From f6b294bc14fe9e3c3ca2b2cf24f2b64438ed59b5 Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Thu, 21 Nov 2024 13:26:02 +0100
Subject: [PATCH] SQUASH flowbits prefilter toggle

---
 src/detect-flowbits.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c
index c127acb86139..36d013a69ebe 100644
--- a/src/detect-flowbits.c
+++ b/src/detect-flowbits.c
@@ -1196,18 +1196,17 @@ static int PrefilterSetupFlowbits(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
             if (fb->cmd == DETECT_FLOWBITS_CMD_SET) {
                 SCLogDebug(
                         "DETECT_SM_LIST_POSTMATCH: sid %u DETECT_FLOWBITS set %u", s->id, fb->idx);
-                // else if (fb->cmd == DETECT_FLOWBITS_CMD_TOGGLE) {
-                //   SCLogDebug("DETECT_SM_LIST_POSTMATCH: sid %u DETECT_FLOWBITS toggle %u", s->id,
-                //           fb->idx);
+            } else if (fb->cmd == DETECT_FLOWBITS_CMD_TOGGLE) {
+                SCLogDebug("DETECT_SM_LIST_POSTMATCH: sid %u DETECT_FLOWBITS toggle %u", s->id,
+                        fb->idx);
             } else {
                 SCLogDebug("unsupported flowbits setting");
                 continue;
             }
 
-            if (fb_analysis.array[fb->idx].toggle_sids_idx ||
-                    fb_analysis.array[fb->idx].isnotset_sids_idx ||
+            if (fb_analysis.array[fb->idx].isnotset_sids_idx ||
                     fb_analysis.array[fb->idx].unset_sids_idx) {
-                SCLogDebug("flowbit %u not supported: toggle or unset in use", fb->idx);
+                SCLogDebug("flowbit %u not supported: unset in use", fb->idx);
                 continue;
             }
 
@@ -1220,6 +1219,7 @@ static int PrefilterSetupFlowbits(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
             SCLogDebug("setting up sets/toggles for sid %u", s->id);
             if (AddBitSetToggle(de_ctx, &fb_analysis, set_ctx, fb, s) == 1) {
                 // flag the set/toggle to trigger the post-rule match logic
+                SCLogDebug("set up sets/toggles for sid %u", s->id);
                 fb->post_rule_match_prefilter = true;
             }
 
@@ -1237,8 +1237,7 @@ static int PrefilterSetupFlowbits(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
         }
 
         const DetectFlowbitsData *fb = (DetectFlowbitsData *)s->init_data->prefilter_sm->ctx;
-        if (fb_analysis.array[fb->idx].toggle_sids_idx ||
-                fb_analysis.array[fb->idx].isnotset_sids_idx ||
+        if (fb_analysis.array[fb->idx].isnotset_sids_idx ||
                 fb_analysis.array[fb->idx].unset_sids_idx) {
             SCLogDebug("flowbit %u not supported: toggle or unset in use", fb->idx);
             s->init_data->prefilter_sm = NULL;