From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Fri, 6 Dec 2019 00:15:13 +0000 (-0500)
Subject: detect/analyzer: Suppress direction warnings
X-Git-Tag: suricata-5.0.1~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fcfb679893e4641c9510e571a4480aa07d251f2c;p=thirdparty%2Fsuricata.git

detect/analyzer: Suppress direction warnings

This commit ensures direction warnings for ICMP v4 and v6
are suppressed and corrects check so that both protocols
are checked (instead of the same protocol being checked twice).
---

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index d8bcbd162c..1f7acc92b7 100644
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -1199,7 +1199,7 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
     }
 
     /* No warning about direction for ICMP protos */
-    if (!(DetectProtoContainsProto(&s->proto, IPPROTO_ICMP) && DetectProtoContainsProto(&s->proto, IPPROTO_ICMP))) {
+    if (!(DetectProtoContainsProto(&s->proto, IPPROTO_ICMPV6) && DetectProtoContainsProto(&s->proto, IPPROTO_ICMP))) {
         if ((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) {
             warn_both_direction += 1;
             rule_warning += 1;