suricata
Macros | Functions | Variables
stream-tcp.c File Reference
#include "suricata-common.h"
#include "suricata.h"
#include "packet.h"
#include "decode.h"
#include "detect.h"
#include "flow.h"
#include "flow-util.h"
#include "conf.h"
#include "conf-yaml-loader.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-threads.h"
#include "util-pool.h"
#include "util-pool-thread.h"
#include "util-checksum.h"
#include "util-unittest.h"
#include "util-print.h"
#include "util-debug.h"
#include "util-device-private.h"
#include "stream-tcp-private.h"
#include "stream-tcp.h"
#include "stream-tcp-cache.h"
#include "stream-tcp-inline.h"
#include "stream-tcp-reassemble.h"
#include "stream-tcp-sack.h"
#include "stream-tcp-util.h"
#include "stream.h"
#include "pkt-var.h"
#include "host.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-protos.h"
#include "app-layer-htp-mem.h"
#include "util-host-os-info.h"
#include "util-privs.h"
#include "util-profiling.h"
#include "util-misc.h"
#include "util-validate.h"
#include "util-runmodes.h"
#include "util-random.h"
#include "util-exception-policy.h"
#include "util-time.h"
#include "source-pcap-file.h"
#include "action-globals.h"
#include "tests/stream-tcp.c"
Include dependency graph for stream-tcp.c:

Go to the source code of this file.

Macros

#define STREAMTCP_DEFAULT_PREALLOC   2048
 
#define STREAMTCP_DEFAULT_MEMCAP   (64 * 1024 * 1024) /* 64mb */
 
#define STREAMTCP_DEFAULT_REASSEMBLY_MEMCAP   (256 * 1024 * 1024) /* 256mb */
 
#define STREAMTCP_DEFAULT_TOSERVER_CHUNK_SIZE   2560
 
#define STREAMTCP_DEFAULT_TOCLIENT_CHUNK_SIZE   2560
 
#define STREAMTCP_DEFAULT_MAX_SYN_QUEUED   10
 
#define STREAMTCP_DEFAULT_MAX_SYNACK_QUEUED   5
 
#define StreamTcpUpdateLastAck(ssn, stream, ack)
 macro to update last_ack only if the new value is higher
 
#define StreamTcpAsyncLastAckUpdate(ssn, stream)
 
#define StreamTcpUpdateNextSeq(ssn, stream, seq)
 
#define StreamTcpUpdateNextWin(ssn, stream, win)
 macro to update next_win only if the new value is higher
 

Functions

void StreamTcpReturnStreamSegments (TcpStream *)
 return all segments in this stream into the pool(s)
 
void StreamTcpInitConfig (bool quiet)
 To initialize the stream global configuration data.
 
int StreamTcpGetFlowState (void *)
 
void StreamTcpSetOSPolicy (TcpStream *stream, Packet *p)
 Function to set the OS policy for the given stream based on the destination of the received packet.
 
uint64_t StreamTcpReassembleMemuseGlobalCounter (void)
 
 SC_ATOMIC_DECLARE (uint64_t, st_memuse)
 
void StreamTcpInitMemuse (void)
 
void StreamTcpIncrMemuse (uint64_t size)
 
void StreamTcpDecrMemuse (uint64_t size)
 
uint64_t StreamTcpMemuseCounter (void)
 
int StreamTcpCheckMemcap (uint64_t size)
 Check if alloc'ing "size" would mean we're over memcap.
 
int StreamTcpSetMemcap (uint64_t size)
 Update memcap value.
 
uint64_t StreamTcpGetMemcap (void)
 Return memcap value.
 
void StreamTcpStreamCleanup (TcpStream *stream)
 
void StreamTcpSessionCleanup (TcpSession *ssn)
 Session cleanup function. Does not free the ssn.
 
void StreamTcpSessionClear (void *ssnptr)
 Function to return the stream back to the pool. It returns the segments in the stream to the segment pool.
 
void StreamTcpSessionPktFree (Packet *p)
 Function to return the stream segments back to the pool.
 
void StreamTcpFreeConfig (bool quiet)
 
enum ExceptionPolicy StreamTcpSsnMemcapGetExceptionPolicy (void)
 
enum ExceptionPolicy StreamTcpReassemblyMemcapGetExceptionPolicy (void)
 
enum ExceptionPolicy StreamMidstreamGetExceptionPolicy (void)
 
int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt, PacketQueueNoLock *pq)
 
bool TcpSessionPacketSsnReuse (const Packet *p, const Flow *f, const void *tcp_ssn)
 
TmEcode StreamTcp (ThreadVars *tv, Packet *p, void *data, PacketQueueNoLock *pq)
 
TmEcode StreamTcpThreadInit (ThreadVars *tv, void *initdata, void **data)
 
TmEcode StreamTcpThreadDeinit (ThreadVars *tv, void *data)
 
void StreamTcpUpdateAppLayerProgress (TcpSession *ssn, char direction, const uint32_t progress)
 update reassembly progress
 
void StreamTcpSetSessionNoReassemblyFlag (TcpSession *ssn, char direction)
 disable reassembly
 
void StreamTcpSetDisableRawReassemblyFlag (TcpSession *ssn, char direction)
 Set the No reassembly flag for the given direction in given TCP session.
 
void StreamTcpSetSessionBypassFlag (TcpSession *ssn)
 enable bypass
 
void StreamTcpDetectLogFlush (ThreadVars *tv, StreamTcpThread *stt, Flow *f, Packet *p, PacketQueueNoLock *pq)
 create packets in both directions to flush out logging and detection before switching protocols. In IDS mode, create first in packet dir, 2nd in opposing In IPS mode, do the reverse. Flag TCP engine that data needs to be inspected regardless of how far we are wrt inspect limits.
 
int StreamTcpSegmentForEach (const Packet *p, uint8_t flag, StreamSegmentCallback CallbackFunc, void *data)
 
int StreamTcpSegmentForSession (const Packet *p, uint8_t flag, StreamSegmentCallback CallbackFunc, void *data)
 Run callback function on each TCP segment in both directions of a session.
 
int StreamTcpBypassEnabled (void)
 
bool StreamTcpInlineMode (void)
 See if stream engine is operating in inline mode.
 
void TcpSessionSetReassemblyDepth (TcpSession *ssn, uint32_t size)
 
const char * StreamTcpStateAsString (const enum TcpState state)
 
const char * StreamTcpSsnStateAsString (const TcpSession *ssn)
 

Variables

ExceptionPolicyStatsSetts stream_memcap_eps_stats
 
ExceptionPolicyStatsSetts stream_reassembly_memcap_eps_stats
 
ExceptionPolicyStatsSetts stream_midstream_enabled_eps_stats
 
ExceptionPolicyStatsSetts stream_midstream_disabled_eps_stats
 
thread_local uint64_t t_pcapcnt
 
int g_detect_disabled
 
PoolThreadssn_pool = NULL
 
TcpStreamCnf stream_config
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t
Gurvinder Singh gurvi.nosp@m.nder.nosp@m.singh.nosp@m.dahi.nosp@m.ya@gm.nosp@m.ail..nosp@m.com

TCP stream tracking and reassembly engine.

Todo:
  • 4WHS: what if after the 2nd SYN we turn out to be normal 3WHS anyway?

Definition in file stream-tcp.c.

Macro Definition Documentation

◆ STREAMTCP_DEFAULT_MAX_SYN_QUEUED

#define STREAMTCP_DEFAULT_MAX_SYN_QUEUED   10

Definition at line 90 of file stream-tcp.c.

◆ STREAMTCP_DEFAULT_MAX_SYNACK_QUEUED

#define STREAMTCP_DEFAULT_MAX_SYNACK_QUEUED   5

Definition at line 91 of file stream-tcp.c.

◆ STREAMTCP_DEFAULT_MEMCAP

#define STREAMTCP_DEFAULT_MEMCAP   (64 * 1024 * 1024) /* 64mb */

Definition at line 86 of file stream-tcp.c.

◆ STREAMTCP_DEFAULT_PREALLOC

#define STREAMTCP_DEFAULT_PREALLOC   2048

Definition at line 85 of file stream-tcp.c.

◆ STREAMTCP_DEFAULT_REASSEMBLY_MEMCAP

#define STREAMTCP_DEFAULT_REASSEMBLY_MEMCAP   (256 * 1024 * 1024) /* 256mb */

Definition at line 87 of file stream-tcp.c.

◆ STREAMTCP_DEFAULT_TOCLIENT_CHUNK_SIZE

#define STREAMTCP_DEFAULT_TOCLIENT_CHUNK_SIZE   2560

Definition at line 89 of file stream-tcp.c.

◆ STREAMTCP_DEFAULT_TOSERVER_CHUNK_SIZE

#define STREAMTCP_DEFAULT_TOSERVER_CHUNK_SIZE   2560

Definition at line 88 of file stream-tcp.c.

◆ StreamTcpAsyncLastAckUpdate

#define StreamTcpAsyncLastAckUpdate (   ssn,
  stream 
)
Value:
{ \
if ((ssn)->flags & STREAMTCP_FLAG_ASYNC) { \
if (SEQ_GT((stream)->next_seq, (stream)->last_ack)) { \
uint32_t ack_diff = (stream)->next_seq - (stream)->last_ack; \
(stream)->last_ack += ack_diff; \
SCLogDebug("ssn %p: ASYNC last_ack set to %"PRIu32", moved %u forward", \
(ssn), (stream)->next_seq, ack_diff); \
} \
} \
}
flags
uint8_t flags
Definition decode-gre.h:0
SEQ_GT
#define SEQ_GT(a, b)
Definition stream-tcp-private.h:259
STREAMTCP_FLAG_ASYNC
#define STREAMTCP_FLAG_ASYNC
Definition stream-tcp-private.h:182

Definition at line 1077 of file stream-tcp.c.

◆ StreamTcpUpdateLastAck

#define StreamTcpUpdateLastAck (   ssn,
  stream,
  ack 
)
Value:
{ \
if (SEQ_GT((ack), (stream)->last_ack)) \
{ \
SCLogDebug("ssn %p: last_ack set to %"PRIu32", moved %u forward", (ssn), (ack), (ack) - (stream)->last_ack); \
if ((SEQ_LEQ((stream)->last_ack, (stream)->next_seq) && SEQ_GT((ack),(stream)->next_seq))) { \
SCLogDebug("last_ack just passed next_seq: %u (was %u) > %u", (ack), (stream)->last_ack, (stream)->next_seq); \
} else { \
SCLogDebug("next_seq (%u) <> last_ack now %d", (stream)->next_seq, (int)(stream)->next_seq - (ack)); \
}\
(stream)->last_ack = (ack); \
StreamTcpSackPruneList((stream)); \
} else { \
SCLogDebug("ssn %p: no update: ack %u, last_ack %"PRIu32", next_seq %u (state %u)", \
(ssn), (ack), (stream)->last_ack, (stream)->next_seq, (ssn)->state); \
}\
}
SEQ_LEQ
#define SEQ_LEQ(a, b)
Definition stream-tcp-private.h:258

macro to update last_ack only if the new value is higher

Parameters
ssnsession
streamstream to update
ackACK value to test and set

Definition at line 1060 of file stream-tcp.c.

◆ StreamTcpUpdateNextSeq

#define StreamTcpUpdateNextSeq (   ssn,
  stream,
  seq 
)
Value:
{ \
(stream)->next_seq = seq; \
SCLogDebug("ssn %p: next_seq %" PRIu32, (ssn), (stream)->next_seq); \
StreamTcpAsyncLastAckUpdate((ssn), (stream)); \
}
seq
uint32_t seq
Definition stream-tcp-private.h:2

Definition at line 1088 of file stream-tcp.c.

◆ StreamTcpUpdateNextWin

#define StreamTcpUpdateNextWin (   ssn,
  stream,
  win 
)
Value:
{ \
uint32_t sacked_size__ = StreamTcpSackedSize((stream)); \
if (SEQ_GT(((win) + sacked_size__), (stream)->next_win)) { \
(stream)->next_win = ((win) + sacked_size__); \
SCLogDebug("ssn %p: next_win set to %"PRIu32, (ssn), (stream)->next_win); \
} \
}

macro to update next_win only if the new value is higher

Parameters
ssnsession
streamstream to update
winwindow value to test and set

Definition at line 1101 of file stream-tcp.c.

Function Documentation

◆ SC_ATOMIC_DECLARE()

SC_ATOMIC_DECLARE ( uint64_t  ,
st_memuse   
)

◆ StreamMidstreamGetExceptionPolicy()

enum ExceptionPolicy StreamMidstreamGetExceptionPolicy ( void  )

Definition at line 909 of file stream-tcp.c.

References TcpStreamCnf_::midstream_policy, and stream_config.

Referenced by ExceptionPolicyTargetPolicy().

Here is the caller graph for this function:

◆ StreamTcp()

TmEcode StreamTcp ( ThreadVars tv,
Packet p,
void *  data,
PacketQueueNoLock pq 
)

Definition at line 5943 of file stream-tcp.c.

References TcpReassemblyThreadCtx_::app_tctx, AppLayerProfilingReset, StreamTcpThread_::counter_tcp_invalid_checksum, DEBUG_VALIDATE_BUG_ON, Packet_::flags, TcpStreamCnf_::flags, Packet_::flow, FlowGetPacketDirection(), Packet_::pcap_cnt, PKT_PSEUDO_STREAM_END, Packet_::pkt_src, PktSrcToString(), StreamTcpThread_::ra_ctx, SCLogDebug, StatsIncr(), stream_config, STREAMTCP_INIT_FLAG_CHECKSUM_VALIDATION, StreamTcpPacket(), t_pcapcnt, TM_ECODE_OK, TOSERVER, tv, and unlikely.

Here is the call graph for this function:

◆ StreamTcpBypassEnabled()

int StreamTcpBypassEnabled ( void  )

Definition at line 7088 of file stream-tcp.c.

References TcpStreamCnf_::flags, stream_config, and STREAMTCP_INIT_FLAG_BYPASS.

Referenced by StreamTcpPacket().

Here is the caller graph for this function:

◆ StreamTcpCheckMemcap()

int StreamTcpCheckMemcap ( uint64_t  size)

Check if alloc'ing "size" would mean we're over memcap.

Return values
1if in bounds
0if not in bounds

Definition at line 266 of file stream-tcp.c.

References SC_ATOMIC_GET, and stream_config.

◆ StreamTcpDecrMemuse()

void StreamTcpDecrMemuse ( uint64_t  size)

Definition at line 234 of file stream-tcp.c.

References BUG_ON, RunmodeIsUnittests(), SC_ATOMIC_GET, SC_ATOMIC_SUB, SCLogDebug, and StreamTcpMemuseCounter().

Here is the call graph for this function:

◆ StreamTcpDetectLogFlush()

void StreamTcpDetectLogFlush ( ThreadVars tv,
StreamTcpThread stt,
Flow f,
Packet p,
PacketQueueNoLock pq 
)

create packets in both directions to flush out logging and detection before switching protocols. In IDS mode, create first in packet dir, 2nd in opposing In IPS mode, do the reverse. Flag TCP engine that data needs to be inspected regardless of how far we are wrt inspect limits.

Definition at line 6922 of file stream-tcp.c.

References TcpSession_::client, TcpStream_::flags, PKT_IS_TOSERVER, Flow_::protoctx, TcpSession_::server, STREAMTCP_STREAM_FLAG_TRIGGER_RAW, StreamTcpInlineMode(), ts, and tv.

Here is the call graph for this function:

◆ StreamTcpFreeConfig()

void StreamTcpFreeConfig ( bool  quiet)

Definition at line 859 of file stream-tcp.c.

References PoolThreadFree(), SCLogDebug, SCMutexDestroy, SCMutexLock, SCMutexUnlock, ssn_pool, and StreamTcpReassembleFree().

Referenced by PostRunDeinit(), and StreamTcpUTDeinit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpGetFlowState()

int StreamTcpGetFlowState ( void *  )

◆ StreamTcpGetMemcap()

uint64_t StreamTcpGetMemcap ( void  )

Return memcap value.

Parameters
memcapmemcap value

Definition at line 294 of file stream-tcp.c.

References SC_ATOMIC_GET, and stream_config.

◆ StreamTcpIncrMemuse()

void StreamTcpIncrMemuse ( uint64_t  size)

Definition at line 228 of file stream-tcp.c.

References SC_ATOMIC_ADD, SCLogDebug, and StreamTcpMemuseCounter().

Here is the call graph for this function:

◆ StreamTcpInitConfig()

void StreamTcpInitConfig ( bool  quiet)

To initialize the stream global configuration data.

Parameters
quietIt tells the mode of operation, if it is true nothing will be get printed.

Definition at line 488 of file stream-tcp.c.

References TcpStreamCnf_::async_oneside, EngineModeIsIPS(), ExceptionPolicyMidstreamParse(), ExceptionPolicyParse(), FatalError, TcpStreamCnf_::flags, FlowSetProtoFreeFunc(), TcpStreamCnf_::liberal_timestamps, TcpStreamCnf_::max_syn_queued, TcpStreamCnf_::max_synack_queued, TcpStreamCnf_::midstream, TcpStreamCnf_::midstream_policy, ParseSizeStringU16(), ParseSizeStringU32(), ParseSizeStringU64(), PoolThreadInit(), TcpStreamCnf_::prealloc_sessions, TcpStreamCnf_::reassembly_depth, TcpStreamCnf_::reassembly_memcap_policy, TcpStreamCnf_::reassembly_toclient_chunk_size, TcpStreamCnf_::reassembly_toserver_chunk_size, RunmodeIsUnittests(), SC_ATOMIC_GET, SC_ATOMIC_INIT, SC_ATOMIC_SET, SCConfGet(), SCConfGetBool(), SCConfGetInt(), SCConfGetNode(), SCLogConfig, SCLogDebug, SCLogError, SCLogWarning, SCMutexLock, SCMutexUnlock, TcpStreamCnf_::ssn_memcap_policy, ssn_pool, StatsRegisterGlobalCounter(), stream_config, TcpStreamCnf_::stream_init_flags, STREAMTCP_DEFAULT_MAX_SYN_QUEUED, STREAMTCP_DEFAULT_MAX_SYNACK_QUEUED, STREAMTCP_DEFAULT_MEMCAP, STREAMTCP_DEFAULT_PREALLOC, STREAMTCP_DEFAULT_REASSEMBLY_MEMCAP, STREAMTCP_DEFAULT_TOCLIENT_CHUNK_SIZE, STREAMTCP_DEFAULT_TOSERVER_CHUNK_SIZE, STREAMTCP_INIT_FLAG_BYPASS, STREAMTCP_INIT_FLAG_CHECKSUM_VALIDATION, STREAMTCP_INIT_FLAG_DROP_INVALID, STREAMTCP_INIT_FLAG_INLINE, STREAMTCP_STREAM_FLAG_DISABLE_RAW, StreamTcpInitMemuse(), StreamTcpMemuseCounter(), StreamTcpReassembleInit(), StreamTcpSessionClear(), TCP_STREAM_URGENT_DEFAULT, TCP_STREAM_URGENT_DROP, TCP_STREAM_URGENT_GAP, TCP_STREAM_URGENT_INLINE, TCP_STREAM_URGENT_OOB, TcpStreamCnf_::urgent_oob_limit_policy, TcpStreamCnf_::urgent_policy, and WarnInvalidConfEntry.

Referenced by PreRunInit(), and StreamTcpUTInit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpInitMemuse()

void StreamTcpInitMemuse ( void  )

Definition at line 223 of file stream-tcp.c.

References SC_ATOMIC_INIT.

Referenced by StreamTcpInitConfig(), and UtRunTests().

Here is the caller graph for this function:

◆ StreamTcpInlineMode()

bool StreamTcpInlineMode ( void  )

See if stream engine is operating in inline mode.

Return values
0no
1yes

Definition at line 7099 of file stream-tcp.c.

References TcpStreamCnf_::flags, stream_config, and STREAMTCP_INIT_FLAG_INLINE.

Referenced by StreamDataRightEdge(), StreamReassembleRaw(), StreamReassembleRawHasDataReady(), StreamTcpDetectLogFlush(), StreamTcpGetUsable(), and StreamTcpReassembleHandleSegment().

Here is the caller graph for this function:

◆ StreamTcpMemuseCounter()

uint64_t StreamTcpMemuseCounter ( void  )

Definition at line 254 of file stream-tcp.c.

References SC_ATOMIC_GET.

Referenced by StreamTcpDecrMemuse(), StreamTcpIncrMemuse(), StreamTcpInitConfig(), and UtRunTests().

Here is the caller graph for this function:

◆ StreamTcpPacket()

int StreamTcpPacket ( ThreadVars tv,
Packet p,
StreamTcpThread stt,
PacketQueueNoLock pq 
)

Definition at line 5542 of file stream-tcp.c.

References ACTION_DROP, Flow_::alproto, TcpSession_::client, DEBUG_ASSERT_FLOW_LOCKED, DEBUG_VALIDATE_BUG_ON, Packet_::flags, Flow_::flags, TcpStream_::flags, TcpSession_::flags, Packet_::flow, FLOW_WRONG_THREAD, g_detect_disabled, PacketBypassCallback(), PacketCheckAction(), PacketDrop(), Packet_::pcap_cnt, PKT_DROP_REASON_STREAM_ERROR, PKT_DROP_REASON_STREAM_URG, PKT_IS_PSEUDOPKT, PKT_IS_TOCLIENT, PKT_IS_TOSERVER, PKT_PSEUDO_STREAM_END, PKT_STREAM_EST, PKT_STREAM_MODIFIED, PKT_STREAM_NO_EVENTS, PKT_STREAM_NOPCAPLOG, Flow_::protoctx, StreamTcpThread_::ra_ctx, ReCalculateChecksum(), SCEnter, SCLogDebug, SCReturnInt, TcpSession_::server, TcpSession_::state, STREAM_PKT_BROKEN_ACK, STREAM_PKT_FLAG_DUP_ACK, STREAM_PKT_FLAG_SET, STREAM_PKT_FLAG_TCP_ZERO_WIN_PROBE_ACK, STREAM_PKT_SPURIOUS_RETRANSMISSION, STREAMTCP_FLAG_ASYNC, STREAMTCP_FLAG_BYPASS, STREAMTCP_STREAM_FLAG_DEPTH_REACHED, STREAMTCP_STREAM_FLAG_NOREASSEMBLY, StreamTcpBypassEnabled(), StreamTcpDisableAppLayer(), StreamTcpReassembleHandleSegment(), StreamTcpSessionPktFree(), StreamTcpSetEvent, TCP_ESTABLISHED, TcpStream_::tcp_flags, TCP_GET_RAW_ACK, TCP_NONE, TcpSession_::tcp_packet_flags, TH_ACK, TCPHdr_::th_flags, TH_URG, and tv.

Referenced by StreamTcp().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpReassembleMemuseGlobalCounter()

uint64_t StreamTcpReassembleMemuseGlobalCounter ( void  )

Definition at line 150 of file stream-tcp-reassemble.c.

References SC_ATOMIC_GET.

Referenced by StreamTcpReassembleInit(), and UtRunTests().

Here is the caller graph for this function:

◆ StreamTcpReassemblyMemcapGetExceptionPolicy()

enum ExceptionPolicy StreamTcpReassemblyMemcapGetExceptionPolicy ( void  )

Definition at line 904 of file stream-tcp.c.

References TcpStreamCnf_::reassembly_memcap_policy, and stream_config.

Referenced by ExceptionPolicyTargetPolicy().

Here is the caller graph for this function:

◆ StreamTcpReturnStreamSegments()

void StreamTcpReturnStreamSegments ( TcpStream stream)

return all segments in this stream into the pool(s)

Parameters
streamthe stream to cleanup

Definition at line 398 of file stream-tcp-reassemble.c.

References RB_FOREACH_SAFE, RB_REMOVE, TcpStream_::seg_tree, and StreamTcpSegmentReturntoPool().

Referenced by StreamTcpPruneSession(), StreamTcpSessionPktFree(), and StreamTcpStreamCleanup().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpSegmentForEach()

int StreamTcpSegmentForEach ( const Packet p,
uint8_t  flag,
StreamSegmentCallback  CallbackFunc,
void *  data 
)

Definition at line 6946 of file stream-tcp.c.

References TcpSession_::client, cnt, TcpStreamCnf_::flags, Packet_::flow, TcpStream_::last_ack, PKT_IS_PSEUDOPKT, Flow_::protoctx, RB_FOREACH, TcpStream_::sb, TcpSegment::sbseg, SCLogDebug, TcpStream_::seg_tree, TcpSegment::seq, SEQ_GEQ, TcpSession_::server, stream_config, STREAM_DUMP_TOSERVER, StreamingBufferSegmentGetData(), and STREAMTCP_INIT_FLAG_INLINE.

Referenced by StreamSegmentForEach().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpSegmentForSession()

int StreamTcpSegmentForSession ( const Packet p,
uint8_t  flag,
StreamSegmentCallback  CallbackFunc,
void *  data 
)

Run callback function on each TCP segment in both directions of a session.

Note
when stream engine is running in inline mode all segments are used, in IDS/non-inline mode only ack'd segments are iterated.
Must be called under flow lock.
Returns
-1 in case of error, the number of segment in case of success

Definition at line 7005 of file stream-tcp.c.

References TcpSession_::client, cnt, Packet_::flow, TcpSegment::pcap_hdr_storage, Flow_::protoctx, RB_MIN, TcpStream_::sb, TcpSegment::sbseg, SCLogDebug, SCTIME_CMP_LT, TcpStream_::seg_tree, TcpSession_::server, StreamingBufferSegmentGetData(), and TcpSegmentPcapHdrStorage_::ts.

Referenced by StreamSegmentForSession().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpSessionCleanup()

void StreamTcpSessionCleanup ( TcpSession ssn)

Session cleanup function. Does not free the ssn.

Parameters
ssntcp session

Definition at line 327 of file stream-tcp.c.

References TcpSession_::client, SCEnter, SCReturn, TcpSession_::server, and StreamTcpStreamCleanup().

Referenced by StreamTcpSessionClear(), StreamTcpUTClearSession(), and UTHRemoveSessionFromFlow().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpSessionClear()

void StreamTcpSessionClear ( void *  ssnptr)

Function to return the stream back to the pool. It returns the segments in the stream to the segment pool.

This function is called when the flow is destroyed, so it should free everything related to the tcp session. So including the app layer data.

Parameters
ssnVoid ptr to the ssn.

Definition at line 351 of file stream-tcp.c.

References pool_id, TcpSession_::pool_id, SCEnter, SCMutexLock, SCMutexUnlock, SCReturn, StreamTcpSessionCleanup(), and StreamTcpThreadCacheReturnSession().

Referenced by StreamTcpInitConfig().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpSessionPktFree()

void StreamTcpSessionPktFree ( Packet p)

Function to return the stream segments back to the pool.

Parameters
pPacket used to identify the stream.

Definition at line 380 of file stream-tcp.c.

References TcpSession_::client, Packet_::flow, Flow_::protoctx, SCEnter, SCReturn, TcpSession_::server, and StreamTcpReturnStreamSegments().

Referenced by StreamTcpPacket().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpSetDisableRawReassemblyFlag()

void StreamTcpSetDisableRawReassemblyFlag ( TcpSession ssn,
char  direction 
)

Set the No reassembly flag for the given direction in given TCP session.

Parameters
ssnTCP Session to set the flag in
directiondirection to set the flag in: 0 toserver, 1 toclient

Definition at line 6706 of file stream-tcp.c.

References TcpSession_::client, TcpStream_::flags, TcpSession_::server, and STREAMTCP_STREAM_FLAG_NEW_RAW_DISABLED.

Referenced by AppLayerParserParse(), and StreamTcpSetSessionNoReassemblyFlag().

Here is the caller graph for this function:

◆ StreamTcpSetMemcap()

int StreamTcpSetMemcap ( uint64_t  size)

Update memcap value.

Parameters
sizenew memcap value

Definition at line 279 of file stream-tcp.c.

References SC_ATOMIC_GET, SC_ATOMIC_SET, and stream_config.

◆ StreamTcpSetOSPolicy()

void StreamTcpSetOSPolicy ( TcpStream stream,
Packet p 
)

Function to set the OS policy for the given stream based on the destination of the received packet.

Parameters
streamTcpStream of which os_policy needs to set
pPacket which is used to set the os policy

Definition at line 1022 of file stream-tcp.c.

References GET_IPV4_DST_ADDR_PTR, GET_IPV6_DST_ADDR, TcpStream_::os_policy, OS_POLICY_BSD, OS_POLICY_BSD_RIGHT, OS_POLICY_DEFAULT, OS_POLICY_OLD_SOLARIS, OS_POLICY_SOLARIS, SCHInfoGetIPv4HostOSFlavour(), SCHInfoGetIPv6HostOSFlavour(), and SCLogDebug.

Referenced by StreamTcpReassembleHandleSegmentHandleData().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpSetSessionBypassFlag()

void StreamTcpSetSessionBypassFlag ( TcpSession ssn)

enable bypass

Parameters
ssnTCP Session to set the flag in
directiondirection to set the flag in: 0 toserver, 1 toclient

Definition at line 6717 of file stream-tcp.c.

References TcpSession_::flags, and STREAMTCP_FLAG_BYPASS.

Referenced by AppLayerParserParse().

Here is the caller graph for this function:

◆ StreamTcpSetSessionNoReassemblyFlag()

void StreamTcpSetSessionNoReassemblyFlag ( TcpSession ssn,
char  direction 
)

disable reassembly

Disable app layer and set raw inspect to no longer accept new data. Stream engine will then fully disable raw after last inspection.

Parameters
ssnTCP Session to set the flag in
directiondirection to set the flag in: 0 toserver, 1 toclient

Definition at line 6694 of file stream-tcp.c.

References TcpSession_::flags, STREAMTCP_FLAG_APP_LAYER_DISABLED, and StreamTcpSetDisableRawReassemblyFlag().

Referenced by AppLayerParserParse().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpSsnMemcapGetExceptionPolicy()

enum ExceptionPolicy StreamTcpSsnMemcapGetExceptionPolicy ( void  )

Definition at line 899 of file stream-tcp.c.

References TcpStreamCnf_::ssn_memcap_policy, and stream_config.

Referenced by ExceptionPolicyTargetPolicy().

Here is the caller graph for this function:

◆ StreamTcpSsnStateAsString()

const char * StreamTcpSsnStateAsString ( const TcpSession ssn)

Definition at line 7153 of file stream-tcp.c.

References TcpSession_::state, and StreamTcpStateAsString().

Here is the call graph for this function:

◆ StreamTcpStateAsString()

const char * StreamTcpStateAsString ( const enum TcpState  state)

Definition at line 7112 of file stream-tcp.c.

References TCP_CLOSE_WAIT, TCP_CLOSED, TCP_CLOSING, TCP_ESTABLISHED, TCP_FIN_WAIT1, TCP_FIN_WAIT2, TCP_LAST_ACK, TCP_NONE, TCP_SYN_RECV, TCP_SYN_SENT, and TCP_TIME_WAIT.

Referenced by StreamTcpSsnStateAsString().

Here is the caller graph for this function:

◆ StreamTcpStreamCleanup()

void StreamTcpStreamCleanup ( TcpStream stream)

Definition at line 300 of file stream-tcp.c.

References TcpStream_::sb, TcpStreamCnf_::sbcnf, stream_config, StreamingBufferClear(), StreamTcpReturnStreamSegments(), and StreamTcpSackFreeList().

Referenced by StreamTcpSessionCleanup(), and StreamTcpUTClearStream().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ StreamTcpThreadDeinit()

TmEcode StreamTcpThreadDeinit ( ThreadVars tv,
void *  data 
)

Definition at line 6068 of file stream-tcp.c.

References StreamTcpThread_::ra_ctx, SCEnter, SCFree, SCReturnInt, StreamTcpReassembleFreeThreadCtx(), and TM_ECODE_OK.

Here is the call graph for this function:

◆ StreamTcpThreadInit()

TmEcode StreamTcpThreadInit ( ThreadVars tv,
void *  initdata,
void **  data 
)

Definition at line 5981 of file stream-tcp.c.

References StreamTcpThread_::counter_tcp_ack_unseen_data, StreamTcpThread_::counter_tcp_active_sessions, StreamTcpThread_::counter_tcp_invalid_checksum, StreamTcpThread_::counter_tcp_midstream_eps, StreamTcpThread_::counter_tcp_midstream_pickups, StreamTcpThread_::counter_tcp_pseudo, TcpReassemblyThreadCtx_::counter_tcp_reas_eps, TcpReassemblyThreadCtx_::counter_tcp_reass_data_normal_fail, TcpReassemblyThreadCtx_::counter_tcp_reass_data_overlap_fail, TcpReassemblyThreadCtx_::counter_tcp_reass_gap, TcpReassemblyThreadCtx_::counter_tcp_reass_overlap, TcpReassemblyThreadCtx_::counter_tcp_reass_overlap_diff_data, TcpReassemblyThreadCtx_::counter_tcp_segment_from_cache, TcpReassemblyThreadCtx_::counter_tcp_segment_from_pool, TcpReassemblyThreadCtx_::counter_tcp_segment_memcap, StreamTcpThread_::counter_tcp_sessions, StreamTcpThread_::counter_tcp_ssn_from_cache, StreamTcpThread_::counter_tcp_ssn_from_pool, StreamTcpThread_::counter_tcp_ssn_memcap, StreamTcpThread_::counter_tcp_ssn_memcap_eps, TcpReassemblyThreadCtx_::counter_tcp_stream_depth, TcpReassemblyThreadCtx_::counter_tcp_urgent_oob, StreamTcpThread_::counter_tcp_wrong_thread, ExceptionPolicySetStatsCounters(), TcpStreamCnf_::midstream, TcpStreamCnf_::midstream_policy, PoolThreadExpand(), PoolThreadInit(), PoolThreadSize(), TcpStreamCnf_::prealloc_sessions, StreamTcpThread_::ra_ctx, TcpStreamCnf_::reassembly_memcap_policy, SCCalloc, SCEnter, SCLogDebug, SCLogError, SCMutexLock, SCMutexUnlock, SCReturnInt, TcpStreamCnf_::ssn_memcap_policy, ssn_pool, StreamTcpThread_::ssn_pool_id, StatsRegisterCounter(), stream_config, stream_memcap_eps_stats, stream_midstream_disabled_eps_stats, stream_midstream_enabled_eps_stats, stream_reassembly_memcap_eps_stats, StreamTcpReassembleInitThreadCtx(), StreamTcpThreadCacheEnable(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.

Here is the call graph for this function:

◆ StreamTcpUpdateAppLayerProgress()

void StreamTcpUpdateAppLayerProgress ( TcpSession ssn,
char  direction,
const uint32_t  progress 
)

update reassembly progress

Parameters
ssnTCP Session
directiondirection to set the flag in: 0 toserver, 1 toclient

Definition at line 6674 of file stream-tcp.c.

References TcpStream_::app_progress_rel, TcpSession_::client, SCLogDebug, TcpSession_::server, and STREAM_APP_PROGRESS.

Referenced by AppLayerHandleTCPData(), and AppLayerParserParse().

Here is the caller graph for this function:

◆ TcpSessionPacketSsnReuse()

bool TcpSessionPacketSsnReuse ( const Packet p,
const Flow f,
const void *  tcp_ssn 
)

Definition at line 5931 of file stream-tcp.c.

References Packet_::proto.

Referenced by FlowGetFlowFromHash().

Here is the caller graph for this function:

◆ TcpSessionSetReassemblyDepth()

void TcpSessionSetReassemblyDepth ( TcpSession ssn,
uint32_t  size 
)

Definition at line 7105 of file stream-tcp.c.

References TcpSession_::reassembly_depth.

Variable Documentation

◆ g_detect_disabled

int g_detect_disabled
extern

global indicating if detection is enabled

Definition at line 186 of file suricata.c.

Referenced by StreamTcpPacket().

◆ ssn_pool

PoolThread* ssn_pool = NULL

Definition at line 213 of file stream-tcp.c.

Referenced by StreamTcpFreeConfig(), StreamTcpInitConfig(), StreamTcpThreadCacheCleanup(), StreamTcpThreadCacheReturnSession(), and StreamTcpThreadInit().

◆ stream_config

TcpStreamCnf stream_config

Definition at line 219 of file stream-tcp.c.

Referenced by AppLayerParserPostStreamSetup(), FileReassemblyDepth(), SCOutputRegisterStreamingLogger(), StreamMidstreamGetExceptionPolicy(), StreamTcp(), StreamTcpBypassEnabled(), StreamTcpCheckMemcap(), StreamTcpGetMemcap(), StreamTcpInitConfig(), StreamTcpInlineMode(), StreamTcpPruneSession(), StreamTcpReassembleCheckMemcap(), StreamTcpReassembleGetMemcap(), StreamTcpReassembleHandleSegment(), StreamTcpReassembleHandleSegmentHandleData(), StreamTcpReassembleInitThreadCtx(), StreamTcpReassembleRealloc(), StreamTcpReassembleSetMemcap(), StreamTcpReassemblyMemcapGetExceptionPolicy(), StreamTcpSegmentForEach(), StreamTcpSetMemcap(), StreamTcpSsnMemcapGetExceptionPolicy(), StreamTcpStreamCleanup(), StreamTcpThreadInit(), StreamTcpUTDeinit(), StreamTcpUTInitInline(), and UTHAddStreamToFlow().

◆ stream_memcap_eps_stats

ExceptionPolicyStatsSetts stream_memcap_eps_stats
Initial value:
= {
.valid_settings_ids = {
false,
false,
true,
true,
true,
false,
false,
true,
},
.valid_settings_ips = {
false,
false,
true,
true,
true,
true,
true,
true,
},
}

Definition at line 95 of file stream-tcp.c.

Referenced by StreamTcpThreadInit().

◆ stream_midstream_disabled_eps_stats

ExceptionPolicyStatsSetts stream_midstream_disabled_eps_stats
Initial value:
= {
.valid_settings_ids = {
false,
false,
false,
true,
true,
false,
false,
true,
},
.valid_settings_ips = {
false,
false,
false,
true,
true,
false,
true,
true,
},
}

Definition at line 173 of file stream-tcp.c.

Referenced by StreamTcpThreadInit().

◆ stream_midstream_enabled_eps_stats

ExceptionPolicyStatsSetts stream_midstream_enabled_eps_stats
Initial value:
= {
.valid_settings_ids = {
false,
false,
false,
true,
false,
false,
false,
false,
},
.valid_settings_ips = {
false,
false,
false,
true,
false,
false,
false,
false,
},
}

Definition at line 147 of file stream-tcp.c.

Referenced by StreamTcpThreadInit().

◆ stream_reassembly_memcap_eps_stats

ExceptionPolicyStatsSetts stream_reassembly_memcap_eps_stats
Initial value:
= {
.valid_settings_ids = {
false,
false,
true,
true,
true,
false,
false,
true,
},
.valid_settings_ips = {
false,
false,
true,
true,
true,
true,
true,
true,
},
}

Definition at line 121 of file stream-tcp.c.

Referenced by StreamTcpThreadInit().

◆ t_pcapcnt

thread_local uint64_t t_pcapcnt
extern

Definition at line 80 of file stream-tcp-reassemble.c.

Referenced by StreamTcp(), and StreamTcpReassembleCheckMemcap().