detect: reset signature groups when reversing flow

Ticket: 7552

When we use midstream, and the first packet we see of a flow is
a response from server, and we want to match on some signature
to client :
- we had first set sgh_toserver/FLOW_SGH_TOSERVER as we first
  thought this was a packet to server
- we then swap/reverse the flow, so sgh_toclient becomes sgh_toserver
  but it contains signatures to server and cannot match our
  to_client signature

The detect engine with DetectRunSetup will set again the
signatures group heads properly

(cherry picked from commit d74bc774b75bcca613e5f48d907a425c3b46056a)

diff --git a/src/app-layer.c b/src/app-layer.c
index 3c416eef75d021512c650d149f6aa68b5d2495ad..b0cebd4de05c68a04283404c6ad224c59698cdf2 100644 (file)
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -410,6 +410,8 @@ static int TCPProtoDetect(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
                 SCLogDebug("reversing flow after proto detect told us so");
                 PacketSwap(p);
                 FlowSwap(f);
+                // Will reset signature groups in DetectRunSetup
+                f->de_ctx_version = UINT32_MAX;
                 SWAP_FLAGS(flags, STREAM_TOSERVER, STREAM_TOCLIENT);
                 if (*stream == &ssn->client) {
                     *stream = &ssn->server;