suricata
stream-tcp-sack.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2011 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Stream engine TCP SACK handling.
24  */
25 
26 #include "suricata-common.h"
27 #include "stream-tcp.h"
28 #include "stream-tcp-private.h"
29 #include "stream-tcp-sack.h"
30 #include "util-unittest.h"
31 
32 RB_GENERATE(TCPSACK, StreamTcpSackRecord, rb, TcpSackCompare);
33 
34 int TcpSackCompare(struct StreamTcpSackRecord *a, struct StreamTcpSackRecord *b)
35 {
36  if (SEQ_GT(a->le, b->le))
37  return 1;
38  else if (SEQ_LT(a->le, b->le))
39  return -1;
40  else {
41  if (SEQ_EQ(a->re, b->re))
42  return 0;
43  else if (SEQ_GT(a->re, b->re))
44  return 1;
45  else
46  return -1;
47  }
48 }
49 #ifdef DEBUG
50 static void StreamTcpSackPrintList(TcpStream *stream)
51 {
52  SCLogDebug("size %u", stream->sack_size);
53  StreamTcpSackRecord *rec = NULL;
54  RB_FOREACH(rec, TCPSACK, &stream->sack_tree) {
55  SCLogDebug("- record %8u - %8u", rec->le, rec->re);
56  }
57 }
58 #endif /* DEBUG */
59 
60 static inline StreamTcpSackRecord *StreamTcpSackRecordAlloc(void)
61 {
62  if (StreamTcpCheckMemcap((uint32_t)sizeof(StreamTcpSackRecord)) == 0)
63  return NULL;
64 
65  StreamTcpSackRecord *rec = SCMalloc(sizeof(*rec));
66  if (unlikely(rec == NULL))
67  return NULL;
68 
69  StreamTcpIncrMemuse((uint64_t)sizeof(*rec));
70  return rec;
71 }
72 
73 static inline void StreamTcpSackRecordFree(StreamTcpSackRecord *rec)
74 {
75  SCFree(rec);
76  StreamTcpDecrMemuse((uint64_t)sizeof(*rec));
77 }
78 
79 static inline void ConsolidateFwd(TcpStream *stream, struct TCPSACK *tree, struct StreamTcpSackRecord *sa)
80 {
81  struct StreamTcpSackRecord *tr, *s = sa;
82  RB_FOREACH_FROM(tr, TCPSACK, s) {
83  if (sa == tr)
84  continue;
85  SCLogDebug("-> (fwd) tr %p %u/%u", tr, tr->le, tr->re);
86 
87  if (SEQ_LT(sa->re, tr->le))
88  break; // entirely before
89 
90  if (SEQ_GEQ(sa->le, tr->le) && SEQ_LEQ(sa->re, tr->re)) {
91  stream->sack_size -= (tr->re - tr->le);
92  stream->sack_size -= (sa->re - sa->le);
93  sa->re = tr->re;
94  sa->le = tr->le;
95  stream->sack_size += (sa->re - sa->le);
96  SCLogDebug("-> (fwd) tr %p %u/%u REMOVED ECLIPSED2", tr, tr->le, tr->re);
97  TCPSACK_RB_REMOVE(tree, tr);
98  StreamTcpSackRecordFree(tr);
99  /*
100  sa: [ ]
101  tr: [ ]
102  sa: [ ]
103  tr: [ ]
104  sa: [ ]
105  tr: [ ]
106  */
107  } else if (SEQ_LEQ(sa->le, tr->le) && SEQ_GEQ(sa->re, tr->re)) {
108  SCLogDebug("-> (fwd) tr %p %u/%u REMOVED ECLIPSED", tr, tr->le, tr->re);
109  stream->sack_size -= (tr->re - tr->le);
110  TCPSACK_RB_REMOVE(tree, tr);
111  StreamTcpSackRecordFree(tr);
112  /*
113  sa: [ ]
114  tr: [ ]
115  sa: [ ]
116  tr: [ ]
117  */
118  } else if (SEQ_LT(sa->le, tr->le) && // starts before
119  SEQ_GEQ(sa->re, tr->le) && SEQ_LT(sa->re, tr->re) // ends inside
120  ) {
121  // merge
122  stream->sack_size -= (tr->re - tr->le);
123  stream->sack_size -= (sa->re - sa->le);
124  sa->re = tr->re;
125  stream->sack_size += (sa->re - sa->le);
126  SCLogDebug("-> (fwd) tr %p %u/%u REMOVED MERGED", tr, tr->le, tr->re);
127  TCPSACK_RB_REMOVE(tree, tr);
128  StreamTcpSackRecordFree(tr);
129  }
130  }
131 }
132 
133 static inline void ConsolidateBackward(TcpStream *stream,
134  struct TCPSACK *tree, struct StreamTcpSackRecord *sa)
135 {
136  struct StreamTcpSackRecord *tr, *s = sa;
137  RB_FOREACH_REVERSE_FROM(tr, TCPSACK, s) {
138  if (sa == tr)
139  continue;
140  SCLogDebug("-> (bwd) tr %p %u/%u", tr, tr->le, tr->re);
141 
142  if (SEQ_GT(sa->le, tr->re))
143  break; // entirely after
144  if (SEQ_GEQ(sa->le, tr->le) && SEQ_LEQ(sa->re, tr->re)) {
145  stream->sack_size -= (tr->re - tr->le);
146  stream->sack_size -= (sa->re - sa->le);
147  sa->re = tr->re;
148  sa->le = tr->le;
149  stream->sack_size += (sa->re - sa->le);
150  SCLogDebug("-> (bwd) tr %p %u/%u REMOVED ECLIPSED2", tr, tr->le, tr->re);
151  TCPSACK_RB_REMOVE(tree, tr);
152  StreamTcpSackRecordFree(tr);
153  /*
154  sa: [ ]
155  tr: [ ]
156  sa: [ ]
157  tr: [ ]
158  sa: [ ]
159  tr: [ ]
160  */
161  } else if (SEQ_LEQ(sa->le, tr->le) && SEQ_GEQ(sa->re, tr->re)) {
162  SCLogDebug("-> (bwd) tr %p %u/%u REMOVED ECLIPSED", tr, tr->le, tr->re);
163  stream->sack_size -= (tr->re - tr->le);
164  TCPSACK_RB_REMOVE(tree, tr);
165  StreamTcpSackRecordFree(tr);
166  /*
167  sa: [ ]
168  tr: [ ]
169  sa: [ ]
170  tr: [ ]
171  */
172  } else if (SEQ_GT(sa->le, tr->le) && SEQ_GT(sa->re, tr->re) && SEQ_LEQ(sa->le,tr->re)) {
173  // merge
174  stream->sack_size -= (tr->re - tr->le);
175  stream->sack_size -= (sa->re - sa->le);
176  sa->le = tr->le;
177  stream->sack_size += (sa->re - sa->le);
178  SCLogDebug("-> (bwd) tr %p %u/%u REMOVED MERGED", tr, tr->le, tr->re);
179  TCPSACK_RB_REMOVE(tree, tr);
180  StreamTcpSackRecordFree(tr);
181  }
182  }
183 }
184 
185 static int Insert(TcpStream *stream, struct TCPSACK *tree, uint32_t le, uint32_t re)
186 {
187  SCLogDebug("inserting: %u-%u", le, re);
188 
189  struct StreamTcpSackRecord *sa = StreamTcpSackRecordAlloc();
190  if (unlikely(sa == NULL))
191  return -1;
192  sa->le = le;
193  sa->re = re;
194  struct StreamTcpSackRecord *res = TCPSACK_RB_INSERT(tree, sa);
195  if (res) {
196  // exact overlap
197  SCLogDebug("* insert failed: exact match in tree with %p %u/%u", res, res->le, res->re);
198  StreamTcpSackRecordFree(sa);
199  return 0;
200  }
201  stream->sack_size += (re - le);
202  ConsolidateBackward(stream, tree, sa);
203  ConsolidateFwd(stream, tree, sa);
204  return 0;
205 }
206 
207 /**
208  * \brief insert a SACK range
209  *
210  * \param le left edge in host order
211  * \param re right edge in host order
212  *
213  * \retval 0 all is good
214  * \retval -1 error
215  */
216 static int StreamTcpSackInsertRange(TcpStream *stream, uint32_t le, uint32_t re)
217 {
218  SCLogDebug("le %u, re %u", le, re);
219 #ifdef DEBUG
220  StreamTcpSackPrintList(stream);
221 #endif
222 
223  /* if to the left of last_ack then ignore */
224  if (SEQ_LT(re, stream->last_ack)) {
225  SCLogDebug("too far left. discarding");
226  SCReturnInt(0);
227  }
228  /* if to the right of the tcp window then ignore */
229  if (SEQ_GT(le, (stream->last_ack + stream->window))) {
230  SCLogDebug("too far right. discarding");
231  SCReturnInt(0);
232  }
233 
234  if (Insert(stream, &stream->sack_tree, le, re) < 0)
235  SCReturnInt(-1);
236 
237  SCReturnInt(0);
238 }
239 
240 /**
241  * \brief Update stream with SACK records from a TCP packet.
242  *
243  * \param stream The stream to update.
244  * \param p packet to get the SACK records from
245  *
246  * \retval -1 error
247  * \retval 0 ok
248  */
249 int StreamTcpSackUpdatePacket(TcpStream *stream, Packet *p)
250 {
251  SCEnter();
252 
253  const int records = TCP_GET_SACK_CNT(p);
254  const uint8_t *data = TCP_GET_SACK_PTR(p);
255 
256  if (records == 0 || data == NULL)
257  SCReturnInt(0);
258 
259  TCPOptSackRecord rec[records], *sack_rec = rec;
260  memcpy(&rec, data, sizeof(TCPOptSackRecord) * records);
261 
262  uint32_t first_le = 0;
263  uint32_t first_re = 0;
264 
265  for (int record = 0; record < records; record++) {
266  const uint32_t le = SCNtohl(sack_rec->le);
267  const uint32_t re = SCNtohl(sack_rec->re);
268 
269  if (!first_le)
270  first_le = le;
271  if (!first_re)
272  first_re = re;
273 
274  SCLogDebug("%p last_ack %u, left edge %u, right edge %u pkt ACK %u", sack_rec,
275  stream->last_ack, le, re, TCP_GET_ACK(p));
276 
277  /* RFC 2883 D-SACK */
278  if (SEQ_LT(le, TCP_GET_ACK(p))) {
279  SCLogDebug("packet: %" PRIu64 ": D-SACK? %u-%u before ACK %u", p->pcap_cnt, le, re,
280  TCP_GET_ACK(p));
281  STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_DSACK);
282  goto next;
283  } else if (record == 1) { // 2nd record
284  if (SEQ_GEQ(first_le, le) && SEQ_LEQ(first_re, re)) {
285  SCLogDebug("packet: %" PRIu64 ": D-SACK? %u-%u inside 2nd range %u-%u ACK %u",
286  p->pcap_cnt, first_le, first_re, le, re, TCP_GET_ACK(p));
287  STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_DSACK);
288  }
289  goto next;
290  }
291 
292  if (SEQ_LEQ(re, stream->last_ack)) {
293  SCLogDebug("record before last_ack");
294  goto next;
295  }
296 
297  if (SEQ_GT(re, stream->next_win)) {
298  SCLogDebug("record %u:%u beyond next_win %u",
299  le, re, stream->next_win);
300  goto next;
301  }
302 
303  if (SEQ_GEQ(le, re)) {
304  SCLogDebug("invalid record: le >= re");
305  goto next;
306  }
307 
308  if (StreamTcpSackInsertRange(stream, le, re) == -1) {
309  SCReturnInt(-1);
310  }
311 
312  next:
313  sack_rec++;
314  }
315  StreamTcpSackPruneList(stream);
316 #ifdef DEBUG
317  StreamTcpSackPrintList(stream);
318 #endif
319  SCReturnInt(0);
320 }
321 
322 static inline int CompareOverlap(
323  struct StreamTcpSackRecord *lookup, struct StreamTcpSackRecord *intree)
324 {
325  if (lookup->re <= intree->le) // entirely before
326  return -1;
327  else if (lookup->re >= intree->le && lookup->le < intree->re) // (some) overlap
328  return 0;
329  else
330  return 1; // entirely after
331 }
332 
333 static struct StreamTcpSackRecord *FindOverlap(
334  struct TCPSACK *head, struct StreamTcpSackRecord *elm)
335 {
336  SCLogDebug("looking up le:%u re:%u", elm->le, elm->re);
337 
338  struct StreamTcpSackRecord *tmp = RB_ROOT(head);
339  struct StreamTcpSackRecord *res = NULL;
340  while (tmp) {
341  SCLogDebug("compare with le:%u re:%u", tmp->le, tmp->re);
342  const int comp = CompareOverlap(elm, tmp);
343  SCLogDebug("compare result: %d", comp);
344  if (comp < 0) {
345  res = tmp;
346  tmp = RB_LEFT(tmp, rb);
347  } else if (comp > 0) {
348  tmp = RB_RIGHT(tmp, rb);
349  } else {
350  return tmp;
351  }
352  }
353  return res;
354 }
355 
356 bool StreamTcpSackPacketIsOutdated(TcpStream *stream, Packet *p)
357 {
358  const int records = TCP_GET_SACK_CNT(p);
359  const uint8_t *data = TCP_GET_SACK_PTR(p);
360  if (records > 0 && data != NULL) {
361  int sack_outdated = 0;
362  TCPOptSackRecord rec[records], *sack_rec = rec;
363  memcpy(&rec, data, sizeof(TCPOptSackRecord) * records);
364  for (int record = 0; record < records; record++) {
365  const uint32_t le = SCNtohl(sack_rec->le);
366  const uint32_t re = SCNtohl(sack_rec->re);
367  SCLogDebug("%p last_ack %u, left edge %u, right edge %u", sack_rec, stream->last_ack,
368  le, re);
369 
370  struct StreamTcpSackRecord lookup = { .le = le, .re = re };
371  struct StreamTcpSackRecord *res = FindOverlap(&stream->sack_tree, &lookup);
372  SCLogDebug("res %p", res);
373  if (res) {
374  if (le >= res->le && re <= res->re) {
375  SCLogDebug("SACK rec le:%u re:%u eclipsed by in tree le:%u re:%u", le, re,
376  res->le, res->re);
377  sack_outdated++;
378  } else {
379  SCLogDebug("SACK rec le:%u re:%u SACKs new DATA vs in tree le:%u re:%u", le, re,
380  res->le, res->re);
381  }
382  } else {
383  SCLogDebug("SACK rec le:%u re:%u SACKs new DATA. No match in tree", le, re);
384  }
385  sack_rec++;
386  }
387 #ifdef DEBUG
388  StreamTcpSackPrintList(stream);
389 #endif
390  if (records != sack_outdated) {
391  // SACK tree needs updating
392  return false;
393  } else {
394  // SACK list is packet is completely outdated
395  return true;
396  }
397  }
398  return false;
399 }
400 
401 void StreamTcpSackPruneList(TcpStream *stream)
402 {
403  SCEnter();
404 
405  StreamTcpSackRecord *rec = NULL, *safe = NULL;
406  RB_FOREACH_SAFE(rec, TCPSACK, &stream->sack_tree, safe) {
407  if (SEQ_LT(rec->re, stream->last_ack)) {
408  SCLogDebug("removing le %u re %u", rec->le, rec->re);
409  stream->sack_size -= (rec->re - rec->le);
410  TCPSACK_RB_REMOVE(&stream->sack_tree, rec);
411  StreamTcpSackRecordFree(rec);
412 
413  } else if (SEQ_LT(rec->le, stream->last_ack)) {
414  SCLogDebug("adjusting record to le %u re %u", rec->le, rec->re);
415  /* last ack inside this record, update */
416  stream->sack_size -= (rec->re - rec->le);
417  rec->le = stream->last_ack;
418  stream->sack_size += (rec->re - rec->le);
419  break;
420  } else {
421  SCLogDebug("record beyond last_ack, nothing to do. Bailing out.");
422  break;
423  }
424  }
425 #ifdef DEBUG
426  StreamTcpSackPrintList(stream);
427 #endif
428  SCReturn;
429 }
430 
431 /**
432  * \brief Free SACK tree from a stream
433  *
434  * \param stream Stream to cleanup
435  */
436 void StreamTcpSackFreeList(TcpStream *stream)
437 {
438  SCEnter();
439 
440  StreamTcpSackRecord *rec = NULL, *safe = NULL;
441  RB_FOREACH_SAFE(rec, TCPSACK, &stream->sack_tree, safe) {
442  stream->sack_size -= (rec->re - rec->le);
443  TCPSACK_RB_REMOVE(&stream->sack_tree, rec);
444  StreamTcpSackRecordFree(rec);
445  }
446 
447  SCReturn;
448 }
449 
450 
451 #ifdef UNITTESTS
452 
453 /**
454  * \test Test the insertion of SACK ranges.
455  *
456  * \retval On success it returns 1 and on failure 0.
457  */
458 
459 static int StreamTcpSackTest01 (void)
460 {
461  TcpStream stream;
462  memset(&stream, 0, sizeof(stream));
463  stream.window = 100;
464 
465  StreamTcpSackInsertRange(&stream, 1, 10);
466  FAIL_IF_NOT(stream.sack_size == 9);
467  StreamTcpSackInsertRange(&stream, 10, 20);
468  FAIL_IF_NOT(stream.sack_size == 19);
469  StreamTcpSackInsertRange(&stream, 10, 20);
470  FAIL_IF_NOT(stream.sack_size == 19);
471  StreamTcpSackInsertRange(&stream, 1, 20);
472  FAIL_IF_NOT(stream.sack_size == 19);
473 #ifdef DEBUG
474  StreamTcpSackPrintList(&stream);
475 #endif /* DEBUG */
476 
477  StreamTcpSackRecord *rec = RB_MIN(TCPSACK, &stream.sack_tree);
478  FAIL_IF_NULL(rec);
479 
480  FAIL_IF(rec->le != 1);
481  FAIL_IF(rec->re != 20);
482 
483  FAIL_IF(StreamTcpSackedSize(&stream) != 19);
484  StreamTcpSackFreeList(&stream);
485  PASS;
486 }
487 
488 /**
489  * \test Test the insertion of SACK ranges.
490  *
491  * \retval On success it returns 1 and on failure 0.
492  */
493 
494 static int StreamTcpSackTest02 (void)
495 {
496  TcpStream stream;
497  memset(&stream, 0, sizeof(stream));
498  stream.window = 100;
499 
500  StreamTcpSackInsertRange(&stream, 10, 20);
501  StreamTcpSackInsertRange(&stream, 1, 20);
502 #ifdef DEBUG
503  StreamTcpSackPrintList(&stream);
504 #endif /* DEBUG */
505 
506  StreamTcpSackRecord *rec = RB_MIN(TCPSACK, &stream.sack_tree);
507  FAIL_IF_NULL(rec);
508 
509  FAIL_IF(rec->le != 1);
510  FAIL_IF(rec->re != 20);
511 
512  FAIL_IF(StreamTcpSackedSize(&stream) != 19);
513  StreamTcpSackFreeList(&stream);
514  PASS;
515 }
516 
517 /**
518  * \test Test the insertion of SACK ranges.
519  *
520  * \retval On success it returns 1 and on failure 0.
521  */
522 
523 static int StreamTcpSackTest03 (void)
524 {
525  TcpStream stream;
526  memset(&stream, 0, sizeof(stream));
527  stream.window = 100;
528 
529  StreamTcpSackInsertRange(&stream, 10, 20);
530  StreamTcpSackInsertRange(&stream, 5, 15);
531 #ifdef DEBUG
532  StreamTcpSackPrintList(&stream);
533 #endif /* DEBUG */
534  StreamTcpSackInsertRange(&stream, 15, 25);
535 #ifdef DEBUG
536  StreamTcpSackPrintList(&stream);
537 #endif /* DEBUG */
538 
539  StreamTcpSackRecord *rec = RB_MIN(TCPSACK, &stream.sack_tree);
540  FAIL_IF_NULL(rec);
541 
542  FAIL_IF(rec->le != 5);
543  FAIL_IF(rec->re != 25);
544 
545  FAIL_IF(StreamTcpSackedSize(&stream) != 20);
546  StreamTcpSackFreeList(&stream);
547  PASS;
548 }
549 
550 /**
551  * \test Test the insertion of SACK ranges.
552  *
553  * \retval On success it returns 1 and on failure 0.
554  */
555 
556 static int StreamTcpSackTest04 (void)
557 {
558  TcpStream stream;
559  memset(&stream, 0, sizeof(stream));
560  stream.window = 100;
561 
562  StreamTcpSackInsertRange(&stream, 0, 20);
563  StreamTcpSackInsertRange(&stream, 30, 50);
564  StreamTcpSackInsertRange(&stream, 10, 25);
565 #ifdef DEBUG
566  StreamTcpSackPrintList(&stream);
567 #endif /* DEBUG */
568 
569  StreamTcpSackRecord *rec = RB_MIN(TCPSACK, &stream.sack_tree);
570  FAIL_IF_NULL(rec);
571 
572  FAIL_IF(rec->le != 0);
573  FAIL_IF(rec->re != 25);
574 
575  FAIL_IF(StreamTcpSackedSize(&stream) != 45);
576  StreamTcpSackFreeList(&stream);
577  PASS;
578 }
579 
580 /**
581  * \test Test the insertion of SACK ranges.
582  *
583  * \retval On success it returns 1 and on failure 0.
584  */
585 
586 static int StreamTcpSackTest05 (void)
587 {
588  TcpStream stream;
589  memset(&stream, 0, sizeof(stream));
590  stream.window = 100;
591 
592  StreamTcpSackInsertRange(&stream, 0, 20);
593  StreamTcpSackInsertRange(&stream, 30, 50);
594  StreamTcpSackInsertRange(&stream, 10, 35);
595 #ifdef DEBUG
596  StreamTcpSackPrintList(&stream);
597 #endif /* DEBUG */
598 
599  StreamTcpSackRecord *rec = RB_MIN(TCPSACK, &stream.sack_tree);
600  FAIL_IF_NULL(rec);
601 
602  FAIL_IF(rec->le != 0);
603  FAIL_IF(rec->re != 50);
604 
605  FAIL_IF(StreamTcpSackedSize(&stream) != 50);
606  StreamTcpSackFreeList(&stream);
607  PASS;
608 }
609 
610 /**
611  * \test Test the insertion of SACK ranges.
612  *
613  * \retval On success it returns 1 and on failure 0.
614  */
615 
616 static int StreamTcpSackTest06 (void)
617 {
618  TcpStream stream;
619  memset(&stream, 0, sizeof(stream));
620  stream.window = 100;
621 
622  StreamTcpSackInsertRange(&stream, 0, 9);
623  StreamTcpSackInsertRange(&stream, 11, 19);
624  StreamTcpSackInsertRange(&stream, 21, 29);
625  StreamTcpSackInsertRange(&stream, 31, 39);
626  StreamTcpSackInsertRange(&stream, 0, 40);
627 #ifdef DEBUG
628  StreamTcpSackPrintList(&stream);
629 #endif /* DEBUG */
630 
631  StreamTcpSackRecord *rec = RB_MIN(TCPSACK, &stream.sack_tree);
632  FAIL_IF_NULL(rec);
633 
634  FAIL_IF(rec->le != 0);
635  FAIL_IF(rec->re != 40);
636 
637  FAIL_IF(StreamTcpSackedSize(&stream) != 40);
638  StreamTcpSackFreeList(&stream);
639  PASS;
640 }
641 
642 /**
643  * \test Test the pruning of SACK ranges.
644  *
645  * \retval On success it returns 1 and on failure 0.
646  */
647 
648 static int StreamTcpSackTest07 (void)
649 {
650  TcpStream stream;
651  memset(&stream, 0, sizeof(stream));
652  stream.window = 100;
653 
654  StreamTcpSackInsertRange(&stream, 0, 9);
655  StreamTcpSackInsertRange(&stream, 11, 19);
656  StreamTcpSackInsertRange(&stream, 21, 29);
657  StreamTcpSackInsertRange(&stream, 31, 39);
658  StreamTcpSackInsertRange(&stream, 0, 40);
659 #ifdef DEBUG
660  StreamTcpSackPrintList(&stream);
661 #endif /* DEBUG */
662 
663  StreamTcpSackRecord *rec = RB_MIN(TCPSACK, &stream.sack_tree);
664  FAIL_IF_NULL(rec);
665  FAIL_IF(rec->le != 0);
666  FAIL_IF(rec->re != 40);
667  FAIL_IF(StreamTcpSackedSize(&stream) != 40);
668 
669  stream.last_ack = 10;
670  StreamTcpSackPruneList(&stream);
671  FAIL_IF(StreamTcpSackedSize(&stream) != 30);
672 
673  StreamTcpSackFreeList(&stream);
674  PASS;
675 }
676 
677 /**
678  * \test Test the pruning of SACK ranges.
679  *
680  * \retval On success it returns 1 and on failure 0.
681  */
682 
683 static int StreamTcpSackTest08 (void)
684 {
685  TcpStream stream;
686  memset(&stream, 0, sizeof(stream));
687  stream.window = 100;
688 
689  StreamTcpSackInsertRange(&stream, 0, 9);
690  StreamTcpSackInsertRange(&stream, 11, 19);
691  StreamTcpSackInsertRange(&stream, 21, 29);
692  StreamTcpSackInsertRange(&stream, 31, 39);
693  StreamTcpSackInsertRange(&stream, 0, 40);
694 #ifdef DEBUG
695  StreamTcpSackPrintList(&stream);
696 #endif /* DEBUG */
697 
698  StreamTcpSackRecord *rec = RB_MIN(TCPSACK, &stream.sack_tree);
699  FAIL_IF_NULL(rec);
700  FAIL_IF(rec->le != 0);
701  FAIL_IF(rec->re != 40);
702  FAIL_IF(StreamTcpSackedSize(&stream) != 40);
703 
704  stream.last_ack = 41;
705  StreamTcpSackPruneList(&stream);
706  FAIL_IF(StreamTcpSackedSize(&stream) != 0);
707 
708  StreamTcpSackFreeList(&stream);
709  PASS;
710 }
711 
712 /**
713  * \test Test the pruning of SACK ranges.
714  *
715  * \retval On success it returns 1 and on failure 0.
716  */
717 
718 static int StreamTcpSackTest09 (void)
719 {
720  TcpStream stream;
721  memset(&stream, 0, sizeof(stream));
722  stream.window = 100;
723 
724  StreamTcpSackInsertRange(&stream, 0, 9);
725  StreamTcpSackInsertRange(&stream, 11, 19);
726  StreamTcpSackInsertRange(&stream, 21, 29);
727  StreamTcpSackInsertRange(&stream, 31, 39);
728  StreamTcpSackInsertRange(&stream, 0, 40);
729 
730 #ifdef DEBUG
731  StreamTcpSackPrintList(&stream);
732 #endif /* DEBUG */
733 
734  StreamTcpSackRecord *rec = RB_MIN(TCPSACK, &stream.sack_tree);
735  FAIL_IF_NULL(rec);
736  FAIL_IF(rec->le != 0);
737  FAIL_IF(rec->re != 40);
738  FAIL_IF(StreamTcpSackedSize(&stream) != 40);
739 
740  stream.last_ack = 39;
741  StreamTcpSackPruneList(&stream);
742  FAIL_IF(StreamTcpSackedSize(&stream) != 1);
743 
744  StreamTcpSackFreeList(&stream);
745  PASS;
746 }
747 
748 /**
749  * \test Test the pruning of SACK ranges.
750  *
751  * \retval On success it returns 1 and on failure 0.
752  */
753 
754 static int StreamTcpSackTest10 (void)
755 {
756  TcpStream stream;
757  memset(&stream, 0, sizeof(stream));
758  stream.window = 1000;
759 
760  StreamTcpSackInsertRange(&stream, 100, 119);
761  StreamTcpSackInsertRange(&stream, 111, 119);
762  StreamTcpSackInsertRange(&stream, 121, 129);
763  StreamTcpSackInsertRange(&stream, 131, 139);
764  StreamTcpSackInsertRange(&stream, 100, 140);
765 #ifdef DEBUG
766  StreamTcpSackPrintList(&stream);
767 #endif /* DEBUG */
768 
769  StreamTcpSackRecord *rec = RB_MIN(TCPSACK, &stream.sack_tree);
770  FAIL_IF_NULL(rec);
771  FAIL_IF(rec->le != 100);
772  FAIL_IF(rec->re != 140);
773  FAIL_IF(StreamTcpSackedSize(&stream) != 40);
774 
775  stream.last_ack = 99;
776  StreamTcpSackPruneList(&stream);
777  FAIL_IF(StreamTcpSackedSize(&stream) != 40);
778 
779  StreamTcpSackFreeList(&stream);
780  PASS;
781 }
782 
783 /**
784  * \test Test the pruning of SACK ranges.
785  *
786  * \retval On success it returns 1 and on failure 0.
787  */
788 
789 static int StreamTcpSackTest11 (void)
790 {
791  TcpStream stream;
792  memset(&stream, 0, sizeof(stream));
793  stream.window = 1000;
794 
795  StreamTcpSackInsertRange(&stream, 100, 119);
796  StreamTcpSackInsertRange(&stream, 111, 119);
797  StreamTcpSackInsertRange(&stream, 121, 129);
798  StreamTcpSackInsertRange(&stream, 131, 139);
799  StreamTcpSackInsertRange(&stream, 101, 140);
800 #ifdef DEBUG
801  StreamTcpSackPrintList(&stream);
802 #endif /* DEBUG */
803 
804  StreamTcpSackRecord *rec = RB_MIN(TCPSACK, &stream.sack_tree);
805  FAIL_IF_NULL(rec);
806  FAIL_IF(rec->le != 100);
807  FAIL_IF(rec->re != 140);
808  FAIL_IF(StreamTcpSackedSize(&stream) != 40);
809 
810  stream.last_ack = 99;
811  StreamTcpSackPruneList(&stream);
812  FAIL_IF(StreamTcpSackedSize(&stream) != 40);
813 
814  StreamTcpSackFreeList(&stream);
815  PASS;
816 }
817 
818 /**
819  * \test Test the pruning of SACK ranges.
820  *
821  * \retval On success it returns 1 and on failure 0.
822  */
823 
824 static int StreamTcpSackTest12 (void)
825 {
826  TcpStream stream;
827  memset(&stream, 0, sizeof(stream));
828  stream.window = 2000;
829 
830  StreamTcpSackInsertRange(&stream, 800, 1000);
831  StreamTcpSackInsertRange(&stream, 700, 900);
832  StreamTcpSackInsertRange(&stream, 600, 800);
833  StreamTcpSackInsertRange(&stream, 500, 700);
834  StreamTcpSackInsertRange(&stream, 100, 600);
835 #ifdef DEBUG
836  StreamTcpSackPrintList(&stream);
837 #endif /* DEBUG */
838 
839  StreamTcpSackRecord *rec = RB_MIN(TCPSACK, &stream.sack_tree);
840  FAIL_IF_NULL(rec);
841  FAIL_IF(rec->le != 100);
842  FAIL_IF(rec->re != 1000);
843  FAIL_IF(StreamTcpSackedSize(&stream) != 900);
844 
845  StreamTcpSackInsertRange(&stream, 0, 1000);
846  FAIL_IF(StreamTcpSackedSize(&stream) != 1000);
847 
848  stream.last_ack = 500;
849  StreamTcpSackPruneList(&stream);
850  FAIL_IF(StreamTcpSackedSize(&stream) != 500);
851 
852  StreamTcpSackFreeList(&stream);
853  PASS;
854 }
855 
856 /**
857  * \test Test the insertion on out of window condition.
858  *
859  * \retval On success it returns 1 and on failure 0.
860  */
861 
862 static int StreamTcpSackTest13 (void) {
863  TcpStream stream;
864  memset(&stream, 0, sizeof(stream));
865  stream.last_ack = 10000;
866  stream.window = 2000;
867 
868  for (int i = 0; i < 10; i++) {
869  StreamTcpSackInsertRange(&stream, 100+(20*i), 110+(20*i));
870  }
871 #ifdef DEBUG
872  StreamTcpSackPrintList(&stream);
873 #endif /* DEBUG */
874 
875  FAIL_IF(StreamTcpSackedSize(&stream) != 0);
876 
877  StreamTcpSackFreeList(&stream);
878  PASS;
879 }
880 
881 /**
882  * \test Test the insertion of out of window condition.
883  *
884  * \retval On success it returns 1 and on failure 0.
885  */
886 
887 static int StreamTcpSackTest14 (void) {
888  TcpStream stream;
889  memset(&stream, 0, sizeof(stream));
890  stream.last_ack = 1000;
891  stream.window = 2000;
892 
893  for (int i = 0; i < 10; i++) {
894  StreamTcpSackInsertRange(&stream, 4000+(20*i), 4010+(20*i));
895  }
896 #ifdef DEBUG
897  StreamTcpSackPrintList(&stream);
898 #endif /* DEBUG */
899 
900  FAIL_IF(StreamTcpSackedSize(&stream) != 0);
901 
902  StreamTcpSackFreeList(&stream);
903  PASS;
904 }
905 
906 #endif /* UNITTESTS */
907 
908 void StreamTcpSackRegisterTests (void)
909 {
910 #ifdef UNITTESTS
911  UtRegisterTest("StreamTcpSackTest01 -- Insertion", StreamTcpSackTest01);
912  UtRegisterTest("StreamTcpSackTest02 -- Insertion", StreamTcpSackTest02);
913  UtRegisterTest("StreamTcpSackTest03 -- Insertion", StreamTcpSackTest03);
914  UtRegisterTest("StreamTcpSackTest04 -- Insertion", StreamTcpSackTest04);
915  UtRegisterTest("StreamTcpSackTest05 -- Insertion", StreamTcpSackTest05);
916  UtRegisterTest("StreamTcpSackTest06 -- Insertion", StreamTcpSackTest06);
917  UtRegisterTest("StreamTcpSackTest07 -- Pruning", StreamTcpSackTest07);
918  UtRegisterTest("StreamTcpSackTest08 -- Pruning", StreamTcpSackTest08);
919  UtRegisterTest("StreamTcpSackTest09 -- Pruning", StreamTcpSackTest09);
920  UtRegisterTest("StreamTcpSackTest10 -- Pruning", StreamTcpSackTest10);
921  UtRegisterTest("StreamTcpSackTest11 -- Insertion && Pruning",
922  StreamTcpSackTest11);
923  UtRegisterTest("StreamTcpSackTest12 -- Insertion && Pruning",
924  StreamTcpSackTest12);
925  UtRegisterTest("StreamTcpSackTest13 -- Insertion out of window",
926  StreamTcpSackTest13);
927  UtRegisterTest("StreamTcpSackTest14 -- Insertion out of window",
928  StreamTcpSackTest14);
929 #endif
930 }
StreamTcpIncrMemuse
void StreamTcpIncrMemuse(uint64_t size)
Definition: stream-tcp.c:228
TcpStream_
Definition: stream-tcp-private.h:106
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
stream-tcp.h
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition: decode.h:607
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
StreamTcpSackFreeList
void StreamTcpSackFreeList(TcpStream *stream)
Free SACK tree from a stream.
Definition: stream-tcp-sack.c:436
STREAM_PKT_FLAG_DSACK
#define STREAM_PKT_FLAG_DSACK
Definition: stream-tcp-private.h:318
RB_LEFT
#define RB_LEFT(elm, field)
Definition: tree.h:322
StreamTcpSackRegisterTests
void StreamTcpSackRegisterTests(void)
Definition: stream-tcp-sack.c:908
RB_MIN
#define RB_MIN(name, x)
Definition: tree.h:778
util-unittest.h
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
StreamTcpSackRecord::le
uint32_t le
Definition: stream-tcp-private.h:47
TcpSackCompare
int TcpSackCompare(struct StreamTcpSackRecord *a, struct StreamTcpSackRecord *b)
Definition: stream-tcp-sack.c:34
TcpStream_::last_ack
uint32_t last_ack
Definition: stream-tcp-private.h:115
StreamTcpCheckMemcap
int StreamTcpCheckMemcap(uint64_t size)
Check if alloc'ing "size" would mean we're over memcap.
Definition: stream-tcp.c:268
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
RB_ROOT
#define RB_ROOT(head)
Definition: tree.h:326
RB_FOREACH_SAFE
#define RB_FOREACH_SAFE(x, name, head, y)
Definition: tree.h:791
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
TcpStream_::sack_tree
struct TCPSACK sack_tree
Definition: stream-tcp-private.h:141
TcpStream_::next_win
uint32_t next_win
Definition: stream-tcp-private.h:116
RB_FOREACH
#define RB_FOREACH(x, name, head)
Definition: tree.h:781
SCReturn
#define SCReturn
Definition: util-debug.h:273
Packet_
Definition: decode.h:437
TCP_GET_SACK_CNT
#define TCP_GET_SACK_CNT(p)
Definition: decode-tcp.h:106
StreamTcpSackUpdatePacket
int StreamTcpSackUpdatePacket(TcpStream *stream, Packet *p)
Update stream with SACK records from a TCP packet.
Definition: stream-tcp-sack.c:249
stream-tcp-sack.h
stream-tcp-private.h
TcpStream_::window
uint32_t window
Definition: stream-tcp-private.h:117
TCPOptSackRecord_
Definition: decode-tcp.h:136
TcpStream_::sack_size
uint32_t sack_size
Definition: stream-tcp-private.h:139
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
SEQ_GEQ
#define SEQ_GEQ(a, b)
Definition: stream-tcp-private.h:260
StreamTcpSackPacketIsOutdated
bool StreamTcpSackPacketIsOutdated(TcpStream *stream, Packet *p)
Definition: stream-tcp-sack.c:356
suricata-common.h
SEQ_GT
#define SEQ_GT(a, b)
Definition: stream-tcp-private.h:259
RB_GENERATE
RB_GENERATE(TCPSACK, StreamTcpSackRecord, rb, TcpSackCompare)
TCPOptSackRecord_::le
uint32_t le
Definition: decode-tcp.h:137
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
TCPOptSackRecord_::re
uint32_t re
Definition: decode-tcp.h:138
TCP_GET_SACK_PTR
#define TCP_GET_SACK_PTR(p)
Definition: decode-tcp.h:105
RB_RIGHT
#define RB_RIGHT(elm, field)
Definition: tree.h:323
head
Flow * head
Definition: flow-hash.h:1
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:413
SEQ_LT
#define SEQ_LT(a, b)
Definition: stream-tcp-private.h:257
SEQ_EQ
#define SEQ_EQ(a, b)
Definition: stream-tcp-private.h:256
STREAM_PKT_FLAG_SET
#define STREAM_PKT_FLAG_SET(p, f)
Definition: stream-tcp-private.h:324
SEQ_LEQ
#define SEQ_LEQ(a, b)
Definition: stream-tcp-private.h:258
RB_FOREACH_REVERSE_FROM
#define RB_FOREACH_REVERSE_FROM(x, name, y)
Definition: tree.h:801
TCP_GET_ACK
#define TCP_GET_ACK(p)
Definition: decode-tcp.h:115
RB_FOREACH_FROM
#define RB_FOREACH_FROM(x, name, y)
Definition: tree.h:786
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
StreamTcpSackRecord::re
uint32_t re
Definition: stream-tcp-private.h:48
StreamTcpDecrMemuse
void StreamTcpDecrMemuse(uint64_t size)
Definition: stream-tcp.c:235
StreamTcpSackRecord
Definition: stream-tcp-private.h:46
StreamTcpSackPruneList
void StreamTcpSackPruneList(TcpStream *stream)
Definition: stream-tcp-sack.c:401