list-keyword: detect non built keyword

This patch update the glafs list to be able to indicate that a
flag is not supported. This information is used by list-keyword to
display information to the user.

src/detect-filemd5.c

@@ -66,13 +66,12 @@ static int DetectFileMd5SetupNoSupport (DetectEngineCtx *a, Signature *b, char *
  */
 void DetectFileMd5Register(void) {
     sigmatch_table[DETECT_FILEMD5].name = "filemd5";
-    sigmatch_table[DETECT_FILEMD5].desc = "match file MD5 against list of MD5 checksums";
-    sigmatch_table[DETECT_FILEMD5].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#filemd5";
     sigmatch_table[DETECT_FILEMD5].FileMatch = NULL;
     sigmatch_table[DETECT_FILEMD5].alproto = ALPROTO_HTTP;
     sigmatch_table[DETECT_FILEMD5].Setup = DetectFileMd5SetupNoSupport;
     sigmatch_table[DETECT_FILEMD5].Free  = NULL;
     sigmatch_table[DETECT_FILEMD5].RegisterTests = NULL;
+    sigmatch_table[DETECT_FILEMD5].flags = SIGMATCH_NOT_BUILT;
 
 	SCLogDebug("registering filemd5 rule option");
     return;
@@ -91,6 +90,8 @@ static void DetectFileMd5Free(void *);
  */
 void DetectFileMd5Register(void) {
     sigmatch_table[DETECT_FILEMD5].name = "filemd5";
+    sigmatch_table[DETECT_FILEMD5].desc = "match file MD5 against list of MD5 checksums";
+    sigmatch_table[DETECT_FILEMD5].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#filemd5";
     sigmatch_table[DETECT_FILEMD5].FileMatch = DetectFileMd5Match;
     sigmatch_table[DETECT_FILEMD5].alproto = ALPROTO_HTTP;
     sigmatch_table[DETECT_FILEMD5].Setup = DetectFileMd5Setup;

src/detect-luajit.c

@@ -71,6 +71,7 @@ void DetectLuajitRegister(void) {
     sigmatch_table[DETECT_LUAJIT].Setup = DetectLuajitSetupNoSupport;
     sigmatch_table[DETECT_LUAJIT].Free  = NULL;
     sigmatch_table[DETECT_LUAJIT].RegisterTests = NULL;
+    sigmatch_table[DETECT_LUAJIT].flags = SIGMATCH_NOT_BUILT;
 
 	SCLogDebug("registering luajit rule option");
     return;

src/detect.c

@@ -4620,13 +4620,21 @@ void SigTableList(const char *keyword)
     if (keyword == NULL) {
         printf("=====Supported keywords=====\n");
         for (i = 0; i < size; i++) {
-            if (sigmatch_table[i].name != NULL)
-                printf("- %s\n", sigmatch_table[i].name);
+            if (sigmatch_table[i].name != NULL) {
+                if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
+                    printf("- %s (not built-in)\n", sigmatch_table[i].name);
+                } else {
+                    printf("- %s\n", sigmatch_table[i].name);
+                }
+            }
         }
     } else if (!strcmp("csv", keyword)) {
         printf("name;description;app layer;features;documentation\n");
         for (i = 0; i < size; i++) {
             if (sigmatch_table[i].name != NULL) {
+                if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
+                    continue;
+                }
                 printf("%s;", sigmatch_table[i].name);
                 if (sigmatch_table[i].desc) {
                     printf("%s", sigmatch_table[i].desc);
@@ -4653,7 +4661,12 @@ void SigTableList(const char *keyword)
             if ((sigmatch_table[i].name != NULL) &&
                 !strcmp(sigmatch_table[i].name, keyword)) {
                 printf("= %s =\n", sigmatch_table[i].name);
+                if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
+                    printf("Not built-in\n");
+                    return;
+                }
                 SigMultilinePrint(i, "");
+                return;
             }
         }
     }

src/detect.h

@@ -974,13 +974,15 @@ typedef struct SigGroupHead_ {
 } SigGroupHead;
 
 /** sigmatch has no options, so the parser shouldn't expect any */
-#define SIGMATCH_NOOPT          0x01
+#define SIGMATCH_NOOPT          (1 << 0)
 /** sigmatch is compatible with a ip only rule */
-#define SIGMATCH_IPONLY_COMPAT  0x02
+#define SIGMATCH_IPONLY_COMPAT  (1 << 1)
 /** sigmatch is compatible with a decode event only rule */
-#define SIGMATCH_DEONLY_COMPAT  0x04
+#define SIGMATCH_DEONLY_COMPAT  (1 << 2)
 /**< Flag to indicate that the signature inspects the packet payload */
-#define SIGMATCH_PAYLOAD        0x08
+#define SIGMATCH_PAYLOAD        (1 << 3)
+/**< Flag to indicate that the signature is not built-in */
+#define SIGMATCH_NOT_BUILT      (1 << 4)
 
 /** Remember to add the options in SignatureIsIPOnly() at detect.c otherwise it wont be part of a signature group */