Merge pull request #2323 in SNORT/snort3 from ~DAVMCPHE/snort3:meta-ack-updates to...

Squashed commit of the following:

commit 8ad3cebdc0baf46bb81eecbdf6eddbc71f08fa1b
Author: davis mcpherson <davmcphe@cisco.com>
Date:   Wed Jul 8 11:49:29 2020 -0400

    stream_tcp: meta-ack from daq is in network order not host, remove conversion from host to network

    stream_tcp: process meta-ack info in any flush policy mode

diff --git a/src/stream/tcp/tcp_segment_descriptor.cc b/src/stream/tcp/tcp_segment_descriptor.cc
index 9cf001a476931e4a814b913c1766efd9739c83e0..b756bb7e7874ed4080f38dd1382b96e07858886b 100644 (file)
--- a/src/stream/tcp/tcp_segment_descriptor.cc
+++ b/src/stream/tcp/tcp_segment_descriptor.cc
@@ -68,10 +68,10 @@ TcpSegmentDescriptor::TcpSegmentDescriptor
     ma_pseudo_tcph.th_dport = p->ptrs.tcph->raw_src_port();
     ma_pseudo_tcph.th_sport = p->ptrs.tcph->raw_dst_port();
     ma_pseudo_tcph.th_seq = p->ptrs.tcph->raw_ack();
-    ma_pseudo_tcph.th_ack = htonl(meta_ack);
+    ma_pseudo_tcph.th_ack = meta_ack;
     ma_pseudo_tcph.th_offx2 = 0;
     ma_pseudo_tcph.th_flags = TH_ACK;
-    ma_pseudo_tcph.th_win = htons(window);
+    ma_pseudo_tcph.th_win = window;
     ma_pseudo_tcph.th_sum = 0;
     ma_pseudo_tcph.th_urp = 0;
 

diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc
index 9a840c4f1364ad5a03974b8bcb7742f25dd15ff3..6124519b94938c76dd41b7bcc69e905daca19df8 100644 (file)
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -1096,18 +1096,15 @@ int TcpSession::process(Packet* p)
     TcpSegmentDescriptor tsd(flow, p, tel);
     init_tcp_packet_analysis(tsd);
 
-    // if listener is in pre-ack mode, check for and process meta-ack info first if present
-    // the current listener is the talker for the meta-ack...
-    if ( tsd.get_listener()->get_flush_policy() == STREAM_FLPOLICY_ON_DATA )
+    // check for and process meta-ack info first if present, the current listener is the
+    // talker for the meta-ack...
+    DAQ_PktTcpAckData_t* tcp_mack = (DAQ_PktTcpAckData_t*)p->daq_msg->meta[DAQ_PKT_META_TCP_ACK_DATA];
+    if ( tcp_mack )
     {
-        DAQ_PktTcpAckData_t* tcp_mack = (DAQ_PktTcpAckData_t*)p->daq_msg->meta[DAQ_PKT_META_TCP_ACK_DATA];
-        if ( tcp_mack )
-        {
-            TcpSegmentDescriptor ma_tsd(flow, p, tcp_mack->tcp_ack_seq_num, tcp_mack->tcp_window_size);
-            init_tcp_packet_analysis(ma_tsd);
-            process_tcp_packet(ma_tsd);
-            tcpStats.meta_acks++;
-        }
+        TcpSegmentDescriptor ma_tsd(flow, p, tcp_mack->tcp_ack_seq_num, tcp_mack->tcp_window_size);
+        init_tcp_packet_analysis(ma_tsd);
+        process_tcp_packet(ma_tsd);
+        tcpStats.meta_acks++;
     }
 
     if ( p->context->conf->is_address_anomaly_check_enabled() )