aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

flow: flag packets as established for async

Browse Source 
If a stream is async we see only on side of the traffic. This would
lead to the flow engine not flagging packets as 'established' even
if the flow state was in fact established. The flow was tagged as
such by the TCP engine.

This patch considers the flow state for setting the packet flag.

Bug #2491.
pull/3448/head
Victor Julien 7 years ago
parent 0b46d027d0
commit 5a8779cfc0
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File

7
src/flow.c
Unescape Escape View File

@ -384,7 +384,12 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p)
}
}
if ((f->flags & (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) == (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) {
if (SC_ATOMIC_GET(f->flow_state) == FLOW_STATE_ESTABLISHED) {
SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
p->flowflags |= FLOW_PKT_ESTABLISHED;
} else if ((f->flags & (FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) ==
(FLOW_TO_DST_SEEN|FLOW_TO_SRC_SEEN)) {
SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
p->flowflags |= FLOW_PKT_ESTABLISHED;

Write Preview
Loading…
Cancel
Save