From: Masud Hasan (mashasan) Date: Wed, 14 Oct 2020 16:39:10 +0000 (+0000) Subject: Merge pull request #2543 in SNORT/snort3 from ~DAVMCPHE/snort3:stream_bad_meta_ack... X-Git-Tag: 3.0.3-3~23 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=45413251640e683fee5c94b9451978d684cf209e;p=thirdparty%2Fsnort3.git Merge pull request #2543 in SNORT/snort3 from ~DAVMCPHE/snort3:stream_bad_meta_ack to master Squashed commit of the following: commit e92e548a1d23179ecdd14ffc76ec9148580f4158 Author: davis mcpherson Date: Mon Oct 12 16:11:00 2020 -0400 stream_tcp: don't attempt to drop 'meta_ack packets', there is no wire packet for these acks --- diff --git a/src/stream/tcp/tcp_normalizer.cc b/src/stream/tcp/tcp_normalizer.cc index 1d848d4ad..027bd335a 100644 --- a/src/stream/tcp/tcp_normalizer.cc +++ b/src/stream/tcp/tcp_normalizer.cc @@ -90,6 +90,9 @@ bool TcpNormalizer::strip_tcp_timestamp( bool TcpNormalizer::packet_dropper( TcpNormalizerState& tns, TcpSegmentDescriptor& tsd, NormFlags f) { + if ( tsd.is_meta_ack_packet() ) + return false; + const int8_t mode = (f == NORM_TCP_BLOCK) ? tns.tcp_block : tns.opt_block; tcp_norm_stats[PC_TCP_BLOCK][mode]++;