00001 //--------------------------------------------------------------------------
00002 // Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved.
00003 // Copyright (C) 2005-2013 Sourcefire, Inc.
00004 //
00005 // This program is free software; you can redistribute it and/or modify it
00006 // under the terms of the GNU General Public License Version 2 as published
00007 // by the Free Software Foundation. You may not use, modify or distribute
00008 // this program under any other version of the GNU General Public License.
00009 //
00010 // This program is distributed in the hope that it will be useful, but
00011 // WITHOUT ANY WARRANTY; without even the implied warranty of
00012 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
00013 // General Public License for more details.
00014 //
00015 // You should have received a copy of the GNU General Public License along
00016 // with this program; if not, write to the Free Software Foundation, Inc.,
00017 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
00018 //--------------------------------------------------------------------------
00019
00020 #ifndef TCP_SESSION_H
00021 #define TCP_SESSION_H
00022
00023 #include "stream/libtcp/tcp_stream_session.h"
00024 #include "stream/libtcp/tcp_state_machine.h"
00025 #include "stream/tcp/tcp_tracker.h"
00026
00027 class TcpEventLogger;
00028
00029 class TcpSession : public TcpStreamSession
00030 {
00031 public:
00032 TcpSession(Flow*);
00033 ~TcpSession() override;
00034
00035 bool setup(Packet*) override;
00036 void restart(Packet* p) override;
00037 void precheck(Packet* p) override;
00038 int process(Packet*) override;
00039
00040 void flush() override;
00041 void flush_client(Packet*) override;
00042 void flush_server(Packet*) override;
00043 void flush_talker(Packet*, bool final_flush = false) override;
00044 void flush_listener(Packet*, bool final_flush = false) override;
00045
00046 void clear_session(bool free_flow_data, bool flush_segments, bool restart, Packet* p = nullptr) override;
00047
00048 void set_extra_data(Packet*, uint32_t /*flag*/) override;
00049
00050 void update_perf_base_state(char new_state) override;
00051 TcpStreamTracker::TcpState get_talker_state() override;
00052 TcpStreamTracker::TcpState get_listener_state() override;
00053 void update_timestamp_tracking(TcpSegmentDescriptor&) override;
00054 void update_session_on_rst(TcpSegmentDescriptor&, bool) override;
00055 bool handle_syn_on_reset_session(TcpSegmentDescriptor&) override;
00056 void handle_data_on_syn(TcpSegmentDescriptor&) override;
00057 void update_ignored_session(TcpSegmentDescriptor&) override;
00058 void update_paws_timestamps(TcpSegmentDescriptor&) override;
00059 void check_for_repeated_syn(TcpSegmentDescriptor&) override;
00060 void check_for_session_hijack(TcpSegmentDescriptor&) override;
00061 bool check_for_window_slam(TcpSegmentDescriptor& tsd) override;
00062 void mark_packet_for_drop(TcpSegmentDescriptor&) override;
00063 void handle_data_segment(TcpSegmentDescriptor&) override;
00064
00065 bool validate_packet_established_session(TcpSegmentDescriptor&) override;
00066
00067 private:
00068 void set_os_policy() override;
00069 bool flow_exceeds_config_thresholds(TcpSegmentDescriptor&);
00070 void check_fin_transition_status(TcpSegmentDescriptor&);
00071 void process_tcp_stream(TcpSegmentDescriptor&);
00072 int process_tcp_data(TcpSegmentDescriptor&);
00073 void swap_trackers();
00074 void NewTcpSessionOnSyn(TcpSegmentDescriptor&);
00075 void NewTcpSessionOnSynAck(TcpSegmentDescriptor&);
00076 int process_dis(Packet*);
00077 void update_on_3whs_complete(TcpSegmentDescriptor&);
00078 bool is_flow_handling_packets(Packet*);
00079 void cleanup_session_if_expired(Packet*);
00080 bool do_packet_analysis_pre_checks(Packet*, TcpSegmentDescriptor&);
00081 void do_packet_analysis_post_checks(Packet*);
00082 void flush_tracker(TcpStreamTracker*, Packet*, uint32_t dir, bool final_flush);
00083
00084 TcpStateMachine* tsm;
00085 };
00086
00087 #endif
00088
END OF CODE