From: Victor Julien <victor@inliniac.net>
Date: Mon, 25 Oct 2021 17:15:23 +0000 (+0200)
Subject: flow/bypass: clear memory on bypass
X-Git-Tag: suricata-7.0.0-beta1~1281
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=536291054c9694070beac1d19b41bf8a1f9c1d4e;p=thirdparty%2Fsuricata.git

flow/bypass: clear memory on bypass

Previously the flow would hold on to the app-layer and segment data
until the end of the flow, even though it would never be accessed again.

This patch clears app-layer and stream data, but not stream ssn as its
used in flow logging.

Bug: #4778.
---

diff --git a/src/flow-worker.c b/src/flow-worker.c
index 677c7f1c3e..984b81a875 100644
--- a/src/flow-worker.c
+++ b/src/flow-worker.c
@@ -562,7 +562,12 @@ static TmEcode FlowWorker(ThreadVars *tv, Packet *p, void *data)
     if (p->flow != NULL) {
         DEBUG_ASSERT_FLOW_LOCKED(p->flow);
 
-        if (p->proto == IPPROTO_TCP) {
+        if (FlowIsBypassed(p->flow)) {
+            FlowCleanupAppLayer(p->flow);
+            if (p->proto == IPPROTO_TCP) {
+                StreamTcpSessionCleanup(p->flow->protoctx);
+            }
+        } else if (p->proto == IPPROTO_TCP && p->flow->protoctx) {
             FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_TCPPRUNE);
             StreamTcpPruneSession(p->flow, p->flowflags & FLOW_PKT_TOSERVER ?
                     STREAM_TOSERVER : STREAM_TOCLIENT);