detect: only apply ConfigApplyTx with app-layers

Ticket: 4972

Otherwise, it makes no sense to look for a tx...

diff --git a/src/detect-config.c b/src/detect-config.c
index 0a81ba8eefabc3944cf416ed3b79ba3ca2584c6e..0f06b9a66b9693a504be485d6e73e256e9aa9f8a 100644 (file)
--- a/src/detect-config.c
+++ b/src/detect-config.c
@@ -288,6 +288,10 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
         fd->scope = CONFIG_SCOPE_TX;
     }
 
+    if (fd->scope == CONFIG_SCOPE_TX) {
+        s->flags |= SIG_FLAG_APPLAYER;
+    }
+
     sm->ctx = (SigMatchCtx*)fd;
     SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
 

diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
index 108514c96230743e6138df3e9ebd234f6c7039f5..1be519296295596aec7c6da6a72720a66f9a6f60 100644 (file)
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -33,6 +33,7 @@
 #include "detect-dsize.h"
 #include "detect-tcp-flags.h"
 #include "detect-flow.h"
+#include "detect-config.h"
 #include "detect-flowbits.h"
 
 #include "util-profiling.h"
@@ -560,6 +561,13 @@ static int SignatureCreateMask(Signature *s)
             case DETECT_ENGINE_EVENT:
                 s->mask |= SIG_MASK_REQUIRE_ENGINE_EVENT;
                 break;
+            case DETECT_CONFIG: {
+                DetectConfigData *fd = (DetectConfigData *)sm->ctx;
+                if (fd->scope == CONFIG_SCOPE_FLOW) {
+                    s->mask |= SIG_MASK_REQUIRE_FLOW;
+                }
+                break;
+            }
         }
     }