From: Victor Julien <victor@inliniac.net>
Date: Wed, 15 Aug 2018 10:15:26 +0000 (+0200)
Subject: detect/parse: try to set flow direction for sigs w/o explict app proto as well
X-Git-Tag: suricata-4.1.0-rc2~118
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a68eec630f26967943d5d712b657f460d6d7c696;p=thirdparty%2Fsuricata.git

detect/parse: try to set flow direction for sigs w/o explict app proto as well
---

diff --git a/src/detect-parse.c b/src/detect-parse.c
index 34a3f75881..437e4dfecd 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1564,7 +1564,7 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
         if (s->init_data->smlists[x]) {
             const DetectEngineAppInspectionEngine *app = de_ctx->app_inspect_engines;
             for ( ; app != NULL; app = app->next) {
-                if (app->sm_list == x && s->alproto == app->alproto) {
+                if (app->sm_list == x && ((s->alproto == app->alproto) || s->alproto == 0)) {
                     SCLogDebug("engine %s dir %d alproto %d",
                             DetectBufferTypeGetNameById(de_ctx, app->sm_list),
                             app->dir, app->alproto);