detect: add flag when packet is first with alert

We add a flag to packet to be able to know if this packet was the
first one to get alerts on the flow.

src/decode.h

@@ -1220,6 +1220,9 @@ void DecodeUnregisterCounters(void);
  *  so flag it for not setting stream events */
 #define PKT_STREAM_NO_EVENTS BIT_U32(28)
 
+/** We had no alert on flow before this packet */
+#define PKT_FIRST_ALERTS BIT_U32(29)
+
 /** \brief return 1 if the packet is a pseudo packet */
 #define PKT_IS_PSEUDOPKT(p) \
     ((p)->flags & (PKT_PSEUDO_STREAM_END|PKT_PSEUDO_DETECTLOG_FLUSH))

src/detect-engine-alert.c

@@ -394,7 +394,10 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
 
     /* Set flag on flow to indicate that it has alerts */
     if (p->flow != NULL && p->alerts.cnt > 0) {
+        if (!FlowHasAlerts(p->flow)) {
             FlowSetHasAlertsFlag(p->flow);
+            p->flags |= PKT_FIRST_ALERTS;
+        }
     }
 
 }