Similar keywords use `isnotset`, while `flowint` only accepted `notset`
Opted to change the code, not only the regex, to keep the underlying
code also following the same patterns.
Task #7426
@ -1000,7 +1000,7 @@ static int DetectFlowintTestParseIsset10(void)
DetectFlowintPrintData(sfd);
if(sfd!=NULL&&!strcmp(sfd->name,"myvar")
&&sfd->targettype==FLOWINT_TARGET_SELF
&&sfd->modifier==FLOWINT_MODIFIER_NOTSET){
&&sfd->modifier==FLOWINT_MODIFIER_ISNOTSET){
result&=1;
}else{
@ -1189,7 +1189,7 @@ static int DetectFlowintTestPacket02Real(void)
de_ctx->flags|=DE_QUIET;
constchar*sigs[5];
sigs[0]="alert tcp any any -> any any (msg:\"Setting a flowint counter\"; content:\"GET\"; flowint:myvar,notset; flowint:maxvar,notset; flowint: myvar,=,1; flowint: maxvar,=,6; sid:101;)";
sigs[0]="alert tcp any any -> any any (msg:\"Setting a flowint counter\"; content:\"GET\"; flowint:myvar,notset; flowint:maxvar,isnotset; flowint: myvar,=,1; flowint: maxvar,=,6; sid:101;)";
sigs[1]="alert tcp any any -> any any (msg:\"Adding to flowint counter\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: myvar,+,2; sid:102;)";
sigs[2]="alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar, isset; flowint: myvar,==,3; flowint:cntpackets,notset; flowint: cntpackets, =, 0; sid:103;)";
sigs[3]="alert tcp any any -> any any (msg:\"and count the rest of the packets received without generating alerts!!!\"; flowint: cntpackets,isset; flowint: cntpackets, +, 1; noalert;sid:104;)";