From: Masud Hasan (mashasan) Date: Fri, 26 Feb 2021 01:31:39 +0000 (+0000) Subject: Merge pull request #2760 in SNORT/snort3 from ~MASHASAN/snort3:flush_on_fin_recv... X-Git-Tag: 3.1.2.0~24 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c29671131ee374e71ab23ec9f4a8002080464937;p=thirdparty%2Fsnort3.git Merge pull request #2760 in SNORT/snort3 from ~MASHASAN/snort3:flush_on_fin_recv to master Squashed commit of the following: commit 2eab74e332742c3afbffbdcf2f366a90a7bcd0db Author: Masud Hasan Date: Thu Feb 18 22:05:52 2021 -0500 stream_tcp: Flush queued segments when FIN is received --- diff --git a/src/stream/tcp/tcp_state_close_wait.cc b/src/stream/tcp/tcp_state_close_wait.cc index 43d05c90d..4019536fa 100644 --- a/src/stream/tcp/tcp_state_close_wait.cc +++ b/src/stream/tcp/tcp_state_close_wait.cc @@ -102,8 +102,7 @@ bool TcpStateCloseWait::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& tr { if ( !flow->two_way_traffic() ) trk.set_tf_flags(TF_FORCE_FLUSH); - if ( tsd.is_data_segment() ) - trk.session->handle_data_segment(tsd); + trk.perform_fin_recv_flush(tsd); } return true; diff --git a/src/stream/tcp/tcp_state_established.cc b/src/stream/tcp/tcp_state_established.cc index 3333787c8..5cc993ba9 100644 --- a/src/stream/tcp/tcp_state_established.cc +++ b/src/stream/tcp/tcp_state_established.cc @@ -103,8 +103,7 @@ bool TcpStateEstablished::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& bool TcpStateEstablished::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { trk.update_tracker_ack_recv(tsd); - if ( tsd.is_data_segment() ) - trk.session->handle_data_segment(tsd); + trk.perform_fin_recv_flush(tsd); if ( trk.update_on_fin_recv(tsd) ) { diff --git a/src/stream/tcp/tcp_state_fin_wait1.cc b/src/stream/tcp/tcp_state_fin_wait1.cc index 6866a16d0..fd4f517f5 100644 --- a/src/stream/tcp/tcp_state_fin_wait1.cc +++ b/src/stream/tcp/tcp_state_fin_wait1.cc @@ -99,8 +99,7 @@ bool TcpStateFinWait1::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk bool is_ack_valid = false; if ( check_for_window_slam(tsd, trk, &is_ack_valid) ) { - if ( tsd.is_data_segment() ) - trk.session->handle_data_segment(tsd); + trk.perform_fin_recv_flush(tsd); if ( !flow->two_way_traffic() ) trk.set_tf_flags(TF_FORCE_FLUSH); diff --git a/src/stream/tcp/tcp_state_fin_wait2.cc b/src/stream/tcp/tcp_state_fin_wait2.cc index 85843356d..368409e86 100644 --- a/src/stream/tcp/tcp_state_fin_wait2.cc +++ b/src/stream/tcp/tcp_state_fin_wait2.cc @@ -108,8 +108,7 @@ bool TcpStateFinWait2::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk trk.update_tracker_ack_recv(tsd); if ( trk.update_on_fin_recv(tsd) ) { - if ( tsd.is_data_segment() ) - trk.session->handle_data_segment(tsd); + trk.perform_fin_recv_flush(tsd); if ( !flow->two_way_traffic() ) trk.set_tf_flags(TF_FORCE_FLUSH); diff --git a/src/stream/tcp/tcp_state_syn_recv.cc b/src/stream/tcp/tcp_state_syn_recv.cc index 238e410a5..156ea5932 100644 --- a/src/stream/tcp/tcp_state_syn_recv.cc +++ b/src/stream/tcp/tcp_state_syn_recv.cc @@ -154,8 +154,7 @@ bool TcpStateSynRecv::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) trk.update_tracker_ack_recv(tsd); trk.session->set_pkt_action_flag(trk.normalizer.handle_paws(tsd)); flow->session_state |= STREAM_STATE_ACK; - if ( tsd.is_data_segment() ) - trk.session->handle_data_segment(tsd); + trk.perform_fin_recv_flush(tsd); if ( trk.update_on_fin_recv(tsd) ) { diff --git a/src/stream/tcp/tcp_state_syn_sent.cc b/src/stream/tcp/tcp_state_syn_sent.cc index ee4843572..974acd860 100644 --- a/src/stream/tcp/tcp_state_syn_sent.cc +++ b/src/stream/tcp/tcp_state_syn_sent.cc @@ -108,9 +108,7 @@ bool TcpStateSynSent::data_seg_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& bool TcpStateSynSent::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - if ( tsd.is_data_segment() ) - trk.session->handle_data_segment(tsd); - + trk.perform_fin_recv_flush(tsd); return true; } diff --git a/src/stream/tcp/tcp_state_time_wait.cc b/src/stream/tcp/tcp_state_time_wait.cc index 6c17227e0..cd104813d 100644 --- a/src/stream/tcp/tcp_state_time_wait.cc +++ b/src/stream/tcp/tcp_state_time_wait.cc @@ -73,8 +73,8 @@ bool TcpStateTimeWait::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk trk.normalizer.packet_dropper(tsd, NORM_TCP_BLOCK); trk.session->set_pkt_action_flag(ACTION_BAD_PKT); } - else if ( tsd.is_data_segment() ) - trk.session->handle_data_segment(tsd); + else + trk.perform_fin_recv_flush(tsd); return true; } diff --git a/src/stream/tcp/tcp_stream_tracker.cc b/src/stream/tcp/tcp_stream_tracker.cc index f24400db2..42d243494 100644 --- a/src/stream/tcp/tcp_stream_tracker.cc +++ b/src/stream/tcp/tcp_stream_tracker.cc @@ -636,6 +636,14 @@ bool TcpStreamTracker::set_held_packet(Packet* p) return true; } +void TcpStreamTracker::perform_fin_recv_flush(TcpSegmentDescriptor& tsd) +{ + if ( tsd.is_data_segment() ) + session->handle_data_segment(tsd); + else if ( flush_policy == STREAM_FLPOLICY_ON_DATA and SEQ_EQ(tsd.get_seq(), rcv_nxt) ) + reassembler.flush_queued_segments(tsd.get_flow(), true, tsd.get_pkt()); +} + uint32_t TcpStreamTracker::perform_partial_flush() { uint32_t flushed = 0; diff --git a/src/stream/tcp/tcp_stream_tracker.h b/src/stream/tcp/tcp_stream_tracker.h index 1b6644e5c..74d821d10 100644 --- a/src/stream/tcp/tcp_stream_tracker.h +++ b/src/stream/tcp/tcp_stream_tracker.h @@ -289,6 +289,7 @@ public: bool is_retransmit_of_held_packet(snort::Packet*); void finalize_held_packet(snort::Packet*); void finalize_held_packet(snort::Flow*); + void perform_fin_recv_flush(TcpSegmentDescriptor&); uint32_t perform_partial_flush(); bool is_holding_packet() const { return held_packet != null_iterator; }