From: Tom Peters (thopeter) Date: Thu, 5 Jul 2018 18:16:10 +0000 (-0400) Subject: Merge pull request #1299 in SNORT/snort3 from stream_tcp_fin_handling to master X-Git-Tag: 3.0.0-246~28 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bdaef0207745fd26b085768167a2b6ba15d14c7c;p=thirdparty%2Fsnort3.git Merge pull request #1299 in SNORT/snort3 from stream_tcp_fin_handling to master Squashed commit of the following: commit 506ca045fd6219e2e8fcdc50735e9d8a0e36a20e Author: davis mcpherson Date: Wed Jun 27 10:45:15 2018 -0400 stream_tcp: 86 r_nxt_ack as tracker state for next rx seq, use rcv_nxt instead commit 45aa8684c57804309b298dcb4fe797274a09e987 Author: davis mcpherson Date: Thu Jun 21 14:18:04 2018 -0400 stream_tcp: back out fin handling changes for bug not relevant to snort3 --- diff --git a/src/stream/libtcp/tcp_state_machine.cc b/src/stream/libtcp/tcp_state_machine.cc index 67b7affa9..c1f551870 100644 --- a/src/stream/libtcp/tcp_state_machine.cc +++ b/src/stream/libtcp/tcp_state_machine.cc @@ -58,15 +58,6 @@ bool TcpStateMachine::eval(TcpSegmentDescriptor& tsd, TcpStreamTracker& talker, listener.set_tcp_event(tsd); tcp_state_handlers[ tcp_state ]->eval(tsd, listener); tcp_state_handlers[ tcp_state ]->do_post_sm_packet_actions(tsd, listener); - if( listener.process_inorder_fin() ) - { - //FIN is in order or we need to process FIN from state_queue - tcp_state_handlers[ tcp_state ]->eval(tsd, listener); - tcp_state = talker.get_tcp_state( ); - tcp_state_handlers[ tcp_state ]->eval(tsd, talker); - tcp_state_handlers[ tcp_state ]->do_post_sm_packet_actions(tsd, listener); - listener.inorder_fin = false; - } return true; } diff --git a/src/stream/libtcp/tcp_stream_tracker.cc b/src/stream/libtcp/tcp_stream_tracker.cc index adc1a4dd0..f87b093aa 100644 --- a/src/stream/libtcp/tcp_stream_tracker.cc +++ b/src/stream/libtcp/tcp_stream_tracker.cc @@ -189,7 +189,7 @@ void TcpStreamTracker::init_tcp_state() flush_policy = STREAM_FLPOLICY_IGNORE; memset(&paf_state, 0, sizeof(paf_state)); snd_una = snd_nxt = snd_wnd = 0; - r_nxt_ack = r_win_base = iss = ts_last = ts_last_packet = 0; + rcv_nxt = r_win_base = iss = ts_last = ts_last_packet = 0; small_seg_count = wscale = mss = 0; tf_flags = 0; alert_count = 0; @@ -278,7 +278,7 @@ void TcpStreamTracker::init_on_syn_recv(TcpSegmentDescriptor& tsd) irs = tsd.get_seg_seq(); // FIXIT-H can we really set the vars below now? - r_nxt_ack = tsd.get_seg_seq() + 1; + rcv_nxt = tsd.get_seg_seq() + 1; r_win_base = tsd.get_seg_seq() + 1; reassembler.set_seglist_base_seq(tsd.get_seg_seq() + 1); @@ -301,7 +301,7 @@ void TcpStreamTracker::init_on_synack_sent(TcpSegmentDescriptor& tsd) snd_wnd = tsd.get_seg_wnd(); r_win_base = tsd.get_seg_ack(); - r_nxt_ack = tsd.get_seg_ack(); + rcv_nxt = tsd.get_seg_ack(); reassembler.set_seglist_base_seq(tsd.get_seg_ack() ); ts_last_packet = tsd.get_pkt()->pkth->ts.tv_sec; @@ -326,7 +326,7 @@ void TcpStreamTracker::init_on_synack_recv(TcpSegmentDescriptor& tsd) snd_una = tsd.get_seg_ack(); snd_nxt = snd_una; - r_nxt_ack = tsd.get_seg_seq() + 1; + rcv_nxt = tsd.get_seg_seq() + 1; r_win_base = tsd.get_seg_seq() + 1; reassembler.set_seglist_base_seq(tsd.get_seg_seq() + 1); @@ -349,7 +349,7 @@ void TcpStreamTracker::init_on_3whs_ack_sent(TcpSegmentDescriptor& tsd) snd_wnd = tsd.get_seg_wnd(); r_win_base = tsd.get_seg_ack(); - r_nxt_ack = tsd.get_seg_ack(); + rcv_nxt = tsd.get_seg_ack(); ts_last_packet = tsd.get_pkt()->pkth->ts.tv_sec; tf_flags |= normalizer.get_tcp_timestamp(tsd, false); @@ -372,7 +372,7 @@ void TcpStreamTracker::init_on_3whs_ack_recv(TcpSegmentDescriptor& tsd) snd_una = tsd.get_seg_ack(); snd_nxt = snd_una; - r_nxt_ack = tsd.get_seg_seq(); + rcv_nxt = tsd.get_seg_seq(); r_win_base = tsd.get_seg_seq(); reassembler.set_seglist_base_seq(tsd.get_seg_seq() + 1); @@ -400,7 +400,7 @@ void TcpStreamTracker::init_on_data_seg_sent(TcpSegmentDescriptor& tsd) snd_wnd = tsd.get_seg_wnd(); r_win_base = tsd.get_seg_ack(); - r_nxt_ack = tsd.get_seg_ack(); + rcv_nxt = tsd.get_seg_ack(); reassembler.set_seglist_base_seq(tsd.get_seg_ack()); ts_last_packet = tsd.get_pkt()->pkth->ts.tv_sec; @@ -424,7 +424,7 @@ void TcpStreamTracker::init_on_data_seg_recv(TcpSegmentDescriptor& tsd) snd_nxt = snd_una; snd_wnd = 0; /* reset later */ - r_nxt_ack = tsd.get_seg_seq(); + rcv_nxt = tsd.get_seg_seq(); r_win_base = tsd.get_seg_seq(); reassembler.set_seglist_base_seq(tsd.get_seg_seq()); @@ -458,7 +458,7 @@ void TcpStreamTracker::finish_client_init(TcpSegmentDescriptor& tsd) { Flow* flow = tsd.get_flow(); - r_nxt_ack = tsd.get_end_seq(); + rcv_nxt = tsd.get_end_seq(); if ( !( flow->session_state & STREAM_STATE_MIDSTREAM ) ) { @@ -578,16 +578,16 @@ void TcpStreamTracker::flush_data_on_fin_recv(TcpSegmentDescriptor& tsd) bool TcpStreamTracker::update_on_fin_recv(TcpSegmentDescriptor& tsd) { if ( SEQ_LT(tsd.get_end_seq(), r_win_base) ) - { return false; - } //-------------------------------------------------- - // FIXIT-L don't bump r_nxt_ack unless FIN is in seq + // FIXIT-L don't bump rcv_nxt unless FIN is in seq // because it causes bogus 129:5 cases // but doing so causes extra gaps - //if ( SEQ_EQ(tsd.end_seq, r_nxt_ack) ) - r_nxt_ack++; + if ( SEQ_EQ(tsd.get_end_seq(), rcv_nxt) ) + rcv_nxt++; + else + fin_seq_adjust = 1; // set final seq # any packet rx'ed with seq > is bad if ( !fin_seq_set ) @@ -615,8 +615,8 @@ bool TcpStreamTracker::is_segment_seq_valid(TcpSegmentDescriptor& tsd) int right_ok; uint32_t left_seq; - if ( SEQ_LT(r_nxt_ack, r_win_base) ) - left_seq = r_nxt_ack; + if ( SEQ_LT(rcv_nxt, r_win_base) ) + left_seq = rcv_nxt; else left_seq = r_win_base; diff --git a/src/stream/libtcp/tcp_stream_tracker.h b/src/stream/libtcp/tcp_stream_tracker.h index dc93572e8..de68ef4d3 100644 --- a/src/stream/libtcp/tcp_stream_tracker.h +++ b/src/stream/libtcp/tcp_stream_tracker.h @@ -178,10 +178,10 @@ public: { this->iss = iss; } uint32_t get_fin_final_seq() const - { return fin_final_seq; } + { return fin_final_seq + fin_seq_adjust; } - void set_fin_final_seq(uint32_t fin_final_seq = 0) - { this->fin_final_seq = fin_final_seq; } + uint32_t get_fin_seq_adjust() + { return fin_seq_adjust; } bool is_fin_seq_set() const { return fin_seq_set; } @@ -245,9 +245,6 @@ public: bool is_rst_pkt_sent() const { return rst_pkt_sent; } - bool process_inorder_fin() const - { return inorder_fin; } - snort::StreamSplitter* get_splitter() { return splitter; } @@ -301,11 +298,9 @@ public: uint32_t irs = 0; // IRS - initial receive sequence number bool rst_pkt_sent = false; - bool inorder_fin = false; // FIXIT-L make these non-public public: - uint32_t r_nxt_ack = 0; /* next expected ack from remote side */ uint32_t r_win_base = 0; /* remote side window base sequence number * (i.e. the last ack we got) */ @@ -332,6 +327,7 @@ protected: uint8_t mac_addr[6] = { }; bool mac_addr_valid = false; uint32_t fin_final_seq = 0; + uint32_t fin_seq_adjust = 0; bool fin_seq_set = false; // FIXIT-M should be obviated by tcp state uint8_t tcp_options_len = 0; diff --git a/src/stream/tcp/tcp_debug_trace.h b/src/stream/tcp/tcp_debug_trace.h index 665c16da6..e2aef6d56 100644 --- a/src/stream/tcp/tcp_debug_trace.h +++ b/src/stream/tcp/tcp_debug_trace.h @@ -87,7 +87,7 @@ inline void TraceState(TcpStreamTracker* a, TcpStreamTracker* b, const char* s) fprintf(stdout, " %s ST=%s UA=%-4u NS=%-4u LW=%-5u RN=%-4u RW=%-4u ISS=%-4u IRS=%-4u ", s, statext[a->get_tcp_state()], ua, ns, a->get_snd_wnd( ), - RMT(a, r_nxt_ack, b), RMT(a, r_win_base, b), a->get_iss(), a->get_irs()); + RMT(a, rcv_nxt, b), RMT(a, r_win_base, b), a->get_iss(), a->get_irs()); fprintf(stdout, "\n"); unsigned paf = (a->splitter and a->splitter->is_paf()) ? 2 : 0; diff --git a/src/stream/tcp/tcp_module.cc b/src/stream/tcp/tcp_module.cc index f81a06c53..3b3b44e18 100644 --- a/src/stream/tcp/tcp_module.cc +++ b/src/stream/tcp/tcp_module.cc @@ -46,6 +46,9 @@ THREAD_LOCAL ProfileStats s5TcpBuildPacketPerfStats; const PegInfo tcp_pegs[] = { SESSION_PEGS("tcp"), + { CountType::SUM, "instantiated", "new sessions instantiated" }, + { CountType::SUM, "setups", "session initializations" }, + { CountType::SUM, "restarts", "sessions restarted" }, { CountType::SUM, "resyns", "SYN received on established session" }, { CountType::SUM, "discards", "tcp packets discarded" }, { CountType::SUM, "events", "events generated" }, diff --git a/src/stream/tcp/tcp_module.h b/src/stream/tcp/tcp_module.h index 4ec589ff2..b0c591e1c 100644 --- a/src/stream/tcp/tcp_module.h +++ b/src/stream/tcp/tcp_module.h @@ -64,6 +64,9 @@ extern THREAD_LOCAL snort::ProfileStats streamSizePerfStats; struct TcpStats { SESSION_STATS; + PegCount instantiated; + PegCount setups; + PegCount restarts; PegCount resyns; PegCount discards; PegCount events; diff --git a/src/stream/tcp/tcp_normalizer.cc b/src/stream/tcp/tcp_normalizer.cc index a90676eae..d4744b8ba 100644 --- a/src/stream/tcp/tcp_normalizer.cc +++ b/src/stream/tcp/tcp_normalizer.cc @@ -215,11 +215,9 @@ uint32_t TcpNormalizer::get_tcp_timestamp( bool TcpNormalizer::validate_rst_seq_geq( TcpNormalizerState& tns, TcpSegmentDescriptor& tsd) { - // FIXIT-H check for r_win_base == 0 is hack for uninitialized r_win_base, fix this - if ( ( tns.tracker->r_nxt_ack == 0 ) || SEQ_GEQ(tsd.get_seg_seq(), tns.tracker->r_nxt_ack) ) - { + // FIXIT-H check for rcv_nxt == 0 is hack for uninitialized rcv_nxt, fix this + if ( ( tns.tracker->rcv_nxt == 0 ) || SEQ_GEQ(tsd.get_seg_seq(), tns.tracker->rcv_nxt) ) return true; - } return false; } @@ -235,9 +233,7 @@ bool TcpNormalizer::validate_rst_end_seq_geq( { // reset must be admitted when window closed if (SEQ_LEQ(tsd.get_seg_seq(), tns.tracker->r_win_base + get_stream_window(tns, tsd))) - { return true; - } } return false; @@ -246,11 +242,11 @@ bool TcpNormalizer::validate_rst_end_seq_geq( bool TcpNormalizer::validate_rst_seq_eq( TcpNormalizerState& tns, TcpSegmentDescriptor& tsd) { - // FIXIT-H check for r_nxt_ack == 0 is hack for uninitialized r_nxt_ack, fix this - if ( ( tns.tracker->r_nxt_ack == 0 ) || SEQ_EQ(tsd.get_seg_seq(), tns.tracker->r_nxt_ack) ) - { + uint32_t expected_seq = tns.tracker->rcv_nxt + tns.tracker->get_fin_seq_adjust(); + + // FIXIT-H check for rcv_nxt == 0 is hack for uninitialized rcv_nxt, fix this + if ( ( tns.tracker->rcv_nxt == 0 ) || SEQ_EQ(tsd.get_seg_seq(), expected_seq) ) return true; - } return false; } @@ -287,9 +283,7 @@ int TcpNormalizer::validate_paws_timestamp( return ACTION_BAD_PKT; } else - { return ACTION_NOTHING; - } } bool TcpNormalizer::is_paws_ts_checked_required( diff --git a/src/stream/tcp/tcp_normalizers.cc b/src/stream/tcp/tcp_normalizers.cc index 9be5a22c3..0d39aaf98 100644 --- a/src/stream/tcp/tcp_normalizers.cc +++ b/src/stream/tcp/tcp_normalizers.cc @@ -190,7 +190,7 @@ static inline int handle_repeated_syn_mswin( /* Windows has some strange behavior here. If the sequence of the reset is the * next expected sequence, it Resets. Otherwise it ignores the 2nd SYN. */ - if (SEQ_EQ(tsd.get_seg_seq(), listener->r_nxt_ack)) + if (SEQ_EQ(tsd.get_seg_seq(), listener->rcv_nxt)) { session->flow->set_session_flags(SSNFLAG_RESET); talker->set_tcp_state(TcpStreamTracker::TCP_CLOSED); @@ -245,7 +245,7 @@ static inline bool paws_3whs_zero_ts_supported( if ( talker->get_tf_flags() & TF_TSTAMP_ZERO ) { talker->clear_tf_flags(TF_TSTAMP_ZERO); - if ( SEQ_EQ(listener->r_nxt_ack, tsd.get_seg_seq() ) ) + if ( SEQ_EQ(listener->rcv_nxt, tsd.get_seg_seq() ) ) { // Ignore timestamp for this first packet, save to check on next talker->set_ts_last(tsd.get_ts() ); @@ -382,7 +382,7 @@ bool TcpNormalizerHpux11::is_paws_ts_checked_required( TcpNormalizerState& tns, TcpSegmentDescriptor& tsd) { /* HPUX 11 ignores timestamps for out of order segments */ - if ((tns.tracker->get_tf_flags() & TF_MISSING_PKT) || !SEQ_EQ(tns.tracker->r_nxt_ack, + if ((tns.tracker->get_tf_flags() & TF_MISSING_PKT) || !SEQ_EQ(tns.tracker->rcv_nxt, tsd.get_seg_seq())) return false; else diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc index 69a916e07..b11e238e7 100644 --- a/src/stream/tcp/tcp_reassembler.cc +++ b/src/stream/tcp/tcp_reassembler.cc @@ -292,8 +292,8 @@ int TcpReassembler::purge_to_seq(TcpReassemblerState& trs, uint32_t flush_seq) trs.sos.seglist_base_seq = flush_seq; } - if ( SEQ_LT(trs.tracker->r_nxt_ack, flush_seq) ) - trs.tracker->r_nxt_ack = flush_seq; + if ( SEQ_LT(trs.tracker->rcv_nxt, flush_seq) ) + trs.tracker->rcv_nxt = flush_seq; purge_alerts(trs, trs.sos.session->flow); @@ -1171,9 +1171,7 @@ void TcpReassembler::insert_segment_in_empty_seglist( overlap = trs.tracker->r_win_base - tsd.get_seg_seq(); if ( overlap >= tsd.get_seg_len() ) - { return; - } } // BLOCK add new block to trs.sos.seglist containing data diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc index feca89973..ad8194fb7 100644 --- a/src/stream/tcp/tcp_session.cc +++ b/src/stream/tcp/tcp_session.cc @@ -72,6 +72,7 @@ TcpSession::TcpSession(Flow* flow) client.session = this; server.session = this; + tcpStats.instantiated++; } TcpSession::~TcpSession() @@ -85,6 +86,7 @@ bool TcpSession::setup(Packet* p) splitter_init = false; SESSION_STATS_ADD(tcpStats); + tcpStats.setups++; return true; } @@ -116,6 +118,8 @@ void TcpSession::restart(Packet* p) if (p->ptrs.tcph->is_ack()) talker->reassembler.flush_on_ack_policy(p); + + tcpStats.restarts++; } //------------------------------------------------------------------------- @@ -133,29 +137,27 @@ void TcpSession::restart(Packet* p) void TcpSession::clear_session(bool free_flow_data, bool flush_segments, bool restart, Packet* p) { + assert(!p or p->flow == flow); if ( !tcp_init ) + { + if ( lws_init ) + tcpStats.no_pickups++; return; + } + + lws_init = false; + tcp_init = false; + tcpStats.released++; - assert(!p or p->flow == flow); DetectionEngine::onload(flow); - if ( tcp_init ) + if ( flush_segments ) { - if ( flush_segments ) - { - client.reassembler.flush_queued_segments(flow, true, p); - server.reassembler.flush_queued_segments(flow, true, p); - } - client.reassembler.purge_segment_list(); - server.reassembler.purge_segment_list(); + client.reassembler.flush_queued_segments(flow, true, p); + server.reassembler.flush_queued_segments(flow, true, p); } - - if ( tcp_init ) - tcpStats.released++; - else if ( lws_init ) - tcpStats.no_pickups++; - else - return; + client.reassembler.purge_segment_list(); + server.reassembler.purge_segment_list(); update_perf_base_state(TcpStreamTracker::TCP_CLOSED); @@ -177,9 +179,6 @@ void TcpSession::clear_session(bool free_flow_data, bool flush_segments, bool re set_splitter(false, nullptr); tel.log_internal_event(SESSION_EVENT_CLEAR); - - lws_init = false; - tcp_init = false; } void TcpSession::update_perf_base_state(char newState) @@ -335,18 +334,6 @@ void TcpSession::process_tcp_stream(TcpSegmentDescriptor& tsd) } } -void TcpSession::check_fin_transition_status(TcpSegmentDescriptor& tsd) -{ - if((tsd.get_seg_len() != 0) && - SEQ_EQ(listener->get_fin_final_seq(), listener->r_nxt_ack)) - { - listener->set_tcp_event(TcpStreamTracker::TCP_FIN_RECV_EVENT); - talker->set_tcp_event(TcpStreamTracker::TCP_FIN_SENT_EVENT); - listener->inorder_fin = true; - } -} - - int TcpSession::process_tcp_data(TcpSegmentDescriptor& tsd) { DeepProfile profile(s5TcpDataPerfStats); @@ -358,15 +345,15 @@ int TcpSession::process_tcp_data(TcpSegmentDescriptor& tsd) { if (listener->normalizer.get_os_policy() == StreamPolicy::OS_MACOS) seq++; - else { listener->normalizer.trim_syn_payload(tsd); return STREAM_UNALIGNED; - } } + } + } /* we're aligned, so that's nice anyway */ - if (seq == listener->r_nxt_ack) + if (seq == listener->rcv_nxt) { /* check if we're in the window */ if (config->policy != StreamPolicy::OS_PROXY @@ -378,7 +365,7 @@ int TcpSession::process_tcp_data(TcpSegmentDescriptor& tsd) /* move the ack boundary up, this is the only way we'll accept data */ // FIXIT-L for ips, must move all the way to first hole or right end - listener->r_nxt_ack = tsd.get_end_seq(); + listener->rcv_nxt = tsd.get_end_seq(); if (tsd.get_seg_len() != 0) { @@ -410,11 +397,11 @@ int TcpSession::process_tcp_data(TcpSegmentDescriptor& tsd) if ((listener->get_tcp_state() == TcpStreamTracker::TCP_ESTABLISHED) && (listener->flush_policy == STREAM_FLPOLICY_IGNORE)) { - if (SEQ_GT(tsd.get_end_seq(), listener->r_nxt_ack)) + if (SEQ_GT(tsd.get_end_seq(), listener->rcv_nxt)) { // set next ack so we are within the window going forward on this side. // FIXIT-L for ips, must move all the way to first hole or right end - listener->r_nxt_ack = tsd.get_end_seq(); + listener->rcv_nxt = tsd.get_end_seq(); } } @@ -422,7 +409,7 @@ int TcpSession::process_tcp_data(TcpSegmentDescriptor& tsd) { if (!( flow->get_session_flags() & SSNFLAG_STREAM_ORDER_BAD)) { - if (!SEQ_LEQ((tsd.get_seg_seq() + tsd.get_seg_len()), listener->r_nxt_ack)) + if (!SEQ_LEQ((tsd.get_seg_seq() + tsd.get_seg_len()), listener->rcv_nxt)) flow->set_session_flags(SSNFLAG_STREAM_ORDER_BAD); } process_tcp_stream(tsd); @@ -504,7 +491,7 @@ void TcpSession::update_timestamp_tracking(TcpSegmentDescriptor& tsd) { talker->set_tf_flags(listener->normalizer.get_timestamp_flags()); if (listener->normalizer.handling_timestamps() - && SEQ_EQ(listener->r_nxt_ack, tsd.get_seg_seq())) + && SEQ_EQ(listener->rcv_nxt, tsd.get_seg_seq())) { talker->set_ts_last_packet(tsd.get_pkt()->pkth->ts.tv_sec); talker->set_ts_last(tsd.get_ts()); @@ -749,7 +736,7 @@ void TcpSession::handle_data_segment(TcpSegmentDescriptor& tsd) // trim to fit in window and mss as needed st->normalizer.trim_win_payload( - tsd, (st->r_win_base + st->get_snd_wnd() - st->r_nxt_ack)); + tsd, (st->r_win_base + st->get_snd_wnd() - st->rcv_nxt)); if (st->get_mss()) st->normalizer.trim_mss_payload(tsd, st->get_mss()); @@ -764,8 +751,6 @@ void TcpSession::handle_data_segment(TcpSegmentDescriptor& tsd) or (config->policy == StreamPolicy::OS_PROXY)) { process_tcp_data(tsd); - //Check if all segments are received. Process FIN transition - check_fin_transition_status(tsd); } else { diff --git a/src/stream/tcp/tcp_session.h b/src/stream/tcp/tcp_session.h index bf43f5b0a..c22e6a62c 100644 --- a/src/stream/tcp/tcp_session.h +++ b/src/stream/tcp/tcp_session.h @@ -69,7 +69,6 @@ public: private: void set_os_policy() override; bool flow_exceeds_config_thresholds(TcpSegmentDescriptor&); - void check_fin_transition_status(TcpSegmentDescriptor&); void process_tcp_stream(TcpSegmentDescriptor&); int process_tcp_data(TcpSegmentDescriptor&); void swap_trackers(); diff --git a/src/stream/tcp/tcp_state_close_wait.cc b/src/stream/tcp/tcp_state_close_wait.cc index 37ea80a92..b2f5eabe1 100644 --- a/src/stream/tcp/tcp_state_close_wait.cc +++ b/src/stream/tcp/tcp_state_close_wait.cc @@ -85,11 +85,6 @@ bool TcpStateCloseWait::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& tr bool TcpStateCloseWait::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { snort::Flow* flow = tsd.get_flow(); - if( trk.process_inorder_fin() ) - { - trk.update_on_fin_recv(tsd); - return true; - } trk.update_tracker_ack_recv(tsd); diff --git a/src/stream/tcp/tcp_state_closing.cc b/src/stream/tcp/tcp_state_closing.cc index 4ce384292..b5df1b305 100644 --- a/src/stream/tcp/tcp_state_closing.cc +++ b/src/stream/tcp/tcp_state_closing.cc @@ -62,7 +62,7 @@ bool TcpStateClosing::ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) bool TcpStateClosing::ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { trk.update_tracker_ack_recv(tsd); - if ( SEQ_GEQ(tsd.get_end_seq(), trk.r_nxt_ack) ) + if ( SEQ_GEQ(tsd.get_end_seq(), trk.rcv_nxt) ) trk.set_tcp_state(TcpStreamTracker::TCP_TIME_WAIT); return true; } @@ -76,7 +76,7 @@ bool TcpStateClosing::data_seg_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& bool TcpStateClosing::data_seg_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { trk.update_tracker_ack_recv(tsd); - if ( SEQ_GEQ(tsd.get_end_seq(), trk.r_nxt_ack) ) + if ( SEQ_GEQ(tsd.get_end_seq(), trk.rcv_nxt) ) trk.set_tcp_state(TcpStreamTracker::TCP_TIME_WAIT); return true; } diff --git a/src/stream/tcp/tcp_state_established.cc b/src/stream/tcp/tcp_state_established.cc index 27185ccd7..d91d3bf77 100644 --- a/src/stream/tcp/tcp_state_established.cc +++ b/src/stream/tcp/tcp_state_established.cc @@ -91,17 +91,10 @@ bool TcpStateEstablished::data_seg_recv(TcpSegmentDescriptor& tsd, TcpStreamTrac bool TcpStateEstablished::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - TcpStreamTracker& listener = - tsd.get_pkt()->is_from_client() ? trk.session->server : trk.session->client; - trk.update_on_fin_sent(tsd); + trk.session->eof_handle(tsd.get_pkt()); + trk.set_tcp_state(TcpStreamTracker::TCP_FIN_WAIT1); - if ( SEQ_EQ(tsd.get_end_seq(), (listener.r_nxt_ack + tsd.get_seg_len())) || - listener.process_inorder_fin() || !listener.is_segment_seq_valid(tsd) ) - { - trk.session->eof_handle(tsd.get_pkt()); - trk.set_tcp_state(TcpStreamTracker::TCP_FIN_WAIT1); - } return true; } @@ -113,20 +106,13 @@ bool TcpStateEstablished::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk.session->handle_data_segment(tsd); trk.flush_data_on_fin_recv(tsd); } - if( (tsd.get_end_seq() == trk.r_nxt_ack) || !trk.is_segment_seq_valid(tsd) ) - { - if ( trk.update_on_fin_recv(tsd) ) - { - trk.session->update_perf_base_state(TcpStreamTracker::TCP_CLOSING); - trk.set_tcp_state(TcpStreamTracker::TCP_CLOSE_WAIT); - } - } - else + + if ( trk.update_on_fin_recv(tsd) ) { - //Out of Order FIN received - if ( !trk.is_fin_seq_set() ) - trk.set_fin_final_seq( tsd.get_seg_seq() ); + trk.session->update_perf_base_state(TcpStreamTracker::TCP_CLOSING); + trk.set_tcp_state(TcpStreamTracker::TCP_CLOSE_WAIT); } + return true; } diff --git a/src/stream/tcp/tcp_state_syn_sent.cc b/src/stream/tcp/tcp_state_syn_sent.cc index b2cef7f3b..f1a2d942d 100644 --- a/src/stream/tcp/tcp_state_syn_sent.cc +++ b/src/stream/tcp/tcp_state_syn_sent.cc @@ -73,7 +73,6 @@ bool TcpStateSynSent::ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) trk.session->update_timestamp_tracking(tsd); trk.session->update_perf_base_state(TcpStreamTracker::TCP_ESTABLISHED); trk.set_tcp_state(TcpStreamTracker::TCP_ESTABLISHED); - trk.r_nxt_ack = tsd.get_seg_ack(); return true; }