When a flow is in the drop flow state, don't use pseudo packets
when it is timing out. There should be no work left to do at this
point.
(cherry picked from commit
2a9515471287d2b8fc5aa2e1879aabadaf5f421e)
while ((f = FlowQueuePrivateGetFromTop(&td->aside_queue)) != NULL) {
/* flow is still locked */
- if (f->proto == IPPROTO_TCP && !(f->flags & FLOW_TIMEOUT_REASSEMBLY_DONE) &&
+ if (f->proto == IPPROTO_TCP &&
+ !(f->flags & (FLOW_TIMEOUT_REASSEMBLY_DONE | FLOW_ACTION_DROP)) &&
!FlowIsBypassed(f) && FlowForceReassemblyNeedReassembly(f) == 1) {
/* Send the flow to its thread */
FlowForceReassemblyForFlow(f);
f->flow_end_flags |= FLOW_END_FLAG_TIMEOUT; //TODO emerg
if (f->proto == IPPROTO_TCP) {
- if (!(f->flags & FLOW_TIMEOUT_REASSEMBLY_DONE) && !FlowIsBypassed(f) &&
- FlowForceReassemblyNeedReassembly(f) == 1 && f->ffr != 0) {
+ if (!(f->flags & (FLOW_TIMEOUT_REASSEMBLY_DONE | FLOW_ACTION_DROP)) &&
+ !FlowIsBypassed(f) && FlowForceReassemblyNeedReassembly(f) == 1 &&
+ f->ffr != 0) {
/* read detect thread in case we're doing a reload */
void *detect_thread = SC_ATOMIC_GET(fw->detect_thread);
int cnt = FlowFinish(tv, f, fw, detect_thread);
projects / thirdparty / suricata.git / commitdiff
