From cac95010f37d5bdfd34ffd899e9c01134c8646bd Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Mon, 20 Dec 2010 13:13:11 +0100
Subject: [PATCH] Minor unified1-log changes to work around a clang issue, but
 also to clean up the logic slightly.

---
 src/alert-unified-log.c   | 22 ++++++++++++++--------
 src/detect-engine-alert.c | 22 +++++++++++-----------
 2 files changed, 25 insertions(+), 19 deletions(-)

diff --git a/src/alert-unified-log.c b/src/alert-unified-log.c
index 2ee5903fbf..29d3c7d5b8 100644
--- a/src/alert-unified-log.c
+++ b/src/alert-unified-log.c
@@ -192,14 +192,19 @@ TmEcode AlertUnifiedLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
     uint8_t ethh_offset = 0;
     uint8_t buf[80000];
     uint32_t buflen = 0;
-
-    if (p->flags & PKT_HAS_TAG)
-        PacketAlertAppendTag(p, &pa_tag);
+    uint16_t alert_cnt = p->alerts.cnt;
 
     /* the unified1 format only supports IPv4. */
-    if (p->alerts.cnt == 0 || !PKT_IS_IPV4(p))
+    if (alert_cnt == 0 || !PKT_IS_IPV4(p))
         return TM_ECODE_OK;
 
+    /* initialize the pa_tag structure if we have tags */
+    if (p->flags & PKT_HAS_TAG) {
+        PacketAlertAppendTag(p, &pa_tag);
+        /* one extra "alert" to process */
+        alert_cnt++;
+    }
+
     /* if we have no ethernet header (e.g. when using nfq), we have to create
      * one ourselves. */
     if (p->ethh == NULL) {
@@ -214,16 +219,17 @@ TmEcode AlertUnifiedLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
     hdr.pktflags = 0; /* XXX */
     hdr.pktlen = hdr.caplen = p->pktlen + ethh_offset;
 
-
     uint16_t i = 0;
-    for (; i < p->alerts.cnt + 1; i++) {
-        if (i < p->alerts.cnt)
+    for (; i < alert_cnt; i++) {
+        /* if all alerts are processed, do the tag (if any) */
+        if (i < p->alerts.cnt) {
             pa = &p->alerts.alerts[i];
-        else
+        } else {
             if (p->flags & PKT_HAS_TAG)
                 pa = &pa_tag;
             else
                 break;
+        }
 
         /* fill the hdr structure with the data of the alert */
         hdr.sig_gen = pa->gid;
diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c
index 40490404d1..7379f5cf5a 100644
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@@ -177,17 +177,17 @@ int PacketAlertAppend(DetectEngineThreadCtx *det_ctx, Signature *s, Packet *p, u
  */
 int PacketAlertAppendTag(Packet *p, PacketAlert *pa)
 {
-        pa->sid = TAG_SIG_ID;
-        pa->gid = TAG_SIG_GEN;
-        pa->num = TAG_SIG_ID;
-        pa->order_id = 1000;
-        pa->action = ACTION_ALERT;
-        pa->rev = 1;
-        pa->prio = 2;
-        pa->msg = NULL;
-        pa->class = 0;
-        pa->class_msg = NULL;
-        pa->references = NULL;
+    pa->sid = TAG_SIG_ID;
+    pa->gid = TAG_SIG_GEN;
+    pa->num = TAG_SIG_ID;
+    pa->order_id = 1000;
+    pa->action = ACTION_ALERT;
+    pa->rev = 1;
+    pa->prio = 2;
+    pa->msg = NULL;
+    pa->class = 0;
+    pa->class_msg = NULL;
+    pa->references = NULL;
 
     return 0;
 }