Many small performance updates.

15 years ago · fc248ca7a1
parent b4454b6846
commit fc248ca7a1
42 changed files with 472 additions and 280 deletions
--- a/src/app-layer-detect-proto.c
+++ b/src/app-layer-detect-proto.c
@ -1467,6 +1467,7 @@ static int AlpDetectTestSig1(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -1557,6 +1558,7 @@ static int AlpDetectTestSig2(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -1647,6 +1649,7 @@ static int AlpDetectTestSig3(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -1734,6 +1737,7 @@ static int AlpDetectTestSig4(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_FTP;
    StreamTcpInitConfig(TRUE);
@ -1822,6 +1826,7 @@ static int AlpDetectTestSig5(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    f.proto = IPPROTO_TCP;
    p->flags |= PKT_STREAM_ADD;
--- a/src/app-layer-ftp.h
+++ b/src/app-layer-ftp.h
@ -96,8 +96,8 @@ typedef struct FtpState_ {
    FtpRequestCommand command;
    FtpRequestCommandArgOfs arg_offset;
    FtpResponseCode response_code;
    uint8_t *port_line;
    uint32_t port_line_len;
    uint8_t *port_line;
 } FtpState;
 void RegisterFTPParsers(void);
--- a/src/app-layer-parser.h
+++ b/src/app-layer-parser.h
@ -60,9 +60,9 @@ typedef struct AppLayerParserResultElmt_ {
    uint16_t flags; /* flags. E.g. local alloc */
    uint16_t name_idx; /* idx for names like "http.request_line.uri" */
    uint32_t data_len; /* length of the data from the ptr */
    uint8_t  *data_ptr; /* point to the position in the "input" data
                          * or ptr to new mem if local alloc flag set */
    uint32_t data_len; /* length of the data from the ptr */
    struct AppLayerParserResultElmt_ *next;
 } AppLayerParserResultElmt;
--- a/src/app-layer-smb.h
+++ b/src/app-layer-smb.h
@ -76,17 +76,15 @@ typedef struct SMBAndX_ {
 } SMBAndX;
 typedef struct SMBState_ {
    uint32_t head;
    NBSSHdr nbss;
    uint16_t transaction_id;
    uint16_t bytesprocessed;
    SMBHdr smb;
    SMBWordCount wordcount;
    SMBByteCount bytecount;
    SMBAndX andx;
    uint16_t bytesprocessed;
    DCERPC dcerpc;
    uint8_t dcerpc_present;
    uint32_t tail;
    uint16_t transaction_id;
 } SMBState;
 #define SMB_FLAGS_SERVER_TO_REDIR 0x80
--- a/src/app-layer-ssh.h
+++ b/src/app-layer-ssh.h
@ -77,16 +77,17 @@ typedef struct SSHHeader_ {
 /** structure to store the SSH state values */
 typedef struct SshState_ {
    uint8_t flags;                  /**< Flags to indicate the current SSH
                                         sessoin state */
    uint8_t client_msg_code;    /**< Client content type storage field */
    uint8_t server_msg_code;    /**< Server content type storage field */
    uint8_t *client_proto_version;        /**< Client SSH version storage field */
    uint8_t *client_software_version;        /**< Client SSH version storage field */
    uint8_t server_msg_code;    /**< Server content type storage field */
    uint8_t *server_proto_version;        /**< Server SSH version storage field */
    uint8_t *server_software_version;        /**< Server SSH version storage field */
    uint8_t flags;                  /**< Flags to indicate the current SSH
                                         sessoin state */
    SshHeader srv_hdr;
    SshHeader cli_hdr;
 } SshState;
--- a/src/app-layer-ssl.h
+++ b/src/app-layer-ssl.h
@ -48,14 +48,13 @@
 /* structure to store the SSL state values */
 typedef struct SslState_ {
    uint8_t flags;                  /**< Flags to indicate the current SSL
                                         sessoin state */
    uint8_t client_content_type;    /**< Client content type storage field */
    uint16_t client_version;        /**< Client SSL version storage field */
    uint8_t server_content_type;    /**< Server content type storage field */
    uint16_t server_version;        /**< Server SSL version storage field */
-
+    uint8_t server_content_type;    /**< Server content type storage field */
    uint8_t flags;                  /**< Flags to indicate the current SSL
                                         sessoin state */
 } SslState;
 typedef struct SslClient_ {
--- a/src/app-layer-tls.h
+++ b/src/app-layer-tls.h
@ -47,14 +47,13 @@ enum {
 };
 /* structure to store the TLS state values */
 typedef struct TlsState_ {
    uint8_t flags;                  /**< Flags to indicate the current TLS
                                         sessoin state */
    uint8_t client_content_type;    /**< Client content type storage field */
    uint16_t client_version;        /**< Client TLS version storage field */
    uint8_t server_content_type;    /**< Server content type storage field */
    uint16_t server_version;        /**< Server TLS version storage field */
-
+    uint8_t server_content_type;    /**< Server content type storage field */
    uint8_t flags;                  /**< Flags to indicate the current TLS
                                         sessoin state */
 } TlsState;
 enum {
--- a/src/data-queue.h
+++ b/src/data-queue.h
@ -49,13 +49,13 @@ typedef struct SCDQDataQueue_ {
    SCDQGenericQData *bot;
    /* no of items currently in the queue */
    uint16_t len;
 #ifdef DBG_PERF
    uint16_t dbg_maxlen;
 #endif /* DBG_PERF */
    SCMutex mutex_q;
    SCCondT cond_q;
 #ifdef DBG_PERF
    uint16_t dbg_maxlen;
 #endif /* DBG_PERF */
 } SCDQDataQueue;
 void SCDQDataEnqueue(SCDQDataQueue *, SCDQGenericQData *);
--- a/src/decode-tcp.c
+++ b/src/decode-tcp.c
@ -29,6 +29,7 @@
 #include "decode-events.h"
 #include "util-unittest.h"
 #include "util-debug.h"
 #include "util-optimize.h"
 #include "flow.h"
 static int DecodeTCPOptions(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len)
@ -124,7 +125,7 @@ static int DecodeTCPOptions(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t le
 static int DecodeTCPPacket(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len)
 {
-    if (len < TCP_HEADER_LEN) {
+    if (unlikely(len < TCP_HEADER_LEN)) {
        DECODER_SET_EVENT(p, TCP_PKT_TOO_SMALL);
        return -1;
    }
@ -132,7 +133,7 @@ static int DecodeTCPPacket(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len
    p->tcph = (TCPHdr *)pkt;
    p->tcpvars.hlen = TCP_GET_HLEN(p);
-    if (len < p->tcpvars.hlen) {
+    if (unlikely(len < p->tcpvars.hlen)) {
        DECODER_SET_EVENT(p, TCP_HLEN_TOO_SMALL);
        return -1;
    }
@ -141,7 +142,7 @@ static int DecodeTCPPacket(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len
    SET_TCP_DST_PORT(p,&p->dp);
    p->tcpvars.tcp_opt_len = p->tcpvars.hlen - TCP_HEADER_LEN;
-    if (p->tcpvars.tcp_opt_len > TCP_OPTLENMAX) {
+    if (unlikely(p->tcpvars.tcp_opt_len > TCP_OPTLENMAX)) {
        DECODER_SET_EVENT(p, TCP_INVALID_OPTLEN);
        return -1;
    }
@ -162,7 +163,7 @@ void DecodeTCP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
 {
    SCPerfCounterIncr(dtv->counter_tcp, tv->sc_perf_pca);
-    if (DecodeTCPPacket(tv, p,pkt,len) < 0) {
+    if (unlikely(DecodeTCPPacket(tv, p,pkt,len) < 0)) {
        p->tcph = NULL;
        return;
    }
--- a/src/decode.h
+++ b/src/decode.h
@ -406,11 +406,11 @@ typedef struct PacketQueue_ {
    Packet *top;
    Packet *bot;
    uint16_t len;
    SCMutex mutex_q;
    SCCondT cond_q;
 #ifdef DBG_PERF
    uint16_t dbg_maxlen;
 #endif /* DBG_PERF */
    SCMutex mutex_q;
    SCCondT cond_q;
 } PacketQueue;
 /** \brief Specific ctx for AL proto detection */
@ -730,6 +730,7 @@ void AddressDebugPrint(Address *);
 #define PKT_HAS_TAG                     0x08    /**< Packet has matched a tag */
 #define PKT_STREAM_ADD                  0x10    /**< Packet payload was added to reassembled stream */
 #define PKT_STREAM_EOF                  0x20    /**< Stream is in eof state */
 #define PKT_HAS_FLOW                    0x40
 #endif /* __DECODE_H__ */
--- a/src/detect-content.c
+++ b/src/detect-content.c
@ -1773,6 +1773,7 @@ static int SigTest76TestBug134(void)
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    char sig[] = "alert tcp any any -> any 515 "
            "(msg:\"detect IFS\"; flow:to_server,established; content:\"${IFS}\";"
--- a/src/detect-content.h
+++ b/src/detect-content.h
@ -49,19 +49,14 @@
 typedef struct DetectContentData_ {
    uint8_t *content;   /**< ptr to chunk of memory containing the pattern */
    uint8_t content_len;/**< length of the pattern (and size of the memory) */
-    uint8_t pad0;
+    uint8_t flags;
-    uint16_t pad1;
+    PatIntId id;        /**< unique pattern id */
    uint32_t id;        /**< unique pattern id */
    uint16_t depth;
    uint16_t offset;
    /** distance from the last match this match should start.
     *  Can be negative */
    int32_t distance;
    int32_t within;
    uint8_t flags;
    uint8_t pad2;
    uint16_t pad3;
    BmCtx *bm_ctx;     /**< Boyer Moore context (for spm search) */
 } DetectContentData;
--- a/src/detect-dce-iface.c
+++ b/src/detect-dce-iface.c
@ -868,6 +868,7 @@ static int DetectDceIfaceTestParse12(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_DCERPC;
    StreamTcpInitConfig(TRUE);
@ -1099,6 +1100,7 @@ static int DetectDceIfaceTestParse13(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_DCERPC;
    StreamTcpInitConfig(TRUE);
@ -1354,6 +1356,7 @@ static int DetectDceIfaceTestParse14(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_DCERPC;
    StreamTcpInitConfig(TRUE);
--- a/src/detect-dce-opnum.c
+++ b/src/detect-dce-opnum.c
@ -1135,6 +1135,7 @@ static int DetectDceOpnumTestParse08(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_DCERPC;
    StreamTcpInitConfig(TRUE);
@ -1661,6 +1662,7 @@ static int DetectDceOpnumTestParse09(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_DCERPC;
    StreamTcpInitConfig(TRUE);
@ -1858,6 +1860,7 @@ static int DetectDceOpnumTestParse10(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_DCERPC;
    StreamTcpInitConfig(TRUE);
@ -2150,6 +2153,7 @@ static int DetectDceOpnumTestParse11(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_DCERPC;
    StreamTcpInitConfig(TRUE);
@ -2425,6 +2429,7 @@ static int DetectDceOpnumTestParse12(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_DCERPC;
    StreamTcpInitConfig(TRUE);
@ -2709,6 +2714,7 @@ static int DetectDceOpnumTestParse13(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_DCERPC;
    StreamTcpInitConfig(TRUE);
--- a/src/detect-dce-stub-data.c
+++ b/src/detect-dce-stub-data.c
@ -637,6 +637,7 @@ static int DetectDceStubDataTestParse02(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_DCERPC;
    StreamTcpInitConfig(TRUE);
@ -1179,6 +1180,7 @@ static int DetectDceStubDataTestParse03(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_DCERPC;
    StreamTcpInitConfig(TRUE);
@ -1374,6 +1376,7 @@ static int DetectDceStubDataTestParse04(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_DCERPC;
    StreamTcpInitConfig(TRUE);
@ -1640,6 +1643,7 @@ static int DetectDceStubDataTestParse05(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_DCERPC;
    StreamTcpInitConfig(TRUE);
--- a/src/detect-engine-dcepayload.c
+++ b/src/detect-engine-dcepayload.c
@ -1612,6 +1612,7 @@ int DcePayloadTest01(void)
    for (i = 0; i < 11; i++) {
        p[i] = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
        p[i]->flow = &f;
        p[i]->flags |= PKT_HAS_FLOW;
        p[i]->flowflags |= FLOW_PKT_TOSERVER;
        p[i]->flowflags |= FLOW_PKT_ESTABLISHED;
    }
@ -2475,6 +2476,7 @@ int DcePayloadTest02(void)
    for (i = 0; i < 4; i++) {
        p[i] = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
        p[i]->flow = &f;
        p[i]->flags |= PKT_HAS_FLOW;
        p[i]->flowflags |= FLOW_PKT_TOSERVER;
        p[i]->flowflags |= FLOW_PKT_ESTABLISHED;
    }
@ -2921,6 +2923,7 @@ int DcePayloadTest03(void)
    for (i = 0; i < 4; i++) {
        p[i] = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
        p[i]->flow = &f;
        p[i]->flags |= PKT_HAS_FLOW;
        p[i]->flowflags |= FLOW_PKT_TOSERVER;
        p[i]->flowflags |= FLOW_PKT_ESTABLISHED;
    }
@ -3366,6 +3369,7 @@ int DcePayloadTest04(void)
    for (i = 0; i < 4; i++) {
        p[i] = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
        p[i]->flow = &f;
        p[i]->flags |= PKT_HAS_FLOW;
        p[i]->flowflags |= FLOW_PKT_TOSERVER;
        p[i]->flowflags |= FLOW_PKT_ESTABLISHED;
    }
@ -3810,6 +3814,7 @@ int DcePayloadTest05(void)
    for (i = 0; i < 4; i++) {
        p[i] = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
        p[i]->flow = &f;
        p[i]->flags |= PKT_HAS_FLOW;
        p[i]->flowflags |= FLOW_PKT_TOSERVER;
        p[i]->flowflags |= FLOW_PKT_ESTABLISHED;
    }
@ -4255,6 +4260,7 @@ int DcePayloadTest06(void)
    for (i = 0; i < 4; i++) {
        p[i] = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
        p[i]->flow = &f;
        p[i]->flags |= PKT_HAS_FLOW;
        p[i]->flowflags |= FLOW_PKT_TOSERVER;
        p[i]->flowflags |= FLOW_PKT_ESTABLISHED;
    }
@ -4699,6 +4705,7 @@ int DcePayloadTest07(void)
    for (i = 0; i < 4; i++) {
        p[i] = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
        p[i]->flow = &f;
        p[i]->flags |= PKT_HAS_FLOW;
        p[i]->flowflags |= FLOW_PKT_TOSERVER;
        p[i]->flowflags |= FLOW_PKT_ESTABLISHED;
    }
@ -4981,6 +4988,7 @@ int DcePayloadTest08(void)
    for (i = 0; i < 1; i++) {
        p[i] = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
        p[i]->flow = &f;
        p[i]->flags |= PKT_HAS_FLOW;
        p[i]->flowflags |= FLOW_PKT_TOSERVER;
        p[i]->flowflags |= FLOW_PKT_ESTABLISHED;
    }
@ -5202,6 +5210,7 @@ int DcePayloadTest09(void)
    for (i = 0; i < 1; i++) {
        p[i] = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
        p[i]->flow = &f;
        p[i]->flags |= PKT_HAS_FLOW;
        p[i]->flowflags |= FLOW_PKT_TOSERVER;
        p[i]->flowflags |= FLOW_PKT_ESTABLISHED;
    }
@ -5423,6 +5432,7 @@ int DcePayloadTest10(void)
    for (i = 0; i < 1; i++) {
        p[i] = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
        p[i]->flow = &f;
        p[i]->flags |= PKT_HAS_FLOW;
        p[i]->flowflags |= FLOW_PKT_TOSERVER;
        p[i]->flowflags |= FLOW_PKT_ESTABLISHED;
    }
@ -5779,6 +5789,7 @@ int DcePayloadTest11(void)
    for (i = 0; i < 2; i++) {
        p[i] = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
        p[i]->flow = &f;
        p[i]->flags |= PKT_HAS_FLOW;
        p[i]->flowflags |= FLOW_PKT_TOSERVER;
        p[i]->flowflags |= FLOW_PKT_ESTABLISHED;
    }
@ -6149,6 +6160,7 @@ int DcePayloadTest12(void)
    for (i = 0; i < 2; i++) {
        p[i] = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
        p[i]->flow = &f;
        p[i]->flags |= PKT_HAS_FLOW;
        p[i]->flowflags |= FLOW_PKT_TOSERVER;
        p[i]->flowflags |= FLOW_PKT_ESTABLISHED;
    }
@ -6328,6 +6340,7 @@ int DcePayloadTest13(void)
    for (i = 0; i < 8; i++) {
        p[i] = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
        p[i]->flow = &f;
        p[i]->flags |= PKT_HAS_FLOW;
        p[i]->flowflags |= FLOW_PKT_TOSERVER;
        p[i]->flowflags |= FLOW_PKT_ESTABLISHED;
    }
@ -6569,6 +6582,7 @@ int DcePayloadTest14(void)
    for (i = 0; i < 6; i++) {
        p[i] = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
        p[i]->flow = &f;
        p[i]->flags |= PKT_HAS_FLOW;
        p[i]->flowflags |= FLOW_PKT_TOSERVER;
        p[i]->flowflags |= FLOW_PKT_ESTABLISHED;
    }
@ -6743,6 +6757,7 @@ int DcePayloadTest15(void)
    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
@ -6854,6 +6869,7 @@ int DcePayloadTest16(void)
    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
@ -6965,6 +6981,7 @@ int DcePayloadTest17(void)
    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
@ -7076,6 +7093,7 @@ int DcePayloadTest18(void)
    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
@ -7187,6 +7205,7 @@ int DcePayloadTest19(void)
    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
@ -7298,6 +7317,7 @@ int DcePayloadTest20(void)
    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
@ -7401,6 +7421,7 @@ int DcePayloadTest21(void)
    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
@ -7497,6 +7518,7 @@ int DcePayloadTest22(void)
    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
@ -7594,6 +7616,7 @@ int DcePayloadTest23(void)
    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
@ -7689,6 +7712,7 @@ int DcePayloadTest24(void)
    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
@ -9887,6 +9911,7 @@ int DcePayloadTest42(void)
    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
@ -9984,6 +10009,7 @@ int DcePayloadTest43(void)
    p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@ -742,7 +742,8 @@ static int PatternMatchPreprarePopulateMpm(DetectEngineCtx *de_ctx, SigGroupHead
            /* tell matcher we are inspecting packet */
            s->flags |= SIG_FLAG_MPM_PACKET;
-            s->mpm_pattern_id = co->id;
+            s->mpm_pattern_id_mod_8 = 1<<(co->id%8);
            s->mpm_pattern_id_div_8 = co->id/8;
            if (scan_negated) {
                SCLogDebug("flagging sig %"PRIu32" to be looking for negated mpm", s->id);
                s->flags |= SIG_FLAG_MPM_NEGCONTENT;
@ -980,7 +981,8 @@ static int PatternMatchPreprarePopulateMpmStream(DetectEngineCtx *de_ctx, SigGro
            /* tell matcher we are inspecting stream */
            s->flags |= SIG_FLAG_MPM_STREAM;
-            s->mpm_stream_pattern_id = co->id;
+            s->mpm_stream_pattern_id_div_8 = co->id/8;
            s->mpm_stream_pattern_id_mod_8 = 1<<(co->id%8);
            if (scan_negated) {
                SCLogDebug("flagging sig %"PRIu32" to be looking for negated mpm", s->id);
                s->flags |= SIG_FLAG_MPM_NEGCONTENT;
--- a/src/detect-engine-proto.c
+++ b/src/detect-engine-proto.c
@ -366,6 +366,7 @@ static int DetectProtoTestSig01(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flags |= PKT_HAS_FLOW;
    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
    if (de_ctx == NULL) {
--- a/src/detect-engine-siggroup.c
+++ b/src/detect-engine-siggroup.c
@ -1594,19 +1594,24 @@ int SigGroupHeadBuildHeadArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
        if (s == NULL)
            continue;
-        sgh->head_array[idx].flags = s->flags;
+//        sgh->head_array[idx].flags = s->flags;
-        sgh->head_array[idx].mpm_pattern_id = s->mpm_pattern_id;
+//        sgh->head_array[idx].alproto = s->alproto;
-        sgh->head_array[idx].mpm_stream_pattern_id = s->mpm_stream_pattern_id;
+//        sgh->head_array[idx].num = s->num;
-        sgh->head_array[idx].alproto = s->alproto;
+        sgh->head_array[idx].hdr_copy = s->hdr_copy;
-        sgh->head_array[idx].num = s->num;
+        sgh->head_array[idx].mpm_pattern_copy = s->mpm_pattern_copy;
 //        sgh->head_array[idx].mpm_pattern_id_div_8 = s->mpm_pattern_id_div_8;
 //        sgh->head_array[idx].mpm_pattern_id_mod_8 = s->mpm_pattern_id_mod_8;
 //        sgh->head_array[idx].mpm_stream_pattern_copy = s->mpm_stream_pattern_copy;
 //        sgh->head_array[idx].mpm_stream_pattern_id_div_8 = s->mpm_stream_pattern_id_div_8;
 //        sgh->head_array[idx].mpm_stream_pattern_id_mod_8 = s->mpm_stream_pattern_id_mod_8;
        sgh->head_array[idx].full_sig = s;
-        BUG_ON(s->flags != sgh->head_array[idx].flags);
+//        BUG_ON(s->flags != sgh->head_array[idx].flags);
-        BUG_ON(s->alproto != sgh->head_array[idx].alproto);
+//        BUG_ON(s->alproto != sgh->head_array[idx].alproto);
-        BUG_ON(s->mpm_pattern_id != sgh->head_array[idx].mpm_pattern_id);
+//        BUG_ON(s->mpm_pattern_id != sgh->head_array[idx].mpm_pattern_id);
-        BUG_ON(s->mpm_stream_pattern_id != sgh->head_array[idx].mpm_stream_pattern_id);
+//        BUG_ON(s->mpm_stream_pattern_id != sgh->head_array[idx].mpm_stream_pattern_id);
-        BUG_ON(s->num != sgh->head_array[idx].num);
+//        BUG_ON(s->num != sgh->head_array[idx].num);
-        BUG_ON(s != sgh->head_array[idx].full_sig);
+//        BUG_ON(s != sgh->head_array[idx].full_sig);
        idx++;
    }
--- a/src/detect-engine-state.c
+++ b/src/detect-engine-state.c
@ -810,6 +810,7 @@ static int DeStateSigTest01(void) {
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -943,6 +944,7 @@ static int DeStateSigTest02(void) {
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
--- a/src/detect-engine-uri.c
+++ b/src/detect-engine-uri.c
@ -476,6 +476,7 @@ static int UriTestSig01(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -590,6 +591,7 @@ static int UriTestSig02(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -704,6 +706,7 @@ static int UriTestSig03(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -818,6 +821,7 @@ static int UriTestSig04(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -932,6 +936,7 @@ static int UriTestSig05(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -1046,6 +1051,7 @@ static int UriTestSig06(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -1160,6 +1166,7 @@ static int UriTestSig07(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -1274,6 +1281,7 @@ static int UriTestSig08(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -1388,6 +1396,7 @@ static int UriTestSig09(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -1502,6 +1511,7 @@ static int UriTestSig10(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -1616,6 +1626,7 @@ static int UriTestSig11(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -1731,6 +1742,7 @@ static int UriTestSig12(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -1846,6 +1858,7 @@ static int UriTestSig13(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -1961,6 +1974,7 @@ static int UriTestSig14(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -2076,6 +2090,7 @@ static int UriTestSig15(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -2191,6 +2206,7 @@ static int UriTestSig16(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -2302,6 +2318,7 @@ static int UriTestSig17(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -2392,6 +2409,7 @@ static int UriTestSig18(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -2482,6 +2500,7 @@ static int UriTestSig19(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -2573,6 +2592,7 @@ static int UriTestSig20(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -2663,6 +2683,7 @@ static int UriTestSig21(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
@ -2753,6 +2774,7 @@ static int UriTestSig22(void)
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    f.alproto = ALPROTO_HTTP;
--- a/src/detect-ftpbounce.c
+++ b/src/detect-ftpbounce.c
@ -343,6 +343,7 @@ static int DetectFtpbounceTestALMatch02(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_FTP;
    StreamTcpInitConfig(TRUE);
@ -472,6 +473,7 @@ static int DetectFtpbounceTestALMatch03(void) {
    p.flow = &f;
    p.flowflags |= FLOW_PKT_TOSERVER;
    p.flowflags |= FLOW_PKT_ESTABLISHED;
    p.flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_FTP;
    StreamTcpInitConfig(TRUE);
--- a/src/detect-http-client-body.c
+++ b/src/detect-http-client-body.c
@ -500,6 +500,7 @@ static int DetectHttpClientBodyTest06(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -602,9 +603,11 @@ static int DetectHttpClientBodyTest07(void)
    p1->flow = &f;
    p1->flowflags |= FLOW_PKT_TOSERVER;
    p1->flowflags |= FLOW_PKT_ESTABLISHED;
    p1->flags |= PKT_HAS_FLOW;
    p2->flow = &f;
    p2->flowflags |= FLOW_PKT_TOSERVER;
    p2->flowflags |= FLOW_PKT_ESTABLISHED;
    p2->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -723,9 +726,11 @@ static int DetectHttpClientBodyTest08(void)
    p1->flow = &f;
    p1->flowflags |= FLOW_PKT_TOSERVER;
    p1->flowflags |= FLOW_PKT_ESTABLISHED;
    p1->flags |= PKT_HAS_FLOW;
    p2->flow = &f;
    p2->flowflags |= FLOW_PKT_TOSERVER;
    p2->flowflags |= FLOW_PKT_ESTABLISHED;
    p2->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -845,9 +850,11 @@ static int DetectHttpClientBodyTest09(void)
    p1->flow = &f;
    p1->flowflags |= FLOW_PKT_TOSERVER;
    p1->flowflags |= FLOW_PKT_ESTABLISHED;
    p1->flags |= PKT_HAS_FLOW;
    p2->flow = &f;
    p2->flowflags |= FLOW_PKT_TOSERVER;
    p2->flowflags |= FLOW_PKT_ESTABLISHED;
    p2->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -966,9 +973,11 @@ static int DetectHttpClientBodyTest10(void)
    p1->flow = &f;
    p1->flowflags |= FLOW_PKT_TOSERVER;
    p1->flowflags |= FLOW_PKT_ESTABLISHED;
    p1->flags |= PKT_HAS_FLOW;
    p2->flow = &f;
    p2->flowflags |= FLOW_PKT_TOSERVER;
    p2->flowflags |= FLOW_PKT_ESTABLISHED;
    p2->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -1082,6 +1091,7 @@ static int DetectHttpClientBodyTest11(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -1179,6 +1189,7 @@ static int DetectHttpClientBodyTest12(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -1277,6 +1288,7 @@ static int DetectHttpClientBodyTest13(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -1375,6 +1387,7 @@ static int DetectHttpClientBodyTest14(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -1570,6 +1583,7 @@ static int DetectHttpClientBodyTest15(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
--- a/src/detect-http-cookie.c
+++ b/src/detect-http-cookie.c
@ -505,6 +505,7 @@ static int DetectHttpCookieSigTest01(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -605,6 +606,7 @@ static int DetectHttpCookieSigTest02(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -692,6 +694,7 @@ static int DetectHttpCookieSigTest03(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -780,6 +783,7 @@ static int DetectHttpCookieSigTest04(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -868,6 +872,7 @@ static int DetectHttpCookieSigTest05(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -956,6 +961,7 @@ static int DetectHttpCookieSigTest06(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -1043,6 +1049,7 @@ static int DetectHttpCookieSigTest07(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
--- a/src/detect-http-header.c
+++ b/src/detect-http-header.c
@ -477,6 +477,7 @@ static int DetectHttpHeaderTest06(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -578,9 +579,11 @@ static int DetectHttpHeaderTest07(void)
    p1->flow = &f;
    p1->flowflags |= FLOW_PKT_TOSERVER;
    p1->flowflags |= FLOW_PKT_ESTABLISHED;
    p1->flags |= PKT_HAS_FLOW;
    p2->flow = &f;
    p2->flowflags |= FLOW_PKT_TOSERVER;
    p2->flowflags |= FLOW_PKT_ESTABLISHED;
    p2->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -696,9 +699,11 @@ static int DetectHttpHeaderTest08(void)
    p1->flow = &f;
    p1->flowflags |= FLOW_PKT_TOSERVER;
    p1->flowflags |= FLOW_PKT_ESTABLISHED;
    p1->flags |= PKT_HAS_FLOW;
    p2->flow = &f;
    p2->flowflags |= FLOW_PKT_TOSERVER;
    p2->flowflags |= FLOW_PKT_ESTABLISHED;
    p2->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -815,9 +820,11 @@ static int DetectHttpHeaderTest09(void)
    p1->flow = &f;
    p1->flowflags |= FLOW_PKT_TOSERVER;
    p1->flowflags |= FLOW_PKT_ESTABLISHED;
    p1->flags |= PKT_HAS_FLOW;
    p2->flow = &f;
    p2->flowflags |= FLOW_PKT_TOSERVER;
    p2->flowflags |= FLOW_PKT_ESTABLISHED;
    p2->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -934,9 +941,11 @@ static int DetectHttpHeaderTest10(void)
    p1->flow = &f;
    p1->flowflags |= FLOW_PKT_TOSERVER;
    p1->flowflags |= FLOW_PKT_ESTABLISHED;
    p1->flags |= PKT_HAS_FLOW;
    p2->flow = &f;
    p2->flowflags |= FLOW_PKT_TOSERVER;
    p2->flowflags |= FLOW_PKT_ESTABLISHED;
    p2->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -1049,6 +1058,7 @@ static int DetectHttpHeaderTest11(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -1145,6 +1155,7 @@ static int DetectHttpHeaderTest12(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -1242,6 +1253,7 @@ static int DetectHttpHeaderTest13(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
--- a/src/detect-http-method.c
+++ b/src/detect-http-method.c
@ -428,6 +428,7 @@ static int DetectHttpMethodSigTest01(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -527,6 +528,7 @@ static int DetectHttpMethodSigTest02(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -625,6 +627,7 @@ static int DetectHttpMethodSigTest03(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@ -269,7 +269,7 @@ int DetectPcreALDoMatchMethod(DetectEngineThreadCtx *det_ctx, Signature *s,
        SCLogDebug("ret %d (negating %s)", ret, pe->negate ? "set" : "not set");
        if (ret == PCRE_ERROR_NOMATCH) {
-            if (pe->negate == 1) {
+            if (pe->flags & DETECT_PCRE_NEGATE) {
                /* regex didn't match with negate option means we
                 * consider it a match */
                ret = 1;
@ -280,7 +280,7 @@ int DetectPcreALDoMatchMethod(DetectEngineThreadCtx *det_ctx, Signature *s,
            }
            toret |= ret;
        } else if (ret >= 0) {
-            if (pe->negate == 1) {
+            if (pe->flags & DETECT_PCRE_NEGATE) {
                /* regex matched but we're negated, so not
                 * considering it a match */
                ret = 0;
@ -386,7 +386,7 @@ int DetectPcreALDoMatchHeader(DetectEngineThreadCtx *det_ctx, Signature *s,
        SCLogDebug("ret %d (negating %s)", ret, pe->negate ? "set" : "not set");
        if (ret == PCRE_ERROR_NOMATCH) {
-            if (pe->negate == 1) {
+            if (pe->flags & DETECT_PCRE_NEGATE) {
                /* regex didn't match with negate option means we
                 * consider it a match */
                ret = 1;
@ -397,7 +397,7 @@ int DetectPcreALDoMatchHeader(DetectEngineThreadCtx *det_ctx, Signature *s,
            }
            toret |= ret;
        } else if (ret >= 0) {
-            if (pe->negate == 1) {
+            if (pe->flags & DETECT_PCRE_NEGATE) {
                /* regex matched but we're negated, so not
                 * considering it a match */
                ret = 0;
@ -505,7 +505,7 @@ int DetectPcreALDoMatchCookie(DetectEngineThreadCtx *det_ctx, Signature *s,
        SCLogDebug("ret %d (negating %s)", ret, pe->negate ? "set" : "not set");
        if (ret == PCRE_ERROR_NOMATCH) {
-            if (pe->negate == 1) {
+            if (pe->flags & DETECT_PCRE_NEGATE) {
                /* regex didn't match with negate option means we
                 * consider it a match */
                ret = 1;
@ -516,7 +516,7 @@ int DetectPcreALDoMatchCookie(DetectEngineThreadCtx *det_ctx, Signature *s,
            }
            toret |= ret;
        } else if (ret >= 0) {
-            if (pe->negate == 1) {
+            if (pe->flags & DETECT_PCRE_NEGATE) {
                /* regex matched but we're negated, so not
                 * considering it a match */
                ret = 0;
@ -529,7 +529,7 @@ int DetectPcreALDoMatchCookie(DetectEngineThreadCtx *det_ctx, Signature *s,
            }
        } else {
            SCLogDebug("pcre had matching error");
-            if (pe->negate == 1) {
+            if (pe->flags & DETECT_PCRE_NEGATE) {
                ret = 1;
                toret |= ret;
                break;
@ -644,7 +644,7 @@ int DetectPcreALDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s, SigMatch *
 unlock:
    SCMutexUnlock(&f->m);
-    SCReturnInt(ret ^ pe->negate);
+    SCReturnInt(ret ^ (pe->flags & DETECT_PCRE_NEGATE));
 }
 /**
@ -767,7 +767,7 @@ int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, Signature *s,
    SCLogDebug("ret %d (negating %s)", ret, pe->negate ? "set" : "not set");
    if (ret == PCRE_ERROR_NOMATCH) {
-        if (pe->negate == 1) {
+        if (pe->flags & DETECT_PCRE_NEGATE) {
            /* regex didn't match with negate option means we
             * consider it a match */
            ret = 1;
@ -775,7 +775,7 @@ int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, Signature *s,
            ret = 0;
        }
    } else if (ret >= 0) {
-        if (pe->negate == 1) {
+        if (pe->flags & DETECT_PCRE_NEGATE) {
            /* regex matched but we're negated, so not
             * considering it a match */
            ret = 0;
@ -861,7 +861,7 @@ int DetectPcrePacketPayloadMatch(DetectEngineThreadCtx *det_ctx, Packet *p, Sign
    SCLogDebug("ret %d (negating %s)", ret, pe->negate ? "set" : "not set");
    if (ret == PCRE_ERROR_NOMATCH) {
-        if (pe->negate == 1) {
+        if (pe->flags & DETECT_PCRE_NEGATE) {
            /* regex didn't match with negate option means we
             * consider it a match */
            ret = 1;
@ -869,7 +869,7 @@ int DetectPcrePacketPayloadMatch(DetectEngineThreadCtx *det_ctx, Packet *p, Sign
            ret = 0;
        }
    } else if (ret >= 0) {
-        if (pe->negate == 1) {
+        if (pe->flags & DETECT_PCRE_NEGATE) {
            /* regex matched but we're negated, so not
             * considering it a match */
            ret = 0;
@ -954,7 +954,7 @@ int DetectPcrePayloadDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s,
    SCLogDebug("ret %d (negating %s)", ret, pe->negate ? "set" : "not set");
    if (ret == PCRE_ERROR_NOMATCH) {
-        if (pe->negate == 1) {
+        if (pe->flags & DETECT_PCRE_NEGATE) {
            /* regex didn't match with negate option means we
             * consider it a match */
            ret = 1;
@ -962,7 +962,7 @@ int DetectPcrePayloadDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s,
            ret = 0;
        }
    } else if (ret >= 0) {
-        if (pe->negate == 1) {
+        if (pe->flags & DETECT_PCRE_NEGATE) {
            /* regex matched but we're negated, so not
             * considering it a match */
            ret = 0;
@ -1076,7 +1076,7 @@ DetectPcreData *DetectPcreParse (char *regexstr)
    memset(pd, 0, sizeof(DetectPcreData));
    if (negate)
-        pd->negate = 1;
+        pd->flags |= DETECT_PCRE_NEGATE;
    if (op != NULL) {
        while (*op) {
@ -1795,6 +1795,7 @@ static int DetectPcreTestSig01Real(int mpm_type) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    StreamTcpInitConfig(TRUE);
    FlowL7DataPtrInit(&f);
@ -1874,6 +1875,7 @@ static int DetectPcreTestSig02Real(int mpm_type) {
    p = UTHBuildPacket(buf, buflen, IPPROTO_TCP);
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    pcre_match_limit = 100;
    pcre_match_limit_recursion = 100;
@ -2038,6 +2040,7 @@ static int DetectPcreModifPTest04(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -2165,9 +2168,11 @@ static int DetectPcreModifPTest05(void) {
    p1->flow = &f;
    p1->flowflags |= FLOW_PKT_TOSERVER;
    p1->flowflags |= FLOW_PKT_ESTABLISHED;
    p1->flags |= PKT_HAS_FLOW;
    p2->flow = &f;
    p2->flowflags |= FLOW_PKT_TOSERVER;
    p2->flowflags |= FLOW_PKT_ESTABLISHED;
    p2->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -2350,6 +2355,7 @@ static int DetectPcreTestSig09(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -2440,6 +2446,7 @@ static int DetectPcreTestSig10(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -2530,6 +2537,7 @@ static int DetectPcreTestSig11(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -2620,6 +2628,7 @@ static int DetectPcreTestSig12(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -2710,6 +2719,7 @@ static int DetectPcreTestSig13(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -2800,6 +2810,7 @@ static int DetectPcreTestSig14(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -2895,6 +2906,7 @@ static int DetectPcreTxBodyChunksTest01(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -3044,6 +3056,7 @@ static int DetectPcreTxBodyChunksTest02(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -3269,6 +3282,7 @@ static int DetectPcreTxBodyChunksTest03(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
--- a/src/detect-pcre.h
+++ b/src/detect-pcre.h
@ -24,31 +24,30 @@
 #ifndef __DETECT_PCRE_H__
 #define __DETECT_PCRE_H__
-#define DETECT_PCRE_RELATIVE      0x0001
+#define DETECT_PCRE_RELATIVE        0x0001
-#define DETECT_PCRE_RAWBYTES      0x0002
+#define DETECT_PCRE_RAWBYTES        0x0002
-#define DETECT_PCRE_URI           0x0004
+#define DETECT_PCRE_URI             0x0004
-#define DETECT_PCRE_CAPTURE_PKT   0x0008
+#define DETECT_PCRE_CAPTURE_PKT     0x0008
-#define DETECT_PCRE_CAPTURE_FLOW  0x0010
+#define DETECT_PCRE_CAPTURE_FLOW    0x0010
-#define DETECT_PCRE_MATCH_LIMIT   0x0020
+#define DETECT_PCRE_MATCH_LIMIT     0x0020
-#define DETECT_PCRE_HTTP_BODY_AL  0x0040
+#define DETECT_PCRE_HTTP_BODY_AL    0x0040
-#define DETECT_PCRE_RELATIVE_NEXT 0x0080
+#define DETECT_PCRE_RELATIVE_NEXT   0x0080
 /* new modifiers 2.8.5.3 support */
-#define DETECT_PCRE_HEADER        0x0100
+#define DETECT_PCRE_HEADER          0x0100
-#define DETECT_PCRE_COOKIE        0x0200
+#define DETECT_PCRE_COOKIE          0x0200
-#define DETECT_PCRE_METHOD        0x0400
+#define DETECT_PCRE_METHOD          0x0400
 #define DETECT_PCRE_NEGATE          0x0800
 typedef struct DetectPcreData_ {
    /* pcre options */
    pcre *re;
    pcre_extra *sd;
    int opts;
    uint16_t flags;
    uint8_t negate;
    uint16_t capidx;
    char *capname;
 } DetectPcreData;
--- a/src/detect-ssh-proto-version.c
+++ b/src/detect-ssh-proto-version.c
@ -370,6 +370,7 @@ static int DetectSshVersionTestDetect01(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_SSH;
    StreamTcpInitConfig(TRUE);
@ -473,6 +474,7 @@ static int DetectSshVersionTestDetect02(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_SSH;
    StreamTcpInitConfig(TRUE);
@ -576,6 +578,7 @@ static int DetectSshVersionTestDetect03(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_SSH;
    StreamTcpInitConfig(TRUE);
--- a/src/detect-ssh-software-version.c
+++ b/src/detect-ssh-software-version.c
@ -331,6 +331,7 @@ static int DetectSshSoftwareVersionTestDetect01(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_SSH;
    StreamTcpInitConfig(TRUE);
@ -434,6 +435,7 @@ static int DetectSshSoftwareVersionTestDetect02(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_SSH;
    StreamTcpInitConfig(TRUE);
@ -537,6 +539,7 @@ static int DetectSshSoftwareVersionTestDetect03(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_SSH;
    StreamTcpInitConfig(TRUE);
--- a/src/detect-tls-version.c
+++ b/src/detect-tls-version.c
@ -337,6 +337,7 @@ static int DetectTlsVersionTestDetect01(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_TLS;
    StreamTcpInitConfig(TRUE);
@ -451,6 +452,7 @@ static int DetectTlsVersionTestDetect02(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_TLS;
    StreamTcpInitConfig(TRUE);
@ -565,6 +567,7 @@ static int DetectTlsVersionTestDetect03(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_TLS;
    f.proto = p->proto;
--- a/src/detect-uricontent.c
+++ b/src/detect-uricontent.c
@ -834,6 +834,7 @@ static int DetectUriSigTest02(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -944,6 +945,7 @@ static int DetectUriSigTest03(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -1273,6 +1275,7 @@ static int DetectUriSigTest05(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    f.proto = p->proto;
@ -1396,6 +1399,7 @@ static int DetectUriSigTest06(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    f.proto = p->proto;
@ -1527,6 +1531,7 @@ static int DetectUriSigTest07(void) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
--- a/src/detect-uricontent.h
+++ b/src/detect-uricontent.h
@ -48,17 +48,12 @@
 typedef struct DetectUricontentData_ {
    uint8_t *uricontent;
    uint8_t uricontent_len;
-    uint8_t pad0;
+    uint8_t flags;
-    uint16_t pad1;
+    PatIntId id;
    uint32_t id;
    uint16_t depth;
    uint16_t offset;
    int32_t distance;
    int32_t within;
    uint8_t flags;
    uint8_t pad2;
    uint16_t pad3;
    BmCtx *bm_ctx;     /**< Boyer Moore context (for spm search) */
 } DetectUricontentData;
--- a/src/detect-urilen.c
+++ b/src/detect-urilen.c
@ -509,6 +509,7 @@ static int DetectUrilenSigTest01(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
--- a/src/detect.c
+++ b/src/detect.c
@ -147,6 +147,7 @@
 #include "util-privs.h"
 #include "util-profiling.h"
 #include "util-validate.h"
 #include "util-optimize.h"
 extern uint8_t engine_mode;
@ -448,7 +449,7 @@ static void SigMatchSignaturesBuildMatchArray(DetectEngineCtx *de_ctx,
    for (i = 0; i < det_ctx->sgh->sig_cnt; i++) {
        SignatureHeader *s = &det_ctx->sgh->head_array[i];
-        if (s->flags & SIG_FLAG_FLOW && !p->flow) {
+        if (!(p->flags & PKT_HAS_FLOW) && s->flags & SIG_FLAG_FLOW) {
            SCLogDebug("flow in sig but not in packet");
            continue;
        }
@ -461,17 +462,15 @@ static void SigMatchSignaturesBuildMatchArray(DetectEngineCtx *de_ctx,
        }
        /* if the sig has alproto and the session as well they should match */
-        if (s->alproto != ALPROTO_UNKNOWN) {
+        if (s->flags & SIG_FLAG_APPLAYER && s->alproto != ALPROTO_UNKNOWN && s->alproto != alproto) {
-            if (s->alproto != alproto) {
+            if (s->alproto == ALPROTO_DCERPC) {
-                if (s->alproto == ALPROTO_DCERPC) {
+                if (alproto != ALPROTO_SMB && alproto != ALPROTO_SMB2) {
-                    if (alproto != ALPROTO_SMB && alproto != ALPROTO_SMB2) {
+                    SCLogDebug("DCERPC sig, alproto not SMB or SMB2");
                        SCLogDebug("DCERPC sig, alproto not SMB or SMB2");
                        continue;
                    }
                } else {
                    SCLogDebug("alproto mismatch");
                    continue;
                }
            } else {
                SCLogDebug("alproto mismatch");
                continue;
            }
        }
@ -479,7 +478,8 @@ static void SigMatchSignaturesBuildMatchArray(DetectEngineCtx *de_ctx,
        if (s->flags & SIG_FLAG_MPM_PACKET) {
            /* filter out sigs that want pattern matches, but
             * have no matches */
-            if (!(det_ctx->pmq.pattern_id_bitarray[(s->mpm_pattern_id / 8)] & (1<<(s->mpm_pattern_id % 8)))) {
+            if (!(det_ctx->pmq.pattern_id_bitarray[(s->mpm_pattern_id_div_8)] & s->mpm_pattern_id_mod_8)) {
            //if (!(det_ctx->pmq.pattern_id_bitarray[(s->mpm_pattern_id / 8)] & (1<<(s->mpm_pattern_id % 8)))) {
                SCLogDebug("mpm sig without matches (pat id %"PRIu32" check in content).", s->mpm_pattern_id);
                if (!(s->flags & SIG_FLAG_MPM_NEGCONTENT)) {
@ -500,7 +500,7 @@ static void SigMatchSignaturesBuildMatchArray(DetectEngineCtx *de_ctx,
        if (s->flags & SIG_FLAG_MPM_STREAM) {
            /* filter out sigs that want pattern matches, but
             * have no matches */
-            if (!(det_ctx->pmq.pattern_id_bitarray[(s->mpm_stream_pattern_id / 8)] & (1<<(s->mpm_stream_pattern_id % 8)))) {
+            if (!(det_ctx->pmq.pattern_id_bitarray[(s->mpm_stream_pattern_id_div_8)] & s->mpm_stream_pattern_id_mod_8)) {
                SCLogDebug("mpm stream sig without matches (pat id %"PRIu32" check in content).", s->mpm_stream_pattern_id);
                if (!(s->flags & SIG_FLAG_MPM_NEGCONTENT)) {
@ -616,68 +616,67 @@ static StreamMsg *SigMatchSignaturesGetSmsg(Flow *f, Packet *p, uint8_t flags) {
    StreamMsg *smsg = NULL;
-    if (p->proto == IPPROTO_TCP) {
+    if (p->proto == IPPROTO_TCP && f->protoctx != NULL) {
        TcpSession *ssn = (TcpSession *)f->protoctx;
        if (ssn != NULL) {
            /* at stream eof, inspect all smsg's */
            if (flags & STREAM_EOF) {
                if (p->flowflags & FLOW_PKT_TOSERVER) {
                    smsg = ssn->toserver_smsg_head;
                    /* deref from the ssn */
                    ssn->toserver_smsg_head = NULL;
                    ssn->toserver_smsg_tail = NULL;
                    SCLogDebug("to_server smsg %p at stream eof", smsg);
                } else {
                    smsg = ssn->toclient_smsg_head;
                    /* deref from the ssn */
                    ssn->toclient_smsg_head = NULL;
                    ssn->toclient_smsg_tail = NULL;
-                    SCLogDebug("to_client smsg %p at stream eof", smsg);
+        /* at stream eof, inspect all smsg's */
-                }
+        if (unlikely(flags & STREAM_EOF)) {
-            } else {
+            if (p->flowflags & FLOW_PKT_TOSERVER) {
-                if (p->flowflags & FLOW_PKT_TOSERVER) {
+                smsg = ssn->toserver_smsg_head;
-                    StreamMsg *head = ssn->toserver_smsg_head;
+                /* deref from the ssn */
-                    if (head == NULL) {
+                ssn->toserver_smsg_head = NULL;
-                        SCLogDebug("no smsgs in to_server direction");
+                ssn->toserver_smsg_tail = NULL;
                        goto end;
                    }
-                    /* if the smsg is bigger than the current packet, we will
+                SCLogDebug("to_server smsg %p at stream eof", smsg);
-                     * process the smsg in a later run */
+            } else {
-                    if ((head->data.seq + head->data.data_len) > (TCP_GET_SEQ(p) + p->payload_len)) {
+                smsg = ssn->toclient_smsg_head;
-                        SCLogDebug("smsg ends beyond current packet, skipping for now %"PRIu32">%"PRIu32,
+                /* deref from the ssn */
-                                (head->data.seq + head->data.data_len), (TCP_GET_SEQ(p) + p->payload_len));
+                ssn->toclient_smsg_head = NULL;
-                        goto end;
+                ssn->toclient_smsg_tail = NULL;
                    }
-                    smsg = head;
+                SCLogDebug("to_client smsg %p at stream eof", smsg);
-                    /* deref from the ssn */
+            }
-                    ssn->toserver_smsg_head = NULL;
+        } else {
-                    ssn->toserver_smsg_tail = NULL;
+            if (p->flowflags & FLOW_PKT_TOSERVER) {
                StreamMsg *head = ssn->toserver_smsg_head;
                if (unlikely(head == NULL)) {
                    SCLogDebug("no smsgs in to_server direction");
                    goto end;
                }
-                    SCLogDebug("to_server smsg %p", smsg);
+                /* if the smsg is bigger than the current packet, we will
-                } else {
+                 * process the smsg in a later run */
-                    StreamMsg *head = ssn->toclient_smsg_head;
+                if ((head->data.seq + head->data.data_len) > (TCP_GET_SEQ(p) + p->payload_len)) {
-                    if (head == NULL)
+                    SCLogDebug("smsg ends beyond current packet, skipping for now %"PRIu32">%"PRIu32,
-                        goto end;
+                            (head->data.seq + head->data.data_len), (TCP_GET_SEQ(p) + p->payload_len));
-
+                    goto end;
-                    /* if the smsg is bigger than the current packet, we will
+                }
                     * process the smsg in a later run */
                    if ((head->data.seq + head->data.data_len) > (TCP_GET_SEQ(p) + p->payload_len)) {
                        SCLogDebug("smsg ends beyond current packet, skipping for now %"PRIu32">%"PRIu32,
                                (head->data.seq + head->data.data_len), (TCP_GET_SEQ(p) + p->payload_len));
                        goto end;
                    }
-                    smsg = head;
+                smsg = head;
-                    /* deref from the ssn */
+                /* deref from the ssn */
-                    ssn->toclient_smsg_head = NULL;
+                ssn->toserver_smsg_head = NULL;
-                    ssn->toclient_smsg_tail = NULL;
+                ssn->toserver_smsg_tail = NULL;
-                    SCLogDebug("to_client smsg %p", smsg);
+                SCLogDebug("to_server smsg %p", smsg);
            } else {
                StreamMsg *head = ssn->toclient_smsg_head;
                if (unlikely(head == NULL))
                    goto end;
                /* if the smsg is bigger than the current packet, we will
                 * process the smsg in a later run */
                if ((head->data.seq + head->data.data_len) > (TCP_GET_SEQ(p) + p->payload_len)) {
                    SCLogDebug("smsg ends beyond current packet, skipping for now %"PRIu32">%"PRIu32,
                            (head->data.seq + head->data.data_len), (TCP_GET_SEQ(p) + p->payload_len));
                    goto end;
                }
                smsg = head;
                /* deref from the ssn */
                ssn->toclient_smsg_head = NULL;
                ssn->toclient_smsg_tail = NULL;
                SCLogDebug("to_client smsg %p", smsg);
            }
        }
    }
@ -723,7 +722,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
    det_ctx->pkts++;
    /* grab the protocol state we will detect on */
-    if (p->flow != NULL) {
+    if (p->flags & PKT_HAS_FLOW) {
        if (p->flags & PKT_STREAM_EOF) {
            flags |= STREAM_EOF;
            SCLogDebug("STREAM_EOF set");
@ -770,42 +769,46 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
            SCLogDebug("flag STREAM_TOCLIENT set");
        }
        SCLogDebug("p->flowflags 0x%02x", p->flowflags);
    }
-    /* match the ip only signatures */
+        if ((p->flowflags & FLOW_PKT_TOSERVER && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) ||
-    if ((p->flowflags & FLOW_PKT_TOSERVER && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) ||
+                (p->flowflags & FLOW_PKT_TOCLIENT && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) {
-        (p->flowflags & FLOW_PKT_TOCLIENT && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) {
+            SCLogDebug("testing against \"ip-only\" signatures");
        SCLogDebug("testing against \"ip-only\" signatures");
-        IPOnlyMatchPacket(de_ctx, det_ctx, &de_ctx->io_ctx, &det_ctx->io_ctx, p);
+            IPOnlyMatchPacket(de_ctx, det_ctx, &de_ctx->io_ctx, &det_ctx->io_ctx, p);
-        /* save in the flow that we scanned this direction... locking is
+            /* save in the flow that we scanned this direction... locking is
-         * done in the FlowSetIPOnlyFlag function. */
+             * done in the FlowSetIPOnlyFlag function. */
-        if (p->flow != NULL) {
+            if (p->flow != NULL) {
-            FlowSetIPOnlyFlag(p->flow, p->flowflags & FLOW_PKT_TOSERVER ? 1 : 0);
+                FlowSetIPOnlyFlag(p->flow, p->flowflags & FLOW_PKT_TOSERVER ? 1 : 0);
-        }
+            }
-    } else if (p->flow != NULL && ((p->flowflags & FLOW_PKT_TOSERVER &&
+        } else {
-                                   (p->flow->flags & FLOW_TOSERVER_IPONLY_SET)) ||
+//if (p->flow != NULL && ((p->flowflags & FLOW_PKT_TOSERVER &&
-                                   (p->flowflags & FLOW_PKT_TOCLIENT &&
+//                        (p->flow->flags & FLOW_TOSERVER_IPONLY_SET)) ||
-                                   (p->flow->flags & FLOW_TOCLIENT_IPONLY_SET)))) {
+//                    (p->flowflags & FLOW_PKT_TOCLIENT &&
-        /* Get the result of the first IPOnlyMatch() */
+//                     (p->flow->flags & FLOW_TOCLIENT_IPONLY_SET)))) {
-        if (p->flow->flags & FLOW_ACTION_PASS) {
+            /* Get the result of the first IPOnlyMatch() */
-            /* if it matched a "pass" rule, we have to let it go */
+            if (p->flow->flags & FLOW_ACTION_PASS) {
-            p->action |= ACTION_PASS;
+                /* if it matched a "pass" rule, we have to let it go */
-        }
+                p->action |= ACTION_PASS;
-        /* If we have a drop from IP only module,
+            }
-         * we will drop the rest of the flow packets
+            /* If we have a drop from IP only module,
-         * This will apply only to inline/IPS */
+             * we will drop the rest of the flow packets
-        if (p->flow != NULL &&
+             * This will apply only to inline/IPS */
-            (p->flow->flags & FLOW_ACTION_DROP))
+            if (p->flow != NULL &&
-        {
+                    (p->flow->flags & FLOW_ACTION_DROP))
-            alert_flags = PACKET_ALERT_FLAG_DROP_FLOW;
+            {
-            p->action |= ACTION_DROP;
+                alert_flags = PACKET_ALERT_FLAG_DROP_FLOW;
                p->action |= ACTION_DROP;
            }
        }
    } else {
        /* no flow */
        /* Even without flow we should match the packet src/dst */
        IPOnlyMatchPacket(de_ctx, det_ctx, &de_ctx->io_ctx, &det_ctx->io_ctx, p);
    }
    /* match the ip only signatures */
    /* use the sgh from the flow unless we have no flow or the flow
     * sgh wasn't initialized yet */
    if (sgh == NULL && !use_flow_sgh) {
@ -851,12 +854,6 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
            else                                            det_ctx->pkts_searched++;
 #endif
            cnt = PacketPatternSearch(th_v, det_ctx, p);
            if (cnt > 0) {
 #if 0
                det_ctx->mpm_match++;
 #endif
            }
            SCLogDebug("post search: cnt %" PRIu32, cnt);
        }
    }
@ -864,14 +861,15 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
    det_ctx->de_mpm_scanned_uri = FALSE;
    /* stateful app layer detection */
-
+    if (p->flags & PKT_HAS_FLOW && alstate != NULL) {
-    /* initialize to 0 (DE_STATE_MATCH_NOSTATE) */
+        /* initialize to 0 (DE_STATE_MATCH_NOSTATE) */
-    memset(det_ctx->de_state_sig_array, 0x00, det_ctx->de_state_sig_array_len);
+        memset(det_ctx->de_state_sig_array, 0x00, det_ctx->de_state_sig_array_len);
-
+
-    /* if applicable, continue stateful detection */
+        /* if applicable, continue stateful detection */
-    if (p->flow != NULL && DeStateFlowHasState(p->flow)) {
+        if (DeStateFlowHasState(p->flow)) {
-        DeStateDetectContinueDetection(th_v, de_ctx, det_ctx, p->flow,
+            DeStateDetectContinueDetection(th_v, de_ctx, det_ctx, p->flow,
-                flags, alstate, alproto);
+                    flags, alstate, alproto);
        }
    }
    /* build the match array */
@ -951,7 +949,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
                    if (det_ctx->smsg_pmq[pmq_idx].pattern_id_bitarray != NULL) {
                        /* filter out sigs that want pattern matches, but
                         * have no matches */
-                        if (!(det_ctx->smsg_pmq[pmq_idx].pattern_id_bitarray[(s->mpm_stream_pattern_id / 8)] & (1<<(s->mpm_stream_pattern_id % 8))) &&
+                        if (!(det_ctx->smsg_pmq[pmq_idx].pattern_id_bitarray[(s->mpm_stream_pattern_id_div_8)] & s->mpm_stream_pattern_id_mod_8) &&
                                (s->flags & SIG_FLAG_MPM) && !(s->flags & SIG_FLAG_MPM_NEGCONTENT)) {
                            SCLogDebug("no match in this smsg");
                            continue;
@ -1026,7 +1024,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
        } else {
            if (s->flags & SIG_FLAG_RECURSIVE) {
                uint8_t rmatch = 0;
-                det_ctx->pkt_cnt = 0;
+                uint8_t recursion_cnt = 0;
                do {
                    sm = s->match;
@ -1045,7 +1043,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
                                    }
                                }
                                rmatch = fmatch = 1;
-                                det_ctx->pkt_cnt++;
+                                recursion_cnt++;
                            }
                        } else {
                            /* done with this sig */
@ -1056,7 +1054,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
                    /* Limit the number of times we do this recursive thing.
                     * XXX is this a sane limit? Should it be configurable? */
-                    if (det_ctx->pkt_cnt == 10)
+                    if (recursion_cnt == 10)
                        goto done;
                } while (rmatch);
@ -1125,7 +1123,7 @@ end:
    /* store the found sgh (or NULL) in the flow to save us from looking it
     * up again for the next packet. Also return any stream chunk we processed
     * to the pool. */
-    if (p->flow != NULL) {
+    if (p->flags & PKT_HAS_FLOW) {
        SCMutexLock(&p->flow->m);
        if (no_store_flow_sgh == FALSE) {
            if (p->flowflags & FLOW_PKT_TOSERVER && !(p->flow->flags & FLOW_SGH_TOSERVER)) {
@ -3770,6 +3768,7 @@ static int SigTest06Real (int mpm_type) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -3865,6 +3864,7 @@ static int SigTest07Real (int mpm_type) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -3960,6 +3960,7 @@ static int SigTest08Real (int mpm_type) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -4055,6 +4056,7 @@ static int SigTest09Real (int mpm_type) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -4142,6 +4144,7 @@ static int SigTest10Real (int mpm_type) {
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -4228,6 +4231,7 @@ static int SigTest11Real (int mpm_type) {
    f.dst.family = AF_INET;
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -4296,6 +4300,7 @@ static int SigTest12Real (int mpm_type) {
    p = UTHBuildPacket((uint8_t *)buf, buflen, IPPROTO_TCP);
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
    if (de_ctx == NULL) {
@ -4360,6 +4365,7 @@ static int SigTest13Real (int mpm_type) {
    p = UTHBuildPacket((uint8_t *)buf, buflen, IPPROTO_TCP);
    p->flow = &f;
    p->flags |= PKT_HAS_FLOW;
    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
    if (de_ctx == NULL) {
@ -8888,6 +8894,7 @@ static int SigTestDropFlow01(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -8985,6 +8992,7 @@ static int SigTestDropFlow02(void)
    p->flow = &f;
    p->flowflags |= FLOW_PKT_TOSERVER;
    p->flowflags |= FLOW_PKT_ESTABLISHED;
    p->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -9095,10 +9103,12 @@ static int SigTestDropFlow03(void)
    p1->flow = &f;
    p1->flowflags |= FLOW_PKT_TOSERVER;
    p1->flowflags |= FLOW_PKT_ESTABLISHED;
    p1->flags |= PKT_HAS_FLOW;
    p2->flow = &f;
    p2->flowflags |= FLOW_PKT_TOSERVER;
    p2->flowflags |= FLOW_PKT_ESTABLISHED;
    p2->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
@ -9258,10 +9268,12 @@ static int SigTestDropFlow04(void)
    p1->flow = &f;
    p1->flowflags |= FLOW_PKT_TOSERVER;
    p1->flowflags |= FLOW_PKT_ESTABLISHED;
    p1->flags |= PKT_HAS_FLOW;
    p2->flow = &f;
    p2->flowflags |= FLOW_PKT_TOSERVER;
    p2->flowflags |= FLOW_PKT_ESTABLISHED;
    p2->flags |= PKT_HAS_FLOW;
    f.alproto = ALPROTO_HTTP;
    StreamTcpInitConfig(TRUE);
--- a/src/detect.h
+++ b/src/detect.h
@ -240,16 +240,31 @@ typedef struct IPOnlyCIDRItem_ {
 /** \brief Subset of the Signature for cache efficient prefiltering
 */
 typedef struct SignatureHeader_ {
-    uint32_t flags;
+    union {
-
+        struct {
-    /* app layer signature stuff */
+            uint32_t flags;
-    uint16_t alproto;
+            /* app layer signature stuff */
            uint16_t alproto;
            uint16_t mpm_pattern_id_div_8;
        };
        uint64_t hdr_copy;
    };
    /** pattern in the mpm matcher */
-    uint32_t mpm_pattern_id;
+    union {
-    uint32_t mpm_stream_pattern_id;
+        struct {
-
+            uint8_t mpm_pattern_id_mod_8;
-    SigIntId num; /**< signature number, internal id */
+            uint8_t pad0;
            uint16_t mpm_stream_pattern_id_div_8;
            uint8_t mpm_stream_pattern_id_mod_8;
            uint8_t pad1;
            SigIntId num; /**< signature number, internal id */
        };
        uint64_t mpm_pattern_copy;
    };
    //PatIntId mpm_pattern_id;
    //PatIntId mpm_stream_pattern_id;
    /** pointer to the full signature */
    struct Signature_ *full_sig;
@ -257,16 +272,47 @@ typedef struct SignatureHeader_ {
 /** \brief Signature container */
 typedef struct Signature_ {
-    uint32_t flags;
+    union {
        struct {
            uint32_t flags;
-    /* app layer signature stuff */
+            /* app layer signature stuff */
-    uint16_t alproto;
+            uint16_t alproto;
            uint16_t mpm_pattern_id_div_8;
        };
        uint64_t hdr_copy;
    };
    /** pattern in the mpm matcher */
-    uint32_t mpm_pattern_id;
+    union {
-    uint32_t mpm_stream_pattern_id;
+        struct {
            uint8_t mpm_pattern_id_mod_8;
            uint8_t pad0;
            uint16_t mpm_stream_pattern_id_div_8;
            uint8_t mpm_stream_pattern_id_mod_8;
            uint8_t pad1;
            SigIntId num; /**< signature number, internal id */
        };
        uint64_t mpm_pattern_copy;
    };
    //PatIntId mpm_pattern_id;
    //PatIntId mpm_stream_pattern_id;
-    SigIntId num; /**< signature number, internal id */
+/*
    //PatIntId mpm_pattern_id;
    //PatIntId mpm_stream_pattern_id;
    uint16_t mpm_pattern_id_div_8;
    uint8_t mpm_pattern_id_mod_8;
    uint8_t pad0;
    //PatIntId mpm_pattern_id;
    //PatIntId mpm_stream_pattern_id;
    uint16_t mpm_stream_pattern_id_div_8;
    uint8_t mpm_stream_pattern_id_mod_8;
    uint8_t pad1;
 */
    /** pattern in the mpm matcher */
    PatIntId mpm_uripattern_id;
    /** ipv4 match arrays */
    DetectMatchAddressIPv4 *addr_dst_match4;
@ -289,49 +335,38 @@ typedef struct Signature_ {
    IPOnlyCIDRItem *CidrSrc, *CidrDst;
    /** ptr to the SigMatch lists */
    struct SigMatch_ *match; /* non-payload matches */
    struct SigMatch_ *match_tail; /* non-payload matches, tail of the list */
    struct SigMatch_ *pmatch; /* payload matches */
    struct SigMatch_ *pmatch_tail; /* payload matches, tail of the list */
    struct SigMatch_ *umatch; /* uricontent payload matches */
    struct SigMatch_ *umatch_tail; /* uricontent payload matches, tail of the list */
    struct SigMatch_ *amatch; /* general app layer matches */
    struct SigMatch_ *amatch_tail; /* general app layer  matches, tail of the list */
    struct SigMatch_ *dmatch; /* dce app layer matches */
-    struct SigMatch_ *dmatch_tail; /* dce app layer matches, tail of the list */
+    struct SigMatch_ *match; /* non-payload matches */
    struct SigMatch_ *tmatch; /* list of tags matches */
    struct SigMatch_ *tmatch_tail; /* tag matches, tail of the list */
    /** ptr to the next sig in the list */
    struct Signature_ *next;
    struct SigMatch_ *dsize_sm;
    /** inline -- action */
    uint8_t action;
    /* helper for init phase */
    uint16_t mpm_content_maxlen;
    uint16_t mpm_uricontent_maxlen;
    /** number of sigmatches in the match and pmatch list */
    uint16_t sm_cnt;
    SigIntId order_id;
-    /** pattern in the mpm matcher */
+    /** inline -- action */
-    uint32_t mpm_uripattern_id;
+    uint8_t action;
    uint8_t rev;
    /** classification id **/
    uint8_t class;
    int prio;
    uint32_t gid; /**< generator id */
    uint32_t id;  /**< sid, set by the 'sid' rule keyword */
    char *msg;
    /** classification id **/
    uint8_t class;
    /** classification message */
    char *class_msg;
@ -346,8 +381,18 @@ typedef struct Signature_ {
    uint16_t profiling_id;
 #endif
    struct SigMatch_ *match_tail; /* non-payload matches, tail of the list */
    struct SigMatch_ *pmatch_tail; /* payload matches, tail of the list */
    struct SigMatch_ *umatch_tail; /* uricontent payload matches, tail of the list */
    struct SigMatch_ *amatch_tail; /* general app layer  matches, tail of the list */
    struct SigMatch_ *dmatch_tail; /* dce app layer matches, tail of the list */
    struct SigMatch_ *tmatch_tail; /* tag matches, tail of the list */
    /** address settings for this signature */
    DetectAddressHead src, dst;
    /** ptr to the next sig in the list */
    struct Signature_ *next;
 } Signature;
 typedef struct DetectEngineIPOnlyThreadCtx_ {
@ -400,7 +445,7 @@ typedef struct DetectEngineLookupFlow_ {
 /* mpm pattern id api */
 typedef struct MpmPatternIdStore_ {
    HashTable *hash;
-    uint32_t max_id;
+    PatIntId max_id;
    uint32_t unique_patterns;
    uint32_t shared_patterns;
@ -550,9 +595,13 @@ typedef struct DetectionEngineThreadCtx_ {
    uint32_t payload_offset;
    /* used by pcre match function alone */
    uint32_t pcre_match_start_offset;
-    /** offset into the uri payload of the last match by
+
-     *  uricontent */
+    /* http_uri stuff for uricontent */
-    uint32_t uricontent_payload_offset;
+    char de_have_httpuri;
    char de_mpm_scanned_uri;
    /** id for alert counter */
    uint16_t counter_alerts;
    /* used to discontinue any more matching */
    int discontinue_matching;
@ -565,32 +614,26 @@ typedef struct DetectionEngineThreadCtx_ {
     * stored in Signature->dmatch, by content, pcre, etc */
    uint32_t dce_payload_offset;
    /** recursive counter */
    uint8_t pkt_cnt;
    /* http_uri stuff for uricontent */
    char de_have_httpuri;
    char de_mpm_scanned_uri;
    /** array of signature pointers we're going to inspect in the detection
     *  loop. */
    Signature **match_array;
-    /** size of the array in items (mem size if * sizeof(Signature *) */
+    /** size of the array in items (mem size if * sizeof(Signature *)
     *  Only used during initialization. */
    uint32_t match_array_len;
    /** size in use */
-    uint32_t match_array_cnt;
+    SigIntId match_array_cnt;
    /** Array of sigs that had a state change */
    uint8_t *de_state_sig_array;
    SigIntId de_state_sig_array_len;
    uint8_t *de_state_sig_array;
    struct SigGroupHead_ *sgh;
    /** pointer to the current mpm ctx that is stored
     *  in a rule group head -- can be either a content
     *  or uricontent ctx. */
    MpmThreadCtx mtc;   /**< thread ctx for the mpm */
    MpmThreadCtx mtcu;  /**< thread ctx for uricontent mpm */
    MpmThreadCtx mtcs;  /**< thread ctx for stream mpm */
    struct SigGroupHead_ *sgh;
    PatternMatcherQueue pmq;
    PatternMatcherQueue smsg_pmq[256];
@ -609,21 +652,15 @@ typedef struct DetectionEngineThreadCtx_ {
    uint32_t pkts_uri_searched3;
    uint32_t pkts_uri_searched4;
    /** id for alert counter */
    uint16_t counter_alerts;
    /** ip only rules ctx */
    DetectEngineIPOnlyThreadCtx io_ctx;
    DetectEngineCtx *de_ctx;
 #ifdef __SC_CUDA_SUPPORT__
    /* each detection thread would have it's own queue where the cuda dispatcher
     * thread can dump the packets once it has processed them */
    Tmq *cuda_mpm_rc_disp_outq;
 #endif
    uint64_t mpm_match;
 } DetectEngineThreadCtx;
 /** \brief a single match condition for a signature */
@ -689,12 +726,12 @@ typedef struct SigGroupHeadInitData_ {
 /** \brief Container for matching data for a signature group */
 typedef struct SigGroupHead_ {
    uint8_t flags;
    uint8_t pad0;
    uint16_t pad1;
    /* number of sigs in this head */
-    uint32_t sig_cnt;
+    SigIntId sig_cnt;
    uint16_t mpm_content_maxlen;
    uint16_t mpm_streamcontent_maxlen;
    /** chunk of memory containing the "header" part of each
     *  signature ordered as an array. Used to pre-filter the
@ -704,10 +741,12 @@ typedef struct SigGroupHead_ {
    /* pattern matcher instances */
    MpmCtx *mpm_ctx;
    MpmCtx *mpm_stream_ctx;
    uint16_t mpm_content_maxlen;
    uint16_t mpm_streamcontent_maxlen;
    MpmCtx *mpm_uri_ctx;
    uint16_t mpm_uricontent_maxlen;
    uint16_t pad1;
 #if __WORDSIZE == 64
    uint32_t pad2;
 #endif
    /** Array with sig ptrs... size is sig_cnt * sizeof(Signature *) */
    Signature **match_array;
--- a/src/flow-queue.h
+++ b/src/flow-queue.h
@ -33,11 +33,11 @@ typedef struct FlowQueue_
    Flow *top;
    Flow *bot;
    uint32_t len;
    SCMutex mutex_q;
    SCCondT cond_q;
 #ifdef DBG_PERF
    uint32_t dbg_maxlen;
 #endif /* DBG_PERF */
    SCMutex mutex_q;
    SCCondT cond_q;
 } FlowQueue;
 /* prototypes */
--- a/src/flow.c
+++ b/src/flow.c
@ -736,6 +736,8 @@ void FlowHandlePacket (ThreadVars *tv, Packet *p)
    p->flow = f;
    SCMutexUnlock(&f->m);
    p->flags |= PKT_HAS_FLOW;
 }
 /** \brief initialize the configuration
--- a/src/flow.h
+++ b/src/flow.h
@ -147,22 +147,19 @@ typedef struct Flow_
    uint16_t flags;
    /* ts of flow init and last update */
    struct timeval startts;
    struct timeval lastts;
-    /* pointer to the var list */
+    SCMutex m;
    GenericVar *flowvar;
-    uint32_t todstpktcnt;
+    /** protocol specific data pointer, e.g. for TcpSession */
-    uint32_t tosrcpktcnt;
+    void *protoctx;
    uint64_t bytecnt;
    /** mapping to Flow's protocol specific protocols for timeouts
        and state and free functions. */
    uint8_t protomap;
-    /** protocol specific data pointer, e.g. for TcpSession */
+    uint8_t alflags; /**< application level specific flags */
-    void *protoctx;
+    uint16_t alproto; /**< application level protocol */
    /** how many pkts and stream msgs are using the flow *right now*. This
     *  variable is atomic so not protected by the Flow mutex "m".
@ -172,9 +169,12 @@ typedef struct Flow_
     */
    SC_ATOMIC_DECLARE(unsigned short, use_cnt);
    uint16_t pad0;
    void **aldata; /**< application level storage ptrs */
    /** detection engine state */
    struct DetectEngineState_ *de_state;
    SCMutex de_state_m;          /**< mutex lock for the de_state object */
    /** toclient sgh for this flow. Only use when FLOW_SGH_TOCLIENT flow flag
     *  has been set. */
@ -183,24 +183,27 @@ typedef struct Flow_
     *  has been set. */
    struct SigGroupHead_ *sgh_toserver;
    SCMutex m;
    /** List of tags of this flow (from "tag" keyword of type "session") */
    DetectTagDataEntryList *tag_list;
    /* pointer to the var list */
    GenericVar *flowvar;
    SCMutex de_state_m;          /**< mutex lock for the de_state object */
    /* list flow ptrs
     * NOTE!!! These are NOT protected by the
     * above mutex, but by the FlowQ's */
    struct Flow_ *hnext; /* hash list */
    struct Flow_ *hprev;
    struct FlowBucket_ *fb;
    struct Flow_ *lnext; /* list */
    struct Flow_ *lprev;
-    struct FlowBucket_ *fb;
+    struct timeval startts;
-
+    uint32_t todstpktcnt;
-    uint16_t alproto; /**< application level protocol */
+    uint32_t tosrcpktcnt;
-    void **aldata; /**< application level storage ptrs */
+    uint64_t bytecnt;
    uint8_t alflags; /**< application level specific flags */
 } Flow;
--- a/src/suricata-common.h
+++ b/src/suricata-common.h
@ -130,6 +130,8 @@
 #define SigIntId uint16_t
 //#define SigIntId uint32_t
 /** same for pattern id's */
 #define PatIntId uint16_t
 #include <htp/htp.h>
 #include "threads.h"
--- a/src/util-mpm-b2gc.h
+++ b/src/util-mpm-b2gc.h
@ -72,7 +72,7 @@ typedef struct B2gcPatternHdr_ {
    uint32_t np_offset; /* offset of the next pattern */
    uint8_t len;
    uint8_t flags;
-    uint16_t id;
+    PatIntId id;
 } B2gcPatternHdr;
 #define B2GC_GET_FLAGS(hdr)         ((hdr)->flags)
@ -87,7 +87,7 @@ typedef struct B2gcPatternHdr_ {
 typedef struct B2gcPattern1_ {
    uint8_t flags;
    uint8_t pat;
-    uint16_t id;
+    PatIntId id;
 } B2gcPattern1;
 #define B2GC1_GET_FLAGS(hdr)         ((hdr)->flags)
@ -99,7 +99,7 @@ typedef struct B2gcPattern_ {
    uint16_t len;
    uint8_t flags;
    uint8_t pad0;
-    uint32_t id;
+    PatIntId id;
    uint8_t *pat;
 } B2gcPattern;
--- a/src/util-radix-tree.h
+++ b/src/util-radix-tree.h
@ -43,12 +43,12 @@
 * \brief Structure that hold the user data and the netmask associated with it.
 */
 typedef struct SCRadixUserData_ {
    /* holds the netmask value that corresponds to this user data pointer */
    uint8_t netmask;
    /* holds a pointer to the user data associated with the particular netmask */
    void *user;
    /* pointer to the next user data in the list */
    struct SCRadixUserData_ *next;
    /* holds the netmask value that corresponds to this user data pointer */
    uint8_t netmask;
 } SCRadixUserData;
 /**
@ -81,10 +81,12 @@ typedef struct SCRadixNode_ {
     * to determine the path to be taken during a lookup*/
    uint16_t bit;
-    /* holds a list of netmaks that come under this node in the tree */
+    uint16_t pad0;
-    uint8_t *netmasks;
+
    /* total no of netmasks that are registered under this node */
    int netmask_cnt;
    /* holds a list of netmaks that come under this node in the tree */
    uint8_t *netmasks;
    /* holds the prefix that the path to this node holds */
    SCRadixPrefix *prefix;