eve/frame: run logging for flow end packets

If there are frames in the flow the flow manager will create flow timeout packets to log the remaining frames. This requires the logger to run for those flow timeout packets. Ticket: #7440.
8 months ago · 95ac92f9aa
parent db589765e4
commit 95ac92f9aa
1 changed files with 4 additions and 2 deletions
--- a/src/output-json-frame.c
+++ b/src/output-json-frame.c
@ -408,9 +408,11 @@ static bool JsonFrameLogCondition(ThreadVars *tv, void *thread_data, const Packe

    if ((p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP) && p->flow->alparser != NULL) {
        if (p->proto == IPPROTO_TCP) {
-            if ((p->flow->flags & FLOW_TS_APP_UPDATED) && PKT_IS_TOSERVER(p)) {
+            if ((PKT_IS_PSEUDOPKT(p) || (p->flow->flags & FLOW_TS_APP_UPDATED)) &&
+                    PKT_IS_TOSERVER(p)) {
                // fallthrough
-            } else if ((p->flow->flags & FLOW_TC_APP_UPDATED) && PKT_IS_TOCLIENT(p)) {
+            } else if ((PKT_IS_PSEUDOPKT(p) || (p->flow->flags & FLOW_TC_APP_UPDATED)) &&
+                       PKT_IS_TOCLIENT(p)) {
                // fallthrough
            } else {
                return false;