stream_tcp: skip r_win_base related validation for asymmetric Missed3… (#5256)

* stream_tcp: skip r_win_base related validation for asymmetric Missed3whs flows

* stream: rename closed_prunes stat to flows_closed

diff --git a/src/stream/base/stream_base.cc b/src/stream/base/stream_base.cc
index 9e2fc7b9c877551ac2e3d4e5e224d845cd924fd5..638bfafd3c3eefa30bee6780302ea37ddbf68846 100644 (file)
--- a/src/stream/base/stream_base.cc
+++ b/src/stream/base/stream_base.cc
@@ -71,7 +71,7 @@ const PegInfo base_pegs[] =
     { CountType::SUM, "memcap_prunes", "sessions pruned due to memcap" },
     { CountType::SUM, "ha_prunes", "sessions pruned by high availability sync" },
     { CountType::SUM, "stale_prunes", "sessions pruned due to stale connection" },
-    { CountType::SUM, "closed_prunes", "sessions pruned due to stream closed" },
+    { CountType::SUM, "flows_closed", "number of flows closed and removed from the flow cache" },
     { CountType::SUM, "expected_flows", "total expected flows created within snort" },
     { CountType::SUM, "expected_realized", "number of expected flows realized" },
     { CountType::SUM, "expected_pruned", "number of expected flows pruned" },
@@ -145,7 +145,7 @@ void base_prep()
     stream_base_stats.memcap_prunes = flow_con->get_prunes(PruneReason::MEMCAP);
     stream_base_stats.ha_prunes = flow_con->get_prunes(PruneReason::HA);
     stream_base_stats.stale_prunes = flow_con->get_prunes(PruneReason::STALE);
-    stream_base_stats.closed_prunes = flow_con->get_prunes(PruneReason::STREAM_CLOSED);
+    stream_base_stats.flows_closed = flow_con->get_prunes(PruneReason::STREAM_CLOSED);
     stream_base_stats.reload_freelist_flow_deletes = flow_con->get_deletes(FlowDeleteState::FREELIST);
     stream_base_stats.reload_allowed_flow_deletes = flow_con->get_deletes(FlowDeleteState::ALLOWED);
     stream_base_stats.reload_offloaded_flow_deletes= flow_con->get_deletes(FlowDeleteState::OFFLOADED);

diff --git a/src/stream/base/stream_module.h b/src/stream/base/stream_module.h
index e085507980feba786a783288ce49e943353f6377..9810cfcdc9c75a8639e5f98943209749c4079887 100644 (file)
--- a/src/stream/base/stream_module.h
+++ b/src/stream/base/stream_module.h
@@ -78,7 +78,7 @@ struct BaseStats
      PegCount memcap_prunes;
      PegCount ha_prunes;
      PegCount stale_prunes;
-     PegCount closed_prunes;
+     PegCount flows_closed;
      PegCount expected_flows;
      PegCount expected_realized;
      PegCount expected_pruned;

diff --git a/src/stream/tcp/tcp_normalizers.cc b/src/stream/tcp/tcp_normalizers.cc
index adcd398b2744895da66cbee583ce4e6ae0c22fdc..bfad5684aa13c13740980575566fadda64fe3f36 100644 (file)
--- a/src/stream/tcp/tcp_normalizers.cc
+++ b/src/stream/tcp/tcp_normalizers.cc
@@ -470,6 +470,9 @@ int TcpNormalizerProxy::handle_repeated_syn(TcpNormalizerState&, TcpSegmentDescr
 TcpNormalizer::NormStatus TcpNormalizerMissed3whs::apply_normalizations(
     TcpNormalizerState& tns, TcpSegmentDescriptor& tsd, uint32_t, bool)
 {
+    if ( !tns.session->flow->two_way_traffic() )
+        return NORM_OK;
+
     uint32_t seq = tsd.get_seq();
     uint32_t r_win_base = tns.tracker->r_win_base;
     uint32_t diff = seq - r_win_base;