From: Victor Julien <vjulien@oisf.net>
Date: Wed, 31 May 2023 13:49:57 +0000 (+0200)
Subject: detect: update/document drop flow logic
X-Git-Tag: suricata-6.0.13~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=66aed4471d0b4f401348d07593ceb0f4b6712174;p=thirdparty%2Fsuricata.git

detect: update/document drop flow logic

Now that flow drop is applied to packets before other processing,
no drop has to be issued on a packet.

(cherry picked from commit 85ddba63f64e95f4c202f8ef05e8886a0cbac725)
---

diff --git a/src/detect.c b/src/detect.c
index 800c81927b..724679e9fa 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -1568,7 +1568,6 @@ static void DetectFlow(ThreadVars *tv,
 
     /* if flow is set to drop, we enforce that here */
     if (p->flow->flags & FLOW_ACTION_DROP) {
-        PacketDrop(p, ACTION_DROP, PKT_DROP_REASON_FLOW_DROP);
         SCReturn;
     }