From 310a1822175b0b6b0f049b724aac215ebe213c31 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Mon, 28 Dec 2009 16:48:18 +0100
Subject: [PATCH] Fix signatures not being initialized properly

---
 src/detect-engine-threshold.c |  5 ++++-
 src/detect-parse.c            | 25 +++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/src/detect-engine-threshold.c b/src/detect-engine-threshold.c
index 99e2ea27d5..468551a91a 100644
--- a/src/detect-engine-threshold.c
+++ b/src/detect-engine-threshold.c
@@ -43,6 +43,8 @@
  */
 void PacketAlertHandle(DetectEngineCtx *de_ctx, Signature *sig, Packet *p)
 {
+    SCEnter();
+
     DetectThresholdData *tsh = NULL;
 
     tsh = SigGetThresholdType(sig,p);
@@ -53,8 +55,9 @@ void PacketAlertHandle(DetectEngineCtx *de_ctx, Signature *sig, Packet *p)
         PacketAlertThreshold(de_ctx,tsh,p,sig);
     }
 
-    return;
+    SCReturn;
 }
+
 /**
  * \brief Check if a certain signature has threshold option
  *
diff --git a/src/detect-parse.c b/src/detect-parse.c
index 801a65c86d..429f86dfa5 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -651,6 +651,10 @@ Signature *SigInit(DetectEngineCtx *de_ctx, char *sigstr) {
         }
     }
 
+    SCLogDebug("sig %"PRIu32" SIG_FLAG_APPLAYER: %s, SIG_FLAG_PACKET: %s",
+        sig->id, sig->flags & SIG_FLAG_APPLAYER ? "set" : "not set",
+        sig->flags & SIG_FLAG_PACKET ? "set" : "not set");
+
     return sig;
 
 error:
@@ -759,6 +763,27 @@ Signature *SigInitReal(DetectEngineCtx *de_ctx, char *sigstr) {
         }
     }
 
+    /* set the packet and app layer flags, but only if the
+     * app layer flag wasn't already set in which case we
+     * only consider the app layer */
+    if (!(sig->flags & SIG_FLAG_APPLAYER)) {
+        if (sig->match != NULL) {
+            SigMatch *sm = sig->match;
+            for ( ; sm != NULL; sm = sm->next) {
+                if (sigmatch_table[sm->type].AppLayerMatch != NULL)
+                    sig->flags |= SIG_FLAG_APPLAYER;
+                if (sigmatch_table[sm->type].Match != NULL)
+                    sig->flags |= SIG_FLAG_PACKET;
+            }
+        } else {
+            sig->flags |= SIG_FLAG_PACKET;
+        }
+    }
+
+    SCLogDebug("sig %"PRIu32" SIG_FLAG_APPLAYER: %s, SIG_FLAG_PACKET: %s",
+        sig->id, sig->flags & SIG_FLAG_APPLAYER ? "set" : "not set",
+        sig->flags & SIG_FLAG_PACKET ? "set" : "not set");
+
     /**
      * In SigInitReal, the signature returned will point from the ptr next
      * to the cloned signatures with the switched addresses if it has