From 7183e766f9338800f97ec3025ebb4310fc66caea Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Fri, 23 Sep 2022 17:13:55 +0200
Subject: [PATCH] detect/flowbits: more permissive parsing by default

To get strict parsing, `--strict-rule-keywords=flowbits` command line
option can be used.

Bug: #5547.
---
 src/detect-flowbits.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c
index fd65f086e4..f1805b084d 100644
--- a/src/detect-flowbits.c
+++ b/src/detect-flowbits.c
@@ -284,8 +284,15 @@ static int DetectFlowbitParse(
             strlcpy(name, token, sizeof(name));
             name_set = true;
         } else {
-            SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid flowbits keyword: %s", token);
-            return -1;
+            if (!SigMatchStrictEnabled(DETECT_FLOWBITS)) {
+                SCLogWarning(SC_ERR_INVALID_SIGNATURE,
+                        "Invalid flowbits keyword: %s. This will become an error in Suricata 7.0.",
+                        token);
+                return -4;
+            } else {
+                SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid flowbits keyword: %s", token);
+                return -1;
+            }
         }
         token = strtok_r(NULL, ",", &context);
     }
@@ -327,7 +334,7 @@ int DetectFlowbitSetup(DetectEngineCtx *de_ctx, Signature *s, const char *rawstr
 
     int result = DetectFlowbitParse(de_ctx, rawstr, &cd);
     if (result < 0) {
-        return -1;
+        return result;
     } else if (result == 0 && cd == NULL) {
         s->flags |= SIG_FLAG_NOALERT;
         return 0;