From: Davis McPherson (davmcphe) <davmcphe@cisco.com>
Date: Wed, 25 Mar 2020 14:33:23 +0000 (+0000)
Subject: Merge pull request #2073 in SNORT/snort3 from ~ZHIJLIU/snort3:CSCvs59026_badack to... 
X-Git-Tag: 3.0.1-1~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=59b297190cfd10e42632129651bbad0d5eb5f332;p=thirdparty%2Fsnort3.git

Merge pull request #2073 in SNORT/snort3 from ~ZHIJLIU/snort3:CSCvs59026_badack to master

Squashed commit of the following:

commit c0f2ed2c2b2572310314aa5b7b53557b12cc9966
Author: Louis Zhijun Liu <zhijliu@cisco.com>
Date:   Wed Mar 11 17:44:19 2020 -0700

    stream_tcp: Out-of-order ACK processing fix
---

diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc
index d186d3cf9..0f2ba718c 100644
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -1037,10 +1037,11 @@ bool TcpSession::validate_packet_established_session(TcpSegmentDescriptor& tsd)
 {
     pkt_action_mask |= listener->normalizer.handle_paws(tsd);
 
-    if ( pkt_action_mask & ACTION_BAD_PKT )
-        return false;
+    if ( SnortConfig::inline_mode() )
+       if ( tsd.get_tcph()->is_ack() && !listener->is_ack_valid(tsd.get_seg_ack()) )
+           pkt_action_mask |= ACTION_BAD_PKT;
 
-    return true;
+    return ( pkt_action_mask & ACTION_BAD_PKT ) ? false : true;
 }
 
 /*
diff --git a/src/stream/tcp/tcp_state_syn_recv.cc b/src/stream/tcp/tcp_state_syn_recv.cc
index 454c9c30a..6d8140066 100644
--- a/src/stream/tcp/tcp_state_syn_recv.cc
+++ b/src/stream/tcp/tcp_state_syn_recv.cc
@@ -121,6 +121,14 @@ bool TcpStateSynRecv::ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
     return true;
 }
 
+bool TcpStateSynRecv::data_seg_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
+{
+    trk.update_tracker_ack_sent(tsd);
+    if ( trk.session->no_ack_mode_enabled() )
+        trk.update_tracker_no_ack_recv(tsd);
+    return true;
+}
+
 bool TcpStateSynRecv::data_seg_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
 {
     if ( trk.is_ack_valid(tsd.get_seg_ack()) )
diff --git a/src/stream/tcp/tcp_state_syn_recv.h b/src/stream/tcp/tcp_state_syn_recv.h
index f52d70c50..8a8a77d4a 100644
--- a/src/stream/tcp/tcp_state_syn_recv.h
+++ b/src/stream/tcp/tcp_state_syn_recv.h
@@ -35,6 +35,7 @@ public:
     bool syn_ack_recv(TcpSegmentDescriptor&, TcpStreamTracker&) override;
     bool ack_sent(TcpSegmentDescriptor&, TcpStreamTracker&) override;
     bool ack_recv(TcpSegmentDescriptor&, TcpStreamTracker&) override;
+    bool data_seg_sent(TcpSegmentDescriptor&, TcpStreamTracker&) override;
     bool data_seg_recv(TcpSegmentDescriptor&, TcpStreamTracker&) override;
     bool fin_recv(TcpSegmentDescriptor&, TcpStreamTracker&) override;
     bool rst_recv(TcpSegmentDescriptor&, TcpStreamTracker&) override;