From: Victor Julien <vjulien@oisf.net>
Date: Fri, 11 Apr 2025 04:44:58 +0000 (+0200)
Subject: firewall: detect: add explanation
X-Git-Tag: suricata-8.0.0-rc1~472
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6e61b66906e220fd95832a3bc5fc9ae386bb856;p=thirdparty%2Fsuricata.git

firewall: detect: add explanation
---

diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c
index 0b20c4b7d8..1c940dfd07 100644
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@@ -394,6 +394,9 @@ static inline void PacketAlertFinalizeProcessQueue(
     for (uint16_t i = 0; i < det_ctx->alert_queue_size; i++) {
         PacketAlert *pa = &det_ctx->alert_queue[i];
         const Signature *s = pa->s;
+
+        /* if a firewall rule told us to skip, we don't count the skipped
+         * alerts. */
         if (have_fw_rules && skip_td && (s->flags & SIG_FLAG_FIREWALL) == 0) {
             continue;
         }