detect/iponly: don't check & set flow flags twice

Per flow IP-only flags are checked and set by IP-only engine, so
no need to set/check them per alert.

(cherry picked from commit fbcdd2ec267d49040ca178f8562767d8fb00aa73)

diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c
index 528e5b3cd15eb0333754459710703d4edbf1b0a1..d60e2b111d0caccdbee0ae88c42e0d8217044066 100644 (file)
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@@ -263,25 +263,17 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
             }
 
             if (s->flags & SIG_FLAG_IPONLY) {
-                if (((p->flowflags & FLOW_PKT_TOSERVER) && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) ||
-                    ((p->flowflags & FLOW_PKT_TOCLIENT) && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) {
-                    SCLogDebug("testing against \"ip-only\" signatures");
-
-                    if (p->flow != NULL) {
-                        /* Update flow flags for iponly */
-                        FlowSetIPOnlyFlag(p->flow, (p->flowflags & FLOW_PKT_TOSERVER) ? 1 : 0);
-
-                        if (s->action & ACTION_DROP)
-                            p->flow->flags |= FLOW_ACTION_DROP;
-                        if (s->action & ACTION_REJECT)
-                            p->flow->flags |= FLOW_ACTION_DROP;
-                        if (s->action & ACTION_REJECT_DST)
-                            p->flow->flags |= FLOW_ACTION_DROP;
-                        if (s->action & ACTION_REJECT_BOTH)
-                            p->flow->flags |= FLOW_ACTION_DROP;
-                        if (s->action & ACTION_PASS) {
-                            FlowSetNoPacketInspectionFlag(p->flow);
-                        }
+                if (p->flow != NULL) {
+                    if (s->action & ACTION_DROP)
+                        p->flow->flags |= FLOW_ACTION_DROP;
+                    if (s->action & ACTION_REJECT)
+                        p->flow->flags |= FLOW_ACTION_DROP;
+                    if (s->action & ACTION_REJECT_DST)
+                        p->flow->flags |= FLOW_ACTION_DROP;
+                    if (s->action & ACTION_REJECT_BOTH)
+                        p->flow->flags |= FLOW_ACTION_DROP;
+                    if (s->action & ACTION_PASS) {
+                        FlowSetNoPacketInspectionFlag(p->flow);
                     }
                 }
             }