From 99686ba6300203577bba3469115849ade9b8aa4a Mon Sep 17 00:00:00 2001
From: Pablo Rincon <pablo.rincon.crespo@gmail.com>
Date: Wed, 30 Jun 2010 15:43:26 +0200
Subject: [PATCH 2/2] Updating the http modifers that cannot be loaded with fast_pattern

---
 src/detect-http-cookie.c |   11 ++++++-----
 src/detect-http-method.c |    8 ++++----
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c
index 55dc807..9fc6489 100644
--- a/src/detect-http-cookie.c
+++ b/src/detect-http-cookie.c
@@ -39,6 +39,7 @@
 #include "flow-util.h"
 
 #include "util-debug.h"
+#include "util-error.h"
 #include "util-unittest.h"
 #include "util-spm.h"
 #include "util-print.h"
@@ -214,7 +215,7 @@ static int DetectHttpCookieSetup (DetectEngineCtx *de_ctx, Signature *s, char *s
 
     SigMatch *pm = DetectContentGetLastPattern(s->pmatch_tail);
     if (pm == NULL) {
-        SCLogWarning(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside "
+        SCLogWarning(SC_ERR_INVALID_SIGNATURE, "http_cookie found inside "
                 "the rule, without a content context.  Please use a "
                 "content keyword before using http_cookie");
         return -1;
@@ -222,10 +223,10 @@ static int DetectHttpCookieSetup (DetectEngineCtx *de_ctx, Signature *s, char *s
 
     /* http_cookie should not be used with the fast_pattern rule */
     if (((DetectContentData *)pm->ctx)->flags & DETECT_CONTENT_FAST_PATTERN) {
-        SCLogError(SC_ERR_INVALID_SIGNATURE, "http_cookie rule can not "
-                "be used with the fast_pattern rule keyword");
-
-        return -1;
+        SCLogWarning(SC_WARN_COMPATIBILITY, "http_cookie rule can not "
+                "be used with the fast_pattern rule keyword. Unsetting fast_pattern"
+                "here");
+        ((DetectContentData *)pm->ctx)->flags &= ~DETECT_CONTENT_FAST_PATTERN;
     /* http_cookie should not be used with the rawbytes rule */
     } else if (((DetectContentData *)pm->ctx)->flags & DETECT_CONTENT_RAWBYTES) {
 
diff --git a/src/detect-http-method.c b/src/detect-http-method.c
index 4236892..a3a0b58 100644
--- a/src/detect-http-method.c
+++ b/src/detect-http-method.c
@@ -177,10 +177,10 @@ static int DetectHttpMethodSetup(DetectEngineCtx *de_ctx, Signature *s, char *st
     /** \todo snort docs only mention rawbytes, not fast_pattern */
     if (((DetectContentData *)pm->ctx)->flags & DETECT_CONTENT_FAST_PATTERN)
     {
-        SCLogError(SC_ERR_INVALID_SIGNATURE,
-                   "http_method cannot be used with \"fast_pattern\"");
-
-        SCReturnInt(-1);
+        SCLogWarning(SC_WARN_COMPATIBILITY,
+                   "http_method cannot be used with \"fast_pattern\" currently."
+                   "Unsetting fast_pattern on this modifier.");
+        ((DetectContentData *)pm->ctx)->flags &= ~DETECT_CONTENT_FAST_PATTERN;
     } else if (((DetectContentData *)pm->ctx)->flags & DETECT_CONTENT_RAWBYTES)
     {
         SCLogError(SC_ERR_INVALID_SIGNATURE,
-- 
1.6.5