From: Daniel Olatunji <danielolatunji20@outlook.com>
Date: Tue, 30 Jan 2024 17:30:37 +0000 (+0100)
Subject: detect/analyzer: add more details for tcp_seq
X-Git-Tag: suricata-8.0.0-beta1~1517
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d9148d1023f7f880c905cb7074c8883e420abd24;p=thirdparty%2Fsuricata.git

detect/analyzer: add more details for tcp_seq

Log the matched Sequence number of a packet
Issue: 6353
---

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index 354c93413f..d0f7123880 100644
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -41,6 +41,7 @@
 #include "detect-tcp-flags.h"
 #include "detect-tcp-ack.h"
 #include "detect-ipopts.h"
+#include "detect-tcp-seq.h"
 #include "feature.h"
 #include "util-print.h"
 #include "util-time.h"
@@ -912,6 +913,14 @@ static void DumpMatches(RuleAnalyzer *ctx, JsonBuilder *js, const SigMatchData *
                 jb_close(js);
                 break;
             }
+            case DETECT_SEQ: {
+                const DetectSeqData *cd = (const DetectSeqData *)smd->ctx;
+
+                jb_open_object(js, "seq");
+                jb_set_uint(js, "number", cd->seq);
+                jb_close(js);
+                break;
+            }
         }
         jb_close(js);