app-layer-tls: stop detection if no reassembly

It no-reassembly is asked in TLS conf then we can stop inspection after handshake and cause bypass to be triggered on the flow.
9 years ago · 4eca40ac34
parent 69e1ff7ba7
commit 4eca40ac34
1 changed files with 7 additions and 0 deletions
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@ -1213,6 +1213,13 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state,
               handshake must be done */
            ssl_state->flags |= SSL_AL_FLAG_HANDSHAKE_DONE;

+            /* Encrypted data, reassembly not asked, bypass asked, let's sacrifice
+             * heartbeat lke inspection to be able to be able to bypass the flow */
+            if (ssl_config.no_reassemble == 1) {
+                AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_REASSEMBLY);
+                AppLayerParserStateSetFlag(pstate, APP_LAYER_PARSER_NO_INSPECTION);
+            }
+
            break;

        case SSLV3_HANDSHAKE_PROTOCOL: