From: Alice Akaki <akakialice@gmail.com>
Date: Tue, 22 Oct 2024 22:44:27 +0000 (-0400)
Subject: detect/analyzer: add more details for flow_age
X-Git-Tag: suricata-8.0.0-beta1~765
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e563b0c8b3fd7d67bb596cd96c21783c9d771ef;p=thirdparty%2Fsuricata.git

detect/analyzer: add more details for flow_age

Ticket: #6312
---

diff --git a/rust/src/detect/tojson/mod.rs b/rust/src/detect/tojson/mod.rs
index 2c552bcfa0..1a1f0cee80 100644
--- a/rust/src/detect/tojson/mod.rs
+++ b/rust/src/detect/tojson/mod.rs
@@ -77,3 +77,10 @@ pub unsafe extern "C" fn SCDetectU16ToJson(
 ) -> bool {
     return detect_uint_to_json(js, du).is_ok();
 }
+
+#[no_mangle]
+pub unsafe extern "C" fn SCDetectU32ToJson(
+    js: &mut JsonBuilder, du: &DetectUintData<u32>,
+) -> bool {
+    return detect_uint_to_json(js, du).is_ok();
+}
\ No newline at end of file
diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index 3d4d8991a3..dcf3ce60a6 100644
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -932,6 +932,13 @@ static void DumpMatches(RuleAnalyzer *ctx, JsonBuilder *js, const SigMatchData *
                 jb_close(js);
                 break;
             }
+            case DETECT_FLOW_AGE: {
+                const DetectU32Data *cd = (const DetectU32Data *)smd->ctx;
+                jb_open_object(js, "flow_age");
+                SCDetectU32ToJson(js, cd);
+                jb_close(js);
+                break;
+            }
         }
         jb_close(js);