suricata
Macros | Functions | Variables
stream-tcp.c File Reference
#include "suricata-common.h"
#include "suricata.h"
#include "decode.h"
#include "debug.h"
#include "detect.h"
#include "flow.h"
#include "flow-util.h"
#include "conf.h"
#include "conf-yaml-loader.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-threads.h"
#include "util-pool.h"
#include "util-pool-thread.h"
#include "util-checksum.h"
#include "util-unittest.h"
#include "util-print.h"
#include "util-debug.h"
#include "util-device.h"
#include "stream-tcp-private.h"
#include "stream-tcp-reassemble.h"
#include "stream-tcp.h"
#include "stream-tcp-inline.h"
#include "stream-tcp-sack.h"
#include "stream-tcp-util.h"
#include "stream.h"
#include "pkt-var.h"
#include "host.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-protos.h"
#include "app-layer-htp-mem.h"
#include "util-host-os-info.h"
#include "util-privs.h"
#include "util-profiling.h"
#include "util-misc.h"
#include "util-validate.h"
#include "util-runmodes.h"
#include "util-random.h"
#include "source-pcap-file.h"
Include dependency graph for stream-tcp.c:

Go to the source code of this file.

Macros

#define STREAMTCP_DEFAULT_PREALLOC   2048
 
#define STREAMTCP_DEFAULT_MEMCAP   (32 * 1024 * 1024) /* 32mb */
 
#define STREAMTCP_DEFAULT_REASSEMBLY_MEMCAP   (64 * 1024 * 1024) /* 64mb */
 
#define STREAMTCP_DEFAULT_TOSERVER_CHUNK_SIZE   2560
 
#define STREAMTCP_DEFAULT_TOCLIENT_CHUNK_SIZE   2560
 
#define STREAMTCP_DEFAULT_MAX_SYNACK_QUEUED   5
 
#define STREAMTCP_NEW_TIMEOUT   60
 
#define STREAMTCP_EST_TIMEOUT   3600
 
#define STREAMTCP_CLOSED_TIMEOUT   120
 
#define STREAMTCP_EMERG_NEW_TIMEOUT   10
 
#define STREAMTCP_EMERG_EST_TIMEOUT   300
 
#define STREAMTCP_EMERG_CLOSED_TIMEOUT   20
 
#define StreamTcpUpdateLastAck(ssn, stream, ack)
 macro to update last_ack only if the new value is higher More...
 
#define StreamTcpAsyncLastAckUpdate(ssn, stream)
 
#define StreamTcpUpdateNextSeq(ssn, stream, seq)
 
#define StreamTcpUpdateNextWin(ssn, stream, win)
 macro to update next_win only if the new value is higher More...
 
#define PSEUDO_PKT_SET_IPV4HDR(nipv4h, ipv4h)
 
#define PSEUDO_PKT_SET_IPV6HDR(nipv6h, ipv6h)
 
#define PSEUDO_PKT_SET_TCPHDR(ntcph, tcph)
 
#define SET_ISN(stream, setseq)
 

Functions

void StreamTcpReturnStreamSegments (TcpStream *)
 return all segments in this stream into the pool(s) More...
 
void StreamTcpInitConfig (char quiet)
 To initialize the stream global configuration data. More...
 
int StreamTcpGetFlowState (void *)
 
void StreamTcpSetOSPolicy (TcpStream *stream, Packet *p)
 Function to set the OS policy for the given stream based on the destination of the received packet. More...
 
uint64_t StreamTcpReassembleMemuseGlobalCounter (void)
 
 SC_ATOMIC_DECLARE (uint64_t, st_memuse)
 
void StreamTcpInitMemuse (void)
 
void StreamTcpIncrMemuse (uint64_t size)
 
void StreamTcpDecrMemuse (uint64_t size)
 
uint64_t StreamTcpMemuseCounter (void)
 
int StreamTcpCheckMemcap (uint64_t size)
 Check if alloc'ing "size" would mean we're over memcap. More...
 
int StreamTcpSetMemcap (uint64_t size)
 Update memcap value. More...
 
uint64_t StreamTcpGetMemcap (void)
 Return memcap value. More...
 
void StreamTcpStreamCleanup (TcpStream *stream)
 
void StreamTcpSessionCleanup (TcpSession *ssn)
 Session cleanup function. Does not free the ssn. More...
 
void StreamTcpSessionClear (void *ssnptr)
 Function to return the stream back to the pool. It returns the segments in the stream to the segment pool. More...
 
void StreamTcpSessionPktFree (Packet *p)
 Function to return the stream segments back to the pool. More...
 
int StreamTcpInlineDropInvalid (void)
 See if stream engine is dropping invalid packet in inline mode. More...
 
void StreamTcpFreeConfig (char quiet)
 
int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt, PacketQueueNoLock *pq)
 
int TcpSessionPacketSsnReuse (const Packet *p, const Flow *f, const void *tcp_ssn)
 
TmEcode StreamTcp (ThreadVars *tv, Packet *p, void *data, PacketQueueNoLock *pq)
 
TmEcode StreamTcpThreadInit (ThreadVars *tv, void *initdata, void **data)
 
TmEcode StreamTcpThreadDeinit (ThreadVars *tv, void *data)
 
void StreamTcpUpdateAppLayerProgress (TcpSession *ssn, char direction, const uint32_t progress)
 update reassembly progress More...
 
void StreamTcpSetSessionNoReassemblyFlag (TcpSession *ssn, char direction)
 disable reassembly More...
 
void StreamTcpSetDisableRawReassemblyFlag (TcpSession *ssn, char direction)
 Set the No reassembly flag for the given direction in given TCP session. More...
 
void StreamTcpSetSessionBypassFlag (TcpSession *ssn)
 enable bypass More...
 
PacketStreamTcpPseudoSetup (Packet *parent, uint8_t *pkt, uint32_t len)
 Function to fetch a packet from the packet allocation queue for creation of the pseudo packet from the reassembled stream. More...
 
void StreamTcpDetectLogFlush (ThreadVars *tv, StreamTcpThread *stt, Flow *f, Packet *p, PacketQueueNoLock *pq)
 create packets in both directions to flush out logging and detection before switching protocols. In IDS mode, create first in packet dir, 2nd in opposing In IPS mode, do the reverse. Flag TCP engine that data needs to be inspected regardless of how far we are wrt inspect limits. More...
 
int StreamTcpSegmentForEach (const Packet *p, uint8_t flag, StreamSegmentCallback CallbackFunc, void *data)
 Run callback function on each TCP segment. More...
 
int StreamTcpBypassEnabled (void)
 
int StreamTcpInlineMode (void)
 See if stream engine is operating in inline mode. More...
 
void TcpSessionSetReassemblyDepth (TcpSession *ssn, uint32_t size)
 
void StreamTcpRegisterTests (void)
 

Variables

int g_detect_disabled
 
TcpStreamCnf stream_config
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t
Gurvinder Singh gurvi.nosp@m.nder.nosp@m.singh.nosp@m.dahi.nosp@m.ya@gm.nosp@m.ail..nosp@m.com

TCP stream tracking and reassembly engine.

Todo:
  • 4WHS: what if after the 2nd SYN we turn out to be normal 3WHS anyway?

Definition in file stream-tcp.c.

Macro Definition Documentation

◆ PSEUDO_PKT_SET_IPV4HDR

#define PSEUDO_PKT_SET_IPV4HDR (   nipv4h,
  ipv4h 
)
Value:
do { \
IPV4_SET_RAW_VER(nipv4h, IPV4_GET_RAW_VER(ipv4h)); \
IPV4_SET_RAW_HLEN(nipv4h, IPV4_GET_RAW_HLEN(ipv4h)); \
IPV4_SET_RAW_IPLEN(nipv4h, IPV4_GET_RAW_IPLEN(ipv4h)); \
IPV4_SET_RAW_IPTOS(nipv4h, IPV4_GET_RAW_IPTOS(ipv4h)); \
IPV4_SET_RAW_IPPROTO(nipv4h, IPV4_GET_RAW_IPPROTO(ipv4h)); \
(nipv4h)->s_ip_src = IPV4_GET_RAW_IPDST(ipv4h); \
(nipv4h)->s_ip_dst = IPV4_GET_RAW_IPSRC(ipv4h); \
} while (0)

Definition at line 5907 of file stream-tcp.c.

◆ PSEUDO_PKT_SET_IPV6HDR

#define PSEUDO_PKT_SET_IPV6HDR (   nipv6h,
  ipv6h 
)
Value:
do { \
(nipv6h)->s_ip6_src[0] = (ipv6h)->s_ip6_dst[0]; \
(nipv6h)->s_ip6_src[1] = (ipv6h)->s_ip6_dst[1]; \
(nipv6h)->s_ip6_src[2] = (ipv6h)->s_ip6_dst[2]; \
(nipv6h)->s_ip6_src[3] = (ipv6h)->s_ip6_dst[3]; \
(nipv6h)->s_ip6_dst[0] = (ipv6h)->s_ip6_src[0]; \
(nipv6h)->s_ip6_dst[1] = (ipv6h)->s_ip6_src[1]; \
(nipv6h)->s_ip6_dst[2] = (ipv6h)->s_ip6_src[2]; \
(nipv6h)->s_ip6_dst[3] = (ipv6h)->s_ip6_src[3]; \
IPV6_SET_RAW_NH(nipv6h, IPV6_GET_RAW_NH(ipv6h)); \
} while (0)

Definition at line 5917 of file stream-tcp.c.

◆ PSEUDO_PKT_SET_TCPHDR

#define PSEUDO_PKT_SET_TCPHDR (   ntcph,
  tcph 
)
Value:
do { \
COPY_PORT((tcph)->th_dport, (ntcph)->th_sport); \
COPY_PORT((tcph)->th_sport, (ntcph)->th_dport); \
(ntcph)->th_seq = (tcph)->th_ack; \
(ntcph)->th_ack = (tcph)->th_seq; \
} while (0)

Definition at line 5929 of file stream-tcp.c.

◆ SET_ISN

#define SET_ISN (   stream,
  setseq 
)
Value:
(stream)->isn = (setseq); \
(stream)->base_seq = (setseq) + 1

Definition at line 6279 of file stream-tcp.c.

◆ STREAMTCP_CLOSED_TIMEOUT

#define STREAMTCP_CLOSED_TIMEOUT   120

Definition at line 91 of file stream-tcp.c.

◆ STREAMTCP_DEFAULT_MAX_SYNACK_QUEUED

#define STREAMTCP_DEFAULT_MAX_SYNACK_QUEUED   5

Definition at line 87 of file stream-tcp.c.

◆ STREAMTCP_DEFAULT_MEMCAP

#define STREAMTCP_DEFAULT_MEMCAP   (32 * 1024 * 1024) /* 32mb */

Definition at line 83 of file stream-tcp.c.

◆ STREAMTCP_DEFAULT_PREALLOC

#define STREAMTCP_DEFAULT_PREALLOC   2048

Definition at line 82 of file stream-tcp.c.

◆ STREAMTCP_DEFAULT_REASSEMBLY_MEMCAP

#define STREAMTCP_DEFAULT_REASSEMBLY_MEMCAP   (64 * 1024 * 1024) /* 64mb */

Definition at line 84 of file stream-tcp.c.

◆ STREAMTCP_DEFAULT_TOCLIENT_CHUNK_SIZE

#define STREAMTCP_DEFAULT_TOCLIENT_CHUNK_SIZE   2560

Definition at line 86 of file stream-tcp.c.

◆ STREAMTCP_DEFAULT_TOSERVER_CHUNK_SIZE

#define STREAMTCP_DEFAULT_TOSERVER_CHUNK_SIZE   2560

Definition at line 85 of file stream-tcp.c.

◆ STREAMTCP_EMERG_CLOSED_TIMEOUT

#define STREAMTCP_EMERG_CLOSED_TIMEOUT   20

Definition at line 95 of file stream-tcp.c.

◆ STREAMTCP_EMERG_EST_TIMEOUT

#define STREAMTCP_EMERG_EST_TIMEOUT   300

Definition at line 94 of file stream-tcp.c.

◆ STREAMTCP_EMERG_NEW_TIMEOUT

#define STREAMTCP_EMERG_NEW_TIMEOUT   10

Definition at line 93 of file stream-tcp.c.

◆ STREAMTCP_EST_TIMEOUT

#define STREAMTCP_EST_TIMEOUT   3600

Definition at line 90 of file stream-tcp.c.

◆ STREAMTCP_NEW_TIMEOUT

#define STREAMTCP_NEW_TIMEOUT   60

Definition at line 89 of file stream-tcp.c.

◆ StreamTcpAsyncLastAckUpdate

#define StreamTcpAsyncLastAckUpdate (   ssn,
  stream 
)
Value:
{ \
if ((ssn)->flags & STREAMTCP_FLAG_ASYNC) { \
if (SEQ_GT((stream)->next_seq, (stream)->last_ack)) { \
uint32_t ack_diff = (stream)->next_seq - (stream)->last_ack; \
(stream)->last_ack += ack_diff; \
SCLogDebug("ssn %p: ASYNC last_ack set to %"PRIu32", moved %u forward", \
(ssn), (stream)->next_seq, ack_diff); \
} \
} \
}

Definition at line 828 of file stream-tcp.c.

◆ StreamTcpUpdateLastAck

#define StreamTcpUpdateLastAck (   ssn,
  stream,
  ack 
)
Value:
{ \
if (SEQ_GT((ack), (stream)->last_ack)) \
{ \
SCLogDebug("ssn %p: last_ack set to %"PRIu32", moved %u forward", (ssn), (ack), (ack) - (stream)->last_ack); \
if ((SEQ_LEQ((stream)->last_ack, (stream)->next_seq) && SEQ_GT((ack),(stream)->next_seq))) { \
SCLogDebug("last_ack just passed next_seq: %u (was %u) > %u", (ack), (stream)->last_ack, (stream)->next_seq); \
} else { \
SCLogDebug("next_seq (%u) <> last_ack now %d", (stream)->next_seq, (int)(stream)->next_seq - (ack)); \
}\
(stream)->last_ack = (ack); \
StreamTcpSackPruneList((stream)); \
} else { \
SCLogDebug("ssn %p: no update: ack %u, last_ack %"PRIu32", next_seq %u (state %u)", \
(ssn), (ack), (stream)->last_ack, (stream)->next_seq, (ssn)->state); \
}\
}

macro to update last_ack only if the new value is higher

Parameters
ssnsession
streamstream to update
ackACK value to test and set

Definition at line 811 of file stream-tcp.c.

◆ StreamTcpUpdateNextSeq

#define StreamTcpUpdateNextSeq (   ssn,
  stream,
  seq 
)
Value:
{ \
(stream)->next_seq = seq; \
SCLogDebug("ssn %p: next_seq %" PRIu32, (ssn), (stream)->next_seq); \
StreamTcpAsyncLastAckUpdate((ssn), (stream)); \
}

Definition at line 839 of file stream-tcp.c.

◆ StreamTcpUpdateNextWin

#define StreamTcpUpdateNextWin (   ssn,
  stream,
  win 
)
Value:
{ \
uint32_t sacked_size__ = StreamTcpSackedSize((stream)); \
if (SEQ_GT(((win) + sacked_size__), (stream)->next_win)) { \
(stream)->next_win = ((win) + sacked_size__); \
SCLogDebug("ssn %p: next_win set to %"PRIu32, (ssn), (stream)->next_win); \
} \
}

macro to update next_win only if the new value is higher

Parameters
ssnsession
streamstream to update
winwindow value to test and set

Definition at line 852 of file stream-tcp.c.

Function Documentation

◆ SC_ATOMIC_DECLARE()

SC_ATOMIC_DECLARE ( uint64_t  ,
st_memuse   
)

◆ StreamTcp()

TmEcode StreamTcp ( ThreadVars tv,
Packet p,
void *  data,
PacketQueueNoLock pq 
)

Definition at line 5184 of file stream-tcp.c.

References StreamTcpThread_::counter_tcp_no_flow, TcpStreamCnf_::flags, Packet_::flags, Packet_::flow, Packet_::pcap_cnt, PKT_IS_TCP, PKT_PSEUDO_STREAM_END, SCLogDebug, StatsIncr(), stream_config, STREAMTCP_INIT_FLAG_CHECKSUM_VALIDATION, TM_ECODE_OK, and tv.

Here is the call graph for this function:

◆ StreamTcpBypassEnabled()

int StreamTcpBypassEnabled ( void  )

Definition at line 6251 of file stream-tcp.c.

References TcpStreamCnf_::flags, stream_config, and STREAMTCP_INIT_FLAG_BYPASS.

◆ StreamTcpCheckMemcap()

int StreamTcpCheckMemcap ( uint64_t  size)

Check if alloc'ing "size" would mean we're over memcap.

Return values
1if in bounds
0if not in bounds

Definition at line 168 of file stream-tcp.c.

References SC_ATOMIC_GET, and stream_config.

◆ StreamTcpDecrMemuse()

void StreamTcpDecrMemuse ( uint64_t  size)

Definition at line 135 of file stream-tcp.c.

References BUG_ON, RunmodeIsUnittests(), SC_ATOMIC_GET, SC_ATOMIC_SUB, SCLogDebug, and StreamTcpMemuseCounter().

Referenced by StreamTcpSessionCleanup().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpDetectLogFlush()

void StreamTcpDetectLogFlush ( ThreadVars tv,
StreamTcpThread stt,
Flow f,
Packet p,
PacketQueueNoLock pq 
)

create packets in both directions to flush out logging and detection before switching protocols. In IDS mode, create first in packet dir, 2nd in opposing In IPS mode, do the reverse. Flag TCP engine that data needs to be inspected regardless of how far we are wrt inspect limits.

Definition at line 6184 of file stream-tcp.c.

References TcpSession_::client, TcpStream_::flags, PKT_IS_TOSERVER, Flow_::protoctx, TcpSession_::server, STREAMTCP_STREAM_FLAG_TRIGGER_RAW, StreamTcpInlineMode(), and ts.

Here is the call graph for this function:

◆ StreamTcpFreeConfig()

void StreamTcpFreeConfig ( char  quiet)

Definition at line 669 of file stream-tcp.c.

References SC_ATOMIC_DESTROY, SCMutexLock, stream_config, and StreamTcpReassembleFree().

Referenced by StreamTcpUTDeinit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpGetFlowState()

int StreamTcpGetFlowState ( void *  )

◆ StreamTcpGetMemcap()

uint64_t StreamTcpGetMemcap ( void  )

Return memcap value.

Parameters
memcapmemcap value

Definition at line 196 of file stream-tcp.c.

References SC_ATOMIC_GET, and stream_config.

◆ StreamTcpIncrMemuse()

void StreamTcpIncrMemuse ( uint64_t  size)

Definition at line 128 of file stream-tcp.c.

References SC_ATOMIC_ADD, SCLogDebug, and StreamTcpMemuseCounter().

Here is the call graph for this function:

◆ StreamTcpInitConfig()

void StreamTcpInitConfig ( char  quiet)

To initialize the stream global configuration data.

Parameters
quietIt tells the mode of operation, if it is TRUE nothing will be get printed.

Definition at line 365 of file stream-tcp.c.

References TcpStreamCnf_::async_oneside, ConfGetBool(), ConfGetInt(), ConfGetNode(), ConfGetValue(), EngineModeIsIPS(), TcpStreamCnf_::flags, TcpStreamCnf_::max_synack_queued, TcpStreamCnf_::midstream, ParseSizeStringU16(), ParseSizeStringU32(), ParseSizeStringU64(), TcpStreamCnf_::prealloc_sessions, TcpStreamCnf_::reassembly_depth, TcpStreamCnf_::reassembly_toserver_chunk_size, RunmodeIsUnittests(), SC_ATOMIC_GET, SC_ATOMIC_INIT, SC_ATOMIC_SET, SC_ERR_INVALID_VALUE, SC_ERR_SIZE_PARSE, SC_WARN_OPTION_OBSOLETE, SCLogDebug, SCLogError, SCLogWarning, stream_config, STREAMTCP_DEFAULT_MAX_SYNACK_QUEUED, STREAMTCP_DEFAULT_MEMCAP, STREAMTCP_DEFAULT_PREALLOC, STREAMTCP_DEFAULT_REASSEMBLY_MEMCAP, STREAMTCP_DEFAULT_TOSERVER_CHUNK_SIZE, STREAMTCP_INIT_FLAG_BYPASS, STREAMTCP_INIT_FLAG_CHECKSUM_VALIDATION, STREAMTCP_INIT_FLAG_DROP_INVALID, STREAMTCP_INIT_FLAG_INLINE, and WarnInvalidConfEntry.

Referenced by PreRunInit(), and StreamTcpUTInit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpInitMemuse()

void StreamTcpInitMemuse ( void  )

Definition at line 123 of file stream-tcp.c.

References SC_ATOMIC_INIT.

Referenced by UtRunTests().

Here is the caller graph for this function:

◆ StreamTcpInlineDropInvalid()

int StreamTcpInlineDropInvalid ( void  )

See if stream engine is dropping invalid packet in inline mode.

Return values
0no
1yes

Definition at line 339 of file stream-tcp.c.

References TcpStreamCnf_::flags, stream_config, STREAMTCP_INIT_FLAG_DROP_INVALID, and STREAMTCP_INIT_FLAG_INLINE.

◆ StreamTcpInlineMode()

int StreamTcpInlineMode ( void  )

See if stream engine is operating in inline mode.

Return values
0no
1yes

Definition at line 6262 of file stream-tcp.c.

References TcpStreamCnf_::flags, stream_config, and STREAMTCP_INIT_FLAG_INLINE.

Referenced by StreamReassembleRaw(), StreamReassembleRawHasDataReady(), StreamTcpDetectLogFlush(), and StreamTcpReassembleHandleSegment().

Here is the caller graph for this function:

◆ StreamTcpMemuseCounter()

uint64_t StreamTcpMemuseCounter ( void  )

Definition at line 156 of file stream-tcp.c.

References SC_ATOMIC_GET.

Referenced by StreamTcpDecrMemuse(), and StreamTcpIncrMemuse().

Here is the caller graph for this function:

◆ StreamTcpPacket()

int StreamTcpPacket ( ThreadVars tv,
Packet p,
StreamTcpThread stt,
PacketQueueNoLock pq 
)

Definition at line 4766 of file stream-tcp.c.

References DEBUG_ASSERT_FLOW_LOCKED, Packet_::flow, Packet_::pcap_cnt, SCEnter, and SCLogDebug.

◆ StreamTcpPseudoSetup()

Packet* StreamTcpPseudoSetup ( Packet parent,
uint8_t *  pkt,
uint32_t  len 
)

Function to fetch a packet from the packet allocation queue for creation of the pseudo packet from the reassembled stream.

Parameters
parentPointer to the parent of the pseudo packet
pktpointer to the raw packet of the parent
lenlength of the packet
Returns
upon success returns the pointer to the new pseudo packet otherwise NULL

Definition at line 5946 of file stream-tcp.c.

References Packet_::datalink, len, PacketCopyData(), PacketGetFromQueueOrAlloc(), Packet_::proto, Packet_::recursion_level, Packet_::root, SCEnter, SCReturnPtr, and Packet_::ts.

Here is the call graph for this function:

◆ StreamTcpReassembleMemuseGlobalCounter()

uint64_t StreamTcpReassembleMemuseGlobalCounter ( void  )

Definition at line 131 of file stream-tcp-reassemble.c.

◆ StreamTcpRegisterTests()

void StreamTcpRegisterTests ( void  )

Definition at line 10624 of file stream-tcp.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ StreamTcpReturnStreamSegments()

void StreamTcpReturnStreamSegments ( TcpStream stream)

return all segments in this stream into the pool(s)

Parameters
streamthe stream to cleanup

Definition at line 314 of file stream-tcp-reassemble.c.

References RB_FOREACH_SAFE, RB_REMOVE, TcpStream_::seg_tree, and StreamTcpSegmentReturntoPool().

Referenced by StreamTcpPruneSession(), StreamTcpSessionPktFree(), and StreamTcpStreamCleanup().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpSegmentForEach()

int StreamTcpSegmentForEach ( const Packet p,
uint8_t  flag,
StreamSegmentCallback  CallbackFunc,
void *  data 
)

Run callback function on each TCP segment.

Note
when stream engine is running in inline mode all segments are used, in IDS/non-inline mode only ack'd segments are iterated.
Must be called under flow lock.
Returns
-1 in case of error, the number of segment in case of success

Definition at line 6207 of file stream-tcp.c.

References TcpSession_::client, TcpStreamCnf_::flags, Packet_::flow, FLOW_PKT_TOSERVER, TcpStream_::last_ack, Flow_::protoctx, RB_FOREACH, TcpStream_::sb, TcpSegment::sbseg, SCLogDebug, TcpStream_::seg_tree, TcpSegment::seq, SEQ_LT, TcpSession_::server, stream_config, StreamingBufferSegmentGetData(), and STREAMTCP_INIT_FLAG_INLINE.

Referenced by StreamSegmentForEach().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpSessionCleanup()

void StreamTcpSessionCleanup ( TcpSession ssn)

Session cleanup function. Does not free the ssn.

Parameters
ssntcp session

Definition at line 215 of file stream-tcp.c.

References TcpSession_::client, TcpStateQueue_::next, TcpSession_::queue, TcpSession_::queue_len, SCEnter, SCFree, SCReturn, TcpSession_::server, StreamTcpDecrMemuse(), and StreamTcpStreamCleanup().

Referenced by StreamTcpSessionClear(), StreamTcpUTClearSession(), and UTHRemoveSessionFromFlow().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpSessionClear()

void StreamTcpSessionClear ( void *  ssnptr)

Function to return the stream back to the pool. It returns the segments in the stream to the segment pool.

This function is called when the flow is destroyed, so it should free everything related to the tcp session. So including the app layer data. We are guaranteed to only get here when the flow's use_cnt is 0.

Parameters
ssnVoid ptr to the ssn.

Definition at line 249 of file stream-tcp.c.

References PoolThreadReturn(), TcpSession_::res, SCEnter, and StreamTcpSessionCleanup().

Here is the call graph for this function:

◆ StreamTcpSessionPktFree()

void StreamTcpSessionPktFree ( Packet p)

Function to return the stream segments back to the pool.

We don't clear out the app layer storage here as that is under protection of the "use_cnt" reference counter in the flow. This function is called when the use_cnt is always at least 1 (this pkt has incremented the flow use_cnt itself), so we don't bother.

Parameters
pPacket used to identify the stream.

Definition at line 283 of file stream-tcp.c.

References TcpSession_::client, Packet_::flow, Flow_::protoctx, SCEnter, SCReturn, TcpSession_::server, and StreamTcpReturnStreamSegments().

Here is the call graph for this function:

◆ StreamTcpSetDisableRawReassemblyFlag()

void StreamTcpSetDisableRawReassemblyFlag ( TcpSession ssn,
char  direction 
)

Set the No reassembly flag for the given direction in given TCP session.

Parameters
ssnTCP Session to set the flag in
directiondirection to set the flag in: 0 toserver, 1 toclient

Definition at line 5891 of file stream-tcp.c.

References TcpSession_::client, TcpStream_::flags, TcpSession_::server, and STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED.

◆ StreamTcpSetMemcap()

int StreamTcpSetMemcap ( uint64_t  size)

Update memcap value.

Parameters
sizenew memcap value

Definition at line 181 of file stream-tcp.c.

References SC_ATOMIC_GET, SC_ATOMIC_SET, and stream_config.

◆ StreamTcpSetOSPolicy()

void StreamTcpSetOSPolicy ( TcpStream stream,
Packet p 
)

Function to set the OS policy for the given stream based on the destination of the received packet.

Parameters
streamTcpStream of which os_policy needs to set
pPacket which is used to set the os policy

Definition at line 770 of file stream-tcp.c.

References GET_IPV4_DST_ADDR_PTR, GET_IPV6_DST_ADDR, TcpStream_::os_policy, OS_POLICY_BSD, OS_POLICY_BSD_RIGHT, OS_POLICY_DEFAULT, OS_POLICY_OLD_SOLARIS, OS_POLICY_SOLARIS, PKT_IS_IPV4, PKT_IS_IPV6, SCHInfoGetIPv4HostOSFlavour(), SCHInfoGetIPv6HostOSFlavour(), and SCLogDebug.

Referenced by StreamTcpReassembleHandleSegmentHandleData().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpSetSessionBypassFlag()

void StreamTcpSetSessionBypassFlag ( TcpSession ssn)

enable bypass

Parameters
ssnTCP Session to set the flag in
directiondirection to set the flag in: 0 toserver, 1 toclient

Definition at line 5902 of file stream-tcp.c.

References TcpSession_::flags, and STREAMTCP_FLAG_BYPASS.

◆ StreamTcpSetSessionNoReassemblyFlag()

void StreamTcpSetSessionNoReassemblyFlag ( TcpSession ssn,
char  direction 
)

disable reassembly

Disable app layer and set raw inspect to no longer accept new data. Stream engine will then fully disable raw after last inspection.

Parameters
ssnTCP Session to set the flag in
directiondirection to set the flag in: 0 toserver, 1 toclient

Definition at line 5875 of file stream-tcp.c.

References TcpSession_::client, TcpStream_::flags, TcpSession_::flags, TcpSession_::server, STREAMTCP_FLAG_APP_LAYER_DISABLED, and STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED.

◆ StreamTcpStreamCleanup()

void StreamTcpStreamCleanup ( TcpStream stream)

Definition at line 202 of file stream-tcp.c.

References TcpStream_::sb, StreamingBufferClear(), StreamTcpReturnStreamSegments(), and StreamTcpSackFreeList().

Referenced by StreamTcpSessionCleanup(), and StreamTcpUTClearStream().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpThreadDeinit()

TmEcode StreamTcpThreadDeinit ( ThreadVars tv,
void *  data 
)

Definition at line 5287 of file stream-tcp.c.

References StreamTcpThread_::ra_ctx, SCEnter, SCFree, SCReturnInt, StreamTcpReassembleFreeThreadCtx(), and TM_ECODE_OK.

Here is the call graph for this function:

◆ StreamTcpThreadInit()

TmEcode StreamTcpThreadInit ( ThreadVars tv,
void *  initdata,
void **  data 
)

Definition at line 5220 of file stream-tcp.c.

References StreamTcpThread_::counter_tcp_invalid_checksum, StreamTcpThread_::counter_tcp_midstream_pickups, StreamTcpThread_::counter_tcp_no_flow, StreamTcpThread_::counter_tcp_pseudo, StreamTcpThread_::counter_tcp_pseudo_failed, TcpReassemblyThreadCtx_::counter_tcp_reass_data_normal_fail, TcpReassemblyThreadCtx_::counter_tcp_reass_data_overlap_fail, TcpReassemblyThreadCtx_::counter_tcp_reass_gap, TcpReassemblyThreadCtx_::counter_tcp_reass_list_fail, TcpReassemblyThreadCtx_::counter_tcp_reass_overlap, TcpReassemblyThreadCtx_::counter_tcp_reass_overlap_diff_data, StreamTcpThread_::counter_tcp_rst, TcpReassemblyThreadCtx_::counter_tcp_segment_memcap, StreamTcpThread_::counter_tcp_sessions, StreamTcpThread_::counter_tcp_ssn_memcap, TcpReassemblyThreadCtx_::counter_tcp_stream_depth, StreamTcpThread_::counter_tcp_syn, StreamTcpThread_::counter_tcp_synack, StreamTcpThread_::counter_tcp_wrong_thread, StreamTcpThread_::ra_ctx, SCEnter, SCLogDebug, SCMalloc, SCMutexLock, SCReturnInt, StreamTcpThread_::ssn_pool_id, StatsRegisterCounter(), StreamTcpReassembleInitThreadCtx(), TM_ECODE_FAILED, tv, and unlikely.

Here is the call graph for this function:

◆ StreamTcpUpdateAppLayerProgress()

void StreamTcpUpdateAppLayerProgress ( TcpSession ssn,
char  direction,
const uint32_t  progress 
)

update reassembly progress

Parameters
ssnTCP Session
directiondirection to set the flag in: 0 toserver, 1 toclient

Definition at line 5857 of file stream-tcp.c.

References TcpStream_::app_progress_rel, TcpSession_::client, and TcpSession_::server.

Referenced by AppLayerHandleTCPData().

Here is the caller graph for this function:

◆ TcpSessionPacketSsnReuse()

int TcpSessionPacketSsnReuse ( const Packet p,
const Flow f,
const void *  tcp_ssn 
)

Definition at line 5172 of file stream-tcp.c.

References Packet_::proto, and Packet_::tcph.

◆ TcpSessionSetReassemblyDepth()

void TcpSessionSetReassemblyDepth ( TcpSession ssn,
uint32_t  size 
)

Definition at line 6268 of file stream-tcp.c.

References TcpSession_::reassembly_depth.

Variable Documentation

◆ g_detect_disabled

int g_detect_disabled

global indicating if detection is enabled

Definition at line 215 of file suricata.c.

◆ stream_config

TcpStreamCnf stream_config

Definition at line 119 of file stream-tcp.c.

Referenced by NapatechGetStreamConfig(), StreamTcp(), StreamTcpBypassEnabled(), StreamTcpCheckMemcap(), StreamTcpFreeConfig(), StreamTcpGetMemcap(), StreamTcpInitConfig(), StreamTcpInlineDropInvalid(), StreamTcpInlineMode(), StreamTcpReassembleCheckMemcap(), StreamTcpReassembleGetMemcap(), StreamTcpReassembleSetMemcap(), StreamTcpSegmentForEach(), StreamTcpSetMemcap(), StreamTcpUTDeinit(), StreamTcpUTInitInline(), StreamTcpUTSetupSession(), StreamTcpUTSetupStream(), and UTHAddSessionToFlow().

th_seq
uint32_t th_seq
Definition: decode-tcp.h:4
s_ip_src
#define s_ip_src
Definition: decode-ipv4.h:90
IPV4_GET_RAW_IPPROTO
#define IPV4_GET_RAW_IPPROTO(ip4h)
Definition: decode-ipv4.h:101
IPV6_GET_RAW_NH
#define IPV6_GET_RAW_NH(ip6h)
Definition: decode-ipv6.h:65
seq
uint32_t seq
Definition: stream-tcp-private.h:62
th_sport
uint16_t th_sport
Definition: decode-tcp.h:2
IPV4_GET_RAW_IPSRC
#define IPV4_GET_RAW_IPSRC(ip4h)
Definition: decode-ipv4.h:102
th_ack
uint32_t th_ack
Definition: decode-tcp.h:5
IPV4_GET_RAW_IPTOS
#define IPV4_GET_RAW_IPTOS(ip4h)
Definition: decode-ipv4.h:96
STREAMTCP_FLAG_ASYNC
#define STREAMTCP_FLAG_ASYNC
Definition: stream-tcp-private.h:169
IPV4_GET_RAW_HLEN
#define IPV4_GET_RAW_HLEN(ip4h)
Definition: decode-ipv4.h:95
IPV4_GET_RAW_IPDST
#define IPV4_GET_RAW_IPDST(ip4h)
Definition: decode-ipv4.h:103
IPV4_GET_RAW_VER
#define IPV4_GET_RAW_VER(ip4h)
Definition: decode-ipv4.h:94
th_dport
uint16_t th_dport
Definition: decode-tcp.h:3
s_ip6_dst
#define s_ip6_dst
Definition: decode-ipv6.h:53
flags
uint8_t flags
Definition: decode-gre.h:2
SEQ_GT
#define SEQ_GT(a, b)
Definition: stream-tcp-private.h:240
s_ip6_src
#define s_ip6_src
Definition: decode-ipv6.h:52
SEQ_LEQ
#define SEQ_LEQ(a, b)
Definition: stream-tcp-private.h:239
IPV4_GET_RAW_IPLEN
#define IPV4_GET_RAW_IPLEN(ip4h)
Definition: decode-ipv4.h:97
s_ip_dst
#define s_ip_dst
Definition: decode-ipv4.h:91