stream-tcp: enable bypass setting

This permits to enable/disable in suricata.yaml and the bypass function will be called when stream.depth is reached.
10 years ago · 177df305d4
parent 97783f8142
commit 177df305d4
4 changed files with 25 additions and 1 deletions
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@ -45,6 +45,7 @@
 #include "util-host-os-info.h"
 #include "util-unittest-helper.h"
 #include "util-byte.h"
+#include "util-device.h"

 #include "stream-tcp.h"
 #include "stream-tcp-private.h"
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@ -416,6 +416,21 @@ void StreamTcpInitConfig(char quiet)
        SCLogConfig("stream.\"inline\": %s", stream_inline ? "enabled" : "disabled");
    }

+    int bypass = 0;
+    if ((ConfGetBool("stream.bypass", &bypass)) == 1) {
+        if (bypass == 1) {
+            stream_config.bypass = 1;
+        } else {
+            stream_config.bypass = 0;
+        }
+    } else {
+        stream_config.bypass = 0;
+    }
+
+    if (!quiet) {
+        SCLogConfig("stream \"bypass\": %s", bypass ? "enabled" : "disabled");
+    }
+
    if ((ConfGetInt("stream.max-synack-queued", &value)) == 1) {
        if (value >= 0 && value <= 255) {
            stream_config.max_synack_queued = (uint8_t)value;
@ -5766,6 +5781,11 @@ int StreamTcpSegmentForEach(const Packet *p, uint8_t flag, StreamSegmentCallback
    return cnt;
 }

+int StreamTcpBypassEnabled(void)
+{
+    return stream_config.bypass;
+}
+
 #ifdef UNITTESTS

 /**
--- a/src/stream-tcp.h
+++ b/src/stream-tcp.h
@ -63,6 +63,7 @@ typedef struct TcpStreamCnf_ {
    uint16_t reassembly_toclient_chunk_size;

    int check_overlap_different_data;
+    int bypass;

    /** reassembly -- inline mode
     *
@ -228,7 +229,8 @@ void StreamTcpSessionClear(void *ssnptr);
 void StreamTcpSessionCleanup(TcpSession *ssn);
 /* cleanup stream, but don't free the stream */
 void StreamTcpStreamCleanup(TcpStream *stream);
-
+/* check if bypass is enabled */
+int StreamTcpBypassEnabled(void);

 uint32_t StreamTcpGetStreamSize(TcpStream *stream);

--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@ -1110,6 +1110,7 @@ flow-timeouts:
 #   async-oneside: false        # don't enable async stream handling
 #   inline: no                  # stream inline mode
 #   max-synack-queued: 5        # Max different SYN/ACKs to queue
+#   bypass: no                  # Bypass packets when stream.depth is reached
 #
 #   reassembly:
 #     memcap: 64mb              # Can be specified in kb, mb, gb.  Just a number