exceptions: add callbacks for drop-flow policy

Make sure that when the policy is to drop the flow, we set no inspection
for payload and packet and disable applayer inspection as well.

Task #5468

(cherry picked from commit 242b8f7d65498f7b7b33cf852a79206484c269b1)

diff --git a/src/util-exception-policy.c b/src/util-exception-policy.c
index 5ec66ea90f4d4b7f94e3d8040d5be9c17c541fdf..ea7d72dcfc9a15a00748cd6d479a07bd756bfcd8 100644 (file)
--- a/src/util-exception-policy.c
+++ b/src/util-exception-policy.c
@@ -22,6 +22,7 @@
 #include "suricata-common.h"
 #include "util-exception-policy.h"
 #include "util-misc.h"
+#include "stream-tcp-reassemble.h"
 
 void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDropReason drop_reason)
 {
@@ -34,6 +35,9 @@ void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDro
                 SCLogDebug("EXCEPTION_POLICY_DROP_FLOW");
                 if (p->flow) {
                     p->flow->flags |= FLOW_ACTION_DROP;
+                    FlowSetNoPayloadInspectionFlag(p->flow);
+                    FlowSetNoPacketInspectionFlag(p->flow);
+                    StreamTcpDisableAppLayer(p->flow);
                 }
                 /* fall through */
             case EXCEPTION_POLICY_DROP_PACKET: