From 0e8e8e37287835a73f983f508a1026ed12b5ff00 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Tue, 14 Dec 2010 15:57:30 +0100
Subject: [PATCH] Don't stop stream reassembly if protocol detection failed,
 only stop/prevent app layer parsing.

---
 src/app-layer.c | 12 +++++++-----
 src/detect.c    |  9 +++++++++
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/src/app-layer.c b/src/app-layer.c
index b7b599626d..3351ff53c7 100644
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -165,17 +165,17 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg)
                 } else {
                     if (smsg->flags & STREAM_TOSERVER) {
                         if (smsg->data.data_len >= alp_proto_ctx.toserver.max_len) {
+                            /* protocol detection has failed */
                             ssn->flags |= STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED;
-                            smsg->flow->alflags |= FLOW_AL_PROTO_DETECT_DONE;
+                            smsg->flow->alflags |= FLOW_AL_PROTO_DETECT_DONE|FLOW_AL_NO_APPLAYER_INSPECTION;
                             SCLogDebug("ALPROTO_UNKNOWN flow %p", smsg->flow);
-                            StreamTcpSetSessionNoReassemblyFlag(ssn, 0);
                         }
                     } else if (smsg->flags & STREAM_TOCLIENT) {
                         if (smsg->data.data_len >= alp_proto_ctx.toclient.max_len) {
+                            /* protocol detection has failed */
                             ssn->flags |= STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED;
-                            smsg->flow->alflags |= FLOW_AL_PROTO_DETECT_DONE;
+                            smsg->flow->alflags |= FLOW_AL_PROTO_DETECT_DONE|FLOW_AL_NO_APPLAYER_INSPECTION;
                             SCLogDebug("ALPROTO_UNKNOWN flow %p", smsg->flow);
-                            StreamTcpSetSessionNoReassemblyFlag(ssn, 1);
                         }
                     }
                 }
@@ -204,7 +204,9 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg)
         /* store the smsg in the tcp stream */
         if (smsg->flags & STREAM_TOSERVER) {
             SCLogDebug("storing smsg in the to_server");
-
+#if 0
+            PrintRawDataFp(stdout,smsg->data.data,smsg->data.data_len);
+#endif
             /* put the smsg in the stream list */
             if (ssn->toserver_smsg_head == NULL) {
                 ssn->toserver_smsg_head = smsg;
diff --git a/src/detect.c b/src/detect.c
index 90269100bb..de8a9c80fb 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -1025,6 +1025,15 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
                 }
 
                 smsg = SigMatchSignaturesGetSmsg(p->flow, p, flags);
+#if 0
+                StreamMsg *tmpsmsg = smsg;
+                while (tmpsmsg) {
+                    printf("detect ---start---:\n");
+                    PrintRawDataFp(stdout,tmpsmsg->data.data,tmpsmsg->data.data_len);
+                    printf("detect ---end---:\n");
+                    tmpsmsg = tmpsmsg->next;
+                }
+#endif
             }
 
             /* Retrieve the app layer state and protocol and the tcp reassembled