output: log tx only when there is a fresh app update

Ticket: 6796

Similar to commit for detection
9240ae250cc369306803740279df2ab3eca6b54a

We only have more logging to do if the app update was fresh,
ie if p->app_update_direction != 0

If we have data acknowledged in one direction,
and then many packets in the other direction,
the APP_UPDATED flow flags did not get reset because we did not
run detection yet in this direction,
but there is nothing more to do after the first packet in the
other direction.

diff --git a/src/output-tx.c b/src/output-tx.c
index 751d538982d6b24cbe3c3baab5e8c0375cf92d51..7585d37a55711a3db1a44c97b47c50371438116e 100644 (file)
--- a/src/output-tx.c
+++ b/src/output-tx.c
@@ -337,7 +337,9 @@ static TmEcode OutputTxLog(ThreadVars *tv, Packet *p, void *thread_data)
     DEBUG_VALIDATE_BUG_ON(thread_data == NULL);
     if (p->flow == NULL)
         return TM_ECODE_OK;
-    if (!((PKT_IS_PSEUDOPKT(p)) || p->flow->flags & (FLOW_TS_APP_UPDATED | FLOW_TC_APP_UPDATED))) {
+    if (!PKT_IS_PSEUDOPKT(p) && p->app_update_direction == 0 &&
+            ((PKT_IS_TOSERVER(p) && (p->flow->flags & FLOW_TS_APP_UPDATED) == 0) ||
+                    (PKT_IS_TOCLIENT(p) && (p->flow->flags & FLOW_TC_APP_UPDATED) == 0))) {
         SCLogDebug("not pseudo, no app update: skip");
         return TM_ECODE_OK;
     }