From 107cd77ecb74eac6bbe69cd5dea2f96ae06fa146 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 27 May 2024 15:57:38 +0200 Subject: [PATCH] tcp: fix 'broken ack' on flow timeout Don't set an ACK value if ACK flag is no longer set. This avoids a bogus `pkt_broken_ack` event set. Fixes: ebf465a11bff ("tcp: do not assign TCP flags to pseudopackets") Ticket: #7158. (cherry picked from commit a404fd26af64f60e8eaa86419a11393d7c4bfdda) --- src/flow-timeout.c | 4 ++-- src/stream-tcp.c | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/flow-timeout.c b/src/flow-timeout.c index 6efa3827a7..aaa38be27a 100644 --- a/src/flow-timeout.c +++ b/src/flow-timeout.c @@ -223,7 +223,7 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p, p->tcph->th_dport = htons(f->dp); p->tcph->th_seq = htonl(ssn->client.next_seq); - p->tcph->th_ack = htonl(ssn->server.last_ack); + p->tcph->th_ack = 0; /* to client */ } else { @@ -231,7 +231,7 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p, p->tcph->th_dport = htons(f->sp); p->tcph->th_seq = htonl(ssn->server.next_seq); - p->tcph->th_ack = htonl(ssn->client.last_ack); + p->tcph->th_ack = 0; } if (FLOW_IS_IPV4(f)) { diff --git a/src/stream-tcp.c b/src/stream-tcp.c index d76a0593a0..158c41dd39 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -5369,10 +5369,8 @@ int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt, * we care about reassembly here. */ if (p->flags & PKT_PSEUDO_STREAM_END) { if (PKT_IS_TOCLIENT(p)) { - ssn->client.last_ack = TCP_GET_ACK(p); StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->server, p); } else { - ssn->server.last_ack = TCP_GET_ACK(p); StreamTcpReassembleHandleSegment(tv, stt->ra_ctx, ssn, &ssn->client, p); } /* straight to 'skip' as we already handled reassembly */ -- 2.47.2