]>
Commit | Line | Data |
---|---|---|
73d18835 MT |
1 | From 511648b3d7a4b5a5b4d55b92dffd63fcb23903a0 Mon Sep 17 00:00:00 2001 |
2 | From: Michael Tremer <michael.tremer@ipfire.org> | |
3 | Date: Fri, 19 Nov 2021 17:17:47 +0000 | |
4 | Subject: [PATCH] stream: tcp: Handle retransmitted SYN with TSval | |
5 | ||
6 | For connections that use TCP timestamps for which the first SYN packet | |
7 | does not reach the server, any replies to retransmitted SYNs will be | |
8 | tropped. | |
9 | ||
10 | This is happening in StateSynSentValidateTimestamp, where the timestamp | |
11 | value in a SYN-ACK packet must match the one from the SYN packet. | |
12 | However, since the server never received the first SYN packet, it will | |
13 | respond with an updated timestamp from any of the following SYN packets. | |
14 | ||
15 | The timestamp value inside suricata is not being updated at any time | |
16 | which should happen. This patch fixes that problem. | |
17 | ||
18 | This problem was introduced in 9f0294fadca3dcc18c919424242a41e01f3e8318. | |
19 | ||
20 | Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> | |
21 | --- | |
22 | src/stream-tcp.c | 17 +++++++++++++++++ | |
23 | 1 file changed, 17 insertions(+) | |
24 | ||
25 | diff --git a/src/stream-tcp.c b/src/stream-tcp.c | |
26 | index 1cff19fa5..af681760b 100644 | |
27 | --- a/src/stream-tcp.c | |
28 | +++ b/src/stream-tcp.c | |
29 | @@ -1643,6 +1643,23 @@ static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p, | |
30 | "ssn->client.last_ack %"PRIu32"", ssn, | |
31 | ssn->client.isn, ssn->client.next_seq, | |
32 | ssn->client.last_ack); | |
33 | + } else if (PKT_IS_TOSERVER(p)) { | |
34 | + /* | |
35 | + * On retransmitted SYN packets, the timestamp value must be updated, | |
36 | + * to avoid dropping any SYN+ACK packets that respond to a retransmitted SYN | |
37 | + * with an updated timestamp in StateSynSentValidateTimestamp. | |
38 | + */ | |
39 | + if ((ssn->client.flags & STREAMTCP_STREAM_FLAG_TIMESTAMP) && TCP_HAS_TS(p)) { | |
40 | + uint32_t ts_val = TCP_GET_TSVAL(p); | |
41 | + | |
42 | + // Check whether packets have been received in the correct order (only ever update) | |
43 | + if (ssn->client.last_ts < ts_val) { | |
44 | + ssn->client.last_ts = ts_val; | |
45 | + ssn->client.last_pkt_ts = p->ts.tv_sec; | |
46 | + } | |
47 | + | |
48 | + SCLogDebug("ssn %p: Retransmitted SYN. Updated timestamp from packet %"PRIu64, ssn, p->pcap_cnt); | |
49 | + } | |
50 | } | |
51 | ||
52 | /** \todo check if it's correct or set event */ | |
53 | -- | |
54 | 2.30.2 | |
55 |