From: Steve Chew (stechew) <stechew@cisco.com>
Date: Tue, 24 Mar 2020 14:03:54 +0000 (+0000)
Subject: Merge pull request #2079 in SNORT/snort3 from ~STECHEW/snort3:malware_block_with_retr... 
X-Git-Tag: 3.0.0-270~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e4476368f69ee3437e46d72655a0fc49c5a6e25;p=thirdparty%2Fsnort3.git

Merge pull request #2079 in SNORT/snort3 from ~STECHEW/snort3:malware_block_with_retry to master

Squashed commit of the following:

commit 9c4ea9f5a683908369e005325ca833d85fec01a3
Author: Steve Chew <stechew@cisco.com>
Date:   Sun Mar 22 10:48:00 2020 -0400

    stream/tcp: Moved retry check to TcpSession::process.

commit 46cc63de4bd2b0b5e026dfd5e47e17f98680e531
Author: Steve Chew <stechew@cisco.com>
Date:   Sat Mar 14 18:55:51 2020 -0400

    stream: short-circuit stream when handling retry packets in no-ack mode.
---

diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc
index e6d1a9d68..a6803c02e 100644
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -1040,6 +1040,15 @@ int TcpSession::process(Packet* p)
     Profile profile(s5TcpPerfStats);
     assert(flow->ssn_server);
 
+    if ( no_ack_mode_enabled() and p->is_retry() )
+    {
+        // Don't need to process a retry packet through stream again,
+        // just make sure the retransmit handler is called so that
+        // we do things like update file inspection.
+        flow->call_handlers(p, false);
+        return ACTION_NOTHING;
+    }
+
     // FIXIT-H need to do something here to handle check for need to swap trackers??
     if ( !config )
         config = get_tcp_cfg(flow->ssn_server);