From 689d05b10bd92cbb5a7a4277c2592b95e48dd302 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Wed, 21 Jul 2010 16:36:39 +0200
Subject: [PATCH] Add missing protocol check in the sig matching process. This
 prevents FP's such as the one reported in bug #209.

---
 src/detect.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/detect.c b/src/detect.c
index e1cd46ea36..426b2e6a7a 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -841,6 +841,11 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
         s = det_ctx->match_array[idx];
         SCLogDebug("inspecting signature id %"PRIu32"", s->id);
 
+        if (DetectProtoContainsProto(&s->proto, p->proto) == 0) {
+            SCLogDebug("proto didn't match");
+            goto next;
+        }
+
         /* check the source & dst port in the sig */
         if (p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP) {
             if (!(s->flags & SIG_FLAG_DP_ANY)) {