|
|
|
|
@ -1938,6 +1938,14 @@ static void DetectFlow(ThreadVars *tv,
|
|
|
|
|
{
|
|
|
|
|
Flow *const f = p->flow;
|
|
|
|
|
|
|
|
|
|
/* we check the flow drop here, and not the packet drop. This is
|
|
|
|
|
* to allow stream engine "invalid" drop packets to still be
|
|
|
|
|
* evaluated by the stream event rules. */
|
|
|
|
|
if (f->flags & FLOW_ACTION_DROP) {
|
|
|
|
|
DEBUG_VALIDATE_BUG_ON(!(PKT_IS_PSEUDOPKT(p)) && !PacketCheckAction(p, ACTION_DROP));
|
|
|
|
|
SCReturn;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (p->flags & PKT_NOPACKET_INSPECTION || f->flags & (FLOW_ACTION_PASS)) {
|
|
|
|
|
/* hack: if we are in pass the entire flow mode, we need to still
|
|
|
|
|
* update the inspect_id forward. So test for the condition here,
|
|
|
|
|
@ -1955,14 +1963,6 @@ static void DetectFlow(ThreadVars *tv,
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* we check the flow drop here, and not the packet drop. This is
|
|
|
|
|
* to allow stream engine "invalid" drop packets to still be
|
|
|
|
|
* evaluated by the stream event rules. */
|
|
|
|
|
if (f->flags & FLOW_ACTION_DROP) {
|
|
|
|
|
DEBUG_VALIDATE_BUG_ON(!(PKT_IS_PSEUDOPKT(p)) && !PacketCheckAction(p, ACTION_DROP));
|
|
|
|
|
SCReturn;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* see if the packet matches one or more of the sigs */
|
|
|
|
|
DetectRun(tv, de_ctx, det_ctx, p);
|
|
|
|
|
}
|
|
|
|
|
|
Victor Julien
6 months ago
committed by
Victor Julien