detect state: fix issues with multiple files per tx

Make sure multiple files in a single tx are inspected correctly. This
requires resetting part of the stored state on new files.

diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c
index 30c40737e482e6c723c6d56cca5ea7db38123ede..2ba935b58041fe93692fb7f791646222daee7525 100644 (file)
--- a/src/detect-engine-state.c
+++ b/src/detect-engine-state.c
@@ -721,6 +721,7 @@ static int DoInspectItem(ThreadVars *tv,
             {
                 item->flags &= ~DE_STATE_FLAG_FILE_TC_INSPECT;
                 item->flags &= ~DE_STATE_FLAG_FULL_INSPECT;
+                item->flags &= ~DE_STATE_FLAG_SIG_CANT_MATCH;
             }
 
             if ((flags & STREAM_TOSERVER) &&
@@ -728,6 +729,7 @@ static int DoInspectItem(ThreadVars *tv,
             {
                 item->flags &= ~DE_STATE_FLAG_FILE_TS_INSPECT;
                 item->flags &= ~DE_STATE_FLAG_FULL_INSPECT;
+                item->flags &= ~DE_STATE_FLAG_SIG_CANT_MATCH;
             }
         }
 
@@ -1055,6 +1057,9 @@ void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
                         }
                     }
                 }
+
+                tx_dir_state->flags &=
+                    ~(DETECT_ENGINE_STATE_FLAG_FILE_TS_NEW|DETECT_ENGINE_STATE_FLAG_FILE_TC_NEW);
             }
             /* if the current tx is in progress, we won't advance to any newer
              * tx' just yet. */