From b0471fb8e485a59c69fc9d2f6ee8cfb40c5ca333 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Fri, 2 Nov 2012 16:14:11 +0100 Subject: [PATCH] rule analyser: add msg if rule is ipv4 or ipv6 only --- src/detect-engine-analyzer.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c index bcf548cda4..ea671082a6 100644 --- a/src/detect-engine-analyzer.c +++ b/src/detect-engine-analyzer.c @@ -431,6 +431,8 @@ void EngineAnalysisRules(Signature *s, char *line) uint32_t rule_flow_toserver = 0; uint32_t rule_flow_toclient = 0; uint32_t rule_flow_nostream = 0; + uint32_t rule_ipv4_only = 0; + uint32_t rule_ipv6_only = 0; uint32_t rule_flowbits = 0; uint32_t rule_flowint = 0; //uint32_t rule_flowvar = 0; @@ -479,6 +481,14 @@ void EngineAnalysisRules(Signature *s, char *line) if (s->flags & SIG_FLAG_REQUIRE_STREAM) { stream_buf += 1; } + + if (s->proto.flags & DETECT_PROTO_IPV4) { + rule_ipv4_only += 1; + } + if (s->proto.flags & DETECT_PROTO_IPV6) { + rule_ipv6_only += 1; + } + for (list_id = 0; list_id < DETECT_SM_LIST_MAX; list_id++) { SigMatch *sm = NULL; @@ -718,7 +728,9 @@ void EngineAnalysisRules(Signature *s, char *line) fprintf(rule_engine_analysis_FD, "== Sid: %u ==\n", s->id); fprintf(rule_engine_analysis_FD, "%s\n", line); - if (s->flags & SIG_FLAG_IPONLY) fprintf(rule_engine_analysis_FD, " Rule is ip only.\n"); + if (s->flags & SIG_FLAG_IPONLY) fprintf(rule_engine_analysis_FD, " Rule is ip only.\n"); + if (rule_ipv6_only) fprintf(rule_engine_analysis_FD, " Rule is IPv6 only.\n"); + if (rule_ipv4_only) fprintf(rule_engine_analysis_FD, " Rule is IPv4 only.\n"); if (packet_buf) fprintf(rule_engine_analysis_FD, " Rule matches on packets.\n"); if (!rule_flow_nostream && stream_buf && (rule_flow || rule_flowbits || rule_content || rule_pcre)) { fprintf(rule_engine_analysis_FD, " Rule matches on reassembled stream.\n"); -- 2.47.3