signature: set flags and test the protocol

This checks if the signature's protocol is http
when setup the content keyword.

Also sets the proper flags based by protocol
since the flag SIG_FLAG_TOSERVER has to be set
if the proto is smtp, otherwise SIG_FLAG_TOCLIENT
is it's http.

diff --git a/src/detect-content.c b/src/detect-content.c
index 48eb2f64faf3caae24e186ba6ecc9b082a05f96a..cd0722eae84fffddce3eba08bb4514734c2f5388 100644 (file)
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -390,7 +390,7 @@ int DetectContentSetup(DetectEngineCtx *de_ctx, Signature *s, char *contentstr)
 
     int sm_list;
     if (s->list != DETECT_SM_LIST_NOTSET) {
-        if (s->list == DETECT_SM_LIST_FILEDATA) {
+        if (s->list == DETECT_SM_LIST_FILEDATA && s->alproto == ALPROTO_HTTP) {
             AppLayerHtpEnableResponseBodyCallback();
             s->alproto = ALPROTO_HTTP;
         }

diff --git a/src/detect-parse.c b/src/detect-parse.c
index d2c09af987933761300015d6c8b892b160af33e9..4b084d0e251947735e99a46757b7b21bd8392e3f 100644 (file)
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1143,7 +1143,8 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
         }
     }
 
-    if (s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL ||
+    if ((s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL && s->alproto == ALPROTO_SMTP) ||
+        s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL ||
         s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL ||
         s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL ||
         s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL ||
@@ -1152,7 +1153,7 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
         s->flags |= SIG_FLAG_TOSERVER;
         s->flags &= ~SIG_FLAG_TOCLIENT;
     }
-    if (s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL ||
+    if ((s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL && s->alproto == ALPROTO_HTTP) ||
         s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL ||
         s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL) {
         sig_flags |= SIG_FLAG_TOCLIENT;