detect/config: allow setting a scope for action config

author Victor Julien <vjulien@oisf.net>

Wed, 21 May 2025 10:15:03 +0000 (12:15 +0200)

committer Victor Julien <victor@inliniac.net>

Tue, 10 Jun 2025 06:36:36 +0000 (08:36 +0200)
author Victor Julien <vjulien@oisf.net>
Wed, 21 May 2025 10:15:03 +0000 (12:15 +0200)
committer Victor Julien <victor@inliniac.net>
Tue, 10 Jun 2025 06:36:36 +0000 (08:36 +0200)
diff --git a/src/detect-parse.c b/src/detect-parse.c

index 30ca1abdfbf5aa7ea63f7027e47bf3d6df702a17..bb304e2f7aeeda39cfed2e15c3012954942c101e 100644 (file)
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1608,6 +1608,15 @@ static int SigParseAction(Signature *s, const char *action_in)
                  return -1;
              }
              s->action_scope = scope_flags;
+        } else if (flags & (ACTION_CONFIG)) {
+            if (strcmp(o, "packet") == 0) {
+                scope_flags = (uint8_t)ACTION_SCOPE_PACKET;
+            } else {
+                SCLogError("invalid action scope '%s' in action '%s': only 'packet' allowed", o,
+                        action_in);
+                return -1;
+            }
+            s->action_scope = scope_flags;
          } else {
              SCLogError("invalid action scope '%s' in action '%s': scope only supported for actions "
                         "'drop', 'pass' and 'reject'",
author	Victor Julien <vjulien@oisf.net>
	Wed, 21 May 2025 10:15:03 +0000 (12:15 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 10 Jun 2025 06:36:36 +0000 (08:36 +0200)