From: Victor Julien <vjulien@oisf.net>
Date: Wed, 22 Feb 2023 20:14:23 +0000 (+0100)
Subject: stream: flag ACKs that ack segments after next_seq
X-Git-Tag: suricata-7.0.0-rc2~553
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b7739bfdba0bed56b4627c03fb9d68215f89cbf1;p=thirdparty%2Fsuricata.git

stream: flag ACKs that ack segments after next_seq

Avoid this for async streams.
---

diff --git a/src/stream-tcp-private.h b/src/stream-tcp-private.h
index 25f10b353d..e006596ac1 100644
--- a/src/stream-tcp-private.h
+++ b/src/stream-tcp-private.h
@@ -308,6 +308,7 @@ typedef struct TcpSession_ {
 #define STREAM_PKT_FLAG_EVENTSET                BIT_U16(6)
 #define STREAM_PKT_FLAG_DUP_ACK                 BIT_U16(7)
 #define STREAM_PKT_FLAG_DSACK                   BIT_U16(8)
+#define STREAM_PKT_FLAG_ACK_UNSEEN_DATA         BIT_U16(9)
 
 #define STREAM_PKT_FLAG_SET(p, f) (p)->tcpvars.stream_pkt_flags |= (f)
 
diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index f6789ae23f..c694007000 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -2626,8 +2626,14 @@ static int HandleEstablishedPacketToServer(
                     ssn->server.window);
 
         /* Check if the ACK value is sane and inside the window limit */
-        if (p->tcph->th_flags & TH_ACK)
+        if (p->tcph->th_flags & TH_ACK) {
             StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p));
+            if ((ssn->flags & STREAMTCP_FLAG_ASYNC) == 0 &&
+                    SEQ_GT(ssn->server.last_ack, ssn->server.next_seq)) {
+                STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_ACK_UNSEEN_DATA);
+            }
+        }
+
         SCLogDebug("ack %u last_ack %u next_seq %u", TCP_GET_ACK(p), ssn->server.last_ack, ssn->server.next_seq);
 
         if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {
@@ -2756,8 +2762,13 @@ static int HandleEstablishedPacketToClient(
         SCLogDebug("ssn %p: ssn->client.window %"PRIu32"", ssn,
                     ssn->client.window);
 
-        if (p->tcph->th_flags & TH_ACK)
+        if (p->tcph->th_flags & TH_ACK) {
             StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p));
+            if ((ssn->flags & STREAMTCP_FLAG_ASYNC) == 0 &&
+                    SEQ_GT(ssn->client.last_ack, ssn->client.next_seq)) {
+                STREAM_PKT_FLAG_SET(p, STREAM_PKT_FLAG_ACK_UNSEEN_DATA);
+            }
+        }
 
         if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) {
             StreamTcpHandleTimestamp(ssn, p);