detect: add verbosity of --list-keywords

Add indicators of content modifier or sticky buffer, and also allow registering an alternative to a keyword.
7 years ago · 33b81f7439
parent d3e953e5f2
commit 33b81f7439
2 changed files with 31 additions and 9 deletions
--- a/src/detect-engine-register.c
+++ b/src/detect-engine-register.c
@ -247,7 +247,7 @@

 static void PrintFeatureList(const SigTableElmt *e, char sep)
 {
-    const uint8_t flags = e->flags;
+    const uint16_t flags = e->flags;

    int prev = 0;
    if (flags & SIGMATCH_NOOPT) {
@ -266,6 +266,18 @@ static void PrintFeatureList(const SigTableElmt *e, char sep)
        printf("compatible with decoder event only rule");
        prev = 1;
    }
+    if (flags & SIGMATCH_INFO_CONTENT_MODIFIER) {
+        if (prev == 1)
+            printf("%c", sep);
+        printf("content modifier");
+        prev = 1;
+    }
+    if (flags & SIGMATCH_INFO_STICKY_BUFFER) {
+        if (prev == 1)
+            printf("%c", sep);
+        printf("sticky buffer");
+        prev = 1;
+    }
    if (e->Transform) {
        if (prev == 1)
            printf("%c", sep);
@ -293,6 +305,9 @@ static void SigMultilinePrint(int i, const char *prefix)
    if (sigmatch_table[i].url) {
        printf("\n%sDocumentation: %s", prefix, sigmatch_table[i].url);
    }
+    if (sigmatch_table[i].alternative) {
+        printf("\n%sReplaced by: %s", prefix, sigmatch_table[sigmatch_table[i].alternative].name);
+    }
    printf("\n");
 }

--- a/src/detect.h
+++ b/src/detect.h
@ -1159,6 +1159,9 @@ typedef struct SigTableElmt_ {
    uint16_t flags;
    /* coccinelle: SigTableElmt:flags:SIGMATCH_ */

+    /** better keyword to replace the current one */
+    uint16_t alternative;
+
    const char *name;     /**< keyword name alias */
    const char *alias;    /**< name alias */
    const char *desc;
@ -1348,6 +1351,10 @@ typedef struct SigGroupHead_ {
 *  will be set to true or false prior to calling the keyword parser. Exclamation
 *  mark is stripped from the input to the keyword parser. */
 #define SIGMATCH_HANDLE_NEGATION        BIT_U16(7)
+/** keyword is a content modifier */
+#define SIGMATCH_INFO_CONTENT_MODIFIER  BIT_U16(8)
+/** keyword is a sticky buffer */
+#define SIGMATCH_INFO_STICKY_BUFFER     BIT_U16(9)

 enum DetectEngineTenantSelectors
 {