From: Victor Julien <victor@inliniac.net>
Date: Thu, 30 Oct 2014 10:07:38 +0000 (+0100)
Subject: stream/async: improve handling of syn/ack pickup
X-Git-Tag: suricata-2.1beta2~45
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1194%2Fhead;p=thirdparty%2Fsuricata.git

stream/async: improve handling of syn/ack pickup

If we picked up the ssn with a syn/ack, we don't need to make more
assumptions about sack and wscale after that.
---

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 76b256bc99..5bb30f614a 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -1774,11 +1774,13 @@ static int StreamTcpPacketStateSynRecv(ThreadVars *tv, Packet *p,
                 ssn->client.next_win = ssn->client.last_ack + ssn->client.window;
                 ssn->server.next_win = ssn->server.last_ack +
                     ssn->server.window;
-                /* window scaling for midstream pickups, we can't do much
-                 * other than assume that it's set to the max value: 14 */
-                ssn->server.wscale = TCP_WSCALE_MAX;
-                ssn->client.wscale = TCP_WSCALE_MAX;
-                ssn->flags |= STREAMTCP_FLAG_SACKOK;
+                if (!(ssn->flags & STREAMTCP_FLAG_MIDSTREAM_SYNACK)) {
+                    /* window scaling for midstream pickups, we can't do much
+                     * other than assume that it's set to the max value: 14 */
+                    ssn->server.wscale = TCP_WSCALE_MAX;
+                    ssn->client.wscale = TCP_WSCALE_MAX;
+                    ssn->flags |= STREAMTCP_FLAG_SACKOK;
+                }
             }
 
             StreamTcpPacketSetState(p, ssn, TCP_ESTABLISHED);