tls: streaming mode for application records

To avoid overhead of stream buffering for records we don't do
much with anyway, pass through application records instead of
buffering the entire record in the stream engine.

(cherry picked from commit 6076a5151127f039932cb99d771259c18762c59a)

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 73a814be9a4c8f4a2fe2d2d28c4b90c10bd55b22..d3595ea1ac2a381d430144e2a14a667ee169e785 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -2336,10 +2336,16 @@ static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_stat
             ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed, record_len);
 
     if (ssl_state->curr_connp->record_length > input_len - parsed) {
-        uint32_t needed = ssl_state->curr_connp->record_length;
-        SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
-                ssl_state->curr_connp->record_length, input_len, parsed, needed);
-        return SSL_DECODER_INCOMPLETE(parsed, needed);
+        /* no need to use incomplete api buffering for application
+         * records that we'll not use anyway. */
+        if (ssl_state->curr_connp->content_type == SSLV3_APPLICATION_PROTOCOL) {
+            SCLogDebug("application record");
+        } else {
+            uint32_t needed = ssl_state->curr_connp->record_length;
+            SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
+                    ssl_state->curr_connp->record_length, input_len, parsed, needed);
+            return SSL_DECODER_INCOMPLETE(parsed, needed);
+        }
     }
 
     if (record_len == 0) {