output: log tx only when there is a fresh app update

Ticket: 6796

Similar to commit for detection
9240ae250cc369306803740279df2ab3eca6b54a

We only have more logging to do if the app update was fresh,
ie if p->app_update_direction != 0

If we have data acknowledged in one direction,
and then many packets in the other direction,
the APP_UPDATED flow flags did not get reset because we did not
run detection yet in this direction,
but there is nothing more to do after the first packet in the
other direction.

(cherry picked from commit c41540f8391b44bf4d91d32641cc608ebfecb19c)

diff --git a/src/output-tx.c b/src/output-tx.c
index 18a34e78a7342cb404b3945569faccdeff51bd1a..042b424adec9353925fb0dcf73198016e50ddbbb 100644 (file)
--- a/src/output-tx.c
+++ b/src/output-tx.c
@@ -339,7 +339,9 @@ static TmEcode OutputTxLog(ThreadVars *tv, Packet *p, void *thread_data)
     DEBUG_VALIDATE_BUG_ON(thread_data == NULL);
     if (p->flow == NULL)
         return TM_ECODE_OK;
-    if (!((PKT_IS_PSEUDOPKT(p)) || p->flow->flags & (FLOW_TS_APP_UPDATED | FLOW_TC_APP_UPDATED))) {
+    if (!PKT_IS_PSEUDOPKT(p) && p->app_update_direction == 0 &&
+            ((PKT_IS_TOSERVER(p) && (p->flow->flags & FLOW_TS_APP_UPDATED) == 0) ||
+                    (PKT_IS_TOCLIENT(p) && (p->flow->flags & FLOW_TC_APP_UPDATED) == 0))) {
         SCLogDebug("not pseudo, no app update: skip");
         return TM_ECODE_OK;
     }