*
* \retval on valid ACK it return TRUE and on invalid ACK, it returns FALSE
*/
-static inline uint8_t StreamTcpValidateAck(TcpStream *stream, Packet *p)
+static inline int StreamTcpValidateAck(TcpStream *stream, Packet *p)
{
- uint8_t ret = FALSE;
+ SCEnter();
- if (SEQ_GT(TCP_GET_ACK(p), stream->last_ack) &&
- (SEQ_LEQ(TCP_GET_ACK(p) + p->payload_len, stream->next_win)))
- {
- ret = TRUE;
+ if (SEQ_GEQ(TCP_GET_ACK(p), stream->last_ack)) {
+ if (SEQ_LEQ(TCP_GET_ACK(p) + p->payload_len, stream->next_win))
+ {
+ SCReturnInt(1);
+ }
+ } else {
+ SCLogDebug("pkt ACK %"PRIu32" < stream last ACK %"PRIu32, TCP_GET_ACK(p), stream->last_ack);
}
- return ret;
+ SCReturnInt(0);
}
/**
/* we need to make sure that both sequence and the ack are
of sane values */
- if ((StreamTcpValidateAck(&ssn->client, p) == TRUE))
+ if (StreamTcpValidateAck(&ssn->client, p))
ssn->client.last_ack = TCP_GET_ACK(p);
+
ssn->server.next_seq += p->payload_len;
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
/* we need to make sure that both sequence and the ack are of
sane values */
- if ((StreamTcpValidateAck(&ssn->server, p) == TRUE))
+ if (StreamTcpValidateAck(&ssn->server, p))
ssn->server.last_ack = TCP_GET_ACK(p);
ssn->client.next_seq += p->payload_len;
"ACK %" PRIu32 ", WIN %"PRIu16"", ssn, p->payload_len,
TCP_GET_SEQ(p), TCP_GET_ACK(p), TCP_GET_WINDOW(p));
- if (!(SEQ_GEQ(TCP_GET_SEQ(p), ssn->client.last_ack))) {
+ if (!(SEQ_GEQ((TCP_GET_SEQ(p)+p->payload_len), ssn->client.last_ack))) {
if (ssn->flags & STREAMTCP_FLAG_ASYNC) {
SCLogDebug("ssn %p: server => Asynchrouns stream, packet SEQ"
" %" PRIu32 ", payload size %" PRIu32 " (%" PRIu32 "),"
ssn->client.last_ack, ssn->client.next_win,
TCP_GET_SEQ(p) + p->payload_len - ssn->client.next_win);
- StreamTcpSetEvent(p, STREAM_EST_SEQ_BEFORE_LAST_ACK);
+ StreamTcpSetEvent(p, STREAM_EST_PKT_BEFORE_LAST_ACK);
return -1;
}
}
ssn->server.window);
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->server, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->server, p)) {
ssn->server.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the server packet
and client has already received and acked it */
" %" PRIu32 "", ssn, ssn->server.next_win);
}
- if (!(SEQ_GEQ(TCP_GET_SEQ(p), ssn->server.last_ack))) {
+ if (!(SEQ_GEQ((TCP_GET_SEQ(p)+p->payload_len), ssn->server.last_ack))) {
if (ssn->flags & STREAMTCP_FLAG_ASYNC) {
SCLogDebug("ssn %p: client => Asynchrouns stream, packet SEQ"
ssn->server.last_ack = TCP_GET_SEQ(p);
} else {
- StreamTcpSetEvent(p, STREAM_EST_SEQ_BEFORE_LAST_ACK);
+ SCLogDebug("ssn %p: PKT SEQ %"PRIu32" payload_len %"PRIu16
+ " before last_ack %"PRIu32,
+ ssn, TCP_GET_SEQ(p), p->payload_len, ssn->server.last_ack);
+ StreamTcpSetEvent(p, STREAM_EST_PKT_BEFORE_LAST_ACK);
return -1;
}
}
ssn->client.window);
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->client, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->client, p)) {
ssn->client.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client packet
and server has already received and acked it */
return -1;
}
- SCLogDebug("StreamTcpPacketStateEstablished (%p): FIN received SEQ"
+ SCLogDebug("ssn (%p: FIN received SEQ"
" %" PRIu32 ", last ACK %" PRIu32 ", next win %"PRIu32","
" win %" PRIu32 "", ssn, ssn->server.next_seq,
ssn->client.last_ack, ssn->server.next_win,
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->server, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->server, p)) {
ssn->server.last_ack = TCP_GET_ACK(p);
}
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->client, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->client, p)) {
ssn->client.last_ack = TCP_GET_ACK(p);
}
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->server, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->server, p)) {
ssn->server.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client packet
and server has already received and acked it */
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->client, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->client, p)) {
ssn->client.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client packet
and server has already received and acked it */
switch (p->tcph->th_flags) {
case TH_ACK:
+ case TH_ACK|TH_PUSH:
case TH_ACK|TH_URG:
case TH_ACK|TH_ECN:
case TH_ACK|TH_ECN|TH_CWR:
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->server, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->server, p)) {
ssn->server.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->client, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->client, p)) {
ssn->client.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->server, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->server, p)) {
ssn->server.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->client, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->client, p)) {
ssn->client.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
switch (p->tcph->th_flags) {
case TH_ACK:
+ case TH_ACK|TH_PUSH:
case TH_ACK|TH_URG:
case TH_ACK|TH_ECN:
case TH_ACK|TH_ECN|TH_CWR:
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->server, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->server, p)) {
ssn->server.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->client, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->client, p)) {
ssn->client.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->server, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->server, p)) {
ssn->server.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->client, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->client, p)) {
ssn->client.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
switch(p->tcph->th_flags) {
case TH_ACK:
+ case TH_ACK|TH_PUSH:
case TH_ACK|TH_ECN:
case TH_ACK|TH_ECN|TH_CWR:
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->server, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->server, p)) {
ssn->server.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->client, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->client, p)) {
ssn->client.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->client, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->client, p)) {
ssn->client.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->server, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->server, p)) {
ssn->server.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->client, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->client, p)) {
ssn->client.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->server, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->server, p)) {
ssn->server.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
switch(p->tcph->th_flags) {
case TH_ACK:
+ case TH_ACK|TH_PUSH:
case TH_ACK|TH_ECN:
case TH_ACK|TH_ECN|TH_CWR:
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->server, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->server, p)) {
ssn->server.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
switch(p->tcph->th_flags) {
case TH_ACK:
+ case TH_ACK|TH_PUSH:
case TH_ACK|TH_ECN:
case TH_ACK|TH_ECN|TH_CWR:
ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->server, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->server, p)) {
ssn->server.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale;
/* Check if the ACK value is sane and inside the window limit */
- if (StreamTcpValidateAck(&ssn->client, p) == TRUE) {
+ if (StreamTcpValidateAck(&ssn->client, p)) {
ssn->client.last_ack = TCP_GET_ACK(p);
/* Update the next_seq, in case if we have missed the client
packet and server has already received and acked it */
PacketQueue *pq)
{
SCEnter();
+
+ SCLogDebug("p->pcap_cnt %"PRIu64, p->pcap_cnt);
+
TcpSession *ssn = (TcpSession *)p->flow->protoctx;
/* If we are on IPS mode, and got a drop action triggered from
static int StreamTcpTest23(void)
{
TcpSession ssn;
- Packet *p = SCMalloc(SIZE_OF_PACKET);
- if (p == NULL)
- return 0;
Flow f;
TCPHdr tcph;
TcpReassemblyThreadCtx *ra_ctx = StreamTcpReassembleInitThreadCtx();
ThreadVars tv;
int result = 1;
PacketQueue pq;
+
+ Packet *p = SCMalloc(SIZE_OF_PACKET);
+ if (p == NULL)
+ return 0;
+
memset(&pq,0,sizeof(PacketQueue));
+ memset(&ssn, 0, sizeof (TcpSession));
+ memset(p, 0, SIZE_OF_PACKET);
+ p->pkt = (uint8_t *)(p + 1);
+ memset(&f, 0, sizeof (Flow));
+ memset(&tcph, 0, sizeof (TCPHdr));
+ memset(&tv, 0, sizeof (ThreadVars));
StreamTcpInitConfig(TRUE);
StreamMsgQueueSetMinChunkLen(FLOW_PKT_TOSERVER, 4096);
StreamMsgQueueSetMinChunkLen(FLOW_PKT_TOCLIENT, 4096);
- memset(&ssn, 0, sizeof (TcpSession));
- memset(p, 0, SIZE_OF_PACKET);
- p->pkt = (uint8_t *)(p + 1);
- memset(&f, 0, sizeof (Flow));
- memset(&tcph, 0, sizeof (TCPHdr));
- memset(&tv, 0, sizeof (ThreadVars));
ssn.client.os_policy = OS_POLICY_BSD;
f.protoctx = &ssn;
p->src.family = AF_INET;
p->tcph = &tcph;
p->flowflags = FLOW_PKT_TOSERVER;
p->payload = packet;
+ ssn.client.ra_app_base_seq = ssn.client.ra_raw_base_seq = ssn.client.last_ack = 3184324453UL;
p->tcph->th_seq = htonl(3184324453UL);
p->tcph->th_ack = htonl(3373419609UL);
p->payload_len = 2;
if (StreamTcpReassembleHandleSegment(&tv, ra_ctx,&ssn, &ssn.client, p, &pq) == -1) {
- printf("failed in segment reassmebling\n");
+ printf("failed in segment reassmebling: ");
result &= 0;
goto end;
}
p->payload_len = 2;
if (StreamTcpReassembleHandleSegment(&tv, ra_ctx,&ssn, &ssn.client, p, &pq) == -1) {
- printf("failed in segment reassmebling\n");
+ printf("failed in segment reassmebling: ");
result &= 0;
goto end;
}
p->payload_len = 6;
if (StreamTcpReassembleHandleSegment(&tv, ra_ctx,&ssn, &ssn.client, p, &pq) == -1) {
- printf("failed in segment reassmebling\n");
+ printf("failed in segment reassmebling: ");
result &= 0;
- goto end;
+// goto end;
}
if(ssn.client.seg_list_tail->payload_len != 4) {
- printf("failed in segment reassmebling\n");
+ printf("failed in segment reassmebling: ");
result &= 0;
}
p->tcph = &tcph;
p->flowflags = FLOW_PKT_TOSERVER;
p->payload = packet;
+ ssn.client.ra_app_base_seq = ssn.client.ra_raw_base_seq = ssn.client.last_ack = 3184324453UL;
p->tcph->th_seq = htonl(3184324455UL);
p->tcph->th_ack = htonl(3373419621UL);
projects / people / ms / suricata.git / commitdiff
