}
/* In cases like HeartBleed for TLS we need to inspect AppLayer but not Payload */
- if (pstate->flags & APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD) {
+ if (!(f->flags & FLOW_NOPAYLOAD_INSPECTION) && pstate->flags & APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD) {
FlowSetNoPayloadInspectionFlag(f);
- AppLayerParserTriggerRawStreamReassembly(f);
+ /* Set the no reassembly flag for both the stream in this TcpSession */
+ if (f->proto == IPPROTO_TCP) {
+ /* Used only if it's TCP */
+ TcpSession *ssn = f->protoctx;
+ if (ssn != NULL) {
+ StreamTcpSetDisableRawReassemblyFlag(ssn, 0);
+ StreamTcpSetDisableRawReassemblyFlag(ssn, 1);
+ AppLayerParserTriggerRawStreamReassembly(f);
+ }
+ }
}
/* next, see if we can get rid of transactions now */
seg->payload_len = size;
seg->seq = TCP_GET_SEQ(p);
+ /* if raw reassembly is disabled for new segments, flag each
+ * segment as complete for raw before insert */
+ if (stream->flags & STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED) {
+ seg->flags |= SEGMENTTCP_FLAG_RAW_PROCESSED;
+ SCLogDebug("segment %p flagged with SEGMENTTCP_FLAG_RAW_PROCESSED, "
+ "flags %02x", seg, seg->flags);
+ }
+
/* proto detection skipped, but now we do get data. Set event. */
if (stream->seg_list == NULL &&
stream->flags & STREAMTCP_STREAM_FLAG_APPPROTO_DETECTION_SKIPPED) {
SCReturnInt(1);
}
+ if (stream->flags & STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED) {
+ SCLogDebug("reassembling now as STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED is set, "
+ "so no new segments will be considered");
+ SCReturnInt(1);
+ }
+
/* some states mean we reassemble no matter how much data we have */
if (ssn->state >= TCP_TIME_WAIT)
SCReturnInt(1);
}
/* check raw reassembly conditions */
- if (!(f->flags & FLOW_NOPAYLOAD_INSPECTION)) {
- if (!(seg->flags & SEGMENTTCP_FLAG_RAW_PROCESSED)) {
- SCReturnInt(0);
- }
+ if (!(seg->flags & SEGMENTTCP_FLAG_RAW_PROCESSED)) {
+ SCReturnInt(0);
}
SCReturnInt(1);
StreamTcpSegmentReturntoPool(seg);
seg = next_seg;
continue;
+ } else if (StreamTcpAppLayerSegmentProcessed(stream, seg)) {
+ TcpSegment *next_seg = seg->next;
+ seg = next_seg;
+ continue;
}
/* we've run into a sequence gap */
seg, seg->seq, seg->payload_len,
(uint32_t)(seg->seq + seg->payload_len), seg->flags);
- if (p->flow->flags & FLOW_NOPAYLOAD_INSPECTION) {
- SCLogDebug("FLOW_NOPAYLOAD_INSPECTION set, breaking out");
- break;
- }
-
if (StreamTcpReturnSegmentCheck(p->flow, ssn, stream, seg) == 1) {
SCLogDebug("removing segment");
TcpSegment *next_seg = seg->next;
StreamTcpSegmentReturntoPool(seg);
seg = next_seg;
continue;
+ } else if(seg->flags & SEGMENTTCP_FLAG_RAW_PROCESSED) {
+ TcpSegment *next_seg = seg->next;
+ seg = next_seg;
+ continue;
}
/* we've run into a sequence gap */
void StreamTcpCreateTestPacket(uint8_t *, uint8_t, uint8_t, uint8_t);
void StreamTcpSetSessionNoReassemblyFlag (TcpSession *, char );
+void StreamTcpSetDisableRawReassemblyFlag (TcpSession *ssn, char direction);
void StreamTcpSetOSPolicy(TcpStream *, Packet *);
void StreamTcpReassemblePause (TcpSession *, char );
(ssn->client.flags |= STREAMTCP_STREAM_FLAG_NOREASSEMBLY);
}
+/** \brief Set the No reassembly flag for the given direction in given TCP
+ * session.
+ *
+ * \param ssn TCP Session to set the flag in
+ * \param direction direction to set the flag in: 0 toserver, 1 toclient
+ */
+void StreamTcpSetDisableRawReassemblyFlag (TcpSession *ssn, char direction)
+{
+ direction ? (ssn->server.flags |= STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED) :
+ (ssn->client.flags |= STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED);
+}
+
#define PSEUDO_PKT_SET_IPV4HDR(nipv4h,ipv4h) do { \
IPV4_SET_RAW_VER(nipv4h, IPV4_GET_RAW_VER(ipv4h)); \
IPV4_SET_RAW_HLEN(nipv4h, IPV4_GET_RAW_HLEN(ipv4h)); \
projects / thirdparty / suricata.git / commitdiff
