From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Mon, 3 Jun 2019 20:02:00 +0000 (-0400)
Subject: Merge pull request #1627 in SNORT/snort3 from ~MIREDDEN/snort3:stream_tcp_timestamp... 
X-Git-Tag: 3.0.0-257~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dcb760ebec088a240d3dfb145cf37730d00f4857;p=thirdparty%2Fsnort3.git

Merge pull request #1627 in SNORT/snort3 from ~MIREDDEN/snort3:stream_tcp_timestamp to master

Squashed commit of the following:

commit 7770b59dee8e8b3d7b93b8dfadbe21a33c746eb5
Author: Mike Redden <miredden@cisco.com>
Date:   Wed May 29 15:57:18 2019 -0400

    stream: Do not validate timestamp until peer timestamp is set
---

diff --git a/src/stream/tcp/tcp_normalizer.cc b/src/stream/tcp/tcp_normalizer.cc
index ade9912e7..81cd8ed95 100644
--- a/src/stream/tcp/tcp_normalizer.cc
+++ b/src/stream/tcp/tcp_normalizer.cc
@@ -265,7 +265,8 @@ bool TcpNormalizer::validate_rst(
 int TcpNormalizer::validate_paws_timestamp(
     TcpNormalizerState& tns, TcpSegmentDescriptor& tsd)
 {
-    if ( ( (int)( ( tsd.get_ts() - tns.peer_tracker->get_ts_last() ) + tns.paws_ts_fudge ) ) < 0 )
+    const uint32_t peer_ts_last = tns.peer_tracker->get_ts_last();
+    if ( peer_ts_last && ( ( (int)( ( tsd.get_ts() - peer_ts_last ) + tns.paws_ts_fudge ) ) < 0 ) )
     {
         if ( tsd.get_pkt()->is_retry() )
         {