#include "stream-tcp-private.h"
#include "stream.h"
#include "stream-tcp-reassemble.h"
#include "suricata.h"

Include dependency graph for stream-tcp.h:

Data Structures
struct	TcpStreamCnf_

struct	StreamTcpThread_

Macros
#define	STREAM_VERBOSE false

#define	STREAMTCP_INIT_FLAG_CHECKSUM_VALIDATION BIT_U8(0)

#define	STREAMTCP_INIT_FLAG_DROP_INVALID BIT_U8(1)

#define	STREAMTCP_INIT_FLAG_BYPASS BIT_U8(2)

#define	STREAMTCP_INIT_FLAG_INLINE BIT_U8(3)

Typedefs
typedef struct TcpStreamCnf_	TcpStreamCnf

typedef struct StreamTcpThread_	StreamTcpThread

typedef int(*	StreamReassembleRawFunc) (void data, const uint8_t input, const uint32_t input_len, const uint64_t offset)

Enumerations
enum	{ STREAM_HAS_UNPROCESSED_SEGMENTS_NONE = 0, STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION = 1 }

Functions
void	StreamTcpInitConfig (bool)
	To initialize the stream global configuration data. More...

void	StreamTcpFreeConfig (bool)

void	StreamTcpRegisterTests (void)

void	StreamTcpSessionPktFree (Packet *)
	Function to return the stream segments back to the pool. More...

void	StreamTcpInitMemuse (void)

void	StreamTcpIncrMemuse (uint64_t)

void	StreamTcpDecrMemuse (uint64_t)

int	StreamTcpSetMemcap (uint64_t)
	Update memcap value. More...

uint64_t	StreamTcpGetMemcap (void)
	Return memcap value. More...

int	StreamTcpCheckMemcap (uint64_t)
	Check if alloc'ing "size" would mean we're over memcap. More...

uint64_t	StreamTcpMemuseCounter (void)

uint64_t	StreamTcpReassembleMemuseGlobalCounter (void)

int	StreamTcpSegmentForEach (const Packet p, uint8_t flag, StreamSegmentCallback CallbackFunc, void data)

int	StreamTcpSegmentForSession (const Packet p, uint8_t flag, StreamSegmentCallback CallbackFunc, void data)
	Run callback function on each TCP segment in both directions of a session. More...

void	StreamTcpReassembleConfigEnableOverlapCheck (void)

void	TcpSessionSetReassemblyDepth (TcpSession *ssn, uint32_t size)

int	StreamReassembleForFrame (TcpSession ssn, TcpStream stream, StreamReassembleRawFunc Callback, void *cb_data, const uint64_t offset, const bool eof)

int	StreamReassembleLog (TcpSession ssn, TcpStream stream, StreamReassembleRawFunc Callback, void cb_data, uint64_t progress_in, uint64_t progress_out, bool eof)

int	StreamReassembleRaw (TcpSession ssn, const Packet p, StreamReassembleRawFunc Callback, void cb_data, uint64_t progress_out, bool respect_inspect_depth)

void	StreamReassembleRawUpdateProgress (TcpSession ssn, Packet p, const uint64_t progress)
	update stream engine after detection More...

void	StreamTcpDetectLogFlush (ThreadVars tv, StreamTcpThread stt, Flow f, Packet p, PacketQueueNoLock *pq)
	create packets in both directions to flush out logging and detection before switching protocols. In IDS mode, create first in packet dir, 2nd in opposing In IPS mode, do the reverse. Flag TCP engine that data needs to be inspected regardless of how far we are wrt inspect limits. More...

const char *	StreamTcpStateAsString (const enum TcpState)

const char *	StreamTcpSsnStateAsString (const TcpSession *ssn)

TmEcode	StreamTcp (ThreadVars , Packet , void , PacketQueueNoLock )

uint8_t	StreamNeedsReassembly (const TcpSession *ssn, uint8_t direction)
	see what if any work the TCP session still needs More...

TmEcode	StreamTcpThreadInit (ThreadVars , void , void **)

TmEcode	StreamTcpThreadDeinit (ThreadVars tv, void data)

int	StreamTcpPacket (ThreadVars tv, Packet p, StreamTcpThread stt, PacketQueueNoLock pq)

void	StreamTcpSessionClear (void *ssnptr)
	Function to return the stream back to the pool. It returns the segments in the stream to the segment pool. More...

void	StreamTcpSessionCleanup (TcpSession *ssn)
	Session cleanup function. Does not free the ssn. More...

void	StreamTcpStreamCleanup (TcpStream *stream)

int	StreamTcpBypassEnabled (void)

int	StreamTcpInlineMode (void)
	See if stream engine is operating in inline mode. More...

int	TcpSessionPacketSsnReuse (const Packet p, const Flow f, const void *tcp_ssn)

void	StreamTcpUpdateAppLayerProgress (TcpSession *ssn, char direction, const uint32_t progress)
	update reassembly progress More...

uint64_t	StreamTcpGetAcked (const TcpStream *stream)

uint64_t	StreamTcpGetUsable (const TcpStream *stream, const bool eof)

uint64_t	StreamDataRightEdge (const TcpStream *stream, const bool eof)

void	StreamTcpThreadCacheEnable (void)
	enable segment cache. Should only be done for worker threads More...

void	StreamTcpThreadCacheCleanup (void)

Variables
TcpStreamCnf	stream_config

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t; Gurvinder Singh gurvi.nosp@m.nder.nosp@m.singh.nosp@m.dahi.nosp@m.ya@gm.nosp@m.ail..nosp@m.com

Definition in file stream-tcp.h.

Macro Definition Documentation

◆ STREAM_VERBOSE

#define STREAM_VERBOSE false

Definition at line 35 of file stream-tcp.h.

◆ STREAMTCP_INIT_FLAG_BYPASS

#define STREAMTCP_INIT_FLAG_BYPASS BIT_U8(2)

Definition at line 40 of file stream-tcp.h.

◆ STREAMTCP_INIT_FLAG_CHECKSUM_VALIDATION

#define STREAMTCP_INIT_FLAG_CHECKSUM_VALIDATION BIT_U8(0)

Definition at line 38 of file stream-tcp.h.

◆ STREAMTCP_INIT_FLAG_DROP_INVALID

#define STREAMTCP_INIT_FLAG_DROP_INVALID BIT_U8(1)

Definition at line 39 of file stream-tcp.h.

◆ STREAMTCP_INIT_FLAG_INLINE

#define STREAMTCP_INIT_FLAG_INLINE BIT_U8(3)

Definition at line 41 of file stream-tcp.h.

Typedef Documentation

◆ StreamReassembleRawFunc

typedef int(* StreamReassembleRawFunc) (void *data, const uint8_t *input, const uint32_t input_len, const uint64_t offset)

Definition at line 129 of file stream-tcp.h.

◆ StreamTcpThread

typedef struct StreamTcpThread_ StreamTcpThread

◆ TcpStreamCnf

typedef struct TcpStreamCnf_ TcpStreamCnf

Enumeration Type Documentation

◆ anonymous enum

anonymous enum

Enumerator
STREAM_HAS_UNPROCESSED_SEGMENTS_NONE
STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION

Definition at line 171 of file stream-tcp.h.

Function Documentation

◆ StreamDataRightEdge()

uint64_t StreamDataRightEdge	(	const TcpStream *	stream,
		const bool	eof
	)

Definition at line 415 of file stream-tcp-reassemble.c.

References TcpStream_::base_seq, FALSE, MIN, TcpStream_::segs_right_edge, STREAM_BASE_OFFSET, and StreamTcpInlineMode().

Here is the call graph for this function:

◆ StreamNeedsReassembly()

uint8_t StreamNeedsReassembly	(	const TcpSession *	ssn,
		uint8_t	direction
	)

see what if any work the TCP session still needs

Definition at line 911 of file stream-tcp-reassemble.c.

References TcpStream_::base_seq, TcpSession_::client, TcpStream_::flags, TcpSession_::flags, SCLogDebug, TcpStream_::segs_right_edge, TcpSession_::server, STREAM_APP_PROGRESS, STREAM_BASE_OFFSET, STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION, STREAM_RAW_PROGRESS, STREAMTCP_FLAG_APP_LAYER_DISABLED, and STREAMTCP_STREAM_FLAG_DISABLE_RAW.

Referenced by FlowForceReassemblyNeedReassembly().

Here is the caller graph for this function:

◆ StreamReassembleForFrame()

int StreamReassembleForFrame	(	TcpSession *	ssn,
		TcpStream *	stream,
		StreamReassembleRawFunc	Callback,
		void *	cb_data,
		const uint64_t	offset,
		const bool	eof
	)

Definition at line 1841 of file stream-tcp-reassemble.c.

References SCLogDebug, and STREAM_APP_PROGRESS.

◆ StreamReassembleLog()

int StreamReassembleLog	(	TcpSession *	ssn,
		TcpStream *	stream,
		StreamReassembleRawFunc	Callback,
		void *	cb_data,
		uint64_t	progress_in,
		uint64_t *	progress_out,
		bool	eof
	)

Definition at line 1918 of file stream-tcp-reassemble.c.

References TcpStream_::flags, and STREAMTCP_STREAM_FLAG_NOREASSEMBLY.

◆ StreamReassembleRaw()

int StreamReassembleRaw	(	TcpSession *	ssn,
		const Packet *	p,
		StreamReassembleRawFunc	Callback,
		void *	cb_data,
		uint64_t *	progress_out,
		bool	respect_inspect_depth
	)

Definition at line 1853 of file stream-tcp-reassemble.c.

References StreamTcpInlineMode(), and TRUE.

Referenced by DetectEngineInspectStreamPayload().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ StreamReassembleRawUpdateProgress()

void StreamReassembleRawUpdateProgress	(	TcpSession *	ssn,
		Packet *	p,
		const uint64_t	progress
	)

update stream engine after detection

Tasked with progressing the 'progress' for Raw reassembly. 2 main scenario's:

progress is != 0, so we use this
progress is 0, meaning the detect engine didn't touch raw at all. In this case we need to look into progressing raw anyway.

Additionally, this function is tasked with disabling raw reassembly if the app-layer requested to disable it.

Definition at line 1508 of file stream-tcp-reassemble.c.

References TcpSession_::client, TcpStream_::flags, TcpSession_::flags, PKT_IS_TOSERVER, TcpStream_::raw_progress_rel, TcpSession_::server, STREAM_APP_PROGRESS, STREAM_RAW_PROGRESS, STREAMTCP_FLAG_APP_LAYER_DISABLED, and STREAMTCP_STREAM_FLAG_TRIGGER_RAW.

◆ StreamTcp()

TmEcode StreamTcp	(	ThreadVars *	,
		Packet *	,
		void *	,
		PacketQueueNoLock *
	)

Definition at line 5718 of file stream-tcp.c.

References DEBUG_VALIDATE_BUG_ON, Packet_::flow, FlowGetPacketDirection(), Packet_::pcap_cnt, PKT_IS_TCP, Packet_::pkt_src, PktSrcToString(), SCLogDebug, t_pcapcnt, TM_ECODE_OK, TOSERVER, and unlikely.

Here is the call graph for this function:

◆ StreamTcpBypassEnabled()

int StreamTcpBypassEnabled ( void )

Definition at line 6839 of file stream-tcp.c.

References TcpStreamCnf_::flags, stream_config, and STREAMTCP_INIT_FLAG_BYPASS.

◆ StreamTcpCheckMemcap()

int StreamTcpCheckMemcap ( uint64_t size )

Check if alloc'ing "size" would mean we're over memcap.

Return values

1	if in bounds
0	if not in bounds

Definition at line 164 of file stream-tcp.c.

References SC_ATOMIC_GET, and stream_config.

◆ StreamTcpDecrMemuse()

void StreamTcpDecrMemuse ( uint64_t )

Definition at line 131 of file stream-tcp.c.

References BUG_ON, RunmodeIsUnittests(), SC_ATOMIC_GET, SC_ATOMIC_SUB, SCLogDebug, and StreamTcpMemuseCounter().

Here is the call graph for this function:

◆ StreamTcpDetectLogFlush()

void StreamTcpDetectLogFlush	(	ThreadVars *	tv,
		StreamTcpThread *	stt,
		Flow *	f,
		Packet *	p,
		PacketQueueNoLock *	pq
	)

create packets in both directions to flush out logging and detection before switching protocols. In IDS mode, create first in packet dir, 2nd in opposing In IPS mode, do the reverse. Flag TCP engine that data needs to be inspected regardless of how far we are wrt inspect limits.

Definition at line 6673 of file stream-tcp.c.

References TcpSession_::client, TcpStream_::flags, PKT_IS_TOSERVER, Flow_::protoctx, TcpSession_::server, STREAMTCP_STREAM_FLAG_TRIGGER_RAW, StreamTcpInlineMode(), and ts.

Here is the call graph for this function:

◆ StreamTcpFreeConfig()

void StreamTcpFreeConfig ( bool )

Definition at line 695 of file stream-tcp.c.

References SCMutexLock, and StreamTcpReassembleFree().

Referenced by StreamTcpUTDeinit().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ StreamTcpGetAcked()

uint64_t StreamTcpGetAcked ( const TcpStream * stream )

Definition at line 409 of file stream-tcp-reassemble.c.

◆ StreamTcpGetMemcap()

uint64_t StreamTcpGetMemcap ( void )

Return memcap value.

Parameters

memcap memcap value

Definition at line 192 of file stream-tcp.c.

References SC_ATOMIC_GET, and stream_config.

◆ StreamTcpGetUsable()

uint64_t StreamTcpGetUsable	(	const TcpStream *	stream,
		const bool	eof
	)

Definition at line 424 of file stream-tcp-reassemble.c.

Referenced by FrameJsonLogOneFrame().

Here is the caller graph for this function:

◆ StreamTcpIncrMemuse()

void StreamTcpIncrMemuse ( uint64_t )

Definition at line 124 of file stream-tcp.c.

References SC_ATOMIC_ADD, SCLogDebug, and StreamTcpMemuseCounter().

Here is the call graph for this function:

◆ StreamTcpInitConfig()

void StreamTcpInitConfig ( bool quiet )

To initialize the stream global configuration data.

Parameters

quiet It tells the mode of operation, if it is true nothing will be get printed.

Definition at line 359 of file stream-tcp.c.

References TcpStreamCnf_::async_oneside, ConfGet(), ConfGetBool(), ConfGetInt(), ConfGetNode(), EngineModeIsIPS(), EXCEPTION_POLICY_NOT_SET, ExceptionPolicyParse(), FatalError, TcpStreamCnf_::flags, TcpStreamCnf_::max_syn_queued, TcpStreamCnf_::max_synack_queued, TcpStreamCnf_::midstream, TcpStreamCnf_::midstream_policy, ParseSizeStringU16(), ParseSizeStringU32(), ParseSizeStringU64(), TcpStreamCnf_::prealloc_sessions, TcpStreamCnf_::reassembly_depth, TcpStreamCnf_::reassembly_memcap_policy, TcpStreamCnf_::reassembly_toserver_chunk_size, RunmodeIsUnittests(), SC_ATOMIC_GET, SC_ATOMIC_INIT, SC_ATOMIC_SET, SCLogDebug, SCLogError, SCLogWarning, TcpStreamCnf_::ssn_memcap_policy, stream_config, STREAMTCP_DEFAULT_MAX_SYN_QUEUED, STREAMTCP_DEFAULT_MAX_SYNACK_QUEUED, STREAMTCP_DEFAULT_MEMCAP, STREAMTCP_DEFAULT_PREALLOC, STREAMTCP_DEFAULT_REASSEMBLY_MEMCAP, STREAMTCP_DEFAULT_TOSERVER_CHUNK_SIZE, STREAMTCP_INIT_FLAG_BYPASS, STREAMTCP_INIT_FLAG_CHECKSUM_VALIDATION, STREAMTCP_INIT_FLAG_DROP_INVALID, STREAMTCP_INIT_FLAG_INLINE, and WarnInvalidConfEntry.

Referenced by PreRunInit(), and StreamTcpUTInit().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ StreamTcpInitMemuse()

void StreamTcpInitMemuse ( void )

Definition at line 119 of file stream-tcp.c.

References SC_ATOMIC_INIT.

Referenced by UtRunTests().

Here is the caller graph for this function:

◆ StreamTcpInlineMode()

int StreamTcpInlineMode ( void )

See if stream engine is operating in inline mode.

Return values

0	no
1	yes

Definition at line 6850 of file stream-tcp.c.

References TcpStreamCnf_::flags, stream_config, and STREAMTCP_INIT_FLAG_INLINE.

Referenced by StreamDataRightEdge(), StreamReassembleRaw(), StreamReassembleRawHasDataReady(), StreamTcpDetectLogFlush(), and StreamTcpReassembleHandleSegment().

Here is the caller graph for this function:

◆ StreamTcpMemuseCounter()

uint64_t StreamTcpMemuseCounter ( void )

Definition at line 152 of file stream-tcp.c.

References SC_ATOMIC_GET.

Referenced by StreamTcpDecrMemuse(), and StreamTcpIncrMemuse().

Here is the caller graph for this function:

◆ StreamTcpPacket()

int StreamTcpPacket	(	ThreadVars *	tv,
		Packet *	p,
		StreamTcpThread *	stt,
		PacketQueueNoLock *	pq
	)

Definition at line 5320 of file stream-tcp.c.

References TcpSession_::client, DEBUG_ASSERT_FLOW_LOCKED, TcpSession_::flags, Packet_::flow, Packet_::pcap_cnt, PKT_IS_TOCLIENT, PKT_IS_TOSERVER, Flow_::protoctx, SCEnter, SCLogDebug, TcpSession_::server, STREAM_PKT_BROKEN_ACK, STREAMTCP_FLAG_ASYNC, StreamTcpSetEvent, TcpStream_::tcp_flags, TCP_GET_ACK, TcpSession_::tcp_packet_flags, Packet_::tcph, and TH_ACK.

◆ StreamTcpReassembleConfigEnableOverlapCheck()

void StreamTcpReassembleConfigEnableOverlapCheck ( void )

Definition at line 40 of file stream-tcp-list.c.

◆ StreamTcpReassembleMemuseGlobalCounter()

uint64_t StreamTcpReassembleMemuseGlobalCounter ( void )

Definition at line 148 of file stream-tcp-reassemble.c.

References SC_ATOMIC_GET.

Referenced by StreamTcpReassembleDecrMemuse(), and StreamTcpReassembleIncrMemuse().

Here is the caller graph for this function:

◆ StreamTcpRegisterTests()

void StreamTcpRegisterTests ( void )

Definition at line 3401 of file stream-tcp.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ StreamTcpSegmentForEach()

int StreamTcpSegmentForEach	(	const Packet *	p,
		uint8_t	flag,
		StreamSegmentCallback	CallbackFunc,
		void *	data
	)

Definition at line 6697 of file stream-tcp.c.

Referenced by StreamSegmentForEach().

Here is the caller graph for this function:

◆ StreamTcpSegmentForSession()

int StreamTcpSegmentForSession	(	const Packet *	p,
		uint8_t	flag,
		StreamSegmentCallback	CallbackFunc,
		void *	data
	)

Run callback function on each TCP segment in both directions of a session.

Note: when stream engine is running in inline mode all segments are used, in IDS/non-inline mode only ack'd segments are iterated.; Must be called under flow lock.