From 4331da4b67d44e96b94b2eae65d5c3f147409d13 Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jeff.lucovsky@corelight.com>
Date: Mon, 11 Mar 2024 14:57:16 -0400
Subject: [PATCH 1/2] flow/inject: Ensure initialized thread value used

Issue: 6835

When injecting a flow, ensure that the selected thread_id has been
initialized. When a flow is picked up midstream, the initialized thread
can be the second thread element.

(cherry picked from commit 9ad73faa0a52428e47412474514b125fda6aa03d)
---
 src/flow-timeout.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/flow-timeout.c b/src/flow-timeout.c
index e5d2794e5cfc..2b4b08dc0e0b 100644
--- a/src/flow-timeout.c
+++ b/src/flow-timeout.c
@@ -341,14 +341,21 @@ int FlowForceReassemblyNeedReassembly(Flow *f)
  *
  *        The function requires flow to be locked beforehand.
  *
+ * Normally, the first thread_id value should be used. This is when the flow is
+ * created on seeing the first packet to the server; sometimes, if the first
+ * packet is determined to be to the client, the second thread_id value should
+ * be used.
+ *
  * \param f Pointer to the flow.
  *
  * \retval 0 This flow doesn't need any reassembly processing; 1 otherwise.
  */
 void FlowForceReassemblyForFlow(Flow *f)
 {
-    const int thread_id = (int)f->thread_id[0];
-    TmThreadsInjectFlowById(f, thread_id);
+    // Have packets traveled to the server? If not,
+    // use the reverse direction
+    int idx = f->todstpktcnt > 0 ? 0 : 1;
+    TmThreadsInjectFlowById(f, (const int)f->thread_id[idx]);
 }
 
 /**

From 158018fc1c410e6aac70b4f080f61873769561cd Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jeff.lucovsky@corelight.com>
Date: Mon, 11 Mar 2024 14:58:07 -0400
Subject: [PATCH 2/2] flow: Swap thread_ids

Issue: 6835

When swapping the flow's direction, also swap the thread_ids.

This should help with the issues identified in
https://redmine.openinfosecfoundation.org/issues/2725

(cherry picked from commit 3c5745978f85f4bf049e2892c8bda167f9e53033)
---
 src/flow.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/flow.c b/src/flow.c
index 9783b7883b0b..b61823efd0ee 100644
--- a/src/flow.c
+++ b/src/flow.c
@@ -291,6 +291,8 @@ void FlowSwap(Flow *f)
     FlowSwapFlags(f);
     FlowSwapFileFlags(f);
 
+    SWAP_VARS(FlowThreadId, f->thread_id[0], f->thread_id[1]);
+
     if (f->proto == IPPROTO_TCP) {
         TcpStreamFlowSwap(f);
     }