From c88c1f1e14eec51c34f3de962424ee7fe55a2a85 Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Wed, 27 Nov 2019 14:42:20 -0500
Subject: [PATCH] detect/analyzer: Suppress direction warnings

This commit suppresses direction warnings by the rules analyzer for ICMP
and ICMPV6 since it's not actionable.
---
 src/detect-engine-analyzer.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index 27a38b4545..5d598f2d27 100644
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -1189,9 +1189,13 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
         warn_no_direction += 1;
         rule_warning += 1;
     }
-    if ((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) {
-        warn_both_direction += 1;
-        rule_warning += 1;
+
+    /* No warning about direction for ICMP protos */
+    if (!(DetectProtoContainsProto(&s->proto, IPPROTO_ICMP) && DetectProtoContainsProto(&s->proto, IPPROTO_ICMP))) {
+        if ((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) {
+            warn_both_direction += 1;
+            rule_warning += 1;
+        }
     }
 
     if (!rule_warnings_only || (rule_warnings_only && rule_warning > 0)) {