tls: streaming mode for application records

To avoid overhead of stream buffering for records we don't do
much with anyway, pass through application records instead of
buffering the entire record in the stream engine.

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index b867e85ea106e02dcfa1a97a7213c632a5da418d..3499032a77a9160e387dca7fd973c7d3de5a3e1a 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -2371,10 +2371,16 @@ static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_stat
             ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed, record_len);
 
     if (ssl_state->curr_connp->record_length > input_len - parsed) {
-        uint32_t needed = ssl_state->curr_connp->record_length;
-        SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
-                ssl_state->curr_connp->record_length, input_len, parsed, needed);
-        return SSL_DECODER_INCOMPLETE(parsed, needed);
+        /* no need to use incomplete api buffering for application
+         * records that we'll not use anyway. */
+        if (ssl_state->curr_connp->content_type == SSLV3_APPLICATION_PROTOCOL) {
+            SCLogDebug("application record");
+        } else {
+            uint32_t needed = ssl_state->curr_connp->record_length;
+            SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
+                    ssl_state->curr_connp->record_length, input_len, parsed, needed);
+            return SSL_DECODER_INCOMPLETE(parsed, needed);
+        }
     }
 
     if (record_len == 0) {