diff --git a/src/detect.c b/src/detect.c index fd729ed39c..d30b7905c9 100644 --- a/src/detect.c +++ b/src/detect.c @@ -2284,6 +2284,15 @@ static int SignatureCreateMask(Signature *s) SCReturnInt(0); } +/** \brief disable file features we don't need + * Called if we have no detection engine. + */ +void DisableDetectFlowFileFlags(Flow *f) +{ + DetectPostInspectFileFlagsUpdate(f, NULL /* no sgh */, STREAM_TOSERVER); + DetectPostInspectFileFlagsUpdate(f, NULL /* no sgh */, STREAM_TOCLIENT); +} + static void SigInitStandardMpmFactoryContexts(DetectEngineCtx *de_ctx) { DetectMpmInitializeBuiltinMpms(de_ctx); diff --git a/src/detect.h b/src/detect.h index e603d6f356..93b52bd3c5 100644 --- a/src/detect.h +++ b/src/detect.h @@ -1334,6 +1334,7 @@ int SigGroupBuild(DetectEngineCtx *); int SigGroupCleanup (DetectEngineCtx *de_ctx); void SigAddressPrepareBidirectionals (DetectEngineCtx *); +void DisableDetectFlowFileFlags(Flow *f); char *DetectLoadCompleteSigPath(const DetectEngineCtx *, char *sig_file); int SigLoadSignatures (DetectEngineCtx *, char *, int); void SigTableList(const char *keyword); diff --git a/src/flow-worker.c b/src/flow-worker.c index ac0bd484dd..b29486e335 100644 --- a/src/flow-worker.c +++ b/src/flow-worker.c @@ -201,6 +201,15 @@ TmEcode FlowWorker(ThreadVars *tv, Packet *p, void *data, PacketQueue *preq, Pac SCLogDebug("packet %"PRIu64" is TCP", p->pcap_cnt); DEBUG_ASSERT_FLOW_LOCKED(p->flow); + /* if detect is disabled, we need to apply file flags to the flow + * here on the first packet. */ + if (detect_thread == NULL && + ((PKT_IS_TOSERVER(p) && (p->flowflags & FLOW_PKT_TOSERVER_FIRST)) || + (PKT_IS_TOCLIENT(p) && (p->flowflags & FLOW_PKT_TOCLIENT_FIRST)))) + { + DisableDetectFlowFileFlags(p->flow); + } + FLOWWORKER_PROFILING_START(p, PROFILE_FLOWWORKER_STREAM); StreamTcp(tv, p, fw->stream_thread, &fw->pq, NULL); FLOWWORKER_PROFILING_END(p, PROFILE_FLOWWORKER_STREAM);