]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a79cf9c)
app-layer: fix protocol detection bail conditions for TCP fastopen 4887/head
authorVictor Julien <victor@inliniac.net>
Tue, 21 Apr 2020 08:52:04 +0000 (10:52 +0200)
committerVictor Julien <victor@inliniac.net>
Mon, 27 Apr 2020 09:34:43 +0000 (11:34 +0200)
src/app-layer.c patch | blob | blame | history

diff --git a/src/app-layer.c b/src/app-layer.c
index 9924b8def0f7cbf9c25b1de293c195bce3530bde..a80f67137419a5d62ae33950b35629591ab8c25b 100644 (file)
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -199,6 +199,11 @@ static void DisableAppLayer(ThreadVars *tv, Flow *f, Packet *p)
 static void TCPProtoDetectCheckBailConditions(ThreadVars *tv,
         Flow *f, TcpSession *ssn, Packet *p)
 {
+    if (ssn->state < TCP_ESTABLISHED) {
+        SCLogDebug("skip as long as TCP is not ESTABLISHED (TCP fast open)");
+        return;
+    }
+
     uint32_t size_ts = ssn->client.last_ack - ssn->client.isn - 1;
     uint32_t size_tc = ssn->server.last_ack - ssn->server.isn - 1;
     SCLogDebug("size_ts %u, size_tc %u", size_ts, size_tc);
Mirror of https://github.com/OISF/suricata.git