From 27f67c97dea620e5dae5bd8999592af55e987256 Mon Sep 17 00:00:00 2001
From: Gurvinder Singh <gurvindersinghdahiya@gmail.com>
Date: Sat, 25 Dec 2010 14:40:42 +0100
Subject: [PATCH] log error on duplicate sig and also for dup sig with newer
 revision

---
 src/detect-parse.c | 19 +++++++++++++++----
 src/util-error.c   |  1 +
 src/util-error.h   |  1 +
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/detect-parse.c b/src/detect-parse.c
index 4535c20fa7..e14b1143ee 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1919,21 +1919,32 @@ end:
  * \param de_ctx Pointer to the Detection Engine Context.
  * \param sigstr Pointer to a character string containing the signature to be
  *               parsed.
+ * \param sig_file Pointer to a character string containing the filename from
+ *                 which signature is read
+ * \param lineno Line number from where signature is read
  *
  * \retval Pointer to the head Signature in the detection engine ctx sig_list
  *         on success; NULL on failure.
  */
-Signature *DetectEngineAppendSig(DetectEngineCtx *de_ctx, char *sigstr) {
+Signature *DetectEngineAppendSig(DetectEngineCtx *de_ctx, char *sigstr)
+{
     Signature *sig = SigInitReal(de_ctx, sigstr);
-    if (sig == NULL)
+    if (sig == NULL) {
         return NULL;
+    }
 
     /* checking for the status of duplicate signature */
     int dup_sig = DetectEngineSignatureIsDuplicate(de_ctx, sig);
     /* a duplicate signature that should be chucked out.  Check the previously
      * called function details to understand the different return values */
-    if (dup_sig == 1)
+    if (dup_sig == 1) {
+        SCLogError(SC_ERR_DUPLICATE_SIG, "Duplicate signature \"%s\"", sigstr);
         goto error;
+    } else if (dup_sig == 2) {
+        SCLogWarning(SC_ERR_DUPLICATE_SIG, "Signature with newer revision,"
+                " so the older sig replaced by this new signature \"%s\"",
+                sigstr);
+    }
 
     if (sig->init_flags & SIG_FLAG_BIDIREC) {
         if (sig->next != NULL) {
@@ -1953,7 +1964,7 @@ Signature *DetectEngineAppendSig(DetectEngineCtx *de_ctx, char *sigstr) {
      * so if the signature is bidirectional, the returned sig will point through "next" ptr
      * to the cloned signatures with the switched addresses
      */
-    return (dup_sig == 0) ? sig : NULL;
+    return (dup_sig == 0 || dup_sig == 2) ? sig : NULL;
 
 error:
     if (sig != NULL)
diff --git a/src/util-error.c b/src/util-error.c
index d24d6ea742..460ec0632f 100644
--- a/src/util-error.c
+++ b/src/util-error.c
@@ -192,6 +192,7 @@ const char * SCErrorToString(SCError err)
         CASE_CODE (SC_ERR_DCERPC);
         CASE_CODE (SC_ERR_AHO_CORASICK);
         CASE_CODE (SC_ERR_REFERENCE_CONFIG);
+        CASE_CODE (SC_ERR_DUPLICATE_SIG);
         CASE_CODE (SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL);
         CASE_CODE (SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT);
         CASE_CODE (SC_ERR_HTTP_METHOD_NEEDS_PRECEEDING_CONTENT);
diff --git a/src/util-error.h b/src/util-error.h
index 9752f10c22..31bb51c0a3 100644
--- a/src/util-error.h
+++ b/src/util-error.h
@@ -203,6 +203,7 @@ typedef enum {
     SC_ERR_DETECT_PREPARE,          /**< preparing the detection engine failed */
     SC_ERR_AHO_CORASICK,
     SC_ERR_REFERENCE_CONFIG,
+    SC_ERR_DUPLICATE_SIG,       /**< Error to indicate that signature is duplicate */
     SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL,
     SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT,
     SC_ERR_HTTP_METHOD_NEEDS_PRECEEDING_CONTENT,