app-layer: don't update UDP applayer for dropped packets

author Victor Julien <vjulien@oisf.net>

Wed, 31 May 2023 13:52:14 +0000 (15:52 +0200)

committer Victor Julien <vjulien@oisf.net>

Fri, 2 Jun 2023 10:13:43 +0000 (12:13 +0200)
author Victor Julien <vjulien@oisf.net>
Wed, 31 May 2023 13:52:14 +0000 (15:52 +0200)
committer Victor Julien <vjulien@oisf.net>
Fri, 2 Jun 2023 10:13:43 +0000 (12:13 +0200)
diff --git a/src/flow-worker.c b/src/flow-worker.c

index ab8a41c586c09abef1506412cfa605f73c591e6f..ab2a2a6385480a2b35afbf7ff07cedb10e04abe6 100644 (file)
--- a/src/flow-worker.c
+++ b/src/flow-worker.c
@@ -34,6 +34,7 @@
  #include "suricata-common.h"
  #include "suricata.h"
  
+#include "action-globals.h"
  #include "decode.h"
  #include "detect.h"
  #include "stream-tcp.h"
@@ -538,9 +539,11 @@ static TmEcode FlowWorker(ThreadVars *tv, Packet *p, void *data)
  
          /* handle the app layer part of the UDP packet payload */
      } else if (p->flow && p->proto == IPPROTO_UDP) {
-        FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_APPLAYERUDP);
-        AppLayerHandleUdp(tv, fw->stream_thread->ra_ctx->app_tctx, p, p->flow);
-        FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_APPLAYERUDP);
+        if (!PACKET_TEST_ACTION(p, ACTION_DROP)) {
+            FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_APPLAYERUDP);
+            AppLayerHandleUdp(tv, fw->stream_thread->ra_ctx->app_tctx, p, p->flow);
+            FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_APPLAYERUDP);
+        }
      }
  
      PacketUpdateEngineEventCounters(tv, fw->dtv, p);
author	Victor Julien <vjulien@oisf.net>
	Wed, 31 May 2023 13:52:14 +0000 (15:52 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Fri, 2 Jun 2023 10:13:43 +0000 (12:13 +0200)