exceptions: add callbacks for drop-flow policy

Make sure that when the policy is to drop the flow, we set no inspection
for payload and packet and disable applayer inspection as well.

Task #5468

diff --git a/src/util-exception-policy.c b/src/util-exception-policy.c
index a646c5e33ac825d7d1d4cd3cc33a9111c6537c9c..c849469db0ea4243b31e66789ed413573556b512 100644 (file)
--- a/src/util-exception-policy.c
+++ b/src/util-exception-policy.c
@@ -23,6 +23,7 @@
 #include "suricata.h"
 #include "util-exception-policy.h"
 #include "util-misc.h"
+#include "stream-tcp-reassemble.h"
 
 void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDropReason drop_reason)
 {
@@ -35,6 +36,9 @@ void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDro
                 SCLogDebug("EXCEPTION_POLICY_DROP_FLOW");
                 if (p->flow) {
                     p->flow->flags |= FLOW_ACTION_DROP;
+                    FlowSetNoPayloadInspectionFlag(p->flow);
+                    FlowSetNoPacketInspectionFlag(p->flow);
+                    StreamTcpDisableAppLayer(p->flow);
                 }
                 /* fall through */
             case EXCEPTION_POLICY_DROP_PACKET: