From fbcdd2ec267d49040ca178f8562767d8fb00aa73 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 9 Mar 2021 16:25:14 +0100 Subject: [PATCH] detect/iponly: don't check & set flow flags twice Per flow IP-only flags are checked and set by IP-only engine, so no need to set/check them per alert. --- src/detect-engine-alert.c | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c index 528e5b3cd1..d60e2b111d 100644 --- a/src/detect-engine-alert.c +++ b/src/detect-engine-alert.c @@ -263,25 +263,17 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx } if (s->flags & SIG_FLAG_IPONLY) { - if (((p->flowflags & FLOW_PKT_TOSERVER) && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) || - ((p->flowflags & FLOW_PKT_TOCLIENT) && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) { - SCLogDebug("testing against \"ip-only\" signatures"); - - if (p->flow != NULL) { - /* Update flow flags for iponly */ - FlowSetIPOnlyFlag(p->flow, (p->flowflags & FLOW_PKT_TOSERVER) ? 1 : 0); - - if (s->action & ACTION_DROP) - p->flow->flags |= FLOW_ACTION_DROP; - if (s->action & ACTION_REJECT) - p->flow->flags |= FLOW_ACTION_DROP; - if (s->action & ACTION_REJECT_DST) - p->flow->flags |= FLOW_ACTION_DROP; - if (s->action & ACTION_REJECT_BOTH) - p->flow->flags |= FLOW_ACTION_DROP; - if (s->action & ACTION_PASS) { - FlowSetNoPacketInspectionFlag(p->flow); - } + if (p->flow != NULL) { + if (s->action & ACTION_DROP) + p->flow->flags |= FLOW_ACTION_DROP; + if (s->action & ACTION_REJECT) + p->flow->flags |= FLOW_ACTION_DROP; + if (s->action & ACTION_REJECT_DST) + p->flow->flags |= FLOW_ACTION_DROP; + if (s->action & ACTION_REJECT_BOTH) + p->flow->flags |= FLOW_ACTION_DROP; + if (s->action & ACTION_PASS) { + FlowSetNoPacketInspectionFlag(p->flow); } } }