From b5a5ef14b91858baaf8986a832bdd3f0c226b32e Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Wed, 10 Nov 2010 11:42:42 +0100 Subject: [PATCH] Make sure we reuse a TCP session if we receive a valid 3WHS on a closed TCP session, can happen if a new session has the same tuple. --- src/stream-tcp.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 1f42554391..ee334fb4a1 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -2725,15 +2725,23 @@ static int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt) SCReturnInt(-1); break; case TCP_CLOSED: - /* As our TCP session memory is not returned to pool, until - timeout. If in the mean time we receive any other session from - the same client reusing same port then we switch back to - tcp state none */ - if (PKT_IS_TOSERVER(p) && (p->tcph->th_flags & TH_SYN)) { - if(SEQ_EQ(ssn->client.next_seq, TCP_GET_SEQ(p))) { - if(StreamTcpPacketStateNone(tv,p,stt,ssn)) { - SCReturnInt(-1); - } + /* TCP session memory is not returned to pool until timeout. + * If in the mean time we receive any other session from + * the same client reusing same port then we switch back to + * tcp state none, but only on a valid SYN that is not a + * resend from our previous session. + * + * We also check it's not a SYN/ACK, all other SYN pkt + * validation is done at StreamTcpPacketStateNone(); + */ + if (PKT_IS_TOSERVER(p) && (p->tcph->th_flags & TH_SYN) && + !(p->tcph->th_flags & TH_ACK) && + !(SEQ_EQ(ssn->client.isn, TCP_GET_SEQ(p)))) + { + SCLogDebug("reusing closed TCP session"); + + if (StreamTcpPacketStateNone(tv,p,stt,ssn)) { + SCReturnInt(-1); } } else { SCLogDebug("packet received on closed state");