Pull request #4056: stream_tcp: ignore normalization checks when in midstream state

Merge in SNORT/snort3 from ~JALIIMRA/snort3:midstream_invalid_seq to master

Squashed commit of the following:

commit db2d4e4174f77527e8360d66361c2bd2b9f21aba
Author: Juweria Ali Imran <jaliimra@cisco.com>
Date:   Wed Oct 11 10:48:18 2023 -0400

    stream_tcp: ignore normalization checks when in midstream state

diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc
index a2c7e8d7a6176676ef4f9f4b5c1581276969ec3d..a3b55739fe4a99e3bf1fc61002a20f1628b5db5a 100644 (file)
--- a/src/stream/tcp/tcp_reassembler.cc
+++ b/src/stream/tcp/tcp_reassembler.cc
@@ -942,7 +942,10 @@ int32_t TcpReassembler::scan_data_pre_ack(TcpReassemblerState& trs, uint32_t* fl
     }
 
     trs.sos.seglist.cur_sseg = tsn;
-    update_rcv_nxt(trs, *tsn);
+
+    if (tsn)
+        update_rcv_nxt(trs, *tsn);
+    
     return ret_val;
 }
 

diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc
index 67f9f67cedcbe8412f7b8d637fecb9cc4a4c5e3c..e282a5e1d274722d5b207ccdd3af5a285946fa00 100644 (file)
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -476,14 +476,14 @@ int TcpSession::process_tcp_data(TcpSegmentDescriptor& tsd)
     {
         /* check if we're in the window */
         if ( tcp_config->policy != StreamPolicy::OS_PROXY
-            and listener->normalizer.get_stream_window(tsd) == 0 )
+            and !Stream::is_midstream(flow) and listener->normalizer.get_stream_window(tsd) == 0 )
         {
-            if ( !listener->normalizer.data_inside_window(tsd) or !listener->get_iss() )
+            if ( !listener->normalizer.data_inside_window(tsd) )
             {
-                listener->normalizer.trim_win_payload(tsd);
+                listener->normalizer.trim_win_payload(tsd, 0, tsd.is_nap_policy_inline());
                 return STREAM_UNALIGNED;
             }
-            else
+            if( listener->get_iss() )
             {
                 tcpStats.zero_win_probes++;
                 listener->normalizer.set_zwp_seq(seq);
@@ -512,7 +512,7 @@ int TcpSession::process_tcp_data(TcpSegmentDescriptor& tsd)
 
         /* check if we're in the window */
         if ( tcp_config->policy != StreamPolicy::OS_PROXY
-            and listener->normalizer.get_stream_window(tsd) == 0 )
+            and !Stream::is_midstream(flow) and listener->normalizer.get_stream_window(tsd) == 0 )
         {
             if ( SEQ_EQ(seq, listener->normalizer.get_zwp_seq()) )
             {
@@ -521,7 +521,7 @@ int TcpSession::process_tcp_data(TcpSegmentDescriptor& tsd)
                 return STREAM_UNALIGNED;
             }
 
-            listener->normalizer.trim_win_payload(tsd);
+            listener->normalizer.trim_win_payload(tsd, 0, tsd.is_nap_policy_inline());
             return STREAM_UNALIGNED;
         }
         if ( tsd.is_data_segment() )
@@ -853,18 +853,18 @@ void TcpSession::handle_data_segment(TcpSegmentDescriptor& tsd)
         // FIXIT-M move this to normalizer base class, handle OS_PROXY in derived class
         if ( tcp_config->policy != StreamPolicy::OS_PROXY )
         {
-            // drop packet if sequence num is invalid
-            if ( !listener->is_segment_seq_valid(tsd) )
-            {
-                tcpStats.invalid_seq_num++;
-                listener->normalizer.trim_win_payload(tsd);
-                return;
-            }
-
             // these normalizations can't be done if we missed setup. and
             // window is zero in one direction until we've seen both sides.
-            if ( !(flow->get_session_flags() & SSNFLAG_MIDSTREAM) && flow->two_way_traffic() )
+            if ( !(Stream::is_midstream(flow)) && flow->two_way_traffic() )
             {
+                // drop packet if sequence num is invalid
+                if ( !listener->is_segment_seq_valid(tsd) )
+                {
+                    tcpStats.invalid_seq_num++;
+                    listener->normalizer.trim_win_payload(tsd);
+                    return;
+                }
+
                 // trim to fit in listener's window and mss
                 listener->normalizer.trim_win_payload
                     (tsd, (listener->r_win_base + listener->get_snd_wnd() - listener->rcv_nxt));