1 /*
2  * Copyright (c) 2018-2021, OARC, Inc.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in
14  *    the documentation and/or other materials provided with the
15  *    distribution.
16  *
17  * 3. Neither the name of the copyright holder nor the names of its
18  *    contributors may be used to endorse or promote products derived
19  *    from this software without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25  * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
27  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
29  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
31  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32  * POSSIBILITY OF SUCH DAMAGE.
33  */
34 
35 #include "config.h"
36 
37 #include "tcpstate.h"
38 #include "iaddr.h"
39 #include "log.h"
40 #include "tcpreasm.h"
41 
42 #define MAX_TCP_IDLE_TIME 600
43 #define MAX_TCP_IDLE_COUNT 4096
44 #define TCP_GC_TIME 60
45 
tcpstate_find(iaddr from,iaddr to,unsigned sport,unsigned dport,time_t t)46 tcpstate_ptr tcpstate_find(iaddr from, iaddr to, unsigned sport, unsigned dport, time_t t)
47 {
48     static time_t next_gc = 0;
49     tcpstate_ptr  tcpstate;
50 
51     for (tcpstate = HEAD(tcpstates);
52          tcpstate != NULL;
53          tcpstate = NEXT(tcpstate, link)) {
54         if (ia_equal(tcpstate->saddr, from) && ia_equal(tcpstate->daddr, to) && tcpstate->sport == sport && tcpstate->dport == dport)
55             break;
56     }
57     if (tcpstate != NULL) {
58         tcpstate->last_use = t;
59         if (tcpstate != HEAD(tcpstates)) {
60             /* move to beginning of list */
61             UNLINK(tcpstates, tcpstate, link);
62             PREPEND(tcpstates, tcpstate, link);
63         }
64     }
65 
66     if (t >= next_gc || tcpstate_count > MAX_TCP_IDLE_COUNT) {
67         /* garbage collect stale states */
68         time_t min_last_use = t - MAX_TCP_IDLE_TIME;
69         while ((tcpstate = TAIL(tcpstates)) && tcpstate->last_use < min_last_use) {
70             UNLINK(tcpstates, tcpstate, link);
71             tcpstate_count--;
72         }
73         next_gc = t + TCP_GC_TIME;
74     }
75 
76     return tcpstate;
77 }
78 
tcpstate_new(iaddr from,iaddr to,unsigned sport,unsigned dport)79 tcpstate_ptr tcpstate_new(iaddr from, iaddr to, unsigned sport, unsigned dport)
80 {
81 
82     tcpstate_ptr tcpstate = calloc(1, sizeof *tcpstate);
83     if (tcpstate == NULL) {
84         /* Out of memory; recycle the least recently used */
85         logerr("warning: out of memory, "
86                "discarding some TCP state early");
87         tcpstate = TAIL(tcpstates);
88         assert(tcpstate != NULL);
89     } else {
90         tcpstate_count++;
91     }
92     tcpstate->saddr = from;
93     tcpstate->daddr = to;
94     tcpstate->sport = sport;
95     tcpstate->dport = dport;
96     INIT_LINK(tcpstate, link);
97     PREPEND(tcpstates, tcpstate, link);
98     return tcpstate;
99 }
100 
101 /* Discard this packet.  If it's part of TCP stream, all subsequent pkts on
102  * the same tcp stream will also be discarded. */
tcpstate_discard(tcpstate_ptr tcpstate,const char * msg)103 void tcpstate_discard(tcpstate_ptr tcpstate, const char* msg)
104 {
105     if (dumptrace >= 3 && msg)
106         fprintf(stderr, "discarding packet: %s\n", msg);
107     if (tcpstate) {
108         UNLINK(tcpstates, tcpstate, link);
109         if (tcpstate->reasm) {
110             tcpreasm_free(tcpstate->reasm);
111         }
112         free(tcpstate);
113         tcpstate_count--;
114         return;
115     }
116 }
117 
118 tcpstate_ptr _curr_tcpstate = 0;
119 
tcpstate_getcurr(void)120 tcpstate_ptr tcpstate_getcurr(void)
121 {
122     return _curr_tcpstate;
123 }
124 
tcpstate_reset(tcpstate_ptr tcpstate,const char * msg)125 void tcpstate_reset(tcpstate_ptr tcpstate, const char* msg)
126 {
127     if (options.allow_reset_tcpstate && tcpstate) {
128         if (dumptrace >= 3 && msg)
129             fprintf(stderr, "resetting tcpstate: %s\n", msg);
130 
131         tcpstate->start   = tcpstate->currseq;
132         tcpstate->maxdiff = 0;
133         tcpstate->dnslen  = 0;
134         tcpstate->lastdns = tcpstate->currseq + tcpstate->currlen;
135 
136         if (tcpstate->reasm) {
137             tcpreasm_reset(tcpstate->reasm);
138             tcpstate->reasm->seq_start = tcpstate->start;
139         }
140     }
141 }
142