defrag: remove fragments that have complete overlap

Instead of just marking fragments that have been completely
overlapped and won't be part of the assembled packet, remove
them from the fragment tree when detected.

diff --git a/src/defrag.c b/src/defrag.c
index cb9fee2dceb6bcaa10931582b909c04cbeb8c696..317e3dcba011c9b9600911291a9ebaa02593276c 100644 (file)
--- a/src/defrag.c
+++ b/src/defrag.c
@@ -298,7 +298,7 @@ Defrag4Reassemble(ThreadVars *tv, DefragTracker *tracker, Packet *p)
 
         if (frag->skip)
             continue;
-        if (frag->data_len - frag->ltrim <= 0)
+        if (frag->ltrim >= frag->data_len)
             continue;
         if (frag->offset == 0) {
 
@@ -779,10 +779,23 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragTracker *tracker,
             if (next != NULL) {
                 next = IP_FRAGMENTS_RB_NEXT(next);
             }
+            continue;
+
+        insert:
+            /* If existing fragment has been trimmed up completely
+             * (complete overlap), remove it now instead of holding
+             * onto it. */
+            if (prev->skip || prev->ltrim >= prev->data_len) {
+                RB_REMOVE(IP_FRAGMENTS, &tracker->fragment_tree, prev);
+                DefragFragReset(prev);
+                SCMutexLock(&defrag_context->frag_pool_lock);
+                PoolReturn(defrag_context->frag_pool, prev);
+                SCMutexUnlock(&defrag_context->frag_pool_lock);
+            }
+            break;
         }
     }
 
-insert:
     if (ltrim > data_len) {
         /* Full packet has been trimmed due to the overlap policy. Overlap
          * already set. */