Skip to content

Commit

Permalink
detect: pseudo-packets inherit inspect flags from parent packet
Browse files Browse the repository at this point in the history 
Instead of inheriting from flow, because encrypted protocols like TLS
and SSH may have just set the flow flags to indicate rest of stream is
encrypted and does not need to run stream inspection. But inspection
still needs to be run detection on this last flushing packet.

Ticket: #7235.
  • Loading branch information
@ilya-bakhtin @victorjulien
ilya-bakhtin authored and victorjulien committed Sep 28, 2024
1 parent 26da953 commit 976dec7
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/stream-tcp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6723,10 +6723,10 @@ static void StreamTcpPseudoPacketCreateDetectLogFlush(ThreadVars *tv,
np->vlan_idx = f->vlan_idx;
np->livedev = (struct LiveDevice_ *)f->livedev;

if (f->flags & FLOW_NOPACKET_INSPECTION) {
if (parent->flags & PKT_NOPACKET_INSPECTION) {
DecodeSetNoPacketInspectionFlag(np);
}
if (f->flags & FLOW_NOPAYLOAD_INSPECTION) {
if (parent->flags & PKT_NOPAYLOAD_INSPECTION) {
DecodeSetNoPayloadInspectionFlag(np);
}

Expand Down

0 comments on commit 976dec7

Please sign in to comment.