$<TARGET_OBJECTS:stream_base>
$<TARGET_OBJECTS:stream_ip>
$<TARGET_OBJECTS:stream_icmp>
- $<TARGET_OBJECTS:stream_libtcp>
$<TARGET_OBJECTS:stream_tcp>
$<TARGET_OBJECTS:stream_udp>
$<TARGET_OBJECTS:stream_user>
#include "dce_http_proxy_module.h"
#include "managers/inspector_manager.h"
-#include "stream/libtcp/tcp_stream_session.h"
+#include "stream/tcp/tcp_stream_session.h"
#include "dce_http_proxy_splitter.h"
#include "dce_http_server_module.h"
#include "managers/inspector_manager.h"
-#include "stream/libtcp/tcp_stream_session.h"
+#include "stream/tcp/tcp_stream_session.h"
#include "dce_http_server_splitter.h"
add_subdirectory(base)
add_subdirectory(ip)
add_subdirectory(icmp)
-add_subdirectory(libtcp)
add_subdirectory(tcp)
add_subdirectory(udp)
add_subdirectory(user)
+++ /dev/null
-
-if ( ENABLE_UNIT_TESTS )
- set(TEST_FILES stream_tcp_unit_test.cc)
-endif()
-
-
-add_library( stream_libtcp OBJECT
- tcp_segment_descriptor.cc
- tcp_state_handler.cc
- tcp_state_machine.cc
- tcp_stream_session.cc
- tcp_stream_tracker.cc
- tcp_segment_descriptor.h
- tcp_state_handler.h
- tcp_state_machine.h
- tcp_stream_session.h
- tcp_stream_tracker.h
- ${TEST_FILES}
-)
+++ /dev/null
-This directory contains the implementation of common TCP session tracking functions.
-
-This TCP library module provides the following functions:
-
-* TCP Segment Descriptor - this class provides access to the various fields of the TCP
- header and payload
-
-* TCP Stream Tracker - this class encapsulates all the state information required for
- tracking one side of the TCP connection. For each flow that is tracked there will be
- two instances of this tracker, one for each direction.
-
-* TCP State Handler - abstract class interface that defines a method for handling each
- possible TCP event. For each TCP state a subclass of this class is created with a
- state specific implementation for each event handling method.
-
-* TCP State Machine - this class is the engine that dispatches processing to the correct
- event handling method of the handler for the current TCP state of the flow.
-
-Most of the TCP HA processing is contained in the ../tcp area and one needed to refer
-to ../tcp/dev_notes.txt for a description.
-
-One HA state transition is implemented within this TCP library. In
-TcpStreamSession::clear(), TcpHAManager::process_deletion() is invoked to
-cause HA to generate a Deletion message for the target flow. This handles
-the case where a TCP session is being removed from from the flow cache due
-to a timeout or pruning function. Other normal TCP stream closure actions
-are handled in the ../tcp/tcp_session.cc module.
#include "utils/util.h"
#include "tcp/tcp_session.h"
-#include "libtcp/tcp_stream_session.h"
-
-#ifdef UNIT_TEST
-#include "catch/snort_catch.h"
-#include "libtcp/stream_tcp_unit_test.h"
-#endif
+#include "tcp/tcp_stream_session.h"
using namespace snort;
#ifdef UNIT_TEST
+#include "catch/snort_catch.h"
+#include "tcp/test/stream_tcp_test_utils.h"
+
TEST_CASE("Stream API", "[stream_api][stream]")
{
// initialization code here
+if ( ENABLE_UNIT_TESTS )
+ set(TEST_FILES test/stream_tcp_test_utils.cc)
+endif()
+
add_library( stream_tcp OBJECT
ips_stream_reassemble.cc
ips_stream_size.cc
segment_overlap_editor.cc
stream_tcp.cc
stream_tcp.h
+ tcp_defs.h
+ tcp_event_logger.h
+ tcp_event_logger.cc
tcp_ha.cc
tcp_ha.h
tcp_module.cc
tcp_module.h
- tcp_defs.h
- tcp_event_logger.h
- tcp_event_logger.cc
- tcp_stream_config.h
- tcp_stream_config.cc
- tcp_normalizer.h
tcp_normalizer.cc
- tcp_normalizers.h
+ tcp_normalizer.h
tcp_normalizers.cc
- tcp_segment_node.h
- tcp_segment_node.cc
- tcp_reassembler.h
+ tcp_normalizers.h
tcp_reassembler.cc
- tcp_reassemblers.h
+ tcp_reassembler.h
tcp_reassemblers.cc
+ tcp_reassemblers.h
+ tcp_segment_descriptor.cc
+ tcp_segment_descriptor.h
+ tcp_segment_node.cc
+ tcp_segment_node.h
tcp_session.cc
tcp_session.h
tcp_state_closed.cc
- tcp_state_close_wait.cc
- tcp_state_closing.cc
- tcp_state_established.cc
- tcp_state_fin_wait1.cc
- tcp_state_fin_wait2.cc
- tcp_state_last_ack.cc
- tcp_state_listen.cc
- tcp_state_none.cc
- tcp_state_syn_recv.cc
- tcp_state_syn_sent.cc
- tcp_state_time_wait.cc
tcp_state_closed.h
+ tcp_state_close_wait.cc
tcp_state_close_wait.h
+ tcp_state_closing.cc
tcp_state_closing.h
+ tcp_state_established.cc
tcp_state_established.h
+ tcp_state_fin_wait1.cc
tcp_state_fin_wait1.h
+ tcp_state_fin_wait2.cc
tcp_state_fin_wait2.h
+ tcp_state_handler.cc
+ tcp_state_handler.h
+ tcp_state_last_ack.cc
tcp_state_last_ack.h
+ tcp_state_listen.cc
tcp_state_listen.h
+ tcp_state_machine.cc
+ tcp_state_machine.h
+ tcp_state_none.cc
tcp_state_none.h
+ tcp_state_syn_recv.cc
tcp_state_syn_recv.h
+ tcp_state_syn_sent.cc
tcp_state_syn_sent.h
+ tcp_state_time_wait.cc
tcp_state_time_wait.h
- tcp_stream_state_machine.cc
- tcp_stream_state_machine.h
+ tcp_stream_config.cc
+ tcp_stream_config.h
+ tcp_stream_session.cc
+ tcp_stream_session.h
+ tcp_stream_tracker.cc
+ tcp_stream_tracker.h
+ ${TEST_FILES}
)
add_subdirectory ( test )
packet eval method is not used as the base Stream Inspector delegates
packets directly to the TCP session packet processing method.
+* TCP Segment Descriptor - this class provides access to the various fields of the TCP
+ header and payload
+
+* TCP Stream Tracker - this class encapsulates all the state information required for
+ tracking one side of the TCP connection. For each flow that is tracked there will be
+ two instances of this tracker, one for each direction.
+
+* TCP State Handler - abstract class interface that defines a method for handling each
+ possible TCP event. For each TCP state a subclass of this class is created with a
+ state specific implementation for each event handling method.
+
+* TCP State Machine - this class is the engine that dispatches processing to the correct
+ event handling method of the handler for the current TCP state of the flow.
+
The TCP session module implements the following functions:
* TCP segment normalization. Variations in handling normalization are
place a session into standby mode. Upon receiving an HA Update message,
the flow is first created if necessary, and is then placed into Standby
state. deactivate_session() sets the TCP specific state for Standy mode.
+
+One HA state transition is implemented within this TCP library. In
+TcpStreamSession::clear(), TcpHAManager::process_deletion() is invoked to
+cause HA to generate a Deletion message for the target flow. This handles
+the case where a TCP session is being removed from from the flow cache due
+to a timeout or pruning function. Other normal TCP stream closure actions
+are handled in the ../tcp/tcp_session.cc module.
#include "tcp_session.h"
-#ifdef UNIT_TEST
-#include "catch/snort_catch.h"
-#include "stream/libtcp/stream_tcp_unit_test.h"
-#endif
-
using namespace snort;
//-------------------------------------------------------------------------
#ifdef UNIT_TEST
+#include "catch/snort_catch.h"
#include "framework/cursor.h"
+#include "test/stream_tcp_test_utils.h"
// FIXIT-L these tests need some TLC
TEST_CASE("IPS Stream Reassemble", "[ips_stream_reassemble][stream_tcp]")
#include "tcp_ha.h"
#include "tcp_module.h"
#include "tcp_session.h"
-#include "tcp_stream_state_machine.h"
+#include "tcp_state_machine.h"
using namespace snort;
{ delete p; }
static void stream_tcp_pinit()
-{ TcpStreamStateMachine::initialize(); }
+{ TcpStateMachine::initialize(); }
static void stream_tcp_pterm()
-{ TcpStreamStateMachine::finalize(); }
+{ TcpStateMachine::term(); }
static Session* tcp_ssn(Flow* lws)
{ return new TcpSession(lws); }
#include "tcp_normalizer.h"
-#include "stream/libtcp/tcp_stream_session.h"
-#include "stream/libtcp/tcp_stream_tracker.h"
-
#include "packet_io/active.h"
+#include "tcp_stream_session.h"
+#include "tcp_stream_tracker.h"
+
+
using namespace snort;
THREAD_LOCAL PegCount tcp_norm_stats[PC_TCP_MAX][NORM_MODE_MAX];
#include "tcp_normalizers.h"
#include "tcp_module.h"
-#include "stream/libtcp/tcp_segment_descriptor.h"
-#include "stream/libtcp/tcp_stream_session.h"
-#include "stream/libtcp/tcp_stream_tracker.h"
+#include "tcp_segment_descriptor.h"
+#include "tcp_stream_session.h"
+#include "tcp_stream_tracker.h"
using namespace snort;
#endif
#include "tcp_reassemblers.h"
-#include "stream/libtcp/tcp_stream_tracker.h"
+#include "tcp_stream_tracker.h"
class TcpReassemblerFirst : public TcpReassembler
{
#define TCP_SEGMENT_H
#include "main/snort_debug.h"
-#include "stream/libtcp/tcp_segment_descriptor.h"
-#include "stream/tcp/tcp_defs.h"
+
+#include "tcp_segment_descriptor.h"
+#include "tcp_defs.h"
class TcpSegmentDescriptor;
#include "tcp_normalizers.h"
#include "tcp_reassemblers.h"
#include "tcp_segment_node.h"
-#include "tcp_stream_state_machine.h"
+#include "tcp_state_machine.h"
using namespace snort;
TcpSession::TcpSession(Flow* flow)
: TcpStreamSession(flow)
{
- tsm = TcpStreamStateMachine::get_instance();
+ tsm = TcpStateMachine::get_instance();
splitter_init = false;
client.session = this;
#ifndef TCP_SESSION_H
#define TCP_SESSION_H
-#include "stream/libtcp/tcp_state_machine.h"
-#include "stream/libtcp/tcp_stream_session.h"
-#include "stream/libtcp/tcp_stream_tracker.h"
+#include "tcp_state_machine.h"
+#include "tcp_stream_session.h"
+#include "tcp_stream_tracker.h"
namespace snort
{
#ifndef TCP_STATE_CLOSE_WAIT_H
#define TCP_STATE_CLOSE_WAIT_H
-#include "stream/libtcp/tcp_state_handler.h"
+#include "tcp_state_handler.h"
class TcpStateCloseWait : public TcpStateHandler
{
#ifndef TCP_STATE_CLOSED_H
#define TCP_STATE_CLOSED_H
-#include "stream/libtcp/tcp_state_handler.h"
+#include "tcp_state_handler.h"
class TcpStateClosed : public TcpStateHandler
{
#ifndef TCP_STATE_CLOSING_H
#define TCP_STATE_CLOSING_H
-#include "stream/libtcp/tcp_state_handler.h"
+#include "tcp_state_handler.h"
class TcpStateClosing : public TcpStateHandler
{
#ifndef TCP_STATE_ESTABLISHED_H
#define TCP_STATE_ESTABLISHED_H
-#include "stream/libtcp/tcp_state_handler.h"
+#include "tcp_state_handler.h"
class TcpStateEstablished : public TcpStateHandler
{
#ifndef TCP_STATE_FIN_WAIT1_H
#define TCP_STATE_FIN_WAIT1_H
-#include "stream/libtcp/tcp_state_handler.h"
+#include "tcp_state_handler.h"
class TcpStateFinWait1 : public TcpStateHandler
{
#ifndef TCP_STATE_FIN_WAIT2_H
#define TCP_STATE_FIN_WAIT2_H
-#include "stream/libtcp/tcp_state_handler.h"
+#include "tcp_state_handler.h"
class TcpStateFinWait2 : public TcpStateHandler
{
#include <iostream>
-#include "tcp_segment_descriptor.h"
#include "tcp_state_machine.h"
#ifdef UNIT_TEST
#define TCP_STATE_HANDLER_H
#include "protocols/tcp.h"
-#include "stream/libtcp/tcp_stream_tracker.h"
+
+#include "tcp_stream_tracker.h"
class TcpSegmentDescriptor;
class TcpStateMachine;
#ifndef TCP_STATE_LAST_ACK_H
#define TCP_STATE_LAST_ACK_H
-#include "stream/libtcp/tcp_state_handler.h"
+#include "tcp_state_handler.h"
class TcpStateLastAck : public TcpStateHandler
{
#ifndef TCP_STATE_LISTEN_H
#define TCP_STATE_LISTEN_H
-#include "stream/libtcp/tcp_state_handler.h"
+#include "tcp_state_handler.h"
class TcpStateListen : public TcpStateHandler
{
#include "tcp_state_machine.h"
+#include "tcp_state_none.h"
+#include "tcp_state_closed.h"
+#include "tcp_state_listen.h"
+#include "tcp_state_syn_sent.h"
+#include "tcp_state_syn_recv.h"
+#include "tcp_state_established.h"
+#include "tcp_state_close_wait.h"
+#include "tcp_state_closing.h"
+#include "tcp_state_fin_wait1.h"
+#include "tcp_state_fin_wait2.h"
+#include "tcp_state_last_ack.h"
+#include "tcp_state_time_wait.h"
+
+TcpStateMachine* TcpStateMachine::tsm = nullptr;
+
+TcpStateMachine* TcpStateMachine::initialize()
+{
+ assert(!tsm);
+ TcpStateMachine::tsm = new TcpStateMachine();
+ return TcpStateMachine::tsm;
+}
+
+void TcpStateMachine::term()
+{
+ delete TcpStateMachine::tsm;
+ TcpStateMachine::tsm = nullptr;
+}
+
TcpStateMachine::TcpStateMachine()
{
for ( auto s = TcpStreamTracker::TCP_LISTEN; s < TcpStreamTracker::TCP_MAX_STATES; s++ )
tcp_state_handlers[ s ] = nullptr;
+
+ // initialize stream tracker state machine with handler for each state...
+ new TcpStateNone(*this);
+ new TcpStateClosed(*this);
+ new TcpStateListen(*this);
+ new TcpStateSynSent(*this);
+ new TcpStateSynRecv(*this);
+ new TcpStateEstablished(*this);
+ new TcpStateFinWait1(*this);
+ new TcpStateFinWait2(*this);
+ new TcpStateClosing(*this);
+ new TcpStateCloseWait(*this);
+ new TcpStateLastAck(*this);
+ new TcpStateTimeWait(*this);
}
TcpStateMachine::~TcpStateMachine()
#ifndef TCP_STATE_MACHINE_H
#define TCP_STATE_MACHINE_H
-#include "stream/libtcp/tcp_state_handler.h"
-#include "stream/libtcp/tcp_stream_tracker.h"
-#include "stream/libtcp/tcp_segment_descriptor.h"
+#include "tcp_segment_descriptor.h"
+#include "tcp_state_handler.h"
+#include "tcp_stream_tracker.h"
class TcpStateMachine
{
public:
virtual ~TcpStateMachine();
+ static TcpStateMachine* initialize();
+ static void term();
+
+ static TcpStateMachine* get_instance()
+ { return TcpStateMachine::tsm; }
+
virtual void register_state_handler(TcpStreamTracker::TcpState, TcpStateHandler&);
virtual bool eval(TcpSegmentDescriptor&, TcpStreamTracker&, TcpStreamTracker&);
protected:
TcpStateMachine();
+ static TcpStateMachine* tsm;
TcpStateHandler* tcp_state_handlers[ TcpStreamTracker::TCP_MAX_STATES ];
};
#ifndef TCP_STATE_NONE_H
#define TCP_STATE_NONE_H
-#include "stream/libtcp/tcp_state_handler.h"
+#include "tcp_state_handler.h"
class TcpStateNone : public TcpStateHandler
{
#ifndef TCP_STATE_SYN_RECV_H
#define TCP_STATE_SYN_RECV_H
-#include "stream/libtcp/tcp_state_handler.h"
+#include "tcp_state_handler.h"
class TcpStateSynRecv : public TcpStateHandler
{
#ifndef TCP_STATE_SYN_SENT_H
#define TCP_STATE_SYN_SENT_H
-#include "stream/libtcp/tcp_state_handler.h"
+#include "tcp_state_handler.h"
class TcpStateSynSent : public TcpStateHandler
{
#ifndef TCP_STATE_TIME_WAIT_H
#define TCP_STATE_TIME_WAIT_H
-#include "stream/libtcp/tcp_state_handler.h"
+#include "tcp_state_handler.h"
class TcpStateTimeWait : public TcpStateHandler
{
#include "flow/session.h"
#include "protocols/ipv6.h"
-#include "stream/libtcp/tcp_stream_tracker.h"
-#include "stream/tcp/tcp_stream_config.h"
+#include "tcp_stream_config.h"
+#include "tcp_stream_tracker.h"
#ifdef DEBUG_MSGS
extern const char* const flush_policy_names[];
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2019 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-
-// tcp_stream_state_machine.cc author davis mcpherson <davmcphe@cisco.com>
-// Created on: Apr 1, 2016
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "tcp_stream_state_machine.h"
-
-#include "tcp_state_none.h"
-#include "tcp_state_closed.h"
-#include "tcp_state_listen.h"
-#include "tcp_state_syn_sent.h"
-#include "tcp_state_syn_recv.h"
-#include "tcp_state_established.h"
-#include "tcp_state_close_wait.h"
-#include "tcp_state_closing.h"
-#include "tcp_state_fin_wait1.h"
-#include "tcp_state_fin_wait2.h"
-#include "tcp_state_last_ack.h"
-#include "tcp_state_time_wait.h"
-
-TcpStreamStateMachine* TcpStreamStateMachine::tsm = nullptr;
-
-TcpStateMachine* TcpStreamStateMachine::initialize()
-{
- assert(!tsm);
- TcpStreamStateMachine::tsm = new TcpStreamStateMachine();
- return TcpStreamStateMachine::tsm;
-}
-
-void TcpStreamStateMachine::finalize()
-{
- delete TcpStreamStateMachine::tsm;
- TcpStreamStateMachine::tsm = nullptr;
-}
-
-TcpStreamStateMachine::TcpStreamStateMachine()
-{
- // initialize stream tracker state machine with handler for each state...
- new TcpStateNone(*this);
- new TcpStateClosed(*this);
- new TcpStateListen(*this);
- new TcpStateSynSent(*this);
- new TcpStateSynRecv(*this);
- new TcpStateEstablished(*this);
- new TcpStateFinWait1(*this);
- new TcpStateFinWait2(*this);
- new TcpStateClosing(*this);
- new TcpStateCloseWait(*this);
- new TcpStateLastAck(*this);
- new TcpStateTimeWait(*this);
-}
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2019 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-
-// tcp_stream_state_machine.h author davis mcpherson <davmcphe@cisco.com>
-// Created on: Apr 1, 2016
-
-#ifndef TCP_STREAM_STATE_MACHINE_H
-#define TCP_STREAM_STATE_MACHINE_H
-
-#include "stream/libtcp/tcp_state_machine.h"
-
-class TcpStreamStateMachine: public TcpStateMachine
-{
-public:
- static TcpStateMachine* initialize();
- static void finalize();
-
- static TcpStateMachine* get_instance()
- { return TcpStreamStateMachine::tsm; }
-
-private:
- TcpStreamStateMachine();
-
- static TcpStreamStateMachine* tsm;
-
-};
-#endif
-
#include <daq_common.h>
#include "stream/paf.h"
-#include "stream/tcp/segment_overlap_editor.h"
-#include "stream/tcp/tcp_defs.h"
-#include "stream/tcp/tcp_normalizers.h"
-#include "stream/tcp/tcp_reassemblers.h"
-#include "stream/libtcp/tcp_segment_descriptor.h"
+#include "segment_overlap_editor.h"
+#include "tcp_defs.h"
+#include "tcp_normalizers.h"
+#include "tcp_reassemblers.h"
+#include "tcp_segment_descriptor.h"
/* Only track a maximum number of alerts per session */
#define MAX_SESSION_ALERTS 8
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// stream_libtcp_unit_test.h author davis mcpherson <davmcphe@@cisco.com>
+// stream_tcp_test_utils.cc author davis mcpherson <davmcphe@cisco.com>
// Created on: Jul 30, 2015
-#include "stream_tcp_unit_test.h"
-
-#ifndef STREAM_LIBTCP_UNIT_TEST
-#define STREAM_LIBTCP_UNIT_TEST
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "stream_tcp_unit_test.h"
+#include "stream_tcp_test_utils.h"
#include "detection/ips_context.h"
#include "protocols/packet.h"
#include "protocols/tcp.h"
-#include "stream/tcp/tcp_session.h"
+
+#include "../tcp_session.h"
using namespace snort;
return pkt;
}
-#endif
-
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// stream_libtcp_unit_test.h author davis mcpherson <davmcphe@@cisco.com>
+// stream_tcp_test_utils.h author davis mcpherson <davmcphe@cisco.com>
// Created on: Jul 30, 2015
-#ifndef STREAM_LIBTCP_UNIT_TEST_H
-#define STREAM_LIBTCP_UNIT_TEST_H
+#ifndef STREAM_TCP_TEST_UTILS_H
+#define STREAM_TCP_TEST_UTILS_H
namespace snort
{
projects / thirdparty / snort3.git / commitdiff
