From 8d0bc27fc4136f4f6a3be0dc9306c5fb362409db Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Wed, 10 Nov 2010 16:58:58 +0100
Subject: [PATCH] Fix a case where alerting in inline mode would lead dropping
 on alert sigs.

---
 src/detect-engine-alert.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c
index 51784a24cd..f51fa543d6 100644
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@@ -253,12 +253,16 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
 
             /* set verdict on packet */
             p->action |= p->alerts.alerts[i].action;
+
             if (p->alerts.alerts[i].action & ACTION_PASS) {
                 /* Ok, reset the alert cnt to end in the previous of pass
                  * so we ignore the rest with less prio */
                 p->alerts.cnt = i;
                 break;
-            } else if ( ((p->alerts.alerts[i].flags & PACKET_ALERT_FLAG_DROP_FLOW) ||
+            /* if the signature wants to drop, check if the
+             * PACKET_ALERT_FLAG_DROP_FLOW flag is set. */
+            } else if (p->alerts.alerts[i].action & ACTION_DROP &&
+                    ((p->alerts.alerts[i].flags & PACKET_ALERT_FLAG_DROP_FLOW) ||
                          (s->flags & SIG_FLAG_APPLAYER))
                        && p->flow != NULL)
             {