From: Victor Julien <vjulien@oisf.net>
Date: Tue, 18 Jan 2022 14:17:12 +0000 (+0100)
Subject: proto-detect: set flags in packet direction for UDP
X-Git-Tag: suricata-7.0.0-beta1~1016
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ca29d33c695e10f5de76ba5d6597d2ca146354ac;p=thirdparty%2Fsuricata.git

proto-detect: set flags in packet direction for UDP
---

diff --git a/src/app-layer.c b/src/app-layer.c
index 0996c16436..530d5f8b15 100644
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -125,20 +125,21 @@ void AppLayerIncTxCounter(ThreadVars *tv, Flow *f, uint64_t step)
  * so in this case we set a flag in the flow so that the first
  * packet in the correct direction can be tagged.
  *
- * For IPS things are much simpler, and we don't use the flow
- * flag. We just tag the packet directly. */
+ * For IPS we update packet and flow. */
 static inline void FlagPacketFlow(Packet *p, Flow *f, uint8_t flags)
 {
-    if (EngineModeIsIPS()) {
+    if (p->proto != IPPROTO_TCP || EngineModeIsIPS()) {
         if (flags & STREAM_TOSERVER) {
             if (p->flowflags & FLOW_PKT_TOSERVER) {
                 p->flags |= PKT_PROTO_DETECT_TS_DONE;
+                f->flags |= FLOW_PROTO_DETECT_TS_DONE;
             } else {
                 f->flags |= FLOW_PROTO_DETECT_TS_DONE;
             }
         } else {
             if (p->flowflags & FLOW_PKT_TOCLIENT) {
                 p->flags |= PKT_PROTO_DETECT_TC_DONE;
+                f->flags |= FLOW_PROTO_DETECT_TC_DONE;
             } else {
                 f->flags |= FLOW_PROTO_DETECT_TC_DONE;
             }