Merge pull request #2691 in SNORT/snort3 from ~KBHANDAN/snort3:whd_ids to master

Squashed commit of the following:

commit c3914b6900a5570dd7eb87806da9749560971605
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date:   Thu Jan 7 17:00:08 2021 -0500

    packet_io: ids mode should not give blacklist verdict for Intrusion event

diff --git a/src/packet_io/active.cc b/src/packet_io/active.cc
index df4b8923c5fc7b400547cf155b68add8ee6c876b..e1d3d6fb4e7edafdf4c622e659c2fcce85943626 100644 (file)
--- a/src/packet_io/active.cc
+++ b/src/packet_io/active.cc
@@ -671,7 +671,8 @@ void Active::block_session(Packet* p, bool force)
     active_action = ACT_BLOCK;
     update_status(p, force);
 
-    if ( force or p->context->conf->inline_mode() or p->context->conf->treat_drop_as_ignore() )
+    if ( force or ( p->context->conf->inline_mode() and SFDAQ::forwarding_packet(p->pkth) )
+        or p->context->conf->treat_drop_as_ignore() )
         Stream::block_flow(p);
 
     p->disable_inspect = true;
@@ -687,7 +688,8 @@ void Active::reset_session(Packet* p, ActiveAction* reject, bool force)
     active_action = ACT_RESET;
     update_status(p, force);
 
-    if ( force or p->context->conf->inline_mode() or p->context->conf->treat_drop_as_ignore() )
+    if ( force or ( p->context->conf->inline_mode() and SFDAQ::forwarding_packet(p->pkth) )
+        or p->context->conf->treat_drop_as_ignore() )
         Stream::drop_flow(p);
 
     if ( p->context->conf->is_active_enabled() )