Don't match on IP only rules that use ports if packet is not (proper) TCP, UDP or SCTP. Rules out frags matching as well.

14 years ago · 6bad2dbd79
parent 63ed36a892
commit 6bad2dbd79
1 changed files with 7 additions and 0 deletions
--- a/src/detect-engine-iponly.c
+++ b/src/detect-engine-iponly.c
@ -1047,6 +1047,13 @@ void IPOnlyMatchPacket(ThreadVars *tv,
                                continue;
                            }
                        }
+                    } else {
+                        if (!(s->flags & SIG_FLAG_DP_ANY)) {
+                            continue;
+                        }
+                        if (!(s->flags & SIG_FLAG_SP_ANY)) {
+                            continue;
+                        }
                    }

                    if (!IPOnlyMatchCompatSMs(tv, det_ctx, s, p)) {