detect/firewall: fix last for progress handling

In last_for_progress handling set accept only on packet if it was also triggered on the last tx. If there are more transactions, the accept can be set later (if policy allows).
2026-05-28 04:32:12 -04:00 · 2026-05-16 11:24:09 +02:00 · 2026-05-16 11:24:09 +02:00 · 2c31aceb12
commit 2c31aceb12
parent 951d5f5865
1 changed files with 1 additions and 1 deletions
--- a/src/detect.c
+++ b/src/detect.c
@ -2372,7 +2372,7 @@ static void DetectRunTx(ThreadVars *tv,

                    /* if this is also the last fw rule we'll inspect we have to issue a default
                     * accept to the packet */
-                    if (s->app_progress_hook == tx.tx_progress) {
+                    if (last_tx && s->app_progress_hook == tx.tx_progress) {
                        DetectRunAppendDefaultAccept(det_ctx, p);
                    }
                }