]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0b46d02)
flow: flag packets as established for async
authorVictor Julien <victor@inliniac.net>
Tue, 7 Aug 2018 11:28:55 +0000 (13:28 +0200)
committerVictor Julien <victor@inliniac.net>
Tue, 7 Aug 2018 11:49:34 +0000 (13:49 +0200)
If a stream is async we see only on side of the traffic. This would
lead to the flow engine not flagging packets as 'established' even
if the flow state was in fact established. The flow was tagged as
such by the TCP engine.

This patch considers the flow state for setting the packet flag.

Bug #2491.

src/flow.c patch | blob | blame | history

diff --git a/src/flow.c b/src/flow.c
index 13e14331805e1c21bb3933c6e48ef2cee097ec24..a68eb6da2efcdca1a6ef2f71b7219d70bb9470be 100644 (file)
--- a/src/flow.c
+++ b/src/flow.c
@@ -384,7 +384,12 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p)
         }
     }
 
-    if ((f->flags & (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) == (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) {
+    if (SC_ATOMIC_GET(f->flow_state) == FLOW_STATE_ESTABLISHED) {
+        SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
+        p->flowflags |= FLOW_PKT_ESTABLISHED;
+
+    } else if ((f->flags & (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) ==
+            (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) {
         SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
         p->flowflags |= FLOW_PKT_ESTABLISHED;
 
Mirror of https://github.com/OISF/suricata.git