From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 30 May 2024 07:56:43 +0000 (+0200)
Subject: bypass: really bypass udp flow from first packet
X-Git-Tag: suricata-7.0.7~71
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f653a4ee3f523bb6cf26e2b9394d396bbab453ab;p=thirdparty%2Fsuricata.git

bypass: really bypass udp flow from first packet

Ticket: 7053

As flow state would be overwritten by established...

(cherry picked from commit df5dcfef5f1d974779e653d2d1d8b3b5d83dc6fc)
---

diff --git a/src/flow.c b/src/flow.c
index b61823efd0..9e910c4f05 100644
--- a/src/flow.c
+++ b/src/flow.c
@@ -507,7 +507,13 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p, ThreadVars *tv, DecodeThreadVars
         SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
         p->flowflags |= FLOW_PKT_ESTABLISHED;
 
-        FlowUpdateState(f, FLOW_STATE_ESTABLISHED);
+        if (
+#ifdef CAPTURE_OFFLOAD
+                (f->flow_state != FLOW_STATE_CAPTURE_BYPASSED) &&
+#endif
+                (f->flow_state != FLOW_STATE_LOCAL_BYPASSED)) {
+            FlowUpdateState(f, FLOW_STATE_ESTABLISHED);
+        }
     }
 
     if (f->flags & FLOW_ACTION_DROP) {