From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Thu, 22 Dec 2016 19:51:29 +0000 (-0500)
Subject: Merge pull request #762 in SNORT/snort3 from userssn to master
X-Git-Tag: 3.0.0-233~124
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=85e0b461b0c8697e802396809dc0235d82405f9a;p=thirdparty%2Fsnort3.git

Merge pull request #762 in SNORT/snort3 from userssn to master

Squashed commit of the following:

commit 78d6818621bb12500c440b79fd07f36eebaabd5f
Author: Russ Combs <rucombs@cisco.com>
Date:   Thu Dec 22 10:27:09 2016 -0500

    convert debug prints to proper traces

commit c6deeed10fa6fc82f164d54a6562616a18d0b3ce
Author: Russ Combs <rucombs@cisco.com>
Date:   Thu Dec 22 07:10:34 2016 -0500

    fix user session reassembly
---

diff --git a/src/stream/user/user_module.cc b/src/stream/user/user_module.cc
index 6726df9ea..673531f6c 100644
--- a/src/stream/user/user_module.cc
+++ b/src/stream/user/user_module.cc
@@ -26,6 +26,8 @@
 
 using namespace std;
 
+Trace TRACE_NAME(stream_user);
+
 //-------------------------------------------------------------------------
 // stream_user module
 //-------------------------------------------------------------------------
@@ -39,7 +41,7 @@ static const Parameter s_params[] =
 };
 
 StreamUserModule::StreamUserModule() :
-    Module(MOD_NAME, MOD_HELP, s_params)
+    Module(MOD_NAME, MOD_HELP, s_params, false, &TRACE_NAME(stream_user))
 {
     config = nullptr;
 }
@@ -57,13 +59,13 @@ StreamUserConfig* StreamUserModule::get_data()
     return temp;
 }
 
-bool StreamUserModule::set(const char*, Value& v, SnortConfig*)
+bool StreamUserModule::set(const char* fqn, Value& v, SnortConfig* sc)
 {
     if ( v.is("session_timeout") )
         config->session_timeout = v.get_long();
 
     else
-        return false;
+        return Module::set(fqn, v, sc);
 
     return true;
 }
diff --git a/src/stream/user/user_module.h b/src/stream/user/user_module.h
index 69370d3ff..8c0cfa7f0 100644
--- a/src/stream/user/user_module.h
+++ b/src/stream/user/user_module.h
@@ -20,6 +20,7 @@
 #ifndef USER_MODULE_H
 #define USER_MODULE_H
 
+#include "main/snort_debug.h"
 #include "main/snort_types.h"
 #include "main/thread.h"
 #include "framework/module.h"
@@ -31,6 +32,8 @@ extern const PegInfo user_pegs[];
 extern THREAD_LOCAL struct UserStats user_stats;
 extern THREAD_LOCAL ProfileStats user_perf_stats;
 
+extern Trace TRACE_NAME(stream_user);
+
 //-------------------------------------------------------------------------
 // stream_user module
 //-------------------------------------------------------------------------
diff --git a/src/stream/user/user_session.cc b/src/stream/user/user_session.cc
index f24baf480..d4b3792f2 100644
--- a/src/stream/user/user_session.cc
+++ b/src/stream/user/user_session.cc
@@ -153,7 +153,7 @@ void UserTracker::detect(const Packet* p, const StreamBuffer* sb, uint32_t flags
     up.packet_flags |= (p->packet_flags & (PKT_FROM_CLIENT|PKT_FROM_SERVER));
     up.packet_flags |= (p->packet_flags & (PKT_STREAM_EST|PKT_STREAM_UNEST_UNI));
 
-    //printf("user detect[%d] %*s\n", up.dsize, up.dsize, (char*)up.data);
+    trace_logf(stream_user, "detect[%d]\n", up.dsize);
     Snort::detect_rebuilt_packet(&up);
 }
 
@@ -173,7 +173,7 @@ int UserTracker::scan(Packet* p, uint32_t& flags)
 
         flags = p->packet_flags & (PKT_FROM_CLIENT|PKT_FROM_SERVER);
         unsigned len = us->get_unused_len();
-        //printf("user scan[%d] '%*s'\n", len, len, us->get_unused_data());
+        trace_logf(stream_user, "scan[%d]\n", len);
 
         int32_t flush_amt = paf_check(
             splitter, &paf_state, p->flow, us->get_unused_data(), len,
@@ -199,41 +199,42 @@ void UserTracker::flush(Packet* p, unsigned flush_amt, uint32_t flags)
 {
     unsigned bytes_flushed = 0;
     const StreamBuffer* sb = nullptr;
-    //printf("user flush[%d]\n", flush_amt);
+    trace_logf(stream_user, "flush[%d]\n", flush_amt);
     uint32_t rflags = flags & ~PKT_PDU_TAIL;
 
-    while ( !seg_list.empty() and flush_amt )
+    while ( !seg_list.empty() and bytes_flushed < flush_amt )
     {
         UserSegment* us = seg_list.front();
         const uint8_t* data = us->get_data();
         unsigned len = us->get_len();
         unsigned bytes_copied = 0;
 
-        if ( len == flush_amt )
+        if ( len + bytes_flushed > flush_amt )
+            len = flush_amt - bytes_flushed;
+
+        if ( len + bytes_flushed == flush_amt )
             rflags |= (flags & PKT_PDU_TAIL);
 
-        //printf("user reassemble[%d]\n", len);
+        trace_logf(stream_user, "reassemble[%d]\n", len);
         sb = splitter->reassemble(
             p->flow, flush_amt, bytes_flushed, data, len, rflags, bytes_copied);
 
         bytes_flushed += bytes_copied;
+        total -= bytes_copied;
+
         rflags &= ~PKT_PDU_HEAD;
 
         if ( sb )
             detect(p, sb, flags);
 
-        if ( len == bytes_copied )
+        if ( bytes_copied == us->get_len() )
         {
-            total -= len;
-            flush_amt -= len;
             seg_list.pop_front();
             UserSegment::term(us);
         }
         else
         {
-            total -= bytes_copied;
             us->shift(bytes_copied);
-            flush_amt = 0;
         }
     }
 }
@@ -259,7 +260,7 @@ void UserTracker::process(Packet* p)
 
 void UserTracker::add_data(Packet* p)
 {
-    //printf("user add[%d]\n", p->dsize);
+    trace_logf(stream_user, "add[%d]\n", p->dsize);
     unsigned avail = 0;
 
     if ( !seg_list.empty() )