detect: pseudo-packets inherit inspect flags from parent packet

Instead of inheriting from flow, because encrypted protocols like TLS
and SSH may have just set the flow flags to indicate rest of stream is
encrypted and does not need to run stream inspection. But inspection
still needs to be run detection on this last flushing packet.

Ticket: #7235.
(cherry picked from commit 976dec7f332624e31f57a936e6e6275c01dd8da5)

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 3e6be24faed2fec0f8463f212b376b492a2a0457..a99029ab8481baa89935deebcba9f21deaf28ab1 100644 (file)
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -6521,10 +6521,10 @@ static void StreamTcpPseudoPacketCreateDetectLogFlush(ThreadVars *tv,
     np->vlan_idx = f->vlan_idx;
     np->livedev = (struct LiveDevice_ *)f->livedev;
 
-    if (f->flags & FLOW_NOPACKET_INSPECTION) {
+    if (parent->flags & PKT_NOPACKET_INSPECTION) {
         DecodeSetNoPacketInspectionFlag(np);
     }
-    if (f->flags & FLOW_NOPAYLOAD_INSPECTION) {
+    if (parent->flags & PKT_NOPAYLOAD_INSPECTION) {
         DecodeSetNoPayloadInspectionFlag(np);
     }