New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stream backports/60x/v4 #8569
Merged
victorjulien
merged 13 commits into
OISF:master-6.0.x
from
victorjulien:stream-backports/60x/v4
Mar 28, 2023
Merged
Stream backports/60x/v4 #8569
victorjulien
merged 13 commits into
OISF:master-6.0.x
from
victorjulien:stream-backports/60x/v4
Mar 28, 2023
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Only update the ack value of a session for regular packets when the ACK bit is set. (cherry picked from commit 0d81173)
RFC 2883 specifies a special use of SACKs to indicate a host has received a segment it considers a spurious retransmission. (cherry picked from commit d79a926)
Linux is slightly more permissive wrt timestamps than many other OS'. To avoid many events/issues with linux hosts, add an option to allow for this slightly more permissive behavior. Ideally the host-os config would be used, but in practice this setting is rarely set up correctly, if at all. This option is enabled by default. (cherry picked from commit 01b7ccc)
Not ack'ing the data. (cherry picked from commit 7ef57cc)
(cherry picked from commit 0ec1366)
(cherry picked from commit 288086a)
Support case where there are multiple SYN retransmits, where each has a new timestamp. Before this patch, Suricata would only accept a SYN/ACK that matches the last timestamp. However, observed behavior is that the server may choose to only respond to the first. In IPS mode this could lead to a connection timing out as Suricata drops the SYN/ACK it considers wrong, and the server continues to retransmit it. This patch reuses the SYN/ACK queuing logic to keep a list of SYN packets and their window, timestamp, wscale and sackok settings. Then when the SYN/ACK arrives, it is first evaluated against the normal session state. But if it fails due to a timestamp mismatch, it will look for queued SYN's and see if any of them match the timestamp. If one does, the ssn is updated to use that SYN and the SYN/ACK is accepted. Bug: OISF#5856. (cherry picked from commit 7bfee14)
Information: QA ran without warnings. Pipeline 12671 |
Closed
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backports for #8563
suricata-verify-pr: 1136
replaces #8568 adding more