stream: implement config option for SYN queue

Default to allowing 10 SYNs to not trigger an event on a connection attempt that times out.
3 years ago · 3948b160c7
parent d03773840b
commit 3948b160c7
3 changed files with 17 additions and 1 deletions
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@ -87,6 +87,7 @@
 #define STREAMTCP_DEFAULT_REASSEMBLY_MEMCAP     (256 * 1024 * 1024) /* 256mb */
 #define STREAMTCP_DEFAULT_TOSERVER_CHUNK_SIZE   2560
 #define STREAMTCP_DEFAULT_TOCLIENT_CHUNK_SIZE   2560
+#define STREAMTCP_DEFAULT_MAX_SYN_QUEUED        10
 #define STREAMTCP_DEFAULT_MAX_SYNACK_QUEUED     5

 static int StreamTcpHandleFin(ThreadVars *tv, StreamTcpThread *, TcpSession *, Packet *);
@ -503,6 +504,19 @@ void StreamTcpInitConfig(bool quiet)
        stream_config.flags |= STREAMTCP_INIT_FLAG_DROP_INVALID;
    }

+    if ((ConfGetInt("stream.max-syn-queued", &value)) == 1) {
+        if (value >= 0 && value <= 255) {
+            stream_config.max_syn_queued = (uint8_t)value;
+        } else {
+            stream_config.max_syn_queued = (uint8_t)STREAMTCP_DEFAULT_MAX_SYN_QUEUED;
+        }
+    } else {
+        stream_config.max_syn_queued = (uint8_t)STREAMTCP_DEFAULT_MAX_SYN_QUEUED;
+    }
+    if (!quiet) {
+        SCLogConfig("stream \"max-syn-queued\": %" PRIu8, stream_config.max_syn_queued);
+    }
+
    if ((ConfGetInt("stream.max-synack-queued", &value)) == 1) {
        if (value >= 0 && value <= 255) {
            stream_config.max_synack_queued = (uint8_t)value;
@ -1655,7 +1669,7 @@ static int StreamTcp3whsStoreSyn(TcpSession *ssn, Packet *p)
    if (ssn->queue != NULL && StreamTcp3whsFindSyn(ssn, &search) != NULL)
        return 0;

-    if (ssn->queue_len == stream_config.max_synack_queued) { // TODO
+    if (ssn->queue_len == stream_config.max_syn_queued) {
        SCLogDebug("ssn %p: =~ SYN queue limit reached", ssn);
        StreamTcpSetEvent(p, STREAM_3WHS_SYN_FLOOD);
        return -1;
--- a/src/stream-tcp.h
+++ b/src/stream-tcp.h
@ -59,6 +59,7 @@ typedef struct TcpStreamCnf_ {
    bool midstream;
    bool async_oneside;
    bool streaming_log_api;
+    uint8_t max_syn_queued;

    uint32_t reassembly_depth;  /**< Depth until when we reassemble the stream */

--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@ -1484,6 +1484,7 @@ flow-timeouts:
 #   async-oneside: false        # don't enable async stream handling
 #   inline: no                  # stream inline mode
 #   drop-invalid: yes           # in inline mode, drop packets that are invalid with regards to streaming engine
+#   max-syn-queued: 10          # Max different SYNs to queue
 #   max-synack-queued: 5        # Max different SYN/ACKs to queue
 #   bypass: no                  # Bypass packets when stream.reassembly.depth is reached.
 #                               # Warning: first side to reach this triggers