Merge pull request #1299 in SNORT/snort3 from stream_tcp_fin_handling to master

author Tom Peters (thopeter) <thopeter@cisco.com>

Thu, 5 Jul 2018 18:16:10 +0000 (14:16 -0400)

committer Tom Peters (thopeter) <thopeter@cisco.com>

Thu, 5 Jul 2018 18:16:10 +0000 (14:16 -0400)
author Tom Peters (thopeter) <thopeter@cisco.com>
Thu, 5 Jul 2018 18:16:10 +0000 (14:16 -0400)
committer Tom Peters (thopeter) <thopeter@cisco.com>
Thu, 5 Jul 2018 18:16:10 +0000 (14:16 -0400)
diff --git a/src/stream/libtcp/tcp_state_machine.cc b/src/stream/libtcp/tcp_state_machine.cc

index 67b7affa99fdfa6987ec795711fed6975a29f5b0..c1f5518702a0decb8db2cafbd21d8f081cd79458 100644 (file)
--- a/src/stream/libtcp/tcp_state_machine.cc
+++ b/src/stream/libtcp/tcp_state_machine.cc
@@ -58,15 +58,6 @@ bool TcpStateMachine::eval(TcpSegmentDescriptor& tsd, TcpStreamTracker& talker,
              listener.set_tcp_event(tsd);
              tcp_state_handlers[ tcp_state ]->eval(tsd, listener);
              tcp_state_handlers[ tcp_state ]->do_post_sm_packet_actions(tsd, listener);
-            if( listener.process_inorder_fin() )
-            {
-                //FIN is in order or we need to process FIN from state_queue
-                tcp_state_handlers[ tcp_state ]->eval(tsd, listener);
-                tcp_state = talker.get_tcp_state( );
-                tcp_state_handlers[ tcp_state ]->eval(tsd, talker);
-                tcp_state_handlers[ tcp_state ]->do_post_sm_packet_actions(tsd, listener);
-                listener.inorder_fin = false;
-            }
              return true;
          }
  
diff --git a/src/stream/libtcp/tcp_stream_tracker.cc b/src/stream/libtcp/tcp_stream_tracker.cc

index adc1a4dd026d18ea111c752afa63b32b67ff4181..f87b093aaf3d011f301e9b825992ed6fb4be68b8 100644 (file)
--- a/src/stream/libtcp/tcp_stream_tracker.cc
+++ b/src/stream/libtcp/tcp_stream_tracker.cc
@@ -189,7 +189,7 @@ void TcpStreamTracker::init_tcp_state()
      flush_policy = STREAM_FLPOLICY_IGNORE;
      memset(&paf_state, 0, sizeof(paf_state));
      snd_una = snd_nxt = snd_wnd = 0;
-    r_nxt_ack = r_win_base = iss = ts_last = ts_last_packet = 0;
+    rcv_nxt = r_win_base = iss = ts_last = ts_last_packet = 0;
      small_seg_count = wscale = mss = 0;
      tf_flags = 0;
      alert_count = 0;
@@ -278,7 +278,7 @@ void TcpStreamTracker::init_on_syn_recv(TcpSegmentDescriptor& tsd)
  
      irs = tsd.get_seg_seq();
      // FIXIT-H can we really set the vars below now?
-    r_nxt_ack = tsd.get_seg_seq() + 1;
+    rcv_nxt = tsd.get_seg_seq() + 1;
      r_win_base = tsd.get_seg_seq() + 1;
      reassembler.set_seglist_base_seq(tsd.get_seg_seq() + 1);
  
@@ -301,7 +301,7 @@ void TcpStreamTracker::init_on_synack_sent(TcpSegmentDescriptor& tsd)
      snd_wnd = tsd.get_seg_wnd();
  
      r_win_base = tsd.get_seg_ack();
-    r_nxt_ack = tsd.get_seg_ack();
+    rcv_nxt = tsd.get_seg_ack();
      reassembler.set_seglist_base_seq(tsd.get_seg_ack() );
  
      ts_last_packet = tsd.get_pkt()->pkth->ts.tv_sec;
@@ -326,7 +326,7 @@ void TcpStreamTracker::init_on_synack_recv(TcpSegmentDescriptor& tsd)
      snd_una = tsd.get_seg_ack();
      snd_nxt = snd_una;
  
-    r_nxt_ack = tsd.get_seg_seq() + 1;
+    rcv_nxt = tsd.get_seg_seq() + 1;
      r_win_base = tsd.get_seg_seq() + 1;
      reassembler.set_seglist_base_seq(tsd.get_seg_seq() + 1);
  
@@ -349,7 +349,7 @@ void TcpStreamTracker::init_on_3whs_ack_sent(TcpSegmentDescriptor& tsd)
      snd_wnd = tsd.get_seg_wnd();
  
      r_win_base = tsd.get_seg_ack();
-    r_nxt_ack = tsd.get_seg_ack();
+    rcv_nxt = tsd.get_seg_ack();
  
      ts_last_packet = tsd.get_pkt()->pkth->ts.tv_sec;
      tf_flags |= normalizer.get_tcp_timestamp(tsd, false);
@@ -372,7 +372,7 @@ void TcpStreamTracker::init_on_3whs_ack_recv(TcpSegmentDescriptor& tsd)
      snd_una = tsd.get_seg_ack();
      snd_nxt = snd_una;
  
-    r_nxt_ack = tsd.get_seg_seq();
+    rcv_nxt = tsd.get_seg_seq();
      r_win_base = tsd.get_seg_seq();
      reassembler.set_seglist_base_seq(tsd.get_seg_seq() + 1);
  
@@ -400,7 +400,7 @@ void TcpStreamTracker::init_on_data_seg_sent(TcpSegmentDescriptor& tsd)
      snd_wnd = tsd.get_seg_wnd();
  
      r_win_base = tsd.get_seg_ack();
-    r_nxt_ack = tsd.get_seg_ack();
+    rcv_nxt = tsd.get_seg_ack();
      reassembler.set_seglist_base_seq(tsd.get_seg_ack());
  
      ts_last_packet = tsd.get_pkt()->pkth->ts.tv_sec;
@@ -424,7 +424,7 @@ void TcpStreamTracker::init_on_data_seg_recv(TcpSegmentDescriptor& tsd)
      snd_nxt = snd_una;
      snd_wnd = 0; /* reset later */
  
-    r_nxt_ack = tsd.get_seg_seq();
+    rcv_nxt = tsd.get_seg_seq();
      r_win_base = tsd.get_seg_seq();
      reassembler.set_seglist_base_seq(tsd.get_seg_seq());
  
@@ -458,7 +458,7 @@ void TcpStreamTracker::finish_client_init(TcpSegmentDescriptor& tsd)
  {
      Flow* flow = tsd.get_flow();
  
-    r_nxt_ack = tsd.get_end_seq();
+    rcv_nxt = tsd.get_end_seq();
  
      if ( !( flow->session_state & STREAM_STATE_MIDSTREAM ) )
      {
@@ -578,16 +578,16 @@ void TcpStreamTracker::flush_data_on_fin_recv(TcpSegmentDescriptor& tsd)
  bool TcpStreamTracker::update_on_fin_recv(TcpSegmentDescriptor& tsd)
  {
      if ( SEQ_LT(tsd.get_end_seq(), r_win_base) )
-    {
          return false;
-    }
  
      //--------------------------------------------------
-    // FIXIT-L don't bump r_nxt_ack unless FIN is in seq
+    // FIXIT-L don't bump rcv_nxt unless FIN is in seq
      // because it causes bogus 129:5 cases
      // but doing so causes extra gaps
-    //if ( SEQ_EQ(tsd.end_seq, r_nxt_ack) )
-    r_nxt_ack++;
+    if ( SEQ_EQ(tsd.get_end_seq(), rcv_nxt) )
+        rcv_nxt++;
+    else
+        fin_seq_adjust = 1;
  
      // set final seq # any packet rx'ed with seq > is bad
      if ( !fin_seq_set )
@@ -615,8 +615,8 @@ bool TcpStreamTracker::is_segment_seq_valid(TcpSegmentDescriptor& tsd)
      int right_ok;
      uint32_t left_seq;
  
-    if ( SEQ_LT(r_nxt_ack, r_win_base) )
-        left_seq = r_nxt_ack;
+    if ( SEQ_LT(rcv_nxt, r_win_base) )
+        left_seq = rcv_nxt;
      else
          left_seq = r_win_base;
  
diff --git a/src/stream/libtcp/tcp_stream_tracker.h b/src/stream/libtcp/tcp_stream_tracker.h

index dc93572e89338106b353ac61ab623452d4c1a53c..de68ef4d324fc7e4384beab4e6581ee25ea13049 100644 (file)
--- a/src/stream/libtcp/tcp_stream_tracker.h
+++ b/src/stream/libtcp/tcp_stream_tracker.h
@@ -178,10 +178,10 @@ public:
      { this->iss = iss; }
  
      uint32_t get_fin_final_seq() const
-    { return fin_final_seq; }
+    { return fin_final_seq + fin_seq_adjust; }
  
-    void set_fin_final_seq(uint32_t fin_final_seq = 0)
-    { this->fin_final_seq = fin_final_seq; }
+    uint32_t get_fin_seq_adjust()
+    { return fin_seq_adjust; }
  
      bool is_fin_seq_set() const
      { return fin_seq_set; }
@@ -245,9 +245,6 @@ public:
      bool is_rst_pkt_sent() const
      { return rst_pkt_sent; }
  
-    bool process_inorder_fin() const
-    { return inorder_fin; }
-
      snort::StreamSplitter* get_splitter()
      { return splitter; }
  
@@ -301,11 +298,9 @@ public:
      uint32_t irs = 0;     // IRS     - initial receive sequence number
  
      bool rst_pkt_sent = false;
-    bool inorder_fin = false;
  
  // FIXIT-L make these non-public
  public:
-    uint32_t r_nxt_ack = 0; /* next expected ack from remote side */
      uint32_t r_win_base = 0; /* remote side window base sequence number
       * (i.e. the last ack we got) */
  
@@ -332,6 +327,7 @@ protected:
      uint8_t mac_addr[6] = { };
      bool mac_addr_valid = false;
      uint32_t fin_final_seq = 0;
+    uint32_t fin_seq_adjust = 0;
      bool fin_seq_set = false;  // FIXIT-M should be obviated by tcp state
      uint8_t tcp_options_len = 0;
  
diff --git a/src/stream/tcp/tcp_debug_trace.h b/src/stream/tcp/tcp_debug_trace.h

index 665c16da6b1e1f4636c98c9d43488998f932cf7c..e2aef6d56a12293358fd4189f209afaa807be449 100644 (file)
--- a/src/stream/tcp/tcp_debug_trace.h
+++ b/src/stream/tcp/tcp_debug_trace.h
@@ -87,7 +87,7 @@ inline void TraceState(TcpStreamTracker* a, TcpStreamTracker* b, const char* s)
      fprintf(stdout,
          "    %s ST=%s      UA=%-4u NS=%-4u LW=%-5u RN=%-4u RW=%-4u ISS=%-4u IRS=%-4u ",
          s, statext[a->get_tcp_state()], ua, ns, a->get_snd_wnd( ),
-        RMT(a, r_nxt_ack, b), RMT(a, r_win_base, b), a->get_iss(), a->get_irs());
+        RMT(a, rcv_nxt, b), RMT(a, r_win_base, b), a->get_iss(), a->get_irs());
  
      fprintf(stdout, "\n");
      unsigned paf = (a->splitter and a->splitter->is_paf()) ? 2 : 0;
diff --git a/src/stream/tcp/tcp_module.cc b/src/stream/tcp/tcp_module.cc

index f81a06c5398d1f4e40097e565555edf49c3ed039..3b3b44e18b9d3cc9a639542c9c5f5ad2734dd5ea 100644 (file)
--- a/src/stream/tcp/tcp_module.cc
+++ b/src/stream/tcp/tcp_module.cc
@@ -46,6 +46,9 @@ THREAD_LOCAL ProfileStats s5TcpBuildPacketPerfStats;
  const PegInfo tcp_pegs[] =
  {
      SESSION_PEGS("tcp"),
+    { CountType::SUM, "instantiated", "new sessions instantiated" },
+    { CountType::SUM, "setups", "session initializations" },
+    { CountType::SUM, "restarts", "sessions restarted" },
      { CountType::SUM, "resyns", "SYN received on established session" },
      { CountType::SUM, "discards", "tcp packets discarded" },
      { CountType::SUM, "events", "events generated" },
diff --git a/src/stream/tcp/tcp_module.h b/src/stream/tcp/tcp_module.h

index 4ec589ff24a079c76d9b1abcf29fe446712689f6..b0c591e1cdeeff5d73e02d2279971c14763aa92f 100644 (file)
--- a/src/stream/tcp/tcp_module.h
+++ b/src/stream/tcp/tcp_module.h
@@ -64,6 +64,9 @@ extern THREAD_LOCAL snort::ProfileStats streamSizePerfStats;
  struct TcpStats
  {
      SESSION_STATS;
+    PegCount instantiated;
+    PegCount setups;
+    PegCount restarts;
      PegCount resyns;
      PegCount discards;
      PegCount events;
diff --git a/src/stream/tcp/tcp_normalizer.cc b/src/stream/tcp/tcp_normalizer.cc

index a90676eaeca3d38a92307403812b4322e6a829f0..d4744b8ba8754ad5c9902ab3c230e2306dbf1ed9 100644 (file)
--- a/src/stream/tcp/tcp_normalizer.cc
+++ b/src/stream/tcp/tcp_normalizer.cc
@@ -215,11 +215,9 @@ uint32_t TcpNormalizer::get_tcp_timestamp(
  bool TcpNormalizer::validate_rst_seq_geq(
      TcpNormalizerState& tns, TcpSegmentDescriptor& tsd)
  {
-    // FIXIT-H check for r_win_base == 0 is hack for uninitialized r_win_base, fix this
-    if ( ( tns.tracker->r_nxt_ack == 0 ) || SEQ_GEQ(tsd.get_seg_seq(), tns.tracker->r_nxt_ack) )
-    {
+    // FIXIT-H check for rcv_nxt == 0 is hack for uninitialized rcv_nxt, fix this
+    if ( ( tns.tracker->rcv_nxt == 0 ) || SEQ_GEQ(tsd.get_seg_seq(), tns.tracker->rcv_nxt) )
          return true;
-    }
  
      return false;
  }
@@ -235,9 +233,7 @@ bool TcpNormalizer::validate_rst_end_seq_geq(
      {
          // reset must be admitted when window closed
          if (SEQ_LEQ(tsd.get_seg_seq(), tns.tracker->r_win_base + get_stream_window(tns, tsd)))
-        {
              return true;
-        }
      }
  
      return false;
@@ -246,11 +242,11 @@ bool TcpNormalizer::validate_rst_end_seq_geq(
  bool TcpNormalizer::validate_rst_seq_eq(
      TcpNormalizerState& tns, TcpSegmentDescriptor& tsd)
  {
-    // FIXIT-H check for r_nxt_ack == 0 is hack for uninitialized r_nxt_ack, fix this
-    if ( ( tns.tracker->r_nxt_ack == 0 ) || SEQ_EQ(tsd.get_seg_seq(), tns.tracker->r_nxt_ack) )
-    {
+    uint32_t expected_seq = tns.tracker->rcv_nxt + tns.tracker->get_fin_seq_adjust();
+
+    // FIXIT-H check for rcv_nxt == 0 is hack for uninitialized rcv_nxt, fix this
+    if ( ( tns.tracker->rcv_nxt == 0 ) || SEQ_EQ(tsd.get_seg_seq(), expected_seq) )
          return true;
-    }
  
      return false;
  }
@@ -287,9 +283,7 @@ int TcpNormalizer::validate_paws_timestamp(
          return ACTION_BAD_PKT;
      }
      else
-    {
          return ACTION_NOTHING;
-    }
  }
  
  bool TcpNormalizer::is_paws_ts_checked_required(
diff --git a/src/stream/tcp/tcp_normalizers.cc b/src/stream/tcp/tcp_normalizers.cc

index 9be5a22c32a99d97d25bbcda10d6bbe0a77dafc8..0d39aaf988463db7795027542e557bdc5acea8a1 100644 (file)
--- a/src/stream/tcp/tcp_normalizers.cc
+++ b/src/stream/tcp/tcp_normalizers.cc
@@ -190,7 +190,7 @@ static inline int handle_repeated_syn_mswin(
      /* Windows has some strange behavior here.  If the sequence of the reset is the
       * next expected sequence, it Resets.  Otherwise it ignores the 2nd SYN.
       */
-    if (SEQ_EQ(tsd.get_seg_seq(), listener->r_nxt_ack))
+    if (SEQ_EQ(tsd.get_seg_seq(), listener->rcv_nxt))
      {
          session->flow->set_session_flags(SSNFLAG_RESET);
          talker->set_tcp_state(TcpStreamTracker::TCP_CLOSED);
@@ -245,7 +245,7 @@ static inline bool paws_3whs_zero_ts_supported(
      if ( talker->get_tf_flags() & TF_TSTAMP_ZERO )
      {
          talker->clear_tf_flags(TF_TSTAMP_ZERO);
-        if ( SEQ_EQ(listener->r_nxt_ack, tsd.get_seg_seq() ) )
+        if ( SEQ_EQ(listener->rcv_nxt, tsd.get_seg_seq() ) )
          {
              // Ignore timestamp for this first packet, save to check on next
              talker->set_ts_last(tsd.get_ts() );
@@ -382,7 +382,7 @@ bool TcpNormalizerHpux11::is_paws_ts_checked_required(
      TcpNormalizerState& tns, TcpSegmentDescriptor& tsd)
  {
      /* HPUX 11 ignores timestamps for out of order segments */
-    if ((tns.tracker->get_tf_flags() & TF_MISSING_PKT) || !SEQ_EQ(tns.tracker->r_nxt_ack,
+    if ((tns.tracker->get_tf_flags() & TF_MISSING_PKT) || !SEQ_EQ(tns.tracker->rcv_nxt,
          tsd.get_seg_seq()))
          return false;
      else
diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc

index 69a916e078c08b8a8f089ca7924298eda4c3d3c5..b11e238e7c162cb60ae9a4261db2ceb2cba8d36a 100644 (file)
--- a/src/stream/tcp/tcp_reassembler.cc
+++ b/src/stream/tcp/tcp_reassembler.cc
@@ -292,8 +292,8 @@ int TcpReassembler::purge_to_seq(TcpReassemblerState& trs, uint32_t flush_seq)
          trs.sos.seglist_base_seq = flush_seq;
      }
  
-    if ( SEQ_LT(trs.tracker->r_nxt_ack, flush_seq) )
-        trs.tracker->r_nxt_ack = flush_seq;
+    if ( SEQ_LT(trs.tracker->rcv_nxt, flush_seq) )
+        trs.tracker->rcv_nxt = flush_seq;
  
      purge_alerts(trs, trs.sos.session->flow);
  
@@ -1171,9 +1171,7 @@ void TcpReassembler::insert_segment_in_empty_seglist(
          overlap = trs.tracker->r_win_base - tsd.get_seg_seq();
  
          if ( overlap >= tsd.get_seg_len() )
-        {
              return;
-        }
      }
  
      // BLOCK add new block to trs.sos.seglist containing data
diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc

index feca899734b67908fac8b2ad26d806791d85110b..ad8194fb790a2b817df08b7f0938cde23ebbb606 100644 (file)
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -72,6 +72,7 @@ TcpSession::TcpSession(Flow* flow)
  
      client.session = this;
      server.session = this;
+    tcpStats.instantiated++;
  }
  
  TcpSession::~TcpSession()
@@ -85,6 +86,7 @@ bool TcpSession::setup(Packet* p)
      splitter_init = false;
  
      SESSION_STATS_ADD(tcpStats);
+    tcpStats.setups++;
      return true;
  }
  
@@ -116,6 +118,8 @@ void TcpSession::restart(Packet* p)
  
      if (p->ptrs.tcph->is_ack())
          talker->reassembler.flush_on_ack_policy(p);
+
+    tcpStats.restarts++;
  }
  
  //-------------------------------------------------------------------------
@@ -133,29 +137,27 @@ void TcpSession::restart(Packet* p)
  
  void TcpSession::clear_session(bool free_flow_data, bool flush_segments, bool restart, Packet* p)
  {
+    assert(!p or p->flow == flow);
      if ( !tcp_init )
+    {
+        if ( lws_init )
+            tcpStats.no_pickups++;
          return;
+    }
+
+    lws_init = false;
+    tcp_init = false;
+    tcpStats.released++;
  
-    assert(!p or p->flow == flow);
      DetectionEngine::onload(flow);
  
-    if ( tcp_init )
+    if ( flush_segments )
      {
-        if ( flush_segments )
-        {
-            client.reassembler.flush_queued_segments(flow, true, p);
-            server.reassembler.flush_queued_segments(flow, true, p);
-        }
-        client.reassembler.purge_segment_list();
-        server.reassembler.purge_segment_list();
+        client.reassembler.flush_queued_segments(flow, true, p);
+        server.reassembler.flush_queued_segments(flow, true, p);
      }
-
-    if ( tcp_init )
-        tcpStats.released++;
-    else if ( lws_init )
-        tcpStats.no_pickups++;
-    else
-        return;
+    client.reassembler.purge_segment_list();
+    server.reassembler.purge_segment_list();
  
      update_perf_base_state(TcpStreamTracker::TCP_CLOSED);
  
@@ -177,9 +179,6 @@ void TcpSession::clear_session(bool free_flow_data, bool flush_segments, bool re
      set_splitter(false, nullptr);
  
      tel.log_internal_event(SESSION_EVENT_CLEAR);
-
-    lws_init = false;
-    tcp_init = false;
  }
  
  void TcpSession::update_perf_base_state(char newState)
@@ -335,18 +334,6 @@ void TcpSession::process_tcp_stream(TcpSegmentDescriptor& tsd)
      }
  }
  
-void TcpSession::check_fin_transition_status(TcpSegmentDescriptor& tsd)
-{
-    if((tsd.get_seg_len() != 0) &&
-            SEQ_EQ(listener->get_fin_final_seq(), listener->r_nxt_ack))
-    {
-        listener->set_tcp_event(TcpStreamTracker::TCP_FIN_RECV_EVENT);
-        talker->set_tcp_event(TcpStreamTracker::TCP_FIN_SENT_EVENT);
-        listener->inorder_fin = true;
-    }
-}
-
-
  int TcpSession::process_tcp_data(TcpSegmentDescriptor& tsd)
  {
      DeepProfile profile(s5TcpDataPerfStats);
@@ -358,15 +345,15 @@ int TcpSession::process_tcp_data(TcpSegmentDescriptor& tsd)
      {
          if (listener->normalizer.get_os_policy() == StreamPolicy::OS_MACOS)
              seq++;
-
          else
          {
              listener->normalizer.trim_syn_payload(tsd);
              return STREAM_UNALIGNED;
-        }   }
+        }
+    }
  
      /* we're aligned, so that's nice anyway */
-    if (seq == listener->r_nxt_ack)
+    if (seq == listener->rcv_nxt)
      {
          /* check if we're in the window */
          if (config->policy != StreamPolicy::OS_PROXY
@@ -378,7 +365,7 @@ int TcpSession::process_tcp_data(TcpSegmentDescriptor& tsd)
  
          /* move the ack boundary up, this is the only way we'll accept data */
          // FIXIT-L for ips, must move all the way to first hole or right end
-        listener->r_nxt_ack = tsd.get_end_seq();
+        listener->rcv_nxt = tsd.get_end_seq();
  
          if (tsd.get_seg_len() != 0)
          {
@@ -410,11 +397,11 @@ int TcpSession::process_tcp_data(TcpSegmentDescriptor& tsd)
          if ((listener->get_tcp_state() == TcpStreamTracker::TCP_ESTABLISHED)
              && (listener->flush_policy == STREAM_FLPOLICY_IGNORE))
          {
-            if (SEQ_GT(tsd.get_end_seq(), listener->r_nxt_ack))
+            if (SEQ_GT(tsd.get_end_seq(), listener->rcv_nxt))
              {
                  // set next ack so we are within the window going forward on this side.
                  // FIXIT-L for ips, must move all the way to first hole or right end
-                listener->r_nxt_ack = tsd.get_end_seq();
+                listener->rcv_nxt = tsd.get_end_seq();
              }
          }
  
@@ -422,7 +409,7 @@ int TcpSession::process_tcp_data(TcpSegmentDescriptor& tsd)
          {
              if (!( flow->get_session_flags() & SSNFLAG_STREAM_ORDER_BAD))
              {
-                if (!SEQ_LEQ((tsd.get_seg_seq() + tsd.get_seg_len()), listener->r_nxt_ack))
+                if (!SEQ_LEQ((tsd.get_seg_seq() + tsd.get_seg_len()), listener->rcv_nxt))
                      flow->set_session_flags(SSNFLAG_STREAM_ORDER_BAD);
              }
              process_tcp_stream(tsd);
@@ -504,7 +491,7 @@ void TcpSession::update_timestamp_tracking(TcpSegmentDescriptor& tsd)
  {
      talker->set_tf_flags(listener->normalizer.get_timestamp_flags());
      if (listener->normalizer.handling_timestamps()
-        && SEQ_EQ(listener->r_nxt_ack, tsd.get_seg_seq()))
+        && SEQ_EQ(listener->rcv_nxt, tsd.get_seg_seq()))
      {
          talker->set_ts_last_packet(tsd.get_pkt()->pkth->ts.tv_sec);
          talker->set_ts_last(tsd.get_ts());
@@ -749,7 +736,7 @@ void TcpSession::handle_data_segment(TcpSegmentDescriptor& tsd)
  
                  // trim to fit in window and mss as needed
                  st->normalizer.trim_win_payload(
-                    tsd, (st->r_win_base + st->get_snd_wnd() - st->r_nxt_ack));
+                    tsd, (st->r_win_base + st->get_snd_wnd() - st->rcv_nxt));
  
                  if (st->get_mss())
                      st->normalizer.trim_mss_payload(tsd, st->get_mss());
@@ -764,8 +751,6 @@ void TcpSession::handle_data_segment(TcpSegmentDescriptor& tsd)
                  or (config->policy == StreamPolicy::OS_PROXY))
          {
              process_tcp_data(tsd);
-            //Check if all segments are received. Process FIN transition
-            check_fin_transition_status(tsd);
          }
          else
          {
diff --git a/src/stream/tcp/tcp_session.h b/src/stream/tcp/tcp_session.h

index bf43f5b0a8d001e2d69e77d0a5b6211f167ba263..c22e6a62c9c97232d3ac8b1dafa5ccb9de09894f 100644 (file)
--- a/src/stream/tcp/tcp_session.h
+++ b/src/stream/tcp/tcp_session.h
@@ -69,7 +69,6 @@ public:
  private:
      void set_os_policy() override;
      bool flow_exceeds_config_thresholds(TcpSegmentDescriptor&);
-    void check_fin_transition_status(TcpSegmentDescriptor&);
      void process_tcp_stream(TcpSegmentDescriptor&);
      int process_tcp_data(TcpSegmentDescriptor&);
      void swap_trackers();
diff --git a/src/stream/tcp/tcp_state_close_wait.cc b/src/stream/tcp/tcp_state_close_wait.cc

index 37ea80a92d148ea1b5a25daaa5662c35dff1d58d..b2f5eabe1f15ca1dafaf706f72b791d578c35776 100644 (file)
--- a/src/stream/tcp/tcp_state_close_wait.cc
+++ b/src/stream/tcp/tcp_state_close_wait.cc
@@ -85,11 +85,6 @@ bool TcpStateCloseWait::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& tr
  bool TcpStateCloseWait::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  {
      snort::Flow* flow = tsd.get_flow();
-    if( trk.process_inorder_fin() )
-    {
-        trk.update_on_fin_recv(tsd);
-        return true;
-    }
  
      trk.update_tracker_ack_recv(tsd);
  
diff --git a/src/stream/tcp/tcp_state_closing.cc b/src/stream/tcp/tcp_state_closing.cc

index 4ce384292a8290861bd78faaf7a220bd6b09045e..b5df1b3050f9f991e94721d27a711414953cc257 100644 (file)
--- a/src/stream/tcp/tcp_state_closing.cc
+++ b/src/stream/tcp/tcp_state_closing.cc
@@ -62,7 +62,7 @@ bool TcpStateClosing::ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  bool TcpStateClosing::ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  {
      trk.update_tracker_ack_recv(tsd);
-    if ( SEQ_GEQ(tsd.get_end_seq(), trk.r_nxt_ack) )
+    if ( SEQ_GEQ(tsd.get_end_seq(), trk.rcv_nxt) )
          trk.set_tcp_state(TcpStreamTracker::TCP_TIME_WAIT);
      return true;
  }
@@ -76,7 +76,7 @@ bool TcpStateClosing::data_seg_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker&
  bool TcpStateClosing::data_seg_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  {
      trk.update_tracker_ack_recv(tsd);
-    if ( SEQ_GEQ(tsd.get_end_seq(), trk.r_nxt_ack) )
+    if ( SEQ_GEQ(tsd.get_end_seq(), trk.rcv_nxt) )
          trk.set_tcp_state(TcpStreamTracker::TCP_TIME_WAIT);
      return true;
  }
diff --git a/src/stream/tcp/tcp_state_established.cc b/src/stream/tcp/tcp_state_established.cc

index 27185ccd7712cf1a59b7b99e3656f7d8f7001ac8..d91d3bf7715795992a5e994494f2edd5f5fd74f7 100644 (file)
--- a/src/stream/tcp/tcp_state_established.cc
+++ b/src/stream/tcp/tcp_state_established.cc
@@ -91,17 +91,10 @@ bool TcpStateEstablished::data_seg_recv(TcpSegmentDescriptor& tsd, TcpStreamTrac
  
  bool TcpStateEstablished::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  {
-    TcpStreamTracker& listener =
-        tsd.get_pkt()->is_from_client() ? trk.session->server : trk.session->client;
-
      trk.update_on_fin_sent(tsd);
+    trk.session->eof_handle(tsd.get_pkt());
+    trk.set_tcp_state(TcpStreamTracker::TCP_FIN_WAIT1);
  
-    if ( SEQ_EQ(tsd.get_end_seq(), (listener.r_nxt_ack +  tsd.get_seg_len())) ||
-        listener.process_inorder_fin() || !listener.is_segment_seq_valid(tsd) )
-    {
-        trk.session->eof_handle(tsd.get_pkt());
-        trk.set_tcp_state(TcpStreamTracker::TCP_FIN_WAIT1);
-    }
      return true;
  }
  
@@ -113,20 +106,13 @@ bool TcpStateEstablished::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker&
           trk.session->handle_data_segment(tsd);
           trk.flush_data_on_fin_recv(tsd);
      }
-    if( (tsd.get_end_seq() == trk.r_nxt_ack) || !trk.is_segment_seq_valid(tsd) )
-    {
-        if ( trk.update_on_fin_recv(tsd) )
-        {
-            trk.session->update_perf_base_state(TcpStreamTracker::TCP_CLOSING);
-            trk.set_tcp_state(TcpStreamTracker::TCP_CLOSE_WAIT);
-        }
-    }
-    else
+
+    if ( trk.update_on_fin_recv(tsd) )
      {
-        //Out of Order FIN received
-        if ( !trk.is_fin_seq_set() )
-            trk.set_fin_final_seq( tsd.get_seg_seq() );
+        trk.session->update_perf_base_state(TcpStreamTracker::TCP_CLOSING);
+        trk.set_tcp_state(TcpStreamTracker::TCP_CLOSE_WAIT);
      }
+
      return true;
  }
  
diff --git a/src/stream/tcp/tcp_state_syn_sent.cc b/src/stream/tcp/tcp_state_syn_sent.cc

index b2cef7f3bf631a2417aa80f88b8145602efcd9fc..f1a2d942d654b700960373c41fc11393551ae6c2 100644 (file)
--- a/src/stream/tcp/tcp_state_syn_sent.cc
+++ b/src/stream/tcp/tcp_state_syn_sent.cc
@@ -73,7 +73,6 @@ bool TcpStateSynSent::ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
      trk.session->update_timestamp_tracking(tsd);
      trk.session->update_perf_base_state(TcpStreamTracker::TCP_ESTABLISHED);
      trk.set_tcp_state(TcpStreamTracker::TCP_ESTABLISHED);
-    trk.r_nxt_ack = tsd.get_seg_ack();
      return true;
  }
author	Tom Peters (thopeter) <thopeter@cisco.com>
	Thu, 5 Jul 2018 18:16:10 +0000 (14:16 -0400)
committer	Tom Peters (thopeter) <thopeter@cisco.com>
	Thu, 5 Jul 2018 18:16:10 +0000 (14:16 -0400)
src/stream/libtcp/tcp_state_machine.cc		patch \| blob \| blame \| history
src/stream/libtcp/tcp_stream_tracker.cc		patch \| blob \| blame \| history
src/stream/libtcp/tcp_stream_tracker.h		patch \| blob \| blame \| history
src/stream/tcp/tcp_debug_trace.h		patch \| blob \| blame \| history
src/stream/tcp/tcp_module.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_module.h		patch \| blob \| blame \| history
src/stream/tcp/tcp_normalizer.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_normalizers.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_reassembler.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_session.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_session.h		patch \| blob \| blame \| history
src/stream/tcp/tcp_state_close_wait.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_state_closing.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_state_established.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_state_syn_sent.cc		patch \| blob \| blame \| history