From: Victor Julien <vjulien@oisf.net>
Date: Wed, 31 May 2023 13:52:54 +0000 (+0200)
Subject: stream: simplify drop handling
X-Git-Tag: suricata-6.0.13~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b9cac426a859a4129aa4b075291e73e9f72c1af;p=thirdparty%2Fsuricata.git

stream: simplify drop handling

Remove logic to apply flow drop, as this is now handled in the
flow engine.

However, keep the logic that frees/cleans the session state.

(cherry picked from commit d91a1e8bc6b886bdd383f3f7105ef9b2bf3a33fe)
---

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 6c83ffb061..2a921b31df 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -5107,11 +5107,9 @@ int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt,
      * applayer detection, then drop the rest of the packets of the
      * same stream and avoid inspecting it any further */
     if (StreamTcpCheckFlowDrops(p) == 1) {
-        SCLogDebug("This flow/stream triggered a drop rule");
-        FlowSetNoPacketInspectionFlag(p->flow);
-        DecodeSetNoPacketInspectionFlag(p);
+        DEBUG_VALIDATE_BUG_ON(!(PKT_IS_PSEUDOPKT(p)) && !PACKET_TEST_ACTION(p, ACTION_DROP));
+        SCLogDebug("flow triggered a drop rule");
         StreamTcpDisableAppLayer(p->flow);
-        PacketDrop(p, ACTION_DROP, PKT_DROP_REASON_FLOW_DROP);
         /* return the segments to the pool */
         StreamTcpSessionPktFree(p);
         SCReturnInt(0);