Skip to content

Commit

Permalink
detect/analyzer: add more details for the tcp window keyword
Browse files Browse the repository at this point in the history
Ticket: 6352
  • Loading branch information
Nancyenos authored and victorjulien committed Nov 5, 2024
1 parent 5d82521 commit 98cd241
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions src/detect-engine-analyzer.c
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@
#include "detect-flowbits.h"
#include "util-var-name.h"
#include "detect-icmp-id.h"
#include "detect-tcp-window.h"

static int rule_warnings_only = 0;

Expand Down Expand Up @@ -932,6 +933,14 @@ static void DumpMatches(RuleAnalyzer *ctx, JsonBuilder *js, const SigMatchData *
jb_close(js);
break;
}
case DETECT_WINDOW: {
const DetectWindowData *wd = (const DetectWindowData *)smd->ctx;
jb_open_object(js, "window");
jb_set_uint(js, "size", wd->size);
jb_set_bool(js, "negated", wd->negated);
jb_close(js);
break;
}
case DETECT_FLOW_AGE: {
const DetectU32Data *cd = (const DetectU32Data *)smd->ctx;
jb_open_object(js, "flow_age");
Expand Down

0 comments on commit 98cd241

Please sign in to comment.