if ( !tns.tracker->is_segment_seq_valid(tsd) )
{
tcpStats.invalid_seq_num++;
+ log_drop_reason(tns, tsd, false, "normalizer", "Normalizer: Sequence number is invalid\n");
trim_win_payload(tns, tsd);
return NORM_BAD_SEQ;
}
// trim to fit in listener's window and mss
+ log_drop_reason(tns, tsd, false, "normalizer", "Normalizer: Trimming payload to fit window size\n");
trim_win_payload(tns, tsd,
(tns.tracker->r_win_base + tns.tracker->get_snd_wnd() - tns.tracker->rcv_nxt));
if ( stream_is_inorder )
{
+ bool inline_mode = tsd.is_nap_policy_inline();
+
if ( get_stream_window(tns, tsd) == 0 )
{
if ( !data_inside_window(tns, tsd) )
{
- trim_win_payload(tns, tsd, 0, tsd.is_nap_policy_inline());
+ log_drop_reason(tns, tsd, inline_mode, "normalizer", "Normalizer: Data is outside the TCP Window\n");
+ trim_win_payload(tns, tsd, 0, inline_mode);
return NORM_TRIMMED;
}
{
tcpStats.zero_win_probes++;
set_zwp_seq(tns, seq);
- trim_win_payload(tns, tsd, MAX_ZERO_WIN_PROBE_LEN, tsd.is_nap_policy_inline());
+ log_drop_reason(tns, tsd, inline_mode, "normalizer",
+ "Normalizer: Maximum Zero Window Probe length supported at a time is 1 byte\n");
+ trim_win_payload(tns, tsd, MAX_ZERO_WIN_PROBE_LEN, inline_mode);
}
}
}
else if ( get_stream_window(tns, tsd) == 0 )
{
+ bool inline_mode = tsd.is_nap_policy_inline();
+
if ( SEQ_EQ(seq, get_zwp_seq(tns)) )
{
tcpStats.zero_win_probes++;
- trim_win_payload(tns, tsd, MAX_ZERO_WIN_PROBE_LEN, tsd.is_nap_policy_inline());
+ trim_win_payload(tns, tsd, MAX_ZERO_WIN_PROBE_LEN, inline_mode);
+ log_drop_reason(tns, tsd, inline_mode, "normalizer", "Normalizer: Maximum Zero Window Probe length supported at a time is 1 byte\n");
return NORM_TRIMMED;
}
- trim_win_payload(tns, tsd, 0, tsd.is_nap_policy_inline());
+ log_drop_reason(tns, tsd, inline_mode, "normalizer", "Normalizer: Received data during a Zero Window that is not a Zero Window Probe\n");
+ trim_win_payload(tns, tsd, 0, inline_mode);
return NORM_TRIMMED;
}
bool TcpNormalizer::trim_syn_payload(
TcpNormalizerState& tns, TcpSegmentDescriptor& tsd, uint32_t max)
{
- if (tsd.get_len() > max)
+ uint32_t len = tsd.get_len();
+
+ if (len > max)
+ {
+ if ( PacketTracer::is_active() && (NormMode)tns.trim_syn == NORM_MODE_ON )
+ PacketTracer::log("Normalizer: Trimming payload of SYN packet with length (%u) to a maximum value of %u\n", len, max);
+
return trim_payload(tns, tsd, max, (NormMode)tns.trim_syn, PC_TCP_TRIM_SYN);
+ }
return false;
}
void TcpNormalizer::trim_rst_payload(
TcpNormalizerState& tns, TcpSegmentDescriptor& tsd, uint32_t max)
{
- if (tsd.get_len() > max)
+ uint32_t len = tsd.get_len();
+
+ if (len > max)
+ {
+ if ( PacketTracer::is_active() && (NormMode)tns.trim_rst == NORM_MODE_ON )
+ PacketTracer::log("Normalizer: Trimming payload of RST packet with length (%u) to a maximum value of %u\n", len, max);
+
trim_payload(tns, tsd, max, (NormMode)tns.trim_rst, PC_TCP_TRIM_RST);
+ }
}
void TcpNormalizer::trim_win_payload(
TcpNormalizerState& tns, TcpSegmentDescriptor& tsd, uint32_t max, bool force)
{
- if (tsd.get_len() > max)
+ uint32_t len = tsd.get_len();
+
+ if (len > max)
+ {
+ if ( PacketTracer::is_active() && (force || (NormMode)tns.trim_win == NORM_MODE_ON) )
+ PacketTracer::log("Normalizer: Trimming payload with length (%u) to a maximum value of %u\n", len, max);
+
trim_payload(tns, tsd, max, (NormMode)tns.trim_win, PC_TCP_TRIM_WIN, force);
+ }
}
void TcpNormalizer::trim_mss_payload(
TcpNormalizerState& tns, TcpSegmentDescriptor& tsd, uint32_t max)
{
- if (tsd.get_len() > max)
+ uint32_t len = tsd.get_len();
+
+ if (len > max)
+ {
+ if ( PacketTracer::is_active() && (NormMode)tns.trim_mss == NORM_MODE_ON )
+ PacketTracer::log("Normalizer: Trimming payload with length (%u) to fit MSS size (%u)\n", len, max);
+
trim_payload(tns, tsd, max, (NormMode)tns.trim_mss, PC_TCP_TRIM_MSS);
+ }
}
void TcpNormalizer::ecn_tracker(
tns.zwp_seq = seq;
}
+void TcpNormalizer::log_drop_reason(TcpNormalizerState& tns, const TcpSegmentDescriptor& tsd, bool force, const char *issuer, const std::string& log)
+{
+ if ( force || (NormMode)tns.trim_win == NORM_MODE_ON )
+ {
+ tsd.get_pkt()->active->set_drop_reason(issuer);
+ if (PacketTracer::is_active())
+ PacketTracer::log("%s", log.c_str());
+ }
+}
+
uint16_t TcpNormalizer::set_urg_offset(
TcpNormalizerState&, const tcp::TCPHdr* tcph, uint16_t dsize)
{
if ( inline_mode || listener->normalizer.get_trim_win() == NORM_MODE_ON)
{
- tsd.get_pkt()->active->set_drop_reason("stream");
tel.set_tcp_event(EVENT_MAX_QUEUED_BYTES_EXCEEDED);
- if (PacketTracer::is_active())
- PacketTracer::log("Stream: Flow exceeded the configured max byte threshold (%u)\n", tcp_config->max_queued_bytes);
+ listener->normalizer.log_drop_reason(tsd, inline_mode, "stream",
+ "Stream: Flow exceeded the configured max byte threshold (" + std::to_string(tcp_config->max_queued_bytes) +
+ "). You may want to adjust the 'max_bytes' parameter in the NAP policy"
+ " to a higher value, or '0' for unlimited.\n");
}
listener->normalizer.trim_win_payload(tsd, space_left, inline_mode);
if ( inline_mode || listener->normalizer.get_trim_win() == NORM_MODE_ON)
{
- tsd.get_pkt()->active->set_drop_reason("stream");
tel.set_tcp_event(EVENT_MAX_QUEUED_SEGS_EXCEEDED);
- if (PacketTracer::is_active())
- PacketTracer::log("Stream: Flow exceeded the configured max segment threshold (%u)\n", tcp_config->max_queued_segs);
+ listener->normalizer.log_drop_reason(tsd, inline_mode, "stream",
+ "Stream: Flow exceeded the configured max segment threshold (" + std::to_string(tcp_config->max_queued_segs) +
+ "). You may want to adjust the 'max_segments' parameter in the NAP policy"
+ " to a higher value, or '0' for unlimited.\n");
}
listener->normalizer.trim_win_payload(tsd, 0, inline_mode);
void TcpSession::mark_packet_for_drop(TcpSegmentDescriptor& tsd)
{
-
tsd.get_listener()->normalizer.packet_dropper(tsd, NORM_TCP_BLOCK);
set_pkt_action_flag(ACTION_BAD_PKT);
}
projects / thirdparty / snort3.git / commitdiff
