From: Victor Julien Date: Sun, 19 Feb 2017 11:32:23 +0000 (+0100) Subject: flow/stream: reduce/disable pseudo packet injections X-Git-Tag: suricata-4.0.0-beta1~169 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=149e3240602e070d88c833088a5bf045d3b349a3;p=thirdparty%2Fsuricata.git flow/stream: reduce/disable pseudo packet injections At flow timeout, we no longer need to first run reassembly in one dir, then inspection in the other. We can do both in single packet now. Disable pseudo packets when receiving stream end packets. Instead call the app-layer parser in the packet direction for stream end packets and flow end packets. These changes in handling of those stream end packets make the pseudo packets unnecessary. --- diff --git a/src/app-layer.c b/src/app-layer.c index 2bb7dc7d8b..00b36e343e 100644 --- a/src/app-layer.c +++ b/src/app-layer.c @@ -294,7 +294,7 @@ static int TCPProtoDetectTriggerOpposingSide(ThreadVars *tv, ret = -1; else ret = StreamTcpReassembleAppLayer(tv, ra_ctx, ssn, - opposing_stream, p); + opposing_stream, p, UPDATE_DIR_OPPOSING); // TODO see if we can simplify this if (stream == &ssn->client) { if (StreamTcpInlineMode()) { p->flowflags &= ~FLOW_PKT_TOCLIENT; diff --git a/src/flow-timeout.c b/src/flow-timeout.c index 7daf316b52..d7ccf8cf82 100644 --- a/src/flow-timeout.c +++ b/src/flow-timeout.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2012 Open Information Security Foundation +/* Copyright (C) 2007-2017 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -311,11 +311,8 @@ int FlowForceReassemblyNeedReassembly(Flow *f, int *server, int *client) * inspected the app layer state yet */ if (ssn->state >= TCP_ESTABLISHED && ssn->state != TCP_CLOSED) { - if (*client != STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) - *client = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION; - - if (*server != STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) - *server = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION; + *client = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION; + *server = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION; } /* if app layer still needs some love, push through */ @@ -327,14 +324,12 @@ int FlowForceReassemblyNeedReassembly(Flow *f, int *server, int *client) if (AppLayerParserGetTransactionActive(f->proto, f->alproto, f->alparser, STREAM_TOCLIENT) < total_txs) { - if (*server != STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) - *server = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION; + *server = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION; } if (AppLayerParserGetTransactionActive(f->proto, f->alproto, f->alparser, STREAM_TOSERVER) < total_txs) { - if (*client != STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) - *client = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION; + *client = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION; } } @@ -361,7 +356,7 @@ int FlowForceReassemblyNeedReassembly(Flow *f, int *server, int *client) */ int FlowForceReassemblyForFlow(Flow *f, int server, int client) { - Packet *p1 = NULL, *p2 = NULL, *p3 = NULL; + Packet *p1 = NULL, *p2 = NULL; TcpSession *ssn; /* looks like we have no flows in this queue */ @@ -384,49 +379,14 @@ int FlowForceReassemblyForFlow(Flow *f, int server, int client) * toclient which is now dummy since all we need it for is detection */ /* insert a pseudo packet in the toserver direction */ - if (client == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) { - p1 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 0); + if (client == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION) { + p1 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 1); if (p1 == NULL) { goto done; } PKT_SET_SRC(p1, PKT_SRC_FFR); - if (server == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) { - p2 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 0); - if (p2 == NULL) { - FlowDeReference(&p1->flow); - TmqhOutputPacketpool(NULL, p1); - goto done; - } - PKT_SET_SRC(p2, PKT_SRC_FFR); - - p3 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1); - if (p3 == NULL) { - FlowDeReference(&p1->flow); - TmqhOutputPacketpool(NULL, p1); - FlowDeReference(&p2->flow); - TmqhOutputPacketpool(NULL, p2); - goto done; - } - PKT_SET_SRC(p3, PKT_SRC_FFR); - } else { - p2 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 1); - if (p2 == NULL) { - FlowDeReference(&p1->flow); - TmqhOutputPacketpool(NULL, p1); - goto done; - } - PKT_SET_SRC(p2, PKT_SRC_FFR); - } - - } else if (client == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION) { - if (server == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) { - p1 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 0); - if (p1 == NULL) { - goto done; - } - PKT_SET_SRC(p1, PKT_SRC_FFR); - + if (server == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION) { p2 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1); if (p2 == NULL) { FlowDeReference(&p1->flow); @@ -434,40 +394,9 @@ int FlowForceReassemblyForFlow(Flow *f, int server, int client) goto done; } PKT_SET_SRC(p2, PKT_SRC_FFR); - } else { - p1 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 1); - if (p1 == NULL) { - goto done; - } - PKT_SET_SRC(p1, PKT_SRC_FFR); - - if (server == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION) { - p2 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1); - if (p2 == NULL) { - FlowDeReference(&p1->flow); - TmqhOutputPacketpool(NULL, p1); - goto done; - } - PKT_SET_SRC(p2, PKT_SRC_FFR); - } } - } else { - if (server == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) { - p1 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 0); - if (p1 == NULL) { - goto done; - } - PKT_SET_SRC(p1, PKT_SRC_FFR); - - p2 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1); - if (p2 == NULL) { - FlowDeReference(&p1->flow); - TmqhOutputPacketpool(NULL, p1); - goto done; - } - PKT_SET_SRC(p2, PKT_SRC_FFR); - } else if (server == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION) { + if (server == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION) { p1 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1); if (p1 == NULL) { goto done; @@ -481,7 +410,7 @@ int FlowForceReassemblyForFlow(Flow *f, int server, int client) /* inject the packet(s) into the appropriate thread */ int thread_id = (int)f->thread_id; - Packet *packets[4] = { p1, p2 ? p2 : p3, p2 ? p3 : NULL, NULL }; /**< null terminated array of packets */ + Packet *packets[3] = { p1, p2 ? p2 : NULL, NULL }; /**< null terminated array of packets */ if (unlikely(!(TmThreadsInjectPacketsById(packets, thread_id)))) { FlowDeReference(&p1->flow); TmqhOutputPacketpool(NULL, p1); @@ -489,10 +418,6 @@ int FlowForceReassemblyForFlow(Flow *f, int server, int client) FlowDeReference(&p2->flow); TmqhOutputPacketpool(NULL, p2); } - if (p3) { - FlowDeReference(&p3->flow); - TmqhOutputPacketpool(NULL, p3); - } } /* done, in case of error (no packet) we still tag flow as complete diff --git a/src/flow-worker.c b/src/flow-worker.c index 8e2effcc1e..e0935cc35e 100644 --- a/src/flow-worker.c +++ b/src/flow-worker.c @@ -198,7 +198,7 @@ TmEcode FlowWorker(ThreadVars *tv, Packet *p, void *data, PacketQueue *preq, Pac /* handle TCP and app layer */ if (PKT_IS_TCP(p)) { - SCLogDebug("packet %"PRIu64" is TCP", p->pcap_cnt); + SCLogDebug("packet %"PRIu64" is TCP. Direction %s", p->pcap_cnt, PKT_IS_TOSERVER(p) ? "TOSERVER" : "TOCLIENT"); DEBUG_ASSERT_FLOW_LOCKED(p->flow); /* if detect is disabled, we need to apply file flags to the flow diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c index 39e9ea9ea5..4a79f84b37 100644 --- a/src/stream-tcp-reassemble.c +++ b/src/stream-tcp-reassemble.c @@ -660,7 +660,7 @@ int StreamTcpReassembleHandleSegmentHandleData(ThreadVars *tv, TcpReassemblyThre } static uint8_t StreamGetAppLayerFlags(TcpSession *ssn, TcpStream *stream, - Packet *p) + Packet *p, enum StreamUpdateDir dir) { uint8_t flag = 0; @@ -675,7 +675,7 @@ static uint8_t StreamGetAppLayerFlags(TcpSession *ssn, TcpStream *stream, flag |= STREAM_EOF; } - if (StreamTcpInlineMode() == 0) { + if (dir == UPDATE_DIR_OPPOSING) { if (p->flowflags & FLOW_PKT_TOSERVER) { flag |= STREAM_TOCLIENT; } else { @@ -723,7 +723,7 @@ static int StreamTcpReassembleRawCheckLimit(const TcpSession *ssn, } /* some states mean we reassemble no matter how much data we have */ - if (ssn->state >= TCP_TIME_WAIT) + if (ssn->state > TCP_TIME_WAIT) SCReturnInt(1); if (p->flags & PKT_PSEUDO_STREAM_END) @@ -822,14 +822,14 @@ int StreamNeedsReassembly(TcpSession *ssn, int direction) if (use_raw) { if (right_edge > STREAM_RAW_PROGRESS(stream)) { - SCLogDebug("%s: STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY", dirstr); - return STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY; + SCLogDebug("%s: STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION", dirstr); + return STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION; } } if (use_app) { if (right_edge > STREAM_APP_PROGRESS(stream)) { - SCLogDebug("%s: STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY", dirstr); - return STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY; + SCLogDebug("%s: STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION", dirstr); + return STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION; } } } else { @@ -920,7 +920,7 @@ static void GetAppBuffer(TcpStream *stream, const uint8_t **data, uint32_t *data static int ReassembleUpdateAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpSession *ssn, TcpStream *stream, - Packet *p) + Packet *p, enum StreamUpdateDir dir) { const uint64_t app_progress = STREAM_APP_PROGRESS(stream); uint64_t last_ack_abs = 0; /* absolute right edge of ack'd data */ @@ -958,7 +958,7 @@ static int ReassembleUpdateAppLayer (ThreadVars *tv, /* update the app-layer */ int r = AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, (uint8_t *)mydata, mydata_len, - StreamGetAppLayerFlags(ssn, stream, p)); + StreamGetAppLayerFlags(ssn, stream, p, dir)); /* see if we can update the progress */ if (r == 0 && StreamTcpIsSetStreamFlagAppProtoDetectionCompleted(stream)) { @@ -977,22 +977,20 @@ static int ReassembleUpdateAppLayer (ThreadVars *tv, } /** - * \brief Update the stream reassembly upon receiving an ACK packet. + * \brief Update the stream reassembly upon receiving a packet. * - * Stream is in the opposite direction of the packet, as the ACK-packet - * is ACK'ing the stream. + * For IDS mode, the stream is in the opposite direction of the packet, + * as the ACK-packet is ACK'ing the stream. * * One of the utilities call by this function AppLayerHandleTCPData(), * has a feature where it will call this very same function for the * stream opposing the stream it is called with. This shouldn't cause * any issues, since processing of each stream is independent of the * other stream. - * - * \todo this function is too long, we need to break it up. It needs it BAD */ int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpSession *ssn, TcpStream *stream, - Packet *p) + Packet *p, enum StreamUpdateDir dir) { SCEnter(); @@ -1038,7 +1036,7 @@ int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, SCLogDebug("sending GAP to app-layer"); AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, NULL, 0, - StreamGetAppLayerFlags(ssn, stream, p)|STREAM_GAP); + StreamGetAppLayerFlags(ssn, stream, p, dir)|STREAM_GAP); AppLayerProfilingStore(ra_ctx->app_tctx, p); /* set a GAP flag and make sure not bothering this stream anymore */ @@ -1065,7 +1063,7 @@ int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, /* send EOF to app layer */ AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream, NULL, 0, - StreamGetAppLayerFlags(ssn, stream, p)); + StreamGetAppLayerFlags(ssn, stream, p, dir)); AppLayerProfilingStore(ra_ctx->app_tctx, p); SCReturnInt(0); @@ -1083,9 +1081,7 @@ int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, } /* with all that out of the way, lets update the app-layer */ - ReassembleUpdateAppLayer(tv, ra_ctx, ssn, stream, p); - - SCReturnInt(0); + return ReassembleUpdateAppLayer(tv, ra_ctx, ssn, stream, p, dir); } /** \internal @@ -1172,15 +1168,9 @@ bool StreamReassembleRawHasDataReady(TcpSession *ssn, Packet *p) stream = &ssn->server; } - uint64_t progress = STREAM_RAW_PROGRESS(stream); if (StreamTcpInlineMode() == FALSE) { if (StreamTcpReassembleRawCheckLimit(ssn, stream, p) == 1) { - uint32_t delta = stream->last_ack - stream->base_seq; - /* get max absolute offset */ - uint64_t last_ack_abs = STREAM_BASE_OFFSET(stream) + delta; - if (last_ack_abs > progress) { - return true; - } + return true; } } else { if (p->payload_len > 0 && (p->flags & PKT_STREAM_ADD)) { @@ -1390,18 +1380,15 @@ end: * * \retval r 0 on success, -1 on error */ -int StreamTcpReassembleHandleSegmentUpdateACK (ThreadVars *tv, +static int StreamTcpReassembleHandleSegmentUpdateACK (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpSession *ssn, TcpStream *stream, Packet *p) { SCEnter(); - SCLogDebug("stream->seg_list %p", stream->seg_list); int r = 0; - if (!(StreamTcpInlineMode())) { - if (StreamTcpReassembleAppLayer(tv, ra_ctx, ssn, stream, p) < 0) - r = -1; - } + if (StreamTcpReassembleAppLayer(tv, ra_ctx, ssn, stream, p, UPDATE_DIR_OPPOSING) < 0) + r = -1; SCLogDebug("stream->seg_list %p", stream->seg_list); SCReturnInt(r); @@ -1424,15 +1411,28 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ opposing_stream = &ssn->client; } + /* default IDS: update opposing side (triggered by ACK) */ + enum StreamUpdateDir dir = UPDATE_DIR_OPPOSING; + /* inline and stream end and flow timeout packets trigger same dir handling */ + if (StreamTcpInlineMode()) { + dir = UPDATE_DIR_PACKET; + } else if (p->flags & PKT_PSEUDO_STREAM_END) { + dir = UPDATE_DIR_PACKET; + } else if (p->tcph && (p->tcph->th_flags & TH_RST)) { // accepted rst + dir = UPDATE_DIR_PACKET; + } else if (p->tcph && (p->tcph->th_flags & TH_FIN) && ssn->state > TCP_TIME_WAIT) { + dir = UPDATE_DIR_PACKET; + } + /* handle ack received */ - if (StreamTcpReassembleHandleSegmentUpdateACK(tv, ra_ctx, ssn, opposing_stream, p) != 0) + if (dir == UPDATE_DIR_OPPOSING && + StreamTcpReassembleHandleSegmentUpdateACK(tv, ra_ctx, ssn, opposing_stream, p) != 0) { SCLogDebug("StreamTcpReassembleHandleSegmentUpdateACK error"); SCReturnInt(-1); } - /* If no stream reassembly/application layer protocol inspection, then - simple return */ + /* if this segment contains data, insert it */ if (p->payload_len > 0 && !(stream->flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) { SCLogDebug("calling StreamTcpReassembleHandleSegmentHandleData"); @@ -1446,12 +1446,11 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ /* in stream inline mode even if we have no data we call the reassembly * functions to handle EOF */ - if (StreamTcpInlineMode()) { - int r = 0; - if (StreamTcpReassembleAppLayer(tv, ra_ctx, ssn, stream, p) < 0) - r = -1; - - if (r < 0) { + if (dir == UPDATE_DIR_PACKET) { + SCLogDebug("inline (%s) or PKT_PSEUDO_STREAM_END (%s)", + StreamTcpInlineMode()?"true":"false", + (p->flags & PKT_PSEUDO_STREAM_END) ?"true":"false"); + if (StreamTcpReassembleAppLayer(tv, ra_ctx, ssn, stream, p, dir) < 0) { SCReturnInt(-1); } } @@ -3185,7 +3184,7 @@ static int StreamTcpReassembleInlineTest10(void) } ssn.server.next_seq = 4; - int r = StreamTcpReassembleAppLayer(&tv, ra_ctx, &ssn, &ssn.server, p); + int r = StreamTcpReassembleAppLayer(&tv, ra_ctx, &ssn, &ssn.server, p, UPDATE_DIR_PACKET); if (r < 0) { printf("StreamTcpReassembleAppLayer failed: "); goto end; @@ -3207,17 +3206,13 @@ static int StreamTcpReassembleInlineTest10(void) } ssn.server.next_seq = 19; - r = StreamTcpReassembleAppLayer(&tv, ra_ctx, &ssn, &ssn.server, p); + r = StreamTcpReassembleAppLayer(&tv, ra_ctx, &ssn, &ssn.server, p, UPDATE_DIR_PACKET); if (r < 0) { printf("StreamTcpReassembleAppLayer failed: "); goto end; } - if (STREAM_APP_PROGRESS(&ssn.server) != 17) { - printf("expected ssn.server.app_progress == 17got %"PRIu64": ", - STREAM_APP_PROGRESS(&ssn.server)); - goto end; - } + FAIL_IF_NOT(STREAM_APP_PROGRESS(&ssn.server) == 17); ret = 1; end: diff --git a/src/stream-tcp-reassemble.h b/src/stream-tcp-reassemble.h index d8aaad15f0..99c25b68c7 100644 --- a/src/stream-tcp-reassemble.h +++ b/src/stream-tcp-reassemble.h @@ -51,6 +51,11 @@ enum OS_POLICY_LAST }; +enum StreamUpdateDir { + UPDATE_DIR_PACKET, + UPDATE_DIR_OPPOSING, +}; + typedef struct TcpReassemblyThreadCtx_ { void *app_tctx; @@ -84,7 +89,7 @@ TcpReassemblyThreadCtx *StreamTcpReassembleInitThreadCtx(ThreadVars *tv); void StreamTcpReassembleFreeThreadCtx(TcpReassemblyThreadCtx *); int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpSession *ssn, TcpStream *stream, - Packet *p); + Packet *p, enum StreamUpdateDir dir); void StreamTcpCreateTestPacket(uint8_t *, uint8_t, uint8_t, uint8_t); diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 82cfcfd10d..120fa2369d 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -2286,9 +2286,6 @@ static int StreamTcpPacketStateEstablished(ThreadVars *tv, Packet *p, if (!StreamTcpValidateRst(ssn, p)) return -1; - /* force both streams to reassemble, if necessary */ - StreamTcpPseudoPacketCreateStreamEndPacket(tv, stt, p, ssn, pq); - if (PKT_IS_TOSERVER(p)) { StreamTcpPacketSetState(p, ssn, TCP_CLOSED); SCLogDebug("ssn %p: Reset received and state changed to " @@ -2619,9 +2616,6 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, if (!StreamTcpValidateRst(ssn, p)) return -1; - /* force both streams to reassemble, if necessary */ - StreamTcpPseudoPacketCreateStreamEndPacket(tv, stt, p, ssn, pq); - StreamTcpPacketSetState(p, ssn, TCP_CLOSED); SCLogDebug("ssn %p: Reset received state changed to TCP_CLOSED", ssn); @@ -3075,9 +3069,6 @@ static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p, if (!StreamTcpValidateRst(ssn, p)) return -1; - /* force both streams to reassemble, if necessary */ - StreamTcpPseudoPacketCreateStreamEndPacket(tv, stt, p, ssn, pq); - StreamTcpPacketSetState(p, ssn, TCP_CLOSED); SCLogDebug("ssn %p: Reset received state changed to TCP_CLOSED", ssn); @@ -3383,9 +3374,6 @@ static int StreamTcpPacketStateClosing(ThreadVars *tv, Packet *p, if (!StreamTcpValidateRst(ssn, p)) return -1; - /* force both streams to reassemble, if necessary */ - StreamTcpPseudoPacketCreateStreamEndPacket(tv, stt, p, ssn, pq); - StreamTcpPacketSetState(p, ssn, TCP_CLOSED); SCLogDebug("ssn %p: Reset received state changed to TCP_CLOSED", ssn); @@ -3565,9 +3553,6 @@ static int StreamTcpPacketStateCloseWait(ThreadVars *tv, Packet *p, if (!StreamTcpValidateRst(ssn, p)) return -1; - /* force both streams to reassemble, if necessary */ - StreamTcpPseudoPacketCreateStreamEndPacket(tv, stt, p, ssn, pq); - StreamTcpPacketSetState(p, ssn, TCP_CLOSED); SCLogDebug("ssn %p: Reset received state changed to TCP_CLOSED", ssn); @@ -3858,9 +3843,6 @@ static int StreamTcpPacketStateLastAck(ThreadVars *tv, Packet *p, if (!StreamTcpValidateRst(ssn, p)) return -1; - /* force both streams to reassemble, if necessary */ - StreamTcpPseudoPacketCreateStreamEndPacket(tv, stt, p, ssn, pq); - StreamTcpPacketSetState(p, ssn, TCP_CLOSED); SCLogDebug("ssn %p: Reset received state changed to TCP_CLOSED", ssn); @@ -3985,9 +3967,6 @@ static int StreamTcpPacketStateTimeWait(ThreadVars *tv, Packet *p, if (!StreamTcpValidateRst(ssn, p)) return -1; - /* force both streams to reassemble, if necessary */ - StreamTcpPseudoPacketCreateStreamEndPacket(tv, stt, p, ssn, pq); - StreamTcpPacketSetState(p, ssn, TCP_CLOSED); SCLogDebug("ssn %p: Reset received state changed to TCP_CLOSED", ssn); @@ -4082,8 +4061,6 @@ static int StreamTcpPacketStateTimeWait(ThreadVars *tv, Packet *p, SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK " "%" PRIu32 "", ssn, ssn->client.next_seq, ssn->server.last_ack); - - StreamTcpPseudoPacketCreateStreamEndPacket(tv, stt, p, ssn, pq); } else { SCLogDebug("ssn %p: pkt (%" PRIu32 ") is to client: SEQ " "%" PRIu32 ", ACK %" PRIu32 "", ssn, p->payload_len, @@ -4134,8 +4111,6 @@ static int StreamTcpPacketStateTimeWait(ThreadVars *tv, Packet *p, SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK " "%" PRIu32 "", ssn, ssn->server.next_seq, ssn->client.last_ack); - - StreamTcpPseudoPacketCreateStreamEndPacket(tv, stt, p, ssn, pq); } } else { diff --git a/src/stream-tcp.h b/src/stream-tcp.h index a04857515e..d4dcf183f0 100644 --- a/src/stream-tcp.h +++ b/src/stream-tcp.h @@ -181,11 +181,9 @@ static inline void StreamTcpPacketSwitchDir(TcpSession *ssn, Packet *p) enum { /* stream has no segments for forced reassembly, nor for detection */ STREAM_HAS_UNPROCESSED_SEGMENTS_NONE = 0, - /* stream seems to have segments that need to be forced reassembled */ - STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY = 1, /* stream has no segments for forced reassembly, but only segments that * have been sent for detection, but are stuck in the detection queues */ - STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION = 2, + STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION = 1, }; TmEcode StreamTcp (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);