From: Victor Julien <victor@inliniac.net>
Date: Fri, 26 Jan 2018 08:14:16 +0000 (+0100)
Subject: stream: improve overlap detection
X-Git-Tag: suricata-4.0.6~53
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=efaa7f13de2796046d66d0d77081790d84880bd0;p=thirdparty%2Fsuricata.git

stream: improve overlap detection

Improve detection of overlapping different data. Keep some data around
even if it was already ACK'd to check if packets have overlap.
---

diff --git a/src/stream-tcp-list.c b/src/stream-tcp-list.c
index a9c7cc7cd2..ae9c50b4a5 100644
--- a/src/stream-tcp-list.c
+++ b/src/stream-tcp-list.c
@@ -687,6 +687,18 @@ static inline uint64_t GetLeftEdge(TcpSession *ssn, TcpStream *stream)
             last_ack_abs += delta;
         }
         left_edge = MIN(left_edge, last_ack_abs);
+
+    /* if we're told to look for overlaps with different data we should
+     * consider data that is ack'd as well. Injected packets may have
+     * been ack'd or injected packet may be too late. */
+    } else if (check_overlap_different_data) {
+        uint32_t window = stream->window ? stream->window : 4096;
+        if (window < left_edge)
+            left_edge -= window;
+        else
+            left_edge = 0;
+
+        SCLogDebug("stream:%p left_edge %"PRIu64, stream, left_edge);
     }
 
     if (left_edge > 0) {