detect: only inspect smsg for valid tcp packets

author Victor Julien <victor@inliniac.net>

Wed, 13 Nov 2013 17:18:19 +0000 (18:18 +0100)

committer Victor Julien <victor@inliniac.net>

Fri, 15 Nov 2013 12:52:22 +0000 (13:52 +0100)
author Victor Julien <victor@inliniac.net>
Wed, 13 Nov 2013 17:18:19 +0000 (18:18 +0100)
committer Victor Julien <victor@inliniac.net>
Fri, 15 Nov 2013 12:52:22 +0000 (13:52 +0100)
diff --git a/src/detect.c b/src/detect.c

index 44e9b728168562d1a6f17481cbeb3756c62f124c..24457f8b77bf1f03bbb9045296a9991fc8667009 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -706,7 +706,7 @@ static StreamMsg *SigMatchSignaturesGetSmsg(Flow *f, Packet *p, uint8_t flags) {
  
      StreamMsg *smsg = NULL;
  
-    if (p->proto == IPPROTO_TCP && f->protoctx != NULL) {
+    if (p->proto == IPPROTO_TCP && f->protoctx != NULL && (p->flags & PKT_STREAM_EST)) {
          TcpSession *ssn = (TcpSession *)f->protoctx;
  
          /* at stream eof, or in inline mode, inspect all smsg's */
author	Victor Julien <victor@inliniac.net>
	Wed, 13 Nov 2013 17:18:19 +0000 (18:18 +0100)
committer	Victor Julien <victor@inliniac.net>
	Fri, 15 Nov 2013 12:52:22 +0000 (13:52 +0100)