From: Masud Hasan (mashasan) <mashasan@cisco.com>
Date: Tue, 16 Jun 2020 20:06:05 +0000 (+0000)
Subject: Merge pull request #2265 in SNORT/snort3 from ~MMATIRKO/snort3:tcp-fin-fix to master
X-Git-Tag: 3.0.1-5~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4cd64f44ef116e4e5fdfb1d42ccf7746cea5a9c2;p=thirdparty%2Fsnort3.git

Merge pull request #2265 in SNORT/snort3 from ~MMATIRKO/snort3:tcp-fin-fix to master

Squashed commit of the following:

commit 4f61bbec05db3a5eb40054894015d23dc12803b0
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Fri Jun 12 13:00:51 2020 -0400

    stream_tcp: fix issues for tcp simultaneous close
---

diff --git a/src/stream/tcp/tcp_state_closing.cc b/src/stream/tcp/tcp_state_closing.cc
index 71f5b71b7..82b8b2305 100644
--- a/src/stream/tcp/tcp_state_closing.cc
+++ b/src/stream/tcp/tcp_state_closing.cc
@@ -128,6 +128,20 @@ bool TcpStateClosing::do_post_sm_packet_actions(TcpSegmentDescriptor& tsd, TcpSt
 {
     trk.session->update_paws_timestamps(tsd);
     trk.session->check_for_window_slam(tsd);
+
+    // Handle getting stuck in CLOSED/FIN_WAIT on simultaneous close (FIN FIN ACK ACK)
+    if ( trk.get_tcp_event() != TcpStreamTracker::TCP_FIN_RECV_EVENT )
+    {
+        if ( ( trk.session->get_talker_state() == TcpStreamTracker::TCP_CLOSED ) &&
+            ( trk.session->get_listener_state() == TcpStreamTracker::TCP_TIME_WAIT ) )
+        {
+            Flow* flow = tsd.get_flow();
+            trk.session->clear_session(false, true, false, tsd.get_pkt() );
+            flow->session_state |= STREAM_STATE_CLOSED;
+            trk.session->set_pkt_action_flag(ACTION_LWSSN_CLOSED);
+        }
+    }
+
     return true;
 }