From: Victor Julien <vjulien@oisf.net>
Date: Fri, 3 Dec 2021 07:18:40 +0000 (+0100)
Subject: detect/analyzer: add frame support
X-Git-Tag: suricata-7.0.0-beta1~1038
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3cbe33de574e1c80692443c454ced2f517081e7d;p=thirdparty%2Fsuricata.git

detect/analyzer: add frame support
---

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index 741d0c434c..8c2948e603 100644
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -828,6 +828,17 @@ void EngineAnalysisRules2(const DetectEngineCtx *de_ctx, const Signature *s)
         }
     }
     jb_close(ctx.js);
+    jb_open_array(ctx.js, "frame_engines");
+    const DetectEngineFrameInspectionEngine *frame = s->frame_inspect;
+    for (; frame != NULL; frame = frame->next) {
+        const char *name = DetectEngineBufferTypeGetNameById(de_ctx, frame->sm_list);
+        jb_start_object(ctx.js);
+        jb_set_string(ctx.js, "name", name);
+        jb_set_bool(ctx.js, "is_mpm", frame->mpm);
+        DumpMatches(&ctx, ctx.js, frame->smd);
+        jb_close(ctx.js);
+    }
+    jb_close(ctx.js);
 
     if (s->init_data->init_flags & SIG_FLAG_INIT_STATE_MATCH) {
         bool has_stream = false;