detect/analyzer: show pattern that is used by mpm

Set a new DETECT_CONTENT_MPM flag on the pattern that is selected
during setup.

src/detect-content.h

@@ -57,6 +57,9 @@
 #define DETECT_CONTENT_WITHIN_NEXT      BIT_U32(17)
 #define DETECT_CONTENT_DISTANCE_NEXT    BIT_U32(18)
 #define DETECT_CONTENT_STARTS_WITH      BIT_U32(19)
+/** MPM pattern selected by the engine or forced by fast_pattern keyword */
+#define DETECT_CONTENT_MPM              BIT_U32(20)
+
 /** a relative match to this content is next, used in matching phase */
 #define DETECT_CONTENT_RELATIVE_NEXT    (DETECT_CONTENT_WITHIN_NEXT|DETECT_CONTENT_DISTANCE_NEXT)
 

src/detect-engine-analyzer.c

@@ -504,6 +504,7 @@ static void DumpMatches(json_t *js, const SigMatchData *smd)
                         json_object_set_new(js_match_content, "negated", json_boolean(cd->flags & DETECT_CONTENT_NEGATED));
                         json_object_set_new(js_match_content, "starts_with", json_boolean(cd->flags & DETECT_CONTENT_STARTS_WITH));
                         json_object_set_new(js_match_content, "ends_with", json_boolean(cd->flags & DETECT_CONTENT_ENDS_WITH));
+                        json_object_set_new(js_match_content, "is_mpm", json_boolean(cd->flags & DETECT_CONTENT_MPM));
                         if (cd->flags & DETECT_CONTENT_OFFSET) {
                             json_object_set_new(js_match_content, "offset", json_integer(cd->offset));
                         }

src/detect-engine-mpm.c

@@ -666,6 +666,7 @@ static void SetMpm(Signature *s, SigMatch *mpm_sm)
             cd->flags |= DETECT_CONTENT_NO_DOUBLE_INSPECTION_REQUIRED;
         }
     }
+    cd->flags |= DETECT_CONTENT_MPM;
     s->init_data->mpm_sm = mpm_sm;
     return;
 }