From b63374bf5f8c85c42056ad3c4cce12bce3d1a6bd Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 1 Aug 2023 08:44:53 +0200 Subject: [PATCH] stream: special handling for RST data Data on RST packets is not invalid, but also shouldn't be used in reassembly. RFC 1122: 4.2.2.12 RST Segment: RFC-793 Section 3.4 A TCP SHOULD allow a received RST segment to include data. DISCUSSION It has been suggested that a RST segment could contain ASCII text that encoded and explained the cause of the RST. No standard has yet been established for such data. RST data will be presented to the detection engine per packet, but will not be part of stream reassembly. Bug: #6244. --- src/stream-tcp-reassemble.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c index 90bac3c649..135b22485c 100644 --- a/src/stream-tcp-reassemble.c +++ b/src/stream-tcp-reassemble.c @@ -2009,7 +2009,8 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ } } /* if this segment contains data, insert it */ - if (p->payload_len > 0 && !(stream->flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) { + if (p->payload_len > 0 && !(stream->flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) && + (p->tcph->th_flags & TH_RST) == 0) { SCLogDebug("calling StreamTcpReassembleHandleSegmentHandleData"); if (StreamTcpReassembleHandleSegmentHandleData(tv, ra_ctx, ssn, stream, p) != 0) { @@ -2024,10 +2025,9 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ p->flags |= PKT_STREAM_ADD; } else { SCLogDebug("ssn %p / stream %p: not calling StreamTcpReassembleHandleSegmentHandleData:" - " p->payload_len %u, STREAMTCP_STREAM_FLAG_NOREASSEMBLY %s", + " p->payload_len %u, STREAMTCP_STREAM_FLAG_NOREASSEMBLY %s", ssn, stream, p->payload_len, (stream->flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) ? "true" : "false"); - } /* if the STREAMTCP_STREAM_FLAG_DEPTH_REACHED is set, but not the