From b2ec86a196886ef375eb7ac15acb662556ec60b5 Mon Sep 17 00:00:00 2001
From: Anoop Saldanha <poonaatsoc@gmail.com>
Date: Mon, 23 Apr 2012 12:05:49 +0530
Subject: [PATCH 1/5] fix FNs for flow- only_stream and no_stream options

---
 src/detect-flow.c |    8 ++++++++
 src/detect.c      |    3 +++
 src/detect.h      |    1 +
 3 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/src/detect-flow.c b/src/detect-flow.c
index 8147d9f..65fe1de 100644
--- a/src/detect-flow.c
+++ b/src/detect-flow.c
@@ -135,6 +135,14 @@ int DetectFlowMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, S
         cnt++;
     }
 
+    if (det_ctx->flags & DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH) {
+        if (fd->flags & FLOW_PKT_ONLYSTREAM)
+            cnt++;
+    } else {
+        if (fd->flags & FLOW_PKT_NOSTREAM)
+            cnt++;
+    }
+
     int ret = (fd->match_cnt == cnt) ? 1 : 0;
     SCLogDebug("returning %" PRId32 " cnt %" PRIu8 " fd->match_cnt %" PRId32 " fd->flags 0x%02X p->flowflags 0x%02X",
         ret, cnt, fd->match_cnt, fd->flags, p->flowflags);
diff --git a/src/detect.c b/src/detect.c
index 7e97984..098ec36 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -1566,6 +1566,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
                         if (DetectEngineInspectStreamPayload(de_ctx, det_ctx, s, p->flow, smsg_inspect->data.data, smsg_inspect->data.data_len) == 1) {
                             SCLogDebug("match in smsg %p", smsg);
                             pmatch = 1;
+                            det_ctx->flags |= DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH;
                             /* Tell the engine that this reassembled stream can drop the
                              * rest of the pkts with no further inspection */
                             if (s->action & ACTION_DROP)
@@ -1635,6 +1636,8 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
                 }
             }
         }
+        if (det_ctx->flags & DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH)
+            det_ctx->flags &= ~DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH;
 
         SCLogDebug("s->sm_lists[DETECT_SM_LIST_AMATCH] %p, "
                 "s->sm_lists[DETECT_SM_LIST_UMATCH] %p, "
diff --git a/src/detect.h b/src/detect.h
index 4d10669..06fc7de 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -282,6 +282,7 @@ typedef struct DetectPort_ {
 
 #define DETECT_ENGINE_THREAD_CTX_INSPECTING_PACKET 0x0001
 #define DETECT_ENGINE_THREAD_CTX_INSPECTING_STREAM 0x0002
+#define DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH 0x0004
 
 #define FILE_SIG_NEED_FILE          0x01
 #define FILE_SIG_NEED_FILENAME      0x02
-- 
1.7.1