stream-tcp: bypass encrypted when both side ready

Suricata should not completely bypass a flow before both end of it have reached the stream depth or have reached a certain state. Justification is that suricata need the ACK to treat the other side so we can't really decide to cut only one side.
9 years ago · 69e1ff7ba7
parent 3750c15632
commit 69e1ff7ba7
1 changed files with 5 additions and 0 deletions
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@ -4656,6 +4656,11 @@ int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt,
            (PKT_IS_TOCLIENT(p) && (ssn->server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)))
        {
            p->flags |= PKT_STREAM_NOPCAPLOG;
+        }
+
+        if ((ssn->client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) &&
+            (ssn->server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY))
+        {
            /* we can call bypass callback, if enabled */
            if (StreamTcpBypassEnabled()) {
                PacketBypassCallback(p);