From: Victor Julien <victor@inliniac.net>
Date: Fri, 3 Aug 2018 10:12:43 +0000 (+0200)
Subject: stream: use flow/packet swap logic for SYN/ACK midstream
X-Git-Tag: suricata-5.0.0-beta1~132
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c241fa32c39643a9ca8aa4d82623bbc30406d67;p=thirdparty%2Fsuricata.git

stream: use flow/packet swap logic for SYN/ACK midstream
---

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 3f389900bd..0d5dcd0df0 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -927,6 +927,12 @@ static int StreamTcpPacketStateNone(ThreadVars *tv, Packet *p,
             StatsIncr(tv, stt->counter_tcp_sessions);
             StatsIncr(tv, stt->counter_tcp_midstream_pickups);
         }
+
+        /* reverse packet and flow */
+        SCLogDebug("reversing flow and packet");
+        PacketSwap(p);
+        FlowSwap(p->flow);
+
         /* set the state */
         StreamTcpPacketSetState(p, ssn, TCP_SYN_RECV);
         SCLogDebug("ssn %p: =~ midstream picked ssn state is now "
@@ -1001,9 +1007,7 @@ static int StreamTcpPacketStateNone(ThreadVars *tv, Packet *p,
             SCLogDebug("ssn %p: SYN/ACK with SACK permitted, assuming "
                     "SACK permitted for both sides", ssn);
         }
-
-        /* packet thinks it is in the wrong direction, flip it */
-        StreamTcpPacketSwitchDir(ssn, p);
+        return 0;
 
     } else if (p->tcph->th_flags & TH_SYN) {
         if (ssn == NULL) {
@@ -4774,11 +4778,6 @@ int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt,
             p->flags |= PKT_STREAM_NO_EVENTS;
         }
 
-        /* check if the packet is in right direction, when we missed the
-           SYN packet and picked up midstream session. */
-        if (ssn->flags & STREAMTCP_FLAG_MIDSTREAM_SYNACK)
-            StreamTcpPacketSwitchDir(ssn, p);
-
         if (StreamTcpPacketIsKeepAlive(ssn, p) == 1) {
             goto skip;
         }
diff --git a/src/stream-tcp.h b/src/stream-tcp.h
index 7ad867bdce..e243eebb5e 100644
--- a/src/stream-tcp.h
+++ b/src/stream-tcp.h
@@ -164,21 +164,6 @@ static inline int StreamTcpCheckFlowDrops(Packet *p)
     return 0;
 }
 
-/**
- *  \brief  Function to flip the direction When we missed the SYN packet,
- *          SYN/ACK is considered as sent by server, but our engine flagged the
- *          packet as from client for the host whose packet is received first in
- *          the session.
- *
- *  \param  ssn TcpSession to whom this packet belongs
- *  \param  p   Packet whose flag has to be changed
- */
-static inline void StreamTcpPacketSwitchDir(TcpSession *ssn, Packet *p)
-{
-    SCLogDebug("ssn %p: switching pkt direction", ssn);
-    PacketSwap(p);
-}
-
 enum {
     /* stream has no segments for forced reassembly, nor for detection */
     STREAM_HAS_UNPROCESSED_SEGMENTS_NONE = 0,