From 8016a32d9823fbf3639f97cd149c1a15c465e2d3 Mon Sep 17 00:00:00 2001
From: Alice Akaki <akakialice@gmail.com>
Date: Wed, 9 Oct 2024 23:57:07 -0400
Subject: [PATCH] detect/analyzer: add more details for icmp_id

Ticket: #6360
---
 src/detect-engine-analyzer.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index 3ae77526db08..a5e8e293b629 100644
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -51,6 +51,7 @@
 #include "util-conf.h"
 #include "detect-flowbits.h"
 #include "util-var-name.h"
+#include "detect-icmp-id.h"
 
 static int rule_warnings_only = 0;
 
@@ -924,6 +925,13 @@ static void DumpMatches(RuleAnalyzer *ctx, JsonBuilder *js, const SigMatchData *
                 jb_close(js);
                 break;
             }
+            case DETECT_ICMP_ID: {
+                const DetectIcmpIdData *cd = (const DetectIcmpIdData *)smd->ctx;
+                jb_open_object(js, "id");
+                jb_set_uint(js, "number", cd->id);
+                jb_close(js);
+                break;
+            }
         }
         jb_close(js);