From 53d9569dfbf43836ea32202541ef1584e891f448 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Mon, 8 Sep 2025 11:31:37 +0200 Subject: [PATCH] detect: list-keywords cli shows integers with enums Ticket: 7875 --- rust/cbindgen.toml | 1 + rust/src/detect/mod.rs | 1 + rust/src/dns/detect.rs | 8 ++++---- rust/src/enip/detect.rs | 8 ++++---- rust/src/ldap/detect.rs | 9 +++++---- rust/src/mqtt/detect.rs | 5 +++-- rust/src/rfb/detect.rs | 5 +++-- rust/src/websocket/detect.rs | 6 +++--- src/detect-engine-register.c | 38 ++++++++++++------------------------ src/detect.h | 2 ++ 10 files changed, 38 insertions(+), 45 deletions(-) diff --git a/rust/cbindgen.toml b/rust/cbindgen.toml index f3211803a7..ab466f09f7 100644 --- a/rust/cbindgen.toml +++ b/rust/cbindgen.toml @@ -124,6 +124,7 @@ exclude = [ "SIGMATCH_INFO_UINT32", "SIGMATCH_INFO_UINT64", "SIGMATCH_INFO_MULTI_UINT", + "SIGMATCH_INFO_ENUM_UINT", "FtpCommand", ] diff --git a/rust/src/detect/mod.rs b/rust/src/detect/mod.rs index d5e86037fb..0e22072ee1 100644 --- a/rust/src/detect/mod.rs +++ b/rust/src/detect/mod.rs @@ -135,6 +135,7 @@ pub const SIGMATCH_INFO_UINT16: u32 = 0x10000; // BIT_U32(16) pub const SIGMATCH_INFO_UINT32: u32 = 0x20000; // BIT_U32(17) pub const SIGMATCH_INFO_UINT64: u32 = 0x40000; // BIT_U32(18) pub const SIGMATCH_INFO_MULTI_UINT: u32 = 0x80000; // BIT_U32(19) +pub const SIGMATCH_INFO_ENUM_UINT: u32 = 0x100000; // BIT_U32(20) #[repr(u8)] diff --git a/rust/src/dns/detect.rs b/rust/src/dns/detect.rs index d6f0fc9ac5..b3a4752809 100644 --- a/rust/src/dns/detect.rs +++ b/rust/src/dns/detect.rs @@ -25,8 +25,8 @@ use crate::detect::uint::{ SCDetectU8Free, SCDetectU8Parse, }; use crate::detect::{ - helper_keyword_register_multi_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_MULTI_UINT, - SIGMATCH_INFO_UINT16, SIGMATCH_INFO_UINT8, + helper_keyword_register_multi_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT, + SIGMATCH_INFO_MULTI_UINT, SIGMATCH_INFO_UINT16, SIGMATCH_INFO_UINT8, }; use crate::direction::Direction; use std::ffi::CStr; @@ -411,7 +411,7 @@ pub unsafe extern "C" fn SCDetectDNSRegister() { AppLayerTxMatch: Some(dns_rcode_match), Setup: Some(dns_rcode_setup), Free: Some(dns_rcode_free), - flags: SIGMATCH_INFO_UINT16, + flags: SIGMATCH_INFO_UINT16 | SIGMATCH_INFO_ENUM_UINT, }; G_DNS_RCODE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_DNS_RCODE_BUFFER_ID = SCDetectHelperBufferRegister( @@ -426,7 +426,7 @@ pub unsafe extern "C" fn SCDetectDNSRegister() { AppLayerTxMatch: Some(dns_rrtype_match), Setup: Some(dns_rrtype_setup), Free: Some(dns_rrtype_free), - flags: SIGMATCH_INFO_UINT16 | SIGMATCH_INFO_MULTI_UINT, + flags: SIGMATCH_INFO_UINT16 | SIGMATCH_INFO_MULTI_UINT | SIGMATCH_INFO_ENUM_UINT, }; G_DNS_RRTYPE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_DNS_RRTYPE_BUFFER_ID = SCDetectHelperBufferRegister( diff --git a/rust/src/enip/detect.rs b/rust/src/enip/detect.rs index d5c6b7059e..6ff49d97f0 100644 --- a/rust/src/enip/detect.rs +++ b/rust/src/enip/detect.rs @@ -36,8 +36,8 @@ use crate::detect::uint::{ SCDetectU8Match, SCDetectU8Parse, }; use crate::detect::{ - helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_MULTI_UINT, - SIGMATCH_INFO_UINT16, SIGMATCH_INFO_UINT32, SIGMATCH_INFO_UINT8, + helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT, + SIGMATCH_INFO_MULTI_UINT, SIGMATCH_INFO_UINT16, SIGMATCH_INFO_UINT32, SIGMATCH_INFO_UINT8, }; use suricata_sys::sys::{ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, @@ -1428,7 +1428,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { AppLayerTxMatch: Some(status_match), Setup: Some(status_setup), Free: Some(status_free), - flags: SIGMATCH_INFO_UINT32, + flags: SIGMATCH_INFO_UINT32 | SIGMATCH_INFO_ENUM_UINT, }; G_ENIP_STATUS_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_STATUS_BUFFER_ID = SCDetectHelperBufferRegister( @@ -1518,7 +1518,7 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { AppLayerTxMatch: Some(command_match), Setup: Some(command_setup), Free: Some(command_free), - flags: SIGMATCH_INFO_UINT16, + flags: SIGMATCH_INFO_UINT16 | SIGMATCH_INFO_ENUM_UINT, }; G_ENIP_COMMAND_KW_ID = SCDetectHelperKeywordRegister(&kw); G_ENIP_COMMAND_BUFFER_ID = SCDetectHelperBufferRegister( diff --git a/rust/src/ldap/detect.rs b/rust/src/ldap/detect.rs index b022e7d5db..1c2cc53184 100644 --- a/rust/src/ldap/detect.rs +++ b/rust/src/ldap/detect.rs @@ -24,7 +24,8 @@ use crate::detect::uint::{ }; use crate::detect::{ helper_keyword_register_multi_buffer, helper_keyword_register_sticky_buffer, - SigTableElmtStickyBuffer, SIGMATCH_INFO_MULTI_UINT, SIGMATCH_INFO_UINT32, SIGMATCH_INFO_UINT8, + SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT, SIGMATCH_INFO_MULTI_UINT, + SIGMATCH_INFO_UINT32, SIGMATCH_INFO_UINT8, }; use crate::ldap::types::*; use ldap_parser::ldap::{LdapMessage, ProtocolOp}; @@ -519,7 +520,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { AppLayerTxMatch: Some(ldap_detect_request_operation_match), Setup: Some(ldap_detect_request_operation_setup), Free: Some(ldap_detect_request_free), - flags: SIGMATCH_INFO_UINT8, + flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_ENUM_UINT, }; G_LDAP_REQUEST_OPERATION_KW_ID = SCDetectHelperKeywordRegister(&kw); G_LDAP_REQUEST_OPERATION_BUFFER_ID = SCDetectHelperBufferRegister( @@ -535,7 +536,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { AppLayerTxMatch: Some(ldap_detect_responses_operation_match), Setup: Some(ldap_detect_responses_operation_setup), Free: Some(ldap_detect_responses_free), - flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_MULTI_UINT, + flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_MULTI_UINT | SIGMATCH_INFO_ENUM_UINT, }; G_LDAP_RESPONSES_OPERATION_KW_ID = SCDetectHelperKeywordRegister(&kw); G_LDAP_RESPONSES_OPERATION_BUFFER_ID = SCDetectHelperBufferRegister( @@ -594,7 +595,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { AppLayerTxMatch: Some(ldap_detect_responses_result_code_match), Setup: Some(ldap_detect_responses_result_code_setup), Free: Some(ldap_detect_responses_result_code_free), - flags: SIGMATCH_INFO_UINT32 | SIGMATCH_INFO_MULTI_UINT, + flags: SIGMATCH_INFO_UINT32 | SIGMATCH_INFO_MULTI_UINT | SIGMATCH_INFO_ENUM_UINT, }; G_LDAP_RESPONSES_RESULT_CODE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_LDAP_RESPONSES_RESULT_CODE_BUFFER_ID = SCDetectHelperBufferRegister( diff --git a/rust/src/mqtt/detect.rs b/rust/src/mqtt/detect.rs index fecadb9bcf..1ff3b77753 100644 --- a/rust/src/mqtt/detect.rs +++ b/rust/src/mqtt/detect.rs @@ -24,7 +24,8 @@ use crate::detect::uint::{ }; use crate::detect::{ helper_keyword_register_multi_buffer, helper_keyword_register_sticky_buffer, - SigTableElmtStickyBuffer, SIGMATCH_INFO_MULTI_UINT, SIGMATCH_INFO_UINT8, + SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT, SIGMATCH_INFO_MULTI_UINT, + SIGMATCH_INFO_UINT8, }; use suricata_sys::sys::{ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, @@ -1011,7 +1012,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { AppLayerTxMatch: Some(mqtt_type_match), Setup: Some(mqtt_type_setup), Free: Some(mqtt_type_free), - flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_MULTI_UINT, + flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_MULTI_UINT | SIGMATCH_INFO_ENUM_UINT, }; G_MQTT_TYPE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_MQTT_TYPE_BUFFER_ID = SCDetectHelperBufferRegister( diff --git a/rust/src/rfb/detect.rs b/rust/src/rfb/detect.rs index 5face090d5..488e01c39d 100644 --- a/rust/src/rfb/detect.rs +++ b/rust/src/rfb/detect.rs @@ -24,7 +24,8 @@ use crate::detect::uint::{ detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU32Free, SCDetectU32Parse, }; use crate::detect::{ - helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_UINT32, + helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT, + SIGMATCH_INFO_UINT32, }; use std::ffi::CStr; use std::os::raw::{c_int, c_void}; @@ -220,7 +221,7 @@ pub unsafe extern "C" fn SCDetectRfbRegister() { AppLayerTxMatch: Some(rfb_sec_result_match), Setup: Some(rfb_sec_result_setup), Free: Some(rfb_sec_result_free), - flags: SIGMATCH_INFO_UINT32, + flags: SIGMATCH_INFO_UINT32 | SIGMATCH_INFO_ENUM_UINT, }; G_RFB_SEC_RESULT_KW_ID = SCDetectHelperKeywordRegister(&kw); G_RFB_SEC_RESULT_BUFFER_ID = SCDetectHelperBufferRegister( diff --git a/rust/src/websocket/detect.rs b/rust/src/websocket/detect.rs index cfed49ed46..810877d9c5 100644 --- a/rust/src/websocket/detect.rs +++ b/rust/src/websocket/detect.rs @@ -22,8 +22,8 @@ use crate::detect::uint::{ SCDetectU32Match, SCDetectU32Parse, SCDetectU8Free, SCDetectU8Match, }; use crate::detect::{ - helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_UINT32, - SIGMATCH_INFO_UINT8, + helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer, SIGMATCH_INFO_ENUM_UINT, + SIGMATCH_INFO_UINT32, SIGMATCH_INFO_UINT8, }; use crate::websocket::parser::WebSocketOpcode; use suricata_sys::sys::{ @@ -276,7 +276,7 @@ pub unsafe extern "C" fn SCDetectWebsocketRegister() { AppLayerTxMatch: Some(websocket_detect_opcode_match), Setup: Some(websocket_detect_opcode_setup), Free: Some(websocket_detect_opcode_free), - flags: SIGMATCH_INFO_UINT8, + flags: SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_ENUM_UINT, }; G_WEBSOCKET_OPCODE_KW_ID = SCDetectHelperKeywordRegister(&kw); G_WEBSOCKET_OPCODE_BUFFER_ID = SCDetectHelperBufferRegister( diff --git a/src/detect-engine-register.c b/src/detect-engine-register.c index 86c8304f5d..80cb96e5f9 100644 --- a/src/detect-engine-register.c +++ b/src/detect-engine-register.c @@ -335,36 +335,22 @@ static void PrintFeatureList(const SigTableElmt *e, char sep) printf("multi buffer"); prev = 1; } - if (flags & SIGMATCH_INFO_UINT8) { + if (flags & (SIGMATCH_INFO_UINT8 | SIGMATCH_INFO_UINT16 | SIGMATCH_INFO_UINT32 | + SIGMATCH_INFO_UINT64)) { if (prev == 1) printf("%c", sep); if (flags & SIGMATCH_INFO_MULTI_UINT) printf("multi "); - printf("uint8"); - prev = 1; - } - if (flags & SIGMATCH_INFO_UINT16) { - if (prev == 1) - printf("%c", sep); - if (flags & SIGMATCH_INFO_MULTI_UINT) - printf("multi "); - printf("uint16"); - prev = 1; - } - if (flags & SIGMATCH_INFO_UINT32) { - if (prev == 1) - printf("%c", sep); - if (flags & SIGMATCH_INFO_MULTI_UINT) - printf("multi "); - printf("uint32"); - prev = 1; - } - if (flags & SIGMATCH_INFO_UINT64) { - if (prev == 1) - printf("%c", sep); - if (flags & SIGMATCH_INFO_MULTI_UINT) - printf("multi "); - printf("uint64"); + if (flags & SIGMATCH_INFO_ENUM_UINT) + printf("enum "); + if (flags & SIGMATCH_INFO_UINT8) + printf("uint8"); + if (flags & SIGMATCH_INFO_UINT16) + printf("uint16"); + if (flags & SIGMATCH_INFO_UINT32) + printf("uint32"); + if (flags & SIGMATCH_INFO_UINT64) + printf("uint64"); prev = 1; } if (e->Transform) { diff --git a/src/detect.h b/src/detect.h index 6dc49dbbb8..fa294eb633 100644 --- a/src/detect.h +++ b/src/detect.h @@ -1692,6 +1692,8 @@ typedef struct SigGroupHead_ { #define SIGMATCH_INFO_UINT64 BIT_U32(18) /** keyword is a multi uint */ #define SIGMATCH_INFO_MULTI_UINT BIT_U32(19) +/** keyword is an uint with enumeration stringer */ +#define SIGMATCH_INFO_ENUM_UINT BIT_U32(20) enum DetectEngineTenantSelectors {