detect/analyzer: add more details for tcp_seq

Log the matched Sequence number of a packet Issue: 6353
catenacyber · Apr 10, 2024 · d9148d1 · d9148d1
1 parent e54084f
commit d9148d1
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
@@ -41,6 +41,7 @@
 #include "detect-tcp-flags.h"
 #include "detect-tcp-ack.h"
 #include "detect-ipopts.h"
+#include "detect-tcp-seq.h"
 #include "feature.h"
 #include "util-print.h"
 #include "util-time.h"
@@ -912,6 +913,14 @@ static void DumpMatches(RuleAnalyzer *ctx, JsonBuilder *js, const SigMatchData *
                 jb_close(js);
                 break;
             }
+            case DETECT_SEQ: {
+                const DetectSeqData *cd = (const DetectSeqData *)smd->ctx;
+
+                jb_open_object(js, "seq");
+                jb_set_uint(js, "number", cd->seq);
+                jb_close(js);
+                break;
+            }
         }
         jb_close(js);