From: Victor Julien Date: Wed, 15 Feb 2023 10:56:01 +0000 (+0100) Subject: stream: set next_seq before last_ack X-Git-Tag: suricata-6.0.11~61 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f1904398a76c9bcd5acbaf44c57dbf683b427ec1;p=thirdparty%2Fsuricata.git stream: set next_seq before last_ack next_seq sometimes depends on last_ack in cases of packet loss catch up, so first update it. Bug: #5877. (cherry picked from commit 20df715e64ccab00c6f6778e1453b051aee7be17) --- diff --git a/src/stream-tcp.c b/src/stream-tcp.c index b6d43e3194..378be6623f 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -2148,12 +2148,11 @@ static int StreamTcpPacketStateSynRecv(ThreadVars *tv, Packet *p, StreamTcpHandleTimestamp(ssn, p); } + ssn->client.next_seq = TCP_GET_SEQ(p) + p->payload_len; StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); - ssn->client.next_seq = TCP_GET_SEQ(p) + p->payload_len; SCLogDebug("ssn %p: ACK for missing data: ssn->client.next_seq %u", ssn, ssn->client.next_seq); ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale; - ssn->server.next_win = ssn->server.last_ack + ssn->server.window; if (ssn->flags & STREAMTCP_FLAG_MIDSTREAM) { @@ -2832,9 +2831,6 @@ static int StreamTcpHandleFin(ThreadVars *tv, StreamTcpThread *stt, ssn->client.next_seq); ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale; - if (p->tcph->th_flags & TH_ACK) - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -2844,6 +2840,9 @@ static int StreamTcpHandleFin(ThreadVars *tv, StreamTcpThread *stt, if (SEQ_LT(ssn->server.next_seq, TCP_GET_ACK(p))) ssn->server.next_seq = TCP_GET_ACK(p); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->client, p, pq); SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "", @@ -2880,9 +2879,6 @@ static int StreamTcpHandleFin(ThreadVars *tv, StreamTcpThread *stt, ssn->server.next_seq); ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; - if (p->tcph->th_flags & TH_ACK) - StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -2892,6 +2888,9 @@ static int StreamTcpHandleFin(ThreadVars *tv, StreamTcpThread *stt, if (SEQ_LT(ssn->client.next_seq, TCP_GET_ACK(p))) ssn->client.next_seq = TCP_GET_ACK(p); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->server, p, pq); SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK %" PRIu32 "", @@ -2995,8 +2994,6 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -3010,6 +3007,8 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, StreamTcpUpdateNextSeq(ssn, &ssn->client, (ssn->client.next_seq + p->payload_len)); } + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->client, p, pq); @@ -3052,8 +3051,6 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -3114,9 +3111,6 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale; } - if (p->tcph->th_flags & TH_ACK) - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -3130,6 +3124,9 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, StreamTcpUpdateNextSeq(ssn, &ssn->client, (ssn->client.next_seq + p->payload_len)); } + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->client, p, pq); @@ -3170,9 +3167,6 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; } - if (p->tcph->th_flags & TH_ACK) - StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -3186,6 +3180,9 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, StreamTcpUpdateNextSeq(ssn, &ssn->server, (ssn->server.next_seq + p->payload_len)); } + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->server, p, pq); @@ -3253,8 +3250,6 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, } } - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -3268,6 +3263,8 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, StreamTcpUpdateNextSeq(ssn, &ssn->client, (ssn->client.next_seq + p->payload_len)); } + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + StreamTcpSackUpdatePacket(&ssn->server, p); /* update next_win */ @@ -3321,8 +3318,6 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -3336,6 +3331,8 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, StreamTcpUpdateNextSeq(ssn, &ssn->server, (ssn->server.next_seq + p->payload_len)); } + StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); + StreamTcpSackUpdatePacket(&ssn->client, p); /* update next_win */ @@ -3454,9 +3451,6 @@ static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p, ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale; } - if (p->tcph->th_flags & TH_ACK) - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -3466,6 +3460,9 @@ static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p, if (SEQ_LT(ssn->server.next_seq, TCP_GET_ACK(p))) ssn->server.next_seq = TCP_GET_ACK(p); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->client, p, pq); @@ -3509,9 +3506,6 @@ static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p, ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; } - if (p->tcph->th_flags & TH_ACK) - StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -3521,8 +3515,12 @@ static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p, if (SEQ_LT(ssn->client.next_seq, TCP_GET_ACK(p))) ssn->client.next_seq = TCP_GET_ACK(p); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->server, p, pq); + SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK " "%" PRIu32 "", ssn, ssn->server.next_seq, ssn->client.last_ack); @@ -3574,8 +3572,6 @@ static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p, ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -3584,6 +3580,8 @@ static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p, StreamTcpUpdateNextSeq(ssn, &ssn->client, (ssn->client.next_seq + p->payload_len)); } + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + StreamTcpSackUpdatePacket(&ssn->server, p); /* update next_win */ @@ -3629,8 +3627,6 @@ static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p, ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -3639,6 +3635,8 @@ static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p, StreamTcpUpdateNextSeq(ssn, &ssn->server, (ssn->server.next_seq + p->payload_len)); } + StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); + StreamTcpSackUpdatePacket(&ssn->client, p); /* update next_win */ @@ -3752,8 +3750,6 @@ static int StreamTcpPacketStateClosing(ThreadVars *tv, Packet *p, ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -3762,8 +3758,11 @@ static int StreamTcpPacketStateClosing(ThreadVars *tv, Packet *p, if (SEQ_LT(ssn->server.next_seq, TCP_GET_ACK(p))) ssn->server.next_seq = TCP_GET_ACK(p); + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->client, p, pq); + SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK " "%" PRIu32 "", ssn, ssn->client.next_seq, ssn->server.last_ack); @@ -3798,8 +3797,6 @@ static int StreamTcpPacketStateClosing(ThreadVars *tv, Packet *p, ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -3809,8 +3806,11 @@ static int StreamTcpPacketStateClosing(ThreadVars *tv, Packet *p, if (SEQ_LT(ssn->client.next_seq, TCP_GET_ACK(p))) ssn->client.next_seq = TCP_GET_ACK(p); + StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->server, p, pq); + SCLogDebug("StreamTcpPacketStateClosing (%p): =+ next SEQ " "%" PRIu32 ", last ACK %" PRIu32 "", ssn, ssn->server.next_seq, ssn->client.last_ack); @@ -3927,9 +3927,6 @@ static int StreamTcpPacketStateCloseWait(ThreadVars *tv, Packet *p, if (!retransmission) ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale; - if (p->tcph->th_flags & TH_ACK) - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -3939,8 +3936,12 @@ static int StreamTcpPacketStateCloseWait(ThreadVars *tv, Packet *p, if (SEQ_LT(ssn->server.next_seq, TCP_GET_ACK(p))) ssn->server.next_seq = TCP_GET_ACK(p); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->client, p, pq); + SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK " "%" PRIu32 "", ssn, ssn->client.next_seq, ssn->server.last_ack); @@ -3980,9 +3981,6 @@ static int StreamTcpPacketStateCloseWait(ThreadVars *tv, Packet *p, ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; } - if (p->tcph->th_flags & TH_ACK) - StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -3992,6 +3990,9 @@ static int StreamTcpPacketStateCloseWait(ThreadVars *tv, Packet *p, if (SEQ_LT(ssn->client.next_seq, TCP_GET_ACK(p))) ssn->client.next_seq = TCP_GET_ACK(p); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->server, p, pq); SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK " @@ -4045,8 +4046,6 @@ static int StreamTcpPacketStateCloseWait(ThreadVars *tv, Packet *p, ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -4059,6 +4058,8 @@ static int StreamTcpPacketStateCloseWait(ThreadVars *tv, Packet *p, if (SEQ_EQ(TCP_GET_SEQ(p),ssn->client.next_seq)) StreamTcpUpdateNextSeq(ssn, &ssn->client, (ssn->client.next_seq + p->payload_len)); + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->client, p, pq); SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK " @@ -4098,8 +4099,6 @@ static int StreamTcpPacketStateCloseWait(ThreadVars *tv, Packet *p, ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -4112,6 +4111,8 @@ static int StreamTcpPacketStateCloseWait(ThreadVars *tv, Packet *p, if (SEQ_EQ(TCP_GET_SEQ(p),ssn->server.next_seq)) StreamTcpUpdateNextSeq(ssn, &ssn->server, (ssn->server.next_seq + p->payload_len)); + StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->server, p, pq); SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK " @@ -4226,8 +4227,6 @@ static int StreamTcpPacketStateLastAck(ThreadVars *tv, Packet *p, ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -4237,6 +4236,8 @@ static int StreamTcpPacketStateLastAck(ThreadVars *tv, Packet *p, if (SEQ_LT(ssn->server.next_seq, TCP_GET_ACK(p))) ssn->server.next_seq = TCP_GET_ACK(p); + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->client, p, pq); SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK " @@ -4346,8 +4347,6 @@ static int StreamTcpPacketStateTimeWait(ThreadVars *tv, Packet *p, ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -4357,6 +4356,8 @@ static int StreamTcpPacketStateTimeWait(ThreadVars *tv, Packet *p, if (SEQ_LT(ssn->server.next_seq, TCP_GET_ACK(p))) ssn->server.next_seq = TCP_GET_ACK(p); + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->client, p, pq); SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK " @@ -4396,8 +4397,6 @@ static int StreamTcpPacketStateTimeWait(ThreadVars *tv, Packet *p, ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); - if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); } @@ -4407,6 +4406,8 @@ static int StreamTcpPacketStateTimeWait(ThreadVars *tv, Packet *p, if (SEQ_LT(ssn->client.next_seq, TCP_GET_ACK(p))) ssn->client.next_seq = TCP_GET_ACK(p); + StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); + StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->server, p, pq); SCLogDebug("ssn %p: =+ next SEQ %" PRIu32 ", last ACK "