTcpReassembleFreeThreadCtx(TcpReassemblyThreadCtx *ra_ctx)
void PoolThreadFree(PoolThread *pt)
destroy the thread pool
int StreamReassembleLog(TcpSession *ssn, TcpStream *stream, StreamReassembleRawFunc Callback, void *cb_data, uint64_t progress_in, uint64_t *progress_out, bool eof)
TcpReassemblyThreadCtx * ra_ctx
uint16_t reassembly_toclient_chunk_size
uint32_t min_inspect_depth
void StreamTcpUTDeinit(TcpReassemblyThreadCtx *ra_ctx)
int StreamReassembleRaw(TcpSession *ssn, const Packet *p, StreamReassembleRawFunc Callback, void *cb_data, uint64_t *progress_out, bool respect_inspect_depth)
int StreamTcpPacket(ThreadVars *tv, Packet *p, StreamTcpThread *stt, PacketQueue *pq)
#define SC_ATOMIC_INIT(name)
Initialize the previously declared atomic variable and it's lock.
#define StreamTcpSetEvent(p, e)
Flow * UTHBuildFlow(int family, const char *src, const char *dst, Port sp, Port dp)
#define SCMutexUnlock(mut)
AppLayerThreadCtx * AppLayerGetCtxThread(ThreadVars *tv)
Creates a new app layer thread context.
uint32_t raw_progress_rel
#define FLOW_IS_PM_DONE(f, dir)
#define SCMutexInit(mut, mutattr)
void StreamTcpReassembleDecrMemuse(uint64_t size)
Function to Decrease the memory usage counter for the TCP reassembly segments.
void StreamTcpReassembleIncrMemuse(uint64_t size)
Function to Increment the memory usage counter for the TCP reassembly segments.
#define STREAM_HAS_SEEN_DATA(stream)
int StreamTcpReassembleInsertSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpStream *stream, TcpSegment *seg, Packet *p, uint32_t pkt_seq, uint8_t *pkt_data, uint16_t pkt_datalen)
uint32_t app_progress_rel
Data structures and function prototypes for keeping state for the detection engine.
#define STREAMTCP_STREAM_FLAG_FLUSH_FLAGS
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
void StreamTcpReassembleRegisterTests(void)
The Function Register the Unit tests to test the reassembly engine for various OS policies...
uint16_t counter_tcp_stream_depth
void StreamTcpReassemblySetMinInspectDepth(TcpSession *ssn, int direction, uint32_t depth)
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
#define StreamTcpDisableAppLayerReassembly(ssn)
void StreamTcpSessionClear(void *ssnptr)
Function to return the stream back to the pool. It returns the segments in the stream to the segment ...
void PoolThreadReturn(PoolThread *pt, void *data)
return data to thread pool
TcpReassemblyThreadCtx * StreamTcpReassembleInitThreadCtx(ThreadVars *tv)
void *(* Realloc)(void *ptr, size_t orig_size, size_t size)
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
uint64_t StreamTcpReassembleMemuseGlobalCounter(void)
Packet * UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst, uint16_t sport, uint16_t dport)
UTHBuildPacketReal is a function that create tcp/udp packets for unittests specifying ip and port sou...
void StreamTcpReassembleFree(char quiet)
#define PKT_IS_TOSERVER(p)
#define FLOW_PKT_TOSERVER
uint32_t reassembly_depth
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
int StreamingBufferGetData(const StreamingBuffer *sb, const uint8_t **data, uint32_t *data_len, uint64_t *stream_offset)
#define PKT_PSEUDO_STREAM_END
int RunmodeIsUnittests(void)
#define StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(stream)
uint16_t StatsRegisterGlobalCounter(const char *name, uint64_t(*Func)(void))
Registers a counter, which represents a global value.
int8_t data_first_seen_dir
#define StreamTcpSetStreamFlagAppProtoDetectionCompleted(stream)
#define STREAMTCP_STREAM_FLAG_TRIGGER_RAW
int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpSession *ssn, TcpStream *stream, Packet *p, PacketQueue *pq)
uint16_t reassembly_toserver_chunk_size
void StreamTcpUTInitInline(void)
#define STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED
uint32_t reassembly_depth
int StreamTcpReassembleSetMemcap(uint64_t size)
Update memcap value.
#define STREAMTCP_STREAM_FLAG_DISABLE_RAW
int PoolThreadGrow(PoolThread *pt, uint32_t size, uint32_t prealloc_size, uint32_t elt_size, void *(*Alloc)(void), int(*Init)(void *, void *), void *InitData, void(*Cleanup)(void *), void(*Free)(void *))
grow a thread pool by one
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
void PrintRawDataFp(FILE *fp, const uint8_t *buf, uint32_t buflen)
uint16_t counter_tcp_segment_memcap
#define RB_FOREACH_SAFE(x, name, head, y)
#define FLOW_IS_PP_DONE(f, dir)
#define RB_REMOVE(name, x, y)
void StreamTcpUtilRegisterTests(void)
void AppLayerDestroyCtxThread(AppLayerThreadCtx *app_tctx)
Destroys the context created by AppLayeGetCtxThread().
int StreamTcpReassembleHandleSegmentHandleData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpSession *ssn, TcpStream *stream, Packet *p)
Insert a packets TCP data into the stream reassembly engine.
void StreamTcpSegmentReturntoPool(TcpSegment *seg)
Function to return the segment back to the pool.
uint32_t prealloc_segments
#define FLOW_INITIALIZE(f)
#define SCReturnPtr(x, type)
void StreamTcpUTSetupStream(TcpStream *s, uint32_t isn)
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself...
void StreamTcpInlineRegisterTests(void)
SC_ATOMIC_DECLARE(uint64_t, ra_memuse)
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
void StreamTcpReassemblePseudoPacketCreate(TcpStream *, Packet *, PacketQueue *)
void * PoolThreadGetById(PoolThread *pt, uint16_t id)
get data from thread pool by thread id
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
#define STREAMTCP_STREAM_FLAG_NOREASSEMBLY
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
StreamingBufferConfig sbcnf
int StreamTcpCheckStreamContents(uint8_t *stream_policy, uint16_t sp_size, TcpStream *stream)
The Function Checks the reassembled stream contents against predefined stream contents according to O...
int StreamTcpReassembleAppLayer(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpSession *ssn, TcpStream *stream, Packet *p, enum StreamUpdateDir dir)
Update the stream reassembly upon receiving a packet.
uint16_t counter_tcp_reass_gap
int StreamTcpUTAddSegmentWithPayload(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpStream *stream, uint32_t seq, uint8_t *payload, uint16_t len)
void StreamTcpUTSetupSession(TcpSession *ssn)
Per thread variable structure.
int StreamTcpReassembleDepthReached(Packet *p)
check if stream in pkt direction has depth reached
#define FLOW_PKT_TOCLIENT
AppProto alproto
application level protocol
int PoolThreadSize(PoolThread *pt)
get size of PoolThread (number of 'threads', so array elements)
void StreamTcpReturnStreamSegments(TcpStream *stream)
return all segments in this stream into the pool(s)
int segment_thread_pool_id
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
void StreamTcpReassembleConfigEnableOverlapCheck(void)
#define STREAM_APP_PROGRESS(stream)
int StreamTcpInlineMode(void)
See if stream engine is operating in inline mode.
int StreamTcpUTAddSegmentWithByte(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpStream *stream, uint32_t seq, uint8_t byte, uint16_t len)
#define STREAM_RIGHT_EDGE(stream)
int StreamTcpReassembleCheckMemcap(uint64_t size)
Function to Check the reassembly memory usage counter against the allowed max memory usgae for TCP se...
void StreamTcpUTClearSession(TcpSession *ssn)
#define MISSED_START(isn)
PoolThread * PoolThreadInit(int threads, uint32_t size, uint32_t prealloc_size, uint32_t elt_size, void *(*Alloc)(void), int(*Init)(void *, void *), void *InitData, void(*Cleanup)(void *), void(*Free)(void *))
initialize a thread pool
#define APP_LAYER_DATA_ALREADY_SENT_TO_APP_LAYER
int StreamTcpUTAddPayload(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpSession *ssn, TcpStream *stream, uint32_t seq, uint8_t *payload, uint16_t len)
wrapper for StreamTcpReassembleHandleSegmentHandleData
void StreamTcpUTClearStream(TcpStream *s)
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
void(* Free)(void *ptr, size_t size)
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
void UTHFreeFlow(Flow *flow)
#define DEBUG_VALIDATE_BUG_ON(exp)
#define SET_ISN(stream, setseq)
void StreamTcpPruneSession(Flow *f, uint8_t flags)
Remove idle TcpSegments from TcpSession.
#define SCMUTEX_INITIALIZER