detect/iponly: include postmatch in determination

author Victor Julien <vjulien@oisf.net>

Mon, 23 May 2022 11:59:31 +0000 (13:59 +0200)

committer Victor Julien <vjulien@oisf.net>

Tue, 7 Jun 2022 05:42:02 +0000 (07:42 +0200)
author Victor Julien <vjulien@oisf.net>
Mon, 23 May 2022 11:59:31 +0000 (13:59 +0200)
committer Victor Julien <vjulien@oisf.net>
Tue, 7 Jun 2022 05:42:02 +0000 (07:42 +0200)
diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c

index 30e70b428ee29d0d02ef733273f2ed638b23ca63..b2171803d810c958cb7f11edde033355eeac44e1 100644 (file)
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -226,9 +226,17 @@ int SignatureIsIPOnly(DetectEngineCtx *de_ctx, const Signature *s)
          return 0;
  
      SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
-    if (sm == NULL)
-        goto iponly;
-
+    for (; sm != NULL; sm = sm->next) {
+        if (!(sigmatch_table[sm->type].flags & SIGMATCH_IPONLY_COMPAT))
+            return 0;
+        /* we have enabled flowbits to be compatible with ip only sigs, as long
+         * as the sig only has a "set" flowbits */
+        if (sm->type == DETECT_FLOWBITS &&
+                (((DetectFlowbitsData *)sm->ctx)->cmd != DETECT_FLOWBITS_CMD_SET)) {
+            return 0;
+        }
+    }
+    sm = s->init_data->smlists[DETECT_SM_LIST_POSTMATCH];
      for ( ; sm != NULL; sm = sm->next) {
          if ( !(sigmatch_table[sm->type].flags & SIGMATCH_IPONLY_COMPAT))
              return 0;
@@ -240,7 +248,6 @@ int SignatureIsIPOnly(DetectEngineCtx *de_ctx, const Signature *s)
          }
      }
  
-iponly:
      if (!(de_ctx->flags & DE_QUIET)) {
          SCLogDebug("IP-ONLY (%" PRIu32 "): source %s, dest %s", s->id,
                     s->flags & SIG_FLAG_SRC_ANY ? "ANY" : "SET",
author	Victor Julien <vjulien@oisf.net>
	Mon, 23 May 2022 11:59:31 +0000 (13:59 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Tue, 7 Jun 2022 05:42:02 +0000 (07:42 +0200)