From: Eric Leblond <eric@regit.org>
Date: Sun, 14 May 2017 18:40:51 +0000 (+0200)
Subject: app-layer: increment flow counter if one sided
X-Git-Tag: suricata-4.0.0-rc2~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=091290dd1c0e6b35f4295bebe0b29fe2ffb5fd1a;p=thirdparty%2Fsuricata.git

app-layer: increment flow counter if one sided

In the case of protocol like SMTP, we detect application layer on
only one side.  Consequence was a missed increment in the flow
counter.
---

diff --git a/src/app-layer.c b/src/app-layer.c
index 98a12ed94c..aa6dd6acf8 100644
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -498,6 +498,7 @@ static int TCPProtoDetect(ThreadVars *tv,
                 TcpSessionSetReassemblyDepth(ssn,
                         AppLayerParserGetStreamDepth(f));
                 *alproto = ALPROTO_FAILED;
+                AppLayerIncFlowCounter(tv, f);
                 FlagPacketFlow(p, f, flags);
 
                 SCLogDebug("packet %u: pd done(us %u them %u), parser called (r==%d), APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION set",