From eff08f93d8f51a06d6bee19b739b7db44cadb116 Mon Sep 17 00:00:00 2001
From: Anoop Saldanha <poonaatsoc@gmail.com>
Date: Thu, 3 Nov 2011 14:31:24 +0530
Subject: [PATCH] update failing unittest to reflect the mpm design update

---
 src/alert-fastlog.c         |   4 +-
 src/detect-asn1.c           |   6 +-
 src/detect-bytejump.c       |   4 +-
 src/detect-bytetest.c       |   4 +-
 src/detect-content.c        |  38 ++++++------
 src/detect-distance.c       |   2 +-
 src/detect-engine-iponly.c  |  10 ++--
 src/detect-engine-payload.c |  42 ++++++-------
 src/detect-engine-port.c    |  38 ++++++------
 src/detect-fast-pattern.c   |   4 +-
 src/detect-flowint.c        |  14 ++---
 src/detect-isdataat.c       |   6 +-
 src/detect-parse.c          |  37 +++---------
 src/detect-replace.c        |  48 +++++++--------
 src/detect-threshold.c      |   2 +-
 src/detect-within.c         |   4 +-
 src/detect.c                | 115 ++++++++++++++++++------------------
 src/log-droplog.c           |   4 +-
 src/util-action.c           |  42 ++++++-------
 19 files changed, 200 insertions(+), 224 deletions(-)

diff --git a/src/alert-fastlog.c b/src/alert-fastlog.c
index c10bd3e9df..e29d026fe5 100644
--- a/src/alert-fastlog.c
+++ b/src/alert-fastlog.c
@@ -438,7 +438,7 @@ int AlertFastLogTest01()
     SCClassConfDeleteDummyClassificationConfigFD();
 
     de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
-            "(msg:\"FastLog test\"; content:\"GET\"; "
+            "(msg:\"FastLog test\"; content:\"GET\"; dsize:>1; "
             "Classtype:unknown; sid:1;)");
     result = (de_ctx->sig_list != NULL);
 
@@ -494,7 +494,7 @@ int AlertFastLogTest02()
     SCClassConfDeleteDummyClassificationConfigFD();
 
     de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
-            "(msg:\"FastLog test\"; content:\"GET\"; "
+            "(msg:\"FastLog test\"; content:\"GET\"; dsize:>1; "
             "Classtype:unknown; sid:1;)");
     result = (de_ctx->sig_list != NULL);
     if (result == 0)
diff --git a/src/detect-asn1.c b/src/detect-asn1.c
index 12eb109718..7c6baa032a 100644
--- a/src/detect-asn1.c
+++ b/src/detect-asn1.c
@@ -1059,12 +1059,12 @@ int DetectAsn1TestReal01(void) {
     char *sigs[3];
     sigs[0]= "alert ip any any -> any any (msg:\"Testing id 1\"; "
              "content:\"Pablo\"; asn1:absolute_offset 0, "
-             "oversize_length 130; sid:1;)";
+             "oversize_length 130; dsize:>1; sid:1;)";
     sigs[1]= "alert ip any any -> any any (msg:\"Testing id 2\"; "
              "content:\"AA\"; asn1:relative_offset 2, "
-             "oversize_length 130; sid:2;)";
+             "oversize_length 130; dsize:>1; sid:2;)";
     sigs[2]= "alert ip any any -> any any (msg:\"Testing id 3\"; "
-             "content:\"lalala\"; asn1: oversize_length 2000; sid:3;)";
+             "content:\"lalala\"; asn1: oversize_length 2000; dsize:>1; sid:3;)";
 
     uint32_t sid[3] = {1, 2, 3};
 
diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c
index a1113a746a..0722a21388 100644
--- a/src/detect-bytejump.c
+++ b/src/detect-bytejump.c
@@ -1113,7 +1113,7 @@ int DetectByteJumpTestPacket01 (void) {
 
     char sig[] = "alert tcp any any -> any any (msg:\"pcre + byte_test + "
     "relative\"; pcre:\"/AllWorkAndNoPlayMakesWillADullBoy/\"; byte_jump:1,6,"
-    "relative,string,dec; content:\"0\"; sid:134; rev:1;)";
+    "relative,string,dec; content:\"0\"; dsize:>1; sid:134; rev:1;)";
 
     result = UTHPacketMatchSig(p, sig);
 
@@ -1145,7 +1145,7 @@ int DetectByteJumpTestPacket02 (void) {
 
     char sig[] = "alert tcp any any -> any any (msg:\"byte_jump with byte_jump"
                  " + relative\"; byte_jump:1,13; byte_jump:4,0,relative; "
-                 "content:\"|48 00 00|\"; within:3; sid:144; rev:1;)";
+                 "content:\"|48 00 00|\"; within:3; dsize:>1; sid:144; rev:1;)";
 
     result = UTHPacketMatchSig(p, sig);
 
diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c
index d181cb83df..78d7a6ab1a 100644
--- a/src/detect-bytetest.c
+++ b/src/detect-bytetest.c
@@ -1491,7 +1491,7 @@ int DetectByteTestTestPacket04(void)
 
     char sig[] = "alert tcp any any -> any any (msg:\"content + byte_test +"
                     "relative\"; content:\"GET \"; depth:4; content:\"HTTP/1.\"; "
-    "byte_test:1,<=,0,0,relative,string,dec; sid:124; rev:1;)";
+    "byte_test:1,<=,0,0,relative,string,dec; dsize:>1; sid:124; rev:1;)";
 
     result = UTHPacketMatchSig(p, sig);
 
@@ -1521,7 +1521,7 @@ int DetectByteTestTestPacket05(void)
 
     char sig[] = "alert tcp any any -> any any (msg:\"content + byte_test +"
                     "relative\"; content:\"GET \"; depth:4; content:\"HTTP/1.\"; "
-    "byte_test:1,>=,0,0,relative,string,dec; sid:125; rev:1;)";
+    "byte_test:1,>=,0,0,relative,string,dec; dsize:>1; sid:125; rev:1;)";
 
     result = UTHPacketMatchSig(p, sig);
 
diff --git a/src/detect-content.c b/src/detect-content.c
index 63bfb770d2..ff625e4b75 100644
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -839,7 +839,7 @@ int DetectContentLongPatternMatchTestWrp(char *sig, uint32_t sid) {
 int DetectContentLongPatternMatchTest01()
 {
     char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"Hi, this is a big test\"; sid:1;)";
+                " content:\"Hi, this is a big test\"; dsize:>1; sid:1;)";
     return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
 
@@ -850,7 +850,7 @@ int DetectContentLongPatternMatchTest02()
 {
     char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
                 " content:\"Hi, this is a big test to check content matches of"
-                " splitted patterns between multiple chunks!\"; sid:1;)";
+                " splitted patterns between multiple chunks!\"; dsize:>1; sid:1;)";
     return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
 
@@ -863,7 +863,7 @@ int DetectContentLongPatternMatchTest03()
     /** The last chunk of the content should not match */
     char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
                 " content:\"Hi, this is a big test to check content matches of"
-                " splitted patterns between multiple splitted chunks!\"; sid:1;)";
+                " splitted patterns between multiple splitted chunks!\"; dsize:>1; sid:1;)";
     return (DetectContentLongPatternMatchTestWrp(sig, 1) == 0) ? 1: 0;
 }
 
@@ -876,7 +876,7 @@ int DetectContentLongPatternMatchTest04()
                 " content:\"Hi, this is\"; depth:15 ;content:\"a big test\"; "
                 " within:15; content:\"to check content matches of\"; "
                 " within:30; content:\"splitted patterns\"; distance:1; "
-                " within:30; depth:400;"
+                " within:30; depth:400; dsize:>1; "
                 " sid:1;)";
     return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@@ -896,7 +896,7 @@ int DetectContentLongPatternMatchTest05()
                 " content:\"of splitted\"; within:37; distance:15; "
                 " depth:60; isdataat:20,relative; offset: 48; "
                 " content:\"patterns\"; within:9; distance:1; depth:69; "
-                " isdataat:10, relative; offset:60; "
+                " isdataat:10, relative; offset:60; dsize:>1; "
                 " sid:1;)";
     return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@@ -914,7 +914,7 @@ int DetectContentLongPatternMatchTest06()
                 " content:\"of splitted patterns between multiple\"; "
                 " within:38; distance:1; offset:47; depth:85; "
                 " content:\"chunks!\"; within: 8; distance:1; "
-                " depth:94; offset: 50; "
+                " depth:94; offset: 50; dsize:>1; "
                 " sid:1;)";
     return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@@ -929,7 +929,7 @@ int DetectContentLongPatternMatchTest07()
                 " content:\"chunks!\"; "
                 " content:\"content matches\"; offset:32; depth:47; "
                 " content:\"of splitted patterns between multiple\"; "
-                " content:\"Hi, this is a big\"; offset:0; depth:17; "
+                " content:\"Hi, this is a big\"; offset:0; depth:17; dsize:>1; "
                 " sid:1;)";
     return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@@ -946,7 +946,7 @@ int DetectContentLongPatternMatchTest08()
                 " within:38; distance:1; offset:47; depth:85; "
                 " content:\"chunks!\"; within: 8; distance:1; "
                 " depth:94; offset: 50; "
-                " content:\"Hi, this is a big test to check cont\"; depth:36;"
+                " content:\"Hi, this is a big test to check cont\"; depth:36; dsize:>1; "
                 " sid:1;)";
     return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@@ -964,7 +964,7 @@ int DetectContentLongPatternMatchTest09()
                 " content:\"chunks!\"; within: 8; distance:1; "
                 " depth:94; offset: 50; "
                 " content:\"Hi, this is a big test to chec\"; depth:36;"
-                " content:\"k cont\"; distance:0; within:6;"
+                " content:\"k cont\"; distance:0; within:6; dsize:>1; "
                 " sid:1;)";
     return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@@ -976,7 +976,7 @@ int DetectContentLongPatternMatchTest10()
 {
     char *sig = "alert tcp any any -> any any (msg:\"Nothing..\"; "
                 " content:\"Hi, this is a big test to check \"; "
-                " content:\"con\"; "
+                " content:\"con\"; dsize:>1; "
                 " sid:1;)";
     return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@@ -988,7 +988,7 @@ int DetectContentLongPatternMatchTest11()
 {
     char *sig = "alert tcp any any -> any any (msg:\"Nothing..\"; "
                 " content:\"H\"; "
-                " content:\"i\"; "
+                " content:\"i\"; dsize:>1; "
                 " sid:1;)";
     return DetectContentLongPatternMatchTestWrp(sig, 1);
 }
@@ -2091,7 +2091,7 @@ static int SigTest47TestNegatedContent(void)
  */
 static int SigTest48TestNegatedContent(void)
 {
-    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET\"; content:!\"GES\"; within:26; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
+    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET\"; content:!\"GES\"; within:26; dsize:>1; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
 }
 
 /**
@@ -2109,7 +2109,7 @@ static int SigTest49TestNegatedContent(void)
  */
 static int SigTest50TestNegatedContent(void)
 {
-    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET\"; content:!\"GES\"; distance:25; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
+    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET\"; content:!\"GES\"; distance:25; dsize:>1; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
 }
 
 /**
@@ -2166,7 +2166,7 @@ static int SigTest55TestNegatedContent(void)
  */
 static int SigTest56TestNegatedContent(void)
 {
-    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"one\"; content:\"fourty\"; within:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
+    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"one\"; content:\"fourty\"; within:56; dsize:>1; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
 }
 
 /**
@@ -2252,7 +2252,7 @@ static int SigTest67TestNegatedContent(void)
 
 static int SigTest68TestNegatedContent(void)
 {
-    return SigTestPositiveTestContent("alert tcp any any -> any any (content:\"one\"; depth:10; content:\"nine\"; offset:8; content:!\"fourty\"; within:28; content:\"fiftysix\"; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
+    return SigTestPositiveTestContent("alert tcp any any -> any any (content:\"one\"; depth:10; content:\"nine\"; offset:8; content:!\"fourty\"; within:28; content:\"fiftysix\"; dsize:>1; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
 }
 
 static int SigTest69TestNegatedContent(void)
@@ -2283,12 +2283,12 @@ static int SigTest73TestNegatedContent(void)
 
 static int SigTest74TestNegatedContent(void)
 {
-    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"USER\"; content:!\"PASS\"; sid:1;)",  (uint8_t *)"USER apple");
+    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"USER\"; content:!\"PASS\"; dsize:>1; sid:1;)",  (uint8_t *)"USER apple");
 }
 
 static int SigTest75TestNegatedContent(void)
 {
-    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"USER\"; content:\"!PASS\"; sid:1;)",  (uint8_t *)"USER !PASS");
+    return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"USER\"; content:\"!PASS\"; dsize:>1; sid:1;)",  (uint8_t *)"USER !PASS");
 }
 
 static int SigTest76TestBug134(void)
@@ -2310,7 +2310,7 @@ static int SigTest76TestBug134(void)
 
     char sig[] = "alert tcp any any -> any 515 "
             "(msg:\"detect IFS\"; flow:to_server,established; content:\"${IFS}\";"
-            " depth:50; offset:0; sid:900091; rev:1;)";
+            " depth:50; offset:0; dsize:>1; sid:900091; rev:1;)";
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
         result = 0;
         goto end;
@@ -2336,7 +2336,7 @@ static int SigTest77TestBug139(void)
 
     p->dp = 53;
     char sig[] = "alert udp any any -> any 53 (msg:\"dns testing\";"
-                    " content:\"|00 00|\"; depth:5; offset:13; sid:9436601;"
+                    " content:\"|00 00|\"; depth:5; offset:13; dsize:>1; sid:9436601;"
                     " rev:1;)";
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
         result = 0;
diff --git a/src/detect-distance.c b/src/detect-distance.c
index 0c17ee03aa..1c71c967a6 100644
--- a/src/detect-distance.c
+++ b/src/detect-distance.c
@@ -893,7 +893,7 @@ int DetectDistanceTestPacket01 (void) {
 
     char sig[] = "alert tcp any any -> any any (msg:\"suricata test\"; "
                     "byte_jump:1,2; content:\"|00|\"; "
-                    "within:1; distance:2; sid:98711212; rev:1;)";
+                    "within:1; distance:2; dsize:>1; sid:98711212; rev:1;)";
 
     p->flowflags = FLOW_PKT_ESTABLISHED | FLOW_PKT_TOCLIENT;
     result = UTHPacketMatchSig(p, sig);
diff --git a/src/detect-engine-iponly.c b/src/detect-engine-iponly.c
index 8196dc4769..7d7fbaae5b 100644
--- a/src/detect-engine-iponly.c
+++ b/src/detect-engine-iponly.c
@@ -1789,7 +1789,7 @@ int IPOnlyTestSig05(void) {
     sigs[3]= "alert tcp 192.168.1.5 any -> 192.168.1.1 any (msg:\"Testing src/dst ip (sid 4)\"; sid:4;)";
     sigs[4]= "alert tcp 192.168.1.0/24 any -> any any (msg:\"Testing src/dst ip (sid 5)\"; sid:5;)";
     sigs[5]= "alert tcp any any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 6)\"; sid:6;)";
-    sigs[6]= "alert tcp 192.168.1.0/24 any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\";sid:7;)";
+    sigs[6]= "alert tcp 192.168.1.0/24 any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\"; dsize:>1; sid:7;)";
 
     /* Sid numbers (we could extract them from the sig) */
     uint32_t sid[7] = { 1, 2, 3, 4, 5, 6, 7};
@@ -1825,7 +1825,7 @@ int IPOnlyTestSig06(void) {
     sigs[3]= "alert tcp 192.168.1.5 any -> 192.168.1.1 any (msg:\"Testing src/dst ip (sid 4)\"; sid:4;)";
     sigs[4]= "alert tcp 192.168.1.0/24 any -> any any (msg:\"Testing src/dst ip (sid 5)\"; sid:5;)";
     sigs[5]= "alert tcp any any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 6)\"; sid:6;)";
-    sigs[6]= "alert tcp 192.168.1.0/24 any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\";sid:7;)";
+    sigs[6]= "alert tcp 192.168.1.0/24 any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\"; dsize:>1; sid:7;)";
 
     /* Sid numbers (we could extract them from the sig) */
     uint32_t sid[7] = { 1, 2, 3, 4, 5, 6, 7};
@@ -1933,7 +1933,7 @@ int IPOnlyTestSig09(void) {
     sigs[3]= "alert tcp 3FFE:FFFF:7654:FEDA:1245:BA98:3210:4565 any -> 3FFE:FFFF:7654:FEDA:1245:BA98:3210:0/96 any (msg:\"Testing src/dst ip (sid 4)\"; sid:4;)";
     sigs[4]= "alert tcp 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any -> any any (msg:\"Testing src/dst ip (sid 5)\"; sid:5;)";
     sigs[5]= "alert tcp any any -> 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any (msg:\"Testing src/dst ip (sid 6)\"; sid:6;)";
-    sigs[6]= "alert tcp 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any -> 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\";sid:7;)";
+    sigs[6]= "alert tcp 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any -> 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\"; dsize:>1; sid:7;)";
 
     /* Sid numbers (we could extract them from the sig) */
     uint32_t sid[7] = { 1, 2, 3, 4, 5, 6, 7};
@@ -1969,7 +1969,7 @@ int IPOnlyTestSig10(void) {
     sigs[3]= "alert tcp 3FFE:FFFF:7654:FEDA:1245:BA98:3210:4565 any -> !3FFE:FFFF:7654:FEDA:1245:BA98:3210:4562/96 any (msg:\"Testing src/dst ip (sid 4)\"; sid:4;)";
     sigs[4]= "alert tcp !3FFE:FFFF:7654:FEDA:0:0:0:0/64 any -> any any (msg:\"Testing src/dst ip (sid 5)\"; sid:5;)";
     sigs[5]= "alert tcp any any -> !3FFE:FFFF:7654:FEDA:0:0:0:0/64 any (msg:\"Testing src/dst ip (sid 6)\"; sid:6;)";
-    sigs[6]= "alert tcp 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any -> 3FFE:FFFF:7654:FEDB:0:0:0:0/64 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\";sid:7;)";
+    sigs[6]= "alert tcp 3FFE:FFFF:7654:FEDA:0:0:0:0/64 any -> 3FFE:FFFF:7654:FEDB:0:0:0:0/64 any (msg:\"Testing src/dst ip (sid 7)\"; content:\"Hi all\"; dsize:>1; sid:7;)";
 
     /* Sid numbers (we could extract them from the sig) */
     uint32_t sid[7] = { 1, 2, 3, 4, 5, 6, 7};
@@ -2143,7 +2143,7 @@ int IPOnlyTestSig15(void)
     sigs[5]= "alert tcp any any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 6)\"; "
         "flowbits:set,six; sid:6;)";
     sigs[6]= "alert tcp 192.168.1.0/24 any -> 192.168.0.0/16 any (msg:\"Testing src/dst ip (sid 7)\"; "
-        "flowbits:set,seven; content:\"Hi all\"; sid:7;)";
+        "flowbits:set,seven; content:\"Hi all\"; dsize:>1; sid:7;)";
 
     /* Sid numbers (we could extract them from the sig) */
     uint32_t sid[7] = { 1, 2, 3, 4, 5, 6, 7};
diff --git a/src/detect-engine-payload.c b/src/detect-engine-payload.c
index 2da7ba62e0..b352e25eb0 100644
--- a/src/detect-engine-payload.c
+++ b/src/detect-engine-payload.c
@@ -539,7 +539,7 @@ static int PayloadTestSig01 (void) {
     Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
     int result = 0;
 
-    char sig[] = "alert tcp any any -> any any (content:\"abc\"; content:\"d\"; distance:0; within:1; sid:1;)";
+    char sig[] = "alert tcp any any -> any any (content:\"abc\"; content:\"d\"; distance:0; within:1; dsize:>1; sid:1;)";
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
         result = 0;
         goto end;
@@ -560,7 +560,7 @@ static int PayloadTestSig02 (void) {
     Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
     int result = 0;
 
-    char sig[] = "alert tcp any any -> any any (content:\"abc\"; nocase; content:\"d\"; distance:0; within:1; sid:1;)";
+    char sig[] = "alert tcp any any -> any any (content:\"abc\"; nocase; content:\"d\"; distance:0; within:1; dsize:>1; sid:1;)";
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
         result = 0;
         goto end;
@@ -581,7 +581,7 @@ static int PayloadTestSig03 (void) {
     Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
     int result = 0;
 
-    char sig[] = "alert tcp any any -> any any (content:\"aBc\"; nocase; content:\"abca\"; distance:-10; within:4; sid:1;)";
+    char sig[] = "alert tcp any any -> any any (content:\"aBc\"; nocase; content:\"abca\"; distance:-10; within:4; dsize:>1; sid:1;)";
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
         result = 0;
         goto end;
@@ -606,7 +606,7 @@ static int PayloadTestSig04(void)
 
     char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
         "content:\"this\"; content:\"is\"; within:6; content:\"big\"; within:8; "
-        "content:\"string\"; within:8; sid:1;)";
+        "content:\"string\"; within:8; dsize:>1; sid:1;)";
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
         result = 0;
         goto end;
@@ -631,7 +631,7 @@ static int PayloadTestSig05(void)
 
     char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
         "content:\"this\"; content:\"is\"; within:9; content:\"big\"; within:12; "
-        "content:\"string\"; within:8; sid:1;)";
+        "content:\"string\"; within:8; dsize:>1; sid:1;)";
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
         result = 0;
         goto end;
@@ -656,7 +656,7 @@ static int PayloadTestSig06(void)
 
     char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
         "content:\"now\"; content:\"this\"; content:\"is\"; within:12; content:\"big\"; within:8; "
-        "content:\"string\"; within:8; sid:1;)";
+        "content:\"string\"; within:8; dsize:>1; sid:1;)";
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
         result = 0;
         goto end;
@@ -680,7 +680,7 @@ static int PayloadTestSig07(void)
     int result = 0;
 
     char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
-        "content:\"thus\"; offset:8; content:\"is\"; within:6; content:\"big\"; within:8; sid:1;)";
+        "content:\"thus\"; offset:8; content:\"is\"; within:6; content:\"big\"; within:8; dsize:>1; sid:1;)";
 
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
         result = 0;
@@ -706,7 +706,7 @@ static int PayloadTestSig08(void)
     int result = 0;
 
     char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
-        "content:\"fix\"; content:\"this\"; within:6; content:!\"and\"; distance:0; sid:1;)";
+        "content:\"fix\"; content:\"this\"; within:6; content:!\"and\"; distance:0; dsize:>1; sid:1;)";
 
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 1) {
         goto end;
@@ -730,7 +730,7 @@ static int PayloadTestSig09(void)
     int result = 0;
 
     char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
-        "pcre:/super/; content:\"nova\"; within:7; sid:1;)";
+        "pcre:/super/; content:\"nova\"; within:7; dsize:>1; sid:1;)";
 
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
         result = 0;
@@ -851,7 +851,7 @@ static int PayloadTestSig13(void)
 
     char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
         "content:\"aa\"; content:\"aa\"; distance:0; content:\"aa\"; distance:0; "
-        "byte_test:1,>,200,0,relative; sid:1;)";
+        "byte_test:1,>,200,0,relative; dsize:>1; sid:1;)";
 
 #include <sys/time.h>
     struct timeval tv_start, tv_end, tv_diff;
@@ -926,7 +926,7 @@ static int PayloadTestSig14(void)
     Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
     int result = 0;
 
-    char sig[] = "alert tcp any any -> any any (content:\"User-Agent|3A| Mozilla/5.0 |28|Macintosh|3B| \"; content:\"Firefox/3.\"; distance:0; content:!\"Firefox/3.6.12\"; distance:-10; content:!\"Mozilla/5.0 |28|Macintosh|3B| U|3B| Intel Mac OS X 10.5|3B| en-US|3B| rv|3A|1.9.1b4|29| Gecko/20090423 Firefox/3.6 GTB5\"; sid:1; rev:1;)";
+    char sig[] = "alert tcp any any -> any any (content:\"User-Agent|3A| Mozilla/5.0 |28|Macintosh|3B| \"; content:\"Firefox/3.\"; distance:0; content:!\"Firefox/3.6.12\"; distance:-10; content:!\"Mozilla/5.0 |28|Macintosh|3B| U|3B| Intel Mac OS X 10.5|3B| en-US|3B| rv|3A|1.9.1b4|29| Gecko/20090423 Firefox/3.6 GTB5\"; dsize:>1; sid:1; rev:1;)";
 
     //char sig[] = "alert tcp any any -> any any (content:\"User-Agent: Mozilla/5.0 (Macintosh; \"; content:\"Firefox/3.\"; distance:0; content:!\"Firefox/3.6.12\"; distance:-10; content:!\"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b4) Gecko/20090423 Firefox/3.6 GTB5\"; sid:1; rev:1;)";
 
@@ -949,7 +949,7 @@ static int PayloadTestSig15(void)
     int result = 0;
 
     char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
-        "content:\"nova\"; isdataat:18,relative; sid:1;)";
+        "content:\"nova\"; isdataat:18,relative; dsize:>1; sid:1;)";
 
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
         result = 0;
@@ -972,7 +972,7 @@ static int PayloadTestSig16(void)
     int result = 0;
 
     char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
-        "content:\"nova\"; isdataat:!20,relative; sid:1;)";
+        "content:\"nova\"; isdataat:!20,relative; dsize:>1; sid:1;)";
 
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
         result = 0;
@@ -996,7 +996,7 @@ static int PayloadTestSig17(void)
 
     char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
         "content:\"%\"; depth:4; offset:0; "
-        "content:\"%\"; within:2; distance:1; sid:1;)";
+        "content:\"%\"; within:2; distance:1; dsize:>1; sid:1;)";
 
     if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
         result = 0;
@@ -1025,7 +1025,7 @@ static int PayloadTestSig18(void)
     char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
         "content:\"|01 02 03 04|\"; "
         "byte_extract:1,2,one,string,dec,relative; "
-        "content:\"|0C 0D 0E 0F|\"; distance:one; sid:1;)";
+        "content:\"|0C 0D 0E 0F|\"; distance:one; dsize:>1; sid:1;)";
 
     if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
         result = 0;
@@ -1054,7 +1054,7 @@ static int PayloadTestSig19(void)
     char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
         "content:\"|01 02 03 04|\"; "
         "byte_extract:1,2,one,string,hex,relative; "
-        "content:\"|0C 0D 0E 0F|\"; distance:one; sid:1;)";
+        "content:\"|0C 0D 0E 0F|\"; distance:one; dsize:>1; sid:1;)";
 
     if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
         result = 0;
@@ -1083,7 +1083,7 @@ static int PayloadTestSig20(void)
     char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
         "content:\"|01 02 03 04|\"; "
         "byte_extract:1,2,one,string,dec,relative; "
-        "content:\"|06 35 07 08|\"; offset:one; sid:1;)";
+        "content:\"|06 35 07 08|\"; offset:one; dsize:>1; sid:1;)";
 
     if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
         result = 0;
@@ -1112,7 +1112,7 @@ static int PayloadTestSig21(void)
     char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
         "content:\"|01 02 03 04|\"; "
         "byte_extract:1,2,one,string,dec,relative; "
-        "content:\"|03 04 05 06|\"; depth:one; sid:1;)";
+        "content:\"|03 04 05 06|\"; depth:one; dsize:>1; sid:1;)";
 
     if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
         result = 0;
@@ -1141,7 +1141,7 @@ static int PayloadTestSig22(void)
     char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
         "content:\"|01 02 03 04|\"; "
         "byte_extract:1,2,one,string,dec,relative; "
-        "content:\"|09 0A 0B 0C|\"; within:one; sid:1;)";
+        "content:\"|09 0A 0B 0C|\"; within:one; dsize:>1; sid:1;)";
 
     if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
         result = 0;
@@ -1171,7 +1171,7 @@ static int PayloadTestSig23(void)
         "content:\"|01 02 03 04|\"; "
         "byte_extract:1,2,one,string,dec,relative; "
         "byte_extract:1,3,two,string,dec,relative; "
-        "byte_test:1,=,one,two,string,dec,relative; sid:1;)";
+        "byte_test:1,=,one,two,string,dec,relative; dsize:>1; sid:1;)";
 
     if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
         result = 0;
@@ -1201,7 +1201,7 @@ static int PayloadTestSig24(void)
         "content:\"|01 02 03 04|\"; "
         "byte_extract:1,2,one,string,dec,relative; "
         "byte_jump:1,one,string,dec,relative; "
-        "content:\"|0D 0E 0F|\"; distance:0; sid:1;)";
+        "content:\"|0D 0E 0F|\"; distance:0; dsize:>1; sid:1;)";
 
     if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
         result = 0;
diff --git a/src/detect-engine-port.c b/src/detect-engine-port.c
index 53181dfa1a..e4a130ad4d 100644
--- a/src/detect-engine-port.c
+++ b/src/detect-engine-port.c
@@ -2286,7 +2286,7 @@ int PortTestMatchRealWrp(char *sig, uint32_t sid) {
 int PortTestMatchReal01()
 {
     /* tcp.sport=47370 tcp.dport=80 */
-    char *sig = "alert tcp any any -> any 80 (msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
+    char *sig = "alert tcp any any -> any 80 (msg:\"Nothing..\"; content:\"GET\"; dsize:>1; sid:1;)";
     return PortTestMatchRealWrp(sig, 1);
 }
 
@@ -2296,7 +2296,7 @@ int PortTestMatchReal01()
 int PortTestMatchReal02()
 {
     char *sig = "alert tcp any 47370 -> any any (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return PortTestMatchRealWrp(sig, 1);
 }
 
@@ -2306,7 +2306,7 @@ int PortTestMatchReal02()
 int PortTestMatchReal03()
 {
     char *sig = "alert tcp any 47370 -> any 80 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return PortTestMatchRealWrp(sig, 1);
 }
 
@@ -2316,7 +2316,7 @@ int PortTestMatchReal03()
 int PortTestMatchReal04()
 {
     char *sig = "alert tcp any any -> any !80 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }
 
@@ -2326,7 +2326,7 @@ int PortTestMatchReal04()
 int PortTestMatchReal05()
 {
     char *sig = "alert tcp any !47370 -> any any (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }
 
@@ -2336,7 +2336,7 @@ int PortTestMatchReal05()
 int PortTestMatchReal06()
 {
     char *sig = "alert tcp any !47370 -> any !80 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }
 
@@ -2346,7 +2346,7 @@ int PortTestMatchReal06()
 int PortTestMatchReal07()
 {
     char *sig = "alert tcp any any -> any 70:100 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return PortTestMatchRealWrp(sig, 1);
 }
 
@@ -2356,7 +2356,7 @@ int PortTestMatchReal07()
 int PortTestMatchReal08()
 {
     char *sig = "alert tcp any 47000:50000 -> any any (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return PortTestMatchRealWrp(sig, 1);
 }
 
@@ -2366,7 +2366,7 @@ int PortTestMatchReal08()
 int PortTestMatchReal09()
 {
     char *sig = "alert tcp any 47000:50000 -> any 70:100 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return PortTestMatchRealWrp(sig, 1);
 }
 
@@ -2376,7 +2376,7 @@ int PortTestMatchReal09()
 int PortTestMatchReal10()
 {
     char *sig = "alert tcp any any -> any !70:100 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }
 
@@ -2386,7 +2386,7 @@ int PortTestMatchReal10()
 int PortTestMatchReal11()
 {
     char *sig = "alert tcp any !47000:50000 -> any any (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }
 
@@ -2396,7 +2396,7 @@ int PortTestMatchReal11()
 int PortTestMatchReal12()
 {
     char *sig = "alert tcp any !47000:50000 -> any !70:100 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }
 
@@ -2406,7 +2406,7 @@ int PortTestMatchReal12()
 int PortTestMatchReal13()
 {
     char *sig = "alert tcp any 47000:50000 -> any !81: (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return PortTestMatchRealWrp(sig, 1);
 }
 
@@ -2416,7 +2416,7 @@ int PortTestMatchReal13()
 int PortTestMatchReal14()
 {
     char *sig = "alert tcp any !48000:50000 -> any :100 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return PortTestMatchRealWrp(sig, 1);
 }
 
@@ -2426,7 +2426,7 @@ int PortTestMatchReal14()
 int PortTestMatchReal15()
 {
     char *sig = "alert tcp any :50000 -> any 81:100 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }
 
@@ -2436,7 +2436,7 @@ int PortTestMatchReal15()
 int PortTestMatchReal16()
 {
     char *sig = "alert tcp any 100: -> any ![0:79,81:65535] (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return PortTestMatchRealWrp(sig, 1);
 }
 
@@ -2446,7 +2446,7 @@ int PortTestMatchReal16()
 int PortTestMatchReal17()
 {
     char *sig = "alert tcp any ![0:39999,48000:50000] -> any ![0:80,82:65535] "
-                "(msg:\"Nothing..\"; content:\"GET\"; sid:1;)";
+                "(msg:\"Nothing..\"; content:\"GET\"; dsize:>1; sid:1;)";
     return (PortTestMatchRealWrp(sig, 1) == 0)? 1 : 0;
 }
 
@@ -2456,7 +2456,7 @@ int PortTestMatchReal17()
 int PortTestMatchReal18()
 {
     char *sig = "alert tcp any ![0:39999,48000:50000] -> any 80 (msg:\"Nothing"
-                " at all\"; content:\"GET\"; sid:1;)";
+                " at all\"; content:\"GET\"; dsize:>1; sid:1;)";
     return PortTestMatchRealWrp(sig, 1);
 }
 
@@ -2466,7 +2466,7 @@ int PortTestMatchReal18()
 int PortTestMatchReal19()
 {
     char *sig = "alert tcp any any -> any 80 (msg:\"Nothing..\";"
-                " content:\"GET\"; sid:1;)";
+                " content:\"GET\"; dsize:>1; sid:1;)";
     return PortTestMatchRealWrp(sig, 1);
 }
 
diff --git a/src/detect-fast-pattern.c b/src/detect-fast-pattern.c
index 19c0b5228e..84d711e47c 100644
--- a/src/detect-fast-pattern.c
+++ b/src/detect-fast-pattern.c
@@ -1015,12 +1015,12 @@ int DetectFastPatternTest14(void)
     de_ctx->flags |= DE_QUIET;
 
     de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
-                               "(msg:\"fast_pattern test\"; content:\"strings_string5\"; content:\"knight\"; fast_pattern; sid:1;)");
+                               "(msg:\"fast_pattern test\"; content:\"strings_string5\"; content:\"knight\"; fast_pattern; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL)
         goto end;
 
     de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any "
-                                     "(msg:\"test different content\"; content:\"Dummy is our name\"; sid:2;)");
+                                     "(msg:\"test different content\"; content:\"Dummy is our name\"; dsize:>1; sid:2;)");
     if (de_ctx->sig_list->next == NULL)
         goto end;
 
diff --git a/src/detect-flowint.c b/src/detect-flowint.c
index 3703196f2b..22f8241e23 100644
--- a/src/detect-flowint.c
+++ b/src/detect-flowint.c
@@ -1391,11 +1391,11 @@ int DetectFlowintTestPacket01Real()
     de_ctx->flags |= DE_QUIET;
 
     /* Now that we have the array of packets for the flow, prepare the signatures */
-    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Setting a flowint counter\"; content:\"GET\"; flowint:myvar,=,1; flowint:maxvar,=,6; sid:101;)");
+    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Setting a flowint counter\"; content:\"GET\"; flowint:myvar,=,1; flowint:maxvar,=,6; dsize:>1; sid:101;)");
 
-    de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Adding to flowint counter\"; content:\"Unauthorized\"; flowint: myvar,+,2; sid:102;)");
+    de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Adding to flowint counter\"; content:\"Unauthorized\"; flowint: myvar,+,2; dsize:>1; sid:102;)");
 
-    de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar,==,3; flowint: cntpackets, =, 0; sid:103;)");
+    de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar,==,3; flowint: cntpackets, =, 0; dsize:>1; sid:103;)");
 
     de_ctx->sig_list->next->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"and count the rest of the packets received without generating alerts!!!\"; flowint: myvar,==,3; flowint: cntpackets, +, 1; noalert;sid:104;)");
 
@@ -1736,7 +1736,7 @@ int DetectFlowintTestPacket02Real()
 
     de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Adding to flowint counter\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: myvar,+,2; sid:102;)");
 
-    de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar, isset; flowint: myvar,==,3; flowint:cntpackets,notset; flowint: cntpackets, =, 0; sid:103;)");
+    de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"if the flowint counter is 3 create a new counter\"; content:\"Unauthorized\"; flowint: myvar, isset; flowint: myvar,==,3; flowint:cntpackets,notset; flowint: cntpackets, =, 0; dsize:>1; sid:103;)");
 
     de_ctx->sig_list->next->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"and count the rest of the packets received without generating alerts!!!\"; flowint: cntpackets,isset; flowint: cntpackets, +, 1; noalert;sid:104;)");
 
@@ -2076,11 +2076,11 @@ int DetectFlowintTestPacket03Real()
     de_ctx->flags |= DE_QUIET;
 
     /* Now that we have the array of packets for the flow, prepare the signatures */
-    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check notset\"; content:\"GET\"; flowint: myvar, notset; flowint: myvar,=,0; flowint: other,=,10; sid:101;)");
+    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check notset\"; content:\"GET\"; flowint: myvar, notset; flowint: myvar,=,0; flowint: other,=,10; dsize:>1; sid:101;)");
 
-    de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check isset\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: other,isset; sid:102;)");
+    de_ctx->sig_list->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check isset\"; content:\"Unauthorized\"; flowint:myvar,isset; flowint: other,isset; dsize:>1; sid:102;)");
 
-    de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check notset\"; content:\"Unauthorized\"; flowint:lala,isset; sid:103;)");
+    de_ctx->sig_list->next->next = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"check notset\"; content:\"Unauthorized\"; flowint:lala,isset; dsize:>1; sid:103;)");
 
     de_ctx->sig_list->next->next->next = NULL;
 
diff --git a/src/detect-isdataat.c b/src/detect-isdataat.c
index 9a21bc3325..dbf7f00a6e 100644
--- a/src/detect-isdataat.c
+++ b/src/detect-isdataat.c
@@ -1028,10 +1028,10 @@ int DetectIsdataatTestPacket01 (void) {
 
     char *sigs[5];
     sigs[0]= "alert ip any any -> any any (msg:\"Testing window 1\"; isdataat:6; sid:1;)";
-    sigs[1]= "alert ip any any -> any any (msg:\"Testing window 2\"; content:\"all\"; isdataat:1, relative; isdataat:6; sid:2;)";
+    sigs[1]= "alert ip any any -> any any (msg:\"Testing window 2\"; content:\"all\"; isdataat:1, relative; isdataat:6; dsize:>1; sid:2;)";
     sigs[2]= "alert ip any any -> any any (msg:\"Testing window 3\"; isdataat:8; sid:3;)";
-    sigs[3]= "alert ip any any -> any any (msg:\"Testing window 4\"; content:\"Hi\"; isdataat:5, relative; sid:4;)";
-    sigs[4]= "alert ip any any -> any any (msg:\"Testing window 4\"; content:\"Hi\"; isdataat:6, relative; sid:5;)";
+    sigs[3]= "alert ip any any -> any any (msg:\"Testing window 4\"; content:\"Hi\"; isdataat:5, relative; dsize:>1; sid:4;)";
+    sigs[4]= "alert ip any any -> any any (msg:\"Testing window 4\"; content:\"Hi\"; isdataat:6, relative; dsize:>1; sid:5;)";
 
     uint32_t sid[5] = {1, 2, 3, 4, 5};
 
diff --git a/src/detect-parse.c b/src/detect-parse.c
index 2a7bf55df8..7cece5d21e 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1352,20 +1352,15 @@ static int SigValidate(Signature *s) {
     }
 
     if (s->flags & SIG_FLAG_REQUIRE_PACKET) {
-        if (s->alproto != ALPROTO_UNKNOWN) {
-            SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature combines packet "
-                    "specific matches (like dsize, flags, ttl) with stream / "
-                    "state matching by matching on app layer proto (like http).");
-            SCReturnInt(0);
-        }
-
         if (s->sm_lists_tail[DETECT_SM_LIST_UMATCH] ||
-                s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH] ||
-                s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH] ||
-                s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH]  ||
-                s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH] ||
-                s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH]  ||
-                s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH])
+            s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH] ||
+            s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH] ||
+            s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH]  ||
+            s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH] ||
+            s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH]  ||
+            s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH] ||
+            s->sm_lists_tail[DETECT_SM_LIST_DMATCH] ||
+            s->sm_lists_tail[DETECT_SM_LIST_AMATCH])
         {
             SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature combines packet "
                     "specific matches (like dsize, flags, ttl) with stream / "
@@ -1373,22 +1368,6 @@ static int SigValidate(Signature *s) {
                     "http_* keywords).");
             SCReturnInt(0);
         }
-
-        SigMatch *pm =  SigMatchGetLastSMFromLists(s, 14,
-                DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
-                DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
-                DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
-                DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
-                DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
-                DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
-                DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH]);
-        if (pm != NULL) {
-            SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature has"
-                    " replace keyword linked with a modified content"
-                    " keyword (http_*, dce_*). It only supports content on"
-                    " raw payload");
-            SCReturnInt(0);
-        }
     }
 
     SCReturnInt(1);
diff --git a/src/detect-replace.c b/src/detect-replace.c
index c9df018e52..d65764268f 100644
--- a/src/detect-replace.c
+++ b/src/detect-replace.c
@@ -378,9 +378,9 @@ int DetectReplaceLongPatternMatchTestUDPWrp(char *sig, uint32_t sid, char *sig_r
 int DetectReplaceMatchTest01()
 {
     char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"big\"; replace:\"pig\"; sid:1;)";
+                " content:\"big\"; replace:\"pig\"; dsize:>1; sid:1;)";
     char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"this is a pig test\"; sid:2;)";
+                " content:\"this is a pig test\"; dsize:>1; sid:2;)";
     return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }
 
@@ -390,9 +390,9 @@ int DetectReplaceMatchTest01()
 int DetectReplaceMatchTest02()
 {
     char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"th\"; offset: 4; replace:\"TH\"; sid:1;)";
+                " content:\"th\"; offset: 4; replace:\"TH\"; dsize:>1; sid:1;)";
     char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"THis\"; offset:4; sid:2;)";
+                " content:\"THis\"; offset:4; dsize:>1; sid:2;)";
     return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }
 
@@ -402,9 +402,9 @@ int DetectReplaceMatchTest02()
 int DetectReplaceMatchTest03()
 {
     char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"th\"; replace:\"TH\"; offset: 4; sid:1;)";
+                " content:\"th\"; replace:\"TH\"; offset: 4; dsize:>1; sid:1;)";
     char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"THis\"; offset:4; sid:2;)";
+                " content:\"THis\"; offset:4; dsize:>1; sid:2;)";
     return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }
 
@@ -414,9 +414,9 @@ int DetectReplaceMatchTest03()
 int DetectReplaceMatchTest04()
 {
     char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"th\"; replace:\"TH\"; content:\"patter\"; replace:\"matter\"; sid:1;)";
+                " content:\"th\"; replace:\"TH\"; content:\"patter\"; replace:\"matter\"; dsize:>1; sid:1;)";
     char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"THis\"; content:\"matterns\"; sid:2;)";
+                " content:\"THis\"; content:\"matterns\"; dsize:>1; sid:2;)";
     return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }
 
@@ -451,9 +451,9 @@ int DetectReplaceMatchTest06()
 int DetectReplaceMatchTest07()
 {
     char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"BiG\"; nocase; replace:\"pig\"; sid:1;)";
+                " content:\"BiG\"; nocase; replace:\"pig\"; dsize:>1; sid:1;)";
     char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"this is a pig test\"; sid:2;)";
+                " content:\"this is a pig test\"; dsize:>1; sid:2;)";
     return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }
 
@@ -463,9 +463,9 @@ int DetectReplaceMatchTest07()
 int DetectReplaceMatchTest08()
 {
     char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"big\"; depth:17; replace:\"pig\"; sid:1;)";
+                " content:\"big\"; depth:17; replace:\"pig\"; dsize:>1; sid:1;)";
     char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"this is a pig test\"; sid:2;)";
+                " content:\"this is a pig test\"; dsize:>1; sid:2;)";
     return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }
 
@@ -487,9 +487,9 @@ int DetectReplaceMatchTest09()
 int DetectReplaceMatchTest10()
 {
     char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"big\"; depth:17; replace:\"pig\"; offset: 14; sid:1;)";
+                " content:\"big\"; depth:17; replace:\"pig\"; offset: 14; dsize:>1; sid:1;)";
     char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"pig\"; depth:17; offset:14; sid:2;)";
+                " content:\"pig\"; depth:17; offset:14; dsize:>1; sid:2;)";
     return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }
 
@@ -499,9 +499,9 @@ int DetectReplaceMatchTest10()
 int DetectReplaceMatchTest11()
 {
     char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"big\"; replace:\"pig\"; content:\"to\"; within: 11; sid:1;)";
+                " content:\"big\"; replace:\"pig\"; content:\"to\"; within: 11; dsize:>1; sid:1;)";
     char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"pig\"; depth:17; offset:14; sid:2;)";
+                " content:\"pig\"; depth:17; offset:14; dsize:>1; sid:2;)";
     return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }
 
@@ -523,9 +523,9 @@ int DetectReplaceMatchTest12()
 int DetectReplaceMatchTest13()
 {
     char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
-                " content:\"big\"; replace:\"pig\"; content:\"test\"; distance: 1; sid:1;)";
+                " content:\"big\"; replace:\"pig\"; content:\"test\"; distance: 1; dsize:>1; sid:1;)";
     char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
-                " content:\"pig\"; depth:17; offset:14; sid:2;)";
+                " content:\"pig\"; depth:17; offset:14; dsize:>1; sid:2;)";
     return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
 }
 
@@ -547,9 +547,9 @@ int DetectReplaceMatchTest14()
 int DetectReplaceMatchTest15()
 {
     char *sig = "alert udp any any -> any any (msg:\"Nothing..\";"
-                " content:\"com\"; replace:\"org\"; sid:1;)";
+                " content:\"com\"; replace:\"org\"; dsize:>1; sid:1;)";
     char *sig_rep = "alert udp any any -> any any (msg:\"replace worked\";"
-                " content:\"twimg|03|org\"; sid:2;)";
+                " content:\"twimg|03|org\"; dsize:>1; sid:2;)";
     return DetectReplaceLongPatternMatchTestUDPWrp(sig, 1, sig_rep, 2);
 }
 
@@ -599,7 +599,7 @@ int DetectReplaceParseTest02(void)
     de_ctx->sig_list = SigInit(de_ctx,
                                "alert http any any -> any any "
                                "(msg:\"test\"; content:\"doh\"; replace:\"bon\"; sid:238012;)");
-    if (de_ctx->sig_list != NULL) {
+    if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
     }
@@ -786,11 +786,11 @@ void DetectReplaceRegisterTests(void)
     UtRegisterTest("DetectReplaceMatchTest15", DetectReplaceMatchTest15, 1);
 /* parsing */
     UtRegisterTest("DetectReplaceParseTest01", DetectReplaceParseTest01, 1);
-    UtRegisterTest("DetectReplaceParseTest02", DetectReplaceParseTest02, 0);
-    UtRegisterTest("DetectReplaceParseTest03", DetectReplaceParseTest03, 0);
+    UtRegisterTest("DetectReplaceParseTest02", DetectReplaceParseTest02, 1);
+    UtRegisterTest("DetectReplaceParseTest03", DetectReplaceParseTest03, 1);
     UtRegisterTest("DetectReplaceParseTest04", DetectReplaceParseTest04, 1);
     UtRegisterTest("DetectReplaceParseTest05", DetectReplaceParseTest05, 1);
     UtRegisterTest("DetectReplaceParseTest06", DetectReplaceParseTest06, 1);
-    UtRegisterTest("DetectReplaceParseTest07", DetectReplaceParseTest07, 0);
+    UtRegisterTest("DetectReplaceParseTest07", DetectReplaceParseTest07, 1);
 #endif /* UNITTESTS */
 }
diff --git a/src/detect-threshold.c b/src/detect-threshold.c
index a6be04d20f..f4c1bb8c42 100644
--- a/src/detect-threshold.c
+++ b/src/detect-threshold.c
@@ -411,7 +411,7 @@ static int DetectThresholdTestSig1(void) {
 
     de_ctx->flags |= DE_QUIET;
 
-    s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 80 (msg:\"Threshold limit\"; content:\"A\"; threshold: type limit, track by_dst, count 5, seconds 60; sid:1;)");
+    s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 80 (msg:\"Threshold limit\"; content:\"A\"; threshold: type limit, track by_dst, count 5, seconds 60; dsize:>0; sid:1;)");
     if (s == NULL) {
         goto end;
     }
diff --git a/src/detect-within.c b/src/detect-within.c
index 0b9b4ba76b..6863ac0b3b 100644
--- a/src/detect-within.c
+++ b/src/detect-within.c
@@ -872,7 +872,7 @@ int DetectWithinTestPacket01 (void) {
 
     char sig[] = "alert tcp any any -> any any (msg:\"pcre with within "
                  "modifier\"; pcre:\"/AllWorkAndNoPlayMakesWillADullBoy/\";"
-                 " content:\"HTTP\"; within:5; sid:49; rev:1;)";
+                 " content:\"HTTP\"; within:5; dsize:>1; sid:49; rev:1;)";
 
     result = UTHPacketMatchSig(p, sig);
 
@@ -893,7 +893,7 @@ int DetectWithinTestPacket02 (void) {
         goto end;
 
     char sig[] = "alert tcp any any -> any any (msg:\"pcre with within "
-                 "modifier\"; content:\"Five\"; content:\"Ten\"; within:3; distance:1; sid:1;)";
+                 "modifier\"; content:\"Five\"; content:\"Ten\"; within:3; distance:1; dsize:>1; sid:1;)";
 
     result = UTHPacketMatchSig(p, sig);
 
diff --git a/src/detect.c b/src/detect.c
index 2486001355..cea21e9f3b 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -1692,7 +1692,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
                     /* Limit the number of times we do this recursive thing.
                      * XXX is this a sane limit? Should it be configurable? */
                     if (recursion_cnt == 10)
-                        goto done;
+                        goto next;
                 } while (rmatch);
 
             } else {
@@ -1729,9 +1729,6 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
     next:
         RULE_PROFILING_END(s, match);
         continue;
-    done:
-        RULE_PROFILING_END(s, match);
-        break;
     }
     PACKET_PROFILING_DETECT_END(p, PROF_DETECT_RULES);
 
@@ -4416,7 +4413,7 @@ static int SigTest01Real (int mpm_type) {
     Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
     int result = 0;
 
-    char sig[] = "alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)";
+    char sig[] = "alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; dsize:>1; sid:1;)";
     if (UTHPacketMatchSigMpm(p, sig, mpm_type) == 0) {
         result = 0;
         goto end;
@@ -4461,7 +4458,7 @@ static int SigTest02Real (int mpm_type) {
                     "\r\n\r\n";
     uint16_t buflen = strlen((char *)buf);
     Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
-    char sig[] = "alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host: one.example.org\"; offset:20; depth:41; sid:1;)";
+    char sig[] = "alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host: one.example.org\"; offset:20; depth:41; dsize:>1; sid:1;)";
     int ret = UTHPacketMatchSigMpm(p, sig, mpm_type);
     UTHFreePacket(p);
     return ret;
@@ -4504,7 +4501,7 @@ static int SigTest03Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host: one.example.org\"; offset:20; depth:39; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host: one.example.org\"; offset:20; depth:39; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -4566,7 +4563,7 @@ static int SigTest04Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host:\"; offset:20; depth:25; content:\"Host:\"; distance:42; within:47; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host:\"; offset:20; depth:25; content:\"Host:\"; distance:42; within:47; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -4625,7 +4622,7 @@ static int SigTest05Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host:\"; offset:20; depth:25; content:\"Host:\"; distance:48; within:52; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"Host:\"; offset:20; depth:25; content:\"Host:\"; distance:48; within:52; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         printf("sig parse failed: ");
         goto end;
@@ -4704,7 +4701,7 @@ static int SigTest06Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; dsize:>1; recursive; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -4800,7 +4797,7 @@ static int SigTest07Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -4896,7 +4893,7 @@ static int SigTest08Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/1\\.0\\r\\n/G\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/1\\.0\\r\\n/G\"; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -4992,7 +4989,7 @@ static int SigTest09Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/1\\.0\\r\\n/G\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/1\\.0\\r\\n/G\"; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -5080,12 +5077,12 @@ static int SigTest10Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Long content test (1)\"; content:\"ABCD\"; depth:4; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Long content test (1)\"; content:\"ABCD\"; depth:4; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
     }
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Long content test (2)\"; content:\"VWXYZ\"; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Long content test (2)\"; content:\"VWXYZ\"; dsize:>1; sid:2;)");
     if (de_ctx->sig_list->next == NULL) {
         result = 0;
         goto end;
@@ -5167,11 +5164,11 @@ static int SigTest11Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (content:\"ABCDEFGHIJ\"; content:\"klmnop\"; content:\"1234\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (content:\"ABCDEFGHIJ\"; content:\"klmnop\"; content:\"1234\"; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         goto end;
     }
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (content:\"VWXYZabcde\"; content:\"5678\"; content:\"89\"; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (content:\"VWXYZabcde\"; content:\"5678\"; content:\"89\"; dsize:>1; sid:2;)");
     if (de_ctx->sig_list->next == NULL) {
         goto end;
     }
@@ -5232,7 +5229,7 @@ static int SigTest12Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Content order test\"; content:\"ABCDEFGHIJ\"; content:\"klmnop\"; content:\"1234\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Content order test\"; content:\"ABCDEFGHIJ\"; content:\"klmnop\"; content:\"1234\"; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -5297,7 +5294,7 @@ static int SigTest13Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Content order test\"; content:\"ABCDEFGHIJ\"; content:\"1234\"; content:\"klmnop\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Content order test\"; content:\"ABCDEFGHIJ\"; content:\"1234\"; content:\"klmnop\"; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -5353,7 +5350,7 @@ static int SigTest14Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Content order test\"; content:\"ABCDEFGHIJ\"; content:\"1234\"; content:\"klmnop\"; distance:0; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Content order test\"; content:\"ABCDEFGHIJ\"; content:\"1234\"; content:\"klmnop\"; distance:0; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -5421,7 +5418,7 @@ static int SigTest15Real (int mpm_type) {
 
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any !$HTTP_PORTS (msg:\"ET POLICY Inbound HTTP CONNECT Attempt on Off-Port\"; content:\"CONNECT \"; nocase; depth:8; content:\" HTTP/1.\"; nocase; within:1000; sid:2008284; rev:2;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any !$HTTP_PORTS (msg:\"ET POLICY Inbound HTTP CONNECT Attempt on Off-Port\"; content:\"CONNECT \"; nocase; depth:8; content:\" HTTP/1.\"; nocase; within:1000; sid:2008284; dsize:>1; rev:2;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -5484,7 +5481,7 @@ static int SigTest16Real (int mpm_type) {
 
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any !$HTTP_PORTS (msg:\"ET POLICY Inbound HTTP CONNECT Attempt on Off-Port\"; content:\"CONNECT \"; nocase; depth:8; content:\" HTTP/1.\"; nocase; within:1000; sid:2008284; rev:2;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any !$HTTP_PORTS (msg:\"ET POLICY Inbound HTTP CONNECT Attempt on Off-Port\"; content:\"CONNECT \"; nocase; depth:8; content:\" HTTP/1.\"; nocase; within:1000; dsize:>1; sid:2008284; rev:2;)");
     if (de_ctx->sig_list == NULL) {
         goto end;
     }
@@ -5548,7 +5545,7 @@ static int SigTest17Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP host cap\"; content:\"Host:\"; pcre:\"/^Host: (?P<pkt_http_host>.*)\\r\\n/m\"; noalert; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP host cap\"; content:\"Host:\"; pcre:\"/^Host: (?P<pkt_http_host>.*)\\r\\n/m\"; noalert; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -5626,7 +5623,7 @@ static int SigTest18Real (int mpm_type) {
 
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any !21:902 -> any any (msg:\"ET MALWARE Suspicious 220 Banner on Local Port\"; content:\"220\"; offset:0; depth:4; pcre:\"/220[- ]/\"; sid:2003055; rev:4;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any !21:902 -> any any (msg:\"ET MALWARE Suspicious 220 Banner on Local Port\"; content:\"220\"; offset:0; depth:4; pcre:\"/220[- ]/\"; dsize:>1; sid:2003055; rev:4;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -5842,12 +5839,12 @@ static int SigTest21Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT SET\"; content:\"/one/\"; flowbits:set,TEST.one; flowbits:noalert; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT SET\"; content:\"/one/\"; flowbits:set,TEST.one; flowbits:noalert; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
     }
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT TEST\"; content:\"/two/\"; flowbits:isset,TEST.one; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT TEST\"; content:\"/two/\"; flowbits:isset,TEST.one; dsize:>1; sid:2;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -5932,12 +5929,12 @@ static int SigTest22Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT SET\"; content:\"/one/\"; flowbits:set,TEST.one; flowbits:noalert; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT SET\"; content:\"/one/\"; flowbits:set,TEST.one; flowbits:noalert; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
     }
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT TEST\"; content:\"/two/\"; flowbits:isset,TEST.abc; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT TEST\"; content:\"/two/\"; flowbits:isset,TEST.abc; dsize:>1; sid:2;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -6018,12 +6015,12 @@ static int SigTest23Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT SET\"; content:\"/one/\"; flowbits:toggle,TEST.one; flowbits:noalert; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT SET\"; content:\"/one/\"; flowbits:toggle,TEST.one; flowbits:noalert; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
     }
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT TEST\"; content:\"/two/\"; flowbits:isset,TEST.one; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"FLOWBIT TEST\"; content:\"/two/\"; flowbits:isset,TEST.one; dsize:>1; sid:2;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -6123,7 +6120,7 @@ int SigTest24IPV4Keyword(void)
 
     de_ctx->sig_list = SigInit(de_ctx,
             "alert ip any any -> any any "
-            "(content:\"/one/\"; ipv4-csum:valid; "
+            "(content:\"/one/\"; ipv4-csum:valid; dsize:>1; "
             "msg:\"ipv4-csum keyword check(1)\"; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         printf("sig 1 parse: ");
@@ -6132,7 +6129,7 @@ int SigTest24IPV4Keyword(void)
 
     de_ctx->sig_list->next = SigInit(de_ctx,
             "alert ip any any -> any any "
-            "(content:\"/one/\"; ipv4-csum:invalid; "
+            "(content:\"/one/\"; ipv4-csum:invalid; dsize:>1; "
             "msg:\"ipv4-csum keyword check(1)\"; "
             "sid:2;)");
     if (de_ctx->sig_list->next == NULL) {
@@ -6227,7 +6224,7 @@ int SigTest25NegativeIPV4Keyword(void)
 
     de_ctx->sig_list = SigInit(de_ctx,
                                "alert ip any any -> any any "
-                               "(content:\"/one/\"; ipv4-csum:invalid; "
+                               "(content:\"/one/\"; ipv4-csum:invalid; dsize:>1; "
                                "msg:\"ipv4-csum keyword check(1)\"; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result &= 0;
@@ -6236,7 +6233,7 @@ int SigTest25NegativeIPV4Keyword(void)
 
     de_ctx->sig_list->next = SigInit(de_ctx,
                                      "alert ip any any -> any any "
-                                     "(content:\"/one/\"; ipv4-csum:valid; "
+                                     "(content:\"/one/\"; ipv4-csum:valid; dsize:>1; "
                                      "msg:\"ipv4-csum keyword check(1)\"; "
                                      "sid:2;)");
     if (de_ctx->sig_list->next == NULL) {
@@ -6349,7 +6346,7 @@ int SigTest26TCPV4Keyword(void)
 
     de_ctx->sig_list->next = SigInit(de_ctx,
                                      "alert ip any any -> any any "
-                                     "(content:\"|DE 01 03|\"; tcpv4-csum:invalid; "
+                                     "(content:\"|DE 01 03|\"; tcpv4-csum:invalid; dsize:>1; "
                                      "msg:\"tcpv4-csum keyword check(1)\"; "
                                      "sid:2;)");
     if (de_ctx->sig_list->next == NULL) {
@@ -6820,7 +6817,7 @@ int SigTest30UDPV4Keyword(void)
 
     de_ctx->sig_list = SigInit(de_ctx,
                                "alert udp any any -> any any "
-                               "(content:\"/one/\"; udpv4-csum:valid; "
+                               "(content:\"/one/\"; udpv4-csum:valid; dsize:>1; "
                                "msg:\"udpv4-csum keyword check(1)\"; "
                                "sid:1;)");
     if (de_ctx->sig_list == NULL) {
@@ -6830,7 +6827,7 @@ int SigTest30UDPV4Keyword(void)
 
     de_ctx->sig_list->next = SigInit(de_ctx,
                                      "alert udp any any -> any any "
-                                     "(content:\"/one/\"; udpv4-csum:invalid; "
+                                     "(content:\"/one/\"; udpv4-csum:invalid; dsize:>1; "
                                      "msg:\"udpv4-csum keyword check(1)\"; "
                                      "sid:2;)");
     if (de_ctx->sig_list->next == NULL) {
@@ -7062,7 +7059,7 @@ int SigTest32UDPV6Keyword(void)
 
     de_ctx->sig_list = SigInit(de_ctx,
                                "alert udp any any -> any any "
-                               "(content:\"/one/\"; udpv6-csum:valid; "
+                               "(content:\"/one/\"; udpv6-csum:valid; dsize:>1; "
                                "msg:\"udpv6-csum keyword check(1)\"; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result &= 0;
@@ -7071,7 +7068,7 @@ int SigTest32UDPV6Keyword(void)
 
     de_ctx->sig_list->next = SigInit(de_ctx,
                                      "alert udp any any -> any any "
-                                     "(content:\"/one/\"; udpv6-csum:invalid; "
+                                     "(content:\"/one/\"; udpv6-csum:invalid; dsize:>1; "
                                      "msg:\"udpv6-csum keyword check(1)\"; "
                                      "sid:2;)");
     if (de_ctx->sig_list->next == NULL) {
@@ -7300,7 +7297,7 @@ int SigTest34ICMPV4Keyword(void)
     de_ctx->sig_list = SigInit(de_ctx,
                                "alert icmp any any -> any any "
                                "(content:\"/one/\"; icmpv4-csum:valid; "
-                               "msg:\"icmpv4-csum keyword check(1)\"; sid:1;)");
+                               "msg:\"icmpv4-csum keyword check(1)\"; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result &= 0;
         goto end;
@@ -7309,7 +7306,7 @@ int SigTest34ICMPV4Keyword(void)
     de_ctx->sig_list->next = SigInit(de_ctx,
                                      "alert icmp any any -> any any "
                                      "(content:\"/one/\"; icmpv4-csum:invalid; "
-                                     "msg:\"icmpv4-csum keyword check(1)\"; "
+                                     "msg:\"icmpv4-csum keyword check(1)\"; dsize:>1; "
                                      "sid:2;)");
     if (de_ctx->sig_list->next == NULL) {
         result = 0;
@@ -7807,7 +7804,7 @@ int SigTest38Real(int mpm_type)
     de_ctx->sig_list = SigInit(de_ctx,
                                "alert tcp any any -> any any "
                                "(content:\"LEN1|20|\"; "
-                               "byte_test:4,=,8,0; "
+                               "byte_test:4,=,8,0; dsize:>1; "
                                "msg:\"byte_test keyword check(1)\"; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result &= 0;
@@ -7816,7 +7813,7 @@ int SigTest38Real(int mpm_type)
     de_ctx->sig_list->next = SigInit(de_ctx,
                                "alert tcp any any -> any any "
                                "(content:\"LEN1|20|\"; "
-                               "byte_test:4,=,8,5,relative,string,dec; "
+                               "byte_test:4,=,8,5,relative,string,dec; dsize:>1; "
                                "msg:\"byte_test keyword check(2)\"; sid:2;)");
     if (de_ctx->sig_list->next == NULL) {
         result &= 0;
@@ -7951,7 +7948,7 @@ int SigTest39Real(int mpm_type)
                                "(content:\"LEN1|20|\"; "
                                "byte_test:4,=,8,0; "
                                "byte_jump:4,0; "
-                               "byte_test:6,=,0x4c454e312038,0,relative; "
+                               "byte_test:6,=,0x4c454e312038,0,relative; dsize:>1; "
                                "msg:\"byte_jump keyword check(1)\"; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result &= 0;
@@ -7963,7 +7960,7 @@ int SigTest39Real(int mpm_type)
                                "(content:\"LEN1|20|\"; "
                                "byte_test:4,=,8,4,relative,string,dec; "
                                "byte_jump:4,4,relative,string,dec,post_offset 2; "
-                               "byte_test:4,=,0x4c454e32,0,relative; "
+                               "byte_test:4,=,0x4c454e32,0,relative; dsize:>1; "
                                "msg:\"byte_jump keyword check(2)\"; sid:2;)");
     if (de_ctx->sig_list->next == NULL) {
         result &= 0;
@@ -8079,7 +8076,7 @@ int SigTest36ContentAndIsdataatKeywords01Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"SigTest36ContentAndIsdataatKeywords01 \"; content:\"HTTP\"; isdataat:404, relative; sid:101;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"SigTest36ContentAndIsdataatKeywords01 \"; content:\"HTTP\"; isdataat:404, relative; dsize:>1; sid:101;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -9290,7 +9287,7 @@ static int SigTestSgh05 (void) {
     de_ctx->flags |= DE_QUIET;
     de_ctx->mpm_matcher = MPM_WUMANBER;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> 1.2.3.4-1.2.3.6 any (msg:\"1\"; content:\"one\"; content:\"1\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> 1.2.3.4-1.2.3.6 any (msg:\"1\"; content:\"one\"; content:\"1\"; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -9345,7 +9342,7 @@ static int SigTestContent01Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -9398,13 +9395,13 @@ static int SigTestContent02Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
     }
 
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 31\"; content:\"0123456789012345678901234567890\"; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 31\"; content:\"0123456789012345678901234567890\"; dsize:>1; sid:2;)");
     if (de_ctx->sig_list->next == NULL) {
         result = 0;
         goto end;
@@ -9461,7 +9458,7 @@ static int SigTestContent03Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -9515,7 +9512,7 @@ static int SigTestContent04Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; within:32; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; within:32; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -9570,12 +9567,12 @@ static int SigTestContent05Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; within:32; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; within:32; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         printf("sig1 parse failed: ");
         goto end;
     }
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:1; within:32; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:1; within:32; dsize:>1; sid:2;)");
     if (de_ctx->sig_list->next == NULL) {
         printf("sig2 parse failed: ");
         goto end;
@@ -9639,12 +9636,12 @@ static int SigTestContent06Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"Test 32 sig1\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; within:32; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"Test 32 sig1\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; within:32; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
     }
-    de_ctx->sig_list->next = SigInit(de_ctx,"alert ip any any -> any any (msg:\"Test 32 sig2\"; content:\"01234567890123456789012345678901\"; content:\"abcdefg\"; sid:2;)");
+    de_ctx->sig_list->next = SigInit(de_ctx,"alert ip any any -> any any (msg:\"Test 32 sig2\"; content:\"01234567890123456789012345678901\"; content:\"abcdefg\"; dsize:>1; sid:2;)");
     if (de_ctx->sig_list->next == NULL) {
         result = 0;
         goto end;
@@ -9799,7 +9796,7 @@ static int SigTestWithinReal01 (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"within test\"; content:\"Hi, this is a big test to check \"; content:\"content matches\"; distance:0; within:15; sid:556;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"within test\"; content:\"Hi, this is a big test to check \"; content:\"content matches\"; distance:0; within:15; dsize:>1; sid:556;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -9926,7 +9923,7 @@ static int SigTestDepthOffset01Real (int mpm_type) {
     de_ctx->mpm_matcher = mpm_type;
     de_ctx->flags |= DE_QUIET;
 
-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"depth offset\"; content:\"456\"; offset:4; depth:3; sid:1;)");
+    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"depth offset\"; content:\"456\"; offset:4; depth:3; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         result = 0;
         goto end;
@@ -9976,7 +9973,7 @@ static int SigTestDetectAlertCounter(void)
     de_ctx->flags |= DE_QUIET;
 
     de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (msg:\"Test counter\"; "
-                               "content:\"boo\"; sid:1;)");
+                               "content:\"boo\"; dsize:>1; sid:1;)");
     if (de_ctx->sig_list == NULL) {
         goto end;
     }
diff --git a/src/log-droplog.c b/src/log-droplog.c
index 7fcd040632..2e3b6fbae7 100644
--- a/src/log-droplog.c
+++ b/src/log-droplog.c
@@ -428,7 +428,7 @@ int LogDropLogTest01()
     SCClassConfDeleteDummyClassificationConfigFD();
 
     de_ctx->sig_list = SigInit(de_ctx, "drop tcp any any -> any any "
-            "(msg:\"LogDropLog test\"; content:\"GET\"; Classtype:unknown; sid:1;)");
+            "(msg:\"LogDropLog test\"; content:\"GET\"; dsize:>1; Classtype:unknown; sid:1;)");
 
     result = (de_ctx->sig_list != NULL);
 
@@ -496,7 +496,7 @@ int LogDropLogTest02()
     SCClassConfDeleteDummyClassificationConfigFD();
 
     de_ctx->sig_list = SigInit(de_ctx, "alert udp any any -> any any "
-            "(msg:\"LogDropLog test\"; content:\"GET\"; Classtype:unknown; sid:1;)");
+            "(msg:\"LogDropLog test\"; content:\"GET\"; dsize:>1; Classtype:unknown; sid:1;)");
 
     result = (de_ctx->sig_list != NULL);
 
diff --git a/src/util-action.c b/src/util-action.c
index 4ba1b47a55..c438014902 100644
--- a/src/util-action.c
+++ b/src/util-action.c
@@ -602,9 +602,9 @@ int UtilActionTest10(void)
         goto end;
 
     char *sigs[3];
-    sigs[0]= "alert ip any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; sid:1;)";
-    sigs[1]= "pass ip any any -> any any (msg:\"sig 2\"; content:\"wo\"; sid:2;)";
-    sigs[2]= "alert ip any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; sid:3;)";
+    sigs[0]= "alert ip any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; dsize:>1; sid:1;)";
+    sigs[1]= "pass ip any any -> any any (msg:\"sig 2\"; content:\"wo\"; dsize:>1; sid:2;)";
+    sigs[2]= "alert ip any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; dsize:>1; sid:3;)";
 
     uint32_t sid[3] = {1, 2, 3};
 
@@ -686,9 +686,9 @@ int UtilActionTest11(void)
         goto end;
 
     char *sigs[3];
-    sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; sid:1;)";
-    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"wo\"; sid:2;)";
-    sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; sid:3;)";
+    sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; dsize:>1; sid:1;)";
+    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"wo\"; dsize:>1; sid:2;)";
+    sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; dsize:>1; sid:3;)";
 
     uint32_t sid[3] = {1, 2, 3};
 
@@ -847,9 +847,9 @@ int UtilActionTest13(void)
         goto end;
 
     char *sigs[3];
-    sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; sid:1;)";
-    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
-    sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; sid:3;)";
+    sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; dsize:>1; sid:1;)";
+    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
+    sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; dsize:>1; sid:3;)";
 
     uint32_t sid[3] = {1, 2, 3};
 
@@ -933,9 +933,9 @@ int UtilActionTest14(void)
         goto end;
 
     char *sigs[3];
-    sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; sid:1;)";
-    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
-    sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; sid:3;)";
+    sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; content:\"Hi all\"; dsize:>1; sid:1;)";
+    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
+    sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; content:\"Hi all\"; dsize:>1; sid:3;)";
 
     uint32_t sid[3] = {1, 2, 3};
 
@@ -1014,7 +1014,7 @@ int UtilActionTest15(void)
 
     char *sigs[3];
     sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
     sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; sid:3;)";
 
     uint32_t sid[3] = {1, 2, 3};
@@ -1089,7 +1089,7 @@ int UtilActionTest16(void)
 
     char *sigs[3];
     sigs[0]= "drop tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "alert tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "alert tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
     sigs[2]= "pass tcp any any -> any any (msg:\"sig 3\"; sid:3;)";
 
     uint32_t sid[3] = {1, 2, 3};
@@ -1164,7 +1164,7 @@ int UtilActionTest17(void)
 
     char *sigs[3];
     sigs[0]= "pass tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "drop tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "drop tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
     sigs[2]= "alert tcp any any -> any any (msg:\"sig 3\"; sid:3;)";
 
     uint32_t sid[3] = {1, 2, 3};
@@ -1244,7 +1244,7 @@ int UtilActionTest18(void)
 
     char *sigs[3];
     sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
     sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; sid:3;)";
 
     uint32_t sid[3] = {1, 2, 3};
@@ -1330,7 +1330,7 @@ int UtilActionTest19(void)
 
     char *sigs[3];
     sigs[0]= "drop tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "alert tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "alert tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
     sigs[2]= "pass tcp any any -> any any (msg:\"sig 3\"; sid:3;)";
 
     uint32_t sid[3] = {1, 2, 3};
@@ -1416,7 +1416,7 @@ int UtilActionTest20(void)
 
     char *sigs[3];
     sigs[0]= "pass tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "drop tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "drop tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
     sigs[2]= "alert tcp any any -> any any (msg:\"sig 3\"; sid:3;)";
 
     uint32_t sid[3] = {1, 2, 3};
@@ -1496,7 +1496,7 @@ int UtilActionTest21(void)
 
     char *sigs[3];
     sigs[0]= "alert tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "pass tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
     sigs[2]= "drop tcp any any -> any any (msg:\"sig 3\"; sid:3;)";
 
     uint32_t sid[3] = {1, 2, 3};
@@ -1582,7 +1582,7 @@ int UtilActionTest22(void)
 
     char *sigs[3];
     sigs[0]= "drop tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "alert tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "alert tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
     sigs[2]= "pass tcp any any -> any any (msg:\"sig 3\"; sid:3;)";
 
     uint32_t sid[3] = {1, 2, 3};
@@ -1668,7 +1668,7 @@ int UtilActionTest23(void)
 
     char *sigs[3];
     sigs[0]= "pass tcp any any -> any any (msg:\"sig 1\"; sid:1;)";
-    sigs[1]= "drop tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; sid:2;)";
+    sigs[1]= "drop tcp any any -> any any (msg:\"sig 2\"; content:\"Hi all\"; dsize:>1; sid:2;)";
     sigs[2]= "alert tcp any any -> any any (msg:\"sig 3\"; sid:3;)";
 
     uint32_t sid[3] = {1, 2, 3};