]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5ea1d3b)
stream/async: more liberal RST acceptance
authorVictor Julien <victor@inliniac.net>
Thu, 1 Jun 2017 13:20:17 +0000 (15:20 +0200)
committerVictor Julien <victor@inliniac.net>
Sat, 3 Jun 2017 08:43:10 +0000 (10:43 +0200)
src/stream-tcp.c patch | blob | blame | history

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 77aef41d09768c99abd5f28425b65ca427e5548f..fcde11e027b047f285511f1e2ffba3f857aac2b0 100644 (file)
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -5044,6 +5044,22 @@ static int StreamTcpValidateRst(TcpSession *ssn, Packet *p)
         }
     }
 
+    if (ssn->flags & STREAMTCP_FLAG_ASYNC) {
+        if (PKT_IS_TOSERVER(p)) {
+            if (SEQ_GEQ(TCP_GET_SEQ(p), ssn->client.next_seq)) {
+                SCLogDebug("ssn %p: ASYNC accept RST", ssn);
+                return 1;
+            }
+        } else {
+            if (SEQ_GEQ(TCP_GET_SEQ(p), ssn->server.next_seq)) {
+                SCLogDebug("ssn %p: ASYNC accept RST", ssn);
+                return 1;
+            }
+        }
+        SCLogDebug("ssn %p: ASYNC reject RST", ssn);
+        return 0;
+    }
+
     switch (os_policy) {
         case OS_POLICY_HPUX11:
             if(PKT_IS_TOSERVER(p)){
Mirror of https://github.com/OISF/suricata.git