From: Philippe Antoine <pantoine@oisf.net>
Date: Mon, 4 Jul 2022 08:30:20 +0000 (+0200)
Subject: output: skip files logging for ICMP packets
X-Git-Tag: suricata-7.0.0-beta1~383
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F7615%2Fhead;p=thirdparty%2Fsuricata.git

output: skip files logging for ICMP packets

Ticket: #5408
---

diff --git a/src/output-filedata.c b/src/output-filedata.c
index 2dea84817f..dd943d2f80 100644
--- a/src/output-filedata.c
+++ b/src/output-filedata.c
@@ -229,6 +229,10 @@ static TmEcode OutputFiledataLog(ThreadVars *tv, Packet *p, void *thread_data)
     if (f == NULL || f->alstate == NULL) {
         SCReturnInt(TM_ECODE_OK);
     }
+    /* do not log for ICMP packets related to a TCP/UDP flow */
+    if (p->proto != IPPROTO_TCP && p->proto != IPPROTO_UDP) {
+        SCReturnInt(TM_ECODE_OK);
+    }
 
     const bool file_trunc = StreamTcpReassembleDepthReached(p);
     if (p->flowflags & FLOW_PKT_TOSERVER) {