detect: update/document drop flow logic

Now that flow drop is applied to packets before other processing, no drop has to be issued on a packet.
2 years ago · 85ddba63f6
parent 71a033ac62
commit 85ddba63f6
1 changed files with 3 additions and 2 deletions
--- a/src/detect.c
+++ b/src/detect.c
@ -1709,9 +1709,10 @@ static void DetectFlow(ThreadVars *tv,
        return;
    }

-    /* if flow is set to drop, we enforce that here */
+    /* we check the flow drop here, and not the packet drop. This is
+     * to allow stream engine "invalid" drop packets to still be
+     * evaluated by the stream event rules. */
    if (f->flags & FLOW_ACTION_DROP) {
-        PacketDrop(p, ACTION_DROP, PKT_DROP_REASON_FLOW_DROP);
        SCReturn;
    }