]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3485880)
detect/flowbits: remove DETECT_FLOWBITS_CMD_NOALERT 10028/head
authorShivani Bhardwaj <shivani@oisf.net>
Sat, 9 Dec 2023 07:19:31 +0000 (12:49 +0530)
committerVictor Julien <victor@inliniac.net>
Mon, 11 Dec 2023 16:25:30 +0000 (17:25 +0100)
DETECT_FLOWBITS_CMD_NOALERT is misleading as it gives an impression that
noalert is a flowbit specific command that'll be used and dealt with at
some point but as soon as noalert is found in the rule lang, signature
flag for noalert is set and control is returned. It never gets added to
cmd of the flowbits object.

src/detect-flowbits.c patch | blob | blame | history
src/detect-flowbits.h patch | blob | blame | history

diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c
index b04c271dc5485bd0a1e9c8d1c3c0b68aecd077a7..dce56625ec16de832040774ffefd30f80a4f8644 100644 (file)
--- a/src/detect-flowbits.c
+++ b/src/detect-flowbits.c
@@ -285,7 +285,10 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
     }
 
     if (strcmp(fb_cmd_str,"noalert") == 0) {
-        fb_cmd = DETECT_FLOWBITS_CMD_NOALERT;
+        if (strlen(fb_name) != 0)
+            goto error;
+        s->flags |= SIG_FLAG_NOALERT;
+        return 0;
     } else if (strcmp(fb_cmd_str,"isset") == 0) {
         fb_cmd = DETECT_FLOWBITS_CMD_ISSET;
     } else if (strcmp(fb_cmd_str,"isnotset") == 0) {
@@ -302,11 +305,6 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
     }
 
     switch (fb_cmd) {
-        case DETECT_FLOWBITS_CMD_NOALERT:
-            if (strlen(fb_name) != 0)
-                goto error;
-            s->flags |= SIG_FLAG_NOALERT;
-            return 0;
         case DETECT_FLOWBITS_CMD_ISNOTSET:
         case DETECT_FLOWBITS_CMD_ISSET:
         case DETECT_FLOWBITS_CMD_SET:
@@ -340,8 +338,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
      * and put it in the Signature. */
 
     switch (fb_cmd) {
-        /* case DETECT_FLOWBITS_CMD_NOALERT can't happen here */
-
+        /* noalert can't happen here */
         case DETECT_FLOWBITS_CMD_ISNOTSET:
         case DETECT_FLOWBITS_CMD_ISSET:
             /* checks, so packet list */
diff --git a/src/detect-flowbits.h b/src/detect-flowbits.h
index 5ecd6cf87296c891b9a4b2e42c0c1942c66f7c4c..5e382de0a7a6dcdb44ac793116bf1c07dc850506 100644 (file)
--- a/src/detect-flowbits.h
+++ b/src/detect-flowbits.h
@@ -30,8 +30,7 @@
 #define DETECT_FLOWBITS_CMD_UNSET    2
 #define DETECT_FLOWBITS_CMD_ISNOTSET 3
 #define DETECT_FLOWBITS_CMD_ISSET    4
-#define DETECT_FLOWBITS_CMD_NOALERT  5
-#define DETECT_FLOWBITS_CMD_MAX      6
+#define DETECT_FLOWBITS_CMD_MAX      5
 
 typedef struct DetectFlowbitsData_ {
     uint32_t idx;
Mirror of https://github.com/OISF/suricata.git