From 7cd0d00fdc1e9c1a6b4049379f23b5fa3b368a04 Mon Sep 17 00:00:00 2001
From: Angelo Mirabella <amirabella@lastline.com>
Date: Thu, 20 Jan 2022 14:52:33 +0000
Subject: [PATCH] stream-tcp-reassemble: fix reassembly direction for FIN
 packets

Suricata invokes the stream reassembly logic only for the current packet
direction if the packet contains a FIN flag. However, this does not
handle the case in which the packet ACKs data from the opposing direction.
This patch forces the invocation of the stream reassembly logic
on both direction when Suricata sees a FIN packet.

(cherry picked from commit 41a139b590a059171d0517a455c562486e1a21c2)
---
 src/stream-tcp-reassemble.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index a67a072b75..3bd54de20f 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -1721,7 +1721,11 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_
     } else if (p->tcph->th_flags & TH_RST) { // accepted rst
         dir = UPDATE_DIR_PACKET;
     } else if ((p->tcph->th_flags & TH_FIN) && ssn->state > TCP_TIME_WAIT) {
-        dir = UPDATE_DIR_PACKET;
+        if (p->tcph->th_flags & TH_ACK) {
+            dir = UPDATE_DIR_BOTH;
+        } else {
+            dir = UPDATE_DIR_PACKET;
+        }
     } else if (ssn->state == TCP_CLOSED) {
         dir = UPDATE_DIR_BOTH;
     }
-- 
2.47.2