Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/overlapping tcp segments #1898

Merged
merged 3 commits into from
Jun 27, 2016
Merged

Fix/overlapping tcp segments #1898

merged 3 commits into from
Jun 27, 2016

Conversation

urso
Copy link

@urso urso commented Jun 22, 2016

No description provided.

@urso urso force-pushed the fix/overlapping-tcp-segments branch from cadbbc5 to 026d4fd Compare June 22, 2016 14:29
@urso urso added the review label Jun 22, 2016
ruflin
ruflin reviewed Jun 22, 2016
View reviewed changes
packetbeat/protos/tcp/tcp.go
delta := lastSeq - tcpStartSeq

// if 'overlap' already covered by previous packet -> return
if int(delta) >= len(pkt.Payload) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we add at least a debug log message here?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

debug message is ok. but this is perfectly valid behavior.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rethinking this case, it's impossible to trigger this condition due to tcpSeq already compared to lastSeq and if reset, packet is dropped.

@ruflin
Copy link
Member

ruflin commented Jun 22, 2016

LGTM. Worth backporting?

@urso
Copy link
Author

urso commented Jun 22, 2016

Yeah. in presence of overlapping resends, application layer parser are likely to trip or generate panic.

@ruflin ruflin added the needs_backport PR is waiting to be backported to other branches. label Jun 22, 2016
@ruflin
Copy link
Member

ruflin commented Jun 22, 2016

I added the backport layer. There seem to be quite some packetbeat system tests that are failing ...

@urso urso force-pushed the fix/overlapping-tcp-segments branch from 31634fb to 18ebe01 Compare June 22, 2016 16:34
@urso urso mentioned this pull request Jun 23, 2016
Closed
@urso urso force-pushed the fix/overlapping-tcp-segments branch from 18ebe01 to 5401d12 Compare June 23, 2016 13:00
@urso urso force-pushed the fix/overlapping-tcp-segments branch from 5401d12 to c44d735 Compare June 27, 2016 10:16
@tsg tsg merged commit 391e840 into elastic:master Jun 27, 2016
urso pushed a commit to urso/beats that referenced this pull request Jun 27, 2016
Backport fix for overlapping tcp segments (elastic#1898)
a3c415c 
* TCP table driven unit test
* Fix tcp segments overlaps
tsg pushed a commit that referenced this pull request Jul 19, 2016
@tsg
Backport fix for overlapping tcp segments (#1898) (#1917)
285717b 
* TCP table driven unit test
* Fix tcp segments overlaps
@tsg tsg removed the needs_backport PR is waiting to be backported to other branches. label Sep 22, 2016
@urso urso deleted the fix/overlapping-tcp-segments branch February 19, 2019 18:31
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
@tsg
Backport fix for overlapping tcp segments (elastic#1898) (elastic#1917)
3fd2609 
* TCP table driven unit test
* Fix tcp segments overlaps
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug Packetbeat review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@urso @ruflin @tsg