From: Victor Julien <vjulien@oisf.net>
Date: Thu, 1 May 2025 08:29:17 +0000 (+0200)
Subject: detect/flow: don't overwrite hook direction
X-Git-Tag: suricata-8.0.0-rc1~374
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=3fe9bd7cbb19dd6e8642c0e21f87be7c6525c1f3;p=thirdparty%2Fsuricata.git

detect/flow: don't overwrite hook direction
---

diff --git a/src/detect-flow.c b/src/detect-flow.c
index 28c0cddf48..1e5fdb0ca4 100644
--- a/src/detect-flow.c
+++ b/src/detect-flow.c
@@ -414,8 +414,11 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *flowstr)
         }
         s->flags |= SIG_FLAG_TOCLIENT;
     } else {
-        s->flags |= SIG_FLAG_TOSERVER;
-        s->flags |= SIG_FLAG_TOCLIENT;
+        /* if direction wasn't already set, e.g. by rule hook, assume both */
+        if ((s->flags & (SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT)) == 0) {
+            s->flags |= SIG_FLAG_TOSERVER;
+            s->flags |= SIG_FLAG_TOCLIENT;
+        }
     }
     if (fd->flags == 0 || fd->flags == DETECT_FLOW_FLAG_TOSERVER ||
             fd->flags == DETECT_FLOW_FLAG_TOCLIENT) {