flow/timeout: add frame awareness

victorjulien · victorjulien · commit 2b0c047aed7c · 2024-12-06T14:43:16.000+01:00
If there are still frames in the flow, the detection and logging logic
needs to be able to evaluate them. To do this, make the flow timeout
logic aware of the frames. If frames still exist in a direction, trigger
a FFR packet to be created.
diff --git a/src/flow-timeout.c b/src/flow-timeout.c
@@ -59,6 +59,7 @@
 #include "detect-engine-state.h"
 #include "stream.h"
 
+#include "app-layer-frames.h"
 #include "app-layer-parser.h"
 #include "app-layer.h"
 
@@ -287,7 +288,6 @@ Packet *FlowPseudoPacketGet(int direction, Flow *f, const TcpSession *ssn)
  */
 bool FlowNeedsReassembly(Flow *f)
 {
-
     if (f == NULL || f->protoctx == NULL) {
         return false;
     }
@@ -318,6 +318,15 @@ bool FlowNeedsReassembly(Flow *f)
         }
     }
 
+    /* if any frame is present we assume it still needs work */
+    FramesContainer *frames_container = AppLayerFramesGetContainer(f);
+    if (frames_container) {
+        if (frames_container->toserver.cnt)
+            client = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION;
+        if (frames_container->toclient.cnt)
+            server = STREAM_HAS_UNPROCESSED_SEGMENTS_NEED_ONLY_DETECTION;
+    }
+
     /* nothing to do */
     if (client == STREAM_HAS_UNPROCESSED_SEGMENTS_NONE &&
         server == STREAM_HAS_UNPROCESSED_SEGMENTS_NONE) {
