From 090122c5d07f52aab0b70a3698d9045c95a0d301 Mon Sep 17 00:00:00 2001 From: Shivani Bhardwaj Date: Sat, 9 Dec 2023 12:49:31 +0530 Subject: [PATCH] detect/flowbits: remove DETECT_FLOWBITS_CMD_NOALERT DETECT_FLOWBITS_CMD_NOALERT is misleading as it gives an impression that noalert is a flowbit specific command that'll be used and dealt with at some point but as soon as noalert is found in the rule lang, signature flag for noalert is set and control is returned. It never gets added to cmd of the flowbits object. --- src/detect-flowbits.c | 13 +++++-------- src/detect-flowbits.h | 3 +-- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c index b04c271dc548..dce56625ec16 100644 --- a/src/detect-flowbits.c +++ b/src/detect-flowbits.c @@ -285,7 +285,10 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst } if (strcmp(fb_cmd_str,"noalert") == 0) { - fb_cmd = DETECT_FLOWBITS_CMD_NOALERT; + if (strlen(fb_name) != 0) + goto error; + s->flags |= SIG_FLAG_NOALERT; + return 0; } else if (strcmp(fb_cmd_str,"isset") == 0) { fb_cmd = DETECT_FLOWBITS_CMD_ISSET; } else if (strcmp(fb_cmd_str,"isnotset") == 0) { @@ -302,11 +305,6 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst } switch (fb_cmd) { - case DETECT_FLOWBITS_CMD_NOALERT: - if (strlen(fb_name) != 0) - goto error; - s->flags |= SIG_FLAG_NOALERT; - return 0; case DETECT_FLOWBITS_CMD_ISNOTSET: case DETECT_FLOWBITS_CMD_ISSET: case DETECT_FLOWBITS_CMD_SET: @@ -340,8 +338,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst * and put it in the Signature. */ switch (fb_cmd) { - /* case DETECT_FLOWBITS_CMD_NOALERT can't happen here */ - + /* noalert can't happen here */ case DETECT_FLOWBITS_CMD_ISNOTSET: case DETECT_FLOWBITS_CMD_ISSET: /* checks, so packet list */ diff --git a/src/detect-flowbits.h b/src/detect-flowbits.h index 5ecd6cf87296..5e382de0a7a6 100644 --- a/src/detect-flowbits.h +++ b/src/detect-flowbits.h @@ -30,8 +30,7 @@ #define DETECT_FLOWBITS_CMD_UNSET 2 #define DETECT_FLOWBITS_CMD_ISNOTSET 3 #define DETECT_FLOWBITS_CMD_ISSET 4 -#define DETECT_FLOWBITS_CMD_NOALERT 5 -#define DETECT_FLOWBITS_CMD_MAX 6 +#define DETECT_FLOWBITS_CMD_MAX 5 typedef struct DetectFlowbitsData_ { uint32_t idx;