STREAM_TIMEWAIT_INVALID_ACK,
STREAM_PKT_INVALID_TIMESTAMP,
STREAM_PKT_INVALID_ACK,
+ STREAM_RST_INVALID_ACK,
/* should always be last! */
DECODE_EVENT_MAX,
StreamTcpSetOSPolicy(&ssn->server, p);
os_policy = ssn->server.os_policy;
+
+ if (StreamTcpValidateAck(&ssn->server, p) == -1) {
+ SCLogDebug("ssn %p: rejecting because of invalid ack value", ssn);
+ StreamTcpSetEvent(p, STREAM_RST_INVALID_ACK);
+ SCReturnInt(-1);
+ }
+
} else {
if (ssn->client.os_policy == 0)
StreamTcpSetOSPolicy(&ssn->client, p);
os_policy = ssn->client.os_policy;
+
+ if (StreamTcpValidateAck(&ssn->client, p) == -1) {
+ SCLogDebug("ssn %p: rejecting because of invalid ack value", ssn);
+ StreamTcpSetEvent(p, STREAM_RST_INVALID_ACK);
+ SCReturnInt(-1);
+ }
}
switch (os_policy) {