Pull request #5120: dns: clear insert flag for DoH/DoQ

Merge in SNORT/snort3 from ~SHIKV/snort3:dns_ips_fix to master

Squashed commit of the following:

commit 8925ab1e95e9c656b8fa5fe3e6c359657aecbf7d
Author: shibin kv <shikv@cisco.com>
Date:   Tue Jan 27 23:50:24 2026 -0600

    dns: clear insert flag for DoH/DoQ

diff --git a/src/service_inspectors/dns/dns_payload_event_handler.cc b/src/service_inspectors/dns/dns_payload_event_handler.cc
index 64935ffb62acf94b5f11c8e13d5709977174be40..e1f8b4f990908260c6027e61cd3ecfcd1f689d9f 100644 (file)
--- a/src/service_inspectors/dns/dns_payload_event_handler.cc
+++ b/src/service_inspectors/dns/dns_payload_event_handler.cc
@@ -47,12 +47,16 @@ void DnsPayloadEventHandler::handle(DataEvent& event, Flow* flow)
     const uint8_t* old_data = p->data;
     const uint32_t old_dsize = p->dsize;
     SnortProtocolId old_protocol_id = p->flow->ssn_state.snort_protocol_id;
+    bool is_insert_set = p->packet_flags & PKT_STREAM_INSERT;
 
     {
         p->data = dns_payload;
         p->dsize = payload_length;
         p->flow->ssn_state.snort_protocol_id = inspector.get_service();
+        p->context->snapshot_flow(p->flow);
         p->packet_flags |= PKT_ALLOW_MULTIPLE_DETECT;
+        if (is_insert_set)
+            p->packet_flags &= ~PKT_STREAM_INSERT;
         DetectionEngine::detect(p);
     }
 
@@ -62,5 +66,8 @@ void DnsPayloadEventHandler::handle(DataEvent& event, Flow* flow)
     p->data = old_data;
     p->dsize = old_dsize;
     p->flow->ssn_state.snort_protocol_id = old_protocol_id;
+    p->context->snapshot_flow(flow);
+    if (is_insert_set)
+        p->packet_flags |= PKT_STREAM_INSERT;
 
 }