Suricata

What's the current plan to have full support for the file_data keyword? I've got a number of rules that choke and die with:
[ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.

Most of these are VRT rules, and it'd be nice if they played well with Suricata.

More importantly I have some rules failing with:
[ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Can't use file_data with flow:to_server or from_client with http.

Using file_data with http + flow is generally pretty useful and support in 2.1 here would be great.

In 2.0.x file_data is only supported for http server bodies, which implies to_client. In 2.1, smtp support was added so that is to_server. No other protocols are supported yet.

Other than for non-supported protocols, what rules do you have are rejected?

Actually there's only one VRT rule that was tripping up on this that's not SMTP related:

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"VRT FILE-IDENTIFY JPEG file upload detected"; flow:to_server,established; file_data; content:"|FF D8 FF E1|"; depth:4; flowbits:set,file.jpeg; flowbits:noalert; metadata:service http; classtype:misc-activity; sid:35852; rev:1;)

I actually think I can disable this, but it seems like the idea is for uploads from external clients to:server, probably looking at a POST body or similar? It seems like http_client_body might be more applicable here anyway.