detect/iponly: don't check & set flow flags twice

Per flow IP-only flags are checked and set by IP-only engine, so no need to set/check them per alert.
4 years ago · fbcdd2ec26
parent 55a0e29c8e
commit fbcdd2ec26
1 changed files with 11 additions and 19 deletions
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@ -263,14 +263,7 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
            }

            if (s->flags & SIG_FLAG_IPONLY) {
-                if (((p->flowflags & FLOW_PKT_TOSERVER) && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) ||
-                    ((p->flowflags & FLOW_PKT_TOCLIENT) && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) {
-                    SCLogDebug("testing against \"ip-only\" signatures");
-
                if (p->flow != NULL) {
-                        /* Update flow flags for iponly */
-                        FlowSetIPOnlyFlag(p->flow, (p->flowflags & FLOW_PKT_TOSERVER) ? 1 : 0);
-
                    if (s->action & ACTION_DROP)
                        p->flow->flags |= FLOW_ACTION_DROP;
                    if (s->action & ACTION_REJECT)
@ -284,7 +277,6 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
                    }
                }
            }
-            }

            /* set actions on packet */
            DetectSignatureApplyActions(p, p->alerts.alerts[i].s, p->alerts.alerts[i].flags);