]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 50e2b97) | patch
tcp: rejects FIN+SYN packets as invalid
authorPhilippe Antoine <contact@catenacyber.fr>
Thu, 16 Sep 2021 14:54:37 +0000 (16:54 +0200)
committerVictor Julien <vjulien@oisf.net>
Fri, 12 Nov 2021 14:21:07 +0000 (15:21 +0100)
commit6cb6225b28c5d8e616a420b7d05b129ba2845dc0
tree16b8a6c2bff5b6f77b81cd16abff3eeb54b660fdtree
parent50e2b973eeec7172991bf8f544ab06fb782b97dfcommit | diff
tcp: rejects FIN+SYN packets as invalid

Ticket: #4569

If a FIN+SYN packet is sent, the destination may keep the
connection alive instead of starting to close it.
In this case, a later SYN packet will be ignored by the
destination.

Previously, Suricata considered this a session reuse, and thus
used the sequence number of the last SYN packet, instead of
using the one of the live connection, leading to evasion.

This commit errors on FIN+SYN so that they do not get
processed as regular FIN packets.
rules/stream-events.rules diff | blob | blame | history
src/decode-events.c diff | blob | blame | history
src/decode-events.h diff | blob | blame | history
src/stream-tcp.c diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git