update failing unittest to reflect the mpm design update

14 years ago · eff08f93d8
parent af51493da2
commit eff08f93d8
19 changed files with 200 additions and 224 deletions
--- a/src/alert-fastlog.c
+++ b/src/alert-fastlog.c
@ -438,7 +438,7 @@ int AlertFastLogTest01()
    SCClassConfDeleteDummyClassificationConfigFD();

    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
-            "(msg:\"FastLog test\"; content:\"GET\"; "
+            "(msg:\"FastLog test\"; content:\"GET\"; dsize:>1; "
            "Classtype:unknown; sid:1;)");
    result = (de_ctx->sig_list != NULL);

@ -494,7 +494,7 @@ int AlertFastLogTest02()
    SCClassConfDeleteDummyClassificationConfigFD();

    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
-            "(msg:\"FastLog test\"; content:\"GET\"; "
+            "(msg:\"FastLog test\"; content:\"GET\"; dsize:>1; "
            "Classtype:unknown; sid:1;)");
    result = (de_ctx->sig_list != NULL);
    if (result == 0)
--- a/src/detect-asn1.c
+++ b/src/detect-asn1.c
@ -1059,12 +1059,12 @@ int DetectAsn1TestReal01(void) {
    char *sigs[3];
    sigs[0]= "alert ip any any -> any any (msg:\"Testing id 1\"; "
             "content:\"Pablo\"; asn1:absolute_offset 0, "
-             "oversize_length 130; sid:1;)";
+             "oversize_length 130; dsize:>1; sid:1;)";
    sigs[1]= "alert ip any any -> any any (msg:\"Testing id 2\"; "
             "content:\"AA\"; asn1:relative_offset 2, "
-             "oversize_length 130; sid:2;)";
+             "oversize_length 130; dsize:>1; sid:2;)";
    sigs[2]= "alert ip any any -> any any (msg:\"Testing id 3\"; "
-             "content:\"lalala\"; asn1: oversize_length 2000; sid:3;)";
+             "content:\"lalala\"; asn1: oversize_length 2000; dsize:>1; sid:3;)";

    uint32_t sid[3] = {1, 2, 3};

--- a/src/detect-bytejump.c
+++ b/src/detect-bytejump.c
@ -1113,7 +1113,7 @@ int DetectByteJumpTestPacket01 (void) {

    char sig[] = "alert tcp any any -> any any (msg:\"pcre + byte_test + "
    "relative\"; pcre:\"/AllWorkAndNoPlayMakesWillADullBoy/\"; byte_jump:1,6,"
-    "relative,string,dec; content:\"0\"; sid:134; rev:1;)";
+    "relative,string,dec; content:\"0\"; dsize:>1; sid:134; rev:1;)";

    result = UTHPacketMatchSig(p, sig);

@ -1145,7 +1145,7 @@ int DetectByteJumpTestPacket02 (void) {

    char sig[] = "alert tcp any any -> any any (msg:\"byte_jump with byte_jump"
                 " + relative\"; byte_jump:1,13; byte_jump:4,0,relative; "
-                 "content:\"|48 00 00|\"; within:3; sid:144; rev:1;)";
+                 "content:\"|48 00 00|\"; within:3; dsize:>1; sid:144; rev:1;)";

    result = UTHPacketMatchSig(p, sig);

--- a/src/detect-bytetest.c
+++ b/src/detect-bytetest.c
@ -1491,7 +1491,7 @@ int DetectByteTestTestPacket04(void)

    char sig[] = "alert tcp any any -> any any (msg:\"content + byte_test +"
                    "relative\"; content:\"GET \"; depth:4; content:\"HTTP/1.\"; "
-    "byte_test:1,<=,0,0,relative,string,dec; sid:124; rev:1;)";
+    "byte_test:1,<=,0,0,relative,string,dec; dsize:>1; sid:124; rev:1;)";

    result = UTHPacketMatchSig(p, sig);

@ -1521,7 +1521,7 @@ int DetectByteTestTestPacket05(void)

    char sig[] = "alert tcp any any -> any any (msg:\"content + byte_test +"
                    "relative\"; content:\"GET \"; depth:4; content:\"HTTP/1.\"; "
-    "byte_test:1,>=,0,0,relative,string,dec; sid:125; rev:1;)";
+    "byte_test:1,>=,0,0,relative,string,dec; dsize:>1; sid:125; rev:1;)";

    result = UTHPacketMatchSig(p, sig);

--- a/src/detect-content.c
+++ b/src/detect-content.c
@ -839,7 +839,7 @@ int DetectContentLongPatternMatchTestWrp(char *sig, uint32_t sid) {
 int DetectContentLongPatternMatchTest01()
 {
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"Hi, this is a big test\"; sid:1;)";
+                " content:\"Hi, this is a big test\"; dsize:>1; sid:1;)";
    return DetectContentLongPatternMatchTestWrp(sig, 1);
 }

@ -850,7 +850,7 @@ int DetectContentLongPatternMatchTest02()
 {
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
                " content:\"Hi, this is a big test to check content matches of"
-                " splitted patterns between multiple chunks!\"; sid:1;)";
+                " splitted patterns between multiple chunks!\"; dsize:>1; sid:1;)";
    return DetectContentLongPatternMatchTestWrp(sig, 1);
 }

@ -863,7 +863,7 @@ int DetectContentLongPatternMatchTest03()
    /** The last chunk of the content should not match */
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
                " content:\"Hi, this is a big test to check content matches of"
-                " splitted patterns between multiple splitted chunks!\"; sid:1;)";
+                " splitted patterns between multiple splitted chunks!\"; dsize:>1; sid:1;)";
    return (DetectContentLongPatternMatchTestWrp(sig, 1) == 0) ? 1: 0;
 }

@ -876,7 +876,7 @@ int DetectContentLongPatternMatchTest04()
                " content:\"Hi, this is\"; depth:15 ;content:\"a big test\"; "
                " within:15; content:\"to check content matches of\"; "
                " within:30; content:\"splitted patterns\"; distance:1; "
-                " within:30; depth:400;"
+                " within:30; depth:400; dsize:>1; "
                " sid:1;)";
    return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@ -896,7 +896,7 @@ int DetectContentLongPatternMatchTest05()
                " content:\"of splitted\"; within:37; distance:15; "
                " depth:60; isdataat:20,relative; offset: 48; "
                " content:\"patterns\"; within:9; distance:1; depth:69; "
-                " isdataat:10, relative; offset:60; "
+                " isdataat:10, relative; offset:60; dsize:>1; "
                " sid:1;)";
    return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@ -914,7 +914,7 @@ int DetectContentLongPatternMatchTest06()
                " content:\"of splitted patterns between multiple\"; "
                " within:38; distance:1; offset:47; depth:85; "
                " content:\"chunks!\"; within: 8; distance:1; "
-                " depth:94; offset: 50; "
+                " depth:94; offset: 50; dsize:>1; "
                " sid:1;)";
    return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@ -929,7 +929,7 @@ int DetectContentLongPatternMatchTest07()
                " content:\"chunks!\"; "
                " content:\"content matches\"; offset:32; depth:47; "
                " content:\"of splitted patterns between multiple\"; "
-                " content:\"Hi, this is a big\"; offset:0; depth:17; "
+                " content:\"Hi, this is a big\"; offset:0; depth:17; dsize:>1; "
                " sid:1;)";
    return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@ -946,7 +946,7 @@ int DetectContentLongPatternMatchTest08()
                " within:38; distance:1; offset:47; depth:85; "
                " content:\"chunks!\"; within: 8; distance:1; "
                " depth:94; offset: 50; "
-                " content:\"Hi, this is a big test to check cont\"; depth:36;"
+                " content:\"Hi, this is a big test to check cont\"; depth:36; dsize:>1; "
                " sid:1;)";
    return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@ -964,7 +964,7 @@ int DetectContentLongPatternMatchTest09()
                " content:\"chunks!\"; within: 8; distance:1; "
                " depth:94; offset: 50; "
                " content:\"Hi, this is a big test to chec\"; depth:36;"
-                " content:\"k cont\"; distance:0; within:6;"
+                " content:\"k cont\"; distance:0; within:6; dsize:>1; "
                " sid:1;)";
    return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@ -976,7 +976,7 @@ int DetectContentLongPatternMatchTest10()
 {
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\"; "
                " content:\"Hi, this is a big test to check \"; "
-                " content:\"con\"; "
+                " content:\"con\"; dsize:>1; "
                " sid:1;)";
    return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@ -988,7 +988,7 @@ int DetectContentLongPatternMatchTest11()
 {
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\"; "
                " content:\"H\"; "
-                " content:\"i\"; "
+                " content:\"i\"; dsize:>1; "
                " sid:1;)";
    return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@ -2091,7 +2091,7 @@ static int SigTest47TestNegatedContent(void)
 */
 static int SigTest48TestNegatedContent(void)
 {
-    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET\"; content:!\"GES\"; within:26; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
+    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET\"; content:!\"GES\"; within:26; dsize:>1; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
 }

 /**
@ -2109,7 +2109,7 @@ static int SigTest49TestNegatedContent(void)
 */
 static int SigTest50TestNegatedContent(void)
 {
-    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET\"; content:!\"GES\"; distance:25; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
+    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET\"; content:!\"GES\"; distance:25; dsize:>1; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
 }

 /**
@ -2166,7 +2166,7 @@ static int SigTest55TestNegatedContent(void)
 */
 static int SigTest56TestNegatedContent(void)
 {
-    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"one\"; content:\"fourty\"; within:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
+    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"one\"; content:\"fourty\"; within:56; dsize:>1; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
 }

 /**
@ -2252,7 +2252,7 @@ static int SigTest67TestNegatedContent(void)

 static int SigTest68TestNegatedContent(void)
 {
-    return SigTestPositiveTestContent("alert tcp any any -> any any (content:\"one\"; depth:10; content:\"nine\"; offset:8; content:!\"fourty\"; within:28; content:\"fiftysix\"; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
+    return SigTestPositiveTestContent("alert tcp any any -> any any (content:\"one\"; depth:10; content:\"nine\"; offset:8; content:!\"fourty\"; within:28; content:\"fiftysix\"; dsize:>1; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
 }

 static int SigTest69TestNegatedContent(void)
@ -2283,12 +2283,12 @@ static int SigTest73TestNegatedContent(void)

 static int SigTest74TestNegatedContent(void)
 {
-    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"USER\"; content:!\"PASS\"; sid:1;)",  (uint8_t *)"USER apple");
+    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"USER\"; content:!\"PASS\"; dsize:>1; sid:1;)",  (uint8_t *)"USER apple");
 }

 static int SigTest75TestNegatedContent(void)
 {
-    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"USER\"; content:\"!PASS\"; sid:1;)",  (uint8_t *)"USER !PASS");
+    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"USER\"; content:\"!PASS\"; dsize:>1; sid:1;)",  (uint8_t *)"USER !PASS");
 }

 static int SigTest76TestBug134(void)
@ -2310,7 +2310,7 @@ static int SigTest76TestBug134(void)

    char sig[] = "alert tcp any any -> any 515 "
            "(msg:\"detect IFS\"; flow:to_server,established; content:\"${IFS}\";"
-            " depth:50; offset:0; sid:900091; rev:1;)";
+            " depth:50; offset:0; dsize:>1; sid:900091; rev:1;)";
    if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
        result = 0;
        goto end;
@ -2336,7 +2336,7 @@ static int SigTest77TestBug139(void)

    p->dp = 53;
    char sig[] = "alert udp any any -> any 53 (msg:\"dns testing\";"
-                    " content:\"|00 00|\"; depth:5; offset:13; sid:9436601;"
+                    " content:\"|00 00|\"; depth:5; offset:13; dsize:>1; sid:9436601;"
                    " rev:1;)";
    if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
        result = 0;
--- a/src/detect-distance.c
+++ b/src/detect-distance.c
@ -893,7 +893,7 @@ int DetectDistanceTestPacket01 (void) {

    char sig[] = "alert tcp any any -> any any (msg:\"suricata test\"; "
                    "byte_jump:1,2; content:\"|00|\"; "
-                    "within:1; distance:2; sid:98711212; rev:1;)";
+                    "within:1; distance:2; dsize:>1; sid:98711212; rev:1;)";

    p->flowflags = FLOW_PKT_ESTABLISHED | FLOW_PKT_TOCLIENT;
    result = UTHPacketMatchSig(p, sig);
--- a/src/detect-engine-iponly.c
+++ b/src/detect-engine-iponly.c
@ -1789,7 +1789,7 @@ int IPOnlyTestSig05(void) {
    sigs[3]= "alert tcp 192.168.1.5 any -> 192.168.1.1 any (msg:\"Testing src/dst ip (sid 4)\"; sid:4;)";
    sigs[4]= "alert tcp 192.168.1.0/24 any -> any any (msg:\"Testing src/dst ip (sid 5)\"; sid:5;)";
    sigs[5]= "alert tcp any any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 6)\"; sid:6;)";
-    sigs[6]= "alert tcp 192.168.1.0/24 any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\";sid:7;)";
+    sigs[6]= "alert tcp 192.168.1.0/24 any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\"; dsize:>1; sid:7;)";

    /* Sid numbers (we could extract them from the sig) */
    uint32_t sid[7] = { 1, 2, 3, 4, 5, 6, 7};
@ -1825,7 +1825,7 @@ int IPOnlyTestSig06(void) {
    sigs[3]= "alert tcp 192.168.1.5 any -> 192.168.1.1 any (msg:\"Testing src/dst ip (sid 4)\"; sid:4;)";
    sigs[4]= "alert tcp 192.168.1.0/24 any -> any any (msg:\"Testing src/dst ip (sid 5)\"; sid:5;)";
    sigs[5]= "alert tcp any any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 6)\"; sid:6;)";
-    sigs[6]= "alert tcp 192.168.1.0/24 any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\";sid:7;)";
+    sigs[6]= "alert tcp 192.168.1.0/24 any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\"; dsize:>1; sid:7;)";

    /* Sid numbers (we could extract them from the sig) */
    uint32_t sid[7] = { 1, 2, 3, 4, 5, 6, 7};
@ -1933,7 +1933,7 @@ int IPOnlyTestSig09(void) {
    sigs[3]= "alert tcp 3FFE:FFFF:7654:FEDA:1245:BA98:3210:4565 any -> 3FFE:FFFF:7654:FEDA:1245:BA98:3210:0/96 any (msg:\"Testing src/dst ip (sid 4)\"; sid:4;)";
    sigs[4]= "alert tcp 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any -> any any (msg:\"Testing src/dst ip (sid 5)\"; sid:5;)";
    sigs[5]= "alert tcp any any -> 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any (msg:\"Testing src/dst ip (sid 6)\"; sid:6;)";
-    sigs[6]= "alert tcp 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any -> 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\";sid:7;)";
+    sigs[6]= "alert tcp 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any -> 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\"; dsize:>1; sid:7;)";

    /* Sid numbers (we could extract them from the sig) */
    uint32_t sid[7] = { 1, 2, 3, 4, 5, 6, 7};
@ -1969,7 +1969,7 @@ int IPOnlyTestSig10(void) {
    sigs[3]= "alert tcp 3FFE:FFFF:7654:FEDA:1245:BA98:3210:4565 any -> !3FFE:FFFF:7654:FEDA:1245:BA98:3210:4562/96 any (msg:\"Testing src/dst ip (sid 4)\"; sid:4;)";
    sigs[4]= "alert tcp !3FFE:FFFF:7654:FEDA:0:0:0:0/64 any -> any any (msg:\"Testing src/dst ip (sid 5)\"; sid:5;)";
    sigs[5]= "alert tcp any any -> !3FFE:FFFF:7654:FEDA:0:0:0:0/64 any (msg:\"Testing src/dst ip (sid 6)\"; sid:6;)";
-    sigs[6]= "alert tcp 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any -> 3FFE:FFFF:7654:FEDB:0:0:0:0/64 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\";sid:7;)";
+    sigs[6]= "alert tcp 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any -> 3FFE:FFFF:7654:FEDB:0:0:0:0/64 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\"; dsize:>1; sid:7;)";

    /* Sid numbers (we could extract them from the sig) */
    uint32_t sid[7] = { 1, 2, 3, 4, 5, 6, 7};
@ -2143,7 +2143,7 @@ int IPOnlyTestSig15(void)
    sigs[5]= "alert tcp any any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 6)\"; "
        "flowbits:set,six; sid:6;)";
    sigs[6]= "alert tcp 192.168.1.0/24 any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 7)\"; "
-        "flowbits:set,seven; content:\"Hi all\"; sid:7;)";
+        "flowbits:set,seven; content:\"Hi all\"; dsize:>1; sid:7;)";

    /* Sid numbers (we could extract them from the sig) */
    uint32_t sid[7] = { 1, 2, 3, 4, 5, 6, 7};
--- a/src/detect-engine-payload.c
+++ b/src/detect-engine-payload.c
@ -539,7 +539,7 @@ static int PayloadTestSig01 (void) {
    Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
    int result = 0;

-    char sig[] = "alert tcp any any -> any any (content:\"abc\"; content:\"d\"; distance:0; within:1; sid:1;)";
+    char sig[] = "alert tcp any any -> any any (content:\"abc\"; content:\"d\"; distance:0; within:1; dsize:>1; sid:1;)";
    if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
        result = 0;
        goto end;
@ -560,7 +560,7 @@ static int PayloadTestSig02 (void) {
    Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
    int result = 0;

-    char sig[] = "alert tcp any any -> any any (content:\"abc\"; nocase; content:\"d\"; distance:0; within:1; sid:1;)";
+    char sig[] = "alert tcp any any -> any any (content:\"abc\"; nocase; content:\"d\"; distance:0; within:1; dsize:>1; sid:1;)";
    if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
        result = 0;
        goto end;
@ -581,7 +581,7 @@ static int PayloadTestSig03 (void) {
    Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
    int result = 0;

-    char sig[] = "alert tcp any any -> any any (content:\"aBc\"; nocase; content:\"abca\"; distance:-10; within:4; sid:1;)";
+    char sig[] = "alert tcp any any -> any any (content:\"aBc\"; nocase; content:\"abca\"; distance:-10; within:4; dsize:>1; sid:1;)";
    if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
        result = 0;
        goto end;
@ -606,7 +606,7 @@ static int PayloadTestSig04(void)

    char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
        "content:\"this\"; content:\"is\"; within:6; content:\"big\"; within:8; "
-        "content:\"string\"; within:8; sid:1;)";
+        "content:\"string\"; within:8; dsize:>1; sid:1;)";
    if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
        result = 0;
        goto end;
@ -631,7 +631,7 @@ static int PayloadTestSig05(void)

    char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
        "content:\"this\"; content:\"is\"; within:9; content:\"big\"; within:12; "
-        "content:\"string\"; within:8; sid:1;)";
+        "content:\"string\"; within:8; dsize:>1; sid:1;)";
    if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
        result = 0;
        goto end;
@ -656,7 +656,7 @@ static int PayloadTestSig06(void)

    char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
        "content:\"now\"; content:\"this\"; content:\"is\"; within:12; content:\"big\"; within:8; "
-        "content:\"string\"; within:8; sid:1;)";
+        "content:\"string\"; within:8; dsize:>1; sid:1;)";
    if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
        result = 0;
        goto end;
@ -680,7 +680,7 @@ static int PayloadTestSig07(void)
    int result = 0;

    char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
-        "content:\"thus\"; offset:8; content:\"is\"; within:6; content:\"big\"; within:8; sid:1;)";
+        "content:\"thus\"; offset:8; content:\"is\"; within:6; content:\"big\"; within:8; dsize:>1; sid:1;)";

    if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
        result = 0;
@ -706,7 +706,7 @@ static int PayloadTestSig08(void)
    int result = 0;

    char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
-        "content:\"fix\"; content:\"this\"; within:6; content:!\"and\"; distance:0; sid:1;)";
+        "content:\"fix\"; content:\"this\"; within:6; content:!\"and\"; distance:0; dsize:>1; sid:1;)";

    if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 1) {
        goto end;
@ -730,7 +730,7 @@ static int PayloadTestSig09(void)
    int result = 0;

    char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
-        "pcre:/super/; content:\"nova\"; within:7; sid:1;)";
+        "pcre:/super/; content:\"nova\"; within:7; dsize:>1; sid:1;)";

    if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
        result = 0;
@ -851,7 +851,7 @@ static int PayloadTestSig13(void)

    char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
        "content:\"aa\"; content:\"aa\"; distance:0; content:\"aa\"; distance:0; "
-        "byte_test:1,>,200,0,relative; sid:1;)";
+        "byte_test:1,>,200,0,relative; dsize:>1; sid:1;)";

 #include <sys/time.h>
    struct timeval tv_start, tv_end, tv_diff;
@ -926,7 +926,7 @@ static int PayloadTestSig14(void)
    Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
    int result = 0;

-    char sig[] = "alert tcp any any -> any any (content:\"User-Agent|3A| Mozilla/5.0 |28|Macintosh|3B| \"; content:\"Firefox/3.\"; distance:0; content:!\"Firefox/3.6.12\"; distance:-10; content:!\"Mozilla/5.0 |28|Macintosh|3B| U|3B| Intel Mac OS X 10.5|3B| en-US|3B| rv|3A|1.9.1b4|29| Gecko/20090423 Firefox/3.6 GTB5\"; sid:1; rev:1;)";
+    char sig[] = "alert tcp any any -> any any (content:\"User-Agent|3A| Mozilla/5.0 |28|Macintosh|3B| \"; content:\"Firefox/3.\"; distance:0; content:!\"Firefox/3.6.12\"; distance:-10; content:!\"Mozilla/5.0 |28|Macintosh|3B| U|3B| Intel Mac OS X 10.5|3B| en-US|3B| rv|3A|1.9.1b4|29| Gecko/20090423 Firefox/3.6 GTB5\"; dsize:>1; sid:1; rev:1;)";

    //char sig[] = "alert tcp any any -> any any (content:\"User-Agent: Mozilla/5.0 (Macintosh; \"; content:\"Firefox/3.\"; distance:0; content:!\"Firefox/3.6.12\"; distance:-10; content:!\"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b4) Gecko/20090423 Firefox/3.6 GTB5\"; sid:1; rev:1;)";

@ -949,7 +949,7 @@ static int PayloadTestSig15(void)
    int result = 0;

    char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
-        "content:\"nova\"; isdataat:18,relative; sid:1;)";
+        "content:\"nova\"; isdataat:18,relative; dsize:>1; sid:1;)";

    if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
        result = 0;
@ -972,7 +972,7 @@ static int PayloadTestSig16(void)
    int result = 0;

    char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
-        "content:\"nova\"; isdataat:!20,relative; sid:1;)";
+        "content:\"nova\"; isdataat:!20,relative; dsize:>1; sid:1;)";

    if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
        result = 0;
@ -996,7 +996,7 @@ static int PayloadTestSig17(void)

    char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
        "content:\"%\"; depth:4; offset:0; "
-        "content:\"%\"; within:2; distance:1; sid:1;)";
+        "content:\"%\"; within:2; distance:1; dsize:>1; sid:1;)";

    if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
        result = 0;
@ -1025,7 +1025,7 @@ static int PayloadTestSig18(void)
    char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
        "content:\"|01 02 03 04|\"; "
        "byte_extract:1,2,one,string,dec,relative; "
-        "content:\"|0C 0D 0E 0F|\"; distance:one; sid:1;)";
+        "content:\"|0C 0D 0E 0F|\"; distance:one; dsize:>1; sid:1;)";

    if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
        result = 0;
@ -1054,7 +1054,7 @@ static int PayloadTestSig19(void)
    char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
        "content:\"|01 02 03 04|\"; "
        "byte_extract:1,2,one,string,hex,relative; "
-        "content:\"|0C 0D 0E 0F|\"; distance:one; sid:1;)";
+        "content:\"|0C 0D 0E 0F|\"; distance:one; dsize:>1; sid:1;)";

    if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
        result = 0;
@ -1083,7 +1083,7 @@ static int PayloadTestSig20(void)
    char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
        "content:\"|01 02 03 04|\"; "
        "byte_extract:1,2,one,string,dec,relative; "
-        "content:\"|06 35 07 08|\"; offset:one; sid:1;)";
+        "content:\"|06 35 07 08|\"; offset:one; dsize:>1; sid:1;)";

    if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
        result = 0;
@ -1112,7 +1112,7 @@ static int PayloadTestSig21(void)
    char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
        "content:\"|01 02 03 04|\"; "
        "byte_extract:1,2,one,string,dec,relative; "
-        "content:\"|03 04 05 06|\"; depth:one; sid:1;)";
+        "content:\"|03 04 05 06|\"; depth:one; dsize:>1; sid:1;)";

    if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
        result = 0;
@ -1141,7 +1141,7 @@ static int PayloadTestSig22(void)
    char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
        "content:\"|01 02 03 04|\"; "
        "byte_extract:1,2,one,string,dec,relative; "
-        "content:\"|09 0A 0B 0C|\"; within:one; sid:1;)";
+        "content:\"|09 0A 0B 0C|\"; within:one; dsize:>1; sid:1;)";

    if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
        result = 0;
@ -1171,7 +1171,7 @@ static int PayloadTestSig23(void)
        "content:\"|01 02 03 04|\"; "
        "byte_extract:1,2,one,string,dec,relative; "
        "byte_extract:1,3,two,string,dec,relative; "
-        "byte_test:1,=,one,two,string,dec,relative; sid:1;)";
+        "byte_test:1,=,one,two,string,dec,relative; dsize:>1; sid:1;)";

    if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
        result = 0;
@ -1201,7 +1201,7 @@ static int PayloadTestSig24(void)
        "content:\"|01 02 03 04|\"; "
        "byte_extract:1,2,one,string,dec,relative; "
        "byte_jump:1,one,string,dec,relative; "
-        "content:\"|0D 0E 0F|\"; distance:0; sid:1;)";
+        "content:\"|0D 0E 0F|\"; distance:0; dsize:>1; sid:1;)";

    if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
        result = 0;
--- a/src/detect-engine-port.c
+++ b/src/detect-engine-port.c
@ -2286,7 +2286,7 @@ int PortTestMatchRealWrp(char *sig, uint32_t sid) {
 int PortTestMatchReal01()
 {
    /* tcp.sport=47370 tcp.dport=80 */
-    char *sig = "alert tcp any any -> any 80 (msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
+    char *sig = "alert tcp any any -> any 80 (msg:\"Nothing..\"; content:\"GET\"; dsize:>1; sid:1;)";
    return PortTestMatchRealWrp(sig, 1);
 }

@ -2296,7 +2296,7 @@ int PortTestMatchReal01()
 int PortTestMatchReal02()
 {
    char *sig = "alert tcp any 47370 -> any any (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return PortTestMatchRealWrp(sig, 1);
 }

@ -2306,7 +2306,7 @@ int PortTestMatchReal02()
 int PortTestMatchReal03()
 {
    char *sig = "alert tcp any 47370 -> any 80 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return PortTestMatchRealWrp(sig, 1);
 }

@ -2316,7 +2316,7 @@ int PortTestMatchReal03()
 int PortTestMatchReal04()
 {
    char *sig = "alert tcp any any -> any !80 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }

@ -2326,7 +2326,7 @@ int PortTestMatchReal04()
 int PortTestMatchReal05()
 {
    char *sig = "alert tcp any !47370 -> any any (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }

@ -2336,7 +2336,7 @@ int PortTestMatchReal05()
 int PortTestMatchReal06()
 {
    char *sig = "alert tcp any !47370 -> any !80 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }

@ -2346,7 +2346,7 @@ int PortTestMatchReal06()
 int PortTestMatchReal07()
 {
    char *sig = "alert tcp any any -> any 70:100 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return PortTestMatchRealWrp(sig, 1);
 }

@ -2356,7 +2356,7 @@ int PortTestMatchReal07()
 int PortTestMatchReal08()
 {
    char *sig = "alert tcp any 47000:50000 -> any any (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return PortTestMatchRealWrp(sig, 1);
 }

@ -2366,7 +2366,7 @@ int PortTestMatchReal08()
 int PortTestMatchReal09()
 {
    char *sig = "alert tcp any 47000:50000 -> any 70:100 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return PortTestMatchRealWrp(sig, 1);
 }

@ -2376,7 +2376,7 @@ int PortTestMatchReal09()
 int PortTestMatchReal10()
 {
    char *sig = "alert tcp any any -> any !70:100 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }

@ -2386,7 +2386,7 @@ int PortTestMatchReal10()
 int PortTestMatchReal11()
 {
    char *sig = "alert tcp any !47000:50000 -> any any (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }

@ -2396,7 +2396,7 @@ int PortTestMatchReal11()
 int PortTestMatchReal12()
 {
    char *sig = "alert tcp any !47000:50000 -> any !70:100 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }

@ -2406,7 +2406,7 @@ int PortTestMatchReal12()
 int PortTestMatchReal13()
 {
    char *sig = "alert tcp any 47000:50000 -> any !81: (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return PortTestMatchRealWrp(sig, 1);
 }

@ -2416,7 +2416,7 @@ int PortTestMatchReal13()
 int PortTestMatchReal14()
 {
    char *sig = "alert tcp any !48000:50000 -> any :100 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return PortTestMatchRealWrp(sig, 1);
 }

@ -2426,7 +2426,7 @@ int PortTestMatchReal14()
 int PortTestMatchReal15()
 {
    char *sig = "alert tcp any :50000 -> any 81:100 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }

@ -2436,7 +2436,7 @@ int PortTestMatchReal15()
 int PortTestMatchReal16()
 {
    char *sig = "alert tcp any 100: -> any ![0:79,81:65535] (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return PortTestMatchRealWrp(sig, 1);
 }

@ -2446,7 +2446,7 @@ int PortTestMatchReal16()
 int PortTestMatchReal17()
 {
    char *sig = "alert tcp any ![0:39999,48000:50000] -> any ![0:80,82:65535] "
-                "(msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
+                "(msg:\"Nothing..\"; content:\"GET\"; dsize:>1; sid:1;)";
    return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }

@ -2456,7 +2456,7 @@ int PortTestMatchReal17()
 int PortTestMatchReal18()
 {
    char *sig = "alert tcp any ![0:39999,48000:50000] -> any 80 (msg:\"Nothing"
-                " at all\"; content:\"GET\"; sid:1;)";
+                " at all\"; content:\"GET\"; dsize:>1; sid:1;)";
    return PortTestMatchRealWrp(sig, 1);
 }

@ -2466,7 +2466,7 @@ int PortTestMatchReal18()
 int PortTestMatchReal19()
 {
    char *sig = "alert tcp any any -> any 80 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
    return PortTestMatchRealWrp(sig, 1);
 }

--- a/src/detect-fast-pattern.c
+++ b/src/detect-fast-pattern.c
@ -1015,12 +1015,12 @@ int DetectFastPatternTest14(void)
    de_ctx->flags |= DE_QUIET;

    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
-                               "(msg:\"fast_pattern test\"; content:\"strings_string5\"; content:\"knight\"; fast_pattern; sid:1;)");
+                               "(msg:\"fast_pattern test\"; content:\"strings_string5\"; content:\"knight\"; fast_pattern; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL)
        goto end;

    de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any "
-                                     "(msg:\"test different content\"; content:\"Dummy is our name\"; sid:2;)");
+                                     "(msg:\"test different content\"; content:\"Dummy is our name\"; dsize:>1; sid:2;)");
    if (de_ctx->sig_list->next == NULL)
        goto end;

--- a/src/detect-flowint.c
+++ b/src/detect-flowint.c
@ -1391,11 +1391,11 @@ int DetectFlowintTestPacket01Real()
    de_ctx->flags |= DE_QUIET;

    /* Now that we have the array of packets for the flow, prepare the signatures */
-    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Setting a flowint counter\"; content:\"GET\"; flowint:myvar,=,1; flowint:maxvar,=,6; sid:101;)");
+    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Setting a flowint counter\"; content:\"GET\"; flowint:myvar,=,1; flowint:maxvar,=,6; dsize:>1; sid:101;)");

-    de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Adding to flowint counter\"; content:\"Unauthorized\"; flowint: myvar,+,2; sid:102;)");
+    de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Adding to flowint counter\"; content:\"Unauthorized\"; flowint: myvar,+,2; dsize:>1; sid:102;)");

-    de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar,==,3; flowint: cntpackets, =, 0; sid:103;)");
+    de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar,==,3; flowint: cntpackets, =, 0; dsize:>1; sid:103;)");

    de_ctx->sig_list->next->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"and count the rest of the packets received without generating alerts!!!\"; flowint: myvar,==,3; flowint: cntpackets, +, 1; noalert;sid:104;)");

@ -1736,7 +1736,7 @@ int DetectFlowintTestPacket02Real()

    de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Adding to flowint counter\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: myvar,+,2; sid:102;)");

-    de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar, isset; flowint: myvar,==,3; flowint:cntpackets,notset; flowint: cntpackets, =, 0; sid:103;)");
+    de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar, isset; flowint: myvar,==,3; flowint:cntpackets,notset; flowint: cntpackets, =, 0; dsize:>1; sid:103;)");

    de_ctx->sig_list->next->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"and count the rest of the packets received without generating alerts!!!\"; flowint: cntpackets,isset; flowint: cntpackets, +, 1; noalert;sid:104;)");

@ -2076,11 +2076,11 @@ int DetectFlowintTestPacket03Real()
    de_ctx->flags |= DE_QUIET;

    /* Now that we have the array of packets for the flow, prepare the signatures */
-    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check notset\"; content:\"GET\"; flowint: myvar, notset; flowint: myvar,=,0; flowint: other,=,10; sid:101;)");
+    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check notset\"; content:\"GET\"; flowint: myvar, notset; flowint: myvar,=,0; flowint: other,=,10; dsize:>1; sid:101;)");

-    de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check isset\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: other,isset; sid:102;)");
+    de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check isset\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: other,isset; dsize:>1; sid:102;)");

-    de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check notset\"; content:\"Unauthorized\"; flowint:lala,isset; sid:103;)");
+    de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check notset\"; content:\"Unauthorized\"; flowint:lala,isset; dsize:>1; sid:103;)");

    de_ctx->sig_list->next->next->next = NULL;

--- a/src/detect-isdataat.c
+++ b/src/detect-isdataat.c
@ -1028,10 +1028,10 @@ int DetectIsdataatTestPacket01 (void) {

    char *sigs[5];
    sigs[0]= "alert ip any any -> any any (msg:\"Testing window 1\"; isdataat:6; sid:1;)";
-    sigs[1]= "alert ip any any -> any any (msg:\"Testing window 2\"; content:\"all\"; isdataat:1, relative; isdataat:6; sid:2;)";
+    sigs[1]= "alert ip any any -> any any (msg:\"Testing window 2\"; content:\"all\"; isdataat:1, relative; isdataat:6; dsize:>1; sid:2;)";
    sigs[2]= "alert ip any any -> any any (msg:\"Testing window 3\"; isdataat:8; sid:3;)";
-    sigs[3]= "alert ip any any -> any any (msg:\"Testing window 4\"; content:\"Hi\"; isdataat:5, relative; sid:4;)";
-    sigs[4]= "alert ip any any -> any any (msg:\"Testing window 4\"; content:\"Hi\"; isdataat:6, relative; sid:5;)";
+    sigs[3]= "alert ip any any -> any any (msg:\"Testing window 4\"; content:\"Hi\"; isdataat:5, relative; dsize:>1; sid:4;)";
+    sigs[4]= "alert ip any any -> any any (msg:\"Testing window 4\"; content:\"Hi\"; isdataat:6, relative; dsize:>1; sid:5;)";

    uint32_t sid[5] = {1, 2, 3, 4, 5};

--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@ -1352,20 +1352,15 @@ static int SigValidate(Signature *s) {
    }

    if (s->flags & SIG_FLAG_REQUIRE_PACKET) {
-        if (s->alproto != ALPROTO_UNKNOWN) {
-            SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature combines packet "
-                    "specific matches (like dsize, flags, ttl) with stream / "
-                    "state matching by matching on app layer proto (like http).");
-            SCReturnInt(0);
-        }
-
        if (s->sm_lists_tail[DETECT_SM_LIST_UMATCH] ||
-                s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH] ||
-                s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH] ||
-                s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH]  ||
-                s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH] ||
-                s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH]  ||
-                s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH])
+            s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH] ||
+            s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH] ||
+            s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH]  ||
+            s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH] ||
+            s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH]  ||
+            s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH] ||
+            s->sm_lists_tail[DETECT_SM_LIST_DMATCH] ||
+            s->sm_lists_tail[DETECT_SM_LIST_AMATCH])
        {
            SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature combines packet "
                    "specific matches (like dsize, flags, ttl) with stream / "
@ -1373,22 +1368,6 @@ static int SigValidate(Signature *s) {
                    "http_* keywords).");
            SCReturnInt(0);
        }
-
-        SigMatch *pm =  SigMatchGetLastSMFromLists(s, 14,
-                DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
-                DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
-                DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
-                DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
-                DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
-                DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
-                DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH]);
-        if (pm != NULL) {
-            SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature has"
-                    " replace keyword linked with a modified content"
-                    " keyword (http_*, dce_*). It only supports content on"
-                    " raw payload");
-            SCReturnInt(0);
-        }
    }

    SCReturnInt(1);
--- a/src/detect-replace.c
+++ b/src/detect-replace.c
@ -378,9 +378,9 @@ int DetectReplaceLongPatternMatchTestUDPWrp(char *sig, uint32_t sid, char *sig_r
 int DetectReplaceMatchTest01()
 {
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"big\"; replace:\"pig\"; sid:1;)";
+                " content:\"big\"; replace:\"pig\"; dsize:>1; sid:1;)";
    char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"this is a pig test\"; sid:2;)";
+                " content:\"this is a pig test\"; dsize:>1; sid:2;)";
    return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }

@ -390,9 +390,9 @@ int DetectReplaceMatchTest01()
 int DetectReplaceMatchTest02()
 {
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"th\"; offset: 4; replace:\"TH\"; sid:1;)";
+                " content:\"th\"; offset: 4; replace:\"TH\"; dsize:>1; sid:1;)";
    char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"THis\"; offset:4; sid:2;)";
+                " content:\"THis\"; offset:4; dsize:>1; sid:2;)";
    return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }

@ -402,9 +402,9 @@ int DetectReplaceMatchTest02()
 int DetectReplaceMatchTest03()
 {
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"th\"; replace:\"TH\"; offset: 4; sid:1;)";
+                " content:\"th\"; replace:\"TH\"; offset: 4; dsize:>1; sid:1;)";
    char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"THis\"; offset:4; sid:2;)";
+                " content:\"THis\"; offset:4; dsize:>1; sid:2;)";
    return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }

@ -414,9 +414,9 @@ int DetectReplaceMatchTest03()
 int DetectReplaceMatchTest04()
 {
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"th\"; replace:\"TH\"; content:\"patter\"; replace:\"matter\"; sid:1;)";
+                " content:\"th\"; replace:\"TH\"; content:\"patter\"; replace:\"matter\"; dsize:>1; sid:1;)";
    char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"THis\"; content:\"matterns\"; sid:2;)";
+                " content:\"THis\"; content:\"matterns\"; dsize:>1; sid:2;)";
    return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }

@ -451,9 +451,9 @@ int DetectReplaceMatchTest06()
 int DetectReplaceMatchTest07()
 {
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"BiG\"; nocase; replace:\"pig\"; sid:1;)";
+                " content:\"BiG\"; nocase; replace:\"pig\"; dsize:>1; sid:1;)";
    char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"this is a pig test\"; sid:2;)";
+                " content:\"this is a pig test\"; dsize:>1; sid:2;)";
    return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }

@ -463,9 +463,9 @@ int DetectReplaceMatchTest07()
 int DetectReplaceMatchTest08()
 {
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"big\"; depth:17; replace:\"pig\"; sid:1;)";
+                " content:\"big\"; depth:17; replace:\"pig\"; dsize:>1; sid:1;)";
    char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"this is a pig test\"; sid:2;)";
+                " content:\"this is a pig test\"; dsize:>1; sid:2;)";
    return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }

@ -487,9 +487,9 @@ int DetectReplaceMatchTest09()
 int DetectReplaceMatchTest10()
 {
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"big\"; depth:17; replace:\"pig\"; offset: 14; sid:1;)";
+                " content:\"big\"; depth:17; replace:\"pig\"; offset: 14; dsize:>1; sid:1;)";
    char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"pig\"; depth:17; offset:14; sid:2;)";
+                " content:\"pig\"; depth:17; offset:14; dsize:>1; sid:2;)";
    return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }

@ -499,9 +499,9 @@ int DetectReplaceMatchTest10()
 int DetectReplaceMatchTest11()
 {
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"big\"; replace:\"pig\"; content:\"to\"; within: 11; sid:1;)";
+                " content:\"big\"; replace:\"pig\"; content:\"to\"; within: 11; dsize:>1; sid:1;)";
    char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"pig\"; depth:17; offset:14; sid:2;)";
+                " content:\"pig\"; depth:17; offset:14; dsize:>1; sid:2;)";
    return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }

@ -523,9 +523,9 @@ int DetectReplaceMatchTest12()
 int DetectReplaceMatchTest13()
 {
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"big\"; replace:\"pig\"; content:\"test\"; distance: 1; sid:1;)";
+                " content:\"big\"; replace:\"pig\"; content:\"test\"; distance: 1; dsize:>1; sid:1;)";
    char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"pig\"; depth:17; offset:14; sid:2;)";
+                " content:\"pig\"; depth:17; offset:14; dsize:>1; sid:2;)";
    return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }

@ -547,9 +547,9 @@ int DetectReplaceMatchTest14()
 int DetectReplaceMatchTest15()
 {
    char *sig = "alert udp any any -> any any (msg:\"Nothing..\";"
-                " content:\"com\"; replace:\"org\"; sid:1;)";
+                " content:\"com\"; replace:\"org\"; dsize:>1; sid:1;)";
    char *sig_rep = "alert udp any any -> any any (msg:\"replace worked\";"
-                " content:\"twimg|03|org\"; sid:2;)";
+                " content:\"twimg|03|org\"; dsize:>1; sid:2;)";
    return DetectReplaceLongPatternMatchTestUDPWrp(sig, 1, sig_rep, 2);
 }

@ -599,7 +599,7 @@ int DetectReplaceParseTest02(void)
    de_ctx->sig_list = SigInit(de_ctx,
                               "alert http any any -> any any "
                               "(msg:\"test\"; content:\"doh\"; replace:\"bon\"; sid:238012;)");
-    if (de_ctx->sig_list != NULL) {
+    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
    }
@ -786,11 +786,11 @@ void DetectReplaceRegisterTests(void)
    UtRegisterTest("DetectReplaceMatchTest15", DetectReplaceMatchTest15, 1);
 /* parsing */
    UtRegisterTest("DetectReplaceParseTest01", DetectReplaceParseTest01, 1);
-    UtRegisterTest("DetectReplaceParseTest02", DetectReplaceParseTest02, 0);
-    UtRegisterTest("DetectReplaceParseTest03", DetectReplaceParseTest03, 0);
+    UtRegisterTest("DetectReplaceParseTest02", DetectReplaceParseTest02, 1);
+    UtRegisterTest("DetectReplaceParseTest03", DetectReplaceParseTest03, 1);
    UtRegisterTest("DetectReplaceParseTest04", DetectReplaceParseTest04, 1);
    UtRegisterTest("DetectReplaceParseTest05", DetectReplaceParseTest05, 1);
    UtRegisterTest("DetectReplaceParseTest06", DetectReplaceParseTest06, 1);
-    UtRegisterTest("DetectReplaceParseTest07", DetectReplaceParseTest07, 0);
+    UtRegisterTest("DetectReplaceParseTest07", DetectReplaceParseTest07, 1);
 #endif /* UNITTESTS */
 }
--- a/src/detect-threshold.c
+++ b/src/detect-threshold.c
@ -411,7 +411,7 @@ static int DetectThresholdTestSig1(void) {

    de_ctx->flags |= DE_QUIET;

-    s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 80 (msg:\"Threshold limit\"; content:\"A\"; threshold: type limit, track by_dst, count 5, seconds 60; sid:1;)");
+    s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 80 (msg:\"Threshold limit\"; content:\"A\"; threshold: type limit, track by_dst, count 5, seconds 60; dsize:>0; sid:1;)");
    if (s == NULL) {
        goto end;
    }
--- a/src/detect-within.c
+++ b/src/detect-within.c
@ -872,7 +872,7 @@ int DetectWithinTestPacket01 (void) {

    char sig[] = "alert tcp any any -> any any (msg:\"pcre with within "
                 "modifier\"; pcre:\"/AllWorkAndNoPlayMakesWillADullBoy/\";"
-                 " content:\"HTTP\"; within:5; sid:49; rev:1;)";
+                 " content:\"HTTP\"; within:5; dsize:>1; sid:49; rev:1;)";

    result = UTHPacketMatchSig(p, sig);

@ -893,7 +893,7 @@ int DetectWithinTestPacket02 (void) {
        goto end;

    char sig[] = "alert tcp any any -> any any (msg:\"pcre with within "
-                 "modifier\"; content:\"Five\"; content:\"Ten\"; within:3; distance:1; sid:1;)";
+                 "modifier\"; content:\"Five\"; content:\"Ten\"; within:3; distance:1; dsize:>1; sid:1;)";

    result = UTHPacketMatchSig(p, sig);

--- a/src/detect.c
+++ b/src/detect.c
@ -1692,7 +1692,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
                    /* Limit the number of times we do this recursive thing.
                     * XXX is this a sane limit? Should it be configurable? */
                    if (recursion_cnt == 10)
-                        goto done;
+                        goto next;
                } while (rmatch);

            } else {
@ -1729,9 +1729,6 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
    next:
        RULE_PROFILING_END(s, match);
        continue;
-    done:
-        RULE_PROFILING_END(s, match);
-        break;
    }
    PACKET_PROFILING_DETECT_END(p, PROF_DETECT_RULES);

@ -4416,7 +4413,7 @@ static int SigTest01Real (int mpm_type) {
    Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
    int result = 0;

-    char sig[] = "alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)";
+    char sig[] = "alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; dsize:>1; sid:1;)";
    if (UTHPacketMatchSigMpm(p, sig, mpm_type) == 0) {
        result = 0;
        goto end;
@ -4461,7 +4458,7 @@ static int SigTest02Real (int mpm_type) {
                    "\r\n\r\n";
    uint16_t buflen = strlen((char *)buf);
    Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
-    char sig[] = "alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host: one.example.org\"; offset:20; depth:41; sid:1;)";
+    char sig[] = "alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host: one.example.org\"; offset:20; depth:41; dsize:>1; sid:1;)";
    int ret = UTHPacketMatchSigMpm(p, sig, mpm_type);
    UTHFreePacket(p);
    return ret;
@ -4504,7 +4501,7 @@ static int SigTest03Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host: one.example.org\"; offset:20; depth:39; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host: one.example.org\"; offset:20; depth:39; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -4566,7 +4563,7 @@ static int SigTest04Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host:\"; offset:20; depth:25; content:\"Host:\"; distance:42; within:47; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host:\"; offset:20; depth:25; content:\"Host:\"; distance:42; within:47; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -4625,7 +4622,7 @@ static int SigTest05Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host:\"; offset:20; depth:25; content:\"Host:\"; distance:48; within:52; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host:\"; offset:20; depth:25; content:\"Host:\"; distance:48; within:52; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        printf("sig parse failed: ");
        goto end;
@ -4704,7 +4701,7 @@ static int SigTest06Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; dsize:>1; recursive; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -4800,7 +4797,7 @@ static int SigTest07Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -4896,7 +4893,7 @@ static int SigTest08Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/1\\.0\\r\\n/G\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/1\\.0\\r\\n/G\"; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -4992,7 +4989,7 @@ static int SigTest09Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/1\\.0\\r\\n/G\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/1\\.0\\r\\n/G\"; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -5080,12 +5077,12 @@ static int SigTest10Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Long content test (1)\"; content:\"ABCD\"; depth:4; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Long content test (1)\"; content:\"ABCD\"; depth:4; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
    }
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Long content test (2)\"; content:\"VWXYZ\"; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Long content test (2)\"; content:\"VWXYZ\"; dsize:>1; sid:2;)");
    if (de_ctx->sig_list->next == NULL) {
        result = 0;
        goto end;
@ -5167,11 +5164,11 @@ static int SigTest11Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (content:\"ABCDEFGHIJ\"; content:\"klmnop\"; content:\"1234\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (content:\"ABCDEFGHIJ\"; content:\"klmnop\"; content:\"1234\"; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        goto end;
    }
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (content:\"VWXYZabcde\"; content:\"5678\"; content:\"89\"; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (content:\"VWXYZabcde\"; content:\"5678\"; content:\"89\"; dsize:>1; sid:2;)");
    if (de_ctx->sig_list->next == NULL) {
        goto end;
    }
@ -5232,7 +5229,7 @@ static int SigTest12Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Content order test\"; content:\"ABCDEFGHIJ\"; content:\"klmnop\"; content:\"1234\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Content order test\"; content:\"ABCDEFGHIJ\"; content:\"klmnop\"; content:\"1234\"; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -5297,7 +5294,7 @@ static int SigTest13Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Content order test\"; content:\"ABCDEFGHIJ\"; content:\"1234\"; content:\"klmnop\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Content order test\"; content:\"ABCDEFGHIJ\"; content:\"1234\"; content:\"klmnop\"; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -5353,7 +5350,7 @@ static int SigTest14Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Content order test\"; content:\"ABCDEFGHIJ\"; content:\"1234\"; content:\"klmnop\"; distance:0; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Content order test\"; content:\"ABCDEFGHIJ\"; content:\"1234\"; content:\"klmnop\"; distance:0; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -5421,7 +5418,7 @@ static int SigTest15Real (int mpm_type) {

    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any !$HTTP_PORTS (msg:\"ET POLICY Inbound HTTP CONNECT Attempt on Off-Port\"; content:\"CONNECT \"; nocase; depth:8; content:\" HTTP/1.\"; nocase; within:1000; sid:2008284; rev:2;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any !$HTTP_PORTS (msg:\"ET POLICY Inbound HTTP CONNECT Attempt on Off-Port\"; content:\"CONNECT \"; nocase; depth:8; content:\" HTTP/1.\"; nocase; within:1000; sid:2008284; dsize:>1; rev:2;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -5484,7 +5481,7 @@ static int SigTest16Real (int mpm_type) {

    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any !$HTTP_PORTS (msg:\"ET POLICY Inbound HTTP CONNECT Attempt on Off-Port\"; content:\"CONNECT \"; nocase; depth:8; content:\" HTTP/1.\"; nocase; within:1000; sid:2008284; rev:2;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any !$HTTP_PORTS (msg:\"ET POLICY Inbound HTTP CONNECT Attempt on Off-Port\"; content:\"CONNECT \"; nocase; depth:8; content:\" HTTP/1.\"; nocase; within:1000; dsize:>1; sid:2008284; rev:2;)");
    if (de_ctx->sig_list == NULL) {
        goto end;
    }
@ -5548,7 +5545,7 @@ static int SigTest17Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP host cap\"; content:\"Host:\"; pcre:\"/^Host: (?P<pkt_http_host>.*)\\r\\n/m\"; noalert; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP host cap\"; content:\"Host:\"; pcre:\"/^Host: (?P<pkt_http_host>.*)\\r\\n/m\"; noalert; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -5626,7 +5623,7 @@ static int SigTest18Real (int mpm_type) {

    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any !21:902 -> any any (msg:\"ET MALWARE Suspicious 220 Banner on Local Port\"; content:\"220\"; offset:0; depth:4; pcre:\"/220[- ]/\"; sid:2003055; rev:4;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any !21:902 -> any any (msg:\"ET MALWARE Suspicious 220 Banner on Local Port\"; content:\"220\"; offset:0; depth:4; pcre:\"/220[- ]/\"; dsize:>1; sid:2003055; rev:4;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -5842,12 +5839,12 @@ static int SigTest21Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT SET\"; content:\"/one/\"; flowbits:set,TEST.one; flowbits:noalert; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT SET\"; content:\"/one/\"; flowbits:set,TEST.one; flowbits:noalert; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
    }
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT TEST\"; content:\"/two/\"; flowbits:isset,TEST.one; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT TEST\"; content:\"/two/\"; flowbits:isset,TEST.one; dsize:>1; sid:2;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -5932,12 +5929,12 @@ static int SigTest22Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT SET\"; content:\"/one/\"; flowbits:set,TEST.one; flowbits:noalert; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT SET\"; content:\"/one/\"; flowbits:set,TEST.one; flowbits:noalert; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
    }
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT TEST\"; content:\"/two/\"; flowbits:isset,TEST.abc; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT TEST\"; content:\"/two/\"; flowbits:isset,TEST.abc; dsize:>1; sid:2;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -6018,12 +6015,12 @@ static int SigTest23Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT SET\"; content:\"/one/\"; flowbits:toggle,TEST.one; flowbits:noalert; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT SET\"; content:\"/one/\"; flowbits:toggle,TEST.one; flowbits:noalert; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
    }
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT TEST\"; content:\"/two/\"; flowbits:isset,TEST.one; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT TEST\"; content:\"/two/\"; flowbits:isset,TEST.one; dsize:>1; sid:2;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -6123,7 +6120,7 @@ int SigTest24IPV4Keyword(void)

    de_ctx->sig_list = SigInit(de_ctx,
            "alert ip any any -> any any "
-            "(content:\"/one/\"; ipv4-csum:valid; "
+            "(content:\"/one/\"; ipv4-csum:valid; dsize:>1; "
            "msg:\"ipv4-csum keyword check(1)\"; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        printf("sig 1 parse: ");
@ -6132,7 +6129,7 @@ int SigTest24IPV4Keyword(void)

    de_ctx->sig_list->next = SigInit(de_ctx,
            "alert ip any any -> any any "
-            "(content:\"/one/\"; ipv4-csum:invalid; "
+            "(content:\"/one/\"; ipv4-csum:invalid; dsize:>1; "
            "msg:\"ipv4-csum keyword check(1)\"; "
            "sid:2;)");
    if (de_ctx->sig_list->next == NULL) {
@ -6227,7 +6224,7 @@ int SigTest25NegativeIPV4Keyword(void)

    de_ctx->sig_list = SigInit(de_ctx,
                               "alert ip any any -> any any "
-                               "(content:\"/one/\"; ipv4-csum:invalid; "
+                               "(content:\"/one/\"; ipv4-csum:invalid; dsize:>1; "
                               "msg:\"ipv4-csum keyword check(1)\"; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result &= 0;
@ -6236,7 +6233,7 @@ int SigTest25NegativeIPV4Keyword(void)

    de_ctx->sig_list->next = SigInit(de_ctx,
                                     "alert ip any any -> any any "
-                                     "(content:\"/one/\"; ipv4-csum:valid; "
+                                     "(content:\"/one/\"; ipv4-csum:valid; dsize:>1; "
                                     "msg:\"ipv4-csum keyword check(1)\"; "
                                     "sid:2;)");
    if (de_ctx->sig_list->next == NULL) {
@ -6349,7 +6346,7 @@ int SigTest26TCPV4Keyword(void)

    de_ctx->sig_list->next = SigInit(de_ctx,
                                     "alert ip any any -> any any "
-                                     "(content:\"|DE 01 03|\"; tcpv4-csum:invalid; "
+                                     "(content:\"|DE 01 03|\"; tcpv4-csum:invalid; dsize:>1; "
                                     "msg:\"tcpv4-csum keyword check(1)\"; "
                                     "sid:2;)");
    if (de_ctx->sig_list->next == NULL) {
@ -6820,7 +6817,7 @@ int SigTest30UDPV4Keyword(void)

    de_ctx->sig_list = SigInit(de_ctx,
                               "alert udp any any -> any any "
-                               "(content:\"/one/\"; udpv4-csum:valid; "
+                               "(content:\"/one/\"; udpv4-csum:valid; dsize:>1; "
                               "msg:\"udpv4-csum keyword check(1)\"; "
                               "sid:1;)");
    if (de_ctx->sig_list == NULL) {
@ -6830,7 +6827,7 @@ int SigTest30UDPV4Keyword(void)

    de_ctx->sig_list->next = SigInit(de_ctx,
                                     "alert udp any any -> any any "
-                                     "(content:\"/one/\"; udpv4-csum:invalid; "
+                                     "(content:\"/one/\"; udpv4-csum:invalid; dsize:>1; "
                                     "msg:\"udpv4-csum keyword check(1)\"; "
                                     "sid:2;)");
    if (de_ctx->sig_list->next == NULL) {
@ -7062,7 +7059,7 @@ int SigTest32UDPV6Keyword(void)

    de_ctx->sig_list = SigInit(de_ctx,
                               "alert udp any any -> any any "
-                               "(content:\"/one/\"; udpv6-csum:valid; "
+                               "(content:\"/one/\"; udpv6-csum:valid; dsize:>1; "
                               "msg:\"udpv6-csum keyword check(1)\"; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result &= 0;
@ -7071,7 +7068,7 @@ int SigTest32UDPV6Keyword(void)

    de_ctx->sig_list->next = SigInit(de_ctx,
                                     "alert udp any any -> any any "
-                                     "(content:\"/one/\"; udpv6-csum:invalid; "
+                                     "(content:\"/one/\"; udpv6-csum:invalid; dsize:>1; "
                                     "msg:\"udpv6-csum keyword check(1)\"; "
                                     "sid:2;)");
    if (de_ctx->sig_list->next == NULL) {
@ -7300,7 +7297,7 @@ int SigTest34ICMPV4Keyword(void)
    de_ctx->sig_list = SigInit(de_ctx,
                               "alert icmp any any -> any any "
                               "(content:\"/one/\"; icmpv4-csum:valid; "
-                               "msg:\"icmpv4-csum keyword check(1)\"; sid:1;)");
+                               "msg:\"icmpv4-csum keyword check(1)\"; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result &= 0;
        goto end;
@ -7309,7 +7306,7 @@ int SigTest34ICMPV4Keyword(void)
    de_ctx->sig_list->next = SigInit(de_ctx,
                                     "alert icmp any any -> any any "
                                     "(content:\"/one/\"; icmpv4-csum:invalid; "
-                                     "msg:\"icmpv4-csum keyword check(1)\"; "
+                                     "msg:\"icmpv4-csum keyword check(1)\"; dsize:>1; "
                                     "sid:2;)");
    if (de_ctx->sig_list->next == NULL) {
        result = 0;
@ -7807,7 +7804,7 @@ int SigTest38Real(int mpm_type)
    de_ctx->sig_list = SigInit(de_ctx,
                               "alert tcp any any -> any any "
                               "(content:\"LEN1|20|\"; "
-                               "byte_test:4,=,8,0; "
+                               "byte_test:4,=,8,0; dsize:>1; "
                               "msg:\"byte_test keyword check(1)\"; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result &= 0;
@ -7816,7 +7813,7 @@ int SigTest38Real(int mpm_type)
    de_ctx->sig_list->next = SigInit(de_ctx,
                               "alert tcp any any -> any any "
                               "(content:\"LEN1|20|\"; "
-                               "byte_test:4,=,8,5,relative,string,dec; "
+                               "byte_test:4,=,8,5,relative,string,dec; dsize:>1; "
                               "msg:\"byte_test keyword check(2)\"; sid:2;)");
    if (de_ctx->sig_list->next == NULL) {
        result &= 0;
@ -7951,7 +7948,7 @@ int SigTest39Real(int mpm_type)
                               "(content:\"LEN1|20|\"; "
                               "byte_test:4,=,8,0; "
                               "byte_jump:4,0; "
-                               "byte_test:6,=,0x4c454e312038,0,relative; "
+                               "byte_test:6,=,0x4c454e312038,0,relative; dsize:>1; "
                               "msg:\"byte_jump keyword check(1)\"; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result &= 0;
@ -7963,7 +7960,7 @@ int SigTest39Real(int mpm_type)
                               "(content:\"LEN1|20|\"; "
                               "byte_test:4,=,8,4,relative,string,dec; "
                               "byte_jump:4,4,relative,string,dec,post_offset 2; "
-                               "byte_test:4,=,0x4c454e32,0,relative; "
+                               "byte_test:4,=,0x4c454e32,0,relative; dsize:>1; "
                               "msg:\"byte_jump keyword check(2)\"; sid:2;)");
    if (de_ctx->sig_list->next == NULL) {
        result &= 0;
@ -8079,7 +8076,7 @@ int SigTest36ContentAndIsdataatKeywords01Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"SigTest36ContentAndIsdataatKeywords01 \"; content:\"HTTP\"; isdataat:404, relative; sid:101;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"SigTest36ContentAndIsdataatKeywords01 \"; content:\"HTTP\"; isdataat:404, relative; dsize:>1; sid:101;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -9290,7 +9287,7 @@ static int SigTestSgh05 (void) {
    de_ctx->flags |= DE_QUIET;
    de_ctx->mpm_matcher = MPM_WUMANBER;

-    de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> 1.2.3.4-1.2.3.6 any (msg:\"1\"; content:\"one\"; content:\"1\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> 1.2.3.4-1.2.3.6 any (msg:\"1\"; content:\"one\"; content:\"1\"; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -9345,7 +9342,7 @@ static int SigTestContent01Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -9398,13 +9395,13 @@ static int SigTestContent02Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
    }

-    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 31\"; content:\"0123456789012345678901234567890\"; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 31\"; content:\"0123456789012345678901234567890\"; dsize:>1; sid:2;)");
    if (de_ctx->sig_list->next == NULL) {
        result = 0;
        goto end;
@ -9461,7 +9458,7 @@ static int SigTestContent03Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -9515,7 +9512,7 @@ static int SigTestContent04Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; within:32; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; within:32; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -9570,12 +9567,12 @@ static int SigTestContent05Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; within:32; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; within:32; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        printf("sig1 parse failed: ");
        goto end;
    }
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:1; within:32; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:1; within:32; dsize:>1; sid:2;)");
    if (de_ctx->sig_list->next == NULL) {
        printf("sig2 parse failed: ");
        goto end;
@ -9639,12 +9636,12 @@ static int SigTestContent06Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"Test 32 sig1\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; within:32; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"Test 32 sig1\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; within:32; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
    }
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert ip any any -> any any (msg:\"Test 32 sig2\"; content:\"01234567890123456789012345678901\"; content:\"abcdefg\"; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert ip any any -> any any (msg:\"Test 32 sig2\"; content:\"01234567890123456789012345678901\"; content:\"abcdefg\"; dsize:>1; sid:2;)");
    if (de_ctx->sig_list->next == NULL) {
        result = 0;
        goto end;
@ -9799,7 +9796,7 @@ static int SigTestWithinReal01 (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"within test\"; content:\"Hi, this is a big test to check \"; content:\"content matches\"; distance:0; within:15; sid:556;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"within test\"; content:\"Hi, this is a big test to check \"; content:\"content matches\"; distance:0; within:15; dsize:>1; sid:556;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -9926,7 +9923,7 @@ static int SigTestDepthOffset01Real (int mpm_type) {
    de_ctx->mpm_matcher = mpm_type;
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"depth offset\"; content:\"456\"; offset:4; depth:3; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"depth offset\"; content:\"456\"; offset:4; depth:3; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        result = 0;
        goto end;
@ -9976,7 +9973,7 @@ static int SigTestDetectAlertCounter(void)
    de_ctx->flags |= DE_QUIET;

    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Test counter\"; "
-                               "content:\"boo\"; sid:1;)");
+                               "content:\"boo\"; dsize:>1; sid:1;)");
    if (de_ctx->sig_list == NULL) {
        goto end;
    }
--- a/src/log-droplog.c
+++ b/src/log-droplog.c
@ -428,7 +428,7 @@ int LogDropLogTest01()
    SCClassConfDeleteDummyClassificationConfigFD();

    de_ctx->sig_list = SigInit(de_ctx, "drop tcp any any -> any any "
-            "(msg:\"LogDropLog test\"; content:\"GET\"; Classtype:unknown; sid:1;)");
+            "(msg:\"LogDropLog test\"; content:\"GET\"; dsize:>1; Classtype:unknown; sid:1;)");

    result = (de_ctx->sig_list != NULL);

@ -496,7 +496,7 @@ int LogDropLogTest02()
    SCClassConfDeleteDummyClassificationConfigFD();

    de_ctx->sig_list = SigInit(de_ctx, "alert udp any any -> any any "
-            "(msg:\"LogDropLog test\"; content:\"GET\"; Classtype:unknown; sid:1;)");
+            "(msg:\"LogDropLog test\"; content:\"GET\"; dsize:>1; Classtype:unknown; sid:1;)");

    result = (de_ctx->sig_list != NULL);

--- a/src/util-action.c
+++ b/src/util-action.c
@ -602,9 +602,9 @@ int UtilActionTest10(void)
        goto end;

    char *sigs[3];
-    sigs[0]= "alert ip any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; sid:1;)";
-    sigs[1]= "pass ip any any -> any any (msg:\"sig 2\"; content:\"wo\"; sid:2;)";
-    sigs[2]= "alert ip any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; sid:3;)";
+    sigs[0]= "alert ip any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; dsize:>1; sid:1;)";
+    sigs[1]= "pass ip any any -> any any (msg:\"sig 2\"; content:\"wo\"; dsize:>1; sid:2;)";
+    sigs[2]= "alert ip any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; dsize:>1; sid:3;)";

    uint32_t sid[3] = {1, 2, 3};

@ -686,9 +686,9 @@ int UtilActionTest11(void)
        goto end;

    char *sigs[3];
-    sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; sid:1;)";
-    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"wo\"; sid:2;)";
-    sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; sid:3;)";
+    sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; dsize:>1; sid:1;)";
+    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"wo\"; dsize:>1; sid:2;)";
+    sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; dsize:>1; sid:3;)";

    uint32_t sid[3] = {1, 2, 3};

@ -847,9 +847,9 @@ int UtilActionTest13(void)
        goto end;

    char *sigs[3];
-    sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; sid:1;)";
-    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
-    sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; sid:3;)";
+    sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; dsize:>1; sid:1;)";
+    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
+    sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; dsize:>1; sid:3;)";

    uint32_t sid[3] = {1, 2, 3};

@ -933,9 +933,9 @@ int UtilActionTest14(void)
        goto end;

    char *sigs[3];
-    sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; sid:1;)";
-    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
-    sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; sid:3;)";
+    sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; dsize:>1; sid:1;)";
+    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
+    sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; dsize:>1; sid:3;)";

    uint32_t sid[3] = {1, 2, 3};

@ -1014,7 +1014,7 @@ int UtilActionTest15(void)

    char *sigs[3];
    sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
    sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; sid:3;)";

    uint32_t sid[3] = {1, 2, 3};
@ -1089,7 +1089,7 @@ int UtilActionTest16(void)

    char *sigs[3];
    sigs[0]= "drop tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "alert tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "alert tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
    sigs[2]= "pass tcp any any -> any any (msg:\"sig 3\"; sid:3;)";

    uint32_t sid[3] = {1, 2, 3};
@ -1164,7 +1164,7 @@ int UtilActionTest17(void)

    char *sigs[3];
    sigs[0]= "pass tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "drop tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "drop tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
    sigs[2]= "alert tcp any any -> any any (msg:\"sig 3\"; sid:3;)";

    uint32_t sid[3] = {1, 2, 3};
@ -1244,7 +1244,7 @@ int UtilActionTest18(void)

    char *sigs[3];
    sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
    sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; sid:3;)";

    uint32_t sid[3] = {1, 2, 3};
@ -1330,7 +1330,7 @@ int UtilActionTest19(void)

    char *sigs[3];
    sigs[0]= "drop tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "alert tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "alert tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
    sigs[2]= "pass tcp any any -> any any (msg:\"sig 3\"; sid:3;)";

    uint32_t sid[3] = {1, 2, 3};
@ -1416,7 +1416,7 @@ int UtilActionTest20(void)

    char *sigs[3];
    sigs[0]= "pass tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "drop tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "drop tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
    sigs[2]= "alert tcp any any -> any any (msg:\"sig 3\"; sid:3;)";

    uint32_t sid[3] = {1, 2, 3};
@ -1496,7 +1496,7 @@ int UtilActionTest21(void)

    char *sigs[3];
    sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
    sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; sid:3;)";

    uint32_t sid[3] = {1, 2, 3};
@ -1582,7 +1582,7 @@ int UtilActionTest22(void)

    char *sigs[3];
    sigs[0]= "drop tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "alert tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "alert tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
    sigs[2]= "pass tcp any any -> any any (msg:\"sig 3\"; sid:3;)";

    uint32_t sid[3] = {1, 2, 3};
@ -1668,7 +1668,7 @@ int UtilActionTest23(void)

    char *sigs[3];
    sigs[0]= "pass tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "drop tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "drop tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
    sigs[2]= "alert tcp any any -> any any (msg:\"sig 3\"; sid:3;)";

    uint32_t sid[3] = {1, 2, 3};