detect/analyzer: support buffer names in sgh dump

5 years ago · 3660b8f829
parent 0ee7159d1d
commit 3660b8f829
1 changed files with 21 additions and 9 deletions
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@ -618,8 +618,8 @@ static int RuleMpmIsNegated(const Signature *s)
    return (cd->flags & DETECT_CONTENT_NEGATED);
 }

-static json_t *RulesGroupPrintSghStats(const SigGroupHead *sgh,
-                                const int add_rules, const int add_mpm_stats)
+static json_t *RulesGroupPrintSghStats(const DetectEngineCtx *de_ctx, const SigGroupHead *sgh,
+        const int add_rules, const int add_mpm_stats)
 {
    uint32_t mpm_cnt = 0;
    uint32_t nonmpm_cnt = 0;
@ -808,8 +808,14 @@ static json_t *RulesGroupPrintSghStats(const SigGroupHead *sgh,
            for (int y = 0; y < max_buffer_type_id; y++) {
                if (alproto_mpm_bufs[i][y] == 0)
                    continue;
-                json_object_set_new(
-                        app, DetectListToHumanString(y), json_integer(alproto_mpm_bufs[i][y]));
+
+                const char *name;
+                if (y < DETECT_SM_LIST_DYNAMIC_START)
+                    name = DetectListToHumanString(y);
+                else
+                    name = DetectBufferTypeGetNameById(de_ctx, y);
+
+                json_object_set_new(app, name, json_integer(alproto_mpm_bufs[i][y]));
            }

            json_object_set_new(stats, AppProtoToString(i), app);
@ -841,7 +847,13 @@ static json_t *RulesGroupPrintSghStats(const SigGroupHead *sgh,

                json_object_set_new(buf, "sizes", mpm_sizes_array);

-                json_object_set_new(mpm_js, DetectListToHumanString(i), buf);
+                const char *name;
+                if (i < DETECT_SM_LIST_DYNAMIC_START)
+                    name = DetectListToHumanString(i);
+                else
+                    name = DetectBufferTypeGetNameById(de_ctx, i);
+
+                json_object_set_new(mpm_js, name, buf);
            }
        }

@ -877,8 +889,8 @@ static void RulesDumpGrouping(const DetectEngineCtx *de_ctx,
                json_object_set_new(port, "port", json_integer(list->port));
                json_object_set_new(port, "port2", json_integer(list->port2));

-                json_t *tcp_ts = RulesGroupPrintSghStats(list->sh,
-                        add_rules, add_mpm_stats);
+                json_t *tcp_ts =
+                        RulesGroupPrintSghStats(de_ctx, list->sh, add_rules, add_mpm_stats);
                json_object_set_new(port, "rulegroup", tcp_ts);
                json_array_append_new(ts_array, port);

@ -894,8 +906,8 @@ static void RulesDumpGrouping(const DetectEngineCtx *de_ctx,
                json_object_set_new(port, "port", json_integer(list->port));
                json_object_set_new(port, "port2", json_integer(list->port2));

-                json_t *tcp_tc = RulesGroupPrintSghStats(list->sh,
-                        add_rules, add_mpm_stats);
+                json_t *tcp_tc =
+                        RulesGroupPrintSghStats(de_ctx, list->sh, add_rules, add_mpm_stats);
                json_object_set_new(port, "rulegroup", tcp_tc);
                json_array_append_new(tc_array, port);