From f8f65de937a7b0fc4fc28321e2f8d63c394b581b Mon Sep 17 00:00:00 2001
From: Ilya Bakhtin <ilya.bakhtin@gmail.com>
Date: Sat, 31 Aug 2024 13:44:25 +0200
Subject: [PATCH] detect: pseudo-packets inherit inspect flags from parent
 packet

Instead of inheriting from flow, because encrypted protocols like TLS
and SSH may have just set the flow flags to indicate rest of stream is
encrypted and does not need to run stream inspection. But inspection
still needs to be run detection on this last flushing packet.

Ticket: #7235.
(cherry picked from commit 976dec7f332624e31f57a936e6e6275c01dd8da5)
---
 src/stream-tcp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 3e6be24faed2..a99029ab8481 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -6521,10 +6521,10 @@ static void StreamTcpPseudoPacketCreateDetectLogFlush(ThreadVars *tv,
     np->vlan_idx = f->vlan_idx;
     np->livedev = (struct LiveDevice_ *)f->livedev;
 
-    if (f->flags & FLOW_NOPACKET_INSPECTION) {
+    if (parent->flags & PKT_NOPACKET_INSPECTION) {
         DecodeSetNoPacketInspectionFlag(np);
     }
-    if (f->flags & FLOW_NOPAYLOAD_INSPECTION) {
+    if (parent->flags & PKT_NOPAYLOAD_INSPECTION) {
         DecodeSetNoPayloadInspectionFlag(np);
     }