Merge pull request #697 in SNORT/snort3 from tcp_sm_fix to master

author Russ Combs (rucombs) <rucombs@cisco.com>

Fri, 4 Nov 2016 19:39:53 +0000 (15:39 -0400)

committer Russ Combs (rucombs) <rucombs@cisco.com>

Fri, 4 Nov 2016 19:39:53 +0000 (15:39 -0400)
author Russ Combs (rucombs) <rucombs@cisco.com>
Fri, 4 Nov 2016 19:39:53 +0000 (15:39 -0400)
committer Russ Combs (rucombs) <rucombs@cisco.com>
Fri, 4 Nov 2016 19:39:53 +0000 (15:39 -0400)
diff --git a/src/stream/tcp/tcp_state_fin_wait1.cc b/src/stream/tcp/tcp_state_fin_wait1.cc

index 65b3a2fd7bc40397367e9afbb5eb35013068e471..36eb424f25f25a6952c7624724e9de25febc5e9b 100644 (file)
--- a/src/stream/tcp/tcp_state_fin_wait1.cc
+++ b/src/stream/tcp/tcp_state_fin_wait1.cc
@@ -119,7 +119,8 @@ bool TcpStateFinWait1::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk
      trk.update_tracker_ack_recv(tsd);
      if ( trk.update_on_fin_recv(tsd) )
      {
-        if ( check_for_window_slam(tsd, trk) )
+        bool is_ack_valid = false;
+        if ( check_for_window_slam(tsd, trk, &is_ack_valid) )
          {
              if ( tsd.get_seg_len() > 0 )
                  trk.session->handle_data_segment(tsd);
@@ -127,7 +128,10 @@ bool TcpStateFinWait1::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk
              if ( !flow->two_way_traffic() )
                  trk.set_tf_flags(TF_FORCE_FLUSH);
  
-            trk.set_tcp_state(TcpStreamTracker::TCP_TIME_WAIT);
+            if ( is_ack_valid )
+                trk.set_tcp_state(TcpStreamTracker::TCP_TIME_WAIT);
+            else
+                trk.set_tcp_state(TcpStreamTracker::TCP_CLOSING);
          }
      }
  
@@ -160,7 +164,7 @@ bool TcpStateFinWait1::rst_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk
      return default_state_action(tsd, trk);
  }
  
-bool TcpStateFinWait1::check_for_window_slam(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
+bool TcpStateFinWait1::check_for_window_slam(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk, bool* is_ack_valid)
  {
      DebugFormat(DEBUG_STREAM_STATE, "tsd.ack %X >= listener->snd_nxt %X\n",
          tsd.get_seg_ack(), trk.get_snd_nxt());
@@ -181,7 +185,11 @@ bool TcpStateFinWait1::check_for_window_slam(TcpSegmentDescriptor& tsd, TcpStrea
          }
  
          trk.set_tcp_state(TcpStreamTracker::TCP_FIN_WAIT2);
+        if ( is_ack_valid )
+            *is_ack_valid = true;
      }
+    else if ( is_ack_valid )
+        *is_ack_valid = false;
  
      return true;
  }
diff --git a/src/stream/tcp/tcp_state_fin_wait1.h b/src/stream/tcp/tcp_state_fin_wait1.h

index 3a08e19c09f9f11573ce52125fed25f59c068666..f7cbe268b12ac23819507325e021bfcba6b552bc 100644 (file)
--- a/src/stream/tcp/tcp_state_fin_wait1.h
+++ b/src/stream/tcp/tcp_state_fin_wait1.h
@@ -49,7 +49,7 @@ public:
      bool do_post_sm_packet_actions(TcpSegmentDescriptor&, TcpStreamTracker&) override;
  
  private:
-    bool check_for_window_slam(TcpSegmentDescriptor&, TcpStreamTracker&);
+    bool check_for_window_slam(TcpSegmentDescriptor&, TcpStreamTracker&, bool* is_ack_valid = nullptr);
  };
  
  #endif
author	Russ Combs (rucombs) <rucombs@cisco.com>
	Fri, 4 Nov 2016 19:39:53 +0000 (15:39 -0400)
committer	Russ Combs (rucombs) <rucombs@cisco.com>
	Fri, 4 Nov 2016 19:39:53 +0000 (15:39 -0400)
src/stream/tcp/tcp_state_fin_wait1.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_state_fin_wait1.h		patch \| blob \| blame \| history