From: Michael Altizer (mialtize) <mialtize@cisco.com>
Date: Thu, 9 Jul 2020 22:54:07 +0000 (+0000)
Subject: Merge pull request #2323 in SNORT/snort3 from ~DAVMCPHE/snort3:meta-ack-updates to... 
X-Git-Tag: 3.0.2-2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6f4c4538dad0c28e5f266083dcad783273ec9c7f;p=thirdparty%2Fsnort3.git

Merge pull request #2323 in SNORT/snort3 from ~DAVMCPHE/snort3:meta-ack-updates to master

Squashed commit of the following:

commit 8ad3cebdc0baf46bb81eecbdf6eddbc71f08fa1b
Author: davis mcpherson <davmcphe@cisco.com>
Date:   Wed Jul 8 11:49:29 2020 -0400

    stream_tcp: meta-ack from daq is in network order not host, remove conversion from host to network

    stream_tcp: process meta-ack info in any flush policy mode
---

diff --git a/src/stream/tcp/tcp_segment_descriptor.cc b/src/stream/tcp/tcp_segment_descriptor.cc
index 9cf001a47..b756bb7e7 100644
--- a/src/stream/tcp/tcp_segment_descriptor.cc
+++ b/src/stream/tcp/tcp_segment_descriptor.cc
@@ -68,10 +68,10 @@ TcpSegmentDescriptor::TcpSegmentDescriptor
     ma_pseudo_tcph.th_dport = p->ptrs.tcph->raw_src_port();
     ma_pseudo_tcph.th_sport = p->ptrs.tcph->raw_dst_port();
     ma_pseudo_tcph.th_seq = p->ptrs.tcph->raw_ack();
-    ma_pseudo_tcph.th_ack = htonl(meta_ack);
+    ma_pseudo_tcph.th_ack = meta_ack;
     ma_pseudo_tcph.th_offx2 = 0;
     ma_pseudo_tcph.th_flags = TH_ACK;
-    ma_pseudo_tcph.th_win = htons(window);
+    ma_pseudo_tcph.th_win = window;
     ma_pseudo_tcph.th_sum = 0;
     ma_pseudo_tcph.th_urp = 0;
 
diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc
index 9a840c4f1..6124519b9 100644
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -1096,18 +1096,15 @@ int TcpSession::process(Packet* p)
     TcpSegmentDescriptor tsd(flow, p, tel);
     init_tcp_packet_analysis(tsd);
 
-    // if listener is in pre-ack mode, check for and process meta-ack info first if present
-    // the current listener is the talker for the meta-ack...
-    if ( tsd.get_listener()->get_flush_policy() == STREAM_FLPOLICY_ON_DATA )
+    // check for and process meta-ack info first if present, the current listener is the
+    // talker for the meta-ack...
+    DAQ_PktTcpAckData_t* tcp_mack = (DAQ_PktTcpAckData_t*)p->daq_msg->meta[DAQ_PKT_META_TCP_ACK_DATA];
+    if ( tcp_mack )
     {
-        DAQ_PktTcpAckData_t* tcp_mack = (DAQ_PktTcpAckData_t*)p->daq_msg->meta[DAQ_PKT_META_TCP_ACK_DATA];
-        if ( tcp_mack )
-        {
-            TcpSegmentDescriptor ma_tsd(flow, p, tcp_mack->tcp_ack_seq_num, tcp_mack->tcp_window_size);
-            init_tcp_packet_analysis(ma_tsd);
-            process_tcp_packet(ma_tsd);
-            tcpStats.meta_acks++;
-        }
+        TcpSegmentDescriptor ma_tsd(flow, p, tcp_mack->tcp_ack_seq_num, tcp_mack->tcp_window_size);
+        init_tcp_packet_analysis(ma_tsd);
+        process_tcp_packet(ma_tsd);
+        tcpStats.meta_acks++;
     }
 
     if ( p->context->conf->is_address_anomaly_check_enabled() )