From 2c24eb9e762a0903e8186187bb7c13f1a1f1e825 Mon Sep 17 00:00:00 2001 From: Eileen Donlon Date: Mon, 30 Apr 2012 11:54:25 -0400 Subject: [PATCH] allow only one flow option in a rule --- src/detect-flow.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/detect-flow.c b/src/detect-flow.c index 65fe1de59a..d437421d52 100644 --- a/src/detect-flow.c +++ b/src/detect-flow.c @@ -309,6 +309,12 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, char *flowstr) if (fd == NULL) goto error; + /*ensure only one flow option*/ + if (s->init_flags & SIG_FLAG_INIT_FLOW) { + SCLogError (SC_ERR_INVALID_SIGNATURE, "A signature may have only one flow option."); + goto error; + } + /* Okay so far so good, lets get this into a SigMatch * and put it in the Signature. */ sm = SigMatchAlloc(); @@ -329,7 +335,6 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, char *flowstr) s->flags |= SIG_FLAG_TOSERVER; s->flags |= SIG_FLAG_TOCLIENT; } - if (fd->flags & FLOW_PKT_ONLYSTREAM) { s->flags |= SIG_FLAG_REQUIRE_STREAM; }