From: Victor Julien <vjulien@oisf.net>
Date: Mon, 23 May 2022 11:59:31 +0000 (+0200)
Subject: detect/iponly: include postmatch in determination
X-Git-Tag: suricata-6.0.6~46
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0ffd310180c9779ee06d04d5b4100dc4497aa7a1;p=thirdparty%2Fsuricata.git

detect/iponly: include postmatch in determination

(cherry picked from commit beecc1890fafb2381c42af2344d74eddd4064085)
---

diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
index 30e70b428e..b2171803d8 100644
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -226,9 +226,17 @@ int SignatureIsIPOnly(DetectEngineCtx *de_ctx, const Signature *s)
         return 0;
 
     SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
-    if (sm == NULL)
-        goto iponly;
-
+    for (; sm != NULL; sm = sm->next) {
+        if (!(sigmatch_table[sm->type].flags & SIGMATCH_IPONLY_COMPAT))
+            return 0;
+        /* we have enabled flowbits to be compatible with ip only sigs, as long
+         * as the sig only has a "set" flowbits */
+        if (sm->type == DETECT_FLOWBITS &&
+                (((DetectFlowbitsData *)sm->ctx)->cmd != DETECT_FLOWBITS_CMD_SET)) {
+            return 0;
+        }
+    }
+    sm = s->init_data->smlists[DETECT_SM_LIST_POSTMATCH];
     for ( ; sm != NULL; sm = sm->next) {
         if ( !(sigmatch_table[sm->type].flags & SIGMATCH_IPONLY_COMPAT))
             return 0;
@@ -240,7 +248,6 @@ int SignatureIsIPOnly(DetectEngineCtx *de_ctx, const Signature *s)
         }
     }
 
-iponly:
     if (!(de_ctx->flags & DE_QUIET)) {
         SCLogDebug("IP-ONLY (%" PRIu32 "): source %s, dest %s", s->id,
                    s->flags & SIG_FLAG_SRC_ANY ? "ANY" : "SET",