]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
flow/timeout: add frame awareness
authorVictor Julien <vjulien@oisf.net>
Fri, 6 Dec 2024 13:15:34 +0000 (14:15 +0100)
committerVictor Julien <vjulien@oisf.net>
Wed, 11 Dec 2024 08:34:19 +0000 (09:34 +0100)
If there are still frames in the flow, the detection and logging logic
needs to be able to evaluate them. To do this, make the flow timeout
logic aware of the frames. If frames still exist in a direction, trigger
a FFR packet to be created.

Ticket: #7440.

src/flow-timeout.c

index e08c5195377625b3166c0f9634603b14ca2197cd..afec5d3d81bea3b20b53423f86ee5824e968bf3c 100644 (file)
@@ -59,6 +59,7 @@
 #include "detect-engine-state.h"
 #include "stream.h"
 
+#include "app-layer-frames.h"
 #include "app-layer-parser.h"
 #include "app-layer.h"
 
@@ -287,7 +288,6 @@ Packet *FlowPseudoPacketGet(int direction, Flow *f, const TcpSession *ssn)
  */
 bool FlowNeedsReassembly(Flow *f)
 {
-
     if (f == NULL || f->protoctx == NULL) {
         return false;
     }
@@ -318,6 +318,15 @@ bool FlowNeedsReassembly(Flow *f)
         }
     }
 
+    /* if any frame is present we assume it still needs work */
+    FramesContainer *frames_container = AppLayerFramesGetContainer(f);
+    if (frames_container) {
+        if (frames_container->toserver.cnt)
+            client = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION;
+        if (frames_container->toclient.cnt)
+            server = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION;
+    }
+
     /* nothing to do */
     if (client == STREAM_HAS_UNPROCESSED_SEGMENTS_NONE &&
         server == STREAM_HAS_UNPROCESSED_SEGMENTS_NONE) {