]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7787290) | patch
tcp: rejects FIN+SYN packets as invalid
authorPhilippe Antoine <contact@catenacyber.fr>
Thu, 16 Sep 2021 14:54:37 +0000 (16:54 +0200)
committerVictor Julien <vjulien@oisf.net>
Mon, 15 Nov 2021 12:26:00 +0000 (13:26 +0100)
commitff46cd66b754fda8c98af75b4860b9aac46874d1
tree4a813d30f3d9ac9276fac2475acca39a6d7bd328tree
parent77872904545fec56dcbece2e239ddf9e3c321eebcommit | diff
tcp: rejects FIN+SYN packets as invalid

Ticket: #4569

If a FIN+SYN packet is sent, the destination may keep the
connection alive instead of starting to close it.
In this case, a later SYN packet will be ignored by the
destination.

Previously, Suricata considered this a session reuse, and thus
used the sequence number of the last SYN packet, instead of
using the one of the live connection, leading to evasion.

This commit errors on FIN+SYN so that they do not get
processed as regular FIN packets.

(cherry picked from commit 6cb6225b28c5d8e616a420b7d05b129ba2845dc0)
rules/stream-events.rules diff | blob | blame | history
src/decode-events.c diff | blob | blame | history
src/decode-events.h diff | blob | blame | history
src/stream-tcp.c diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git