From: Naveen Gujje (ngujje) <ngujje@cisco.com>
Date: Wed, 13 Jan 2021 05:20:38 +0000 (+0000)
Subject: Merge pull request #2691 in SNORT/snort3 from ~KBHANDAN/snort3:whd_ids to master
X-Git-Tag: 3.1.0.0~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=270a0a560227f421dcd6f6656b42921045411e3d;p=thirdparty%2Fsnort3.git

Merge pull request #2691 in SNORT/snort3 from ~KBHANDAN/snort3:whd_ids to master

Squashed commit of the following:

commit c3914b6900a5570dd7eb87806da9749560971605
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date:   Thu Jan 7 17:00:08 2021 -0500

    packet_io: ids mode should not give blacklist verdict for Intrusion event
---

diff --git a/src/packet_io/active.cc b/src/packet_io/active.cc
index df4b8923c..e1d3d6fb4 100644
--- a/src/packet_io/active.cc
+++ b/src/packet_io/active.cc
@@ -671,7 +671,8 @@ void Active::block_session(Packet* p, bool force)
     active_action = ACT_BLOCK;
     update_status(p, force);
 
-    if ( force or p->context->conf->inline_mode() or p->context->conf->treat_drop_as_ignore() )
+    if ( force or ( p->context->conf->inline_mode() and SFDAQ::forwarding_packet(p->pkth) )
+        or p->context->conf->treat_drop_as_ignore() )
         Stream::block_flow(p);
 
     p->disable_inspect = true;
@@ -687,7 +688,8 @@ void Active::reset_session(Packet* p, ActiveAction* reject, bool force)
     active_action = ACT_RESET;
     update_status(p, force);
 
-    if ( force or p->context->conf->inline_mode() or p->context->conf->treat_drop_as_ignore() )
+    if ( force or ( p->context->conf->inline_mode() and SFDAQ::forwarding_packet(p->pkth) )
+        or p->context->conf->treat_drop_as_ignore() )
         Stream::drop_flow(p);
 
     if ( p->context->conf->is_active_enabled() )