From: Victor Julien Date: Tue, 9 Mar 2021 15:25:14 +0000 (+0100) Subject: detect/iponly: don't check & set flow flags twice X-Git-Tag: suricata-5.0.7~19 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a9efda193b53cc88fd7f8261cc47aa91ae52469e;p=thirdparty%2Fsuricata.git detect/iponly: don't check & set flow flags twice Per flow IP-only flags are checked and set by IP-only engine, so no need to set/check them per alert. (cherry picked from commit fbcdd2ec267d49040ca178f8562767d8fb00aa73) --- diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c index 528e5b3cd1..d60e2b111d 100644 --- a/src/detect-engine-alert.c +++ b/src/detect-engine-alert.c @@ -263,25 +263,17 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx } if (s->flags & SIG_FLAG_IPONLY) { - if (((p->flowflags & FLOW_PKT_TOSERVER) && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) || - ((p->flowflags & FLOW_PKT_TOCLIENT) && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) { - SCLogDebug("testing against \"ip-only\" signatures"); - - if (p->flow != NULL) { - /* Update flow flags for iponly */ - FlowSetIPOnlyFlag(p->flow, (p->flowflags & FLOW_PKT_TOSERVER) ? 1 : 0); - - if (s->action & ACTION_DROP) - p->flow->flags |= FLOW_ACTION_DROP; - if (s->action & ACTION_REJECT) - p->flow->flags |= FLOW_ACTION_DROP; - if (s->action & ACTION_REJECT_DST) - p->flow->flags |= FLOW_ACTION_DROP; - if (s->action & ACTION_REJECT_BOTH) - p->flow->flags |= FLOW_ACTION_DROP; - if (s->action & ACTION_PASS) { - FlowSetNoPacketInspectionFlag(p->flow); - } + if (p->flow != NULL) { + if (s->action & ACTION_DROP) + p->flow->flags |= FLOW_ACTION_DROP; + if (s->action & ACTION_REJECT) + p->flow->flags |= FLOW_ACTION_DROP; + if (s->action & ACTION_REJECT_DST) + p->flow->flags |= FLOW_ACTION_DROP; + if (s->action & ACTION_REJECT_BOTH) + p->flow->flags |= FLOW_ACTION_DROP; + if (s->action & ACTION_PASS) { + FlowSetNoPacketInspectionFlag(p->flow); } } }