detect: pseudo-packets inherit inspect flags from parent packet

Instead of inheriting from flow, because encrypted protocols like TLS
and SSH may have just set the flow flags to indicate rest of stream is
encrypted and does not need to run stream inspection. But inspection
still needs to be run detection on this last flushing packet.

Ticket: #7235.

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 1ae7c013ae12a5b3d3f1ac511d09afb999c2741f..6417d024e6a584ece3ad4360c0e6144df09e0701 100644 (file)
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -6723,10 +6723,10 @@ static void StreamTcpPseudoPacketCreateDetectLogFlush(ThreadVars *tv,
     np->vlan_idx = f->vlan_idx;
     np->livedev = (struct LiveDevice_ *)f->livedev;
 
-    if (f->flags & FLOW_NOPACKET_INSPECTION) {
+    if (parent->flags & PKT_NOPACKET_INSPECTION) {
         DecodeSetNoPacketInspectionFlag(np);
     }
-    if (f->flags & FLOW_NOPAYLOAD_INSPECTION) {
+    if (parent->flags & PKT_NOPAYLOAD_INSPECTION) {
         DecodeSetNoPayloadInspectionFlag(np);
     }