From: Victor Julien <victor@inliniac.net>
Date: Sun, 26 Oct 2014 09:07:15 +0000 (+0100)
Subject: stream: improve tracking with pkt loss in async
X-Git-Tag: suricata-2.1beta2~47
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1191%2Fhead;p=thirdparty%2Fsuricata.git

stream: improve tracking with pkt loss in async

If 3whs SYN/ACK and ACK are missing we can still pick up the session if
in async-oneside mode.

-> syn
<- syn/ack <= missing
-> ack     <= missing
-> data

Bug 1190.
---

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index dcde855a5f..844d8e1763 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -1501,8 +1501,11 @@ static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p,
                 ,ssn, TCP_GET_SEQ(p), p->payload_len, TCP_GET_SEQ(p)
                 + p->payload_len, ssn->client.next_seq);
 
-        ssn->client.wscale = TCP_WSCALE_MAX;
-        ssn->server.wscale = TCP_WSCALE_MAX;
+        /* if SYN had wscale, assume it to be supported. Otherwise
+         * we know it not to be supported. */
+        if (ssn->flags & STREAMTCP_FLAG_SERVER_WSCALE) {
+            ssn->client.wscale = TCP_WSCALE_MAX;
+        }
 
         /* Set the timestamp values used to validate the timestamp of
          * received packets.*/
@@ -1521,6 +1524,9 @@ static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p,
             ssn->flags |= STREAMTCP_FLAG_SACKOK;
         }
 
+        StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn,
+                &ssn->client, p, pq);
+
     } else {
         SCLogDebug("ssn %p: default case", ssn);
     }