{ CountType::SUM, "resyns", "SYN received on established session" },
{ CountType::SUM, "discards", "tcp packets discarded" },
{ CountType::SUM, "discards_skipped", "tcp packet discards skipped due to normalization disabled" },
- { CountType::SUM, "invalid_seq_num", "tcp packets received with an invalid sequence number" },
+ { CountType::SUM, "invalid_seq_left",
+ "tcp packets received that fall to the left of the current TCP window (spurious retransmits)" },
+ { CountType::SUM, "invalid_seq_right",
+ "tcp packets received that fall to the right of the current TCP window" },
{ CountType::SUM, "invalid_ack", "tcp packets received with an invalid ack number" },
{ CountType::SUM, "no_flags_set", "tcp packets received with no TCP flags set" },
{ CountType::SUM, "events", "events generated" },
PegCount resyns;
PegCount discards;
PegCount discards_skipped;
- PegCount invalid_seq_num;
+ PegCount invalid_seq_left;
+ PegCount invalid_seq_right;
PegCount invalid_ack;
PegCount no_flags_set;
PegCount events;
TcpNormalizerState& tns, TcpSegmentDescriptor& tsd, uint32_t seq, bool stream_is_inorder)
{
// drop packet if sequence num is invalid
- if ( !tns.tracker->is_segment_seq_valid(tsd) )
+ ValidSeqStatus invalid_seq = tns.tracker->is_segment_seq_valid(tsd);
+ if (invalid_seq)
{
- if ( is_keep_alive_probe(tns, tsd) )
- return NORM_BAD_SEQ;
-
bool inline_mode = tsd.is_nap_policy_inline();
- tcpStats.invalid_seq_num++;
- log_drop_reason(tns, tsd, inline_mode, "stream", "Normalizer: Sequence number is invalid\n");
+ switch (invalid_seq)
+ {
+ case ValidSeqStatus::LEFT_INVALID:
+ if (is_keep_alive_probe(tns, tsd))
+ return NORM_BAD_SEQ;
+
+ tcpStats.invalid_seq_left++;
+ log_drop_reason(tns, tsd, inline_mode, "stream", "Normalizer: Received a Spurious Retransmission\n");
+ break;
+
+ case ValidSeqStatus::RIGHT_INVALID:
+ tcpStats.invalid_seq_right++;
+ log_drop_reason(tns, tsd, inline_mode, "stream", "Normalizer: Received a packet to the right of the allowed TCP window \n");
+ break;
+
+ default:
+ break;
+ }
+ if (PacketTracer::is_active())
+ PacketTracer::log("Current TCP window : [ %u - %u ]\n"
+ , tns.tracker->r_win_base, tns.tracker->r_win_base + tns.tracker->get_snd_wnd());
+ tns.tracker->seglist.print_stream_state(tsd.get_talker());
trim_win_payload(tns, tsd, 0, inline_mode);
return NORM_BAD_SEQ;
}
if ( !data_inside_window(tns, tsd) )
{
log_drop_reason(tns, tsd, inline_mode, "stream", "Normalizer: Data is outside the TCP Window\n");
+ if (PacketTracer::is_active())
+ PacketTracer::log("Current TCP window : [ %u - %u ]\n"
+ , tns.tracker->r_win_base, tns.tracker->r_win_base + tns.tracker->get_snd_wnd());
+ tns.tracker->seglist.print_stream_state(tsd.get_talker());
trim_win_payload(tns, tsd, 0, inline_mode);
return NORM_TRIMMED;
}
}
log_drop_reason(tns, tsd, inline_mode, "stream",
- "Normalizer: Received data during a Zero Window that is not a Zero Window Probe\n");
+ "Normalizer: Received seq during a Zero Window that is not a Zero Window Probe ("
+ + std::to_string(tns.tracker->rcv_nxt) + ")\n");
+ tns.tracker->seglist.print_stream_state(tsd.get_talker());
trim_win_payload(tns, tsd, 0, inline_mode);
return NORM_TRIMMED;
}
bool TcpReassemblySegments::segment_within_seglist_window(TcpSegmentDescriptor& tsd)
{
- if ( !head )
- return true;
-
- // Left side
+ assert (head);
uint32_t start;
+
if ( SEQ_LT(seglist_base_seq, head->start_seq()) )
start = seglist_base_seq;
else
bool TcpSession::check_reassembly_queue_thresholds(TcpSegmentDescriptor& tsd, TcpStreamTracker* listener)
{
- // if this packet fits within the current queue limit window then it's good
- if ( listener->seglist.segment_within_seglist_window(tsd) )
+ if ( !listener->seglist.head )
return false;
bool inline_mode = tsd.is_nap_policy_inline();
if ( space_left < (int32_t)tsd.get_len() )
{
+ // if this packet fits within the current queue limit window then it's good
+ if ( listener->seglist.segment_within_seglist_window(tsd) )
+ return false;
+
tcpStats.exceeded_max_bytes++;
if ( is_hole_present(listener, tsd.get_pkt()) )
tcpStats.max_bytes_exceeded_hole++;
- bool ret_val = true;
-
// if this is an asymmetric flow then skip over any seglist holes
// and flush to free up seglist space
if ( !tsd.get_pkt()->flow->two_way_traffic() )
return false;
}
+ bool ret_val = true;
+
if ( space_left > 0 )
ret_val = !inline_mode; // For partial trim, reassemble only if we can force an inject
else
{
if ( listener->seglist.get_seg_count() + 1 > tcp_config->max_queued_segs )
{
+ // if this packet fits within the current queue limit window then it's good
+ if ( listener->seglist.segment_within_seglist_window(tsd) )
+ return false;
+
tcpStats.exceeded_max_segs++;
if ( is_hole_present(listener, tsd.get_pkt()) )
return true;
}
-bool TcpStreamTracker::is_segment_seq_valid(TcpSegmentDescriptor& tsd)
+ValidSeqStatus TcpStreamTracker::is_segment_seq_valid(TcpSegmentDescriptor& tsd)
{
- bool valid_seq = true;
+ ValidSeqStatus valid_seq = ValidSeqStatus::VALID;
int right_ok;
uint32_t left_seq;
uint32_t win = normalizer.get_stream_window(tsd);
if ( SEQ_LEQ(tsd.get_seq(), r_win_base + win) )
- return true;
+ return ValidSeqStatus::VALID;
else
- valid_seq = false;
+ valid_seq = ValidSeqStatus::RIGHT_INVALID;
}
else
- valid_seq = false;
+ valid_seq = ValidSeqStatus::LEFT_INVALID;
return valid_seq;
}
class TcpSession;
enum FinSeqNumStatus : uint8_t { FIN_NOT_SEEN, FIN_WITH_SEQ_SEEN, FIN_WITH_SEQ_ACKED };
+enum ValidSeqStatus : uint8_t { VALID, LEFT_INVALID, RIGHT_INVALID };
class TcpStreamTracker
{
void update_on_rst_sent();
bool update_on_fin_recv(TcpSegmentDescriptor&);
bool update_on_fin_sent(TcpSegmentDescriptor&);
- bool is_segment_seq_valid(TcpSegmentDescriptor&);
+ ValidSeqStatus is_segment_seq_valid(TcpSegmentDescriptor&);
bool set_held_packet(snort::Packet*);
bool is_retransmit_of_held_packet(snort::Packet*);
void finalize_held_packet(snort::Packet*);
projects / thirdparty / snort3.git / commitdiff
