From 45cb8382da216df009a84dfa3be9376a21e549f2 Mon Sep 17 00:00:00 2001
From: "Michael Altizer (mialtize)" <mialtize@cisco.com>
Date: Tue, 17 Dec 2019 05:22:56 +0000
Subject: [PATCH] Merge pull request #1826 in SNORT/snort3 from
 ~SHASLAD/snort3:dont_capture_rebuilt to master

Squashed commit of the following:

commit 05efc9aebf8450c5b946142ec832c272c2f46366
Author: Shashi Lad <shaslad@cisco.com>
Date:   Wed Oct 30 00:44:41 2019 -0400

    packet_capture: ignore PDUs and defragged packets, include non-IP packets
---
 .../packet_capture/packet_capture.cc                   | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/network_inspectors/packet_capture/packet_capture.cc b/src/network_inspectors/packet_capture/packet_capture.cc
index bf3216f38..f5b45e892 100644
--- a/src/network_inspectors/packet_capture/packet_capture.cc
+++ b/src/network_inspectors/packet_capture/packet_capture.cc
@@ -143,7 +143,7 @@ void packet_capture_enable(const string& f)
                 return;
             }
         }
-        else 
+        else
         {
             WarningMessage("Failed to enable Packet capture\n");
             packet_capture_disable();
@@ -198,11 +198,15 @@ bool PacketCapture::capture_init()
 
 void PacketCapture::eval(Packet* p)
 {
+
     if ( config.enabled )
     {
         if ( !capture_initialized() )
-            if ( !capture_init() )  
+            if ( !capture_init() )
                 return;
+                
+        if ( p->is_cooked() )
+            return;
 
         if ( !bpf.bf_insns || bpf_filter(bpf.bf_insns, p->pkt,
                 p->pktlen, p->pkth->pktlen) )
@@ -258,7 +262,7 @@ static const InspectApi pc_api =
         mod_dtor
     },
     IT_PROBE,
-    PROTO_BIT__ANY_TYPE,
+    PROTO_BIT__ANY_IP | PROTO_BIT__ETH,
     nullptr, // buffers
     nullptr, // service
     nullptr, // pinit
-- 
2.47.3