From: Russ Combs (rucombs) Date: Tue, 3 Dec 2019 02:57:37 +0000 (+0000) Subject: Merge pull request #1841 in SNORT/snort3 from ~DAVMCPHE/snort3:stream_consolidate_sou... X-Git-Tag: 3.0.0-266~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=457261fd226102205a0628b189eb43c0df054e19;p=thirdparty%2Fsnort3.git Merge pull request #1841 in SNORT/snort3 from ~DAVMCPHE/snort3:stream_consolidate_source_files to master Squashed commit of the following: commit e50ee5a0450248a37a310b42f9be1e8868cacaa9 Author: davis mcpherson Date: Mon Nov 25 10:46:55 2019 -0500 stream_tcp: updates from PR review comments commit 88137cf6242a9378cf6351882f7631947bff9d84 Author: davis mcpherson Date: Mon Nov 11 08:58:57 2019 -0500 stream_tcp: move and update the libtcp source files to the tcp source directory to consolidate the stream tcp code into one component (libtcp goes away) --- diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 779aa3fd2..4c58fe463 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -161,7 +161,6 @@ add_executable( snort $ $ $ - $ $ $ $ diff --git a/src/service_inspectors/dce_rpc/dce_http_proxy.cc b/src/service_inspectors/dce_rpc/dce_http_proxy.cc index 6556e2bec..8e50ad5c5 100644 --- a/src/service_inspectors/dce_rpc/dce_http_proxy.cc +++ b/src/service_inspectors/dce_rpc/dce_http_proxy.cc @@ -26,7 +26,7 @@ #include "dce_http_proxy_module.h" #include "managers/inspector_manager.h" -#include "stream/libtcp/tcp_stream_session.h" +#include "stream/tcp/tcp_stream_session.h" #include "dce_http_proxy_splitter.h" diff --git a/src/service_inspectors/dce_rpc/dce_http_server.cc b/src/service_inspectors/dce_rpc/dce_http_server.cc index fc0bdf90b..1b3dc9f2a 100644 --- a/src/service_inspectors/dce_rpc/dce_http_server.cc +++ b/src/service_inspectors/dce_rpc/dce_http_server.cc @@ -26,7 +26,7 @@ #include "dce_http_server_module.h" #include "managers/inspector_manager.h" -#include "stream/libtcp/tcp_stream_session.h" +#include "stream/tcp/tcp_stream_session.h" #include "dce_http_server_splitter.h" diff --git a/src/stream/CMakeLists.txt b/src/stream/CMakeLists.txt index 19eb7f09e..b531c27b0 100644 --- a/src/stream/CMakeLists.txt +++ b/src/stream/CMakeLists.txt @@ -2,7 +2,6 @@ add_subdirectory(base) add_subdirectory(ip) add_subdirectory(icmp) -add_subdirectory(libtcp) add_subdirectory(tcp) add_subdirectory(udp) add_subdirectory(user) diff --git a/src/stream/libtcp/CMakeLists.txt b/src/stream/libtcp/CMakeLists.txt deleted file mode 100644 index e28affb23..000000000 --- a/src/stream/libtcp/CMakeLists.txt +++ /dev/null @@ -1,19 +0,0 @@ - -if ( ENABLE_UNIT_TESTS ) - set(TEST_FILES stream_tcp_unit_test.cc) -endif() - - -add_library( stream_libtcp OBJECT - tcp_segment_descriptor.cc - tcp_state_handler.cc - tcp_state_machine.cc - tcp_stream_session.cc - tcp_stream_tracker.cc - tcp_segment_descriptor.h - tcp_state_handler.h - tcp_state_machine.h - tcp_stream_session.h - tcp_stream_tracker.h - ${TEST_FILES} -) diff --git a/src/stream/libtcp/dev_notes.txt b/src/stream/libtcp/dev_notes.txt deleted file mode 100644 index 0a6ebc950..000000000 --- a/src/stream/libtcp/dev_notes.txt +++ /dev/null @@ -1,27 +0,0 @@ -This directory contains the implementation of common TCP session tracking functions. - -This TCP library module provides the following functions: - -* TCP Segment Descriptor - this class provides access to the various fields of the TCP - header and payload - -* TCP Stream Tracker - this class encapsulates all the state information required for - tracking one side of the TCP connection. For each flow that is tracked there will be - two instances of this tracker, one for each direction. - -* TCP State Handler - abstract class interface that defines a method for handling each - possible TCP event. For each TCP state a subclass of this class is created with a - state specific implementation for each event handling method. - -* TCP State Machine - this class is the engine that dispatches processing to the correct - event handling method of the handler for the current TCP state of the flow. - -Most of the TCP HA processing is contained in the ../tcp area and one needed to refer -to ../tcp/dev_notes.txt for a description. - -One HA state transition is implemented within this TCP library. In -TcpStreamSession::clear(), TcpHAManager::process_deletion() is invoked to -cause HA to generate a Deletion message for the target flow. This handles -the case where a TCP session is being removed from from the flow cache due -to a timeout or pruning function. Other normal TCP stream closure actions -are handled in the ../tcp/tcp_session.cc module. diff --git a/src/stream/stream.cc b/src/stream/stream.cc index 65abe6335..9926ed7aa 100644 --- a/src/stream/stream.cc +++ b/src/stream/stream.cc @@ -40,12 +40,7 @@ #include "utils/util.h" #include "tcp/tcp_session.h" -#include "libtcp/tcp_stream_session.h" - -#ifdef UNIT_TEST -#include "catch/snort_catch.h" -#include "libtcp/stream_tcp_unit_test.h" -#endif +#include "tcp/tcp_stream_session.h" using namespace snort; @@ -793,6 +788,9 @@ void Stream::set_no_ack_mode(Flow* flow, bool on_off) #ifdef UNIT_TEST +#include "catch/snort_catch.h" +#include "tcp/test/stream_tcp_test_utils.h" + TEST_CASE("Stream API", "[stream_api][stream]") { // initialization code here diff --git a/src/stream/tcp/CMakeLists.txt b/src/stream/tcp/CMakeLists.txt index ad4d30b31..38c630f8d 100644 --- a/src/stream/tcp/CMakeLists.txt +++ b/src/stream/tcp/CMakeLists.txt @@ -1,3 +1,7 @@ +if ( ENABLE_UNIT_TESTS ) + set(TEST_FILES test/stream_tcp_test_utils.cc) +endif() + add_library( stream_tcp OBJECT ips_stream_reassemble.cc ips_stream_size.cc @@ -5,53 +9,62 @@ add_library( stream_tcp OBJECT segment_overlap_editor.cc stream_tcp.cc stream_tcp.h + tcp_defs.h + tcp_event_logger.h + tcp_event_logger.cc tcp_ha.cc tcp_ha.h tcp_module.cc tcp_module.h - tcp_defs.h - tcp_event_logger.h - tcp_event_logger.cc - tcp_stream_config.h - tcp_stream_config.cc - tcp_normalizer.h tcp_normalizer.cc - tcp_normalizers.h + tcp_normalizer.h tcp_normalizers.cc - tcp_segment_node.h - tcp_segment_node.cc - tcp_reassembler.h + tcp_normalizers.h tcp_reassembler.cc - tcp_reassemblers.h + tcp_reassembler.h tcp_reassemblers.cc + tcp_reassemblers.h + tcp_segment_descriptor.cc + tcp_segment_descriptor.h + tcp_segment_node.cc + tcp_segment_node.h tcp_session.cc tcp_session.h tcp_state_closed.cc - tcp_state_close_wait.cc - tcp_state_closing.cc - tcp_state_established.cc - tcp_state_fin_wait1.cc - tcp_state_fin_wait2.cc - tcp_state_last_ack.cc - tcp_state_listen.cc - tcp_state_none.cc - tcp_state_syn_recv.cc - tcp_state_syn_sent.cc - tcp_state_time_wait.cc tcp_state_closed.h + tcp_state_close_wait.cc tcp_state_close_wait.h + tcp_state_closing.cc tcp_state_closing.h + tcp_state_established.cc tcp_state_established.h + tcp_state_fin_wait1.cc tcp_state_fin_wait1.h + tcp_state_fin_wait2.cc tcp_state_fin_wait2.h + tcp_state_handler.cc + tcp_state_handler.h + tcp_state_last_ack.cc tcp_state_last_ack.h + tcp_state_listen.cc tcp_state_listen.h + tcp_state_machine.cc + tcp_state_machine.h + tcp_state_none.cc tcp_state_none.h + tcp_state_syn_recv.cc tcp_state_syn_recv.h + tcp_state_syn_sent.cc tcp_state_syn_sent.h + tcp_state_time_wait.cc tcp_state_time_wait.h - tcp_stream_state_machine.cc - tcp_stream_state_machine.h + tcp_stream_config.cc + tcp_stream_config.h + tcp_stream_session.cc + tcp_stream_session.h + tcp_stream_tracker.cc + tcp_stream_tracker.h + ${TEST_FILES} ) add_subdirectory ( test ) diff --git a/src/stream/tcp/dev_notes.txt b/src/stream/tcp/dev_notes.txt index b4bc8bcad..3c0d0d90f 100644 --- a/src/stream/tcp/dev_notes.txt +++ b/src/stream/tcp/dev_notes.txt @@ -11,6 +11,20 @@ functions for loading stream TCP configuration and packet evaluation. The packet eval method is not used as the base Stream Inspector delegates packets directly to the TCP session packet processing method. +* TCP Segment Descriptor - this class provides access to the various fields of the TCP + header and payload + +* TCP Stream Tracker - this class encapsulates all the state information required for + tracking one side of the TCP connection. For each flow that is tracked there will be + two instances of this tracker, one for each direction. + +* TCP State Handler - abstract class interface that defines a method for handling each + possible TCP event. For each TCP state a subclass of this class is created with a + state specific implementation for each event handling method. + +* TCP State Machine - this class is the engine that dispatches processing to the correct + event handling method of the handler for the current TCP state of the flow. + The TCP session module implements the following functions: * TCP segment normalization. Variations in handling normalization are @@ -62,3 +76,10 @@ TcpHA::deactivate_session() is called from the stream & flow HA logic to place a session into standby mode. Upon receiving an HA Update message, the flow is first created if necessary, and is then placed into Standby state. deactivate_session() sets the TCP specific state for Standy mode. + +One HA state transition is implemented within this TCP library. In +TcpStreamSession::clear(), TcpHAManager::process_deletion() is invoked to +cause HA to generate a Deletion message for the target flow. This handles +the case where a TCP session is being removed from from the flow cache due +to a timeout or pruning function. Other normal TCP stream closure actions +are handled in the ../tcp/tcp_session.cc module. diff --git a/src/stream/tcp/ips_stream_reassemble.cc b/src/stream/tcp/ips_stream_reassemble.cc index 95f538f14..4b58613e3 100644 --- a/src/stream/tcp/ips_stream_reassemble.cc +++ b/src/stream/tcp/ips_stream_reassemble.cc @@ -30,11 +30,6 @@ #include "tcp_session.h" -#ifdef UNIT_TEST -#include "catch/snort_catch.h" -#include "stream/libtcp/stream_tcp_unit_test.h" -#endif - using namespace snort; //------------------------------------------------------------------------- @@ -288,7 +283,9 @@ const BaseApi* ips_stream_reassemble = &reassemble_api.base; #ifdef UNIT_TEST +#include "catch/snort_catch.h" #include "framework/cursor.h" +#include "test/stream_tcp_test_utils.h" // FIXIT-L these tests need some TLC TEST_CASE("IPS Stream Reassemble", "[ips_stream_reassemble][stream_tcp]") diff --git a/src/stream/tcp/stream_tcp.cc b/src/stream/tcp/stream_tcp.cc index 847b33ec5..11d6c7c71 100644 --- a/src/stream/tcp/stream_tcp.cc +++ b/src/stream/tcp/stream_tcp.cc @@ -27,7 +27,7 @@ #include "tcp_ha.h" #include "tcp_module.h" #include "tcp_session.h" -#include "tcp_stream_state_machine.h" +#include "tcp_state_machine.h" using namespace snort; @@ -110,10 +110,10 @@ static void tcp_dtor(Inspector* p) { delete p; } static void stream_tcp_pinit() -{ TcpStreamStateMachine::initialize(); } +{ TcpStateMachine::initialize(); } static void stream_tcp_pterm() -{ TcpStreamStateMachine::finalize(); } +{ TcpStateMachine::term(); } static Session* tcp_ssn(Flow* lws) { return new TcpSession(lws); } diff --git a/src/stream/tcp/tcp_normalizer.cc b/src/stream/tcp/tcp_normalizer.cc index 81cd8ed95..3da3d0902 100644 --- a/src/stream/tcp/tcp_normalizer.cc +++ b/src/stream/tcp/tcp_normalizer.cc @@ -25,11 +25,12 @@ #include "tcp_normalizer.h" -#include "stream/libtcp/tcp_stream_session.h" -#include "stream/libtcp/tcp_stream_tracker.h" - #include "packet_io/active.h" +#include "tcp_stream_session.h" +#include "tcp_stream_tracker.h" + + using namespace snort; THREAD_LOCAL PegCount tcp_norm_stats[PC_TCP_MAX][NORM_MODE_MAX]; diff --git a/src/stream/tcp/tcp_normalizers.cc b/src/stream/tcp/tcp_normalizers.cc index cf1946505..da98480b4 100644 --- a/src/stream/tcp/tcp_normalizers.cc +++ b/src/stream/tcp/tcp_normalizers.cc @@ -26,9 +26,9 @@ #include "tcp_normalizers.h" #include "tcp_module.h" -#include "stream/libtcp/tcp_segment_descriptor.h" -#include "stream/libtcp/tcp_stream_session.h" -#include "stream/libtcp/tcp_stream_tracker.h" +#include "tcp_segment_descriptor.h" +#include "tcp_stream_session.h" +#include "tcp_stream_tracker.h" using namespace snort; diff --git a/src/stream/tcp/tcp_reassemblers.cc b/src/stream/tcp/tcp_reassemblers.cc index cfb0aba7a..89033d66c 100644 --- a/src/stream/tcp/tcp_reassemblers.cc +++ b/src/stream/tcp/tcp_reassemblers.cc @@ -24,7 +24,7 @@ #endif #include "tcp_reassemblers.h" -#include "stream/libtcp/tcp_stream_tracker.h" +#include "tcp_stream_tracker.h" class TcpReassemblerFirst : public TcpReassembler { diff --git a/src/stream/libtcp/tcp_segment_descriptor.cc b/src/stream/tcp/tcp_segment_descriptor.cc similarity index 100% rename from src/stream/libtcp/tcp_segment_descriptor.cc rename to src/stream/tcp/tcp_segment_descriptor.cc diff --git a/src/stream/libtcp/tcp_segment_descriptor.h b/src/stream/tcp/tcp_segment_descriptor.h similarity index 100% rename from src/stream/libtcp/tcp_segment_descriptor.h rename to src/stream/tcp/tcp_segment_descriptor.h diff --git a/src/stream/tcp/tcp_segment_node.h b/src/stream/tcp/tcp_segment_node.h index bb4b47337..54d891bf8 100644 --- a/src/stream/tcp/tcp_segment_node.h +++ b/src/stream/tcp/tcp_segment_node.h @@ -23,8 +23,9 @@ #define TCP_SEGMENT_H #include "main/snort_debug.h" -#include "stream/libtcp/tcp_segment_descriptor.h" -#include "stream/tcp/tcp_defs.h" + +#include "tcp_segment_descriptor.h" +#include "tcp_defs.h" class TcpSegmentDescriptor; diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc index 474dea2ad..fbf912b63 100644 --- a/src/stream/tcp/tcp_session.cc +++ b/src/stream/tcp/tcp_session.cc @@ -62,7 +62,7 @@ #include "tcp_normalizers.h" #include "tcp_reassemblers.h" #include "tcp_segment_node.h" -#include "tcp_stream_state_machine.h" +#include "tcp_state_machine.h" using namespace snort; @@ -75,7 +75,7 @@ void TcpSession::sterm() TcpSession::TcpSession(Flow* flow) : TcpStreamSession(flow) { - tsm = TcpStreamStateMachine::get_instance(); + tsm = TcpStateMachine::get_instance(); splitter_init = false; client.session = this; diff --git a/src/stream/tcp/tcp_session.h b/src/stream/tcp/tcp_session.h index 56de3672c..502392082 100644 --- a/src/stream/tcp/tcp_session.h +++ b/src/stream/tcp/tcp_session.h @@ -20,9 +20,9 @@ #ifndef TCP_SESSION_H #define TCP_SESSION_H -#include "stream/libtcp/tcp_state_machine.h" -#include "stream/libtcp/tcp_stream_session.h" -#include "stream/libtcp/tcp_stream_tracker.h" +#include "tcp_state_machine.h" +#include "tcp_stream_session.h" +#include "tcp_stream_tracker.h" namespace snort { diff --git a/src/stream/tcp/tcp_state_close_wait.h b/src/stream/tcp/tcp_state_close_wait.h index 3cb7ab7bf..3d64c66fa 100644 --- a/src/stream/tcp/tcp_state_close_wait.h +++ b/src/stream/tcp/tcp_state_close_wait.h @@ -22,7 +22,7 @@ #ifndef TCP_STATE_CLOSE_WAIT_H #define TCP_STATE_CLOSE_WAIT_H -#include "stream/libtcp/tcp_state_handler.h" +#include "tcp_state_handler.h" class TcpStateCloseWait : public TcpStateHandler { diff --git a/src/stream/tcp/tcp_state_closed.h b/src/stream/tcp/tcp_state_closed.h index 2018c09b0..549e0bf51 100644 --- a/src/stream/tcp/tcp_state_closed.h +++ b/src/stream/tcp/tcp_state_closed.h @@ -22,7 +22,7 @@ #ifndef TCP_STATE_CLOSED_H #define TCP_STATE_CLOSED_H -#include "stream/libtcp/tcp_state_handler.h" +#include "tcp_state_handler.h" class TcpStateClosed : public TcpStateHandler { diff --git a/src/stream/tcp/tcp_state_closing.h b/src/stream/tcp/tcp_state_closing.h index 05e98017c..371f1af3f 100644 --- a/src/stream/tcp/tcp_state_closing.h +++ b/src/stream/tcp/tcp_state_closing.h @@ -22,7 +22,7 @@ #ifndef TCP_STATE_CLOSING_H #define TCP_STATE_CLOSING_H -#include "stream/libtcp/tcp_state_handler.h" +#include "tcp_state_handler.h" class TcpStateClosing : public TcpStateHandler { diff --git a/src/stream/tcp/tcp_state_established.h b/src/stream/tcp/tcp_state_established.h index a2b8c3938..39406b5d2 100644 --- a/src/stream/tcp/tcp_state_established.h +++ b/src/stream/tcp/tcp_state_established.h @@ -22,7 +22,7 @@ #ifndef TCP_STATE_ESTABLISHED_H #define TCP_STATE_ESTABLISHED_H -#include "stream/libtcp/tcp_state_handler.h" +#include "tcp_state_handler.h" class TcpStateEstablished : public TcpStateHandler { diff --git a/src/stream/tcp/tcp_state_fin_wait1.h b/src/stream/tcp/tcp_state_fin_wait1.h index 73a3bbd35..9924766d3 100644 --- a/src/stream/tcp/tcp_state_fin_wait1.h +++ b/src/stream/tcp/tcp_state_fin_wait1.h @@ -22,7 +22,7 @@ #ifndef TCP_STATE_FIN_WAIT1_H #define TCP_STATE_FIN_WAIT1_H -#include "stream/libtcp/tcp_state_handler.h" +#include "tcp_state_handler.h" class TcpStateFinWait1 : public TcpStateHandler { diff --git a/src/stream/tcp/tcp_state_fin_wait2.h b/src/stream/tcp/tcp_state_fin_wait2.h index efa879c8c..ceaa293f3 100644 --- a/src/stream/tcp/tcp_state_fin_wait2.h +++ b/src/stream/tcp/tcp_state_fin_wait2.h @@ -22,7 +22,7 @@ #ifndef TCP_STATE_FIN_WAIT2_H #define TCP_STATE_FIN_WAIT2_H -#include "stream/libtcp/tcp_state_handler.h" +#include "tcp_state_handler.h" class TcpStateFinWait2 : public TcpStateHandler { diff --git a/src/stream/libtcp/tcp_state_handler.cc b/src/stream/tcp/tcp_state_handler.cc similarity index 99% rename from src/stream/libtcp/tcp_state_handler.cc rename to src/stream/tcp/tcp_state_handler.cc index 3a2bc3300..db255c990 100644 --- a/src/stream/libtcp/tcp_state_handler.cc +++ b/src/stream/tcp/tcp_state_handler.cc @@ -27,7 +27,6 @@ #include -#include "tcp_segment_descriptor.h" #include "tcp_state_machine.h" #ifdef UNIT_TEST diff --git a/src/stream/libtcp/tcp_state_handler.h b/src/stream/tcp/tcp_state_handler.h similarity index 98% rename from src/stream/libtcp/tcp_state_handler.h rename to src/stream/tcp/tcp_state_handler.h index 629b19eef..906083e23 100644 --- a/src/stream/libtcp/tcp_state_handler.h +++ b/src/stream/tcp/tcp_state_handler.h @@ -23,7 +23,8 @@ #define TCP_STATE_HANDLER_H #include "protocols/tcp.h" -#include "stream/libtcp/tcp_stream_tracker.h" + +#include "tcp_stream_tracker.h" class TcpSegmentDescriptor; class TcpStateMachine; diff --git a/src/stream/tcp/tcp_state_last_ack.h b/src/stream/tcp/tcp_state_last_ack.h index 4b5598b5d..be54a801e 100644 --- a/src/stream/tcp/tcp_state_last_ack.h +++ b/src/stream/tcp/tcp_state_last_ack.h @@ -22,7 +22,7 @@ #ifndef TCP_STATE_LAST_ACK_H #define TCP_STATE_LAST_ACK_H -#include "stream/libtcp/tcp_state_handler.h" +#include "tcp_state_handler.h" class TcpStateLastAck : public TcpStateHandler { diff --git a/src/stream/tcp/tcp_state_listen.h b/src/stream/tcp/tcp_state_listen.h index 21541d52e..c1866670a 100644 --- a/src/stream/tcp/tcp_state_listen.h +++ b/src/stream/tcp/tcp_state_listen.h @@ -22,7 +22,7 @@ #ifndef TCP_STATE_LISTEN_H #define TCP_STATE_LISTEN_H -#include "stream/libtcp/tcp_state_handler.h" +#include "tcp_state_handler.h" class TcpStateListen : public TcpStateHandler { diff --git a/src/stream/libtcp/tcp_state_machine.cc b/src/stream/tcp/tcp_state_machine.cc similarity index 68% rename from src/stream/libtcp/tcp_state_machine.cc rename to src/stream/tcp/tcp_state_machine.cc index 43943617f..a414a26bb 100644 --- a/src/stream/libtcp/tcp_state_machine.cc +++ b/src/stream/tcp/tcp_state_machine.cc @@ -25,10 +25,52 @@ #include "tcp_state_machine.h" +#include "tcp_state_none.h" +#include "tcp_state_closed.h" +#include "tcp_state_listen.h" +#include "tcp_state_syn_sent.h" +#include "tcp_state_syn_recv.h" +#include "tcp_state_established.h" +#include "tcp_state_close_wait.h" +#include "tcp_state_closing.h" +#include "tcp_state_fin_wait1.h" +#include "tcp_state_fin_wait2.h" +#include "tcp_state_last_ack.h" +#include "tcp_state_time_wait.h" + +TcpStateMachine* TcpStateMachine::tsm = nullptr; + +TcpStateMachine* TcpStateMachine::initialize() +{ + assert(!tsm); + TcpStateMachine::tsm = new TcpStateMachine(); + return TcpStateMachine::tsm; +} + +void TcpStateMachine::term() +{ + delete TcpStateMachine::tsm; + TcpStateMachine::tsm = nullptr; +} + TcpStateMachine::TcpStateMachine() { for ( auto s = TcpStreamTracker::TCP_LISTEN; s < TcpStreamTracker::TCP_MAX_STATES; s++ ) tcp_state_handlers[ s ] = nullptr; + + // initialize stream tracker state machine with handler for each state... + new TcpStateNone(*this); + new TcpStateClosed(*this); + new TcpStateListen(*this); + new TcpStateSynSent(*this); + new TcpStateSynRecv(*this); + new TcpStateEstablished(*this); + new TcpStateFinWait1(*this); + new TcpStateFinWait2(*this); + new TcpStateClosing(*this); + new TcpStateCloseWait(*this); + new TcpStateLastAck(*this); + new TcpStateTimeWait(*this); } TcpStateMachine::~TcpStateMachine() diff --git a/src/stream/libtcp/tcp_state_machine.h b/src/stream/tcp/tcp_state_machine.h similarity index 84% rename from src/stream/libtcp/tcp_state_machine.h rename to src/stream/tcp/tcp_state_machine.h index d32ceb944..9181c9dd1 100644 --- a/src/stream/libtcp/tcp_state_machine.h +++ b/src/stream/tcp/tcp_state_machine.h @@ -22,20 +22,27 @@ #ifndef TCP_STATE_MACHINE_H #define TCP_STATE_MACHINE_H -#include "stream/libtcp/tcp_state_handler.h" -#include "stream/libtcp/tcp_stream_tracker.h" -#include "stream/libtcp/tcp_segment_descriptor.h" +#include "tcp_segment_descriptor.h" +#include "tcp_state_handler.h" +#include "tcp_stream_tracker.h" class TcpStateMachine { public: virtual ~TcpStateMachine(); + static TcpStateMachine* initialize(); + static void term(); + + static TcpStateMachine* get_instance() + { return TcpStateMachine::tsm; } + virtual void register_state_handler(TcpStreamTracker::TcpState, TcpStateHandler&); virtual bool eval(TcpSegmentDescriptor&, TcpStreamTracker&, TcpStreamTracker&); protected: TcpStateMachine(); + static TcpStateMachine* tsm; TcpStateHandler* tcp_state_handlers[ TcpStreamTracker::TCP_MAX_STATES ]; }; diff --git a/src/stream/tcp/tcp_state_none.h b/src/stream/tcp/tcp_state_none.h index e487d913b..7f4f83a26 100644 --- a/src/stream/tcp/tcp_state_none.h +++ b/src/stream/tcp/tcp_state_none.h @@ -22,7 +22,7 @@ #ifndef TCP_STATE_NONE_H #define TCP_STATE_NONE_H -#include "stream/libtcp/tcp_state_handler.h" +#include "tcp_state_handler.h" class TcpStateNone : public TcpStateHandler { diff --git a/src/stream/tcp/tcp_state_syn_recv.h b/src/stream/tcp/tcp_state_syn_recv.h index bf3d2423f..e94c81427 100644 --- a/src/stream/tcp/tcp_state_syn_recv.h +++ b/src/stream/tcp/tcp_state_syn_recv.h @@ -22,7 +22,7 @@ #ifndef TCP_STATE_SYN_RECV_H #define TCP_STATE_SYN_RECV_H -#include "stream/libtcp/tcp_state_handler.h" +#include "tcp_state_handler.h" class TcpStateSynRecv : public TcpStateHandler { diff --git a/src/stream/tcp/tcp_state_syn_sent.h b/src/stream/tcp/tcp_state_syn_sent.h index b4cc79754..f304ff3d4 100644 --- a/src/stream/tcp/tcp_state_syn_sent.h +++ b/src/stream/tcp/tcp_state_syn_sent.h @@ -22,7 +22,7 @@ #ifndef TCP_STATE_SYN_SENT_H #define TCP_STATE_SYN_SENT_H -#include "stream/libtcp/tcp_state_handler.h" +#include "tcp_state_handler.h" class TcpStateSynSent : public TcpStateHandler { diff --git a/src/stream/tcp/tcp_state_time_wait.h b/src/stream/tcp/tcp_state_time_wait.h index 42dc1168e..66e67470c 100644 --- a/src/stream/tcp/tcp_state_time_wait.h +++ b/src/stream/tcp/tcp_state_time_wait.h @@ -22,7 +22,7 @@ #ifndef TCP_STATE_TIME_WAIT_H #define TCP_STATE_TIME_WAIT_H -#include "stream/libtcp/tcp_state_handler.h" +#include "tcp_state_handler.h" class TcpStateTimeWait : public TcpStateHandler { diff --git a/src/stream/libtcp/tcp_stream_session.cc b/src/stream/tcp/tcp_stream_session.cc similarity index 100% rename from src/stream/libtcp/tcp_stream_session.cc rename to src/stream/tcp/tcp_stream_session.cc diff --git a/src/stream/libtcp/tcp_stream_session.h b/src/stream/tcp/tcp_stream_session.h similarity index 98% rename from src/stream/libtcp/tcp_stream_session.h rename to src/stream/tcp/tcp_stream_session.h index 78994af4c..3c79fc787 100644 --- a/src/stream/libtcp/tcp_stream_session.h +++ b/src/stream/tcp/tcp_stream_session.h @@ -26,8 +26,8 @@ #include "flow/session.h" #include "protocols/ipv6.h" -#include "stream/libtcp/tcp_stream_tracker.h" -#include "stream/tcp/tcp_stream_config.h" +#include "tcp_stream_config.h" +#include "tcp_stream_tracker.h" #ifdef DEBUG_MSGS extern const char* const flush_policy_names[]; diff --git a/src/stream/tcp/tcp_stream_state_machine.cc b/src/stream/tcp/tcp_stream_state_machine.cc deleted file mode 100644 index cd87ba076..000000000 --- a/src/stream/tcp/tcp_stream_state_machine.cc +++ /dev/null @@ -1,71 +0,0 @@ -//-------------------------------------------------------------------------- -// Copyright (C) 2015-2019 Cisco and/or its affiliates. All rights reserved. -// -// This program is free software; you can redistribute it and/or modify it -// under the terms of the GNU General Public License Version 2 as published -// by the Free Software Foundation. You may not use, modify or distribute -// this program under any other version of the GNU General Public License. -// -// This program is distributed in the hope that it will be useful, but -// WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -// General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -//-------------------------------------------------------------------------- - -// tcp_stream_state_machine.cc author davis mcpherson -// Created on: Apr 1, 2016 - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include "tcp_stream_state_machine.h" - -#include "tcp_state_none.h" -#include "tcp_state_closed.h" -#include "tcp_state_listen.h" -#include "tcp_state_syn_sent.h" -#include "tcp_state_syn_recv.h" -#include "tcp_state_established.h" -#include "tcp_state_close_wait.h" -#include "tcp_state_closing.h" -#include "tcp_state_fin_wait1.h" -#include "tcp_state_fin_wait2.h" -#include "tcp_state_last_ack.h" -#include "tcp_state_time_wait.h" - -TcpStreamStateMachine* TcpStreamStateMachine::tsm = nullptr; - -TcpStateMachine* TcpStreamStateMachine::initialize() -{ - assert(!tsm); - TcpStreamStateMachine::tsm = new TcpStreamStateMachine(); - return TcpStreamStateMachine::tsm; -} - -void TcpStreamStateMachine::finalize() -{ - delete TcpStreamStateMachine::tsm; - TcpStreamStateMachine::tsm = nullptr; -} - -TcpStreamStateMachine::TcpStreamStateMachine() -{ - // initialize stream tracker state machine with handler for each state... - new TcpStateNone(*this); - new TcpStateClosed(*this); - new TcpStateListen(*this); - new TcpStateSynSent(*this); - new TcpStateSynRecv(*this); - new TcpStateEstablished(*this); - new TcpStateFinWait1(*this); - new TcpStateFinWait2(*this); - new TcpStateClosing(*this); - new TcpStateCloseWait(*this); - new TcpStateLastAck(*this); - new TcpStateTimeWait(*this); -} diff --git a/src/stream/tcp/tcp_stream_state_machine.h b/src/stream/tcp/tcp_stream_state_machine.h deleted file mode 100644 index 40dacb8d1..000000000 --- a/src/stream/tcp/tcp_stream_state_machine.h +++ /dev/null @@ -1,43 +0,0 @@ -//-------------------------------------------------------------------------- -// Copyright (C) 2015-2019 Cisco and/or its affiliates. All rights reserved. -// -// This program is free software; you can redistribute it and/or modify it -// under the terms of the GNU General Public License Version 2 as published -// by the Free Software Foundation. You may not use, modify or distribute -// this program under any other version of the GNU General Public License. -// -// This program is distributed in the hope that it will be useful, but -// WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -// General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -//-------------------------------------------------------------------------- - -// tcp_stream_state_machine.h author davis mcpherson -// Created on: Apr 1, 2016 - -#ifndef TCP_STREAM_STATE_MACHINE_H -#define TCP_STREAM_STATE_MACHINE_H - -#include "stream/libtcp/tcp_state_machine.h" - -class TcpStreamStateMachine: public TcpStateMachine -{ -public: - static TcpStateMachine* initialize(); - static void finalize(); - - static TcpStateMachine* get_instance() - { return TcpStreamStateMachine::tsm; } - -private: - TcpStreamStateMachine(); - - static TcpStreamStateMachine* tsm; - -}; -#endif - diff --git a/src/stream/libtcp/tcp_stream_tracker.cc b/src/stream/tcp/tcp_stream_tracker.cc similarity index 100% rename from src/stream/libtcp/tcp_stream_tracker.cc rename to src/stream/tcp/tcp_stream_tracker.cc diff --git a/src/stream/libtcp/tcp_stream_tracker.h b/src/stream/tcp/tcp_stream_tracker.h similarity index 98% rename from src/stream/libtcp/tcp_stream_tracker.h rename to src/stream/tcp/tcp_stream_tracker.h index fd26b6846..fb0f526d7 100644 --- a/src/stream/libtcp/tcp_stream_tracker.h +++ b/src/stream/tcp/tcp_stream_tracker.h @@ -25,11 +25,11 @@ #include #include "stream/paf.h" -#include "stream/tcp/segment_overlap_editor.h" -#include "stream/tcp/tcp_defs.h" -#include "stream/tcp/tcp_normalizers.h" -#include "stream/tcp/tcp_reassemblers.h" -#include "stream/libtcp/tcp_segment_descriptor.h" +#include "segment_overlap_editor.h" +#include "tcp_defs.h" +#include "tcp_normalizers.h" +#include "tcp_reassemblers.h" +#include "tcp_segment_descriptor.h" /* Only track a maximum number of alerts per session */ #define MAX_SESSION_ALERTS 8 diff --git a/src/stream/libtcp/stream_tcp_unit_test.cc b/src/stream/tcp/test/stream_tcp_test_utils.cc similarity index 95% rename from src/stream/libtcp/stream_tcp_unit_test.cc rename to src/stream/tcp/test/stream_tcp_test_utils.cc index 9772dd815..9ebb0fd97 100644 --- a/src/stream/libtcp/stream_tcp_unit_test.cc +++ b/src/stream/tcp/test/stream_tcp_test_utils.cc @@ -16,24 +16,20 @@ // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// stream_libtcp_unit_test.h author davis mcpherson +// stream_tcp_test_utils.cc author davis mcpherson // Created on: Jul 30, 2015 -#include "stream_tcp_unit_test.h" - -#ifndef STREAM_LIBTCP_UNIT_TEST -#define STREAM_LIBTCP_UNIT_TEST - #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include "stream_tcp_unit_test.h" +#include "stream_tcp_test_utils.h" #include "detection/ips_context.h" #include "protocols/packet.h" #include "protocols/tcp.h" -#include "stream/tcp/tcp_session.h" + +#include "../tcp_session.h" using namespace snort; @@ -164,5 +160,3 @@ Packet* get_data_packet(Flow* flow) return pkt; } -#endif - diff --git a/src/stream/libtcp/stream_tcp_unit_test.h b/src/stream/tcp/test/stream_tcp_test_utils.h similarity index 90% rename from src/stream/libtcp/stream_tcp_unit_test.h rename to src/stream/tcp/test/stream_tcp_test_utils.h index ff67dedca..b381f24ae 100644 --- a/src/stream/libtcp/stream_tcp_unit_test.h +++ b/src/stream/tcp/test/stream_tcp_test_utils.h @@ -16,11 +16,11 @@ // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// stream_libtcp_unit_test.h author davis mcpherson +// stream_tcp_test_utils.h author davis mcpherson // Created on: Jul 30, 2015 -#ifndef STREAM_LIBTCP_UNIT_TEST_H -#define STREAM_LIBTCP_UNIT_TEST_H +#ifndef STREAM_TCP_TEST_UTILS_H +#define STREAM_TCP_TEST_UTILS_H namespace snort {