#include "suricata.h"#include "flow.h"#include "stream-tcp-private.h"#include "util-exception-policy.h"
Go to the source code of this file.
Data Structures | |
| struct | TcpReassemblyThreadCtx_ |
Macros | |
| #define | OS_POLICY_DEFAULT OS_POLICY_BSD |
Typedefs | |
| typedef struct TcpReassemblyThreadCtx_ | TcpReassemblyThreadCtx |
Functions | |
| void | StreamTcpReassembleInitMemuse (void) |
| int | StreamTcpReassembleHandleSegment (ThreadVars *, TcpReassemblyThreadCtx *, TcpSession *, TcpStream *, Packet *) |
| int | StreamTcpReassembleInit (bool) |
| void | StreamTcpReassembleFree (bool) |
| void * | StreamTcpReassembleRealloc (void *optr, size_t orig_size, size_t size) |
| void | StreamTcpReassembleRegisterTests (void) |
| The Function Register the Unit tests to test the reassembly engine for various OS policies. More... | |
| TcpReassemblyThreadCtx * | StreamTcpReassembleInitThreadCtx (ThreadVars *tv) |
| void | StreamTcpReassembleFreeThreadCtx (TcpReassemblyThreadCtx *) |
| int | StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpSession *ssn, TcpStream *stream, Packet *p, enum StreamUpdateDir dir) |
| Update the stream reassembly upon receiving a packet. More... | |
| void | StreamTcpCreateTestPacket (uint8_t *, uint8_t, uint8_t, uint8_t) |
| The Function to create the packet with given payload, which is used to test the reassembly of the engine. More... | |
| void | StreamTcpSetSessionNoReassemblyFlag (TcpSession *, char) |
| disable reassembly More... | |
| void | StreamTcpSetSessionBypassFlag (TcpSession *) |
| enable bypass More... | |
| void | StreamTcpSetDisableRawReassemblyFlag (TcpSession *, char) |
| Set the No reassembly flag for the given direction in given TCP session. More... | |
| void | StreamTcpSetOSPolicy (TcpStream *, Packet *) |
| Function to set the OS policy for the given stream based on the destination of the received packet. More... | |
| int | StreamTcpReassembleHandleSegmentHandleData (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpSession *ssn, TcpStream *stream, Packet *p) |
| Insert a packets TCP data into the stream reassembly engine. More... | |
| int | StreamTcpReassembleInsertSegment (ThreadVars *, TcpReassemblyThreadCtx *, TcpStream *, TcpSegment *, Packet *, uint32_t pkt_seq, uint8_t *pkt_data, uint16_t pkt_datalen) |
| TcpSegment * | StreamTcpGetSegment (ThreadVars *, TcpReassemblyThreadCtx *) |
| get a segment from the pool More... | |
| void | StreamTcpReturnStreamSegments (TcpStream *) |
| return all segments in this stream into the pool(s) More... | |
| void | StreamTcpSegmentReturntoPool (TcpSegment *) |
| Function to return the segment back to the pool. More... | |
| void | StreamTcpReassembleTriggerRawReassembly (TcpSession *, int direction) |
| Trigger RAW stream reassembly. More... | |
| void | StreamTcpPruneSession (Flow *, uint8_t) |
| Remove idle TcpSegments from TcpSession. More... | |
| int | StreamTcpReassembleDepthReached (Packet *p) |
| check if stream in pkt direction has depth reached More... | |
| void | StreamTcpReassembleIncrMemuse (uint64_t size) |
| Function to Increment the memory usage counter for the TCP reassembly segments. More... | |
| void | StreamTcpReassembleDecrMemuse (uint64_t size) |
| Function to Decrease the memory usage counter for the TCP reassembly segments. More... | |
| int | StreamTcpReassembleSetMemcap (uint64_t size) |
| Update memcap value. More... | |
| uint64_t | StreamTcpReassembleGetMemcap (void) |
| Return memcap value. More... | |
| int | StreamTcpReassembleCheckMemcap (uint64_t size) |
| Function to Check the reassembly memory usage counter against the allowed max memory usage for TCP segments. More... | |
| uint64_t | StreamTcpReassembleMemuseGlobalCounter (void) |
| void | StreamTcpDisableAppLayer (Flow *f) |
| int | StreamTcpAppLayerIsDisabled (Flow *f) |
| bool | StreamReassembleRawHasDataReady (TcpSession *ssn, Packet *p) |
| does the stream engine have data to inspect? More... | |
| void | StreamTcpReassemblySetMinInspectDepth (TcpSession *ssn, int direction, uint32_t depth) |
| bool | IsTcpSessionDumpingEnabled (void) |
| void | EnableTcpSessionDumping (void) |
| uint32_t | StreamDataAvailableForProtoDetect (TcpStream *stream) |
Detailed Description
Definition in file stream-tcp-reassemble.h.
Macro Definition Documentation
◆ OS_POLICY_DEFAULT
| #define OS_POLICY_DEFAULT OS_POLICY_BSD |
Definition at line 89 of file stream-tcp-reassemble.h.
Typedef Documentation
◆ TcpReassemblyThreadCtx
| typedef struct TcpReassemblyThreadCtx_ TcpReassemblyThreadCtx |
Enumeration Type Documentation
◆ anonymous enum
| anonymous enum |
Supported OS list and default OS policy is BSD
Definition at line 34 of file stream-tcp-reassemble.h.
◆ StreamUpdateDir
| enum StreamUpdateDir |
| Enumerator | |
|---|---|
| UPDATE_DIR_NONE | |
| UPDATE_DIR_PACKET | |
| UPDATE_DIR_OPPOSING | |
| UPDATE_DIR_BOTH | |
Definition at line 54 of file stream-tcp-reassemble.h.
Function Documentation
◆ EnableTcpSessionDumping()
| void EnableTcpSessionDumping | ( | void | ) |
Definition at line 94 of file stream-tcp-reassemble.c.
◆ IsTcpSessionDumpingEnabled()
|
inline |
Definition at line 89 of file stream-tcp-reassemble.c.
◆ StreamDataAvailableForProtoDetect()
| uint32_t StreamDataAvailableForProtoDetect | ( | TcpStream * | stream | ) |
Definition at line 712 of file stream-tcp-reassemble.c.
References StreamingBufferRegion_::buf_offset, DEBUG_VALIDATE_BUG_ON, StreamingBuffer_::head, RB_EMPTY, StreamingBuffer_::region, TcpStream_::sb, StreamingBuffer_::sbb_size, StreamingBuffer_::sbb_tree, and StreamingBufferRegion_::stream_offset.
◆ StreamReassembleRawHasDataReady()
| bool StreamReassembleRawHasDataReady | ( | TcpSession * | ssn, |
| Packet * | p | ||
| ) |
does the stream engine have data to inspect?
Returns true if there is data to inspect. In IDS case this is about ACK'd data in the packet's direction.
In the IPS case this is about the packet itself.
Definition at line 1445 of file stream-tcp-reassemble.c.
References TcpStream_::base_seq, TcpSession_::client, TcpStream_::flags, PKT_IS_TOSERVER, RB_EMPTY, TcpStream_::seg_tree, TcpStream_::segs_right_edge, TcpSession_::server, STREAM_BASE_OFFSET, STREAM_RAW_PROGRESS, STREAMTCP_STREAM_FLAG_DISABLE_RAW, STREAMTCP_STREAM_FLAG_NOREASSEMBLY, and StreamTcpInlineMode().
◆ StreamTcpAppLayerIsDisabled()
| int StreamTcpAppLayerIsDisabled | ( | Flow * | f | ) |
- Parameters
-
f locked flow
Definition at line 462 of file stream-tcp-reassemble.c.
References TcpSession_::flags, Flow_::proto, Flow_::protoctx, and STREAMTCP_FLAG_APP_LAYER_DISABLED.
◆ StreamTcpCreateTestPacket()
| void StreamTcpCreateTestPacket | ( | uint8_t * | payload, |
| uint8_t | value, | ||
| uint8_t | payload_len, | ||
| uint8_t | len | ||
| ) |
The Function to create the packet with given payload, which is used to test the reassembly of the engine.
- Parameters
-
payload The variable used to store the payload contents of the current packet. value The value which current payload will have for this packet payload_len The length of the filed payload for current packet. len Length of the payload array
Definition at line 2152 of file stream-tcp-reassemble.c.
References len, and payload_len.
◆ StreamTcpDisableAppLayer()
| void StreamTcpDisableAppLayer | ( | Flow * | f | ) |
- Parameters
-
f locked flow
Definition at line 446 of file stream-tcp-reassemble.c.
References Flow_::alparser, APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS, AppLayerParserStateSetFlag(), TcpSession_::client, Flow_::protoctx, TcpSession_::server, StreamTcpDisableAppLayerReassembly, and StreamTcpSetStreamFlagAppProtoDetectionCompleted.
◆ StreamTcpGetSegment()
| TcpSegment* StreamTcpGetSegment | ( | ThreadVars * | tv, |
| TcpReassemblyThreadCtx * | ra_ctx | ||
| ) |
get a segment from the pool
- Return values
-
seg Segment from the pool or NULL
Definition at line 2065 of file stream-tcp-reassemble.c.
References TcpReassemblyThreadCtx_::counter_tcp_segment_from_cache, TcpReassemblyThreadCtx_::counter_tcp_segment_from_pool, TcpReassemblyThreadCtx_::counter_tcp_segment_memcap, PoolThreadGetById(), TcpSegment::sbseg, SCLogDebug, segment_thread_pool, TcpReassemblyThreadCtx_::segment_thread_pool_id, StatsIncr(), StreamTcpThreadCacheGetSegment(), and tv.
Referenced by StreamTcpUTAddSegmentWithByte(), and StreamTcpUTAddSegmentWithPayload().
◆ StreamTcpPruneSession()
| void StreamTcpPruneSession | ( | Flow * | f, |
| uint8_t | flags | ||
| ) |
Remove idle TcpSegments from TcpSession.
Checks app progress and raw progress and progresses them if needed, slides the streaming buffer, then gets rid of excess segments.
- Parameters
-
f flow flags direction flags
Definition at line 887 of file stream-tcp-list.c.
References TcpSession_::client, flags, TcpStream_::flags, TcpSession_::flags, Flow_::protoctx, TcpStream_::sb, TcpStreamCnf_::sbcnf, SCEnter, SCLogDebug, SCReturn, TcpSession_::server, stream_config, StreamingBufferClear(), STREAMTCP_FLAG_APP_LAYER_DISABLED, STREAMTCP_STREAM_FLAG_DEPTH_REACHED, STREAMTCP_STREAM_FLAG_DISABLE_RAW, STREAMTCP_STREAM_FLAG_NOREASSEMBLY, and StreamTcpReturnStreamSegments().
◆ StreamTcpReassembleAppLayer()
| int StreamTcpReassembleAppLayer | ( | ThreadVars * | tv, |
| TcpReassemblyThreadCtx * | ra_ctx, | ||
| TcpSession * | ssn, | ||
| TcpStream * | stream, | ||
| Packet * | p, | ||
| enum StreamUpdateDir | app_update_dir | ||
| ) |
Update the stream reassembly upon receiving a packet.
For IDS mode, the stream is in the opposite direction of the packet, as the ACK-packet is ACK'ing the stream.
One of the utilities call by this function AppLayerHandleTCPData(), has a feature where it will call this very same function for the stream opposing the stream it is called with. This shouldn't cause any issues, since processing of each stream is independent of the other stream.
Definition at line 1334 of file stream-tcp-reassemble.c.
References AppLayerHandleTCPData(), TcpStream_::flags, TcpSession_::flags, Packet_::flags, Packet_::flow, PKT_PSEUDO_STREAM_END, RB_MIN, SCEnter, SCLogDebug, SCReturnInt, TcpStream_::seg_tree, TcpSession_::state, STREAM_APP_PROGRESS, STREAM_HAS_SEEN_DATA, STREAM_RIGHT_EDGE, STREAMTCP_FLAG_APP_LAYER_DISABLED, STREAMTCP_STREAM_FLAG_NOREASSEMBLY, TCP_CLOSING, and tv.
◆ StreamTcpReassembleCheckMemcap()
| int StreamTcpReassembleCheckMemcap | ( | uint64_t | size | ) |
Function to Check the reassembly memory usage counter against the allowed max memory usage for TCP segments.
- Parameters
-
size Size of the TCP segment and its payload length memory allocated
- Return values
-
1 if in bounds 0 if not in bounds
Definition at line 162 of file stream-tcp-reassemble.c.
References SC_ATOMIC_GET, SCLogNotice, stream_config, t_pcapcnt, and unlikely.
Referenced by StreamTcpReassembleRealloc().
◆ StreamTcpReassembleDecrMemuse()
| void StreamTcpReassembleDecrMemuse | ( | uint64_t | size | ) |
Function to Decrease the memory usage counter for the TCP reassembly segments.
- Parameters
-
size Size of the TCP segment and its payload length memory allocated
Definition at line 127 of file stream-tcp-reassemble.c.
References BUG_ON, RunmodeIsUnittests(), SC_ATOMIC_GET, SC_ATOMIC_SUB, SCLogDebug, and StreamTcpReassembleMemuseGlobalCounter().
Referenced by StreamTcpReassembleRealloc().
◆ StreamTcpReassembleDepthReached()
| int StreamTcpReassembleDepthReached | ( | Packet * | p | ) |
check if stream in pkt direction has depth reached
- Parameters
-
p packet with LOCKED flow
- Return values
-
1 stream has depth reached 0 stream does not have depth reached
Definition at line 615 of file stream-tcp-reassemble.c.
References TcpSession_::client, TcpStream_::flags, Packet_::flow, FLOW_PKT_TOSERVER, Packet_::flowflags, Flow_::protoctx, TcpSession_::server, and STREAMTCP_STREAM_FLAG_DEPTH_REACHED.
◆ StreamTcpReassembleFree()
| void StreamTcpReassembleFree | ( | bool | ) |
Definition at line 538 of file stream-tcp-reassemble.c.
References SCMutexLock.
Referenced by StreamTcpFreeConfig().
◆ StreamTcpReassembleFreeThreadCtx()
| void StreamTcpReassembleFreeThreadCtx | ( | TcpReassemblyThreadCtx * | ) |
Definition at line 595 of file stream-tcp-reassemble.c.
References TcpReassemblyThreadCtx_::app_tctx, AppLayerDestroyCtxThread(), SCEnter, SCFree, SCReturn, and StreamTcpThreadCacheCleanup().
Referenced by StreamTcpThreadDeinit(), and StreamTcpUTDeinit().
◆ StreamTcpReassembleGetMemcap()
| uint64_t StreamTcpReassembleGetMemcap | ( | void | ) |
Return memcap value.
- Returns
- memcap memcap value
Definition at line 198 of file stream-tcp-reassemble.c.
References SC_ATOMIC_GET, and stream_config.
◆ StreamTcpReassembleHandleSegment()
| int StreamTcpReassembleHandleSegment | ( | ThreadVars * | , |
| TcpReassemblyThreadCtx * | , | ||
| TcpSession * | , | ||
| TcpStream * | , | ||
| Packet * | |||
| ) |
Definition at line 1945 of file stream-tcp-reassemble.c.
References DEBUG_VALIDATE_BUG_ON, and SCEnter.
◆ StreamTcpReassembleHandleSegmentHandleData()
| int StreamTcpReassembleHandleSegmentHandleData | ( | ThreadVars * | tv, |
| TcpReassemblyThreadCtx * | ra_ctx, | ||
| TcpSession * | ssn, | ||
| TcpStream * | stream, | ||
| Packet * | p | ||
| ) |
Insert a packets TCP data into the stream reassembly engine.
- Return values
-
0 good segment, as far as we checked. -1 insert failure due to memcap
If the retval is 0 the segment is inserted correctly, or overlap is handled, or it wasn't added because of reassembly depth.
Definition at line 736 of file stream-tcp-reassemble.c.
References TcpSession_::data_first_seen_dir, TcpStream_::flags, TcpSession_::flags, TcpStream_::os_policy, PKT_IS_TOSERVER, SCEnter, SCLogDebug, SCReturnInt, STREAMTCP_FLAG_APP_LAYER_DISABLED, STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED, and StreamTcpSetOSPolicy().
Referenced by StreamTcpUTAddPayload().
◆ StreamTcpReassembleIncrMemuse()
| void StreamTcpReassembleIncrMemuse | ( | uint64_t | size | ) |
Function to Increment the memory usage counter for the TCP reassembly segments.
- Parameters
-
size Size of the TCP segment and its payload length memory allocated
Definition at line 114 of file stream-tcp-reassemble.c.
References SC_ATOMIC_ADD, SCLogDebug, and StreamTcpReassembleMemuseGlobalCounter().
Referenced by StreamTcpReassembleRealloc().
◆ StreamTcpReassembleInit()
| int StreamTcpReassembleInit | ( | bool | ) |
Definition at line 522 of file stream-tcp-reassemble.c.
References StreamTcpReassembleInitMemuse().
◆ StreamTcpReassembleInitMemuse()
| void StreamTcpReassembleInitMemuse | ( | void | ) |
Definition at line 103 of file stream-tcp-reassemble.c.
References SC_ATOMIC_INIT.
Referenced by StreamTcpReassembleInit(), and UtRunTests().
◆ StreamTcpReassembleInitThreadCtx()
| TcpReassemblyThreadCtx* StreamTcpReassembleInitThreadCtx | ( | ThreadVars * | tv | ) |
Definition at line 556 of file stream-tcp-reassemble.c.
References TcpReassemblyThreadCtx_::app_tctx, AppLayerGetCtxThread(), SCCalloc, SCEnter, SCMutexLock, and unlikely.
Referenced by StreamTcpUTInit().
◆ StreamTcpReassembleInsertSegment()
| int StreamTcpReassembleInsertSegment | ( | ThreadVars * | tv, |
| TcpReassemblyThreadCtx * | ra_ctx, | ||
| TcpStream * | stream, | ||
| TcpSegment * | seg, | ||
| Packet * | p, | ||
| uint32_t | pkt_seq, | ||
| uint8_t * | pkt_data, | ||
| uint16_t | pkt_datalen | ||
| ) |
- Returns
- 0 ok
- -1 segment not inserted due to memcap issue
- Parameters
-
seg segment, this function takes total ownership
In case of error, this function returns the segment to the pool
Definition at line 634 of file stream-tcp-list.c.
References SCEnter.
Referenced by StreamTcpUTAddSegmentWithByte(), and StreamTcpUTAddSegmentWithPayload().
◆ StreamTcpReassembleMemuseGlobalCounter()
| uint64_t StreamTcpReassembleMemuseGlobalCounter | ( | void | ) |
Definition at line 148 of file stream-tcp-reassemble.c.
◆ StreamTcpReassembleRealloc()
| void* StreamTcpReassembleRealloc | ( | void * | optr, |
| size_t | orig_size, | ||
| size_t | size | ||
| ) |
Definition at line 227 of file stream-tcp-reassemble.c.
References SC_ATOMIC_GET, SC_ELIMIT, SC_ENOMEM, sc_errno, SCLogDebug, SCRealloc, stream_config, StreamTcpReassembleCheckMemcap(), StreamTcpReassembleDecrMemuse(), and StreamTcpReassembleIncrMemuse().
◆ StreamTcpReassembleRegisterTests()
| void StreamTcpReassembleRegisterTests | ( | void | ) |
The Function Register the Unit tests to test the reassembly engine for various OS policies.
Definition at line 3847 of file stream-tcp-reassemble.c.
References UtRegisterTest().
◆ StreamTcpReassembleSetMemcap()
| int StreamTcpReassembleSetMemcap | ( | uint64_t | size | ) |
Update memcap value.
- Parameters
-
size new memcap value
Definition at line 183 of file stream-tcp-reassemble.c.
References SC_ATOMIC_GET, SC_ATOMIC_SET, and stream_config.
◆ StreamTcpReassembleTriggerRawReassembly()
| void StreamTcpReassembleTriggerRawReassembly | ( | TcpSession * | ssn, |
| int | direction | ||
| ) |
Trigger RAW stream reassembly.
Used by AppLayerTriggerRawStreamReassembly to trigger RAW stream reassembly from the applayer, for example upon completion of a HTTP request.
It sets a flag in the stream so that the next Raw call will return the data.
- Parameters
-
ssn TcpSession
Definition at line 2101 of file stream-tcp-reassemble.c.
References BUG_ON, TcpSession_::client, TcpStream_::flags, SCLogDebug, TcpSession_::server, and STREAMTCP_STREAM_FLAG_TRIGGER_RAW.
Referenced by AppLayerParserTriggerRawStreamReassembly().
◆ StreamTcpReassemblySetMinInspectDepth()
| void StreamTcpReassemblySetMinInspectDepth | ( | TcpSession * | ssn, |
| int | direction, | ||
| uint32_t | depth | ||
| ) |
Definition at line 2118 of file stream-tcp-reassemble.c.
References BUG_ON, TcpSession_::client, TcpStream_::min_inspect_depth, SCLogDebug, and TcpSession_::server.
◆ StreamTcpReturnStreamSegments()
| void StreamTcpReturnStreamSegments | ( | TcpStream * | stream | ) |
return all segments in this stream into the pool(s)
- Parameters
-
stream the stream to cleanup
Definition at line 396 of file stream-tcp-reassemble.c.
◆ StreamTcpSegmentReturntoPool()
| void StreamTcpSegmentReturntoPool | ( | TcpSegment * | seg | ) |
Function to return the segment back to the pool.
- Parameters
-
seg Segment which will be returned back to the pool.
Definition at line 379 of file stream-tcp-reassemble.c.
References TcpSegment::pcap_hdr_storage, TcpSegmentPcapHdrStorage_::pktlen, and StreamTcpThreadCacheReturnSegment().
Referenced by StreamTcpReturnStreamSegments().
◆ StreamTcpSetDisableRawReassemblyFlag()
| void StreamTcpSetDisableRawReassemblyFlag | ( | TcpSession * | ssn, |
| char | direction | ||
| ) |
Set the No reassembly flag for the given direction in given TCP session.
- Parameters
-
ssn TCP Session to set the flag in direction direction to set the flag in: 0 toserver, 1 toclient
Definition at line 6670 of file stream-tcp.c.
References TcpSession_::client, TcpStream_::flags, TcpSession_::server, and STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED.
◆ StreamTcpSetOSPolicy()
Function to set the OS policy for the given stream based on the destination of the received packet.
- Parameters
-
stream TcpStream of which os_policy needs to set p Packet which is used to set the os policy
Definition at line 940 of file stream-tcp.c.
Referenced by StreamTcpReassembleHandleSegmentHandleData().
◆ StreamTcpSetSessionBypassFlag()
| void StreamTcpSetSessionBypassFlag | ( | TcpSession * | ssn | ) |
enable bypass
- Parameters
-
ssn TCP Session to set the flag in direction direction to set the flag in: 0 toserver, 1 toclient
Definition at line 6681 of file stream-tcp.c.
References TcpSession_::flags, and STREAMTCP_FLAG_BYPASS.
◆ StreamTcpSetSessionNoReassemblyFlag()
| void StreamTcpSetSessionNoReassemblyFlag | ( | TcpSession * | ssn, |
| char | direction | ||
| ) |
disable reassembly
Disable app layer and set raw inspect to no longer accept new data. Stream engine will then fully disable raw after last inspection.
- Parameters
-
ssn TCP Session to set the flag in direction direction to set the flag in: 0 toserver, 1 toclient
Definition at line 6654 of file stream-tcp.c.
References TcpSession_::client, TcpStream_::flags, TcpSession_::flags, TcpSession_::server, STREAMTCP_FLAG_APP_LAYER_DISABLED, and STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED.
