stream: improve SYN and SYN/ACK handling with ECN/CWR flags

author Victor Julien <vjulien@oisf.net>

Fri, 3 Mar 2023 12:30:14 +0000 (13:30 +0100)

committer Victor Julien <vjulien@oisf.net>

Wed, 29 Mar 2023 05:08:18 +0000 (07:08 +0200)
author Victor Julien <vjulien@oisf.net>
Fri, 3 Mar 2023 12:30:14 +0000 (13:30 +0100)
committer Victor Julien <vjulien@oisf.net>
Wed, 29 Mar 2023 05:08:18 +0000 (07:08 +0200)
diff --git a/src/flow-hash.c b/src/flow-hash.c

index ca2205e07882ea14e6db6e082debaf69ac5ffb7c..32226db4ee51d0eae0db2a08928990c73dfb585c 100644 (file)
--- a/src/flow-hash.c
+++ b/src/flow-hash.c
@@ -432,7 +432,8 @@ static inline int FlowCreateCheck(const Packet *p, const bool emerg)
       * that is not a TCP SYN packet. */
      if (emerg) {
          if (PKT_IS_TCP(p)) {
-            if (p->tcph->th_flags == TH_SYN || stream_config.midstream == FALSE) {
+            if (((p->tcph->th_flags & (TH_SYN | TH_ACK | TH_RST | TH_FIN)) == TH_SYN) ||
+                    !stream_config.midstream) {
                  ;
              } else {
                  return 0;
diff --git a/src/stream-tcp.c b/src/stream-tcp.c

index 8c7f2e21f5fde1d781a778c7ae7ba1b3efd5a561..e1f9a895d48ae0679d9c15a27b6eb88665d45594 100644 (file)
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -5292,13 +5292,13 @@ static inline int StreamTcpValidateChecksum(Packet *p)
   *  \retval bool true/false */
  static int TcpSessionPacketIsStreamStarter(const Packet *p)
  {
-    if (p->tcph->th_flags == TH_SYN) {
+    if ((p->tcph->th_flags & (TH_SYN | TH_ACK)) == TH_SYN) {
          SCLogDebug("packet %"PRIu64" is a stream starter: %02x", p->pcap_cnt, p->tcph->th_flags);
          return 1;
      }
  
      if (stream_config.midstream == TRUE || stream_config.async_oneside == TRUE) {
-        if (p->tcph->th_flags == (TH_SYN|TH_ACK)) {
+        if ((p->tcph->th_flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)) {
              SCLogDebug("packet %"PRIu64" is a midstream stream starter: %02x", p->pcap_cnt, p->tcph->th_flags);
              return 1;
          }
@@ -5416,12 +5416,12 @@ static int TcpSessionReuseDoneEnoughSynAck(const Packet *p, const Flow *f, const
   *  \retval bool true if ssn can be reused, false if not */
  static int TcpSessionReuseDoneEnough(const Packet *p, const Flow *f, const TcpSession *ssn)
  {
-    if (p->tcph->th_flags == TH_SYN) {
+    if ((p->tcph->th_flags & (TH_SYN | TH_ACK)) == TH_SYN) {
          return TcpSessionReuseDoneEnoughSyn(p, f, ssn);
      }
  
      if (stream_config.midstream == TRUE || stream_config.async_oneside == TRUE) {
-        if (p->tcph->th_flags == (TH_SYN|TH_ACK)) {
+        if ((p->tcph->th_flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)) {
              return TcpSessionReuseDoneEnoughSynAck(p, f, ssn);
          }
      }
author	Victor Julien <vjulien@oisf.net>
	Fri, 3 Mar 2023 12:30:14 +0000 (13:30 +0100)
committer	Victor Julien <vjulien@oisf.net>
	Wed, 29 Mar 2023 05:08:18 +0000 (07:08 +0200)
src/flow-hash.c		patch \| blob \| blame \| history
src/stream-tcp.c		patch \| blob \| blame \| history