Pull request #5085: react: block flow when packets are not reset candidates

Merge in SNORT/snort3 from ~DZIKRATY/snort3:fix_non_tcp_react to master

Squashed commit of the following:

commit ff894c92b795ba1e20a89d06395f95dca3f4ec97
Author: Denys Zikratyi -X (dzikraty - SOFTSERVE INC at Cisco) <dzikraty@cisco.com>
Date:   Thu Jan 8 10:38:11 2026 -0500

    react: block flow when packets are not reset candidates

diff --git a/src/actions/act_react.cc b/src/actions/act_react.cc
index 05a5533264c91e466ba2a5247e9f53eafcd3269e..7d54d1885f5c10a82012a0c4a3b71c46e8a2ab87 100644 (file)
--- a/src/actions/act_react.cc
+++ b/src/actions/act_react.cc
@@ -134,11 +134,14 @@ private:
 static THREAD_LOCAL struct ReactStats
 {
     PegCount react;
+    PegCount non_supported_react;
 } react_stats;
 
 const PegInfo react_pegs[] =
 {
     { CountType::SUM, "react", "number of packets that matched an IPS react rule" },
+    { CountType::SUM, "non_supported_react", "number of packets that matched an IPS react rule"
+      " but could not be processed because the protocol is not supported" },
     { CountType::END, nullptr, nullptr }
 };
 
@@ -225,6 +228,13 @@ void ReactAction::exec(Packet* p, const ActInfo& ai)
     p->active->drop_packet(p);
     p->active->set_drop_reason("ips");
 
+    if ( p->context->wire_packet and
+         !p->active->is_reset_candidate(p->context->wire_packet) )
+    {
+        p->active->block_session(p);
+        ++react_stats.non_supported_react;
+    }    
+
     alert(p, ai);
     ++react_stats.react;
 }