]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5fe2fba)
stream: improve SYN and SYN/ACK handling with ECN/CWR flags
authorVictor Julien <vjulien@oisf.net>
Fri, 3 Mar 2023 12:30:14 +0000 (13:30 +0100)
committerVictor Julien <vjulien@oisf.net>
Tue, 28 Mar 2023 12:05:57 +0000 (14:05 +0200)
src/flow-hash.c patch | blob | blame | history
src/stream-tcp.c patch | blob | blame | history

diff --git a/src/flow-hash.c b/src/flow-hash.c
index a4424a3bc6e69b37f5c3fbf8cb519b364e0fc189..351494bb977401f6d01930c99a5b7533ee11488d 100644 (file)
--- a/src/flow-hash.c
+++ b/src/flow-hash.c
@@ -510,7 +510,8 @@ static inline int FlowCreateCheck(const Packet *p, const bool emerg)
      * that is not a TCP SYN packet. */
     if (emerg) {
         if (PKT_IS_TCP(p)) {
-            if (p->tcph->th_flags == TH_SYN || !stream_config.midstream) {
+            if (((p->tcph->th_flags & (TH_SYN | TH_ACK | TH_RST | TH_FIN)) == TH_SYN) ||
+                    !stream_config.midstream) {
                 ;
             } else {
                 return 0;
diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 20b92e78456f7525b533ec6a8dbb16792dc2eaf2..0524f8c618b8f591914113231236fd26042a0733 100644 (file)
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -5493,13 +5493,13 @@ static inline int StreamTcpValidateChecksum(Packet *p)
  *  \retval bool true/false */
 static int TcpSessionPacketIsStreamStarter(const Packet *p)
 {
-    if (p->tcph->th_flags == TH_SYN) {
+    if ((p->tcph->th_flags & (TH_SYN | TH_ACK)) == TH_SYN) {
         SCLogDebug("packet %"PRIu64" is a stream starter: %02x", p->pcap_cnt, p->tcph->th_flags);
         return 1;
     }
 
     if (stream_config.midstream || stream_config.async_oneside) {
-        if (p->tcph->th_flags == (TH_SYN|TH_ACK)) {
+        if ((p->tcph->th_flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)) {
             SCLogDebug("packet %"PRIu64" is a midstream stream starter: %02x", p->pcap_cnt, p->tcph->th_flags);
             return 1;
         }
@@ -5615,12 +5615,12 @@ static int TcpSessionReuseDoneEnoughSynAck(const Packet *p, const Flow *f, const
  *  \retval bool true if ssn can be reused, false if not */
 static int TcpSessionReuseDoneEnough(const Packet *p, const Flow *f, const TcpSession *ssn)
 {
-    if (p->tcph->th_flags == TH_SYN) {
+    if ((p->tcph->th_flags & (TH_SYN | TH_ACK)) == TH_SYN) {
         return TcpSessionReuseDoneEnoughSyn(p, f, ssn);
     }
 
     if (stream_config.midstream || stream_config.async_oneside) {
-        if (p->tcph->th_flags == (TH_SYN|TH_ACK)) {
+        if ((p->tcph->th_flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)) {
             return TcpSessionReuseDoneEnoughSynAck(p, f, ssn);
         }
     }
Mirror of https://github.com/OISF/suricata.git