From fcfb679893e4641c9510e571a4480aa07d251f2c Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Thu, 5 Dec 2019 19:15:13 -0500
Subject: [PATCH] detect/analyzer: Suppress direction warnings

This commit ensures direction warnings for ICMP v4 and v6
are suppressed and corrects check so that both protocols
are checked (instead of the same protocol being checked twice).
---
 src/detect-engine-analyzer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index d8bcbd162c..1f7acc92b7 100644
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -1199,7 +1199,7 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
     }
 
     /* No warning about direction for ICMP protos */
-    if (!(DetectProtoContainsProto(&s->proto, IPPROTO_ICMP) && DetectProtoContainsProto(&s->proto, IPPROTO_ICMP))) {
+    if (!(DetectProtoContainsProto(&s->proto, IPPROTO_ICMPV6) && DetectProtoContainsProto(&s->proto, IPPROTO_ICMP))) {
         if ((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) {
             warn_both_direction += 1;
             rule_warning += 1;
-- 
2.47.2