From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Thu, 2 Feb 2023 16:12:59 +0000 (+0000)
Subject: Pull request #3739: stream_tcp: fix passive pickups with missing packets
X-Git-Tag: 3.1.55.0~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47519fd4f5dc45b92e56ed3d0d34829ccedb19d7;p=thirdparty%2Fsnort3.git

Pull request #3739: stream_tcp: fix passive pickups with missing packets

Merge in SNORT/snort3 from ~RUCOMBS/snort3:tcp_fix to master

Squashed commit of the following:

commit 0da36c1f5a12f6d3d74447fc1afc6409f46d83a9
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed Jan 18 10:25:07 2023 -0500

    stream_tcp: fix passive pickups with missing packets

    Thanks to nagmtuc and hedayat for reporting and helping debug the issue.
---

diff --git a/src/stream/tcp/tcp_reassemblers.h b/src/stream/tcp/tcp_reassemblers.h
index be03244f6..fd1d576ab 100644
--- a/src/stream/tcp/tcp_reassemblers.h
+++ b/src/stream/tcp/tcp_reassemblers.h
@@ -97,6 +97,9 @@ public:
     uint32_t get_xtradata_mask() const
     { return trs.xtradata_mask; }
 
+    bool data_was_queued() const
+    { return trs.sos.total_bytes_queued > 0; }
+
     uint32_t get_seg_count() const
     { return trs.sos.seg_count; }
 
diff --git a/src/stream/tcp/tcp_stream_tracker.cc b/src/stream/tcp/tcp_stream_tracker.cc
index 9a64fbf77..f02119afc 100644
--- a/src/stream/tcp/tcp_stream_tracker.cc
+++ b/src/stream/tcp/tcp_stream_tracker.cc
@@ -465,12 +465,18 @@ void TcpStreamTracker::finish_server_init(TcpSegmentDescriptor& tsd)
 void TcpStreamTracker::finish_client_init(TcpSegmentDescriptor& tsd)
 {
     Flow* flow = tsd.get_flow();
-
     rcv_nxt = tsd.get_end_seq();
 
+    if ( reassembler.data_was_queued() )
+        return;  // we already have state, don't mess it up
+
     if ( !( flow->session_state & STREAM_STATE_MIDSTREAM ) )
     {
-        reassembler.set_seglist_base_seq(tsd.get_seq() + 1);
+        if ( tsd.get_tcph()->is_syn() )
+            reassembler.set_seglist_base_seq(tsd.get_seq() + 1);
+        else
+            reassembler.set_seglist_base_seq(tsd.get_seq());
+
         r_win_base = tsd.get_end_seq();
     }
     else
@@ -530,7 +536,7 @@ bool TcpStreamTracker::update_on_3whs_ack(TcpSegmentDescriptor& tsd)
 
     if ( good_ack )
     {
-        if (!irs)
+        if (!irs)  // FIXIT-L zero is a valid seq# so this kind of check is incorrect
             irs = tsd.get_seq();
         finish_client_init(tsd);
         update_tracker_ack_recv(tsd);