proto-detect: set flags in packet direction for UDP

author Victor Julien <vjulien@oisf.net>

Tue, 18 Jan 2022 14:17:12 +0000 (15:17 +0100)

committer Victor Julien <vjulien@oisf.net>

Tue, 18 Jan 2022 14:17:12 +0000 (15:17 +0100)
author Victor Julien <vjulien@oisf.net>
Tue, 18 Jan 2022 14:17:12 +0000 (15:17 +0100)
committer Victor Julien <vjulien@oisf.net>
Tue, 18 Jan 2022 14:17:12 +0000 (15:17 +0100)
diff --git a/src/app-layer.c b/src/app-layer.c

index 0996c164366cd136674327e9e636ec00820a9fbe..530d5f8b15f712eb9d1c992f5909d31860091f92 100644 (file)
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -125,20 +125,21 @@ void AppLayerIncTxCounter(ThreadVars *tv, Flow *f, uint64_t step)
   * so in this case we set a flag in the flow so that the first
   * packet in the correct direction can be tagged.
   *
- * For IPS things are much simpler, and we don't use the flow
- * flag. We just tag the packet directly. */
+ * For IPS we update packet and flow. */
  static inline void FlagPacketFlow(Packet *p, Flow *f, uint8_t flags)
  {
-    if (EngineModeIsIPS()) {
+    if (p->proto != IPPROTO_TCP || EngineModeIsIPS()) {
          if (flags & STREAM_TOSERVER) {
              if (p->flowflags & FLOW_PKT_TOSERVER) {
                  p->flags |= PKT_PROTO_DETECT_TS_DONE;
+                f->flags |= FLOW_PROTO_DETECT_TS_DONE;
              } else {
                  f->flags |= FLOW_PROTO_DETECT_TS_DONE;
              }
          } else {
              if (p->flowflags & FLOW_PKT_TOCLIENT) {
                  p->flags |= PKT_PROTO_DETECT_TC_DONE;
+                f->flags |= FLOW_PROTO_DETECT_TC_DONE;
              } else {
                  f->flags |= FLOW_PROTO_DETECT_TC_DONE;
              }
author	Victor Julien <vjulien@oisf.net>
	Tue, 18 Jan 2022 14:17:12 +0000 (15:17 +0100)
committer	Victor Julien <vjulien@oisf.net>
	Tue, 18 Jan 2022 14:17:12 +0000 (15:17 +0100)