detect: not an iponly signature if it needs app-layer

author Philippe Antoine <contact@catenacyber.fr>

Wed, 30 Mar 2022 13:24:32 +0000 (15:24 +0200)

committer Victor Julien <vjulien@oisf.net>

Wed, 6 Apr 2022 06:52:23 +0000 (08:52 +0200)
author Philippe Antoine <contact@catenacyber.fr>
Wed, 30 Mar 2022 13:24:32 +0000 (15:24 +0200)
committer Victor Julien <vjulien@oisf.net>
Wed, 6 Apr 2022 06:52:23 +0000 (08:52 +0200)
diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c

index 34357a2f3d1539e49987d59cc5fa0ef3ff9a86c2..813876eacab303eb018bfdbcd6d2f70fbe9d127a 100644 (file)
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -195,6 +195,10 @@ int SignatureIsIPOnly(DetectEngineCtx *de_ctx, const Signature *s)
      if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
          return 0;
  
+    // may happen for 'config' keyword, postmatch
+    if (s->flags & SIG_FLAG_APPLAYER)
+        return 0;
+
      /* if flow dir is set we can't process it in ip-only */
      if (!(((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == 0) ||
              (s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) ==
author	Philippe Antoine <contact@catenacyber.fr>
	Wed, 30 Mar 2022 13:24:32 +0000 (15:24 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Wed, 6 Apr 2022 06:52:23 +0000 (08:52 +0200)