detect/analyzer: Suppress direction warnings

This commit suppresses direction warnings by the rules analyzer for ICMP and ICMPV6 since it's not actionable.
6 years ago · c88c1f1e14
parent 83bbe287e7
commit c88c1f1e14
1 changed files with 7 additions and 3 deletions
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@ -1189,9 +1189,13 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
        warn_no_direction += 1;
        rule_warning += 1;
    }
-    if ((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) {
-        warn_both_direction += 1;
-        rule_warning += 1;
+
+    /* No warning about direction for ICMP protos */
+    if (!(DetectProtoContainsProto(&s->proto, IPPROTO_ICMP) && DetectProtoContainsProto(&s->proto, IPPROTO_ICMP))) {
+        if ((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) {
+            warn_both_direction += 1;
+            rule_warning += 1;
+        }
    }

    if (!rule_warnings_only || (rule_warnings_only && rule_warning > 0)) {