From: Vitalii Serhiiovych Horbatov -X (vhorbato - SOFTSERVE INC at Cisco) <vhorbato@cisco.com>
Date: Thu, 25 Apr 2024 11:50:57 +0000 (+0000)
Subject: Pull request #4293: detection: clear inspector data before removing flow_data
X-Git-Tag: 3.2.1.0~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=28975dfb00b0a7d528c0375f75a7edf38b30f4de;p=thirdparty%2Fsnort3.git

Pull request #4293: detection: clear inspector data before removing flow_data

Merge in SNORT/snort3 from ~VHORBATO/snort3:http_assert to master

Squashed commit of the following:

commit 03879b80307fc9c43f31f62cfb94cd88ffbdeb32
Author: vhorbato <vhorbato@cisco.com>
Date:   Thu Apr 18 12:36:18 2024 +0300

    detection: clear inspector data before flow_data
---

diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc
index 771f6b4d8..6945abce6 100644
--- a/src/detection/detection_engine.cc
+++ b/src/detection/detection_engine.cc
@@ -252,6 +252,9 @@ void DetectionEngine::finish_inspect(Packet* p, bool inspected)
 
     p->context->post_detection();
 
+    if ( inspected and !p->context->next() )
+        InspectorManager::clear(p);
+
     // clear closed sessions here after inspection since non-stream
     // inspectors may depend on flow information
     // this also handles block pending state
@@ -260,9 +263,6 @@ void DetectionEngine::finish_inspect(Packet* p, bool inspected)
     if ( !p->has_parent() )
         Stream::check_flow_closed(p);
 
-    if ( inspected and !p->context->next() )
-        InspectorManager::clear(p);
-
     clear_events(p);
 }