stream: fix direction flags in corner case

When a TCP DNS flow would start with a GAP on the TS side, the successful protocol detection on the TC side would trigger 'opposing side' reassembly and app-layer processing. In this case the stream flags would indicate the wrong direction and the wrong parser would be called.
5 years ago · efee458af8
parent 960045323d
commit efee458af8
1 changed files with 7 additions and 16 deletions
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@ -658,7 +658,7 @@ int StreamTcpReassembleHandleSegmentHandleData(ThreadVars *tv, TcpReassemblyThre
 }

 static uint8_t StreamGetAppLayerFlags(TcpSession *ssn, TcpStream *stream,
-                                      Packet *p, enum StreamUpdateDir dir)
+                                      Packet *p)
 {
    uint8_t flag = 0;

@ -678,20 +678,11 @@ static uint8_t StreamGetAppLayerFlags(TcpSession *ssn, TcpStream *stream,
        flag |= STREAM_EOF;
    }

-    if (dir == UPDATE_DIR_OPPOSING) {
-        if (p->flowflags & FLOW_PKT_TOSERVER) {
-            flag |= STREAM_TOCLIENT;
-        } else {
-            flag |= STREAM_TOSERVER;
-        }
+    if (&ssn->client == stream) {
+        flag |= STREAM_TOSERVER;
    } else {
-        if (p->flowflags & FLOW_PKT_TOSERVER) {
-            flag |= STREAM_TOSERVER;
-        } else {
-            flag |= STREAM_TOCLIENT;
-        }
+        flag |= STREAM_TOCLIENT;
    }
-
    if (stream->flags & STREAMTCP_STREAM_FLAG_DEPTH_REACHED) {
        flag |= STREAM_DEPTH;
    }
@ -1029,7 +1020,7 @@ static int ReassembleUpdateAppLayer (ThreadVars *tv,

            int r = AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
                    NULL, mydata_len,
-                    StreamGetAppLayerFlags(ssn, *stream, p, dir)|STREAM_GAP);
+                    StreamGetAppLayerFlags(ssn, *stream, p)|STREAM_GAP);
            AppLayerProfilingStore(ra_ctx->app_tctx, p);

            StreamTcpSetEvent(p, STREAM_REASSEMBLY_SEQ_GAP);
@ -1102,7 +1093,7 @@ static int ReassembleUpdateAppLayer (ThreadVars *tv,
    /* update the app-layer */
    (void)AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, stream,
            (uint8_t *)mydata, mydata_len,
-            StreamGetAppLayerFlags(ssn, *stream, p, dir));
+            StreamGetAppLayerFlags(ssn, *stream, p));
    AppLayerProfilingStore(ra_ctx->app_tctx, p);

    SCReturnInt(0);
@ -1149,7 +1140,7 @@ int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
            /* send EOF to app layer */
            AppLayerHandleTCPData(tv, ra_ctx, p, p->flow, ssn, &stream,
                                  NULL, 0,
-                                  StreamGetAppLayerFlags(ssn, stream, p, dir));
+                                  StreamGetAppLayerFlags(ssn, stream, p));
            AppLayerProfilingStore(ra_ctx->app_tctx, p);

            SCReturnInt(0);