]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f2de3e0)
tcp: fix 'broken ack' on flow timeout
authorVictor Julien <vjulien@oisf.net>
Mon, 27 May 2024 13:57:38 +0000 (15:57 +0200)
committerVictor Julien <victor@inliniac.net>
Fri, 12 Jul 2024 08:47:47 +0000 (10:47 +0200)
Don't set an ACK value if ACK flag is no longer set. This avoids a bogus
`pkt_broken_ack` event set.

Fixes: ebf465a11bff ("tcp: do not assign TCP flags to pseudopackets")
Ticket: #7158.

src/flow-timeout.c patch | blob | blame | history
src/stream-tcp.c patch | blob | blame | history

diff --git a/src/flow-timeout.c b/src/flow-timeout.c
index 87ec7e168694879a7b5558e5ff5a8fe8c64640f7..e08c5195377625b3166c0f9634603b14ca2197cd 100644 (file)
--- a/src/flow-timeout.c
+++ b/src/flow-timeout.c
@@ -222,7 +222,7 @@ static inline Packet *FlowPseudoPacketSetup(
         p->l4.hdrs.tcph->th_dport = htons(f->dp);
 
         p->l4.hdrs.tcph->th_seq = htonl(ssn->client.next_seq);
-        p->l4.hdrs.tcph->th_ack = htonl(ssn->server.last_ack);
+        p->l4.hdrs.tcph->th_ack = 0;
 
         /* to client */
     } else {
@@ -230,7 +230,7 @@ static inline Packet *FlowPseudoPacketSetup(
         p->l4.hdrs.tcph->th_dport = htons(f->sp);
 
         p->l4.hdrs.tcph->th_seq = htonl(ssn->server.next_seq);
-        p->l4.hdrs.tcph->th_ack = htonl(ssn->client.last_ack);
+        p->l4.hdrs.tcph->th_ack = 0;
     }
 
     if (FLOW_IS_IPV4(f)) {
diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 337b626810eff565bc71fe19ff2fda94898c8a21..b212f1e991646592f010e680d3c8dcc92e6f5751 100644 (file)
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -5550,10 +5550,8 @@ int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt,
          * we care about reassembly here. */
         if (p->flags & PKT_PSEUDO_STREAM_END) {
             if (PKT_IS_TOCLIENT(p)) {
-                ssn->client.last_ack = TCP_GET_RAW_ACK(tcph);
                 StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->server, p);
             } else {
-                ssn->server.last_ack = TCP_GET_RAW_ACK(tcph);
                 StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->client, p);
             }
             /* straight to 'skip' as we already handled reassembly */
Mirror of https://github.com/OISF/suricata.git