From d091e9ca89d6467962937c62f1b2aa20dbbc0c34 Mon Sep 17 00:00:00 2001
From: Johanna Amann <johanna@icir.org>
Date: Tue, 17 May 2016 10:31:37 -0700
Subject: [PATCH] Fix duplication of new_connection_contents event

Addresses BIT-1602
---
 src/analyzer/protocol/tcp/TCP.cc                      | 11 +++--------
 .../.stdout                                           |  2 ++
 .../base/protocols/conn/new_connection_contents.bro   |  7 +++++++
 3 files changed, 12 insertions(+), 8 deletions(-)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.conn.new_connection_contents/.stdout
 create mode 100644 testing/btest/scripts/base/protocols/conn/new_connection_contents.bro

diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc
index 8b3876c7ce..56c01fa358 100644
--- a/src/analyzer/protocol/tcp/TCP.cc
+++ b/src/analyzer/protocol/tcp/TCP.cc
@@ -408,11 +408,6 @@ void TCP_Analyzer::EnableReassembly()
 	                                   TCP_Reassembler::Forward, orig),
 	               new TCP_Reassembler(this, this,
 	                                   TCP_Reassembler::Forward, resp));
-
-	reassembling = 1;
-
-	if ( new_connection_contents )
-		Event(new_connection_contents);
 	}
 
 void TCP_Analyzer::SetReassembler(TCP_Reassembler* rorig,
@@ -423,10 +418,10 @@ void TCP_Analyzer::SetReassembler(TCP_Reassembler* rorig,
 	resp->AddReassembler(rresp);
 	rresp->SetDstAnalyzer(this);
 
-	reassembling = 1;
-
-	if ( new_connection_contents )
+	if ( new_connection_contents && reassembling == 0 )
 		Event(new_connection_contents);
+
+	reassembling = 1;
 	}
 
 const struct tcphdr* TCP_Analyzer::ExtractTCP_Header(const u_char*& data, 
diff --git a/testing/btest/Baseline/scripts.base.protocols.conn.new_connection_contents/.stdout b/testing/btest/Baseline/scripts.base.protocols.conn.new_connection_contents/.stdout
new file mode 100644
index 0000000000..1581730b33
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.conn.new_connection_contents/.stdout
@@ -0,0 +1,2 @@
+new_connection_contents for [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp]
+new_connection_contents for [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp]
diff --git a/testing/btest/scripts/base/protocols/conn/new_connection_contents.bro b/testing/btest/scripts/base/protocols/conn/new_connection_contents.bro
new file mode 100644
index 0000000000..42919f6f13
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/conn/new_connection_contents.bro
@@ -0,0 +1,7 @@
+# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event new_connection_contents(c: connection)
+	{
+	print fmt("new_connection_contents for %s", cat(c$id));
+	}