detect/app-layer-proto: fix prefilter check

Prefilter wasn't yet using `AppProtoEquals` which might lead to
mismatches with HTTP and DCERPC related signatures.

diff --git a/src/detect-app-layer-protocol.c b/src/detect-app-layer-protocol.c
index c5924f07a1579381473838c35e8d77994555a0e7..bd0da13a23970d0c873741796e73ae90d6e687bd 100644 (file)
--- a/src/detect-app-layer-protocol.c
+++ b/src/detect-app-layer-protocol.c
@@ -217,13 +217,13 @@ PrefilterPacketAppProtoMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const vo
 
     if ((p->flags & PKT_PROTO_DETECT_TS_DONE) && (p->flowflags & FLOW_PKT_TOSERVER) &&
             p->flow->alproto_ts != ALPROTO_UNKNOWN) {
-        int r = (ctx->v1.u16[0] == p->flow->alproto_ts) ^ ctx->v1.u8[2];
+        int r = AppProtoEquals(ctx->v1.u16[0], p->flow->alproto_ts) ^ ctx->v1.u8[2];
         if (r) {
             PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt);
         }
     } else if ((p->flags & PKT_PROTO_DETECT_TC_DONE) && (p->flowflags & FLOW_PKT_TOCLIENT) &&
                p->flow->alproto_tc != ALPROTO_UNKNOWN) {
-        int r = (ctx->v1.u16[0] == p->flow->alproto_tc) ^ ctx->v1.u8[2];
+        int r = AppProtoEquals(ctx->v1.u16[0], p->flow->alproto_tc) ^ ctx->v1.u8[2];
         if (r) {
             PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt);
         }