From bf5d9d542bc31f8d5eb856484a2336ab8a240825 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 16 Jun 2022 17:27:35 +0200 Subject: [PATCH] detect: set drop reason for rule based drops Call `PacketDrop` with drop reason for drops, keep old logic in place for the rest. (cherry picked from commit a89840929b46b765787bec3ae5cad529f558af0a) --- src/detect-engine-alert.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c index 66f7bb7815..84bab6ec34 100644 --- a/src/detect-engine-alert.c +++ b/src/detect-engine-alert.c @@ -178,9 +178,10 @@ static void PacketApplySignatureActions(Packet *p, const Signature *s, const uin { SCLogDebug("packet %" PRIu64 " sid %u action %02x alert_flags %02x", p->pcap_cnt, s->id, s->action, alert_flags); - PACKET_UPDATE_ACTION(p, s->action); if (s->action & ACTION_DROP) { + PacketDrop(p, PKT_DROP_REASON_RULES); + if (p->alerts.drop.action == 0) { p->alerts.drop.num = s->num; p->alerts.drop.action = s->action; @@ -189,8 +190,11 @@ static void PacketApplySignatureActions(Packet *p, const Signature *s, const uin if ((p->flow != NULL) && (alert_flags & PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW)) { RuleActionToFlow(s->action, p->flow); } - } else if (s->action & ACTION_PASS) { - if ((p->flow != NULL) && (alert_flags & PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW)) { + } else { + PACKET_UPDATE_ACTION(p, s->action); + + if ((s->action & ACTION_PASS) && (p->flow != NULL) && + (alert_flags & PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW)) { RuleActionToFlow(s->action, p->flow); } } -- 2.47.2