Merge pull request #680 in SNORT/snort3 from fix_129_16_fp to master

Squashed commit of the following:

commit 9f67e124c98a576e3920765abe9f721485f9e653
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date:   Wed Oct 12 16:56:13 2016 -0400

    Fix bad fin false positive

diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc
index 353e402f6b2aa38556e26181a28492df749768fe..f686dd871c0e4ed651496d55b71fa280ea7fa23a 100644 (file)
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -1119,7 +1119,6 @@ int TcpSession::process(Packet* p)
     assert(flow->ssn_server);
 
     // FIXIT-H need to do something here to handle check for need to swap trackers??
-
     if ( !config )
         config = get_tcp_cfg(flow->ssn_server);
 

diff --git a/src/stream/tcp/tcp_state_established.cc b/src/stream/tcp/tcp_state_established.cc
index 654c39c56ab89fa1e5d9e1131ce174881105b415..8b26d448dc2525e57b4b4a157cdc93a69e6bccbc 100644 (file)
--- a/src/stream/tcp/tcp_state_established.cc
+++ b/src/stream/tcp/tcp_state_established.cc
@@ -119,9 +119,11 @@ bool TcpStateEstablished::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker&
         trk.session->handle_data_segment(tsd);
         trk.flush_data_on_fin_recv(tsd);
     }
-    trk.update_on_fin_recv(tsd);
-    trk.session->update_perf_base_state(TcpStreamTracker::TCP_CLOSING);
-    trk.set_tcp_state(TcpStreamTracker::TCP_CLOSE_WAIT);
+    if ( trk.update_on_fin_recv(tsd) )
+    {
+        trk.session->update_perf_base_state(TcpStreamTracker::TCP_CLOSING);
+        trk.set_tcp_state(TcpStreamTracker::TCP_CLOSE_WAIT);
+    }
 
     return default_state_action(tsd, trk);
 }

diff --git a/src/stream/tcp/tcp_state_fin_wait1.cc b/src/stream/tcp/tcp_state_fin_wait1.cc
index 20e177c5e117b84e11bd9528caf65fe5d913da9c..65b3a2fd7bc40397367e9afbb5eb35013068e471 100644 (file)
--- a/src/stream/tcp/tcp_state_fin_wait1.cc
+++ b/src/stream/tcp/tcp_state_fin_wait1.cc
@@ -117,18 +117,18 @@ bool TcpStateFinWait1::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk
     Flow* flow = tsd.get_flow();
 
     trk.update_tracker_ack_recv(tsd);
-    trk.update_on_fin_recv(tsd);
-
-    if ( check_for_window_slam(tsd, trk) )
+    if ( trk.update_on_fin_recv(tsd) )
     {
-        //session.handle_fin_recv_in_fw1(tsd);
-        if ( tsd.get_seg_len() > 0 )
-            trk.session->handle_data_segment(tsd);
+        if ( check_for_window_slam(tsd, trk) )
+        {
+            if ( tsd.get_seg_len() > 0 )
+                trk.session->handle_data_segment(tsd);
 
-        if ( !flow->two_way_traffic() )
-            trk.set_tf_flags(TF_FORCE_FLUSH);
+            if ( !flow->two_way_traffic() )
+                trk.set_tf_flags(TF_FORCE_FLUSH);
 
-        trk.set_tcp_state(TcpStreamTracker::TCP_TIME_WAIT);
+            trk.set_tcp_state(TcpStreamTracker::TCP_TIME_WAIT);
+        }
     }
 
     return default_state_action(tsd, trk);

diff --git a/src/stream/tcp/tcp_state_fin_wait2.cc b/src/stream/tcp/tcp_state_fin_wait2.cc
index 3b79e1e53a0092ce8bd5880f289f3833085791cd..30edca40b29e098685f50bfe307d2459dc23eef1 100644 (file)
--- a/src/stream/tcp/tcp_state_fin_wait2.cc
+++ b/src/stream/tcp/tcp_state_fin_wait2.cc
@@ -129,15 +129,16 @@ bool TcpStateFinWait2::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk
     Flow* flow = tsd.get_flow();
 
     trk.update_tracker_ack_recv(tsd);
-    trk.update_on_fin_recv(tsd);
-
-    if ( tsd.get_seg_len() > 0 )
-        trk.session->handle_data_segment(tsd);
+    if ( trk.update_on_fin_recv(tsd) )
+    {
+        if ( tsd.get_seg_len() > 0 )
+            trk.session->handle_data_segment(tsd);
 
-    if ( !flow->two_way_traffic() )
-        trk.set_tf_flags(TF_FORCE_FLUSH);
+        if ( !flow->two_way_traffic() )
+            trk.set_tf_flags(TF_FORCE_FLUSH);
 
-    trk.set_tcp_state(TcpStreamTracker::TCP_TIME_WAIT);
+        trk.set_tcp_state(TcpStreamTracker::TCP_TIME_WAIT);
+    }
 
     return default_state_action(tsd, trk);
 }

diff --git a/src/stream/tcp/tcp_state_syn_recv.cc b/src/stream/tcp/tcp_state_syn_recv.cc
index 8480d7c713222d099297348115d9d2494db146c0..f71e90819eac1580137185589f868b559ba19cbd 100644 (file)
--- a/src/stream/tcp/tcp_state_syn_recv.cc
+++ b/src/stream/tcp/tcp_state_syn_recv.cc
@@ -170,9 +170,11 @@ bool TcpStateSynRecv::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
             trk.flush_data_on_fin_recv(tsd);
         }
 
-        trk.update_on_fin_recv(tsd);
-        trk.session->update_perf_base_state(TcpStreamTracker::TCP_CLOSING);
-        trk.set_tcp_state(TcpStreamTracker::TCP_CLOSE_WAIT);
+        if ( trk.update_on_fin_recv(tsd) )
+        {
+            trk.session->update_perf_base_state(TcpStreamTracker::TCP_CLOSING);
+            trk.set_tcp_state(TcpStreamTracker::TCP_CLOSE_WAIT);
+        }
     }
 
     return default_state_action(tsd, trk);

diff --git a/src/stream/tcp/tcp_tracker.cc b/src/stream/tcp/tcp_tracker.cc
index 66d1b4aa92d063091ce9f663004e70439c0b89cf..9f21b89c40febab58b559a7414f03c302b26e450 100644 (file)
--- a/src/stream/tcp/tcp_tracker.cc
+++ b/src/stream/tcp/tcp_tracker.cc
@@ -55,6 +55,7 @@ void TcpTracker::init_tcp_state(void )
     memset(&alerts, 0, sizeof(alerts));
     memset(&mac_addr, 0, sizeof(mac_addr));
     mac_addr_valid = false;
+    fin_final_seq = 0;
     rst_pkt_sent = false;
 }
 
@@ -479,7 +480,7 @@ bool TcpTracker::update_on_fin_recv(TcpSegmentDescriptor& tsd)
     if ( SEQ_LT(tsd.get_end_seq(), r_win_base) )
     {
         DebugMessage(DEBUG_STREAM_STATE, "FIN inside r_win_base, bailing\n");
-        return true;
+        return false;
     }
 
     //--------------------------------------------------