flow: flag packets as established for async

If a stream is async we see only on side of the traffic. This would
lead to the flow engine not flagging packets as 'established' even
if the flow state was in fact established. The flow was tagged as
such by the TCP engine.

This patch considers the flow state for setting the packet flag.

Bug #2491.

diff --git a/src/flow.c b/src/flow.c
index 447a49d6181f49be84a47f4205be2196f5bed207..37b082f32a811e8050de6c140496dff756ff7834 100644 (file)
--- a/src/flow.c
+++ b/src/flow.c
@@ -326,7 +326,12 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p)
         }
     }
 
-    if ((f->flags & (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) == (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) {
+    if (SC_ATOMIC_GET(f->flow_state) == FLOW_STATE_ESTABLISHED) {
+        SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
+        p->flowflags |= FLOW_PKT_ESTABLISHED;
+
+    } else if ((f->flags & (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) ==
+            (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) {
         SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
         p->flowflags |= FLOW_PKT_ESTABLISHED;