From a89840929b46b765787bec3ae5cad529f558af0a Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Thu, 16 Jun 2022 17:27:35 +0200
Subject: [PATCH] detect: set drop reason for rule based drops

Call `PacketDrop` with drop reason for drops, keep old logic
in place for the rest.
---
 src/detect-engine-alert.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c
index 1e5c712730..e51d70c9c1 100644
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@@ -178,9 +178,10 @@ static void PacketApplySignatureActions(Packet *p, const Signature *s, const uin
 {
     SCLogDebug("packet %" PRIu64 " sid %u action %02x alert_flags %02x", p->pcap_cnt, s->id,
             s->action, alert_flags);
-    PacketUpdateAction(p, s->action);
 
     if (s->action & ACTION_DROP) {
+        PacketDrop(p, PKT_DROP_REASON_RULES);
+
         if (p->alerts.drop.action == 0) {
             p->alerts.drop.num = s->num;
             p->alerts.drop.action = s->action;
@@ -189,8 +190,11 @@ static void PacketApplySignatureActions(Packet *p, const Signature *s, const uin
         if ((p->flow != NULL) && (alert_flags & PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW)) {
             RuleActionToFlow(s->action, p->flow);
         }
-    } else if (s->action & ACTION_PASS) {
-        if ((p->flow != NULL) && (alert_flags & PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW)) {
+    } else {
+        PacketUpdateAction(p, s->action);
+
+        if ((s->action & ACTION_PASS) && (p->flow != NULL) &&
+                (alert_flags & PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW)) {
             RuleActionToFlow(s->action, p->flow);
         }
     }