From: Victor Julien Date: Tue, 7 Aug 2018 11:28:55 +0000 (+0200) Subject: flow: flag packets as established for async X-Git-Tag: suricata-4.0.6~51 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8f32fad935e825f0a7e759ea9d3998fef091f597;p=thirdparty%2Fsuricata.git flow: flag packets as established for async If a stream is async we see only on side of the traffic. This would lead to the flow engine not flagging packets as 'established' even if the flow state was in fact established. The flow was tagged as such by the TCP engine. This patch considers the flow state for setting the packet flag. Bug #2491. --- diff --git a/src/flow.c b/src/flow.c index 447a49d618..37b082f32a 100644 --- a/src/flow.c +++ b/src/flow.c @@ -326,7 +326,12 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p) } } - if ((f->flags & (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) == (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) { + if (SC_ATOMIC_GET(f->flow_state) == FLOW_STATE_ESTABLISHED) { + SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p); + p->flowflags |= FLOW_PKT_ESTABLISHED; + + } else if ((f->flags & (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) == + (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) { SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p); p->flowflags |= FLOW_PKT_ESTABLISHED;