From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Thu, 22 Aug 2019 15:14:19 +0000 (-0400)
Subject: Merge pull request #1713 in SNORT/snort3 from ~NIHDESAI/snort3:small_segs to master
X-Git-Tag: 3.0.0-260~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=33f335099e554f850c4e0460812d55b883ba03a8;p=thirdparty%2Fsnort3.git

Merge pull request #1713 in SNORT/snort3 from ~NIHDESAI/snort3:small_segs to master

Squashed commit of the following:

commit 548c72921772fd15d7b263602ab5c6f03ea048ce
Author: russ <rucombs@cisco.com>
Date:   Wed Jul 10 15:54:14 2019 -0400

    stream_tcp: clear consecutive small segs count upon non-small segs only
---

diff --git a/src/stream/libtcp/tcp_stream_tracker.cc b/src/stream/libtcp/tcp_stream_tracker.cc
index a2070b58a..548a2d335 100644
--- a/src/stream/libtcp/tcp_stream_tracker.cc
+++ b/src/stream/libtcp/tcp_stream_tracker.cc
@@ -497,9 +497,6 @@ void TcpStreamTracker::update_tracker_ack_sent(TcpSegmentDescriptor& tsd)
     if ( SEQ_GT(tsd.get_end_seq(), snd_nxt) )
         snd_nxt = tsd.get_end_seq();
 
-    if ( !SEQ_EQ(r_win_base, tsd.get_seg_ack() ) )
-        small_seg_count = 0;
-
     if ( SEQ_GT(tsd.get_seg_ack(), r_win_base) )
         r_win_base = tsd.get_seg_ack();
 
diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc
index 6be16a1d6..ba46c5f01 100644
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -292,19 +292,13 @@ bool TcpSession::flow_exceeds_config_thresholds(TcpSegmentDescriptor& tsd)
     if ( ( config->flags & STREAM_CONFIG_NO_ASYNC_REASSEMBLY ) && !flow->two_way_traffic() )
         return true;
 
-    if ( config->max_consec_small_segs
-            && ( tsd.get_seg_len() < config->max_consec_small_seg_size ) )
+    if ( config->max_consec_small_segs )
     {
-        listener->small_seg_count++;
+        if ( tsd.get_seg_len() >= config->max_consec_small_seg_size )
+            listener->small_seg_count = 0;
 
-        if ( listener->small_seg_count > config->max_consec_small_segs )
-        {
-            /* Above threshold, log it...  in this TCP policy,
-             * action controlled by preprocessor rule. */
+        else if ( ++listener->small_seg_count == config->max_consec_small_segs )
             tel.set_tcp_event(EVENT_MAX_SMALL_SEGS_EXCEEDED);
-            /* Reset counter, so we're not too noisy */
-            listener->small_seg_count = 0;
-        }
     }
 
     if ( config->max_queued_bytes