From b7fcc8ebf0891c5ccc0796d28958940db8bd170e Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Thu, 7 Sep 2023 10:49:23 -0400
Subject: [PATCH] detect/alert: Drop packet if rule is pkt only

This commit modifies the logic used to determine the disposition of a
flow/packet.

If the rule contains packet match properties, the flow shouldn't be
dropped.

Issue: 5578
---
 src/detect-engine-alert.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c
index a40f992ced1d..54b2e3e38dbb 100644
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@@ -326,6 +326,13 @@ static inline void FlowApplySignatureActions(
         if ((pa->flags & (PACKET_ALERT_FLAG_STATE_MATCH | PACKET_ALERT_FLAG_STREAM_MATCH)) ||
                 (s->flags & (SIG_FLAG_IPONLY | SIG_FLAG_LIKE_IPONLY | SIG_FLAG_PDONLY |
                                     SIG_FLAG_APPLAYER))) {
+
+            /* No action when the signature doesn't require a stream */
+            if ((s->flags &
+                        (SIG_FLAG_APPLAYER | SIG_FLAG_REQUIRE_PACKET | SIG_FLAG_REQUIRE_STREAM)) ==
+                    (SIG_FLAG_APPLAYER | SIG_FLAG_REQUIRE_PACKET))
+                return;
+
             pa->flags |= PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW;
             SCLogDebug("packet %" PRIu64 " sid %u action %02x alert_flags %02x (set "
                        "PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW)",