From 4dc0080579a32a9b49cddb5485452375748965df Mon Sep 17 00:00:00 2001
From: "Umang Sharma (umasharm)" <umasharm@cisco.com>
Date: Wed, 30 Jul 2025 19:24:49 +0000
Subject: [PATCH] Pull request #4831: appid: Getting Packet from event than
 from DetectionEngine

Merge in SNORT/snort3 from ~UMASHARM/snort3:CSCwq03149_Fix to master

Squashed commit of the following:

commit b9a0565c730a042cd33dc42c3fc0b2c92a8c41a0
Author: Umang Sharma <umasharm@cisco.com>
Date:   Wed Jul 23 11:44:21 2025 -0400

    appid: getting packet from event than from detectionengine
---
 src/network_inspectors/appid/appid_service_event_handler.cc | 4 ++--
 src/network_inspectors/appid/appid_session.cc               | 6 +++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/network_inspectors/appid/appid_service_event_handler.cc b/src/network_inspectors/appid/appid_service_event_handler.cc
index 1266f7ec8..c654fda82 100644
--- a/src/network_inspectors/appid/appid_service_event_handler.cc
+++ b/src/network_inspectors/appid/appid_service_event_handler.cc
@@ -33,12 +33,12 @@
 
 using namespace snort;
 
-void AppIdServiceEventHandler::handle(DataEvent&, Flow* flow)
+void AppIdServiceEventHandler::handle(DataEvent& event, Flow* flow)
 {
     if (!pkt_thread_odp_ctxt or !flow)
         return;
 
-    Packet* p = DetectionEngine::get_current_packet();
+    const Packet* p = event.get_packet();
     assert(p);
 
     // FIXIT-E: For now, wait for snort service inspection only for TCP. In the future, if AppId
diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc
index 9e196b1d9..3059e2582 100644
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -126,7 +126,11 @@ AppIdSession* AppIdSession::allocate_session(const Packet* p, IpProtocol proto,
     asd->flow = p->flow;
     asd->stats.first_packet_second = p->pkth->ts.tv_sec;
     asd->snort_protocol_id = asd->config.snort_proto_ids[PROTO_INDEX_UNSYNCHRONIZED];
-    p->flow->set_flow_data(asd);
+
+    if (!p->flow)
+        APPID_LOG(CURRENT_PACKET, TRACE_ERROR_LEVEL,"flow is null, allocated appid session:%p\n", asd);
+    else
+        p->flow->set_flow_data(asd);
     return asd;
 }
 
-- 
2.47.3