From: Victor Julien <vjulien@oisf.net>
Date: Thu, 1 Jun 2023 08:57:08 +0000 (+0200)
Subject: detect: add check to validate drops
X-Git-Tag: suricata-7.0.0-rc2~95
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=95bf7248e85d1c3179b4102c37f8845bcbc678b0;p=thirdparty%2Fsuricata.git

detect: add check to validate drops
---

diff --git a/src/detect.c b/src/detect.c
index ebc883188c..5cb4e6bfbc 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -1713,6 +1713,7 @@ static void DetectFlow(ThreadVars *tv,
      * to allow stream engine "invalid" drop packets to still be
      * evaluated by the stream event rules. */
     if (f->flags & FLOW_ACTION_DROP) {
+        DEBUG_VALIDATE_BUG_ON(!(PKT_IS_PSEUDOPKT(p)) && !PacketCheckAction(p, ACTION_DROP));
         SCReturn;
     }