From: Philippe Antoine <pantoine@oisf.net>
Date: Fri, 18 Apr 2025 11:46:27 +0000 (+0200)
Subject: detect: flow friendly error on hook incompatibility
X-Git-Tag: suricata-8.0.0-rc1~412
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1d4ff8a8fdd1e8d2a6a0ea75736f2e6080dbc4b1;p=thirdparty%2Fsuricata.git

detect: flow friendly error on hook incompatibility
---

diff --git a/src/detect-flow.c b/src/detect-flow.c
index d970f06854..28c0cddf48 100644
--- a/src/detect-flow.c
+++ b/src/detect-flow.c
@@ -397,6 +397,10 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *flowstr)
                     "rule %u means to use both directions, cannot specify a flow direction", s->id);
             goto error;
         }
+        if (s->flags & SIG_FLAG_TOCLIENT) {
+            SCLogError("rule %u has flow to_server but a hook to_client", s->id);
+            goto error;
+        }
         s->flags |= SIG_FLAG_TOSERVER;
     } else if (fd->flags & DETECT_FLOW_FLAG_TOCLIENT) {
         if (s->flags & SIG_FLAG_TXBOTHDIR) {
@@ -404,6 +408,10 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *flowstr)
                     "rule %u means to use both directions, cannot specify a flow direction", s->id);
             goto error;
         }
+        if (s->flags & SIG_FLAG_TOSERVER) {
+            SCLogError("rule %u has flow to_client but a hook to_server", s->id);
+            goto error;
+        }
         s->flags |= SIG_FLAG_TOCLIENT;
     } else {
         s->flags |= SIG_FLAG_TOSERVER;