From: Victor Julien <victor@inliniac.net>
Date: Tue, 16 Oct 2012 12:52:29 +0000 (+0200)
Subject: stream: don't flag zero window probe packets as out of window. Bug #604.
X-Git-Tag: suricata-1.4beta3~83
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=305ed3f23bf0c0e0268e97a31c667ae2e9994475;p=thirdparty%2Fsuricata.git

stream: don't flag zero window probe packets as out of window. Bug #604.
---

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 9d2ff5da2c..8f1da11e73 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -1644,14 +1644,23 @@ static int HandleEstablishedPacketToServer(ThreadVars *tv, TcpSession *ssn, Pack
         }
     }
 
-    if (SEQ_EQ(ssn->client.next_seq, TCP_GET_SEQ(p))) {
+    int zerowindowprobe = 0;
+    /* zero window probe */
+    if (p->payload_len == 1 && TCP_GET_SEQ(p) == ssn->client.next_seq && ssn->client.window == 0) {
+        SCLogDebug("ssn %p: zero window probe", ssn);
+        zerowindowprobe = 1;
+
+    /* expected packet */
+    } else if (SEQ_EQ(ssn->client.next_seq, TCP_GET_SEQ(p))) {
         ssn->client.next_seq += p->payload_len;
         SCLogDebug("ssn %p: ssn->client.next_seq %" PRIu32 "",
                     ssn, ssn->client.next_seq);
     }
 
     /* in window check */
-    if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->client.next_win) ||
+    if (zerowindowprobe) {
+        SCLogDebug("ssn %p: zero window probe, skipping oow check", ssn);
+    } else if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->client.next_win) ||
             (ssn->flags & STREAMTCP_FLAG_MIDSTREAM) ||
             ssn->flags & STREAMTCP_FLAG_ASYNC)
     {
@@ -1763,13 +1772,22 @@ static int HandleEstablishedPacketToClient(ThreadVars *tv, TcpSession *ssn, Pack
         }
     }
 
-    if (SEQ_EQ(ssn->server.next_seq, TCP_GET_SEQ(p))) {
+    int zerowindowprobe = 0;
+    /* zero window probe */
+    if (p->payload_len == 1 && TCP_GET_SEQ(p) == ssn->server.next_seq && ssn->server.window == 0) {
+        SCLogDebug("ssn %p: zero window probe", ssn);
+        zerowindowprobe = 1;
+
+    /* expected packet */
+    } else if (SEQ_EQ(ssn->server.next_seq, TCP_GET_SEQ(p))) {
         ssn->server.next_seq += p->payload_len;
         SCLogDebug("ssn %p: ssn->server.next_seq %" PRIu32 "",
                 ssn, ssn->server.next_seq);
     }
 
-    if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->server.next_win) ||
+    if (zerowindowprobe) {
+        SCLogDebug("ssn %p: zero window probe, skipping oow check", ssn);
+    } else if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->server.next_win) ||
             (ssn->flags & STREAMTCP_FLAG_MIDSTREAM) ||
             (ssn->flags & STREAMTCP_FLAG_ASYNC)) {
         SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->server.next_win "