detect/flowbits: remove DETECT_FLOWBITS_CMD_NOALERT

DETECT_FLOWBITS_CMD_NOALERT is misleading as it gives an impression that
noalert is a flowbit specific command that'll be used and dealt with at
some point but as soon as noalert is found in the rule lang, signature
flag for noalert is set and control is returned. It never gets added to
cmd of the flowbits object.

(cherry picked from commit 75471dd69b78d0915819b978e937483dca8b4a04)

diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c
index 144eb89f8849e4df0b616ddbb8cd739b765ae952..4a216cc7916198a58e70a0431400b4f9c8852abb 100644 (file)
--- a/src/detect-flowbits.c
+++ b/src/detect-flowbits.c
@@ -286,7 +286,10 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
     }
 
     if (strcmp(fb_cmd_str,"noalert") == 0) {
-        fb_cmd = DETECT_FLOWBITS_CMD_NOALERT;
+        if (strlen(fb_name) != 0)
+            goto error;
+        s->flags |= SIG_FLAG_NOALERT;
+        return 0;
     } else if (strcmp(fb_cmd_str,"isset") == 0) {
         fb_cmd = DETECT_FLOWBITS_CMD_ISSET;
     } else if (strcmp(fb_cmd_str,"isnotset") == 0) {
@@ -303,11 +306,6 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
     }
 
     switch (fb_cmd) {
-        case DETECT_FLOWBITS_CMD_NOALERT:
-            if (strlen(fb_name) != 0)
-                goto error;
-            s->flags |= SIG_FLAG_NOALERT;
-            return 0;
         case DETECT_FLOWBITS_CMD_ISNOTSET:
         case DETECT_FLOWBITS_CMD_ISSET:
         case DETECT_FLOWBITS_CMD_SET:
@@ -347,8 +345,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
     sm->ctx = (SigMatchCtx *)cd;
 
     switch (fb_cmd) {
-        /* case DETECT_FLOWBITS_CMD_NOALERT can't happen here */
-
+        /* noalert can't happen here */
         case DETECT_FLOWBITS_CMD_ISNOTSET:
         case DETECT_FLOWBITS_CMD_ISSET:
             /* checks, so packet list */

diff --git a/src/detect-flowbits.h b/src/detect-flowbits.h
index 5ecd6cf87296c891b9a4b2e42c0c1942c66f7c4c..5e382de0a7a6dcdb44ac793116bf1c07dc850506 100644 (file)
--- a/src/detect-flowbits.h
+++ b/src/detect-flowbits.h
@@ -30,8 +30,7 @@
 #define DETECT_FLOWBITS_CMD_UNSET    2
 #define DETECT_FLOWBITS_CMD_ISNOTSET 3
 #define DETECT_FLOWBITS_CMD_ISSET    4
-#define DETECT_FLOWBITS_CMD_NOALERT  5
-#define DETECT_FLOWBITS_CMD_MAX      6
+#define DETECT_FLOWBITS_CMD_MAX      5
 
 typedef struct DetectFlowbitsData_ {
     uint32_t idx;