From: Victor Julien <victor@inliniac.net>
Date: Wed, 10 Mar 2021 12:25:55 +0000 (+0100)
Subject: detect/alert: apply pd only actions to flow
X-Git-Tag: suricata-6.0.3~63
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bef816e03ffb80246be1588ec888f8d10bd6050e;p=thirdparty%2Fsuricata.git

detect/alert: apply pd only actions to flow

Ticket #4394

(cherry picked from commit 6cf44fc839e8f1da820095928b5b25e7fc0a8521)
---

diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c
index 7d6c7c8332..f570fe94f9 100644
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@@ -275,7 +275,8 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
                 }
             }
 
-            if (s->flags & SIG_FLAG_IPONLY) {
+            /* IP-only and PD-only matches should apply to the flow */
+            if (s->flags & (SIG_FLAG_IPONLY | SIG_FLAG_PDONLY)) {
                 if (p->flow != NULL) {
                     RuleActionToFlow(s->action, p->flow);
                 }