From: Russ Combs (rucombs) Date: Fri, 4 Oct 2024 01:01:25 +0000 (+0000) Subject: Pull request #4439: Require 3whs X-Git-Tag: 3.4.0.0~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b5bd635b402a6dea4ab096ddb1ca1bfcace1cded;p=thirdparty%2Fsnort3.git Pull request #4439: Require 3whs Merge in SNORT/snort3 from ~RUCOMBS/snort3:require_3whs to master Squashed commit of the following: commit 1fe3d9094bceea1d0f512c5b71c4da92b662407a Author: Russ Combs Date: Wed Sep 4 11:56:27 2024 -0400 stream: recheck flow eligibility if session times out commit c2456283071ce2a9df50eff31bb7207f85eb0830 Author: Russ Combs Date: Thu Aug 22 15:44:01 2024 -0400 stream_tcp: move require_3whs to stream to avoid undesired flow creation --- diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc index b12106b05..16373c774 100644 --- a/src/flow/flow_control.cc +++ b/src/flow/flow_control.cc @@ -350,9 +350,6 @@ void FlowControl::init_proto(PktType type, InspectSsnFunc get_ssn) get_proto_session[to_utype(type)] = get_ssn; } -// FIXIT-P apply more filtering logic here, eg require_3whs -// delegate to stream inspectors but that requires binding -// can't use session because goal is to avoid instantiation static bool want_flow(PktType type, Packet* p) { if ( type != PktType::TCP ) @@ -370,18 +367,21 @@ static bool want_flow(PktType type, Packet* p) // guessing direction based on ports is misleading return false; - if ( p->ptrs.tcph->is_syn_ack() or p->dsize ) - return true; - if ( p->ptrs.tcph->is_syn_only() ) { + if ( Stream::require_3whs() ) + return true; + if ( p->context->conf->track_on_syn() ) return true; - const unsigned DECODE_TCP_HS = DECODE_TCP_MSS | DECODE_TCP_TS | DECODE_TCP_WS; - if ( p->ptrs.decode_flags & DECODE_TCP_HS ) + + if ( p->ptrs.decode_flags & (DECODE_TCP_MSS | DECODE_TCP_TS | DECODE_TCP_WS) ) return true; } + if ( p->ptrs.tcph->is_syn_ack() or p->dsize ) + return Stream::midstream_allowed(p, true); + p->packet_flags |= PKT_FROM_CLIENT; return false; } @@ -471,8 +471,17 @@ unsigned FlowControl::process(Flow* flow, Packet* p, bool new_ha_flow) flow->set_direction(p); // This call can reset the flow state to SETUP in lazy flow timeout cases - if ( flow->flow_state != Flow::FlowState::ALLOW ) - flow->session->precheck(p); + if ( flow->flow_state == Flow::FlowState::INSPECT and !flow->session->precheck(p) ) + { + // flow expired, must recheck eligibility + if ( !want_flow(flow->pkt_type, p) ) + { + flow->session_state |= STREAM_STATE_CLOSED; + return 0; // flow will be deleted + } + // flow will restart using existing service + // FIXIT-M reuse direction or clear service and use wizard + } } if ( flow->flow_state != Flow::FlowState::SETUP ) diff --git a/src/flow/session.h b/src/flow/session.h index fbd1e7a41..4204af147 100644 --- a/src/flow/session.h +++ b/src/flow/session.h @@ -48,7 +48,7 @@ public: virtual int process(snort::Packet*) { return 0; } virtual void restart(snort::Packet*) { } - virtual void precheck(snort::Packet*) { } + virtual bool precheck(snort::Packet*) { return false; } virtual void clear() = 0; virtual void cleanup(snort::Packet* = nullptr) { clear(); } diff --git a/src/flow/test/flow_cache_test.cc b/src/flow/test/flow_cache_test.cc index 2341b5d32..f96c3d0a2 100644 --- a/src/flow/test/flow_cache_test.cc +++ b/src/flow/test/flow_cache_test.cc @@ -116,6 +116,8 @@ namespace ip { uint32_t IpApi::id() const { return 0; } } +bool Stream::midstream_allowed(Packet const*, bool) +{ return false; } } ExpectCache::ExpectCache(uint32_t) { } diff --git a/src/flow/test/flow_control_test.cc b/src/flow/test/flow_control_test.cc index 234001d24..c238da128 100644 --- a/src/flow/test/flow_control_test.cc +++ b/src/flow/test/flow_control_test.cc @@ -92,6 +92,8 @@ namespace ip { uint32_t IpApi::id() const { return 0; } } +bool Stream::midstream_allowed(Packet const*, bool) +{ return false; } } bool FlowKey::init( diff --git a/src/main/policy.h b/src/main/policy.h index 542f50eab..7dd0527a0 100644 --- a/src/main/policy.h +++ b/src/main/policy.h @@ -231,6 +231,8 @@ public: uint32_t checksum_eval = CHECKSUM_FLAG__ALL | CHECKSUM_FLAG__DEF; uint32_t checksum_drop = CHECKSUM_FLAG__DEF; uint32_t normal_mask = 0; + + int hs_timeout = -1; bool cloned = false; private: diff --git a/src/stream/base/stream_module.cc b/src/stream/base/stream_module.cc index 1f52643a9..895510569 100644 --- a/src/stream/base/stream_module.cc +++ b/src/stream/base/stream_module.cc @@ -85,6 +85,9 @@ static const Parameter s_params[] = "use zero for production, non-zero for testing at given size (for TCP and user)" }, #endif + { "held_packet_timeout", Parameter::PT_INT, "1:max32", "1000", + "timeout in milliseconds for held packets" }, + { "ip_frags_only", Parameter::PT_BOOL, nullptr, "false", "don't process non-frag flows" }, @@ -97,8 +100,8 @@ static const Parameter s_params[] = { "pruning_timeout", Parameter::PT_INT, "1:max32", "30", "minimum inactive time before being eligible for pruning" }, - { "held_packet_timeout", Parameter::PT_INT, "1:max32", "1000", - "timeout in milliseconds for held packets" }, + { "require_3whs", Parameter::PT_INT, "-1:max31", "-1", + "don't track midstream TCP sessions after given seconds from start up; -1 tracks all" }, FLOW_TYPE_TABLE("ip_cache", "ip", ip_params), FLOW_TYPE_TABLE("icmp_cache", "icmp", icmp_params), @@ -288,65 +291,61 @@ bool StreamModule::begin(const char* fqn, int, SnortConfig*) bool StreamModule::set(const char* fqn, Value& v, SnortConfig* c) { - PktType type = PktType::NONE; - #ifdef REG_TEST if ( v.is("footprint") ) - { config.footprint = v.get_uint32(); - return true; - } + else #endif - if ( v.is("ip_frags_only") ) + if ( v.is("held_packet_timeout") ) + config.held_packet_timeout = v.get_uint32(); + + else if ( v.is("ip_frags_only") ) { if ( v.get_bool() ) c->set_run_flags(RUN_FLAG__IP_FRAGS_ONLY); - return true; } else if ( v.is("max_flows") ) - { config.flow_cache_cfg.max_flows = v.get_uint32(); - return true; - } + else if ( v.is("prune_flows") ) - { config.flow_cache_cfg.prune_flows = v.get_uint32(); - return true; - } + else if ( v.is("pruning_timeout") ) - { config.flow_cache_cfg.pruning_timeout = v.get_uint32(); - return true; - } - else if ( v.is("held_packet_timeout") ) + + else if ( v.is("require_3whs") ) + config.hs_timeout = v.get_int32(); + + else if ( !strcmp(fqn, "stream.file_cache.idle_timeout") ) + config.flow_cache_cfg.proto[to_utype(PktType::FILE)].nominal_timeout = v.get_uint32(); + + else if ( !strcmp(fqn, "stream.ip_cache.idle_timeout") ) + config.flow_cache_cfg.proto[to_utype(PktType::IP)].nominal_timeout = v.get_uint32(); + + else if ( !strcmp(fqn, "stream.icmp_cache.idle_timeout") ) + config.flow_cache_cfg.proto[to_utype(PktType::ICMP)].nominal_timeout = v.get_uint32(); + + else if ( !strcmp(fqn, "stream.tcp_cache.idle_timeout") ) + config.flow_cache_cfg.proto[to_utype(PktType::TCP)].nominal_timeout = v.get_uint32(); + + else if ( !strcmp(fqn, "stream.udp_cache.idle_timeout") ) + config.flow_cache_cfg.proto[to_utype(PktType::UDP)].nominal_timeout = v.get_uint32(); + + else { - config.held_packet_timeout = v.get_uint32(); - return true; + assert(!strcmp(fqn, "stream.user_cache.idle_timeout")); + config.flow_cache_cfg.proto[to_utype(PktType::USER)].nominal_timeout = v.get_uint32(); } - else if ( strstr(fqn, "ip_cache") ) - type = PktType::IP; - else if ( strstr(fqn, "icmp_cache") ) - type = PktType::ICMP; - else if ( strstr(fqn, "tcp_cache") ) - type = PktType::TCP; - else if ( strstr(fqn, "udp_cache") ) - type = PktType::UDP; - else if ( strstr(fqn, "user_cache") ) - type = PktType::USER; - else if ( strstr(fqn, "file_cache") ) - type = PktType::FILE; - else - return false; - - if ( v.is("idle_timeout") ) - config.flow_cache_cfg.proto[to_utype(type)].nominal_timeout = v.get_uint32(); return true; } bool StreamModule::end(const char* fqn, int, SnortConfig* sc) { + if ( config.hs_timeout != -1 ) // condition required until stream_tcp.require_3whs is removed + get_network_parse_policy()->hs_timeout = config.hs_timeout; + if ( Snort::is_reloading() && strcmp(fqn, MOD_NAME) == 0 ) { StreamReloadResourceManager* reload_resource_manager = new StreamReloadResourceManager; @@ -484,6 +483,7 @@ void StreamModuleConfig::show() const ConfigLogger::log_value("max_aux_ip", SnortConfig::get_conf()->max_aux_ip); ConfigLogger::log_value("pruning_timeout", flow_cache_cfg.pruning_timeout); ConfigLogger::log_value("prune_flows", flow_cache_cfg.prune_flows); + ConfigLogger::log_limit("require_3whs", hs_timeout, -1, hs_timeout < 0 ? hs_timeout : -1); for (int i = to_utype(PktType::IP); i < to_utype(PktType::PDU); ++i) { diff --git a/src/stream/base/stream_module.h b/src/stream/base/stream_module.h index 1af46bc33..d4ccdb619 100644 --- a/src/stream/base/stream_module.h +++ b/src/stream/base/stream_module.h @@ -29,6 +29,8 @@ #include "framework/module.h" #include "main/analyzer.h" #include "main/reload_tuner.h" +#include "protocols/packet.h" +#include "time/packet_time.h" namespace snort { @@ -120,6 +122,7 @@ struct StreamModuleConfig unsigned footprint = 0; #endif uint32_t held_packet_timeout = 1000; // in milliseconds + int hs_timeout = -1; void show() const; }; diff --git a/src/stream/stream.cc b/src/stream/stream.cc index 7ac15a1d2..7ab704904 100644 --- a/src/stream/stream.cc +++ b/src/stream/stream.cc @@ -45,6 +45,7 @@ #include "trace/trace_api.h" #include "utils/util.h" +#include "tcp/tcp_module.h" #include "tcp/tcp_session.h" #include "tcp/tcp_stream_tracker.h" @@ -157,6 +158,19 @@ FlowData* Stream::get_flow_data( // session status //------------------------------------------------------------------------- +bool Stream::midstream_allowed(const Packet* p, bool alert) +{ + int t = get_network_policy()->hs_timeout; + + if ( (t < 0) or (p->pkth->ts.tv_sec - packet_first_time() < t) ) + return true; + + if ( alert ) + DetectionEngine::queue_event(GID_STREAM_TCP, STREAM_TCP_NO_3WHS); + + return false; +} + void Stream::check_flow_closed(Packet* p) { Flow* flow = p->flow; diff --git a/src/stream/stream.h b/src/stream/stream.h index f355e42ee..89e5a4f19 100644 --- a/src/stream/stream.h +++ b/src/stream/stream.h @@ -29,6 +29,9 @@ #include #include "flow/flow.h" +#include "main/policy.h" +#include "protocols/packet.h" +#include "time/packet_time.h" class HostAttributesDescriptor; typedef std::shared_ptr HostAttributesEntry; @@ -157,7 +160,6 @@ public: Flow*, Packet* p, uint32_t gid, uint32_t sid, uint32_t eventId, uint32_t eventSecond); - static void disable_reassembly(Flow*); // Returns true if stream data for the flow is in sequence, otherwise return false. @@ -217,13 +219,18 @@ public: // Handle session block pending state static void check_flow_closed(Packet*); - static void populate_flow_key(const Packet*, FlowKey*); + static bool require_3whs() + { return get_network_policy()->hs_timeout >= 0; } - static void set_snort_protocol_id_from_ha(Flow*, const SnortProtocolId); + static bool midstream_allowed(const Packet* p, bool alert = false); static bool is_midstream(Flow* flow) { return ((flow->ssn_state.session_flags & SSNFLAG_MIDSTREAM) != 0); } + static void populate_flow_key(const Packet*, FlowKey*); + + static void set_snort_protocol_id_from_ha(Flow*, const SnortProtocolId); + // Get the TTL value used at session setup // Set outer=false to get inner ip ttl for ip in ip; else outer=true static uint8_t get_flow_ttl(Flow*, char dir, bool outer); diff --git a/src/stream/tcp/tcp_module.cc b/src/stream/tcp/tcp_module.cc index 894ffe553..dbef615d8 100644 --- a/src/stream/tcp/tcp_module.cc +++ b/src/stream/tcp/tcp_module.cc @@ -215,7 +215,7 @@ static const Parameter s_params[] = "queue data for reassembly before traffic is seen in both directions" }, { "require_3whs", Parameter::PT_INT, "-1:max31", "-1", - "don't track midstream sessions after given seconds from start up; -1 tracks all" }, + "deprecated: use stream.require_3whs instead" }, { "show_rebuilt_packets", Parameter::PT_BOOL, nullptr, "false", "enable cmg like output of reassembled packets" }, @@ -372,9 +372,10 @@ bool StreamTcpModule::set(const char*, Value& v, SnortConfig*) else if ( v.is("require_3whs") ) { - config->hs_timeout = v.get_int32(); + int t = v.get_int32(); + if ( t != -1 ) + get_network_parse_policy()->hs_timeout = v.get_int32(); } - else if ( v.is("show_rebuilt_packets") ) { if ( v.get_bool() ) @@ -409,13 +410,6 @@ bool StreamTcpModule::begin(const char* fqn, int, SnortConfig*) return true; } -bool StreamTcpModule::end(const char*, int, SnortConfig* sc) -{ - if ( config->hs_timeout >= 0 ) - sc->set_run_flags(RUN_FLAG__TRACK_ON_SYN); - return true; -} - const PegInfo* StreamTcpModule::get_pegs() const { return tcp_pegs; } diff --git a/src/stream/tcp/tcp_module.h b/src/stream/tcp/tcp_module.h index 6ed90c3c1..01d27c030 100644 --- a/src/stream/tcp/tcp_module.h +++ b/src/stream/tcp/tcp_module.h @@ -140,7 +140,6 @@ public: bool set(const char*, snort::Value&, snort::SnortConfig*) override; bool begin(const char*, int, snort::SnortConfig*) override; - bool end(const char*, int, snort::SnortConfig*) override; const snort::RuleMap* get_rules() const override; diff --git a/src/stream/tcp/tcp_normalizer.cc b/src/stream/tcp/tcp_normalizer.cc index fde1c11c1..62904fc9d 100644 --- a/src/stream/tcp/tcp_normalizer.cc +++ b/src/stream/tcp/tcp_normalizer.cc @@ -232,15 +232,13 @@ void TcpNormalizer::trim_mss_payload( } void TcpNormalizer::ecn_tracker( - TcpNormalizerState& tns, const tcp::TCPHdr* tcph, bool req3way) + TcpNormalizerState& tns, const tcp::TCPHdr* tcph) { - if ( tcph->is_syn_ack() ) - { - if ( !req3way || tns.session->ecn ) - tns.session->ecn = ((tcph->th_flags & (TH_ECE | TH_CWR)) == TH_ECE); - } - else if ( tcph->is_syn() ) + if ( tcph->is_syn_only() ) tns.session->ecn = tcph->are_flags_set(TH_ECE | TH_CWR); + + else if ( tcph->is_syn_ack() ) + tns.session->ecn = tns.session->ecn and ((tcph->th_flags & (TH_ECE | TH_CWR)) == TH_ECE); } void TcpNormalizer::ecn_stripper( diff --git a/src/stream/tcp/tcp_normalizer.h b/src/stream/tcp/tcp_normalizer.h index 1d0055943..1df0c9d3f 100644 --- a/src/stream/tcp/tcp_normalizer.h +++ b/src/stream/tcp/tcp_normalizer.h @@ -79,7 +79,7 @@ public: virtual void trim_win_payload(State&, TcpSegmentDescriptor&, uint32_t max = 0, bool force = false); virtual void trim_mss_payload(State&, TcpSegmentDescriptor&, uint32_t max = 0); - virtual void ecn_tracker(State&, const snort::tcp::TCPHdr*, bool req3way); + virtual void ecn_tracker(State&, const snort::tcp::TCPHdr*); virtual void ecn_stripper(State&, TcpSegmentDescriptor&); virtual uint32_t get_zwp_seq(State&); virtual uint32_t get_stream_window(State&, TcpSegmentDescriptor&); diff --git a/src/stream/tcp/tcp_normalizers.h b/src/stream/tcp/tcp_normalizers.h index a52315da7..1c985e66e 100644 --- a/src/stream/tcp/tcp_normalizers.h +++ b/src/stream/tcp/tcp_normalizers.h @@ -71,8 +71,8 @@ public: void trim_mss_payload(TcpSegmentDescriptor& tsd, uint32_t max = 0) { norm->trim_mss_payload(tns, tsd, max); } - void ecn_tracker(const snort::tcp::TCPHdr* tcph, bool req3way) - { norm->ecn_tracker(tns, tcph, req3way); } + void ecn_tracker(const snort::tcp::TCPHdr* tcph) + { norm->ecn_tracker(tns, tcph); } void ecn_stripper(TcpSegmentDescriptor& tsd) { norm->ecn_stripper(tns, tsd); } diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc index 9ed5f7276..11bc88670 100644 --- a/src/stream/tcp/tcp_session.cc +++ b/src/stream/tcp/tcp_session.cc @@ -102,7 +102,6 @@ bool TcpSession::setup(Packet*) client.init_tcp_state(this); server.init_tcp_state(this); tcp_init = false; - generate_3whs_alert = true; cleaning = false; splitter_init = false; @@ -415,20 +414,17 @@ bool TcpSession::handle_syn_on_reset_session(TcpSegmentDescriptor& tsd) flow->set_ttl(tsd.get_pkt(), true); init_session_on_syn(tsd); tcpStats.resyns++; - listener->normalizer.ecn_tracker(tcph, tcp_config->require_3whs()); + listener->normalizer.ecn_tracker(tcph); flow->update_session_flags(SSNFLAG_SEEN_CLIENT); } else if ( tcph->is_syn_ack() ) { - if ( tcp_config->midstream_allowed(tsd.get_pkt()) ) - { - flow->ssn_state.direction = FROM_SERVER; - flow->set_ttl(tsd.get_pkt(), false); - init_session_on_synack(tsd); - tcpStats.resyns++; - } + flow->ssn_state.direction = FROM_SERVER; + flow->set_ttl(tsd.get_pkt(), false); + init_session_on_synack(tsd); + tcpStats.resyns++; - listener->normalizer.ecn_tracker(tcph, tcp_config->require_3whs()); + listener->normalizer.ecn_tracker(tcph); flow->update_session_flags(SSNFLAG_SEEN_SERVER); } } @@ -933,7 +929,7 @@ bool TcpSession::ignore_this_packet(Packet* p) return false; } -void TcpSession::cleanup_session_if_expired(Packet* p) +bool TcpSession::cleanup_session_if_expired(Packet* p) { // Check if the session is expired. Should be done before we do something with // the packet...Insert a packet, or handle state change SYN, FIN, RST, etc. @@ -947,20 +943,22 @@ void TcpSession::cleanup_session_if_expired(Packet* p) tcpStats.timeouts++; TcpHAManager::process_deletion(*flow); + + return true; } + return false; } -void TcpSession::precheck(Packet* p) +bool TcpSession::precheck(Packet* p) { // Check if the session is expired. Should be done before we do something with // the packet...Insert a packet, or handle state change SYN, FIN, RST, etc. - cleanup_session_if_expired(p); + return !cleanup_session_if_expired(p); } void TcpSession::init_tcp_packet_analysis(TcpSegmentDescriptor& tsd) { - if ( !splitter_init and tsd.is_data_segment() and - (tcp_init or is_midstream_allowed(tsd)) ) + if ( !splitter_init and tsd.is_data_segment() ) { if ( !(tcp_config->flags & STREAM_CONFIG_NO_REASSEMBLY) and !(tsd.get_flow()->flags.disable_reassembly_by_ips) ) diff --git a/src/stream/tcp/tcp_session.h b/src/stream/tcp/tcp_session.h index 42a698984..f71da8f39 100644 --- a/src/stream/tcp/tcp_session.h +++ b/src/stream/tcp/tcp_session.h @@ -23,6 +23,7 @@ #include "flow/flow.h" #include "flow/session.h" #include "protocols/packet.h" +#include "stream/stream.h" #include "tcp_event_logger.h" #include "tcp_state_machine.h" @@ -48,7 +49,7 @@ public: bool setup(snort::Packet*) override; void restart(snort::Packet* p) override; - void precheck(snort::Packet* p) override; + bool precheck(snort::Packet* p) override; int process(snort::Packet*) override; void clear() override; @@ -94,9 +95,6 @@ public: void handle_data_on_syn(TcpSegmentDescriptor&); void update_ignored_session(TcpSegmentDescriptor&); - bool is_midstream_allowed(const TcpSegmentDescriptor& tsd) - { return tcp_config->midstream_allowed(tsd.get_pkt()); } - uint16_t get_mss(bool to_server) const; uint8_t get_tcp_options_len(bool to_server) const; @@ -105,15 +103,6 @@ public: bool set_no_ack(bool); bool no_ack_mode_enabled() { return no_ack; } - void generate_no_3whs_event() - { - if ( generate_3whs_alert && flow->two_way_traffic()) - { - tel.set_tcp_event(EVENT_NO_3WHS); - generate_3whs_alert = false; - } - } - void set_pkt_action_flag(uint32_t flag) { pkt_action_mask |= flag; } @@ -142,7 +131,6 @@ public: int16_t egress_group = DAQ_PKTHDR_UNKNOWN; uint32_t daq_flags = 0; uint32_t address_space_id = 0; - bool generate_3whs_alert = true; bool cleaning = false; uint8_t held_packet_dir = SSN_DIR_NONE; uint8_t ecn = 0; @@ -155,7 +143,7 @@ private: void init_session_on_synack(TcpSegmentDescriptor&); void update_on_3whs_complete(TcpSegmentDescriptor&); bool ignore_this_packet(snort::Packet*); - void cleanup_session_if_expired(snort::Packet*); + bool cleanup_session_if_expired(snort::Packet*); void init_tcp_packet_analysis(TcpSegmentDescriptor&); void check_events_and_actions(const TcpSegmentDescriptor& tsd); void flush_tracker(TcpStreamTracker&, snort::Packet*, uint32_t dir, bool final_flush); diff --git a/src/stream/tcp/tcp_state_close_wait.cc b/src/stream/tcp/tcp_state_close_wait.cc index 70b3b23d8..90b78ec6a 100644 --- a/src/stream/tcp/tcp_state_close_wait.cc +++ b/src/stream/tcp/tcp_state_close_wait.cc @@ -36,7 +36,7 @@ TcpStateCloseWait::TcpStateCloseWait(TcpStateMachine& tsm) : bool TcpStateCloseWait::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs() ); + trk.normalizer.ecn_tracker(tsd.get_tcph()); if ( tsd.is_data_segment() ) trk.session->handle_data_on_syn(tsd); diff --git a/src/stream/tcp/tcp_state_closing.cc b/src/stream/tcp/tcp_state_closing.cc index e78e1711d..c9a5c8246 100644 --- a/src/stream/tcp/tcp_state_closing.cc +++ b/src/stream/tcp/tcp_state_closing.cc @@ -42,7 +42,7 @@ bool TcpStateClosing::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) bool TcpStateClosing::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); + trk.normalizer.ecn_tracker(tsd.get_tcph()); if ( tsd.is_data_segment() ) trk.session->handle_data_on_syn(tsd); return true; diff --git a/src/stream/tcp/tcp_state_established.cc b/src/stream/tcp/tcp_state_established.cc index 26a25efdb..8d0ae10a2 100644 --- a/src/stream/tcp/tcp_state_established.cc +++ b/src/stream/tcp/tcp_state_established.cc @@ -43,30 +43,27 @@ bool TcpStateEstablished::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& bool TcpStateEstablished::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { trk.session->check_for_repeated_syn(tsd); - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); + trk.normalizer.ecn_tracker(tsd.get_tcph()); return true; } bool TcpStateEstablished::syn_ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( trk.session->tcp_config->midstream_allowed(tsd.get_pkt()) ) + // FIXIT-M there may be an issue when syn/ack from server is seen + // after ack from client which causes some tracker state variables to + // not be initialized... update_tracker_ack_sent may fix that but needs + // more testing + //trk.update_tracker_ack_sent( tsd ); + Flow* flow = tsd.get_flow(); + if ( !(flow->session_state & STREAM_STATE_ESTABLISHED) ) { - // FIXIT-M there may be an issue when syn/ack from server is seen - // after ack from client which causes some tracker state variables to - // not be initialized... update_tracker_ack_sent may fix that but needs - // more testing - //trk.update_tracker_ack_sent( tsd ); - Flow* flow = tsd.get_flow(); - if ( !(flow->session_state & STREAM_STATE_ESTABLISHED) ) - { - /* SYN-ACK from server */ - if (flow->session_state != STREAM_STATE_NONE) - trk.session->update_perf_base_state(TcpStreamTracker::TCP_ESTABLISHED); - } + /* SYN-ACK from server */ + if (flow->session_state != STREAM_STATE_NONE) + trk.session->update_perf_base_state(TcpStreamTracker::TCP_ESTABLISHED); } if ( trk.is_server_tracker() ) - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs() ); + trk.normalizer.ecn_tracker(tsd.get_tcph()); return true; } diff --git a/src/stream/tcp/tcp_state_fin_wait1.cc b/src/stream/tcp/tcp_state_fin_wait1.cc index b7a9320c1..9ba2fd3c8 100644 --- a/src/stream/tcp/tcp_state_fin_wait1.cc +++ b/src/stream/tcp/tcp_state_fin_wait1.cc @@ -43,7 +43,7 @@ bool TcpStateFinWait1::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk bool TcpStateFinWait1::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); + trk.normalizer.ecn_tracker(tsd.get_tcph()); if ( tsd.is_data_segment() ) trk.session->handle_data_on_syn(tsd); return true; diff --git a/src/stream/tcp/tcp_state_fin_wait2.cc b/src/stream/tcp/tcp_state_fin_wait2.cc index 36ab6d1e9..faead05ff 100644 --- a/src/stream/tcp/tcp_state_fin_wait2.cc +++ b/src/stream/tcp/tcp_state_fin_wait2.cc @@ -42,7 +42,7 @@ bool TcpStateFinWait2::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk bool TcpStateFinWait2::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); + trk.normalizer.ecn_tracker(tsd.get_tcph()); if ( tsd.is_data_segment() ) trk.session->handle_data_on_syn(tsd); return true; diff --git a/src/stream/tcp/tcp_state_last_ack.cc b/src/stream/tcp/tcp_state_last_ack.cc index e4b985a5b..bf9044d43 100644 --- a/src/stream/tcp/tcp_state_last_ack.cc +++ b/src/stream/tcp/tcp_state_last_ack.cc @@ -42,7 +42,7 @@ bool TcpStateLastAck::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) bool TcpStateLastAck::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); + trk.normalizer.ecn_tracker(tsd.get_tcph()); if ( tsd.is_data_segment() ) trk.session->handle_data_on_syn(tsd); return true; diff --git a/src/stream/tcp/tcp_state_listen.cc b/src/stream/tcp/tcp_state_listen.cc index 49ef29170..ba341bcc4 100644 --- a/src/stream/tcp/tcp_state_listen.cc +++ b/src/stream/tcp/tcp_state_listen.cc @@ -42,7 +42,7 @@ TcpStateListen::TcpStateListen(TcpStateMachine& tsm) : bool TcpStateListen::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { trk.init_on_syn_recv(tsd); - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); + trk.normalizer.ecn_tracker(tsd.get_tcph()); trk.session->set_pkt_action_flag(trk.normalizer.handle_paws(tsd) ); if ( tsd.is_data_segment() ) trk.session->handle_data_on_syn(tsd); @@ -51,104 +51,45 @@ bool TcpStateListen::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) bool TcpStateListen::syn_ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( trk.session->is_midstream_allowed(tsd) ) - { - trk.init_on_synack_sent(tsd); - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); - trk.session->init_new_tcp_session(tsd); - } - else if ( trk.session->tcp_config->require_3whs() ) - { - trk.session->generate_no_3whs_event(); - return false; - } - return true; -} - -bool TcpStateListen::ack_sent(TcpSegmentDescriptor&, TcpStreamTracker& trk) -{ - if ( trk.session->tcp_config->require_3whs() ) - { - trk.session->generate_no_3whs_event(); - return false; - } + trk.init_on_synack_sent(tsd); + trk.normalizer.ecn_tracker(tsd.get_tcph()); + trk.session->init_new_tcp_session(tsd); return true; } bool TcpStateListen::data_seg_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( trk.session->is_midstream_allowed(tsd) ) - { - Flow* flow = tsd.get_flow(); - flow->session_state |= STREAM_STATE_MIDSTREAM; - - if ( !Stream::is_midstream(flow) ) - { - TcpStreamTracker* listener = tsd.get_listener(); - TcpStreamTracker* talker = tsd.get_talker(); - - trk.normalizer.init(StreamPolicy::MISSED_3WHS, trk.session, listener, talker); - trk.normalizer.init(StreamPolicy::MISSED_3WHS, trk.session, talker, listener); - flow->set_session_flags(SSNFLAG_MIDSTREAM); + Flow* flow = tsd.get_flow(); + flow->session_state |= STREAM_STATE_MIDSTREAM; - if ( PacketTracer::is_active() ) - PacketTracer::log("Stream TCP did not see the complete 3-Way Handshake. " - "Not all normalizations will be in effect\n"); + if ( !Stream::is_midstream(flow) ) + { + TcpStreamTracker* listener = tsd.get_listener(); + TcpStreamTracker* talker = tsd.get_talker(); - DataBus::publish(Stream::get_pub_id(), StreamEventIds::TCP_MIDSTREAM, tsd.get_pkt()); - } + trk.normalizer.init(StreamPolicy::MISSED_3WHS, trk.session, listener, talker); + trk.normalizer.init(StreamPolicy::MISSED_3WHS, trk.session, talker, listener); + flow->set_session_flags(SSNFLAG_MIDSTREAM); - trk.init_on_data_seg_sent(tsd); - trk.session->init_new_tcp_session(tsd); - } - else if ( trk.session->tcp_config->require_3whs() ) - { - trk.session->generate_no_3whs_event(); - return false; - } - return true; -} + if ( PacketTracer::is_active() ) + PacketTracer::log("Stream TCP did not see the complete 3-Way Handshake. " + "Not all normalizations will be in effect\n"); -bool TcpStateListen::data_seg_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) -{ - if ( trk.session->is_midstream_allowed(tsd) ) - { - Flow* flow = tsd.get_flow(); - flow->session_state |= STREAM_STATE_MIDSTREAM; - trk.init_on_data_seg_recv(tsd); - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); - trk.session->handle_data_segment(tsd, !trk.normalizer.is_tcp_ips_enabled()); + DataBus::publish(Stream::get_pub_id(), StreamEventIds::TCP_MIDSTREAM, tsd.get_pkt()); } - else if ( trk.session->tcp_config->require_3whs() ) - { - trk.session->generate_no_3whs_event(); - return false; - } - return true; -} -bool TcpStateListen::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) -{ - if ( !trk.session->is_midstream_allowed(tsd) && trk.session->tcp_config->require_3whs() ) - { - // FIXIT-L listen gets fin triggers 129:20 ?? - trk.session->generate_no_3whs_event(); - return false; - } + trk.init_on_data_seg_sent(tsd); + trk.session->init_new_tcp_session(tsd); return true; } -bool TcpStateListen::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) +bool TcpStateListen::data_seg_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( trk.session->is_midstream_allowed(tsd) ) - { - // FIXIT-L handle FIN on midstream - } - else if ( trk.session->tcp_config->require_3whs() ) - { - trk.session->generate_no_3whs_event(); - return false; - } + Flow* flow = tsd.get_flow(); + flow->session_state |= STREAM_STATE_MIDSTREAM; + trk.init_on_data_seg_recv(tsd); + trk.normalizer.ecn_tracker(tsd.get_tcph()); + trk.session->handle_data_segment(tsd, !trk.normalizer.is_tcp_ips_enabled()); return true; } diff --git a/src/stream/tcp/tcp_state_listen.h b/src/stream/tcp/tcp_state_listen.h index 3686e2bc8..81ec2f0f1 100644 --- a/src/stream/tcp/tcp_state_listen.h +++ b/src/stream/tcp/tcp_state_listen.h @@ -31,11 +31,8 @@ public: bool syn_recv(TcpSegmentDescriptor&, TcpStreamTracker&) override; bool syn_ack_sent(TcpSegmentDescriptor&, TcpStreamTracker&) override; - bool ack_sent(TcpSegmentDescriptor&, TcpStreamTracker&) override; bool data_seg_sent(TcpSegmentDescriptor&, TcpStreamTracker&) override; bool data_seg_recv(TcpSegmentDescriptor&, TcpStreamTracker&) override; - bool fin_sent(TcpSegmentDescriptor&, TcpStreamTracker&) override; - bool fin_recv(TcpSegmentDescriptor&, TcpStreamTracker&) override; bool rst_recv(TcpSegmentDescriptor&, TcpStreamTracker&) override; bool do_post_sm_packet_actions(TcpSegmentDescriptor&, TcpStreamTracker&) override; diff --git a/src/stream/tcp/tcp_state_mid_stream_recv.cc b/src/stream/tcp/tcp_state_mid_stream_recv.cc index b510c8620..476fcafff 100644 --- a/src/stream/tcp/tcp_state_mid_stream_recv.cc +++ b/src/stream/tcp/tcp_state_mid_stream_recv.cc @@ -45,7 +45,7 @@ bool TcpStateMidStreamRecv::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker bool TcpStateMidStreamRecv::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { trk.session->check_for_repeated_syn(tsd); - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); + trk.normalizer.ecn_tracker(tsd.get_tcph()); return true; } diff --git a/src/stream/tcp/tcp_state_mid_stream_sent.cc b/src/stream/tcp/tcp_state_mid_stream_sent.cc index 4df685f20..9ba371ec2 100644 --- a/src/stream/tcp/tcp_state_mid_stream_sent.cc +++ b/src/stream/tcp/tcp_state_mid_stream_sent.cc @@ -43,7 +43,7 @@ bool TcpStateMidStreamSent::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker bool TcpStateMidStreamSent::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { trk.session->check_for_repeated_syn(tsd); - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); + trk.normalizer.ecn_tracker(tsd.get_tcph()); trk.set_tcp_state(TcpStreamTracker::TCP_ESTABLISHED); return true; } diff --git a/src/stream/tcp/tcp_state_none.cc b/src/stream/tcp/tcp_state_none.cc index de26c2a6f..d106d74fd 100644 --- a/src/stream/tcp/tcp_state_none.cc +++ b/src/stream/tcp/tcp_state_none.cc @@ -48,125 +48,48 @@ bool TcpStateNone::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) return true; } -bool TcpStateNone::syn_ack_sent(TcpSegmentDescriptor&, TcpStreamTracker& trk) -{ - trk.session->generate_no_3whs_event(); - return false; -} - bool TcpStateNone::syn_ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( trk.session->is_midstream_allowed(tsd) ) - { - trk.init_on_synack_recv(tsd); - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); - if ( tsd.is_data_segment() ) - trk.session->handle_data_segment(tsd, !trk.normalizer.is_tcp_ips_enabled()); - } - else if ( trk.session->tcp_config->require_3whs() ) - { - trk.session->generate_no_3whs_event(); - return false; - } - return true; -} - -bool TcpStateNone::ack_sent(TcpSegmentDescriptor&, TcpStreamTracker& trk) -{ - if ( trk.session->tcp_config->require_3whs() ) - { - trk.session->generate_no_3whs_event(); - return false; - } + trk.init_on_synack_recv(tsd); + trk.normalizer.ecn_tracker(tsd.get_tcph()); + if ( tsd.is_data_segment() ) + trk.session->handle_data_segment(tsd, !trk.normalizer.is_tcp_ips_enabled()); return true; } bool TcpStateNone::data_seg_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( trk.session->is_midstream_allowed(tsd) ) - { - Flow* flow = tsd.get_flow(); - flow->session_state |= STREAM_STATE_MIDSTREAM; - - if ( !Stream::is_midstream(flow) ) - { - TcpStreamTracker* listener = tsd.get_listener(); - TcpStreamTracker* talker = tsd.get_talker(); - - trk.normalizer.init(StreamPolicy::MISSED_3WHS, trk.session, listener, talker); - trk.normalizer.init(StreamPolicy::MISSED_3WHS, trk.session, talker, listener); - flow->set_session_flags(SSNFLAG_MIDSTREAM); - - if ( PacketTracer::is_active() ) - PacketTracer::log("Stream TCP did not see the complete 3-Way Handshake. " - "Not all normalizations will be in effect\n"); - - DataBus::publish(Stream::get_pub_id(), StreamEventIds::TCP_MIDSTREAM, tsd.get_pkt()); - } + Flow* flow = tsd.get_flow(); + flow->session_state |= STREAM_STATE_MIDSTREAM; - trk.init_on_data_seg_sent(tsd); - trk.session->init_new_tcp_session(tsd); - } - else if ( trk.session->tcp_config->require_3whs() ) + if ( !Stream::is_midstream(flow) ) { - trk.session->generate_no_3whs_event(); - return false; - } - return true; -} + TcpStreamTracker* listener = tsd.get_listener(); + TcpStreamTracker* talker = tsd.get_talker(); -bool TcpStateNone::data_seg_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) -{ - if ( trk.session->is_midstream_allowed(tsd) ) - { - Flow* flow = tsd.get_flow(); - flow->session_state |= STREAM_STATE_MIDSTREAM; - trk.init_on_data_seg_recv(tsd); - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); - trk.session->handle_data_segment(tsd, !trk.normalizer.is_tcp_ips_enabled()); - } - else if ( trk.session->tcp_config->require_3whs() ) - { - trk.session->generate_no_3whs_event(); - return false; - } - return true; -} + trk.normalizer.init(StreamPolicy::MISSED_3WHS, trk.session, listener, talker); + trk.normalizer.init(StreamPolicy::MISSED_3WHS, trk.session, talker, listener); + flow->set_session_flags(SSNFLAG_MIDSTREAM); -bool TcpStateNone::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) -{ - if ( trk.session->is_midstream_allowed(tsd) ) - { - // FIXIT-M handle FIN on midstream - } - else if ( trk.session->tcp_config->require_3whs() ) - { - trk.session->generate_no_3whs_event(); - return false; - } - return true; -} + if ( PacketTracer::is_active() ) + PacketTracer::log("Stream TCP did not see the complete 3-Way Handshake. " + "Not all normalizations will be in effect\n"); -bool TcpStateNone::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) -{ - if ( trk.session->is_midstream_allowed(tsd) ) - { - // FIXIT-M handle FIN on midstream - } - else if ( trk.session->tcp_config->require_3whs() ) - { - trk.session->generate_no_3whs_event(); - return false; + DataBus::publish(Stream::get_pub_id(), StreamEventIds::TCP_MIDSTREAM, tsd.get_pkt()); } + + trk.init_on_data_seg_sent(tsd); + trk.session->init_new_tcp_session(tsd); return true; } -bool TcpStateNone::rst_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) +bool TcpStateNone::data_seg_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( trk.session->is_midstream_allowed(tsd) ) - { - // FIXIT-M handle RST on midstream - } + Flow* flow = tsd.get_flow(); + flow->session_state |= STREAM_STATE_MIDSTREAM; + trk.init_on_data_seg_recv(tsd); + trk.normalizer.ecn_tracker(tsd.get_tcph()); + trk.session->handle_data_segment(tsd, !trk.normalizer.is_tcp_ips_enabled()); return true; } diff --git a/src/stream/tcp/tcp_state_none.h b/src/stream/tcp/tcp_state_none.h index a4db260f7..692c1aa32 100644 --- a/src/stream/tcp/tcp_state_none.h +++ b/src/stream/tcp/tcp_state_none.h @@ -30,14 +30,9 @@ public: TcpStateNone(TcpStateMachine&); bool syn_sent(TcpSegmentDescriptor&, TcpStreamTracker&) override; - bool syn_ack_sent(TcpSegmentDescriptor&, TcpStreamTracker&) override; bool syn_ack_recv(TcpSegmentDescriptor&, TcpStreamTracker&) override; - bool ack_sent(TcpSegmentDescriptor&, TcpStreamTracker&) override; bool data_seg_sent(TcpSegmentDescriptor&, TcpStreamTracker&) override; bool data_seg_recv(TcpSegmentDescriptor&, TcpStreamTracker&) override; - bool fin_sent(TcpSegmentDescriptor&, TcpStreamTracker&) override; - bool fin_recv(TcpSegmentDescriptor&, TcpStreamTracker&) override; - bool rst_sent(TcpSegmentDescriptor&, TcpStreamTracker&) override; bool rst_recv(TcpSegmentDescriptor&, TcpStreamTracker&) override; bool do_post_sm_packet_actions(TcpSegmentDescriptor&, TcpStreamTracker&) override; diff --git a/src/stream/tcp/tcp_state_syn_recv.cc b/src/stream/tcp/tcp_state_syn_recv.cc index a9823fc9a..bc50aed7f 100644 --- a/src/stream/tcp/tcp_state_syn_recv.cc +++ b/src/stream/tcp/tcp_state_syn_recv.cc @@ -38,7 +38,7 @@ TcpStateSynRecv::TcpStateSynRecv(TcpStateMachine& tsm) : bool TcpStateSynRecv::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { trk.finish_server_init(tsd); - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); + trk.normalizer.ecn_tracker(tsd.get_tcph()); trk.session->update_timestamp_tracking(tsd); Flow* flow = tsd.get_flow(); if ( tsd.get_tcph()->are_flags_set(TH_ECE) && @@ -65,7 +65,7 @@ bool TcpStateSynRecv::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) bool TcpStateSynRecv::syn_ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { trk.finish_server_init(tsd); - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); + trk.normalizer.ecn_tracker(tsd.get_tcph()); return true; } @@ -76,7 +76,7 @@ bool TcpStateSynRecv::syn_ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& { trk.irs = tsd.get_seq(); trk.update_tracker_ack_recv(tsd); - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); + trk.normalizer.ecn_tracker(tsd.get_tcph()); trk.set_tcp_state(TcpStreamTracker::TCP_ESTABLISHED); if ( tsd.is_data_segment() ) trk.session->handle_data_on_syn(tsd); @@ -87,7 +87,7 @@ bool TcpStateSynRecv::syn_ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& bool TcpStateSynRecv::ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( trk.session->tcp_config->midstream_allowed(tsd.get_pkt()) && trk.session->flow->two_way_traffic() ) + if ( trk.session->flow->two_way_traffic() ) { TcpStreamTracker::TcpState listener_state = tsd.get_listener()->get_tcp_state(); // Does this ACK finish 4-way handshake @@ -119,20 +119,19 @@ bool TcpStateSynRecv::ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) bool TcpStateSynRecv::data_seg_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( trk.session->tcp_config->midstream_allowed(tsd.get_pkt()) ) + trk.update_tracker_ack_sent(tsd); + + if ( trk.session->no_ack_mode_enabled() ) + trk.update_tracker_no_ack_recv(tsd); + + if ( trk.session->flow->two_way_traffic() ) { - trk.update_tracker_ack_sent(tsd); - if ( trk.session->no_ack_mode_enabled() ) - trk.update_tracker_no_ack_recv(tsd); - if ( trk.session->flow->two_way_traffic() ) + TcpStreamTracker::TcpState listener_state = tsd.get_listener()->get_tcp_state(); + // Does this ACK finish 4-way handshake + if ( TcpStreamTracker::TCP_ESTABLISHED == listener_state ) { - TcpStreamTracker::TcpState listener_state = tsd.get_listener()->get_tcp_state(); - // Does this ACK finish 4-way handshake - if ( TcpStreamTracker::TCP_ESTABLISHED == listener_state ) - { - trk.session->set_established(tsd); - trk.set_tcp_state(TcpStreamTracker::TCP_ESTABLISHED); - } + trk.session->set_established(tsd); + trk.set_tcp_state(TcpStreamTracker::TCP_ESTABLISHED); } } return true; diff --git a/src/stream/tcp/tcp_state_time_wait.cc b/src/stream/tcp/tcp_state_time_wait.cc index e2b855674..691ceb747 100644 --- a/src/stream/tcp/tcp_state_time_wait.cc +++ b/src/stream/tcp/tcp_state_time_wait.cc @@ -43,7 +43,7 @@ bool TcpStateTimeWait::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk bool TcpStateTimeWait::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->tcp_config->require_3whs()); + trk.normalizer.ecn_tracker(tsd.get_tcph()); if ( tsd.is_data_segment() ) trk.session->handle_data_on_syn(tsd); diff --git a/src/stream/tcp/tcp_stream_config.cc b/src/stream/tcp/tcp_stream_config.cc index 4bf076547..29059ebd9 100644 --- a/src/stream/tcp/tcp_stream_config.cc +++ b/src/stream/tcp/tcp_stream_config.cc @@ -56,7 +56,6 @@ void TcpStreamConfig::show() const str += " }"; ConfigLogger::log_value("asymmetric_ids", str.c_str()); ConfigLogger::log_flag("reassemble_async", !(flags & STREAM_CONFIG_NO_ASYNC_REASSEMBLY)); - ConfigLogger::log_limit("require_3whs", hs_timeout, -1, hs_timeout < 0 ? hs_timeout : -1); ConfigLogger::log_value("session_timeout", session_timeout); str = "{ count = "; diff --git a/src/stream/tcp/tcp_stream_config.h b/src/stream/tcp/tcp_stream_config.h index 5aa25605c..ea94e9a13 100644 --- a/src/stream/tcp/tcp_stream_config.h +++ b/src/stream/tcp/tcp_stream_config.h @@ -37,19 +37,6 @@ class TcpStreamConfig public: TcpStreamConfig(); - bool require_3whs() - { - return hs_timeout >= 0; - } - - bool midstream_allowed(snort::Packet* p) - { - if ( ( hs_timeout < 0 ) || ( p->pkth->ts.tv_sec - packet_first_time() < hs_timeout ) ) - return true; - - return false; - } - void show() const; StreamPolicy policy = StreamPolicy::OS_DEFAULT; @@ -69,7 +56,6 @@ public: uint32_t max_consec_small_seg_size = STREAM_DEFAULT_MAX_SMALL_SEG_SIZE; uint32_t paf_max = 16384; - int hs_timeout = -1; bool no_ack = false; uint32_t embryonic_timeout = STREAM_DEFAULT_SSN_TIMEOUT; diff --git a/src/stream/tcp/tcp_stream_tracker.h b/src/stream/tcp/tcp_stream_tracker.h index a2096bb6f..8ecaba36b 100644 --- a/src/stream/tcp/tcp_stream_tracker.h +++ b/src/stream/tcp/tcp_stream_tracker.h @@ -338,7 +338,6 @@ public: TcpEvent tcp_event = TCP_MAX_EVENTS; bool client_tracker; - bool require_3whs = false; bool rst_pkt_sent = false; bool midstream_initial_ack_flush = false; diff --git a/src/stream/tcp/test/tcp_normalizer_test.cc b/src/stream/tcp/test/tcp_normalizer_test.cc index bb8364597..87f6810d0 100644 --- a/src/stream/tcp/test/tcp_normalizer_test.cc +++ b/src/stream/tcp/test/tcp_normalizer_test.cc @@ -48,10 +48,10 @@ public: TcpSession::TcpSession( Flow* ) : Session( flow ) { } TcpSession::~TcpSession() = default; bool TcpSession::setup(Packet*){ return true; } -void TcpSession::update_direction(char, SfIp const*, unsigned short){ } -int TcpSession::process(Packet*){ return 0; } -void TcpSession::restart(Packet*){ } -void TcpSession::precheck(Packet*){ } +void TcpSession::update_direction(char, SfIp const*, unsigned short) { } +int TcpSession::process(Packet*) { return 0; } +void TcpSession::restart(Packet*) { } +bool TcpSession::precheck(Packet*) { return false; } void TcpSession::clear(){ } void TcpSession::cleanup(Packet* = nullptr){ } bool TcpSession::add_alert(Packet*, unsigned int, unsigned int){ return true; }