From: Eric Leblond Date: Fri, 2 Nov 2012 15:14:11 +0000 (+0100) Subject: rule analyser: add msg if rule is ipv4 or ipv6 only X-Git-Tag: suricata-1.4rc1~78 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b0471fb8e485a59c69fc9d2f6ee8cfb40c5ca333;p=thirdparty%2Fsuricata.git rule analyser: add msg if rule is ipv4 or ipv6 only --- diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c index bcf548cda4..ea671082a6 100644 --- a/src/detect-engine-analyzer.c +++ b/src/detect-engine-analyzer.c @@ -431,6 +431,8 @@ void EngineAnalysisRules(Signature *s, char *line) uint32_t rule_flow_toserver = 0; uint32_t rule_flow_toclient = 0; uint32_t rule_flow_nostream = 0; + uint32_t rule_ipv4_only = 0; + uint32_t rule_ipv6_only = 0; uint32_t rule_flowbits = 0; uint32_t rule_flowint = 0; //uint32_t rule_flowvar = 0; @@ -479,6 +481,14 @@ void EngineAnalysisRules(Signature *s, char *line) if (s->flags & SIG_FLAG_REQUIRE_STREAM) { stream_buf += 1; } + + if (s->proto.flags & DETECT_PROTO_IPV4) { + rule_ipv4_only += 1; + } + if (s->proto.flags & DETECT_PROTO_IPV6) { + rule_ipv6_only += 1; + } + for (list_id = 0; list_id < DETECT_SM_LIST_MAX; list_id++) { SigMatch *sm = NULL; @@ -718,7 +728,9 @@ void EngineAnalysisRules(Signature *s, char *line) fprintf(rule_engine_analysis_FD, "== Sid: %u ==\n", s->id); fprintf(rule_engine_analysis_FD, "%s\n", line); - if (s->flags & SIG_FLAG_IPONLY) fprintf(rule_engine_analysis_FD, " Rule is ip only.\n"); + if (s->flags & SIG_FLAG_IPONLY) fprintf(rule_engine_analysis_FD, " Rule is ip only.\n"); + if (rule_ipv6_only) fprintf(rule_engine_analysis_FD, " Rule is IPv6 only.\n"); + if (rule_ipv4_only) fprintf(rule_engine_analysis_FD, " Rule is IPv4 only.\n"); if (packet_buf) fprintf(rule_engine_analysis_FD, " Rule matches on packets.\n"); if (!rule_flow_nostream && stream_buf && (rule_flow || rule_flowbits || rule_content || rule_pcre)) { fprintf(rule_engine_analysis_FD, " Rule matches on reassembled stream.\n");