From: Victor Julien <vjulien@oisf.net>
Date: Thu, 16 Jun 2022 15:27:35 +0000 (+0200)
Subject: detect: set drop reason for rule based drops
X-Git-Tag: suricata-6.0.6~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F7557%2Fhead;p=thirdparty%2Fsuricata.git

detect: set drop reason for rule based drops

Call `PacketDrop` with drop reason for drops, keep old logic
in place for the rest.

(cherry picked from commit a89840929b46b765787bec3ae5cad529f558af0a)
---

diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c
index 66f7bb7815..84bab6ec34 100644
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@@ -178,9 +178,10 @@ static void PacketApplySignatureActions(Packet *p, const Signature *s, const uin
 {
     SCLogDebug("packet %" PRIu64 " sid %u action %02x alert_flags %02x", p->pcap_cnt, s->id,
             s->action, alert_flags);
-    PACKET_UPDATE_ACTION(p, s->action);
 
     if (s->action & ACTION_DROP) {
+        PacketDrop(p, PKT_DROP_REASON_RULES);
+
         if (p->alerts.drop.action == 0) {
             p->alerts.drop.num = s->num;
             p->alerts.drop.action = s->action;
@@ -189,8 +190,11 @@ static void PacketApplySignatureActions(Packet *p, const Signature *s, const uin
         if ((p->flow != NULL) && (alert_flags & PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW)) {
             RuleActionToFlow(s->action, p->flow);
         }
-    } else if (s->action & ACTION_PASS) {
-        if ((p->flow != NULL) && (alert_flags & PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW)) {
+    } else {
+        PACKET_UPDATE_ACTION(p, s->action);
+
+        if ((s->action & ACTION_PASS) && (p->flow != NULL) &&
+                (alert_flags & PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW)) {
             RuleActionToFlow(s->action, p->flow);
         }
     }