bool SegmentOverlapEditor::zwp_data_mismatch(
TcpReassemblerState& trs, TcpSegmentDescriptor& tsd, uint32_t overlap)
{
- if ( overlap == ZERO_WIN_PROBE_LEN
+ if ( overlap == MAX_ZERO_WIN_PROBE_LEN
and trs.sos.right->i_seq == trs.tracker->normalizer.get_zwp_seq()
and (trs.sos.right->data[0] != tsd.get_pkt()->data[0]) )
{
#define SLAM_MAX 4
-#define ZERO_WIN_PROBE_LEN 1
+#define MAX_ZERO_WIN_PROBE_LEN 1
// target-based policy types - changes to this enum require changes to stream.h::TCP_POLICIES
enum StreamPolicy : uint8_t
uint32_t TcpNormalizer::get_stream_window(
TcpNormalizerState& tns, TcpSegmentDescriptor& tsd)
{
- int32_t window;
-
if ( tns.tracker->get_snd_wnd() )
{
if ( !(tns.session->flow->session_state & STREAM_STATE_MIDSTREAM ) )
return tns.tracker->get_snd_wnd();
// ensure the data is in the window
- window = tsd.get_end_seq() - tns.tracker->r_win_base;
+ return data_inside_window(tns, tsd);
+}
+
+uint32_t TcpNormalizer::data_inside_window(
+ TcpNormalizerState& tns, TcpSegmentDescriptor& tsd)
+{
+ int32_t window = tsd.get_end_seq() - tns.tracker->r_win_base;
if ( window < 0 )
- window = 0;
+ return 0;
- return (uint32_t)window;
+ return (uint32_t) window;
}
uint32_t TcpNormalizer::get_tcp_timestamp(
virtual void ecn_stripper(State&, TcpSegmentDescriptor&);
virtual uint32_t get_zwp_seq(State&);
virtual uint32_t get_stream_window(State&, TcpSegmentDescriptor&);
+ virtual uint32_t data_inside_window(State&, TcpSegmentDescriptor&);
virtual uint32_t get_tcp_timestamp(State&, TcpSegmentDescriptor&, bool strip);
virtual int handle_paws(State&, TcpSegmentDescriptor&);
virtual bool validate_rst(State&, TcpSegmentDescriptor&);
uint32_t get_stream_window(TcpSegmentDescriptor& tsd)
{ return norm->get_stream_window(tns, tsd); }
+ uint32_t data_inside_window(TcpSegmentDescriptor& tsd)
+ { return norm->data_inside_window(tns, tsd); }
+
uint32_t get_tcp_timestamp(TcpSegmentDescriptor& tsd, bool strip)
{ return norm->get_tcp_timestamp(tns, tsd, strip); }
if ( tcp_config->policy != StreamPolicy::OS_PROXY
and listener->normalizer.get_stream_window(tsd) == 0 )
{
- if (tsd.get_len() == ZERO_WIN_PROBE_LEN)
+ if ( !listener->normalizer.data_inside_window(tsd) or !listener->get_iss() )
{
- tcpStats.zero_win_probes++;
- listener->normalizer.set_zwp_seq(seq);
+ listener->normalizer.trim_win_payload(tsd);
+ return STREAM_UNALIGNED;
}
else
{
- bool force = (tsd.is_nap_policy_inline() && listener->get_iss());
- listener->normalizer.trim_win_payload(tsd, 0, force);
- return STREAM_UNALIGNED;
+ tcpStats.zero_win_probes++;
+ listener->normalizer.set_zwp_seq(seq);
+ listener->normalizer.trim_win_payload(tsd, MAX_ZERO_WIN_PROBE_LEN, tsd.is_nap_policy_inline());
}
}
if ( tcp_config->policy != StreamPolicy::OS_PROXY
and listener->normalizer.get_stream_window(tsd) == 0 )
{
- if (tsd.get_len() == ZERO_WIN_PROBE_LEN)
+ if ( SEQ_EQ(seq, listener->normalizer.get_zwp_seq()) )
+ {
tcpStats.zero_win_probes++;
+ listener->normalizer.trim_win_payload(tsd, MAX_ZERO_WIN_PROBE_LEN, tsd.is_nap_policy_inline());
+ return STREAM_UNALIGNED;
+ }
- bool force = (tsd.is_nap_policy_inline() && listener->get_iss());
- listener->normalizer.trim_win_payload(tsd, 0, force);
+ listener->normalizer.trim_win_payload(tsd);
return STREAM_UNALIGNED;
}
if ( tsd.is_data_segment() )
projects / thirdparty / snort3.git / commitdiff
