Skip to content

Commit

Permalink
detect: pseudo-packets inherit inspect flags from parent packet
Browse files Browse the repository at this point in the history
Instead of inheriting from flow, because encrypted protocols like TLS
and SSH may have just set the flow flags to indicate rest of stream is
encrypted and does not need to run stream inspection. But inspection
still needs to be run detection on this last flushing packet.

Ticket: #7235.
(cherry picked from commit 976dec7)
  • Loading branch information
ilya-bakhtin authored and victorjulien committed Sep 28, 2024
1 parent 38bb31e commit f8f65de
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/stream-tcp.c
Original file line number Diff line number Diff line change
Expand Up @@ -6521,10 +6521,10 @@ static void StreamTcpPseudoPacketCreateDetectLogFlush(ThreadVars *tv,
np->vlan_idx = f->vlan_idx;
np->livedev = (struct LiveDevice_ *)f->livedev;

if (f->flags & FLOW_NOPACKET_INSPECTION) {
if (parent->flags & PKT_NOPACKET_INSPECTION) {
DecodeSetNoPacketInspectionFlag(np);
}
if (f->flags & FLOW_NOPAYLOAD_INSPECTION) {
if (parent->flags & PKT_NOPAYLOAD_INSPECTION) {
DecodeSetNoPayloadInspectionFlag(np);
}

Expand Down

0 comments on commit f8f65de

Please sign in to comment.