From f58c6589b494b57fe33eb91cee0b0a0f891a3c31 Mon Sep 17 00:00:00 2001
From: Anoop Saldanha <anoopsaldanha@gmail.com>
Date: Sun, 3 Mar 2013 01:43:49 +0530
Subject: [PATCH] We now print content flags in engine fp analyzer.

---
 src/detect-engine-analyzer.c | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index 64e97062a3..0fcee2aac9 100644
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -99,6 +99,35 @@ void EngineAnalysisFP(Signature *s, char *line)
     else if (list_type == DETECT_SM_LIST_HUADMATCH)
         fprintf(fp_engine_analysis_FD, "http user agent content\n");
 
+    int flags_set = 0;
+    fprintf(fp_engine_analysis_FD, "        Flags:");
+    if (fp_cd->flags & DETECT_CONTENT_OFFSET) {
+        fprintf(fp_engine_analysis_FD, " Offset");
+        flags_set = 1;
+    } if (fp_cd->flags & DETECT_CONTENT_DEPTH) {
+        fprintf(fp_engine_analysis_FD, " Depth");
+        flags_set = 1;
+    }
+    if (fp_cd->flags & DETECT_CONTENT_WITHIN) {
+        fprintf(fp_engine_analysis_FD, " Within");
+        flags_set = 1;
+    }
+    if (fp_cd->flags & DETECT_CONTENT_DISTANCE) {
+        fprintf(fp_engine_analysis_FD, " Distance");
+        flags_set = 1;
+    }
+    if (fp_cd->flags & DETECT_CONTENT_NOCASE) {
+        fprintf(fp_engine_analysis_FD, " Nocase");
+        flags_set = 1;
+    }
+    if (fp_cd->flags & DETECT_CONTENT_NEGATED) {
+        fprintf(fp_engine_analysis_FD, " Negated");
+        flags_set = 1;
+    }
+    if (flags_set == 0)
+        fprintf(fp_engine_analysis_FD, " None");
+    fprintf(fp_engine_analysis_FD, "\n");
+
     fprintf(fp_engine_analysis_FD, "        Fast pattern set: %s\n", fast_pattern_set ? "yes" : "no");
     fprintf(fp_engine_analysis_FD, "        Fast pattern only set: %s\n",
             fast_pattern_only_set ? "yes" : "no");
@@ -108,8 +137,6 @@ void EngineAnalysisFP(Signature *s, char *line)
         fprintf(fp_engine_analysis_FD, "        Fast pattern offset, length: %u, %u\n",
                 fp_cd->fp_chop_offset, fp_cd->fp_chop_len);
     }
-    fprintf(fp_engine_analysis_FD, "        Content negated: %s\n",
-            (fp_cd->flags & DETECT_CONTENT_NEGATED) ? "yes" : "no");
 
     uint16_t patlen = fp_cd->content_len;
     uint8_t *pat = SCMalloc(fp_cd->content_len + 1);