From: Victor Julien <victor@inliniac.net>
Date: Thu, 12 Sep 2013 15:00:13 +0000 (+0200)
Subject: xff: don't do xff check if there are no alerts anyway.
X-Git-Tag: suricata-2.0beta2~382
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=05d68ce39420ae269e9153ab44d86f11e55aaac6;p=thirdparty%2Fsuricata.git

xff: don't do xff check if there are no alerts anyway.
---

diff --git a/src/alert-unified2-alert.c b/src/alert-unified2-alert.c
index 85e9a8c7bf..fdbf77568c 100644
--- a/src/alert-unified2-alert.c
+++ b/src/alert-unified2-alert.c
@@ -385,6 +385,9 @@ TmEcode Unified2Alert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq, Pa
     Unified2AlertThread *aun = (Unified2AlertThread *)data;
     aun->xff_flags = UNIFIED2_ALERT_XFF_DISABLED;
 
+    if (p->alerts.cnt == 0)
+        return TM_ECODE_OK;
+
     if (!(aun->unified2alert_ctx->xff_mode & UNIFIED2_ALERT_XFF_DISABLED) &&
             p->flow != NULL) {
         FLOWLOCK_RDLOCK(p->flow);