detect: fix inspection order with stateful rules

When stateful detection rules, for which detection has already started
for a previous packet, are added to the candidates array, the array
is sorted to mantain the correct inspection order. However, due to a
trivial error in the sort helper the array was sorted in descending
instead of ascending order.

diff --git a/src/detect.c b/src/detect.c
index 8a71fc8f1d65a7afdd5686ae202a9d41294f8e57..92a32f2ff276f5ed861edd5afbff704bb75e0edc 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -1009,8 +1009,13 @@ static int RuleMatchCandidateTxArrayExpand(DetectEngineThreadCtx *det_ctx, const
     return 1;
 }
 
-
-/* TODO maybe let one with flags win if equal? */
+/** \internal
+ *  \brief sort helper for sorting match candidates by id: ascending
+ *
+ *  The id field is set from Signature::num, so we sort the candidates to match the signature
+ *  sort order (ascending).
+ *
+ *  \todo maybe let one with flags win if equal? */
 static int
 DetectRunTxSortHelper(const void *a, const void *b)
 {
@@ -1019,7 +1024,7 @@ DetectRunTxSortHelper(const void *a, const void *b)
     if (s1->id == s0->id)
         return 0;
     else
-        return s0->id > s1->id ? -1 : 1;
+        return s0->id > s1->id ? 1 : -1;
 }
 
 #if 0