detect/analyzer: Suppress direction warnings

This commit suppresses direction warnings by the rules analyzer for ICMP and ICMPV6 since it's not actionable.
6 years ago · c88c1f1e14
parent 83bbe287e7
commit c88c1f1e14
1 changed files with 7 additions and 3 deletions
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@ -1189,10 +1189,14 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
        warn_no_direction += 1;
        rule_warning += 1;
    }
+
+    /* No warning about direction for ICMP protos */
+    if (!(DetectProtoContainsProto(&s->proto, IPPROTO_ICMP) && DetectProtoContainsProto(&s->proto, IPPROTO_ICMP))) {
        if ((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) {
            warn_both_direction += 1;
            rule_warning += 1;
        }
+    }

    if (!rule_warnings_only || (rule_warnings_only && rule_warning > 0)) {
        fprintf(rule_engine_analysis_FD, "== Sid: %u ==\n", s->id);