From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Wed, 27 Nov 2019 19:42:20 +0000 (-0500)
Subject: detect/analyzer: Suppress direction warnings
X-Git-Tag: suricata-5.0.1~62
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c88c1f1e14eec51c34f3de962424ee7fe55a2a85;p=thirdparty%2Fsuricata.git

detect/analyzer: Suppress direction warnings

This commit suppresses direction warnings by the rules analyzer for ICMP
and ICMPV6 since it's not actionable.
---

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index 27a38b4545..5d598f2d27 100644
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -1189,9 +1189,13 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
         warn_no_direction += 1;
         rule_warning += 1;
     }
-    if ((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) {
-        warn_both_direction += 1;
-        rule_warning += 1;
+
+    /* No warning about direction for ICMP protos */
+    if (!(DetectProtoContainsProto(&s->proto, IPPROTO_ICMP) && DetectProtoContainsProto(&s->proto, IPPROTO_ICMP))) {
+        if ((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) {
+            warn_both_direction += 1;
+            rule_warning += 1;
+        }
     }
 
     if (!rule_warnings_only || (rule_warnings_only && rule_warning > 0)) {