detect: remove pseudo checks from packet keywords

Keep as debug validation check.

diff --git a/src/detect-dsize.c b/src/detect-dsize.c
index 5a35488b167b1c633f44e0f130ff1b564819eecf..e518a59696801dc3eb528642de4e9ca78e129956 100644 (file)
--- a/src/detect-dsize.c
+++ b/src/detect-dsize.c
@@ -92,9 +92,7 @@ static int DetectDsizeMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
     SCEnter();
     int ret = 0;
 
-    if (PKT_IS_PSEUDOPKT(p)) {
-        SCReturnInt(0);
-    }
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
 
     const DetectU16Data *dd = (const DetectU16Data *)ctx;
 

diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c
index 1d004962596cbb1dd87eca53350fc01cdd60ab7c..1799eff05cff92bba2a12e22d833e546e6f7eb9e 100644 (file)
--- a/src/detect-fragbits.c
+++ b/src/detect-fragbits.c
@@ -142,7 +142,8 @@ FragBitsMatch(const uint8_t pbits, const uint8_t modifier,
 static int DetectFragBitsMatch (DetectEngineThreadCtx *det_ctx,
         Packet *p, const Signature *s, const SigMatchCtx *ctx)
 {
-    if (!ctx || !PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p))
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+    if (!ctx || !PacketIsIPv4(p))
         return 0;
 
     uint8_t fragbits = 0;
@@ -320,9 +321,10 @@ static void DetectFragBitsFree(DetectEngineCtx *de_ctx, void *de_ptr)
 static void
 PrefilterPacketFragBitsMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
     const PrefilterPacketHeaderCtx *ctx = pectx;
 
-    if (!PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p))
+    if (!PacketIsIPv4(p))
         return;
 
     uint8_t fragbits = 0;

diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c
index 218fd31b68474ca5a947cb9fdfdefbe73d38bdea..93def9400cb752746a6adf7eee53ce90a6185b72 100644 (file)
--- a/src/detect-fragoffset.c
+++ b/src/detect-fragoffset.c
@@ -111,8 +111,7 @@ static int DetectFragOffsetMatch (DetectEngineThreadCtx *det_ctx,
     uint16_t frag = 0;
     const DetectFragOffsetData *fragoff = (const DetectFragOffsetData *)ctx;
 
-    if (PKT_IS_PSEUDOPKT(p))
-        return 0;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
 
     if (PacketIsIPv4(p)) {
         const IPV4Hdr *ip4h = PacketGetIPv4(p);
@@ -264,8 +263,7 @@ void DetectFragOffsetFree (DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketFragOffsetMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
-    if (PKT_IS_PSEUDOPKT(p))
-        return;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
 
     uint16_t frag;
 

diff --git a/src/detect-geoip.c b/src/detect-geoip.c
index 92fb2072a26d5f8f8fb6da7818d03b24178c29da..0cb06723810ce958ac2afd1c83d5bbe0fc1f343d 100644 (file)
--- a/src/detect-geoip.c
+++ b/src/detect-geoip.c
@@ -250,8 +250,7 @@ static int DetectGeoipMatch(DetectEngineThreadCtx *det_ctx,
     const DetectGeoipData *geoipdata = (const DetectGeoipData *)ctx;
     int matches = 0;
 
-    if (PKT_IS_PSEUDOPKT(p))
-        return 0;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
 
     if (PacketIsIPv4(p)) {
         if (geoipdata->flags & ( GEOIP_MATCH_SRC_FLAG | GEOIP_MATCH_BOTH_FLAG ))

diff --git a/src/detect-icmp-seq.c b/src/detect-icmp-seq.c
index ad8206a2f61593fa3806d20027a795840f4df4c2..acedba4b28574d7bce155af93bf166ae475634a3 100644 (file)
--- a/src/detect-icmp-seq.c
+++ b/src/detect-icmp-seq.c
@@ -76,9 +76,6 @@ static inline bool GetIcmpSeq(Packet *p, uint16_t *seq)
 {
     uint16_t seqn;
 
-    if (PKT_IS_PSEUDOPKT(p))
-        return false;
-
     if (PacketIsICMPv4(p)) {
         switch (p->icmp_s.type) {
             case ICMP_ECHOREPLY:
@@ -136,6 +133,7 @@ static inline bool GetIcmpSeq(Packet *p, uint16_t *seq)
 static int DetectIcmpSeqMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
         const Signature *s, const SigMatchCtx *ctx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
     uint16_t seqn;
 
     if (!GetIcmpSeq(p, &seqn))
@@ -277,8 +275,9 @@ void DetectIcmpSeqFree (DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketIcmpSeqMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
-    const PrefilterPacketHeaderCtx *ctx = pectx;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
 
+    const PrefilterPacketHeaderCtx *ctx = pectx;
     uint16_t seqn;
 
     if (!GetIcmpSeq(p, &seqn))

diff --git a/src/detect-icmpv6-mtu.c b/src/detect-icmpv6-mtu.c
index 8f5e21f1562b5c611a1f5a6568c63d48d9d0bd8e..59b40fee484e4f765e85e2db33d919d1e16beb06 100644 (file)
--- a/src/detect-icmpv6-mtu.c
+++ b/src/detect-icmpv6-mtu.c
@@ -63,7 +63,7 @@ void DetectICMPv6mtuRegister(void)
 // returns 0 on no mtu, and 1 if mtu
 static inline int DetectICMPv6mtuGetValue(Packet *p, uint32_t *picmpv6mtu)
 {
-    if (!(PacketIsICMPv6(p)) || PKT_IS_PSEUDOPKT(p))
+    if (!(PacketIsICMPv6(p)))
         return 0;
     const ICMPV6Hdr *icmpv6h = PacketGetICMPv6(p);
     if (ICMPV6_GET_CODE(icmpv6h) != 0)
@@ -89,6 +89,8 @@ static inline int DetectICMPv6mtuGetValue(Packet *p, uint32_t *picmpv6mtu)
 static int DetectICMPv6mtuMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
         const Signature *s, const SigMatchCtx *ctx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+
     uint32_t picmpv6mtu;
     if (DetectICMPv6mtuGetValue(p, &picmpv6mtu) == 0) {
         return 0;
@@ -140,6 +142,8 @@ void DetectICMPv6mtuFree(DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketIcmpv6mtuMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+
     uint32_t picmpv6mtu;
     if (DetectICMPv6mtuGetValue(p, &picmpv6mtu) == 0) {
         return;

diff --git a/src/detect-icode.c b/src/detect-icode.c
index ab56553cc0c6ca6443dcb6d57488a68b82e735e8..2acfcda5286dc3c5b386ceb8f55994fc6094aa90 100644 (file)
--- a/src/detect-icode.c
+++ b/src/detect-icode.c
@@ -87,8 +87,7 @@ void DetectICodeRegister (void)
 static int DetectICodeMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
         const Signature *s, const SigMatchCtx *ctx)
 {
-    if (PKT_IS_PSEUDOPKT(p))
-        return 0;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
 
     uint8_t picode;
     if (PacketIsICMPv4(p)) {
@@ -152,9 +151,7 @@ void DetectICodeFree(DetectEngineCtx *de_ctx, void *ptr)
 static void PrefilterPacketICodeMatch(DetectEngineThreadCtx *det_ctx,
         Packet *p, const void *pectx)
 {
-    if (PKT_IS_PSEUDOPKT(p)) {
-        SCReturn;
-    }
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
 
     uint8_t picode;
     if (PacketIsICMPv4(p)) {

diff --git a/src/detect-id.c b/src/detect-id.c
index 8cea0d4e95ed897dd463333eca05659519a5bfc0..27703b4dbc8fcdaba3d0aaae9efea8eeb9f14ee1 100644 (file)
--- a/src/detect-id.c
+++ b/src/detect-id.c
@@ -93,12 +93,13 @@ void DetectIdRegister (void)
 static int DetectIdMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
                           const Signature *s, const SigMatchCtx *ctx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
     const DetectIdData *id_d = (const DetectIdData *)ctx;
 
     /**
      * To match a ipv4 packet with a "id" rule
      */
-    if (!PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p)) {
+    if (!PacketIsIPv4(p)) {
         return 0;
     }
 
@@ -224,9 +225,11 @@ void DetectIdFree(DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketIdMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+
     const PrefilterPacketHeaderCtx *ctx = pectx;
 
-    if (!PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p)) {
+    if (!PacketIsIPv4(p)) {
         return;
     }
 

diff --git a/src/detect-ipopts.c b/src/detect-ipopts.c
index 80d0ba195db20029899eacca748cde7aa1bea5c6..5e807d3933132b0456a3061e6670bbe1f19b822a 100644 (file)
--- a/src/detect-ipopts.c
+++ b/src/detect-ipopts.c
@@ -158,9 +158,11 @@ const char *IpOptsFlagToString(uint16_t flag)
 static int DetectIpOptsMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
         const Signature *s, const SigMatchCtx *ctx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+
     const DetectIpOptsData *de = (const DetectIpOptsData *)ctx;
 
-    if (!de || !PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p))
+    if (!de || !PacketIsIPv4(p))
         return 0;
 
     return (p->l3.vars.ip4.opts_set & de->ipopt) == de->ipopt;

diff --git a/src/detect-itype.c b/src/detect-itype.c
index 237d0548e6f1ed670bfafd9905a4ff60b7b2c2ce..5b432c6f570fa568772a97333954018a7651351c 100644 (file)
--- a/src/detect-itype.c
+++ b/src/detect-itype.c
@@ -84,8 +84,7 @@ void DetectITypeRegister (void)
 static int DetectITypeMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
         const Signature *s, const SigMatchCtx *ctx)
 {
-    if (PKT_IS_PSEUDOPKT(p))
-        return 0;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
 
     uint8_t pitype;
     if (PacketIsICMPv4(p)) {
@@ -168,9 +167,7 @@ void DetectITypeFree(DetectEngineCtx *de_ctx, void *ptr)
 static void PrefilterPacketITypeMatch(DetectEngineThreadCtx *det_ctx,
         Packet *p, const void *pectx)
 {
-    if (PKT_IS_PSEUDOPKT(p)) {
-        SCReturn;
-    }
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
 
     uint8_t pitype;
     if (PacketIsICMPv4(p)) {

diff --git a/src/detect-stream_size.c b/src/detect-stream_size.c
index f04a0c43f81f07a4bd762230b7ff121accaaaf0c..79ee4b5fb4131f7011e0afc18913e95e5599c1eb 100644 (file)
--- a/src/detect-stream_size.c
+++ b/src/detect-stream_size.c
@@ -118,6 +118,7 @@ static int DetectStreamSizeMatchAux(const DetectStreamSizeData *sd, const TcpSes
 static int DetectStreamSizeMatch(
         DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
 
     const DetectStreamSizeData *sd = (const DetectStreamSizeData *)ctx;
 
@@ -170,7 +171,8 @@ void DetectStreamSizeFree(DetectEngineCtx *de_ctx, void *ptr)
 static void PrefilterPacketStreamsizeMatch(
         DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
-    if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p))
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+    if (!(PacketIsTCP(p)))
         return;
 
     if (p->flow == NULL || p->flow->protoctx == NULL)

diff --git a/src/detect-tcp-ack.c b/src/detect-tcp-ack.c
index 55a13b28163c4b937a42193271d3e2960b297095..84a13f7f8efa05300fa39e4b06febd48310fe28d 100644 (file)
--- a/src/detect-tcp-ack.c
+++ b/src/detect-tcp-ack.c
@@ -85,10 +85,11 @@ void DetectAckRegister(void)
 static int DetectAckMatch(DetectEngineThreadCtx *det_ctx,
                           Packet *p, const Signature *s, const SigMatchCtx *ctx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
     const DetectAckData *data = (const DetectAckData *)ctx;
 
     /* This is only needed on TCP packets */
-    if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p)) {
+    if (!(PacketIsTCP(p))) {
         return 0;
     }
 
@@ -151,12 +152,13 @@ static void DetectAckFree(DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketAckMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
     const PrefilterPacketHeaderCtx *ctx = pectx;
 
     if (!PrefilterPacketHeaderExtraMatch(ctx, p))
         return;
 
-    if (p->proto == IPPROTO_TCP && !(PKT_IS_PSEUDOPKT(p)) && PacketIsTCP(p) &&
+    if (p->proto == IPPROTO_TCP && PacketIsTCP(p) &&
             (TCP_GET_RAW_ACK(PacketGetTCP(p)) == ctx->v1.u32[0])) {
         SCLogDebug("packet matches TCP ack %u", ctx->v1.u32[0]);
         PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt);

diff --git a/src/detect-tcp-flags.c b/src/detect-tcp-flags.c
index 267193fc75b551c0c11bcedecb44218dfc57432d..57488e38608b4abbe164df19e3626bbce4990eb8 100644 (file)
--- a/src/detect-tcp-flags.c
+++ b/src/detect-tcp-flags.c
@@ -151,7 +151,8 @@ static int DetectFlagsMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
 {
     SCEnter();
 
-    if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p)) {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+    if (!(PacketIsTCP(p))) {
         SCReturnInt(0);
     }
 
@@ -553,7 +554,8 @@ int DetectFlagsSignatureNeedsSynOnlyPackets(const Signature *s)
 static void
 PrefilterPacketFlagsMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
-    if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p)) {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+    if (!(PacketIsTCP(p))) {
         SCReturn;
     }
 

diff --git a/src/detect-tcp-seq.c b/src/detect-tcp-seq.c
index f26501db326204e216eb35d590f80658d18914fb..91d6799c10aae3e77f1b386874631d4fa16c40dc 100644 (file)
--- a/src/detect-tcp-seq.c
+++ b/src/detect-tcp-seq.c
@@ -83,8 +83,9 @@ static int DetectSeqMatch(DetectEngineThreadCtx *det_ctx,
 {
     const DetectSeqData *data = (const DetectSeqData *)ctx;
 
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
     /* This is only needed on TCP packets */
-    if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p)) {
+    if (!(PacketIsTCP(p))) {
         return 0;
     }
 
@@ -148,10 +149,11 @@ PrefilterPacketSeqMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *p
 {
     const PrefilterPacketHeaderCtx *ctx = pectx;
 
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
     if (!PrefilterPacketHeaderExtraMatch(ctx, p))
         return;
 
-    if (p->proto == IPPROTO_TCP && !(PKT_IS_PSEUDOPKT(p)) && PacketIsTCP(p) &&
+    if (p->proto == IPPROTO_TCP && PacketIsTCP(p) &&
             (TCP_GET_RAW_SEQ(PacketGetTCP(p)) == ctx->v1.u32[0])) {
         SCLogDebug("packet matches TCP seq %u", ctx->v1.u32[0]);
         PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt);

diff --git a/src/detect-tcp-window.c b/src/detect-tcp-window.c
index 38f2b5c6805712a34f7598b88d655a50179efe0f..6adfe487be29fe74cd615b5e38e316750191a983 100644 (file)
--- a/src/detect-tcp-window.c
+++ b/src/detect-tcp-window.c
@@ -87,7 +87,8 @@ static int DetectWindowMatch(DetectEngineThreadCtx *det_ctx, Packet *p,
 {
     const DetectWindowData *wd = (const DetectWindowData *)ctx;
 
-    if (!(PacketIsTCP(p)) || wd == NULL || PKT_IS_PSEUDOPKT(p)) {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+    if (!(PacketIsTCP(p)) || wd == NULL) {
         return 0;
     }
 

diff --git a/src/detect-tcpmss.c b/src/detect-tcpmss.c
index 5c7acdb2ffe3fedf9b9f5c4def90b117dd8eb367..0ecdd8910f555baf15b7e0259f475cbbe880fd9d 100644 (file)
--- a/src/detect-tcpmss.c
+++ b/src/detect-tcpmss.c
@@ -74,8 +74,9 @@ void DetectTcpmssRegister(void)
 static int DetectTcpmssMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
         const Signature *s, const SigMatchCtx *ctx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
 
-    if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p))
+    if (!(PacketIsTCP(p)))
         return 0;
 
     if (!(TCP_HAS_MSS(p)))
@@ -128,7 +129,8 @@ void DetectTcpmssFree(DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketTcpmssMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
-    if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p))
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+    if (!(PacketIsTCP(p)))
         return;
 
     if (!(TCP_HAS_MSS(p)))

diff --git a/src/detect-template2.c b/src/detect-template2.c
index c38e9fe33fe7e70c9c23f4a87a77c71d849557c4..45efa7e6a647f107adfa4a7ec40c50a9bcb10fef 100644 (file)
--- a/src/detect-template2.c
+++ b/src/detect-template2.c
@@ -75,9 +75,7 @@ void DetectTemplate2Register(void)
 static int DetectTemplate2Match (DetectEngineThreadCtx *det_ctx, Packet *p,
         const Signature *s, const SigMatchCtx *ctx)
 {
-
-    if (PKT_IS_PSEUDOPKT(p))
-        return 0;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
 
     /* TODO replace this */
     uint8_t ptemplate2;
@@ -137,9 +135,7 @@ void DetectTemplate2Free(DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketTemplate2Match(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
-    if (PKT_IS_PSEUDOPKT(p)) {
-        SCReturn;
-    }
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
 
     uint8_t ptemplate2;
 /* TODO update */

diff --git a/src/detect-tos.c b/src/detect-tos.c
index d4d2d2fe65cd5b156f2fb1d5d9d66e3bd7897e0d..dc43a0e34ffdbbabb3acf7024f5ae8a341286110 100644 (file)
--- a/src/detect-tos.c
+++ b/src/detect-tos.c
@@ -96,7 +96,8 @@ static int DetectTosMatch(DetectEngineThreadCtx *det_ctx, Packet *p,
     const DetectTosData *tosd = (const DetectTosData *)ctx;
     int result = 0;
 
-    if (!PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p)) {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+    if (!PacketIsIPv4(p)) {
         return 0;
     }
 

diff --git a/src/detect-ttl.c b/src/detect-ttl.c
index edc5b1b225a40a946afe9e5f1e1c30d0d5411bb2..efb86816d9bbef3d9dfcf024306365cc5bd9ba9a 100644 (file)
--- a/src/detect-ttl.c
+++ b/src/detect-ttl.c
@@ -81,8 +81,7 @@ void DetectTtlRegister(void)
 static int DetectTtlMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
         const Signature *s, const SigMatchCtx *ctx)
 {
-    if (PKT_IS_PSEUDOPKT(p))
-        return 0;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
 
     uint8_t pttl;
     if (PacketIsIPv4(p)) {
@@ -140,9 +139,7 @@ void DetectTtlFree(DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketTtlMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
-    if (PKT_IS_PSEUDOPKT(p)) {
-        SCReturn;
-    }
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
 
     uint8_t pttl;
     if (PacketIsIPv4(p)) {