From: Victor Julien <vjulien@oisf.net>
Date: Thu, 16 May 2024 10:25:07 +0000 (+0200)
Subject: detect/stream_size: allow match on pseudo packets
X-Git-Tag: suricata-8.0.0-beta1~1142
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=44d2e1aad7177614331cb26d36fc81973a5bdaf4;p=thirdparty%2Fsuricata.git

detect/stream_size: allow match on pseudo packets

Often used with stream content, which can be inspected with pseudo packets.
---

diff --git a/src/detect-stream_size.c b/src/detect-stream_size.c
index 7597b71b13..b9220e9dfe 100644
--- a/src/detect-stream_size.c
+++ b/src/detect-stream_size.c
@@ -118,8 +118,6 @@ static int DetectStreamSizeMatchAux(const DetectStreamSizeData *sd, const TcpSes
 static int DetectStreamSizeMatch(
         DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx)
 {
-    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
-
     const DetectStreamSizeData *sd = (const DetectStreamSizeData *)ctx;
 
     if (!(PacketIsTCP(p)))
@@ -171,7 +169,6 @@ void DetectStreamSizeFree(DetectEngineCtx *de_ctx, void *ptr)
 static void PrefilterPacketStreamsizeMatch(
         DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
-    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
     if (!(PacketIsTCP(p)))
         return;
 
@@ -214,9 +211,9 @@ static bool PrefilterPacketStreamSizeCompare(PrefilterPacketHeaderValue v, void
 
 static int PrefilterSetupStreamSize(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_STREAM_SIZE,
-            SIG_MASK_REQUIRE_FLOW | SIG_MASK_REQUIRE_REAL_PKT, PrefilterPacketStreamSizeSet,
-            PrefilterPacketStreamSizeCompare, PrefilterPacketStreamsizeMatch);
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_STREAM_SIZE, SIG_MASK_REQUIRE_FLOW,
+            PrefilterPacketStreamSizeSet, PrefilterPacketStreamSizeCompare,
+            PrefilterPacketStreamsizeMatch);
 }
 
 static bool PrefilterStreamSizeIsPrefilterable(const Signature *s)