From: Victor Julien <victor@inliniac.net>
Date: Tue, 21 Apr 2020 08:52:04 +0000 (+0200)
Subject: app-layer: fix protocol detection bail conditions for TCP fastopen
X-Git-Tag: suricata-6.0.0-beta1~479
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7ca94ba0a2de18726bb7ebae125bdecef06c2ad4;p=thirdparty%2Fsuricata.git

app-layer: fix protocol detection bail conditions for TCP fastopen
---

diff --git a/src/app-layer.c b/src/app-layer.c
index e69db23cf9..0be5acf611 100644
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -198,6 +198,11 @@ static void DisableAppLayer(ThreadVars *tv, Flow *f, Packet *p)
 static void TCPProtoDetectCheckBailConditions(ThreadVars *tv,
         Flow *f, TcpSession *ssn, Packet *p)
 {
+    if (ssn->state < TCP_ESTABLISHED) {
+        SCLogDebug("skip as long as TCP is not ESTABLISHED (TCP fast open)");
+        return;
+    }
+
     uint32_t size_ts = ssn->client.last_ack - ssn->client.isn - 1;
     uint32_t size_tc = ssn->server.last_ack - ssn->server.isn - 1;
     SCLogDebug("size_ts %u, size_tc %u", size_ts, size_tc);