detect: don't set conflicting packet/flow actions
If for the same a packet a drop rule and a pass rule would match,
the applying of actions could be contradictionary:
- the drop would be applied to the packet
- the pass rule would also be considered, not overriding the drop,
but still setting the flow pass flag.
This would lead to the packet being dropped, but the rest of the
flow getting passed, including retransmissions of the dropped
packet.
This patch only sets drop/pass actions if no conflicting action
has been set on the packet before. It respects the action-order.
Bug: #7653.
Fix based on:
57b17fb3b2fb ("detect: don't set conflicting packet/flow actions")
projects / thirdparty / suricata.git / commit
