From: Victor Julien <victor@inliniac.net>
Date: Wed, 13 Nov 2013 17:18:19 +0000 (+0100)
Subject: detect: only inspect smsg for valid tcp packets
X-Git-Tag: suricata-2.0beta2~167
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=72a147b6f16ded148fc65428b98f0be9a0986691;p=thirdparty%2Fsuricata.git

detect: only inspect smsg for valid tcp packets

Packets that are rejected by the stream engine are not considered
part of an established tcp session. By allowing them to inspect
an smsg, some smsgs would not be properly inspected.
---

diff --git a/src/detect.c b/src/detect.c
index 44e9b72816..24457f8b77 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -706,7 +706,7 @@ static StreamMsg *SigMatchSignaturesGetSmsg(Flow *f, Packet *p, uint8_t flags) {
 
     StreamMsg *smsg = NULL;
 
-    if (p->proto == IPPROTO_TCP && f->protoctx != NULL) {
+    if (p->proto == IPPROTO_TCP && f->protoctx != NULL && (p->flags & PKT_STREAM_EST)) {
         TcpSession *ssn = (TcpSession *)f->protoctx;
 
         /* at stream eof, or in inline mode, inspect all smsg's */