From 3fe9bd7cbb19dd6e8642c0e21f87be7c6525c1f3 Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Thu, 1 May 2025 10:29:17 +0200
Subject: [PATCH] detect/flow: don't overwrite hook direction

---
 src/detect-flow.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/detect-flow.c b/src/detect-flow.c
index 28c0cddf48..1e5fdb0ca4 100644
--- a/src/detect-flow.c
+++ b/src/detect-flow.c
@@ -414,8 +414,11 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *flowstr)
         }
         s->flags |= SIG_FLAG_TOCLIENT;
     } else {
-        s->flags |= SIG_FLAG_TOSERVER;
-        s->flags |= SIG_FLAG_TOCLIENT;
+        /* if direction wasn't already set, e.g. by rule hook, assume both */
+        if ((s->flags & (SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT)) == 0) {
+            s->flags |= SIG_FLAG_TOSERVER;
+            s->flags |= SIG_FLAG_TOCLIENT;
+        }
     }
     if (fd->flags == 0 || fd->flags == DETECT_FLOW_FLAG_TOSERVER ||
             fd->flags == DETECT_FLOW_FLAG_TOCLIENT) {