From: Victor Julien <victor@inliniac.net>
Date: Thu, 17 Dec 2020 20:04:13 +0000 (+0100)
Subject: detect/stream: fix async stream inspection
X-Git-Tag: suricata-6.0.2~81
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=82e10f2cdda3f9c22ce56e06d87e12cb7e739191;p=thirdparty%2Fsuricata.git

detect/stream: fix async stream inspection

Move raw progress forward only if detect uses stream data, indicated
by the PKT_DETECT_HAS_STREAMDATA flag.

(cherry picked from commit 3c7c361b603653a4c0bb30a4261babc45988d163)
---

diff --git a/src/detect.c b/src/detect.c
index 92a32f2ff2..bd06176325 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -952,8 +952,7 @@ static void DetectRunCleanup(DetectEngineThreadCtx *det_ctx,
     if (pflow != NULL) {
         /* update inspected tracker for raw reassembly */
         if (p->proto == IPPROTO_TCP && pflow->protoctx != NULL &&
-            (p->flags & PKT_STREAM_EST))
-        {
+                (p->flags & PKT_DETECT_HAS_STREAMDATA)) {
             StreamReassembleRawUpdateProgress(pflow->protoctx, p,
                     det_ctx->raw_stream_progress);
         }
diff --git a/src/tests/detect-http-uri.c b/src/tests/detect-http-uri.c
index 7d662f08fa..5b3c180113 100644
--- a/src/tests/detect-http-uri.c
+++ b/src/tests/detect-http-uri.c
@@ -1656,7 +1656,7 @@ static int UriTestSig16(void)
     UTHAddStreamToFlow(f, 0, http_buf1, http_buf1_len);
 
     p->flow = f;
-    p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST;
+    p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST | PKT_DETECT_HAS_STREAMDATA;
     p->flowflags |= FLOW_PKT_TOSERVER;
     p->flowflags |= FLOW_PKT_ESTABLISHED;
     f->alproto = ALPROTO_HTTP;