uint32_t warn_offset_depth_pkt_stream = 0;
uint32_t warn_offset_depth_alproto = 0;
uint32_t warn_non_alproto_fp_for_alproto_sig = 0;
+ uint32_t warn_no_direction = 0;
+ uint32_t warn_both_direction = 0;
if (s->init_flags & SIG_FLAG_INIT_BIDIREC) {
rule_bidirectional = 1;
warn_non_alproto_fp_for_alproto_sig = 1;
}
+ if ((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == 0) {
+ warn_no_direction += 1;
+ rule_warning += 1;
+ }
+ if ((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) {
+ warn_both_direction += 1;
+ rule_warning += 1;
+ }
+
if (!rule_warnings_only || (rule_warnings_only && rule_warning > 0)) {
fprintf(rule_engine_analysis_FD, "== Sid: %u ==\n", s->id);
fprintf(rule_engine_analysis_FD, "%s\n", line);
"stream. Consider adding fast_pattern over a http "
"buffer for increased performance.");
}
+ if (warn_no_direction) {
+ fprintf(rule_engine_analysis_FD, " Warning: Rule has no direction indicator.\n");
+ }
+ if (warn_both_direction) {
+ fprintf(rule_engine_analysis_FD, " Warning: Rule is inspecting both directions.\n");
+ }
if (rule_warning == 0) {
fprintf(rule_engine_analysis_FD, " No warnings for this rule.\n");
}
projects / thirdparty / suricata.git / commitdiff
