From: Victor Julien <victor@inliniac.net>
Date: Mon, 22 Apr 2013 09:04:10 +0000 (+0200)
Subject: unified2: only call stream callback for TCP
X-Git-Tag: suricata-2.0beta1~159
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b54a19937f7fcbbce82bd965e5f2c65b3ea0728b;p=thirdparty%2Fsuricata.git

unified2: only call stream callback for TCP
---

diff --git a/src/alert-unified2-alert.c b/src/alert-unified2-alert.c
index f131b3321c..04388f5bc0 100644
--- a/src/alert-unified2-alert.c
+++ b/src/alert-unified2-alert.c
@@ -734,8 +734,10 @@ int Unified2IPv6TypeAlert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq
         aun->length = 0;
         aun->offset = 0;
 
-        ret = Unified2PacketTypeAlert(aun, p, phdr->event_id,
-                pa->flags & (PACKET_ALERT_FLAG_STATE_MATCH|PACKET_ALERT_FLAG_STREAM_MATCH) ? 1 : 0);
+        /* stream flag based on state match, but only for TCP */
+        int stream = (gphdr.protocol == IPPROTO_TCP) ?
+            (pa->flags & (PACKET_ALERT_FLAG_STATE_MATCH|PACKET_ALERT_FLAG_STREAM_MATCH) ? 1 : 0) : 0;
+        ret = Unified2PacketTypeAlert(aun, p, phdr->event_id, stream);
         if (ret != 1) {
             SCLogError(SC_ERR_FWRITE, "Error: fwrite failed: %s", strerror(errno));
             aun->file_ctx->alerts += i;