From a0580d8805cfd74b8a216d9f8d3906ebe7e41cf0 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Thu, 26 Jan 2017 18:05:11 +0100
Subject: [PATCH] stream: initialize stream segment pool from mtu

If segments section in the yaml is ommitted (default) or when the
pool size is set to 'from_mtu', the size of the pool will be MTU
minus 40. If the MTU couldn't be determined, it's assumed to be
1500, so the segment size for the bool will be 1460.
---
 src/decode.h                |  1 +
 src/stream-tcp-reassemble.c | 27 ++++++++++++++++++++-------
 suricata.yaml.in            |  4 +++-
 3 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/src/decode.h b/src/decode.h
index aa21f1a8ad..85b4faf560 100644
--- a/src/decode.h
+++ b/src/decode.h
@@ -597,6 +597,7 @@ Packet;
 /** highest mtu of the interfaces we monitor */
 extern int g_default_mtu;
 #define DEFAULT_MTU 1500
+#define MINIMUM_MTU 68      /**< ipv4 minimum: rfc791 */
 
 #define DEFAULT_PACKET_SIZE (DEFAULT_MTU + ETHERNET_HEADER_LEN)
 /* storage: maximum ip packet size + link header */
diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 1b5e42c0b4..a3896435ae 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -344,12 +344,21 @@ int StreamTcpReassemblyConfig(char quiet)
             SCLogDebug("segpre->val %s", segpre->val);
 
             uint16_t pktsize = 0;
-            if (ByteExtractStringUint16(&pktsize, 10, strlen(segsize->val),
-                                        segsize->val) == -1)
-            {
-                SCLogError(SC_ERR_INVALID_ARGUMENT, "segment packet size "
-                                                    "of %s is invalid", segsize->val);
-                return -1;
+            if (strcmp("from_mtu", segsize->val) == 0) {
+                int mtu = g_default_mtu ? g_default_mtu : DEFAULT_MTU;
+                if (mtu < MINIMUM_MTU) {
+                    FatalErrorOnInit(SC_ERR_INVALID_ARGUMENT, "invalid mtu %d", mtu);
+                    continue;
+                }
+                pktsize = mtu - 40;
+            } else {
+                if (ByteExtractStringUint16(&pktsize, 10, strlen(segsize->val),
+                            segsize->val) == -1)
+                {
+                    SCLogError(SC_ERR_INVALID_ARGUMENT, "segment packet size "
+                            "of %s is invalid", segsize->val);
+                    return -1;
+                }
             }
             uint32_t prealloc = 0;
             if (ByteExtractStringUint32(&prealloc, 10, strlen(segpre->val),
@@ -379,6 +388,10 @@ int StreamTcpReassemblyConfig(char quiet)
             SCLogConfig("appended a segment pool for pktsize 65536");
         }
     } else if (npools == 0) {
+        int mtu = g_default_mtu;
+        if (mtu < MINIMUM_MTU)
+            mtu = DEFAULT_MTU;
+
         /* defaults */
         sizes[0].pktsize = 4;
         sizes[0].prealloc = 256;
@@ -392,7 +405,7 @@ int StreamTcpReassemblyConfig(char quiet)
         sizes[4].prealloc = 512;
         sizes[5].pktsize = 768;
         sizes[5].prealloc = 1024;
-        sizes[6].pktsize = 1448;
+        sizes[6].pktsize = mtu - 40; // min size of ipv4+tcp hdrs
         sizes[6].prealloc = 1024;
         sizes[7].pktsize = 0xffff;
         sizes[7].prealloc = 128;
diff --git a/suricata.yaml.in b/suricata.yaml.in
index b733ea1b10..caecd0798a 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1220,7 +1220,9 @@ stream:
     #    prealloc: 512
     #  - size: 768
     #    prealloc: 1024
-    #  - size: 1448
+    # 'from_mtu' means that the size is mtu - 40,
+    # or 1460 if mtu couldn't be determined.
+    #  - size: from_mtu
     #    prealloc: 1024
     #  - size: 65535
     #    prealloc: 128