Merge pull request #2079 in SNORT/snort3 from ~STECHEW/snort3:malware_block_with_retr...

Squashed commit of the following:

commit 9c4ea9f5a683908369e005325ca833d85fec01a3
Author: Steve Chew <stechew@cisco.com>
Date:   Sun Mar 22 10:48:00 2020 -0400

    stream/tcp: Moved retry check to TcpSession::process.

commit 46cc63de4bd2b0b5e026dfd5e47e17f98680e531
Author: Steve Chew <stechew@cisco.com>
Date:   Sat Mar 14 18:55:51 2020 -0400

    stream: short-circuit stream when handling retry packets in no-ack mode.

diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc
index e6d1a9d68e87ea5c2c610b52be9380dd459d0d35..a6803c02e1afc6885508114c5d27f6b032e98ffc 100644 (file)
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -1040,6 +1040,15 @@ int TcpSession::process(Packet* p)
     Profile profile(s5TcpPerfStats);
     assert(flow->ssn_server);
 
+    if ( no_ack_mode_enabled() and p->is_retry() )
+    {
+        // Don't need to process a retry packet through stream again,
+        // just make sure the retransmit handler is called so that
+        // we do things like update file inspection.
+        flow->call_handlers(p, false);
+        return ACTION_NOTHING;
+    }
+
     // FIXIT-H need to do something here to handle check for need to swap trackers??
     if ( !config )
         config = get_tcp_cfg(flow->ssn_server);