From: Philippe Antoine <contact@catenacyber.fr>
Date: Fri, 24 Sep 2021 13:42:41 +0000 (+0200)
Subject: flowint: same analysis warnings as flowbits
X-Git-Tag: suricata-5.0.8~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0df143a8051165e4df6c5cd010afbb566ec3e81;p=thirdparty%2Fsuricata.git

flowint: same analysis warnings as flowbits

(cherry picked from commit f6ba3699bb8a790956b645e3c47cc159811ab677)
---

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index 7ed7dae6d6..81c23c3849 100644
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -1154,7 +1154,7 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
     }
     if (rule_flow == 0 && rule_flags == 0
         && !(s->proto.flags & DETECT_PROTO_ANY) && DetectProtoContainsProto(&s->proto, IPPROTO_TCP)
-        && (rule_content || rule_content_http || rule_pcre || rule_pcre_http || rule_flowbits)) {
+        && (rule_content || rule_content_http || rule_pcre || rule_pcre_http || rule_flowbits || rule_flowint)) {
         rule_warning += 1;
         warn_tcp_no_flow = 1;
     }
@@ -1221,7 +1221,7 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
         if (rule_ipv6_only) fprintf(rule_engine_analysis_FD, "    Rule is IPv6 only.\n");
         if (rule_ipv4_only) fprintf(rule_engine_analysis_FD, "    Rule is IPv4 only.\n");
         if (packet_buf) fprintf(rule_engine_analysis_FD, "    Rule matches on packets.\n");
-        if (!rule_flow_nostream && stream_buf && (rule_flow || rule_flowbits || rule_content || rule_pcre)) {
+        if (!rule_flow_nostream && stream_buf && (rule_flow || rule_flowbits || rule_flowint || rule_content || rule_pcre)) {
             fprintf(rule_engine_analysis_FD, "    Rule matches on reassembled stream.\n");
         }
         for(size_t i = 0; i < ARRAY_SIZE(analyzer_items); i++) {