app-layer: fix progress tracking

Esp in combination with GAPs and proto detection.

diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index 11f9500d7465e38940412efc8bf71290ee591e3a..e4a3ec27274ec1ccb4ab9711304322c7dfa382e4 100644 (file)
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -1179,7 +1179,8 @@ void AppLayerParserSetTxDetectFlags(uint8_t ipproto, AppProto alproto, void *tx,
 /***** General *****/
 
 /** \retval int -1 in case of unrecoverable error. App-layer tracking stops for this flow.
- *  \retval int 0 ok */
+ *  \retval int 0 ok: we did not update app_progress
+ *  \retval int 1 ok: we updated app_progress */
 int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto,
                         uint8_t flags, const uint8_t *input, uint32_t input_len)
 {
@@ -1327,9 +1328,10 @@ int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow
 
  end:
     /* update app progress */
-    if (f->proto == IPPROTO_TCP && f->protoctx != NULL) {
+    if (consumed != input_len && f->proto == IPPROTO_TCP && f->protoctx != NULL) {
         TcpSession *ssn = f->protoctx;
         StreamTcpUpdateAppLayerProgress(ssn, direction, consumed);
+        SCReturnInt(1);
     }
 
     SCReturnInt(0);

diff --git a/src/app-layer.c b/src/app-layer.c
index 6ad2ab4af8014a85b7fd1c9b7603c748aecb0391..25264543c462f7d104e958854b76cc1d444f84b8 100644 (file)
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -302,6 +302,7 @@ static int TCPProtoDetect(ThreadVars *tv,
 {
     AppProto *alproto;
     AppProto *alproto_otherdir;
+    int direction = (flags & STREAM_TOSERVER) ? 0 : 1;
 
     if (flags & STREAM_TOSERVER) {
         alproto = &f->alproto_ts;
@@ -367,6 +368,7 @@ static int TCPProtoDetect(ThreadVars *tv,
             } else {
                 *stream = &ssn->client;
             }
+            direction = 1 - direction;
         }
 
         /* account flow if we have both sides */
@@ -446,8 +448,11 @@ static int TCPProtoDetect(ThreadVars *tv,
         int r = AppLayerParserParse(tv, app_tctx->alp_tctx, f, f->alproto,
                 flags, data, data_len);
         PACKET_PROFILING_APP_END(app_tctx, f->alproto);
-        if (r < 0)
+        if (r < 0) {
             goto failure;
+        } else if (r == 0) {
+            StreamTcpUpdateAppLayerProgress(ssn, direction, data_len);
+        }
     } else {
         /* if the ssn is midstream, we may end up with a case where the
          * start of an HTTP request is missing. We won't detect HTTP based
@@ -516,6 +521,9 @@ static int TCPProtoDetect(ThreadVars *tv,
                             f->alproto, flags,
                             data, data_len);
                     PACKET_PROFILING_APP_END(app_tctx, f->alproto);
+                    if (r == 0) {
+                        StreamTcpUpdateAppLayerProgress(ssn, direction, data_len);
+                    }
 
                     AppLayerDecoderEventsSetEventRaw(&p->app_layer_events,
                             APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION);
@@ -575,6 +583,8 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
         goto end;
     }
 
+    const int direction = (flags & STREAM_TOSERVER) ? 0 : 1;
+
     if (flags & STREAM_TOSERVER) {
         alproto = f->alproto_ts;
     } else {
@@ -597,6 +607,7 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
                 flags, data, data_len);
         PACKET_PROFILING_APP_END(app_tctx, f->alproto);
         /* ignore parser result for gap */
+        StreamTcpUpdateAppLayerProgress(ssn, direction, data_len);
         goto end;
     }
 
@@ -654,6 +665,9 @@ int AppLayerHandleTCPData(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
             r = AppLayerParserParse(tv, app_tctx->alp_tctx, f, f->alproto,
                                     flags, data, data_len);
             PACKET_PROFILING_APP_END(app_tctx, f->alproto);
+            if (r == 0) {
+                StreamTcpUpdateAppLayerProgress(ssn, direction, data_len);
+            }
         }
     }