app-layer: change logic of setting 'no reassembly'

Instead of killing all reassembly instantly do things slightly more
gracefully:
1. disable app-layer reassembly immediately
2. flag raw reassembly not to accept new data

This will allow the current data to be inspected still.

After detect as run the raw reassembly will be fully disabled and
thus all reassembly will be as well.

diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c
index c12eee7359b38fa293383f583d7f5eba42fdbb5d..a87e08e9217cf597705d053fa9f594d3ca5ed93a 100644 (file)
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -1892,8 +1892,8 @@ static int SMTPParserTest01(void)
 
     if (!(f.flags & FLOW_NOPAYLOAD_INSPECTION) ||
         !(ssn.flags & STREAMTCP_FLAG_APP_LAYER_DISABLED) ||
-        !(((TcpSession *)f.protoctx)->server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) ||
-        !(((TcpSession *)f.protoctx)->client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) {
+        !(((TcpSession *)f.protoctx)->server.flags & STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED) ||
+        !(((TcpSession *)f.protoctx)->client.flags & STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED)) {
         goto end;
     }
 

diff --git a/src/stream-tcp-list.c b/src/stream-tcp-list.c
index 4d2f56160e07b8511e3322cfbc249352f244bc76..fbd697d8719e6d14a8f7bd1dbc584731a1da51ef 100644 (file)
--- a/src/stream-tcp-list.c
+++ b/src/stream-tcp-list.c
@@ -748,6 +748,12 @@ void StreamTcpPruneSession(Flow *f, uint8_t flags)
         stream->flags |= STREAMTCP_STREAM_FLAG_NOREASSEMBLY;
         SCLogDebug("ssn %p: reassembly depth reached, "
                  "STREAMTCP_STREAM_FLAG_NOREASSEMBLY set", ssn);
+    } else if ((ssn->flags & STREAMTCP_FLAG_APP_LAYER_DISABLED) &&
+        (stream->flags & STREAMTCP_STREAM_FLAG_DISABLE_RAW))
+    {
+        SCLogDebug("ssn %p: both app and raw are done, "
+                 "STREAMTCP_STREAM_FLAG_NOREASSEMBLY set", ssn);
+        stream->flags |= STREAMTCP_STREAM_FLAG_NOREASSEMBLY;
     }
 
     uint64_t left_edge = GetLeftEdge(ssn, stream);

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 94d8335d3c31ec289da3cb048c70d5206b58a065..6559024200ca7e13cd45b8cd66f2b3c234e78d5a 100644 (file)
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -1244,6 +1244,9 @@ bool StreamReassembleRawHasDataReady(TcpSession *ssn, Packet *p)
  *   2. progress is 0, meaning the detect engine didn't touch
  *      raw at all. In this case we need to look into progressing
  *      raw anyway.
+ *
+ *  Additionally, this function is tasked with disabling raw
+ *  reassembly if the app-layer requested to disable it.
  */
 void StreamReassembleRawUpdateProgress(TcpSession *ssn, Packet *p, uint64_t progress)
 {
@@ -1302,6 +1305,8 @@ void StreamReassembleRawUpdateProgress(TcpSession *ssn, Packet *p, uint64_t prog
                 (uint)STREAM_RAW_PROGRESS(stream), (uint)stream->window);
     }
 
+    /* if we were told to accept no more raw data, we can mark raw as
+     * disabled now. */
     if (stream->flags & STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED) {
         stream->flags |= STREAMTCP_STREAM_FLAG_DISABLE_RAW;
         SCLogDebug("ssn %p: STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED set, "

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 5ecb702c0f2663e7abd670cecedaefa11b8a9ec0..56e7809ada8ea4f785d22708ceff950592a52842 100644 (file)
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -5510,16 +5510,22 @@ invalid:
     SCReturnInt(-1);
 }
 
-/** \brief  Set the No reassembly flag for the given direction in given TCP
- *          session.
+/** \brief disable reassembly
+
+ *  Disable app layer and set raw inspect to no longer accept new data.
+ *  Stream engine will then fully disable raw after last inspection.
  *
  * \param ssn TCP Session to set the flag in
  * \param direction direction to set the flag in: 0 toserver, 1 toclient
  */
 void StreamTcpSetSessionNoReassemblyFlag (TcpSession *ssn, char direction)
 {
-    direction ? (ssn->server.flags |= STREAMTCP_STREAM_FLAG_NOREASSEMBLY) :
-                (ssn->client.flags |= STREAMTCP_STREAM_FLAG_NOREASSEMBLY);
+    ssn->flags |= STREAMTCP_FLAG_APP_LAYER_DISABLED;
+    if (direction) {
+        ssn->server.flags |= STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED;
+    } else {
+        ssn->client.flags |= STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED;
+    }
 }
 
 /** \brief  Set the No reassembly flag for the given direction in given TCP