From: Victor Julien <victor@inliniac.net>
Date: Fri, 12 Jun 2020 13:51:30 +0000 (+0200)
Subject: reject: don't respond to tunnel packets
X-Git-Tag: suricata-6.0.0-beta1~312
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=604aa65c80f0395afb66ffba94de618a87449a49;p=thirdparty%2Fsuricata.git

reject: don't respond to tunnel packets
---

diff --git a/src/respond-reject.c b/src/respond-reject.c
index 8212396a9d..6f054fc8ae 100644
--- a/src/respond-reject.c
+++ b/src/respond-reject.c
@@ -62,6 +62,10 @@ static TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data)
         return TM_ECODE_OK;
     }
 
+    if (IS_TUNNEL_PKT(p)) {
+        return TM_ECODE_OK;
+    }
+
     if (PKT_IS_IPV4(p)) {
         if (PKT_IS_TCP(p)) {
             (void)RejectSendIPv4TCP(tv, p, data);