0001-stream-tcp-avoid-evasion-by-sending-crafted-SYN-pack.patch - Suricata - Open Information Security Foundation

Security #4513 » 0001-stream-tcp-avoid-evasion-by-sending-crafted-SYN-pack.patch

Peter Manev, 05/28/2021 10:02 AM

         /* broken TCP http://ask.wireshark.org/questions/3183/acknowledgment-number-broken-tcp-the-acknowledge-field-is-nonzero-while-the-ack-flag-is-not-set */
         if (!(p->tcph->th_flags & TH_ACK) && TCP_GET_ACK(p) != 0) {
             StreamTcpSetEvent(p, STREAM_PKT_BROKEN_ACK);
             goto error;
           StreamTcpSetEvent(p, STREAM_PKT_BROKEN_ACK);
           if (!(p->tcph->th_flags & TH_SYN))
               goto error;
+        }
         /* If we are on IPS mode, and got a drop action triggered from

(2-2/2)