"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/stream/tcp/tcp_reassembler.cc" between
snort3-3.1.29.0.tar.gz and snort3-3.1.30.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

tcp_reassembler.cc  (snort3-3.1.29.0):tcp_reassembler.cc  (snort3-3.1.30.0)
skipping to change at line 769 skipping to change at line 769
memset(ph, 0, sizeof(*ph)); memset(ph, 0, sizeof(*ph));
packet_gettimeofday(&ph->ts); packet_gettimeofday(&ph->ts);
p->pktlen = 0; p->pktlen = 0;
p->data = nullptr; p->data = nullptr;
p->dsize = 0; p->dsize = 0;
p->ptrs.set_pkt_type(PktType::PDU); p->ptrs.set_pkt_type(PktType::PDU);
p->proto_bits |= PROTO_BIT__TCP; p->proto_bits |= PROTO_BIT__TCP;
p->flow = flow; p->flow = flow;
p->packet_flags = flags; p->packet_flags |= flags;
if ( c2s ) if ( c2s )
{ {
p->ptrs.ip_api.set(flow->client_ip, flow->server_ip); p->ptrs.ip_api.set(flow->client_ip, flow->server_ip);
p->ptrs.sp = flow->client_port; p->ptrs.sp = flow->client_port;
p->ptrs.dp = flow->server_port; p->ptrs.dp = flow->server_port;
} }
else else
{ {
p->ptrs.ip_api.set(flow->server_ip, flow->client_ip); p->ptrs.ip_api.set(flow->server_ip, flow->client_ip);
skipping to change at line 793 skipping to change at line 793
p->ip_proto_next = (IpProtocol)flow->ip_proto; p->ip_proto_next = (IpProtocol)flow->ip_proto;
set_inspection_policy(flow->inspection_policy_id); set_inspection_policy(flow->inspection_policy_id);
const SnortConfig* sc = SnortConfig::get_conf(); const SnortConfig* sc = SnortConfig::get_conf();
set_ips_policy(sc, flow->ips_policy_id); set_ips_policy(sc, flow->ips_policy_id);
return p; return p;
} }
void TcpReassembler::flush_queued_segments( void TcpReassembler::finish_and_final_flush(
TcpReassemblerState& trs, Flow* flow, bool clear, Packet* p) TcpReassemblerState& trs, Flow* flow, bool clear, Packet* p)
{ {
bool pending = clear and paf_initialized(&trs.paf_state) bool pending = clear and paf_initialized(&trs.paf_state)
and trs.tracker->splitter_finish(flow); and trs.tracker->splitter_finish(flow);
if ( pending and !(flow->ssn_state.ignore_direction & trs.ignore_dir) ) if ( pending and !(flow->ssn_state.ignore_direction & trs.ignore_dir) )
final_flush(trs, p, trs.packet_dir); final_flush(trs, p, trs.packet_dir);
} }
// Call this only from outside reassembly.
void TcpReassembler::flush_queued_segments( void TcpReassembler::flush_queued_segments(
TcpReassemblerState& trs, Flow* flow, bool clear, const Packet* p) TcpReassemblerState& trs, Flow* flow, bool clear, const Packet* p)
{ {
Packet* pdu = get_packet(flow, trs.packet_dir, trs.server_side);
if ( p ) if ( p )
flush_queued_segments(trs, flow, clear, pdu); {
finish_and_final_flush(trs, flow, clear, const_cast<Packet*>(p));
}
else else
{ {
// if we weren't given a packet, we must establish a context Packet* pdu = get_packet(flow, trs.packet_dir, trs.server_side);
DetectionEngine de;
flush_queued_segments(trs, flow, clear, pdu); bool pending = clear and paf_initialized(&trs.paf_state);
if ( pending )
{
DetectionEngine de;
pending = trs.tracker->splitter_finish(flow);
}
if ( pending and !(flow->ssn_state.ignore_direction & trs.ignore_dir) )
final_flush(trs, pdu, trs.packet_dir);
} }
} }
// this is for post-ack flushing // this is for post-ack flushing
uint32_t TcpReassembler::get_reverse_packet_dir(TcpReassemblerState&, const Pack et* p) uint32_t TcpReassembler::get_reverse_packet_dir(TcpReassemblerState&, const Pack et* p)
{ {
/* Remember, one side's packets are stored in the /* Remember, one side's packets are stored in the
* other side's queue. So when talker ACKs data, * other side's queue. So when talker ACKs data,
* we need to check if we're ready to flush. * we need to check if we're ready to flush.
* *
skipping to change at line 1102 skipping to change at line 1111
fallback(*trs.tracker, trs.server_side); fallback(*trs.tracker, trs.server_side);
return flush_on_data_policy(trs, p); return flush_on_data_policy(trs, p);
} }
else if ( trs.tracker->fin_seq_status >= TcpStreamTracker::FIN_WITH_ SEQ_SEEN and else if ( trs.tracker->fin_seq_status >= TcpStreamTracker::FIN_WITH_ SEQ_SEEN and
-1 <= flush_amt and flush_amt <= 0 and -1 <= flush_amt and flush_amt <= 0 and
trs.paf_state.paf == StreamSplitter::SEARCH and trs.paf_state.paf == StreamSplitter::SEARCH and
!p->flow->searching_for_service() ) !p->flow->searching_for_service() )
{ {
// we are on a FIN, the data has been scanned, it has no gaps, // we are on a FIN, the data has been scanned, it has no gaps,
// but somehow we are waiting for more data - do final flush her e // but somehow we are waiting for more data - do final flush her e
flush_queued_segments(trs, p->flow, true, p ); finish_and_final_flush(trs, p->flow, true, p);
} }
} }
break; break;
} }
if ( !trs.sos.seglist.head ) if ( !trs.sos.seglist.head )
return flushed; return flushed;
if ( trs.tracker->is_retransmit_of_held_packet(p) ) if ( trs.tracker->is_retransmit_of_held_packet(p) )
flushed = perform_partial_flush(trs, p, flushed); flushed = perform_partial_flush(trs, p, flushed);
skipping to change at line 1213 skipping to change at line 1222
skip_seglist_hole(trs, p, flags, flush_amt); skip_seglist_hole(trs, p, flags, flush_amt);
return flush_on_ack_policy(trs, p); return flush_on_ack_policy(trs, p);
} }
else if ( -1 <= flush_amt and flush_amt <= 0 and else if ( -1 <= flush_amt and flush_amt <= 0 and
trs.paf_state.paf == StreamSplitter::SEARCH and trs.paf_state.paf == StreamSplitter::SEARCH and
trs.tracker->fin_seq_status == TcpStreamTracker::FIN_WITH_SEQ_ACKED and trs.tracker->fin_seq_status == TcpStreamTracker::FIN_WITH_SEQ_ACKED and
!p->flow->searching_for_service() ) !p->flow->searching_for_service() )
{ {
// we are acknowledging a FIN, the data has been scanned, it has no gaps, // we are acknowledging a FIN, the data has been scanned, it has no gaps,
// but somehow we are waiting for more data - do final flush here // but somehow we are waiting for more data - do final flush here
flush_queued_segments(trs, p->flow, true, p); finish_and_final_flush(trs, p->flow, true, p);
} }
} }
break; break;
case STREAM_FLPOLICY_ON_DATA: case STREAM_FLPOLICY_ON_DATA:
purge_flushed_ackd(trs); purge_flushed_ackd(trs);
break; break;
} }
return flushed; return flushed;
skipping to change at line 1369 skipping to change at line 1378
{ {
tsd.slide_segment_in_rcv_window(offset); tsd.slide_segment_in_rcv_window(offset);
insert_segment_in_seglist(trs, tsd); insert_segment_in_seglist(trs, tsd);
tsd.slide_segment_in_rcv_window(-offset); tsd.slide_segment_in_rcv_window(-offset);
} }
} }
else else
insert_segment_in_seglist(trs, tsd); insert_segment_in_seglist(trs, tsd);
} }
uint32_t TcpReassembler::perform_partial_flush(TcpReassemblerState& trs, Flow* f low) uint32_t TcpReassembler::perform_partial_flush(TcpReassemblerState& trs, Flow* f low, Packet*& p)
{ {
Packet* p = get_packet(flow, (trs.packet_dir|PKT_WAS_SET), trs.server_side); p = get_packet(flow, trs.packet_dir, trs.server_side);
return perform_partial_flush(trs, p);
uint32_t result = perform_partial_flush(trs, p);
// If the held_packet hasn't been released by perform_partial_flush(),
// call finalize directly.
if ( trs.tracker->is_holding_packet() )
{
trs.tracker->finalize_held_packet(p);
tcpStats.held_packet_purges++;
}
return result;
} }
// No error checking here, so the caller must ensure that p, p->flow and context // No error checking here, so the caller must ensure that p, p->flow and context
// are not null. // are not null.
uint32_t TcpReassembler::perform_partial_flush(TcpReassemblerState& trs, Packet* p, uint32_t flushed) uint32_t TcpReassembler::perform_partial_flush(TcpReassemblerState& trs, Packet* p, uint32_t flushed)
{ {
if ( trs.tracker->get_splitter()->init_partial_flush(p->flow) ) if ( trs.tracker->get_splitter()->init_partial_flush(p->flow) )
{ {
flushed += flush_stream(trs, p, trs.packet_dir, false); flushed += flush_stream(trs, p, trs.packet_dir, false);
paf_jump(&trs.paf_state, flushed); paf_jump(&trs.paf_state, flushed);
 End of changes. 10 change blocks. 
25 lines changed or deleted 23 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)