From 984698f8c5bf768d432ebe777c9ed678f201cc76 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Fri, 28 May 2021 12:19:19 +0200 Subject: [PATCH] stream/tcp: update ack handling logic Only update the ack value of a session for regular packets when the ACK bit is set. (cherry picked from commit 0d81173d6e912f4be9e3e8f7593d779d8ffed52f) --- src/stream-tcp.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 8b5be8669b..b6d43e3194 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -2367,7 +2367,8 @@ static int HandleEstablishedPacketToServer(ThreadVars *tv, TcpSession *ssn, Pack ssn->server.window); /* Check if the ACK value is sane and inside the window limit */ - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); SCLogDebug("ack %u last_ack %u next_seq %u", TCP_GET_ACK(p), ssn->server.last_ack, ssn->server.next_seq); if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { @@ -2521,7 +2522,8 @@ static int HandleEstablishedPacketToClient(ThreadVars *tv, TcpSession *ssn, Pack SCLogDebug("ssn %p: ssn->client.window %"PRIu32"", ssn, ssn->client.window); - StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); @@ -2830,7 +2832,8 @@ static int StreamTcpHandleFin(ThreadVars *tv, StreamTcpThread *stt, ssn->client.next_seq); ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale; - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); @@ -2877,7 +2880,8 @@ static int StreamTcpHandleFin(ThreadVars *tv, StreamTcpThread *stt, ssn->server.next_seq); ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; - StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); @@ -3110,7 +3114,8 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); @@ -3165,7 +3170,8 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); @@ -3448,7 +3454,8 @@ static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p, ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); @@ -3502,7 +3509,8 @@ static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p, ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); @@ -3919,7 +3927,8 @@ static int StreamTcpPacketStateCloseWait(ThreadVars *tv, Packet *p, if (!retransmission) ssn->server.window = TCP_GET_WINDOW(p) << ssn->server.wscale; - StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->server, TCP_GET_ACK(p)); if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); @@ -3971,7 +3980,8 @@ static int StreamTcpPacketStateCloseWait(ThreadVars *tv, Packet *p, ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; } - StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); + if (p->tcph->th_flags & TH_ACK) + StreamTcpUpdateLastAck(ssn, &ssn->client, TCP_GET_ACK(p)); if (ssn->flags & STREAMTCP_FLAG_TIMESTAMP) { StreamTcpHandleTimestamp(ssn, p); -- 2.47.2