From 2119cb62bfc69bb6db7d92ce208712c230364cb5 Mon Sep 17 00:00:00 2001 From: "Russ Combs (rucombs)" Date: Mon, 19 Dec 2016 12:50:14 -0500 Subject: [PATCH] Merge pull request #756 in SNORT/snort3 from flush_fix2 to master Squashed commit of the following: commit 73fb00538580fac0a17963837190863bb3f8b603 Author: Russ Combs Date: Mon Dec 19 11:12:09 2016 -0500 fix splitter checks to make analyzer happy commit e50e7b418f3ac7f4a9dc79fcf79fd9be2d3c7d2e Author: Russ Combs Date: Mon Dec 19 07:29:27 2016 -0500 fallback from paf to atom splitter if flushing past gap --- src/stream/tcp/tcp_reassembler.cc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc index 5029f51c6..4bd0acb16 100644 --- a/src/stream/tcp/tcp_reassembler.cc +++ b/src/stream/tcp/tcp_reassembler.cc @@ -630,6 +630,9 @@ int TcpReassembler::_flush_to_seq(uint32_t bytes, Packet* p, uint32_t pkt_flags) s5_pkt->dsize = 0; s5_pkt->data = nullptr; + if ( tracker->splitter->is_paf() and tracker->get_tf_flags() & TF_MISSING_PREV_PKT ) + fallback(); + int32_t flushed_bytes = flush_data_segments(p, footprint); if ( flushed_bytes == 0 ) @@ -664,6 +667,7 @@ int TcpReassembler::_flush_to_seq(uint32_t bytes, Packet* p, uint32_t pkt_flags) DebugFormat(DEBUG_STREAM_STATE, "setting seglist_base_seq to 0x%X\n", seglist_base_seq); if ( tracker->splitter ) + // FIXIT-L must check because above may clear session tracker->splitter->update(); // FIXIT-L abort should be by PAF callback only since recovery may be @@ -703,7 +707,7 @@ int TcpReassembler::flush_to_seq(uint32_t bytes, Packet* p, uint32_t pkt_flags) } if ( !flush_data_ready() and !(tracker->get_tf_flags() & TF_FORCE_FLUSH) and - (!tracker->splitter or !tracker->splitter->is_paf()) ) + !tracker->splitter->is_paf() ) { DebugMessage(DEBUG_STREAM_STATE, "only 1 packet in seglist no need to flush\n"); return 0; @@ -793,7 +797,7 @@ uint32_t TcpReassembler::get_q_sequenced() int TcpReassembler::flush_stream(Packet* p, uint32_t dir) { // this is not always redundant; stream_reassemble rule option causes trouble - if ( !tracker->flush_policy ) + if ( !tracker->flush_policy or !tracker->splitter ) return 0; uint32_t bytes; -- 2.47.2