detect/flow: fix DETECT_FLOW_FLAG_ESTABLISHED check

author daniel zhao <danielzhao2029@gmail.com>

Tue, 14 Nov 2023 11:04:10 +0000 (19:04 +0800)

committer Victor Julien <victor@inliniac.net>

Tue, 14 Nov 2023 18:28:12 +0000 (19:28 +0100)
author daniel zhao <danielzhao2029@gmail.com>
Tue, 14 Nov 2023 11:04:10 +0000 (19:04 +0800)
committer Victor Julien <victor@inliniac.net>
Tue, 14 Nov 2023 18:28:12 +0000 (19:28 +0100)
diff --git a/src/detect-flow.c b/src/detect-flow.c

index 09787515722c4e1aceea07beea7ca6e63bb5243f..fdee0779e4585ed85214b70ab773b1f22aabfd3c 100644 (file)
--- a/src/detect-flow.c
+++ b/src/detect-flow.c
@@ -227,6 +227,10 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
                  if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED) {
                      SCLogError("DETECT_FLOW_FLAG_ESTABLISHED flag is already set");
                      goto error;
+                } else if (fd->flags & DETECT_FLOW_FLAG_NOT_ESTABLISHED) {
+                    SCLogError("cannot set DETECT_FLOW_FLAG_ESTABLISHED, "
+                               "DETECT_FLOW_FLAG_NOT_ESTABLISHED already set");
+                    goto error;
                  } else if (fd->flags & DETECT_FLOW_FLAG_STATELESS) {
                      SCLogError("DETECT_FLOW_FLAG_STATELESS already set");
                      goto error;
@@ -236,7 +240,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
                  if (fd->flags & DETECT_FLOW_FLAG_NOT_ESTABLISHED) {
                      SCLogError("DETECT_FLOW_FLAG_NOT_ESTABLISHED flag is already set");
                      goto error;
-                } else if (fd->flags & DETECT_FLOW_FLAG_NOT_ESTABLISHED) {
+                } else if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED) {
                      SCLogError("cannot set DETECT_FLOW_FLAG_NOT_ESTABLISHED, "
                                 "DETECT_FLOW_FLAG_ESTABLISHED already set");
                      goto error;
@@ -946,6 +950,19 @@ static int DetectFlowTestParse21 (void)
      PASS;
  }
  
+/**
+ * \test DetectFlowTestParse22 is a test for setting the established,not_established flow opts both
+ */
+static int DetectFlowTestParse22(void)
+{
+    DetectFlowData *fd = NULL;
+    fd = DetectFlowParse(NULL, "established,not_established");
+    FAIL_IF_NOT_NULL(fd);
+    fd = DetectFlowParse(NULL, "not_established,established");
+    FAIL_IF_NOT_NULL(fd);
+    PASS;
+}
+
  static int DetectFlowSigTest01(void)
  {
      uint8_t *buf = (uint8_t *)"supernovaduper";
@@ -1104,6 +1121,7 @@ static void DetectFlowRegisterTests(void)
      UtRegisterTest("DetectFlowTestParse20", DetectFlowTestParse20);
      UtRegisterTest("DetectFlowTestParseNocase20", DetectFlowTestParseNocase20);
      UtRegisterTest("DetectFlowTestParse21", DetectFlowTestParse21);
+    UtRegisterTest("DetectFlowTestParse22", DetectFlowTestParse22);
      UtRegisterTest("DetectFlowTestParseNotEstablished",
          DetectFlowTestParseNotEstablished);
      UtRegisterTest("DetectFlowTestParseNoFrag", DetectFlowTestParseNoFrag);
author	daniel zhao <danielzhao2029@gmail.com>
	Tue, 14 Nov 2023 11:04:10 +0000 (19:04 +0800)
committer	Victor Julien <victor@inliniac.net>
	Tue, 14 Nov 2023 18:28:12 +0000 (19:28 +0100)