firewall: detect: add explanation

author Victor Julien <vjulien@oisf.net>

Fri, 11 Apr 2025 04:44:58 +0000 (06:44 +0200)

committer Victor Julien <victor@inliniac.net>

Thu, 17 Apr 2025 06:22:10 +0000 (08:22 +0200)
author Victor Julien <vjulien@oisf.net>
Fri, 11 Apr 2025 04:44:58 +0000 (06:44 +0200)
committer Victor Julien <victor@inliniac.net>
Thu, 17 Apr 2025 06:22:10 +0000 (08:22 +0200)
diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c

index 0b20c4b7d8e1119301f0643265bfd198ead6f1af..1c940dfd072cf12fd03b4426713a0dcd8f98b3ba 100644 (file)
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@@ -394,6 +394,9 @@ static inline void PacketAlertFinalizeProcessQueue(
      for (uint16_t i = 0; i < det_ctx->alert_queue_size; i++) {
          PacketAlert *pa = &det_ctx->alert_queue[i];
          const Signature *s = pa->s;
+
+        /* if a firewall rule told us to skip, we don't count the skipped
+         * alerts. */
          if (have_fw_rules && skip_td && (s->flags & SIG_FLAG_FIREWALL) == 0) {
              continue;
          }
author	Victor Julien <vjulien@oisf.net>
	Fri, 11 Apr 2025 04:44:58 +0000 (06:44 +0200)
committer	Victor Julien <victor@inliniac.net>
	Thu, 17 Apr 2025 06:22:10 +0000 (08:22 +0200)