From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri, 21 Oct 2016 13:03:56 +0000 (-0400)
Subject: Merge pull request #680 in SNORT/snort3 from fix_129_16_fp to master
X-Git-Tag: 3.0.0-233~213
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fccf1a7c8570161c637b79e77a1ee7f6bb80d0c9;p=thirdparty%2Fsnort3.git

Merge pull request #680 in SNORT/snort3 from fix_129_16_fp to master

Squashed commit of the following:

commit 9f67e124c98a576e3920765abe9f721485f9e653
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date:   Wed Oct 12 16:56:13 2016 -0400

    Fix bad fin false positive
---

diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc
index 353e402f6..f686dd871 100644
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -1119,7 +1119,6 @@ int TcpSession::process(Packet* p)
     assert(flow->ssn_server);
 
     // FIXIT-H need to do something here to handle check for need to swap trackers??
-
     if ( !config )
         config = get_tcp_cfg(flow->ssn_server);
 
diff --git a/src/stream/tcp/tcp_state_established.cc b/src/stream/tcp/tcp_state_established.cc
index 654c39c56..8b26d448d 100644
--- a/src/stream/tcp/tcp_state_established.cc
+++ b/src/stream/tcp/tcp_state_established.cc
@@ -119,9 +119,11 @@ bool TcpStateEstablished::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker&
         trk.session->handle_data_segment(tsd);
         trk.flush_data_on_fin_recv(tsd);
     }
-    trk.update_on_fin_recv(tsd);
-    trk.session->update_perf_base_state(TcpStreamTracker::TCP_CLOSING);
-    trk.set_tcp_state(TcpStreamTracker::TCP_CLOSE_WAIT);
+    if ( trk.update_on_fin_recv(tsd) )
+    {
+        trk.session->update_perf_base_state(TcpStreamTracker::TCP_CLOSING);
+        trk.set_tcp_state(TcpStreamTracker::TCP_CLOSE_WAIT);
+    }
 
     return default_state_action(tsd, trk);
 }
diff --git a/src/stream/tcp/tcp_state_fin_wait1.cc b/src/stream/tcp/tcp_state_fin_wait1.cc
index 20e177c5e..65b3a2fd7 100644
--- a/src/stream/tcp/tcp_state_fin_wait1.cc
+++ b/src/stream/tcp/tcp_state_fin_wait1.cc
@@ -117,18 +117,18 @@ bool TcpStateFinWait1::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk
     Flow* flow = tsd.get_flow();
 
     trk.update_tracker_ack_recv(tsd);
-    trk.update_on_fin_recv(tsd);
-
-    if ( check_for_window_slam(tsd, trk) )
+    if ( trk.update_on_fin_recv(tsd) )
     {
-        //session.handle_fin_recv_in_fw1(tsd);
-        if ( tsd.get_seg_len() > 0 )
-            trk.session->handle_data_segment(tsd);
+        if ( check_for_window_slam(tsd, trk) )
+        {
+            if ( tsd.get_seg_len() > 0 )
+                trk.session->handle_data_segment(tsd);
 
-        if ( !flow->two_way_traffic() )
-            trk.set_tf_flags(TF_FORCE_FLUSH);
+            if ( !flow->two_way_traffic() )
+                trk.set_tf_flags(TF_FORCE_FLUSH);
 
-        trk.set_tcp_state(TcpStreamTracker::TCP_TIME_WAIT);
+            trk.set_tcp_state(TcpStreamTracker::TCP_TIME_WAIT);
+        }
     }
 
     return default_state_action(tsd, trk);
diff --git a/src/stream/tcp/tcp_state_fin_wait2.cc b/src/stream/tcp/tcp_state_fin_wait2.cc
index 3b79e1e53..30edca40b 100644
--- a/src/stream/tcp/tcp_state_fin_wait2.cc
+++ b/src/stream/tcp/tcp_state_fin_wait2.cc
@@ -129,15 +129,16 @@ bool TcpStateFinWait2::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk
     Flow* flow = tsd.get_flow();
 
     trk.update_tracker_ack_recv(tsd);
-    trk.update_on_fin_recv(tsd);
-
-    if ( tsd.get_seg_len() > 0 )
-        trk.session->handle_data_segment(tsd);
+    if ( trk.update_on_fin_recv(tsd) )
+    {
+        if ( tsd.get_seg_len() > 0 )
+            trk.session->handle_data_segment(tsd);
 
-    if ( !flow->two_way_traffic() )
-        trk.set_tf_flags(TF_FORCE_FLUSH);
+        if ( !flow->two_way_traffic() )
+            trk.set_tf_flags(TF_FORCE_FLUSH);
 
-    trk.set_tcp_state(TcpStreamTracker::TCP_TIME_WAIT);
+        trk.set_tcp_state(TcpStreamTracker::TCP_TIME_WAIT);
+    }
 
     return default_state_action(tsd, trk);
 }
diff --git a/src/stream/tcp/tcp_state_syn_recv.cc b/src/stream/tcp/tcp_state_syn_recv.cc
index 8480d7c71..f71e90819 100644
--- a/src/stream/tcp/tcp_state_syn_recv.cc
+++ b/src/stream/tcp/tcp_state_syn_recv.cc
@@ -170,9 +170,11 @@ bool TcpStateSynRecv::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
             trk.flush_data_on_fin_recv(tsd);
         }
 
-        trk.update_on_fin_recv(tsd);
-        trk.session->update_perf_base_state(TcpStreamTracker::TCP_CLOSING);
-        trk.set_tcp_state(TcpStreamTracker::TCP_CLOSE_WAIT);
+        if ( trk.update_on_fin_recv(tsd) )
+        {
+            trk.session->update_perf_base_state(TcpStreamTracker::TCP_CLOSING);
+            trk.set_tcp_state(TcpStreamTracker::TCP_CLOSE_WAIT);
+        }
     }
 
     return default_state_action(tsd, trk);
diff --git a/src/stream/tcp/tcp_tracker.cc b/src/stream/tcp/tcp_tracker.cc
index 66d1b4aa9..9f21b89c4 100644
--- a/src/stream/tcp/tcp_tracker.cc
+++ b/src/stream/tcp/tcp_tracker.cc
@@ -55,6 +55,7 @@ void TcpTracker::init_tcp_state(void )
     memset(&alerts, 0, sizeof(alerts));
     memset(&mac_addr, 0, sizeof(mac_addr));
     mac_addr_valid = false;
+    fin_final_seq = 0;
     rst_pkt_sent = false;
 }
 
@@ -479,7 +480,7 @@ bool TcpTracker::update_on_fin_recv(TcpSegmentDescriptor& tsd)
     if ( SEQ_LT(tsd.get_end_seq(), r_win_base) )
     {
         DebugMessage(DEBUG_STREAM_STATE, "FIN inside r_win_base, bailing\n");
-        return true;
+        return false;
     }
 
     //--------------------------------------------------