From: Victor Julien Date: Tue, 14 Feb 2023 14:36:56 +0000 (+0100) Subject: stream: improve first FIN next_seq update X-Git-Tag: suricata-6.0.11~59 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=006911fd5a84486031d2d95e0f836b7c61555dc3;p=thirdparty%2Fsuricata.git stream: improve first FIN next_seq update For accepted FIN packets, always update next_seq. This helps track the FIN sequence. Bug: #5877. (cherry picked from commit 551fb80150c6b07183771e455a30f38953298fff) --- diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 4949673928..2755aec6f5 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -2824,8 +2824,8 @@ static int StreamTcpHandleFin(ThreadVars *tv, StreamTcpThread *stt, StreamTcpPacketSetState(p, ssn, TCP_CLOSE_WAIT); SCLogDebug("ssn %p: state changed to TCP_CLOSE_WAIT", ssn); - if (SEQ_EQ(TCP_GET_SEQ(p), ssn->client.next_seq)) - ssn->client.next_seq = TCP_GET_SEQ(p) + p->payload_len; + /* if we accept the FIN, next_seq needs to reflect the FIN */ + ssn->client.next_seq = TCP_GET_SEQ(p) + p->payload_len; SCLogDebug("ssn %p: ssn->client.next_seq %" PRIu32 "", ssn, ssn->client.next_seq); @@ -2872,11 +2872,10 @@ static int StreamTcpHandleFin(ThreadVars *tv, StreamTcpThread *stt, StreamTcpPacketSetState(p, ssn, TCP_FIN_WAIT1); SCLogDebug("ssn %p: state changed to TCP_FIN_WAIT1", ssn); - if (SEQ_EQ(TCP_GET_SEQ(p), ssn->server.next_seq)) - ssn->server.next_seq = TCP_GET_SEQ(p) + p->payload_len + 1; + /* if we accept the FIN, next_seq needs to reflect the FIN */ + ssn->server.next_seq = TCP_GET_SEQ(p) + p->payload_len + 1; + SCLogDebug("ssn %p: ssn->server.next_seq %" PRIu32 " updated", ssn, ssn->server.next_seq); - SCLogDebug("ssn %p: ssn->server.next_seq %" PRIu32 "", ssn, - ssn->server.next_seq); ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {