ssn->pstate = ssn->state;
ssn->state = state;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_STATE_UPDATE);
/* update the flow state */
switch(ssn->state) {
* \brief check if packet is before ack'd windows
* If packet is before last ack, we will not accept it
*/
-static bool StreamTcpPacketIsSpuriousRetransmission(TcpSession *ssn, Packet *p)
+static bool StreamTcpPacketIsSpuriousRetransmission(const TcpSession *ssn, Packet *p)
{
- TcpStream *stream;
+ const TcpStream *stream;
if (PKT_IS_TOCLIENT(p)) {
stream = &ssn->server;
} else {
SCLogDebug("ssn %p: spurious retransmission; packet entirely before last_ack: SEQ %u(%u) "
"last_ack %u",
ssn, TCP_GET_SEQ(p), TCP_GET_SEQ(p) + p->payload_len, stream->last_ack);
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_SPURIOUS_RETRANSMISSION);
return true;
}
SCLogDebug("ssn %p: NOT spurious retransmission; packet NOT entirely before last_ack: SEQ "
if (StreamTcpPacketIsRetransmission(&ssn->client, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
} else if (SEQ_LT(TCP_GET_SEQ(p), ssn->client.next_seq - 1) ||
SEQ_GT(TCP_GET_SEQ(p), (ssn->client.last_ack + ssn->client.window))) {
if (StreamTcpPacketIsRetransmission(&ssn->server, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
+
} else if (SEQ_EQ(ssn->server.next_seq - 1, TCP_GET_SEQ(p)) &&
SEQ_EQ(ssn->client.last_ack, TCP_GET_ACK(p))) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
} else if (SEQ_LT(TCP_GET_SEQ(p), ssn->server.next_seq - 1) ||
SEQ_GT(TCP_GET_SEQ(p), (ssn->server.last_ack + ssn->server.window))) {
if (StreamTcpPacketIsRetransmission(&ssn->client, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
} else if (SEQ_LT(TCP_GET_SEQ(p), ssn->client.next_seq - 1) ||
SEQ_GT(TCP_GET_SEQ(p), (ssn->client.last_ack + ssn->client.window))) {
if (StreamTcpPacketIsRetransmission(&ssn->server, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
} else if (SEQ_LT(TCP_GET_SEQ(p), ssn->server.next_seq - 1) ||
SEQ_GT(TCP_GET_SEQ(p), (ssn->server.last_ack + ssn->server.window))) {
if (StreamTcpPacketIsRetransmission(&ssn->client, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
}
if (StreamTcpValidateAck(ssn, &ssn->server, p) == -1) {
if (StreamTcpPacketIsRetransmission(&ssn->server, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
}
if (StreamTcpValidateAck(ssn, &ssn->client, p) == -1) {
SEQ_EQ(TCP_GET_ACK(p), ssn->server.last_ack)) {
SCLogDebug("ssn %p: retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
} else if (StreamTcpPacketIsRetransmission(&ssn->client, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
} else if (SEQ_LT(TCP_GET_SEQ(p), ssn->client.next_seq) ||
SEQ_GT(TCP_GET_SEQ(p), (ssn->client.last_ack + ssn->client.window)))
SEQ_EQ(TCP_GET_ACK(p), ssn->client.last_ack)) {
SCLogDebug("ssn %p: retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
} else if (StreamTcpPacketIsRetransmission(&ssn->server, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
} else if (SEQ_LT(TCP_GET_SEQ(p), ssn->server.next_seq) ||
SEQ_GT(TCP_GET_SEQ(p), (ssn->server.last_ack + ssn->server.window)))
if (StreamTcpPacketIsRetransmission(&ssn->client, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
}
if (StreamTcpValidateAck(ssn, &ssn->server, p) == -1) {
if (StreamTcpPacketIsRetransmission(&ssn->server, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
}
if (StreamTcpValidateAck(ssn, &ssn->client, p) == -1) {
if (StreamTcpPacketIsRetransmission(&ssn->client, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
}
if (TCP_GET_SEQ(p) != ssn->client.next_seq) {
if (StreamTcpPacketIsRetransmission(&ssn->server, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
}
if (TCP_GET_SEQ(p) != ssn->server.next_seq) {
if (StreamTcpPacketIsRetransmission(&ssn->client, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
}
if (!retransmission) {
if (StreamTcpPacketIsRetransmission(&ssn->server, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
}
if (!retransmission) {
if (StreamTcpPacketIsRetransmission(&ssn->client, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
}
if (p->payload_len > 0 && (SEQ_LEQ((TCP_GET_SEQ(p) + p->payload_len), ssn->client.last_ack))) {
if (StreamTcpPacketIsRetransmission(&ssn->server, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
}
if (p->payload_len > 0 && (SEQ_LEQ((TCP_GET_SEQ(p) + p->payload_len), ssn->server.last_ack))) {
if (StreamTcpPacketIsRetransmission(&ssn->client, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
}
if (StreamTcpValidateAck(ssn, &ssn->server, p) == -1) {
if (StreamTcpPacketIsRetransmission(&ssn->client, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
} else if (TCP_GET_SEQ(p) != ssn->client.next_seq && TCP_GET_SEQ(p) != ssn->client.next_seq+1) {
SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 ""
if (StreamTcpPacketIsRetransmission(&ssn->server, p)) {
SCLogDebug("ssn %p: packet is retransmission", ssn);
retransmission = 1;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_RETRANSMISSION);
} else if (TCP_GET_SEQ(p) != ssn->server.next_seq - 1 &&
TCP_GET_SEQ(p) != ssn->server.next_seq) {
if (p->payload_len > 0 && TCP_GET_SEQ(p) == ssn->server.last_ack) {
if (ack == ostream->last_ack && seq == (stream->next_seq - 1)) {
SCLogDebug("packet is TCP keep-alive: %"PRIu64, p->pcap_cnt);
stream->flags |= STREAMTCP_STREAM_FLAG_KEEPALIVE;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_KEEPALIVE);
return 1;
}
SCLogDebug("seq %u (%u), ack %u (%u)", seq, (stream->next_seq - 1), ack, ostream->last_ack);
if ((ostream->flags & STREAMTCP_STREAM_FLAG_KEEPALIVE) && ack == ostream->last_ack && seq == stream->next_seq) {
SCLogDebug("packet is TCP keep-aliveACK: %"PRIu64, p->pcap_cnt);
ostream->flags &= ~STREAMTCP_STREAM_FLAG_KEEPALIVE;
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_KEEPALIVEACK);
return 1;
}
SCLogDebug("seq %u (%u), ack %u (%u) FLAG_KEEPALIVE: %s", seq, stream->next_seq, ack, ostream->last_ack,
if (ack == ostream->last_ack && seq == stream->next_seq) {
SCLogDebug("packet is TCP window update: %"PRIu64, p->pcap_cnt);
+ STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_WINDOWUPDATE);
return 1;
}
SCLogDebug("seq %u (%u), ack %u (%u)", seq, stream->next_seq, ack, ostream->last_ack);
projects / thirdparty / suricata.git / commitdiff
