From: Victor Julien <vjulien@oisf.net>
Date: Fri, 6 Jan 2023 18:51:53 +0000 (+0100)
Subject: stream: flow timeout improvement
X-Git-Tag: suricata-7.0.0-rc1~150
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1bb6f44ff01363fa29488f1ae83b9368e33c2770;p=thirdparty%2Fsuricata.git

stream: flow timeout improvement

Check continuous data for app-layer and post gap data as well for
stream inspection.
---

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index fa0636dd4d..6178181a3e 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -911,20 +911,24 @@ uint8_t StreamNeedsReassembly(const TcpSession *ssn, uint8_t direction)
         // raw is dead
         use_raw = 0;
     }
-
-    const uint64_t right_edge = StreamingBufferGetConsecutiveDataRightEdge(&stream->sb);
-    SCLogDebug("%s: app %"PRIu64" (use: %s), raw %"PRIu64" (use: %s). Stream right edge: %"PRIu64,
-            dirstr,
-            STREAM_APP_PROGRESS(stream), use_app ? "yes" : "no",
-            STREAM_RAW_PROGRESS(stream), use_raw ? "yes" : "no",
-            right_edge);
     if (use_raw) {
+        const uint64_t right_edge =
+                STREAM_BASE_OFFSET(stream) + stream->segs_right_edge - stream->base_seq;
+        SCLogDebug("%s: app %" PRIu64 " (use: %s), raw %" PRIu64
+                   " (use: %s). Stream right edge: %" PRIu64,
+                dirstr, STREAM_APP_PROGRESS(stream), use_app ? "yes" : "no",
+                STREAM_RAW_PROGRESS(stream), use_raw ? "yes" : "no", right_edge);
         if (right_edge > STREAM_RAW_PROGRESS(stream)) {
             SCLogDebug("%s: STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION", dirstr);
             return STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION;
         }
     }
     if (use_app) {
+        const uint64_t right_edge = StreamingBufferGetConsecutiveDataRightEdge(&stream->sb);
+        SCLogDebug("%s: app %" PRIu64 " (use: %s), raw %" PRIu64
+                   " (use: %s). Stream right edge: %" PRIu64,
+                dirstr, STREAM_APP_PROGRESS(stream), use_app ? "yes" : "no",
+                STREAM_RAW_PROGRESS(stream), use_raw ? "yes" : "no", right_edge);
         if (right_edge > STREAM_APP_PROGRESS(stream)) {
             SCLogDebug("%s: STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION", dirstr);
             return STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION;