detect/analyzer: Suppress direction warnings

This commit suppresses direction warnings by the rules analyzer for ICMP
and ICMPV6 since it's not actionable.

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index 27a38b45450f5094cde6491b0c50c72db84a0bfa..5d598f2d27d99873a36d5b6e99ae28c11aa1b6e5 100644 (file)
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -1189,9 +1189,13 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
         warn_no_direction += 1;
         rule_warning += 1;
     }
-    if ((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) {
-        warn_both_direction += 1;
-        rule_warning += 1;
+
+    /* No warning about direction for ICMP protos */
+    if (!(DetectProtoContainsProto(&s->proto, IPPROTO_ICMP) && DetectProtoContainsProto(&s->proto, IPPROTO_ICMP))) {
+        if ((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) {
+            warn_both_direction += 1;
+            rule_warning += 1;
+        }
     }
 
     if (!rule_warnings_only || (rule_warnings_only && rule_warning > 0)) {