From: Victor Julien Date: Tue, 10 Feb 2015 11:03:42 +0000 (+0100) Subject: tcp midstream: fix window scaling X-Git-Tag: suricata-2.1beta4~211 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3b05b735928d8bf2bc35097f6cc77a7f9009496e;p=thirdparty%2Fsuricata.git tcp midstream: fix window scaling If stream is picked by ACK, we can't know the wscale, so we assume it's set to max. Howver, we didn't apply this to the initial window size we set. --- diff --git a/src/stream-tcp.c b/src/stream-tcp.c index dcad82c9ee..f0952719f2 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -982,11 +982,16 @@ static int StreamTcpPacketStateNone(ThreadVars *tv, Packet *p, ssn->flags = STREAMTCP_FLAG_MIDSTREAM; ssn->flags |= STREAMTCP_FLAG_MIDSTREAM_ESTABLISHED; + /** window scaling for midstream pickups, we can't do much other + * than assume that it's set to the max value: 14 */ + ssn->client.wscale = TCP_WSCALE_MAX; + ssn->server.wscale = TCP_WSCALE_MAX; + /* set the sequence numbers and window */ ssn->client.isn = TCP_GET_SEQ(p) - 1; STREAMTCP_SET_RA_BASE_SEQ(&ssn->client, ssn->client.isn); ssn->client.next_seq = TCP_GET_SEQ(p) + p->payload_len; - ssn->client.window = TCP_GET_WINDOW(p); + ssn->client.window = TCP_GET_WINDOW(p) << ssn->client.wscale; ssn->client.last_ack = TCP_GET_SEQ(p); ssn->client.next_win = ssn->client.last_ack + ssn->client.window; SCLogDebug("ssn %p: ssn->client.isn %u, ssn->client.next_seq %u", @@ -1005,11 +1010,6 @@ static int StreamTcpPacketStateNone(ThreadVars *tv, Packet *p, "ssn->server.last_ack %"PRIu32"", ssn, ssn->client.last_ack, ssn->server.last_ack); - /** window scaling for midstream pickups, we can't do much other - * than assume that it's set to the max value: 14 */ - ssn->client.wscale = TCP_WSCALE_MAX; - ssn->server.wscale = TCP_WSCALE_MAX; - /* Set the timestamp value for both streams, if packet has timestamp * option enabled.*/ if (p->tcpvars.ts != NULL) {