]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f1e19b5)
app-layer: fix gap handling in protocol detection
authorVictor Julien <victor@inliniac.net>
Sun, 26 Feb 2017 18:56:38 +0000 (19:56 +0100)
committerVictor Julien <victor@inliniac.net>
Sat, 25 Mar 2017 08:12:56 +0000 (09:12 +0100)
A GAP during protocol detection would lead to all reassembly
getting disabled, so also the raw reassembly. In addition, it
could prevent the opposing side from doing protocol detection.

This patch remove the 'disable reassembly' logic. Stream engine
will take the stream with GAP and app-layer will make the proto
detection as complete.

src/app-layer.c patch | blob | blame | history
src/stream-tcp-reassemble.c patch | blob | blame | history

diff --git a/src/app-layer.c b/src/app-layer.c
index 471f358b5d5b3cca1c8519e25c1354392ebfe3dc..8cbb86838d59905af1186d4f8f2275bbdb8b0925 100644 (file)
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -560,7 +560,6 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
 
     AppLayerThreadCtx *app_tctx = ra_ctx->app_tctx;
     AppProto alproto;
-    uint8_t dir;
     int r = 0;
 
     SCLogDebug("data_len %u flags %02X", data_len, flags);
@@ -571,10 +570,8 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
 
     if (flags & STREAM_TOSERVER) {
         alproto = f->alproto_ts;
-        dir = 0;
     } else {
         alproto = f->alproto_tc;
-        dir = 1;
     }
 
     /* if we don't know the proto yet and we have received a stream
@@ -583,7 +580,6 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
      * only run the proto detection once. */
     if (alproto == ALPROTO_UNKNOWN && (flags & STREAM_GAP)) {
         StreamTcpSetStreamFlagAppProtoDetectionCompleted(stream);
-        StreamTcpSetSessionNoReassemblyFlag(ssn, dir);
         SCLogDebug("ALPROTO_UNKNOWN flow %p, due to GAP in stream start", f);
 
     } else if (alproto == ALPROTO_UNKNOWN && (flags & STREAM_START)) {
diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index a3896435ae67e4c829da23504211d04be127a545..9632c116bd99511fd406a928ff03a17c9c9749ec 100644 (file)
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -2903,7 +2903,7 @@ int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
 
     /* this function can be directly called by app layer protocol
      * detection. */
-    if (stream->flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) {
+    if (stream->flags & (STREAMTCP_STREAM_FLAG_NOREASSEMBLY|STREAMTCP_STREAM_FLAG_GAP)) {
         SCLogDebug("stream no reassembly flag set.  Mostly called via "
                    "app proto detection.");
         SCReturnInt(0);
Mirror of https://github.com/OISF/suricata.git