From 77f49661fd78df420c4542e230def0682a886c60 Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Wed, 31 May 2023 15:52:14 +0200
Subject: [PATCH] app-layer: don't update UDP applayer for dropped packets

---
 src/flow-worker.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/flow-worker.c b/src/flow-worker.c
index adeaa6a53e..ec9b5344da 100644
--- a/src/flow-worker.c
+++ b/src/flow-worker.c
@@ -34,6 +34,8 @@
 #include "suricata-common.h"
 #include "suricata.h"
 
+#include "action-globals.h"
+#include "packet.h"
 #include "decode.h"
 #include "detect.h"
 #include "stream-tcp.h"
@@ -566,9 +568,11 @@ static TmEcode FlowWorker(ThreadVars *tv, Packet *p, void *data)
 
         /* handle the app layer part of the UDP packet payload */
     } else if (p->flow && p->proto == IPPROTO_UDP) {
-        FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_APPLAYERUDP);
-        AppLayerHandleUdp(tv, fw->stream_thread->ra_ctx->app_tctx, p, p->flow);
-        FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_APPLAYERUDP);
+        if (!PacketCheckAction(p, ACTION_DROP)) {
+            FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_APPLAYERUDP);
+            AppLayerHandleUdp(tv, fw->stream_thread->ra_ctx->app_tctx, p, p->flow);
+            FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_APPLAYERUDP);
+        }
     }
 
     PacketUpdateEngineEventCounters(tv, fw->dtv, p);