detect/analyzer: Add missing http_accept_enc handling

author Jeff Lucovsky <jeff@lucovsky.org>

Sat, 31 Aug 2019 20:16:39 +0000 (16:16 -0400)

committer Victor Julien <victor@inliniac.net>

Fri, 6 Sep 2019 09:58:12 +0000 (11:58 +0200)
author Jeff Lucovsky <jeff@lucovsky.org>
Sat, 31 Aug 2019 20:16:39 +0000 (16:16 -0400)
committer Victor Julien <victor@inliniac.net>
Fri, 6 Sep 2019 09:58:12 +0000 (11:58 +0200)
diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c

index d762b2bb19f63395b35e209309b44cd00b101776..1dee79223365aee87c8d28faae5dfe748d206b83 100644 (file)
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -896,6 +896,7 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
      uint32_t stream_buf = 0;
      uint32_t packet_buf = 0;
      uint32_t http_header_buf = 0;
+    uint32_t http_accept_enc_buf = 0;
      uint32_t http_uri_buf = 0;
      uint32_t http_method_buf = 0;
      uint32_t http_cookie_buf = 0;
@@ -938,6 +939,7 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
      const int httpstatcode_id = DetectBufferTypeGetByName("http_stat_code");
      const int httpstatmsg_id = DetectBufferTypeGetByName("http_stat_msg");
      const int httpheader_id = DetectBufferTypeGetByName("http_header");
+    const int httpacceptenc_id = DetectBufferTypeGetByName("http_accept_enc");
      const int httprawheader_id = DetectBufferTypeGetByName("http_raw_header");
      const int httpclientbody_id = DetectBufferTypeGetByName("http_client_body");
      const int httprawuri_id = DetectBufferTypeGetByName("http_raw_uri");
@@ -983,6 +985,11 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
                      norm_http_buf += 1;
                      http_header_buf += 1;
                  }
+                else if (list_id == httpacceptenc_id) {
+                    rule_pcre_http += 1;
+                    norm_http_buf += 1;
+                    http_accept_enc_buf += 1;
+                }
                  else if (list_id == httpcookie_id) {
                      rule_pcre_http += 1;
                      norm_http_buf += 1;
@@ -1279,6 +1286,7 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
          }
          if (http_uri_buf) fprintf(rule_engine_analysis_FD, "    Rule matches on http uri buffer.\n");
          if (http_header_buf) fprintf(rule_engine_analysis_FD, "    Rule matches on http header buffer.\n");
+        if (http_accept_enc_buf) fprintf(rule_engine_analysis_FD, "    Rule matches on http accept enc buffer.\n");
          if (http_cookie_buf) fprintf(rule_engine_analysis_FD, "    Rule matches on http cookie buffer.\n");
          if (http_content_type_buf) fprintf(rule_engine_analysis_FD, "    Rule matches on http content type buffer.\n");
          if (http_raw_uri_buf) fprintf(rule_engine_analysis_FD, "    Rule matches on http raw uri buffer.\n");
author	Jeff Lucovsky <jeff@lucovsky.org>
	Sat, 31 Aug 2019 20:16:39 +0000 (16:16 -0400)
committer	Victor Julien <victor@inliniac.net>
	Fri, 6 Sep 2019 09:58:12 +0000 (11:58 +0200)