From b2c003d7d4b1103ddea854991b4e9eb05680281d Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 7 Oct 2021 16:26:48 -0700
Subject: [PATCH] Fix for sniffer to trap negative `sslBytes`. Revert logic
 from PR 3493 blocking out of range sequence numbers. Fix ack sequence
 rollover logic. ZD13036

---
 src/sniffer.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index 54cb0a183..7995b5843 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -5034,9 +5034,6 @@ static int FixSequence(TcpInfo* tcpInfo, SnifferSession* session)
                                 &session->flags.srvSkipPartial :
                                 &session->flags.cliSkipPartial;
 
-    if (tcpInfo->ackNumber < seqStart) {
-        return -1; /* do not fix sequence - could be ack on unseen seq */
-    }
     *skipPartial = 1;
     
     if (list != NULL)
@@ -5044,7 +5041,6 @@ static int FixSequence(TcpInfo* tcpInfo, SnifferSession* session)
     else
         *expected = tcpInfo->ackNumber - seqStart;
 
-
     return 1;
 }
 
@@ -5062,7 +5058,7 @@ static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session)
 
         /* handle rollover of sequence */
         if (tcpInfo->ackNumber < seqStart)
-            real = 0xffffffffU - seqStart + tcpInfo->ackNumber;
+            real = 0xffffffffU - seqStart + tcpInfo->ackNumber + 1;
 
         TraceAck(real, expected);
 
@@ -5164,7 +5160,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
         }
     }
 
-    if (*sslBytes == 0) {
+    if (*sslBytes <= 0) {
         Trace(NO_DATA_STR);
         return 1;
     }