rule analyzer: make analyzer aware of http_user_agent pcre flag /V.

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index 2fd4ee76a8b67e28f931ad7d7fd35f68b3cb1909..60efe1284b5a4555cd828ff78ed1b4ff6cbf280f 100644 (file)
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -199,6 +199,7 @@ void EngineAnalysisRules(Signature *s, char *line)
     uint32_t http_stat_msg_buf = 0;
     uint32_t http_raw_header_buf = 0;
     uint32_t http_raw_uri_buf = 0;
+    uint32_t http_ua_buf = 0;
     uint32_t warn_pcre_no_content = 0;
     uint32_t warn_pcre_http_content = 0;
     uint32_t warn_pcre_http = 0;
@@ -279,6 +280,11 @@ void EngineAnalysisRules(Signature *s, char *line)
                     raw_http_buf += 1;
                     http_stat_code_buf += 1;
                 }
+                else if (list_id == DETECT_SM_LIST_HUADMATCH) {
+                    rule_pcre_http += 1;
+                    norm_http_buf += 1;
+                    http_ua_buf += 1;
+                }
                 else {
                     rule_pcre += 1;
                 }
@@ -468,6 +474,7 @@ void EngineAnalysisRules(Signature *s, char *line)
         if (http_client_body_buf) fprintf(rule_engine_analysis_FD, "    Rule matches on http client body buffer.\n");
         if (http_stat_msg_buf) fprintf(rule_engine_analysis_FD, "    Rule matches on http stat msg buffer.\n");
         if (http_stat_code_buf) fprintf(rule_engine_analysis_FD, "    Rule matches on http stat code buffer.\n");
+        if (http_ua_buf) fprintf(rule_engine_analysis_FD, "    Rule matches on http user agent buffer.\n");
         if (s->alproto != ALPROTO_UNKNOWN) {
             fprintf(rule_engine_analysis_FD, "    App layer protocol is %s.\n", TmModuleAlprotoToString(s->alproto));
         }