From b899146229def1aefa6fcec1cf8022c1e011e215 Mon Sep 17 00:00:00 2001
From: Anoop Saldanha <poonaatsoc@gmail.com>
Date: Mon, 23 Apr 2012 13:46:34 +0530
Subject: [PATCH] fix detection filter. Had one extra alert than normal
 previously, now fixed

---
 src/detect-engine-threshold.c | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/src/detect-engine-threshold.c b/src/detect-engine-threshold.c
index 0023bcc976..88040e8750 100644
--- a/src/detect-engine-threshold.c
+++ b/src/detect-engine-threshold.c
@@ -327,7 +327,7 @@ int ThresholdHandlePacketHost(Host *h, Packet *p, DetectThresholdData *td, uint3
                     /* within timeout */
 
                     lookup_tsh->current_count++;
-                    if (lookup_tsh->current_count >= td->count) {
+                    if (lookup_tsh->current_count > td->count) {
                         ret = 1;
                     }
                 } else {
@@ -335,16 +335,8 @@ int ThresholdHandlePacketHost(Host *h, Packet *p, DetectThresholdData *td, uint3
 
                     lookup_tsh->tv_sec1 = p->ts.tv_sec;
                     lookup_tsh->current_count = 1;
-
-                    if (td->count == 1) {
-                        ret = 1;
-                    }
                 }
             } else {
-                if (td->count == 1) {
-                    ret = 1;
-                }
-
                 DetectThresholdEntry *e = DetectThresholdEntryAlloc(td, p, sid, gid);
                 if (e == NULL) {
                     break;