From: Victor Julien Date: Mon, 27 May 2024 13:57:38 +0000 (+0200) Subject: tcp: fix 'broken ack' on flow timeout X-Git-Tag: suricata-8.0.0-beta1~1029 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a404fd26af64f60e8eaa86419a11393d7c4bfdda;p=thirdparty%2Fsuricata.git tcp: fix 'broken ack' on flow timeout Don't set an ACK value if ACK flag is no longer set. This avoids a bogus `pkt_broken_ack` event set. Fixes: ebf465a11bff ("tcp: do not assign TCP flags to pseudopackets") Ticket: #7158. --- diff --git a/src/flow-timeout.c b/src/flow-timeout.c index 87ec7e1686..e08c519537 100644 --- a/src/flow-timeout.c +++ b/src/flow-timeout.c @@ -222,7 +222,7 @@ static inline Packet *FlowPseudoPacketSetup( p->l4.hdrs.tcph->th_dport = htons(f->dp); p->l4.hdrs.tcph->th_seq = htonl(ssn->client.next_seq); - p->l4.hdrs.tcph->th_ack = htonl(ssn->server.last_ack); + p->l4.hdrs.tcph->th_ack = 0; /* to client */ } else { @@ -230,7 +230,7 @@ static inline Packet *FlowPseudoPacketSetup( p->l4.hdrs.tcph->th_dport = htons(f->sp); p->l4.hdrs.tcph->th_seq = htonl(ssn->server.next_seq); - p->l4.hdrs.tcph->th_ack = htonl(ssn->client.last_ack); + p->l4.hdrs.tcph->th_ack = 0; } if (FLOW_IS_IPV4(f)) { diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 337b626810..b212f1e991 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -5550,10 +5550,8 @@ int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt, * we care about reassembly here. */ if (p->flags & PKT_PSEUDO_STREAM_END) { if (PKT_IS_TOCLIENT(p)) { - ssn->client.last_ack = TCP_GET_RAW_ACK(tcph); StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->server, p); } else { - ssn->server.last_ack = TCP_GET_RAW_ACK(tcph); StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->client, p); } /* straight to 'skip' as we already handled reassembly */