detect/analyzer: add more details for the tcp window keyword

author Nancy Enos <nicymimz@gmail.com>

Wed, 23 Oct 2024 21:29:18 +0000 (00:29 +0300)

committer Victor Julien <victor@inliniac.net>

Tue, 5 Nov 2024 10:39:51 +0000 (11:39 +0100)
author Nancy Enos <nicymimz@gmail.com>
Wed, 23 Oct 2024 21:29:18 +0000 (00:29 +0300)
committer Victor Julien <victor@inliniac.net>
Tue, 5 Nov 2024 10:39:51 +0000 (11:39 +0100)
diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c

index dcf3ce60a6a30f0adb717bcca549d4a281259fc4..d852792fd3da24869992897b7d919f710e334b84 100644 (file)
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -52,6 +52,7 @@
  #include "detect-flowbits.h"
  #include "util-var-name.h"
  #include "detect-icmp-id.h"
+#include "detect-tcp-window.h"
  
  static int rule_warnings_only = 0;
  
@@ -932,6 +933,14 @@ static void DumpMatches(RuleAnalyzer *ctx, JsonBuilder *js, const SigMatchData *
                  jb_close(js);
                  break;
              }
+            case DETECT_WINDOW: {
+                const DetectWindowData *wd = (const DetectWindowData *)smd->ctx;
+                jb_open_object(js, "window");
+                jb_set_uint(js, "size", wd->size);
+                jb_set_bool(js, "negated", wd->negated);
+                jb_close(js);
+                break;
+            }
              case DETECT_FLOW_AGE: {
                  const DetectU32Data *cd = (const DetectU32Data *)smd->ctx;
                  jb_open_object(js, "flow_age");
author	Nancy Enos <nicymimz@gmail.com>
	Wed, 23 Oct 2024 21:29:18 +0000 (00:29 +0300)
committer	Victor Julien <victor@inliniac.net>
	Tue, 5 Nov 2024 10:39:51 +0000 (11:39 +0100)