From: Masud Hasan (mashasan) <mashasan@cisco.com>
Date: Thu, 3 Mar 2022 15:07:43 +0000 (+0000)
Subject: Pull request #3294: stream_tcp: Clarify small segments help text and remove usage... 
X-Git-Tag: 3.1.25.0~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3a91ca9955877960dee0506553f92843eae45432;p=thirdparty%2Fsnort3.git

Pull request #3294: stream_tcp: Clarify small segments help text and remove usage from lua

Merge in SNORT/snort3 from ~MASHASAN/snort3:small_segs to master

Squashed commit of the following:

commit 52982070e9dd55f4b2e5dcd01031b1311087e412
Author: Masud Hasan <mashasan@cisco.com>
Date:   Wed Mar 2 10:44:58 2022 -0500

    stream_tcp: Clarify small segments help text and remove usage from lua
---

diff --git a/doc/reference/builtin_stubs.txt b/doc/reference/builtin_stubs.txt
index b3ba748aa..08b27fd4e 100644
--- a/doc/reference/builtin_stubs.txt
+++ b/doc/reference/builtin_stubs.txt
@@ -1828,8 +1828,7 @@ Received TCP data with no TCP flags set.
 
 129:12
 
-Consecutive TCP small segments exceed the configured threshold. The size required to be a small segment can
-be configured via stream_tcp.small_segments.maximum_size, and the maximum number of these small segments can be configured
+Consecutive (in the order of received packets, not the order of sequence numbers) TCP small segments exceed the configured threshold. The size required to be a small segment can be configured via stream_tcp.small_segments.maximum_size, and the maximum number of these small segments can be configured
 with int stream_tcp.small_segments.count.
 
 129:13
diff --git a/lua/max_detect.lua b/lua/max_detect.lua
index 418f45519..7e6ff3a20 100644
--- a/lua/max_detect.lua
+++ b/lua/max_detect.lua
@@ -43,12 +43,6 @@ smtp.decompress_zip = true
 
 stream_ip.min_frag_length = 100
 
-stream_tcp.small_segments =
-{
-    count = 3,
-    maximum_size = 150,
-}
-
 telnet.check_encrypted = true
 telnet.normalize = true
 
diff --git a/lua/security.lua b/lua/security.lua
index c2613d94f..c4d7b3c3c 100644
--- a/lua/security.lua
+++ b/lua/security.lua
@@ -33,12 +33,6 @@ smtp.decompress_zip = true
 
 stream_ip.min_frag_length = 100
 
-stream_tcp.small_segments =
-{
-    count = 3,
-    maximum_size = 150,
-}
-
 telnet.check_encrypted = true
 telnet.normalize = true
 
diff --git a/src/stream/tcp/tcp_module.cc b/src/stream/tcp/tcp_module.cc
index 4de1e87f2..e7919c857 100644
--- a/src/stream/tcp/tcp_module.cc
+++ b/src/stream/tcp/tcp_module.cc
@@ -164,7 +164,7 @@ THREAD_LOCAL TcpStats tcpStats;
 static const Parameter stream_tcp_small_params[] =
 {
     { "count", Parameter::PT_INT, "0:2048", "0",
-      "number of consecutive TCP small segments considered to be excessive (129:12)" },
+      "number of consecutive (in the received order) TCP small segments considered to be excessive (129:12)" },
 
     { "maximum_size", Parameter::PT_INT, "0:2048", "0",
       "minimum bytes for a TCP segment not to be considered small (129:12)" },