output: log tx only when there is a fresh app update

Ticket: 6796 Similar to commit for detection 9240ae250c We only have more logging to do if the app update was fresh, ie if p->app_update_direction != 0 If we have data acknowledged in one direction, and then many packets in the other direction, the APP_UPDATED flow flags did not get reset because we did not run detection yet in this direction, but there is nothing more to do after the first packet in the other direction.
2 years ago · c41540f839
parent c283e8565a
commit c41540f839
1 changed files with 3 additions and 1 deletions
--- a/src/output-tx.c
+++ b/src/output-tx.c
@ -337,7 +337,9 @@ static TmEcode OutputTxLog(ThreadVars *tv, Packet *p, void *thread_data)
    DEBUG_VALIDATE_BUG_ON(thread_data == NULL);
    if (p->flow == NULL)
        return TM_ECODE_OK;
-    if (!((PKT_IS_PSEUDOPKT(p)) || p->flow->flags & (FLOW_TS_APP_UPDATED | FLOW_TC_APP_UPDATED))) {
+    if (!PKT_IS_PSEUDOPKT(p) && p->app_update_direction == 0 &&
+            ((PKT_IS_TOSERVER(p) && (p->flow->flags & FLOW_TS_APP_UPDATED) == 0) ||
+                    (PKT_IS_TOCLIENT(p) && (p->flow->flags & FLOW_TC_APP_UPDATED) == 0))) {
        SCLogDebug("not pseudo, no app update: skip");
        return TM_ECODE_OK;
    }