detect: not an iponly signature if it needs app-layer

author Philippe Antoine <contact@catenacyber.fr>

Wed, 30 Mar 2022 13:24:32 +0000 (15:24 +0200)

committer Shivani Bhardwaj <shivanib134@gmail.com>

Thu, 21 Apr 2022 07:31:56 +0000 (13:01 +0530)
author Philippe Antoine <contact@catenacyber.fr>
Wed, 30 Mar 2022 13:24:32 +0000 (15:24 +0200)
committer Shivani Bhardwaj <shivanib134@gmail.com>
Thu, 21 Apr 2022 07:31:56 +0000 (13:01 +0530)
diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c

index b7b344cbaac2d1ed65e6f10adfbbb391ae414096..73f876718d6837b5c290d98eb7ca46b3ca97f84a 100644 (file)
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -194,6 +194,10 @@ int SignatureIsIPOnly(DetectEngineCtx *de_ctx, const Signature *s)
      if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
          return 0;
  
+    // may happen for 'config' keyword, postmatch
+    if (s->flags & SIG_FLAG_APPLAYER)
+        return 0;
+
      /* if flow dir is set we can't process it in ip-only */
      if (!(((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == 0) ||
              (s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) ==
author	Philippe Antoine <contact@catenacyber.fr>
	Wed, 30 Mar 2022 13:24:32 +0000 (15:24 +0200)
committer	Shivani Bhardwaj <shivanib134@gmail.com>
	Thu, 21 Apr 2022 07:31:56 +0000 (13:01 +0530)