Fix TCPFlowReset check. (#8264)

include/Flow.h

@@ -1157,6 +1157,9 @@ class Flow : public GenericHashEntry {
     return (!isTCPClosed() &&
             ((src2dst_tcp_flags & TH_RST) || (dst2src_tcp_flags & TH_RST)));
   };
+  inline bool isOnlyTCPReset() const {
+    return ((src2dst_tcp_flags & TH_RST) || (dst2src_tcp_flags & TH_RST));
+  }
   inline bool isTCPRefused() const {
     return (!isThreeWayHandshakeOK() && (dst2src_tcp_flags & TH_RST) == TH_RST);
   };

scripts/lua/modules/historical_flow_details_formatter.lua

@@ -184,7 +184,7 @@ local function format_historical_issue_description(flow_details, flow)
 
     if alert_store_instance then
         local alerts, _ = alert_store_instance:select_request(nil, "*")
-        if #alerts >= 1 then
+        if alerts and #alerts >= 1 then
             alert = alerts[1]
             details = alert_utils.formatFlowAlertMessage(interface.getId(), alert, alert_json, false, true)
         end

src/flow_checks/TCPFlowReset.cpp

@@ -25,8 +25,15 @@
 /* ***************************************************** */
 
 void TCPFlowReset::checkFlowReset(Flow *f) {
+  MinorConnectionStates current_connection_state = f->getCurrentConnectionState();
 
-  if ((f->isTCP()) && f->isTCPReset()) {
+  bool to_trigger = f->isOnlyTCPReset() ||
+      current_connection_state == REJ ||
+      current_connection_state == RSTO ||
+      current_connection_state == RSTR ||
+      current_connection_state == RSTOS0 ||
+      current_connection_state == RSTRH;
+  if ((f->isTCP()) && (to_trigger)) {
     Host *cli_host = f->get_cli_host();
     Host *srv_host = f->get_srv_host();
 
@@ -44,7 +51,6 @@ void TCPFlowReset::checkFlowReset(Flow *f) {
     risk_percentage cli_score_pctg = CLIENT_HIGH_RISK_PERCENTAGE;
 
     computeCliSrvScore(ntop->getFlowAlertScore(alert_type.id), cli_score_pctg, &c_score, &s_score);
-
     f->triggerAlertAsync(alert_type, c_score, s_score);
   }
 }