]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1012fc4)
stream-tcp: fix stream depth computation
authorEric Leblond <eric@regit.org>
Fri, 20 Apr 2018 17:23:21 +0000 (19:23 +0200)
committerVictor Julien <victor@inliniac.net>
Mon, 23 Apr 2018 20:08:54 +0000 (22:08 +0200)
The stream depth computation was partly done with the stream_config
depth instead of using the value in the TCP session. As a result,
some configuration were resulting in abnormal behavior.

In particular, when stream depth was 0 and the file store depth was
not 0, Suricata was stopping the streaming on the flow as soon as
the filestore was started.

Reported-by: Pascal Delalande <pdl35@free.fr>
src/stream-tcp-reassemble.c patch | blob | blame | history

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index ba93a0e3629ba916a7a7c0659e933ced8773ffee..9889ff0d1497b782f1f2a938c85fa94914c6a877 100644 (file)
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -559,21 +559,21 @@ static uint32_t StreamTcpReassembleCheckDepth(TcpSession *ssn, TcpStream *stream
      * wraps as well */
     SCLogDebug("seq + size %u, base %u, seg_depth %"PRIu64" limit %u", (seq + size),
             stream->base_seq, seg_depth,
-            stream_config.reassembly_depth);
+            ssn->reassembly_depth);
 
-    if (seg_depth > (uint64_t)stream_config.reassembly_depth) {
+    if (seg_depth > (uint64_t)ssn->reassembly_depth) {
         SCLogDebug("STREAMTCP_STREAM_FLAG_DEPTH_REACHED");
         stream->flags |= STREAMTCP_STREAM_FLAG_DEPTH_REACHED;
         SCReturnUInt(0);
     }
     SCLogDebug("NOT STREAMTCP_STREAM_FLAG_DEPTH_REACHED");
-    SCLogDebug("%"PRIu64" <= %u", seg_depth, stream_config.reassembly_depth);
+    SCLogDebug("%"PRIu64" <= %u", seg_depth, ssn->reassembly_depth);
 #if 0
     SCLogDebug("full depth not yet reached: %"PRIu64" <= %"PRIu32,
             (stream->base_seq_offset + stream->base_seq + size),
-            (stream->isn + stream_config.reassembly_depth));
+            (stream->isn + ssn->reassembly_depth));
 #endif
-    if (SEQ_GEQ(seq, stream->isn) && SEQ_LT(seq, (stream->isn + stream_config.reassembly_depth))) {
+    if (SEQ_GEQ(seq, stream->isn) && SEQ_LT(seq, (stream->isn + ssn->reassembly_depth))) {
         /* packet (partly?) fits the depth window */
 
         if (SEQ_LEQ((seq + size),(stream->isn + 1 + ssn->reassembly_depth))) {
Mirror of https://github.com/OISF/suricata.git