From: Victor Julien <victor@inliniac.net>
Date: Tue, 7 Aug 2018 11:28:55 +0000 (+0200)
Subject: flow: flag packets as established for async
X-Git-Tag: suricata-4.1.0-rc2~152
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5a8779cfc02d15ee28a4ef106c50ed9dd82ed451;p=thirdparty%2Fsuricata.git

flow: flag packets as established for async

If a stream is async we see only on side of the traffic. This would
lead to the flow engine not flagging packets as 'established' even
if the flow state was in fact established. The flow was tagged as
such by the TCP engine.

This patch considers the flow state for setting the packet flag.

Bug #2491.
---

diff --git a/src/flow.c b/src/flow.c
index 13e1433180..a68eb6da2e 100644
--- a/src/flow.c
+++ b/src/flow.c
@@ -384,7 +384,12 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p)
         }
     }
 
-    if ((f->flags & (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) == (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) {
+    if (SC_ATOMIC_GET(f->flow_state) == FLOW_STATE_ESTABLISHED) {
+        SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
+        p->flowflags |= FLOW_PKT_ESTABLISHED;
+
+    } else if ((f->flags & (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) ==
+            (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) {
         SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
         p->flowflags |= FLOW_PKT_ESTABLISHED;