From 28797184e47b205a49efd6e5ccc18a02a3b4fac5 Mon Sep 17 00:00:00 2001 From: bol-van Date: Tue, 12 Nov 2024 18:35:14 +0300 Subject: [PATCH] nfqws: apply seqovl only to the first multisplit part to prevent server races --- nfq/desync.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nfq/desync.c b/nfq/desync.c index 700bfe4..620fbb8 100644 --- a/nfq/desync.c +++ b/nfq/desync.c @@ -1280,7 +1280,10 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint { to = i==multisplit_count ? dis->len_payload : multisplit_pos[i]; - seqovl = dp->desync_seqovl; + // do seqovl only to the first packet + // otherwise it's prone to race condition on server side + // what happens first : server pushes socket buffer to process or another packet with seqovl arrives + seqovl = i==0 ? dp->desync_seqovl : 0; #ifdef __linux__ // only linux return error if MTU is exceeded for(;;seqovl=0)