detect/geoip: do not require packet

Ticket: 8333 Allows to pass on pseudo packets So, that a ruleset like pass ssh any any -> any any (geoip:any,US,IN; sid: 1;) drop ip any any -> any any (flow:established, to_server; sid:2;) Does not lead to a drop on the pseudo-packet when we flush because ssh traffic gets encrypted
1 month ago · d4c036718a
parent bc4a055e73
commit d4c036718a
1 changed files with 0 additions and 3 deletions
--- a/src/detect-geoip.c
+++ b/src/detect-geoip.c
@ -250,8 +250,6 @@ static int DetectGeoipMatch(DetectEngineThreadCtx *det_ctx,
    const DetectGeoipData *geoipdata = (const DetectGeoipData *)ctx;
    int matches = 0;

-    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
-
    if (PacketIsIPv4(p)) {
        if (geoipdata->flags & ( GEOIP_MATCH_SRC_FLAG | GEOIP_MATCH_BOTH_FLAG ))
        {
@ -416,7 +414,6 @@ static int DetectGeoipSetup(DetectEngineCtx *de_ctx, Signature *s, const char *o
                de_ctx, s, DETECT_GEOIP, (SigMatchCtx *)geoipdata, DETECT_SM_LIST_MATCH) == NULL) {
        goto error;
    }
-    s->flags |= SIG_FLAG_REQUIRE_PACKET;

    return 0;