detect: fix issue with smsg and seq wraps

Due to a broken sequence number check, detect could fail to process
smsgs in case of a sequence wrap. This could lead to excessive use
of smsg's but also of segments, since these aren't cleared until the
smsg containing them is.

diff --git a/src/detect.c b/src/detect.c
index e0b5bfd3f0cbc164741d09f39ca8eb23e2d123d3..36f19cac07cd65060dabff751a2c0a729e1a90a3 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -692,7 +692,7 @@ static StreamMsg *SigMatchSignaturesGetSmsg(Flow *f, Packet *p, uint8_t flags)
 
                 /* if the smsg is bigger than the current packet, we will
                  * process the smsg in a later run */
-                if ((head->seq + head->data_len) > (TCP_GET_SEQ(p) + p->payload_len)) {
+                if (SEQ_GT((head->seq + head->data_len), (TCP_GET_SEQ(p) + p->payload_len))) {
                     SCLogDebug("smsg ends beyond current packet, skipping for now %"PRIu32">%"PRIu32,
                             (head->seq + head->data_len), (TCP_GET_SEQ(p) + p->payload_len));
                     goto end;
@@ -711,7 +711,7 @@ static StreamMsg *SigMatchSignaturesGetSmsg(Flow *f, Packet *p, uint8_t flags)
 
                 /* if the smsg is bigger than the current packet, we will
                  * process the smsg in a later run */
-                if ((head->seq + head->data_len) > (TCP_GET_SEQ(p) + p->payload_len)) {
+                if (SEQ_GT((head->seq + head->data_len), (TCP_GET_SEQ(p) + p->payload_len))) {
                     SCLogDebug("smsg ends beyond current packet, skipping for now %"PRIu32">%"PRIu32,
                             (head->seq + head->data_len), (TCP_GET_SEQ(p) + p->payload_len));
                     goto end;