]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
projects / thirdparty / snort3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cfbe8cb)
Merge pull request #1713 in SNORT/snort3 from ~NIHDESAI/snort3:small_segs to master
authorMike Stepanek (mstepane) <mstepane@cisco.com>
Thu, 22 Aug 2019 15:14:19 +0000 (11:14 -0400)
committerMike Stepanek (mstepane) <mstepane@cisco.com>
Thu, 22 Aug 2019 15:14:19 +0000 (11:14 -0400)
Squashed commit of the following:

commit 548c72921772fd15d7b263602ab5c6f03ea048ce
Author: russ <rucombs@cisco.com>
Date:   Wed Jul 10 15:54:14 2019 -0400

    stream_tcp: clear consecutive small segs count upon non-small segs only

src/stream/libtcp/tcp_stream_tracker.cc patch | blob | blame | history
src/stream/tcp/tcp_session.cc patch | blob | blame | history

diff --git a/src/stream/libtcp/tcp_stream_tracker.cc b/src/stream/libtcp/tcp_stream_tracker.cc
index a2070b58ab0c03766621107b12103f9e678d519f..548a2d33505352c4c1f65b6b809d787ec226c7c9 100644 (file)
--- a/src/stream/libtcp/tcp_stream_tracker.cc
+++ b/src/stream/libtcp/tcp_stream_tracker.cc
@@ -497,9 +497,6 @@ void TcpStreamTracker::update_tracker_ack_sent(TcpSegmentDescriptor& tsd)
     if ( SEQ_GT(tsd.get_end_seq(), snd_nxt) )
         snd_nxt = tsd.get_end_seq();
 
-    if ( !SEQ_EQ(r_win_base, tsd.get_seg_ack() ) )
-        small_seg_count = 0;
-
     if ( SEQ_GT(tsd.get_seg_ack(), r_win_base) )
         r_win_base = tsd.get_seg_ack();
 
diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc
index 6be16a1d6dfee901f09d9f703a3379679b4c01c2..ba46c5f013ed24401d4b8a79ec054f1072749333 100644 (file)
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -292,19 +292,13 @@ bool TcpSession::flow_exceeds_config_thresholds(TcpSegmentDescriptor& tsd)
     if ( ( config->flags & STREAM_CONFIG_NO_ASYNC_REASSEMBLY ) && !flow->two_way_traffic() )
         return true;
 
-    if ( config->max_consec_small_segs
-            && ( tsd.get_seg_len() < config->max_consec_small_seg_size ) )
+    if ( config->max_consec_small_segs )
     {
-        listener->small_seg_count++;
+        if ( tsd.get_seg_len() >= config->max_consec_small_seg_size )
+            listener->small_seg_count = 0;
 
-        if ( listener->small_seg_count > config->max_consec_small_segs )
-        {
-            /* Above threshold, log it...  in this TCP policy,
-             * action controlled by preprocessor rule. */
+        else if ( ++listener->small_seg_count == config->max_consec_small_segs )
             tel.set_tcp_event(EVENT_MAX_SMALL_SEGS_EXCEEDED);
-            /* Reset counter, so we're not too noisy */
-            listener->small_seg_count = 0;
-        }
     }
 
     if ( config->max_queued_bytes
Mirror of https://github.com/snort3/snort3.git