/* request done, do raw reassembly now to inspect state and stream
* at the same time. */
- AppLayerParserTriggerRawStreamReassembly(hstate->f);
+ AppLayerParserTriggerRawStreamReassembly(hstate->f, STREAM_TOSERVER);
SCReturnInt(HTP_OK);
}
/* response done, do raw reassembly now to inspect state and stream
* at the same time. */
- AppLayerParserTriggerRawStreamReassembly(hstate->f);
+ AppLayerParserTriggerRawStreamReassembly(hstate->f, STREAM_TOCLIENT);
SCReturnInt(HTP_OK);
}
SCReturnInt(r);
}
-void AppLayerParserTriggerRawStreamReassembly(Flow *f)
+void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
{
SCEnter();
+ SCLogDebug("f %p tcp %p direction %d", f, f ? f->protoctx : NULL, direction);
if (f != NULL && f->protoctx != NULL)
- StreamTcpReassembleTriggerRawReassembly(f->protoctx);
+ StreamTcpReassembleTriggerRawReassembly(f->protoctx, direction);
SCReturn;
}
int AppLayerParserProtocolIsTxEventAware(uint8_t ipproto, AppProto alproto);
int AppLayerParserProtocolSupportsTxs(uint8_t ipproto, AppProto alproto);
int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto);
-void AppLayerParserTriggerRawStreamReassembly(Flow *f);
+void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction);
void AppLayerParserSetStreamDepth(uint8_t ipproto, AppProto alproto, uint32_t stream_depth);
uint32_t AppLayerParserGetStreamDepth(uint8_t ipproto, AppProto alproto);
}
SCLogDebug("trigger RAW! (post HS)");
- AppLayerParserTriggerRawStreamReassembly(ssl_state->f);
+ AppLayerParserTriggerRawStreamReassembly(ssl_state->f,
+ direction == 0 ? STREAM_TOSERVER : STREAM_TOCLIENT);
return parsed;
}
}
SCLogDebug("record complete, trigger RAW");
- AppLayerParserTriggerRawStreamReassembly(ssl_state->f);
+ AppLayerParserTriggerRawStreamReassembly(ssl_state->f,
+ direction == 0 ? STREAM_TOSERVER : STREAM_TOCLIENT);
/* looks like we have another record */
uint32_t diff = ssl_state->curr_connp->record_length +
#define STREAMTCP_FLAG_SACKOK 0x0400
/** Flag for triggering RAW reassembly before the size limit is reached or
the stream reaches EOF. */
-#define STREAMTCP_FLAG_TRIGGER_RAW_REASSEMBLY 0x0800
+//#define STREAMTCP_FLAG_TRIGGER_RAW_REASSEMBLY 0x0800
/** 3WHS confirmed by server -- if suri sees 3whs ACK but server doesn't (pkt
* is lost on the way to server), SYN/ACK is retransmitted. If server sends
* normal packet we assume 3whs to be completed. Only used for SYN/ACK resend
#define STREAMTCP_STREAM_FLAG_KEEPALIVE 0x0004
/** Stream has reached it's reassembly depth, all further packets are ignored */
#define STREAMTCP_STREAM_FLAG_DEPTH_REACHED 0x0008
-// vacancy
+/** Trigger reassembly next time we need 'raw' */
+#define STREAMTCP_STREAM_FLAG_TRIGGER_RAW 0x0010
/** Stream supports TIMESTAMP -- used to set ssn STREAMTCP_FLAG_TIMESTAMP
* flag. */
#define STREAMTCP_STREAM_FLAG_TIMESTAMP 0x0020
* \retval 0 don't reassemble yet
* \retval 1 do reassemble
*/
-static int StreamTcpReassembleRawCheckLimit(TcpSession *ssn,
+static int StreamTcpReassembleRawCheckLimit(const TcpSession *ssn,
const TcpStream *stream, const Packet *p)
{
SCEnter();
SCReturnInt(1);
}
- if (ssn->flags & STREAMTCP_FLAG_TRIGGER_RAW_REASSEMBLY) {
- SCLogDebug("reassembling now as STREAMTCP_FLAG_TRIGGER_RAW_REASSEMBLY is set");
- ssn->flags &= ~STREAMTCP_FLAG_TRIGGER_RAW_REASSEMBLY;
+ if (stream->flags & STREAMTCP_STREAM_FLAG_TRIGGER_RAW) {
+ SCLogDebug("reassembling now as STREAMTCP_STREAM_FLAG_TRIGGER_RAW is set");
SCReturnInt(1);
}
if (progress > STREAM_RAW_PROGRESS(stream)) {
uint32_t slide = progress - STREAM_RAW_PROGRESS(stream);
stream->raw_progress_rel += slide;
+ stream->flags &= ~STREAMTCP_STREAM_FLAG_TRIGGER_RAW;
}
SCLogDebug("stream raw progress now %"PRIu64, STREAM_RAW_PROGRESS(stream));
stream = &ssn->server;
}
+ if (StreamTcpInlineMode() == FALSE &&
+ StreamTcpReassembleRawCheckLimit(ssn, stream, p) == 0)
+ {
+ *progress_out = STREAM_RAW_PROGRESS(stream);
+ return 0;
+ }
+
StreamingBufferBlock *iter = NULL;
uint64_t progress = STREAM_RAW_PROGRESS(stream);
uint64_t last_ack_abs = 0; /* absolute right edge of ack'd data */
* reassembly from the applayer, for example upon completion of a
* HTTP request.
*
- * Works by setting a flag in the TcpSession that is unset as soon
- * as it's checked. Since everything happens when operating under
- * a single lock period, no side effects are expected.
+ * It sets a flag in the stream so that the next Raw call will return
+ * the data.
*
* \param ssn TcpSession
*/
-void StreamTcpReassembleTriggerRawReassembly(TcpSession *ssn)
+void StreamTcpReassembleTriggerRawReassembly(TcpSession *ssn, int direction)
{
#ifdef DEBUG
BUG_ON(ssn == NULL);
#endif
if (ssn != NULL) {
+ if (direction == STREAM_TOSERVER) {
+ ssn->client.flags |= STREAMTCP_STREAM_FLAG_TRIGGER_RAW;
+ } else {
+ ssn->server.flags |= STREAMTCP_STREAM_FLAG_TRIGGER_RAW;
+ }
+
SCLogDebug("flagged ssn %p for immediate raw reassembly", ssn);
- ssn->flags |= STREAMTCP_FLAG_TRIGGER_RAW_REASSEMBLY;
}
}
void StreamTcpReturnStreamSegments(TcpStream *);
void StreamTcpSegmentReturntoPool(TcpSegment *);
-void StreamTcpReassembleTriggerRawReassembly(TcpSession *);
+void StreamTcpReassembleTriggerRawReassembly(TcpSession *, int direction);
void StreamTcpPruneSession(Flow *, uint8_t);
int StreamTcpReassembleDepthReached(Packet *p);
projects / thirdparty / suricata.git / commitdiff
