detect: fix flow bypass flag handling

author Victor Julien <victor@inliniac.net>

Sun, 8 Oct 2017 13:27:00 +0000 (15:27 +0200)

committer Victor Julien <victor@inliniac.net>

Fri, 24 Nov 2017 09:34:34 +0000 (10:34 +0100)
author Victor Julien <victor@inliniac.net>
Sun, 8 Oct 2017 13:27:00 +0000 (15:27 +0200)
committer Victor Julien <victor@inliniac.net>
Fri, 24 Nov 2017 09:34:34 +0000 (10:34 +0100)
diff --git a/src/detect.c b/src/detect.c

index 50011d2e704c283784e365b0700076646051e42f..0d88be7fa02b73cf77266c475e03a0a33e6b410f 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -1478,15 +1478,16 @@ static void DetectFlow(ThreadVars *tv,
          /* hack: if we are in pass the entire flow mode, we need to still
           * update the inspect_id forward. So test for the condition here,
           * and call the update code if necessary. */
-        int pass = ((p->flow->flags & FLOW_NOPACKET_INSPECTION));
-        uint8_t flags = FlowGetDisruptionFlags(p->flow, 0);
-        AppProto alproto = FlowGetAppProtocol(p->flow);
+        const int pass = ((p->flow->flags & FLOW_NOPACKET_INSPECTION));
+        const AppProto alproto = FlowGetAppProtocol(p->flow);
          if (pass && AppLayerParserProtocolSupportsTxs(p->proto, alproto)) {
+            uint8_t flags;
              if (p->flowflags & FLOW_PKT_TOSERVER) {
-                flags |= STREAM_TOSERVER;
+                flags = STREAM_TOSERVER;
              } else {
-                flags |= STREAM_TOCLIENT;
+                flags = STREAM_TOCLIENT;
              }
+            flags = FlowGetDisruptionFlags(p->flow, flags);
              DeStateUpdateInspectTransactionId(p->flow, flags);
          }
          return;
author	Victor Julien <victor@inliniac.net>
	Sun, 8 Oct 2017 13:27:00 +0000 (15:27 +0200)
committer	Victor Julien <victor@inliniac.net>
	Fri, 24 Nov 2017 09:34:34 +0000 (10:34 +0100)