From: Victor Julien <victor@inliniac.net>
Date: Thu, 1 Jun 2017 13:20:17 +0000 (+0200)
Subject: stream/async: more liberal RST acceptance
X-Git-Tag: suricata-4.0.0-beta1~47
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dfff228f75d8b657cb75044b421c35a5a5937f38;p=thirdparty%2Fsuricata.git

stream/async: more liberal RST acceptance
---

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 77aef41d09..fcde11e027 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -5044,6 +5044,22 @@ static int StreamTcpValidateRst(TcpSession *ssn, Packet *p)
         }
     }
 
+    if (ssn->flags & STREAMTCP_FLAG_ASYNC) {
+        if (PKT_IS_TOSERVER(p)) {
+            if (SEQ_GEQ(TCP_GET_SEQ(p), ssn->client.next_seq)) {
+                SCLogDebug("ssn %p: ASYNC accept RST", ssn);
+                return 1;
+            }
+        } else {
+            if (SEQ_GEQ(TCP_GET_SEQ(p), ssn->server.next_seq)) {
+                SCLogDebug("ssn %p: ASYNC accept RST", ssn);
+                return 1;
+            }
+        }
+        SCLogDebug("ssn %p: ASYNC reject RST", ssn);
+        return 0;
+    }
+
     switch (os_policy) {
         case OS_POLICY_HPUX11:
             if(PKT_IS_TOSERVER(p)){