]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0ebb845)
frames: do not rely on FRAME_STREAM_ID
authorPhilippe Antoine <pantoine@oisf.net>
Wed, 14 Aug 2024 14:17:36 +0000 (16:17 +0200)
committerVictor Julien <victor@inliniac.net>
Wed, 11 Sep 2024 07:53:02 +0000 (09:53 +0200)
As it is not always the first frame to be created :
if it is not enabled, it does not get created, and other enabled
frames may be created first. see use of FrameConfigTypeIsEnabled

This resulted that this other frame got its length updated
on stream end, which led to false positives.

Resorting on FRAME_STREAM_TYPE is more consistent.

Ticket: 7213

src/app-layer-frames.h patch | blob | blame | history
src/app-layer-parser.c patch | blob | blame | history

diff --git a/src/app-layer-frames.h b/src/app-layer-frames.h
index 2eb314331674a24039ce4998162fb4e387780f01..f49bead57b41ae9fd0f2f53b34820c2be800b5bf 100644 (file)
--- a/src/app-layer-frames.h
+++ b/src/app-layer-frames.h
@@ -28,8 +28,6 @@
 
 /** max 63 to fit the 64 bit per protocol space */
 #define FRAME_STREAM_TYPE 63
-/** always the first frame to be created. TODO but what about protocol upgrades? */
-#define FRAME_STREAM_ID 1
 
 typedef int64_t FrameId;
 
diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index bb1666a28c2ed6182b0734ed48eaeb61b21ecb80..bcf2e392f5f88480fc9a4fcaf56ab3bd7588b3f4 100644 (file)
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -1210,7 +1210,7 @@ static void HandleStreamFrames(Flow *f, StreamSlice stream_slice, const uint8_t
     if (((direction == 0 && (pstate->flags & APP_LAYER_PARSER_SFRAME_TS) == 0) ||
                 (direction == 1 && (pstate->flags & APP_LAYER_PARSER_SFRAME_TC) == 0)) &&
             input != NULL && f->proto == IPPROTO_TCP) {
-        Frame *frame = AppLayerFrameGetById(f, direction, FRAME_STREAM_ID);
+        Frame *frame = AppLayerFrameGetLastOpenByType(f, direction, FRAME_STREAM_TYPE);
         if (frame == NULL) {
             int64_t frame_len = -1;
             if (flags & STREAM_EOF)
@@ -1231,7 +1231,7 @@ static void HandleStreamFrames(Flow *f, StreamSlice stream_slice, const uint8_t
             }
         }
     } else if (flags & STREAM_EOF) {
-        Frame *frame = AppLayerFrameGetById(f, direction, FRAME_STREAM_ID);
+        Frame *frame = AppLayerFrameGetLastOpenByType(f, direction, FRAME_STREAM_TYPE);
         SCLogDebug("EOF closing: frame %p", frame);
         if (frame) {
             /* calculate final frame length */
Mirror of https://github.com/OISF/suricata.git