GH-664: fix signature matching for payload-carrying SYN packets

Or more generally, signatures would not work correctly for any case where the first TCP packet seen contained payload data, regardless of its TCP flags.
2025-10-15 13:08:20 +00:00 · 2019-10-29 17:20:08 -07:00 · 2019-10-29 17:20:08 -07:00 · 9c4e44924f
commit 9c4e44924f
parent 7b9a27c96a
8 changed files with 30 additions and 2 deletions
--- a/testing/btest/Baseline/signatures.tcp-syn-with-payload/tcp-fast-open.out
+++ b/testing/btest/Baseline/signatures.tcp-syn-with-payload/tcp-fast-open.out
@ -0,0 +1 @@
+signature_match [orig_h=10.99.99.1, orig_p=55534/tcp, resp_h=10.99.99.45, resp_p=80/tcp] - payload of dst-port=80/tcp contains 'passwd'
				`@ -0,0 +1 @@`
				`signature_match [orig_h=10.99.99.1, orig_p=55534/tcp, resp_h=10.99.99.45, resp_p=80/tcp] - payload of dst-port=80/tcp contains 'passwd'`