detect: pseudo-packets inherit inspect flags from parent packet

Instead of inheriting from flow, because encrypted protocols like TLS and SSH may have just set the flow flags to indicate rest of stream is encrypted and does not need to run stream inspection. But inspection still needs to be run detection on this last flushing packet. Ticket: #7235.
11 months ago · 976dec7f33
parent 26da953f6d
commit 976dec7f33
1 changed files with 2 additions and 2 deletions
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@ -6723,10 +6723,10 @@ static void StreamTcpPseudoPacketCreateDetectLogFlush(ThreadVars *tv,
    np->vlan_idx = f->vlan_idx;
    np->livedev = (struct LiveDevice_ *)f->livedev;

-    if (f->flags & FLOW_NOPACKET_INSPECTION) {
+    if (parent->flags & PKT_NOPACKET_INSPECTION) {
        DecodeSetNoPacketInspectionFlag(np);
    }
-    if (f->flags & FLOW_NOPAYLOAD_INSPECTION) {
+    if (parent->flags & PKT_NOPAYLOAD_INSPECTION) {
        DecodeSetNoPayloadInspectionFlag(np);
    }