#include "suricata-common.h"
#include "suricata.h"
#include "decode.h"
#include "debug.h"
#include "detect.h"
#include "flow.h"
#include "flow-util.h"
#include "conf.h"
#include "conf-yaml-loader.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-threads.h"
#include "util-pool.h"
#include "util-pool-thread.h"
#include "util-checksum.h"
#include "util-unittest.h"
#include "util-print.h"
#include "util-debug.h"
#include "util-device.h"
#include "stream-tcp-private.h"
#include "stream-tcp-reassemble.h"
#include "stream-tcp.h"
#include "stream-tcp-inline.h"
#include "stream-tcp-sack.h"
#include "stream-tcp-util.h"
#include "stream.h"
#include "pkt-var.h"
#include "host.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-protos.h"
#include "app-layer-htp-mem.h"
#include "util-host-os-info.h"
#include "util-privs.h"
#include "util-profiling.h"
#include "util-misc.h"
#include "util-validate.h"
#include "util-runmodes.h"
#include "util-random.h"
#include "source-pcap-file.h"

Include dependency graph for stream-tcp.c:

Macros
#define	STREAMTCP_DEFAULT_PREALLOC 2048

#define	STREAMTCP_DEFAULT_MEMCAP (32 * 1024 * 1024) /* 32mb */

#define	STREAMTCP_DEFAULT_REASSEMBLY_MEMCAP (64 * 1024 * 1024) /* 64mb */

#define	STREAMTCP_DEFAULT_TOSERVER_CHUNK_SIZE 2560

#define	STREAMTCP_DEFAULT_TOCLIENT_CHUNK_SIZE 2560

#define	STREAMTCP_DEFAULT_MAX_SYNACK_QUEUED 5

#define	STREAMTCP_NEW_TIMEOUT 60

#define	STREAMTCP_EST_TIMEOUT 3600

#define	STREAMTCP_CLOSED_TIMEOUT 120

#define	STREAMTCP_EMERG_NEW_TIMEOUT 10

#define	STREAMTCP_EMERG_EST_TIMEOUT 300

#define	STREAMTCP_EMERG_CLOSED_TIMEOUT 20

#define	StreamTcpUpdateLastAck(ssn, stream, ack)
	macro to update last_ack only if the new value is higher More...

#define	StreamTcpAsyncLastAckUpdate(ssn, stream)

#define	StreamTcpUpdateNextSeq(ssn, stream, seq)

#define	StreamTcpUpdateNextWin(ssn, stream, win)
	macro to update next_win only if the new value is higher More...

#define	PSEUDO_PKT_SET_IPV4HDR(nipv4h, ipv4h)

#define	PSEUDO_PKT_SET_IPV6HDR(nipv6h, ipv6h)

#define	PSEUDO_PKT_SET_TCPHDR(ntcph, tcph)

#define	SET_ISN(stream, setseq)

Functions
void	StreamTcpReturnStreamSegments (TcpStream *)
	return all segments in this stream into the pool(s) More...

void	StreamTcpInitConfig (char quiet)
	To initialize the stream global configuration data. More...

int	StreamTcpGetFlowState (void *)

void	StreamTcpSetOSPolicy (TcpStream stream, Packet p)
	Function to set the OS policy for the given stream based on the destination of the received packet. More...

void	StreamTcpPseudoPacketCreateStreamEndPacket (ThreadVars tv, StreamTcpThread stt, Packet p, TcpSession ssn, PacketQueue *pq)
	Create a pseudo packet injected into the engine to signal the opposing direction of this stream to wrap up stream reassembly. More...

uint64_t	StreamTcpReassembleMemuseGlobalCounter (void)

	SC_ATOMIC_DECLARE (uint64_t, st_memuse)

void	StreamTcpInitMemuse (void)

void	StreamTcpIncrMemuse (uint64_t size)

void	StreamTcpDecrMemuse (uint64_t size)

uint64_t	StreamTcpMemuseCounter (void)

int	StreamTcpCheckMemcap (uint64_t size)
	Check if alloc'ing "size" would mean we're over memcap. More...

int	StreamTcpSetMemcap (uint64_t size)
	Update memcap value. More...

uint64_t	StreamTcpGetMemcap (void)
	Return memcap value. More...

void	StreamTcpStreamCleanup (TcpStream *stream)

void	StreamTcpSessionCleanup (TcpSession *ssn)
	Session cleanup function. Does not free the ssn. More...

void	StreamTcpSessionClear (void *ssnptr)
	Function to return the stream back to the pool. It returns the segments in the stream to the segment pool. More...

void	StreamTcpSessionPktFree (Packet *p)
	Function to return the stream segments back to the pool. More...

int	StreamTcpInlineDropInvalid (void)
	See if stream engine is dropping invalid packet in inline mode. More...

void	StreamTcpFreeConfig (char quiet)

int	StreamTcpPacket (ThreadVars tv, Packet p, StreamTcpThread stt, PacketQueue pq)

int	TcpSessionPacketSsnReuse (const Packet p, const Flow f, const void *tcp_ssn)

TmEcode	StreamTcp (ThreadVars tv, Packet p, void data, PacketQueue pq, PacketQueue *postpq)

TmEcode	StreamTcpThreadInit (ThreadVars tv, void initdata, void **data)

TmEcode	StreamTcpThreadDeinit (ThreadVars tv, void data)

void	StreamTcpSetSessionNoReassemblyFlag (TcpSession *ssn, char direction)
	disable reassembly More...

void	StreamTcpSetDisableRawReassemblyFlag (TcpSession *ssn, char direction)
	Set the No reassembly flag for the given direction in given TCP session. More...

void	StreamTcpSetSessionBypassFlag (TcpSession *ssn)
	enable bypass More...

Packet *	StreamTcpPseudoSetup (Packet parent, uint8_t pkt, uint32_t len)
	Function to fetch a packet from the packet allocation queue for creation of the pseudo packet from the reassembled stream. More...

void	StreamTcpDetectLogFlush (ThreadVars tv, StreamTcpThread stt, Flow f, Packet p, PacketQueue *pq)
	create packets in both directions to flush out logging and detection before switching protocols. In IDS mode, create first in packet dir, 2nd in opposing In IPS mode, do the reverse. Flag TCP engine that data needs to be inspected regardless of how far we are wrt inspect limits. More...

int	StreamTcpSegmentForEach (const Packet p, uint8_t flag, StreamSegmentCallback CallbackFunc, void data)
	Run callback function on each TCP segment. More...

int	StreamTcpBypassEnabled (void)

int	StreamTcpInlineMode (void)
	See if stream engine is operating in inline mode. More...

void	TcpSessionSetReassemblyDepth (TcpSession *ssn, uint32_t size)

void	StreamTcpRegisterTests (void)

Variables
int	g_detect_disabled

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t; Gurvinder Singh gurvi.nosp@m.nder.nosp@m.singh.nosp@m.dahi.nosp@m.ya@gm.nosp@m.ail..nosp@m.com

TCP stream tracking and reassembly engine.

Todo:

4WHS: what if after the 2nd SYN we turn out to be normal 3WHS anyway?

Definition in file stream-tcp.c.

Macro Definition Documentation

#define PSEUDO_PKT_SET_IPV4HDR	(	nipv4h,
		ipv4h
	)

Value:

do { \
        IPV4_SET_RAW_VER(nipv4h, IPV4_GET_RAW_VER(ipv4h)); \
        IPV4_SET_RAW_HLEN(nipv4h, IPV4_GET_RAW_HLEN(ipv4h)); \
        IPV4_SET_RAW_IPLEN(nipv4h, IPV4_GET_RAW_IPLEN(ipv4h)); \
        IPV4_SET_RAW_IPTOS(nipv4h, IPV4_GET_RAW_IPTOS(ipv4h)); \
        IPV4_SET_RAW_IPPROTO(nipv4h, IPV4_GET_RAW_IPPROTO(ipv4h)); \
        (nipv4h)->s_ip_src = IPV4_GET_RAW_IPDST(ipv4h); \
        (nipv4h)->s_ip_dst = IPV4_GET_RAW_IPSRC(ipv4h); \
    } while (0)

Definition at line 5817 of file stream-tcp.c.

Referenced by StreamTcpPseudoSetup().

#define PSEUDO_PKT_SET_IPV6HDR	(	nipv6h,
		ipv6h
	)

Value:

do { \
        (nipv6h)->s_ip6_src[0] = (ipv6h)->s_ip6_dst[0]; \
        (nipv6h)->s_ip6_src[1] = (ipv6h)->s_ip6_dst[1]; \
        (nipv6h)->s_ip6_src[2] = (ipv6h)->s_ip6_dst[2]; \
        (nipv6h)->s_ip6_src[3] = (ipv6h)->s_ip6_dst[3]; \
        (nipv6h)->s_ip6_dst[0] = (ipv6h)->s_ip6_src[0]; \
        (nipv6h)->s_ip6_dst[1] = (ipv6h)->s_ip6_src[1]; \
        (nipv6h)->s_ip6_dst[2] = (ipv6h)->s_ip6_src[2]; \
        (nipv6h)->s_ip6_dst[3] = (ipv6h)->s_ip6_src[3]; \
        IPV6_SET_RAW_NH(nipv6h, IPV6_GET_RAW_NH(ipv6h));    \
    } while (0)

Definition at line 5827 of file stream-tcp.c.

Referenced by StreamTcpPseudoSetup().

#define PSEUDO_PKT_SET_TCPHDR	(	ntcph,
		tcph
	)

Value:

do { \
        COPY_PORT((tcph)->th_dport, (ntcph)->th_sport); \
        COPY_PORT((tcph)->th_sport, (ntcph)->th_dport); \
        (ntcph)->th_seq = (tcph)->th_ack; \
        (ntcph)->th_ack = (tcph)->th_seq; \
    } while (0)

Definition at line 5839 of file stream-tcp.c.

Referenced by StreamTcpPseudoSetup().

#define SET_ISN	(	stream,
		setseq
	)

Value:

(stream)->isn = (setseq); \

(stream)->base_seq = (setseq) + 1

Definition at line 6303 of file stream-tcp.c.

#define STREAMTCP_CLOSED_TIMEOUT 120

Definition at line 91 of file stream-tcp.c.

#define STREAMTCP_DEFAULT_MAX_SYNACK_QUEUED 5

Definition at line 87 of file stream-tcp.c.

Referenced by StreamTcpInitConfig().

#define STREAMTCP_DEFAULT_MEMCAP (32 * 1024 * 1024) /* 32mb */

Definition at line 83 of file stream-tcp.c.

Referenced by StreamTcpInitConfig().

#define STREAMTCP_DEFAULT_PREALLOC 2048

Definition at line 82 of file stream-tcp.c.

Referenced by StreamTcpInitConfig().

#define STREAMTCP_DEFAULT_REASSEMBLY_MEMCAP (64 * 1024 * 1024) /* 64mb */

Definition at line 84 of file stream-tcp.c.

Referenced by StreamTcpInitConfig().

#define STREAMTCP_DEFAULT_TOCLIENT_CHUNK_SIZE 2560

Definition at line 86 of file stream-tcp.c.

Referenced by StreamTcpInitConfig().

#define STREAMTCP_DEFAULT_TOSERVER_CHUNK_SIZE 2560

Definition at line 85 of file stream-tcp.c.

Referenced by StreamTcpInitConfig().

#define STREAMTCP_EMERG_CLOSED_TIMEOUT 20

Definition at line 95 of file stream-tcp.c.

#define STREAMTCP_EMERG_EST_TIMEOUT 300

Definition at line 94 of file stream-tcp.c.

#define STREAMTCP_EMERG_NEW_TIMEOUT 10

Definition at line 93 of file stream-tcp.c.

#define STREAMTCP_EST_TIMEOUT 3600

Definition at line 90 of file stream-tcp.c.

#define STREAMTCP_NEW_TIMEOUT 60

Definition at line 89 of file stream-tcp.c.

#define StreamTcpAsyncLastAckUpdate	(	ssn,
		stream
	)

Value:

{                              \
    if ((ssn)->flags & STREAMTCP_FLAG_ASYNC) {                                  \
        if (SEQ_GT((stream)->next_seq, (stream)->last_ack)) {                   \
            uint32_t ack_diff = (stream)->next_seq - (stream)->last_ack;        \
            (stream)->last_ack += ack_diff;                                     \
            SCLogDebug("ssn %p: ASYNC last_ack set to %"PRIu32", moved %u forward",     \
                    (ssn), (stream)->next_seq, ack_diff);                               \
        }                                                                       \
    }                                                                           \
}

Definition at line 828 of file stream-tcp.c.

#define StreamTcpUpdateLastAck	(	ssn,
		stream,
		ack
	)

Value:

{ \
    if (SEQ_GT((ack), (stream)->last_ack)) \
    { \
        SCLogDebug("ssn %p: last_ack set to %"PRIu32", moved %u forward", (ssn), (ack), (ack) - (stream)->last_ack); \
        if ((SEQ_LEQ((stream)->last_ack, (stream)->next_seq) && SEQ_GT((ack),(stream)->next_seq))) { \
            SCLogDebug("last_ack just passed next_seq: %u (was %u) > %u", (ack), (stream)->last_ack, (stream)->next_seq); \
        } else { \
            SCLogDebug("next_seq (%u) <> last_ack now %d", (stream)->next_seq, (int)(stream)->next_seq - (ack)); \
        }\
        (stream)->last_ack = (ack); \
        StreamTcpSackPruneList((stream)); \
    } else { \
        SCLogDebug("ssn %p: no update: ack %u, last_ack %"PRIu32", next_seq %u (state %u)", \
                    (ssn), (ack), (stream)->last_ack, (stream)->next_seq, (ssn)->state); \
    }\
}

macro to update last_ack only if the new value is higher

Parameters

ssn	session
stream	stream to update
ack	ACK value to test and set

Definition at line 811 of file stream-tcp.c.

#define StreamTcpUpdateNextSeq	(	ssn,
		stream,
		seq
	)

Value:

{                      \
    (stream)->next_seq = seq;                                           \
    SCLogDebug("ssn %p: next_seq %" PRIu32, (ssn), (stream)->next_seq); \
    StreamTcpAsyncLastAckUpdate((ssn), (stream));                       \
}

Definition at line 839 of file stream-tcp.c.

#define StreamTcpUpdateNextWin	(	ssn,
		stream,
		win
	)

Value:

{ \
    uint32_t sacked_size__ = StreamTcpSackedSize((stream)); \
    if (SEQ_GT(((win) + sacked_size__), (stream)->next_win)) { \
        (stream)->next_win = ((win) + sacked_size__); \
        SCLogDebug("ssn %p: next_win set to %"PRIu32, (ssn), (stream)->next_win); \
    } \
}

macro to update next_win only if the new value is higher

Parameters

ssn	session
stream	stream to update
win	window value to test and set

Definition at line 852 of file stream-tcp.c.

Function Documentation

SC_ATOMIC_DECLARE	(	uint64_t	,
		st_memuse
	)

TmEcode StreamTcp	(	ThreadVars *	tv,
		Packet *	p,
		void *	data,
		PacketQueue *	pq,
		PacketQueue *	postpq
	)

Definition at line 5103 of file stream-tcp.c.

References TcpReassemblyThreadCtx_::app_tctx, StreamTcpThread_::counter_tcp_invalid_checksum, StreamTcpThread_::counter_tcp_no_flow, TcpStreamCnf_::flags, Packet_::flags, Packet_::flow, Packet_::pcap_cnt, PKT_IGNORE_CHECKSUM, PKT_IS_TCP, PKT_PSEUDO_STREAM_END, StreamTcpThread_::ra_ctx, SCLogDebug, StatsIncr(), stream_config, STREAMTCP_INIT_FLAG_CHECKSUM_VALIDATION, StreamTcpPacket(), and TM_ECODE_OK.

Here is the call graph for this function:

int StreamTcpBypassEnabled ( void )

Definition at line 6275 of file stream-tcp.c.

References TcpStreamCnf_::flags, stream_config, and STREAMTCP_INIT_FLAG_BYPASS.

Referenced by StreamTcpPacket().

Here is the caller graph for this function:

int StreamTcpCheckMemcap ( uint64_t size )

Check if alloc'ing "size" would mean we're over memcap.

Return values

1	if in bounds
0	if not in bounds

Definition at line 168 of file stream-tcp.c.

References SC_ATOMIC_GET, and stream_config.

Referenced by StreamTcpSessionPktFree(), and TcpSackCompare().

Here is the caller graph for this function:

void StreamTcpDecrMemuse ( uint64_t size )

Definition at line 135 of file stream-tcp.c.

References BUG_ON, RunmodeIsUnittests(), SC_ATOMIC_GET, SC_ATOMIC_SUB, SCLogDebug, and StreamTcpMemuseCounter().

Referenced by StreamTcpSessionCleanup(), StreamTcpSessionPktFree(), and TcpSackCompare().

Here is the call graph for this function:

Here is the caller graph for this function:

void StreamTcpDetectLogFlush	(	ThreadVars *	tv,
		StreamTcpThread *	stt,
		Flow *	f,
		Packet *	p,
		PacketQueue *	pq
	)

create packets in both directions to flush out logging and detection before switching protocols. In IDS mode, create first in packet dir, 2nd in opposing In IPS mode, do the reverse. Flag TCP engine that data needs to be inspected regardless of how far we are wrt inspect limits.

Definition at line 6209 of file stream-tcp.c.

References TcpSession_::client, TcpStream_::flags, PKT_IS_TOSERVER, Flow_::protoctx, TcpSession_::server, STREAMTCP_STREAM_FLAG_TRIGGER_RAW, StreamTcpInlineMode(), and ts.

Here is the call graph for this function:

void StreamTcpFreeConfig ( char quiet )

Definition at line 669 of file stream-tcp.c.

References TcpSession_::client, TcpStream_::flags, Packet_::flow, FLOW_STATE_CLOSED, FLOW_STATE_ESTABLISHED, FlowUpdateState(), PKT_IS_PSEUDOPKT, PKT_IS_TOCLIENT, PKT_IS_TOSERVER, PoolThreadFree(), PoolThreadGetById(), Flow_::protoctx, TcpSession_::pstate, TcpStreamCnf_::reassembly_depth, TcpSession_::reassembly_depth, TcpStream_::sb, TcpStreamCnf_::sbcnf, SC_ATOMIC_DESTROY, SCLogDebug, SCMutexDestroy, SCMutexLock, SCMutexUnlock, TcpSession_::server, TcpSession_::state, stream_config, TcpStreamCnf_::stream_init_flags, STREAMING_BUFFER_INITIALIZER, StreamTcpReassembleFree(), TCP_CLOSE_WAIT, TCP_CLOSED, TCP_CLOSING, TCP_ESTABLISHED, TCP_FIN_WAIT1, TCP_FIN_WAIT2, TcpStream_::tcp_flags, TCP_LAST_ACK, TCP_NONE, TcpSession_::tcp_packet_flags, TCP_TIME_WAIT, and Packet_::tcph.

Here is the call graph for this function:

Here is the caller graph for this function:

int StreamTcpGetFlowState ( void * )

uint64_t StreamTcpGetMemcap ( void )

Return memcap value.

Parameters

memcap memcap value

Definition at line 196 of file stream-tcp.c.

References SC_ATOMIC_GET, and stream_config.

Referenced by RunModeUnixSocketGetDefaultMode().

Here is the caller graph for this function:

void StreamTcpIncrMemuse ( uint64_t size )

Definition at line 128 of file stream-tcp.c.

References SC_ATOMIC_ADD, SCLogDebug, and StreamTcpMemuseCounter().

Referenced by StreamTcpSessionPktFree(), and TcpSackCompare().

Here is the call graph for this function:

Here is the caller graph for this function:

void StreamTcpInitConfig ( char quiet )

To initialize the stream global configuration data.

Parameters

quiet It tells the mode of operation, if it is TRUE nothing will be get printed.

Definition at line 365 of file stream-tcp.c.

References TcpStreamCnf_::async_oneside, ConfGetBool(), ConfGetInt(), ConfGetNode(), ConfGetValue(), EngineModeIsIPS(), TcpStreamCnf_::flags, FlowSetProtoFreeFunc(), TcpStreamCnf_::max_synack_queued, TcpStreamCnf_::midstream, ParseSizeStringU16(), ParseSizeStringU32(), ParseSizeStringU64(), PoolThreadInit(), TcpStreamCnf_::prealloc_sessions, TcpStreamCnf_::reassembly_depth, TcpStreamCnf_::reassembly_toclient_chunk_size, TcpStreamCnf_::reassembly_toserver_chunk_size, RunmodeIsUnittests(), SC_ATOMIC_GET, SC_ATOMIC_INIT, SC_ATOMIC_SET, SC_ERR_INVALID_VALUE, SC_ERR_SIZE_PARSE, SC_WARN_OPTION_OBSOLETE, SCLogDebug, SCLogError, SCLogWarning, SCMutexLock, SCMutexUnlock, StatsRegisterGlobalCounter(), stream_config, TcpStreamCnf_::stream_init_flags, STREAMTCP_DEFAULT_MAX_SYNACK_QUEUED, STREAMTCP_DEFAULT_MEMCAP, STREAMTCP_DEFAULT_PREALLOC, STREAMTCP_DEFAULT_REASSEMBLY_MEMCAP, STREAMTCP_DEFAULT_TOCLIENT_CHUNK_SIZE, STREAMTCP_DEFAULT_TOSERVER_CHUNK_SIZE, STREAMTCP_INIT_FLAG_BYPASS, STREAMTCP_INIT_FLAG_CHECKSUM_VALIDATION, STREAMTCP_INIT_FLAG_DROP_INVALID, STREAMTCP_INIT_FLAG_INLINE, STREAMTCP_STREAM_FLAG_DISABLE_RAW, StreamTcpInitMemuse(), StreamTcpMemuseCounter(), StreamTcpReassembleInit(), StreamTcpSessionClear(), and WarnInvalidConfEntry.

Here is the call graph for this function:

Here is the caller graph for this function:

void StreamTcpInitMemuse ( void )

Definition at line 123 of file stream-tcp.c.

References SC_ATOMIC_INIT.

Referenced by StreamTcpInitConfig(), and UtRunTests().

Here is the caller graph for this function:

int StreamTcpInlineDropInvalid ( void )

See if stream engine is dropping invalid packet in inline mode.

Return values

0	no
1	yes

Definition at line 339 of file stream-tcp.c.

References TcpStreamCnf_::flags, RandomGet(), stream_config, STREAMTCP_INIT_FLAG_DROP_INVALID, and STREAMTCP_INIT_FLAG_INLINE.

Referenced by StreamTcpPacket().

Here is the call graph for this function:

Here is the caller graph for this function:

int StreamTcpInlineMode ( void )

See if stream engine is operating in inline mode.

Return values

0	no
1	yes

Definition at line 6286 of file stream-tcp.c.

References TcpStreamCnf_::flags, stream_config, and STREAMTCP_INIT_FLAG_INLINE.

Referenced by AppLayerIncTxCounter(), StreamNeedsReassembly(), StreamReassembleRaw(), StreamReassembleRawHasDataReady(), StreamTcpAppLayerIsDisabled(), StreamTcpDetectLogFlush(), StreamTcpReassembleHandleSegment(), StreamTcpReassembleInsertSegment(), and TcpSegmentCompare().

Here is the caller graph for this function:

uint64_t StreamTcpMemuseCounter ( void )

Definition at line 156 of file stream-tcp.c.

References SC_ATOMIC_GET.

Referenced by RunModeUnixSocketGetDefaultMode(), StreamTcpDecrMemuse(), StreamTcpIncrMemuse(), StreamTcpInitConfig(), and UtRunTests().

Here is the caller graph for this function:

int StreamTcpPacket	(	ThreadVars *	tv,
		Packet *	p,
		StreamTcpThread *	stt,
		PacketQueue *	pq
	)

Definition at line 4674 of file stream-tcp.c.

References Flow_::alproto, TcpStreamCnf_::async_oneside, TcpSession_::client, StreamTcpThread_::counter_tcp_rst, StreamTcpThread_::counter_tcp_syn, StreamTcpThread_::counter_tcp_synack, StreamTcpThread_::counter_tcp_wrong_thread, DEBUG_ASSERT_FLOW_LOCKED, DecodeSetNoPacketInspectionFlag, DecodeSetNoPayloadInspectionFlag, TcpStream_::flags, TcpSession_::flags, Flow_::flags, Packet_::flags, Packet_::flow, FLOW_WRONG_THREAD, FlowGetPacketDirection(), g_detect_disabled, ThreadVars_::id, Packet_::ip4h, Packet_::ip6h, TcpStream_::isn, TcpStream_::last_ack, PacketQueue_::len, Packet_::level4_comp_csum, Packet_::livedev, TcpStreamCnf_::midstream, PACKET_DROP, PacketBypassCallback(), PacketDequeue(), PacketEnqueue(), Packet_::payload_len, Packet_::pcap_cnt, PcapIncreaseInvalidChecksum(), PKT_IGNORE_CHECKSUM, PKT_IS_IPV4, PKT_IS_IPV6, PKT_IS_TOCLIENT, PKT_IS_TOSERVER, PKT_PSEUDO_STREAM_END, Packet_::pkt_src, PKT_SRC_WIRE, PKT_STREAM_EST, PKT_STREAM_MODIFIED, PKT_STREAM_NO_EVENTS, PKT_STREAM_NOPCAPLOG, Flow_::protoctx, StreamTcpThread_::pseudo_queue, StreamTcpThread_::ra_ctx, ReCalculateChecksum(), SC_ATOMIC_ADD, SCEnter, SCLogDebug, SCReturnInt, SEQ_EQ, TcpSession_::server, TcpSession_::state, StatsIncr(), stream_config, STREAM_PKT_BROKEN_ACK, STREAM_WRONG_THREAD, STREAMTCP_FLAG_ASYNC, STREAMTCP_FLAG_BYPASS, STREAMTCP_STREAM_FLAG_DEPTH_REACHED, STREAMTCP_STREAM_FLAG_GAP, STREAMTCP_STREAM_FLAG_NOREASSEMBLY, StreamTcpBypassEnabled(), StreamTcpDisableAppLayer(), StreamTcpInlineDropInvalid(), StreamTcpReassembleHandleSegment(), StreamTcpSessionPktFree(), StreamTcpSetEvent, TCP_ESTABLISHED, TcpStream_::tcp_flags, TCP_GET_ACK, TCP_GET_HLEN, TCP_GET_SEQ, TCP_LAST_ACK, TCP_NONE, TcpSession_::tcp_packet_flags, Packet_::tcph, TH_ACK, TH_RST, TH_SYN, Flow_::thread_id, TOCLIENT, TOSERVER, TRUE, and unlikely.

Referenced by StreamTcp().

Here is the call graph for this function:

Here is the caller graph for this function:

void StreamTcpPseudoPacketCreateStreamEndPacket	(	ThreadVars *	tv,
		StreamTcpThread *	stt,
		Packet *	p,
		TcpSession *	ssn,
		PacketQueue *	pq
	)

Create a pseudo packet injected into the engine to signal the opposing direction of this stream to wrap up stream reassembly.

Parameters

p	real packet
pq	packet queue to store the new pseudo packet in

Definition at line 5949 of file stream-tcp.c.

References BUG_ON, TcpSession_::client, StreamTcpThread_::counter_tcp_pseudo, StreamTcpThread_::counter_tcp_pseudo_failed, Packet_::datalink, DecodeSetNoPacketInspectionFlag, DecodeSetNoPayloadInspectionFlag, Flow_::dp, Packet_::dp, Flow_::dst, Packet_::dst, Flow_::flags, Packet_::flags, Packet_::flow, FLOW_COPY_IPV4_ADDR_TO_PACKET, FLOW_COPY_IPV6_ADDR_TO_PACKET, FLOW_IS_IPV4, FLOW_IS_IPV6, FLOW_NOPACKET_INSPECTION, FLOW_NOPAYLOAD_INSPECTION, FLOW_PKT_ESTABLISHED, FLOW_PKT_TOCLIENT, FLOW_PKT_TOSERVER, Packet_::flowflags, GET_PKT_DATA, GET_PKT_DIRECT_MAX_SIZE, GET_PKT_LEN, Packet_::ip4h, Packet_::ip6h, IPV4Hdr_::ip_id, IPV4Hdr_::ip_len, IPV4Hdr_::ip_off, IPV4Hdr_::ip_proto, IPV4Hdr_::ip_tos, IPV4Hdr_::ip_ttl, IPV4Hdr_::ip_verhl, TcpStream_::last_ack, Flow_::livedev, Packet_::livedev, TcpStream_::next_seq, PacketCallocExtPkt(), PacketEnqueue(), PacketPoolGetPacket(), Packet_::payload, Packet_::payload_len, PKT_HAS_FLOW, PKT_IGNORE_CHECKSUM, PKT_IS_TOCLIENT, PKT_IS_TOSERVER, PKT_NOPACKET_INSPECTION, PKT_NOPAYLOAD_INSPECTION, PKT_PSEUDO_DETECTLOG_FLUSH, PKT_PSEUDO_STREAM_END, PKT_SET_SRC, PKT_SRC_STREAM_TCP_DETECTLOG_FLUSH, PKT_SRC_STREAM_TCP_STREAM_END_PSEUDO, PKT_STREAM_EOF, PKT_STREAM_EST, Packet_::proto, RB_EMPTY, SCEnter, SCLogDebug, SCReturn, TcpStream_::seg_tree, TcpSession_::server, SET_PKT_LEN, Flow_::sp, Packet_::sp, Flow_::src, Packet_::src, StatsIncr(), StreamTcpPseudoSetup(), Packet_::tcph, Flow_::tenant_id, Packet_::tenant_id, TH_ACK, Packet_::ts, Flow_::vlan_id, Packet_::vlan_id, Flow_::vlan_idx, and Packet_::vlan_idx.

Here is the call graph for this function:

Packet* StreamTcpPseudoSetup	(	Packet *	parent,
		uint8_t *	pkt,
		uint32_t	len
	)

Function to fetch a packet from the packet allocation queue for creation of the pseudo packet from the reassembled stream.

Parameters

parent	Pointer to the parent of the pseudo packet
pkt	pointer to the raw packet of the parent
len	length of the packet

Returns: upon success returns the pointer to the new pseudo packet otherwise NULL

Definition at line 5856 of file stream-tcp.c.

References Packet_::datalink, Packet_::dp, Packet_::dst, Packet_::flow, GET_PKT_DATA, GET_PKT_LEN, Packet_::ip4h, Packet_::ip6h, IPV4_GET_HLEN, IPV4_GET_IPLEN, IPV6_GET_PLEN, IPV6_HEADER_LEN, PacketCopyData(), PacketGetFromQueueOrAlloc(), Packet_::payload, Packet_::payload_len, PKT_IS_IPV4, PKT_IS_IPV6, Packet_::proto, PSEUDO_PKT_SET_IPV4HDR, PSEUDO_PKT_SET_IPV6HDR, PSEUDO_PKT_SET_TCPHDR, Packet_::recursion_level, Packet_::root, SCEnter, SCReturnPtr, SET_IPV4_DST_ADDR, SET_IPV4_SRC_ADDR, SET_IPV6_DST_ADDR, SET_IPV6_SRC_ADDR, SET_TCP_DST_PORT, SET_TCP_SRC_PORT, SET_TUNNEL_PKT, Packet_::sp, Packet_::src, Packet_::tcph, Packet_::ts, and TUNNEL_INCR_PKT_TPR.

Referenced by StreamTcpPseudoPacketCreateStreamEndPacket().

Here is the call graph for this function:

Here is the caller graph for this function:

uint64_t StreamTcpReassembleMemuseGlobalCounter ( void )

Definition at line 132 of file stream-tcp-reassemble.c.

void StreamTcpRegisterTests ( void )

Definition at line 10761 of file stream-tcp.c.

References StreamTcpReassembleRegisterTests(), StreamTcpSackRegisterTests(), and UtRegisterTest().

Here is the call graph for this function:

void StreamTcpReturnStreamSegments ( TcpStream * stream )

return all segments in this stream into the pool(s)

Parameters

stream the stream to cleanup

Definition at line 315 of file stream-tcp-reassemble.c.

References offset, RB_FOREACH_SAFE, RB_REMOVE, TcpSegment::sbseg, TcpStream_::seg_tree, and StreamTcpSegmentReturntoPool().

Referenced by StreamTcpPruneSession(), StreamTcpSessionPktFree(), and StreamTcpStreamCleanup().

Here is the call graph for this function:

Here is the caller graph for this function:

int StreamTcpSegmentForEach	(	const Packet *	p,
		uint8_t	flag,
		StreamSegmentCallback	CallbackFunc,
		void *	data
	)

Run callback function on each TCP segment.

Note: when stream engine is running in inline mode all segments are used, in IDS/non-inline mode only ack'd segments are iterated.; Must be called under flow lock.

Returns: -1 in case of error, the number of segment in case of success

Definition at line 6231 of file stream-tcp.c.

References TcpSession_::client, TcpStreamCnf_::flags, Packet_::flow, FLOW_PKT_TOSERVER, TcpStream_::last_ack, Flow_::protoctx, RB_FOREACH, TcpStream_::sb, TcpSegment::sbseg, SCLogDebug, TcpStream_::seg_tree, TcpSegment::seq, SEQ_LT, TcpSession_::server, stream_config, StreamingBufferSegmentGetData(), and STREAMTCP_INIT_FLAG_INLINE.

Referenced by StreamSegmentForEach().

Here is the call graph for this function:

Here is the caller graph for this function:

void StreamTcpSessionCleanup ( TcpSession * ssn )

Session cleanup function. Does not free the ssn.

Parameters

ssn	tcp session

Definition at line 215 of file stream-tcp.c.

References TcpSession_::client, TcpStateQueue_::next, TcpSession_::queue, TcpSession_::queue_len, SCEnter, SCFree, SCReturn, TcpSession_::server, StreamTcpDecrMemuse(), and StreamTcpStreamCleanup().

Referenced by StreamTcpSessionClear(), StreamTcpSessionPktFree(), StreamTcpUTClearSession(), and UTHRemoveSessionFromFlow().

Here is the call graph for this function:

Here is the caller graph for this function:

void StreamTcpSessionClear ( void * ssnptr )

Function to return the stream back to the pool. It returns the segments in the stream to the segment pool.

This function is called when the flow is destroyed, so it should free everything related to the tcp session. So including the app layer data. We are guaranteed to only get here when the flow's use_cnt is 0.

Parameters

ssn	Void ptr to the ssn.

Definition at line 249 of file stream-tcp.c.

References PoolThreadReturn(), TcpSession_::res, SCEnter, SCMutexLock, SCMutexUnlock, SCReturn, and StreamTcpSessionCleanup().

Referenced by StreamTcpInitConfig().

Here is the call graph for this function:

Here is the caller graph for this function:

void StreamTcpSessionPktFree ( Packet * p )

Function to return the stream segments back to the pool.

We don't clear out the app layer storage here as that is under protection of the "use_cnt" reference counter in the flow. This function is called when the use_cnt is always at least 1 (this pkt has incremented the flow use_cnt itself), so we don't bother.

Parameters

p	Packet used to identify the stream.

Definition at line 283 of file stream-tcp.c.

References TcpSession_::client, Packet_::flow, Flow_::protoctx, SCEnter, SCMalloc, SCReturn, TcpSession_::server, StreamTcpCheckMemcap(), StreamTcpDecrMemuse(), StreamTcpIncrMemuse(), StreamTcpReturnStreamSegments(), StreamTcpSessionCleanup(), and unlikely.

Referenced by StreamTcpPacket().

Here is the call graph for this function:

Here is the caller graph for this function:

void StreamTcpSetDisableRawReassemblyFlag	(	TcpSession *	ssn,
		char	direction
	)

Set the No reassembly flag for the given direction in given TCP session.

Parameters

ssn	TCP Session to set the flag in
direction	direction to set the flag in: 0 toserver, 1 toclient

Definition at line 5801 of file stream-tcp.c.

References TcpSession_::client, TcpStream_::flags, TcpSession_::server, and STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED.

Referenced by AppLayerParserParse().

Here is the caller graph for this function:

int StreamTcpSetMemcap ( uint64_t size )

Update memcap value.

Parameters

size	new memcap value

Definition at line 181 of file stream-tcp.c.

References SC_ATOMIC_GET, SC_ATOMIC_SET, and stream_config.

Referenced by RunModeUnixSocketGetDefaultMode().

Here is the caller graph for this function:

void StreamTcpSetOSPolicy	(	TcpStream *	stream,
		Packet *	p
	)

Function to set the OS policy for the given stream based on the destination of the received packet.

Parameters

stream	TcpStream of which os_policy needs to set
p	Packet which is used to set the os policy

Definition at line 770 of file stream-tcp.c.

References GET_IPV4_DST_ADDR_PTR, GET_IPV6_DST_ADDR, TcpStream_::os_policy, OS_POLICY_BSD, OS_POLICY_BSD_RIGHT, OS_POLICY_DEFAULT, OS_POLICY_OLD_SOLARIS, OS_POLICY_SOLARIS, PKT_IS_IPV4, PKT_IS_IPV6, SCHInfoGetIPv4HostOSFlavour(), SCHInfoGetIPv6HostOSFlavour(), and SCLogDebug.

Referenced by StreamTcpReassembleHandleSegmentHandleData(), and StreamTcpThreadDeinit().

Here is the call graph for this function:

Here is the caller graph for this function:

void StreamTcpSetSessionBypassFlag ( TcpSession * ssn )

enable bypass

Parameters

ssn	TCP Session to set the flag in
direction	direction to set the flag in: 0 toserver, 1 toclient

Definition at line 5812 of file stream-tcp.c.

References TcpSession_::flags, and STREAMTCP_FLAG_BYPASS.

Referenced by AppLayerParserParse().

Here is the caller graph for this function:

void StreamTcpSetSessionNoReassemblyFlag	(	TcpSession *	ssn,
		char	direction
	)

disable reassembly

Disable app layer and set raw inspect to no longer accept new data. Stream engine will then fully disable raw after last inspection.

Parameters

ssn	TCP Session to set the flag in
direction	direction to set the flag in: 0 toserver, 1 toclient

Definition at line 5785 of file stream-tcp.c.

References TcpSession_::client, TcpStream_::flags, TcpSession_::flags, TcpSession_::server, STREAMTCP_FLAG_APP_LAYER_DISABLED, and STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED.

Referenced by AppLayerParserParse().

Here is the caller graph for this function:

void StreamTcpStreamCleanup ( TcpStream * stream )

Definition at line 202 of file stream-tcp.c.

References TcpStream_::sb, StreamingBufferClear(), StreamTcpReturnStreamSegments(), and StreamTcpSackFreeList().

Referenced by StreamTcpSessionCleanup(), and StreamTcpUTClearStream().

Here is the call graph for this function:

Here is the caller graph for this function:

TmEcode StreamTcpThreadDeinit	(	ThreadVars *	tv,
		void *	data
	)

Definition at line 5212 of file stream-tcp.c.

References TcpSession_::client, TcpStream_::flags, TcpSession_::flags, TcpStream_::isn, TcpStream_::last_ack, TcpStream_::last_pkt_ts, TcpStream_::last_ts, TcpStream_::next_seq, TcpStream_::next_win, TcpStream_::os_policy, OS_POLICY_BSD, OS_POLICY_FIRST, OS_POLICY_HPUX10, OS_POLICY_HPUX11, OS_POLICY_IRIX, OS_POLICY_LAST, OS_POLICY_LINUX, OS_POLICY_MACOS, OS_POLICY_OLD_LINUX, OS_POLICY_SOLARIS, OS_POLICY_VISTA, OS_POLICY_WINDOWS, OS_POLICY_WINDOWS2K3, PAWS_24DAYS, Packet_::payload_len, PKT_IS_TOCLIENT, PKT_IS_TOSERVER, StreamTcpThread_::ra_ctx, SCEnter, SCFree, SCLogDebug, SCReturnInt, SEQ_EQ, SEQ_GEQ, SEQ_GT, SEQ_LEQ, SEQ_LT, TcpSession_::server, TcpSession_::state, STREAM_PKT_INVALID_ACK, STREAM_PKT_INVALID_TIMESTAMP, STREAM_RST_INVALID_ACK, STREAMTCP_FLAG_ASYNC, STREAMTCP_FLAG_MIDSTREAM, STREAMTCP_FLAG_TIMESTAMP, STREAMTCP_STREAM_FLAG_ZERO_TIMESTAMP, StreamTcpReassembleFreeThreadCtx(), StreamTcpSetEvent, StreamTcpSetOSPolicy(), TCP_GET_ACK, TCP_GET_SEQ, TCP_GET_TSVAL, TCP_HAS_TS, TCP_SYN_SENT, Packet_::tcph, TH_ACK, TH_RST, TM_ECODE_OK, ts, Packet_::ts, and TcpStream_::window.

Here is the call graph for this function:

TmEcode StreamTcpThreadInit	(	ThreadVars *	tv,
		void *	initdata,
		void **	data
	)

Definition at line 5139 of file stream-tcp.c.

Here is the call graph for this function:

int TcpSessionPacketSsnReuse	(	const Packet *	p,
		const Flow *	f,
		const void *	tcp_ssn
	)

Definition at line 5091 of file stream-tcp.c.

References Packet_::proto, and Packet_::tcph.

void TcpSessionSetReassemblyDepth	(	TcpSession *	ssn,
		uint32_t	size
	)

Definition at line 6292 of file stream-tcp.c.

References TcpSession_::reassembly_depth.

Referenced by AppLayerIncTxCounter(), and DetectFilestoreRegister().

Here is the caller graph for this function:

Variable Documentation

int g_detect_disabled

global indicating if detection is enabled

Definition at line 216 of file suricata.c.

Referenced by RegisterAllModules(), and StreamTcpPacket().

Macros

Functions

Variables

Detailed Description

Macro Definition Documentation

Function Documentation

Variable Documentation