Flow *f;
TcpSession ssn;
bool reverse;
- AppProto alproto;
- AppProto alproto2;
if (alpd_tctx == NULL) {
//global init
if (data[0] & STREAM_TOSERVER) {
flags = STREAM_TOSERVER;
}
- alproto = AppLayerProtoDetectGetProto(
+ AppLayerProtoDetectGetProto(
alpd_tctx, f, data + HEADER_LEN, size - HEADER_LEN, f->proto, flags, &reverse);
- if (alproto != ALPROTO_UNKNOWN && alproto != ALPROTO_FAILED && f->proto == IPPROTO_TCP) {
- /* If we find a valid protocol at the start of a stream :
- * check that with smaller input
- * we find the same protocol or ALPROTO_UNKNOWN.
- * Otherwise, we have evasion with TCP splitting
- */
- for (size_t i = 0; i < size-HEADER_LEN && i < PROTO_DETECT_MAX_LEN; i++) {
- // reset detection at each try cf probing_parser_toserver_alproto_masks
- AppLayerProtoDetectReset(f);
- alproto2 = AppLayerProtoDetectGetProto(
- alpd_tctx, f, data + HEADER_LEN, i, f->proto, flags, &reverse);
- if (alproto2 != ALPROTO_UNKNOWN && alproto2 != alproto) {
- printf("Failed with input length %" PRIuMAX " versus %" PRIuMAX
- ", found %s instead of %s\n",
- (uintmax_t)i, (uintmax_t)size - HEADER_LEN, AppProtoToString(alproto2),
- AppProtoToString(alproto));
- printf("Assertion failure: %s-%s\n", AppProtoToString(alproto2),
- AppProtoToString(alproto));
- fflush(stdout);
- abort();
- }
- }
- }
FlowFree(f);
return 0;
projects / thirdparty / suricata.git / commitdiff
