action missing in packet delivered in Bypass Callback
When the bypass callback is made to the capture method as the result of a rule, the packet structure delivered in the callback does not include the action. For example I have the following rule defined:
drop tcp 10.0.2.15 any -> any any (msg: "Bypass Test Rule"; classtype:protocol-command-decode; bypass; sid:1000013; rev:2;)
I get a call to my bypass-callback in the capture method when a packet matches this rule. However, the action field in the packet is always zero.
The use-case I'm trying to implement is to either block or shunt traffic - in an inline configuration - based on a particular signature. E.g. if the rule is drop/bypass the hardware will drop packets matching the sig. Similarly if the rule is pass/bypass the hardware will shut traffic to the output port without sending them to the host. I need to know the signature action in order to implement this.