/** * \brief Update stream with SACK records from a TCP packet. * * \param stream The stream to update. * \param p packet to get the SACK records from * * \retval -1 error * \retval 0 ok */ int StreamTcpSackUpdatePacket(TcpStream *stream, Packet *p) { int records = TCP_GET_SACK_CNT(p); int record = 0; TCPOptSackRecord *sack_rec = (TCPOptSackRecord *)(TCP_GET_SACK_PTR(p)); for (record = 0; record < records; record++) { SCLogDebug("%p last_ack %u, left edge %u, right edge %u", sack_rec, stream->last_ack, ntohl(sack_rec->le), ntohl(sack_rec->re)); if (SEQ_LEQ(ntohl(sack_rec->re), stream->last_ack)) { SCLogDebug("record before last_ack"); goto next; } /** \todo need a metric to a check for a right edge limit */ /* if (SEQ_GT(ntohl(sack_rec->re), stream->next_seq)) { SCLogDebug("record beyond next_seq %u", stream->next_seq); goto next; } */ if (SEQ_GEQ(ntohl(sack_rec->le), ntohl(sack_rec->re))) { SCLogDebug("invalid record: le >= re"); goto next; } if (StreamTcpSackInsertRange(stream, ntohl(sack_rec->le), ntohl(sack_rec->re)) == -1) { SCReturnInt(-1); } next: sack_rec++; } #ifdef DEBUG StreamTcpSackPrintList(stream); #endif SCReturnInt(0); }
static int TCPGetSackTest01(void) { int retval = 0; static uint8_t raw_tcp[] = { 0x00, 0x50, 0x06, 0xa6, 0xfa, 0x87, 0x0b, 0xf5, 0xf1, 0x59, 0x02, 0xe0, 0xa0, 0x10, 0x3e, 0xbc, 0x1d, 0xe7, 0x00, 0x00, 0x01, 0x01, 0x05, 0x12, 0xf1, 0x59, 0x13, 0xfc, 0xf1, 0x59, 0x1f, 0x64, 0xf1, 0x59, 0x08, 0x94, 0xf1, 0x59, 0x0e, 0x48 }; static uint8_t raw_tcp_sack[] = { 0xf1, 0x59, 0x13, 0xfc, 0xf1, 0x59, 0x1f, 0x64, 0xf1, 0x59, 0x08, 0x94, 0xf1, 0x59, 0x0e, 0x48 }; Packet *p = PacketGetFromAlloc(); if (unlikely(p == NULL)) return 0; IPV4Hdr ip4h; ThreadVars tv; DecodeThreadVars dtv; memset(&tv, 0, sizeof(ThreadVars)); memset(&dtv, 0, sizeof(DecodeThreadVars)); memset(&ip4h, 0, sizeof(IPV4Hdr)); p->src.family = AF_INET; p->dst.family = AF_INET; p->ip4h = &ip4h; FlowInitConfig(FLOW_QUIET); DecodeTCP(&tv, &dtv, p, raw_tcp, sizeof(raw_tcp), NULL); if (p->tcph == NULL) { printf("tcp packet decode failed: "); goto end; } if (!TCP_HAS_SACK(p)) { printf("tcp packet sack not decoded: "); goto end; } int sack = TCP_GET_SACK_CNT(p); if (sack != 2) { printf("expected 2 sack records, got %u: ", TCP_GET_SACK_CNT(p)); goto end; } uint8_t *sackptr = TCP_GET_SACK_PTR(p); if (sackptr == NULL) { printf("no sack data: "); goto end; } if (memcmp(sackptr, raw_tcp_sack, 16) != 0) { printf("malformed sack data: "); goto end; } retval = 1; end: PACKET_RECYCLE(p); FlowShutdown(); SCFree(p); return retval; }