#include "stream-tcp-private.h"
#include "stream.h"
#include "stream-tcp-reassemble.h"
#include "suricata.h"
#include "util-exception-policy-types.h"

Include dependency graph for stream-tcp.h:

Data Structures
struct	TcpStreamCnf_

struct	StreamTcpThread_

Macros
#define	STREAM_VERBOSE false

#define	STREAMTCP_INIT_FLAG_CHECKSUM_VALIDATION BIT_U8(0)

#define	STREAMTCP_INIT_FLAG_DROP_INVALID BIT_U8(1)

#define	STREAMTCP_INIT_FLAG_BYPASS BIT_U8(2)

#define	STREAMTCP_INIT_FLAG_INLINE BIT_U8(3)

#define	STREAMTCP_INIT_FLAG_DROP_URG BIT_U8(4)

#define	TCP_STREAM_URGENT_DEFAULT TCP_STREAM_URGENT_INLINE

Typedefs
typedef struct TcpStreamCnf_	TcpStreamCnf

typedef struct StreamTcpThread_	StreamTcpThread

typedef int(*	StreamReassembleRawFunc) (void data, const uint8_t input, const uint32_t input_len, const uint64_t offset)

Enumerations
enum	TcpStreamUrgentHandling { TCP_STREAM_URGENT_INLINE, TCP_STREAM_URGENT_DROP, TCP_STREAM_URGENT_OOB, TCP_STREAM_URGENT_GAP }

enum	{ STREAM_HAS_UNPROCESSED_SEGMENTS_NONE = 0, STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION = 1 }

Functions
void	StreamTcpInitConfig (bool)
	To initialize the stream global configuration data. More...

void	StreamTcpFreeConfig (bool)

void	StreamTcpRegisterTests (void)

void	StreamTcpSessionPktFree (Packet *)
	Function to return the stream segments back to the pool. More...

void	StreamTcpInitMemuse (void)

void	StreamTcpIncrMemuse (uint64_t)

void	StreamTcpDecrMemuse (uint64_t)

int	StreamTcpSetMemcap (uint64_t)
	Update memcap value. More...

uint64_t	StreamTcpGetMemcap (void)
	Return memcap value. More...

int	StreamTcpCheckMemcap (uint64_t)
	Check if alloc'ing "size" would mean we're over memcap. More...

uint64_t	StreamTcpMemuseCounter (void)

int	StreamTcpSegmentForEach (const Packet p, uint8_t flag, StreamSegmentCallback CallbackFunc, void data)

int	StreamTcpSegmentForSession (const Packet p, uint8_t flag, StreamSegmentCallback CallbackFunc, void data)
	Run callback function on each TCP segment in both directions of a session. More...

void	StreamTcpReassembleConfigEnableOverlapCheck (void)

void	TcpSessionSetReassemblyDepth (TcpSession *ssn, uint32_t size)

int	StreamReassembleForFrame (TcpSession ssn, TcpStream stream, StreamReassembleRawFunc Callback, void *cb_data, const uint64_t offset, const bool eof)

int	StreamReassembleLog (const TcpSession ssn, const TcpStream stream, StreamReassembleRawFunc Callback, void cb_data, const uint64_t progress_in, uint64_t progress_out, const bool eof)

int	StreamReassembleRaw (TcpSession ssn, const Packet p, StreamReassembleRawFunc Callback, void cb_data, uint64_t progress_out, bool respect_inspect_depth)

void	StreamReassembleRawUpdateProgress (TcpSession ssn, Packet p, const uint64_t progress)
	update stream engine after detection More...

void	StreamTcpDetectLogFlush (ThreadVars tv, StreamTcpThread stt, Flow f, Packet p, PacketQueueNoLock *pq)
	create packets in both directions to flush out logging and detection before switching protocols. In IDS mode, create first in packet dir, 2nd in opposing In IPS mode, do the reverse. Flag TCP engine that data needs to be inspected regardless of how far we are wrt inspect limits. More...

const char *	StreamTcpStateAsString (const enum TcpState)

const char *	StreamTcpSsnStateAsString (const TcpSession *ssn)

enum ExceptionPolicy	StreamTcpSsnMemcapGetExceptionPolicy (void)

enum ExceptionPolicy	StreamTcpReassemblyMemcapGetExceptionPolicy (void)

enum ExceptionPolicy	StreamMidstreamGetExceptionPolicy (void)

TmEcode	StreamTcp (ThreadVars , Packet , void , PacketQueueNoLock )

uint8_t	StreamNeedsReassembly (const TcpSession *ssn, uint8_t direction)
	see what if any work the TCP session still needs More...

TmEcode	StreamTcpThreadInit (ThreadVars , void , void **)

TmEcode	StreamTcpThreadDeinit (ThreadVars tv, void data)

int	StreamTcpPacket (ThreadVars tv, Packet p, StreamTcpThread stt, PacketQueueNoLock pq)

void	StreamTcpSessionClear (void *ssnptr)
	Function to return the stream back to the pool. It returns the segments in the stream to the segment pool. More...

void	StreamTcpSessionCleanup (TcpSession *ssn)
	Session cleanup function. Does not free the ssn. More...

void	StreamTcpStreamCleanup (TcpStream *stream)

int	StreamTcpBypassEnabled (void)

bool	StreamTcpInlineMode (void)
	See if stream engine is operating in inline mode. More...

bool	TcpSessionPacketSsnReuse (const Packet p, const Flow f, const void *tcp_ssn)

void	StreamTcpUpdateAppLayerProgress (TcpSession *ssn, char direction, const uint32_t progress)
	update reassembly progress More...

uint64_t	StreamTcpGetUsable (const TcpStream *stream, const bool eof)

uint64_t	StreamDataRightEdge (const TcpStream *stream, const bool eof)

Variables
TcpStreamCnf	stream_config

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t; Gurvinder Singh gurvi.nosp@m.nder.nosp@m.singh.nosp@m.dahi.nosp@m.ya@gm.nosp@m.ail..nosp@m.com

Definition in file stream-tcp.h.

Macro Definition Documentation

◆ STREAM_VERBOSE

#define STREAM_VERBOSE false

Definition at line 36 of file stream-tcp.h.

◆ STREAMTCP_INIT_FLAG_BYPASS

#define STREAMTCP_INIT_FLAG_BYPASS BIT_U8(2)

Definition at line 41 of file stream-tcp.h.

◆ STREAMTCP_INIT_FLAG_CHECKSUM_VALIDATION

#define STREAMTCP_INIT_FLAG_CHECKSUM_VALIDATION BIT_U8(0)

Definition at line 39 of file stream-tcp.h.

◆ STREAMTCP_INIT_FLAG_DROP_INVALID

#define STREAMTCP_INIT_FLAG_DROP_INVALID BIT_U8(1)

Definition at line 40 of file stream-tcp.h.

◆ STREAMTCP_INIT_FLAG_DROP_URG

#define STREAMTCP_INIT_FLAG_DROP_URG BIT_U8(4)

flag to drop packets with URG flag set

Definition at line 44 of file stream-tcp.h.

◆ STREAMTCP_INIT_FLAG_INLINE

#define STREAMTCP_INIT_FLAG_INLINE BIT_U8(3)

Definition at line 42 of file stream-tcp.h.

◆ TCP_STREAM_URGENT_DEFAULT

#define TCP_STREAM_URGENT_DEFAULT TCP_STREAM_URGENT_INLINE

Definition at line 48 of file stream-tcp.h.

Typedef Documentation

◆ StreamReassembleRawFunc

typedef int(* StreamReassembleRawFunc) (void *data, const uint8_t *input, const uint32_t input_len, const uint64_t offset)

Definition at line 143 of file stream-tcp.h.

◆ StreamTcpThread

typedef struct StreamTcpThread_ StreamTcpThread

◆ TcpStreamCnf

typedef struct TcpStreamCnf_ TcpStreamCnf

Enumeration Type Documentation

◆ anonymous enum

anonymous enum

Enumerator
STREAM_HAS_UNPROCESSED_SEGMENTS_NONE
STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION

Definition at line 188 of file stream-tcp.h.

◆ TcpStreamUrgentHandling

enum TcpStreamUrgentHandling

Enumerator
TCP_STREAM_URGENT_INLINE	treat as inline data
TCP_STREAM_URGENT_DROP	drop TCP packet with URG flag
TCP_STREAM_URGENT_OOB	treat 1 byte of URG data as OOB
TCP_STREAM_URGENT_GAP	treat 1 byte of URG data as GAP

Definition at line 45 of file stream-tcp.h.

Function Documentation

◆ StreamDataRightEdge()

uint64_t StreamDataRightEdge	(	const TcpStream *	stream,
		const bool	eof
	)

Definition at line 417 of file stream-tcp-reassemble.c.

References TcpStream_::base_seq, MIN, TcpStream_::segs_right_edge, STREAM_BASE_OFFSET, and StreamTcpInlineMode().

Here is the call graph for this function:

◆ StreamMidstreamGetExceptionPolicy()

enum ExceptionPolicy StreamMidstreamGetExceptionPolicy ( void )

Definition at line 890 of file stream-tcp.c.

◆ StreamNeedsReassembly()

uint8_t StreamNeedsReassembly	(	const TcpSession *	ssn,
		uint8_t	direction
	)

see what if any work the TCP session still needs

Definition at line 977 of file stream-tcp-reassemble.c.

References TcpStream_::base_seq, TcpSession_::client, TcpStream_::flags, TcpSession_::flags, SCLogDebug, TcpStream_::segs_right_edge, TcpSession_::server, STREAM_APP_PROGRESS, STREAM_BASE_OFFSET, STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION, STREAM_RAW_PROGRESS, STREAMTCP_FLAG_APP_LAYER_DISABLED, and STREAMTCP_STREAM_FLAG_DISABLE_RAW.

Referenced by FlowNeedsReassembly().

Here is the caller graph for this function:

◆ StreamReassembleForFrame()

int StreamReassembleForFrame	(	TcpSession *	ssn,
		TcpStream *	stream,
		StreamReassembleRawFunc	Callback,
		void *	cb_data,
		const uint64_t	offset,
		const bool	eof
	)

Definition at line 1893 of file stream-tcp-reassemble.c.

References SCLogDebug, and STREAM_APP_PROGRESS.

◆ StreamReassembleLog()

int StreamReassembleLog	(	const TcpSession *	ssn,
		const TcpStream *	stream,
		StreamReassembleRawFunc	Callback,
		void *	cb_data,
		const uint64_t	progress_in,
		uint64_t *	progress_out,
		const bool	eof
	)

Definition at line 1970 of file stream-tcp-reassemble.c.

References TcpStream_::flags, and STREAMTCP_STREAM_FLAG_NOREASSEMBLY.

◆ StreamReassembleRaw()

int StreamReassembleRaw	(	TcpSession *	ssn,
		const Packet *	p,
		StreamReassembleRawFunc	Callback,
		void *	cb_data,
		uint64_t *	progress_out,
		bool	respect_inspect_depth
	)

Definition at line 1905 of file stream-tcp-reassemble.c.

References StreamTcpInlineMode().

Referenced by DetectEngineInspectStreamPayload().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ StreamReassembleRawUpdateProgress()

void StreamReassembleRawUpdateProgress	(	TcpSession *	ssn,
		Packet *	p,
		const uint64_t	progress
	)

update stream engine after detection

Tasked with progressing the 'progress' for Raw reassembly. 2 main scenario's:

progress is != 0, so we use this
progress is 0, meaning the detect engine didn't touch raw at all. In this case we need to look into progressing raw anyway.

Additionally, this function is tasked with disabling raw reassembly if the app-layer requested to disable it.

Definition at line 1558 of file stream-tcp-reassemble.c.

References TcpSession_::client, DEBUG_VALIDATE_BUG_ON, TcpStream_::flags, TcpSession_::flags, PKT_IS_TOSERVER, TcpStream_::raw_progress_rel, TcpSession_::server, STREAM_APP_PROGRESS, STREAM_RAW_PROGRESS, STREAMTCP_FLAG_APP_LAYER_DISABLED, and STREAMTCP_STREAM_FLAG_TRIGGER_RAW.

◆ StreamTcp()

TmEcode StreamTcp	(	ThreadVars *	,
		Packet *	,
		void *	,
		PacketQueueNoLock *
	)

Definition at line 5943 of file stream-tcp.c.

References DEBUG_VALIDATE_BUG_ON, Packet_::flow, FlowGetPacketDirection(), Packet_::pcap_cnt, Packet_::pkt_src, PktSrcToString(), SCLogDebug, t_pcapcnt, TM_ECODE_OK, TOSERVER, and unlikely.

Here is the call graph for this function:

◆ StreamTcpBypassEnabled()

int StreamTcpBypassEnabled ( void )

Definition at line 7088 of file stream-tcp.c.

References TcpStreamCnf_::flags, stream_config, and STREAMTCP_INIT_FLAG_BYPASS.

◆ StreamTcpCheckMemcap()

int StreamTcpCheckMemcap ( uint64_t size )

Check if alloc'ing "size" would mean we're over memcap.

Return values

1	if in bounds
0	if not in bounds

Definition at line 266 of file stream-tcp.c.

References SC_ATOMIC_GET, and stream_config.

◆ StreamTcpDecrMemuse()

void StreamTcpDecrMemuse ( uint64_t )

Definition at line 234 of file stream-tcp.c.

References BUG_ON, RunmodeIsUnittests(), SC_ATOMIC_GET, SC_ATOMIC_SUB, SCLogDebug, and StreamTcpMemuseCounter().

Here is the call graph for this function:

◆ StreamTcpDetectLogFlush()

void StreamTcpDetectLogFlush	(	ThreadVars *	tv,
		StreamTcpThread *	stt,
		Flow *	f,
		Packet *	p,
		PacketQueueNoLock *	pq
	)

create packets in both directions to flush out logging and detection before switching protocols. In IDS mode, create first in packet dir, 2nd in opposing In IPS mode, do the reverse. Flag TCP engine that data needs to be inspected regardless of how far we are wrt inspect limits.

Definition at line 6922 of file stream-tcp.c.

References TcpSession_::client, TcpStream_::flags, PKT_IS_TOSERVER, Flow_::protoctx, TcpSession_::server, STREAMTCP_STREAM_FLAG_TRIGGER_RAW, StreamTcpInlineMode(), and ts.

Here is the call graph for this function:

◆ StreamTcpFreeConfig()

void StreamTcpFreeConfig ( bool )

Definition at line 859 of file stream-tcp.c.

References SCMutexLock, and StreamTcpReassembleFree().

Referenced by StreamTcpUTDeinit().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ StreamTcpGetMemcap()

uint64_t StreamTcpGetMemcap ( void )

Return memcap value.

Parameters

memcap memcap value

Definition at line 294 of file stream-tcp.c.

References SC_ATOMIC_GET, and stream_config.

◆ StreamTcpGetUsable()

uint64_t StreamTcpGetUsable	(	const TcpStream *	stream,
		const bool	eof
	)

Definition at line 426 of file stream-tcp-reassemble.c.

Referenced by FrameJsonLogOneFrame().

Here is the caller graph for this function:

◆ StreamTcpIncrMemuse()

void StreamTcpIncrMemuse ( uint64_t )

Definition at line 228 of file stream-tcp.c.

References SC_ATOMIC_ADD, SCLogDebug, and StreamTcpMemuseCounter().

Here is the call graph for this function:

◆ StreamTcpInitConfig()

void StreamTcpInitConfig ( bool quiet )

To initialize the stream global configuration data.

Parameters

quiet It tells the mode of operation, if it is true nothing will be get printed.

Definition at line 488 of file stream-tcp.c.

References TcpStreamCnf_::async_oneside, EngineModeIsIPS(), ExceptionPolicyMidstreamParse(), ExceptionPolicyParse(), FatalError, TcpStreamCnf_::flags, TcpStreamCnf_::midstream, TcpStreamCnf_::midstream_policy, ParseSizeStringU64(), TcpStreamCnf_::prealloc_sessions, TcpStreamCnf_::reassembly_memcap_policy, RunmodeIsUnittests(), SC_ATOMIC_GET, SC_ATOMIC_INIT, SC_ATOMIC_SET, SCConfGet(), SCConfGetBool(), SCConfGetInt(), SCConfGetNode(), SCLogDebug, SCLogError, SCLogWarning, TcpStreamCnf_::ssn_memcap_policy, stream_config, STREAMTCP_DEFAULT_MEMCAP, STREAMTCP_DEFAULT_PREALLOC, STREAMTCP_INIT_FLAG_BYPASS, STREAMTCP_INIT_FLAG_CHECKSUM_VALIDATION, STREAMTCP_INIT_FLAG_DROP_INVALID, STREAMTCP_INIT_FLAG_INLINE, TCP_STREAM_URGENT_DEFAULT, TCP_STREAM_URGENT_DROP, TCP_STREAM_URGENT_GAP, TCP_STREAM_URGENT_INLINE, TCP_STREAM_URGENT_OOB, TcpStreamCnf_::urgent_policy, and WarnInvalidConfEntry.

Referenced by PreRunInit(), and StreamTcpUTInit().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ StreamTcpInitMemuse()

void StreamTcpInitMemuse ( void )

Definition at line 223 of file stream-tcp.c.

References SC_ATOMIC_INIT.

Referenced by UtRunTests().

Here is the caller graph for this function:

◆ StreamTcpInlineMode()

bool StreamTcpInlineMode ( void )

See if stream engine is operating in inline mode.

Return values

0	no
1	yes

Definition at line 7099 of file stream-tcp.c.

References TcpStreamCnf_::flags, stream_config, and STREAMTCP_INIT_FLAG_INLINE.

Referenced by StreamDataRightEdge(), StreamReassembleRaw(), StreamReassembleRawHasDataReady(), and StreamTcpDetectLogFlush().

Here is the caller graph for this function:

◆ StreamTcpMemuseCounter()

uint64_t StreamTcpMemuseCounter ( void )

Definition at line 254 of file stream-tcp.c.

References SC_ATOMIC_GET.

Referenced by StreamTcpDecrMemuse(), and StreamTcpIncrMemuse().

Here is the caller graph for this function:

◆ StreamTcpPacket()

int StreamTcpPacket	(	ThreadVars *	tv,
		Packet *	p,
		StreamTcpThread *	stt,
		PacketQueueNoLock *	pq
	)

Definition at line 5542 of file stream-tcp.c.

References DEBUG_ASSERT_FLOW_LOCKED, Packet_::flow, Packet_::pcap_cnt, Flow_::protoctx, SCEnter, and SCLogDebug.

◆ StreamTcpReassembleConfigEnableOverlapCheck()

void StreamTcpReassembleConfigEnableOverlapCheck ( void )

Definition at line 40 of file stream-tcp-list.c.

◆ StreamTcpReassemblyMemcapGetExceptionPolicy()

enum ExceptionPolicy StreamTcpReassemblyMemcapGetExceptionPolicy ( void )

Definition at line 890 of file stream-tcp.c.

◆ StreamTcpRegisterTests()

void StreamTcpRegisterTests ( void )

Definition at line 3405 of file stream-tcp.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ StreamTcpSegmentForEach()

int StreamTcpSegmentForEach	(	const Packet *	p,
		uint8_t	flag,
		StreamSegmentCallback	CallbackFunc,
		void *	data
	)

Definition at line 6946 of file stream-tcp.c.

References TcpSession_::client, cnt, TcpStreamCnf_::flags, Packet_::flow, TcpStream_::last_ack, PKT_IS_PSEUDOPKT, Flow_::protoctx, RB_FOREACH, TcpStream_::sb, TcpSegment::sbseg, SCLogDebug, TcpStream_::seg_tree, TcpSegment::seq, SEQ_GEQ, TcpSession_::server, stream_config, STREAM_DUMP_TOSERVER, StreamingBufferSegmentGetData(), and STREAMTCP_INIT_FLAG_INLINE.

Referenced by StreamSegmentForEach().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ StreamTcpSegmentForSession()

int StreamTcpSegmentForSession	(	const Packet *	p,
		uint8_t	flag,
		StreamSegmentCallback	CallbackFunc,
		void *	data
	)

Run callback function on each TCP segment in both directions of a session.

Note: when stream engine is running in inline mode all segments are used, in IDS/non-inline mode only ack'd segments are iterated.; Must be called under flow lock.