]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 71a0084)
stream: special handling for RST data 9347/head
authorVictor Julien <vjulien@oisf.net>
Tue, 1 Aug 2023 06:44:53 +0000 (08:44 +0200)
committerVictor Julien <victor@inliniac.net>
Fri, 4 Aug 2023 15:02:44 +0000 (17:02 +0200)
Data on RST packets is not invalid, but also shouldn't be used
in reassembly.

RFC 1122:

  4.2.2.12  RST Segment: RFC-793 Section 3.4

    A TCP SHOULD allow a received RST segment to include data.

    DISCUSSION
        It has been suggested that a RST segment could contain
        ASCII text that encoded and explained the cause of the
        RST.  No standard has yet been established for such
        data.

RST data will be presented to the detection engine per packet,
but will not be part of stream reassembly.

Bug: #6244.
(cherry picked from commit b63374bf5f8c85c42056ad3c4cce12bce3d1a6bd)

src/stream-tcp-reassemble.c patch | blob | blame | history

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 6d1244307875ac8eec472273c0eaa6e986ee049d..9ba06f563fd52dcd8720860e4d2a7423faac79e3 100644 (file)
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -1895,7 +1895,8 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_
         }
     }
     /* if this segment contains data, insert it */
-    if (p->payload_len > 0 && !(stream->flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) {
+    if (p->payload_len > 0 && !(stream->flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) &&
+            (p->tcph->th_flags & TH_RST) == 0) {
         SCLogDebug("calling StreamTcpReassembleHandleSegmentHandleData");
 
         if (StreamTcpReassembleHandleSegmentHandleData(tv, ra_ctx, ssn, stream, p) != 0) {
@@ -1910,10 +1911,9 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_
         p->flags |= PKT_STREAM_ADD;
     } else {
         SCLogDebug("ssn %p / stream %p: not calling StreamTcpReassembleHandleSegmentHandleData:"
-                " p->payload_len %u, STREAMTCP_STREAM_FLAG_NOREASSEMBLY %s",
+                   " p->payload_len %u, STREAMTCP_STREAM_FLAG_NOREASSEMBLY %s",
                 ssn, stream, p->payload_len,
                 (stream->flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) ? "true" : "false");
-
     }
 
     /* if the STREAMTCP_STREAM_FLAG_DEPTH_REACHED is set, but not the
Mirror of https://github.com/OISF/suricata.git