detect/flowbits: more permissive parsing by default

author Victor Julien <vjulien@oisf.net>

Fri, 23 Sep 2022 15:13:55 +0000 (17:13 +0200)

committer Victor Julien <vjulien@oisf.net>

Fri, 23 Sep 2022 15:23:23 +0000 (17:23 +0200)
author Victor Julien <vjulien@oisf.net>
Fri, 23 Sep 2022 15:13:55 +0000 (17:13 +0200)
committer Victor Julien <vjulien@oisf.net>
Fri, 23 Sep 2022 15:23:23 +0000 (17:23 +0200)
diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c

index fd65f086e4bb0b4c25dd69f174d49bf3050d515e..f1805b084d0004e474dc2e4febe7d38ad0071e51 100644 (file)
--- a/src/detect-flowbits.c
+++ b/src/detect-flowbits.c
@@ -284,8 +284,15 @@ static int DetectFlowbitParse(
              strlcpy(name, token, sizeof(name));
              name_set = true;
          } else {
-            SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid flowbits keyword: %s", token);
-            return -1;
+            if (!SigMatchStrictEnabled(DETECT_FLOWBITS)) {
+                SCLogWarning(SC_ERR_INVALID_SIGNATURE,
+                        "Invalid flowbits keyword: %s. This will become an error in Suricata 7.0.",
+                        token);
+                return -4;
+            } else {
+                SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid flowbits keyword: %s", token);
+                return -1;
+            }
          }
          token = strtok_r(NULL, ",", &context);
      }
@@ -327,7 +334,7 @@ int DetectFlowbitSetup(DetectEngineCtx *de_ctx, Signature *s, const char *rawstr
  
      int result = DetectFlowbitParse(de_ctx, rawstr, &cd);
      if (result < 0) {
-        return -1;
+        return result;
      } else if (result == 0 && cd == NULL) {
          s->flags |= SIG_FLAG_NOALERT;
          return 0;
author	Victor Julien <vjulien@oisf.net>
	Fri, 23 Sep 2022 15:13:55 +0000 (17:13 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Fri, 23 Sep 2022 15:23:23 +0000 (17:23 +0200)