suricata
stream-tcp-reassemble.h
Go to the documentation of this file.
1/* Copyright (C) 2007-2024 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Victor Julien <victor@inliniac.net>
22 * \author Gurvinder Singh <gurvindersinghdahiya@gmail.com>
23 */
24
25#ifndef SURICATA_STREAM_TCP_REASSEMBLE_H
26#define SURICATA_STREAM_TCP_REASSEMBLE_H
27
28#include "suricata.h"
29#include "flow.h"
30#include "stream-tcp-private.h"
32
33/** Supported OS list and default OS policy is BSD */
34enum
35{
52};
53
60
62 void *app_tctx;
63
65
66 /** TCP segments which are not being reassembled due to memcap was reached */
68 /** times exception policy for stream reassembly memcap was applied **/
70
73
74 /** number of streams that stop reassembly because their depth is reached */
76 /** count number of streams with a unrecoverable stream gap (missing pkts) */
78
79 /** count packet data overlaps */
81 /** count overlaps with different data */
83
86
87 /** count OOB bytes */
90
91#define OS_POLICY_DEFAULT OS_POLICY_BSD
92
98void *StreamTcpReassembleRealloc(void *optr, size_t orig_size, size_t size);
103 TcpSession *ssn, TcpStream *stream,
104 Packet *p, enum StreamUpdateDir dir);
105
106void StreamTcpCreateTestPacket(uint8_t *, uint8_t, uint8_t, uint8_t);
107
111
113
115 TcpSession *ssn, TcpStream *stream, Packet *p);
117 TcpSegment *, Packet *, uint8_t *pkt_data, uint16_t pkt_datalen);
119
122
124
125void StreamTcpPruneSession(Flow *, uint8_t);
127
128int StreamTcpReassembleSetMemcap(uint64_t size);
129uint64_t StreamTcpReassembleGetMemcap(void);
130int StreamTcpReassembleCheckMemcap(uint64_t size);
132
135
137void StreamTcpReassemblySetMinInspectDepth(TcpSession *ssn, int direction, uint32_t depth);
138
140void EnableTcpSessionDumping(void);
141
142static inline bool STREAM_LASTACK_GT_BASESEQ(const TcpStream *stream)
143{
144 /* last ack not yet initialized */
145 if (STREAM_BASE_OFFSET(stream) == 0 && (stream->tcp_flags & TH_ACK) == 0) {
146#ifdef UNITTESTS
147 if (RunmodeIsUnittests() && stream->last_ack == 0)
148 return false;
149#else
150 return false;
151#endif
152 }
153 if (SEQ_GT(stream->last_ack, stream->base_seq))
154 return true;
155 return false;
156}
157
159
160#endif /* SURICATA_STREAM_TCP_REASSEMBLE_H */
#define TH_ACK
Definition decode-tcp.h:38
ThreadVars * tv
#define SEQ_GT(a, b)
#define STREAM_BASE_OFFSET(stream)
void StreamTcpSetOSPolicy(TcpStream *, Packet *)
Function to set the OS policy for the given stream based on the destination of the received packet.
void StreamTcpReassembleFree(bool)
TcpSegment * StreamTcpGetSegment(ThreadVars *, TcpReassemblyThreadCtx *)
get a segment from the pool
int StreamTcpReassembleCheckMemcap(uint64_t size)
Function to Check the reassembly memory usage counter against the allowed max memory usage for TCP se...
bool StreamReassembleRawHasDataReady(TcpSession *ssn, Packet *p)
does the stream engine have data to inspect?
void StreamTcpSetSessionBypassFlag(TcpSession *)
enable bypass
void EnableTcpSessionDumping(void)
void StreamTcpDisableAppLayer(Flow *f)
int StreamTcpReassembleHandleSegment(ThreadVars *, TcpReassemblyThreadCtx *, TcpSession *, TcpStream *, Packet *)
uint64_t StreamTcpReassembleMemuseGlobalCounter(void)
void StreamTcpReassembleRegisterTests(void)
The Function Register the Unit tests to test the reassembly engine for various OS policies.
uint64_t StreamTcpReassembleGetMemcap(void)
Return memcap value.
void StreamTcpPruneSession(Flow *, uint8_t)
Remove idle TcpSegments from TcpSession.
void StreamTcpReassembleFreeThreadCtx(TcpReassemblyThreadCtx *)
bool StreamTcpReassembleDepthReached(Packet *p)
check if stream in pkt direction has depth reached
@ OS_POLICY_LAST
@ OS_POLICY_NONE
@ OS_POLICY_MACOS
@ OS_POLICY_WINDOWS
@ OS_POLICY_IRIX
@ OS_POLICY_HPUX10
@ OS_POLICY_VISTA
@ OS_POLICY_LINUX
@ OS_POLICY_OLD_LINUX
@ OS_POLICY_BSD
@ OS_POLICY_BSD_RIGHT
@ OS_POLICY_FIRST
@ OS_POLICY_WINDOWS2K3
@ OS_POLICY_OLD_SOLARIS
@ OS_POLICY_HPUX11
@ OS_POLICY_SOLARIS
int StreamTcpReassembleInit(bool)
void StreamTcpReassemblySetMinInspectDepth(TcpSession *ssn, int direction, uint32_t depth)
int StreamTcpReassembleHandleSegmentHandleData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpSession *ssn, TcpStream *stream, Packet *p)
Insert a TCP packet data into the stream reassembly engine.
void * StreamTcpReassembleRealloc(void *optr, size_t orig_size, size_t size)
struct TcpReassemblyThreadCtx_ TcpReassemblyThreadCtx
void StreamTcpReassembleInitMemuse(void)
int StreamTcpReassembleAppLayer(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpSession *ssn, TcpStream *stream, Packet *p, enum StreamUpdateDir dir)
Update the stream reassembly upon receiving a packet.
void StreamTcpReturnStreamSegments(TcpStream *)
return all segments in this stream into the pool(s)
void StreamTcpSegmentReturntoPool(TcpSegment *)
Function to return the segment back to the pool.
void StreamTcpReassembleTriggerRawInspection(TcpSession *, int direction)
Trigger RAW stream inspection.
bool IsTcpSessionDumpingEnabled(void)
void StreamTcpSetSessionNoReassemblyFlag(TcpSession *, char)
disable reassembly
uint32_t StreamDataAvailableForProtoDetect(TcpStream *stream)
void StreamTcpSetDisableRawReassemblyFlag(TcpSession *, char)
Set the No reassembly flag for the given direction in given TCP session.
void StreamTcpCreateTestPacket(uint8_t *, uint8_t, uint8_t, uint8_t)
The Function to create the packet with given payload, which is used to test the reassembly of the eng...
int StreamTcpAppLayerIsDisabled(Flow *f)
TcpReassemblyThreadCtx * StreamTcpReassembleInitThreadCtx(ThreadVars *tv)
int StreamTcpReassembleSetMemcap(uint64_t size)
Update memcap value.
int StreamTcpReassembleInsertSegment(ThreadVars *, TcpReassemblyThreadCtx *, TcpStream *, TcpSegment *, Packet *, uint8_t *pkt_data, uint16_t pkt_datalen)
@ UPDATE_DIR_OPPOSING
@ UPDATE_DIR_BOTH
@ UPDATE_DIR_PACKET
@ UPDATE_DIR_NONE
Flow data structure.
Definition flow.h:356
ExceptionPolicyCounters counter_tcp_reas_eps
Per thread variable structure.
Definition threadvars.h:58
int RunmodeIsUnittests(void)
Definition suricata.c:270