mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Fix reassembly of data w/ sizes beyond 32-bit capacities (BIT-348).
The main change is that reassembly code (e.g. for TCP) now uses int64/uint64 (signedness is situational) data types in place of int types in order to support delivering data to analyzers that pass 2GB thresholds. There's also changes in logic that accompany the change in data types, e.g. to fix TCP sequence space arithmetic inconsistencies. Another significant change is in the Analyzer API: the *Packet and *Undelivered methods now use a uint64 in place of an int for the relative sequence space offset parameter.
This commit is contained in:
Jon Siwek
parent
2f57c26d5b
commit
2b3c2bd394
75 changed files with 1627 additions and 1540 deletions
|
|
@ -4,13 +4,6 @@
|
|||
#include "Reassem.h"
|
||||
#include "TCP_Endpoint.h"
|
||||
|
||||
// The skip_to_seq feature does not work correctly with connections >2GB due
|
||||
// to use of 32 bit signed ints (see comments in TCP_Reassembler.cc) Since
|
||||
// it's not used by any analyzer or policy script we disable it. Could be
|
||||
// added back in once we start using 64bit integers.
|
||||
//
|
||||
// #define ENABLE_SEQ_TO_SKIP
|
||||
|
||||
class BroFile;
|
||||
class Connection;
|
||||
|
||||
|
|
@ -48,12 +41,12 @@ public:
|
|||
//
|
||||
// If we're not processing contents, then naturally each of
|
||||
// these is empty.
|
||||
void SizeBufferedData(int& waiting_on_hole, int& waiting_on_ack) const;
|
||||
void SizeBufferedData(uint64& waiting_on_hole, uint64& waiting_on_ack) const;
|
||||
|
||||
// How much data is pending delivery since it's not yet reassembled.
|
||||
// Includes the data due to holes (so this value is a bit different
|
||||
// from waiting_on_hole above; and is computed in a different fashion).
|
||||
int NumUndeliveredBytes() const
|
||||
uint64 NumUndeliveredBytes() const
|
||||
{
|
||||
if ( last_block )
|
||||
return last_block->upper - last_reassem_seq;
|
||||
|
|
@ -64,19 +57,15 @@ public:
|
|||
void SetContentsFile(BroFile* f);
|
||||
BroFile* GetContentsFile() const { return record_contents_file; }
|
||||
|
||||
void MatchUndelivered(int up_to_seq = -1);
|
||||
void MatchUndelivered(uint64 up_to_seq, bool use_last_upper);
|
||||
|
||||
#ifdef ENABLE_SEQ_TO_SKIP
|
||||
// Skip up to seq, as if there's a content gap.
|
||||
// Can be used to skip HTTP data for performance considerations.
|
||||
void SkipToSeq(int seq);
|
||||
} } // namespace analyzer::*
|
||||
void SkipToSeq(uint64 seq);
|
||||
|
||||
#endif
|
||||
|
||||
int DataSent(double t, int seq, int len, const u_char* data,
|
||||
int DataSent(double t, uint64 seq, int len, const u_char* data,
|
||||
bool replaying=true);
|
||||
void AckReceived(int seq);
|
||||
void AckReceived(uint64 seq);
|
||||
|
||||
// Checks if we have delivered all contents that we can possibly
|
||||
// deliver for this endpoint. Calls TCP_Analyzer::EndpointEOF()
|
||||
|
|
@ -86,35 +75,32 @@ public:
|
|||
int HasUndeliveredData() const { return HasBlocks(); }
|
||||
int HadGap() const { return had_gap; }
|
||||
int DataPending() const;
|
||||
int DataSeq() const { return LastReassemSeq(); }
|
||||
uint64 DataSeq() const { return LastReassemSeq(); }
|
||||
|
||||
void DeliverBlock(int seq, int len, const u_char* data);
|
||||
virtual void Deliver(int seq, int len, const u_char* data);
|
||||
void DeliverBlock(uint64 seq, int len, const u_char* data);
|
||||
virtual void Deliver(uint64 seq, int len, const u_char* data);
|
||||
|
||||
TCP_Endpoint* Endpoint() { return endp; }
|
||||
const TCP_Endpoint* Endpoint() const { return endp; }
|
||||
|
||||
int IsOrig() const { return endp->IsOrig(); }
|
||||
#ifdef ENABLE_SEQ_TO_SKIP
|
||||
bool IsSkippedContents(int seq, int length) const
|
||||
{ return seq + length <= seq_to_skip; }
|
||||
} } // namespace analyzer::*
|
||||
|
||||
#endif
|
||||
bool IsSkippedContents(uint64 seq, int length) const
|
||||
{ return seq + length <= seq_to_skip; }
|
||||
|
||||
private:
|
||||
TCP_Reassembler() { }
|
||||
|
||||
DECLARE_SERIAL(TCP_Reassembler);
|
||||
|
||||
void Undelivered(int up_to_seq);
|
||||
void Undelivered(uint64 up_to_seq);
|
||||
|
||||
void RecordToSeq(int start_seq, int stop_seq, BroFile* f);
|
||||
void RecordToSeq(uint64 start_seq, uint64 stop_seq, BroFile* f);
|
||||
void RecordBlock(DataBlock* b, BroFile* f);
|
||||
void RecordGap(int start_seq, int upper_seq, BroFile* f);
|
||||
void RecordGap(uint64 start_seq, uint64 upper_seq, BroFile* f);
|
||||
|
||||
void BlockInserted(DataBlock* b);
|
||||
void Overlap(const u_char* b1, const u_char* b2, int n);
|
||||
void Overlap(const u_char* b1, const u_char* b2, uint64 n);
|
||||
|
||||
TCP_Endpoint* endp;
|
||||
|
||||
|
|
@ -123,9 +109,8 @@ private:
|
|||
unsigned int did_EOF:1;
|
||||
unsigned int skip_deliveries:1;
|
||||
|
||||
#ifdef ENABLE_SEQ_TO_SKIP
|
||||
int seq_to_skip;
|
||||
#endif
|
||||
uint64 seq_to_skip;
|
||||
|
||||
bool in_delivery;
|
||||
|
||||
BroFile* record_contents_file; // file on which to reassemble contents
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue