detect: add check to validate drops

author Victor Julien <vjulien@oisf.net>

Thu, 1 Jun 2023 08:57:08 +0000 (10:57 +0200)

committer Victor Julien <vjulien@oisf.net>

Fri, 2 Jun 2023 09:21:47 +0000 (11:21 +0200)
author Victor Julien <vjulien@oisf.net>
Thu, 1 Jun 2023 08:57:08 +0000 (10:57 +0200)
committer Victor Julien <vjulien@oisf.net>
Fri, 2 Jun 2023 09:21:47 +0000 (11:21 +0200)
diff --git a/src/detect.c b/src/detect.c

index ebc883188c221cc12750f09002203c8eb58aab60..5cb4e6bfbc443e02e07a3a5f60bdd1c4bfe2e793 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -1713,6 +1713,7 @@ static void DetectFlow(ThreadVars *tv,
       * to allow stream engine "invalid" drop packets to still be
       * evaluated by the stream event rules. */
      if (f->flags & FLOW_ACTION_DROP) {
+        DEBUG_VALIDATE_BUG_ON(!(PKT_IS_PSEUDOPKT(p)) && !PacketCheckAction(p, ACTION_DROP));
          SCReturn;
      }
author	Victor Julien <vjulien@oisf.net>
	Thu, 1 Jun 2023 08:57:08 +0000 (10:57 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Fri, 2 Jun 2023 09:21:47 +0000 (11:21 +0200)