From: Victor Julien <victor@inliniac.net>
Date: Fri, 17 Aug 2012 09:07:48 +0000 (+0200)
Subject: Only set SIG_FLAG_REQUIRE_STREAM if signature inspects TCP.
X-Git-Tag: suricata-1.3.1~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e0bfcb7dde055ed1667bedffec65e7972ba9afef;p=thirdparty%2Fsuricata.git

Only set SIG_FLAG_REQUIRE_STREAM if signature inspects TCP.
---

diff --git a/src/detect-parse.c b/src/detect-parse.c
index bd766b8fff..0165fcf39c 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1121,17 +1121,20 @@ static int SigValidate(Signature *s) {
         }
     }
 
-    if (!(s->flags & (SIG_FLAG_REQUIRE_PACKET | SIG_FLAG_REQUIRE_STREAM))) {
-        s->flags |= SIG_FLAG_REQUIRE_STREAM;
-        SigMatch *sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
-        while (sm != NULL) {
-            if (sm->type == DETECT_CONTENT &&
-                (((DetectContentData *)(sm->ctx))->flags &
-                 (DETECT_CONTENT_DEPTH | DETECT_CONTENT_OFFSET))) {
-                s->flags |= SIG_FLAG_REQUIRE_PACKET;
-                break;
+    /* TCP: pkt vs stream vs depth/offset */
+    if (s->proto.proto[IPPROTO_TCP / 8] & (1 << (IPPROTO_TCP % 8))) {
+        if (!(s->flags & (SIG_FLAG_REQUIRE_PACKET | SIG_FLAG_REQUIRE_STREAM))) {
+            s->flags |= SIG_FLAG_REQUIRE_STREAM;
+            SigMatch *sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+            while (sm != NULL) {
+                if (sm->type == DETECT_CONTENT &&
+                        (((DetectContentData *)(sm->ctx))->flags &
+                         (DETECT_CONTENT_DEPTH | DETECT_CONTENT_OFFSET))) {
+                    s->flags |= SIG_FLAG_REQUIRE_PACKET;
+                    break;
+                }
+                sm = sm->next;
             }
-            sm = sm->next;
         }
     }