]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
Merge pull request #2844 in SNORT/snort3 from ~MASHASAN/snort3:close_stream to master
authorMasud Hasan (mashasan) <mashasan@cisco.com>
Wed, 28 Apr 2021 15:25:56 +0000 (15:25 +0000)
committerMasud Hasan (mashasan) <mashasan@cisco.com>
Wed, 28 Apr 2021 15:25:56 +0000 (15:25 +0000)
Squashed commit of the following:

commit 2eaee2752af6e487c4ccf59940fd2a0ac6875c75
Author: Masud Hasan <mashasan@cisco.com>
Date:   Fri Apr 23 08:58:09 2021 -0400

    stream_tcp: Using window base for reset validation

commit 1526f0d93ba1d1ce04b40b46faf7304b0eb6b307
Author: Masud Hasan <mashasan@cisco.com>
Date:   Tue Apr 13 18:36:58 2021 -0400

    stream_tcp: Deleting session when both talker and listener are closed

src/stream/tcp/tcp_normalizer.cc
src/stream/tcp/tcp_state_closed.cc

index 347c9b0a025957bb352f00bc4776fadf0dcb0668..cd17146c4cd2d270e2863b8c3ecdb9b9cce5d96b 100644 (file)
@@ -252,10 +252,9 @@ bool TcpNormalizer::validate_rst_end_seq_geq(
 bool TcpNormalizer::validate_rst_seq_eq(
     TcpNormalizerState& tns, TcpSegmentDescriptor& tsd)
 {
-    uint32_t expected_seq = tns.tracker->rcv_nxt + tns.tracker->get_fin_seq_adjust();
+    uint32_t expected_seq = tns.tracker->r_win_base + tns.tracker->get_fin_seq_adjust();
 
-    // FIXIT-M check for rcv_nxt == 0 is hack for uninitialized rcv_nxt
-    if ( ( tns.tracker->rcv_nxt == 0 ) || SEQ_EQ(tsd.get_seq(), expected_seq) )
+    if ( SEQ_EQ(tsd.get_seq(), expected_seq) )
         return true;
 
     return false;
index be3b9dd80edff1431769c710ac4eea0262d109d3..3aeb2f6577762ac95ff9fd5ef5bafd1249db6a7d 100644 (file)
@@ -135,7 +135,8 @@ bool TcpStateClosed::do_post_sm_packet_actions(TcpSegmentDescriptor& tsd, TcpStr
         TcpStreamTracker::TcpState talker_state = trk.session->get_talker_state(tsd);
         Flow* flow = tsd.get_flow();
 
-        if ( ( talker_state == TcpStreamTracker::TCP_TIME_WAIT ) || !flow->two_way_traffic() )
+        if ( ( talker_state == TcpStreamTracker::TCP_TIME_WAIT or
+               talker_state == TcpStreamTracker::TCP_CLOSED ) or !flow->two_way_traffic() )
         {
             // The last ACK is a part of the session. Delete the session after processing is
             // complete.