From 305ed3f23bf0c0e0268e97a31c667ae2e9994475 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 16 Oct 2012 14:52:29 +0200 Subject: [PATCH] stream: don't flag zero window probe packets as out of window. Bug #604. --- src/stream-tcp.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 9d2ff5da2c..8f1da11e73 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -1644,14 +1644,23 @@ static int HandleEstablishedPacketToServer(ThreadVars *tv, TcpSession *ssn, Pack } } - if (SEQ_EQ(ssn->client.next_seq, TCP_GET_SEQ(p))) { + int zerowindowprobe = 0; + /* zero window probe */ + if (p->payload_len == 1 && TCP_GET_SEQ(p) == ssn->client.next_seq && ssn->client.window == 0) { + SCLogDebug("ssn %p: zero window probe", ssn); + zerowindowprobe = 1; + + /* expected packet */ + } else if (SEQ_EQ(ssn->client.next_seq, TCP_GET_SEQ(p))) { ssn->client.next_seq += p->payload_len; SCLogDebug("ssn %p: ssn->client.next_seq %" PRIu32 "", ssn, ssn->client.next_seq); } /* in window check */ - if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->client.next_win) || + if (zerowindowprobe) { + SCLogDebug("ssn %p: zero window probe, skipping oow check", ssn); + } else if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->client.next_win) || (ssn->flags & STREAMTCP_FLAG_MIDSTREAM) || ssn->flags & STREAMTCP_FLAG_ASYNC) { @@ -1763,13 +1772,22 @@ static int HandleEstablishedPacketToClient(ThreadVars *tv, TcpSession *ssn, Pack } } - if (SEQ_EQ(ssn->server.next_seq, TCP_GET_SEQ(p))) { + int zerowindowprobe = 0; + /* zero window probe */ + if (p->payload_len == 1 && TCP_GET_SEQ(p) == ssn->server.next_seq && ssn->server.window == 0) { + SCLogDebug("ssn %p: zero window probe", ssn); + zerowindowprobe = 1; + + /* expected packet */ + } else if (SEQ_EQ(ssn->server.next_seq, TCP_GET_SEQ(p))) { ssn->server.next_seq += p->payload_len; SCLogDebug("ssn %p: ssn->server.next_seq %" PRIu32 "", ssn, ssn->server.next_seq); } - if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->server.next_win) || + if (zerowindowprobe) { + SCLogDebug("ssn %p: zero window probe, skipping oow check", ssn); + } else if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->server.next_win) || (ssn->flags & STREAMTCP_FLAG_MIDSTREAM) || (ssn->flags & STREAMTCP_FLAG_ASYNC)) { SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->server.next_win "