uint64_t new_min = min;
SCLogDebug("start min %"PRIu64, min);
bool skipped = false;
+ const bool is_unidir = AppLayerParserGetOptionFlags(f->protomap, f->alproto)
+ & APP_LAYER_PARSER_OPT_UNIDIR_TXS;
while (1) {
AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, i, total_txs, &state);
skipped = true;
goto next;
}
+ bool inspected = false;
if (has_tx_detect_flags) {
if (f->sgh_toserver != NULL) {
uint64_t detect_flags_ts = AppLayerParserGetTxDetectFlags(ipproto, alproto, tx, STREAM_TOSERVER);
SCLogDebug("%p/%"PRIu64" skipping: TS inspect not done: ts:%"PRIx64,
tx, i, detect_flags_ts);
skipped = true;
- goto next;
+ } else {
+ inspected = true;
}
}
if (f->sgh_toclient != NULL) {
SCLogDebug("%p/%"PRIu64" skipping: TC inspect not done: tc:%"PRIx64,
tx, i, detect_flags_tc);
skipped = true;
- goto next;
+ } else {
+ inspected = true;
}
}
}
+
+ /* If not a unidirectional transaction both sides are required to have
+ * been inspected. */
+ if (!is_unidir && skipped) {
+ goto next;
+ }
+
+ /* If this is a unidirectional transaction require only one side to be
+ * inspected, which the inspected flag tells us. This is also guarded
+ * with skip to limit this check to transactions that actually had the
+ * tx inspected flag checked. */
+ if (is_unidir && skipped && !inspected) {
+ goto next;
+ }
+
if (logger_expectation != 0) {
LoggerId tx_logged = AppLayerParserGetTxLogged(f, alstate, tx);
if (tx_logged != logger_expectation) {
projects / thirdparty / suricata.git / commitdiff
