detect: fix inspection order with stateful rules

When stateful detection rules, for which detection has already started
for a previous packet, are added to the candidates array, the array
is sorted to mantain the correct inspection order. However, due to a
trivial error in the sort helper the array was sorted in descending
instead of ascending order.

(cherry picked from commit 46644440671c3bfeb9c1423aa1684191ff6db961)

diff --git a/src/detect.c b/src/detect.c
index b0cbb921dc9cca96a37e5ed2fe622025b22189b3..e9b7ff7adf8677eed9c7bdee456bd924c8321188 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -1011,8 +1011,13 @@ static int RuleMatchCandidateTxArrayExpand(DetectEngineThreadCtx *det_ctx, const
     return 1;
 }
 
-
-/* TODO maybe let one with flags win if equal? */
+/** \internal
+ *  \brief sort helper for sorting match candidates by id: ascending
+ *
+ *  The id field is set from Signature::num, so we sort the candidates to match the signature
+ *  sort order (ascending).
+ *
+ *  \todo maybe let one with flags win if equal? */
 static int
 DetectRunTxSortHelper(const void *a, const void *b)
 {
@@ -1021,7 +1026,7 @@ DetectRunTxSortHelper(const void *a, const void *b)
     if (s1->id == s0->id)
         return 0;
     else
-        return s0->id > s1->id ? -1 : 1;
+        return s0->id > s1->id ? 1 : -1;
 }
 
 #if 0