aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

stream/ids: make sure we don't slide past last_ack

Browse Source 
Bug: #5401.
(cherry picked from commit f04b7a1827)
pull/7849/head
Victor Julien 4 years ago
parent a383f29aa2
commit 336cd57234
1 changed files with 11 additions and 13 deletions
Show Stats Download Patch File Download Diff File

24
src/stream-tcp-list.c
Unescape Escape View File

@ -675,7 +675,7 @@ static inline bool StreamTcpReturnSegmentCheck(const TcpStream *stream, const Tc
SCReturnInt(true);
}
static inline uint64_t GetLeftEdge(TcpSession *ssn, TcpStream *stream)
static inline uint64_t GetLeftEdge(Flow *f, TcpSession *ssn, TcpStream *stream)
{
bool use_app = true;
bool use_raw = true;
@ -745,21 +745,19 @@ static inline uint64_t GetLeftEdge(TcpSession *ssn, TcpStream *stream)
}
}
/* in inline mode keep at least unack'd segments so we can check for overlaps */
if (StreamTcpInlineMode() == TRUE) {
uint64_t last_ack_abs = STREAM_BASE_OFFSET(stream);
if (STREAM_LASTACK_GT_BASESEQ(stream)) {
/* get window of data that is acked */
const uint32_t delta = stream->last_ack - stream->base_seq;
/* get max absolute offset */
last_ack_abs += delta;
}
left_edge = MIN(left_edge, last_ack_abs);
uint64_t last_ack_abs = STREAM_BASE_OFFSET(stream);
if (STREAM_LASTACK_GT_BASESEQ(stream)) {
last_ack_abs += (stream->last_ack - stream->base_seq);
}
/* in IDS mode we shouldn't see the base_seq pass last_ack */
DEBUG_VALIDATE_BUG_ON(last_ack_abs < left_edge && StreamTcpInlineMode() == FALSE && !f->ffr &&
ssn->state < TCP_CLOSED);
left_edge = MIN(left_edge, last_ack_abs);
/* if we're told to look for overlaps with different data we should
* consider data that is ack'd as well. Injected packets may have
* been ack'd or injected packet may be too late. */
} else if (check_overlap_different_data) {
if (StreamTcpInlineMode() == FALSE && check_overlap_different_data) {
const uint32_t window = stream->window ? stream->window : 4096;
if (window < left_edge)
left_edge -= window;
@ -846,7 +844,7 @@ void StreamTcpPruneSession(Flow *f, uint8_t flags)
return;
}
const uint64_t left_edge = GetLeftEdge(ssn, stream);
const uint64_t left_edge = GetLeftEdge(f, ssn, stream);
if (left_edge && left_edge > STREAM_BASE_OFFSET(stream)) {
uint32_t slide = left_edge - STREAM_BASE_OFFSET(stream);
SCLogDebug("buffer sliding %u to offset %"PRIu64, slide, left_edge);

Write Preview
Loading…
Cancel
Save