Project

General

Profile

Download (3.61 KB)

Bug #2099 ยป 0001-stream-tcp-add-option-to-accept-invalid-packets.patch

Eric Leblond, 04/27/2017 10:32 AM

View differences:

src/stream-tcp-inline.c
/** defined in stream-tcp-reassemble.c */
extern int stream_inline;
extern int stream_drop_invalid;
/**
* \brief See if stream engine is operating in inline mode
......
return stream_inline;
}
/**
* \brief See if stream engine is dropping invalid packet in inline mode
*
* \retval 0 no
* \retval 1 yes
*/
int StreamTcpInlineDropInvalid(void)
{
return (stream_inline && stream_drop_invalid);
}
/**
* \brief Compare the shared data portion of two segments
*
src/stream-tcp-inline.h
#include "stream-tcp-private.h"
int StreamTcpInlineMode(void);
int StreamTcpInlineDropInvalid(void);
int StreamTcpInlineSegmentCompare(TcpSegment *, TcpSegment *);
void StreamTcpInlineSegmentReplacePacket(Packet *, TcpSegment *);
src/stream-tcp.c
/* stream engine running in "inline" mode. */
int stream_inline = 0;
int stream_drop_invalid = 1;
void StreamTcpIncrMemuse(uint64_t size)
{
......
stream_config.bypass = 0;
}
int drop_invalid = 0;
if ((ConfGetBool("stream.drop-invalid", &drop_invalid)) == 1) {
if (drop_invalid == 1) {
stream_drop_invalid = 1;
} else {
stream_drop_invalid = 0;
}
} else {
stream_drop_invalid = 1;
}
if (!quiet) {
SCLogConfig("stream \"bypass\": %s", bypass ? "enabled" : "disabled");
}
......
ReCalculateChecksum(p);
}
if (StreamTcpInlineMode()) {
if (StreamTcpInlineDropInvalid()) {
PACKET_DROP(p);
}
SCReturnInt(-1);
suricata.yaml.in
# midstream: false # don't allow midstream session pickups
# async-oneside: false # don't enable async stream handling
# inline: no # stream inline mode
# drop-invalid: yes # in inline mode, drop packets that are invalid with regards to streaming engine
# max-synack-queued: 5 # Max different SYN/ACKs to queue
# bypass: no # Bypass packets when stream.depth is reached
#
    (1-1/1)