stream: add option to disable raw reassembly

Raw reassembly is used only by the detection engine. For users only
caring about logging it's a significant overhead, both in cpu and
memory usage.

The option is called 'raw' and lives under the stream.reassembly
options.

stream:
  memcap: 32mb
  checksum-validation: yes      # reject wrong csums
  inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
  reassembly:
    memcap: 64mb
    depth: 1mb                  # reassemble 1mb into a stream
    toserver-chunk-size: 2560
    toclient-chunk-size: 2560
    randomize-chunk-size: yes
    #randomize-chunk-range: 10
    raw: false # <- new option

src/stream-tcp-private.h

@@ -119,9 +119,8 @@ enum
 #define STREAMTCP_FLAG_TIMESTAMP                    0x0008
 /** Server supports wscale (even though it can be 0) */
 #define STREAMTCP_FLAG_SERVER_WSCALE                0x0010
-
-/** vacancy at 0x0020 */
-
+/** 'Raw' reassembly is disabled for this ssn. */
+#define STREAMTCP_FLAG_DISABLE_RAW                  0x0020
 /** Flag to indicate that the session is handling asynchronous stream.*/
 #define STREAMTCP_FLAG_ASYNC                        0x0040
 /** Flag to indicate we're dealing with 4WHS: SYN, SYN, SYN/ACK, ACK

src/stream-tcp-reassemble.c

@@ -2211,6 +2211,8 @@ static int StreamTcpReassembleInlineRaw (TcpReassemblyThreadCtx *ra_ctx,
     SCEnter();
     SCLogDebug("start p %p, seq %"PRIu32, p, TCP_GET_SEQ(p));
 
+    if (ssn->flags & STREAMTCP_FLAG_DISABLE_RAW)
+        SCReturnInt(0);
     if (stream->seg_list == NULL) {
         SCReturnInt(0);
     }
@@ -3043,6 +3045,9 @@ static int StreamTcpReassembleRaw (TcpReassemblyThreadCtx *ra_ctx,
     SCEnter();
     SCLogDebug("start p %p", p);
 
+    if (ssn->flags & STREAMTCP_FLAG_DISABLE_RAW)
+        SCReturnInt(0);
+
     if (stream->seg_list == NULL) {
         /* send an empty EOF msg if we have no segments but TCP state
          * is beyond ESTABLISHED */
@@ -3673,7 +3678,7 @@ TcpSegment* StreamTcpGetSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
            segment request due to memcap limit */
         SCPerfCounterIncr(ra_ctx->counter_tcp_segment_memcap, tv->sc_perf_pca);
     } else {
-        seg->flags = 0;
+        seg->flags = stream_config.segment_init_flags;
         seg->next = NULL;
         seg->prev = NULL;
     }

src/stream-tcp.c

@@ -577,6 +577,17 @@ void StreamTcpInitConfig(char quiet)
             stream_config.reassembly_toclient_chunk_size);
     }
 
+    int enable_raw = 1;
+    if (ConfGetBool("stream.reassembly.raw", &enable_raw) == 1) {
+        if (!enable_raw) {
+            stream_config.ssn_init_flags = STREAMTCP_FLAG_DISABLE_RAW;
+            stream_config.segment_init_flags = SEGMENTTCP_FLAG_RAW_PROCESSED;
+        }
+    } else {
+        enable_raw = 1;
+    }
+    SCLogInfo("stream.reassembly.raw: %s", enable_raw ? "enabled" : "disabled");
+
     /* init the memcap/use tracking */
     SC_ATOMIC_INIT(st_memuse);
 
@@ -646,6 +657,7 @@ TcpSession *StreamTcpNewSession (Packet *p, int id)
         }
 
         ssn->state = TCP_NONE;
+        ssn->flags = stream_config.ssn_init_flags;
     }
 
     return ssn;

src/stream-tcp.h

@@ -48,6 +48,9 @@ typedef struct TcpStreamCnf_ {
     uint64_t memcap;
     uint64_t reassembly_memcap; /**< max memory usage for stream reassembly */
 
+    uint32_t ssn_init_flags; /**< new ssn flags will be initialized to this */
+    uint8_t segment_init_flags; /**< new seg flags will be initialized to this */
+
     uint32_t prealloc_sessions; /**< ssns to prealloc per stream thread */
     int midstream;
     int async_oneside;