From: Philippe Antoine <pantoine@oisf.net>
Date: Fri, 19 Apr 2024 07:57:04 +0000 (+0200)
Subject: detect: log relevant frames app-layer metadata
X-Git-Tag: suricata-8.0.0-beta1~1331
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e01956e77e741ce9c1b9d6f64726de8054d37d9;p=thirdparty%2Fsuricata.git

detect: log relevant frames app-layer metadata

Ticket: 6973

Completes commit 2b4e10224eaebb613352e9b82556b60035d032a1
---

diff --git a/src/detect.c b/src/detect.c
index 5f36bba7e4..6111d2ebfd 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -1721,12 +1721,14 @@ static void DetectRunFrames(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngin
                     /* match */
                     DetectRunPostMatch(tv, det_ctx, p, s);
 
-                    const uint8_t alert_flags =
-                            (PACKET_ALERT_FLAG_STATE_MATCH | PACKET_ALERT_FLAG_FRAME);
+                    uint8_t alert_flags = (PACKET_ALERT_FLAG_STATE_MATCH | PACKET_ALERT_FLAG_FRAME);
                     det_ctx->flags |= DETECT_ENGINE_THREAD_CTX_FRAME_ID_SET;
                     det_ctx->frame_id = frame->id;
                     SCLogDebug(
                             "%p/%" PRIi64 " sig %u (%u) matched", frame, frame->id, s->id, s->num);
+                    if (frame->flags & FRAME_FLAG_TX_ID_SET) {
+                        alert_flags |= PACKET_ALERT_FLAG_TX;
+                    }
                     AlertQueueAppend(det_ctx, s, p, frame->tx_id, alert_flags);
                 }
             }