From: Shanmugam S (shanms) Date: Wed, 27 Sep 2023 13:26:09 +0000 (+0000) Subject: Pull request #4026: tcp: timeout for embryonic and idle session X-Git-Tag: 3.1.72.0~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7551dda8951120d4ebc51ba28352133888c56c6a;p=thirdparty%2Fsnort3.git Pull request #4026: tcp: timeout for embryonic and idle session Merge in SNORT/snort3 from ~SHANMS/snort3:tcp_conn_timeout to master Squashed commit of the following: commit 43753f773b6dacc772d85766718bb15b4ac0da5a Author: shanms Date: Thu Jun 22 14:41:06 2023 +0000 tcp: timeout for embryonic and idle session --- diff --git a/src/flow/flow.h b/src/flow/flow.h index 96abf805d..3db187b97 100644 --- a/src/flow/flow.h +++ b/src/flow/flow.h @@ -410,6 +410,9 @@ public: bool trust_is_deferred() { return deferred_trust.is_deferred(); } + + void set_idle_timeout(unsigned timeout) + { idle_timeout = timeout; } public: // FIXIT-M privatize if possible // fields are organized by initialization and size to minimize @@ -460,11 +463,9 @@ public: // FIXIT-M privatize if possible unsigned inspection_policy_id = 0; unsigned ips_policy_id = 0; unsigned reload_id = 0; - uint32_t tenant = 0; - uint32_t default_session_timeout = 0; - + uint32_t idle_timeout = 0; int32_t client_intf = 0; int32_t server_intf = 0; diff --git a/src/flow/flow_cache.cc b/src/flow/flow_cache.cc index f7bafec1c..6deb4a992 100644 --- a/src/flow/flow_cache.cc +++ b/src/flow/flow_cache.cc @@ -176,6 +176,8 @@ Flow* FlowCache::allocate(const FlowKey* key) assert(flow); link_uni(flow); flow->last_data_seen = timestamp; + flow->set_idle_timeout(config.proto[to_utype(flow->key->pkt_type)].nominal_timeout); + return flow; } @@ -406,7 +408,7 @@ unsigned FlowCache::timeout(unsigned num_flows, time_t thetime) if ( flow->expire_time > (uint64_t) thetime ) break; } - else if ( flow->last_data_seen + config.proto[to_utype(flow->key->pkt_type)].nominal_timeout > thetime ) + else if ( flow->last_data_seen + flow->idle_timeout > thetime ) break; if ( HighAvailabilityManager::in_standby(flow) or diff --git a/src/stream/tcp/tcp_module.cc b/src/stream/tcp/tcp_module.cc index 9686f1207..d9a15f0f3 100644 --- a/src/stream/tcp/tcp_module.cc +++ b/src/stream/tcp/tcp_module.cc @@ -225,6 +225,12 @@ static const Parameter s_params[] = { "track_only", Parameter::PT_BOOL, nullptr, "false", "disable reassembly if true" }, + { "embryonic_timeout", Parameter::PT_INT, "1:max31", "30", + "Non-established connection timeout" }, + + { "idle_timeout", Parameter::PT_INT, "1:max31", "3600", + "session deletion on idle " }, + { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -335,6 +341,12 @@ bool StreamTcpModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("session_timeout") ) config->session_timeout = v.get_uint32(); + else if ( v.is("embryonic_timeout") ) + config->embryonic_timeout = v.get_uint32(); + + else if ( v.is("idle_timeout") ) + config->idle_timeout = v.get_uint32(); + else if ( v.is("reassemble_async") ) { if ( v.get_bool() ) diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc index 670bfc153..a021c5c6e 100644 --- a/src/stream/tcp/tcp_session.cc +++ b/src/stream/tcp/tcp_session.cc @@ -112,6 +112,7 @@ bool TcpSession::setup(Packet*) tcp_config = get_tcp_cfg(flow->ssn_server); flow->set_default_session_timeout(tcp_config->session_timeout, false); + flow->set_idle_timeout(tcp_config->embryonic_timeout); set_os_policy(); SESSION_STATS_ADD(tcpStats) diff --git a/src/stream/tcp/tcp_stream_config.h b/src/stream/tcp/tcp_stream_config.h index 84e9bc4f0..90364438f 100644 --- a/src/stream/tcp/tcp_stream_config.h +++ b/src/stream/tcp/tcp_stream_config.h @@ -71,6 +71,8 @@ public: int hs_timeout = -1; bool no_ack; + uint32_t embryonic_timeout = STREAM_DEFAULT_SSN_TIMEOUT; + uint32_t idle_timeout; }; #endif diff --git a/src/stream/tcp/tcp_stream_session.cc b/src/stream/tcp/tcp_stream_session.cc index 3b75fd30b..2dd19d52e 100644 --- a/src/stream/tcp/tcp_stream_session.cc +++ b/src/stream/tcp/tcp_stream_session.cc @@ -344,6 +344,7 @@ void TcpStreamSession::set_established(const TcpSegmentDescriptor& tsd) { update_perf_base_state(TcpStreamTracker::TCP_ESTABLISHED); flow->session_state |= STREAM_STATE_ESTABLISHED; + flow->set_idle_timeout(this->tcp_config->idle_timeout); if (SSNFLAG_ESTABLISHED != (SSNFLAG_ESTABLISHED & flow->get_session_flags())) { flow->set_session_flags(SSNFLAG_ESTABLISHED);