From 0cba561fecffe93596d38691561d4316c3b8efb2 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 30 Mar 2022 15:24:32 +0200
Subject: [PATCH] detect: not an iponly signature if it needs app-layer

Ticket: 4972

This may happen with `config` keyword which is postmatch,
but may require a transaction
---
 src/detect-engine-build.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
index 34357a2f3d..813876eaca 100644
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -195,6 +195,10 @@ int SignatureIsIPOnly(DetectEngineCtx *de_ctx, const Signature *s)
     if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
         return 0;
 
+    // may happen for 'config' keyword, postmatch
+    if (s->flags & SIG_FLAG_APPLAYER)
+        return 0;
+
     /* if flow dir is set we can't process it in ip-only */
     if (!(((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == 0) ||
             (s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) ==