From: Oleksandr Stepanov -X (ostepano - SOFTSERVE INC at Cisco) <ostepano@cisco.com>
Date: Tue, 9 Dec 2025 14:11:02 +0000 (+0000)
Subject: Pull request #5001: appid: allow out-of-order packet inspection in TP
X-Git-Tag: 3.10.1.0~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e57e46445ecb636f8bad57ad538173aa101a1997;p=thirdparty%2Fsnort3.git

Pull request #5001: appid: allow out-of-order packet inspection in TP

Merge in SNORT/snort3 from ~OSTEPANO/snort3:tp_http_request_len to master

Squashed commit of the following:

commit aa0c0de17168228c169f7f3a358cedf4f2e9a70a
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date:   Wed Nov 19 13:47:05 2025 -0500

    appid: allow out-of-order packet inspection in TP
---

diff --git a/src/network_inspectors/appid/tp_appid_utils.cc b/src/network_inspectors/appid/tp_appid_utils.cc
index 881de3c45..4b63f34f3 100644
--- a/src/network_inspectors/appid/tp_appid_utils.cc
+++ b/src/network_inspectors/appid/tp_appid_utils.cc
@@ -101,7 +101,7 @@ static inline void process_http_session(const Packet& p, AppIdSession& asd,
 
         if (spdyRequestScheme && spdyRequestHost && spdyRequestPath )
         {
-            string* url;
+            const string* url;
             if (asd.get_session_flags(APPID_SESSION_DECRYPTED)
                 && *spdyRequestScheme == "http")
             {
@@ -503,7 +503,7 @@ static void set_tp_reinspect(AppIdSession& asd, const Packet* p, AppidSessionDir
 {
     // restart inspection by 3rd party
     if (!asd.tp_reinspect_by_initiator and (direction == APP_ID_FROM_INITIATOR) and
-        check_reinspect(p, asd) and p->packet_flags & PKT_STREAM_ORDER_OK)
+        check_reinspect(p, asd) and ((p->packet_flags & PKT_STREAM_ORDER_OK) or asd.get_odp_ctxt().inspect_ooo_flows))
     {
         asd.tp_reinspect_by_initiator = true;
         asd.set_session_flags(APPID_SESSION_APP_REINSPECT);
@@ -555,7 +555,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I
     if (!p->dsize and !asd.get_odp_ctxt().tp_allow_probes)
         return false;
 
-    bool process_packet = (protocol != IpProtocol::TCP or (p->packet_flags & PKT_STREAM_ORDER_OK) or
+    bool process_packet = (protocol != IpProtocol::TCP or ((p->packet_flags & PKT_STREAM_ORDER_OK) or asd.get_odp_ctxt().inspect_ooo_flows) or
         asd.get_odp_ctxt().tp_allow_probes);
 
     if (!process_packet)