stream: special handling for RST data

Data on RST packets is not invalid, but also shouldn't be used in reassembly. RFC 1122: 4.2.2.12 RST Segment: RFC-793 Section 3.4 A TCP SHOULD allow a received RST segment to include data. DISCUSSION It has been suggested that a RST segment could contain ASCII text that encoded and explained the cause of the RST. No standard has yet been established for such data. RST data will be presented to the detection engine per packet, but will not be part of stream reassembly. Bug: #6244.
OISF · Aug 1, 2023 · ee739c5 · ee739c5
1 parent e4834ee
commit ee739c5
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
@@ -2009,7 +2009,8 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_
         }
     }
     /* if this segment contains data, insert it */
-    if (p->payload_len > 0 && !(stream->flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) {
+    if (p->payload_len > 0 && !(stream->flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) &&
+            (p->tcph->th_flags & TH_RST) == 0) {
         SCLogDebug("calling StreamTcpReassembleHandleSegmentHandleData");
 
         if (StreamTcpReassembleHandleSegmentHandleData(tv, ra_ctx, ssn, stream, p) != 0) {
@@ -2024,10 +2025,9 @@ int StreamTcpReassembleHandleSegment(ThreadVars *tv, TcpReassemblyThreadCtx *ra_
         p->flags |= PKT_STREAM_ADD;
     } else {
         SCLogDebug("ssn %p / stream %p: not calling StreamTcpReassembleHandleSegmentHandleData:"
-                " p->payload_len %u, STREAMTCP_STREAM_FLAG_NOREASSEMBLY %s",
+                   " p->payload_len %u, STREAMTCP_STREAM_FLAG_NOREASSEMBLY %s",
                 ssn, stream, p->payload_len,
                 (stream->flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) ? "true" : "false");
-
     }
 
     /* if the STREAMTCP_STREAM_FLAG_DEPTH_REACHED is set, but not the