Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/robin/gh-2426-flipping'

Browse source 
* origin/topic/robin/gh-2426-flipping:
  Fixing productive connections with missing SYN still considered partial after flipping direction.
  Add some missing bits when flipping endpoints.
This commit is contained in:
Robin Sommer 2022-11-18 11:49:47 +01:00
commit d2585e21be
No known key found for this signature in database
GPG key ID: D8187293B3FFE5D0
10 changed files with 62 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc
View file

@ -787,6 +787,11 @@ void TCPSessionAdapter::SetPartialStatus(analyzer::tcp::TCP_Flags flags, bool is
}
}
void TCPSessionAdapter::SetFirstPacketSeen(bool is_orig)
{
first_packet_seen |= (is_orig ? ORIG : RESP);
}
void TCPSessionAdapter::UpdateInactiveState(double t, analyzer::tcp::TCP_Endpoint* endpoint,
analyzer::tcp::TCP_Endpoint* peer, uint32_t base_seq,
uint32_t ack_seq, int len, bool is_orig,
@ -829,6 +834,7 @@ void TCPSessionAdapter::UpdateInactiveState(double t, analyzer::tcp::TCP_Endpoin
is_partial = 0;
Conn()->FlipRoles();
peer->SetState(analyzer::tcp::TCP_ENDPOINT_ESTABLISHED);
SetFirstPacketSeen(true);
}
else
@ -913,6 +919,7 @@ void TCPSessionAdapter::UpdateInactiveState(double t, analyzer::tcp::TCP_Endpoin
// as partial and instead establish the connection.
endpoint->SetState(analyzer::tcp::TCP_ENDPOINT_ESTABLISHED);
is_partial = 0;
SetFirstPacketSeen(is_orig);
}
else
@ -1162,6 +1169,9 @@ void TCPSessionAdapter::FlipRoles()
orig = tmp_ep;
orig->is_orig = ! orig->is_orig;
resp->is_orig = ! resp->is_orig;
first_packet_seen = ((first_packet_seen & ORIG) ? RESP : 0) |
((first_packet_seen & RESP) ? ORIG : 0);
is_partial = 0; // resetting, it may be re-established later
}
void TCPSessionAdapter::UpdateConnVal(RecordVal* conn_val)