app-layer: don't switch dir if proto already known

(cherry picked from commit 86e8611f5edd461bc13aa5665a40f9d241c4f23d)

diff --git a/src/app-layer.c b/src/app-layer.c
index 47c907ea4b637a1ca09fe75696ce48ef907b42aa..a80606b57239b9bed98f107ac79f3944076e8c78 100644 (file)
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -357,20 +357,26 @@ static int TCPProtoDetect(ThreadVars *tv,
         TcpSessionSetReassemblyDepth(ssn,
                 AppLayerParserGetStreamDepth(f));
         FlagPacketFlow(p, f, flags);
+
         /* if protocol detection indicated that we need to reverse
          * the direction of the flow, do it now. We flip the flow,
          * packet and the direction flags */
         if (reverse_flow && (ssn->flags & STREAMTCP_FLAG_MIDSTREAM)) {
-            SCLogDebug("reversing flow after proto detect told us so");
-            PacketSwap(p);
-            FlowSwap(f);
-            SWAP_FLAGS(flags, STREAM_TOSERVER, STREAM_TOCLIENT);
-            if (*stream == &ssn->client) {
-                *stream = &ssn->server;
+            /* but only if we didn't already detect it on the other side. */
+            if (*alproto_otherdir == ALPROTO_UNKNOWN) {
+                SCLogDebug("reversing flow after proto detect told us so");
+                PacketSwap(p);
+                FlowSwap(f);
+                SWAP_FLAGS(flags, STREAM_TOSERVER, STREAM_TOCLIENT);
+                if (*stream == &ssn->client) {
+                    *stream = &ssn->server;
+                } else {
+                    *stream = &ssn->client;
+                }
+                direction = 1 - direction;
             } else {
-                *stream = &ssn->client;
+                // TODO event, error?
             }
-            direction = 1 - direction;
         }
 
         /* account flow if we have both sides */