Suricata

I have this rule in my threshold.conf and noticed that it didn't work as excpected:

event_filter gen_id 0, sig_id 0, type limit, track by_src, count 1, seconds 10

There is a single relevant line in the logs:

[9295] 17/6/2014 -- 18:32:51 - (util-threshold-config.c:473) <Warning> (SetupThresholdRule) -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - signature sid:26645 has an event var set. The signature e
vent var is given precedence over the threshold.conf one. We'll change this in the future though.

While investigating on the possible causes, I stumbled upon the SetupThresholdRule function which applies thresholds to signatures.
When provided with a wildcard threshold (sig_id 0, gid_id 0), SetupThresholdRule iterates on the signature list and applies the threshold rule to every signature.
However, in case of the signature already having a threshold assigned, SetupThresholdRule emits a warning and then exits, breaking the for loop and preventing setting
the threshold for all subsequent signatures in the signature list.

Attached you'll find a patch that replaces "goto end" lines with "continue" causing the loop to continue for subsequent signatures.