From: Victor Julien <vjulien@oisf.net>
Date: Fri, 3 Mar 2023 12:02:48 +0000 (+0100)
Subject: stream: fix TFO overlap detection with ECN/CWR flags
X-Git-Tag: suricata-6.0.11~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=73ccd0de1d5aabfc950d80fa31d108b490f917d4;p=thirdparty%2Fsuricata.git

stream: fix TFO overlap detection with ECN/CWR flags

(cherry picked from commit 5fe2fba1849afa3cd30a44dbf328a3dc256e4d08)
---

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index aab148eaf1..6d12443078 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -676,7 +676,7 @@ int StreamTcpReassembleHandleSegmentHandleData(ThreadVars *tv, TcpReassemblyThre
     seg->seq = TCP_GET_SEQ(p);
 
     /* HACK: for TFO SYN packets the seq for data starts at + 1 */
-    if (TCP_HAS_TFO(p) && p->payload_len && p->tcph->th_flags == TH_SYN)
+    if (TCP_HAS_TFO(p) && p->payload_len && (p->tcph->th_flags & TH_SYN))
         seg->seq += 1;
 
     /* proto detection skipped, but now we do get data. Set event. */