From: Victor Julien <vjulien@oisf.net>
Date: Wed, 7 Sep 2022 07:43:19 +0000 (+0200)
Subject: tls: streaming mode for application records
X-Git-Tag: suricata-6.0.10~52
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ba70d7b91a0ae349ec5fec27a1bedab107fd43d2;p=thirdparty%2Fsuricata.git

tls: streaming mode for application records

To avoid overhead of stream buffering for records we don't do
much with anyway, pass through application records instead of
buffering the entire record in the stream engine.

(cherry picked from commit 6076a5151127f039932cb99d771259c18762c59a)
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 73a814be9a..d3595ea1ac 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -2336,10 +2336,16 @@ static struct SSLDecoderResult SSLv3Decode(uint8_t direction, SSLState *ssl_stat
             ssl_state->curr_connp->record_length, ssl_state->curr_connp->bytes_processed, record_len);
 
     if (ssl_state->curr_connp->record_length > input_len - parsed) {
-        uint32_t needed = ssl_state->curr_connp->record_length;
-        SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
-                ssl_state->curr_connp->record_length, input_len, parsed, needed);
-        return SSL_DECODER_INCOMPLETE(parsed, needed);
+        /* no need to use incomplete api buffering for application
+         * records that we'll not use anyway. */
+        if (ssl_state->curr_connp->content_type == SSLV3_APPLICATION_PROTOCOL) {
+            SCLogDebug("application record");
+        } else {
+            uint32_t needed = ssl_state->curr_connp->record_length;
+            SCLogDebug("record len %u input_len %u parsed %u: need %u bytes more data",
+                    ssl_state->curr_connp->record_length, input_len, parsed, needed);
+            return SSL_DECODER_INCOMPLETE(parsed, needed);
+        }
     }
 
     if (record_len == 0) {