From ef896431076ce6130ff57257a83a79ea3e42bf59 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Mon, 8 Feb 2021 09:41:22 +0100
Subject: [PATCH] detect/analyzer: add icmp to rule group output

---
 src/detect-engine-build.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
index 6eb8466912..7091d5f764 100644
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -919,8 +919,26 @@ static void RulesDumpGrouping(const DetectEngineCtx *de_ctx,
             json_object_set_new(tcp, "toclient", tc_array);
 
             json_object_set_new(js, name, tcp);
+        } else if (p == IPPROTO_ICMP || p == IPPROTO_ICMPV6) {
+            const char *name = (p == IPPROTO_ICMP) ? "icmpv4" : "icmpv6";
+            json_t *o = json_object();
+            json_t *ts = json_object();
+            json_t *tc = json_object();
+
+            if (de_ctx->flow_gh[1].sgh[p]) {
+                json_t *group_ts = RulesGroupPrintSghStats(
+                        de_ctx, de_ctx->flow_gh[1].sgh[p], add_rules, add_mpm_stats);
+                json_object_set_new(ts, "rulegroup", group_ts);
+                json_object_set_new(o, "toserver", ts);
+            }
+            if (de_ctx->flow_gh[0].sgh[p]) {
+                json_t *group_tc = RulesGroupPrintSghStats(
+                        de_ctx, de_ctx->flow_gh[0].sgh[p], add_rules, add_mpm_stats);
+                json_object_set_new(tc, "rulegroup", group_tc);
+                json_object_set_new(o, "toclient", tc);
+            }
+            json_object_set_new(js, name, o);
         }
-
     }
 
     const char *filename = "rule_group.json";
-- 
2.47.2