From: Victor Julien Date: Sun, 2 Sep 2018 09:34:42 +0000 (+0200) Subject: stream/tcp: be more liberal in last_ack X-Git-Tag: suricata-4.0.6~36 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96869a367a0ca513a4de7833f68a844d9596e4b0;p=thirdparty%2Fsuricata.git stream/tcp: be more liberal in last_ack Don't set even if seq is before next_seq, as this could still be a valid packet that was sent before the state was reached. --- diff --git a/src/stream-tcp.c b/src/stream-tcp.c index b46726dfab..c2c46f8009 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -3981,14 +3981,6 @@ static int StreamTcpPacketStateLastAck(ThreadVars *tv, Packet *p, retransmission = 1; } - if (TCP_GET_SEQ(p) != ssn->client.next_seq && TCP_GET_SEQ(p) != ssn->client.next_seq + 1) { - SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 "" - " != %" PRIu32 " from stream", ssn, - TCP_GET_SEQ(p), ssn->client.next_seq); - StreamTcpSetEvent(p, STREAM_LASTACK_ACK_WRONG_SEQ); - return -1; - } - if (StreamTcpValidateAck(ssn, &ssn->server, p) == -1) { SCLogDebug("ssn %p: rejecting because of invalid ack value", ssn); StreamTcpSetEvent(p, STREAM_LASTACK_INVALID_ACK); @@ -3996,9 +3988,19 @@ static int StreamTcpPacketStateLastAck(ThreadVars *tv, Packet *p, } if (!retransmission) { - StreamTcpPacketSetState(p, ssn, TCP_CLOSED); - SCLogDebug("ssn %p: state changed to TCP_CLOSED", ssn); + if (SEQ_LT(TCP_GET_SEQ(p), ssn->client.next_seq)) { + SCLogDebug("ssn %p: not updating state as packet is before next_seq", ssn); + } else if (TCP_GET_SEQ(p) != ssn->client.next_seq && TCP_GET_SEQ(p) != ssn->client.next_seq + 1) { + SCLogDebug("ssn %p: -> SEQ mismatch, packet SEQ %" PRIu32 "" + " != %" PRIu32 " from stream", ssn, + TCP_GET_SEQ(p), ssn->client.next_seq); + StreamTcpSetEvent(p, STREAM_LASTACK_ACK_WRONG_SEQ); + return -1; + } else { + StreamTcpPacketSetState(p, ssn, TCP_CLOSED); + SCLogDebug("ssn %p: state changed to TCP_CLOSED", ssn); + } ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale; }