From: Masud Hasan (mashasan) Date: Tue, 10 Nov 2020 13:54:36 +0000 (+0000) Subject: Merge pull request #2598 in SNORT/snort3 from ~DAVMCPHE/snort3:stream_meta-ack_tweaks... X-Git-Tag: 3.0.3-5~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=18868bdab050315234ca951276867352d0d03481;p=thirdparty%2Fsnort3.git Merge pull request #2598 in SNORT/snort3 from ~DAVMCPHE/snort3:stream_meta-ack_tweaks to master Squashed commit of the following: commit 66fac93883643ab1106370c80dbe6c83920f431d Author: davis mcpherson Date: Wed Nov 4 12:45:37 2020 -0500 stream_tcp: remove redundant/unneeded asserts that check if tcp event is for a meta-ack psuedo-packet --- diff --git a/src/stream/tcp/tcp_segment_descriptor.cc b/src/stream/tcp/tcp_segment_descriptor.cc index 125b32c8e..8b0ee0b66 100644 --- a/src/stream/tcp/tcp_segment_descriptor.cc +++ b/src/stream/tcp/tcp_segment_descriptor.cc @@ -155,8 +155,6 @@ bool TcpSegmentDescriptor::has_wscale() void TcpSegmentDescriptor::set_retransmit_flag() { - assert(!meta_ack_packet); - if ( PacketTracer::is_active() ) { PacketTracer::log("Packet was retransmitted and %s from the retry queue.\n", diff --git a/src/stream/tcp/tcp_segment_descriptor.h b/src/stream/tcp/tcp_segment_descriptor.h index 222558bbb..4a1909724 100644 --- a/src/stream/tcp/tcp_segment_descriptor.h +++ b/src/stream/tcp/tcp_segment_descriptor.h @@ -109,20 +109,11 @@ public: { return pkt->dsize; } void set_len(uint16_t seg_len) - { - assert(!meta_ack_packet); - pkt->dsize = seg_len; - } + { pkt->dsize = seg_len; } bool is_data_segment() const { return pkt->dsize > 0; } - void update_len(int32_t offset) - { - assert(!meta_ack_packet); - pkt->dsize += offset; - } - bool is_packet_from_client() const { return packet_from_client; } @@ -131,17 +122,13 @@ public: void slide_segment_in_rcv_window(int32_t offset) { - assert(!meta_ack_packet); seq += offset; pkt->data += offset; pkt->dsize -= offset; } void set_packet_flags(uint32_t flags) const - { - assert(!meta_ack_packet); - pkt->packet_flags |= flags; - } + { pkt->packet_flags |= flags; } bool are_packet_flags_set(uint32_t flags) const { return (pkt->packet_flags & flags) == flags; } @@ -163,7 +150,6 @@ public: void rewrite_payload(uint16_t offset, uint8_t* from, uint16_t length) { - assert(!meta_ack_packet); memcpy(const_cast(pkt->data + offset), from, length); set_packet_flags(PKT_MODIFIED); } diff --git a/src/stream/tcp/tcp_state_listen.cc b/src/stream/tcp/tcp_state_listen.cc index dfd52b483..0f9f3dd42 100644 --- a/src/stream/tcp/tcp_state_listen.cc +++ b/src/stream/tcp/tcp_state_listen.cc @@ -37,7 +37,7 @@ TcpStateListen::TcpStateListen(TcpStateMachine& tsm) : bool TcpStateListen::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( trk.session->tcp_config->require_3whs() || tsd.has_wscale() || ( tsd.is_data_segment() ) ) + if ( trk.session->tcp_config->require_3whs() || tsd.has_wscale() || tsd.is_data_segment() ) { if ( tsd.is_packet_from_server() ) trk.session->tel.set_tcp_event(EVENT_4WHS); @@ -93,7 +93,7 @@ bool TcpStateListen::syn_ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& t bool TcpStateListen::ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { if ( trk.session->tcp_config->midstream_allowed(tsd.get_pkt()) - && (tsd.has_wscale() || (tsd.is_data_segment() )) ) + && (tsd.has_wscale() || tsd.is_data_segment()) ) { Flow* flow = tsd.get_flow(); flow->session_state |= ( STREAM_STATE_ACK | STREAM_STATE_SYN_ACK | @@ -113,7 +113,7 @@ bool TcpStateListen::ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) bool TcpStateListen::ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( trk.session->is_midstream_allowed(tsd) && (tsd.has_wscale() || (tsd.is_data_segment() )) ) + if ( trk.session->is_midstream_allowed(tsd) && (tsd.has_wscale() || tsd.is_data_segment()) ) { Flow* flow = tsd.get_flow(); diff --git a/src/stream/tcp/tcp_state_none.cc b/src/stream/tcp/tcp_state_none.cc index fa27ecf69..95a63cde3 100644 --- a/src/stream/tcp/tcp_state_none.cc +++ b/src/stream/tcp/tcp_state_none.cc @@ -88,7 +88,7 @@ bool TcpStateNone::syn_ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk bool TcpStateNone::ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( trk.session->is_midstream_allowed(tsd) && (tsd.has_wscale() || (tsd.is_data_segment())) ) + if ( trk.session->is_midstream_allowed(tsd) && (tsd.has_wscale() || tsd.is_data_segment()) ) { Flow* flow = tsd.get_flow(); @@ -108,7 +108,7 @@ bool TcpStateNone::ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) bool TcpStateNone::ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( trk.session->is_midstream_allowed(tsd) && (tsd.has_wscale() || (tsd.is_data_segment())) ) + if ( trk.session->is_midstream_allowed(tsd) && (tsd.has_wscale() || tsd.is_data_segment()) ) { Flow* flow = tsd.get_flow(); diff --git a/src/stream/tcp/tcp_state_syn_recv.cc b/src/stream/tcp/tcp_state_syn_recv.cc index 2e6a19e84..bab35624b 100644 --- a/src/stream/tcp/tcp_state_syn_recv.cc +++ b/src/stream/tcp/tcp_state_syn_recv.cc @@ -33,8 +33,7 @@ using namespace snort; TcpStateSynRecv::TcpStateSynRecv(TcpStateMachine& tsm) : TcpStateHandler(TcpStreamTracker::TCP_SYN_RECV, tsm) -{ -} +{ } bool TcpStateSynRecv::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { @@ -52,6 +51,7 @@ bool TcpStateSynRecv::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) flow->set_session_flags(SSNFLAG_SEEN_SERVER); trk.session->tel.set_tcp_event(EVENT_4WHS); } + return true; } @@ -59,6 +59,7 @@ bool TcpStateSynRecv::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { if ( tsd.is_data_segment() ) trk.session->handle_data_on_syn(tsd); + return true; } @@ -69,6 +70,7 @@ bool TcpStateSynRecv::syn_ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk.finish_server_init(tsd); trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); flow->session_state |= STREAM_STATE_SYN_ACK; + return true; } @@ -87,21 +89,21 @@ bool TcpStateSynRecv::syn_ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& if ( tsd.is_data_segment() ) trk.session->handle_data_on_syn(tsd); } + return true; } bool TcpStateSynRecv::ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { if ( trk.session->tcp_config->midstream_allowed(tsd.get_pkt()) ) - { - trk.session->update_session_on_ack( ); - } + trk.session->update_session_on_ack(); + return true; } bool TcpStateSynRecv::ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( trk.is_ack_valid(tsd.get_ack()) ) + if ( !tsd.is_meta_ack_packet() && trk.is_ack_valid(tsd.get_ack()) ) { Flow* flow = tsd.get_flow(); @@ -117,6 +119,7 @@ bool TcpStateSynRecv::ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) else trk.session->check_for_window_slam(tsd); } + return true; } @@ -125,6 +128,7 @@ bool TcpStateSynRecv::data_seg_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk.update_tracker_ack_sent(tsd); if ( trk.session->no_ack_mode_enabled() ) trk.update_tracker_no_ack_recv(tsd); + return true; } @@ -140,6 +144,7 @@ bool TcpStateSynRecv::data_seg_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& } if ( tsd.is_data_segment() ) trk.session->handle_data_segment(tsd); + return true; } @@ -161,6 +166,7 @@ bool TcpStateSynRecv::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) trk.set_tcp_state(TcpStreamTracker::TCP_CLOSE_WAIT); } } + return true; } @@ -182,6 +188,7 @@ bool TcpStateSynRecv::rst_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) // FIXIT-L might be good to create alert specific to RST with data if ( tsd.is_data_segment() ) trk.session->tel.set_tcp_event(EVENT_DATA_AFTER_RST_RCVD); + return true; } diff --git a/src/stream/tcp/tcp_state_syn_sent.cc b/src/stream/tcp/tcp_state_syn_sent.cc index deb555d99..ad37f36e6 100644 --- a/src/stream/tcp/tcp_state_syn_sent.cc +++ b/src/stream/tcp/tcp_state_syn_sent.cc @@ -36,6 +36,7 @@ TcpStateSynSent::TcpStateSynSent(TcpStateMachine& tsm) : bool TcpStateSynSent::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { trk.session->check_for_repeated_syn(tsd); + return true; } @@ -45,6 +46,7 @@ bool TcpStateSynSent::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) if ( tsd.is_data_segment() ) trk.session->handle_data_on_syn(tsd); trk.set_tcp_state(TcpStreamTracker::TCP_SYN_RECV); + return true; } @@ -72,13 +74,15 @@ bool TcpStateSynSent::ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) trk.session->update_timestamp_tracking(tsd); trk.session->update_perf_base_state(TcpStreamTracker::TCP_ESTABLISHED); trk.set_tcp_state(TcpStreamTracker::TCP_ESTABLISHED); + return true; } bool TcpStateSynSent::ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( tsd.is_data_segment() ) + if ( !tsd.is_meta_ack_packet() && tsd.is_data_segment() ) trk.session->handle_data_segment(tsd); + return true; } @@ -92,12 +96,14 @@ bool TcpStateSynSent::data_seg_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk.session->update_timestamp_tracking(tsd); trk.session->update_perf_base_state(TcpStreamTracker::TCP_ESTABLISHED); trk.set_tcp_state(TcpStreamTracker::TCP_ESTABLISHED); + return true; } bool TcpStateSynSent::data_seg_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { trk.session->handle_data_segment(tsd); + return true; } @@ -105,6 +111,7 @@ bool TcpStateSynSent::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { if ( tsd.is_data_segment() ) trk.session->handle_data_segment(tsd); + return true; } @@ -122,6 +129,7 @@ bool TcpStateSynSent::rst_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) // FIXIT-L might be good to create alert specific to RST with data if ( tsd.is_data_segment() ) trk.session->tel.set_tcp_event(EVENT_DATA_AFTER_RST_RCVD); + return true; }