From: Juliana Fajardini <jufajardini@oisf.net>
Date: Mon, 29 Aug 2022 23:32:31 +0000 (-0300)
Subject: exceptions: add callbacks for drop-flow policy
X-Git-Tag: suricata-6.0.7~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=430bb1cf7454708513e6543b7db7bdac76264943;p=thirdparty%2Fsuricata.git

exceptions: add callbacks for drop-flow policy

Make sure that when the policy is to drop the flow, we set no inspection
for payload and packet and disable applayer inspection as well.

Task #5468

(cherry picked from commit 242b8f7d65498f7b7b33cf852a79206484c269b1)
---

diff --git a/src/util-exception-policy.c b/src/util-exception-policy.c
index 5ec66ea90f..ea7d72dcfc 100644
--- a/src/util-exception-policy.c
+++ b/src/util-exception-policy.c
@@ -22,6 +22,7 @@
 #include "suricata-common.h"
 #include "util-exception-policy.h"
 #include "util-misc.h"
+#include "stream-tcp-reassemble.h"
 
 void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDropReason drop_reason)
 {
@@ -34,6 +35,9 @@ void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDro
                 SCLogDebug("EXCEPTION_POLICY_DROP_FLOW");
                 if (p->flow) {
                     p->flow->flags |= FLOW_ACTION_DROP;
+                    FlowSetNoPayloadInspectionFlag(p->flow);
+                    FlowSetNoPacketInspectionFlag(p->flow);
+                    StreamTcpDisableAppLayer(p->flow);
                 }
                 /* fall through */
             case EXCEPTION_POLICY_DROP_PACKET: