fastlog: use icmp type and code instead of port

Fixes #3266

diff --git a/src/alert-fastlog.c b/src/alert-fastlog.c
index 7613a37ad177f6a5ec3016c5b0861958ecd636f9..f87acce48853c76a59e6858a606af7dadb01d542 100644 (file)
--- a/src/alert-fastlog.c
+++ b/src/alert-fastlog.c
@@ -150,12 +150,18 @@ int AlertFastLogger(ThreadVars *tv, void *data, const Packet *p)
             } else {
                 snprintf(proto, sizeof(proto), "PROTO:%03" PRIu32, IP_GET_IPPROTO(p));
             }
+            uint16_t src_port_or_icmp = p->sp;
+            uint16_t dst_port_or_icmp = p->dp;
+            if (IP_GET_IPPROTO(p) == IPPROTO_ICMP) {
+                src_port_or_icmp = p->icmp_s.type;
+                dst_port_or_icmp = p->icmp_s.code;
+            }
             PrintBufferData(alert_buffer, &size, MAX_FASTLOG_ALERT_SIZE,
                             "%s  %s[**] [%" PRIu32 ":%" PRIu32 ":%"
                             PRIu32 "] %s [**] [Classification: %s] [Priority: %"PRIu32"]"
                             " {%s} %s:%" PRIu32 " -> %s:%" PRIu32 "\n", timebuf, action,
                             pa->s->gid, pa->s->id, pa->s->rev, pa->s->msg, pa->s->class_msg, pa->s->prio,
-                            proto, srcip, p->sp, dstip, p->dp);
+                            proto, srcip, src_port_or_icmp, dstip, dst_port_or_icmp);
         } else {
             PrintBufferData(alert_buffer, &size, MAX_FASTLOG_ALERT_SIZE, 
                             "%s  %s[**] [%" PRIu32 ":%" PRIu32