Evasion possibility on wrong/unexpected ACK value in crafted SYN packets
affected versions: all
Please see the pcap attached.
Basically it logs no HTTP even with midstream enabled.
The problem is the first packet right away as it has ACK value that we check and disregard the whole flow/session.But Windows and Linux accept those and everyone else it seems.
Please also see attached a test case(py file) and a patch by Eric.
The pcap can not be shared or made public except of the devs with access to this issue of course.