detect-parse: set ipprotos earlier

A high level proto like HTTP implies TCP. However this wasn't set
until after all the parsing was complete which means that keywords
couldn't test if the ipproto matched.

This patch populates the ipprotos right when the higher level proto
is parsed.

src/detect-file-data.c

@@ -93,9 +93,9 @@ static int DetectFiledataSetup (DetectEngineCtx *de_ctx, Signature *s, char *str
 {
     SCEnter();
 
-    if (!DetectProtoContainsProto(&s->proto, IPPROTO_TCP) &&
-        s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP &&
-        s->alproto != ALPROTO_SMTP) {
+    if (!DetectProtoContainsProto(&s->proto, IPPROTO_TCP) ||
+        (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP &&
+        s->alproto != ALPROTO_SMTP)) {
         SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
         return -1;
     }

src/detect-parse.c

@@ -718,8 +718,11 @@ int SigParseProto(Signature *s, const char *protostr)
     if (r < 0) {
         s->alproto = AppLayerGetProtoByName((char *)protostr);
         /* indicate that the signature is app-layer */
-        if (s->alproto != ALPROTO_UNKNOWN)
+        if (s->alproto != ALPROTO_UNKNOWN) {
             s->flags |= SIG_FLAG_APPLAYER;
+
+            AppLayerProtoDetectSupportedIpprotos(s->alproto, s->proto.proto);
+        }
         else {
             SCLogError(SC_ERR_UNKNOWN_PROTOCOL, "protocol \"%s\" cannot be used "
                        "in a signature.  Either detection for this protocol "