detect/analyzer: add more details for icmp_id

Ticket: #6360
5 months ago · fa1addae64
parent 378f678d95
commit fa1addae64
1 changed files with 8 additions and 0 deletions
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@ -51,6 +51,7 @@
 #include "util-conf.h"
 #include "detect-flowbits.h"
 #include "util-var-name.h"
+#include "detect-icmp-id.h"

 static int rule_warnings_only = 0;

@ -924,6 +925,13 @@ static void DumpMatches(RuleAnalyzer *ctx, JsonBuilder *js, const SigMatchData *
                jb_close(js);
                break;
            }
+            case DETECT_ICMP_ID: {
+                const DetectIcmpIdData *cd = (const DetectIcmpIdData *)smd->ctx;
+                jb_open_object(js, "id");
+                jb_set_uint(js, "number", SCNtohs(cd->id));
+                jb_close(js);
+                break;
+            }
        }
        jb_close(js);