From: Anoop Saldanha <poonaatsoc@gmail.com>
Date: Thu, 19 Jul 2012 08:02:01 +0000 (+0530)
Subject: bug 508 - List (ack | cwr | ecn) combination to be accepted by our stream engine.
X-Git-Tag: suricata-1.3.1~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=41bb3b95f9c4517c32d2ac141bfa652cf9b71fc8;p=thirdparty%2Fsuricata.git

bug 508 - List (ack | cwr | ecn) combination to be accepted by our stream engine.

This isn't a perfect solution.  More like we have patched this for the case we
are in tcp's established state.  The right solution would be to accept states
based on the presence(using operator OR) of certain flags in the tcp header,
rather than list out all possible flag combinations.
---

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 2e6f219455..c40a708188 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -1965,14 +1965,15 @@ static int StreamTcpPacketStateEstablished(ThreadVars *tv, Packet *p,
             StreamTcpSetEvent(p, STREAM_EST_SYNACK_RESEND);
             return -1;
             break;
-        case TH_ACK|TH_URG:
         case TH_ACK:
+        case TH_ACK|TH_URG:
         case TH_ACK|TH_CWR:
         case TH_ACK|TH_ECN:
         case TH_ACK|TH_PUSH:
         case TH_ACK|TH_PUSH|TH_ECN:
         case TH_ACK|TH_PUSH|TH_ECN|TH_CWR:
         case TH_ACK|TH_PUSH|TH_URG:
+        case TH_ACK|TH_PUSH|TH_CWR:
             /* Urgent pointer size can be more than the payload size, as it tells
              * the future coming data from the sender will be handled urgently
              * until data of size equal to urgent offset has been processed