From: Victor Julien <victor@inliniac.net>
Date: Fri, 3 Mar 2017 08:54:16 +0000 (+0100)
Subject: stream: don't call app reassembly if disable flag set
X-Git-Tag: suricata-4.0.0-beta1~145
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=314516ffe23fedf2cb05f9e8ed53038fd7a687af;p=thirdparty%2Fsuricata.git

stream: don't call app reassembly if disable flag set
---

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 145068d853..1ece2ae690 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -1034,9 +1034,9 @@ int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
 
     /* this function can be directly called by app layer protocol
      * detection. */
-    if (stream->flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) {
-        SCLogDebug("stream no reassembly flag set.  Mostly called via "
-                   "app proto detection.");
+    if ((ssn->flags & STREAMTCP_FLAG_APP_LAYER_DISABLED) ||
+        (stream->flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) {
+        SCLogDebug("stream no reassembly flag set or app-layer disabled.");
         SCReturnInt(0);
     }
 
@@ -1055,7 +1055,7 @@ int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
      * 3. check if next_seq is smaller than last_ack, indicating next_seq
      *    has fallen behind the data that is already acked.
      */
-    if (!(ssn->flags & STREAMTCP_FLAG_APP_LAYER_DISABLED)) {
+    {
         int ackadd = (ssn->state >= TCP_FIN_WAIT2) ? 2 : 1;
         if ((stream->seg_list == NULL && /*1*/
                     stream->base_seq == stream->isn+1 &&