aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/analyzer: add more details for the tcp window keyword

Browse Source 
Ticket: 6352
pull/12088/head
Nancy Enos 10 months ago committed by Victor Julien
parent 5d8252117f
commit 98cd2411b6
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File

9
src/detect-engine-analyzer.c
Unescape Escape View File

@ -52,6 +52,7 @@
#include "detect-flowbits.h" #include "detect-flowbits.h"
#include "util-var-name.h" #include "util-var-name.h"
#include "detect-icmp-id.h" #include "detect-icmp-id.h"
#include "detect-tcp-window.h"
static int rule_warnings_only = 0; static int rule_warnings_only = 0;
@ -932,6 +933,14 @@ static void DumpMatches(RuleAnalyzer *ctx, JsonBuilder *js, const SigMatchData *
jb_close(js); jb_close(js);
break; break;
} }
case DETECT_WINDOW: {
const DetectWindowData *wd = (const DetectWindowData *)smd->ctx;
jb_open_object(js, "window");
jb_set_uint(js, "size", wd->size);
jb_set_bool(js, "negated", wd->negated);
jb_close(js);
break;
}
case DETECT_FLOW_AGE: { case DETECT_FLOW_AGE: {
const DetectU32Data *cd = (const DetectU32Data *)smd->ctx; const DetectU32Data *cd = (const DetectU32Data *)smd->ctx;
jb_open_object(js, "flow_age"); jb_open_object(js, "flow_age");

Write Preview
Loading…
Cancel
Save