From: Volodymyr Shpyrka -X (vshpyrka - SOFTSERVE INC at Cisco) Date: Wed, 19 Feb 2025 19:00:52 +0000 (+0000) Subject: Pull request #4597: stream_tcp: changed asymmetric flows counter increment conditions X-Git-Tag: 3.7.1.0~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=67782bfab7d80defaa72f6032132bbdf7685abe2;p=thirdparty%2Fsnort3.git Pull request #4597: stream_tcp: changed asymmetric flows counter increment conditions Merge in SNORT/snort3 from ~VSHPYRKA/snort3:asymmetric_flows_increment to master Squashed commit of the following: commit b39215a709fac5e03c82d424561a169ac622f221 Author: Volodymyr Shpyrka Date: Mon Feb 3 10:41:07 2025 -0500 stream_tcp: changed asymmetric flows counter increment conditions --- diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc index 854008967..aa3e22332 100644 --- a/src/stream/tcp/tcp_session.cc +++ b/src/stream/tcp/tcp_session.cc @@ -174,7 +174,7 @@ void TcpSession::clear_session(bool free_flow_data, bool flush_segments, bool re tcp_init = false; tcpStats.released++; - if ( !flow->two_way_traffic() and free_flow_data ) + if ( is_data_transferred_asymmetrically() and free_flow_data ) tcpStats.asymmetric_flows++; client.clear_tracker(flow, p, flush_segments, restart); @@ -188,6 +188,12 @@ void TcpSession::clear_session(bool free_flow_data, bool flush_segments, bool re flow->clear(free_flow_data); } +bool TcpSession::is_data_transferred_asymmetrically() const +{ + return !flow->two_way_traffic() + && (client.seglist.data_was_queued() != server.seglist.data_was_queued()); +} + void TcpSession::update_perf_base_state(char newState) { uint32_t session_flags = flow->get_session_flags(); diff --git a/src/stream/tcp/tcp_session.h b/src/stream/tcp/tcp_session.h index 2e4280489..cf74001fb 100644 --- a/src/stream/tcp/tcp_session.h +++ b/src/stream/tcp/tcp_session.h @@ -110,6 +110,7 @@ public: void set_pseudo_established(snort::Packet*); void check_for_pseudo_established(snort::Packet*); bool check_for_one_sided_session(snort::Packet*); + bool is_data_transferred_asymmetrically() const; void check_for_repeated_syn(TcpSegmentDescriptor&); void check_for_session_hijack(TcpSegmentDescriptor&);