Merge pull request #1771 in SNORT/snort3 from ~STECHEW/snort3:noack_seq_fix to master

Squashed commit of the following:

commit 0f6d170ece2f36aeca31002ef6e7745c42d434a9
Author: Steve Chew <stechew@cisco.com>
Date:   Thu Sep 19 14:54:53 2019 -0400

    libtcp: Turn off no-ack mode if packet is out of order.

diff --git a/src/stream/libtcp/tcp_stream_tracker.cc b/src/stream/libtcp/tcp_stream_tracker.cc
index 1dad641fccf05d7dec8fd9f40dfc197024ed7f1a..5d8dac6352c7201ab67627f291c516817851b802 100644 (file)
--- a/src/stream/libtcp/tcp_stream_tracker.cc
+++ b/src/stream/libtcp/tcp_stream_tracker.cc
@@ -477,11 +477,27 @@ void TcpStreamTracker::update_tracker_ack_recv(TcpSegmentDescriptor& tsd)
 // In no-ack policy, data is implicitly acked immediately.
 void TcpStreamTracker::update_tracker_no_ack_recv(TcpSegmentDescriptor& tsd)
 {
+    // No_ack mode requires that segments be provided in order. If we see
+    // a gap, don't advance the seq and turn off no-ack mode.
+    if(tsd.get_seg_len() != (tsd.get_end_seq() - snd_una))
+    {
+        Stream::set_no_ack_mode(tsd.get_flow(), false);
+        return;
+    }
+
     snd_una = snd_nxt = tsd.get_end_seq();
 }
 
 void TcpStreamTracker::update_tracker_no_ack_sent(TcpSegmentDescriptor& tsd)
 {
+    // No_ack mode requires that segments be provided in order. If we see
+    // a gap, don't advance the seq and turn off no-ack mode.
+    if(tsd.get_seg_len() != (tsd.get_end_seq() - r_win_base))
+    {
+        Stream::set_no_ack_mode(tsd.get_flow(), false);
+        return;
+    }
+
     r_win_base = tsd.get_end_seq();
     reassembler.flush_on_ack_policy(tsd.get_pkt());
 }