detect/alert: apply pd only actions to flow

author Victor Julien <victor@inliniac.net>

Wed, 10 Mar 2021 12:25:55 +0000 (13:25 +0100)

committer Victor Julien <victor@inliniac.net>

Fri, 12 Mar 2021 11:58:48 +0000 (12:58 +0100)
author Victor Julien <victor@inliniac.net>
Wed, 10 Mar 2021 12:25:55 +0000 (13:25 +0100)
committer Victor Julien <victor@inliniac.net>
Fri, 12 Mar 2021 11:58:48 +0000 (12:58 +0100)
diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c

index 7d6c7c833238177d00320f2704577ffea9c6f10e..f570fe94f90d2e9ebc07ed1df96c81b20c2df57d 100644 (file)
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@@ -275,7 +275,8 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
                  }
              }
  
-            if (s->flags & SIG_FLAG_IPONLY) {
+            /* IP-only and PD-only matches should apply to the flow */
+            if (s->flags & (SIG_FLAG_IPONLY | SIG_FLAG_PDONLY)) {
                  if (p->flow != NULL) {
                      RuleActionToFlow(s->action, p->flow);
                  }
author	Victor Julien <victor@inliniac.net>
	Wed, 10 Mar 2021 12:25:55 +0000 (13:25 +0100)
committer	Victor Julien <victor@inliniac.net>
	Fri, 12 Mar 2021 11:58:48 +0000 (12:58 +0100)