Merge pull request #1627 in SNORT/snort3 from ~MIREDDEN/snort3:stream_tcp_timestamp...

Squashed commit of the following:

commit 7770b59dee8e8b3d7b93b8dfadbe21a33c746eb5
Author: Mike Redden <miredden@cisco.com>
Date:   Wed May 29 15:57:18 2019 -0400

    stream: Do not validate timestamp until peer timestamp is set

diff --git a/src/stream/tcp/tcp_normalizer.cc b/src/stream/tcp/tcp_normalizer.cc
index ade9912e7221aad5998e91c9513a02c2f7289a1f..81cd8ed951e59374b9b231d99b27d6bfcfc7ced1 100644 (file)
--- a/src/stream/tcp/tcp_normalizer.cc
+++ b/src/stream/tcp/tcp_normalizer.cc
@@ -265,7 +265,8 @@ bool TcpNormalizer::validate_rst(
 int TcpNormalizer::validate_paws_timestamp(
     TcpNormalizerState& tns, TcpSegmentDescriptor& tsd)
 {
-    if ( ( (int)( ( tsd.get_ts() - tns.peer_tracker->get_ts_last() ) + tns.paws_ts_fudge ) ) < 0 )
+    const uint32_t peer_ts_last = tns.peer_tracker->get_ts_last();
+    if ( peer_ts_last && ( ( (int)( ( tsd.get_ts() - peer_ts_last ) + tns.paws_ts_fudge ) ) < 0 ) )
     {
         if ( tsd.get_pkt()->is_retry() )
         {