stream: implement config option for SYN queue

Default to allowing 10 SYNs to not trigger an event on a connection attempt that times out.
e-cite · Feb 24, 2023 · 3948b16 · 3948b16
1 parent d037738
commit 3948b16
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 1 deletion.
diff --git a/src/stream-tcp.c b/src/stream-tcp.c
@@ -87,6 +87,7 @@
 #define STREAMTCP_DEFAULT_REASSEMBLY_MEMCAP     (256 * 1024 * 1024) /* 256mb */
 #define STREAMTCP_DEFAULT_TOSERVER_CHUNK_SIZE   2560
 #define STREAMTCP_DEFAULT_TOCLIENT_CHUNK_SIZE   2560
+#define STREAMTCP_DEFAULT_MAX_SYN_QUEUED        10
 #define STREAMTCP_DEFAULT_MAX_SYNACK_QUEUED     5
 
 static int StreamTcpHandleFin(ThreadVars *tv, StreamTcpThread *, TcpSession *, Packet *);
@@ -503,6 +504,19 @@ void StreamTcpInitConfig(bool quiet)
         stream_config.flags |= STREAMTCP_INIT_FLAG_DROP_INVALID;
     }
 
+    if ((ConfGetInt("stream.max-syn-queued", &value)) == 1) {
+        if (value >= 0 && value <= 255) {
+            stream_config.max_syn_queued = (uint8_t)value;
+        } else {
+            stream_config.max_syn_queued = (uint8_t)STREAMTCP_DEFAULT_MAX_SYN_QUEUED;
+        }
+    } else {
+        stream_config.max_syn_queued = (uint8_t)STREAMTCP_DEFAULT_MAX_SYN_QUEUED;
+    }
+    if (!quiet) {
+        SCLogConfig("stream \"max-syn-queued\": %" PRIu8, stream_config.max_syn_queued);
+    }
+
     if ((ConfGetInt("stream.max-synack-queued", &value)) == 1) {
         if (value >= 0 && value <= 255) {
             stream_config.max_synack_queued = (uint8_t)value;
@@ -1655,7 +1669,7 @@ static int StreamTcp3whsStoreSyn(TcpSession *ssn, Packet *p)
     if (ssn->queue != NULL && StreamTcp3whsFindSyn(ssn, &search) != NULL)
         return 0;
 
-    if (ssn->queue_len == stream_config.max_synack_queued) { // TODO
+    if (ssn->queue_len == stream_config.max_syn_queued) {
         SCLogDebug("ssn %p: =~ SYN queue limit reached", ssn);
         StreamTcpSetEvent(p, STREAM_3WHS_SYN_FLOOD);
         return -1;

diff --git a/src/stream-tcp.h b/src/stream-tcp.h
@@ -59,6 +59,7 @@ typedef struct TcpStreamCnf_ {
     bool midstream;
     bool async_oneside;
     bool streaming_log_api;
+    uint8_t max_syn_queued;
 
     uint32_t reassembly_depth;  /**< Depth until when we reassemble the stream */
 

diff --git a/suricata.yaml.in b/suricata.yaml.in
@@ -1484,6 +1484,7 @@ flow-timeouts:
 #   async-oneside: false        # don't enable async stream handling
 #   inline: no                  # stream inline mode
 #   drop-invalid: yes           # in inline mode, drop packets that are invalid with regards to streaming engine
+#   max-syn-queued: 10          # Max different SYNs to queue
 #   max-synack-queued: 5        # Max different SYN/ACKs to queue
 #   bypass: no                  # Bypass packets when stream.reassembly.depth is reached.
 #                               # Warning: first side to reach this triggers