detect/analyzer: add more details for tcp_mss - v4

[0xEniola]

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/6355

Previous PR: #9774

Describe changes:

• Fixed CI error; there was a compile warning on one of the changed files.

Output:

{
  "raw": "alert tcp any any -> any any (msg: "Testing mss"; tcp.mss: 123-456; sid: 4;)",
  "id": 4,
  "gid": 1,
  "rev": 0,
  "msg": "Testing mss",
  "app_proto": "unknown",
  "requirements": [],
  "type": "pkt",
  "flags": [
    "src_any",
    "dst_any",
    "sp_any",
    "dp_any",
    "need_packet",
    "toserver",
    "toclient"
  ],
  "pkt_engines": [
    {
      "name": "packet",
      "is_mpm": false
    }
  ],
  "frame_engines": [],
  "lists": {
    "packet": {
      "matches": [
        {
          "name": "tcp.mss",
          "tcp_mss": {
            "operand": "range",
            "min": 123,
            "max": 456
          }
        }
      ]
    }
  }
}

{
  "raw": "alert tcp any any -> any any (msg: "Testing mss"; tcp.mss: >=439; sid: 5;)",
  "id": 5,
  "gid": 1,
  "rev": 0,
  "msg": "Testing mss",
  "app_proto": "unknown",
  "requirements": [],
  "type": "pkt",
  "flags": [
    "src_any",
    "dst_any",
    "sp_any",
    "dp_any",
    "need_packet",
    "toserver",
    "toclient"
  ],
  "pkt_engines": [
    {
      "name": "packet",
      "is_mpm": false
    }
  ],
  "frame_engines": [],
  "lists": {
    "packet": {
      "matches": [
        {
          "name": "tcp.mss",
          "tcp_mss": {
            "operand": "greater than or equal to",
            "value": 439
          }
        }
      ]
    }
  }
}

SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1461

[codecov]

Codecov Report

Merging #9776 (af87a35) into master (b6cd66f) will decrease coverage by 0.05%.
The diff coverage is 93.33%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #9776      +/-   ##
==========================================
- Coverage   82.40%   82.36%   -0.05%     
==========================================
  Files         968      968              
  Lines      273871   273901      +30     
==========================================
- Hits       225695   225585     -110     
- Misses      48176    48316     +140     

Flag	Coverage Δ
fuzzcorpus	64.26% <0.00%> (-0.10%)	⬇️
suricata-verify	60.96% <93.33%> (-0.04%)	⬇️
unittests	62.93% <0.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

[jufajardini]

I like how this is looking! :)

Imho, we're only missing addressing:

• detect/analyzer: add more details for the tcp.mss keyword - v2 #9681 (comment) and
• detect/analyzer: add more details for the tcp.mss keyword - v2 #9681 (comment)

[0xEniola]

I like how this is looking! :)

Imho, we're only missing addressing:

• detect/analyzer: add more details for the tcp.mss keyword - v2 #9681 (comment) and
• detect/analyzer: add more details for the tcp.mss keyword - v2 #9681 (comment)

Thank you for catching that again.

It skipped my mind.
I'll sort that now.