From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Thu, 30 Aug 2018 20:31:24 +0000 (-0400)
Subject: Merge pull request #1335 in SNORT/snort3 from disable_inspect to master
X-Git-Tag: 3.0.0-248~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3cf7fba1530c1351aada4a6ba1d86ee3bb61b2a2;p=thirdparty%2Fsnort3.git

Merge pull request #1335 in SNORT/snort3 from disable_inspect to master

Squashed commit of the following:

commit f1c1cbc839d80a13ae36775533f2d1804aa6b587
Author: Silviu Minut <sminut@cisco.com>
Date:   Fri Aug 17 13:38:35 2018 -0400

    file_api:  set disable flow inspection as soon as the verdict is REJECT

    file_api: treat a BLOCK verdict the same as a REJECT verdict, for good measure.

    file_api: move the check on REJECT or BLOCK inside an upper if clause for performance reasons.
---

diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc
index 1e85dd621..97e842bbf 100644
--- a/src/file_api/file_lib.cc
+++ b/src/file_api/file_lib.cc
@@ -365,6 +365,8 @@ void FileContext::finish_signature_lookup(Flow* flow, bool final_lookup, FilePol
             log_file_event(flow, policy);
             config_file_signature(false);
             file_stats->signatures_processed[get_file_type()][get_file_direction()]++;
+            if ( verdict == FILE_VERDICT_REJECT or verdict == FILE_VERDICT_BLOCK)
+                flow->disable_inspection();
         }
         else
         {
@@ -800,4 +802,3 @@ bool file_IDs_from_group(const void *conf, const char *group,
     return get_ids_from_group(conf, group, ids, count);
 }
  **/
-