From: Philippe Antoine <pantoine@oisf.net>
Date: Tue, 3 Oct 2023 10:39:13 +0000 (+0200)
Subject: detect: update packet action on protocol change
X-Git-Tag: suricata-7.0.4~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=14d422109547ea7a1ea38673b87d6bdf20f2aa62;p=thirdparty%2Fsuricata.git

detect: update packet action on protocol change

Ticket: #6305

When running FlowWorkerStreamTCPUpdate, one of the dequeued packet
may set the flow action to drop, without updating the not-pseudo
packet action, as is done usually with a previous call to
FlowHandlePacketUpdate

(cherry picked from commit 4c4f7ff1a2324bff9e4e09dd8354878b2455ac34)
---

diff --git a/src/flow-worker.c b/src/flow-worker.c
index a20e053c59..50d690d3b9 100644
--- a/src/flow-worker.c
+++ b/src/flow-worker.c
@@ -430,6 +430,10 @@ static inline void FlowWorkerStreamTCPUpdate(ThreadVars *tv, FlowWorkerThreadDat
             TmqhOutputPacketpool(tv, x);
         }
     }
+    if (FlowChangeProto(p->flow) && p->flow->flags & FLOW_ACTION_DROP) {
+        // in case f->flags & FLOW_ACTION_DROP was set by one of the dequeued packets
+        PacketDrop(p, ACTION_DROP, PKT_DROP_REASON_FLOW_DROP);
+    }
 }
 
 static void FlowWorkerFlowTimeout(ThreadVars *tv, Packet *p, FlowWorkerThreadData *fw,