From: Victor Julien <victor@inliniac.net>
Date: Mon, 2 Sep 2019 08:25:30 +0000 (+0200)
Subject: pd: don't reverse flow if TCP session not midstream
X-Git-Tag: suricata-5.0.0-rc1~81
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a272e433a8f9a1886db22cf77d2f6a3b2eed2a57;p=thirdparty%2Fsuricata.git

pd: don't reverse flow if TCP session not midstream
---

diff --git a/src/app-layer.c b/src/app-layer.c
index 1fe34e5bfa..ebd91158e8 100644
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -358,7 +358,7 @@ static int TCPProtoDetect(ThreadVars *tv,
         /* if protocol detection indicated that we need to reverse
          * the direction of the flow, do it now. We flip the flow,
          * packet and the direction flags */
-        if (reverse_flow) {
+        if (reverse_flow && (ssn->flags & STREAMTCP_FLAG_MIDSTREAM)) {
             SCLogDebug("reversing flow after proto detect told us so");
             PacketSwap(p);
             FlowSwap(f);