detect/flow: don't overwrite hook direction

author Victor Julien <vjulien@oisf.net>

Thu, 1 May 2025 08:29:17 +0000 (10:29 +0200)

committer Victor Julien <victor@inliniac.net>

Sat, 3 May 2025 06:19:39 +0000 (08:19 +0200)
author Victor Julien <vjulien@oisf.net>
Thu, 1 May 2025 08:29:17 +0000 (10:29 +0200)
committer Victor Julien <victor@inliniac.net>
Sat, 3 May 2025 06:19:39 +0000 (08:19 +0200)
diff --git a/src/detect-flow.c b/src/detect-flow.c

index 28c0cddf484bbbcff7c4fd7f95a5bd4df86037ee..1e5fdb0ca4d6509d62117865d1543782d6838c71 100644 (file)
--- a/src/detect-flow.c
+++ b/src/detect-flow.c
@@ -414,8 +414,11 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *flowstr)
          }
          s->flags |= SIG_FLAG_TOCLIENT;
      } else {
-        s->flags |= SIG_FLAG_TOSERVER;
-        s->flags |= SIG_FLAG_TOCLIENT;
+        /* if direction wasn't already set, e.g. by rule hook, assume both */
+        if ((s->flags & (SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT)) == 0) {
+            s->flags |= SIG_FLAG_TOSERVER;
+            s->flags |= SIG_FLAG_TOCLIENT;
+        }
      }
      if (fd->flags == 0 || fd->flags == DETECT_FLOW_FLAG_TOSERVER ||
              fd->flags == DETECT_FLOW_FLAG_TOCLIENT) {
author	Victor Julien <vjulien@oisf.net>
	Thu, 1 May 2025 08:29:17 +0000 (10:29 +0200)
committer	Victor Julien <victor@inliniac.net>
	Sat, 3 May 2025 06:19:39 +0000 (08:19 +0200)