/**
* \internal
* \brief Forces reassembly for flows that need it.
*
* When this function is called we're running in virtually dead engine,
* so locking the flows is not strictly required. The reasons it is still
* done are:
* - code consistency
* - silence complaining profilers
* - allow us to aggressively check using debug valdation assertions
* - be robust in case of future changes
* - locking overhead if neglectable when no other thread fights us
*
* \param q The queue to process flows from.
*/
static inline void FlowForceReassemblyForHash(void)
{
Flow *f;
TcpSession *ssn;
int client_ok;
int server_ok;
int tcp_needs_inspection;
uint32_t idx = 0;
/* We use this packet just for reassembly purpose */
Packet *reassemble_p = PacketGetFromAlloc();
if (reassemble_p == NULL)
return;
for (idx = 0; idx < flow_config.hash_size; idx++) {
FlowBucket *fb = &flow_hash[idx];
FBLOCK_LOCK(fb);
/* get the topmost flow from the QUEUE */
f = fb->head;
/* we need to loop through all the flows in the queue */
while (f != NULL) {
PACKET_RECYCLE(reassemble_p);
FLOWLOCK_WRLOCK(f);
/* Get the tcp session for the flow */
ssn = (TcpSession *)f->protoctx;
/* \todo Also skip flows that shouldn't be inspected */
if (ssn == NULL) {
FLOWLOCK_UNLOCK(f);
f = f->hnext;
continue;
}
/* ah ah! We have some unattended toserver segments */
if ((client_ok = StreamHasUnprocessedSegments(ssn, 0)) == 1) {
StreamTcpThread *stt = SC_ATOMIC_GET(stream_pseudo_pkt_stream_tm_slot->slot_data);
ssn->client.last_ack = (ssn->client.seg_list_tail->seq +
ssn->client.seg_list_tail->payload_len);
FlowForceReassemblyPseudoPacketSetup(reassemble_p, 1, f, ssn, 1);
StreamTcpReassembleHandleSegment(stream_pseudo_pkt_stream_TV,
stt->ra_ctx, ssn, &ssn->server,
reassemble_p, NULL);
FlowDeReference(&reassemble_p->flow);
if (StreamTcpReassembleProcessAppLayer(stt->ra_ctx) < 0) {
SCLogDebug("shutdown flow timeout "
"StreamTcpReassembleProcessAppLayer() erroring "
"over something");
}
}
/* oh oh! We have some unattended toclient segments */
if ((server_ok = StreamHasUnprocessedSegments(ssn, 1)) == 1) {
StreamTcpThread *stt = SC_ATOMIC_GET(stream_pseudo_pkt_stream_tm_slot->slot_data);
ssn->server.last_ack = (ssn->server.seg_list_tail->seq +
ssn->server.seg_list_tail->payload_len);
FlowForceReassemblyPseudoPacketSetup(reassemble_p, 0, f, ssn, 1);
StreamTcpReassembleHandleSegment(stream_pseudo_pkt_stream_TV,
stt->ra_ctx, ssn, &ssn->client,
reassemble_p, NULL);
FlowDeReference(&reassemble_p->flow);
if (StreamTcpReassembleProcessAppLayer(stt->ra_ctx) < 0) {
SCLogDebug("shutdown flow timeout "
"StreamTcpReassembleProcessAppLayer() erroring "
"over something");
}
}
if (ssn->state >= TCP_ESTABLISHED && ssn->state != TCP_CLOSED)
tcp_needs_inspection = 1;
else
tcp_needs_inspection = 0;
FLOWLOCK_UNLOCK(f);
/* insert a pseudo packet in the toserver direction */
if (client_ok || tcp_needs_inspection)
{
FLOWLOCK_WRLOCK(f);
Packet *p = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 1);
FLOWLOCK_UNLOCK(f);
if (p == NULL) {
TmqhOutputPacketpool(NULL, reassemble_p);
FBLOCK_UNLOCK(fb);
return;
}
PKT_SET_SRC(p, PKT_SRC_FFR_SHUTDOWN);
if (stream_pseudo_pkt_detect_prev_TV != NULL) {
stream_pseudo_pkt_detect_prev_TV->
tmqh_out(stream_pseudo_pkt_detect_prev_TV, p);
} else {
TmSlot *s = stream_pseudo_pkt_detect_tm_slot;
while (s != NULL) {
TmSlotFunc SlotFunc = SC_ATOMIC_GET(s->SlotFunc);
SlotFunc(NULL, p, SC_ATOMIC_GET(s->slot_data), &s->slot_pre_pq,
&s->slot_post_pq);
s = s->slot_next;
}
if (stream_pseudo_pkt_detect_TV != NULL) {
stream_pseudo_pkt_detect_TV->
tmqh_out(stream_pseudo_pkt_detect_TV, p);
} else {
TmqhOutputPacketpool(NULL, p);
}
}
} /* if (ssn->client.seg_list != NULL) */
if (server_ok || tcp_needs_inspection)
{
FLOWLOCK_WRLOCK(f);
Packet *p = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
FLOWLOCK_UNLOCK(f);
if (p == NULL) {
TmqhOutputPacketpool(NULL, reassemble_p);
FBLOCK_UNLOCK(fb);
return;
}
PKT_SET_SRC(p, PKT_SRC_FFR_SHUTDOWN);
if (stream_pseudo_pkt_detect_prev_TV != NULL) {
stream_pseudo_pkt_detect_prev_TV->
tmqh_out(stream_pseudo_pkt_detect_prev_TV, p);
} else {
TmSlot *s = stream_pseudo_pkt_detect_tm_slot;
while (s != NULL) {
TmSlotFunc SlotFunc = SC_ATOMIC_GET(s->SlotFunc);
SlotFunc(NULL, p, SC_ATOMIC_GET(s->slot_data), &s->slot_pre_pq,
&s->slot_post_pq);
s = s->slot_next;
}
if (stream_pseudo_pkt_detect_TV != NULL) {
stream_pseudo_pkt_detect_TV->
tmqh_out(stream_pseudo_pkt_detect_TV, p);
} else {
TmqhOutputPacketpool(NULL, p);
}
}
} /* if (ssn->server.seg_list != NULL) */
/* next flow in the queue */
f = f->hnext;
} /* while (f != NULL) */
FBLOCK_UNLOCK(fb);
}
PKT_SET_SRC(reassemble_p, PKT_SRC_FFR_SHUTDOWN);
TmqhOutputPacketpool(NULL, reassemble_p);
return;
}
/**
* \internal
* \brief Forces reassembly for flows that need it.
*
* When this function is called we're running in virtually dead engine,
* so locking the flows is not strictly required. The reasons it is still
* done are:
* - code consistency
* - silence complaining profilers
* - allow us to aggressively check using debug valdation assertions
* - be robust in case of future changes
* - locking overhead if neglectable when no other thread fights us
*
* \param q The queue to process flows from.
*/
static inline void FlowForceReassemblyForHash(void)
{
Flow *f;
TcpSession *ssn;
int client_ok;
int server_ok;
uint32_t idx = 0;
/* We use this packet just for reassembly purpose */
Packet *reassemble_p = PacketGetFromAlloc();
if (reassemble_p == NULL)
return;
for (idx = 0; idx < flow_config.hash_size; idx++) {
FlowBucket *fb = &flow_hash[idx];
FBLOCK_LOCK(fb);
/* get the topmost flow from the QUEUE */
f = fb->head;
/* we need to loop through all the flows in the queue */
while (f != NULL) {
PACKET_RECYCLE(reassemble_p);
FLOWLOCK_WRLOCK(f);
/* Get the tcp session for the flow */
ssn = (TcpSession *)f->protoctx;
/* \todo Also skip flows that shouldn't be inspected */
if (ssn == NULL) {
FLOWLOCK_UNLOCK(f);
f = f->hnext;
continue;
}
(void)FlowForceReassemblyNeedReassembly(f, &server_ok, &client_ok);
/* ah ah! We have some unattended toserver segments */
if (client_ok == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) {
StreamTcpThread *stt = SC_ATOMIC_GET(stream_pseudo_pkt_stream_tm_slot->slot_data);
ssn->client.last_ack = (ssn->client.seg_list_tail->seq +
ssn->client.seg_list_tail->payload_len);
FlowForceReassemblyPseudoPacketSetup(reassemble_p, 1, f, ssn, 1);
StreamTcpReassembleHandleSegment(stream_pseudo_pkt_stream_TV,
stt->ra_ctx, ssn, &ssn->server,
reassemble_p, NULL);
FlowDeReference(&reassemble_p->flow);
}
/* oh oh! We have some unattended toclient segments */
if (server_ok == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) {
StreamTcpThread *stt = SC_ATOMIC_GET(stream_pseudo_pkt_stream_tm_slot->slot_data);
ssn->server.last_ack = (ssn->server.seg_list_tail->seq +
ssn->server.seg_list_tail->payload_len);
FlowForceReassemblyPseudoPacketSetup(reassemble_p, 0, f, ssn, 1);
StreamTcpReassembleHandleSegment(stream_pseudo_pkt_stream_TV,
stt->ra_ctx, ssn, &ssn->client,
reassemble_p, NULL);
FlowDeReference(&reassemble_p->flow);
}
FLOWLOCK_UNLOCK(f);
/* insert a pseudo packet in the toserver direction */
if (client_ok) {
FLOWLOCK_WRLOCK(f);
Packet *p = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 1);
FLOWLOCK_UNLOCK(f);
if (p == NULL) {
TmqhOutputPacketpool(NULL, reassemble_p);
FBLOCK_UNLOCK(fb);
return;
}
PKT_SET_SRC(p, PKT_SRC_FFR_SHUTDOWN);
if (stream_pseudo_pkt_detect_prev_TV != NULL) {
stream_pseudo_pkt_detect_prev_TV->
tmqh_out(stream_pseudo_pkt_detect_prev_TV, p);
} else {
TmSlot *s = stream_pseudo_pkt_detect_tm_slot;
while (s != NULL) {
TmSlotFunc SlotFunc = SC_ATOMIC_GET(s->SlotFunc);
SlotFunc(NULL, p, SC_ATOMIC_GET(s->slot_data), &s->slot_pre_pq,
&s->slot_post_pq);
s = s->slot_next;
}
if (stream_pseudo_pkt_detect_TV != NULL) {
stream_pseudo_pkt_detect_TV->
tmqh_out(stream_pseudo_pkt_detect_TV, p);
} else {
TmqhOutputPacketpool(NULL, p);
}
}
}
if (server_ok) {
FLOWLOCK_WRLOCK(f);
Packet *p = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
FLOWLOCK_UNLOCK(f);
if (p == NULL) {
TmqhOutputPacketpool(NULL, reassemble_p);
FBLOCK_UNLOCK(fb);
return;
}
PKT_SET_SRC(p, PKT_SRC_FFR_SHUTDOWN);
if (stream_pseudo_pkt_detect_prev_TV != NULL) {
stream_pseudo_pkt_detect_prev_TV->
tmqh_out(stream_pseudo_pkt_detect_prev_TV, p);
} else {
TmSlot *s = stream_pseudo_pkt_detect_tm_slot;
while (s != NULL) {
TmSlotFunc SlotFunc = SC_ATOMIC_GET(s->SlotFunc);
SlotFunc(NULL, p, SC_ATOMIC_GET(s->slot_data), &s->slot_pre_pq,
&s->slot_post_pq);
s = s->slot_next;
}
if (stream_pseudo_pkt_detect_TV != NULL) {
stream_pseudo_pkt_detect_TV->
tmqh_out(stream_pseudo_pkt_detect_TV, p);
} else {
TmqhOutputPacketpool(NULL, p);
}
}
}
/* next flow in the queue */
f = f->hnext;
}
FBLOCK_UNLOCK(fb);
}
PKT_SET_SRC(reassemble_p, PKT_SRC_FFR_SHUTDOWN);
TmqhOutputPacketpool(NULL, reassemble_p);
return;
}
/**
* \internal
* \brief Forces reassembly for flow if it needs it.
*
* The function requires flow to be locked beforehand.
*
* \param f Pointer to the flow.
* \param server action required for server: 1 or 2
* \param client action required for client: 1 or 2
*
* \retval 0 This flow doesn't need any reassembly processing; 1 otherwise.
*/
int FlowForceReassemblyForFlowV2(Flow *f, int server, int client)
{
Packet *p1 = NULL, *p2 = NULL, *p3 = NULL;
TcpSession *ssn;
/* looks like we have no flows in this queue */
if (f == NULL) {
return 0;
}
/* Get the tcp session for the flow */
ssn = (TcpSession *)f->protoctx;
if (ssn == NULL) {
return 0;
}
/* The packets we use are based on what segments in what direction are
* unprocessed.
* p1 if we have client segments for reassembly purpose only. If we
* have no server segments p2 can be a toserver packet with dummy
* seq/ack, and if we have server segments p2 has to carry out reassembly
* for server segment as well, in which case we will also need a p3 in the
* toclient which is now dummy since all we need it for is detection */
/* insert a pseudo packet in the toserver direction */
if (client == 1) {
p1 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 0);
if (p1 == NULL) {
return 1;
}
PKT_SET_SRC(p1, PKT_SRC_FFR_V2);
if (server == 1) {
p2 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 0);
if (p2 == NULL) {
FlowDeReference(&p1->flow);
TmqhOutputPacketpool(NULL, p1);
return 1;
}
PKT_SET_SRC(p2, PKT_SRC_FFR_V2);
p3 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
if (p3 == NULL) {
FlowDeReference(&p1->flow);
TmqhOutputPacketpool(NULL, p1);
FlowDeReference(&p2->flow);
TmqhOutputPacketpool(NULL, p2);
return 1;
}
PKT_SET_SRC(p3, PKT_SRC_FFR_V2);
} else {
p2 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 1);
if (p2 == NULL) {
FlowDeReference(&p1->flow);
TmqhOutputPacketpool(NULL, p1);
return 1;
}
PKT_SET_SRC(p2, PKT_SRC_FFR_V2);
}
} else if (client == 2) {
if (server == 1) {
p1 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 0);
if (p1 == NULL) {
return 1;
}
PKT_SET_SRC(p1, PKT_SRC_FFR_V2);
p2 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
if (p2 == NULL) {
FlowDeReference(&p1->flow);
TmqhOutputPacketpool(NULL, p1);
return 1;
}
PKT_SET_SRC(p2, PKT_SRC_FFR_V2);
} else {
p1 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 1);
if (p1 == NULL) {
return 1;
}
PKT_SET_SRC(p1, PKT_SRC_FFR_V2);
if (server == 2) {
p2 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
if (p2 == NULL) {
FlowDeReference(&p1->flow);
TmqhOutputPacketpool(NULL, p1);
return 1;
}
PKT_SET_SRC(p2, PKT_SRC_FFR_V2);
}
}
} else {
if (server == 1) {
p1 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 0);
if (p1 == NULL) {
return 1;
}
PKT_SET_SRC(p1, PKT_SRC_FFR_V2);
p2 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
if (p2 == NULL) {
FlowDeReference(&p1->flow);
TmqhOutputPacketpool(NULL, p1);
return 1;
}
PKT_SET_SRC(p2, PKT_SRC_FFR_V2);
} else if (server == 2) {
p1 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
if (p1 == NULL) {
return 1;
}
PKT_SET_SRC(p1, PKT_SRC_FFR_V2);
} else {
/* impossible */
BUG_ON(1);
}
}
f->flags |= FLOW_TIMEOUT_REASSEMBLY_DONE;
SCMutexLock(&stream_pseudo_pkt_decode_tm_slot->slot_post_pq.mutex_q);
PacketEnqueue(&stream_pseudo_pkt_decode_tm_slot->slot_post_pq, p1);
if (p2 != NULL)
PacketEnqueue(&stream_pseudo_pkt_decode_tm_slot->slot_post_pq, p2);
if (p3 != NULL)
PacketEnqueue(&stream_pseudo_pkt_decode_tm_slot->slot_post_pq, p3);
SCMutexUnlock(&stream_pseudo_pkt_decode_tm_slot->slot_post_pq.mutex_q);
if (stream_pseudo_pkt_decode_TV->inq != NULL) {
SCCondSignal(&trans_q[stream_pseudo_pkt_decode_TV->inq->id].cond_q);
}
return 1;
}
/**
* \internal
* \brief Forces reassembly for flow if it needs it.
*
* The function requires flow to be locked beforehand.
*
* \param f Pointer to the flow.
* \param server action required for server: 1 or 2
* \param client action required for client: 1 or 2
*
* \retval 0 This flow doesn't need any reassembly processing; 1 otherwise.
*/
int FlowForceReassemblyForFlow(Flow *f, int server, int client)
{
Packet *p1 = NULL, *p2 = NULL, *p3 = NULL;
TcpSession *ssn;
/* looks like we have no flows in this queue */
if (f == NULL) {
return 0;
}
/* Get the tcp session for the flow */
ssn = (TcpSession *)f->protoctx;
if (ssn == NULL) {
return 0;
}
/* The packets we use are based on what segments in what direction are
* unprocessed.
* p1 if we have client segments for reassembly purpose only. If we
* have no server segments p2 can be a toserver packet with dummy
* seq/ack, and if we have server segments p2 has to carry out reassembly
* for server segment as well, in which case we will also need a p3 in the
* toclient which is now dummy since all we need it for is detection */
/* insert a pseudo packet in the toserver direction */
if (client == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) {
p1 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 0);
if (p1 == NULL) {
goto done;
}
PKT_SET_SRC(p1, PKT_SRC_FFR);
if (server == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) {
p2 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 0);
if (p2 == NULL) {
FlowDeReference(&p1->flow);
TmqhOutputPacketpool(NULL, p1);
goto done;
}
PKT_SET_SRC(p2, PKT_SRC_FFR);
p3 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
if (p3 == NULL) {
FlowDeReference(&p1->flow);
TmqhOutputPacketpool(NULL, p1);
FlowDeReference(&p2->flow);
TmqhOutputPacketpool(NULL, p2);
goto done;
}
PKT_SET_SRC(p3, PKT_SRC_FFR);
} else {
p2 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 1);
if (p2 == NULL) {
FlowDeReference(&p1->flow);
TmqhOutputPacketpool(NULL, p1);
goto done;
}
PKT_SET_SRC(p2, PKT_SRC_FFR);
}
} else if (client == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION) {
if (server == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) {
p1 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 0);
if (p1 == NULL) {
goto done;
}
PKT_SET_SRC(p1, PKT_SRC_FFR);
p2 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
if (p2 == NULL) {
FlowDeReference(&p1->flow);
TmqhOutputPacketpool(NULL, p1);
goto done;
}
PKT_SET_SRC(p2, PKT_SRC_FFR);
} else {
p1 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 1);
if (p1 == NULL) {
goto done;
}
PKT_SET_SRC(p1, PKT_SRC_FFR);
if (server == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION) {
p2 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
if (p2 == NULL) {
FlowDeReference(&p1->flow);
TmqhOutputPacketpool(NULL, p1);
goto done;
}
PKT_SET_SRC(p2, PKT_SRC_FFR);
}
}
} else {
if (server == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_REASSEMBLY) {
p1 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 0);
if (p1 == NULL) {
goto done;
}
PKT_SET_SRC(p1, PKT_SRC_FFR);
p2 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
if (p2 == NULL) {
FlowDeReference(&p1->flow);
TmqhOutputPacketpool(NULL, p1);
goto done;
}
PKT_SET_SRC(p2, PKT_SRC_FFR);
} else if (server == STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION) {
p1 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
if (p1 == NULL) {
goto done;
}
PKT_SET_SRC(p1, PKT_SRC_FFR);
} else {
/* impossible */
BUG_ON(1);
}
}
/* inject the packet(s) into the appropriate thread */
int thread_id = (int)f->thread_id;
Packet *packets[4] = { p1, p2 ? p2 : p3, p2 ? p3 : NULL, NULL }; /**< null terminated array of packets */
if (unlikely(!(TmThreadsInjectPacketsById(packets, thread_id)))) {
FlowDeReference(&p1->flow);
TmqhOutputPacketpool(NULL, p1);
if (p2) {
FlowDeReference(&p2->flow);
TmqhOutputPacketpool(NULL, p2);
}
if (p3) {
FlowDeReference(&p3->flow);
TmqhOutputPacketpool(NULL, p3);
}
}
/* done, in case of error (no packet) we still tag flow as complete
* as we're probably resource stress if we couldn't get packets */
done:
f->flags |= FLOW_TIMEOUT_REASSEMBLY_DONE;
return 1;
}
