From: Victor Julien <victor@inliniac.net>
Date: Mon, 8 Feb 2021 08:41:22 +0000 (+0100)
Subject: detect/analyzer: add icmp to rule group output
X-Git-Tag: suricata-7.0.0-beta1~1496
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ef896431076ce6130ff57257a83a79ea3e42bf59;p=thirdparty%2Fsuricata.git

detect/analyzer: add icmp to rule group output
---

diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
index 6eb8466912..7091d5f764 100644
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -919,8 +919,26 @@ static void RulesDumpGrouping(const DetectEngineCtx *de_ctx,
             json_object_set_new(tcp, "toclient", tc_array);
 
             json_object_set_new(js, name, tcp);
+        } else if (p == IPPROTO_ICMP || p == IPPROTO_ICMPV6) {
+            const char *name = (p == IPPROTO_ICMP) ? "icmpv4" : "icmpv6";
+            json_t *o = json_object();
+            json_t *ts = json_object();
+            json_t *tc = json_object();
+
+            if (de_ctx->flow_gh[1].sgh[p]) {
+                json_t *group_ts = RulesGroupPrintSghStats(
+                        de_ctx, de_ctx->flow_gh[1].sgh[p], add_rules, add_mpm_stats);
+                json_object_set_new(ts, "rulegroup", group_ts);
+                json_object_set_new(o, "toserver", ts);
+            }
+            if (de_ctx->flow_gh[0].sgh[p]) {
+                json_t *group_tc = RulesGroupPrintSghStats(
+                        de_ctx, de_ctx->flow_gh[0].sgh[p], add_rules, add_mpm_stats);
+                json_object_set_new(tc, "rulegroup", group_tc);
+                json_object_set_new(o, "toclient", tc);
+            }
+            json_object_set_new(js, name, o);
         }
-
     }
 
     const char *filename = "rule_group.json";